feat: postmap handler & sender_access conf

roles/mail/files/main.cf

@@ -53,7 +53,7 @@ smtpd_sender_login_maps=hash:/etc/postfix/enabled_senders
 smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policyd-spf,check_sender_access hash:/etc/postfix/sender_blacklist
 #smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination,check_sender_access hash:/etc/postfix/sender_blacklist
 #smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender
-smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch,reject_non_fqdn_sender,permit_sasl_authenticated
+smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch,reject_non_fqdn_sender,check_sender_access hash:/etc/postfix/sender_access,permit_sasl_authenticated
 
 # USER mappings (not reliant on unix users)
 

roles/mail/files/sender_access

@@ -0,0 +1 @@
+rejected-send@atlantishq.de REJECT

roles/mail/handlers/main.yml

@@ -0,0 +1,12 @@
+- name: postmap all
+  shell:
+    cmd: "/usr/sbin/postmap {{ item }}"
+    chdir: "/etc/postfix/"
+  with_items:
+    - sender_access
+    - enabled_senders
+    - relocated
+    - sender_blacklist
+    - tls_policy
+    - transport
+    - virtual

roles/mail/tasks/main.yaml

@@ -26,7 +26,10 @@
     - transport
     - virtual
     - header_checks
-  notify: restart postfix
+    - sender_access
+  notify:
+    - postmap all
+    - restart postfix
 
 - name: Deploy dmark/opendkim config (main)
   copy: