Forked from l0neranger/ansibleSetupPostfixSES.yml
Last active
March 25, 2021 16:08
-
-
Save tobiasmcnulty/31c96abfcd32fbe0b740 to your computer and use it in GitHub Desktop.
Ansible Playbook - Postfix for SES Delivery
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # According to AWS Docs - http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html | |
| # | |
| # Rewrites all sender addresses to a single canonical ses verified address. | |
| # | |
| # Expects a vars files at ../vars/PostfixSES-vars.yml with the following variables: | |
| # - ses_host: email-smtp.us-west-x.amazonaws.com | |
| # - ses_port: 587 | |
| # - ses_username: ses-smtp-username | |
| # - ses_password: ses-smtp-password | |
| # - postfix_canonical_name: ses-verified@email.address | |
| # - postfix_hostname: postfix.host.name | |
| # | |
| # Tested on Ubuntu 14.04 | |
| # | |
| --- | |
| - hosts: '{{ host }}' | |
| user: '{{ user }}' | |
| sudo: True | |
| gather_facts: yes | |
| tasks: | |
| - include_vars: ../vars/PostfixSES-vars.yml | |
| - name: Install Postfix and libsasl2-mod | |
| apt: > | |
| name={{ item }} | |
| state=latest | |
| update_cache=yes | |
| with_items: | |
| - postfix | |
| - heirloom-mailx | |
| tags: | |
| - install | |
| - name: Configure Postfix main.cf | |
| lineinfile: > | |
| backup=yes | |
| dest=/etc/postfix/main.cf | |
| regexp="^{{ item.variable }}\ =" | |
| line="{{ item.variable }} = {{ item.value }}" | |
| state=present | |
| with_items: | |
| - { variable: 'relayhost', value: "{{ ses_host }}:{{ ses_port }}" } | |
| - { variable: 'smtp_sasl_auth_enable', value: 'yes' } | |
| - { variable: 'smtp_sasl_security_options', value: 'noanonymous' } | |
| - { variable: 'smtp_sasl_password_maps', value: 'hash:/etc/postfix/sasl_passwd' } | |
| - { variable: 'smtp_use_tls', value: 'yes' } | |
| - { variable: 'smtp_tls_security_level', value: 'encrypt' } | |
| - { variable: 'smtp_tls_note_starttls_offer', value: 'yes' } | |
| - { variable: 'sender_canonical_maps', value: 'regexp:/etc/postfix/sender_canonical' } | |
| - { variable: 'myhostname', value: '{{ postfix_hostname }}' } | |
| - { variable: 'mydestination', value: '{{ postfix_hostname }}, localhost.localdomain, localhost' } | |
| - { variable: 'smtp_tls_CAfile', value: '/etc/ssl/certs/ca-certificates.crt' } | |
| tags: | |
| - config | |
| register: postfix_main_cf | |
| - name: Create /etc/postfix/sasl_passwd | |
| lineinfile: > | |
| backup=yes | |
| create=yes | |
| dest=/etc/postfix/sasl_passwd | |
| regexp="^{{ ses_host }}" | |
| line="{{ ses_host }}:{{ ses_port }} {{ ses_username }}:{{ ses_password }}" | |
| state=present | |
| tags: | |
| - config | |
| register: postfix_sasl_passwd | |
| - name: postmap hash:/etc/postfix/sasl_passwd | |
| command: postmap hash:/etc/postfix/sasl_passwd | |
| tags: | |
| - config | |
| when: postfix_sasl_passwd.changed | |
| - name: Change permissions on /etc/postfix/sasl_passwd.db | |
| command: chmod 0600 /etc/postfix/sasl_passwd* | |
| tags: | |
| - config | |
| when: postfix_sasl_passwd.changed | |
| - name: Create /etc/postfix/sender_canonical | |
| lineinfile: > | |
| backup=yes | |
| create=yes | |
| dest=/etc/postfix/sender_canonical | |
| regexp=".*{{postfix_canonical_name}}" | |
| line="/(.*?)@(.*)/ {{postfix_canonical_name}}" | |
| state=present | |
| tags: | |
| - config | |
| - name: Restart postfix | |
| service: > | |
| name=postfix | |
| state=restarted | |
| tags: | |
| - config | |
| when: postfix_sasl_passwd.changed or postfix_main_cf.changed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment