From 6ff1b299ff74ceb00da252c33ab89454fa74c752 Mon Sep 17 00:00:00 2001
From: Chris Coley <chris@codingallnight.com>
Date: Tue, 19 Jun 2018 12:34:48 -0700
Subject: [PATCH] Adding support for SASL authentication

---
 defaults/main.yml           |  8 ++++++++
 handlers/main.yml           | 10 ++++++++++
 tasks/main.yml              | 10 ++++++++++
 templates/Makefile.j2       |  3 ++-
 templates/main.cf.j2        |  8 ++++++++
 templates/sasl_passwd.in.j2 |  5 +++++
 6 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 templates/sasl_passwd.in.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 9a20850..bc24882 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -59,5 +59,13 @@ postfix__inet_protocols: all
 # Valid <transport> and <nexthop> values are described in the postfix transport
 # documentation. http://www.postfix.org/transport.5.html
 postfix__transport_map: []
+
+
+
+# SASL Password Maps
+postfix__smtp_sasl_password_map: []
+postfix__smtp_sasl_auth_enable: yes
+postfix__smtp_sasl_security_options: noanonymous
+postfix__smtp_sasl_tls_security_options: '{{ postfix__smtp_sasl_security_options }}'
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml:
diff --git a/handlers/main.yml b/handlers/main.yml
index d9d5779..9b1b1ba 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,4 +1,14 @@
 ---
+- name: make postfix sasl_passwd.db
+  environment:
+    LC_MESSAGES: 'C'
+  command: make sasl_passwd.db
+  args:
+    chdir: /etc/postfix
+  register: result
+  notify: ['reload postfix']
+  changed_when: "result.stdout != \"make: 'sasl_passwd.db' is up to date.\""
+
 - name: make postfix transport.db
   environment:
     LC_MESSAGES: 'C'
diff --git a/tasks/main.yml b/tasks/main.yml
index d1febcd..e03bff6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,6 +27,16 @@
     mode: 0644
   notify: ['make postfix']
 
+- name: Generate Postfix sasl_passwd map
+  template:
+    src: templates/sasl_passwd.in.j2
+    dest: /etc/postfix/sasl_passwd.in
+    owner: root
+    group: root
+    mode: 0600
+  when: postfix__smtp_sasl_password_map
+  notify: ['make postfix sasl_passwd.db']
+
 - name: Generate Postfix transport map
   template:
     src: templates/transport.in.j2
diff --git a/templates/Makefile.j2 b/templates/Makefile.j2
index deee71e..b2a390c 100644
--- a/templates/Makefile.j2
+++ b/templates/Makefile.j2
@@ -2,7 +2,8 @@
 
 # Manage Postfix DB files idempotently
 
-MAPS = transport.db
+MAPS = sasl_passwd.db \
+       transport.db
 
 all: $(MAPS)
 
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
index 9a6c8e4..2d3f500 100644
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -33,6 +33,14 @@ smtpd_use_tls = {{ 'yes' if postfix__smtpd_use_tls else 'no' }}
 smtpd_tls_session_cache_database = {{ postfix__smtpd_tls_session_cache_database }}
 smtp_tls_session_cache_database = {{ postfix__smtp_tls_session_cache_database }}
 
+{% if postfix__smtp_sasl_password_map %}
+# SASL authentication
+smtp_sasl_auth_enable = {{ 'yes' if postfix__smtp_sasl_auth_enable else 'no' }}
+smtp_sasl_security_options = {{ postfix__smtp_sasl_security_options }}
+smtp_sasl_tls_security_options = {{ postfix__smtp_sasl_tls_security_options }}
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+{% endif %}
+
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.
 
diff --git a/templates/sasl_passwd.in.j2 b/templates/sasl_passwd.in.j2
new file mode 100644
index 0000000..eb2cb96
--- /dev/null
+++ b/templates/sasl_passwd.in.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for item in postfix__smtp_sasl_password_map %}
+{{ item.lookup }} {{ item.credentials }}
+{% endfor %}
-- 
GitLab