kawaz.postfix_relay
Ansible Role for Postfix with Sender-Dependent Relay and SASL Authentication
Requirements
None
Role Variables
postfix_relay_configs_template: List of configuration templates.
Role Variables
| Variable | Description | Default |
|---|---|---|
postfix_relay_configs |
Additional configurations for main.cf | {} |
postfix_relay_maps |
List of mappings with {sender, sender_matches_subdomains, relayhost, username, password, enable_password_conversion_for_ses, password_conversion_mode} |
[] |
postfix_relay_maps[].sender |
Sender email. If it includes @*., it matches subdomains. |
|
postfix_relay_maps[].sender_matches_subdomains |
If set to yes, the sender matches subdomains, similar to including @*. in sender. |
no |
postfix_relay_maps[].relayhost |
The relay host. | |
postfix_relay_maps[].username |
SASL username. | |
postfix_relay_maps[].password |
SASL password. | |
postfix_relay_maps[].enable_password_conversion_for_ses |
If set to yes, normal AWS credentials will be converted to SES SMTP credentials. For more details, check here. |
no |
postfix_relay_maps[].password_conversion_mode |
Password conversion mode used when enable_password_conversion_for_ses is yes. If IAM AccessKey was created before 2019-01-10, use aws_ses_before20190110, otherwise use aws_ses_v4. See here. |
aws_ses_v4 |
postfix_relay_sender_dependent_relayhost_maps |
Mapping of relay hosts for each sender. | {} |
postfix_relay_smtp_sasl_password_maps |
Mapping of USERNAME:PASSWORD for each relay host or sender. |
{} |
postfix_relay_fixup_sender_domain |
If the sender does not match any, it rewrites the sender to this specified domain. | null |
Dependencies
Postfix
Example Playbook
Amazon SES (Use normal AWS credentials, not SMTP credentials)
Here’s a simple playbook example for Amazon SES.
- hosts: servers
roles:
- role: kawaz.postfix_relay
postfix_relay_fixup_sender_domain: noreply.example.com
postfix_relay_maps:
- sender: '@example.com'
sender_matches_subdomains: yes
relayhost: '[email-smtp.us-east-1.amazonaws.com]:587'
username: 'AKIAIOSFODNN7EXAMPLE'
password: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
enable_password_conversion_for_ses: yes
If your credentials were created via the management console, you don’t need enable_password_conversion_for_ses: yes.
If the sender is [email protected], it will be rewritten to [email protected].
If postfix_relay_fixup_sender_domain is null, the sender will not be rewritten and will not be relayed to the relay host for @example.com.
Multiple Identities
Here’s an example of using multiple identities for Amazon SES and a Gmail account.
- hosts: servers
roles:
- role: kawaz.postfix_relay
postfix_relay_sender_dependent_relayhost_maps:
'@example.com': '[email-smtp.us-east-1.amazonaws.com]:587'
'@example.org': '[email-smtp.us-east-1.amazonaws.com]:587'
'@example.net': '[email-smtp.us-east-1.amazonaws.com]:587'
'@*.example.info': '[email-smtp.us-east-1.amazonaws.com]:587'
'[email protected]': '[smtp-relay.gmail.com]:587'
'@intra.local': '[10.0.0.25]:25'
postfix_relay_smtp_sasl_password_maps:
'@example.com': 'AWS_ACCESS_KEY1:AWS_ACCESS_SECRET1'
'@example.org': 'AWS_ACCESS_KEY2:AWS_ACCESS_SECRET2'
'@*.example.info': 'AWS_ACCESS_KEY3:AWS_ACCESS_SECRET3'
'[email-smtp.us-east-1.amazonaws.com]:587': 'AWS_ACCESS_KEY4:AWS_ACCESS_SECRET4'
'[email protected]': '[email protected]:PASSWORD'
postfix_relay_maps:
- sender: '@example.jp'
relayhost: '[smtp-relay.gmail.com]:587'
- sender: '@*.example.jp'
relayhost: '[smtp-relay.gmail.com]:587'
- sender: '[email protected]'
username: '[email protected]'
password: 'FOOPASSWORD'
- sender: '[email protected]'
username: '[email protected]'
password: 'BARPASSWORD'
License
MIT
Author Information
Yoshiaki Kawazu