Add postfix

sdarwin · sdarwin · commit 29bcd5a33078 · 2023-07-25T21:11:30.000Z
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -354,6 +354,7 @@ mailman3_distribute_maps_virtualenv_dir: "{{ mailman3_core_var_dir }}/distribute
 
 # Base set of Python packages
 __mailman3_pip_packages:
+  - importlib-resources==5.13.0
   - mailman
   - mailman-web
   - mailman-hyperkitty  # ??
@@ -433,3 +434,6 @@ mailman3_install_nginx: true
 # Override this will a value similar to mailman3_web_url. Used in /etc/mailman3/hyperkitty.cfg:
 mailman3_hyperkitty_server_url: "http://localhost"
 mailman3_nginx_ssl_certs: "include snippets/snakeoil.conf;"
+mailman3_mta: postfix
+mailman3_relayhost: smtp.mailgun.org:587
+mailman3_sasl_passwd: smtp.mailgun.org postmaster@example.com:12345
diff --git a/docs/README.md b/docs/README.md
@@ -45,7 +45,7 @@ mailman3_django_superusers:
 mailman3_archiver_key: ___
 mailman3_hyperkitty_server_url: 'https://mailman-staging.boost.cpp.al'
 
-# Manually set this in /etc/postfix/main.cf. Ansible is not doing that.
+# Manually set this in /etc/postfix/main.cf. Now that ansible is installing main.cf, it should already be present.
 # transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp
 # local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp
 # relay_domains = hash:/var/lib/mailman3/data/postfix_domains
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -33,3 +33,14 @@
   ansible.builtin.service:
     name: nginx
     state: restarted
+
+- name: Generate sasl_passwd.db
+  ansible.builtin.command:
+    cmd: postmap sasl_password
+    chdir: /etc/postfix/sasl
+  changed_when: always
+
+- name: Restart postfix
+  ansible.builtin.service:
+    name: postfix
+    state: restarted
diff --git a/tasks/config.yml b/tasks/config.yml
@@ -47,12 +47,12 @@
   ansible.builtin.cron:
     name: "mailman digests"
     special_time: daily
-    job: "{{ mailman3_install_dir}}/bin/mailman digests --periodic"
+    job: "{{ mailman3_install_dir }}/bin/mailman digests --periodic"
     user: "{{ __mailman3_core_user_name }}"
 
 - name: Install notify cron task
   ansible.builtin.cron:
     name: "mailman notify"
     special_time: daily
-    job: "{{ mailman3_install_dir}}/bin/mailman notify"
+    job: "{{ mailman3_install_dir }}/bin/mailman notify"
     user: "{{ __mailman3_core_user_name }}"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -6,6 +6,10 @@
   vars:
     _mailman3_user: "{{ mailman3_core_user }}"
 
+- name: Install postfix
+  ansible.builtin.include_tasks: postfix.yml
+  when: mailman3_mta == "postfix"
+
 - name: Include web user creation tasks
   ansible.builtin.include_tasks: user.yml
   when: mailman3_create_web_user
diff --git a/tasks/postfix.yml b/tasks/postfix.yml
@@ -0,0 +1,32 @@
+---
+- name: Install postfix
+  ansible.builtin.package:
+    name:
+      - postfix
+      - mailutils
+
+- name: Install main.cf
+  ansible.builtin.template:
+    src: postfix_main.cf.j2
+    dest: /etc/postfix/main.cf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart postfix
+
+- name: Create sasl directory
+  ansible.builtin.file:
+    path: /etc/postfix/sasl
+    state: directory
+    mode: '0755'
+    owner: root
+    group: root
+
+- name: Create sasl_passwd file
+  ansible.builtin.template:
+    src: sasl_passwd.j2
+    dest: /etc/postfix/sasl/sasl_passwd
+    owner: root
+    group: root
+    mode: '0600'
+  notify: Generate sasl_passwd.db
diff --git a/templates/postfix_main.cf.j2 b/templates/postfix_main.cf.j2
@@ -0,0 +1,59 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
+# fresh installs.
+compatibility_level = 3.6
+
+
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_security_level=may
+
+smtp_tls_CApath=/etc/ssl/certs
+smtp_tls_security_level=may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = {{ inventory_hostname }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = $myhostname, localhost
+relayhost = {{ mailman3_relayhost }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
+smtp_sasl_security_options = noanonymous
+#smtp_sasl_tls_security_options = noanonymous
+smtp_sasl_mechanism_filter = AUTH LOGIN
+permit_sasl_authenticated = defer_unauth_destinations
+
+transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp
+local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp
+relay_domains = hash:/var/lib/mailman3/data/postfix_domains
diff --git a/templates/sasl_passwd.j2 b/templates/sasl_passwd.j2
@@ -0,0 +1 @@
+{{ mailman3_sasl_passwd }}
