virtual_alias_maps=ldap:/etc/postfix/ldap-virtual-alias-maps.cf

# Delivery of mails via Dovecot for virtual domains.

virtual_transport=dovecot

dovecot_destination_recipient_limit=1

  apt: name="exim4*" state=absent purge=yes

- name: Restart Postfix

  service: name="postfix" state=restarted

- name: Restart Dovecot

  service: name="dovecot" state=restarted

- name: Copy the LDAP TLS truststore into Postfix chroot

  file: dest="/var/spool/postfix/etc/ssl/certs/truststore.pem" src="/etc/ssl/certs/truststore.pem"

        mode=644 owner=root group=root state=file

  notify:

    - Restart Postfix

- name: Deploy Postfix main configuration

  notify:

    - Restart Postfix

- name: Disable Dovecot system authentication

  lineinfile: dest="/etc/dovecot/conf.d/10-auth.conf" line="!include auth-system.conf.ext" state=absent

  notify:

    - Restart Dovecot

- name: Deploy Dovecot configuration file with overrides

  template: src="99-local.conf.j2" dest="/etc/dovecot/conf.d/99-local.conf" owner=root group=root mode=644

  notify:

    - Restart Dovecot

- name: Deploy Dovecot configuration file for LDAP look-ups

  template: src="dovecot-ldap.conf.ext.j2" dest="/etc/dovecot/dovecot-ldap.conf.ext" owner=root group=root mode=600

  notify:

    - Restart Dovecot

- name: Configure Postfix for Dovecot delivery

  lineinfile: dest=/etc/postfix/master.cf state=present

              regexp="dovecot"

              line="dovecot   unix  -       n       n       -       -       pipe    flags=DRhu user={{ mail_user.name }}:{{ mail_user.name }} argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}"

  notify:

    - Restart Postfix

- name: Enable Postfix service

  service: name=postfix enabled=yes state=started

- name: Enable Dovecot service

  service: name=dovecot enabled=yes state=started

# Authentication configuration.

auth_mechanisms = plain login

passdb {

  driver = ldap

  args = /etc/dovecot/dovecot-ldap.conf.ext

}

userdb {

  driver = ldap

  args = /etc/dovecot/dovecot-ldap.conf.ext

  default_fields = uid={{ mail_user.name }} gid={{ mail_user.name }} home=/var/{{ mail_user.name}}/%d/%n

}

# Mail storage configuration.

mail_location = maildir:/var/{{ mail_user.name}}/%d/%n/Maildir

# This is used for old workaround.org installations.

#separator = .

# Communication with other services.

service auth {

  unix_listener /var/spool/postfix/private/auth {

    mode = 0660

    user = postfix

    group = postfix

  }

}

# TLS configuration.

ssl_cert = <{{ imap_tls_certificate }}

ssl_key = <{{ imap_tls_key }}

ssl = required

# Mail delivery.

protocol lda {

  mail_plugins = $mail_plugins sieve

  postmaster_address = postmaster@example.com

}

uris = {{ mail_ldap.url }}

dn = cn=dovecot,ou=services,{{ mail_ldap.root_dn }}

dnpass = {{ mail_ldap.dovecot_password }}

tls = yes

tls_ca_cert_file = {{ mail_ldap.tls_truststore }}

tls_require_cert = demand

auth_bind = yes

base = ou=people,{{ mail_ldap.root_dn }}

scope = onelevel

user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap.root_dn }}))

pass_attrs = mail=user,userPassword=password

pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap.root_dn }}))

iterate_attrs = mail=user

iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_ldap.root_dn }})

default_pass_scheme = SSHA

user_attrs =