debops.postfix default variables
Sections
APT packages, version
- postfix__base_packages
List of the default APT packages to install for Postfix support.
postfix__base_packages: [ 'postfix', 'postfix-pcre', 'bsd-mailx', 'make',
'ssl-cert', 'ca-certificates' ]
- postfix__dependent_packages
List of additional APT packages requested by other Ansible roles via role dependent variables.
postfix__dependent_packages: []
- postfix__packages
List of custom APT packages to install with Postfix.
postfix__packages: []
- postfix__group_packages
List of custom APT packages installed on hosts in a specific group in Ansible inventory.
postfix__group_packages: []
- postfix__host_packages
List of custom APT packages installed on specific hosts in Ansible inventory.
postfix__host_packages: []
- postfix__purge_packages
List of APT packages to purge when Postfix is installed, to remove the remnants of other SMTP services.
postfix__purge_packages: [ 'exim4-base', 'exim4-config',
'exim4-daemon-light', 'nullmailer' ]
- postfix__version
The currently installed Postfix version. This variable is defined by the Ansible local facts and it's here for convenience, shouldn't be set manually.
postfix__version: '{{ ansible_local.postfix.version | d("0.0.0") }}'
- postfix__doc_installed
The postfix-doc APT package modifies the /etc/postfix/main.cf
configuration file directly, therefore the role takes its presence into
account during configuration. The package presence is checked by the Ansible
local facts.
postfix__doc_installed: '{{ ansible_local.postfix.doc_installed
if (ansible_local | d() and ansible_local.postfix | d() and
ansible_local.postfix.doc_installed is defined)
else False }}'
DNS, mail next-hop configuration
- postfix__fqdn
The host's Fully Qualified Domain Name used in the Postfix configuration.
postfix__fqdn: '{{ ansible_fqdn }}'
- postfix__domain
The host's DNS domain name used in the Postfix configuration.
postfix__domain: '{{ ansible_domain }}'
- postfix__relayhost
Next-hop destination of non-local mail.
postfix__relayhost: ''
- postfix__mailname
The name of this mail system, configured in /etc/mailname file. This
name is used as the domain part in sender mail addresses that don't have one.
See https://wiki.debian.org/EtcMailName for more details.
postfix__mailname: '{{ postfix__fqdn }}'
Firewall configuration
- postfix__accept_any
Specofy the default firewall policy for Postfix services.
If True, any host can connect to the Postfix services unless allow
restrictions are defined using the variables below.
If False, no hosts can connect to the Postfix services by default. You
need to specify IP addresses or subnets that can access the services using
the variables below.
postfix__accept_any: True
- postfix_allow_smtp
List of hosts/networks that can access the smtp port (25).
postfix__allow_smtp: []
- postfix_allow_submission
List of hosts/networks that can access the submission port (587).
postfix__allow_submission: []
- postfix_allow_smtps
List of hosts/networks that can access the smtps port (465).
postfix__allow_smtps: []
PKI / TLS configuration
- postfix__pki
Enable or disable support for TLS in Postfix, managed by the debops.pki Ansible role.
postfix__pki: '{{ ansible_local.pki.enabled | d() | bool }}'
- postfix__pki_path
Absolute path to the directory where PKI realms are located.
postfix__pki_path: '{{ ansible_local.pki.path | d("/etc/pki/realms") }}'
- postfix__pki_realm
Name of the default PKI realm used by Postfix.
postfix__pki_realm: '{{ ansible_local.pki.realm | d("domain") }}'
- postfix__pki_ca
Name of the Root Certificate Authority certificate file used by Postfix, relative to the PKI realm directory.
postfix__pki_ca: '{{ ansible_local.pki.ca | d("CA.crt") }}'
- postfix__pki_crt
Name of the certificate file used by Postfix, relative to the PKI realm directory.
postfix__pki_crt: '{{ ansible_local.pki.crt | d("default.crt") }}'
- postfix__pki_key
Name of the private key file used by Postfix, relative to the PKI realm directory.
postfix__pki_key: '{{ ansible_local.pki.key | d("default.key") }}'
- postfix__tls_ca_file
Absolute path of the Root Certificate Authority certificate file used in the Postfix configuration. This file should also be present in the Postfix chroot directory.
postfix__tls_ca_file: '/etc/ssl/certs/ca-certificates.crt'
- postfix__tls_cert_file
Absolute path of the certificate file used in the Postfix configuration.
postfix__tls_cert_file: '{{ (postfix__pki_path + "/" + postfix__pki_realm + "/" + postfix__pki_crt)
if postfix__pki | bool else "/etc/ssl/certs/ssl-cert-snakeoil.pem" }}'
- postfix__tls_key_file
Absolute path of the private key file used in the Postfix configuration.
postfix__tls_key_file: '{{ (postfix__pki_path + "/" + postfix__pki_realm + "/" + postfix__pki_key)
if postfix__pki | bool else "/etc/ssl/private/ssl-cert-snakeoil.key" }}'
- postfix__pki_hook_name
Name of the hook script which will be stored in hook directory.
postfix__pki_hook_name: 'postfix'
- postfix__pki_hook_path
Directory with PKI hooks.
postfix__pki_hook_path: '{{ ansible_local.pki.hooks | d("/etc/pki/hooks") }}'
- postfix__pki_hook_action
Specify how changes in PKI should affect postfix, either 'reload' or 'restart'.
postfix__pki_hook_action: 'reload'
Diffie-Hellman parameters
- postfix__dhparam
Enable or disable support for custom Diffie-Hellman parameters managed by the debops.dhparam Ansible role.
postfix__dhparam: '{{ ansible_local.dhparam.enabled
if (ansible_local | d() and ansible_local.dhparam | d() and
ansible_local.dhparam.enabled is defined)
else False }}'
- postfix__dhparam_set
Name of the Diffie-Hellman parameter set to use in Postfix configuration. See debops.dhparam Ansible role for more details.
postfix__dhparam_set: 'default'
- postfix__tls_dh1024_param_file
Absolute path to Diffie-Hellman parameters file which should be used for non-export grade connections.
postfix__tls_dh1024_param_file: '{{ ansible_local.dhparam[postfix__dhparam_set]
if (ansible_local | d() and ansible_local.dhparam | d() and
ansible_local.dhparam[postfix__dhparam_set] | d())
else "" }}'
- postfix__tls_dh512_param_file
Absolute path to Diffie-Hellman parameters file which should be used for export grade connections.
postfix__tls_dh512_param_file: '{{ ansible_local.dhparam[postfix__dhparam_set]
if (ansible_local | d() and ansible_local.dhparam | d() and
ansible_local.dhparam[postfix__dhparam_set] | d())
else "" }}'
Postfix 'main.cf' configuration
These variables define the contents of the /etc/postfix/main.cf
configuration file. See Default variable details: postfix__maincf for more details.
- postfix__original_maincf
List of options defined by the Debian postfix package when the default
"Internet Site" configuration type is selected during installation. This list
is used as the base configuration.
postfix__original_maincf:
- name: 'myorigin_example'
option: 'myorigin'
value: '/etc/mailname'
comment: |
Debian specific: Specifying a file name will cause the first
line of that file to be used as the name. The Debian default
is /etc/mailname.
state: 'comment'
section: 'base'
- name: 'smtpd_banner'
value: '$myhostname ESMTP $mail_name (Debian/GNU)'
section: 'base'
- name: 'biff'
value: False
section: 'base'
- name: 'append_dot_mydomain'
value: False
comment: "appending .domain is the MUA's job."
section: 'base'
- name: 'delay_warning_time'
value: '4h'
comment: 'Uncomment the next line to generate "delayed mail" warnings'
state: 'comment'
section: 'base'
- name: 'readme_directory'
value: '{{ "/usr/share/doc/postfix"
if postfix__doc_installed | bool
else False }}'
section: 'base'
- name: 'compatibility_level'
value: 2
comment: |
See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
fresh installs.
section: 'base'
state: '{{ "present"
if (postfix__version is version_compare("3.0.0", ">="))
else "ignore" }}'
- name: 'smtpd_tls_cert_file'
value: '{{ postfix__tls_cert_file }}'
comment: 'TLS parameters'
section: 'base'
- name: 'smtpd_tls_key_file'
value: '{{ postfix__tls_key_file }}'
section: 'base'
- name: 'smtpd_use_tls'
value: True
section: 'base'
- name: 'smtpd_tls_session_cache_database'
value: 'btree:${data_directory}/smtpd_scache'
section: 'base'
- name: 'smtp_tls_session_cache_database'
value: 'btree:${data_directory}/smtp_scache'
section: 'base'
- name: 'smtp_tls_client_comment'
comment: |
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
information on enabling SSL in the smtp client.
state: 'hidden'
section: 'base'
- name: 'smtpd_relay_restrictions'
section: 'base'
state: '{{ "present"
if (postfix__version is version_compare("2.10.0", ">="))
else "ignore" }}'
value:
- name: 'permit_mynetworks'
weight: -300
- name: 'permit_sasl_authenticated'
weight: -200
- name: 'defer_unauth_destination'
weight: -100
- name: 'myhostname'
value: '{{ postfix__fqdn }}'
section: 'base'
- name: 'alias_maps'
value: [ 'hash:/etc/aliases' ]
section: 'base'
- name: 'alias_database'
value: [ 'hash:/etc/aliases' ]
section: 'base'
- name: 'myorigin'
value: '/etc/mailname'
section: 'base'
- name: 'mydestination'
section: 'base'
value:
- '{{ postfix__fqdn }}'
- name: 'localhost.{{ postfix__domain }}'
weight: 190
- name: 'localhost'
weight: 200
- name: 'relayhost'
value: '{{ postfix__relayhost }}'
section: 'base'
- name: 'mynetworks'
section: 'base'
value:
- name: '127.0.0.0/8'
weight: 100
- name: '::ffff:127.0.0.0/104'
weight: 100
- name: '::1/128'
weight: 100
- name: 'mailbox_size_limit'
value: 0
section: 'base'
- name: 'recipient_delimiter'
value: '+'
section: 'base'
- name: 'inet_interfaces'
value: 'all'
section: 'base'
- name: 'inet_protocols'
value: 'all'
section: 'base'
state: '{{ "present"
if (ansible_distribution_release == "stretch")
else "ignore" }}'
- name: 'html_directory'
value: '{{ "/usr/share/doc/postfix/html"
if postfix__doc_installed | bool
else False }}'
section: 'base'
- postfix__default_maincf
The list of Postfix /etc/postfix/main.cf configuration file options
defined by default by the debops.postfix Ansible role.
postfix__default_maincf:
- name: 'smtpd_banner'
value: '$myhostname ESMTP'
- name: 'enable_long_queue_ids'
value: True
section: 'base'
state: '{{ "present"
if (postfix__version is version_compare("2.9.0", ">="))
else "ignore" }}'
- postfix__tls_maincf
The list of Postfix /etc/postfix/main.cf configuration file options
defined by default by the debops.postfix Ansible role which configure
TLS/SSL encryption.
postfix__tls_maincf:
- name: 'smtp_tls_client_comment'
state: 'absent'
- name: 'smtpd_use_tls'
section: 'smtpd-tls'
weight: -500
- name: 'smtpd_tls_cert_file'
section: 'smtpd-tls'
comment: ''
- name: 'smtpd_tls_key_file'
section: 'smtpd-tls'
- name: 'smtpd_tls_CAfile'
value: '{{ postfix__tls_ca_file }}'
section: 'smtpd-tls'
- name: 'smtp_tls_CAfile'
value: '{{ postfix__tls_ca_file }}'
section: 'smtp-tls'
- name: 'lmtp_tls_CAfile'
value: '{{ postfix__tls_ca_file }}'
section: 'lmtp-tls'
- name: 'smtpd_tls_session_cache_database'
section: 'smtpd-tls'
- name: 'smtp_tls_session_cache_database'
section: 'smtp-tls'
- name: 'lmtp_tls_session_cache_database'
value: 'btree:${data_directory}/lmtp_scache'
section: 'lmtp-tls'
- name: 'smtpd_tls_dh1024_param_file'
value: '{{ postfix__tls_dh1024_param_file }}'
state: '{{ "present" if postfix__dhparam | bool else "ignore" }}'
section: 'smtpd-tls'
- name: 'smtpd_tls_dh512_param_file'
value: '{{ postfix__tls_dh512_param_file }}'
state: '{{ "present" if postfix__dhparam | bool else "ignore" }}'
section: 'smtpd-tls'
- name: 'smtpd_tls_loglevel'
value: 1
section: 'smtpd-tls'
- name: 'smtp_tls_loglevel'
value: 1
section: 'smtp-tls'
- name: 'lmtp_tls_loglevel'
value: 1
section: 'lmtp-tls'
- name: 'smtpd_tls_security_level'
value: 'may'
section: 'smtpd-tls'
weight: -500
- name: 'smtp_tls_security_level'
value: 'may'
section: 'smtp-tls'
weight: -500
- name: 'lmtp_tls_security_level'
value: 'may'
section: 'lmtp-tls'
weight: -500
- name: 'smtpd_tls_auth_only'
value: True
section: 'smtpd-tls'
- name: 'smtpd_tls_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'smtpd-tls'
- name: 'smtp_tls_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'smtp-tls'
- name: 'lmtp_tls_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'lmtp-tls'
- name: 'smtpd_tls_mandatory_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'smtpd-tls'
- name: 'smtp_tls_mandatory_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'smtp-tls'
- name: 'lmtp_tls_mandatory_protocols'
value: [ '!SSLv2', '!SSLv3', '!TLSv1', 'TLSv1.1', 'TLSv1.2' ]
section: 'lmtp-tls'
- name: 'smtpd_tls_ciphers'
value: 'high'
section: 'smtpd-tls'
- name: 'smtp_tls_ciphers'
value: 'high'
section: 'smtp-tls'
- name: 'lmtp_tls_ciphers'
value: 'high'
section: 'lmtp-tls'
- name: 'smtpd_tls_mandatory_ciphers'
value: 'high'
section: 'smtpd-tls'
- name: 'smtp_tls_mandatory_ciphers'
value: 'high'
section: 'smtp-tls'
- name: 'lmtp_tls_mandatory_ciphers'
value: 'high'
section: 'lmtp-tls'
- name: 'smtpd_tls_exclude_ciphers'
value: [ 'aNULL', 'RC4', 'MD5', 'DES', '3DES', 'RSA', 'SHA' ]
section: 'smtpd-tls'
- name: 'smtp_tls_exclude_ciphers'
value: [ 'aNULL', 'RC4', 'MD5', 'DES', '3DES', 'RSA', 'SHA' ]
section: 'smtp-tls'
- name: 'lmtp_tls_exclude_ciphers'
value: [ 'aNULL', 'RC4', 'MD5', 'DES', '3DES', 'RSA', 'SHA' ]
section: 'lmtp-tls'
- name: 'smtpd_tls_eecdh_grade'
value: 'ultra'
section: 'smtpd-tls'
- name: 'smtpd_tls_received_header'
value: True
section: 'smtpd-tls'
- name: 'smtp_tls_note_starttls_offer'
value: True
section: 'smtp-tls'
- name: 'lmtp_tls_note_starttls_offer'
value: True
section: 'lmtp-tls'
- name: 'tls_preempt_cipherlist'
value: True
section: 'tls'
- name: 'tls_ssl_options'
value: 'NO_COMPRESSION'
section: 'tls'
state: '{{ "present"
if (postfix__version is version_compare("2.11.0", ">="))
else "ignore" }}'
- postfix__restrictions_maincf
The list of Postfix /etc/postfix/main.cf configuration file options
defined by default by the debops.postfix Ansible role which configure
mail relay and delivery restrictions.
postfix__restrictions_maincf:
- name: 'smtpd_helo_required'
value: True
section: 'restrictions'
- name: 'strict_rfc821_envelopes'
value: True
section: 'restrictions'
- name: 'smtpd_reject_unlisted_sender'
value: True
section: 'restrictions'
- name: 'disable_vrfy_command'
value: True
section: 'restrictions'
- name: 'smtpd_client_restrictions'
section: 'restrictions'
weight: 10
separator: True
- name: 'smtpd_helo_restrictions'
section: 'restrictions'
weight: 20
value:
- name: 'permit_mynetworks'
weight: -400
- name: 'reject_invalid_helo_hostname'
weight: -300
- name: 'reject_non_fqdn_helo_hostname'
weight: -200
- name: 'reject_unknown_helo_hostname'
weight: -100
- name: 'smtpd_sender_restrictions'
section: 'restrictions'
weight: 30
value:
- name: 'reject_non_fqdn_sender'
weight: -200
- name: 'reject_unknown_sender_domain'
weight: -100
- name: 'permit_mynetworks'
- name: 'smtpd_relay_restrictions'
section: 'restrictions'
copy_id_from: 'smtpd_sender_restrictions'
weight: 40
state: '{{ "present"
if (postfix__version is version_compare("2.10.0", ">="))
else "ignore" }}'
- name: 'smtpd_recipient_restrictions'
section: 'restrictions'
weight: 50
value:
- name: 'reject_non_fqdn_recipient'
weight: -200
- name: 'reject_unknown_recipient_domain'
weight: -100
- name: 'smtpd_data_restrictions'
section: 'restrictions'
weight: 60
value:
- name: 'reject_unauth_pipelining'
weight: -200
- name: 'reject_multi_recipient_bounce'
weight: -100
- name: 'smtpd_discard_ehlo_keywords'
section: 'restrictions'
value:
- 'dsn' # Disallow Delivery Status Notification requests
- 'etrn' # Disallow Remote Message Queue Starting
- postfix__maincf
The list of Postfix /etc/postfix/main.cf configuration file options
which should be present on all hosts in the Ansible inventory.
postfix__maincf: []
- postfix__group_maincf
The list of Postfix /etc/postfix/main.cf configuration file options
which should be present on hosts in the specific Ansible inventory group.
postfix__group_maincf: []
- postfix__host_maincf
The list of Postfix /etc/postfix/main.cf configuration file options
which should be present on specific hosts in the Ansible inventory.
postfix__host_maincf: []
- postfix__dependent_maincf
List of the /etc/postfix/main.cf configuration options defined by
other roles through role dependent variables. The configuration syntax
differs from a normal main.cf configuration,
see Usage as a role dependency for more details.
This variable will be merged with the persistent configuration stored on the
Ansible Controller at runtime.
postfix__dependent_maincf: []
- postfix__combined_maincf
List which combines all of the main.cf-related variables and is used
in the configuration template.
postfix__combined_maincf: '{{ postfix__original_maincf
+ postfix__default_maincf
+ postfix__tls_maincf
+ postfix__restrictions_maincf
+ postfix__env_persistent_maincf
+ postfix__maincf
+ postfix__group_maincf
+ postfix__host_maincf }}'
- postfix__init_maincf
This variable contains initial state of main.cf configuration options
based on the contents of :envvar:`postfix__combined_maincf variable. It's
used to dynamically assign Postfix options to configuration file sections in
case that a section is not specified.
postfix__init_maincf: '{{ lookup("template",
"lookup/postfix__init_maincf.j2") }}'
- postfix__maincf_sections
List of configuration sections which are defined in the
/etc/postfix/main.cf configuration file.
See postfix__maincf_sections for more details.
postfix__maincf_sections:
- name: 'base'
- name: 'auth'
title: 'Authentication and authorization'
- name: 'route'
title: 'Message routing'
- name: 'virtual'
title: 'Virtual mail configuration'
- name: 'tls'
title: 'TLS/SSL configuration'
- name: 'smtpd-tls'
title: 'SMTP Server (smtpd) TLS configuration'
- name: 'smtp-tls'
title: 'SMTP Client (smtp) TLS configuration'
- name: 'lmtp-tls'
title: 'Local Mail Transfer Protocol (lmtp) TLS configuration'
- name: 'postscreen'
title: 'postscreen options'
- name: 'restrictions'
title: 'SMTP Server (smtpd) restrictions'
- name: 'filter'
title: 'Mail filtering configuration'
- name: 'limit'
title: 'Rate limits'
- name: 'unknown'
title: 'Other options'
Postfix 'master.cf' configuration
These variables define the contents of the /etc/postfix/master.cf
configuration file. See Default variable details: postfix__mastercf for more details.
- postfix__original_mastercf
List of options defined by the Debian postfix package when the default
"Internet Site" configuration type is selected during installation. This list
is used as the base configuration.
postfix__original_mastercf:
- name: 'smtp'
type: 'inet'
private: False
chroot: True
command: 'smtpd'
- name: 'postscreen'
service: 'smtp'
type: 'inet'
private: False
chroot: True
maxproc: 1
command: 'postscreen'
state: 'comment'
- name: 'smtpd'
type: 'pass'
chroot: True
state: 'comment'
- name: 'dnsblog'
type: 'unix'
chroot: True
maxproc: 0
state: 'comment'
- name: 'tlsproxy'
type: 'unix'
chroot: True
maxproc: 0
state: 'comment'
- name: 'submission'
type: 'inet'
private: False
chroot: True
command: 'smtpd'
state: 'comment'
options:
- syslog_name: 'postfix/submission'
- smtpd_tls_security_level: 'encrypt'
- smtpd_sasl_auth_enable: True
- smtpd_reject_unlisted_recipient: False
- name: 'smtpd_client_restrictions'
value: '$mua_client_restrictions'
state: 'comment'
- name: 'smtpd_helo_restrictions'
value: '$mua_helo_restrictions'
state: 'comment'
- name: 'smtpd_sender_restrictions'
value: '$mua_sender_restrictions'
state: 'comment'
- smtpd_recipient_restrictions: ''
- name: 'smtpd_relay_restrictions'
value: [ 'permit_sasl_authenticated', 'reject' ]
state: '{{ "present"
if (postfix__version is version_compare("2.10.0", ">="))
else "ignore" }}'
- milter_macro_daemon_name: 'ORIGINATING'
- name: 'smtps'
type: 'inet'
private: False
chroot: True
command: 'smtpd'
state: 'comment'
options:
- syslog_name: 'postfix/smtps'
- smtpd_tls_wrappermode: True
- smtpd_sasl_auth_enable: True
- smtpd_reject_unlisted_recipient: False
- name: 'smtpd_client_restrictions'
value: '$mua_client_restrictions'
state: 'comment'
- name: 'smtpd_helo_restrictions'
value: '$mua_helo_restrictions'
state: 'comment'
- name: 'smtpd_sender_restrictions'
value: '$mua_sender_restrictions'
state: 'comment'
- smtpd_recipient_restrictions: ''
- name: 'smtpd_relay_restrictions'
value: [ 'permit_sasl_authenticated', 'reject' ]
state: '{{ "present"
if (postfix__version is version_compare("2.10.0", ">="))
else "ignore" }}'
- milter_macro_daemon_name: 'ORIGINATING'
- name: 'qmqp'
service: '628'
type: 'inet'
private: False
chroot: True
command: 'qmqpd'
state: 'comment'
- name: 'pickup'
type: 'unix'
private: False
chroot: True
wakeup: 60
maxproc: 1
- name: 'cleanup'
type: 'unix'
private: False
chroot: True
maxproc: 0
- name: 'qmgr'
type: 'unix'
private: False
chroot: False
wakeup: 300
maxproc: 1
- name: 'oqmgr'
service: 'qmgr'
type: 'unix'
private: False
chroot: False
wakeup: 300
maxproc: 1
command: 'oqmgr'
state: 'comment'
- name: 'tlsmgr'
type: 'unix'
chroot: True
wakeup: '1000?'
maxproc: 1
- name: 'rewrite'
type: 'unix'
chroot: True
command: 'trivial-rewrite'
- name: 'bounce'
type: 'unix'
chroot: True
maxproc: 0
- name: 'defer'
type: 'unix'
chroot: True
maxproc: 0
command: 'bounce'
- name: 'trace'
type: 'unix'
chroot: True
maxproc: 0
command: 'bounce'
- name: 'verify'
type: 'unix'
chroot: True
maxproc: 1
- name: 'flush'
type: 'unix'
private: False
chroot: True
wakeup: '1000?'
maxproc: 0
- name: 'proxymap'
type: 'unix'
chroot: False
- name: 'proxywrite'
type: 'unix'
chroot: False
maxproc: 1
command: 'proxymap'
- name: 'smtp_unix'
service: 'smtp'
type: 'unix'
chroot: True
command: 'smtp'
- name: 'relay'
type: 'unix'
chroot: True
command: 'smtp'
options:
- name: 'smtp_helo_timeout'
value: 5
state: 'comment'
- name: 'smtp_connect_timeout'
value: 5
state: 'comment'
- name: 'showq'
type: 'unix'
chroot: True
private: False
- name: 'error'
type: 'unix'
chroot: True
- name: 'retry'
type: 'unix'
chroot: True
command: 'error'
- name: 'discard'
type: 'unix'
chroot: True
- name: 'local'
type: 'unix'
unpriv: False
chroot: False
- name: 'virtual'
type: 'unix'
unpriv: False
chroot: False
- name: 'lmtp'
type: 'unix'
chroot: True
- name: 'anvil'
type: 'unix'
chroot: True
maxproc: 1
- name: 'scache'
type: 'unix'
chroot: True
maxproc: 1
- name: 'non-postfix-sftware'
comment: |
====================================================================
Interfaces to non-Postfix software. Be sure to examine the manual
pages of the non-Postfix software to find out what options it wants.
Many of the following services use the Postfix pipe(8) delivery
agent. See the pipe(8) man page for information about ${recipient}
and other message envelope options.
====================================================================
state: 'hidden'
- name: 'maildrop'
comment: |
maildrop. See the Postfix MAILDROP_README file for details.
Also specify in main.cf: maildrop_destination_recipient_limit=1
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}'
- name: 'cyrus-lmtp-note'
comment: |
====================================================================
Recent Cyrus versions can use the existing "lmtp" master.cf entry.
Specify in cyrus.conf:
lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
Specify in main.cf one or more of the following:
mailbox_transport = lmtp:inet:localhost
virtual_transport = lmtp:inet:localhost
====================================================================
state: 'hidden'
- name: 'cyrus'
comment: |
Cyrus 2.1.5 (Amos Gouaux)
Also specify in main.cf: cyrus_destination_recipient_limit=1
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}'
state: 'comment'
- name: 'old-cyrus'
comment: |
====================================================================
Old example of delivery via Cyrus.
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}'
state: 'comment'
- name: 'uucp'
comment: |
====================================================================
See the Postfix UUCP_README file for configuration details.
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)'
- name: 'other-delivery-methods'
comment: 'Other external delivery methods.'
state: 'hidden'
- name: 'ifmail'
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)'
- name: 'bsmtp'
type: 'unix'
unpriv: False
chroot: False
command: 'pipe'
args: 'flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient'
- name: 'scalemail-backend'
type: 'unix'
unpriv: False
chroot: False
maxproc: 2
command: 'pipe'
args: 'flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}'
- name: 'mailman'
type: 'unix'
unpriv: False
chroot: False
args: |
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
command: 'pipe'
- postfix__default_mastercf
The list of Postfix /etc/postfix/master.cf configuration file options
defined by default by the debops.postfix Ansible role.
postfix__default_mastercf: []
- postfix__tls_mastercf
The list of Postfix /etc/postfix/master.cf configuration file options
defined by default by the debops.postfix Ansible role which configure
TLS/SSL encryption.
postfix__tls_mastercf:
- name: 'submission'
options:
- tls_preempt_cipherlist: True
- name: 'smtps'
options:
- tls_preempt_cipherlist: True
- postfix__mastercf
The list of Postfix /etc/postfix/master.cf configuration file options
which should be present on all hosts in the Ansible inventory.
postfix__mastercf: []
- postfix__group_mastercf
The list of Postfix /etc/postfix/master.cf configuration file options
which should be present on hosts in the specific Ansible inventory group.
postfix__group_mastercf: []
- postfix__host_mastercf
The list of Postfix /etc/postfix/master.cf configuration file options
which should be present on specific hosts in the Ansible inventory.
postfix__host_mastercf: []
- postfix__dependent_mastercf
List of the /etc/postfix/master.cf configuration options defined by
other roles through role dependent variables. The configuration syntax
differs from a normal master.cf configuration,
see Usage as a role dependency for more details.
This variable will be merged with the persistent configuration stored on the
Ansible Controller at runtime.
postfix__dependent_mastercf: []
- postfix__combined_mastercf
List which combines all of the master.cf-related variables and is used
in the configuration template.
postfix__combined_mastercf: '{{ postfix__original_mastercf
+ postfix__default_mastercf
+ postfix__tls_mastercf
+ postfix__env_persistent_mastercf
+ postfix__mastercf
+ postfix__group_mastercf
+ postfix__host_mastercf }}'
Postfix lookup tables
These variables define the contents of the various Postfix lookup tables
which will be placed in the /etc/postfix/ directory.
See postfix__lookup_tables for more details.
- postfix__lookup_tables
List of lookup tables which will be managed on all hosts in the Ansible inventory.
postfix__lookup_tables: []
- postfix__group_lookup_tables
List of lookup tables which will be managed on hosts in specific Ansible inventory group.
postfix__group_lookup_tables: []
- postfix__host_lookup_tables
List of lookup tables which will be managed on specific hosts in the Ansible inventory.
postfix__host_lookup_tables: []
- postfix__dependent_lookup_tables
List of lookup tables which are defined by other Ansible roles through role dependent variables.
postfix__dependent_lookup_tables: []
- postfix__dependent_lookup_tables_filter
This variable filters the configuration defined by other Ansible roles to be usable with the rest of the lookup tables configuration.
postfix__dependent_lookup_tables_filter: '{{ lookup("flattened",
postfix__dependent_lookup_tables) }}'
- postfix__combined_lookup_tables
Variable which combines all lookup table lists and passes them to the Ansible tasks. It also defines the order in which the entries are processed.
postfix__combined_lookup_tables: '{{ ([postfix__dependent_lookup_tables_filter]
if postfix__dependent_lookup_tables_filter is mapping
else postfix__dependent_lookup_tables_filter)
+ postfix__lookup_tables
+ postfix__group_lookup_tables
+ postfix__host_lookup_tables }}'
Configuration for other Ansible roles
- postfix__ferm__dependent_rules
Configuration for the debops.ferm Ansible role.
postfix__ferm__dependent_rules:
- name: 'postfix_smtp'
type: 'accept'
by_role: 'debops.postfix'
dport: [ 'smtp' ]
saddr: '{{ postfix__allow_smtp }}'
accept_any: '{{ postfix__accept_any }}'
rule_state: '{{ "present"
if ("smtp" in postfix__env_active_services | d([]))
else "absent" }}'
- name: 'postfix_smtps'
type: 'accept'
by_role: 'debops.postfix'
dport: [ 'smtps' ]
saddr: '{{ postfix__allow_smtps }}'
accept_any: '{{ postfix__accept_any }}'
rule_state: '{{ "present"
if ("smtps" in postfix__env_active_services | d([]))
else "absent" }}'
- name: 'postfix_submission'
type: 'accept'
by_role: 'debops.postfix'
dport: [ 'submission' ]
saddr: '{{ postfix__allow_submission }}'
accept_any: '{{ postfix__accept_any }}'
rule_state: '{{ "present"
if ("submission" in postfix__env_active_services | d([]))
else "absent" }}'