diff --git a/host_vars/95.217.204.247.yml b/host_vars/95.217.204.247.yml index d449683..bd4b946 100644 --- a/host_vars/95.217.204.247.yml +++ b/host_vars/95.217.204.247.yml @@ -83,6 +83,8 @@ root_ssh_keypair: copy_plain_files: + # /root/bin/monitoring + # - name: monitoring_check_cert_for_dovecot.conf src_path: a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf @@ -91,6 +93,8 @@ copy_plain_files: src_path: a.mx/root/bin/monitoring/conf/check_webservice_load.conf dest_path: /root/bin/monitoring/conf/check_webservice_load.conf + # /root/bin/postfix + # - name: postfix_create_opendkim_key.conf src_path: a.mx/root/bin/postfix/conf/create_opendkim_key.conf dest_path: /root/bin/postfix/conf/create_opendkim_key.conf @@ -107,6 +111,24 @@ copy_plain_files: src_path: a.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf + # Postfix Firewall postfwd + # + - name: postfwd.bl-sender + src_path: a.mx/etc/postfix/postfwd.bl-sender + dest_path: /etc/postfix/postfwd.bl-sender + + - name: postfwd.bl-sender_domain + src_path: a.mx/etc/postfix/postfwd.bl-sender_domain + dest_path: /etc/postfix/postfwd.bl-sender_domain + + - name: postfwd.bl-user + src_path: a.mx/etc/postfix/postfwd.bl-user + dest_path: /etc/postfix/postfwd.bl-user + + - name: postfwd.wl-user + src_path: a.mx/etc/postfix/postfwd.wl-user + dest_path: /etc/postfix/postfwd.wl-user + copy_template_files: [] # diff --git a/host_vars/a.mx.oopen.de.yml b/host_vars/a.mx.oopen.de.yml index 902e4b9..bd4b946 100644 --- a/host_vars/a.mx.oopen.de.yml +++ b/host_vars/a.mx.oopen.de.yml @@ -83,6 +83,8 @@ root_ssh_keypair: copy_plain_files: + # /root/bin/monitoring + # - name: monitoring_check_cert_for_dovecot.conf src_path: a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf @@ -91,10 +93,8 @@ copy_plain_files: src_path: a.mx/root/bin/monitoring/conf/check_webservice_load.conf dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - - name: mysql_mysql_credetials.conf - src_path: a.mx/root/bin/mysql/conf/mysql_credetials.conf - dest_path: /root/bin/mysql/conf/mysql_credetials.conf - + # /root/bin/postfix + # - name: postfix_create_opendkim_key.conf src_path: a.mx/root/bin/postfix/conf/create_opendkim_key.conf dest_path: /root/bin/postfix/conf/create_opendkim_key.conf @@ -111,6 +111,24 @@ copy_plain_files: src_path: a.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf + # Postfix Firewall postfwd + # + - name: postfwd.bl-sender + src_path: a.mx/etc/postfix/postfwd.bl-sender + dest_path: /etc/postfix/postfwd.bl-sender + + - name: postfwd.bl-sender_domain + src_path: a.mx/etc/postfix/postfwd.bl-sender_domain + dest_path: /etc/postfix/postfwd.bl-sender_domain + + - name: postfwd.bl-user + src_path: a.mx/etc/postfix/postfwd.bl-user + dest_path: /etc/postfix/postfwd.bl-user + + - name: postfwd.wl-user + src_path: a.mx/etc/postfix/postfwd.wl-user + dest_path: /etc/postfix/postfwd.wl-user + copy_template_files: [] # @@ -125,8 +143,8 @@ copy_template_files: [] # --- hostname: a.mx.oopen.de -ipv4_address: 83.223.86.91 -ipv6_address: 2a01:30:0:13:2f7:50ff:fed2:cef7 +ipv4_address: 95.217.204.247 +ipv6_address: 2a01:4f9:4a:47e5::247 admin_email: argus@oopen.de is_relay_host: false @@ -211,6 +229,10 @@ template_files_mailsystem_script: src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2 dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf + - name: mailsystem_install_postfixadmin.conf + src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 + dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf + - name: mailsystem_install_postfixadmin.conf src_path: usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2 dest_path: /usr/local/src/mailsystem/conf/install_postfixadmin.conf diff --git a/host_vars/lxc-host-kb.anw-kb.netz.yml b/host_vars/lxc-host-kb.anw-kb.netz.yml new file mode 100644 index 0000000..049262e --- /dev/null +++ b/host_vars/lxc-host-kb.anw-kb.netz.yml @@ -0,0 +1,138 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "yes" + +sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2" + +sshd_pubkey_authentication: !!str "yes" + +sshd_password_authentication: !!str "yes" + + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + +#apt_manage_sources_list: false + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +create_sftp_group: true + + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: sysadm + + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$E/CfbXkLGX4ybZF1$2HGWN1OoNUtc8qiMH1KRY8KR59lF80ODLhHYobuW3VNxNhGCsF7Uze5Ef2WQaR3.LZaz4qLK418HXCFFpuO8/. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: localadmin + user_id: 1051 + group_id: 1051 + password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + + +extra_system_user: + - name: www-data + home: /var/www + groups: sftp_users + +sudo_users: + - chris + - sysadm + - localadmin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-server + repo: https://git.oopen.de/firewall/ipt-server + dest: /usr/local/src/ipt-server + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/hosts b/hosts index 1c29c60..f165e2f 100644 --- a/hosts +++ b/hosts @@ -26,6 +26,8 @@ gw-ro.oopen.de 172.16.72.1 gw-spr.oopen.de +gw-kb.oopen.de + gw-replacement.local.netz gw-replacement2.local.netz gw-replacement3.local.netz @@ -171,6 +173,8 @@ o36.oopen.de # Backup Faire Mobilitaet o37.oopen.de +lxc-host-kb.anw-kb.netz + [initial_setup] @@ -191,6 +195,8 @@ gw-ro.oopen.de gw-km.oopen.de gw-spr.oopen.de +gw-kb.oopen.de + gw-ckubu.local.netz gw-replacement.local.netz @@ -378,6 +384,8 @@ o36.oopen.de # Backup Faire Mobilitaet o37.oopen.de +lxc-host-kb.anw-kb.netz + # --- # O.OPEN office network # --- @@ -1082,6 +1090,8 @@ o30.oopen.de o32.oopen.de o35.oopen.de +lxc-host-kb.anw-kb.netz + # --- # O.OPEN office network # --- @@ -1412,6 +1422,8 @@ o36.oopen.de # Backup Faire Mobilitaet o37.oopen.de +lxc-host-kb.anw-kb.netz + # --- # so36.NET @@ -1440,6 +1452,8 @@ gw-opp.oopen.de gw-ro.oopen.de gw-spr.oopen.de +gw-kb.oopen.de + ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de ga-al-gw.ga.netz @@ -1483,6 +1497,8 @@ gw-opp.oopen.de gw-ro.oopen.de gw-spr.oopen.de +gw-kb.oopen.de + ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de ga-al-gw.ga.netz diff --git a/roles/common/files/a.mx/etc/postfix/postfwd.bl-sender b/roles/common/files/a.mx/etc/postfix/postfwd.bl-sender new file mode 100644 index 0000000..949241e --- /dev/null +++ b/roles/common/files/a.mx/etc/postfix/postfwd.bl-sender @@ -0,0 +1,12 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + +# --- +# Sender addresses blocked by postfwd +# --- + +# annoying spammer domains +.*@acieu.co.uk + +# annoying spammer addresses +error@mailfrom.com +sqek@eike.se diff --git a/roles/common/files/a.mx/etc/postfix/postfwd.bl-sender_domain b/roles/common/files/a.mx/etc/postfix/postfwd.bl-sender_domain new file mode 100644 index 0000000..98ca4e9 --- /dev/null +++ b/roles/common/files/a.mx/etc/postfix/postfwd.bl-sender_domain @@ -0,0 +1,9 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + +# --- +# Sender domains blocked by postfwd +# --- + +# annoying spammer domains +acieu.co.uk + diff --git a/roles/common/files/a.mx/etc/postfix/postfwd.bl-user b/roles/common/files/a.mx/etc/postfix/postfwd.bl-user new file mode 100644 index 0000000..8867e2a --- /dev/null +++ b/roles/common/files/a.mx/etc/postfix/postfwd.bl-user @@ -0,0 +1,6 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + +# --- +# SASL Users blocked by postfwd +# --- + diff --git a/roles/common/files/a.mx/etc/postfix/postfwd.wl-user b/roles/common/files/a.mx/etc/postfix/postfwd.wl-user new file mode 100644 index 0000000..f020728 --- /dev/null +++ b/roles/common/files/a.mx/etc/postfix/postfwd.wl-user @@ -0,0 +1,10 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + +# --- +# SASL Users whitelisted by postfwd +# --- + +abo@akweb.de +vertrieb@akweb.de +presse@mbr-berlin.de + diff --git a/roles/common/files/a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf b/roles/common/files/a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf index a14b911..8910c6a 100644 --- a/roles/common/files/a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf +++ b/roles/common/files/a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf @@ -1,3 +1,5 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + #--------------------------------------- #----------------------------- # Settings for script check_cert_for_dovecot.sh diff --git a/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf index 6b84d2d..c215918 100644 --- a/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf +++ b/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf @@ -1,3 +1,5 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + #--------------------------------------- #----------------------------- # Settings diff --git a/roles/common/files/a.mx/root/bin/postfix/conf/create_opendkim_key.conf b/roles/common/files/a.mx/root/bin/postfix/conf/create_opendkim_key.conf index aded3df..5afd9c2 100644 --- a/roles/common/files/a.mx/root/bin/postfix/conf/create_opendkim_key.conf +++ b/roles/common/files/a.mx/root/bin/postfix/conf/create_opendkim_key.conf @@ -1,3 +1,5 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + # --------------------------------------------------------- # - Parameter Settings for script 'create_opendkim_key.sh'. # --------------------------------------------------------- diff --git a/roles/common/files/a.mx/root/bin/postfix/conf/postfix_add_mailboxes.conf b/roles/common/files/a.mx/root/bin/postfix/conf/postfix_add_mailboxes.conf index 3cffedf..18f5848 100644 --- a/roles/common/files/a.mx/root/bin/postfix/conf/postfix_add_mailboxes.conf +++ b/roles/common/files/a.mx/root/bin/postfix/conf/postfix_add_mailboxes.conf @@ -1,3 +1,5 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + # ---------------------------------------------------- # --- # - Parameter Settings for script 'postfix_add_mailboxes.sh'. diff --git a/roles/common/files/a.mx/root/bin/postfix/conf/sent_userinfo_postfix.conf b/roles/common/files/a.mx/root/bin/postfix/conf/sent_userinfo_postfix.conf index 56574b2..1ce0fff 100644 --- a/roles/common/files/a.mx/root/bin/postfix/conf/sent_userinfo_postfix.conf +++ b/roles/common/files/a.mx/root/bin/postfix/conf/sent_userinfo_postfix.conf @@ -1,3 +1,5 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + # ---------------------------------------------------- # --- # - Parameter Settings for script 'sent_userinfo_postfix.sh'. diff --git a/roles/common/files/a.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf b/roles/common/files/a.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf index e7cf6b5..11c60fa 100644 --- a/roles/common/files/a.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf +++ b/roles/common/files/a.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf @@ -1,3 +1,5 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + # ====================================================== # --- # Parameter Settings for Script 'whitelist_mb_sigs.conf' diff --git a/roles/common/files/e.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf b/roles/common/files/e.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf index a14b911..133ceef 100644 --- a/roles/common/files/e.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf +++ b/roles/common/files/e.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf @@ -14,7 +14,7 @@ # - service_domain="mx.warenform.de" # - #service_domain="" -service_domain="a.mx.oopen.de" +service_domain="e.mx.oopen.de" # - service_name diff --git a/roles/common/templates/usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2 b/roles/common/templates/usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2 index 302e6ba..2946ffd 100644 --- a/roles/common/templates/usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2 +++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2 @@ -52,6 +52,14 @@ ipv4="{{ ipv4_address | default(omit) }}" ipv6="{{ ipv6_address | default(omit) }}" +# - Webserver User +# - +# - defaults to: +# - http_user=www-data +# - +#http_user="www-data" + + # --- # - Listener configuration # ---