# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first

# line of that file to be used as the name.  The Debian default

# is /etc/mailname.

#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

biff = no

# appending .domain is the MUA's job.

append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings

#delay_warning_time = 4h

readme_directory = no

# TLS parameters

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

smtpd_use_tls=yes

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

# information on enabling SSL in the smtp client.

myhostname = mail

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination = mail.example.com, mail, localhost.localdomain, localhost

relayhost = 

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

mailbox_command = procmail -a "$EXTENSION"

mailbox_size_limit = 0

recipient_delimiter = +

inet_interfaces = all

- name: Deploy Postfix configurations files for LDAP look-ups

  template: src="{{ item }}.cf.j2" dest="/etc/postfix/{{ item }}.cf" owner=root group=postfix mode=640

  with_items:

    - ldap-virtual-alias-maps

    - ldap-virtual-mailbox-domains

    - ldap-virtual-mailbox-maps

- name: Deploy Postfix main configurationg

  copy: src="main.cf" dest="/etc/postfix/main.cf"

# Connection settings.

server_host = {{ mail_ldap.url }}

start_tls = yes

tls_require_cert = yes

tls_ca_cert_file = {{ mail_ldap.tls_truststore }}

bind = yes

bind_dn = cn=postfix,ou=services,{{ mail_ldap.root_dn }}

bind_pw = {{ mail_ldap.postfix_password }}

version = 3

# Query settings.

search_base = ou=aliases,ou=mail,ou=services,{{ mail_ldap.root_dn }}

scope = one

query_filter = cn=%s

result_attribute = rfc822MailMember

# Connection settings.

server_host = {{ mail_ldap.url }}

start_tls = yes

tls_require_cert = yes

tls_ca_cert_file = {{ mail_ldap.tls_truststore }}

bind = yes

bind_dn = cn=postfix,ou=services,{{ mail_ldap.root_dn }}

bind_pw = {{ mail_ldap.postfix_password }}

version = 3

# Query settings.

search_base = ou=domains,ou=mail,ou=services,{{ mail_ldap.root_dn }}

scope = one

query_filter = dc=%s

result_attribute = dc

# Connection settings.

server_host = {{ mail_ldap.url }}

start_tls = yes

tls_require_cert = yes

tls_ca_cert_file = {{ mail_ldap.tls_truststore }}

bind = yes

bind_dn = cn=postfix,ou=services,{{ mail_ldap.root_dn }}

bind_pw = {{ mail_ldap.postfix_password }}

version = 3

# Query settings

search_base = ou=people,{{ mail_ldap.root_dn }}

scope = one

query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_ldap.root_dn}}))

result_attribute = mail