debops.postwhite default variables

Application environment

postwhite__base_packages

List of base APT packages required by Postwhite.

postwhite__base_packages: [ 'curl' ]
postwhite__packages

List of additional APT packages to install with Postwhite.

postwhite__packages: []
postwhite__user

The UNIX system account which will be used to manage the whitelist.

postwhite__user: 'postwhite'
postwhite__group

The UNIX system group which will be used to manage the whitelist.

postwhite__group: 'postwhite'
postwhite__shell

The default shell of the UNIX system account.

postwhite__shell: '/usr/sbin/nologin'
postwhite__gecos

The GECOS field of the UNIX system account.

postwhite__gecos: 'Postscreen SPF Whitelist'
postwhite__home

The home directory of the UNIX system account.

postwhite__home: '{{ (ansible_local.root.home
                      if (ansible_local|d() and ansible_local.root|d() and
                          ansible_local.root.home|d())
                      else "/var/local") + "/" + postwhite__user }}'

Software stack

postwhite__src

Base directory where the Postwhite and spf-tools source code will be cloned.

postwhite__src: '{{ (ansible_local.root.src
                     if (ansible_local|d() and ansible_local.root|d() and
                         ansible_local.root.src|d())
                     else "/usr/local/src") + "/" + postwhite__user }}'
postwhite__spftools_git_repo

The URL of the 'spf-tools' git repository.

postwhite__spftools_git_repo: 'https://github.com/jsarenik/spf-tools'
postwhite__spftools_git_version

The 'spf-tools' git branch/tag to check out.

postwhite__spftools_git_version: 'master'
postwhite__spftools_git_dest

Directory where 'spf-tools' repository will be checked out.

postwhite__spftools_git_dest: '{{ postwhite__src + "/"
                                  + postwhite__spftools_git_repo.split("://")[1] }}'
postwhite__git_repo

The URL of the 'postwhite' git repository.

postwhite__git_repo: 'https://github.com/stevejenkins/postwhite'
postwhite__git_version

The 'postwhite' git branch/tag to check out.

postwhite__git_version: 'master'
postwhite__git_dest

Directory where 'postwhite' repository will be checked out.

postwhite__git_dest: '{{ postwhite__src + "/"
                         + postwhite__git_repo.split("://")[1] }}'
postwhite__software_stack

Map of the required git repositories to clone, passed to the role tasks.

postwhite__software_stack:

  - git_repo:    '{{ postwhite__spftools_git_repo }}'
    git_dest:    '{{ postwhite__spftools_git_dest }}'
    git_version: '{{ postwhite__spftools_git_version }}'

  - git_repo:    '{{ postwhite__git_repo }}'
    git_dest:    '{{ postwhite__git_dest }}'
    git_version: '{{ postwhite__git_version }}'

Postwhite configuration options

postwhite__spf_whitelist_path

Absolute path to the SPF whitelist file.

postwhite__spf_whitelist_path: '{{ postwhite__home + "/postscreen_spf_whitelist.cidr" }}'
postwhite__spf_blacklist_path

Absolute path to the SPF blacklist file.

postwhite__spf_blacklist_path: '{{ postwhite__home + "/postscreen_spf_blacklist.cidr" }}'
postwhite__whitelist_hosts

List of additional hosts or domains to add to the whitelist in addition to the list predefined by Postwhite.

postwhite__whitelist_hosts: []
postwhite__include_yahoo

Enable or disable inclusion of the custom list of Yahoo! mail servers.

postwhite__include_yahoo: True
postwhite__blacklist

If enabled, postwhite will generate an additional file with blacklisted SMTP servers.

postwhite__blacklist: '{{ True if postwhite__blacklist_hosts|d() else False }}'
postwhite__blacklist_hosts

List of DNS domain names which will be added to the blacklist.

postwhite__blacklist_hosts: []
postwhite__invalid_ipv4

Specify what Postwhite should do with invalid IPv4 addresses (see Postwhite documentation for details). Possible values: remove, keep, fix.

postwhite__invalid_ipv4: 'remove'
postwhite__simplify

if enabled, Postwhite will remove the single IP addresses included in a bigger CIDR ranges, however this might slow down whitelist generation.

postwhite__simplify: False
postwhite__reload_postfix

Enable or disable automatic reload of Postfix after the script is finished. In DebOps this should be disabled, Postfix is reloaded independently by the wrapper script.

postwhite__reload_postfix: False

Other options

postwhite__cron_whitelist_update_frequency

Specify the frequency (hourly, daily, weekly) of the whitelist update job.

postwhite__cron_whitelist_update_frequency: 'daily'
postwhite__cron_yahoo_update_frequency

Specify the frequency (hourly, daily, weekly) of the Yahoo! address list update job.

postwhite__cron_yahoo_update_frequency: 'weekly'
postwhite__initial_update_method

Select the method which will be used to update the whitelist in the background after the role configures Postwhite:

  • async: use Ansible async task execution method
  • batch: use batch command managed by at service
postwhite__initial_update_method: '{{ "batch"
                                     if (ansible_local|d() and ansible_local.atd|d() and
                                         (ansible_local.atd.enabled|d())|bool)
                                     else "async" }}'

Configuration for other Ansible roles

postwhite__postfix__dependent_maincf

The main.cf configuration for the debops.postfix Ansible role.

postwhite__postfix__dependent_maincf:

  - name: 'postscreen_access_list'
    state: 'append'
    value:
      - name: 'cidr:{{ postwhite__spf_whitelist_path }}'
        weight: 100

      - name: 'cidr:{{ postwhite__spf_blacklist_path }}'
        weight: 110
        state: '{{ "present" if postwhite__blacklist|bool else "ignore" }}'