ansible_dovecot

Overview Versions Insights

Ansible Dovecot Role

Based on the work of "practical-ansible", this role configures a Dovecot mailserver to work with an MTA (such as exim or postfix).

The role installs Dovecot and configures them to act together as IMAP/SMTP mail server with virtual database of mailboxes and domains provided by OpenLDAP. Uses Lets Encrypt to generate certificates for communication.

Role Variables

The email domain of this server, as seen by outside world:

    dovecot_domain: mail.example.org

Local hostname of server (what it calls itself):

    dovecot_host: '{{ hostname_fqdn }}'

Local addresses, on which the server will listen:

    dovecot_host_address: [ "192.168.2.1", "127.0.0.1", "::1" ]

Local networks (CIDR) that are trusted and so do not require auth:

    dovecot_trusted_networks: [ "192.168.2.0/28" ]

Directory in which the certificate for SSL transport is found:

    dovecot_dir_cert: '/etc/letsencrypt/live'

Directory in which incoming mail will be stored:

    dovecot_dir_storage: /srv/mail

Configuration directory for Dovecot itself:

    dovecot_dir: /etc/dovecot

Configuration directory for Dovecot itself (run-parts version):

    dovecot_dir_config: /etc/dovecot/conf.d

Domain administrator email address:

    dovecot_admin_address: 'postmaster@{{dovecot_domain}}'

Enable/Disable the Dovecot LDAP connector. If enabled, an LDAP server is also required:

    dovecot_ldap_enabled: no

Enable/Disable TLS communication (POP3S, IMAPS, etc):

    dovecot_ssl_enabled: yes

Database host, name and credentials for the Dovecot users database.

    dovecot_db_hostname: localhost
    dovecot_db_database: email
    dovecot_db_table: users
    dovecot_db_user: postman
    dovecot_db_password: "secrets-in-vault"

Configuration for the LMTP (local message transfer protocol, like SMTP but tweaked for sockets based local delivery) daemon. This is how email is normally delivered to Dovecot. You almost certainly want this, and the MTA delivering to Dovecot needs to know the socket pathname.

    dovecot_lmtp:
      socket: /var/run/dovecot/lmtp

Configuration for the Dovecot IMAP daemon. This is how client mail readers get to read mail delivered to Dovecot. You almost certainly want this. When dovecot_ssl_enabled is false you should not listen on the non-SSL IMAP port, so set ports: [].

    dovecot_imap:
      connection_limit: 16
      clients: 128
      vsz_limit: 256M
      socket: /var/run/dovecot/imap
      ports: [ 143 ]
      ssl_ports: [ 993 ]

It is possible to configure namespaces for more advanced uses of Dovecot; see the Dovecot manual for details.

    dovecot_namespaces: {}

Dependencies

No direct dependencies, but you may need to configure:

  • mysql or mariadb, for dovecot user database and authentication
  • an MTA such as exim or postgres, with rules to deliver local mail to LMTP socket.
  • firewall rules
  • spam or antivirus checks.

You will also need sufficient disk space under dovecot_dir_storage; at a minimum, 256MB/user, but 4GB/user is more likely for active accounts.

License

MIT / BSD

Author

This role was based on the work of "practical-ansible", with many changes and new features by Ruth Ivimey-Cook .

About

Dovecot with SSL and namespaces

role dovecot letsencrypt mail
Install
ansible-galaxy install rivimey/ansible-dovecot
GitHub repository
0 stars
0 forks
0 open issues
License
Unknown
Downloads
21
Owner
Ruth Ivimey-Cook
Software engineer from Cambridge, UK. Background in C/C++ mostly working with Python, PHP code these days. Hobbies: maps, Drupal, transport history & more.