Merge pull request #24 from Oefenweb/make-sasl-more-configurable

Make SASL more configurable
Oefenweb · Apr 13, 2016 · 4f14a1e · 4f14a1e
2 parents 5b0acb9 + 2a9246a
commit 4f14a1e
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -17,8 +17,10 @@ None
  * `postfix_mynetworks` [default: `['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128']`]: The list of "trusted" remote SMTP clients that have more privileges than "strangers"
  * `postfix_inet_interfaces` [default: `all`]: Network interfaces to bind ([see](http://www.postfix.org/postconf.5.html#inet_interfaces))
  * `postfix_inet_protocols` [default: `all`]: The Internet protocols Postfix will attempt to use when making or accepting connections ([see](http://www.postfix.org/postconf.5.html#inet_protocols))
+ * `postfix_sasl_auth_enable` [default: `true`]: Enable SASL authentication in the SMTP client
  * `postfix_relayhost` [default: `false` (no relay host)]: Hostname to relay all email to
  * `postfix_relayhost_port` [default: 587]: Relay port (on `postfix_relayhost`, if set)
+ * `postfix_sasl_security_options` [default: `noanonymous`]: SMTP client SASL security options
  * `postfix_relaytls` [default: `false`]: Use TLS when sending with a relay host
  * `postfix_sasl_user` [default: `postmaster@{{ ansible_domain }}`]: SASL relay username
  * `postfix_sasl_password` [default: `k8+haga4@#pR`]: SASL relay password **Make sure to change!**
@@ -69,6 +71,20 @@ For AWS SES support:
     postfix_sasl_password: ASDFXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 ```
 
+For MailHog support:
+```yaml
+---
+- hosts: all
+  roles:
+    - postfix
+  vars:
+    postfix_aliases:
+      - { user: root, alias: [email protected] }
+    postfix_relayhost: "{{ ansible_lo['ipv4']['address'] }}"
+    postfix_relayhost_port: 1025
+    postfix_sasl_auth_enable: false
+```
+
 #### License
 
 MIT

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -12,8 +12,10 @@ postfix_aliases: []
 postfix_relayhost: false
 postfix_relayhost_port: 587
 postfix_relaytls: false
+postfix_sasl_auth_enable: true
 postfix_sasl_user: "postmaster@{{ ansible_domain }}"
 postfix_sasl_password: 'k8+haga4@#pR'
+postfix_sasl_security_options: noanonymous
 postfix_inet_interfaces: all
 postfix_inet_protocols: all
 postfix_mynetworks:

diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
@@ -40,9 +40,11 @@ inet_protocols = {{ postfix_inet_protocols }}
 
 {% if postfix_relayhost %}
 relayhost = [{{ postfix_relayhost }}]:{{ postfix_relayhost_port }}
-smtp_sasl_auth_enable = yes
+{% if postfix_sasl_auth_enable %}
+smtp_sasl_auth_enable = {{ 'yes' if postfix_sasl_auth_enable else 'no' }}
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
+smtp_sasl_security_options = {{ postfix_sasl_security_options }}
+{% endif %}
 {% if postfix_relaytls %}
 smtp_use_tls = yes
 smtp_tls_security_level = encrypt