From 0e46599fbc28dea7664a69d7aa46e2cded19e458 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Thu, 22 Aug 2024 16:10:20 -0500
Subject: [PATCH] r/postfix: Support rewriting recipient addresses

The *postfix* role will now generate configuration and a lookup table
for [canonical address mapping][0] of email recipients.  To configure
the mapping, the `postfix_recipient_canonical_map` must be a dictionary
of source-target addresses, e.g.:

```yaml
postfix_recipient_canonical_map:
  my.bad.email@fake.test: my.real.email@example.com
```

[0]: https://www.postfix.org/ADDRESS_REWRITING_README.html#canonical
---
 roles/postfix/defaults/main.yml          |  1 +
 roles/postfix/handlers/main.yml          |  2 ++
 roles/postfix/tasks/main.yml             | 13 +++++++++++++
 roles/postfix/templates/canonical_map.j2 |  3 +++
 roles/postfix/templates/main.cf.j2       |  4 ++++
 5 files changed, 23 insertions(+)
 create mode 100644 roles/postfix/templates/canonical_map.j2

diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml
index 3aeba95..0b1c513 100644
--- a/roles/postfix/defaults/main.yml
+++ b/roles/postfix/defaults/main.yml
@@ -1,3 +1,4 @@
 smtp_inet_interfaces: localhost
 smtp:
   mode: direct
+postfix_recipient_canonical_map: {}
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
index b91ee29..c96e58a 100644
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@@ -1,5 +1,7 @@
 - name: rehash postfix sasl passwd table
   command: postmap /etc/postfix/sasl_passwd
+- name: rehash postfix recipient canonical map
+  command: postmap /etc/postfix/recipient_canonical
 - name: restart postfix
   service:
     name=postfix
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 096beb9..f4203e4 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -30,6 +30,19 @@
   - rehash postfix sasl passwd table
   - reload postfix
 
+- name: ensure postfix recipient canonical map is configured
+  template:
+    src: canonical_map.j2
+    dest: /etc/postfix/recipient_canonical
+    mode: u=rw,go=r
+    owner: root
+    group: root
+    setype: postfix_etc_t
+  vars:
+    postfix_canonical: '{{ postfix_recipient_canonical_map }}'
+  notify:
+  - rehash postfix recipient canonical map
+
 - name: ensure postfix is configured
   template:
     src=main.cf.j2
diff --git a/roles/postfix/templates/canonical_map.j2 b/roles/postfix/templates/canonical_map.j2
new file mode 100644
index 0000000..d32ad1f
--- /dev/null
+++ b/roles/postfix/templates/canonical_map.j2
@@ -0,0 +1,3 @@
+{% for key, value in postfix_canonical.items() %}
+{{ key }} {{ value }}
+{% endfor %}
diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2
index 3dd6654..15d43ae 100644
--- a/roles/postfix/templates/main.cf.j2
+++ b/roles/postfix/templates/main.cf.j2
@@ -434,6 +434,10 @@ alias_maps = hash:/etc/aliases
 #alias_database = dbm:/etc/mail/aliases
 alias_database = hash:/etc/aliases
 #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+{% if postfix_recipient_canonical_map %}
+
+recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
+{% endif %}
 
 # ADDRESS EXTENSIONS (e.g., user+foo)
 #