Merge pull request #3124 from open-craft/mtyaka/postfix-rewrite

Configure header_checks and sender_canonical_maps.

playbooks/roles/postfix_queue/defaults/main.yml

@@ -15,11 +15,25 @@ POSTFIX_QUEUE_EXTERNAL_SMTP_PORT: 587
 POSTFIX_QUEUE_EXTERNAL_SMTP_USER: ''
 POSTFIX_QUEUE_EXTERNAL_SMTP_PASSWORD: ''
 
+# Set this to content of sender_canonical_maps postfix configuration file (optional).
+# Example:
+# POSTFIX_QUEUE_SENDER_CANONICAL_MAPS: |-
+#   @internal @external.com
+#   someuser@example.com otheruser@myschool.org
+POSTFIX_QUEUE_SENDER_CANONICAL_MAPS: ''
+
+# Set this to content of header_checks postfix configuration file (optional).
+# Example:
+# POSTFIX_QUEUE_HEADER_CHECKS: |-
+#  /^From:(.*)$/   PREPEND Reply-To:$1
+#  /^Subject:.*spam/   DISCARD
+POSTFIX_QUEUE_HEADER_CHECKS: ''
 
 # Internal vars:
 
 postfix_queue_password_file: "/etc/postfix/sasl/passwd"
-postfix_queue_password_file_hashed: "{{ postfix_queue_password_file }}.db"
+postfix_queue_sender_canonical_maps_file: "/etc/postfix/sender_canonical_maps"
+postfix_queue_header_checks_file: "/etc/postfix/header_checks"
 
 postfix_queue_smtp_sasl_auth_enable: "yes"
 postfix_queue_smtp_sasl_password_maps: "hash:{{ postfix_queue_password_file }}"

playbooks/roles/postfix_queue/handlers/main.yml

----
-
-# postfix_queue: Configure a local postfix server to forward mail to an
-# external SMTP server. This way postfix acts as an outgoing mail queue, and
-# web apps can send mail instantly, while still taking advantage of an
-# external SMTP service.
-
-- name: restart postfix
-  service: name=postfix state=restarted

playbooks/roles/postfix_queue/tasks/main.yml

@@ -23,25 +23,53 @@
     - "relayhost = {{ postfix_queue_relayhost }}"
     - "smtp_tls_security_level = {{ postfix_queue_smtp_tls_security_level }}"
     - "smtp_tls_mandatory_ciphers = {{ postfix_queue_smtp_tls_mandatory_ciphers }}"
-  notify: restart postfix
+    - "sender_canonical_maps = hash:{{ postfix_queue_sender_canonical_maps_file }}"
+    - "header_checks = regexp:{{ postfix_queue_header_checks_file }}"
 
 - name: Explain postfix authentication
-  lineinfile: >
-    dest="{{ postfix_queue_password_file }}"
-    line="# configured by ansible:"
-    create=yes
+  lineinfile:
+    dest: "{{ postfix_queue_password_file }}"
+    line: "# Configured by Ansible:"
+    create: yes
 
 - name: Set permissions of password file
   file: path="{{ postfix_queue_password_file }}" state=file mode="0600" owner=root group=root
 
 - name: Configure postfix authentication
-  lineinfile: >
-    dest="{{ postfix_queue_password_file }}"
-    line="{{ postfix_queue_relayhost }}    {{ POSTFIX_QUEUE_EXTERNAL_SMTP_USER }}:{{ POSTFIX_QUEUE_EXTERNAL_SMTP_PASSWORD }}"
-    insertafter="# configured by ansible:"
+  lineinfile:
+    dest: "{{ postfix_queue_password_file }}"
+    line: "{{ postfix_queue_relayhost }}    {{ POSTFIX_QUEUE_EXTERNAL_SMTP_USER }}:{{ POSTFIX_QUEUE_EXTERNAL_SMTP_PASSWORD }}"
+    insertafter: "# Configured by Ansible:"
   register: postfix_queue_password
 
 - name: Hash postfix SASL password
   command: "postmap hash:{{ postfix_queue_password_file }}"
   when: postfix_queue_password.changed
-  notify: restart postfix
+
+- name: Configure postfix sender canonical maps
+  copy:
+    dest: "{{ postfix_queue_sender_canonical_maps_file }}"
+    content: "# Configured by Ansible:\n{{ POSTFIX_QUEUE_SENDER_CANONICAL_MAPS }}"
+    force: true
+    owner: root
+    group: root
+    mode: "0600"
+  register: postfix_queue_sender_canonical_maps
+
+- name: Hash postfix sender canonical maps file
+  command: "postmap hash:{{ postfix_queue_sender_canonical_maps_file }}"
+  when: postfix_queue_sender_canonical_maps.changed
+
+- name: Configure postfix header checks
+  copy:
+    dest: "{{ postfix_queue_header_checks_file }}"
+    content: "# Configured by Ansible:\n{{ POSTFIX_QUEUE_HEADER_CHECKS }}"
+    force: true
+    owner: root
+    group: root
+    mode: "0600"
+
+- name: Restart Postfix
+  service:
+    name: postfix
+    state: restarted