freebsd_mailserver

freebsd_mailserver

quality Build Status GitHub tag

Ansible role. FreeBSD. Install and configure Postfix and Dovecot2.

Feel free to share your feedback and report issues.

Contributions are welcome.

Requirements and dependencies

Roles

The roles are not listed in the meta file. Install them manually.

Collections

The below collections should be part of standard Ansible installation. If necessary install them manually.

  • community.crypto
  • community.general

Variables

See the defaults and examples in vars.

Workflow

  1. Change shell to /bin/sh if necessary
shell> ansible mailserver -e 'ansible_shell_type=csh ansible_shell_executable=/bin/csh' -a 'sudo pw usermod freebsd -s /bin/sh'
  1. Install roles
shell> ansible-galaxy role install vbotka.freebsd_mailserver
shell> ansible-galaxy role install vbotka.ansible_lib

Optionally, install roles

shell> ansible-galaxy role install vbotka.freebsd_mailserver_sieve
shell> ansible-galaxy role install vbotka.freebsd_mailserver_spamassassin
  1. If necessary install collections
shell> ansible-galaxy collection install community.crypto
shell> ansible-galaxy collection install community.general
  1. Fit variables to your needs.

  2. Generate OpenSSL Diffie-Hellman parameters

By default the file dovecot_ssl_dh is created by the Ansible module openssl_dhparam

dovecot_ssl_dh_generate: true
dovecot_ssl_dh_cmd_generate: false

It is possible to use custom command dovecot_ssl_dh_cmd to create dovecot_ssl_dh

dovecot_ssl_dh_generate: false
dovecot_ssl_dh_cmd_generate: true
dovecot_ssl_dh_cmd: "openssl dhparam -out {{ dovecot_ssl_dh }} {{dovecot_ssl_dh_bits }}"

The options dovecot_ssl_dh_generate (default: true) and dovecot_ssl_dh_cmd_generate (default: false) are mutually exclusive. If both options are false the file dovecot_ssl_dh_path (default: files/dh.pem) is used. This file is provided by the role for testing only. Never use it in production.

The generation of the file with Diffie-Hellman parameters may take a long time. For example 4096 bit parameters take ~40min with Intel(R) Core(TM) i5-8200Y CPU @ 1.30GHz. It's a good idea to generate the file separately to speedup the configuration.

dovecot_ssl_dh_generate: false
dovecot_ssl_dh_cmd_generate: false
dovecot_ssl_dh_path: <path-to-generated-Diffie-Hellman-file>
  1. Create playbook and inventory
shell> cat freebsd-mailserver.yml

- hosts: mailserver
  roles:
    - vbotka.freebsd_mailserver
shell> cat hosts
[mailserver]
<mailserver-ip-or-fqdn>
[mailserver:vars]
ansible_connection=ssh
ansible_user=freebsd
ansible_become=true
ansible_become_method=sudo
ansible_python_interpreter=/usr/local/bin/python3.9
ansible_perl_interpreter=/usr/local/bin/perl
  1. Check the syntax
shell> ansible-playbook freebsd-mailserver.yml --syntax-check
  1. Install packages
  • Install packages from the role vbotka.freebsd_mailserver
shell> ansible-playbook freebsd-mailserver.yml -t fm-packages -e fm_install=true
  • If you enable sieve
freebsd_mailserver_dovecot_protocols: imap pop3 lmtp sieve

install packages from the role vbotka.freebsd_mailserver_sieve

shell> ansible-playbook freebsd-mailserver-sieve.yml -t fm_ds_packages -e fm_ds_install=true
  • If you enable spamassassin
postfix_master_cf_service_def: "inet  n       -       -       -       -       smtpd -o content_filter=spamfilter"

install packages from the role vbotka.freebsd_mailserver_spamassassin

shell> ansible-playbook freebsd-mailserver-spamassassin.yml -t fm_sa_packages -e fm_sa_install=true
  1. Create default configuration for Dovecot
shell> ansible-playbook freebsd-mailserver.yml -t dovecot_example_conf
  1. Dry-run and display changes
shell> ansible-playbook freebsd-mailserver.yml --check --diff
  1. Install and configure the mailserver
shell> ansible-playbook freebsd-mailserver.yml
  1. Consider to test the mailserver in http://mxtoolbox.com/

Check mode

Create default configuration files of Dovecot to avoid error missing files

shell> ansible-playbook freebsd-mailserver.yml -t dovecot_example_conf

Then, run the check-mode

shell> ansible-playbook freebsd-mailserver.yml --check

Ansible lint

Use the configuration file .ansible-lint.local when running ansible-lint. Some rules might be disabled and some warnings might be ignored. See the notes in the configuration file.

shell> ansible-lint -c .ansible-lint.local

References

License

license

Author Information

Vladimir Botka

About

FreeBSD. Install and configure Postfix and Dovecot.

Install
ansible-galaxy install vbotka/ansible-freebsd-mailserver
GitHub repository
License
bsd-2-clause
Downloads
219