From 35fff2909917079bba76ce32c454fef2eafec3a0 2020-05-20 09:51:52 From: Branko Majic Date: 2020-05-20 09:51:52 Subject: [PATCH] MAR-157: Added parameter to mail_server role for specifying maximum incoming mail size. --- diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst index 937f89b7a8480ca631e6de0ad5b4dce47585ba5e..1cfa02cfcfdb7baeba3bc2de4384cad4bc55cf00 100644 --- a/docs/releasenotes.rst +++ b/docs/releasenotes.rst @@ -56,6 +56,12 @@ New features/improvements: * Tests have been updated to work with latest Molecule/Testinfra as part of the Ansible upgrade process. +* ``mail_server`` role + + * The role now supports specifying the maximum mail message size + limit for the SMTP server to accept via + ``mail_message_size_limit`` role parameter. + Deprecations: * ``backup_server`` and ``backup_client`` role diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 195eeb0cf59128a3889d887ca2da0a858254adf3..20f2be3a761b9902019f4e22dbf798ee4d5ebddb 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -1113,6 +1113,13 @@ Parameters **mail_ldap_dovecot_password** (string, mandatory) Password for authenticating the Dovecot LDAP user. +**mail_message_size_limit** (integer, optional, ``10240000``) + Maximum size of message in bytes that the SMTP server should accept + for incoming mails. If the mail message size exceeds the listed + value, it will be rejected by the server. The size is also + advertised as part of SMTP server capabilities (in response to the + ``ehlo`` SMTP command). + **mail_server_tls_protocols** (list, optional, ``[ "TLSv1.2" ]``) List of TLS protocols the mail server should support. Each value specified should be compatible with Postfix configuration option diff --git a/roles/mail_server/defaults/main.yml b/roles/mail_server/defaults/main.yml index cb0eacf4ae162afdad64467c802383994e6ec3da..06eef0d80344e5ec3f2bbbf5a6b9f1648d473757 100644 --- a/roles/mail_server/defaults/main.yml +++ b/roles/mail_server/defaults/main.yml @@ -18,3 +18,4 @@ mail_server_tls_protocols: mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\ DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\ ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT" +mail_message_size_limit: 10240000 diff --git a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml index 5adfec2ca8fe74686c034776f6b638495a7d8551..b8cd407acf19330f09793f7fd28dfa6433b63849 100644 --- a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml +++ b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml @@ -29,6 +29,7 @@ smtp_rbl: mail_postmaster: "webmaster@parameters-optional" smtp_allow_relay_from: - "10.31.127.22" +mail_message_size_limit: 20480001 # common ca_certificates: diff --git a/roles/mail_server/molecule/default/tests/test_mandatory.py b/roles/mail_server/molecule/default/tests/test_mandatory.py index 6feec89f0aa58111c94f6565cd7e699f3f4f1335..f1997002a7036bd1f93a41df09db4a5b3bf59468 100644 --- a/roles/mail_server/molecule/default/tests/test_mandatory.py +++ b/roles/mail_server/molecule/default/tests/test_mandatory.py @@ -268,3 +268,17 @@ def test_sieve_tls_configuration(host): # @TODO: Currently not possible to test since openssl s_client does not # support STARTTLS for Sieve. pass + + +def test_mail_message_size_limit(host): + """ + Tests if the mail message size limit advertised by the SMTP server + is correct. + """ + + capabilities = host.run("(echo 'ehlo localhost' && sleep 2) | telnet localhost 25") + begin = capabilities.stdout.find("250-SIZE") + end = capabilities.stdout.find("\n", begin) + mail_message_size_limit = capabilities.stdout[begin:end] + + assert mail_message_size_limit == "250-SIZE 10240000" diff --git a/roles/mail_server/molecule/default/tests/test_optional.py b/roles/mail_server/molecule/default/tests/test_optional.py index c8079027080cd50e5b6c11e5f44a1836093679b8..f5d26e81446d139876be7bfd73c488811c561164 100644 --- a/roles/mail_server/molecule/default/tests/test_optional.py +++ b/roles/mail_server/molecule/default/tests/test_optional.py @@ -301,3 +301,17 @@ def test_sieve_tls_configuration(host): # @TODO: Currently not possible to test since openssl s_client does not # support STARTTLS for Sieve. pass + + +def test_mail_message_size_limit(host): + """ + Tests if the mail message size limit advertised by the SMTP server + is correct. + """ + + capabilities = host.run("(echo 'ehlo localhost' && sleep 2) | telnet localhost 25") + begin = capabilities.stdout.find("250-SIZE") + end = capabilities.stdout.find("\n", begin) + mail_message_size_limit = capabilities.stdout[begin:end] + + assert mail_message_size_limit == "250-SIZE 20480001" diff --git a/roles/mail_server/templates/main.cf.j2 b/roles/mail_server/templates/main.cf.j2 index b3ab8923ce9e29cd6743e52ae5d5a328290233ca..015c86190e3fcf9c3e840599683b2d8d5812086f 100644 --- a/roles/mail_server/templates/main.cf.j2 +++ b/roles/mail_server/templates/main.cf.j2 @@ -77,3 +77,6 @@ notify_classes = resource, software, 2bounce # Fall-back to using native lookups (/etc/hosts etc) if DNS lookup fails. Useful # for local overrides of mail servers. smtp_host_lookup = dns, native + +# Explicitly set maximum allowed mail size that should be accepted. +message_size_limit = {{ mail_message_size_limit }}