From fc85d25eaf85c8b1981016e5d750908139a20c55 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 16:50:23 +0200 Subject: [PATCH] added quoting --- roles/mailserver/tasks/configure_postfix.yml | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml index c8ae7cd..a2418da 100644 --- a/roles/mailserver/tasks/configure_postfix.yml +++ b/roles/mailserver/tasks/configure_postfix.yml @@ -8,17 +8,17 @@ - {key: "biff", value: "no"} - {key: "broken_sasl_auth_clients", value: "yes"} - {key: "compatibility_level", value: "2"} - - {key: "debugger_command", value: "PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5"} + - {key: "debugger_command", value: "'PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5'"} - {key: "default_destination_concurrency_limit", value: "2"} - {key: "dovecot_destination_recipient_limit", value: "1"} - {key: "header_checks", value: "regexp:/etc/postfix/header_checks"} - - {key: "inet_protocols", value: "ipv4, ipv6"} + - {key: "inet_protocols", value: "'ipv4, ipv6'"} - {key: "mailbox_size_limit", value: "0"} - {key: "mailbox_transport", value: "dovecot"} - {key: "maillog_file", value: "/var/log/postfix.log"} - {key: "message_size_limit", value: "0"} - {key: "milter_default_action", value: "accept"} - - {key: "mydestination", value: "localhost, kashyyyk, coruscant"} + - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"} - {key: "myhostname", value: "kashyyyk.universe.local"} - {key: "mynetworks", value: "{{ mynetworks }}"} - {key: "mynetworks_style", value: "subnet"} @@ -28,7 +28,7 @@ - {key: "sender_canonical_maps", value: "hash:/etc/postfix/sender-canonical"} - {key: "sender_dependent_relayhost_maps", value: "hash:/etc/postfix/sender_dependent_relayhost_map"} - {key: "smtp_sasl_auth_enable", value: "yes"} - - {key: "smtp_sasl_mechanism_filter", value: "!gssapi, !external, static:all"} + - {key: "smtp_sasl_mechanism_filter", value: "'!gssapi, !external, static:all'"} - {key: "smtp_sasl_password_maps", value: "hash:/etc/postfix/saslpass"} - {key: "smtp_sasl_security_options", value: "noanonymous"} - {key: "smtp_sender_dependent_authentication", value: "yes"} @@ -38,37 +38,37 @@ - {key: "smtp_tls_security_level", value: "may"} - {key: "smtp_tls_session_cache_database", value: "btree:/var/lib/postfix/smtp_scache"} - {key: "smtpd_data_restrictions", value: "reject_unauth_pipelining"} - - {key: "smtpd_etrn_restrictions", value: "permit_mynetworks, reject"} + - {key: "smtpd_etrn_restrictions", value: "'permit_mynetworks, reject'"} - {key: "smtpd_helo_required", value: "yes"} - - {key: "smtpd_helo_restrictions", value: "permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname"} - - {key: "smtpd_recipient_restrictions", value: "permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_non_fqdn_recipient, check_sender_access hash:/etc/postfix/sender_restrictions, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination,"} + - {key: "smtpd_helo_restrictions", value: "'permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname'"} + - {key: "smtpd_recipient_restrictions", value: "'permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_non_fqdn_recipient, check_sender_access hash:/etc/postfix/sender_restrictions, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination,'"} - {key: "smtpd_relay_restrictions", value: "permit_sasl_authenticated"} - {key: "smtpd_sasl_auth_enable", value: "yes"} - {key: "smtpd_sasl_path", value: "/var/run/dovecot/auth-client"} - {key: "smtpd_sasl_security_options", value: "noanonymous,noplaintext"} - {key: "smtpd_sasl_tls_security_options", value: "noanonymous"} - {key: "smtpd_sasl_type", value: "dovecot"} - - {key: "smtpd_sender_restrictions", value: "hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access"} + - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"} - {key: "smtpd_tls_auth_only", value: "yes"} - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"} - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"} - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"} - {key: "smtpd_tls_eecdh_grade", value: "strong"} - - {key: "smtpd_tls_exclude_ciphers", value: "aNULL,MD5,RC4,DES,IDEA,SEED,3DES"} + - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"} - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"} - {key: "smtpd_tls_loglevel", value: "1"} - {key: "smtpd_tls_mandatory_ciphers", value: "high"} - - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "aNULL,MD5,RC4,IDEA,SEED,3DES"} + - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"} - {key: "smtpd_tls_security_level", value: "may"} - {key: "smtpd_tls_session_cache_database", value: "btree:${data_directory}/smtpd_scache"} - - {key: "tls_high_cipherlist", value: "EECDH+RSA+AES256+SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!IDEA"} + - {key: "tls_high_cipherlist", value: "'EECDH+RSA+AES256+SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!IDEA'"} - {key: "tls_preempt_cipherlist", value: "yes"} - {key: "tls_ssl_options", value: "NO_COMPRESSION"} - {key: "transport_maps", value: "hash:/etc/postfix/transport"} - {key: "virtual_alias_maps", value: "hash:/etc/postfix/virtual"} - {key: "virtual_gid_maps", value: "static:vmail"} - {key: "virtual_mailbox_base", value: "/home/vmail"} - - {key: "virtual_mailbox_domains", value: "$myhostname, $mydomain, imap.$mydomain, tantooine.homelinux.net, gallery-mewi1503.myphotos.cc, tantooine.myfirewall.org, tatooine.noip.me, mastodon.spdns.org, hubzilla.social.my-wan.de, friendica.social.my-wan.de, peertube.social.my-wan.de, pixelfed.social.my-wan.de"} + - {key: "virtual_mailbox_domains", value: "'$myhostname, $mydomain, imap.$mydomain, tantooine.homelinux.net, gallery-mewi1503.myphotos.cc, tantooine.myfirewall.org, tatooine.noip.me, mastodon.spdns.org, hubzilla.social.my-wan.de, friendica.social.my-wan.de, peertube.social.my-wan.de, pixelfed.social.my-wan.de'"} - {key: "virtual_mailbox_maps", value: "hash:/etc/postfix/vmailbox"} - {key: "virtual_transport", value: "lmtp:unix:private/dovecot-lmtp"} - {key: "virtual_uid_maps", value: "static:vmail"}