Chapter 21. Configuring Postfix MTA by using the RHEL system role

With the postfix RHEL system role, you can consistently streamline automated configurations of the Postfix service, a Sendmail-compatible mail transfer agent (MTA) with modular design and a variety of configuration options. The rhel-system-roles package contains this RHEL system role, and also the reference documentation.

21.1. Using the postfix RHEL system role to automate basic Postfix MTA administration

You can install, configure and start the Postfix Mail Transfer Agent on the managed nodes by using the postfix RHEL system role.

Prerequisites

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content:

    ---
    - name: Manage postfix
      hosts: managed-node-01.example.com
      roles:
        - rhel-system-roles.postfix
      vars:
        postfix_conf:
          relay_domains: $mydestination
            relayhost: example.com
    • If you want Postfix to use a different hostname than the fully-qualified domain name (FQDN) that is returned by the gethostname() function, add the myhostname parameter under the postfix_conf: line in the file:

      myhostname = smtp.example.com
    • If the domain name differs from the domain name in the myhostname parameter, add the mydomain parameter. Otherwise, the $myhostname minus the first component is used.

      mydomain = <example.com>
    • Use postfix_manage_firewall: true variable to ensure that the SMTP port is open in the firewall on the servers.

      Manage the SMTP related ports, 25/tcp, 465/tcp, and 587/tcp. If the variable is set to false, the postfix role does not manage the firewall. The default is false.

      Note

      The postfix_manage_firewall variable is limited to adding ports. It cannot be used for removing ports. If you want to remove ports, use the firewall RHEL system role directly.

    • If your scenario involves using non-standard ports, set the postfix_manage_selinux: true variable to ensure that the port is properly labeled for SELinux on the servers.

      Note

      The postfix_manage_selinux variable is limited to adding rules to the SELinux policy. It cannot remove rules from the policy. If you want to remove rules, use the selinux RHEL system role directly.

  2. Validate the playbook syntax:

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook:

    $ ansible-playbook ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.postfix/README.md file
  • /usr/share/doc/rhel-system-roles/postfix/ directory