-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathmain.yml
More file actions
93 lines (88 loc) · 2.78 KB
/
main.yml
File metadata and controls
93 lines (88 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
---
dovecot_protocols:
- 'lmtp'
- 'imap'
dovecot_mail_privileged_group: 'mail'
dovecot_disable_plaintext_auth: 'yes'
dovecot_auth_mechanisms:
- 'plain'
- 'login'
dovecot_force_imaps: True
dovecot_force_pop3s: True
dovecot_ssl: 'required'
dovecot_listen:
- '*'
- '::'
postfix_dovecot_mysql_password_scheme: 'SHA512-CRYPT'
postfix_dovecot_mysql_host: '127.0.0.1'
postfix_dovecot_mysql_db_name: 'servermail'
postfix_dovecot_mysql_user: 'usermail'
dovecot_mysql_password_query: 'SELECT email as user, password FROM virtual_users WHERE email=''%u'';'
postfix_mysql_alias_query: 'SELECT destination FROM virtual_aliases WHERE source=''%s'';'
postfix_mysql_domains_query: 'SELECT 1 FROM virtual_domains WHERE name=''%s'';'
postfix_mysql_users_query: 'SELECT 1 FROM virtual_users WHERE email=''%s'';'
postfix_inet_protocols: 'all'
postfix_submission_smtpd_client_restrictions:
- 'permit_sasl_authenticated'
- 'reject'
postfix_smtpd_tls_auth_only: 'yes'
postfix_smtpd_recipient_restrictions:
- 'permit_sasl_authenticated'
- 'permit_mynetworks'
- 'check_policy_service unix:private/policyd-spf'
- 'check_policy_service inet:127.0.0.1:10023'
- 'check_client_access hash:/etc/postfix/rbl_override'
- 'reject_unauth_destination'
- 'reject_unknown_reverse_client_hostname'
- 'permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3]'
- 'permit_dnswl_client swl.spamhaus.org'
- 'reject_rhsbl_helo dbl.spamhaus.org'
- 'reject_rhsbl_reverse_client dbl.spamhaus.org'
- 'reject_rhsbl_sender dbl.spamhaus.org'
- 'reject_rbl_client zen.spamhaus.org'
postfix_smtpd_relay_restrictions:
- 'permit_mynetworks'
- 'permit_sasl_authenticated'
- 'defer_unauth_destination'
postfix_mynetworks:
- '127.0.0.0/8'
- '[::ffff:127.0.0.0]/104'
- '[::1]/128'
postfix_mydestination:
- 'localhost'
- "{{ ansible_fqdn }}"
postfix_smtp_tls_security_level: dane
postfix_smtp_dns_support_level: true #dnssec
postfix_smtpd_client_message_rate_limit: 100
postfix_smtpd_helo_restrictions:
- 'permit_mynetworks'
- 'permit_sasl_authenticated'
- 'check_helo_access hash:/etc/postfix/helo_access'
- 'reject_invalid_helo_hostname'
- 'reject_non_fqdn_helo_hostname'
- 'reject_unknown_helo_hostname'
postfix_smtpd_sender_restrictions:
- 'permit_mynetworks'
- 'permit_sasl_authenticated'
- 'reject_unknown_sender_domain'
- 'reject_unknown_reverse_client_hostname'
- 'reject_unknown_client_hostname'
vmail_virtual_domains:
- id: 1
domain: example.com
- id: 2
domain: hostname.example.com
vmail_virtual_users:
- id: 1
domain_id: 1
password: 'firstpassword'
email: 'email1@example.com'
- id: 2
domain_id: 1
password: 'secondpassword'
email: 'email2@example.com'
vmail_virtual_aliases:
- id: 1
domain_id: 1
source: 'alias@example.com'
destination: 'email1@example.com'