-
Notifications
You must be signed in to change notification settings - Fork 1
/
se-postfix-host.yml
148 lines (124 loc) · 3.99 KB
/
se-postfix-host.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
- name: Set postfix with OpenDKIM
remote_user: ulsprovision
hosts: SE_Rocky8_posthost
become: yes
tasks:
- name: install opendkim and postfix
yum:
name:
- opendkim
- postfix
state: latest
- name: set domain
lineinfile:
path: /etc/opendkim.conf
line: "Domain scholarlyexchange.org"
insertafter: "# Domain example.com"
- name: set subdomains
lineinfile:
path: /etc/opendkim.conf
line: "SubDomains yes"
insertafter: "Domain scholarlyexchange.org"
- name: set signing mode
lineinfile:
path: /etc/opendkim.conf
line: "Mode sv"
search_string: "Mode v"
- name: set socket
lineinfile:
path: /etc/opendkim.conf
line: "Socket inet:8891@localhost"
search_string: "Socket local:/run/opendkim/opendkim.sock"
- name: copy key
copy:
src: hostvars/scholarlyexchange.org.dkim.key
dest: /etc/opendkim/keys/default._domainkey.private
mode: u=rw,g=rw,o=
owner: opendkim
group: opendkim
- name: set key
lineinfile:
path: /etc/opendkim.conf
line: "Keyfile /etc/opendkim/keys/default._domainkey.private"
search_string: "Keyfile /etc/opendkim/keys/default.private"
- name: set sender headers
lineinfile:
path: /etc/opendkim.conf
line: "SenderHeaders Sender,From"
insertafter: "OversignHeaders From"
- name: add Trusted hosts
blockinfile:
path: /etc/opendkim/TrustedHosts
block: |
scholarlyexchange.org
www.scholarlyexchange.org
box4.scholarlyexchange.org
box2.scholarlyexchange.org
69.164.217.191
45.33.73.134
- name: load Trusted hosts
blockinfile:
path: /etc/opendkim.conf
block: |
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
- name: Start and enable opendkim service
service:
name: opendkim
state: started
enabled: yes
- name: Start and enable postfix service
service:
name: postfix
state: started
enabled: yes
- name: add mydomain
lineinfile:
path: /etc/postfix/main.cf
line: "mydomain = scholarlyexchange.org"
insertafter: "#mydomain = domain.tld"
- name: add myhostname
lineinfile:
path: /etc/postfix/main.cf
line: "myhostname = mail.scholarlyexchange.org"
insertafter: "#myhostname = host.domain.tld"
- name: add inet interface
lineinfile:
path: /etc/postfix/main.cf
line: "inet_interfaces = $myhostname, localhost"
insertafter: "#inet_interfaces = $myhostname, localhost"
- name: add mydestination
lineinfile:
path: /etc/postfix/main.cf
line: "mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain"
insertafter: "#mydestination = $myhostname, localhost.$mydomain, localhost"
- name: set protocol to ipv4
lineinfile:
path: /etc/postfix/main.cf
line: "inet_protocols = ipv4"
search_string: "inet_protocols = all"
- name: add mynetworks style
lineinfile:
path: /etc/postfix/main.cf
line: "mynetworks_style = host"
insertafter: "#mynetworks_style = host"
- name: add DKIM config
blockinfile:
path: /etc/postfix/main.cf
marker_begin: "BEGIN PERMS"
marker_end: "END PERMS"
block: |
smtpd_client_restrictions = permit_inet_interfaces permit_mynetworks reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net
command_time_limit = 3600s
policyd-spf_time_limit = 3600
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
mynetworks = 127.0.0.1 69.164.217.191 45.33.73.134 [::1]/128 [2600:3c03::f03c:92ff:fe60:5221] [2600:3c03::f03c:94ff:fe81:4e29]
- name: enable SMTP acccess
firewalld:
service: smtp
zone: public
permanent: yes
state: enabled
- name: reload postfix
command: /usr/sbin/postfix reload