robertdebock.postfix

Ansible Role Postfix

This guide explains how to install and set up Postfix on your system.

GitHub	GitLab	Downloads	Version

Example Playbook

The following example is taken from a testing file and is verified with each update.

---
- name: Setup Postfix
  hosts: all
  become: true
  gather_facts: true

  roles:
    - role: robertdebock.postfix
      # postfix_relayhost: "[relay.example.com]"
      postfix_myhostname: "smtp.example.com"
      postfix_mydomain: "example.com"
      postfix_myorigin: "example.com"
      postfix_mynetworks:
        - 127.0.0.0/8
        - 192.168.0.0/16
      postfix_aliases:
        - name: root
          destination: [email protected]
      # Ziggo settings: ("email-address" and "email-password" are placeholders)
      postfix_relayhost: "[smtp.ziggo.nl]:587"
      postfix_smtp_sasl_auth_enable: true
      postfix_smtp_sasl_password_map: "/etc/postfix/relay_pass"
      postfix_smtp_sasl_security_options: ""
      postfix_smtp_tls_wrappermode: false
      postfix_smtp_tls_security_level: may
      postfix_smtp_sasl_password_map_content: |
        [smtp.ziggo.nl]:587 email-address:email-password

The machine needs to be set up beforehand. In CI, this is done using the prepare file:

---
- name: Prepare System
  hosts: all
  become: true
  gather_facts: false

  roles:
    - role: robertdebock.bootstrap
    - role: robertdebock.core_dependencies

For more details, refer to the full explanation and example on how to use these roles.

Role Variables

The default values for the variables can be found in the defaults file:

---
# Default settings for postfix

# Required settings for postfix.
postfix_myhostname: "{{ ansible_fqdn }}"
postfix_mydomain: "{{ ansible_domain | default('localdomain', true) }}"
postfix_myorigin: "{{ ansible_domain | default('localdomain', true) }}"

# To allow Postfix to “listen” on public interfaces, set inet_interfaces to "all" or the name of the interface, like "eth0".
postfix_inet_interfaces: "loopback-only"

# Enable IPv4 and/or IPv6. Use ipv4 if only IPv4 is needed.
postfix_inet_protocols: all

# Set a banner
postfix_banner: "$myhostname ESMTP $mail_name"

# This tells Postfix which mails to accept.
postfix_mydestination: $mydomain, $myhostname, localhost.$mydomain, localhost

# To accept emails from other machines, set mynetworks to something like "- 192.168.0.0/24".
postfix_mynetworks:
  - 127.0.0.0/8

# These settings make the Postfix server act as a relay host.
# postfix_relay_domains: "$mydestination"

# To forward emails to another server, set relayhost.
# Use brackets to reference the relay host's A-record.
# postfix_relayhost: "[relay.example.com]"

# Set restrictions for receiving mails.
postfix_smtpd_recipient_restrictions:
  - permit_mynetworks
  - permit_sasl_authenticated
  - reject_unauth_destination
  - reject_invalid_hostname
  - reject_non_fqdn_hostname
  - reject_non_fqdn_sender
  - reject_non_fqdn_recipient
  - reject_unknown_sender_domain
  - reject_unknown_recipient_domain
  - reject_rbl_client sbl.spamhaus.org
  - reject_rbl_client cbl.abuseat.org
  - reject_rbl_client dul.dnsbl.sorbs.net
  - permit

postfix_smtpd_sender_restrictions:
  - reject_unknown_sender_domain

# The default SMTP TLS security level for the Postfix SMTP client.
# Valid options: dane, encrypt, fingerprint, may, none, secure, verify
postfix_smtp_tls_security_level: none

# Enabling spamassassin requires it to be installed and setting these two variables:
# postfix_spamassassin: enabled
# postfix_spamassassin_user: spamd

# Enabling clamav also requires it to be installed:
# postfix_clamav: enabled

# Aliases can be set here, often redirecting `root` is a good idea.
# postfix_aliases:
#   - name: root
#     destination: [email protected]

# Access controls for senders and recipients can also be configured.