From 0f998492ddb58b403023ec7bb420839cfc1064e8 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Tue, 7 Oct 2014 15:32:38 +0200 Subject: [PATCH] configuring postfix to peer on mysql --- roles/mail/files/etc-default-saslauthd | 7 ++ roles/mail/files/etc-postfix-dynmap.cf | 9 +++ roles/mail/tasks/mail.yml | 2 + roles/mail/templates/main.cf.j2 | 69 ++++++++++++++++--- .../mail/templates/mysql_relay_domains.cf.j2 | 5 ++ .../templates/mysql_virtual_alias_maps.cf.j2 | 5 ++ .../mysql_virtual_mailbox_domains.cf.j2 | 5 ++ .../mysql_virtual_mailbox_maps.cf.j2 | 5 ++ 8 files changed, 98 insertions(+), 9 deletions(-) create mode 100644 roles/mail/files/etc-default-saslauthd create mode 100644 roles/mail/files/etc-postfix-dynmap.cf create mode 100644 roles/mail/templates/mysql_relay_domains.cf.j2 create mode 100644 roles/mail/templates/mysql_virtual_alias_maps.cf.j2 create mode 100644 roles/mail/templates/mysql_virtual_mailbox_domains.cf.j2 create mode 100644 roles/mail/templates/mysql_virtual_mailbox_maps.cf.j2 diff --git a/roles/mail/files/etc-default-saslauthd b/roles/mail/files/etc-default-saslauthd new file mode 100644 index 0000000..3dd176e --- /dev/null +++ b/roles/mail/files/etc-default-saslauthd @@ -0,0 +1,7 @@ +START=yes +DESC="SASL Authentication Daemon" +NAME="saslauthd" +MECHANISMS="rimap" +MECH_OPTIONS="localhost" +THREADS=5 +OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" diff --git a/roles/mail/files/etc-postfix-dynmap.cf b/roles/mail/files/etc-postfix-dynmap.cf new file mode 100644 index 0000000..0315efd --- /dev/null +++ b/roles/mail/files/etc-postfix-dynmap.cf @@ -0,0 +1,9 @@ +# Postfix dynamic maps configuration file. +# +# The first match found is the one that is used. Wildcards are not supported +# as of postfix 2.0.2 +# +#type location of .so file open function (mkmap func) +#==== ================================ ============= ============ +tcp /usr/lib/postfix/dict_tcp.so dict_tcp_open +mysql /usr/lib/postfix/dict_mysql.so dict_mysql_open diff --git a/roles/mail/tasks/mail.yml b/roles/mail/tasks/mail.yml index 4720f16..71be71e 100644 --- a/roles/mail/tasks/mail.yml +++ b/roles/mail/tasks/mail.yml @@ -37,4 +37,6 @@ - name: Adding facteur group and user shell: useradd -d /home/facteur -m -u 3000 -g 3000 facteur +- name: Copy dynmap file + copy: src=etc-postfix-dynmap.cf dest=etc/postfix/dynmap.cf # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/mail/templates/main.cf.j2 b/roles/mail/templates/main.cf.j2 index 59e09a6..f82994a 100644 --- a/roles/mail/templates/main.cf.j2 +++ b/roles/mail/templates/main.cf.j2 @@ -13,13 +13,31 @@ biff = no append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h +delay_warning_time = 4h readme_directory = no # TLS parameters -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +#http://workaround.org/comment/2536 +# +#smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem +#smtpd_tls_key_file = /etc/ssl/private/postfix.pem +# old +#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +# +#smtpd_tls_cert_file=/home/doo/temp/crt/postfix.crt +#smtpd_tls_key_file=/home/doo/temp/crt/myca.key + +# smtpd_tls_key_file = /etc/ssl/private/smtpd.key +# smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt +# smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem + +smtpd_tls_key_file = /etc/ssl/mail.key +smtpd_tls_cert_file = /etc/ssl/mail.crt +smtpd_tls_CAfile = /etc/ssl/ca-bundle.crt +smtp_tls_CAfile = $smtpd_tls_CAfile + smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache @@ -27,15 +45,48 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. -myhostname = host.{{ domain }} +myhostname = {{ domain }} alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname -mydestination = host.{{ domain }}, host.localdomain, localhost.localdomain, localhost -# relayhost = # Edit this with an IP if you want a relayhost in your network -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24 -mailbox_command = procmail -a "$EXTENSION" +mydestination = localhost.net, localhost +relayhost = +mynetworks = 127.0.0.0/8 192.168.10.0/24 mailbox_size_limit = 0 recipient_delimiter = + -inet_interfaces = loopback-only +inet_interfaces = all inet_protocols = ipv4 +virtual_uid_maps = static:3000 +virtual_gid_maps = static:3000 +virtual_mailbox_base = /home/facteur + +virtual_transport = dovecot + +virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf +virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf +virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf +relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf + +smtpd_recipient_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + reject_non_fqdn_hostname, + reject_non_fqdn_sender, + reject_non_fqdn_recipient, + reject_unauth_destination, + reject_unauth_pipelining, + reject_invalid_hostname + +smtpd_sasl_auth_enable = yes +smtpd_sasl_security_options = noanonymous +broken_sasl_auth_clients = yes + +# Indiquer à Postfix de livrer à un destinataire à la fois +# la réception d'un mail en provenance d'un expéditeur unique avec plusieurs destinataire ne fonctionnerais pas sans cette option +dovecot_destination_recipient_limit = 1 +content_filter = amavis:[127.0.0.1]:10024 +receive_override_options = no_address_mappings + + +## ajout suite à la lecture de la doc postfix +#notify_classes = ressource, software, protocol diff --git a/roles/mail/templates/mysql_relay_domains.cf.j2 b/roles/mail/templates/mysql_relay_domains.cf.j2 new file mode 100644 index 0000000..ac6d328 --- /dev/null +++ b/roles/mail/templates/mysql_relay_domains.cf.j2 @@ -0,0 +1,5 @@ +hosts = 127.0.0.1 +user = postfix +password = {{ dbpassword }} +dbname = postfix +query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 1 diff --git a/roles/mail/templates/mysql_virtual_alias_maps.cf.j2 b/roles/mail/templates/mysql_virtual_alias_maps.cf.j2 new file mode 100644 index 0000000..f293f72 --- /dev/null +++ b/roles/mail/templates/mysql_virtual_alias_maps.cf.j2 @@ -0,0 +1,5 @@ +hosts = 127.0.0.1 +user = postfix +password = {{ dbpassword }} +dbname = postfix +query = SELECT goto FROM alias WHERE address='%s' AND active = 1 diff --git a/roles/mail/templates/mysql_virtual_mailbox_domains.cf.j2 b/roles/mail/templates/mysql_virtual_mailbox_domains.cf.j2 new file mode 100644 index 0000000..ab83de6 --- /dev/null +++ b/roles/mail/templates/mysql_virtual_mailbox_domains.cf.j2 @@ -0,0 +1,5 @@ +hosts = 127.0.0.1 +user = postfix +password = {{ dbpassword }} +dbname = postfix +query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1 diff --git a/roles/mail/templates/mysql_virtual_mailbox_maps.cf.j2 b/roles/mail/templates/mysql_virtual_mailbox_maps.cf.j2 new file mode 100644 index 0000000..1ca310b --- /dev/null +++ b/roles/mail/templates/mysql_virtual_mailbox_maps.cf.j2 @@ -0,0 +1,5 @@ +hosts = 127.0.0.1 +user = postfix +password = {{ dbpassword }} +dbname = postfix +query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1