{"id":13753162,"url":"https://github.com/Oefenweb/ansible-postfix","last_synced_at":"2025-05-09T20:34:54.895Z","repository":{"id":19745488,"uuid":"23002245","full_name":"Oefenweb/ansible-postfix","owner":"Oefenweb","description":"Ansible role to set up postfix in Debian-like systems","archived":false,"fork":false,"pushed_at":"2025-02-27T12:13:36.000Z","size":316,"stargazers_count":176,"open_issues_count":11,"forks_count":87,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-12T09:18:59.334Z","etag":null,"topics":["ansible","debian","mail","postfix","relay","smtp-client","ubuntu"],"latest_commit_sha":null,"homepage":null,"language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Oefenweb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-08-15T20:36:31.000Z","updated_at":"2025-04-04T14:50:16.000Z","dependencies_parsed_at":"2024-11-16T05:32:13.902Z","dependency_job_id":"1f630622-bc84-47e6-9b15-17ae24abb24d","html_url":"https://github.com/Oefenweb/ansible-postfix","commit_stats":null,"previous_names":[],"tags_count":111,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Oefenweb%2Fansible-postfix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Oefenweb%2Fansible-postfix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Oefenweb%2Fansible-postfix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Oefenweb%2Fansible-postfix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Oefenweb","download_url":"https://codeload.github.com/Oefenweb/ansible-postfix/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253321827,"owners_count":21890474,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","debian","mail","postfix","relay","smtp-client","ubuntu"],"created_at":"2024-08-03T09:01:17.488Z","updated_at":"2025-05-09T20:34:49.834Z","avatar_url":"https://github.com/Oefenweb.png","language":"Jinja","readme":"## postfix\n\n[![CI](https://github.com/Oefenweb/ansible-postfix/workflows/CI/badge.svg)](https://github.com/Oefenweb/ansible-postfix/actions?query=workflow%3ACI)\n[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-postfix-blue.svg)](https://galaxy.ansible.com/oefenweb/postfix)\n\nSet up a postfix server in Debian-like systems.\n\n#### Requirements\n\nNone\n\n#### Variables\n\n * `postfix_install` [default: `[postfix, mailutils, libsasl2-2, sasl2-bin, libsasl2-modules]`]: Packages to install\n * `postfix_hostname` [default: `{{ ansible_fqdn }}`]: Host name, used for `myhostname` and in `mydestination`\n * `postfix_mailname` [default: `{{ ansible_fqdn }}`]: Mail name (in `/etc/mailname`), used for `myorigin`\n\n * `postfix_compatibility_level` [optional]: With backwards compatibility turned on (the compatibility_level value is less than the Postfix built-in value), Postfix looks for settings that are left at their implicit default value, and logs a message when a backwards-compatible default setting is required (e.g. `2`, `Postfix \u003e= 3.0`)\n\n * `postfix_default_database_type` [default: `hash`]: The default database type for use in `newaliases`, `postalias` and `postmap` commands\n * `postfix_aliases` [default: `[]`]: Aliases to ensure present in `/etc/aliases`\n * `postfix_aliases_database_type` [default: `\"{{ postfix_default_database_type }}\"`]: The database type for aliases\n * `postfix_virtual_aliases` [default: `[]`]: Virtual aliases to ensure present in `/etc/postfix/virtual`\n * `postfix_sender_canonical_maps` [default: `[]`]: Sender address rewriting in `/etc/postfix/sender_canonical_maps` ([see](http://www.postfix.org/postconf.5.html#transport_maps))\n * `postfix_sender_canonical_maps_database_type` [default: `\"{{ postfix_default_database_type }}\"`]: The database type for use in `postfix_sender_canonical_maps`\n * `postfix_recipient_canonical_maps` [default: `[]`]: Recipient address rewriting in `/etc/postfix/recipient_canonical_maps` ([see](http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps))\n * `postfix_recipient_canonical_maps_database_type` [default: `\"{{ postfix_default_database_type }}\"`]: The database type for use in `postfix_recipient_canonical_maps`\n * `postfix_transport_maps` [default: `[]`]: Transport mapping based on recipient address `/etc/postfix/transport_maps` ([see](http://www.postfix.org/postconf.5.html#recipient_canonical_maps))\n * `postfix_transport_maps_database_type` [default: `\"{{ postfix_default_database_type }}\"`]: The database type for use in `postfix_transport_maps`\n * `postfix_sender_dependent_relayhost_maps` [default: `[]`]: Transport mapping based on sender address `/etc/postfix/sender_dependent_relayhost_maps` ([see](http://www.postfix.org/postconf.5.html#recipient_canonical_maps))\n * `postfix_header_checks` [default: `[]`]: Lookup tables for content inspection of primary non-MIME message headers `/etc/postfix/header_checks` ([see](http://www.postfix.org/postconf.5.html#header_checks))\n * `postfix_header_checks_database_type` [default: `regexp`]: The database type for use in `header_checks`\n * `postfix_generic` [default: `postfix_smtp_generic_maps`]: **Deprecated**, use `postfix_smtp_generic_maps`\n * `postfix_smtp_generic_maps` [default: `[]`]: Generic table address mapping in `/etc/postfix/generic` ([see](http://www.postfix.org/generic.5.html))\n * `postfix_smtp_generic_maps_database_type` [default: `\"{{ postfix_default_database_type }}\"`]: The database type for use in `smtp_generic_maps`\n\n * `postfix_mydestination` [default: `[\"{{ postfix_hostname }}\", 'localdomain', 'localhost', 'localhost.localdomain']`]: Specifies what domains this machine will deliver locally, instead of forwarding to another machine\n * `postfix_mynetworks` [default: `['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128']`]: The list of \"trusted\" remote SMTP clients that have more privileges than \"strangers\"\n * `postfix_inet_interfaces` [default: `all`]: Network interfaces to bind ([see](http://www.postfix.org/postconf.5.html#inet_interfaces))\n * `postfix_inet_protocols` [default: `all`]: The Internet protocols Postfix will attempt to use when making or accepting connections ([see](http://www.postfix.org/postconf.5.html#inet_protocols))\n * `postfix_smtp_ipv4_bind` [optional]: Outbound network interfaces to use (IPv4) ([see](http://www.postfix.org/postconf.5.html#smtp_bind_address))\n * `postfix_smtp_ipv6_bind` [optional]: Outbound network interfaces to use (IPv6) ([see](http://www.postfix.org/postconf.5.html#smtp_bind_address6))\n\n * `postfix_relayhost` [default: `''` (no relay host)]: Hostname to relay all email to\n * `postfix_relayhost_mxlookup` [default: `false` (not using mx lookup)]: Lookup for MX record instead of A record for relayhost\n * `postfix_relayhost_port` [default: 587]: Relay port (on `postfix_relayhost`, if set)\n * `postfix_relaytls` [default: `false`]: Use TLS when sending with a relay host\n\n * `postfix_smtpd_client_restrictions` [optional]: List of client restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_client_restrictions))\n * `postfix_smtpd_helo_restrictions` [optional]: List of helo restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions))\n * `postfix_smtpd_sender_restrictions` [optional]: List of sender restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions))\n * `postfix_smtpd_recipient_restrictions` [optional]: List of recipient restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions))\n * `postfix_smtpd_relay_restrictions` [optional]: List of access restrictions for mail relay control ([see](http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions))\n * `postfix_smtpd_data_restrictions` [optional]: List of data restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_data_restrictions))\n\n * `postfix_sasl_auth_enable` [default: `true`]: Enable SASL authentication in the SMTP client\n * `postfix_sasl_user` [default: `postmaster@{{ ansible_domain }}`]: SASL relay username\n * `postfix_sasl_password` [default: `k8+haga4@#pR`]: SASL relay password **Make sure to change!**\n * `postfix_sasl_security_options` [default: `noanonymous`]: SMTP client SASL security options\n * `postfix_sasl_tls_security_option` [default: `noanonymous`]: SMTP client SASL TLS security options\n * `postfix_sasl_mechanism_filter` [default: `''`]: SMTP client SASL authentication mechanism filter ([see](http://www.postfix.org/postconf.5.html#smtp_sasl_mechanism_filter))\n\n * `postfix_smtp_tls_security_level` [default: `encrypt`]: The default SMTP TLS security level for the Postfix SMTP client ([see](http://www.postfix.org/postconf.5.html#smtp_tls_security_level))\n * `postfix_smtp_tls_wrappermode` [default: `false`]: Request that the Postfix SMTP client connects using the legacy SMTPS protocol instead of using the STARTTLS command ([see](http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode))\n * `postfix_smtp_tls_note_starttls_offer` [default: `true`]: Log the hostname of a remote SMTP server that offers STARTTLS, when TLS is not already enabled for that server ([see](http://www.postfix.org/postconf.5.html#smtp_tls_note_starttls_offer))\n * `postfix_smtp_tls_cafile` [optional]: A file containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates (e.g. `/etc/ssl/certs/ca-certificates.crt`)\n\n * `postfix_smtpd_banner` [default: `$myhostname ESMTP $mail_name (Ubuntu)`]: Greeting banner **You MUST specify $myhostname at the start of the text. This is required by the SMTP protocol.**\n * `postfix_disable_vrfy_command` [default: `true`]: Disable the `SMTP VRFY` command. This stops some techniques used to harvest email addresses\n * `postfix_message_size_limit` [default: `10240000`]: The maximal size in bytes of a message, including envelope information\n\n * `postfix_smtpd_tls_cert_file` [default: `/etc/ssl/certs/ssl-cert-snakeoil.pem`]: Path to certificate file\n * `postfix_smtpd_tls_key_file` [default: `/etc/ssl/certs/ssl-cert-snakeoil.key`]: Path to key file\n\n * `postfix_smtpd_security_level` [optional]: The SMTP TLS security level for the Postfix SMTP server ([see](http://www.postfix.org/postconf.5.html#smtpd_tls_security_level))\n\n * `postfix_smtp_tls_mandatory_ciphers` [optional]: The minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS ([see](https://www.postfix.org/postconf.5.html#smtp_tls_mandatory_ciphers))\n * `postfix_smtp_tls_mandatory_protocols` [optional]: TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption ([see](https://www.postfix.org/postconf.5.smtp_tls_mandatory_protocols))\n * `postfix_smtp_tls_protocols` [optional]: TLS protocols that the Postfix SMTP client will use with opportunistic TLS encryption ([see](https://www.postfix.org/postconf.5.html#smtp_tls_protocols))\n * `postfix_smtpd_tls_mandatory_ciphers` [optional]: The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory TLS encryption.  ([see](https://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_ciphers))\n * `postfix_smtpd_tls_mandatory_protocols` [optional]: TLS protocols accepted by the Postfix SMTP server with mandatory TLS encryption ([see](https://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_protocols))\n * `postfix_smtpd_tls_protocols` [optional]: TLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption ([see](https://www.postfix.org/postconf.5.html#smtpd_tls_protocols))\n\n * `postfix_raw_options` [default: `[]`]: List of lines (to pass extra (unsupported) configuration)\n\n\n## Dependencies\n\n* `debconf`\n* `debconf-utils`\n\n#### Example(s)\n\nA simple example that doesn't use SASL relaying:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_aliases:\n      - user: root\n        alias: you@yourdomain.org\n```\n\nA simple example with virtual aliases for mail forwarding that doesn't use SASL relaying:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_mydestination:\n      - \"{{ postfix_hostname }}\"\n      - '$mydomain'\n      - localdomain\n      - localhost\n      - localhost.localdomain\n    postfix_virtual_aliases:\n      - virtual: webmaster@yourdomain.com\n        alias: personal_email@gmail.com\n      - virtual: billandbob@yourdomain.com\n        alias: bill@gmail.com, bob@gmail.com\n```\n\nA simple example that rewrites the sender address:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_sender_canonical_maps:\n      - sender: root\n        rewrite: postmaster@yourdomain.org\n```\n\nProvide the relay host name if you want to enable relaying:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_aliases:\n      - user: root\n        alias: you@yourdomain.org\n    postfix_relayhost: mail.yourdomain.org\n```\n\nProvide the relay domain name and use MX records if you want to enable relaying to DNS MX records of a domain:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_aliases:\n      - user: root\n        alias: you@yourdomain.org\n    postfix_relayhost: yourdomain.org\n    postfix_relayhost_mxlookup: true\n```\n\nConditional relaying:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_transport_maps:\n      - pattern: 'root@yourdomain.org'\n        result: ':'\n      - pattern: '*'\n        result: \"smtp:{{ ansible_lo['ipv4']['address'] }}:1025\"\n    postfix_sender_dependent_relayhost_maps:\n      - pattern: 'logcheck@yourdomain.org'\n        result: 'DUNNO'\n      - pattern: 'pflogsumm@yourdomain.org'\n        result: 'DUNNO'\n      - pattern: '*'\n        result: \"smtp:{{ ansible_lo['ipv4']['address'] }}:1025\"\n```\n\nAliases with regexp table (forward all local mail to specified address):\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_aliases_database_type: regexp\n    postfix_aliases:\n      - user: /.*/\n        alias: you@yourdomain.org\n```\n\nFor AWS SES support:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_aliases:\n      - user: root\n        alias: sesverified@yourdomain.org\n    postfix_relayhost: email-smtp.us-east-1.amazonaws.com\n    postfix_relaytls: true\n    # AWS IAM SES credentials (not access key):\n    postfix_sasl_user: AKIXXXXXXXXXXXXXXXXX\n    postfix_sasl_password: ASDFXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n```\n\nFor MailHog support:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_aliases:\n      - user: root\n        alias: you@yourdomain.org\n    postfix_relayhost: \"{{ ansible_lo['ipv4']['address'] }}\"\n    postfix_relayhost_port: 1025\n    postfix_sasl_auth_enable: false\n```\n\nFor Gmail support:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_aliases:\n      - user: root\n        alias: you@yourdomain.org\n    postfix_relayhost: smtp.gmail.com\n    postfix_relaytls: true\n    postfix_smtp_tls_cafile: /etc/ssl/certs/ca-certificates.crt\n    postfix_sasl_user: 'foo'\n    postfix_sasl_password: 'bar'\n```\n\nIf you configure your Google account for extra security to use the 2-step verification, then\npostfix won't send out emails anymore and you might notice error messages in the `/var/log/mail.log` file\n\nTo fix this issue, you need to visit the ([Authorizing applications \u0026 sites](http://www.google.com/accounts/IssuedAuthSubTokens?hide_authsub=1))\npage under your Google Account settings. On this page enter the name of the application to be authorized (Postfix) and click on Generate button.\nSet the `postfix_sasl_password` variable with the password generated by this page.\n\nA simple example that shows how to add some raw config:\n\n```yaml\n---\n- hosts: all\n  roles:\n    - oefenweb.postfix\n  vars:\n    postfix_raw_options:\n      - |\n        milter_default_action = accept\n        milter_protocol = 6\n        smtpd_milters = unix:opendkim/opendkim.sock unix:opendmarc/opendmarc.sock unix:spamass/spamass.sock unix:clamav/clamav-milter.ctl\n        milter_connect_macros = \"i j {daemon_name} v {if_name} _\"\n        policyd-spf_time_limit = 3600\n```\n\n#### License\n\nMIT\n\n#### Author Information\n\nMischa ter Smitten\n\n#### Feedback, bug-reports, requests, ...\n\nAre [welcome](https://github.com/Oefenweb/ansible-postfix/issues)!\n","funding_links":[],"categories":["[💾 sysadmin-devops](https://github.com/stars/ketsapiwiq/lists/sysadmin-devops)","ubuntu"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOefenweb%2Fansible-postfix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOefenweb%2Fansible-postfix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOefenweb%2Fansible-postfix/lists"}