majic-ansible-roles Changeset

Changeset - 90bda8fea4aa

Parent rev.

Child rev.

[Not reviewed]

0 8 0

Branko Majic (branko) - 4 years ago 2020-05-20 10:20:45
branko@majic.rs

MAR-157: Added parameter to mail_forwader role for specifying maximum incoming mail size.

8 files changed with 51 insertions and 1 deletions:

docs/releasenotes.rst

docs/rolereference.rst

roles/mail_forwarder/defaults/main.yml

roles/mail_forwarder/molecule/default/group_vars/parameters-optional.yml

roles/mail_forwarder/molecule/default/tests/test_default.py

roles/mail_forwarder/molecule/default/tests/test_mandatory.py

roles/mail_forwarder/molecule/default/tests/test_optional.py

roles/mail_forwarder/templates/main.cf.j2

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -56,6 +56,12 @@ New features/improvements: @@
 * Tests have been updated to work with latest Molecule/Testinfra as
   part of the Ansible upgrade process.
 * ``mail_forwader`` role
   * The role now supports specifying the maximum mail message size
     limit for the SMTP server to accept via
     ``mail_message_size_limit`` role parameter.
 * ``mail_server`` role
   * The role now supports specifying the maximum mail message size

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1286,6 +1286,16 @@ Parameters @@
   recipients/aliases, while the value provided should be a space-separated list
   of mail addresses (or local users) where the mails should be forwarded.
 **mail_message_size_limit** (integer, optional, ``10240000``)
   Maximum size of message in bytes that the SMTP server should accept
   for incoming mails. If the mail message size exceeds the listed
   value, it will be rejected by the server. The size is also
   advertised as part of SMTP server capabilities (in response to the
   ``ehlo`` SMTP command). Changing the value is primarily useful when
   SMTP from relay is allowed (via the ``smtp_from_relay_allowed``
   parameter), since incoming SMTP communication is otherwise not
   allowed at all.
 **smtp_from_relay_allowed** (boolean, optional, ``True``)
   Specify if SMTP traffic from SMTP relay should be allowed or not (for bounced
   messages, for example). This parameter should be set to ``False`` on systems

roles/mail_forwarder/defaults/main.yml

➞

Show inline comments

@@ @@ -5,3 +5,4 @@ smtp_from_relay_allowed: true @@
 smtp_relay_host: ""
 smtp_relay_truststore: "{{ lookup('file', tls_certificate_dir + '/truststore.pem') }}"
 smtp_relay_host_port: null
 mail_message_size_limit: 10240000

roles/mail_forwarder/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -2,6 +2,7 @@ @@
 local_mail_aliases:
   root: "root testuser"
 mail_message_size_limit: 20480001
 smtp_from_relay_allowed: true
 smtp_relay_host: mail-server
 smtp_relay_host_port: 27

roles/mail_forwarder/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -117,7 +117,8 @@ def test_smtp_server_uses_correct_dh_parameters(host): @@
     with host.sudo():
         expected_dhparam = host.file('/etc/ssl/private/%s_smtp.dh.pem' % hostname).content_string.rstrip()
     connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=smtp --port 25 --priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose localhost")
     connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=smtp --port 25 "
                           "--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose localhost")
     output = connection.stdout
     begin_marker = "-----BEGIN DH PARAMETERS-----"

roles/mail_forwarder/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -68,3 +68,17 @@ def test_direct_mail_sending(host): @@
         pattern = r"%s: to=<root@domain1>, relay=domain1\[[^]]*\]:25.*status=sent" % message_id
         assert re.search(pattern, mail_log.content_string) is not None
 def test_mail_message_size_limit(host):
     """
     Tests if the mail message size limit advertised by the SMTP server
     is correct.
     """
     capabilities = host.run("(echo 'ehlo localhost' && sleep 2) | telnet localhost 25")
     begin = capabilities.stdout.find("250-SIZE")
     end = capabilities.stdout.find("\n", begin)
     mail_message_size_limit = capabilities.stdout[begin:end]
     assert mail_message_size_limit == "250-SIZE 10240000"

roles/mail_forwarder/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -126,3 +126,17 @@ def test_tls_enforced_towards_relay_mail_server(host): @@
             pattern = r"%s: to=<root@domain1>, relay=domain1.*status=deferred \(Server certificate not verified\)" % message_id
             assert re.search(pattern, mail_log.content_string) is not None
 def test_mail_message_size_limit(host):
     """
     Tests if the mail message size limit advertised by the SMTP server
     is correct.
     """
     capabilities = host.run("(echo 'ehlo localhost' && sleep 2) | telnet localhost 25")
     begin = capabilities.stdout.find("250-SIZE")
     end = capabilities.stdout.find("\n", begin)
     mail_message_size_limit = capabilities.stdout[begin:end]
     assert mail_message_size_limit == "250-SIZE 20480001"

roles/mail_forwarder/templates/main.cf.j2

➞

Show inline comments

@@ @@ -47,3 +47,6 @@ recipient_delimiter = + @@
 # Fall-back to using native lookups (/etc/hosts etc) if DNS lookup fails. Useful
 # for local overrides of mail servers.
 smtp_host_lookup = dns, native
 # Explicitly set maximum allowed mail size that should be accepted.
 message_size_limit = {{ mail_message_size_limit }}

0 comments (0 inline, 0 general)