postfix-vars, dkim-selector

README.adoc

@@ -74,6 +74,10 @@ Full qualified domain name of your mail server.
 It is not possible to choose different for SMTP/Submission/IMAP/Sieve.
 But you can use CNAMEs/X509-Alt-names to define different.
 
+mail_dkim_selector::
+For DKIM you need a selector, which will be used in DNS.
+E.g. pick the current year.
+
 mail_ldap_basedn::
 LDAP-BaseDN.  `cn=example,cn=net`
 (default: value of ldap_basedn)

defaults/main.yml

@@ -9,6 +9,9 @@ mail_ldap_field_password: userPassword
 mail_ldap_filter: '(&(objectClass=simpleSecurityObject)({{mail_ldap_field_user}}=%u))'
 
 postfix_tls_policy: {}
+postfix_myhostname: '{{mail_server_fqdn}}'
+postfix_myorigin: '{{mail_server_fqdn}}'
+postfix_mynetworks: '::1, 127.0.0.1'
 
 dovecot_ldap_uris: "{{mail_ldap_uris}}"
 dovecot_ldap_ldaprc_path: /etc/ldap/ldap.conf

tasks/main.yml

@@ -60,7 +60,7 @@
 - name: vmail-user for Mailboxes
   user:
     name: vmail
-    uid: 999
+    uid: '{{postfix_vmail_uid}}'
     comment: Mailboxes
     group: vmail
     shell: /bin/false
@@ -89,20 +89,12 @@
     mode: 03700
 - name: '/var/mail domains'
   file:
-    dest: '/var/mail/{{item.key}}'
+    dest: '/var/mail/{{item}}'
     group: vmail
     owner: vmail
     state: directory
     mode: 03700
-  with_dict: '{{mail_domains}}'
-
-- name: opendkim.conf
-  copy:
-    src: opendkim.conf
-    dest: /etc
-    owner: root
-    group: root
-    mode: 0644
+  with_items: '{{mail_domains}}'
 
 - name: /etc/mailname
   copy:
@@ -123,17 +115,17 @@
     insertafter: '^#{{item.key}}[ \t]'
     line: '{{item.key}} {{item.value}}'
   with_dict:
-    Domain: '{{mail_domain}}'
-    KeyFile: '/etc/dkimkeys/{{dkim_selector}}.key'
+    Domain: '{{mail_server_fqdn}}'
+    KeyFile: '/etc/dkimkeys/{{mail_dkim_selector}}.key'
     Socket: local:/var/spool/postfix/milter/opendkim
-    Selector: '{{dkim_selector}}'
+    Selector: '{{mail_dkim_selector}}'
 
 - name: 'DKIM-key'
   shell: |
     set -e
     f={{item|quote}}
     ulimit 0400
-    opendkim-genkey --bits 2048 --domain {{mail_domain|quote}} --restrict --selector "$f"
+    opendkim-genkey --bits 2048 --domain {{mail_server_fqdn|quote}} --restrict --selector "$f"
     chown opendkim:root "$f.private" "$f.txt"
     mv "$f.private" "$f.key"
     mv "$f.txt" "$f.zone"
@@ -169,20 +161,17 @@
     mode: 0444
   with_fileglob: "systemd/default/*"
 
-- include_tasks:
-    name: postfix
-- include_tasks:
-    name: dovecot
-- include_tasks:
-    name: tls
+- include_tasks: postfix.yml
+- include_tasks: dovecot.yml
+- include_tasks: tls.yml
 
 - name: enabled services
   systemd:
     name: '{{item}}'
     daemon-reload: true
     enabled: true
-  with-items: [dovecot, postfix, opendkim, opendmarc, postsrsd]
+  with_items: [dovecot, postfix, opendkim, opendmarc, postsrsd]
 
 - name: reload/restart services
   shell: 'systemctl reload-or-restart {{item|quote}}'
-  with-items: [dovecot, postfix, opendkim, opendmarc, postsrsd]
+  with_items: [dovecot, postfix, opendkim, opendmarc, postsrsd]

tasks/postfix.yml

@@ -49,11 +49,11 @@
       #tls_high_cipherlist: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
       smtpd_tls_exclude_ciphers: MD5, DES, eNULL, 3DES, EXP, RC4, DSS, PSK, SEED, IDEA, ECDSA, aNULL
       smtpd_tls_eecdh_grade: strong
-      myhostname: '{{mail_postfix_domain}}'
-      myorigin: '{{mail_postfix_myorigin}}'
+      myhostname: '{{postfix_myhostname}}'
+      myorigin: '{{postfix_myorigin}}'
       mydestination: ''
       relayhost: ''
-      mynetworks: '{{mynetworks}}'
+      mynetworks: '{{postfix_mynetworks}}'
       recipient_delimiter: '+'
       inet_interfaces: 'all'
       #inet_protocols: 'ipv4'