[mailserver_postfix] Enable submissions (465 without STARTTLS)

2025-02-01 20:59:14 +01:00 · 2025-02-01 20:59:14 +01:00 · e822e40945
commit e822e40945
parent 27433263e7
6 changed files with 19 additions and 4 deletions
--- a/roles/mailserver_postfix/files/nftables/input.d/smtp-submission.conf
+++ b/roles/mailserver_postfix/files/nftables/input.d/smtp-submission.conf
@ -1 +0,0 @@
-tcp dport {25, 587} accept comment "Allow SMTP/submission from all"
--- a/roles/mailserver_postfix/files/nftables/output.d/smtp-submission.conf
+++ b/roles/mailserver_postfix/files/nftables/output.d/smtp-submission.conf
@ -1 +0,0 @@
-tcp dport {25, 587} accept comment "Allow SMTP/submission to all"
--- a/roles/mailserver_postfix/tasks/main.yml
+++ b/roles/mailserver_postfix/tasks/main.yml
@ -52,8 +52,8 @@

 - name: Allow incoming and outgoing SMTP/submission
  become: true
-  ansible.builtin.copy:
-    src: "nftables/{{ item }}.d/smtp-submission.conf"
+  ansible.builtin.template:
+    src: "nftables/{{ item }}.d/smtp-submission.conf.j2"
    dest: "/etc/nftables/{{ item }}.d/smtp-submission.conf"
    mode: 0640
  notify: Reload nftables service
--- a/roles/mailserver_postfix/templates/master.cf.j2
+++ b/roles/mailserver_postfix/templates/master.cf.j2
@ -27,6 +27,17 @@ submission inet n       -       y       -       -       smtpd
  -o smtpd_relay_restrictions=
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
+submissions inet n       -       y       -       -       smtpd
+  -o syslog_name=postfix/submissions
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+  -o smtpd_helo_restrictions=
+  -o smtpd_sender_restrictions=permit_mynetworks,reject_sender_login_mismatch,permit_sasl_authenticated,reject
+  -o smtpd_relay_restrictions=
+  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
 #628       inet  n       -       y       -       -       qmqpd
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
--- a/roles/mailserver_postfix/templates/nftables/input.d/smtp-submission.conf.j2
+++ b/roles/mailserver_postfix/templates/nftables/input.d/smtp-submission.conf.j2
@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+tcp dport {25, 465, 587} accept comment "Allow SMTP/submission from all"
--- a/roles/mailserver_postfix/templates/nftables/output.d/smtp-submission.conf.j2
+++ b/roles/mailserver_postfix/templates/nftables/output.d/smtp-submission.conf.j2
@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+tcp dport {25, 465, 587} accept comment "Allow SMTP/submission to all"
				`@ -1 +0,0 @@`
				`tcp dport {25, 587} accept comment "Allow SMTP/submission from all"`