From 2304dc5caa737c82faf8edda4c7ff98c3c71e0c4 Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Fri, 9 Jul 2021 22:29:11 +0200
Subject: [PATCH] Split the postfix role into a role for mail.a.o and the
clients
The role for the clients is named postfix_null (per [1]) and it's much
simpler and cleaner than the postfix role. I hope can cleanup the
postfix role at a later date.
[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
---
docs/email.md | 4 +-
playbooks/archlinux.org.yml | 2 +-
playbooks/aur-dev.archlinux.org.yml | 2 +-
playbooks/aur.archlinux.org.yml | 2 +-
playbooks/bbs.archlinux.org.yml | 2 +-
playbooks/bugs.archlinux.org.yml | 2 +-
playbooks/gemini.archlinux.org.yml | 2 +-
playbooks/mail.archlinux.org.yml | 2 +-
playbooks/matrix.archlinux.org.yml | 3 +-
playbooks/security.archlinux.org.yml | 2 +-
playbooks/wiki.archlinux.org.yml | 2 +-
roles/postfix/defaults/main.yml | 4 --
roles/postfix/handlers/main.yml | 3 --
roles/postfix/tasks/main.yml | 39 +------------------
roles/postfix/templates/main.cf.j2 | 35 -----------------
roles/postfix/templates/master.cf.j2 | 9 -----
roles/postfix/templates/transport.j2 | 2 -
roles/postfix/templates/transport.pcre.j2 | 2 -
roles/postfix_null/defaults/main.yml | 2 +
roles/postfix_null/handlers/main.yml | 3 ++
roles/{postfix => postfix_null}/meta/main.yml | 0
roles/postfix_null/tasks/main.yml | 26 +++++++++++++
roles/postfix_null/templates/main.cf.j2 | 19 +++++++++
.../templates/relay_passwords.j2 | 0
24 files changed, 64 insertions(+), 105 deletions(-)
create mode 100644 roles/postfix_null/defaults/main.yml
create mode 100644 roles/postfix_null/handlers/main.yml
rename roles/{postfix => postfix_null}/meta/main.yml (100%)
create mode 100644 roles/postfix_null/tasks/main.yml
create mode 100644 roles/postfix_null/templates/main.cf.j2
rename roles/{postfix => postfix_null}/templates/relay_passwords.j2 (100%)
diff --git a/docs/email.md b/docs/email.md
index 2a1345d5d..0333ae0ce 100644
--- a/docs/email.md
+++ b/docs/email.md
@@ -31,14 +31,14 @@ to the server. This gives us several benefits:
When a new host is provisioned:
-- The *postfix* role has a task delegated to 'mail.archlinux.org' to create a local user
+- The *postfix_null* role has a task delegated to 'mail.archlinux.org' to create a local user
on 'mail.archlinux.org' that is used for the new server to authenticate against. The user
name is the shortname of the new servers hostname (ie, "foobar.archlinux.org"
will authenticate with the username "foobar")
- You will need to run the *postfwd* role against mail.archlinux.org to update the
rate-limiting it performs (servers are given higher rate-limits than normal
users - see `/etc/postfwd/postfwd.cf` for exact limits). This *should*
- happen automatically as the *postfwd* role is a dependency of the *postfix*
+ happen automatically as the *postfwd* role is a dependency of the *postfix_null*
role (using `delegate_to` to run it against 'mail.archlinux.org' regardless of the target
host that the postfix role is being run on)
diff --git a/playbooks/archlinux.org.yml b/playbooks/archlinux.org.yml
index 95520c51a..6302c0c47 100644
--- a/playbooks/archlinux.org.yml
+++ b/playbooks/archlinux.org.yml
@@ -27,7 +27,7 @@
- { role: borg_client, tags: ["borg"] }
- { role: certbot }
- { role: nginx }
- - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+ - { role: postfix_null }
- role: postgres
postgres_listen_addresses: "*"
postgres_ssl: 'on'
diff --git a/playbooks/aur-dev.archlinux.org.yml b/playbooks/aur-dev.archlinux.org.yml
index 92b106adc..b8ce7befc 100644
--- a/playbooks/aur-dev.archlinux.org.yml
+++ b/playbooks/aur-dev.archlinux.org.yml
@@ -16,7 +16,7 @@
- { role: memcached }
- { role: uwsgi }
- { role: borg_client, tags: ["borg"] }
- - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+ - { role: postfix_null }
- { role: fail2ban }
- { role: aurweb, aurweb_domain: 'aur-dev.archlinux.org', aurweb_version: 'pu' }
- { role: prometheus_exporters }
diff --git a/playbooks/aur.archlinux.org.yml b/playbooks/aur.archlinux.org.yml
index 528e95d0b..bcac51249 100644
--- a/playbooks/aur.archlinux.org.yml
+++ b/playbooks/aur.archlinux.org.yml
@@ -18,7 +18,7 @@
- { role: memcached }
- { role: uwsgi }
- { role: borg_client, tags: ["borg"] }
- - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+ - { role: postfix_null }
- { role: fail2ban }
- { role: aurweb }
- { role: wireguard }
diff --git a/playbooks/bbs.archlinux.org.yml b/playbooks/bbs.archlinux.org.yml
index f2d22821f..a33071752 100644
--- a/playbooks/bbs.archlinux.org.yml
+++ b/playbooks/bbs.archlinux.org.yml
@@ -15,7 +15,7 @@
- { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
- { role: fluxbb }
- { role: borg_client, tags: ["borg"] }
- - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+ - { role: postfix_null }
- { role: fail2ban }
- { role: prometheus_exporters }
- { role: promtail }
diff --git a/playbooks/bugs.archlinux.org.yml b/playbooks/bugs.archlinux.org.yml
index ad359f9cb..fc82b29b7 100644
--- a/playbooks/bugs.archlinux.org.yml
+++ b/playbooks/bugs.archlinux.org.yml
@@ -15,7 +15,7 @@
- { role: php7_fpm, php_extensions: ['mysqli'], zend_extensions: ['opcache'] }
- { role: flyspray }
- { role: borg_client, tags: ["borg"] }
- - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+ - { role: postfix_null }
- { role: fail2ban }
- { role: prometheus_exporters }
- { role: promtail }
diff --git a/playbooks/gemini.archlinux.org.yml b/playbooks/gemini.archlinux.org.yml
index 51e9574dc..13a94511b 100644
--- a/playbooks/gemini.archlinux.org.yml
+++ b/playbooks/gemini.archlinux.org.yml
@@ -24,7 +24,7 @@
- { role: sources, sources_domain: "sources.archlinux.org", sources_dir: "/srv/sources" }
- { role: archive }
- { role: archive_web }
- - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+ - { role: postfix_null }
- { role: fail2ban }
- { role: prometheus_exporters }
- { role: promtail }
diff --git a/playbooks/mail.archlinux.org.yml b/playbooks/mail.archlinux.org.yml
index ee4dbc35f..36cad509c 100644
--- a/playbooks/mail.archlinux.org.yml
+++ b/playbooks/mail.archlinux.org.yml
@@ -10,7 +10,7 @@
- { role: certbot }
- { role: nginx }
- { role: mta_sts }
- - { role: postfix, postfix_server: true, postfix_smtpd_public: true, tags: ['mail'] }
+ - { role: postfix, tags: ['mail'] }
- { role: dovecot }
- { role: rspamd, rspamd_dkim_domain: archlinux.org, tags: ["mail"] }
- { role: unbound, unbound_port: 5353, tags: ["mail"] }
diff --git a/playbooks/matrix.archlinux.org.yml b/playbooks/matrix.archlinux.org.yml
index 84cf39189..3c92d9e01 100644
--- a/playbooks/matrix.archlinux.org.yml
+++ b/playbooks/matrix.archlinux.org.yml
@@ -19,8 +19,7 @@
postgres_maintenance_work_mem: 256MB
postgres_effective_cache_size: 4GB
postgres_jit: 'off'
- - role: postfix
- postfix_relayhost: "mail.archlinux.org"
+ - { role: postfix_null }
- { role: matrix }
- { role: fail2ban }
- { role: prometheus_exporters }
diff --git a/playbooks/security.archlinux.org.yml b/playbooks/security.archlinux.org.yml
index 3a7619d7a..39821cef4 100644
--- a/playbooks/security.archlinux.org.yml
+++ b/playbooks/security.archlinux.org.yml
@@ -11,7 +11,7 @@
- { role: borg_client, tags: ["borg"] }
- { role: certbot }
- { role: nginx }
- - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+ - { role: postfix_null }
- { role: sudo }
- { role: uwsgi }
- role: security_tracker
diff --git a/playbooks/wiki.archlinux.org.yml b/playbooks/wiki.archlinux.org.yml
index 4f062147c..00ac565e9 100644
--- a/playbooks/wiki.archlinux.org.yml
+++ b/playbooks/wiki.archlinux.org.yml
@@ -13,7 +13,7 @@
- { role: borg_client, tags: ["borg"] }
- { role: certbot }
- { role: nginx }
- - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+ - { role: postfix_null }
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
- { role: sudo }
- { role: php7_fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'sockets', 'zip'], zend_extensions: ['opcache'] }
diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml
index c77f03f7c..113f46240 100644
--- a/roles/postfix/defaults/main.yml
+++ b/roles/postfix/defaults/main.yml
@@ -1,15 +1,11 @@
---
-postfix_smtpd_public: false
-postfix_server: false
postfix_patchwork_enabled: false
postfix_patchwork_user: "patchwork"
postfix_patchwork_mail_handler: "/usr/local/bin/patchwork-parsemail-wrapper.sh"
mail_domain: "mail.archlinux.org"
-postfix_relayhost: ""
-
postfix_wiki_bounce_mail_handler: "/usr/local/bin/wiki-bouncehandler.pl"
postfix_wiki_bounce_user: "wiki_bouncehandler"
postfix_wiki_bounce_config: "/etc/wiki-bouncehandler.conf"
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
index ea8be353a..1a5c81e07 100644
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@@ -23,6 +23,3 @@
- name: update aliases db
command: postalias /etc/postfix/aliases
-
-- name: postmap relay_passwords
- command: postmap /etc/postfix/relay_passwords
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 22caa5133..19477610c 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -43,26 +43,21 @@
name: certificate
vars:
domains: ["{{ mail_domain }}"]
- when: postfix_smtpd_public
- name: install postfix cert renewal hook
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
- when: postfix_smtpd_public
- name: install bouncehandler config
template: src=wiki-bouncehandler.conf.j2 dest={{ postfix_wiki_bounce_config }} owner={{ postfix_wiki_bounce_user }} group=root mode=0600
- when: postfix_server
- name: install packages for bounce handler
pacman: name=perl-mediawiki-api,perl-config-simple state=present
- when: postfix_server
- name: install bouncehandler script
copy: src=bouncehandler.pl dest={{ postfix_wiki_bounce_mail_handler }} owner=root group=root mode=0755
- when: postfix_server
- name: make bouncehandler user
- user: name={{ postfix_wiki_bounce_user }} shell=/bin/false skeleton=/var/empty state={{ "present" if postfix_server else "absent" }}
+ user: name={{ postfix_wiki_bounce_user }} shell=/bin/false skeleton=/var/empty state=present
- name: start and enable postfix
service: name=postfix enabled=yes state=started
@@ -73,41 +68,11 @@
- compat_maps
- compat_maps.db
-- name: install extra packages for relaying via smarthost
- when: postfix_relayhost | length > 0
- package:
- name: cyrus-sasl
- state: present
-
-- name: install relay_passwords file
- when: postfix_relayhost | length > 0
- template:
- src: relay_passwords.j2
- dest: /etc/postfix/relay_passwords
- mode: 0640
- owner: root
- group: postfix
- notify:
- - postmap relay_passwords
-
-- name: create user account on mail to relay with
- delegate_to: mail.archlinux.org
- when: postfix_relayhost | length > 0
- user:
- name: "{{ inventory_hostname_short }}"
- comment: "SMTP Relay Account for {{ inventory_hostname }}"
- group: nobody
- password: "{{ postfix_relay_password | password_hash('sha512') }}"
- shell: /sbin/nologin
- update_password: always
- home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
- create_home: true
-
- name: open firewall holes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- smtp
- smtps
- when: postfix_smtpd_public and configure_firewall
+ when: configure_firewall
tags:
- firewall
diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2
index 3a0ed0876..d2c8386b2 100644
--- a/roles/postfix/templates/main.cf.j2
+++ b/roles/postfix/templates/main.cf.j2
@@ -11,13 +11,8 @@ smtputf8_enable = no
append_dot_mydomain = no
-{% if postfix_smtpd_public %}
smtpd_tls_cert_file = /etc/letsencrypt/live/{{mail_domain}}/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/{{mail_domain}}/privkey.pem
-{% else %}
-smtpd_tls_cert_file = /etc/letsencrypt/live/{{inventory_hostname}}/fullchain.pem
-smtpd_tls_key_file = /etc/letsencrypt/live/{{inventory_hostname}}/privkey.pem
-{% endif %}
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_eecdh_grade = ultra
@@ -34,11 +29,7 @@ smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHAA
smtp_tls_loglevel = 1
-{% if postfix_relayhost %}
-smtp_tls_security_level = encrypt
-{% else %}
smtp_tls_security_level = may
-{% endif %}
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
@@ -51,11 +42,7 @@ daemon_directory = /usr/lib/postfix/bin
mydomain = {{inventory_hostname}}
myhostname = {{inventory_hostname}}
myorigin = archlinux.org
-{% if postfix_server %}
mydestination = archlinux.org
-{% else %}
-mydestination =
-{% endif %}
default_database_type=btree
indexed = ${default_database_type}:${config_directory}
@@ -82,7 +69,6 @@ smtp_connection_cache_on_demand = yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-{% if postfix_smtpd_public %}
# custom restriction classes
policy_check =
# postfwd (rate-limiting)
@@ -121,7 +107,6 @@ smtpd_recipient_restrictions =
# some rate limiting rules only work after data so check it again
smtpd_end_of_data_restrictions =
$policy_check
-{% endif %}
address_verify_map = ${default_database_type}:/var/lib/postfix/verify_cache
@@ -132,19 +117,6 @@ unknown_address_reject_code = 550
smtpd_reject_footer = For assistance contact <postmaster@archlinux.org>. Please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name).
-{% if postfix_relayhost %}
-# relay all outbound mail via {{postfix_relayhost}}
-# the square brackets prevents postfix from trying to lookup mx records
-relayhost = [{{postfix_relayhost}}]:465
-smtp_tls_wrappermode = yes
-smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = ${indexed}/relay_passwords
-# allow plaintext authentication only over tls secured connections
-smtp_sasl_security_options = noanonymous, noplaintext
-smtp_sasl_tls_security_options = noanonymous
-{% endif %}
-
-{% if postfix_server %}
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
@@ -168,13 +140,10 @@ non_smtpd_milters=inet:localhost:11332
# Pass internal mails through filters so they get signed by opendkim
# XXX: Be careful not to have filters that may reject mails!
internal_mail_filter_classes = bounce
-{% endif %}
-{% if postfix_server %}
smtpd_sender_login_maps =
${indexed}/smtp_sender_map,
${indexed}/users
-{% endif %}
smtpd_helo_required = yes
smtpd_client_connection_rate_limit = 400
@@ -185,7 +154,6 @@ alias_maps = ${indexed}/aliases
alias_database = ${indexed}/aliases
-{% if postfix_server %}
virtual_alias_maps =
${indexed}/users
pcre:${config_directory}/users.pcre
@@ -197,7 +165,6 @@ local_recipient_maps =
$alias_maps
pcre:${config_directory}/transport.pcre
relocated_maps = ${indexed}/relocated
-{% endif %}
relay_domains =
{%if postfix_patchwork_enabled %}
@@ -212,9 +179,7 @@ transport_maps =
patchwork_destination_recipient_limit = 1
{% endif %}
-{% if postfix_server %}
wiki_bouncehandler_destination_recipient_limit = 1
-{% endif %}
authorized_mailq_users = root
diff --git a/roles/postfix/templates/master.cf.j2 b/roles/postfix/templates/master.cf.j2
index b60742895..f0a01d44d 100644
--- a/roles/postfix/templates/master.cf.j2
+++ b/roles/postfix/templates/master.cf.j2
@@ -12,16 +12,10 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
-{% if postfix_smtpd_public %}
smtp inet n - n - - smtpd
-o smtpd_client_connection_count_limit=20
-o smtpd_proxy_options=speed_adjust
-{% else %}
-localhost:smtp inet n - n - - smtpd
- -o smtpd_tls_security_level=none
-{% endif %}
-{% if postfix_server %}
msa_cleanup unix n - n - 0 cleanup
-o header_checks=pcre:/etc/postfix/msa_header_checks
submissions inet n - n - - smtpd
@@ -32,7 +26,6 @@ submissions inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_client_connection_count_limit=10
-{% endif %}
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
@@ -94,7 +87,5 @@ patchwork unix - n n - - pipe
flags=DFRX user={{postfix_patchwork_user}} argv={{postfix_patchwork_mail_handler}}
{% endif %}
-{% if postfix_server %}
wiki_bouncehandler unix - n n - - pipe
flags=DFRX user={{postfix_wiki_bounce_user}} argv=/usr/bin/systemd-cat {{postfix_wiki_bounce_mail_handler}} {{postfix_wiki_bounce_config}}
-{% endif %}
diff --git a/roles/postfix/templates/transport.j2 b/roles/postfix/templates/transport.j2
index def1ec60e..8d483786e 100644
--- a/roles/postfix/templates/transport.j2
+++ b/roles/postfix/templates/transport.j2
@@ -3,9 +3,7 @@
#
#lists.archlinux.org mailman:
-{% if not postfix_relayhost %}
gmail.com smtp-ipv4:
-{% endif %}
{% if postfix_patchwork_enabled %}
patchwork@archlinux.org patchwork:
{% endif %}
diff --git a/roles/postfix/templates/transport.pcre.j2 b/roles/postfix/templates/transport.pcre.j2
index 5a6032a03..76be66a66 100644
--- a/roles/postfix/templates/transport.pcre.j2
+++ b/roles/postfix/templates/transport.pcre.j2
@@ -1,6 +1,4 @@
#
# {{ansible_managed}}
#
-{% if postfix_server %}
/wikibounce-[\w.]+-\w+-\w+-\w...............@archlinux.org/ wiki_bouncehandler:
-{% endif %}
diff --git a/roles/postfix_null/defaults/main.yml b/roles/postfix_null/defaults/main.yml
new file mode 100644
index 000000000..936bcb766
--- /dev/null
+++ b/roles/postfix_null/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+postfix_relayhost: "mail.archlinux.org"
diff --git a/roles/postfix_null/handlers/main.yml b/roles/postfix_null/handlers/main.yml
new file mode 100644
index 000000000..b247a9f83
--- /dev/null
+++ b/roles/postfix_null/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: reload postfix
+ service: name=postfix state=reloaded
diff --git a/roles/postfix/meta/main.yml b/roles/postfix_null/meta/main.yml
similarity index 100%
rename from roles/postfix/meta/main.yml
rename to roles/postfix_null/meta/main.yml
diff --git a/roles/postfix_null/tasks/main.yml b/roles/postfix_null/tasks/main.yml
new file mode 100644
index 000000000..2cfd7f2c6
--- /dev/null
+++ b/roles/postfix_null/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: install postfix
+ pacman: name=postfix state=present
+
+- name: install template configs
+ template: src={{ item.file }}.j2 dest=/etc/postfix/{{ item.file }} owner=root group={{ item.group }} mode={{ item.mode }}
+ with_items:
+ - {file: main.cf, group: root, mode: 644}
+ - {file: relay_passwords, group: postfix, mode: 640}
+ notify:
+ - reload postfix
+
+- name: create user account on mail to relay with
+ delegate_to: mail.archlinux.org
+ user:
+ name: "{{ inventory_hostname_short }}"
+ comment: "SMTP Relay Account for {{ inventory_hostname }}"
+ group: nobody
+ password: "{{ postfix_relay_password | password_hash('sha512') }}"
+ shell: /sbin/nologin
+ update_password: always
+ home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
+ create_home: true
+
+- name: start and enable postfix
+ service: name=postfix enabled=yes state=started
diff --git a/roles/postfix_null/templates/main.cf.j2 b/roles/postfix_null/templates/main.cf.j2
new file mode 100644
index 000000000..f5ddfdfe2
--- /dev/null
+++ b/roles/postfix_null/templates/main.cf.j2
@@ -0,0 +1,19 @@
+#
+# {{ansible_managed}}
+#
+compatibility_level = 3.6
+
+mydestination =
+inet_interfaces = loopback-only
+# relay all outbound mail via {{ postfix_relayhost }}
+# the square brackets prevents postfix from trying to lookup mx records
+relayhost = [{{ postfix_relayhost }}]:465
+smtp_tls_wrappermode = yes
+smtp_tls_security_level = verify
+smtp_sasl_auth_enable = yes
+smtp_sasl_tls_security_options = noanonymous
+smtp_sasl_password_maps = texthash:/etc/postfix/relay_passwords
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+alias_maps = inline:{root=root@archlinux.org}
+alias_database = $alias_maps
diff --git a/roles/postfix/templates/relay_passwords.j2 b/roles/postfix_null/templates/relay_passwords.j2
similarity index 100%
rename from roles/postfix/templates/relay_passwords.j2
rename to roles/postfix_null/templates/relay_passwords.j2
--
GitLab