Merge branch 'master' of https://github.com/theonlydoo/configz

etc/host_vars/localhost.example

@@ -0,0 +1,12 @@
+--- 
+admin_ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian
+default_packages_debian: htop
+description: machine test
+ntp_server1: 0.pool.ntp.org
+ntp_server2: 1.pool.ntp.org
+disable_ipv6: true
+domain: test.net
+mariadb_version: 10.0
+mysql_root_password: changeme
+mysql_host: localhost
+# vim: set textwidth=0 ft=yaml:

mail.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Deployer et configurer un serveur mail complet 
+  hosts: all
+  user: root
+  gather_facts: yes
+
+  roles:
+    - mariadb
+    - mail
+
+# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab:

roles/common/files/root-.bashrc

@@ -1880,6 +1880,7 @@ prompt_OFF()
 }
 
 # By default, sourcing liquidprompt will activate the liquid prompt
+LP_ENABLE_GIT=1
 prompt_on
 
 # vim: set et sts=4 sw=4 tw=120 ft=sh:

roles/mail/defaults/main.yml

@@ -0,0 +1 @@
+# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab:

roles/mail/files/etc-amavis-conf.d-15-content_filter_mode

@@ -0,0 +1,27 @@
+use strict;
+
+# You can modify this file to re-enable SPAM checking through spamassassin
+# and to re-enable antivirus checking.
+
+#
+# Default antivirus checking mode
+# Please note, that anti-virus checking is DISABLED by
+# default.
+# If You wish to enable it, please uncomment the following lines:
+
+
+@bypass_virus_checks_maps = (
+   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
+
+
+#
+# Default SPAM checking mode
+# Please note, that anti-spam checking is DISABLED by
+# default.
+# If You wish to enable it, please uncomment the following lines:
+
+
+@bypass_spam_checks_maps = (
+   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
+
+1;  # ensure a defined return

roles/mail/files/etc-amavis-conf.d-50-user

@@ -0,0 +1,20 @@
+use strict;
+
+#
+# Place your configuration directives here.  They will override those in
+# earlier files.
+#
+# See /usr/share/doc/amavisd-new/ for documentation and examples of
+# the directives you can use in this file
+#
+
+$QUARANTINEDIR = '/var/spool/virusmails';              # Quarantine Directory
+$spam_quarantine_method = 'local:spam-%b-%i-%n'; # Filename in $QUARANTINEDIR
+$spam_quarantine_to = 'spam-quarantine';         # Put Spam in Quarantine Directory
+# $spam_quarantine_to = "admin\@$mydomain"; # Send Spam to Adminstrator
+# $spam_quarantine_to = undef;                   # Do nothing with Spam
+$final_spam_destiny = D_DISCARD;
+$spam_admin = "admin\@$mydomain";          # Where to send Notification
+
+#------------ Do not modify anything below this line -------------
+1;  # ensure a defined return

roles/mail/files/etc-default-automysqlbackup

@@ -0,0 +1,98 @@
+# By default, the Debian version of automysqlbackup will use:
+# mysqldump --defaults-file=/etc/mysql/debian.cnf
+# but you might want to overwrite with a specific user & pass.
+# To do this, simply edit bellow.
+
+# Username to access the MySQL server e.g. dbuser
+#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
+
+# Username to access the MySQL server e.g. password
+#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
+
+# Host name (or IP address) of MySQL server e.g localhost
+DBHOST=localhost
+
+# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
+# Note that it's absolutely normal that the db named "mysql" is not in this
+# list, as it's added later by the script. See the MDBNAMES directives below
+# in this file (advanced options).
+# This is ONLY a convenient default, if you don't like it, don't complain
+# and write your own.
+# The following is a quick hack that will find the names of the databases by
+# reading the mysql folder content. Feel free to replace by something else.
+# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
+# This one does a list of dbs using a MySQL statement.
+DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r\\\n ,\ `
+
+# Backup directory location e.g /backups
+# Folders inside this one will be created (daily, weekly, etc.), and the
+# subfolders will be database names. Note that backups will be owned by
+# root, with Unix rights 0600.
+BACKUPDIR="/backups/"
+
+# Mail setup
+# What would you like to be mailed to you?
+# - log   : send only log file
+# - files : send log file and sql files as attachments (see docs)
+# - stdout : will simply output the log to the screen if run manually.
+# - quiet : Only send logs if an error occurs to the MAILADDR.
+MAILCONTENT="quiet"
+
+# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
+# docs])
+MAXATTSIZE="4000"
+
+# Email Address to send mail to? (user@domain.com)
+MAILADDR="root"
+
+# ============================================================
+# === ADVANCED OPTIONS ( Read the doc's below for details )===
+#=============================================================
+
+# List of DBBNAMES for Monthly Backups.
+MDBNAMES="mysql $DBNAMES"
+
+# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
+DBEXCLUDE="mysql information_schema performance_schema phpmyadmin"
+
+# Include CREATE DATABASE in backup?
+CREATE_DATABASE=yes
+
+# Separate backup directory and file for each DB? (yes or no)
+SEPDIR=yes
+
+# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
+DOWEEKLY=6
+
+
+# Set rotation of daily backups. VALUE*24hours
+# If you want to keep only today's backups, you could choose 1, i.e. everything older than 24hours will be removed.
+CONFIG_rotation_daily=6
+
+# Choose Compression type. (gzip or bzip2)
+COMP=gzip
+
+# Compress communications between backup server and MySQL server?
+COMMCOMP=no
+
+# Additionally keep a copy of the most recent backup in a seperate
+# directory.
+LATEST=no
+
+#  The maximum size of the buffer for client/server communication. e.g. 16MB
+#  (maximum is 1GB)
+MAX_ALLOWED_PACKET=
+
+#  For connections to localhost. Sometimes the Unix socket file must be
+#  specified.
+SOCKET=
+
+# Command to run before backups (uncomment to use)
+#PREBACKUP="/etc/mysql-backup-pre"
+
+# Command run after backups (uncomment to use)
+#POSTBACKUP="/etc/mysql-backup-post"
+
+# Backup of stored procedures and routines (comment to remove)
+ROUTINES=yes
+

roles/mail/files/etc-default-saslauthd

@@ -0,0 +1,7 @@
+START=yes
+DESC="SASL Authentication Daemon"
+NAME="saslauthd"
+MECHANISMS="rimap"
+MECH_OPTIONS="localhost"
+THREADS=5
+OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

roles/mail/files/etc-default-spamassassin

@@ -0,0 +1,31 @@
+# Duncan Findlay
+
+# WARNING: please read README.spamd before using.
+# There may be security risks.
+
+# Change to one to enable spamd
+ENABLED=1
+
+# Options
+# See man spamd for possible options. The -d option is automatically added.
+
+# SpamAssassin uses a preforking model, so be careful! You need to
+# make sure --max-children is not set to anything higher than 5,
+# unless you know what you're doing.
+
+OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
+
+# Pid file
+# Where should spamd write its PID to file? If you use the -u or
+# --username option above, this needs to be writable by that user.
+# Otherwise, the init script will not be able to shut spamd down.
+PIDFILE="/var/run/spamd.pid"
+
+# Set nice level of spamd
+#NICE="--nicelevel 15"
+
+# Cronjob
+# Set to anything but 0 to enable the cron job to automatically update
+# spamassassin's rules on a nightly basis
+CRON=1
+

roles/mail/files/etc-postfix-dynmap.cf

@@ -0,0 +1,9 @@
+# Postfix dynamic maps configuration file.
+#
+# The first match found is the one that is used.  Wildcards are not supported
+# as of postfix 2.0.2
+#
+#type	location of .so file			open function	(mkmap func)
+#====	================================	=============	============
+tcp	/usr/lib/postfix/dict_tcp.so		dict_tcp_open	
+mysql	/usr/lib/postfix/dict_mysql.so		dict_mysql_open	

roles/mail/files/etc-postfix-sasl-smtpd.conf

@@ -0,0 +1,3 @@
+ pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
+ auxprop_plugin: rimap

roles/mail/handlers/main.yml

@@ -0,0 +1,19 @@
+
+- name: restart saslauthd
+  service: name=saslauthd state=restarted
+
+- name: restart mysql
+  service: name=mysql state=restarted
+
+- name: restart dovecot
+  service: name=dovecot state=restarted
+
+- name: restart postfix
+  service: name=postfix state=restarted
+
+- name: restart spamassassin
+  service: name=spamassassin state=restarted
+
+- name: restart postgrey
+  service: name=postgrey state=restarted
+# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab:

roles/mail/tasks/main.yml

@@ -0,0 +1,125 @@
+- name: Check vars
+  fail: msg="Missing domain name for first Vdomain creation"
+  when: domain is not defined
+
+- name: Install packages
+  apt: pkg={{item}} state=installed update_cache=yes
+  with_items: "{{ firstpkg }}" 
+  ignore_errors: no
+
+- name: Randomly generate a postfix database password
+  shell: pwgen -y -B -s 80 1
+  register: dbpassword
+
+- name: Install packages
+  apt: pkg={{item}} state=installed update_cache=yes
+  with_items: "{{ packages }}" 
+  ignore_errors: no
+
+- name: Downloading postfixadmin
+  get_url: url=http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fpostfixadmin%2Ffiles%2F&ts=1412684802&use_mirror=softlayer-ams validate_certs=no dest=/tmp/postfixadmin-2.91.tar.gz
+- name: Creation of the right folder
+  file: path=/etc/postfixadmin/ state=directory mode=0755 recurse=yes
+
+- name: Untar the beast
+  unarchive: src=/tmp/postfixadmin-2.91.tar.gz dest=/etc/postfixadmin/
+
+- name: enable SASLAuthd on boot
+  copy: src=etc-default-saslauthd dest=/etc/default/saslauthd
+  notify: restart saslauthd
+
+- name: Adding facteur group and user
+  shell: groupadd -g 3000 facteur
+  ignore_errors: yes
+
+- name: Adding facteur group and user
+  shell: useradd -d /home/facteur -m -u 3000 -g 3000 facteur
+  ignore_errors: yes
+
+- name: Copy dynmap file
+  copy: src=etc-postfix-dynmap.cf dest=/etc/postfix/dynmap.cf
+
+- name: creation of /sasl in postfixdir
+  file: path=/etc/postfix/sasl state=directory
+
+- name: Copying file to directory previously created
+  copy: src=etc-postfix-sasl-smtpd.conf dest=/etc/postfix/sasl/smtpd.conf
+  notify: restart postfix
+
+- name: adduser postfix sasl
+  shell: adduser postfix sasl
+  notify: restart dovecot
+
+- name: Copy dovecot config files
+  template: src=dovecot.conf dest=/etc/dovecot/ owner=root mode=655
+
+- name: Copy dovecot config files
+  template: src=dovecot-mysql.conf dest=/etc/dovecot/ owner=root mode=655
+
+- name: Copy postfixadmin config files
+  template: src=config.inc.php dest=/etc/postfixadmin/ owner=root mode=655
+
+- name: Copy postfixadmin config files
+  template: src=dbconfig.inc.php dest=/etc/postfixadmin/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=dynamicmaps.cf dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=main.cf dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=master.cf dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=mysql_relay_domains.cf dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=mysql_virtual_alias_maps.cf dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=mysql_virtual_mailbox_domains.cf dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=mysql_virtual_mailbox_maps.cf dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=postfix-files dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=postfix-script dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=post-install dest=/etc/postfix/ owner=root mode=655
+
+- name: Copy postfix config files
+  template: src=root-postfix.sql dest=/etc/postfix/ owner=root mode=655
+
+- name: Create database for postfix
+  shell: mysql < /etc/postfix/root-postfix.sql
+
+- name: Config amavis
+  copy: src=etc-amavis-conf.d-15-content_filter_mode  dest=/etc/amavis/conf.d/15-content_filter_mode
+
+- name: Config amavis
+  copy: src=etc-amavis-conf.d-50-user  dest=/etc/amavis/conf.d/50-user
+
+- name: Virus repository
+  shell:  mkdir /var/spool/virusmails 
+
+- name: chown
+  shell: chown amavis:amavis /var/spool/virusmails
+
+- name: update SA
+  shell: sa-update -D
+
+- name: Config SA
+  copy: src=etc-default-spamassassin  dest=/etc/default/spamassassin
+  notify: restart spamassassin
+
+- name: Config Postgrey
+  template: src=etc-default-postgrey dest=/etc/default/postgrey
+  notify: restart postgrey
+
+
+# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab:

roles/mail/templates/config.inc.php

@@ -0,0 +1,452 @@
+<?php
+/** 
+ * Postfix Admin 
+ * 
+ * LICENSE 
+ * This source file is subject to the GPL license that is bundled with  
+ * this package in the file LICENSE.TXT. 
+ * 
+ * Further details on the project are available at : 
+ *     http://www.postfixadmin.com or http://postfixadmin.sf.net 
+ * 
+ * @version $Id: config.inc.php 935 2011-01-02 21:33:13Z christian_boltz $ 
+ * @license GNU GPL v2 or later. 
+ * 
+ * File: config.inc.php
+ * Contains configuration options.
+ */
+
+// This loads the automatic generated DB credentials from /etc/postfixadmin/dbconfig.inc.php
+require_once('dbconfig.inc.php');
+if (!isset($dbserver) || empty($dbserver))
+        $dbserver='localhost';
+
+/*****************************************************************
+ *  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
+ * You have to set $CONF['configured'] = true; before the
+ * application will run!
+ * Doing this implies you have changed this file as required.
+ * i.e. configuring database etc; specifying setup.php password etc.
+ */
+$CONF['configured'] = true;
+
+// In order to setup Postfixadmin, you MUST specify a hashed password here.
+// To create the hash, visit setup.php in a browser and type a password into the field,
+// on submission it will be echoed out to you as a hashed value.
+$CONF['setup_password'] = '{{ dbpassword }}';
+}
+}
+
+// Postfix Admin Path
+// Set the location of your Postfix Admin installation here.
+// YOU MUST ENTER THE COMPLETE URL e.g. http://domain.tld/postfixadmin
+$CONF['postfix_admin_url'] = '/postfixadmin';
+
+// shouldn't need changing.
+$CONF['postfix_admin_path'] = dirname(__FILE__);
+
+// Language config
+// Language files are located in './languages', change as required..
+$CONF['default_language'] = 'en';
+
+// Database Config
+// mysql = MySQL 3.23 and 4.0, 4.1 or 5
+// mysqli = MySQL 4.1+ 
+// pgsql = PostgreSQL
+$CONF['database_type'] = $dbtype;
+$CONF['database_host'] = $dbserver;
+$CONF['database_user'] = $dbuser;
+$CONF['database_password'] = $dbpass;
+$CONF['database_name'] = $dbname;
+// If you need to specify a different port for a MYSQL database connection, use e.g.
+//   $CONF['database_host'] = '172.30.33.66:3308';
+// If you need to specify a different port for POSTGRESQL database connection
+//   uncomment and change the following
+// $CONF['database_port'] = '5432';
+
+
+// Here, if you need, you can customize table names.
+$CONF['database_prefix'] = '';
+$CONF['database_tables'] = array (
+    'admin' => 'admin',
+    'alias' => 'alias',
+    'alias_domain' => 'alias_domain',
+    'config' => 'config',
+    'domain' => 'domain',
+    'domain_admins' => 'domain_admins',
+    'fetchmail' => 'fetchmail',
+    'log' => 'log',
+    'mailbox' => 'mailbox',
+    'vacation' => 'vacation',
+    'vacation_notification' => 'vacation_notification',
+    'quota' => 'quota',
+    'quota2' => 'quota2',
+);
+
+// Site Admin
+// Define the Site Admins email address below.
+// This will be used to send emails from to create mailboxes.
+$CONF['admin_email'] = 'postmaster@{{ domain }}';
+
+// Mail Server
+// Hostname (FQDN) of your mail server.
+// This is used to send email to Postfix in order to create mailboxes.
+$CONF['smtp_server'] = 'localhost';
+$CONF['smtp_port'] = '25';
+
+// Encrypt
+// In what way do you want the passwords to be crypted?
+// md5crypt = internal postfix admin md5
+// md5 = md5 sum of the password
+// system = whatever you have set as your PHP system default
+// cleartext = clear text passwords (ouch!)
+// mysql_encrypt = useful for PAM integration
+// authlib = support for courier-authlib style passwords
+// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
+$CONF['encrypt'] = 'md5crypt';
+
+// In what flavor should courier-authlib style passwords be enrypted?
+// md5 = {md5} + base64 encoded md5 hash
+// md5raw = {md5raw} + plain encoded md5 hash
+// SHA = {SHA} + base64-encoded sha1 hash
+// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt
+$CONF['authlib_default_flavor'] = 'md5raw';
+
+// If you use the dovecot encryption method: where is the dovecotpw binary located?
+$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
+
+// Minimum length required for passwords. Postfixadmin will not
+// allow users to set passwords which are shorter than this value.
+$CONF['min_password_length'] = 5;
+
+// Generate Password
+// Generate a random password for a mailbox or admin and display it.
+// If you want to automagically generate paswords set this to 'YES'.
+$CONF['generate_password'] = 'NO';
+
+// Show Password
+// Always show password after adding a mailbox or admin.
+// If you want to always see what password was set set this to 'YES'.
+$CONF['show_password'] = 'NO';
+
+// Page Size
+// Set the number of entries that you would like to see
+// in one page.
+$CONF['page_size'] = '10';
+
+// Default Aliases
+// The default aliases that need to be created for all domains.
+$CONF['default_aliases'] = array (
+    'abuse' => 'abuse@{{ domain }}',
+    'hostmaster' => 'hostmaster@{{ domain }}',
+    'postmaster' => 'postmaster@{{ domain }}',
+    'webmaster' => 'webmaster@{{ domain }}'
+);
+
+// Mailboxes
+// If you want to store the mailboxes per domain set this to 'YES'.
+// Examples:
+//   YES: /usr/local/virtual/domain.tld/username@domain.tld
+//   NO:  /usr/local/virtual/username@domain.tld
+$CONF['domain_path'] = 'NO';
+// If you don't want to have the domain in your mailbox set this to 'NO'.
+// Examples: 
+//   YES: /usr/local/virtual/domain.tld/username@domain.tld
+//   NO:  /usr/local/virtual/domain.tld/username
+// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES.
+$CONF['domain_in_mailbox'] = 'YES';
+// If you want to define your own function to generate a maildir path set this to the name of the function.
+// Notes: 
+//   - this configuration directive will override both domain_path and domain_in_mailbox
+//   - the maildir_name_hook() function example is present below, commented out
+//   - if the function does not exist the program will default to the above domain_path and domain_in_mailbox settings
+$CONF['maildir_name_hook'] = 'NO';
+
+/*
+    maildir_name_hook example function
+ 
+    Called by create-mailbox.php if $CONF['maildir_name_hook'] == '<name_of_the_function>'
+    - allows for customized maildir paths determined by a custom function
+    - the example below will prepend a single-character directory to the
+      beginning of the maildir, splitting domains more or less evenly over
+      36 directories for improved filesystem performance with large numbers
+      of domains.
+
+    Returns: maildir path
+    ie. I/example.com/user/
+*/
+/*
+function maildir_name_hook($domain, $user) {
+    $chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+    $dir_index = hexdec(substr(md5($domain), 28)) % strlen($chars);
+    $dir = substr($chars, $dir_index, 1);
+    return sprintf("%s/%s/%s/", $dir, $domain, $user);
+}
+*/
+
+
+// Default Domain Values
+// Specify your default values below. Quota in MB.
+$CONF['aliases'] = '10';
+$CONF['mailboxes'] = '10';
+$CONF['maxquota'] = '10';
+
+// Quota
+// When you want to enforce quota for your mailbox users set this to 'YES'.
+$CONF['quota'] = 'NO';
+// You can either use '1024000' or '1048576'
+$CONF['quota_multiplier'] = '1024000';
+
+// Transport
+// If you want to define additional transport options for a domain set this to 'YES'.
+// Read the transport file of the Postfix documentation.
+$CONF['transport'] = 'NO';
+// Transport options
+// If you want to define additional transport options put them in array below.
+$CONF['transport_options'] = array (
+    'virtual',  // for virtual accounts
+    'local',    // for system accounts
+    'relay'     // for backup mx
+);
+// Transport default
+// You should define default transport. It must be in array above.
+$CONF['transport_default'] = 'virtual';
+
+// Virtual Vacation
+// If you want to use virtual vacation for you mailbox users set this to 'YES'.
+// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/)
+$CONF['vacation'] = 'NO';
+// This is the autoreply domain that you will need to set in your Postfix
+// transport maps to handle virtual vacations. It does not need to be a
+// real domain (i.e. you don't need to setup DNS for it).
+$CONF['vacation_domain'] = 'autoreply.{{ domain }}';
+
+// Vacation Control
+// If you want users to take control of vacation set this to 'YES'.
+$CONF['vacation_control'] ='YES';
+
+// Vacation Control for admins
+// Set to 'YES' if your domain admins should be able to edit user vacation.
+$CONF['vacation_control_admin'] = 'YES';
+
+// Alias Control
+// Postfix Admin inserts an alias in the alias table for every mailbox it creates.
+// The reason for this is that when you want catch-all and normal mailboxes
+// to work you need to have the mailbox replicated in the alias table.
+// If you want to take control of these aliases as well set this to 'YES'.
+
+// Alias control for superadmins
+$CONF['alias_control'] = 'NO';
+
+// Alias Control for domain admins
+$CONF['alias_control_admin'] = 'NO';
+
+// Special Alias Control
+// Set to 'NO' if your domain admins shouldn't be able to edit the default aliases
+// as defined in $CONF['default_aliases']
+$CONF['special_alias_control'] = 'NO';
+
+// Alias Goto Field Limit
+// Set the max number of entries that you would like to see
+// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added.
+// '0' means no limits.
+$CONF['alias_goto_limit'] = '0';
+
+// Alias Domains
+// Alias domains allow to "mirror" aliases and mailboxes to another domain. This makes 
+// configuration easier if you need the same set of aliases on multiple domains, but
+// also requires postfix to do more database queries.
+// Note: If you update from 2.2.x or earlier, you will have to update your postfix configuration.
+// Set to 'NO' to disable alias domains.
+$CONF['alias_domain'] = 'YES';
+
+// Backup
+// If you don't want backup tab set this to 'NO';
+$CONF['backup'] = 'YES';
+
+// Send Mail
+// If you don't want sendmail tab set this to 'NO';
+$CONF['sendmail'] = 'YES';
+
+// Logging
+// If you don't want logging set this to 'NO';
+$CONF['logging'] = 'YES';
+
+// Fetchmail
+// If you don't want fetchmail tab set this to 'NO';
+$CONF['fetchmail'] = 'YES';
+
+// fetchmail_extra_options allows users to specify any fetchmail options and any MDA
+// (it will even accept 'rm -rf /' as MDA!)
+// This should be set to NO, except if you *really* trust *all* your users.
+$CONF['fetchmail_extra_options'] = 'NO';
+
+// Header
+$CONF['show_header_text'] = 'NO';
+$CONF['header_text'] = ':: Postfix Admin ::';
+
+// link to display under 'Main' menu when logged in as a user.
+$CONF['user_footer_link'] = "http://{{ domain }}/main";
+
+// Footer
+// Below information will be on all pages.
+// If you don't want the footer information to appear set this to 'NO'.
+$CONF['show_footer_text'] = 'YES';
+$CONF['footer_text'] = 'Return to {{ domain }}';
+$CONF['footer_link'] = 'http://{{ domain }}';
+
+// Welcome Message
+// This message is send to every newly created mailbox.
+// Change the text between EOM.
+$CONF['welcome_text'] = <<<EOM
+Hi,
+
+Welcome to your new account.
+EOM;
+
+// When creating mailboxes or aliases, check that the domain-part of the
+// address is legal by performing a name server look-up.
+$CONF['emailcheck_resolve_domain']='YES';
+
+
+// Optional:
+// Analyze alias gotos and display a colored block in the first column
+// indicating if an alias or mailbox appears to deliver to a non-existent
+// account.  Also, display indications, for POP/IMAP mailboxes and
+// for custom destinations (such as mailboxes that forward to a UNIX shell
+// account or mail that is sent to a MS exchange server, or any other
+// domain or subdomain you use)
+// See http://www.w3schools.com/html/html_colornames.asp for a list of
+// color names available on most browsers
+
+//set to YES to enable this feature
+$CONF['show_status']='NO';
+//display a guide to what these colors mean
+$CONF['show_status_key']='NO';
+// 'show_status_text' will be displayed with the background colors
+// associated with each status, you can customize it here
+$CONF['show_status_text']='&nbsp;&nbsp;';
+// show_undeliverable is useful if most accounts are delivered to this
+// postfix system.  If many aliases and mailboxes are forwarded
+// elsewhere, you will probably want to disable this.
+$CONF['show_undeliverable']='NO';
+$CONF['show_undeliverable_color']='tomato';
+// mails to these domains will never be flagged as undeliverable
+$CONF['show_undeliverable_exceptions']=array("unixmail.domain.ext","exchangeserver.domain.ext","gmail.com");
+$CONF['show_popimap']='NO';
+$CONF['show_popimap_color']='darkgrey';
+// you can assign special colors to some domains. To do this,
+// - add the domain to show_custom_domains
+// - add the corresponding color to show_custom_colors
+$CONF['show_custom_domains']=array("subdomain.domain.ext","domain2.ext");
+$CONF['show_custom_colors']=array("lightgreen","lightblue");
+// If you use a recipient_delimiter in your postfix config, you can also honor it when aliases are checked.
+// Example: $CONF['recipient_delimiter'] = "+";
+// Set to "" to disable this check.
+$CONF['recipient_delimiter'] = "";
+
+
+// Optional:
+// Script to run after creation of mailboxes.
+// Note that this may fail if PHP is run in "safe mode", or if
+// operating system features (such as SELinux) or limitations
+// prevent the web-server from executing external scripts.
+// Parameters: (1) username (2) domain (3) maildir (4) quota
+// $CONF['mailbox_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
+
+// Optional:
+// Script to run after alteration of mailboxes.
+// Note that this may fail if PHP is run in "safe mode", or if
+// operating system features (such as SELinux) or limitations
+// prevent the web-server from executing external scripts.
+// Parameters: (1) username (2) domain (3) maildir (4) quota
+// $CONF['mailbox_postedit_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postedit.sh';
+
+// Optional:
+// Script to run after deletion of mailboxes.
+// Note that this may fail if PHP is run in "safe mode", or if
+// operating system features (such as SELinux) or limitations
+// prevent the web-server from executing external scripts.
+// Parameters: (1) username (2) domain
+// $CONF['mailbox_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
+
+// Optional:
+// Script to run after creation of domains.
+// Note that this may fail if PHP is run in "safe mode", or if
+// operating system features (such as SELinux) or limitations
+// prevent the web-server from executing external scripts.
+// Parameters: (1) domain
+//$CONF['domain_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postcreation.sh';
+
+// Optional:
+// Script to run after deletion of domains.
+// Note that this may fail if PHP is run in "safe mode", or if
+// operating system features (such as SELinux) or limitations
+// prevent the web-server from executing external scripts.
+// Parameters: (1) domain
+// $CONF['domain_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postdeletion.sh';
+
+// Optional:
+// Sub-folders which should automatically be created for new users.
+// The sub-folders will also be subscribed to automatically.
+// Will only work with IMAP server which implement sub-folders.
+// Will not work with POP3.
+// If you define create_mailbox_subdirs, then the
+// create_mailbox_subdirs_host must also be defined.
+//
+// $CONF['create_mailbox_subdirs']=array('Spam');
+// $CONF['create_mailbox_subdirs_host']='localhost';
+//
+// Specify '' for Dovecot and 'INBOX.' for Courier.
+$CONF['create_mailbox_subdirs_prefix']='INBOX.';
+
+// Optional:
+// Show used quotas from Dovecot dictionary backend in virtual
+// mailbox listing.
+// See: DOCUMENTATION/DOVECOT.txt
+//      http://wiki.dovecot.org/Quota/Dict
+//
+$CONF['used_quotas'] = 'NO';
+
+// if you use dovecot >= 1.2, set this to yes.
+// Note about dovecot config: table "quota" is for 1.0 & 1.1, table "quota2" is for dovecot 1.2 and newer
+$CONF['new_quota_table'] = 'NO';
+
+//
+// Normally, the TCP port number does not have to be specified.
+// $CONF['create_mailbox_subdirs_hostport']=143;
+//
+// If you have trouble connecting to the IMAP-server, then specify
+// a value for $CONF['create_mailbox_subdirs_hostoptions']. These
+// are some examples to experiment with:
+// $CONF['create_mailbox_subdirs_hostoptions']=array('notls');
+// $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh');
+// See also the "Optional flags for names" table at
+// http://www.php.net/manual/en/function.imap-open.php
+
+
+// Theme Config
+// Specify your own logo and CSS file
+$CONF['theme_logo'] = 'images/logo-default.png';
+$CONF['theme_css'] = 'css/default.css';
+
+// XMLRPC Interface.
+// This should be only of use if you wish to use e.g the 
+// Postfixadmin-Squirrelmail package
+//  change to boolean true to enable xmlrpc
+$CONF['xmlrpc_enabled'] = false;
+
+
+// If you want to keep most settings at default values and/or want to ensure 
+// that future updates work without problems, you can use a separate config 
+// file (config.local.php) instead of editing this file and override some
+// settings there.
+if (file_exists(dirname(__FILE__) . '/config.local.php')) {
+    include(dirname(__FILE__) . '/config.local.php');
+}
+
+//
+// END OF CONFIG FILE
+//
+/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */

roles/mail/templates/dbconfig.inc.php

@@ -0,0 +1,21 @@
+<?php
+##
+## database access settings in php format
+## automatically generated from /etc/dbconfig-common/postfixadmin.conf
+## by /usr/sbin/dbconfig-generate-include
+## Sun, 02 Feb 2014 10:34:12 +0100
+##
+## by default this file is managed via ucf, so you shouldn't have to
+## worry about manual changes being silently discarded.  *however*,
+## you'll probably also want to edit the configuration file mentioned
+## above too.
+##
+$dbuser='postfix';
+$dbpass='{{ dbpassword }}';
+}
+}
+$basepath='';
+$dbname='postfix';
+$dbserver='';
+$dbport='';
+$dbtype='mysql';

roles/mail/templates/dovecot-mysql.conf

@@ -0,0 +1,5 @@
+driver = mysql
+connect = host=127.0.0.1 dbname=postfix user=postfix password={{ dbpassword }}
+default_pass_scheme = MD5-CRYPT
+user_query = SELECT '/home/facteur/%d/%n' as home, 3000 AS uid, 3000 AS gid FROM mailbox WHERE username = '%u'
+password_query = SELECT password FROM mailbox WHERE username = '%u'

roles/mail/templates/dovecot.conf

@@ -0,0 +1,51 @@
+## Dovecot configuration file
+ 
+protocols = imap imaps pop3 pop3s managesieve
+log_timestamp = "%Y-%m-%d %H:%M:%S "
+mail_privileged_group = mail
+ 
+disable_plaintext_auth = no
+mail_location = maildir:/home/facteur/%d/%n:INDEX=/home/facteur/%d/%n/indexes
+ 
+protocol imap {
+}
+protocol pop3 {
+}
+protocol managesieve {
+  listen = *:4190
+  login_executable = /usr/lib/dovecot/managesieve-login
+  mail_executable = /usr/lib/dovecot/managesieve
+}
+protocol lda {
+  postmaster_address = admin@{{ domain }}
+  mail_plugin_dir = /usr/lib/dovecot/modules/lda
+  auth_socket_path = /var/run/dovecot/auth-master
+  mail_plugins = sieve quota
+}
+auth default {
+        userdb sql {
+        args = /etc/dovecot/dovecot-mysql.conf
+        }
+        passdb sql {
+        args = /etc/dovecot/dovecot-mysql.conf
+        }
+ socket listen {
+  master {
+  path = /var/run/dovecot/auth-master
+  mode = 0600
+  user = facteur
+  }
+  client {
+  path = /var/spool/postfix/private/auth
+  mode = 0660
+  user = postfix
+  group = postfix
+  }
+ }
+}
+dict {
+}
+plugin {
+  sieve_dir = /home/facteur/%d/%n/sieve
+  sieve = /home/facteur/%d/%n/.dovecot.sieve
+}

roles/mail/templates/dynamicmaps.cf

@@ -0,0 +1,6 @@
+# Postfix dynamic maps configuration file.
+#
+#type	location of .so file			open function	(mkmap func)
+#====	================================	=============	============
+tcp	/usr/lib/postfix/dict_tcp.so		dict_tcp_open	
+sqlite	/usr/lib/postfix/dict_sqlite.so		dict_sqlite_open	

roles/mail/templates/etc-default-postgrey

@@ -0,0 +1,13 @@
+# postgrey startup options, created for Debian
+
+# you may want to set
+#   --delay=N   how long to greylist, seconds (default: 300)
+#   --max-age=N delete old entries after N days (default: 35)
+# see also the postgrey(8) manpage
+
+#POSTGREY_OPTS="--inet=10023"
+POSTGREY_OPTS="--inet=10023 --delay=300 --hostname=mail.{{ domain }} --auto-whitelist-clients"
+
+# the --greylist-text commandline argument can not be easily passed through
+# POSTGREY_OPTS when it contains spaces.  So, insert your text here:
+#POSTGREY_TEXT="Your customized rejection message here"

roles/mail/templates/main.cf

@@ -0,0 +1,96 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+#http://workaround.org/comment/2536
+#
+#smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
+#smtpd_tls_key_file = /etc/ssl/private/postfix.pem
+# old
+#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+#
+#smtpd_tls_cert_file=/home/doo/temp/crt/postfix.crt
+#smtpd_tls_key_file=/home/doo/temp/crt/myca.key
+
+# smtpd_tls_key_file = /etc/ssl/private/smtpd.key
+# smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
+# smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
+
+smtpd_tls_key_file = /etc/ssl/mail.key
+smtpd_tls_cert_file = /etc/ssl/mail.crt
+smtpd_tls_CAfile = /etc/ssl/ca-bundle.crt
+smtp_tls_CAfile =  $smtpd_tls_CAfile
+
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = {{ domain }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = localhost.net, localhost
+relayhost = 
+mynetworks = 127.0.0.0/8 192.168.10.0/24
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = ipv4
+virtual_uid_maps = static:3000
+virtual_gid_maps = static:3000
+virtual_mailbox_base = /home/facteur
+ 
+virtual_transport = dovecot
+ 
+virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
+virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
+virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
+relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
+ 
+smtpd_recipient_restrictions =
+  permit_mynetworks,
+  permit_sasl_authenticated,
+  reject_non_fqdn_hostname,
+  reject_non_fqdn_sender,
+  reject_non_fqdn_recipient,
+  reject_unauth_destination,
+  reject_unauth_pipelining,
+  reject_rbl_client bl.spamcop.net,
+  reject_rbl_client allinone.bl.blocklist.de,
+  reject_rbl_client zen.spamhaus.org,
+  reject_rbl_client cbl.abuseat.org,
+  reject_invalid_hostname
+ 
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
+broken_sasl_auth_clients = yes
+
+# Indiquer à Postfix de livrer à un destinataire à la fois
+# la réception d'un mail en provenance d'un expéditeur unique avec plusieurs destinataire ne fonctionnerais pas sans cette option
+dovecot_destination_recipient_limit = 1
+content_filter = amavis:[127.0.0.1]:10024
+receive_override_options = no_address_mappings
+
+
+## ajout suite à la lecture de la doc postfix
+#notify_classes = ressource, software, protocol

roles/mail/templates/master.cf

@@ -0,0 +1,113 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+smtp      inet  n       -       -       -       -       smtpd
+#smtp      inet  n       -       -       -       1       postscreen
+#smtpd     pass  -       -       -       -       -       smtpd
+#dnsblog   unix  -       -       -       -       0       dnsblog
+#tlsproxy  unix  -       -       -       -       0       tlsproxy
+#submission inet n       -       -       -       -       smtpd
+#  -o syslog_name=postfix/submission
+#  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#smtps     inet  n       -       -       -       -       smtpd
+#  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#628       inet  n       -       -       -       -       qmqpd
+pickup    fifo  n       -       -       60      1       pickup
+cleanup   unix  n       -       -       -       0       cleanup
+qmgr      fifo  n       -       n       300     1       qmgr
+#qmgr     fifo  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       -       1000?   1       tlsmgr
+rewrite   unix  -       -       -       -       -       trivial-rewrite
+bounce    unix  -       -       -       -       0       bounce
+defer     unix  -       -       -       -       0       bounce
+trace     unix  -       -       -       -       0       bounce
+verify    unix  -       -       -       -       1       verify
+flush     unix  n       -       -       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       -       -       -       smtp
+relay     unix  -       -       -       -       -       smtp
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       -       -       -       showq
+error     unix  -       -       -       -       -       error
+retry     unix  -       -       -       -       -       error
+discard   unix  -       -       -       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       -       -       -       lmtp
+anvil     unix  -       -       -       -       1       anvil
+scache    unix  -       -       -       -       1       scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix	-	n	n	-	2	pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+  ${nexthop} ${user}
+

roles/mail/templates/mysql_relay_domains.cf

@@ -0,0 +1,5 @@
+hosts = 127.0.0.1
+user = postfix
+password = {{ dbpassword }}
+dbname = postfix
+query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 1

roles/mail/templates/mysql_virtual_alias_maps.cf

@@ -0,0 +1,5 @@
+hosts = 127.0.0.1
+user = postfix
+password = {{ dbpassword }}
+dbname = postfix
+query = SELECT goto FROM alias WHERE address='%s' AND active = 1

roles/mail/templates/mysql_virtual_mailbox_domains.cf

@@ -0,0 +1,5 @@
+hosts = 127.0.0.1
+user = postfix
+password = {{ dbpassword }}
+dbname = postfix
+query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1

roles/mail/templates/mysql_virtual_mailbox_maps.cf

@@ -0,0 +1,5 @@
+hosts = 127.0.0.1
+user = postfix
+password = {{ dbpassword }}
+dbname = postfix
+query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

roles/mail/templates/post-install

@@ -0,0 +1,833 @@
+#!/bin/sh
+
+# To view the formatted manual page of this file, type:
+#	POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man
+
+#++
+# NAME
+#	post-install
+# SUMMARY
+#	Postfix post-installation script
+# SYNOPSIS
+#	postfix post-install [name=value] command ...
+# DESCRIPTION
+#	The post-install script performs the finishing touch of a Postfix
+#	installation, after the executable programs and configuration
+#	files are installed. Usage is one of the following:
+# .IP o
+#	While installing Postfix from source code on the local machine, the
+#	script is run by the postfix-install script to update selected file
+#	or directory permissions and to update Postfix configuration files.
+# .IP o
+#	While installing Postfix from a pre-built package, the script is run
+#	by the package management procedure to set all file or directory
+#	permissions and to update Postfix configuration files.
+# .IP o
+#	The script can be used to change installation parameter settings such
+#	as mail_owner or setgid_group after Postfix is already installed.
+# .IP o
+#	The script can be used to upgrade configuration files and to upgrade
+#	file/directory permissions of a secondary Postfix instance.
+# .IP o
+#	At Postfix start-up time, the script is run from "postfix check" to
+#	create missing queue directories.
+# .PP
+#	The post-install script is controlled by installation parameters.
+#	Specific parameters are described at the end of this document.
+#	All installation parameters must be specified ahead of time via
+#	one of the methods described below.
+#
+#	Arguments
+# .IP create-missing
+#	Create missing queue directories with ownerships and permissions
+#	according to the contents of $daemon_directory/postfix-files, using
+#	the mail_owner and setgid_group parameter settings from the command
+#	line, process environment or from the installed main.cf file.
+#
+#	This is required at Postfix start-up time.
+# .IP set-permissions
+#	Set all file/directory ownerships and permissions according to the
+#	contents of $daemon_directory/postfix-files, using the mail_owner
+#	and setgid_group parameter settings from the command line, process
+#	environment or from the installed main.cf file. Implies create-missing.
+#
+#	This is required when installing Postfix from a pre-built package,
+#	or when changing the mail_owner or setgid_group installation parameter
+#	settings after Postfix is already installed.
+# .IP upgrade-permissions
+#	Update ownership and permission of existing files/directories as
+#	specified in $daemon_directory/postfix-files, using the mail_owner
+#	and setgid_group parameter settings from the command line, process
+#	environment or from the installed main.cf file. Implies create-missing.
+#
+#	This is required when upgrading an existing Postfix instance.
+# .IP upgrade-configuration
+#	Edit the installed main.cf and master.cf files, in order to account
+#	for missing services and to fix deprecated parameter settings.
+#
+#	This is required when upgrading an existing Postfix instance.
+# .IP upgrade-source
+#	Short-hand for: upgrade-permissions upgrade-configuration.
+#
+#	This is recommended when upgrading Postfix from source code.
+# .IP upgrade-package
+#	Short-hand for: set-permissions upgrade-configuration.
+#
+#	This is recommended when upgrading Postfix from a pre-built package.
+# .IP first-install-reminder
+#	Remind the user that they still need to configure main.cf and the
+#	aliases file, and that newaliases still needs to be run.
+#
+#	This is recommended when Postfix is installed for the first time.
+# MULTIPLE POSTFIX INSTANCES
+# .ad
+# .fi
+#	Multiple Postfix instances on the same machine can share command and
+#	daemon program files but must have separate configuration and queue
+#	directories.
+#
+#	To create a secondary Postfix installation on the same machine,
+#	copy the configuration files from the primary Postfix instance to
+#	a secondary configuration directory and execute:
+#
+#	postfix post-install config_directory=secondary-config-directory \e
+# .in +4
+#		queue_directory=secondary-queue-directory \e
+# .br
+#		create-missing
+# .PP
+#	This creates secondary Postfix queue directories, sets their access
+#	permissions, and saves the specified installation parameters to the
+#	secondary main.cf file.
+#
+#	Be sure to list the secondary configuration directory in the
+#	alternate_config_directories parameter in the primary main.cf file.
+#
+#	To upgrade a secondary Postfix installation on the same machine,
+#	execute:
+#
+#	postfix post-install config_directory=secondary-config-directory \e
+# .in +4
+#		upgrade-permissions upgrade-configuration
+# INSTALLATION PARAMETER INPUT METHODS
+# .ad
+# .fi
+#	Parameter settings can be specified through a variety of
+#	mechanisms.  In order of decreasing precedence these are:
+# .IP "command line"
+#	Parameter settings can be given as name=value arguments on
+#	the post-install command line. These have the highest precedence.
+#	Settings that override the installed main.cf file are saved.
+# .IP "process environment"
+#	Parameter settings can be given as name=value environment
+#	variables.
+#	Settings that override the installed main.cf file are saved.
+# .IP "installed configuration files"
+#	If a parameter is not specified via the command line or via the
+#	process environment, post-install will attempt to extract its
+#	value from the already installed Postfix main.cf configuration file.
+#	These settings have the lowest precedence.
+# INSTALLATION PARAMETER DESCRIPTION
+# .ad
+# .fi
+#	The description of installation parameters is as follows:
+# .IP config_directory
+#	The directory for Postfix configuration files.
+# .IP daemon_directory
+#	The directory for Postfix daemon programs. This directory
+#	should not be in the command search path of any users.
+# .IP command_directory
+#	The directory for Postfix administrative commands. This
+#	directory should be in the command search path of adminstrative users.
+# .IP queue_directory
+#	The directory for Postfix queues.
+# .IP data_directory
+#	The directory for Postfix writable data files (caches, etc.).
+# .IP sendmail_path
+#	The full pathname for the Postfix sendmail command.
+#	This is the Sendmail-compatible mail posting interface.
+# .IP newaliases_path
+#	The full pathname for the Postfix newaliases command.
+#	This is the Sendmail-compatible command to build alias databases
+#	for the Postfix local delivery agent.
+# .IP mailq_path
+#	The full pathname for the Postfix mailq command.
+#	This is the Sendmail-compatible command to list the mail queue.
+# .IP mail_owner
+#	The owner of the Postfix queue. Its numerical user ID and group ID
+#	must not be used by any other accounts on the system.
+# .IP setgid_group
+#	The group for mail submission and for queue management commands.
+#	Its numerical group ID must not be used by any other accounts on the
+#	system, not even by the mail_owner account.
+# .IP html_directory
+#	The directory for the Postfix HTML files.
+# .IP manpage_directory
+#	The directory for the Postfix on-line manual pages.
+# .IP sample_directory
+#	The directory for the Postfix sample configuration files.
+#	This feature is obsolete as of Postfix 2.1.
+# .IP readme_directory
+#	The directory for the Postfix README files.
+# SEE ALSO
+#	postfix-install(1) Postfix primary installation script.
+# FILES
+#	$config_directory/main.cf, Postfix installation parameters.
+#	$daemon_directory/postfix-files, installation control file.
+#	$config_directory/install.cf, obsolete configuration file.
+# LICENSE
+# .ad
+# .fi
+#	The Secure Mailer license must be distributed with this software.
+# AUTHOR(S)
+#	Wietse Venema
+#	IBM T.J. Watson Research
+#	P.O. Box 704
+#	Yorktown Heights, NY 10598, USA
+#--
+
+umask 022
+
+PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
+SHELL=/bin/sh
+IFS=" 	
+"
+BACKUP_IFS="$IFS"
+debug=:
+#debug=echo
+MOST_PARAMETERS="command_directory daemon_directory data_directory
+    html_directory mail_owner mailq_path manpage_directory
+    newaliases_path queue_directory readme_directory sample_directory
+    sendmail_path setgid_group"
+NON_SHARED="config_directory queue_directory data_directory"
+
+USAGE="Usage: $0 [name=value] command
+    create-missing          Create missing queue directories.
+    upgrade-source          When installing or upgrading from source code.
+    upgrade-package         When installing or upgrading from pre-built package.
+    first-install-reminder  Remind of mandatory first-time configuration steps.
+    name=value              Specify an installation parameter".
+
+# Process command-line options and parameter settings. Work around
+# brain damaged shells. "IFS=value command" should not make the
+# IFS=value setting permanent. But some broken standard allows it.
+
+create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
+obsolete=; keep_list=;
+
+for arg
+do
+    case $arg in
+                *=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
+     create-missing) create=1;;
+	  set-perm*) create=1; set_perms=1;;
+      upgrade-perm*) create=1; upgrade_perms=1;;
+      upgrade-conf*) upgrade_conf=1;;
+     upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;;
+    upgrade-package) create=1; upgrade_conf=1; set_perms=1;;
+     first-install*) first_install_reminder=1;;
+		  *) echo "$0: Error: $USAGE" 1>&2; exit 1;;
+    esac
+    shift
+done
+
+# Sanity checks.
+
+test -n "$create$upgrade_conf$first_install_reminder" || {
+    echo "$0: Error: $USAGE" 1>&2
+    exit 1
+}
+
+# Bootstrapping problem.
+
+if [ -n "$command_directory" ]
+then
+    POSTCONF="$command_directory/postconf"
+else
+    POSTCONF="postconf"
+fi
+
+$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
+    echo $0: Error: no $POSTCONF command found. 1>&2
+    echo Re-run this command as $0 command_directory=/some/where. 1>&2
+    exit 1
+}
+
+# Also used to require license etc. files only in the default instance.
+
+def_config_directory=`$POSTCONF -d -h config_directory` || exit 1
+test -n "$config_directory" ||
+    config_directory="$def_config_directory"
+
+test -d "$config_directory" || {
+    echo $0: Error: $config_directory is not a directory. 1>&2
+    exit 1
+}
+
+# If this is a secondary instance, don't touch shared files.
+# XXX Solaris does not have "test -e".
+
+instances=`test ! -f $def_config_directory/main.cf || 
+    $POSTCONF -c $def_config_directory -h multi_instance_directories | 
+	sed 's/,/ /'` || exit 1
+
+update_shared_files=1
+for name in $instances
+do
+    case "$name" in
+    "$def_config_directory") ;;
+    "$config_directory") update_shared_files=; break;;
+    esac
+done
+
+test -f $daemon_directory/postfix-files || {
+    echo $0: Error: $daemon_directory/postfix-files is not a file. 1>&2
+    exit 1
+}
+
+# SunOS5 fmt(1) truncates lines > 1000 characters.
+
+fake_fmt() {
+    sed '
+    :top
+	/^\(  *\)\([^ ][^ ]*\)  */{
+	    s//\1\2\
+\1/
+	    P
+	    D
+	    b top
+	}
+    ' | fmt
+}
+
+case `uname -s` in
+HP-UX*) FMT=cat;;
+SunOS*) FMT=fake_fmt;;
+     *) FMT=fmt;;
+esac
+
+# If a parameter is not set via the command line or environment,
+# try to use settings from installed configuration files.
+
+# Extract parameter settings from the obsolete install.cf file, as
+# a transitional aid.
+
+grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
+    test -f $config_directory/install.cf  && {
+        for name in sendmail_path newaliases_path mailq_path setgid manpages
+        do
+	eval junk=\$$name
+        case "$junk" in
+        "") eval unset $name;;
+        esac
+	   eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \
+		|| exit 1
+        done
+        : ${setgid_group=$setgid}
+        : ${manpage_directory=$manpages}
+    }
+}
+
+# Extract parameter settings from the installed main.cf file.
+
+test -f $config_directory/main.cf && {
+    for name in $MOST_PARAMETERS
+    do
+	eval junk=\$$name
+        case "$junk" in
+        "") eval unset $name;;
+        esac
+        eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1
+    done
+}
+
+# Sanity checks
+
+case $manpage_directory in
+ no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
+     echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
+esac
+
+case $setgid_group in
+ no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
+     echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
+esac
+
+for path in "$daemon_directory" "$command_directory" "$queue_directory" \
+    "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory"
+do
+   case "$path" in
+   /*) ;;
+    *) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;;
+   esac
+done
+
+for path in "$html_directory" "$readme_directory"
+do
+   case "$path" in
+   /*) ;;
+   no) ;;
+    *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;;
+   esac
+done
+
+# Find out what parameters were not specified via command line,
+# via environment, or via installed configuration files.
+
+missing=
+for name in $MOST_PARAMETERS
+do
+    eval test -n \"\$$name\" || missing="$missing $name"
+done
+
+# All parameters must be specified at this point.
+
+test -n "$non_interactive" -a -n "$missing" && {
+    cat <<EOF | ${FMT} 1>&2
+$0: Error: some required installation parameters are not defined.
+
+- Either the parameters need to be given in the $config_directory/main.cf
+file from a recent Postfix installation,
+
+- Or the parameters need to be specified through the process
+environment.
+
+- Or the parameters need to be specified as name=value arguments
+on the $0 command line,
+
+The following parameters were missing:
+
+    $missing
+
+EOF
+    exit 1
+}
+
+POSTCONF="$command_directory/postconf"
+
+# Save settings, allowing command line/environment override.
+
+override=
+for name in $MOST_PARAMETERS
+do
+    eval test \"\$$name\" = \"`$POSTCONF -c $config_directory -h $name`\" || {
+	override=1
+	break
+    }
+done
+
+test -n "$override" && {
+    $POSTCONF -c $config_directory -e \
+	"daemon_directory = $daemon_directory" \
+	"command_directory = $command_directory" \
+	"queue_directory = $queue_directory" \
+	"data_directory = $data_directory" \
+	"mail_owner = $mail_owner" \
+	"setgid_group = $setgid_group" \
+	"sendmail_path = $sendmail_path" \
+	"mailq_path = $mailq_path" \
+	"newaliases_path = $newaliases_path" \
+	"html_directory = $html_directory" \
+	"manpage_directory = $manpage_directory" \
+	"sample_directory = $sample_directory" \
+	"readme_directory = $readme_directory" \
+    || exit 1
+}
+
+# Use file/directory status information in $daemon_directory/postfix-files.
+
+test -n "$create" && {
+    exec <$daemon_directory/postfix-files || exit 1
+    while IFS=: read path type owner group mode flags junk
+    do
+	IFS="$BACKUP_IFS"
+	set_permission=
+	# Skip comments. Skip shared files, if updating a secondary instance.
+	case $path in
+	[$]*) case "$update_shared_files" in
+	      1) $debug keep non-shared or shared $path;;
+	      *) non_shared=
+		 for name in $NON_SHARED
+		 do
+		     case $path in
+		     "\$$name"*) non_shared=1; break;;
+		     esac
+		 done
+		 case "$non_shared" in
+		  1) $debug keep non-shared $path;;
+		  *) $debug skip shared $path; continue;;
+		 esac;;
+	      esac;;
+	   *) continue;;
+	esac
+	# Skip hard links and symbolic links.
+	case $type in
+	[hl]) continue;;
+	[df]) ;;
+	   *) echo unknown type $type for $path in $daemon_directory/postfix-files1>&2; exit 1;;
+	esac
+	# Expand $name, and canonicalize null fields.
+	for name in path owner group flags
+	do
+	    eval junk=\${$name}
+	    case $junk in
+	    [$]*) eval $name=$junk;;
+	       -) eval $name=;;
+	       *) ;;
+	    esac
+	done
+	# Skip uninstalled files.
+	case $path in
+	no|no/*) continue;;
+	esac
+	# Pick up the flags.
+	case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
+	case $flags in *c*) create_flag=1;; *) create_flag=;; esac
+	case $flags in *r*) recursive="-R";; *) recursive=;; esac
+	case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac
+	case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \
+				"$def_config_directory" && continue;; esac
+	# Flag obsolete objects. XXX Solaris 2..9 does not have "test -e".
+	if [ -n "$obsolete_flag" ]
+	then
+	    test -r $path -a "$type" != "d" && obsolete="$obsolete $path"
+	    continue;
+	else
+	    keep_list="$keep_list $path"
+	fi
+	# Create missing directories with proper owner/group/mode settings.
+	if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
+	then
+	    mkdir $path || exit 1
+	    set_permission=1
+	# Update all owner/group/mode settings.
+	elif [ -n "$set_perms" ]
+	then
+	    set_permission=1
+	# Update obsolete owner/group/mode settings.
+	elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ]
+	then
+	    set_permission=1
+	fi
+	test -n "$set_permission" && {
+	    chown $recursive $owner $path || exit 1
+	    test -z "$group" || chgrp $recursive $group $path || exit 1
+	    # Don't "chmod -R"; queue file status is encoded in mode bits.
+	    if [ "$type" = "d" -a -n "$recursive" ]
+	    then
+		find $path -type d -exec chmod $mode "{}" ";"
+	    else
+		chmod $mode $path
+	    fi || exit 1
+	}
+    done
+    IFS="$BACKUP_IFS"
+}
+
+# Upgrade existing Postfix configuration files if necessary.
+
+test -n "$upgrade_conf" && {
+
+    # Postfix 2.0.
+    # Add missing relay service to master.cf.
+
+    grep '^relay' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for relay service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+relay	  unix	-	-	n	-	-	smtp
+EOF
+    }
+
+    # Postfix 1.1.
+    # Add missing flush service to master.cf.
+
+    grep '^flush.*flush' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for flush service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+flush     unix  -       -       n       1000?   0       flush
+EOF
+    }
+
+    # Postfix 2.1.
+    # Add missing trace service to master.cf.
+
+    grep 'trace.*bounce' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for trace service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+trace	  unix	-	-	n	-	0	bounce
+EOF
+    }
+
+    # Postfix 2.1.
+    # Add missing verify service to master.cf.
+
+    grep '^verify.*verify' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for verify service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+verify	  unix	-	-	n	-	1	verify
+EOF
+    }
+
+    # Postfix 2.1.
+    # Fix verify service process limit.
+
+    grep '^verify.*[ 	]0[ 	]*verify' \
+	$config_directory/master.cf >/dev/null && {
+	    echo Editing $config_directory/master.cf, setting verify process limit to 1
+	    ed $config_directory/master.cf <<EOF || exit 1
+/^verify.*[ 	]0[ 	]*verify/
+s/\([ 	]\)0\([ 	]\)/\11\2/
+p
+w
+q
+EOF
+    }
+
+    # Postfix 1.1.
+    # Change privileged pickup service into unprivileged.
+
+    grep "^pickup[ 	]*fifo[ 	]*n[ 	]*n" \
+	$config_directory/master.cf >/dev/null && {
+	    echo Editing $config_directory/master.cf, making the pickup service unprivileged
+	    ed $config_directory/master.cf <<EOF || exit 1
+/^pickup[ 	]*fifo[ 	]*n[ 	]*n/
+s/\(n[ 	]*\)n/\1-/
+p
+w
+q
+EOF
+    }
+
+    # Postfix 1.1.
+    # Change private cleanup and flush services into public.
+
+    for name in cleanup flush
+    do
+	grep "^$name[ 	]*unix[ 	]*[-y]" \
+	    $config_directory/master.cf >/dev/null && {
+		echo Editing $config_directory/master.cf, making the $name service public
+	    ed $config_directory/master.cf <<EOF || exit 1
+/^$name[ 	]*unix[ 	]*[-y]/
+s/[-y]/n/
+p
+w
+q
+EOF
+	}
+    done
+
+    # Postfix 2.2.
+    # File systems have improved since Postfix came out, and all we
+    # require now is that defer and deferred are hashed because those
+    # can contain lots of files.
+
+    found=`$POSTCONF -c $config_directory -h hash_queue_names`
+    missing=
+    (echo "$found" | grep defer >/dev/null)  || missing="$missing defer"
+    (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
+    test -n "$missing" && {
+	echo fixing main.cf hash_queue_names for missing $missing
+	$POSTCONF -c $config_directory -e hash_queue_names="$found$missing" ||
+	    exit 1
+    }
+
+    # Turn on safety nets for new features that could bounce mail that
+    # would be accepted by a previous Postfix version.
+
+    # [The "unknown_local_recipient_reject_code = 450" safety net,
+    # introduced with Postfix 2.0 and deleted after Postfix 2.3.]
+
+    # Postfix 2.0.
+    # Add missing proxymap service to master.cf.
+
+    grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for proxymap service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+proxymap  unix	-	-	n	-	-	proxymap
+EOF
+    }
+
+    # Postfix 2.1.
+    # Add missing anvil service to master.cf.
+
+    grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for anvil service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+anvil	  unix	-	-	n	-	1	anvil
+EOF
+    }
+
+    # Postfix 2.2.
+    # Add missing scache service to master.cf.
+
+    grep '^scache.*scache' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for scache service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+scache	  unix	-	-	n	-	1	scache
+EOF
+    }
+
+    # Postfix 2.2.
+    # Add missing discard service to master.cf.
+
+    grep '^discard.*discard' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for discard service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+discard	  unix	-	-	n	-	-	discard
+EOF
+    }
+
+    # Postfix 2.2.
+    # Update the tlsmgr fifo->unix service.
+
+    grep "^tlsmgr[ 	]*fifo[ 	]" \
+	$config_directory/master.cf >/dev/null && {
+	    echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service
+	    ed $config_directory/master.cf <<EOF || exit 1
+/^tlsmgr[ 	]*fifo[ 	]/
+s/fifo/unix/
+s/[0-9][0-9]*/&?/
+p
+w
+q
+EOF
+    }
+
+    # Postfix 2.2.
+    # Add missing tlsmgr service to master.cf.
+
+    grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+EOF
+    }
+
+    # Postfix 2.2.
+    # Add missing retry service to master.cf.
+
+    grep '^retry.*error' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for retry service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+retry     unix  -       -       n       -       -       error
+EOF
+    }
+
+    # Postfix 2.5.
+    # Add missing proxywrite service to master.cf.
+
+    grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for proxywrite service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+proxywrite unix -       -       n       -       1       proxymap
+EOF
+    }
+
+    # Postfix 2.5.
+    # Fix a typo in the default master.cf proxywrite entry.
+
+    grep '^proxywrite.*-[ 	]*proxymap' $config_directory/master.cf >/dev/null && {
+	echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
+	    ed $config_directory/master.cf <<EOF || exit 1
+/^proxywrite.*-[ 	]*proxymap/
+s/-\([ 	]*proxymap\)/1\1/
+p
+w
+q
+EOF
+    }
+
+    # Postfix 2.8.
+    # Add missing postscreen service to master.cf.
+
+    grep '^#*smtp.*postscreen' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+#smtp      inet  n       -       n       -       1       postscreen
+EOF
+    }
+
+    # Postfix 2.8.
+    # Add missing smtpd (unix-domain) service to master.cf.
+
+    grep '^#*smtpd.*smtpd' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+#smtpd     pass  -       -       n       -       -       smtpd
+EOF
+    }
+
+    # Postfix 2.8.
+    # Add temporary dnsblog (unix-domain) service to master.cf.
+
+    grep '^#*dnsblog.*dnsblog' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+#dnsblog   unix  -       -       n       -       0       dnsblog
+EOF
+    }
+
+    # Postfix 2.8.
+    # Add tlsproxy (unix-domain) service to master.cf.
+
+    grep '^#*tlsproxy.*tlsproxy' $config_directory/master.cf >/dev/null || {
+	echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service
+	cat >>$config_directory/master.cf <<EOF || exit 1
+#tlsproxy  unix  -       -       n       -       0       tlsproxy
+EOF
+    }
+
+    # Report (but do not remove) obsolete files.
+
+    test -n "$obsolete" && {
+	cat <<EOF | ${FMT}
+
+    Note: the following files or directories still exist but are
+    no longer part of Postfix:
+
+    $obsolete
+
+EOF
+    }
+
+    # Postfix 2.9.
+    # Safety net for incompatible changes in IPv6 defaults.
+    # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
+    # UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
+    # BEFORE 2.9.
+    # This code assumes that the default is "inet_protocols = ipv4"
+    # when IPv6 support is not compiled in. See util/sys_defs.h.
+
+    test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
+	test -n "`$POSTCONF -c $config_directory -nh inet_protocols`" || {
+	echo COMPATIBILITY: editing main.cf, setting inet_protocols=ipv4.
+	echo Specify inet_protocols explicitly if you want to enable IPv6.
+	echo In a future release IPv6 will be enabled by default.
+	$POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
+    }
+}
+
+# A reminder if this is the first time Postfix is being installed.
+
+test -n "$first_install_reminder" && {
+
+    ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
+    NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
+    cat <<EOF | ${FMT}
+
+    Warning: you still need to edit myorigin/mydestination/mynetworks
+    parameter settings in $config_directory/main.cf.
+
+    See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
+    for information about dialup sites or about sites inside a
+    firewalled network.
+
+    BTW: Check your $ALIASES file and be sure to set up aliases
+    that send mail for root and postmaster to a real person, then
+    run $NEWALIASES_PATH.
+
+EOF
+
+}
+
+exit 0

roles/mail/templates/postfix-files

@@ -0,0 +1,430 @@
+#
+# Do not edit this file.
+#
+# This file controls the postfix-install script for installation of
+# Postfix programs, configuration files and documentation, as well
+# as the post-install script for setting permissions and for updating
+# Postfix configuration files. See the respective manual pages within
+# the script files.
+#
+# Do not list $command_directory in this file, or it will be blown
+# away by a future Postfix uninstallation procedure. You would not
+# want to lose all files in /usr/sbin.
+#
+# Each record in this file describes one file or directory.
+# Fields are separated by ":". Specify a null field as "-".
+# Missing fields or separators at the end are OK.
+#
+# File format:
+#	name:type:owner:group:permission:flags
+#	No group means don't change group ownership.
+#
+# File types:
+#	d=directory
+#	f=regular file
+#	h=hard link (*)
+#	l=symbolic link (*)
+#
+# (*) With hard links and symbolic links, the owner field becomes the
+#     source pathname, while the group and permissions are ignored.
+#
+# File flags:
+#	No flag means the flag is not active.
+#	p=preserve existing file, do not replace (postfix-install).
+#	u=update owner/group/mode (post-install upgrade-permissions).
+#	c=create missing directory (post-install create-missing).
+#	r=apply owner/group recursively (post-install set/upgrade-permissions).
+#	o=obsolete, no longer part of Postfix
+#	1=optional for non-default instance (config_dir != built-in default).
+#
+# Note: the "u" flag is for upgrading the permissions of existing files
+# or directories after changes in Postfix architecture. For robustness
+# it is a good idea to "u" all the files that have special ownership or
+# permissions, so that running "make install" fixes any glitches.
+#
+$config_directory:d:root:-:755:u
+$data_directory:d:$mail_owner:-:700:uc
+$daemon_directory:d:root:-:755:u
+$queue_directory:d:root:-:755:uc
+$sample_directory:d:root:-:755:o
+$readme_directory:d:root:-:755
+$html_directory:d:root:-:755
+$queue_directory/active:d:$mail_owner:-:700:ucr
+$queue_directory/bounce:d:$mail_owner:-:700:ucr
+$queue_directory/corrupt:d:$mail_owner:-:700:ucr
+$queue_directory/defer:d:$mail_owner:-:700:ucr
+$queue_directory/deferred:d:$mail_owner:-:700:ucr
+$queue_directory/flush:d:$mail_owner:-:700:ucr
+$queue_directory/hold:d:$mail_owner:-:700:ucr
+$queue_directory/incoming:d:$mail_owner:-:700:ucr
+$queue_directory/private:d:$mail_owner:-:700:uc
+$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
+$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
+$queue_directory/pid:d:root:-:755:uc
+$queue_directory/saved:d:$mail_owner:-:700:ucr
+$queue_directory/trace:d:$mail_owner:-:700:ucr
+$daemon_directory/anvil:f:root:-:755
+$daemon_directory/bounce:f:root:-:755
+$daemon_directory/dict_cdb.so:f:root:-:755
+$daemon_directory/dict_ldap.so:f:root:-:755
+$daemon_directory/dict_pcre.so:f:root:-:755
+$daemon_directory/dict_mysql.so:f:root:-:755
+$daemon_directory/dict_sqlite.so:f:root:-:755
+$daemon_directory/dict_tcp.so:f:root:-:755
+$daemon_directory/dict_sdbm.so:f:root:-:755
+$daemon_directory/cleanup:f:root:-:755
+$daemon_directory/discard:f:root:-:755
+$daemon_directory/error:f:root:-:755
+$daemon_directory/flush:f:root:-:755
+#$daemon_directory/lmtp:f:root:-:755
+$daemon_directory/local:f:root:-:755
+$daemon_directory/main.cf:f:root:-:644
+$daemon_directory/master.cf:f:root:-:644
+$daemon_directory/master:f:root:-:755
+$daemon_directory/oqmgr:f:root:-:755
+$daemon_directory/pickup:f:root:-:755
+$daemon_directory/pipe:f:root:-:755
+$daemon_directory/post-install:f:root:-:755
+$daemon_directory/postfix-files:f:root:-:644
+$daemon_directory/postfix-script:f:root:-:755
+$daemon_directory/postfix-wrapper:f:root:-:755
+$daemon_directory/postmulti-script:f:root:-:755
+$daemon_directory/proxymap:f:root:-:755
+$daemon_directory/qmgr:f:root:-:755
+$daemon_directory/qmqpd:f:root:-:755
+$daemon_directory/scache:f:root:-:755
+$daemon_directory/showq:f:root:-:755
+$daemon_directory/smtp:f:root:-:755
+$daemon_directory/smtpd:f:root:-:755
+$daemon_directory/spawn:f:root:-:755
+$daemon_directory/tlsproxy:f:root:-:755
+$daemon_directory/tlsmgr:f:root:-:755
+$daemon_directory/trivial-rewrite:f:root:-:755
+$daemon_directory/verify:f:root:-:755
+$daemon_directory/virtual:f:root:-:755
+/usr/lib/libpostfix-dns.so.1:f:root:-:755
+/usr/lib/libpostfix-global.so.1:f:root:-:755
+/usr/lib/libpostfix-tls.so.1:f:root:-:755
+/usr/lib/libpostfix-master.so.1:f:root:-:755
+/usr/lib/libpostfix-util.so.1:f:root:-:755
+$daemon_directory/nqmgr:h:$daemon_directory/qmgr
+$daemon_directory/lmtp:h:$daemon_directory/smtp
+$command_directory/postalias:f:root:-:755
+$command_directory/postcat:f:root:-:755
+$command_directory/postconf:f:root:-:755
+$command_directory/postfix:f:root:-:755
+$command_directory/postkick:f:root:-:755
+$command_directory/postlock:f:root:-:755
+$command_directory/postlog:f:root:-:755
+$command_directory/postmap:f:root:-:755
+$command_directory/postmulti:f:root:-:755
+$command_directory/postsuper:f:root:-:755
+$command_directory/postdrop:f:root:$setgid_group:2755:u
+$command_directory/postqueue:f:root:$setgid_group:2755:u
+$sendmail_path:f:root:-:755
+$newaliases_path:l:$sendmail_path
+$mailq_path:l:$sendmail_path
+$config_directory/LICENSE:f:root:-:644:1
+$config_directory/TLS_LICENSE:f:root:-:644:1
+$config_directory/access:f:root:-:644:p1
+$config_directory/aliases:f:root:-:644:p1
+$config_directory/bounce.cf.default:f:root:-:644:1
+$config_directory/canonical:f:root:-:644:p1
+$config_directory/dynamicmaps.cf:f:root:-:644:p1
+$config_directory/cidr_table:f:root:-:644:o
+$config_directory/generic:f:root:-:644:p1
+$config_directory/generics:f:root:-:644:o
+$config_directory/header_checks:f:root:-:644:p1
+$config_directory/install.cf:f:root:-:644:o
+$config_directory/main.cf.default:f:root:-:644:1
+$config_directory/main.cf:f:root:-:644:p
+$config_directory/makedefs.out:f:root:-:644:1
+$config_directory/master.cf:f:root:-:644:p
+$config_directory/pcre_table:f:root:-:644:o
+$config_directory/postfix-files:f:root:-:644:o
+$config_directory/regexp_table:f:root:-:644:o
+$config_directory/relocated:f:root:-:644:p1
+$config_directory/tcp_table:f:root:-:644:o
+$config_directory/transport:f:root:-:644:p1
+$config_directory/virtual:f:root:-:644:p1
+$config_directory/postfix-script:f:root:-:755:o
+$config_directory/postfix-script-sgid:f:root:-:755:o
+$config_directory/postfix-script-nosgid:f:root:-:755:o
+$config_directory/post-install:f:root:-:755:o
+$manpage_directory/man1/mailq.1:f:root:-:644
+$manpage_directory/man1/newaliases.1:f:root:-:644
+$manpage_directory/man1/postalias.1:f:root:-:644
+$manpage_directory/man1/postcat.1:f:root:-:644
+$manpage_directory/man1/postconf.1:f:root:-:644
+$manpage_directory/man1/postdrop.1:f:root:-:644
+$manpage_directory/man1/postfix.1:f:root:-:644
+$manpage_directory/man1/postkick.1:f:root:-:644
+$manpage_directory/man1/postlock.1:f:root:-:644
+$manpage_directory/man1/postlog.1:f:root:-:644
+$manpage_directory/man1/postmap.1:f:root:-:644
+$manpage_directory/man1/postmulti.1:f:root:-:644
+$manpage_directory/man1/postqueue.1:f:root:-:644
+$manpage_directory/man1/postsuper.1:f:root:-:644
+$manpage_directory/man1/sendmail.1:f:root:-:644
+$manpage_directory/man5/access.5:f:root:-:644
+$manpage_directory/man5/aliases.5:f:root:-:644
+$manpage_directory/man5/body_checks.5:f:root:-:644
+$manpage_directory/man5/bounce.5:f:root:-:644
+$manpage_directory/man5/canonical.5:f:root:-:644
+$manpage_directory/man5/cidr_table.5:f:root:-:644
+$manpage_directory/man5/generics.5:f:root:-:644:o
+$manpage_directory/man5/generic.5:f:root:-:644
+$manpage_directory/man5/header_checks.5:f:root:-:644
+$manpage_directory/man5/ldap_table.5:f:root:-:644
+$manpage_directory/man5/master.5:f:root:-:644
+$manpage_directory/man5/memcache_table.5:f:root:-:644
+$manpage_directory/man5/mysql_table.5:f:root:-:644
+$manpage_directory/man5/sqlite_table.5:f:root:-:644
+$manpage_directory/man5/nisplus_table.5:f:root:-:644
+$manpage_directory/man5/pcre_table.5:f:root:-:644
+$manpage_directory/man5/pgsql_table.5:f:root:-:644
+$manpage_directory/man5/postconf.5:f:root:-:644
+$manpage_directory/man5/postfix-wrapper.5:f:root:-:644
+$manpage_directory/man5/regexp_table.5:f:root:-:644
+$manpage_directory/man5/relocated.5:f:root:-:644
+$manpage_directory/man5/tcp_table.5:f:root:-:644
+$manpage_directory/man5/transport.5:f:root:-:644
+$manpage_directory/man5/virtual.5:f:root:-:644
+$manpage_directory/man8/bounce.8:f:root:-:644
+$manpage_directory/man8/cleanup.8:f:root:-:644
+$manpage_directory/man8/anvil.8:f:root:-:644
+$manpage_directory/man8/defer.8:f:root:-:644
+$manpage_directory/man8/discard.8:f:root:-:644
+$manpage_directory/man8/error.8:f:root:-:644
+$manpage_directory/man8/flush.8:f:root:-:644
+$manpage_directory/man8/lmtp.8:f:root:-:644
+$manpage_directory/man8/local.8:f:root:-:644
+$manpage_directory/man8/master.8:f:root:-:644
+$manpage_directory/man8/nqmgr.8:f:root:-:644:o
+$manpage_directory/man8/oqmgr.8:f:root:-:644:
+$manpage_directory/man8/pickup.8:f:root:-:644
+$manpage_directory/man8/pipe.8:f:root:-:644
+$manpage_directory/man8/proxymap.8:f:root:-:644
+$manpage_directory/man8/qmgr.8:f:root:-:644
+$manpage_directory/man8/qmqpd.8:f:root:-:644
+$manpage_directory/man8/scache.8:f:root:-:644
+$manpage_directory/man8/showq.8:f:root:-:644
+$manpage_directory/man8/smtp.8:f:root:-:644
+$manpage_directory/man8/smtpd.8:f:root:-:644
+$manpage_directory/man8/spawn.8:f:root:-:644
+$manpage_directory/man8/tlsproxy.8:f:root:-:644
+$manpage_directory/man8/tlsmgr.8:f:root:-:644
+$manpage_directory/man8/trace.8:f:root:-:644
+$manpage_directory/man8/trivial-rewrite.8:f:root:-:644
+$manpage_directory/man8/verify.8:f:root:-:644
+$manpage_directory/man8/virtual.8:f:root:-:644
+$sample_directory/sample-aliases.cf:f:root:-:644:o
+$sample_directory/sample-auth.cf:f:root:-:644:o
+$sample_directory/sample-canonical.cf:f:root:-:644:o
+$sample_directory/sample-compatibility.cf:f:root:-:644:o
+$sample_directory/sample-debug.cf:f:root:-:644:o
+$sample_directory/sample-filter.cf:f:root:-:644:o
+$sample_directory/sample-flush.cf:f:root:-:644:o
+$sample_directory/sample-ipv6.cf:f:root:-:644:o
+$sample_directory/sample-ldap.cf:f:root:-:644:o
+$sample_directory/sample-lmtp.cf:f:root:-:644:o
+$sample_directory/sample-local.cf:f:root:-:644:o
+$sample_directory/sample-mime.cf:f:root:-:644:o
+$sample_directory/sample-misc.cf:f:root:-:644:o
+$sample_directory/sample-pcre-access.cf:f:root:-:644:o
+$sample_directory/sample-pcre-body.cf:f:root:-:644:o
+$sample_directory/sample-pcre-header.cf:f:root:-:644:o
+$sample_directory/sample-pgsql-aliases.cf:f:root:-:644:o
+$sample_directory/sample-qmqpd.cf:f:root:-:644:o
+$sample_directory/sample-rate.cf:f:root:-:644:o
+$sample_directory/sample-regexp-access.cf:f:root:-:644:o
+$sample_directory/sample-regexp-body.cf:f:root:-:644:o
+$sample_directory/sample-regexp-header.cf:f:root:-:644:o
+$sample_directory/sample-relocated.cf:f:root:-:644:o
+$sample_directory/sample-resource.cf:f:root:-:644:o
+$sample_directory/sample-rewrite.cf:f:root:-:644:o
+$sample_directory/sample-scheduler.cf:f:root:-:644:o
+$sample_directory/sample-smtp.cf:f:root:-:644:o
+$sample_directory/sample-smtpd.cf:f:root:-:644:o
+$sample_directory/sample-tls.cf:f:root:-:644:o
+$sample_directory/sample-transport.cf:f:root:-:644:o
+$sample_directory/sample-verify.cf:f:root:-:644:o
+$sample_directory/sample-virtual.cf:f:root:-:644:o
+$readme_directory/AAAREADME:f:root:-:644
+$readme_directory/ADDRESS_CLASS_README:f:root:-:644
+$readme_directory/ADDRESS_REWRITING_README:f:root:-:644
+$readme_directory/ADDRESS_VERIFICATION_README:f:root:-:644
+$readme_directory/BACKSCATTER_README:f:root:-:644
+$readme_directory/BASIC_CONFIGURATION_README:f:root:-:644
+$readme_directory/BUILTIN_FILTER_README:f:root:-:644
+$readme_directory/CDB_README:f:root:-:644
+$readme_directory/CONNECTION_CACHE_README:f:root:-:644
+$readme_directory/CONTENT_INSPECTION_README:f:root:-:644
+$readme_directory/DATABASE_README:f:root:-:644
+$readme_directory/DB_README:f:root:-:644
+$readme_directory/DEBUG_README:f:root:-:644
+$readme_directory/DSN_README:f:root:-:644
+$readme_directory/ETRN_README:f:root:-:644
+$readme_directory/FILTER_README:f:root:-:644
+$readme_directory/HOSTING_README:f:root:-:644:o
+$readme_directory/INSTALL:f:root:-:644
+$readme_directory/IPV6_README:f:root:-:644
+$readme_directory/LDAP_README:f:root:-:644
+$readme_directory/LINUX_README:f:root:-:644
+$readme_directory/LOCAL_RECIPIENT_README:f:root:-:644
+$readme_directory/MACOSX_README:f:root:-:644:o
+$readme_directory/MAILDROP_README:f:root:-:644
+$readme_directory/MEMCACHE_README:f:root:-:644
+$readme_directory/MILTER_README:f:root:-:644
+$readme_directory/MULTI_INSTANCE_README:f:root:-:644
+$readme_directory/MYSQL_README:f:root:-:644
+$readme_directory/SQLITE_README:f:root:-:644
+$readme_directory/NFS_README:f:root:-:644
+$readme_directory/OVERVIEW:f:root:-:644
+$readme_directory/PACKAGE_README:f:root:-:644
+$readme_directory/PCRE_README:f:root:-:644
+$readme_directory/PGSQL_README:f:root:-:644
+$readme_directory/POSTSCREEN_README:f:root:-:644
+$readme_directory/QMQP_README:f:root:-:644:o
+$readme_directory/QSHAPE_README:f:root:-:644
+$readme_directory/RELEASE_NOTES:f:root:-:644
+$readme_directory/RESTRICTION_CLASS_README:f:root:-:644
+$readme_directory/SASL_README:f:root:-:644
+$readme_directory/SCHEDULER_README:f:root:-:644
+$readme_directory/SMTPD_ACCESS_README:f:root:-:644
+$readme_directory/SMTPD_POLICY_README:f:root:-:644
+$readme_directory/SMTPD_PROXY_README:f:root:-:644
+$readme_directory/SOHO_README:f:root:-:644
+$readme_directory/STANDARD_CONFIGURATION_README:f:root:-:644
+$readme_directory/STRESS_README:f:root:-:644
+$readme_directory/TLS_LEGACY_README:f:root:-:644
+$readme_directory/TLS_README:f:root:-:644
+$readme_directory/TUNING_README:f:root:-:644
+$readme_directory/ULTRIX_README:f:root:-:644
+$readme_directory/UUCP_README:f:root:-:644
+$readme_directory/VERP_README:f:root:-:644
+$readme_directory/VIRTUAL_README:f:root:-:644
+$readme_directory/XCLIENT_README:f:root:-:644
+$readme_directory/XFORWARD_README:f:root:-:644
+$html_directory/ADDRESS_CLASS_README.html:f:root:-:644
+$html_directory/ADDRESS_REWRITING_README.html:f:root:-:644
+$html_directory/ADDRESS_VERIFICATION_README.html:f:root:-:644
+$html_directory/BACKSCATTER_README.html:f:root:-:644
+$html_directory/BASIC_CONFIGURATION_README.html:f:root:-:644
+$html_directory/BUILTIN_FILTER_README.html:f:root:-:644
+$html_directory/CDB_README.html:f:root:-:644
+$html_directory/CONNECTION_CACHE_README.html:f:root:-:644
+$html_directory/CONTENT_INSPECTION_README.html:f:root:-:644
+$html_directory/CYRUS_README.html:f:root:-:644:o
+$html_directory/DATABASE_README.html:f:root:-:644
+$html_directory/DB_README.html:f:root:-:644
+$html_directory/DEBUG_README.html:f:root:-:644
+$html_directory/DSN_README.html:f:root:-:644
+$html_directory/ETRN_README.html:f:root:-:644
+$html_directory/FILTER_README.html:f:root:-:644
+$html_directory/INSTALL.html:f:root:-:644
+$html_directory/IPV6_README.html:f:root:-:644
+$html_directory/LDAP_README.html:f:root:-:644
+$html_directory/LINUX_README.html:f:root:-:644
+$html_directory/LOCAL_RECIPIENT_README.html:f:root:-:644
+$html_directory/MAILDROP_README.html:f:root:-:644
+$html_directory/MILTER_README.html:f:root:-:644
+$html_directory/MULTI_INSTANCE_README.html:f:root:-:644
+$html_directory/MYSQL_README.html:f:root:-:644
+$html_directory/SQLITE_README.html:f:root:-:644
+$html_directory/NFS_README.html:f:root:-:644
+$html_directory/OVERVIEW.html:f:root:-:644
+$html_directory/PACKAGE_README.html:f:root:-:644
+$html_directory/PCRE_README.html:f:root:-:644
+$html_directory/PGSQL_README.html:f:root:-:644
+$html_directory/POSTSCREEN_README.html:f:root:-:644
+$html_directory/QMQP_README.html:f:root:-:644:o
+$html_directory/QSHAPE_README.html:f:root:-:644
+$html_directory/RESTRICTION_CLASS_README.html:f:root:-:644
+$html_directory/SASL_README.html:f:root:-:644
+$html_directory/SCHEDULER_README.html:f:root:-:644
+$html_directory/SMTPD_ACCESS_README.html:f:root:-:644
+$html_directory/SMTPD_POLICY_README.html:f:root:-:644
+$html_directory/SMTPD_PROXY_README.html:f:root:-:644
+$html_directory/SOHO_README.html:f:root:-:644
+$html_directory/STANDARD_CONFIGURATION_README.html:f:root:-:644
+$html_directory/STRESS_README.html:f:root:-:644
+$html_directory/TLS_LEGACY_README.html:f:root:-:644
+$html_directory/TLS_README.html:f:root:-:644
+$html_directory/TUNING_README.html:f:root:-:644
+$html_directory/ULTRIX_README.html:f:root:-:644:o
+$html_directory/UUCP_README.html:f:root:-:644
+$html_directory/VERP_README.html:f:root:-:644
+$html_directory/VIRTUAL_README.html:f:root:-:644
+$html_directory/XCLIENT_README.html:f:root:-:644
+$html_directory/XFORWARD_README.html:f:root:-:644
+$html_directory/access.5.html:f:root:-:644
+$html_directory/aliases.5.html:f:root:-:644
+$html_directory/anvil.8.html:f:root:-:644
+$html_directory/bounce.8.html:f:root:-:644
+$html_directory/canonical.5.html:f:root:-:644
+$html_directory/cidr_table.5.html:f:root:-:644
+$html_directory/cleanup.8.html:f:root:-:644
+$html_directory/defer.8.html:h:$html_directory/bounce.8.html:-:644
+$html_directory/discard.8.html:f:root:-:644
+$html_directory/error.8.html:f:root:-:644
+$html_directory/flush.8.html:f:root:-:644
+$html_directory/generics.5.html:f:root:-:644:o
+$html_directory/generic.5.html:f:root:-:644
+$html_directory/header_checks.5.html:f:root:-:644
+$html_directory/index.html:f:root:-:644
+$html_directory/ldap_table.5.html:f:root:-:644
+$html_directory/lmtp.8.html:f:root:-:644
+$html_directory/local.8.html:f:root:-:644
+$html_directory/mailq.1.html:f:root:-:644
+$html_directory/master.5.html:f:root:-:644
+$html_directory/master.8.html:f:root:-:644
+$html_directory/memcache_table.5.html:f:root:-:644
+$html_directory/mysql_table.5.html:f:root:-:644
+$html_directory/sqlite_table.5.html:f:root:-:644
+$html_directory/nisplus_table.5.html:f:root:-:644
+$html_directory/newaliases.1.html:h:$html_directory/mailq.1.html:-:644
+$html_directory/oqmgr.8.html:f:root:-:644
+$html_directory/pcre_table.5.html:f:root:-:644
+$html_directory/pgsql_table.5.html:f:root:-:644
+$html_directory/pickup.8.html:f:root:-:644
+$html_directory/pipe.8.html:f:root:-:644
+$html_directory/postalias.1.html:f:root:-:644
+$html_directory/postcat.1.html:f:root:-:644
+$html_directory/postconf.1.html:f:root:-:644
+$html_directory/postconf.5.html:f:root:-:644
+$html_directory/postdrop.1.html:f:root:-:644
+$html_directory/postfix-logo.jpg:f:root:-:644
+$html_directory/postfix-manuals.html:f:root:-:644
+$html_directory/postfix-wrapper.5.html:f:root:-:644
+$html_directory/postfix.1.html:f:root:-:644
+$html_directory/postkick.1.html:f:root:-:644
+$html_directory/postlock.1.html:f:root:-:644
+$html_directory/postlog.1.html:f:root:-:644
+$html_directory/postmap.1.html:f:root:-:644
+$html_directory/postmulti.1.html:f:root:-:644
+$html_directory/postqueue.1.html:f:root:-:644
+$html_directory/postsuper.1.html:f:root:-:644
+$html_directory/qshape.1.html:f:root:-:644
+$html_directory/proxymap.8.html:f:root:-:644
+$html_directory/qmgr.8.html:f:root:-:644
+$html_directory/qmqp-sink.1.html:f:root:-:644
+$html_directory/qmqp-source.1.html:f:root:-:644
+$html_directory/qmqpd.8.html:f:root:-:644
+$html_directory/regexp_table.5.html:f:root:-:644
+$html_directory/relocated.5.html:f:root:-:644
+$html_directory/sendmail.1.html:h:$html_directory/mailq.1.html:-:644
+$html_directory/showq.8.html:f:root:-:644
+$html_directory/smtp-sink.1.html:f:root:-:644
+$html_directory/smtp-source.1.html:f:root:-:644
+$html_directory/smtp.8.html:h:$html_directory/lmtp.8.html:-:644
+$html_directory/smtpd.8.html:f:root:-:644
+$html_directory/spawn.8.html:f:root:-:644
+$html_directory/tlsproxy.8.html:f:root:-:644
+$html_directory/tcp_table.5.html:f:root:-:644
+$html_directory/trace.8.html:h:$html_directory/bounce.8.html:-:644
+$html_directory/transport.5.html:f:root:-:644
+$html_directory/trivial-rewrite.8.html:f:root:-:644
+$html_directory/verify.8.html:f:root:-:644
+$html_directory/virtual.5.html:f:root:-:644
+$html_directory/virtual.8.html:f:root:-:644

roles/mail/templates/postfix-script

@@ -0,0 +1,376 @@
+#!/bin/sh
+
+#++
+# NAME
+#	postfix-script 1
+# SUMMARY
+#	execute Postfix administrative commands
+# SYNOPSIS
+#	\fBpostfix-script\fR \fIcommand\fR
+# DESCRIPTION
+#	The \fBpostfix-script\fR script executes Postfix administrative
+#	commands in an environment that is set up by the \fBpostfix\fR(1)
+#	command.
+# SEE ALSO
+#	master(8) Postfix master program
+#	postfix(1) Postfix administrative interface
+# LICENSE
+# .ad
+# .fi
+#	The Secure Mailer license must be distributed with this software.
+# AUTHOR(S)
+#	Wietse Venema
+#	IBM T.J. Watson Research
+#	P.O. Box 704
+#	Yorktown Heights, NY 10598, USA
+#--
+
+# Avoid POSIX death due to SIGHUP when some parent process exits.
+
+trap '' 1
+
+case $daemon_directory in
+"") echo This script must be run by the postfix command. 1>&2
+    echo Do not run directly. 1>&2
+    exit 1
+esac
+
+LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script"
+INFO="$LOGGER -p info"
+WARN="$LOGGER -p warn"
+ERROR="$LOGGER -p error"
+FATAL="$LOGGER -p fatal"
+PANIC="$LOGGER -p panic"
+
+if [ "X${1#quiet-}" != "X${1}" ]; then
+    INFO=:
+    x=${1#quiet-}
+    shift
+    set -- $x "$@"
+fi
+
+umask 022
+SHELL=/bin/sh
+
+#
+# Can't do much without these in place.
+#
+cd $command_directory || {
+	$FATAL no Postfix command directory $command_directory!
+	exit 1
+}
+cd $daemon_directory || {
+	$FATAL no Postfix daemon directory $daemon_directory!
+	exit 1
+}
+test -f master || {
+	$FATAL no Postfix master program $daemon_directory/master!
+	exit 1
+}
+cd $config_directory || {
+	$FATAL no Postfix configuration directory $config_directory!
+	exit 1
+}
+cd $queue_directory || {
+	$FATAL no Postfix queue directory $queue_directory!
+	exit 1
+}
+def_config_directory=`$command_directory/postconf -dh config_directory` || {
+	$FATAL cannot execute $command_directory/postconf!
+	exit 1
+}
+
+# If this is a secondary instance, don't touch shared files.
+
+instances=`test ! -f $def_config_directory/main.cf ||
+    $command_directory/postconf -c $def_config_directory \
+    -h multi_instance_directories | sed 's/,/ /'` || {
+	$FATAL cannot execute $command_directory/postconf!
+	exit 1
+}
+
+check_shared_files=1
+for name in $instances
+do
+    case "$name" in
+    "$def_config_directory") ;;
+    "$config_directory") check_shared_files=; break;;
+    esac
+done
+
+#
+# Parse JCL
+#
+case $1 in
+
+start_msg)
+
+	echo "Start postfix"
+	;;
+
+stop_msg)
+
+	echo "Stop postfix"
+	;;
+
+quick-start)
+
+	$daemon_directory/master -t 2>/dev/null || {
+		$FATAL the Postfix mail system is already running
+		exit 1
+	}
+	$daemon_directory/postfix-script quick-check || {
+		$FATAL Postfix integrity check failed!
+		exit 1
+	}
+	$INFO starting the Postfix mail system
+	$daemon_directory/master &
+	;;
+
+start)
+
+	$daemon_directory/master -t 2>/dev/null || {
+		$FATAL the Postfix mail system is already running
+		exit 1
+	}
+	if [ -f $queue_directory/quick-start ]
+	then
+		rm -f $queue_directory/quick-start
+	else
+		$daemon_directory/postfix-script check-fatal || {
+			$FATAL Postfix integrity check failed!
+			exit 1
+		}
+		# Foreground this so it can be stopped. All inodes are cached.
+		$daemon_directory/postfix-script check-warn
+	fi
+	$INFO starting the Postfix mail system
+	$daemon_directory/master &
+	;;
+
+drain)
+
+	$daemon_directory/master -t 2>/dev/null && {
+		$FATAL the Postfix mail system is not running
+		exit 1
+	}
+	$INFO stopping the Postfix mail system
+	kill -9 `sed 1q pid/master.pid`
+	;;
+
+quick-stop)
+
+	$daemon_directory/postfix-script stop
+	touch $queue_directory/quick-start
+	;;
+
+stop)
+
+	$daemon_directory/master -t 2>/dev/null && {
+		$FATAL the Postfix mail system is not running
+		exit 0
+	}
+	$INFO stopping the Postfix mail system
+	kill `sed 1q pid/master.pid`
+	for i in 5 4 3 2 1
+	do
+	    $daemon_directory/master -t && exit 0
+	    $INFO waiting for the Postfix mail system to terminate
+	    sleep 1
+	done
+	$WARN stopping the Postfix mail system with force
+	pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` && 
+		kill -9 -$pid
+	;;
+
+abort)
+
+	$daemon_directory/master -t 2>/dev/null && {
+		$FATAL the Postfix mail system is not running
+		exit 0
+	}
+	$INFO aborting the Postfix mail system
+	kill `sed 1q pid/master.pid`
+	;;
+
+reload)
+
+	$daemon_directory/master -t 2>/dev/null && {
+		$FATAL the Postfix mail system is not running
+		exit 1
+	}
+	$INFO refreshing the Postfix mail system
+	$command_directory/postsuper active || exit 1
+	kill -HUP `sed 1q pid/master.pid`
+	$command_directory/postsuper &
+	;;
+
+flush)
+
+	cd $queue_directory || {
+		$FATAL no Postfix queue directory $queue_directory!
+		exit 1
+	}
+	$command_directory/postqueue -f
+	;;
+
+check)
+
+	$daemon_directory/postfix-script check-fatal || exit 1
+	$daemon_directory/postfix-script check-warn
+	exit 0
+	;;
+
+status)
+
+	$daemon_directory/master -t 2>/dev/null && {
+		$INFO the Postfix mail system is not running
+		exit 1
+	}
+	$INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid`
+	exit 0
+	;;
+
+quick-check)
+	# This command is NOT part of the public interface.
+
+	$SHELL $daemon_directory/post-install create-missing || {
+		$WARN unable to create missing queue directories
+		exit 1
+	}
+
+	# Look for incomplete installations.
+
+	test -f $config_directory/master.cf || {
+		$FATAL no $config_directory/master.cf file found
+		exit 1
+	}
+	exit 0
+	;;
+
+check-fatal)
+	# This command is NOT part of the public interface.
+
+	$daemon_directory/postfix-script quick-check
+
+	# See if all queue files are in the right place. This is slow.
+	# We must scan all queues for mis-named queue files before the
+	# mail system can run.
+
+	$command_directory/postsuper || exit 1
+	exit 0
+	;;
+
+check-warn)
+	# This command is NOT part of the public interface.
+
+	todo="$config_directory $queue_directory $queue_directory/pid"
+	test -n "$check_shared_files" && todo="$daemon_directory $todo"
+
+	for dir in $todo
+	do
+		ls -lLd $dir | (grep " root " >/dev/null ||
+		    $WARN not owned by root: $dir)
+	done
+
+	# Some people break Postfix's security model.
+	ls -lLd $queue_directory | egrep '^.....(w|...w)' >/dev/null && \
+		$WARN group or other writable: $queue_directory
+
+	todo="$config_directory/*"
+	test -n "$check_shared_files" && todo="$daemon_directory/* $todo"
+
+	find $todo ! -user root \
+		-exec $WARN not owned by root: {} \;
+
+	todo="$config_directory/."
+	test -n "$check_shared_files" && todo="$daemon_directory/. $todo"
+
+	find $todo \
+		\( -perm -020 -o -perm -002 \) -type f \
+		-exec $WARN group or other writable: {} \;
+
+	find $data_directory/. ! -user $mail_owner \
+	    -exec $WARN not owned by $mail_owner: {} \;
+
+	ls -lLd $data_directory | egrep '^.....(w|...w)' >/dev/null && \
+		$WARN group or other writable: $data_directory
+
+	find `ls -d $queue_directory/* | \
+	    egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
+	    ! \( -type p -o -type s \) ! -user $mail_owner \
+		-exec $WARN not owned by $mail_owner: {} \;
+
+	todo="$queue_directory/public $queue_directory/maildrop"
+	test -n "$check_shared_files" && 
+	   todo="$command_directory/postqueue $command_directory/postdrop $todo"
+
+	find $todo \
+	    -prune ! -group $setgid_group \
+	    -exec $WARN not owned by group $setgid_group: {} \;
+
+	test -n "$check_shared_files" &&
+	find $command_directory/postqueue $command_directory/postdrop \
+	    -prune ! -perm -02111 \
+	    -exec $WARN not set-gid or not owner+group+world executable: {} \;
+
+	for name in `ls -d $queue_directory/* | \
+	    egrep '/(bin|etc|lib|usr)$'` ; \
+	do \
+	    find $name ! -user root \
+		-exec $WARN not owned by root: {} \; ; \
+	done
+
+	# WARNING: this should not descend into the maildrop directory.
+	# maildrop is the least trusted Postfix directory.
+
+	find $queue_directory/maildrop/. -prune ! -user $mail_owner \
+	    -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;
+
+	for dir in bin etc lib sbin usr
+	do
+		test -d $dir && find $dir -type f -print | while read path
+		do
+			test -f /$path && {
+			    cmp -s $path /$path || 
+				$WARN $queue_directory/$path and /$path differ
+			}
+		done
+	done
+
+	find corrupt -type f -exec $WARN damaged message: {} \;
+
+	# XXX also: look for weird stuff, weird permissions, etc.
+
+	test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \
+		-f /usr/lib/sendmail && {
+	    cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
+		$WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
+		$WARN Replace one by a symbolic link to the other
+	    }
+	}
+	exit 0
+	;;
+
+set-permissions|upgrade-configuration)
+	$daemon_directory/post-install create-missing "$@"
+	;;
+
+post-install)
+	# Currently not part of the public interface.
+	shift
+	$daemon_directory/post-install "$@"
+	;;
+
+/*)
+	# Currently not part of the public interface.
+	"$@"
+	;;
+
+*)
+	$ERROR "unknown command: '$1'"
+	$FATAL "usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration)"
+	exit 1
+	;;
+
+esac

roles/mail/templates/root-postfix.sql

@@ -0,0 +1,4 @@
+CREATE DATABASE postfix;
+GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}';
+GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}';
+FLUSH PRIVILEGES;

roles/mail/vars/main.yml

@@ -0,0 +1,63 @@
+firstpkg:
+  - pwgen
+
+packages:
+  - postfix
+  - postfix-mysql 
+  - libsasl2-modules 
+  - libsasl2-modules-sql
+#  - postfixadmin
+  - dovecot-common
+  - dovecot-imapd 
+  - dovecot-pop3d 
+  - dovecot-mysql 
+  - dovecot-lmtpd
+  - dovecot-core
+  - dovecot-dbg
+  - dovecot-gssapi
+  - postgrey
+  - dovecot-imapd
+  - dovecot-ldap
+  - dovecot-lmtpd
+  - dovecot-managesieved
+  - dovecot-pop3d
+  - dovecot-sieve
+  - dovecot-antispam
+  - sasl2-bin
+  - amavis
+  - spamassassin
+  - razor
+  - pyzor
+  - clamav-milter 
+  - clamav-unofficial-sigs 
+  - milter-greylist 
+  - spamass-milter
+  - mailutils
+  - amavisd-new
+  - spamassassin
+  - clamav
+  - clamav-daemon
+  - zoo
+  - unzip
+  - bzip2
+  - arj
+  - nomarch
+  - lzop
+  - cabextract
+  - apt-listchanges
+  - libnet-ldap-perl
+  - libauthen-sasl-perl
+  - clamav-docs
+  - daemon
+  - libio-string-perl
+  - libio-socket-ssl-perl
+  - libnet-ident-perl
+  - zip
+  - libnet-dns-perl
+  - p7zip
+  - unrar-free
+
+files:
+  - random
+
+# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab:

roles/mariadb/tasks/main.yml

@@ -0,0 +1,50 @@
+---
+- name: MySQL already installed ?
+  shell: dpkg -l|egrep "mysql|mariadb"|grep -iq serv
+  ignore_errors: true
+  register: mysql
+
+- name: update apt-cache
+  apt:  update_cache=yes
+- name: Install prerequisites packages
+  apt: pkg={{item}} state=installed install_recommends=no  update_cache=yes
+  with_items: 
+    - python-software-properties
+    - php5-cli 
+    - php5-mysql
+  when: mysql|failed
+
+- name: Add MariaDB repository Key
+  apt_key: keyserver=keyserver.ubuntu.com id=0xcbcb082a1bb943db state=present 
+  when: mysql|failed
+
+- name: Add Mariadb repository file
+  template: src=etc-apt-sources.list.d-mariadb.list dest=/etc/apt/sources.list.d/mariadb.list  
+  when: mysql|failed
+
+- name: Install Mariadb packages
+  apt: pkg={{item}} state=installed update_cache=yes
+  with_items:
+    - mariadb-server-{{ mariadb_version | default("10") }}
+    - python-mysqldb
+    - percona-toolkit
+  when: mysql|failed
+
+- name: Set root mysql password
+  mysql_user: name=root password={{ mysql_root_password | default("changeme") }}
+  when: mysql|failed
+
+- name: File .my.cnf for root
+  template: src={{item.src}} dest={{item.dest}}
+  with_items : 
+    - { src: root-.my.cnf , dest: /root/.my.cnf }
+  when: mysql|failed
+
+
+- name: Ensure 600 permissions on my.cnf
+  file: path=/root/.my.cnf mode=600
+  when: mysql|failed
+
+
+# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab:
+#

roles/mariadb/templates/etc-apt-sources.list.d-mariadb.list

@@ -0,0 +1,4 @@
+# MariaDB 10.0 repository list - created 2014-10-21 08:52 UTC
+# http://mariadb.org/mariadb/repositories/
+deb http://ftp.igh.cnrs.fr/pub/mariadb/repo/{{ mariadb_version }}/debian wheezy main
+deb-src http://ftp.igh.cnrs.fr/pub/mariadb/repo/{{ mariadb_version }}/debian wheezy main

roles/mariadb/templates/root-.my.cnf

@@ -0,0 +1,5 @@
+[client]
+host            = {{ mysql_host }} 
+user            = root
+password        = {{ mysql_root_password }}
+