---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: V-38669 - The postfix service must be enabled for mail delivery (enable postfix)
  service:
    name: postfix
    state: started
    enabled: yes
  when: not check_mode
  tags:
    - mail
    - cat3
    - V-38669

- name: V-38669 - Use only IPv4 addresses in mynetworks if IPv6 is disabled
  lineinfile:
    dest: /etc/postfix/main.cf
    regexp: "^(#)?mynetworks"
    line: "mynetworks = 127.0.0.0/8"
  when: security_disable_ipv6 | bool
  tags:
    - mail
    - cat3
    - V-38669

# Be sure to set security_root_forward_email so that this task is executed. See
# the documentation for more details.
- name: V-38446 - Mail system must forward root's email
  lineinfile:
    dest: /etc/aliases
    regexp: "^root"
    line: "root: {{ security_root_forward_email }}"
  when: security_root_forward_email is defined
  notify:
    - rehash aliases
  tags:
    - mail
    - cat2
    - V-38446

- name: Verify that Postfix's main.cf exists
  stat:
    path: /etc/postfix/main.cf
  register: postfix_main_cf
  always_run: true
  tags:
    - always

- name: V-38622 - Mail relaying must be restricted
  lineinfile:
    dest: /etc/postfix/main.cf
    regexp: "^(#)?inet_interfaces"
    line: "inet_interfaces = {{ security_postfix_inet_interfaces }}"
  when: postfix_main_cf.stat.exists | bool
  notify:
    - restart postfix
  tags:
    - mail
    - cat2
    - V-38622