Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 20. Configuring Postfix MTA by using RHEL system roles
You can use the postfix RHEL system role to consistently manage configurations of the Postfix mail transfer agent (MTA) in an automated fashion.
Deploying Postfix configurations are helpful when you need for example:
- Stable mail server: enables system administrators to configure a fast and scalable server for sending and receiving emails.
- Secure communication: supports features such as TLS encryption, authentication, domain blacklisting, and more, to ensure safe email transmission.
- Improved email management and routing: implements filters and rules so that you have control over your email traffic.
The postfix_conf dictionary holds key-value pairs of the supported Postfix configuration parameters. Those keys that Postfix does not recognize as supported are ignored. The postfix RHEL system role directly passes the key-value pairs that you provide to the postfix_conf dictionary without verifying their syntax or limiting them. Therefore, the role is especially useful to those familiar with Postfix, and who know how to configure it.
20.1. Configuring Postfix as a null client for only sending outgoing emails
You can use the postfix RHEL system role to automate configuring Postfix as a null client for sending outgoing emails.
A null client is a special configuration, where the Postfix server is set up only to send outgoing emails, but not receive any incoming emails. Such a setup is widely used in scenarios where you need to send notifications, alerts, or logs; but receiving or managing emails is not needed.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes.
Procedure
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Manage Postfix hosts: managed-node-01.example.com tasks: - name: Configure null client for only sending outgoing emails ansible.builtin.include_role: name: redhat.rhel_system_roles.postfix vars: postfix_conf: myhostname: server.example.com myorigin: "$mydomain" relayhost: smtp.example.com inet_interfaces: loopback-only mydestination: "" relay_domains: "{{ postfix_default_database_type }}:/etc/postfix/relay_domains" postfix_files: - name: relay_domains postmap: true content: | example.com OK example.net OKThe settings specified in the example playbook include the following:
myhostname: <server.example.com>- The internet hostname of this mail system. Defaults to the fully-qualified domain name (FQDN).
myorigin: $mydomain-
The domain name that locally-posted mail appears to come from and that locally posted mail is delivered to. Defaults to
$myhostname. relayhost: <smtp.example.com>- The next-hop destination(s) for non-local mail, overrides non-local domains in recipient addresses. Defaults to an empty field.
inet_interfaces: loopback-only- Defines which network interfaces the Postfix server listens on for incoming email connections. It controls whether and how the Postfix server accepts email from the network.
mydestination- Defines which domains and hostnames are considered local.
relay_domains: "{{ postfix_default_database_type }}:/etc/postfix/relay_domains"-
Specifies the domains that Postfix can forward emails to when it is acting as a relay server (SMTP relay). In this case the domains will be generated by the
postfix_filesvariable. The postfix_default_database_type variable contains the database type which is set in the "default_database_type" Postfix parameter. On RHEL 10, you have to userelay_domains: "{{ postfix_default_database_type }}:/etc/postfix/relay_domains". postfix_files-
Defines a list of files that will be placed in the
/etc/postfix/directory. Those files can be converted into Postfix Lookup Tables if needed. In this casepostfix_filesgenerates domain names for the SMTP relay.
For details about the role variables and the Postfix configuration parameters used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.postfix/README.mdfile and thepostconf(5)manual page on the control node.Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}