Postfix configuration guides¶
Here you can find a few guides that can help you configure more advanced
Postfix features. Some of these can and are implemented as separate Ansible
roles, here you can see the configuration specific to
This guide describes how to set up a virtual user mail system, i.e. where the senders and recipients do not correspond to the Linux system users.
It requires a working LDAP infrastructure (See debops.ldap and debops.slapd) in order to manage and authenticate the users and get the corresponding email address and aliases. It is also possible to configure accounts with wildcard (catch-all) email addresses. The default configuration uses first the aliases set by debops.etc_aliases and then queries the LDAP server, if no match was found.
The following example shows a real-world™ setup on the Hetzner Cloud. It consists of two servers,
controller and a
mail-server. The LDAP directory is hosted also in the
mail-server has access to LDAP over an internal network (10.10.10.0/28) attached directly to the VMs.
This setup has no internal DNS server (no split-DNS), thus internal IPs are mapped to DNS entries in the form
--- # Enable LDAP, as is deactivated by default ldap__enabled: True ldap__domain: 'mydomain.net'
--- ## Network access to OpenLDAP server # Firewall Settings # Block connections to the OpenLDAP via system firewall and TCP Wrappers from any host (aka Internet); # Hosts that can connect must be specified via the slapd__*_allow variables. slapd__accept_any: false slapd__group_allow: # Hetzner internal network - '10.10.10.0/28'
--- ### Create TLS Certs for the mail server # # In order to sign the cert by Let's Encrypt CA install nginx in the 'mail-server', # so that the acme script can work. pki_host_realms: - name: 'mail.mydomain.net' acme: false domains: - 'mail.mydomain.net' - 'smtp.mydomain.net' - 'imap.mydomain.net' - 'mail-server.mydomain.net'
--- # basic Postfix SMTP server with configuration similar to the "Internet Site" # MTP service listens for connections on port 25 from all hosts. # Mail relay is authorized from localhost, other hosts are deferred. postfix__domain: 'mydomain.net' postfix__pki_realm: 'mail.mydomain.net'