Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
1275d262
Commit
1275d262
authored
Feb 12, 2017
by
Florian Pritz
Browse files
postfix: Decouple smtpd and full mail server
Signed-off-by:
Florian Pritz
<
bluewind@xinu.at
>
parent
52288936
Changes
4
Hide whitespace changes
Inline
Side-by-side
playbooks/apollo.yml
View file @
1275d262
...
...
@@ -12,7 +12,7 @@
-
{
role
:
nginx
,
letsencrypt_validation_dir
:
"
/var/lib/letsencrypt"
,
tags
:
[
"
nginx"
]
}
-
{
role
:
planet
,
planet_domain
:
"
planet.archlinux.org"
,
planet_dir
:
"
/srv/http/planet"
,
tags
:
[
"
planet"
]
}
-
{
role
:
spampd
,
tags
:
[
"
mail"
,
"
spampd"
]
}
-
{
role
:
postfix
,
postfix_server
:
false
,
tags
:
[
"
mail"
,
"
postfix"
]
}
-
{
role
:
postfix
,
postfix_server
:
false
,
postfix_smtpd_public
:
false
,
tags
:
[
"
mail"
,
"
postfix"
]
}
-
{
role
:
opendkim
,
dkim_selector
:
apollo
,
tags
:
[
'
mail'
,
"
opendkim"
]
}
-
{
role
:
dovecot
,
tags
:
[
'
mail'
,
"
dovecot"
]
}
-
{
role
:
postfwd
,
tags
:
[
'
mail'
,
"
postfwd"
]
}
...
...
roles/postfix/defaults/main.yml
0 → 100644
View file @
1275d262
---
postfix_smtpd_public
:
false
postfix_server
:
false
roles/postfix/templates/main.cf.j2
View file @
1275d262
...
...
@@ -5,7 +5,7 @@ biff = no
append_dot_mydomain = no
{% if postfix_s
erver
%}
{% if postfix_s
mtpd_public
%}
smtpd_tls_cert_file = /etc/letsencrypt/live/{{inventory_hostname}}/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/{{inventory_hostname}}/privkey.pem
{% endif %}
...
...
@@ -74,7 +74,7 @@ non_smtpd_milters=unix:/var/spool/opendkim/opendkim
# custom restriction classes
policy_check =
# postfwd
{% if postfix_s
erver
%}
{% if postfix_s
mtpd_public
%}
check_policy_service inet:127.0.0.1:10040
{% endif %}
...
...
roles/postfix/templates/master.cf.j2
View file @
1275d262
...
...
@@ -9,11 +9,16 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
{% if postfix_s
erver
%}
{% if postfix_s
mtpd_public
%}
smtp inet n - n - - smtpd
-o smtpd_proxy_filter=[127.0.0.1]:10025
-o smtpd_client_connection_count_limit=20
-o smtpd_proxy_options=speed_adjust
{% else %}
localhost:smtp inet n - n - - smtpd
{% endif %}
{% if postfix_server %}
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
...
...
@@ -22,9 +27,8 @@ submission inet n - n - - smtpd
-o content_filter=smtp:[127.0.0.1]:10025
-o smtpd_client_connection_count_limit=10
#-o smtpd_milters=unix:/var/spool/opendkim/opendkim
{% else %}
localhost:smtp inet n - n - - smtpd
{% endif %}
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
...
...
@@ -80,7 +84,7 @@ lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
{% if postfix_s
erver
%}
{% if postfix_s
mtpd_public
%}
# After-filter SMTP server. Receive mail from the content filter
# on localhost port 10026.
#
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment