summaryrefslogtreecommitdiff
path: root/roles/mail/postfix/submission/tasks/saslauthd.yml
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2024-07-10 18:00:32 +0200
committerChristian Pointner <equinox@spreadspace.org>2024-07-10 18:00:32 +0200
commit63a3ecbe58c2bb192c5693af3939eb9e29877e65 (patch)
tree7b0eace6670557a6154f8930342c883c28b115ed /roles/mail/postfix/submission/tasks/saslauthd.yml
parentmove postfix rules to mail subdir (diff)
add extended postfix roles
Diffstat (limited to 'roles/mail/postfix/submission/tasks/saslauthd.yml')
-rw-r--r--roles/mail/postfix/submission/tasks/saslauthd.yml48
1 files changed, 48 insertions, 0 deletions
diff --git a/roles/mail/postfix/submission/tasks/saslauthd.yml b/roles/mail/postfix/submission/tasks/saslauthd.yml
new file mode 100644
index 00000000..065fb255
--- /dev/null
+++ b/roles/mail/postfix/submission/tasks/saslauthd.yml
@@ -0,0 +1,48 @@
+---
+- name: install saslauthd and sasl-modules
+ apt:
+ name:
+ - sasl2-bin
+ - libsasl2-modules
+ state: present
+
+- name: basic saslauthd options
+ vars:
+ saslauthd_options:
+ START: "yes"
+ MECHANISMS: "{{ postfix_submission_auth_saslauthd.mechanism }}"
+ OPTIONS: "-c -m /var/spool/postfix/saslauthd"
+ loop: "{{ saslauthd_options | dict2items }}"
+ loop_control:
+ label: "{{ item.key }} = {{ item.value }}"
+ lineinfile:
+ regexp: '^#?\s*{{ item.key }}\s*='
+ line: '{{ item.key }}="{{ item.value }}"'
+ dest: /etc/default/saslauthd
+ notify: restart saslauthd
+
+- name: configure saslauthd mechanism
+ include_tasks: "saslauthd-{{ postfix_submission_auth_saslauthd.mechanism }}.yml"
+
+- name: configure postfix sasl via saslauthd
+ copy:
+ content: |
+ pwcheck_method: saslauthd
+ saslauthd_path: /saslauthd/mux
+ mech_list: plain login
+ dest: /etc/postfix/sasl/submission.conf
+ notify: restart postfix
+
+- name: add postfix user to sasl group
+ user:
+ name: postfix
+ groups: sasl
+ append: yes
+ notify: restart postfix
+
+- name: make sure saslauthd service is enabled and started
+ systemd:
+ daemon_reload: yes
+ name: saslauthd.service
+ enabled: yes
+ state: started