configuring postfix to peer on mysql

9 years ago · 0f998492dd
--- a/roles/mail/files/etc-default-saslauthd
+++ b/roles/mail/files/etc-default-saslauthd
@ -0,0 +1,7 @@
 START=yes
 DESC="SASL Authentication Daemon"
 NAME="saslauthd"
 MECHANISMS="rimap"
 MECH_OPTIONS="localhost"
 THREADS=5
 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
--- a/roles/mail/files/etc-postfix-dynmap.cf
+++ b/roles/mail/files/etc-postfix-dynmap.cf
@ -0,0 +1,9 @@
 # Postfix dynamic maps configuration file.
 #
 # The first match found is the one that is used.  Wildcards are not supported
 # as of postfix 2.0.2
 #
 #type	location of .so file			open function	(mkmap func)
 #====	================================	=============	============
 tcp	/usr/lib/postfix/dict_tcp.so		dict_tcp_open	
 mysql	/usr/lib/postfix/dict_mysql.so		dict_mysql_open	
--- a/roles/mail/tasks/mail.yml
+++ b/roles/mail/tasks/mail.yml
@ -37,4 +37,6 @@

 - name: Adding facteur group and user
  shell: useradd -d /home/facteur -m -u 3000 -g 3000 facteur
 - name: Copy dynmap file
  copy: src=etc-postfix-dynmap.cf dest=etc/postfix/dynmap.cf
 # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab:
--- a/roles/mail/templates/main.cf.j2
+++ b/roles/mail/templates/main.cf.j2
@ -13,13 +13,31 @@ biff = no
 append_dot_mydomain = no

 # Uncomment the next line to generate "delayed mail" warnings
 #delay_warning_time = 4h
 delay_warning_time = 4h

 readme_directory = no

 # TLS parameters
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 #http://workaround.org/comment/2536
 #
 #smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
 #smtpd_tls_key_file = /etc/ssl/private/postfix.pem
 # old
 #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 #
 #smtpd_tls_cert_file=/home/doo/temp/crt/postfix.crt
 #smtpd_tls_key_file=/home/doo/temp/crt/myca.key

 # smtpd_tls_key_file = /etc/ssl/private/smtpd.key
 # smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
 # smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem

 smtpd_tls_key_file = /etc/ssl/mail.key
 smtpd_tls_cert_file = /etc/ssl/mail.crt
 smtpd_tls_CAfile = /etc/ssl/ca-bundle.crt
 smtp_tls_CAfile =  $smtpd_tls_CAfile

 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@ -27,15 +45,48 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.

 myhostname = host.{{ domain }}
 myhostname = {{ domain }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination = host.{{ domain }}, host.localdomain, localhost.localdomain, localhost
 # relayhost = # Edit this with an IP if you want a relayhost in your network
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24 
 mailbox_command = procmail -a "$EXTENSION"
 mydestination = localhost.net, localhost
 relayhost = 
 mynetworks = 127.0.0.0/8 192.168.10.0/24
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = loopback-only
 inet_interfaces = all
 inet_protocols = ipv4
 virtual_uid_maps = static:3000
 virtual_gid_maps = static:3000
 virtual_mailbox_base = /home/facteur
 
 virtual_transport = dovecot
 
 virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
 relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
 
 smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname
 
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_security_options = noanonymous
 broken_sasl_auth_clients = yes

 # Indiquer à Postfix de livrer à un destinataire à la fois
 # la réception d'un mail en provenance d'un expéditeur unique avec plusieurs destinataire ne fonctionnerais pas sans cette option
 dovecot_destination_recipient_limit = 1
 content_filter = amavis:[127.0.0.1]:10024
 receive_override_options = no_address_mappings


 ## ajout suite à la lecture de la doc postfix
 #notify_classes = ressource, software, protocol
--- a/roles/mail/templates/mysql_relay_domains.cf.j2
+++ b/roles/mail/templates/mysql_relay_domains.cf.j2
@ -0,0 +1,5 @@
 hosts = 127.0.0.1
 user = postfix
 password = {{ dbpassword }}
 dbname = postfix
 query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 1
--- a/roles/mail/templates/mysql_virtual_alias_maps.cf.j2
+++ b/roles/mail/templates/mysql_virtual_alias_maps.cf.j2
@ -0,0 +1,5 @@
 hosts = 127.0.0.1
 user = postfix
 password = {{ dbpassword }}
 dbname = postfix
 query = SELECT goto FROM alias WHERE address='%s' AND active = 1
--- a/roles/mail/templates/mysql_virtual_mailbox_domains.cf.j2
+++ b/roles/mail/templates/mysql_virtual_mailbox_domains.cf.j2
@ -0,0 +1,5 @@
 hosts = 127.0.0.1
 user = postfix
 password = {{ dbpassword }}
 dbname = postfix
 query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1
--- a/roles/mail/templates/mysql_virtual_mailbox_maps.cf.j2
+++ b/roles/mail/templates/mysql_virtual_mailbox_maps.cf.j2
@ -0,0 +1,5 @@
 hosts = 127.0.0.1
 user = postfix
 password = {{ dbpassword }}
 dbname = postfix
 query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1