Support external (and authenticated) relayhost per sender with Postfix

roles/common/defaults/main.yml

@@ -57,6 +57,8 @@ postfix_external_smtp_host: 'localhost'
 postfix_external_smtp_port: 587
 postfix_external_smtp_username: 'myuser'
 postfix_external_smtp_password: 'mypass'
+postfix_external_smtp_host_localdomain: Null
+postfix_external_sender_rewrite: False
 postfix_external_sender_rewrite_regexp: '.*'
 
 with_ssh: True

roles/common/handlers/smtp.yml

@@ -1,11 +1,14 @@
 - name: 'Regenerate aliases cache'
   command: 'newaliases'
 
-- name: 'Reload postfix'
+- name: 'Reload Postfix'
   command: 'postfix reload'
 
 - name: 'Rehash slowsmtp transport map'
   command: 'postmap /etc/postfix/transport_slowsmtp'
 
-- name: 'Rehash sasl credentials map'
+- name: 'Rehash SASL credentials map'
   command: 'postmap /etc/postfix/sasl/credentials'
+
+- name: 'Rehash SASL sender relay map'
+  command: 'postmap /etc/postfix/sasl/sender_relay'

roles/common/tasks/smtp.yml

@@ -1,4 +1,4 @@
-- name: 'Install postfix packages'
+- name: 'Install Postfix packages'
   apt:
     pkg: '{{ item }}'
     install_recommends: 'no'
@@ -21,7 +21,7 @@
     - 'Regenerate aliases cache'
   when: with_mail_aliases
 
-- name: 'Install postfix main configuration'
+- name: 'Install Postfix main configuration'
   template:
     src: 'postfix/main.cf.j2'
     dest: '/etc/postfix/main.cf'
@@ -29,10 +29,10 @@
     group: 'root'
     mode: '0644'
   notify:
-    - 'Reload postfix'
+    - 'Reload Postfix'
   when: with_postfix
 
-- name: 'Update postfix master config for slowsmtp transport'
+- name: 'Update Postfix master config for slowsmtp transport'
   blockinfile:
     dest: '/etc/postfix/master.cf'
     marker: '# ======= {mark} slowsmtp transport (managed by ansible) ======'
@@ -41,10 +41,10 @@
             -o smtp_destination_concurrency_limit=3
             -o slowsmtp_destination_rate_delay=1
   notify:
-    - 'Reload postfix'
+    - 'Reload Postfix'
   when: with_postfix_slowsmtp
 
-- name: 'Install postfix slowsmtp transport map'
+- name: 'Install Postfix slowsmtp transport map'
   template:
     src: 'postfix/transport_slowsmtp.j2'
     dest: '/etc/postfix/transport_slowsmtp'
@@ -53,10 +53,22 @@
     mode: '0644'
   notify:
     - 'Rehash slowsmtp transport map'
-    - 'Reload postfix'
+    - 'Reload Postfix'
   when: with_postfix_slowsmtp
 
-- name: 'Install postfix sasl credentials map'
+- name: 'Install Postfix SASL sender relay map'
+  template:
+    src: 'postfix/sasl_sender_relay.j2'
+    dest: '/etc/postfix/sasl/sender_relay'
+    owner: 'root'
+    group: 'root'
+    mode: '0600'
+  notify:
+    - 'Rehash SASL sender relay map'
+    - 'Reload Postfix'
+  when: with_postfix_external_smtp
+
+- name: 'Install Postfix SASL credentials map'
   template:
     src: 'postfix/sasl_credentials.j2'
     dest: '/etc/postfix/sasl/credentials'
@@ -64,11 +76,11 @@
     group: 'root'
     mode: '0600'
   notify:
-    - 'Rehash sasl credentials map'
-    - 'Reload postfix'
+    - 'Rehash SASL credentials map'
+    - 'Reload Postfix'
   when: with_postfix_external_smtp
 
-- name: 'Install postfix sasl sender rewrite map'
+- name: 'Install Postfix SASL sender rewrite map'
   template:
     src: 'postfix/sasl_sender_rewrite.j2'
     dest: '/etc/postfix/sasl/sender_rewrite'
@@ -76,5 +88,5 @@
     group: 'root'
     mode: '0600'
   notify:
-    - 'Reload postfix'
-  when: with_postfix_external_smtp
+    - 'Reload Postfix'
+  when: with_postfix_external_smtp and postfix_external_sender_rewrite

roles/common/templates/postfix/main.cf.j2

@@ -66,14 +66,19 @@ mydestination = $myhostname {% if postfix_hostname is defined %}{{ postfix_hostn
 {% if smtp_relay_host is defined %}
 relayhost = {{ smtp_relay_host }}
 {% elif with_postfix_external_smtp %}
-relayhost = [{{ postfix_external_smtp_host }}]:{{ postfix_external_smtp_port }}
 smtp_sasl_auth_enable = yes
 smtp_sasl_security_options = noanonymous
 smtp_sasl_password_maps = hash:/etc/postfix/sasl/credentials
-smtpd_sasl_local_domain = {{ postfix_external_smtp_host_localdomain }}
 smtp_sasl_mechanism_filter = login plain
+smtp_sender_dependent_authentication = yes
+sender_dependent_relayhost_maps = hash:/etc/postfix/sasl/sender_relay
+{% if postfix_external_smtp_host_localdomain %}
+smtpd_sasl_local_domain = {{ postfix_external_smtp_host_localdomain }}
+{% endif %}
+{% if postfix_external_sender_rewrite %}
 sender_canonical_maps = regexp:/etc/postfix/sasl/sender_rewrite
 {% endif %}
+{% endif %}
 
 alias_maps = hash:/etc/aliases
 alias_database = $alias_maps

roles/common/templates/postfix/sasl_sender_relay.j2

@@ -0,0 +1,6 @@
+{% if ansible_prolog -%}
+{% from 'templates/ansible/prolog.j2' import prolog with context %}
+{{ prolog() }}
+{% endif -%}
+{{ postfix_external_smtp_username }} [{{ postfix_external_smtp_host }}]:{{ postfix_external_smtp_port }}
+