Getting started

Default configuration

The Postwhite script will be installed on its own UNIX system account and executed as an unprivileged user. By default the script will be executed daily by a wrapper to update the SPF whitelists; list of Yahoo! SMTP clients will be updated weekly.

On the first run of the role, the Postwhite whitelist will be updated in the background, since it takes ~5 minutes to do so. The wrapper script configured by the role will automatically reload Postfix when the new whitelist is generated.

Example inventory

To install and configure Postwhite on a host, it needs to be present in the [debops_service_postwhite] Ansible inventory group. The Postfix server should also be configured beforehand, with Postscreen enabled.

[debops_service_postfix]
hostname

[debops_service_postscreen]
hostname

[debops_service_postwhite]
hostname

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.postwhite role:

---

- name: Manage Postwhite service
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_postwhite' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  pre_tasks:

    - name: Prepare postfix environment
      import_role:
        name: 'postfix'
        tasks_from: 'main_env'
      vars:
        postfix__dependent_maincf:
          - role: 'postwhite'
            config: '{{ postwhite__postfix__dependent_maincf }}'
      when: (ansible_local|d() and ansible_local.postfix|d() and
             (ansible_local.postfix.installed|d())|bool)
      tags: [ 'role::postfix', 'role::secret' ]

  roles:

    - role: secret
      tags: [ 'role::secret', 'role::postfix' ]
      secret__directories:
        - '{{ postfix__secret__directories }}'
      when: (ansible_local|d() and ansible_local.postfix|d() and
             (ansible_local.postfix.installed|d())|bool)

    - role: postfix
      tags: [ 'role::postfix', 'skip::postfix' ]
      postfix__dependent_maincf:
        - role: 'postwhite'
          config: '{{ postwhite__postfix__dependent_maincf }}'
      when: (ansible_local|d() and ansible_local.postfix|d() and
             (ansible_local.postfix.installed|d())|bool)

    - role: postwhite
      tags: [ 'role::postwhite', 'skip::postwhite' ]