Merge pull request #21 from Oefenweb/make-mynetworks-configurable

Make mynetworks configurable
Oefenweb · Mar 9, 2016 · c427f61 · c427f61
2 parents 830763e + 803c10f
commit c427f61
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -14,6 +14,7 @@ None
  * `postfix_hostname` [default: `{{ ansible_fqdn }}`]: Host name, used for `myhostname` and in `mydestination`
  * `postfix_mailname` [default: `{{ ansible_fqdn }}`]: Mail name (in `/etc/mailname`), used for `myorigin`
  * `postfix_aliases` [default: `[]`]: Aliases to ensure present in `/etc/aliases`
+ * `postfix_mynetworks` [default: `['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128']`]: The list of "trusted" remote SMTP clients that have more privileges than "strangers"
  * `postfix_inet_interfaces` [default: `all`]: Network interfaces to bind ([see](http://www.postfix.org/postconf.5.html#inet_interfaces))
  * `postfix_inet_protocols` [default: `all`]: The Internet protocols Postfix will attempt to use when making or accepting connections ([see](http://www.postfix.org/postconf.5.html#inet_protocols))
  * `postfix_relayhost` [default: `false` (no relay host)]: Hostname to relay all email to
@@ -37,7 +38,7 @@ A simple example that doesn't use SASL relaying:
     - postfix
   vars:
     postfix_aliases:
-    - { user: root, alias: [email protected] }
+      - { user: root, alias: [email protected] }
 ```
 
 Provide the relay host name if you want to enable relaying:
@@ -48,7 +49,7 @@ Provide the relay host name if you want to enable relaying:
     - postfix
   vars:
     postfix_aliases:
-    - { user: root, alias: [email protected] }
+      - { user: root, alias: [email protected] }
     postfix_relayhost: mail.yourdomain.org
 ```
 
@@ -60,7 +61,7 @@ For AWS SES support:
     - postfix
   vars:
     postfix_aliases:
-    - { user: root, alias: [email protected] }
+      - { user: root, alias: [email protected] }
     postfix_relayhost: email-smtp.us-east-1.amazonaws.com
     postfix_relaytls: true
     # AWS IAM SES credentials (not access key):

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -16,3 +16,7 @@ postfix_sasl_user: "postmaster@{{ ansible_domain }}"
 postfix_sasl_password: 'k8+haga4@#pR'
 postfix_inet_interfaces: all
 postfix_inet_protocols: all
+postfix_mynetworks:
+  - 127.0.0.0/8
+  - '[::ffff:127.0.0.0]/104'
+  - '[::1]/128'
diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
@@ -32,7 +32,7 @@ myhostname = {{ postfix_hostname }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = {{ postfix_hostname }}, localdomain, localhost, localhost.localdomain
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mynetworks = {{ postfix_mynetworks | join(' ') }}
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = {{ postfix_inet_interfaces }}