majic-ansible-roles Changeset

Changeset - f425c5d31475

Parent rev.

Child rev.

[Not reviewed]

0 7 0

Branko Majic (branko) - 2 years ago 2023-11-22 08:54:40
branko@majic.rs

MAR-183: Added parameter to mail_server role for including additional SMTP server configuration directives.

7 files changed with 41 insertions and 1 deletions:

docs/releasenotes.rst

docs/rolereference.rst

roles/mail_server/defaults/main.yml

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

roles/mail_server/molecule/default/molecule.yml

roles/mail_server/molecule/default/tests/test_optional.py

roles/mail_server/templates/main.cf.j2

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -31,12 +31,18 @@ run applications using Debian-only repositories. @@
     the minimum version required, allowing to be more specific to
     avoid unnecessary warning mails being sent out.
   * Updated default package pins for virtual environments used to
     check for available pip package upgrades.
 * ``mail_server`` role
   * Added parameter ``mail_server_smtp_additional_configuration`` that
     provides ability to include additional configuration directives
     for the SMTP server.
 * ``xmpp_server`` role
   * Drop dependency on the external (Prosody) package
     repository. Install everything using official Debian
     repositories. This should help avoid future issues with Prosody
     project removing older versions of packages or dropping entire

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1180,12 +1180,17 @@ Parameters @@
   Maximum size of message in bytes that the SMTP server should accept
   for incoming mails. If the mail message size exceeds the listed
   value, it will be rejected by the server. The size is also
   advertised as part of SMTP server capabilities (in response to the
   ``ehlo`` SMTP command).
 **mail_server_smtp_additional_configuration** (string, optional, ``""``))
   Additional configuration directives to include in SMTP server main
   configuration file. Directives must be specifically compatible with
   Postfix, and are treated verbatim (multi-line string will suffice).
 **mail_server_tls_protocols** (list, optional, ``[ "TLSv1.2" ]``)
   List of TLS protocols the mail server should support. Each value specified
   should be compatible with Postfix configuration option
   ``smtpd_tls_mandatory_protocols`` and Dovecot configuration option
   ``ssl_protocols``.

roles/mail_server/defaults/main.yml

➞

Show inline comments

@@ @@ -16,6 +16,7 @@ DHE-RSA-AES256-GCM-SHA384:\ @@
 DHE-RSA-CHACHA20-POLY1305:\
 ECDHE-RSA-AES128-GCM-SHA256:\
 ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-CHACHA20-POLY1305:\
 !aNULL:!MD5:!EXPORT"
 mail_message_size_limit: 10240000
 mail_server_smtp_additional_configuration: ""

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -27,12 +27,15 @@ smtp_rbl: @@
   - zen.spamhaus.org
 mail_postmaster: "webmaster@parameters-optional"
 smtp_allow_relay_from:
   - "{{ release_based_smtp_allow_relay_from[ansible_distribution_release] }}"
 mail_message_size_limit: 20480001
 mail_server_smtp_additional_configuration: |
   smtpd_banner = $myhostname ESMTP My SMTP Server
   smtp_skip_5xx_greeting = no
 # Variables dependant on distribution release.
 release_based_smtp_allow_relay_from:
   buster: "192.168.56.20"
 # common

roles/mail_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -26,13 +26,13 @@ platforms: @@
     interfaces:
       - auto_config: true
         ip: 192.168.56.10
         network_name: private_network
         type: static
     config_options:
-      synced_folder: True
+      synced_folder: true
   - name: ldap-server
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     interfaces:

roles/mail_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -205,6 +205,29 @@ def test_mail_message_size_limit(host): @@
     capabilities = host.run("(echo 'ehlo localhost' && sleep 2) | telnet localhost 25")
     begin = capabilities.stdout.find("250-SIZE")
     end = capabilities.stdout.find("\n", begin)
     mail_message_size_limit = capabilities.stdout[begin:end]
     assert mail_message_size_limit == "250-SIZE 20480001"
 def test_smtp_additional_configuration_present_in_file(host):
     """
     Tests if additional SMTP server configuration has been applied
     against the configuration file.
     """
     config = host.file("/etc/postfix/main.cf")
     assert "smtpd_banner = $myhostname ESMTP My SMTP Server" in config.content_string
     assert "smtp_skip_5xx_greeting = no" in config.content_string
 def test_smtp_additional_configuration_active(host):
     """
     Tests if additional SMTP server configuration has been applied
     against the running server.
     """
     command = host.run('swaks --quit-after BANNER --to root@localhost')
     assert "ESMTP My SMTP Server" in command.stdout

roles/mail_server/templates/main.cf.j2

➞

Show inline comments

@@ @@ -95,6 +95,8 @@ notify_classes = resource, software, 2bounce @@
 # Fall-back to using native lookups (/etc/hosts etc) if DNS lookup fails. Useful
 # for local overrides of mail servers.
 smtp_host_lookup = dns, native
 # Explicitly set maximum allowed mail size that should be accepted.
 message_size_limit = {{ mail_message_size_limit }}
 {{ mail_server_smtp_additional_configuration }}

0 comments (0 inline, 0 general)