From 61fe076892430c9207fba89b7d4dac814714a3b6 Mon Sep 17 00:00:00 2001
From: Ludovic Cartier <ludovic.cartier@alterway.fr>
Date: Thu, 12 Dec 2024 17:42:04 +0100
Subject: [PATCH] update main.cf and defaults vars

---
 defaults/.main.yml.swp | Bin 0 -> 12288 bytes
 templates/main.cf.j2   |  79 +++++++++++++++++------------------------
 2 files changed, 33 insertions(+), 46 deletions(-)
 create mode 100644 defaults/.main.yml.swp

diff --git a/defaults/.main.yml.swp b/defaults/.main.yml.swp
new file mode 100644
index 0000000000000000000000000000000000000000..513a5b316aeecf4d1e282b55bc35303a27f7c83a
GIT binary patch
literal 12288
zcmeI2KX21O7>BP&h=o!F8<Pt|hT{Bfp;Ukbq!LIeL`{oS7_5tZX-_@-th;mCFo4R+
z1m6I5W+X-!_yP>D@(K6=4E$o8CWT66t@=88;>+FnecyYW3|6jNef(g>yHTz(9OoIk
zefsHU`m%jyd4VyNMO+R0k2qF%cvtIfziqT13BQ#^x-Y}B(&53&pXUK9t0L7_I&Gw|
zm9F73u>)J-iIrU?e4`b*F~jxbZY2^uo+)Q5F{YIV@&A-_M71<b22P-X%=P@m>Gejv
zmjBeRT%PqVURXbYB528EfDDiUGC&5%02v?yWZ>i)aOo6#f#shn6qJhd)L-Y~Bb~?q
z86X2>fDDiUGC&5%02v?yWPl8ifn#WZM~v;9Wo&L5#pD0~(ewYW8OFYYZ{P!X2i}0!
zz<@Q-0k^<Sa0#3OKh81s8GHh7!5(-5Hb5QBfS<_q6?_37!F%uu?13E+gAi<hN1zE7
z!Bvpgc?>;M$z*^GkO4A42FL&zAOmE83>+^5p67cd{&2n3DzUsRCfbeWa;NC-thS3*
zyVERMtM}%M)}7}4qBXu^rMXaI#h&ND#x4z<vVqtQv13{Up-i`gu}goF&aSmO{aO)X
zw$o|#8<QXEhXhKEb~@AwA^u6C^rjMhp_aT-^^i+PxxG>>BALa9OtB)&jC6xw6es2b
zJVuT(#ll*?DFQ2>i9pF%I;5&q>+@9{<8avEt-5;m;IxTxBT$MIi3=i;M-c{b=8!1A
z71$^)Opql!b6c2UolLlsIw{no!XR;AxmCe%3gXC+I}sfmj|YixJKAj9abd&T5d}sl
zKES(mMux+{aJj$4d~gd})=|;K$|ZsYWB2&(C^e3okIKXe)8nDAxHKQmms6`>FIR`J
p%Hn>KacxW9A)SGB10@h;SjR*Wp^j6S=t?ztiyGx?CFc7+`whTrHrN0F

literal 0
HcmV?d00001

diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
index 8d700a5..b7585b8 100644
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -1,64 +1,51 @@
 # {{ ansible_managed }}
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+myhostname = {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
+
 compatibility_level= {{ postfix_compatibility_level }}
 
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
 myorigin = /etc/mailname
+mydestination = $myhostname, localhost.$mydomain, localhost, {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
+mynetworks_style = {{ postfix_mynetworks_style }}
+mynetworks = {{ postfix_mynetworks | join(' ') }}
+inet_interfaces = {{ postfix_inet_interfaces }}
+inet_protocols = {{ postfix_inet_protocols }}
 
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 biff = no
-
-# appending .domain is the MUA's job.
 append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
+append_at_myorigin = yes
 readme_directory = no
 
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-myhostname = {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
-
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
-mydestination = $myhostname, localhost.$mydomain, localhost, {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
 
-mynetworks = {{ postfix_networks | default('127.0.0.0/8') }}
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = {{ postfix_interfaces | default('all') }}
-inet_protocols = {{ postfix_protocols | default('all') }}
-#masquerade_domains = XXX
-message_size_limit = 10000000
-home_mailbox = /
-mailbox_size_limit = 0
-#mailbox_command = /usr/bin/procmail -f- -a $USER
+relayhost = {{ postfix_relayhost }}
+smtpd_relay_restrictions = {{ postfix_smtpd_relay_restrictions|join(' ') }}
+recipient_delimiter = {{ postfix_recipient_delimiter }}
+mailbox_size_limit = {{ postfix_mailbox_size_limit }}
+message_size_limit = {{ postfix_message_size_limit }}
 
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+{% if postfix_sasl_password_map is defined %}
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options = noanonymous
+smtp_sasl_tls_security_options = noanonymous
+{% endif %}
+
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_security_level = {{ postfix_smtp_tls_security_level }}
+smtp_tls_ciphers = {{ postfix_smtp_tls_ciphers }}
+smtp_tls_loglevel = {{ postfix_smtp_tls_loglevel }}
+smtp_tls_protocols = {{ postfix_smtp_tls_protocols | join(', ') }}
+smtp_tls_exclude_ciphers = {{ postfix_smtp_tls_exclude_ciphers | join(', ') }}
+
+smtpd_use_tls=yes
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 
 {% if postfix_sender_relay is defined %}
 sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
-smtp_sasl_tls_security_options = noanonymous
-smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
-smtp_sasl_auth_enable = yes
-smtp_tls_security_level = may
-smtp_tls_ciphers = medium
-smtp_tls_loglevel = 0
-smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1
-smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
 smtp_sender_dependent_authentication = yes
 {% endif %}