adegtyarev.ansible_role_exim4
Ansible Role: Exim4
This is an Ansible role that helps you install and set up Exim4 on Debian or Ubuntu systems.
You can customize your Exim4 installation using different variables.
Usage
To download this role to your Ansible host, use the following command:
$ ansible-galaxy install adegtyarev.exim4
In your playbook, include the role and set your desired options like this:
roles:
- role: adegtyarev.exim4
By default, this role installs the exim4-daemon-light package, without additional configuration beyond the operating system defaults. The role is designed to work with the Debian package system. You can enable or disable features as needed.
Additionally, the role adds a default Exim user, Debian-exim, to the ssl-cert group so that it can access SSL certificates and keys.
Role Variables
Here are the available variables you can use:
| Variable | Default Value | Description |
|---|---|---|
| exim4_package_name | exim4-daemon-light | The name of the package to install |
| exim4_conf_keyvalue | empty | List of key-value pairs for configuration |
| exim4_conf_values | empty | List of one-per-line values for configuration |
For exim4_package_name, you can also choose exim4-daemon-heavy or any other package name available on your system.
Using lists of dictionaries
exim4_conf_keyvalue creates config files with key-value pairs. For example:
exim4_conf_keyvalue:
- name: hubbed_hosts
data:
example.com: mail.example.com
example.net: mail.example.net
This creates the file /etc/exim4/hubbed_hosts with specified key-value pairs.
exim4_conf_values creates config files with a flat list. For example:
exim4_conf_values:
- name: local_rcpt_callout
data:
- "*@example.com"
- "*@example.net"
This creates a file /etc/exim4/local_rcpt_callout with the address list.
Maintaining update-exim4.conf.conf
The following variables are used for the /etc/exim4/update-exim4.conf.conf file:
| Variable | Default Value | Description |
|---|---|---|
| exim4_dc_eximconfig_configtype | internet | Configuration type of the mail server |
| exim4_dc_other_hostnames | ansible_hostname | Other hosts that can receive mail |
| exim4_dc_local_interfaces | 127.0.0.1 ; ::1 | IP addresses to listen on |
| exim4_dc_minimaldns | false | Minimize DNS queries |
| exim4_dc_localdelivery | mail_spool | Method for local mail delivery |
| exim4_dc_use_split_config | false | Use small configuration files? |
| exim4_dc_mailname_in_oh | true | Internal usage only |
| exim4_dc_relay_nets | empty | Machines relaying mail |
| exim4_dc_relay_domains | empty | Domains for mail relaying |
| exim4_CFILEMODE | 644 | File mode for the generated file |
For smarthost-specific variables:
| Variable | Default Value | Description |
|---|---|---|
| exim4_dc_smarthost | empty | IP address or host name for the outgoing smarthost |
| exim4_dc_hide_mailname | empty | Hide local mail name in outgoing mail? |
| exim4_dc_readhost | empty | Domain name visible to local users |
For more information on these variables, check the update-exim4.conf manual page.
The role also has default settings for Exim4 configuration.
You can configure DKIM by simply adding:
exim4_dkim_enable: true
exim4_features_enable:
- name: 30_exim4-config_dkim
group: main
To reconfigure an existing Exim installation, add these variables and run Ansible with the appropriate tags:
ansible-playbook -t exim4-dkim,exim4-reconfigure playbook.yml
This will generate a public/private key for signing messages. You need to publish the public key using a TXT record:
dkim._domainkey.example.com IN TXT "k=rsa; p={{PUBLIC_KEY}}"
Where {{PUBLIC_KEY}} is the content of /etc/exim4/dkim.public without the first and last lines.
The following variables can be adjusted for DKIM:
| Variable | Default Value | Description |
|---|---|---|
| exim4_dkim_keysize | 2048 | Size of the key |
| exim4_dkim_canon | relaxed | Method for canonicalization |
| exim4_dkim_selector | dkim | Key selector string |
You can modify these to fit your needs.
Maintaining Exim4 log rotation
By default, this role keeps Debian's log rotation settings. To adjust them, use these variables:
exim4_logrotate_base:
- name: exim4-base
path: /var/log/exim4/mainlog /var/log/exim4/rejectlog
type: daily
rotate: 10
create: 640 Debian-exim adm
exim4_logrotate_paniclog:
- name: exim4-paniclog
path: /var/log/exim4/paniclog
type: size 10M
rotate: 10
create: 640 Debian-exim adm
For monthly rotation of logs, set it up like this:
exim4_logrotate_base:
- name: exim4-base
path: /var/log/exim4/mainlog /var/log/exim4/rejectlog
type: monthly
Enable or disable Exim4 features
You can enable or disable features in Exim4 as follows:
exim4_features_enable:
- name: 02_exim4-custom_options
group: main
- name: 30_exim4-config_dovecot_lmtp
group: transport
exim4_features_disable:
- name: 30_exim4-config_examples
group: auth
exim4_custom_options:
- daemon_smtp_ports: "25 : 465 : 587"
- rfc1413_query_timeout: 0s
- smtp_banner: "ESMTP server ready $tod_full"
This will enable the 02_exim4-custom_options in the main configuration group and 30_exim4-config_dovecot_lmtp in the transport group, while disabling the 30_exim4-config_examples feature if it exists.
You can use these tags to reconfigure Exim4:
- exim4: runs all tasks in the role unless disabled
- exim4-reconfigure: reconfigures Exim4 to apply updated settings
- exim4-reconfigure-logrotate: reconfigures log rotation settings
License
BSD
Author Information
- Alexey Degtyarev alexey@renatasystems.org
ansible-galaxy install adegtyarev.ansible_role_exim4