-
-
Save guglielmo/26830c0258ace21f1f7a to your computer and use it in GitHub Desktop.
Ansible Playbook - Postfix for SES Delivery
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # According to AWS Docs - http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html | |
| # | |
| # Rewrites all sender addresses to a single canonical ses verified address. | |
| # | |
| # Expects a vars files at ../vars/PostfixSES-vars.yml with the following variables: | |
| # - ses_host: email-smtp.us-west-x.amazonaws.com | |
| # - ses_port: 587 | |
| # - ses_username: ses-smtp-username | |
| # - ses_password: ses-smtp-password | |
| # - postfix_canonical_name: [email protected] | |
| # | |
| # Tested on Ubuntu 14.04 | |
| # | |
| --- | |
| - hosts: '{{ host }}' | |
| user: '{{ user }}' | |
| sudo: True | |
| gather_facts: yes | |
| tasks: | |
| - include_vars: ../vars/PostfixSES-vars.yml | |
| - name: Install Postfix and libsasl2-mod | |
| apt: > | |
| name={{ item }} | |
| state=latest | |
| update_cache=yes | |
| with_items: | |
| - postfix | |
| - heirloom-mailx | |
| - libsasl2-modules | |
| tags: | |
| - install | |
| - name: Configure Postfix main.cf | |
| lineinfile: > | |
| backup=yes | |
| dest=/etc/postfix/main.cf | |
| regexp="^{{ item.variable }}\ =" | |
| line="{{ item.variable }} = {{ item.value }}" | |
| state=present | |
| with_items: | |
| - { variable: 'inet_interfaces', value: "127.0.0.1" } | |
| - { variable: 'relayhost', value: "{{ ses_host }}:{{ ses_port }}" } | |
| - { variable: 'smtp_sasl_auth_enable', value: 'yes' } | |
| - { variable: 'smtp_sasl_security_options', value: 'noanonymous' } | |
| - { variable: 'smtp_sasl_password_maps', value: 'hash:/etc/postfix/sasl_passwd' } | |
| - { variable: 'smtp_use_tls', value: 'yes' } | |
| - { variable: 'smtp_tls_security_level', value: 'encrypt' } | |
| - { variable: 'smtp_tls_note_starttls_offer', value: 'yes' } | |
| - { variable: 'sender_canonical_maps', value: 'regexp:/etc/postfix/sender_canonical' } | |
| tags: | |
| - config | |
| - name: Create /etc/postfix/sasl_passwd | |
| lineinfile: > | |
| backup=yes | |
| create=yes | |
| dest=/etc/postfix/sasl_passwd | |
| regexp="^{{ ses_host }}" | |
| line="{{ ses_host }}:{{ ses_port }} {{ ses_username }}:{{ ses_password }}" | |
| state=present | |
| tags: | |
| - config | |
| - name: postmap hash:/etc/postfix/sasl_passwd | |
| command: postmap hash:/etc/postfix/sasl_passwd | |
| tags: | |
| - config | |
| - name: Remove /etc/postfix/sasl_passwd | |
| command: rm /etc/postfix/sasl_passwd | |
| tags: | |
| - config | |
| - name: Change permissions on /etc/postfix/sasl_passwd.db | |
| command: chmod 0600 /etc/postfix/sasl_passwd.db | |
| tags: | |
| - config | |
| - name: postfix CA cert | |
| command: postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt' | |
| tags: | |
| - config | |
| - name: Create /etc/postfix/sender_canonical | |
| lineinfile: > | |
| backup=yes | |
| create=yes | |
| dest=/etc/postfix/sender_canonical | |
| regexp=".*{{postfix_canonical_name}}" | |
| line="/(.*?)@(.*)/ {{postfix_canonical_name}}" | |
| state=present | |
| tags: | |
| - config | |
| - name: Restart postfix | |
| service: > | |
| name=postfix | |
| state=restarted | |
| tags: | |
| - config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment