ansible-role-disposable-mail/defaults/main.yml

---
postfix_domain: ""
postfix_virtual_domains: []
postfix_virtual_mailbox_base: /var/disposable-mail

postfix_smtpd_banner: "$myhostname ESMTP $mail_name ({{ postfix_domain }})"
dkim_selector: mail
dkim_key_path: /etc/dkimkeys
#postfix_hostname: "{{ dkim_selector }}.{{ postfix_domain }}"
imap_bind_address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}"
#postfix_maildir_user: maildir
#postfix_inet_interfaces: all
#postfix_mynetworks:
#  - 127.0.0.0/8

#postfix_inet_protocols: ipv4
postfix_mydestination:
  - $myhostname

#smtpd_tls_security_level: may
# https://www.postfix.org/SMTPD_ACCESS_README.html
postfix_smtpd_relay_restrictions:
  - permit_mynetworks
  - permit_sasl_authenticated
  - reject_unauth_destination
postfix_smtpd_recipient_restrictions:
  - permit_mynetworks
  - permit_sasl_authenticated
  - reject_unauth_destination

postfix_raw_options:
  # https://www.postfix.org/MILTER_README.html
  - |
    smtpd_milters = unix:opendkim/opendkim.sock     
  - |
    non_smtpd_milters = $smtpd_milters    

postfix_smtpd_client_connection_count_limit: 5 
postfix_smtpd_client_connection_rate_limit: 30
postfix_smtpd_client_message_rate_limit: 3 
postfix_smtpd_client_new_tls_session_rate_limit: 3 
postfix_smtpd_client_auth_rate_limit: 3 

postfix_install:
  - postfix
# - mailutils
  - libsasl2-2
# - sasl2-bin
  - libsasl2-modules

postfix_hostname: "{{ ansible_fqdn }}"
postfix_mailname: "{{ ansible_fqdn }}"

postfix_default_database_type: hash
postfix_aliases: []
postfix_virtual_aliases: []
postfix_sender_canonical_maps: []
postfix_sender_canonical_maps_database_type: "{{ postfix_default_database_type }}"
postfix_recipient_canonical_maps: []
postfix_recipient_canonical_maps_database_type: "{{ postfix_default_database_type }}"
postfix_transport_maps: []
postfix_transport_maps_database_type: "{{ postfix_default_database_type }}"
postfix_sender_dependent_relayhost_maps: []
postfix_header_checks: []
postfix_header_checks_database_type: regexp
postfix_generic: "{{ postfix_smtp_generic_maps }}"
postfix_smtp_generic_maps: []
postfix_smtp_generic_maps_database_type: "{{ postfix_default_database_type }}"

postfix_relayhost: ''
postfix_relayhost_mxlookup: false
postfix_relayhost_port: 587
postfix_relaytls: false

postfix_sasl_auth_enable: true
postfix_sasl_user: "postmaster@{{ ansible_domain }}"
postfix_sasl_password: "{{ lookup('ansible.builtin.env', 'POSTFIX_SASL_PASSWORD') }}"
postfix_sasl_security_options: noanonymous
postfix_sasl_tls_security_options: noanonymous
postfix_sasl_mechanism_filter: ''

postfix_smtp_tls_security_level: encrypt
postfix_smtp_tls_wrappermode: false
postfix_smtp_tls_note_starttls_offer: true

postfix_inet_interfaces: all
postfix_inet_protocols: all
#postfix_mydestination:
#  - "{{ postfix_hostname }}"
#  - localdomain
#  - localhost
#  - localhost.localdomain
postfix_mynetworks:
  - 127.0.0.0/8
  - '[::ffff:127.0.0.0]/104'
  - '[::1]/128'

#postfix_smtpd_banner: '$myhostname ESMTP $mail_name'
postfix_disable_vrfy_command: true
postfix_message_size_limit: 10240000

postfix_smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
postfix_smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
postfix_smtpd_tls_security_level: may
postfix_smtp_tls_CApath: /etc/ssl/certs
postfix_smtpd_sasl_type: dovecot
postfix_smtpd_sasl_security_options: noanonymous, noplaintext, forward_secrecy
# path outside of chroot: /var/spool/postfix/private/auth
postfix_smtpd_sasl_path: private/auth

#postfix_raw_options: []

#postfix_virtual_mailbox_base: /var/mail
postfix_virtual_mailbox_maps: /etc/postfix/vmailbox
#postfix_virtual_uid: 1000
#postfix_virtual_gid: 1000
postfix_maildir_user: maildir

force_dovecot_passwd_file_maildir_ids: false # useful when recovering from backup

# robertdebock.dovecot
dovecot_mailbox_location: "maildir:{{ postfix_virtual_mailbox_base }}/{{ postfix_domain }}/%n"