Specify if SMTP traffic from SMTP relay should be allowed or not (for bounced

  messages, for example). This parameter should be set to ``False`` on systems

  behind NAT or on systems that may not have constant network connectivity (such

  as laptops) to avoid firewall failures since SMTP relay name needs to be

  resolvable.

**smtp_relay_host** (string, optional, ``None``)

  SMTP server via which the mails are sent out for non-local recipients.

**smtp_relay_host_port** (integer, optional, ``None``)

  Port to use when connecting to the SMTP relay host.

**smtp_relay_truststore** (string, mandatory)

  X.509 certificate chain used for issuing certificate for the SMTP relay

  service. The file will be stored in location

  ``/etc/ssl/certs/smtp_relay_truststore.pem``

Distribution compatibility

~~~~~~~~~~~~~~~~~~~~~~~~~~

Role is compatible with the following distributions:

- Debian 9 (Stretch)

Examples

~~~~~~~~

Here is an example configuration for setting-up the mail forwarder:

.. code-block:: yaml

  ---

  # All mails sent to local user root will be forwarded to external account as

  # well.

  local_mail_aliases:

    root: "root john.doe@example.com"

  smtp_relay_host: mail.example.com

  smtp_relay_host_port: 27

  smtp_from_relay_allowed: False

  smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem

---

dependencies:

  - common

galaxy_info:

  author: Branko Majic

  description: Sets-up local SMTP server for sending out mails and receiving mails for local users

  license: BSD

  min_ansible_version: 2.9

  platforms:

    - name: Debian

      versions:

        - 9

  - name: parameters-optional-stretch64

    groups:

      - parameters-optional

    box: debian/contrib-stretch64

    memory: 256

    cpus: 1

    interfaces:

      - auto_config: true

        ip: 10.31.127.31

        network_name: private_network

        type: static

  - name: parameters-no-incoming-stretch64

    groups:

      - parameters-no-incoming

    box: debian/contrib-stretch64

    memory: 256

    cpus: 1

    interfaces:

      - auto_config: true

        ip: 10.31.127.32

        network_name: private_network

        type: static

provisioner:

  name: ansible

  playbooks:

    cleanup: cleanup.yml

  config_options:

    defaults:

      force_valid_group_names: "ignore"

      interpreter_python: "/usr/bin/python3"

    ssh_connection:

      pipelining: "True"

  lint:

    name: ansible-lint

scenario:

  name: default

verifier:

  name: testinfra

  lint:

    name: flake8

    - name: Update all caches to avoid errors due to missing remote archives

      apt:

        update_cache: true

      changed_when: false

- hosts: all

  become: true

  tasks:

    - name: Set-up the hosts file

      lineinfile:

        path: /etc/hosts

        regexp: "^{{ item.key }}"

        line: "{{ item.key }} {{ item.value }}"

        owner: root

        group: root

        mode: 0644

        state: present

      with_dict:

        10.31.127.10: "mail-server domain1"

        10.31.127.11: "client1"

        10.31.127.30: "parameters-mandatory-stretch64"

        10.31.127.31: "parameters-optional-stretch64"

        10.31.127.32: "parameters-no-incoming-stretch64"

    - name: Install tools for testing

      apt:

        name: gnutls-bin

        state: present

- hosts: clients

  become: true

  tasks:

    - name: Install SWAKS for testing SMTP capability

      apt:

        name: swaks

        state: present

    - name: Install tool for testing TCP connectivity

      apt:

        name: hping3

        state: present

    - name: Deploy CA certificate

      copy:

        src: tests/data/x509/ca/level1.cert.pem

        dest: /usr/local/share/ca-certificates/testca.crt

{% endif %}

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

# information on enabling SSL in the smtp client.

myhostname = {{ inventory_hostname }}

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination = {{ inventory_hostname }}, {{ inventory_hostname_short }}, localhost.localdomain, localhost

relayhost = {{ smtp_relay_host }}{% if smtp_relay_host and smtp_relay_host_port %}:{{ smtp_relay_host_port }}{% endif %}{{ '' }}

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

mailbox_command = procmail -a "$EXTENSION"

mailbox_size_limit = 0

recipient_delimiter = +

inet_interfaces = all

inet_protocols = all

# Fall-back to using native lookups (/etc/hosts etc) if DNS lookup fails. Useful

# for local overrides of mail servers.

smtp_host_lookup = dns, native

# Explicitly set maximum allowed mail size that should be accepted.

message_size_limit = {{ mail_message_size_limit }}