Getting started
Default configuration
The debops.postfix
role configures a basic Postfix SMTP server with
configuration similar to the "Internet Site" configuration enabled by default
by the Debian package. With the default configuration, SMTP service listens for
connections on port 25
from all hosts. Mail relay is authorized from
localhost
, other hosts are deferred. The SMTP server accepts mail addressed
for the host's FQDN, but not it's domain. There's no default relayhost, Postfix
delivers the mail directly to other hosts. Local mail is enabled by default,
support for mail aliases is provided by the debops.etc_aliases
Ansible
role.
Additional configuration is defined in separate variables and can be easily
disabled or modified if necessary. To do that, you can modify the values of the
postfix__combined_maincf
and postfix__combined_mastercf
variables.
The Postfix service will be configured to use TLS connections and strong encryption by default. This might interfere with SMTP service operation for older installations that don't support required features.
Example inventory
To install and configure Postfix on a host, it needs to be present in the
[debops_service_postfix]
Ansible inventory group:
[debops_service_postfix]
hostname
Example playbook
If you are using this role without DebOps, here's an example Ansible playbook
that uses the debops.postfix
role:
---
- name: Manage Postfix SMTP service
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_postfix' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
pre_tasks:
- name: Prepare etc_aliases environment
import_role:
name: 'etc_aliases'
tasks_from: 'main_env'
tags: [ 'role::etc_aliases', 'role::secret', 'role::postfix' ]
- name: Prepare postfix environment
import_role:
name: 'postfix'
tasks_from: 'main_env'
tags: [ 'role::postfix', 'role::secret', 'role::ferm' ]
roles:
- role: secret
tags: [ 'role::secret', 'role::postfix' ]
secret__directories:
- '{{ etc_aliases__secret__directories }}'
- '{{ postfix__secret__directories }}'
- role: ferm
tags: [ 'role::ferm', 'skip::ferm' ]
ferm__dependent_rules:
- '{{ postfix__ferm__dependent_rules }}'
- role: etc_aliases
tags: [ 'role::etc_aliases', 'skip::etc_aliases' ]
- role: postfix
tags: [ 'role::postfix', 'skip::postfix' ]