Requirements

1. Install Ansible:

sudo apt install python3
python3 -m ensurepip --upgrade
pip3 install ansible

2. Install this role:

ansible-galaxy install pimvh.postfix

Required Variables

Check the variables in the defaults section. You can find a description of these variables in the argument spec located in meta/main.yaml. The variables you provide will be checked when the role runs.

Example Playbook

Here’s a simple way to run this role on a host:

- hosts:
  - foo

  vars:
    postfix_ipv4: << Enter the IPv4 address of the Postfix mail server here >>
    postfix_ipv6: << Enter the IPv6 address of the Postfix mail server here >>
    postfix_myhostname: "<< Enter the domain name for Postfix here >>"
    postfix_mydomain: "<< Enter the domain here, defaults to myhostname >>"
    postfix_mynetworks:
      - 127.0.0.0/8
      - "::1/128" # No need to bracket IPv6 addresses, the system handles this
    # Add more networks here if needed
    postfix_virtual_alias_domains: [] # Add virtual alias domains if needed (check meta/main.yaml for details)
    postfix_relay_domains: [] # Add relay domains if needed (check defaults/main.yaml for details)
    postfix_aliases: # Add user aliases if needed
      - user: root
        alias: postmaster
    # You can also use a list of users
    # - users:
    #     - fred
    #     - foo
    #     - bar
    #   alias: something

    postfix_virtual_aliases: [] # Add virtual aliases if needed (check meta/main.yaml for details)

    # You can skip the rest of these variables
    # postfix_install: true
    # postfix_dir: /etc/postfix

    # postfix_dkim_enabled: true # DKIM is enabled by default
    # postfix_dkim_keys:
    #   default:
    #     mail: "*"

    # DKIM file locations
    # postfix_dkim_keytable: /etc/opendkim/keytable
    # postfix_dkim_signingtable: /etc/opendkim/signingtable
    # postfix_dkim_trustedhosts: "/etc/opendkim/trustedhosts"

    # Cert locations based on Certbot's default (you can run pimvh.certbot to get certificates)
    # postfix_smtpd_tls_cert_file: "/etc/letsencrypt/live/{{ postfix_mydomain }}/fullchain.pem"
    # postfix_smtpd_tls_key_file: "/etc/letsencrypt/live/{{ postfix_mydomain }}/privkey.pem"

  roles:
    - pimvh.postfix

It’s usually easier to manage your variables by using groups or hosts instead of setting them all inline. However, it depends on your specific needs. Check Ansible’s recommended playbook setup for guidance.

TLDR - What Happens When You Run This

• Checks if the variables are correct
• Installs Postfix
• Installs and sets up Amavis
• Installs and sets up OpenDKIM
• Installs and sets up OpenDMARC
• Installs and sets up Dovecot with system users and virtual mail directory
• Configures mailutils (installed through this role)

What This Role Does Not Do

Firewalling

This role does not handle firewall settings. You probably have specific requirements for this. Be cautious about opening your IMAP port to the entire internet if it can be avoided.

Database Backend Setup

Currently, this role does not include configuration for a database backend for Postfix. If you're interested, feel free to contribute.

Troubleshooting

This role checks the variables you provide. If you:

• See issues with the argument spec, you might have made an error in the variables.
• Face problems while running the playbook, please describe your issue in detail and open an issue.

Future Improvements

There are several areas for improvement in this role. I am considering adding:

• A DMARC parsing tool
• A better backend for Postfix, such as a database instead of just the filesystem.

If you have suggestions for improvements, feel free to open an issue.

Sources

• Postfix Documentation
• SIDN Guide on Configuring Postfix
• How to Configure Dovecot
• Dovecot Installation Test Commands