Send email using a Postfix Relay in Azure Virtual Machine Through Gmail Using Ansible Playbook

I got a requirement to setup Ansible playbook which installs postfix and related software on a CentOS server and to send mail using Gmail smtp services

The requirement is to take config file and password file from GIT repo and work in a pipeline. The CI/CD pipeline is to be established using Jenkins or other similar tools. Following are the contents of this blog

  1. Create an ansible playbook which installs postfix cyrus-sasl-plain and mailx in CentOS server
  2. Copy the main.cf file and sasl_passwd using your CI/CD pipeline
  3. Rerun the step 1 to restart the postfix with the new config file and apply the password file
  4. Create an ansible playbook which send email using your Gmail smtp

Ansible Playbook 1 – Install postfix cyrus-sasl-plain and mailx add localhost in your host file

Notes:

  1. Add localhost in host file
  2. If you have Python version 3.x is running as default version, you may need to apply a fix in your playbook to run the python 2 also
  3. create mailsetup.yml with the following contents
---
- name: configuring postfix mail server
  hosts: localhost
  become: true
  vars:
    pkg:
      - postfix
      - cyrus-sasl-plain
      - mailx
    svc: postfix
  tasks:
    - name: installing {{ pkg }} packages
      yum:
        name: "{{ pkg }}"
        state: present
      vars:
        ansible_python_interpreter: /usr/bin/python2
    - name: enabling and starting {{ svc }} service
      service:
        name: "{{ svc }}"
        state: started
        enabled: true
    - name:
      command: postmap /etc/postfix/sasl_passwd
    - name: enabling and starting {{ svc }} service
      service:
        name: "{{ svc }}"
        state: restarted

CI/CD Pipeline: Copy the config file and password files under /etc/postfix

main.cf file – Copy the original file and append the following lines at the end of the file

myhostname = localhost

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

sasl_passwd file – Enable two step authentication and create an app password as explained here: Google documentation. Once ready substitute the values in following line and create the sasl_passwd file

[smtp.gmail.com]:587 your gmail user id:app password

Restart services and apply the new password settings – Easy way to achieve this step is to re-run the Playbook 1 again

Ansible Playbook 2 – Create mailsend.yml Send email using the Gmail smtp services

---
- name: Sending mail using ansible playbook
  hosts: localhost
  become: true
  tasks:
    - name: sending email to any address
      mail:
        host: smtp.gmail.com
        port: 587
        username: your gmail account
        password: your app password
        to: any email address
        subject: Ansible-Postfix test

While running the above file, you will have the email received in your address specified !!!

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Comments