/srv/salt/apps/nocc/mailcatcher.sls

postfix:
  pkg.installed:
    - require:
      - pkg: exim

exim:
  pkg.purged: []

popa3d:
  pkg.installed:
    - require:
      - pkg: postfix

mailutils:
  pkg.installed: []

/etc/mailname:
  file.managed:
    - contents: {{ grains['fqdn'] }}
    - user: root

mailcatcher:
  user.present:
    - fullname: Mailcatcher
    - shell: /usr/sbin/nologin
    - home: /home/mailcatcher
    # Set password to mail123
    - password: "$6$ctvqnAxh$4t74taP5mCEmgao.Hz8TUw4GelVVUS2BpFvuAWFYYFUWWmPQ5SLdBEubbPOTR2xB.woj9V3vJl4jubLak5.0K/"

/etc/postfix/regexaliases:
  file.managed:
    - contents: "/.*@.*/    mailcatcher@localhost"
    - user: root
    - mode: 644

/etc/postfix/main.cf:
  file.managed:
    - source: salt://apps/nocc/postfix-main.cf
    - user: root
    - mode: 644

postfix-service:
  service.running:
    - name: postfix
    - watch:
      - file: /etc/postfix/main.cf
      - file: /etc/postfix/regexaliases

# Make sure no mailout is possible
iptables:
  pkg.installed: []

localhost:
  iptables.append:
    - table: filter
    - chain: OUTPUT
    - jump: ACCEPT
    - match: state
    - destination: 127.0.0.1
    - connstate: NEW
    - save: True

smtp:
  iptables.append:
    - table: filter
    - chain: OUTPUT
    - jump: REJECT
    - proto: tcp
    - dport: 25
    - match: state
    - connstate: NEW
    - save: True

/srv/salt/apps/nocc/postfix-main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=no
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = localhost
virtual_alias_maps = regexp:/etc/postfix/regexaliases
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.local, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.1.84.109
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
default_transport = error
relay_transport = error
inet_protocols = all