postfix_relay

Ansible role for postfix with sender depended relay and sasl authentication

Build Status Ansible galaxy

Requirements

None

Role Variables

  • postfix_relay_configs_template: List of configuration template.

Role Variables

Variable Description Default
postfix_relay_configs Extra configs of main.cf {}
postfix_relay_maps List of map {sender, sender_matches_subdomains, relayhost, username, password, enable_password_conversion_for_ses, password_conversion_mode} []
postfix_relay_maps[].sender sender. If sender contains @*., it matches subdomains.
postfix_relay_maps[].sender_matches_subdomains If this is yes, sender matches subdomains. This is the same as including @*. in sender. no
postfix_relay_maps[].relayhost relayhost
postfix_relay_maps[].username sasl username
postfix_relay_maps[].password sasl password
postfix_relay_maps[].enable_password_conversion_for_ses If this is yes, then your normal aws credentials will be converted to ses smtp credentioals. For details, see here no
postfix_relay_maps[].password_conversion_mode Pasword conversion mode used when enable_password_conversion_for_ses is yes. If IAM AccessKey created until 2019-01-10, then use aws_ses_before20190110 else use aws_ses_v4. see here aws_ses_v4
postfix_relay_sender_dependent_relayhost_maps Maps of relayhost for each sender {}
postfix_relay_smtp_sasl_password_maps Maps of USERNAME:PASSWORD for each relayhost or sender {}
postfix_relay_fixup_sender_domain Rewrites the sender to the domain specified here if it does not match any sender null

Dependencies

Postfix

Example Playbook

AmazonSES (credentials is normal aws credentials, not smtp credentials)

This is simple playbook for AmazonSES.

- hosts: servers
  roles:
    - role: kawaz.postfix_relay
      postfix_relay_fixup_sender_domain: noreply.example.com
      postfix_relay_maps:
        - sender: '@example.com'
          sender_matches_subdomains: yes
          relayhost: '[email-smtp.us-east-1.amazonaws.com]:587'
          username: 'AKIAIOSFODNN7EXAMPLE'
          password: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
          enable_password_conversion_for_ses: yes

If your credentials is created by management console, you don't need enable_password_conversion_for_ses: yes.

If sender is [email protected], the sender is rewritten to [email protected]. If postfix_relay_fixup_sender_domain is null, then the sender is not rewritten and will not be relayed to the relayhost for @example.com.

Multiple identities

This is example for combined multiple identities of AmazonSES and gmail account.

- hosts: servers
  roles:
    - role: kawaz.postfix_relay
      postfix_relay_sender_dependent_relayhost_maps:
        '@example.com': '[email-smtp.us-east-1.amazonaws.com]:587'
        '@example.org': '[email-smtp.us-east-1.amazonaws.com]:587'
        '@example.net': '[email-smtp.us-east-1.amazonaws.com]:587'
        '@*.example.info': '[email-smtp.us-east-1.amazonaws.com]:587'
        '[email protected]': '[smtp-relay.gmail.com]:587'
        '@intra.local': '[10.0.0.25]:25'
      postfix_relay_smtp_sasl_password_maps:
        '@example.com': 'AWS_ACCESS_KEY1:AWS_ACCESS_SECRET1'
        '@example.org': 'AWS_ACCESS_KEY2:AWS_ACCESS_SECRET2'
        '@*.example.info': 'AWS_ACCESS_KEY3:AWS_ACCESS_SECRET3'
        '[email-smtp.us-east-1.amazonaws.com]:587': 'AWS_ACCESS_KEY4:AWS_ACCESS_SECRET4'
        '[email protected]': '[email protected]:PASSWORD'
      postfix_relay_maps:
        - sender: '@example.jp'
          relayhost: '[smtp-relay.gmail.com]:587'
        - sender: '@*.example.jp'
          relayhost: '[smtp-relay.gmail.com]:587'
        - sender: '[email protected]'
          username: '[email protected]'
          password: 'FOOPASSWORD'
        - sender: '[email protected]'
          username: '[email protected]'
          password: 'BARPASSWORD'

License

MIT

Author Information

Yoshiaki Kawazu

About

Add sender depended relay hosts to postfix with sasl authentication

Install
ansible-galaxy install kawaz/ansible-role-postfix-relay
GitHub repository
License
Unknown
Downloads
696