-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
102 lines (82 loc) · 3.22 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
### Default values for postfix role
# Main variables for postfix role
postfix_myhostname: "{{ inventory_hostname }}"
postfix_mynetworks: "127.0.0.0/8"
# for which domains we accept mails
postfix_mydestination:
- domain.org
postfix_rbl_lists:
- zen.spamhaus.org
- ix.dnsbl.manitu.net
- bl.spamcop.net
# Should we open tcp/25 in firewall
postfix_public: True
# Do we want to masquerade
postfix_masquerade_domains: domain.org
# other domains for which we can receive mail through virtusertable
postfix_virtuser_support: False
postfix_virtual_alias_domains: otherdomain.org
# Local aliases
# multiple recipients have to be separated by ','
postfix_aliases:
- name: root
# Enabling STARTTLS for postfix
# If set to True, be sure to point to a cert/key/ca
# And so file the tls variables to point to those files
postfix_tls_enable: False
# Based on cn, we expect to find .crt .key and -CAChain.crt files in pkistore
postfix_tls_cn: "{{ inventory_hostname }}"
# If we're used to only relay to somewhere else, we can filter here
postfix_filter_recipients: False
postfix_filter_recipient_list: [ ]
# Specific map for where to send mails (like internal without MX)
postfix_relay_domains:
- name: internal.domain.corp
smtp_host: 192.168.1.1
# Postfix access tables : ok or reject actions
postfix_access_whitelist:
- 127.0.0.1
postfix_access_reject:
# We can also define an ansible host group that will be parsed to be added in postfix access (and so relay through us)
# postfix_access_groups:
# - mygroup
# Which addresses do we want to skip/whitelist for SPF
postfix_spf_whitelist:
- ::1
- 127.0.0.1
# to speed-up dns queries, we can include local unbound resolver
# if so don't forget to modify os resolvers then
# Default to False
postfix_local_dns_cache: False
# For virtusertable we can query FAS
# if True, it needs user/pass/url and group to query from FAS
postfix_fas_aliases: False
postfix_fas_url: https://accounts.centos.org
postfix_fas_user:
postfix_fas_pass:
postfix_fas_group:
# Added for new fasjson API endpoint (querying IPA through kerberos).
# Replacing FAS option (legacy).
# Worth noting that it would require a service keytab, distributed by this role
# Keytab will be computed based on {{ postfix_myhostname }} variable and then distributed
# Don't forget to set `postfix_virtuser_support: True` and the postfix_virtual_alias_domain (see above)
postfix_fasjson_aliases: False
postfix_fasjson_url: https://fasjson.stg.fedoraproject.org
postfix_fasjson_keytab: # local keytab used to auth, distributed by this role
postfix_fasjson_group: # group to query fasjson for
# Additional groups (not prefixed with sig- ) to create aliases for (with members)
postfix_fasjson_other_groups:
- accounts
# Are we used to host mailman2 lists ?
# If set to True, it will import from variables/mailman role the
# mailman_lists list to be included in aliases
postfix_mailman: False
# Are we hosting also mailman3 ?
# If set to true, enabling lmtp to deliver to mailman-core
postfix_mailman3_host: False
# Usually used also for only included tasks on other nodes to relay
# If we want to relay outgoing mails to specific host
postfix_relay_to: False
postfix_relay_to_hostname: relay.big.corp