Getting started

Default configuration

The debops.postfix role configures a basic Postfix SMTP server with configuration similar to the "Internet Site" configuration enabled by default by the Debian package. With the default configuration, SMTP service listens for connections on port 25 from all hosts. Mail relay is authorized from localhost, other hosts are deferred. The SMTP server accepts mail addressed for the host's FQDN, but not it's domain. There's no default relayhost, Postfix delivers the mail directly to other hosts. Local mail is enabled by default, support for mail aliases is provided by the debops.etc_aliases Ansible role.

Additional configuration is defined in separate variables and can be easily disabled or modified if necessary. To do that, you can modify the values of the postfix__combined_maincf and postfix__combined_mastercf variables.

The Postfix service will be configured to use TLS connections and strong encryption by default. This might interfere with SMTP service operation for older installations that don't support required features.

Example inventory

To install and configure Postfix on a host, it needs to be present in the [debops_service_postfix] Ansible inventory group:

[debops_service_postfix]
hostname

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.postfix role:

---

- name: Manage Postfix SMTP service
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_postfix' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  pre_tasks:

    - name: Prepare etc_aliases environment
      ansible.builtin.import_role:
        name: 'etc_aliases'
        tasks_from: 'main_env'
      tags: [ 'role::etc_aliases', 'role::secret', 'role::postfix' ]

    - name: Prepare postfix environment
      ansible.builtin.import_role:
        name: 'postfix'
        tasks_from: 'main_env'
      tags: [ 'role::postfix', 'role::secret', 'role::ferm' ]

  roles:

    - role: secret
      tags: [ 'role::secret', 'role::postfix' ]
      secret__directories:
        - '{{ etc_aliases__secret__directories }}'
        - '{{ postfix__secret__directories }}'

    - role: ferm
      tags: [ 'role::ferm', 'skip::ferm' ]
      ferm__dependent_rules:
        - '{{ postfix__ferm__dependent_rules }}'

    - role: etc_aliases
      tags: [ 'role::etc_aliases', 'skip::etc_aliases' ]

    - role: postfix
      tags: [ 'role::postfix', 'skip::postfix' ]

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after a host was first configured to speed up playbook execution, when you are sure that most of the configuration is already in the desired state.

Available role tags:

role::postfix

Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.