Make possible relay emails sent with postfix to an external SMTP server

roles/common/defaults/main.yml

@@ -48,6 +48,11 @@ with_smartd: False
 with_postfix: False
 with_postfix_slowsmtp: False
 with_mail_aliases: False
+with_postfix_external_smtp: False
+postfix_external_smtp_host: 'localhost'
+postfix_external_smtp_port: 587
+postfix_external_smtp_username: 'myuser'
+postfix_external_smtp_password: 'mypass'
 
 with_ssh: True
 ssh_ports:

roles/common/handlers/smtp.yml

@@ -1,10 +1,11 @@
 - name: 'Regenerate aliases cache'
   command: 'newaliases'
 
-- name: 'Restart postfix'
-  service:
-    name: 'postfix'
-    state: 'restarted'
+- name: 'Reload postfix'
+  command: 'postfix reload'
 
 - name: 'Rehash slowsmtp transport map'
   command: 'postmap /etc/postfix/transport_slowsmtp'
+
+- name: 'Rehash sasl credentials map'
+  command: 'postmap /etc/postfix/sasl/credentials'

roles/common/tasks/smtp.yml

@@ -8,6 +8,7 @@
     - 'postfix'
     - 'ca-certificates'
     - 'procmail'
+    - 'libsasl2-modules'
   when: with_postfix
 
 - name: 'Install mail aliases file'
@@ -29,7 +30,7 @@
     group: 'root'
     mode: '0644'
   notify:
-    - 'Restart postfix'
+    - 'Reload postfix'
   when: with_postfix
 
 - name: 'Update postfix master config for slowsmtp transport'
@@ -41,7 +42,7 @@
             -o smtp_destination_concurrency_limit=3
             -o slowsmtp_destination_rate_delay=1
   notify:
-    - 'Restart postfix'
+    - 'Reload postfix'
   when: with_postfix and with_postfix_slowsmtp
 
 - name: 'Install postfix slowsmtp transport map'
@@ -53,5 +54,28 @@
     mode: '0644'
   notify:
     - 'Rehash slowsmtp transport map'
-    - 'Restart postfix'
+    - 'Reload postfix'
   when: with_postfix and with_postfix_slowsmtp
+
+- name: 'Install postfix sasl credentials map'
+  template:
+    src: 'postfix/sasl_credentials.j2'
+    dest: '/etc/postfix/sasl/credentials'
+    owner: 'root'
+    group: 'root'
+    mode: '0600'
+  notify:
+    - 'Rehash sasl credentials map'
+    - 'Reload postfix'
+  when: with_postfix and with_postfix_external_smtp
+
+- name: 'Install postfix sasl sender rewrite map'
+  template:
+    src: 'postfix/sasl_sender_rewrite.j2'
+    dest: '/etc/postfix/sasl/sender_rewrite'
+    owner: 'root'
+    group: 'root'
+    mode: '0600'
+  notify:
+    - 'Reload postfix'
+  when: with_postfix and with_postfix_external_smtp

roles/common/templates/postfix/main.cf.j2

@@ -56,6 +56,14 @@ mydestination = {{ ansible_fqdn }} {{ ansible_hostname }} localhost localhost.lo
 
 {% if smtp_relay_host is defined %}
 relayhost = {{ smtp_relay_host }}
+{% elif with_postfix_external_smtp %}
+relayhost = [{{ postfix_external_smtp_host }}]:{{ postfix_external_smtp_port }}
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options = noanonymous
+smtp_sasl_password_maps = hash:/etc/postfix/sasl/credentials
+smtpd_sasl_local_domain = {{ postfix_external_smtp_host_localdomain }}
+smtp_sasl_mechanism_filter = login plain
+sender_canonical_maps = regexp:/etc/postfix/sasl/sender_rewrite
 {% endif %}
 
 alias_maps = hash:/etc/aliases

roles/common/templates/postfix/sasl_credentials.j2

@@ -0,0 +1,5 @@
+{% if ansible_prolog -%}
+{% from 'templates/ansible/prolog.j2' import prolog with context %}
+{{ prolog() }}
+{% endif -%}
+[{{ postfix_external_smtp_host }}]:{{ postfix_external_smtp_port }} {{ postfix_external_smtp_username }}:{{ postfix_external_smtp_password }}

roles/common/templates/postfix/sasl_sender_rewrite.j2

@@ -0,0 +1,5 @@
+{% if ansible_prolog -%}
+{% from 'templates/ansible/prolog.j2' import prolog with context %}
+{{ prolog() }}
+{% endif -%}
+/.*/    {{ postfix_external_smtp_username }}