Getting started

Default configuration

The Postwhite script will be installed on its own UNIX system account and executed as an unprivileged user. By default the script will be executed daily by a wrapper to update the SPF whitelists; list of Yahoo! SMTP clients will be updated weekly.

On the first run of the role, the Postwhite whitelist will be updated in the background, since it takes ~5 minutes to do so. The wrapper script configured by the role will automatically reload Postfix when the new whitelist is generated.

Example inventory

To install and configure Postwhite on a host, it needs to be present in the [debops_service_postwhite] Ansible inventory group. The Postfix server should also be configured beforehand, with Postscreen enabled.




Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.postwhite role:


- name: Manage Postwhite service
  hosts: [ 'debops_service_postwhite' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'


    - role: debops.postfix/env
      tags: [ 'role::postfix', 'role::secret' ]
      when: (ansible_local|d() and ansible_local.postfix|d() and

    - role: debops.secret
      tags: [ 'role::secret', 'role::postfix' ]
        - '{{ postfix__secret__directories }}'
      when: (ansible_local|d() and ansible_local.postfix|d() and

    - role: debops.postfix
      tags: [ 'role::postfix', 'skip::postfix' ]
        - role: 'postwhite'
          config: '{{ postwhite__postfix__dependent_maincf }}'
      when: (ansible_local|d() and ansible_local.postfix|d() and

    - role: debops.postwhite
      tags: [ 'role::postwhite', 'skip::postwhite' ]