iniital role postfix/mx - still work in progress!topic/extended-postfix-roles

1 files changed, 42 insertions, 0 deletions

diff --git a/roles/mail/postfix/mx/tasks/main.yml b/roles/mail/postfix/mx/tasks/main.yml
new file mode 100644
index 00000000..5ef5ff42
--- /dev/null
+++ b/roles/mail/postfix/mx/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: configure TLS
+  when: postfix_mx_tls is defined
+  block:
+  - name: generate/install/fetch TLS certificate
+    vars:
+      x509_certificate_name: "postfix-{{ postfix_mx_hostname }}"
+      x509_certificate_config: "{{ postfix_mx_tls.certificate_config | default({}) }}"
+      x509_certificate_hostnames:
+      - "{{ postfix_mx_hostname }}"
+      x509_certificate_reload_services:
+      - postfix
+    include_role:
+      name: "x509/{{ postfix_mx_tls.certificate_provider }}/cert"
+
+## TODO: configure virtual and relay domains and maps
+
+- name: configure spam filtering using rspamd
+  when: postfix_mx_spam_filter == "rspamd"
+  block:
+  - name: add postfix user to rspamd group
+    user:
+      name: postfix
+      groups: _rspamd
+      append: yes
+    notify: restart postfix
+
+  - name: configure postfix milter config for rspamd
+    vars:
+      postfix_options:
+        milter_protocol: "6"
+        milter_default_action: "accept"
+        smtpd_milters: "unix:rspamd/rspamd-proxy.sock"
+        non_smtpd_milters: "unix:rspamd/rspamd-proxy.sock"
+    loop: "{{ postfix_options | dict2items }}"
+    loop_control:
+      label: "{{ item.key }} = {{ item.value }}"
+    lineinfile:
+      regexp: "^#?\\s*{{ item.key }}\\s*="
+      line: "{{ item.key }} = {{ item.value }}"
+      dest: /etc/postfix/main.cf
+    notify: restart postfix