Postfix: disable the authentication on the port 25

This will disable user authentication on the port 25 (smtp), as users
should user the submission protocol, on port 587 and starttls.

---
ROLE=postfix ansible-playbook -t facts,config install.yml
---

Once you have run the role, make sure to run the following roles as
well: opendkim and opendmarc.

---
ROLE=opendkim ansible-playbook -t facts,postfix install.yml
ROLE=opendmarc ansible-playbook -t facts,postfix install.yml
---

And if you are using rspamd:

---
ROLE=rspamd ansible-playbook -t facts,postfix install.yml
---

Author: Andre Rodier

roles/postfix/templates/main.cf

@@ -56,8 +56,7 @@ smtpd_tls_loglevel = 1
 smtp_tls_security_level = may
 smtp_tls_loglevel = 1
 
-# Authentication via SASL
-smtpd_sasl_auth_enable = yes
+# Authentication via Dovecot SASL
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 

roles/postfix/templates/master.cf

@@ -16,12 +16,14 @@ submissions inet n       -       y       -       -      smtpd {{ smtpd_flags }}
   -o smtpd_tls_wrappermode=yes
   -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
   -o cleanup_service_name=subcleanup
+  -o smtpd_sasl_auth_enable=yes
 {% if mail.postfix.submission.active %}
 submission inet n       -       y       -       -       smtpd {{ smtpd_flags }}
   -o syslog_name=postfix/submission
   -o smtpd_discard_ehlo_keywords=silent-discard,etrn
   -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
   -o cleanup_service_name=subcleanup
+  -o smtpd_sasl_auth_enable=yes
 {% endif %}
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup