Oefenweb / ansible-postfix

Ansible role to set up postfix in Debian-like systems
MIT License
174 stars 83 forks source link

Enable tls without relayhost #121

Open mvdriel opened 2 years ago

mvdriel commented 2 years ago

At the moment this role will only output smtp_tls_security_level in the configuration file (/etc/postfix/main.cf) when a postfix_relayhost is configured, so it is not possible to use TLS without relayhost. It is not totally clear to me why there is a dependency between these variables. @tersmitten Let me know whether you are open for a change; I would like to create a pull request. :smile:

tersmitten commented 2 years ago

See #83 and #117

tersmitten commented 2 years ago

I can't remember either... But you can use:

postfix_raw_options:
  - |
    smtp_use_tls = {{ postfix_smtp_tls_security_level != 'none' | ternary('yes', 'no') }}
    smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}
mvdriel commented 2 years ago

Yeah, thanks, that is my current workaround. Is the pull request something for v4.x?

mvdriel commented 2 years ago

A minor fix for your configuration suggestion are the brackets ("(" and ")") around the comparison:

postfix_raw_options:
  - |
    smtp_use_tls = {{ (postfix_smtp_tls_security_level != 'none') | ternary('yes', 'no') }}
    smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}
tersmitten commented 7 months ago

It seems to be introduced in #9

tersmitten commented 7 months ago

Is the pull request something for v4.x?

Yes! Do you have an idea how to unwind this block:

{% if postfix_relayhost %}
{% if postfix_relayhost_mxlookup %}
relayhost = {{ postfix_relayhost }}:{{ postfix_relayhost_port }}
{% else %}
relayhost = [{{ postfix_relayhost }}]:{{ postfix_relayhost_port }}
{% endif %}
{% if postfix_sasl_auth_enable %}
smtp_sasl_auth_enable = {{ postfix_sasl_auth_enable | bool | ternary('yes', 'no') }}
smtp_sasl_password_maps = {{ postfix_default_database_type }}:{{ postfix_sasl_passwd_file }}
smtp_sasl_security_options = {{ postfix_sasl_security_options }}
smtp_sasl_tls_security_options = {{ postfix_sasl_tls_security_options }}
smtp_sasl_mechanism_filter = {{ postfix_sasl_mechanism_filter }}
{% endif %}
{% if postfix_relaytls %}
smtp_use_tls = {{ postfix_relaytls | bool | ternary('yes', 'no') }}
smtp_tls_security_level = {{ postfix_smtp_tls_security_level }}
smtp_tls_wrappermode = {{ postfix_smtp_tls_wrappermode | bool | ternary('yes', 'no') }}
smtp_tls_note_starttls_offer = {{ postfix_smtp_tls_note_starttls_offer | bool | ternary('yes', 'no') }}
{% if postfix_smtp_tls_cafile is defined %}
smtp_tls_CAfile = {{ postfix_smtp_tls_cafile }}
{% endif %}
{% endif %}
{% else %}
relayhost =
{% endif %}