debops.nullmailer default variables

Basic configuration and other MTAs

nullmailer__enabled

Enable or disable support for nullmailer service. The role will check for presence of other Mail Transport Agents on a host and disable itself automatically if needed.

nullmailer__enabled: True
nullmailer__skip_mta

The debops.nullmailer role avoids replacing the currently configured SMTP server if it's detected. To disable this functionality and force the nullmailer service to replace an existing MTA, set this variable to False.

nullmailer__skip_mta: True
nullmailer__skip_mta_packages

List of APT packages which, if present, will disable configuration of nullmailer service.

nullmailer__skip_mta_packages: [ 'postfix' ]
nullmailer__purge_mta_packages

List of APT packages which will be purged when nullmailer service is enabled, to stop them from interfering with the active MTA.

nullmailer__purge_mta_packages: [ 'exim4-base', 'exim4-config', 'exim4-daemon-light',
                                  'postfix', 'msmtp-mta', 'dma' ]

APT package configuration

nullmailer__base_packages

List of APT packages which will be installed to configure nullmailer service.

nullmailer__base_packages: [ 'nullmailer' ]
nullmailer__smtpd_packages

List of APT packages which will be installed when the nullmailer-smtpd service is enabled.

nullmailer__smtpd_packages: '{{ [ "xinetd" ] if nullmailer__smtpd|bool else [] }}'
nullmailer__packages

List of custom APT packages installed with nullmailer.

nullmailer__packages: []

DNS, domain, catch-all e-mail addresses

nullmailer__mailname

The FQDN name of the host, stored in the /etc/mailname configuration file. See https://wiki.debian.org/EtcMailName for more details.

nullmailer__mailname: '{{ ansible_fqdn }}'
nullmailer__domain

The default DNS domain used in different configuration variables of the role.

nullmailer__domain: '{{ ansible_domain if ansible_domain|d() else ansible_hostname }}'
nullmailer__adminaddr

If this list is not empty, all mail messages addressed to any user in the default hostname from /etc/mailname or localhost will be redirected to the specified e-mail addresses (catch-all).

nullmailer__adminaddr: [ 'root@{{ nullmailer__domain }}' ]
nullmailer__idhost

The string used to generate the Message-Id: header of sent messages.

nullmailer__idhost: '{{ nullmailer__domain }}'
nullmailer__helohost

The string sent to the remote SMTP servers in the HELO command.

nullmailer__helohost: '{{ nullmailer__mailname }}'
nullmailer__defaulthost

The string appended to the e-mail addresses without the "host" part.

nullmailer__defaulthost: '{{ nullmailer__mailname }}'
nullmailer__defaultdomain

The string appended to the host part of the e-mail addresses without a dot.

nullmailer__defaultdomain: '{{ nullmailer__domain }}'

SMTP relay configuration

nullmailer__starttls

Boolean. If enabled, all remote SMTP servers configured in /etc/nullmailer/remotes will request encrypted connections using the STARTTLS command. This can be overridden per remote, see nullmailer__remotes for more details.

nullmailer__starttls: True
nullmailer__relayhost

The FQDN address of the mail server to which all mail messages will be forwarded to by the nullmailer service.

nullmailer__relayhost: 'smtp.{{ nullmailer__domain }}'
nullmailer__relayhost_options

Additional options set for the default relayhost in the /etc/nullmailer/remotes configuration file. See nullmailer__remotes for more details.

nullmailer__relayhost_options: []
nullmailer__default_remotes

The default list of SMTP servers where nullmailer forwards all mail messages. See nullmailer__remotes for more details.

nullmailer__default_remotes:
  - host: '{{ nullmailer__relayhost }}'
    options: '{{ nullmailer__relayhost_options }}'
nullmailer__remotes

The list of additional SMTP servers where nullmailer forwards all mail messages. See nullmailer__remotes for more details.

nullmailer__remotes: []

Nullmailer rate limits

nullmailer__maxpause

The maximum number of seconds to pause between successive queue runs.

nullmailer__maxpause: '86400'
nullmailer__pausetime

The minimum number of seconds to pause between successive queue runs when there are messages in the queue.

nullmailer__pausetime: '60'
nullmailer__sendtimeout

The number of seconds to wait for a thread to complete sending a message before killing it and trying again.

nullmailer__sendtimeout: '3600'

Configuration file definitions

nullmailer__configuration_files

List which defines names and contents of the configuration files managed by the debops.nullmailer role. See the nullmailer__configuration_files for more details.

nullmailer__configuration_files:

  - dest: '/etc/mailname'
    content: '{{ nullmailer__mailname }}'
    purge: False

  - dest: '/etc/nullmailer/adminaddr'
    content: '{{ nullmailer__adminaddr
                 if nullmailer__adminaddr is string
                 else nullmailer__adminaddr|join(",") }}'

  - dest: '/etc/nullmailer/idhost'
    content: '{{ nullmailer__idhost }}'
    state: '{{ "present" if nullmailer__idhost else "absent" }}'

  - dest: '/etc/nullmailer/helohost'
    content: '{{ nullmailer__helohost }}'
    state: '{{ "present" if nullmailer__helohost else "absent" }}'

  - dest: '/etc/nullmailer/defaulthost'
    content: '{{ nullmailer__defaulthost }}'
    state: '{{ "present" if nullmailer__defaulthost else "absent" }}'

  - dest: '/etc/nullmailer/defaultdomain'
    content: '{{ nullmailer__defaultdomain }}'
    state: '{{ "present" if nullmailer__defaultdomain else "absent" }}'

  - dest: '/etc/nullmailer/maxpause'
    content: '{{ nullmailer__maxpause }}'
    state: '{{ "present" if nullmailer__maxpause else "absent" }}'

  - dest: '/etc/nullmailer/pausetime'
    content: '{{ nullmailer__pausetime }}'
    state: '{{ "present" if nullmailer__pausetime else "absent" }}'

  - dest: '/etc/nullmailer/sendtimeout'
    content: '{{ nullmailer__sendtimeout }}'
    state: '{{ "present" if nullmailer__sendtimeout else "absent" }}'
nullmailer__private_configuration_files

List which defines names and contents of the private configuration files managed by the debops.nullmailer role. Modifications to the configuration files on this list won't be logged by Ansible. See the nullmailer__configuration_files for more details.

nullmailer__private_configuration_files:

  - dest: '/etc/nullmailer/remotes'
    content: "{{ lookup('template', 'lookup/nullmailer__remotes.j2')
                 | from_yaml | join('\n') }}"
    owner: 'mail'
    group: 'mail'
    mode: '0600'
nullmailer__purge_default_files

Absolute paths to files which should be purged by the cleanup script when the nullmailer APT package configuration is purged. See nullmailer__purge_files for more details.

nullmailer__purge_default_files:
  - '/etc/ferm/ferm.d/50_debops.nullmailer_accept_25.conf'
  - '/etc/hosts.allow.d/50_nullmailer_dependent_allow'
  - '/etc/dpkg/dpkg.cfg.d/debops-nullmailer'
  - '/usr/local/lib/debops-nullmailer-dpkg-cleanup'
nullmailer__purge_files

Additional list of files which should be purged when the nullmailer APT package is purged. See nullmailer__purge_files for more details.

nullmailer__purge_files: []

Nullmailer SMTPD service

The debops.nullmailer role can configure a nullmailer-smtpd service using nullmailer and xinetd packages. The xinetd service will listen on port 25 (can be changed) and on incoming connection will start a sendmail process which can be used to send an e-mail message.

This service does not perform any user authentication, therefore debops.ferm and debops.tcpwrappers roles are used to limit the access from the network to specific IP addresses or CIDR subnets. By default, the nullmailer-smtpd service listens for new TCP connections only on the loopback interface, and firewall/TCP Wrappers do not accept any connections from the network.

nullmailer__smtpd

Enable or disable custom xinetd-based SMTP service which allows access to the sendmail program from other hosts over the network.

nullmailer__smtpd: False
nullmailer__smtpd_bind

Specify the IP address on which the xinetd SMTP server should listen for new connections. By default it listens only on lo interface.

nullmailer__smtpd_bind: 'localhost'
nullmailer__smtpd_port

Default port to listen on for the SMTP connections.

nullmailer__smtpd_port: '25'
nullmailer__smtpd_allow

Specify list of IP addresses or CIDR subnets which are allowed to connect to the nullmailer-smtpd service. These lists will be configured in the iptables firewall using debops.ferm role and in the TCP Wrappers using debops.tcpwrappers role.

If this list is empty, nobody is allowed to connect remotely.

nullmailer__smtpd_allow: []

Configuration for other Ansible roles

nullmailer__ferm__dependent_rules

Configuration for the debops.ferm role.

nullmailer__ferm__dependent_rules:

  - type: 'accept'
    dport: [ '{{ nullmailer__smtpd_port }}' ]
    saddr: '{{ nullmailer__smtpd_allow }}'
    accept_any: False
    weight: '50'
    role: 'debops.nullmailer'
    rule_state: '{{ "present"
                    if (nullmailer__deploy_state|d("present") != "absent" and
                        nullmailer__smtpd|bool) else "absent" }}'
nullmailer__tcpwrappers__dependent_allow

Configuration for the debops.tcpwrappers Ansible role.

nullmailer__tcpwrappers__dependent_allow:

  - daemon: 'sendmail'
    client: '{{ nullmailer__smtpd_allow }}'
    accept_any: False
    weight: '50'
    filename: 'nullmailer_dependent_allow'
    comment: 'Allow remote connections to SMTP server'
    state: '{{ "present"
               if (nullmailer__deploy_state|d("present") != "absent" and
                   nullmailer__smtpd|bool) else "absent" }}'