debops.postfix default variables
Sections
APT packages, version
- postfix__base_packages
List of the default APT packages to install for Postfix support.
postfix__base_packages: [ 'postfix', 'postfix-pcre', 'bsd-mailx', 'make',
'ssl-cert', 'ca-certificates' ]
- postfix__dependent_packages
List of additional APT packages requested by other Ansible roles via role dependent variables.
postfix__dependent_packages: []
- postfix__packages
List of custom APT packages to install with Postfix.
postfix__packages: []
- postfix__group_packages
List of custom APT packages installed on hosts in a specific group in Ansible inventory.
postfix__group_packages: []
- postfix__host_packages
List of custom APT packages installed on specific hosts in Ansible inventory.
postfix__host_packages: []
- postfix__purge_packages
List of APT packages to purge when Postfix is installed, to remove the remnants of other SMTP services.
postfix__purge_packages: [ 'exim4-base', 'exim4-config',
'exim4-daemon-light', 'nullmailer' ]
- postfix__version
The currently installed Postfix version. This variable is defined by the Ansible local facts and it's here for convenience, shouldn't be set manually.
postfix__version: '{{ ansible_local.postfix.version | d("0.0.0") }}'
- postfix__doc_installed
The postfix-doc
APT package modifies the /etc/postfix/main.cf
configuration file directly, therefore the role takes its presence into
account during configuration. The package presence is checked by the Ansible
local facts.
postfix__doc_installed: '{{ ansible_local.postfix.doc_installed
if (ansible_local | d() and ansible_local.postfix | d() and
ansible_local.postfix.doc_installed is defined)
else False }}'
DNS, mail next-hop configuration
- postfix__fqdn
The host's Fully Qualified Domain Name used in the Postfix configuration.
postfix__fqdn: '{{ ansible_fqdn }}'
- postfix__domain
The host's DNS domain name used in the Postfix configuration.
postfix__domain: '{{ ansible_domain }}'
- postfix__relayhost
Next-hop destination of non-local mail.
postfix__relayhost: ''
- postfix__mailname
The name of this mail system, configured in /etc/mailname
file. This
name is used as the domain part in sender mail addresses that don't have one.
See https://wiki.debian.org/EtcMailName for more details.
postfix__mailname: '{{ postfix__fqdn }}'
Firewall configuration
- postfix__accept_any
Specofy the default firewall policy for Postfix services.
If True
, any host can connect to the Postfix services unless allow
restrictions are defined using the variables below.
If False
, no hosts can connect to the Postfix services by default. You
need to specify IP addresses or subnets that can access the services using
the variables below.
postfix__accept_any: True
- postfix_allow_smtp
List of hosts/networks that can access the smtp
port (25).
postfix__allow_smtp: []
- postfix_allow_submission
List of hosts/networks that can access the submission
port (587).
postfix__allow_submission: []
- postfix_allow_smtps
List of hosts/networks that can access the smtps
port (465).
postfix__allow_smtps: []
PKI / TLS configuration
- postfix__pki
Enable or disable support for TLS in Postfix, managed by the debops.pki Ansible role.
postfix__pki: '{{ ansible_local.pki.enabled | d() | bool }}'
- postfix__pki_path
Absolute path to the directory where PKI realms are located.
postfix__pki_path: '{{ ansible_local.pki.path | d("/etc/pki/realms") }}'
- postfix__pki_realm
Name of the default PKI realm used by Postfix.
postfix__pki_realm: '{{ ansible_local.pki.realm | d("domain") }}'
- postfix__pki_ca
Name of the Root Certificate Authority certificate file used by Postfix, relative to the PKI realm directory.
postfix__pki_ca: '{{ ansible_local.pki.ca | d("CA.crt") }}'
- postfix__pki_crt
Name of the certificate file used by Postfix, relative to the PKI realm directory.
postfix__pki_crt: '{{ ansible_local.pki.crt | d("default.crt") }}'
- postfix__pki_key
Name of the private key file used by Postfix, relative to the PKI realm directory.
postfix__pki_key: '{{ ansible_local.pki.key | d("default.key") }}'
- postfix__tls_ca_file
Absolute path of the Root Certificate Authority certificate file used in the Postfix configuration. This file should also be present in the Postfix chroot directory.
postfix__tls_ca_file: '/etc/ssl/certs/ca-certificates.crt'
- postfix__tls_cert_file
Absolute path of the certificate file used in the Postfix configuration.
postfix__tls_cert_file: '{{ (postfix__pki_path + "/" + postfix__pki_realm + "/" + postfix__pki_crt)
if postfix__pki | bool else "/etc/ssl/certs/ssl-cert-snakeoil.pem" }}'
- postfix__tls_key_file
Absolute path of the private key file used in the Postfix configuration.
postfix__tls_key_file: '{{ (postfix__pki_path + "/" + postfix__pki_realm + "/" + postfix__pki_key)
if postfix__pki | bool else "/etc/ssl/private/ssl-cert-snakeoil.key" }}'
- postfix__pki_hook_name
Name of the hook script which will be stored in hook directory.
postfix__pki_hook_name: 'postfix'
- postfix__pki_hook_path
Directory with PKI hooks.
postfix__pki_hook_path: '{{ ansible_local.pki.hooks | d("/etc/pki/hooks") }}'
- postfix__pki_hook_action
Specify how changes in PKI should affect postfix, either 'reload' or 'restart'.
postfix__pki_hook_action: 'reload'
Diffie-Hellman parameters
- postfix__dhparam
Enable or disable support for custom Diffie-Hellman parameters managed by the debops.dhparam Ansible role.
postfix__dhparam: '{{ ansible_local.dhparam.enabled
if (ansible_local | d() and ansible_local.dhparam | d() and
ansible_local.dhparam.enabled is defined)
else False }}'
- postfix__dhparam_set
Name of the Diffie-Hellman parameter set to use in Postfix configuration. See debops.dhparam Ansible role for more details.
postfix__dhparam_set: 'default'
- postfix__tls_dh1024_param_file
Absolute path to Diffie-Hellman parameters file which should be used for non-export grade connections.
postfix__tls_dh1024_param_file: '{{ ansible_local.dhparam[postfix__dhparam_set]
if (ansible_local | d() and ansible_local.dhparam | d() and
ansible_local.dhparam[postfix__dhparam_set] | d())
else "" }}'
- postfix__tls_dh512_param_file
Absolute path to Diffie-Hellman parameters file which should be used for export grade connections.
postfix__tls_dh512_param_file: '{{ ansible_local.dhparam[postfix__dhparam_set]
if (ansible_local | d() and ansible_local.dhparam | d() and
ansible_local.dhparam[postfix__dhparam_set] | d())
else "" }}'
Postfix 'main.cf' configuration
These variables define the contents of the /etc/postfix/main.cf
configuration file. See Default variable details: postfix__maincf for more details.
- postfix__original_maincf
List of options defined by the Debian postfix
package when the default
"Internet Site" configuration type is selected during installation. This list
is used as the base configuration.
postfix__original_maincf:
- name: 'myorigin_example'
option: 'myorigin'
value: '/etc/mailname'
comment: |
Debian specific: Specifying a file name will cause the first
line of that file to be used as the name. The Debian default
is /etc/mailname.
state: 'comment'
section: 'base'
- name: 'smtpd_banner'
value: '$myhostname ESMTP $mail_name (Debian/GNU)'
section: 'base'
- name: 'biff'
value: False
section: 'base'
- name: 'append_dot_mydomain'
value: False
comment: "appending .domain is the MUA's job."
section: 'base'
- name: 'delay_warning_time'
value: '4h'
comment: 'Uncomment the next line to generate "delayed mail" warnings'
state: 'comment'
section: 'base'
- name: 'readme_directory'
value: '{{ "/usr/share/doc/postfix"
if postfix__doc_installed | bool
else False }}'
section: 'base'
- name: 'compatibility_level'
value: 2
comment: |
See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
fresh installs.
section: 'base'
state: '{{ "present"
if (postfix__version is version_compare("3.0.0", ">="))
else "ignore" }}'
- name: 'smtpd_tls_cert_file'
value: '{{ postfix__tls_cert_file }}'
comment: 'TLS parameters'
section: 'base'
- name: 'smtpd_tls_key_file'
value: '{{ postfix__tls_key_file }}'
section: 'base'
- name: 'smtpd_use_tls'
value: True
section: 'base'
- name: 'smtpd_tls_session_cache_database'
value: 'btree:${data_directory}/smtpd_scache'
section: 'base'
- name: 'smtp_tls_session_cache_database'
value: 'btree:${data_directory}/smtp_scache'
section: 'base'
- name: 'smtp_tls_client_comment'
comment: |
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
information on enabling SSL in the smtp client.
state: 'hidden'
section: 'base'
- name: 'smtpd_relay_restrictions'
section: 'base'
state: '{{ "present"
if (postfix__version is version_compare("2.10.0", ">="))
else "ignore" }}'
value:
- name: 'permit_mynetworks'
weight: -300
- name: 'permit_sasl_authenticated'
weight: -200
- name: 'defer_unauth_destination'
weight: -100
- name: 'myhostname'
value: '{{ postfix__fqdn }}'
section: 'base'
- name: 'alias_maps'
value: [ 'hash:/etc/aliases' ]
section: 'base'
- name: 'alias_database'
value: [ 'hash:/etc/aliases' ]
section: 'base'
- name: 'myorigin'
value: '/etc/mailname'
section: 'base'
- name: 'mydestination'
section: 'base'
value:
- '{{ postfix__fqdn }}'
- name: 'localhost.{{ postfix__domain }}'
weight: 190
- name: 'localhost'
weight: 200
- name: 'relayhost'
value: '{{ postfix__relayhost }}'
section: 'base'
- name: 'mynetworks'
section: 'base'
value:
- name: '127.0.0.0/8'
weight: 100
- name: '::ffff:127.0.0.0/104'
weight: 100
- name: '::1/128'
weight: 100
- name: 'mailbox_size_limit'
value: 0
section: 'base'
- name: 'recipient_delimiter'
value: '+'
section: 'base'
- name: 'inet_interfaces'
value: 'all'
section: 'base'
- name: 'inet_protocols'
value: 'all'
section: 'base'
state: '{{ "present"
if (ansible_distribution_release == "stretch")
else "ignore" }}'
- name: 'html_directory'
value: '{{ "/usr/share/doc/postfix/html"
if postfix__doc_installed | bool
else False }}'
section: 'base'
- postfix__default_maincf
The list of Postfix /etc/postfix/main.cf
configuration file options
defined by default by the debops.postfix
Ansible role.
postfix__default_maincf:
- name: 'smtpd_banner'
value: '$myhostname ESMTP'
- name: 'enable_long_queue_ids'
value: True
section: 'base'
state: '{{ "present"
if (postfix__version is version_compare("2.9.0", ">="))
else "ignore" }}'
- postfix__tls_maincf
The list of Postfix /etc/postfix/main.cf
configuration file options
defined by default by the debops.postfix
Ansible role which configure
TLS/SSL encryption.
postfix__tls_maincf:
- name: 'smtp_tls_client_comment'
state: 'absent'
- name: 'smtpd_use_tls'
section: 'smtpd-tls'
weight: -500
- name: 'smtpd_tls_cert_file'
section: 'smtpd-tls'
comment: ''
- name: 'smtpd_tls_key_file'
section: 'smtpd-tls'
- name: 'smtpd_tls_CAfile'
value: '{{ postfix__tls_ca_file }}'
section: 'smtpd-tls'
- name: 'smtp_tls_CAfile'
value: '{{ postfix__tls_ca_file }}'
section: 'smtp-tls'
- name: 'lmtp_tls_CAfile'
value: '{{ postfix__tls_ca_file }}'
section: 'lmtp-tls'
- name: 'smtpd_tls_session_cache_database'
section: 'smtpd-tls'
- name: 'smtp_tls_session_cache_database'
section: 'smtp-tls'
- name: 'lmtp_tls_session_cache_database'
value: 'btree:${data_directory}/lmtp_scache'
section: 'lmtp-tls'
- name: 'smtpd_tls_dh1024_param_file'
value: '{{ postfix__tls_dh1024_param_file }}'
state: '{{ "present" if postfix__dhparam | bool else "ignore" }}'
section: 'smtpd-tls'
- name: 'smtpd_tls_dh512_param_file'
value: '{{ postfix__tls_dh512_param_file }}'
state: '{{ "present" if postfix__dhparam | bool else "ignore" }}'
section: 'smtpd-tls'
- name: 'smtpd_tls_loglevel'
value: 1
section: 'smtpd-tls'
- name: 'smtp_tls_loglevel'
value: 1
section: 'smtp-tls'
- name: 'lmtp_tls_loglevel'
value: 1
section: 'lmtp-tls'
- name: 'smtpd_tls_security_level'
value: 'may'
section: 'smtpd-tls'
weight: -500
- name: 'smtp_tls_security_level'
value: 'may'
section: 'smtp-tls'
weight: -500
- name: 'lmtp_tls_security_level'
value: 'may'
section: 'lmtp-tls'
weight: -500
- name: 'smtpd_tls_auth_only'
value: True
section: 'smtpd-tls'
- name: 'smtpd_tls_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'smtpd-tls'
- name: 'smtp_tls_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'smtp-tls'
- name: 'lmtp_tls_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'lmtp-tls'
- name: 'smtpd_tls_mandatory_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'smtpd-tls'
- name: 'smtp_tls_mandatory_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'smtp-tls'
- name: 'lmtp_tls_mandatory_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'lmtp-tls'
- name: 'smtpd_tls_ciphers'
value: 'high'
section: 'smtpd-tls'
- name: 'smtp_tls_ciphers'
value: 'high'
section: 'smtp-tls'
- name: 'lmtp_tls_ciphers'
value: 'high'
section: 'lmtp-tls'
- name: 'smtpd_tls_mandatory_ciphers'
value: 'high'
section: 'smtpd-tls'
- name: 'smtp_tls_mandatory_ciphers'
value: 'high'
section: 'smtp-tls'
- name: 'lmtp_tls_mandatory_ciphers'
value: 'high'
section: 'lmtp-tls'
- name: 'smtpd_tls_exclude_ciphers'
value: [ 'aNULL', 'RC4', 'MD5', 'DES', '3DES', 'RSA', 'SHA' ]
section: 'smtpd-tls'
- name: 'smtp_tls_exclude_ciphers'
value: [ 'aNULL', 'RC4', 'MD5', 'DES', '3DES', 'RSA', 'SHA' ]
section: 'smtp-tls'
- name: 'lmtp_tls_exclude_ciphers'
value: [ 'aNULL', 'RC4', 'MD5', 'DES', '3DES', 'RSA', 'SHA' ]
section: 'lmtp-tls'
- name: 'smtpd_tls_eecdh_grade'
value: 'ultra'
section: 'smtpd-tls'
- name: 'smtpd_tls_received_header'
value: True
section: 'smtpd-tls'
- name: 'smtp_tls_note_starttls_offer'
value: True
section: 'smtp-tls'
- name: 'lmtp_tls_note_starttls_offer'
value: True
section: 'lmtp-tls'
- name: 'tls_preempt_cipherlist'
value: True
section: 'tls'
- name: 'tls_ssl_options'
value: 'NO_COMPRESSION'
section: 'tls'
state: '{{ "present"
if (postfix__version is version_compare("2.11.0", ">="))
else "ignore" }}'
- postfix__restrictions_maincf
The list of Postfix /etc/postfix/main.cf
configuration file options
defined by default by the debops.postfix
Ansible role which configure
mail relay and delivery restrictions.
postfix__restrictions_maincf:
- name: 'smtpd_helo_required'
value: True
section: 'restrictions'
- name: 'strict_rfc821_envelopes'
value: True
section: 'restrictions'
- name: 'smtpd_reject_unlisted_sender'
value: True
section: 'restrictions'
- name: 'disable_vrfy_command'
value: True
section: 'restrictions'
- name: 'smtpd_client_restrictions'
section: 'restrictions'
weight: 10
separator: True
- name: 'smtpd_helo_restrictions'
section: 'restrictions'
weight: 20
value:
- name: 'permit_mynetworks'
weight: -400
- name: 'reject_invalid_helo_hostname'
weight: -300
- name: 'reject_non_fqdn_helo_hostname'
weight: -200
- name: 'reject_unknown_helo_hostname'
weight: -100
- name: 'smtpd_sender_restrictions'
section: 'restrictions'
weight: 30
value:
- name: 'reject_non_fqdn_sender'
weight: -200
- name: 'reject_unknown_sender_domain'
weight: -100
- name: 'permit_mynetworks'
- name: 'smtpd_relay_restrictions'
section: 'restrictions'
copy_id_from: 'smtpd_sender_restrictions'
weight: 40
state: '{{ "present"
if (postfix__version is version_compare("2.10.0", ">="))
else "ignore" }}'
- name: 'smtpd_recipient_restrictions'
section: 'restrictions'
weight: 50
value:
- name: 'reject_non_fqdn_recipient'
weight: -200
- name: 'reject_unknown_recipient_domain'
weight: -100
- name: 'smtpd_data_restrictions'
section: 'restrictions'
weight: 60
value:
- name: 'reject_unauth_pipelining'
weight: -200
- name: 'reject_multi_recipient_bounce'
weight: -100
- name: 'smtpd_discard_ehlo_keywords'
section: 'restrictions'
value:
- 'dsn' # Disallow Delivery Status Notification requests
- 'etrn' # Disallow Remote Message Queue Starting
- postfix__maincf
The list of Postfix /etc/postfix/main.cf
configuration file options
which should be present on all hosts in the Ansible inventory.
postfix__maincf: []
- postfix__group_maincf
The list of Postfix /etc/postfix/main.cf
configuration file options
which should be present on hosts in the specific Ansible inventory group.
postfix__group_maincf: []
- postfix__host_maincf
The list of Postfix /etc/postfix/main.cf
configuration file options
which should be present on specific hosts in the Ansible inventory.
postfix__host_maincf: []
- postfix__dependent_maincf
List of the /etc/postfix/main.cf
configuration options defined by
other roles through role dependent variables. The configuration syntax
differs from a normal main.cf
configuration,
see Usage as a role dependency for more details.
This variable will be merged with the persistent configuration stored on the
Ansible Controller at runtime.
postfix__dependent_maincf: []
- postfix__combined_maincf
List which combines all of the main.cf
-related variables and is used
in the configuration template.
postfix__combined_maincf: '{{ postfix__original_maincf
+ postfix__default_maincf
+ postfix__tls_maincf
+ postfix__restrictions_maincf
+ postfix__env_persistent_maincf
+ postfix__maincf
+ postfix__group_maincf
+ postfix__host_maincf }}'
- postfix__init_maincf
This variable contains initial state of main.cf
configuration options
based on the contents of :envvar:`postfix__combined_maincf variable. It's
used to dynamically assign Postfix options to configuration file sections in
case that a section is not specified.
postfix__init_maincf: '{{ lookup("template",
"lookup/postfix__init_maincf.j2") }}'
- postfix__maincf_sections
List of configuration sections which are defined in the
/etc/postfix/main.cf
configuration file.
See postfix__maincf_sections for more details.
postfix__maincf_sections:
- name: 'base'
- name: 'auth'
title: 'Authentication and authorization'
- name: 'route'
title: 'Message routing'
- name: 'virtual'
title: 'Virtual mail configuration'
- name: 'tls'
title: 'TLS/SSL configuration'
- name: 'smtpd-tls'
title: 'SMTP Server (smtpd) TLS configuration'
- name: 'smtp-tls'
title: 'SMTP Client (smtp) TLS configuration'
- name: 'lmtp-tls'
title: 'Local Mail Transfer Protocol (lmtp) TLS configuration'
- name: 'postscreen'
title: 'postscreen options'
- name: 'restrictions'
title: 'SMTP Server (smtpd) restrictions'
- name: 'filter'
title: 'Mail filtering configuration'
- name: 'limit'
title: 'Rate limits'
- name: 'unknown'
title: 'Other options'
Postfix 'master.cf' configuration
These variables define the contents of the /etc/postfix/master.cf
configuration file. See Default variable details: postfix__mastercf for more details.
- postfix__original_mastercf
List of options defined by the Debian postfix
package when the default
"Internet Site" configuration type is selected during installation. This list
is used as the base configuration.
postfix__original_mastercf:
- name: 'smtp'
type: 'inet'
private: False
chroot: True
command: 'smtpd'
- name: 'postscreen'
service: 'smtp'
type: 'inet'
private: False
chroot: True
maxproc: 1
command: 'postscreen'
state: 'comment'
- name: 'smtpd'
type: 'pass'
chroot: True
state: 'comment'
- name: 'dnsblog'
type: 'unix'
chroot: True
maxproc: 0
state: 'comment'
- name: 'tlsproxy'
type: 'unix'
chroot: True
maxproc: 0
state: 'comment'
- name: 'submission'
type: 'inet'
private: False
chroot: True
command: 'smtpd'
state: 'comment'
options:
- syslog_name: 'postfix/submission'
- smtpd_tls_security_level: 'encrypt'
- smtpd_sasl_auth_enable: True
- smtpd_reject_unlisted_recipient: False
- name: 'smtpd_client_restrictions'
value: '$mua_client_restrictions'
state: 'comment'
- name: 'smtpd_helo_restrictions'
value: '$mua_helo_restrictions'
state: 'comment'
- name: 'smtpd_sender_restrictions'
value: '$mua_sender_restrictions'
state: 'comment'
- smtpd_recipient_restrictions: ''
- name: 'smtpd_relay_restrictions'
value: [ 'permit_sasl_authenticated', 'reject' ]
state: '{{ "present"
if (postfix__version is version_compare("2.10.0", ">="))
else "ignore" }}'
- milter_macro_daemon_name: 'ORIGINATING'
- name: 'smtps'
type: 'inet'
private: False
chroot: True
command: 'smtpd'
state: 'comment'
options:
- syslog_name: 'postfix/smtps'
- smtpd_tls_wrappermode: True
- smtpd_sasl_auth_enable: True
- smtpd_reject_unlisted_recipient: False
- name: 'smtpd_client_restrictions'
value: '$mua_client_restrictions'
state: 'comment'
- name: 'smtpd_helo_restrictions'
value: '$mua_helo_restrictions'
state: 'comment'
- name: 'smtpd_sender_restrictions'
value: '$mua_sender_restrictions'
state: 'comment'
- smtpd_recipient_restrictions: ''
- name: 'smtpd_relay_restrictions'
value: [ 'permit_sasl_authenticated', 'reject' ]
state: '{{ "present"
if (postfix__version is version_compare("2.10.0", ">="))
else "ignore" }}'
- milter_macro_daemon_name: 'ORIGINATING'
- name: 'qmqp'
service: '628'
type: 'inet'
private: False
chroot: True
command: 'qmqpd'
state: 'comment'
- name: 'pickup'
type: 'unix'
private: False
chroot: True
wakeup: 60
maxproc: 1
- name: 'cleanup'
type: 'unix'
private: False
chroot: True
maxproc: 0
- name: 'qmgr'
type: 'unix'
private: False
chroot: False
wakeup: 300
maxproc: 1
- name: 'oqmgr'
service: 'qmgr'
type: 'unix'
private: False
chroot: False
wakeup: 300
maxproc: 1
command: 'oqmgr'
state: 'comment'
- name: 'tlsmgr'
type: 'unix'
chroot: True
wakeup: '1000?'
maxproc: 1
- name: 'rewrite'
type: 'unix'
chroot: True
command: 'trivial-rewrite'
- name: 'bounce'
type: 'unix'
chroot: True
maxproc: 0
- name: 'defer'
type: 'unix'
chroot: True
maxproc: 0
command: 'bounce'
- name: 'trace'
type: 'unix'
chroot: True
maxproc: 0
command: 'bounce'
- name: 'verify'
type: 'unix'
chroot: True
maxproc: 1
- name: 'flush'
type: 'unix'
private: False
chroot: True
wakeup: '1000?'
maxproc: 0
- name: 'proxymap'
type: 'unix'
chroot: False
- name: 'proxywrite'
type: 'unix'
chroot: False
maxproc: 1
command: 'proxymap'
- name: 'smtp_unix'
service: 'smtp'
type: 'unix'
chroot: True
command: 'smtp'
- name: 'relay'
type: 'unix'
chroot: True
command: 'smtp'
options:
- name: 'smtp_helo_timeout'
value: 5
state: 'comment'
- name: 'smtp_connect_timeout'
value: 5
state: 'comment'
- name: 'showq'
type: 'unix'
chroot: True
private: False
- name: 'error'
type: 'unix'
chroot: True
- name: 'retry'
type: 'unix'
chroot: True
command: 'error'
- name: 'discard'
type: 'unix'
chroot: True
- name: 'local'
type: 'unix'
unpriv: False
chroot: False
- name: 'virtual'
type: 'unix'
unpriv: False
chroot: False
- name: 'lmtp'
type: 'unix'
chroot: True
- name: 'anvil'
type: 'unix'
chroot: True
maxproc: 1
- name: 'scache'
type: 'unix'
chroot: True
maxproc: 1
- name: 'non-postfix-sftware'
comment: |
====================================================================
Interfaces to non-Postfix software. Be sure to examine the manual
pages of the non-Postfix software to find out what options it wants.
Many of the following services use the Postfix pipe(8) delivery
agent. See the pipe(8) man page for information about ${recipient}
and other message envelope options.
====================================================================
state: 'hidden'
- name: 'maildrop'
comment: |
maildrop. See the Postfix MAILDROP_README file for details.
Also specify in main.cf: maildrop_destination_recipient_limit=1
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}'
- name: 'cyrus-lmtp-note'
comment: |
====================================================================
Recent Cyrus versions can use the existing "lmtp" master.cf entry.
Specify in cyrus.conf:
lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
Specify in main.cf one or more of the following:
mailbox_transport = lmtp:inet:localhost
virtual_transport = lmtp:inet:localhost
====================================================================
state: 'hidden'
- name: 'cyrus'
comment: |
Cyrus 2.1.5 (Amos Gouaux)
Also specify in main.cf: cyrus_destination_recipient_limit=1
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}'
state: 'comment'
- name: 'old-cyrus'
comment: |
====================================================================
Old example of delivery via Cyrus.
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}'
state: 'comment'
- name: 'uucp'
comment: |
====================================================================
See the Postfix UUCP_README file for configuration details.
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)'
- name: 'other-delivery-methods'
comment: 'Other external delivery methods.'
state: 'hidden'
- name: 'ifmail'
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)'
- name: 'bsmtp'
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient'
- name: 'scalemail-backend'
type: 'unix'
unpriv: False
chroot: False
maxproc: 2
command: 'pipe'
args: 'flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}'
- name: 'mailman'
type: 'unix'
unpriv: False
chroot: False
args: |
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
command: 'pipe'
- postfix__default_mastercf
The list of Postfix /etc/postfix/master.cf
configuration file options
defined by default by the debops.postfix
Ansible role.
postfix__default_mastercf: []
- postfix__tls_mastercf
The list of Postfix /etc/postfix/master.cf
configuration file options
defined by default by the debops.postfix
Ansible role which configure
TLS/SSL encryption.
postfix__tls_mastercf:
- name: 'submission'
options:
- tls_preempt_cipherlist: True
- name: 'smtps'
options:
- tls_preempt_cipherlist: True
- postfix__mastercf
The list of Postfix /etc/postfix/master.cf
configuration file options
which should be present on all hosts in the Ansible inventory.
postfix__mastercf: []
- postfix__group_mastercf
The list of Postfix /etc/postfix/master.cf
configuration file options
which should be present on hosts in the specific Ansible inventory group.
postfix__group_mastercf: []
- postfix__host_mastercf
The list of Postfix /etc/postfix/master.cf
configuration file options
which should be present on specific hosts in the Ansible inventory.
postfix__host_mastercf: []
- postfix__dependent_mastercf
List of the /etc/postfix/master.cf
configuration options defined by
other roles through role dependent variables. The configuration syntax
differs from a normal master.cf
configuration,
see Usage as a role dependency for more details.
This variable will be merged with the persistent configuration stored on the
Ansible Controller at runtime.
postfix__dependent_mastercf: []
- postfix__combined_mastercf
List which combines all of the master.cf
-related variables and is used
in the configuration template.
postfix__combined_mastercf: '{{ postfix__original_mastercf
+ postfix__default_mastercf
+ postfix__tls_mastercf
+ postfix__env_persistent_mastercf
+ postfix__mastercf
+ postfix__group_mastercf
+ postfix__host_mastercf }}'
Postfix lookup tables
These variables define the contents of the various Postfix lookup tables
which will be placed in the /etc/postfix/
directory.
See postfix__lookup_tables for more details.
- postfix__lookup_tables
List of lookup tables which will be managed on all hosts in the Ansible inventory.
postfix__lookup_tables: []
- postfix__group_lookup_tables
List of lookup tables which will be managed on hosts in specific Ansible inventory group.
postfix__group_lookup_tables: []
- postfix__host_lookup_tables
List of lookup tables which will be managed on specific hosts in the Ansible inventory.
postfix__host_lookup_tables: []
- postfix__dependent_lookup_tables
List of lookup tables which are defined by other Ansible roles through role dependent variables.
postfix__dependent_lookup_tables: []
- postfix__dependent_lookup_tables_filter
This variable filters the configuration defined by other Ansible roles to be usable with the rest of the lookup tables configuration.
postfix__dependent_lookup_tables_filter: '{{ lookup("flattened",
postfix__dependent_lookup_tables) }}'
- postfix__combined_lookup_tables
Variable which combines all lookup table lists and passes them to the Ansible tasks. It also defines the order in which the entries are processed.
postfix__combined_lookup_tables: '{{ ([postfix__dependent_lookup_tables_filter]
if postfix__dependent_lookup_tables_filter is mapping
else postfix__dependent_lookup_tables_filter)
+ postfix__lookup_tables
+ postfix__group_lookup_tables
+ postfix__host_lookup_tables }}'
Configuration for other Ansible roles
- postfix__ferm__dependent_rules
Configuration for the debops.ferm Ansible role.
postfix__ferm__dependent_rules:
- name: 'postfix_smtp'
type: 'accept'
by_role: 'debops.postfix'
dport: [ 'smtp' ]
saddr: '{{ postfix__allow_smtp }}'
accept_any: '{{ postfix__accept_any }}'
rule_state: '{{ "present"
if ("smtp" in postfix__env_active_services | d([]))
else "absent" }}'
- name: 'postfix_smtps'
type: 'accept'
by_role: 'debops.postfix'
dport: [ 'smtps' ]
saddr: '{{ postfix__allow_smtps }}'
accept_any: '{{ postfix__accept_any }}'
rule_state: '{{ "present"
if ("smtps" in postfix__env_active_services | d([]))
else "absent" }}'
- name: 'postfix_submission'
type: 'accept'
by_role: 'debops.postfix'
dport: [ 'submission' ]
saddr: '{{ postfix__allow_submission }}'
accept_any: '{{ postfix__accept_any }}'
rule_state: '{{ "present"
if ("submission" in postfix__env_active_services | d([]))
else "absent" }}'