StackFocus.postfix-dovecot

Panoramica Versioni Approfondimenti

ansible-role-postfix-dovecot

This is an Ansible role that helps set up and configure Postfix and Dovecot with MySQL authentication on Ubuntu. The MySQL layout used here comes from a Digital Ocean tutorial. You can check the MySQL layout details in schema.sql.

Role Variables

Required Variables

  • dovecot_ssl_cert - Path to the SSL certificate used by Dovecot. If you need a certificate chain, concatenate it in the same file after the main certificate.
  • dovecot_ssl_key - Path to the SSL key for Dovecot.
  • postfix_ssl_cert - Path to the SSL certificate for Postfix, including any intermediary CA if needed.
  • postfix_ssl_key - Path to the SSL key for Postfix.
  • postfix_dovecot_mysql_password - Password for the user authorized to access the database used for authentication.

Optional Variables

  • postfix_dovecot_mysql_host - The hostname or IP address of the MySQL server for authentication (defaults to 127.0.0.1).
  • postfix_dovecot_mysql_db_name - Name of the database used for authentication (defaults to servermail).
  • postfix_dovecot_mysql_user - User with permission to access the database (defaults to usermail).
  • postfix_dovecot_mysql_password_scheme - Password encryption scheme in the database (defaults to SHA512-CRYPT).
  • postfix_default_domain - Default domain used by Postfix (sets contents of /etc/mailname).
  • postfix_inet_protocols - Protocol that Postfix listens on; set to ipv4 for IPv4 only (defaults to all).
  • postfix_submission_smtpd_client_restrictions - Client restrictions for the mail submission port (587) (defaults to permit_sasl_authenticated and reject).
  • postfix_smtpd_tls_auth_only - Allow SASL authentication only over SSL/TLS (defaults to yes).
  • postfix_smtpd_recipient_restrictions - Restrictions for recipients of incoming emails (defaults to permit_sasl_authenticated, permit_mynetworks, and reject_unauth_destination).
  • postfix_smtpd_relay_restrictions - Relay restrictions (defaults to permit_mynetworks, permit_sasl_authenticated, and defer_unauth_destination).
  • postfix_mynetworks - Trusted SMTP clients (defaults to 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128).
  • postfix_mydestination - Configuration for the Postfix mydestination setting (defaults to localhost).
  • postfix_mysql_alias_query - Query to find the destination of an alias (defaults to SELECT destination FROM virtual_aliases WHERE source='%s';).
  • postfix_mysql_domains_query - Query to check if a domain is valid (defaults to SELECT 1 FROM virtual_domains WHERE name='%s';).
  • postfix_mysql_users_query - Query to check if an email address is valid (defaults to SELECT 1 FROM virtual_users WHERE email='%s';).
  • dovecot_mysql_password_query - Query for authenticating a user on the MySQL server (defaults to SELECT email as user, password FROM virtual_users WHERE email='%u';).
  • postfix_relayhost - Set an upstream relay host for sending emails.
  • postfix_smtp_tls_security_level - SMTP TLS security level for sending emails (defaults vary based on your OS).
  • dovecot_protocols - List of protocols to enable (defaults to lmtp and imap). Add pop3 to enable POP3 (make sure to install dovecot-pop3d).
  • dovecot_mail_privileged_group - The group that owns the folder defined in dovecot_mail_location (defaults to mail).
  • dovecot_disable_plaintext_auth - Controls if authentication without SSL is enabled (defaults to 'yes').
  • dovecot_auth_mechanisms - Allowed authentication methods for Dovecot (defaults to plain and login).
  • dovecot_force_imaps - Forces the use of IMAPS (defaults to true).
  • dovecot_force_pop3s - Forces the use of POP3S (defaults to true). Add pop3 to dovecot_protocols to enable this.
  • dovecot_ssl - Controls if SSL is enforced across all protocols (defaults to required).
  • dovecot_listen - List of IPs or host addresses for Dovecot listening (defaults to * for all IPv4 and :: for all IPv6).
  • dovecot_add_example_users - When set to true, adds example users to the database.

Requirements

  • Run this role with sudo or as root, otherwise, it won't work.
  • The MySQL server should already be set up with the right permissions for the user (see [defaults/main.yml] for default values).
  • For Red Hat servers, pre-install PyMySQL (either python2 or python3-PyMySQL).

Example Playbook

requirements.yml

roles:
  - name: stackfocus.postfix-dovecot

site.yml

- hosts: all
  become: yes
  gather_facts: true
  roles:
    - stackfocus.postfix-dovecot
  vars:
    postfix_dovecot_mysql_db_name: mailserver
    postfix_dovecot_mysql_user: mailuser
    postfix_dovecot_mysql_password: mailpass
    postfix_default_domain: example.com
    dovecot_protocols:
      - imap
      - pop3
      - lmtp
    dovecot_mail_privileged_group: vmail
    dovecot_ssl_cert: /etc/ssl/certs/dovecot.pem
    dovecot_ssl_key: /etc/ssl/private/dovecot.pem
    postfix_ssl_cert: /etc/ssl/certs/postfix.pem
    postfix_ssl_key: /etc/ssl/private/postfix.pem

$ ansible-galaxy install -r requirements.yml
$ ansible-playbook -i inventory site.yml --ask-become-pass

Extended Example Playbook for a Fresh Server

In this example, we will use some roles from geerlingguy to set up the database and certificates.

requirements.yml

roles:
  - name: stackfocus.postfix-dovecot
  - name: geerlingguy.mysql
  - name: geerlingguy.certbot

Playbook sets up:

  • Database and users
  • Let's Encrypt certificate
  • Mail transport service (Postfix)
  • Mailbox service (Dovecot)
---
- name: Setup mail
  hosts: mailserver.tld
  become: true
  vars:
    mail_domain: mycooldomain.com
    mail_database: maildb
    mail_db_pass: 'ultrasafepassword'
  roles:
    - role: geerlingguy.mysql
      mysql_databases:
        - name: '{{ mail_database }}'
          encoding: utf8mb4
          collation: utf8mb4_czech_ci
      mysql_users:
        - name: '{{ mail_database }}'
          host: "localhost"
          password: '{{ mail_db_pass }}'
          priv: "{{ mail_database }}.*:ALL"
    - role: geerlingguy.certbot
      certbot_certs:
        - domains:
            - '{{ mail_domain }}'
            - 'mail.{{ mail_domain }}'
    - role: stackfocus.postfix-dovecot
      postfix_dovecot_mysql_db_name: '{{ mail_database }}'
      postfix_dovecot_mysql_user: '{{ mail_database }}'
      postfix_dovecot_mysql_password: '{{ mail_db_pass }}'
      postfix_default_domain: '{{ mail_domain }}'
      dovecot_protocols:
        - imap
        - pop3
        - lmtp
      dovecot_mail_privileged_group: vmail
      dovecot_ssl_cert: /etc/letsencrypt/live/{{ mail_domain }}/fullchain.pem
      dovecot_ssl_key: /etc/letsencrypt/live/{{ mail_domain }}/privkey.pem
      postfix_ssl_cert: /etc/letsencrypt/live/{{ mail_domain }}/fullchain.pem
      postfix_ssl_key: /etc/letsencrypt/live/{{ mail_domain }}/privkey.pem
      postfix_smtp_tls_security_level: 'dane'
      postfix_mydestination: '{{mail_domain}}'
      postfix_myhostname: 'mail.{{mail_domain}}'
Informazioni sul progetto

automates the installation and configuration of Postfix and Dovecot with SQL authentication

role dovecot mysql postfix
Installa
ansible-galaxy install StackFocus.postfix-dovecot
GitHub repository
17 stelle
19 fork
8 problemi aperti
Licenza
Unknown
Download
30.7k
Proprietario