trombik.opensmtpd

ansible-role-opensmtpd

This role sets up smtpd(8), also known as OpenSMTPD.

Requirements

If opensmtpd_include_x509_certificate is set to yes, you need trombik.x509-certificate, which is usually provided through requirements.yml.

When opensmtpd-extras is present, make sure the opensmtpd API version matches that of opensmtpd-extras.

Role Variables

Variable	Description	Default
`opensmtpd_user`	Username for `smtpd(8)`	`{{ __opensmtpd_user }}`
`opensmtpd_group`	Group name for `smtpd(8)`	`{{ __opensmtpd_group }}`
`opensmtpd_service`	Service name for `smtpd(8)`	`{{ __opensmtpd_service }}`
`opensmtpd_conf_dir`	Path to configuration directory	`{{ __opensmtpd_conf_dir }}`
`opensmtpd_conf_file`	Path to `smtpd.conf(5)`	`{{ opensmtpd_conf_dir }}/smtpd.conf`
`opensmtpd_flags`	Optional flags for `smtpd(8)`	`""`
`opensmtpd_package_name`	OpenSMTPD package name	`{{ __opensmtpd_package_name }}`
`opensmtpd_extra_packages`	List of additional packages to install	`[]`
`opensmtpd_config`	Content of `smtpd.conf(5)`	`""`
`opensmtpd_makemap_bin`	Path to `makemap(8)`	`{{ __opensmtpd_makemap_bin }}`
`opensmtpd_virtual_user`	Configuration for a virtual user	`{}`
`opensmtpd_extra_groups`	Additional groups for `smtpd(8)` user	`[]`
`opensmtpd_tables`	List of tables	`[]`
`opensmtpd_include_x509_certificate`	Include the `trombik.x509-certificate` role	`no`

`opensmtpd_virtual_user`

This variable defines a virtual user. Its keys are explained below. If it's a non-empty dictionary, the user and their home directory will be created.

Key	Description	Mandatory?
`comment`	Comment for the user	no
`group`	Primary group for the user	yes
`groups`	Additional groups for the user	no
`home`	Home directory for the user	yes
`name`	User's name	yes
`uid`	User's UID	no
`mode`	Mode for the home directory; defaults to system setting if omitted	no

`opensmtpd_tables`

This variable is a list of dictionaries that define table(5) entries.

Key	Description	Mandatory?
`name`	Name of the table in `smtpd.conf(5)`	yes
`path`	File path	yes
`type`	Supported back-end type (default allows only `file` or `db`)	yes
`owner`	Owner of the file	no
`group`	Group of the file	no
`dbtype`	Supported database format (ignored unless `type` is `db`)	no
`format`	Format for the resulting map file (ignored unless `type` is `db`)	no
`mode`	File mode; should usually be quoted	no
`values`	Content of the file	yes
`no_log`	If `yes`, no logging in the template task; defaults to `yes`	no

`opensmtpd_include_x509_certificate`

This variable includes the trombik.x509-certificate role during execution.

System-Specific Defaults

Debian

Variable	Default
`__opensmtpd_user`	`opensmtpd`
`__opensmtpd_group`	`opensmtpd`
`__opensmtpd_service`	`opensmtpd`
`__opensmtpd_conf_dir`	`/etc`
`__opensmtpd_package_name`	`opensmtpd`
`__opensmtpd_makemap_bin`	`/usr/sbin/makemap`

FreeBSD

Variable	Default
`__opensmtpd_user`	`_smtpd`
`__opensmtpd_group`	`_smtpd`
`__opensmtpd_service`	`smtpd`
`__opensmtpd_conf_dir`	`/usr/local/etc/mail`
`__opensmtpd_package_name`	`mail/opensmtpd`
`__opensmtpd_makemap_bin`	`/usr/local/libexec/opensmtpd/makemap`

OpenBSD

Variable	Default
`__opensmtpd_user`	`_smtpd`
`__opensmtpd_group`	`_smtpd`
`__opensmtpd_service`	`smtpd`
`__opensmtpd_conf_dir`	`/etc/mail`
`__opensmtpd_package_name`	`""`
`__opensmtpd_makemap_bin`	`/usr/sbin/makemap`

RedHat

Variable	Default
`__opensmtpd_user`	`smtpd`
`__opensmtpd_group`	`smtpd`
`__opensmtpd_service`	`opensmtpd`
`__opensmtpd_conf_dir`	`/etc/opensmtpd`
`__opensmtpd_package_name`	`opensmtpd`
`__opensmtpd_makemap_bin`	`/sbin/makemap`

Dependencies

None

Sample Playbook

Here's a sample Ansible playbook using this role:

---

- hosts: localhost
  roles:
    - name: trombik.redhat_repo
      when: ansible_os_family == 'RedHat'
    - role: trombik.freebsd_pkg_repo
      when:
        - ansible_os_family == 'FreeBSD'
    - role: ansible-role-opensmtpd
  vars:
    os_default_group:
      FreeBSD: wheel
      OpenBSD: wheel
      Debian: root
      RedHat: root
    freebsd_pkg_repo:
      FreeBSD:
        enabled: "false"
        state: present
      FreeBSD_latest:
        enabled: "true"
        state: present
        url: pkg+https://pkg.FreeBSD.org/${ABI}/latest
        mirror_type: srv
        signature_type: fingerprints
        fingerprints: /usr/share/keys/pkg
        priority: 100
    redhat_repo:
      epel:
        mirrorlist: "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-{{ ansible_distribution_major_version }}&arch={{ ansible_architecture }}"
        gpgcheck: yes
        enabled: yes

    test_user: [email protected]
    test_password: "$2b$08$LT/AdE2YSHb19d3hB27.4uXd1/Cj0qQIWc4FdfLlcuqnCUGbRu2Mq"
    
    os_passwd_postfix:
      FreeBSD: ":::::"
      OpenBSD: ":::::"
      Debian: ":12345:12345:::"
      RedHat: ":12345:12345:::"
    passwd_postfix: "{{ os_passwd_postfix[ansible_os_family] }}"

    os_opensmtpd_extra_packages:
      FreeBSD:
        - opensmtpd-extras-table-passwd
      OpenBSD:
        - opensmtpd-extras
      Debian: []
      RedHat: []
    opensmtpd_extra_packages: "{{ os_opensmtpd_extra_packages[ansible_os_family] }}"

    os_opensmtpd_extra_groups:
      FreeBSD:
        - nobody
      OpenBSD:
        - nobody
      Debian:
        - games
      RedHat:
        - games
    opensmtpd_extra_groups: "{{ os_opensmtpd_extra_groups[ansible_os_family] }}"
    
    opensmtpd_virtual_user:
      name: vmail
      group: vmail
      home: /var/vmail
      comment: Virtual Mail User
      mode: "0755"
    opensmtpd_tables:
      - name: aliases
        path: "{{ opensmtpd_conf_dir }}/aliases"
        type: file
        format: aliases
        mode: "644"
        no_log: no
        values:
          - "MAILER-DAEMON: postmaster"
          - "postmaster: root"
          - "daemon: root"
          - "ftp-bugs: root"
          - "operator: root"
          - "www:    root"
          - "foo: error:500 no such user"
          - "bar: | cat - >/dev/null"
      - name: secrets
        path: "{{ opensmtpd_conf_dir }}/secrets"
        type: file
        owner: root
        group: "{{ opensmtpd_group }}"
        mode: "0640"
        no_log: no
        values:
          - "{{ test_user }} {{ test_password }}"
      - name: passwd
        path: "{{ opensmtpd_conf_dir }}/smtpd_passwd"
        type: passwd
        owner: root
        group: "{{ opensmtpd_group }}"
        mode: "0640"
        no_log: no
        values:
          - "{{ test_user }}:{{ test_password }}{{ passwd_postfix }}"
      - name: domains
        path: "{{ opensmtpd_conf_dir }}/domains"
        type: file
        owner: root
        group: "{{ os_default_group[ansible_os_family] }}"
        mode: "0644"
        no_log: no
        values:
          - example.org
          - example.net
      - name: virtuals
        path: "{{ opensmtpd_conf_dir }}/virtuals"
        type: db
        dbtype: hash
        format: aliases
        owner: root
        group: vmail
        mode: "0444"
        no_log: no
        values:
          - [email protected] [email protected]
          - [email protected] [email protected]
          - [email protected] {{ opensmtpd_virtual_user.name }}
          - [email protected] [email protected]
          - [email protected] [email protected]
          - [email protected] {{ opensmtpd_virtual_user.name }}
      - name: mynetworks
        path: "{{ opensmtpd_conf_dir }}/mynetworks"
        type: db
        format: set
        no_log: no
        values:
          - 192.168.21.0/24

    opensmtpd_flags: -v
    os_listen_on_interface:
      FreeBSD: lo0
      OpenBSD: lo0
      Debian: lo
      RedHat: lo
    opensmtpd_config: |
      {% for list in opensmtpd_tables %}
      {% if list.type == 'passwd' and (ansible_os_family == 'Debian' or ansible_os_family == 'RedHat') %}
      # Current known issue with `opensmtpd-extras`
      # Skip this until the synced version is released.
      {% else %}
      table {{ list.name }} {{ list.type }}:{{ list.path }}{% if list['type'] == 'db' %}.db{% endif %}
      {% endif %}
      {% endfor %}
      listen on {{ os_listen_on_interface[ansible_os_family] }} port 25

      {% if ansible_os_family == 'OpenBSD' or ansible_os_family == 'FreeBSD' %}
      action "local_mail" maildir "{{ opensmtpd_virtual_user['home'] }}/%{dest.domain}/%{dest.user}/Maildir"
      action "outbound" relay
      match from any for domain <domains> action "local_mail"
      match from src <mynetworks> action "outbound"
      {% else %}
      accept from any for domain <domains> virtual <virtuals> \
        deliver to maildir "{{ opensmtpd_virtual_user['home'] }}/%{dest.domain}/%{dest.user}/Maildir"
      accept from any for domain <domains> \
        deliver to mbox
      {% endif %}

License

Copyright (c) 2017 Tomoyuki Sakurai <[email protected]>

You can use, copy, and modify this software for any purpose without restriction,
as long as you include this copyright notice. 

This software is provided "as is" without any warranties. The author is not
liable for any damages that may occur from its use.

Author Information

Tomoyuki Sakurai y@trombik.org

This README was created using qansible.

Informazioni sul progetto

Configures OpenSMTPD

role opensmtpd smtpd

Installa

ansible-galaxy install trombik.opensmtpd

GitHub repository

4 stelle

1 fork

1 problemi aperti

Licenza

isc

Download

237

Proprietario

Tomoyuki Sakurai

PGP finger print: 03EB 3D97 5E04 9B0C AB21 93A2 D693 42A9 EFBC 3577 Makerspace and Coliving in Siem Reap, Cambodia: http://info.mkrsgh.org/