initial upload

2025-10-10 11:07:34 +00:00
commit 6224cd01c6
161 changed files with 8964 additions and 0 deletions
--- a/roles/postfix/defaults/main.yml
+++ b/roles/postfix/defaults/main.yml
@@ -0,0 +1,165 @@
+postfix_mynetworks: []
+
+postfix_mydestination_local:
+  - "{{ ansible_hostname }}.maruntiel.net"
+  - "localhost"
+  - "localhost.{{ ansible_domain }}"
+
+postfix_mydestination_extra: []
+
+# main.cf settings
+postfix_settings:
+
+  compatibility_level: 2
+
+  myhostname: "{{ ansible_hostname }}.maruntiel.net"
+  myorigin: /etc/mailname
+
+  mydestination: "{{ postfix_mydestination_local + postfix_mydestination_extra }}"
+  mynetworks: "10.11.0.0/16 62.171.160.169/32  207.244.234.58/32 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ postfix_mynetworks | join(' ') }}"
+
+  relayhost: ""
+
+  alias_maps: hash:/etc/aliases
+  alias_database: hash:/etc/aliases
+  biff: no
+  mailbox_command:
+  home_mailbox: Maildir/
+  mailbox_size_limit: 0
+  recipient_delimiter: +
+  append_dot_mydomain: no
+  readme_directory: no
+  dovecot_destination_recipient_limit: 1
+
+  tls_random_source: dev:/dev/urandom
+
+  default_transport: smtp
+  relay_transport: smtp
+  relay_domains: ""
+
+  inet_protocols: ipv4
+  inet_interfaces: all
+
+  virtual_mailbox_domains:
+    - /etc/postfix/virtual_domains
+  virtual_mailbox_base:
+    - /var/mail/vhosts
+  virtual_mailbox_maps:
+    - hash:/etc/postfix/vmailbox
+  virtual_alias_maps:
+    - hash:/etc/postfix/virtual_alias
+  virtual_minimum_uid:
+    - 100
+  virtual_uid_maps:
+    - static:5000
+  virtual_gid_maps:
+    - static:5000
+  virtual_transport:
+    - virtual
+  virtual_alias_domains:
+    - maruntiel.net
+    - maruntiel.com
+    - stillmob.ro
+    - pedimedic.ro
+
+
+  # SMTP SETTINGS
+  smtp_use_tls: yes
+  smtp_tls_security_level: may
+  smtp_tls_note_starttls_offer: yes
+  smtp_tls_session_cache_database: "btree:${data_directory}/smtp_scache"
+
+  # SMTPD SETTINGS
+  smtpd_use_tls: yes
+  smtpd_tls_auth_only: no
+  smtpd_tls_security_level: may
+  smtpd_tls_loglevel: 1
+  smtpd_tls_received_header: yes
+  smtpd_tls_session_cache_timeout: 3600s
+  smtpd_tls_session_cache_database: "btree:${data_directory}/smtpd_scache"
+  smtpd_tls_cert_file: "/etc/letsencrypt/live/maruntiel.net/fullchain.pem"
+  smtpd_tls_key_file: "/etc/letsencrypt/live/maruntiel.net/privkey.pem"
+  smtpd_banner: "$myhostname ESMTP $mail_name"
+  smtpd_client_restrictions: 
+    - permit_mynetworks
+    - permit_sasl_authenticated
+    - reject_invalid_hostname
+    - reject_unknown_client
+    - reject_rbl_client sbl-xbl.spamhaus.org
+  smtpd_sender_restrictions: 
+    - permit_mynetworks
+    - reject_unknown_address
+    - reject_unknown_sender_domain
+    - reject_non_fqdn_sender
+  smtpd_recipient_limit: 250
+  smtpd_recipient_restrictions:
+    - reject_invalid_hostname
+    - reject_non_fqdn_sender
+    - reject_non_fqdn_recipient
+    - reject_unlisted_sender
+    - permit_mynetworks
+    - permit_sasl_authenticated
+    - reject_unauth_pipelining
+    - reject_unauth_destination
+    - check_policy_service unix:private/policyd-spf
+    - reject_non_fqdn_hostname
+    - reject_unknown_sender_domain
+    - reject_rbl_client bl.spamcop.net
+    - reject_rbl_client zen.spamhaus.org
+    - permit
+
+  smtpd_relay_restrictions:
+    - reject_invalid_hostname
+    - reject_non_fqdn_sender
+    - reject_non_fqdn_recipient
+    - reject_unlisted_sender
+    - permit_mynetworks
+    - permit_sasl_authenticated
+    - reject_unauth_pipelining
+    - reject_unauth_destination
+    - check_policy_service unix:private/policyd-spf
+    - reject_non_fqdn_hostname
+    - reject_unknown_sender_domain
+    - reject_rbl_client bl.spamcop.net
+    - reject_rbl_client zen.spamhaus.org
+    - permit
+
+  smtpd_client_connection_rate_limit: 10
+  smtpd_client_message_rate_limit: 10
+
+  # SASL
+  smtpd_sasl_auth_enable: yes
+  smtpd_sasl_type: dovecot
+  smtpd_sasl_path: private/auth
+  broken_sasl_auth_clients: yes
+  smtpd_sasl_local_domain: \$mydomain
+  smtpd_sasl_security_options: noanonymous
+
+  # Other
+  header_checks:
+    - regexp:/etc/postfix/header_checks
+
+  # DKIM
+  milter_default_action: accept
+  milter_protocol: 6
+  smtpd_milters: local:opendkim/opendkim.sock
+  non_smtpd_milters: $smtpd_milters
+
+  # SPF
+  policyd-spf_time_limit: 3600
+
+postfix_opendkim: "{{ postfix_dkim_domains|count > 0 }}"
+postfix_relay: no
+postfix_smtpd_public: yes
+postfix_firewall: "{{ firewall_enabled|default(true) }}"
+
+postfix_dkim_domains: []
+
+virtual_mailbox_domains: /etc/postfix/virtual_domains
+virtual_mailbox_base: /var/mail/vhosts
+virtual_mailbox_maps: hash:/etc/postfix/vmailbox
+virtual_alias_maps: hash:/etc/postfix/virtual_alias
+virtual_minimum_uid: 100
+virtual_uid_maps: static:5000
+virtual_gid_maps: static:5000
+virtual_transport: virtual