{"id":48289639,"url":"https://github.com/idiv-biodiversity/ansible-role-postfix","last_synced_at":"2026-04-04T23:02:01.430Z","repository":{"id":33220247,"uuid":"110954780","full_name":"idiv-biodiversity/ansible-role-postfix","owner":"idiv-biodiversity","description":"ansible role to install and configure postfix","archived":false,"fork":false,"pushed_at":"2025-11-30T20:45:55.000Z","size":108,"stargazers_count":2,"open_issues_count":2,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-12-03T06:04:50.262Z","etag":null,"topics":["ansible","ansible-galaxy","ansible-role","mail","mta","postfix"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/idiv_biodiversity/postfix","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/idiv-biodiversity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-11-16T10:01:03.000Z","updated_at":"2025-11-30T20:45:51.000Z","dependencies_parsed_at":"2025-01-27T15:25:18.526Z","dependency_job_id":"1d9010dd-f20a-4da1-b7a8-efe3630903fd","html_url":"https://github.com/idiv-biodiversity/ansible-role-postfix","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/idiv-biodiversity/ansible-role-postfix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idiv-biodiversity%2Fansible-role-postfix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idiv-biodiversity%2Fansible-role-postfix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idiv-biodiversity%2Fansible-role-postfix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idiv-biodiversity%2Fansible-role-postfix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/idiv-biodiversity","download_url":"https://codeload.github.com/idiv-biodiversity/ansible-role-postfix/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idiv-biodiversity%2Fansible-role-postfix/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31418287,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T20:09:54.854Z","status":"ssl_error","status_checked_at":"2026-04-04T20:09:44.350Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-galaxy","ansible-role","mail","mta","postfix"],"created_at":"2026-04-04T23:01:57.259Z","updated_at":"2026-04-04T23:02:01.410Z","avatar_url":"https://github.com/idiv-biodiversity.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"Ansible Role: Postfix\n=====================\n\nAn Ansible role that installs [Postfix][] and configures it.\n\nTable of Contents\n-----------------\n\n\u003c!-- toc --\u003e\n\n- [Requirements](#requirements)\n- [Role Variables](#role-variables)\n  * [Basic Variables](#basic-variables)\n  * [Masquerading](#masquerading)\n  * [Aliases](#aliases)\n  * [Relay and Transport](#relay-and-transport)\n  * [Canonical Address Mapping](#canonical-address-mapping)\n  * [SMTP Generic Table](#smtp-generic-table)\n  * [Header Checks](#header-checks)\n  * [SMTP](#smtp)\n  * [Automatic Header Rewriting](#automatic-header-rewriting)\n- [Dependencies](#dependencies)\n- [Example Playbook](#example-playbook)\n  * [Top-Level Playbook](#top-level-playbook)\n  * [Role Dependency](#role-dependency)\n- [License](#license)\n- [Author Information](#author-information)\n\n\u003c!-- tocstop --\u003e\n\nRequirements\n------------\n\n- Ansible 2.9\n\nRole Variables\n--------------\n\nThis role does in no way capture the entirety of possible postfix options. If\nyou need something specific, feel free to contribute!\n\nThe `content` field is optional for of all dictionary variables potentially\nreferring to *configuration tables*, e.g. `postfix_transport`.\n\n### Basic Variables\n\nVariables with defaults:\n\n```yml\npostfix_inet_interfaces:\n  - localhost\n\npostfix_inet_protocols: all\n\npostfix_destinations:\n  - $myhostname\n  - localhost.$mydomain\n  - localhost\n```\n\nThese variables are empty by default, but postfix has its own defaults for\nthem. Check `postconf -d | grep ^my` for their defaults.\n\n```yml\npostfix_hostname: host.example.org\npostfix_domain: example.org\npostfix_origin: example.org\n```\n\n**Note:** Consult `man 5 postconf` for more information.\n\n### Masquerading\n\nMasquerading can strip off subdomain structure, e.g. to rewrite\n**user@sub.domain.example.org** to **user@example.org**:\n\n```yml\npostfix_masquerade_domains:\n  - example.org\n```\n\nAddresses that will be changed by masquerading:\n\n```yml\npostfix_masquerade_classes:\n  - envelope_sender\n  - envelope_recipient\n  - header_sender\n  - header_recipient\n```\n\nUsers who are exceptions to masquerading:\n\n```yml\npostfix_masquerade_exceptions:\n  - root\n```\n\n**Note:** Masquerading address mapping mechanism is able to rewrite both header\nand envelope addresses. For headers to be rewritten, see the section about\n[Automatic Header Rewriting](#automatic-header-rewriting).\n\n### Aliases\n\nThe variable `postfix_aliases` configures `/etc/aliases`, e.g.:\n\n```yml\npostfix_aliases:\n  - user: icinga\n    alias: root\n  - user: root\n    alias: admin@example.org\n```\n\n### Relay and Transport\n\nDelivery targets, i.e. relays:\n\n```yml\npostfix_relayhost: relay1.domain.org\npostfix_smtp_fallback_relay: relay2.domain.org\n```\n\nAdditionally, there is more fine-grained control with the transport table:\n\n```yml\npostfix_transport:\n  - type: hash\n    dest: /etc/postfix/transport\n    content: |\n      foo.org         smtp:[imap1.example.org]\n      .foo.org        smtp:[imap1.example.org]\n      bar.org         smtp:[imap2.example.org]\n      .bar.org        smtp:[imap2.example.org]\n```\n\n**Note:** Consult `man 5 transport` for more information.\n\n### Canonical Address Mapping\n\nRewrite recipient and sender:\n\n```yml\npostfix_canonical:\n  - type: hash\n    dest: /etc/postfix/canonical\n    content: |\n      platform@internal.domain platform@example.org\n  - type: ldap\n    dest: /etc/postfix/ldap-canonical.cf\n    content: |\n      server_host = ldap.example.org\n      search_base = dc=example, dc=org\n      query_filter = uid=%s\n      result_attribute = mail\n```\n\nRewrite recipient:\n\n```yml\npostfix_recipient_canonical:\n  - type: hash\n    dest: /etc/postfix/recipient_canonical\n    content: |\n      root@internal.domain   admin@example.org\n      icinga@internal.domain admin@example.org\n```\n\nRewrite sender:\n\n```yml\npostfix_sender_canonical:\n  - type: hash\n    dest: /etc/postfix/sender_canonical\n    content: |\n      root@internal.domain   support@example.org\n      icinga@internal.domain support@example.org\n```\n\n**Note:** The **canonical** address mapping mechanism is able to rewrite both\nheader and envelope addresses. For headers to be rewritten, see the section\nabout [Automatic Header Rewriting](#automatic-header-rewriting).\n\n**Note:** Consult `man 5 canonical` for more information.\n\n### SMTP Generic Table\n\nDefines address mappings when mail is delivered via SMTP. This is useful to\ntransform **local** mail addresses into **valid** mail addresses. The following\nexample rewrites the sender **icinga@internal** to **support@example.org** and\neverything else **@internal** to **no-reply@example.org**:\n\n```yml\npostfix_smtp_generic:\n  - type: hash\n    dest: /etc/postfix/smtp_generic\n    content: |\n      icinga@internal support@example.org\n      @internal       no-reply@example.org\n```\n\n**Note:** Affects both message header addresses, i.e. the **From:** field, and\nenvelope addresses which are used by SMTP.\n\n**Note:** Consult `man 5 generic` for more information.\n\n### Header Checks\n\nThis lets you rewrite or reject message headers:\n\n```yml\npostfix_header_checks:\n  - type: regexp\n    dest: /etc/postfix/header_checks\n    content: |\n      /^From: root@[^ ]+\\.example.org .*/ REPLACE From: no-reply@example.org\n```\n\n**Note:** Consult `man 5 header_checks` for more information.\n\n### SMTP\n\n```yml\npostfix_smtp:\n  tls_CApath: '/etc/pki/tls/certs'\n  tls_security_level: 'may'\n  tls_cert_file: '/etc/pki/cert.pem'\n  tls_key_file: '/etc/pki/key.pem'\n  tls_note_starttls_offer: 'yes'\n\npostfix_smtpd:\n  tls_CApath: '/etc/pki/tls/certs'\n  tls_security_level: 'may'\n  tls_cert_file: '/etc/pki/cert.pem'\n  tls_key_file: '/etc/pki/key.pem'\n  tls_auth_only: 'no'\n  tls_loglevel: '1'\n  tls_received_header: 'yes'\n  tls_session_cache_timeout: '3600s'\n\npostfix_tls_random_source: 'dev:/dev/urandom'\n```\n\n**Note:** At the moment, PEM files need to be copied manually.\n\n### Automatic Header Rewriting\n\nStarting with Postfix 2.2 automatic message header rewriting has been disabled\nby default. Instead, only envelope addresses get rewritten. This applies to the\naddress rewriting facilities. Check `man 5 postconf` to see if it applies to\nyour configuration entries.\n\nTo get the behavior before Postfix 2.2, add this variable:\n\n```yml\npostfix_local_header_rewrite_clients:\n  - type: static\n    dest: all\n```\n\nDependencies\n------------\n\n```yml\n---\n\n# requirements.yml\n\nroles:\n\n  - name: idiv_biodiversity.postfix\n    src: https://github.com/idiv-biodiversity/ansible-role-postfix\n    version: vX.Y.Z\n\n...\n```\n\nExample Playbook\n----------------\n\n### Top-Level Playbook\n\nWrite a top-level playbook:\n\n```yml\n---\n\n- name: head server\n  hosts: head\n\n  roles:\n    - role: idiv_biodiversity.postfix\n      tags:\n        - mail\n        - mta\n        - postfix\n\n...\n```\n\n### Role Dependency\n\nDefine the role dependency in `meta/main.yml`:\n\n```yml\n---\n\ndependencies:\n\n  - role: idiv_biodiversity.postfix\n    tags:\n      - mail\n      - mta\n      - postfix\n\n...\n```\n\nLicense\n-------\n\nMIT\n\nAuthor Information\n------------------\n\nThis role was created in 2017 by [Christian Krause][author] aka [wookietreiber at GitHub][wookietreiber], HPC cluster systems administrator at the [German Centre for Integrative Biodiversity Research (iDiv)][idiv], based on a draft by Ben Langenberg aka [bencarsten at GitHub][bencarsten].\n\n\n[author]: https://www.idiv.de/staff/christian-krause/\n[idiv]: https://www.idiv.de/\n[bencarsten]: https://github.com/bencarsten\n[wookietreiber]: https://github.com/wookietreiber\n[postfix]: http://www.postfix.org/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidiv-biodiversity%2Fansible-role-postfix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fidiv-biodiversity%2Fansible-role-postfix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidiv-biodiversity%2Fansible-role-postfix/lists"}