majic-ansible-roles Changeset

Changeset - 298c0dbe1698

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Branko Majic (branko) - 9 years ago 2015-04-07 23:02:23
branko@majic.rs

MAR-4: Updated documentation for the mail server role, adding information about rsync installation, set-up of chroot for Postfix, and the smtp_allow_relay_from option. Updated mail_server role implementation, fixing rsync command for deploying the truststore to preserve truststore permissions and adding support for specifying networks from which unauthenticated relaying should be allowed.

4 files changed with 20 insertions and 3 deletions:

docs/rolereference.rst

roles/mail_server/tasks/main.yml

roles/mail_server/templates/main.cf.j2

testsite/group_vars/mail.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -601,11 +601,13 @@ Postfix is used SMTP, while Dovecot is used for IMAP. @@
 The role implements the following:
 * Installs rsync.
 * Adds the Wheezy backports repository.
 * Installs and configures Dovecot (from backports), Postfix, ClamAV, and ClamAV
   Milter.
 * Purges Exim4 configuration (just in case).
 * Installs SWAKS (utility for testing SMTP servers).
 * Sets-up the necessary directories and files under Postfix chroot.
 Deployed services are configured as follows:
@@ @@ -692,6 +694,12 @@ Parameters @@
 **mail_postmaster** (string, mandatory)
   Mail address to use for the postmaster account in Dovecot.
 **smtp_allow_relay_from** (list, mandatory)
   List of networks from which mail relaying is allowed even without
   authentication. Each item in the list is a string defining a network. The
   format must be compatible with Postfix ``mynetworks`` setting (for example:
   ``192.168.1.0/24``, ``myhost.example.com`` etc).
 Examples
 ~~~~~~~~
     - bl.spamcop.net
     - zen.spamhaus.org
   mail_postmaster: postmaster@example.com
   smtp_allow_relay_from:
     - ldap.example.com
     - xmpp.example.com

roles/mail_server/tasks/main.yml

➞

Show inline comments

@@ @@ -46,7 +46,7 @@ @@
     - /var/spool/postfix/var/run/clamav
 - name: Copy the LDAP TLS truststore into Postfix chroot
-  command: rsync -ci "{{ mail_ldap_tls_truststore }}" "/var/spool/postfix/{{ mail_ldap_tls_truststore}}"
+  command: rsync -pci "{{ mail_ldap_tls_truststore }}" "/var/spool/postfix/{{ mail_ldap_tls_truststore}}"
   register: rsync_result
   changed_when: "rsync_result.stdout != ''"

roles/mail_server/templates/main.cf.j2

➞

Show inline comments

@@ @@ -33,7 +33,8 @@ alias_database = hash:/etc/aliases @@
 myorigin = /etc/mailname
 mydestination = mail.example.com, mail, localhost.localdomain, localhost
 relayhost =
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128{% for network in smtp_allow_relay_from  %} {{ network }}{% endfor %}
 mailbox_command = procmail -a "$EXTENSION"
 mailbox_size_limit = 0
 recipient_delimiter = +

testsite/group_vars/mail.yml

➞

Show inline comments

@@ @@ -30,4 +30,8 @@ smtp_rbl: @@
   - bl.spamcop.net
   - zen.spamhaus.org
 mail_postmaster: postmaster@example.com
@@ \ No newline at end of file @@
 mail_postmaster: postmaster@example.com
 smtp_allow_relay_from:
   - ldap.example.com
   - xmpp.example.com

0 comments (0 inline, 0 general)