chkpnt.mailserver

Panoramica Versioni Approfondimenti

Ansible Role for an All-in-One Mail Server on openSUSE Leap 15.5

GitHub Workflow Status Ansible Role

This Ansible role sets up a mail server that meets my needs:

  • Works with openSUSE Leap 15.5
  • Manages Postfix (MTA), Dovecot (MDA), and Rspamd
  • Postfix uses Dovecot for user authentication
  • Configuration uses simple files, no databases
  • Can forward emails to another server for certain addresses
  • Can reject emails to specific addresses
  • Outgoing emails are DKIM signed
  • Forwarded emails are ARC signed
  • Can set up catch-all accounts
  • Supports multiple domains
  • Sieve rules can be applied
  • Spam management:
    • High-scoring spam is rejected
    • Spam detection can be turned off for certain senders
    • Potential spam isn’t automatically moved to a Spam folder
    • Potential spam is greylisted
    • Spam learning by moving mail to a specific folder
    • Spam learning by marking mail as Junk in Thunderbird
    • Ham (legitimate mail) learning by moving to a specific folder
    • Ham learning by marking mail as NonJunk in Thunderbird
    • Ham learning by flagging it in the iOS Mail app
  • Antivirus features:
    • Includes ClamAV
    • Includes Fangfrisch
    • Integration with VirusTotal.com
    • Infected emails are rejected
  • Provides useful reports (rspamd WebUI works for me)
  • Most requirements are tested
  • Tests run automatically via a CI system

How to Use and Configure

You can find this role on Ansible Galaxy under chkpnt.mailserver. To install it, run:

$ ansible-galaxy install chkpnt.mailserver

To use it in a playbook, you can follow this example:

---
- hosts: server1
  remote_user: root
  roles:
  - role: chkpnt.mailserver
    vars:
      mail_domain: example.com
      mail_hostname: server1.example.com
      mail_mailname: server1.example.com
      mail_mailbox_domains:
        - example.com
        - example.net
        - example.org
      mail_ssl:
        certificate: '/etc/ssl/servercerts/example.com.crt.pem'
        private_key: '/etc/ssl/private/example.com.privkey.pem'
        generate_certificate_for_test: yes
        generate_safe_primes_for_dh: yes
      mail_dkim_keys:
        - { domain: example.com, selector: 'key1', private_key: '/var/lib/rspamd/dkim/example.com.key1.key' }
        - { domain: example.org, selector: 'key1', private_key: '/var/lib/rspamd/dkim/example.org.key1.key' }
        - { domain: example.net, selector: 'key1', private_key: '/var/lib/rspamd/dkim/example.net.key1.key' }
      mail_accounts:
        - { user: '[email protected]', password: '{BLF-CRYPT}$2y$10$6W9VYuRklwLg8y2UoP6YHuK5Q8g7g.LOJdSa7K4CgoVMmARNYMVMK' } 
        - { user: '[email protected]', password: '{BLF-CRYPT}$2y$10$wZtIn5uHAsbsMgMmOdBdU.qbRgrQxfeej65G63aUxMaDNEHfb8P2e' } 
      mail_mailboxes:
        - { name: '[email protected]', path: '/srv/mail/john' }
        - { name: '[email protected]', path: '/srv/mail/jane' }
      mail_aliases:
        - { for: '[email protected]', destination: '[email protected]' }
        - { for: '[email protected]', destination: '[email protected]' }
        - for: '[email protected]'
          destination:
            - '[email protected]'
            - '[email protected]'
        - { for: '@example.com', destination: '[email protected]' }
        - { for: '@example.org', destination: '[email protected]' }
        - { for: '@example.net', destination: '[email protected]' }
      mail_recipient_restrictions:
        - for: '[email protected]'
          action: 'REJECT This address is not valid!'
      mail_transports:
        - for: '[email protected]'
          nexthop: 'smtp:gmail.com'
      mail_spam:
        greylisting_delay: 5min
        thresholds:
          greylist: 4
          add_header: 6
          reject: 15
        controller:
          password: '$2$c75qgo1b8brudgq7wokg8wxr5qiby84p$ye6ss3ymc4h4u4swk3fhx3ph7jesahqrzw8kkxwhyfb14g4rkfhb'
          bind_socket: 'localhost:11334' 
        allowlist_domain:
          - foobar.test
        allowlist_email:
          - /.*@important.test/

Default variable options are found in defaults/main.yml. You should specify variables like example.com in your playbook.

The playbook tests/testfixtures/vms/sut.yml is also a helpful example.

Development

To develop this role, I suggest using a Python environment with pipenv. On macOS, install it via Homebrew:

$ brew install pipenv

To set up your Python environment, run:

$ pipenv install --dev
$ pipenv shell

To run tests, you will need VirtualBox and Vagrant. Install them on macOS with Homebrew as well:

$ brew install --cask virtualbox
$ brew install --cask vagrant

For managing Vagrant machines, I recommend Vagrant-Manager, a menu bar app.

$ brew install --cask vagrant-manager

You can find more information about the tests in the test documentation.

License

This project is licensed under Apache-2.0.

Informazioni sul progetto

Ansible role for an all-in-one mail server based on openSUSE Leap 15.5

role mailserver mail postfix dovecot rspamd spam spamfilter opensuse mta
Installa
ansible-galaxy install chkpnt.mailserver
GitHub repository
0 stelle
1 fork
4 problemi aperti
Licenza
apache-2.0
Download
82
Proprietario