Mercurial > code > home > repos > infra

changeset 16:c5784e3d4f8d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mail/postfix setup on prime
author drewp@bigasterisk.com
date Sat, 13 Nov 2021 13:51:26 -0800
parents 516a91a3ec08
children 0c1496e11b8f
files mail.py tasks.py templates/mail/main.cf.j2 templates/mail/mydestination.j2
diffstat 4 files changed, 126 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mail.py	Sat Nov 13 13:51:26 2021 -0800
@@ -0,0 +1,19 @@
+from pyinfra import host
+from pyinfra.operations import apt, files, server, systemd
+
+if host.name == 'prime':
+    apt.packages(packages=['postfix', 'isync'])
+    files.template(src='templates/mail/main.cf.j2', dest='/etc/postfix/main.cf')
+    files.template(src='templates/mail/mydestination.j2', dest='/etc/postfix/mydestination')
+    files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access')
+    files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual')
+
+    server.shell(commands=['postfix reload'])
+    systemd.service(service='postfix.service', enabled=True, running=True)
+    # maybe needs 'postfix@-.service', unclear
+
+    # something to run ~drewp/mbsync/go at startup
+
+    # maybe freshen the mbsync client cert when we're running this deploy, too
+
+# other machines, route mail to bang or prime for delivery
--- a/tasks.py	Sat Nov 13 12:13:54 2021 -0800
+++ b/tasks.py	Sat Nov 13 13:51:26 2021 -0800
@@ -52,5 +52,10 @@
 
 
 @task
+def mail(ctx):
+    ctx.run(cmd + 'inventory.py mail.py -vv', pty=True)
+
+
+@task
 def get_fact(ctx, host='dash', fact='server.LinuxDistribution'):
     ctx.run(cmd + f'{host} -vv fact {fact}', pty=True)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/mail/main.cf.j2	Sat Nov 13 13:51:26 2021 -0800
@@ -0,0 +1,85 @@
+# written by pyinfra
+
+smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/self1-ca.crt
+smtpd_tls_key_file=/etc/ssl/certs/self1-ca.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_tls_loglevel = 0
+smtpd_tls_security_level = may
+smtpd_tls_received_header = yes
+   
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = bigasterisk.com
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = bigasterisk.com
+mydestination = /etc/postfix/mydestination
+relayhost = 
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.1.0.0/16 10.3.0.0/16 10.5.0.0/24 192.168.0.3/32 [fc7b:54e8:69a9:e165:86c8:9d42:6cc5:b2a1]/128 [fcc8:29d:5660:ec63:754f:37af:de4a:a9df]/128
+#mailbox_command = procmail -a "$EXTENSION"
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+html_directory = /usr/share/doc/postfix/html
+
+home_mailbox = Maildir/
+
+# http://www.postfix.org/LOCAL_RECIPIENT_README.html
+#local_recipient_maps = /etc/postfix/local_recipient
+
+# http://www.spamcop.net/fom-serve/cache/349.html
+# upgraded, per http://www.wrightthisway.com/Articles/000062.html
+
+smtpd_recipient_restrictions =
+    permit_mynetworks, 
+    permit_sasl_authenticated,
+#    check_client_access  /etc/passwd somehow?
+    reject_invalid_hostname, 
+    reject_non_fqdn_sender, 
+    reject_non_fqdn_recipient, 
+    reject_unknown_sender_domain, 
+    reject_unknown_recipient_domain, 
+    reject_unauth_pipelining, 
+    permit_tls_clientcerts,
+    reject_unauth_destination, 
+    check_sender_access hash:/etc/postfix/sender_access,
+    reject_rbl_client bl.spamcop.net,
+    permit
+
+
+# no dovecot
+smtpd_sasl_type = cyrus
+cyrus_sasl_config_path = /etc/postfix/sasl/
+
+# yes dovecot
+#smtpd_sasl_type = dovecot
+#smtpd_sasl_path = private/auth
+
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
+smtpd_tls_auth_only = yes
+
+queue_directory = /var/spool/postfix
+
+virtual_alias_domains = adkinslawgroup.com iveseenyoubefore.com fantasyfamegame.com maxradi.us whopickedthis.com quickwitretort.com drewp.quickwitretort.com kelsi.quickwitretort.com photo.bigasterisk.com whatsplayingnext.com williamperttula.com        
+
+virtual_alias_maps = hash:/etc/postfix/virtual
+
+message_size_limit = 50000000
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/mail/mydestination.j2	Sat Nov 13 13:51:26 2021 -0800
@@ -0,0 +1,17 @@
+localhost
+localhost.bigasterisk.com
+10.1.0.1
+a.mx.bigasterisk.com
+bang.bigasterisk.com
+bigast.com
+bigasterisk.com
+dash.bigasterisk.com
+mail.bigasterisk.com
+www.bigasterisk.com
+chitty.bigasterisk.com
+cuisine.bigasterisk.com
+dot.bigasterisk.com
+drewp.quickwitretort.com
+kelsi.quickwitretort.com
+maxradi.us
+williamperttula.com