diff --git a/group_vars/all.yml b/group_vars/all.yml index e67a913f..50727055 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,13 +1,13 @@ --- - ### mgrote.postfix-gmail empfaenger_mail: michael.grote@posteo.de - gmail_nutzer_gmail: michael.grote@gmail.com - gmail_nutzer_passwort: "{{ lookup('keepass', 'gmail_nutzer_passwort', 'password') }}" - gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" - gmail_mail_nach_cronjob: false - gmail_smtp_server: smtp.gmail.com - gmail_smtp_server_port: 587 - gmail_smtp_use_tls: "yes" + ### mgrote.postfix + postfix_absender_mailadresse: info@mgrote.net + postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}" + postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" + postfix_mail_nach_cronjob: false + postfix_smtp_server: smtp.strato.de + postfix_smtp_server_port: 587 + postfix_smtp_use_tls: "yes" ### mgrote.set_apt_sources acng_server: acng.grote.lan acng_server_port: 9999 @@ -33,6 +33,8 @@ f2b_bantime: 300 f2b_findtime: 300 f2b_maxretry: 5 + f2b_destemail: "{{ empfaenger_mail }}" + f2b_sender: "{{ postfix_absender_mailadresse }}" ### oefenweb.ufw ufw_rules: - rule: allow diff --git a/keepass_db.kdbx b/keepass_db.kdbx index 09e66ae1..1b918a1e 100644 Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ diff --git a/playbooks/base/6_haertung.yml b/playbooks/base/6_haertung.yml index cb1eae0a..69c91813 100644 --- a/playbooks/base/6_haertung.yml +++ b/playbooks/base/6_haertung.yml @@ -2,6 +2,7 @@ - hosts: all roles: - { role: mgrote.fail2ban, tags: "f2b" } + - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.deactivate_ssh_password_login, tags: "ssh" } - { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt tags: "ufw", diff --git a/playbooks/on-off/f2b.yml b/playbooks/on-off/f2b.yml index ee346697..5eed98cd 100644 --- a/playbooks/on-off/f2b.yml +++ b/playbooks/on-off/f2b.yml @@ -2,5 +2,5 @@ - hosts: testeinzeln become: yes roles: - - { role: mgrote.postfix-gmail, tags: "postfix-gmail" } + - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.fail2ban, tags: "f2b" } diff --git a/playbooks/service/fileserver.yml b/playbooks/service/fileserver.yml index a57ab311..33a4e68c 100644 --- a/playbooks/service/fileserver.yml +++ b/playbooks/service/fileserver.yml @@ -14,5 +14,5 @@ --- - hosts: storage roles: - - { role: mgrote.postfix-gmail, tags: "gmail" } + - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.fileserver_smb, tags: "fileserver_smb" } diff --git a/playbooks/service/pve.yml b/playbooks/service/pve.yml index 349fa84a..32e9dbeb 100644 --- a/playbooks/service/pve.yml +++ b/playbooks/service/pve.yml @@ -5,7 +5,7 @@ - { role: mgrote.apcupsd, tags: "apcupsd" } - { role: mgrote.smart, tags: "smart" } - { role: mgrote.zfs_tools, tags: "zfs_tools" } - - { role: mgrote.postfix-gmail, tags: "postfix-gmail" } + - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.sanoid, tags: "sanoid" } - { role: mgrote.ecc-rasdaemon, tags: "ecc", diff --git a/roles/mgrote.apcupsd/README.md b/roles/mgrote.apcupsd/README.md index c3c65f3e..48224127 100644 --- a/roles/mgrote.apcupsd/README.md +++ b/roles/mgrote.apcupsd/README.md @@ -2,7 +2,7 @@ ### Beschreibung Installiert APCUPSD fuer eine APC UPS mit USB Verbindung. -Benoetigt mgrote.postfix-gmail. +Benoetigt mgrote.postfix. https://linux.die.net/man/5/apcupsd.conf ### Funktioniert auf diff --git a/roles/mgrote.apcupsd/meta/main.yml b/roles/mgrote.apcupsd/meta/main.yml index c0512f74..ad9041df 100644 --- a/roles/mgrote.apcupsd/meta/main.yml +++ b/roles/mgrote.apcupsd/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix galaxy_info: author: mgrote description: installs apcupsd diff --git a/roles/mgrote.fail2ban/defaults/main.yml b/roles/mgrote.fail2ban/defaults/main.yml index e69366ae..fb532d00 100644 --- a/roles/mgrote.fail2ban/defaults/main.yml +++ b/roles/mgrote.fail2ban/defaults/main.yml @@ -3,3 +3,5 @@ f2b_bantime: 60 f2b_findtime: 600 f2b_maxretry: 5 + f2b_destemail: michael.grote@posteo.de + f2b_sender: info@mgrote.net diff --git a/roles/mgrote.fail2ban/meta/main.yml b/roles/mgrote.fail2ban/meta/main.yml index fbdfc873..8737962d 100644 --- a/roles/mgrote.fail2ban/meta/main.yml +++ b/roles/mgrote.fail2ban/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix diff --git a/roles/mgrote.fail2ban/templates/jail.local b/roles/mgrote.fail2ban/templates/jail.local index 8bc1041f..3485e9e6 100644 --- a/roles/mgrote.fail2ban/templates/jail.local +++ b/roles/mgrote.fail2ban/templates/jail.local @@ -6,8 +6,8 @@ findtime = {{ f2b_findtime }} maxretry = {{ f2b_maxretry }} # Mail Reporting -destemail = michael.grote@posteo.de -sender = michael.grote@gmail.com +destemail = {{ f2b_destemail }} +sender = {{ f2b_sender }} # to ban & send an e-mail with whois report to the destemail. #action = %(action_mw)s diff --git a/roles/mgrote.postfix-gmail/defaults/main.yml b/roles/mgrote.postfix-gmail/defaults/main.yml deleted file mode 100644 index 9c84dec8..00000000 --- a/roles/mgrote.postfix-gmail/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - gmail_mail_nach_cronjob: false - gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" - gmail_smtp_server: smtp.gmail.com - gmail_smtp_server_port: 587 - gmail_smtp_use_tls: yes diff --git a/roles/mgrote.postfix-gmail/templates/main.cf b/roles/mgrote.postfix-gmail/templates/main.cf deleted file mode 100644 index c8da501f..00000000 --- a/roles/mgrote.postfix-gmail/templates/main.cf +++ /dev/null @@ -1,13 +0,0 @@ -relayhost = [{{ gmail_smtp_server }}]:{{ gmail_smtp_server_port }} -smtp_use_tls = {{ gmail_smtp_use_tls }} -smtp_sasl_auth_enable = yes -smtp_sasl_security_options = -smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd -smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache -smtp_tls_session_cache_timeout = 3600s -inet_protocols = ipv4 -append_dot_mydomain = no - -mynetworks = {{ gmail_postfix_erlaubte_netzwerke }} - -smtpd_relay_restrictions = permit_mynetworks diff --git a/roles/mgrote.postfix-gmail/templates/sasl_passwd b/roles/mgrote.postfix-gmail/templates/sasl_passwd deleted file mode 100644 index 9a52ffe5..00000000 --- a/roles/mgrote.postfix-gmail/templates/sasl_passwd +++ /dev/null @@ -1 +0,0 @@ -{{ gmail_smtp_server }} {{ gmail_nutzer_gmail }}:{{ gmail_nutzer_passwort }} diff --git a/roles/mgrote.postfix-gmail/README.md b/roles/mgrote.postfix/README.md similarity index 50% rename from roles/mgrote.postfix-gmail/README.md rename to roles/mgrote.postfix/README.md index d41509ea..c04b15b9 100644 --- a/roles/mgrote.postfix-gmail/README.md +++ b/roles/mgrote.postfix/README.md @@ -1,7 +1,7 @@ -## mgrote.postfix-gmail +## mgrote.postfix ### Beschreibung -Installiert und konfiguriert postfix fuer den GMail. +Installiert und konfiguriert postfix. ### Funktioniert auf - [x] Ubuntu (>=18.04) @@ -11,11 +11,11 @@ Installiert und konfiguriert postfix fuer den GMail. ### Variablen + Defaults ##### Wer soll die Mails bekommen. empfaenger_mail: michael.grote@posteo.de -##### Nutzer fuer GMail -gmail_nutzer_gmail: michael.grote@gmail.com -##### Passwort fuer GMail -gmail_nutzer_passwort: FKXaOXXXXXX5kHC +##### Nutzer +postfix_absender_mailadresse: info@mgrote.net +##### Passwort +postfix_absender_passwort: FKXaOXXXXXX5kHC ##### Soll nach Aufuehrung eines cronjobs eine Mail versendet werden? -gmail_mail_nach_cronjob: false +postfix_mail_nach_cronjob: false ##### Netzwerke aus denen postfix Mails annimmt -gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" +postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" diff --git a/roles/mgrote.postfix-gmail/handlers/main.yml b/roles/mgrote.postfix/handlers/main.yml similarity index 71% rename from roles/mgrote.postfix-gmail/handlers/main.yml rename to roles/mgrote.postfix/handlers/main.yml index a83d51b5..1c610b42 100644 --- a/roles/mgrote.postfix-gmail/handlers/main.yml +++ b/roles/mgrote.postfix/handlers/main.yml @@ -1,7 +1,11 @@ - - name: create_db_passwordfile + - name: hash_sasl_passwd become: yes command: /usr/sbin/postmap hash:/etc/postfix/sasl_passwd + - name: hash_sender_canonical + become: yes + command: /usr/sbin/postmap hash:/etc/postfix/sender_canonical + - name: postfix_reload become: yes systemd: diff --git a/roles/mgrote.postfix-gmail/tasks/main.yml b/roles/mgrote.postfix/tasks/main.yml similarity index 68% rename from roles/mgrote.postfix-gmail/tasks/main.yml rename to roles/mgrote.postfix/tasks/main.yml index c08ac580..cfe46f66 100644 --- a/roles/mgrote.postfix-gmail/tasks/main.yml +++ b/roles/mgrote.postfix/tasks/main.yml @@ -16,7 +16,17 @@ dest: /etc/postfix/sasl_passwd force: yes notify: - - create_db_passwordfile + - hash_sasl_passwd + - postfix_testmail + + - name: kopiere sender_canonical + become: yes + ansible.builtin.template: + src: sender_canonical + dest: /etc/postfix/sender_canonical + notify: + - hash_sender_canonical + - postfix_reload - postfix_testmail - name: kopiere postfix_main.cf @@ -30,7 +40,7 @@ - name: Mail Cronjob - Anlegen become: yes - when: gmail_mail_nach_cronjob # ohne parameter wird auf true geprueft https://www.buildahomelab.com/2018/11/12/using-ansible-when-statements/ + when: postfix_mail_nach_cronjob # ohne parameter wird auf true geprueft https://www.buildahomelab.com/2018/11/12/using-ansible-when-statements/ ansible.builtin.cron: name: MAILTO env: yes @@ -40,7 +50,7 @@ - name: Mail Cronjob - Entfernen become: yes - when: not gmail_mail_nach_cronjob + when: not postfix_mail_nach_cronjob ansible.builtin.cron: name: MAILTO env: yes diff --git a/roles/mgrote.postfix/templates/main.cf b/roles/mgrote.postfix/templates/main.cf new file mode 100644 index 00000000..cea9b28a --- /dev/null +++ b/roles/mgrote.postfix/templates/main.cf @@ -0,0 +1,13 @@ +relayhost = [{{ postfix_smtp_server }}]:{{ postfix_smtp_server_port }} +smtp_use_tls = {{ postfix_smtp_use_tls }} +smtp_sasl_auth_enable = {{ postfix_smtp_sasl_auth_enable }} +smtp_sasl_security_options = +smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd +smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache +smtp_tls_session_cache_timeout = {{ postfix_smtp_tls_session_cache_timeout }} +inet_protocols = {{ postfix_inet_protocols }} +append_dot_mydomain = {{ postfix_append_dot_mydomain }} +mynetworks = {{ postfix_erlaubte_netzwerke }} +smtpd_relay_restrictions = permit_mynetworks +sender_canonical_classes = envelope_sender, header_sender +sender_canonical_maps = regexp:/etc/postfix/sender_canonical diff --git a/roles/mgrote.postfix/templates/sasl_passwd b/roles/mgrote.postfix/templates/sasl_passwd new file mode 100644 index 00000000..31c5492d --- /dev/null +++ b/roles/mgrote.postfix/templates/sasl_passwd @@ -0,0 +1 @@ +{{ postfix_smtp_server }} {{ postfix_absender_mailadresse }}:{{ postfix_absender_passwort }} diff --git a/roles/mgrote.postfix/templates/sender_canonical b/roles/mgrote.postfix/templates/sender_canonical new file mode 100644 index 00000000..a77cfc7d --- /dev/null +++ b/roles/mgrote.postfix/templates/sender_canonical @@ -0,0 +1 @@ +/.+/ {{ postfix_absender_mailadresse }} diff --git a/roles/mgrote.restic/meta/main.yml b/roles/mgrote.restic/meta/main.yml index b3cb6676..2c0c14d6 100644 --- a/roles/mgrote.restic/meta/main.yml +++ b/roles/mgrote.restic/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix diff --git a/roles/mgrote.smart/meta/main.yml b/roles/mgrote.smart/meta/main.yml index 3e1b6539..89beb0c1 100644 --- a/roles/mgrote.smart/meta/main.yml +++ b/roles/mgrote.smart/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix galaxy_info: author: mgrote description: installs smartctl and configures it diff --git a/roles/mgrote.zfs_tools/README.md b/roles/mgrote.zfs_tools/README.md index 495daf46..652df2ad 100644 --- a/roles/mgrote.zfs_tools/README.md +++ b/roles/mgrote.zfs_tools/README.md @@ -3,7 +3,7 @@ ### Beschreibung Aktiviert die Mail Funktion von ZED (ZFS Event Daemon). Setzt die maximale ARC-Groesse. -Benoetigt "mgrote.postfix-gmail". +Benoetigt "mgrote.postfix". Richtet regelmaessige Scrubs(jeden Sonntag) und Trim(alle 4 Monate) ein. Richtet "zfs_health.sh", ein ZFS-Checkscript das auch Mails versendet bei Fehlern. Deaktiviert das mitinstallierte scrub-Script in /etc/cron.d/zfsutils-linux. diff --git a/roles/mgrote.zfs_tools/meta/main.yml b/roles/mgrote.zfs_tools/meta/main.yml index 56f9f145..c56a97fa 100644 --- a/roles/mgrote.zfs_tools/meta/main.yml +++ b/roles/mgrote.zfs_tools/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix galaxy_info: author: mgrote description: installs zfs-tools