majic-ansible-roles Changeset

Changeset - 298c0dbe1698

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Branko Majic (branko) - 11 years ago 2015-04-07 23:02:23
branko@majic.rs

MAR-4: Updated documentation for the mail server role, adding information about rsync installation, set-up of chroot for Postfix, and the smtp_allow_relay_from option. Updated mail_server role implementation, fixing rsync command for deploying the truststore to preserve truststore permissions and adding support for specifying networks from which unauthenticated relaying should be allowed.

4 files changed with 19 insertions and 2 deletions:

docs/rolereference.rst

roles/mail_server/tasks/main.yml

roles/mail_server/templates/main.cf.j2

testsite/group_vars/mail.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

 solution, which includes both SMTP and IMAP service, on destination machine.
 Postfix is used SMTP, while Dovecot is used for IMAP.
 The role implements the following:
 * Installs rsync.
 * Adds the Wheezy backports repository.
 * Installs and configures Dovecot (from backports), Postfix, ClamAV, and ClamAV
   Milter.
 * Purges Exim4 configuration (just in case).
 * Installs SWAKS (utility for testing SMTP servers).
 * Sets-up the necessary directories and files under Postfix chroot.
 Deployed services are configured as follows:
 * Both Postfix and Dovecot look-up available domains, users, and aliases in
   LDAP.
 * Incoming and outgoing mail is scanned with ClamAV (via ClamAV
@@ @@ -689,12 +691,18 @@ Parameters @@
   List of RBLs to use for detecting servers which send out spam. Each item is a
   string resembling the RBL domain.
 **mail_postmaster** (string, mandatory)
   Mail address to use for the postmaster account in Dovecot.
 **smtp_allow_relay_from** (list, mandatory)
   List of networks from which mail relaying is allowed even without
   authentication. Each item in the list is a string defining a network. The
   format must be compatible with Postfix ``mynetworks`` setting (for example:
   ``192.168.1.0/24``, ``myhost.example.com`` etc).
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up XMPP server using Prosody:
   smtp_tls_key: /etc/ssl/private/mail.example.com_smtp.pem
   imap_folder_separator: /
   smtp_rbl:
     - bl.spamcop.net
     - zen.spamhaus.org
   mail_postmaster: postmaster@example.com
   smtp_allow_relay_from:
     - ldap.example.com
     - xmpp.example.com

roles/mail_server/tasks/main.yml

➞

Show inline comments

@@ @@ -43,13 +43,13 @@ @@
 - name: Set-up privileges for directories within Postfix chroot
   file: dest="{{ item }}" mode=755 state=directory owner=clamav group=clamav
   with_items:
     - /var/spool/postfix/var/run/clamav
 - name: Copy the LDAP TLS truststore into Postfix chroot
-  command: rsync -ci "{{ mail_ldap_tls_truststore }}" "/var/spool/postfix/{{ mail_ldap_tls_truststore}}"
+  command: rsync -pci "{{ mail_ldap_tls_truststore }}" "/var/spool/postfix/{{ mail_ldap_tls_truststore}}"
   register: rsync_result
   changed_when: "rsync_result.stdout != ''"
 - name: Deploy Postfix configurations files for LDAP look-ups
   template: src="{{ item }}.cf.j2" dest="/etc/postfix/{{ item }}.cf" owner=root group=postfix mode=640
   with_items:

roles/mail_server/templates/main.cf.j2

➞

Show inline comments

 myhostname = mail
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination = mail.example.com, mail, localhost.localdomain, localhost
 relayhost =
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128{% for network in smtp_allow_relay_from  %} {{ network }}{% endfor %}
 mailbox_command = procmail -a "$EXTENSION"
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 # LDAP directory look-ups for domains, mailboxes and aliases.

testsite/group_vars/mail.yml

➞

Show inline comments

@@ @@ -28,6 +28,10 @@ smtp_tls_key: /etc/ssl/private/mail.example.com_smtp.pem @@
 imap_folder_separator: /
 smtp_rbl:
   - bl.spamcop.net
   - zen.spamhaus.org
 mail_postmaster: postmaster@example.com
 smtp_allow_relay_from:
   - ldap.example.com
   - xmpp.example.com

0 comments (0 inline, 0 general)