postfix: Decouple smtpd and full mail server

Signed-off-by: Florian Pritz <bluewind@xinu.at>

postfix: Decouple smtpd and full mail server
Signed-off-by: Florian Pritz <bluewind@xinu.at>
1275d262 · Florian Pritz · 52288936 · 1275d262 · 1275d262 · 1275d262
Commit 1275d262 authored Feb 12, 2017 by Florian Pritz
--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -12,7 +12,7 @@
    - { role: nginx, letsencrypt_validation_dir: "/var/lib/letsencrypt", tags: ["nginx"] }
    - { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
    - { role: spampd, tags: ["mail", "spampd"] }
-    - { role: postfix, postfix_server: false, tags: ["mail", "postfix"] }
+    - { role: postfix, postfix_server: false, postfix_smtpd_public: false, tags: ["mail", "postfix"] }
    - { role: opendkim, dkim_selector: apollo, tags: ['mail', "opendkim"] }
    - { role: dovecot, tags: ['mail', "dovecot"] }
    - { role: postfwd, tags: ['mail', "postfwd"] }

--- a/roles/postfix/defaults/main.yml
+++ b/roles/postfix/defaults/main.yml
+---
+
+postfix_smtpd_public: false
+postfix_server: false
--- a/roles/postfix/templates/main.cf.j2
+++ b/roles/postfix/templates/main.cf.j2
@@ -5,7 +5,7 @@ biff = no

 append_dot_mydomain = no

-{% if postfix_server %}
+{% if postfix_smtpd_public %}
 smtpd_tls_cert_file = /etc/letsencrypt/live/{{inventory_hostname}}/fullchain.pem
 smtpd_tls_key_file = /etc/letsencrypt/live/{{inventory_hostname}}/privkey.pem
 {% endif %}
@@ -74,7 +74,7 @@ non_smtpd_milters=unix:/var/spool/opendkim/opendkim
 # custom restriction classes
 policy_check =
 # postfwd
-{% if postfix_server %}
+{% if postfix_smtpd_public %}
  check_policy_service inet:127.0.0.1:10040
 {% endif %}


--- a/roles/postfix/templates/master.cf.j2
+++ b/roles/postfix/templates/master.cf.j2
@@ -9,11 +9,16 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
-{% if postfix_server %}
+{% if postfix_smtpd_public %}
 smtp      inet  n       -       n       -       -       smtpd
    -o smtpd_proxy_filter=[127.0.0.1]:10025
    -o smtpd_client_connection_count_limit=20
    -o smtpd_proxy_options=speed_adjust
+{% else %}
+localhost:smtp      inet  n       -       n       -       -       smtpd
+{% endif %}
+
+{% if postfix_server %}
 submission inet n       -       n       -       -       smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
@@ -22,9 +27,8 @@ submission inet n       -       n       -       -       smtpd
    -o content_filter=smtp:[127.0.0.1]:10025
    -o smtpd_client_connection_count_limit=10
    #-o smtpd_milters=unix:/var/spool/opendkim/opendkim
-{% else %}
-localhost:smtp      inet  n       -       n       -       -       smtpd
 {% endif %}
+
 #smtp      inet  n       -       n       -       1       postscreen
 #smtpd     pass  -       -       n       -       -       smtpd
 #dnsblog   unix  -       -       n       -       0       dnsblog
@@ -80,7 +84,7 @@ lmtp      unix  -       -       n       -       -       lmtp
 anvil     unix  -       -       n       -       1       anvil
 scache    unix  -       -       n       -       1       scache

-{% if postfix_server %}
+{% if postfix_smtpd_public %}
 # After-filter SMTP server. Receive mail from the content filter
 # on localhost port 10026.
 #