majic-ansible-roles Changeset

Changeset - 35fff2909917

Parent rev.

Child rev.

[Not reviewed]

0 7 0

Branko Majic (branko) - 4 years ago 2020-05-20 09:51:52
branko@majic.rs

MAR-157: Added parameter to mail_server role for specifying maximum incoming mail size.

7 files changed with 46 insertions and 0 deletions:

docs/releasenotes.rst

docs/rolereference.rst

roles/mail_server/defaults/main.yml

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

roles/mail_server/molecule/default/tests/test_mandatory.py

roles/mail_server/molecule/default/tests/test_optional.py

roles/mail_server/templates/main.cf.j2

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -53,12 +53,18 @@ Bug fixes: @@
 New features/improvements:
 * Tests have been updated to work with latest Molecule/Testinfra as
   part of the Ansible upgrade process.
 * ``mail_server`` role
   * The role now supports specifying the maximum mail message size
     limit for the SMTP server to accept via
     ``mail_message_size_limit`` role parameter.
 Deprecations:
 * ``backup_server`` and ``backup_client`` role
   * Officially dropped support for DSA keys (this was mainly remnant
     from Debian 8 Jessie support, on Debian 9 Stretch and upwards the

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1110,12 +1110,19 @@ Parameters @@
 **mail_ldap_postfix_password** (string, mandatory)
   Password for authenticating the Postfix LDAP user.
 **mail_ldap_dovecot_password** (string, mandatory)
   Password for authenticating the Dovecot LDAP user.
 **mail_message_size_limit** (integer, optional, ``10240000``)
   Maximum size of message in bytes that the SMTP server should accept
   for incoming mails. If the mail message size exceeds the listed
   value, it will be rejected by the server. The size is also
   advertised as part of SMTP server capabilities (in response to the
   ``ehlo`` SMTP command).
 **mail_server_tls_protocols** (list, optional, ``[ "TLSv1.2" ]``)
   List of TLS protocols the mail server should support. Each value specified
   should be compatible with Postfix configuration option
   ``smtpd_tls_mandatory_protocols`` and Dovecot configuration option
   ``ssl_protocols``.

roles/mail_server/defaults/main.yml

➞

Show inline comments

@@ @@ -15,6 +15,7 @@ local_mail_aliases: {} @@
 imap_max_user_connections_per_ip: 10
 mail_server_tls_protocols:
   - "TLSv1.2"
 mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
 DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"
 mail_message_size_limit: 10240000

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -26,12 +26,13 @@ smtp_rbl: @@
   - bl.spamcop.net
   - zen.spamhaus.org
 mail_postmaster: "webmaster@parameters-optional"
 smtp_allow_relay_from:
   - "10.31.127.22"
 mail_message_size_limit: 20480001
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 # backup_client (backup username should end in -s64 for Stretch).

roles/mail_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -265,6 +265,20 @@ def test_sieve_tls_configuration(host): @@
     Tests TLS configuration for SIEVE in Dovecot
     """
     # @TODO: Currently not possible to test since openssl s_client does not
     # support STARTTLS for Sieve.
     pass
 def test_mail_message_size_limit(host):
     """
     Tests if the mail message size limit advertised by the SMTP server
     is correct.
     """
     capabilities = host.run("(echo 'ehlo localhost' && sleep 2) | telnet localhost 25")
     begin = capabilities.stdout.find("250-SIZE")
     end = capabilities.stdout.find("\n", begin)
     mail_message_size_limit = capabilities.stdout[begin:end]
     assert mail_message_size_limit == "250-SIZE 10240000"

roles/mail_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -298,6 +298,20 @@ def test_sieve_tls_configuration(host): @@
     Tests TLS configuration for SIEVE in Dovecot
     """
     # @TODO: Currently not possible to test since openssl s_client does not
     # support STARTTLS for Sieve.
     pass
 def test_mail_message_size_limit(host):
     """
     Tests if the mail message size limit advertised by the SMTP server
     is correct.
     """
     capabilities = host.run("(echo 'ehlo localhost' && sleep 2) | telnet localhost 25")
     begin = capabilities.stdout.find("250-SIZE")
     end = capabilities.stdout.find("\n", begin)
     mail_message_size_limit = capabilities.stdout[begin:end]
     assert mail_message_size_limit == "250-SIZE 20480001"

roles/mail_server/templates/main.cf.j2

➞

Show inline comments

@@ @@ -74,6 +74,9 @@ non_smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl @@
 # misconfigurations.
 notify_classes = resource, software, 2bounce
 # Fall-back to using native lookups (/etc/hosts etc) if DNS lookup fails. Useful
 # for local overrides of mail servers.
 smtp_host_lookup = dns, native
 # Explicitly set maximum allowed mail size that should be accepted.
 message_size_limit = {{ mail_message_size_limit }}

0 comments (0 inline, 0 general)