debops.nullmailer default variables

Basic configuration and other MTAs


Enable or disable support for nullmailer service. The role will check for presence of other Mail Transport Agents on a host and disable itself automatically if needed.

nullmailer__enabled: True

The debops.nullmailer role avoids replacing the currently configured SMTP server if it's detected. To disable this functionality and force the nullmailer service to replace an existing MTA, set this variable to False.

nullmailer__skip_mta: True

List of APT packages which, if present, will disable configuration of nullmailer service.

nullmailer__skip_mta_packages: [ 'postfix' ]

List of APT packages which will be purged when nullmailer service is enabled, to stop them from interfering with the active MTA.

nullmailer__purge_mta_packages: [ 'exim4-base', 'exim4-config', 'exim4-daemon-light',
                                  'postfix', 'msmtp-mta', 'dma' ]

APT package configuration


List of APT packages which will be installed to configure nullmailer service.

nullmailer__base_packages: [ 'nullmailer' ]

List of APT packages which will be installed when the nullmailer-smtpd service is enabled.

nullmailer__smtpd_packages: '{{ [ "xinetd" ] if nullmailer__smtpd|bool else [] }}'

List of custom APT packages installed with nullmailer.

nullmailer__packages: []

DNS, domain, catch-all e-mail addresses


The FQDN name of the host, stored in the /etc/mailname configuration file. See for more details.

nullmailer__mailname: '{{ ansible_fqdn }}'

The default DNS domain used in different configuration variables of the role.

nullmailer__domain: '{{ ansible_domain if ansible_domain|d() else ansible_hostname }}'

If this list is not empty, all mail messages addressed to any user in the default hostname from /etc/mailname or localhost will be redirected to the specified e-mail addresses (catch-all).

nullmailer__adminaddr: [ 'root@{{ nullmailer__domain }}' ]

The string used to generate the Message-Id: header of sent messages.

nullmailer__idhost: '{{ nullmailer__domain }}'

The string sent to the remote SMTP servers in the HELO command.

nullmailer__helohost: '{{ nullmailer__mailname }}'

The string appended to the e-mail addresses without the "host" part.

nullmailer__defaulthost: '{{ nullmailer__mailname }}'

The string appended to the host part of the e-mail addresses without a dot.

nullmailer__defaultdomain: '{{ nullmailer__domain }}'

SMTP relay configuration


Boolean. If enabled, all remote SMTP servers configured in /etc/nullmailer/remotes will request encrypted connections using the STARTTLS command. This can be overridden per remote, see nullmailer__remotes for more details.

nullmailer__starttls: True

The FQDN address of the mail server to which all mail messages will be forwarded to by the nullmailer service.

nullmailer__relayhost: 'smtp.{{ nullmailer__domain }}'

Additional options set for the default relayhost in the /etc/nullmailer/remotes configuration file. See nullmailer__remotes for more details.

nullmailer__relayhost_options: []

The default list of SMTP servers where nullmailer forwards all mail messages. See nullmailer__remotes for more details.

  - host: '{{ nullmailer__relayhost }}'
    options: '{{ nullmailer__relayhost_options }}'

The list of additional SMTP servers where nullmailer forwards all mail messages. See nullmailer__remotes for more details.

nullmailer__remotes: []

Nullmailer rate limits


The maximum number of seconds to pause between successive queue runs.

nullmailer__maxpause: '86400'

The minimum number of seconds to pause between successive queue runs when there are messages in the queue.

nullmailer__pausetime: '60'

The number of seconds to wait for a thread to complete sending a message before killing it and trying again.

nullmailer__sendtimeout: '3600'

Configuration file definitions


List which defines names and contents of the configuration files managed by the debops.nullmailer role. See the nullmailer__configuration_files for more details.


  - dest: '/etc/mailname'
    content: '{{ nullmailer__mailname }}'
    purge: False

  - dest: '/etc/nullmailer/adminaddr'
    content: '{{ nullmailer__adminaddr
                 if nullmailer__adminaddr is string
                 else nullmailer__adminaddr|join(",") }}'

  - dest: '/etc/nullmailer/idhost'
    content: '{{ nullmailer__idhost }}'
    state: '{{ "present" if nullmailer__idhost else "absent" }}'

  - dest: '/etc/nullmailer/helohost'
    content: '{{ nullmailer__helohost }}'
    state: '{{ "present" if nullmailer__helohost else "absent" }}'

  - dest: '/etc/nullmailer/defaulthost'
    content: '{{ nullmailer__defaulthost }}'
    state: '{{ "present" if nullmailer__defaulthost else "absent" }}'

  - dest: '/etc/nullmailer/defaultdomain'
    content: '{{ nullmailer__defaultdomain }}'
    state: '{{ "present" if nullmailer__defaultdomain else "absent" }}'

  - dest: '/etc/nullmailer/maxpause'
    content: '{{ nullmailer__maxpause }}'
    state: '{{ "present" if nullmailer__maxpause else "absent" }}'

  - dest: '/etc/nullmailer/pausetime'
    content: '{{ nullmailer__pausetime }}'
    state: '{{ "present" if nullmailer__pausetime else "absent" }}'

  - dest: '/etc/nullmailer/sendtimeout'
    content: '{{ nullmailer__sendtimeout }}'
    state: '{{ "present" if nullmailer__sendtimeout else "absent" }}'

List which defines names and contents of the private configuration files managed by the debops.nullmailer role. Modifications to the configuration files on this list won't be logged by Ansible. See the nullmailer__configuration_files for more details.


  - dest: '/etc/nullmailer/remotes'
    content: "{{ lookup('template', 'lookup/nullmailer__remotes.j2')
                 | from_yaml | join('\n') }}"
    owner: 'mail'
    group: 'mail'
    mode: '0600'

Absolute paths to files which should be purged by the cleanup script when the nullmailer APT package configuration is purged. See nullmailer__purge_files for more details.

  - '/etc/ferm/ferm.d/50_debops.nullmailer_accept_25.conf'
  - '/etc/hosts.allow.d/50_nullmailer_dependent_allow'
  - '/etc/dpkg/dpkg.cfg.d/debops-nullmailer'
  - '/usr/local/lib/debops-nullmailer-dpkg-cleanup'

Additional list of files which should be purged when the nullmailer APT package is purged. See nullmailer__purge_files for more details.

nullmailer__purge_files: []

Nullmailer SMTPD service

The debops.nullmailer role can configure a nullmailer-smtpd service using nullmailer and xinetd packages. The xinetd service will listen on port 25 (can be changed) and on incoming connection will start a sendmail process which can be used to send an e-mail message.

This service does not perform any user authentication, therefore debops.ferm and debops.tcpwrappers roles are used to limit the access from the network to specific IP addresses or CIDR subnets. By default, the nullmailer-smtpd service listens for new TCP connections only on the loopback interface, and firewall/TCP Wrappers do not accept any connections from the network.


Enable or disable custom xinetd-based SMTP service which allows access to the sendmail program from other hosts over the network.

nullmailer__smtpd: False

Specify the IP address on which the xinetd SMTP server should listen for new connections. By default it listens only on lo interface.

nullmailer__smtpd_bind: 'localhost'

Default port to listen on for the SMTP connections.

nullmailer__smtpd_port: '25'

Specify list of IP addresses or CIDR subnets which are allowed to connect to the nullmailer-smtpd service. These lists will be configured in the iptables firewall using debops.ferm role and in the TCP Wrappers using debops.tcpwrappers role.

If this list is empty, nobody is allowed to connect remotely.

nullmailer__smtpd_allow: []

Configuration for other Ansible roles


Configuration for the debops.ferm role.


  - type: 'accept'
    dport: [ '{{ nullmailer__smtpd_port }}' ]
    saddr: '{{ nullmailer__smtpd_allow }}'
    accept_any: False
    weight: '50'
    role: 'debops.nullmailer'
    rule_state: '{{ "present"
                    if (nullmailer__deploy_state|d("present") != "absent" and
                        nullmailer__smtpd|bool) else "absent" }}'

Configuration for the debops.tcpwrappers Ansible role.


  - daemon: 'sendmail'
    client: '{{ nullmailer__smtpd_allow }}'
    accept_any: False
    weight: '50'
    filename: 'nullmailer_dependent_allow'
    comment: 'Allow remote connections to SMTP server'
    state: '{{ "present"
               if (nullmailer__deploy_state|d("present") != "absent" and
                   nullmailer__smtpd|bool) else "absent" }}'