Mail Server

-----------

The ``mail_server`` role can be used for setting-up a complete mail server

solution, which includes both SMTP and IMAP service, on destination machine.

Postfix is used SMTP, while Dovecot is used for IMAP.

The role implements the following:

* Adds the Wheezy backports repository.

* Installs and configures Dovecot (from backports), Postfix, ClamAV, and ClamAV

  Milter.

* Purges Exim4 configuration (just in case).

* Installs SWAKS (utility for testing SMTP servers).

Deployed services are configured as follows:

* Both Postfix and Dovecot look-up available domains, users, and aliases in

  LDAP.

* Incoming and outgoing mail is scanned with ClamAV (via ClamAV

  Milter). Infected mails are rejected.

* Mail is stored in directory ``/var/MAIL_USER/DOMAIN/USER``, using ``Maildir``

  format.

* TLS is required for user log-ins for both SMTP and IMAP.

* RBL's are used for combating spam (if any is specified in configuration, see

  below).

Both Postfix and Dovecot expect a specific directory structure in LDAP when

doing look-ups:

* Postfix will log-in to LDAP as user

  ``cn=postfix,ou=services,MAIL_LDAP_ROOT_DN``.

* Dovecot will log-in to LDAP as user

  ``cn=dovecot,ou=services,MAIL_LDAP_ROOT_DN``.

* Domain entries need to be available as

  ``dc=DOMAIN,ou=domains,ou=mail,ou=services,MAIL_LDAP_ROOT_DN``.

* Alias entries need to be available as

  ``cn=ALIAS,ou=aliases,ou=mail,ou=services,MAIL_LDAP_ROOT_DN``.

* User entries are read from sub-tree (first-level only)

  ``ou=people,MAIL_LDAP_ROOT_DN``. Query filter used for finding users is

  ``(&(mail=%s)(memberOf=cn=mail,ou=groups,MAIL_LDAP_ROOT_DN))``. This allows

  group-based granting of mail services to users.

Parameters

~~~~~~~~~~

**mail_ldap_url** (string, mandatory)

  LDAP URL that should be used for connecting to the LDAP server for doing

  domain/user look-ups.

**mail_ldap_tls_truststore** (string, mandatory)

  Path to TLS truststore used for verifying the LDAP certificate. Should be in

  PEM format.

**mail_ldap_root_dn** (string, mandatory)

  Root DN in LDAP under where the entries (domains, users, aliases) can be

  found.

**mail_ldap_postfix_password** (string, mandatory)

  Password for authenticating the Postfix LDAP user.

**mail_ldap_dovecot_password** (string, mandatory)

  Password for authenticating the Dovecot LDAP user.

**mail_user** (string, mandatory)

  Name of the user that owns all the mail files.

**mail_user_uid** (integer, mandatory)

  UID of the user that owns all the mail files.

**mail_user_gid** (integer, mandatory)

  GID of the user that owns all the mail files.

**imap_tls_certificate** (string, mandatory)

  Path to file that contains the X.509 certificate used for TLS for IMAP and

  ManageSieve services.

**imap_tls_key** (string, mandatory)

  Path to file that contains the private key used for TLS for IMAP and

  ManageSieve services.

**smtp_tls_certificate** (string, mandatory)

  Path to file that contains the X.509 certificate used for TLS for SMTP

  service.

**smtp_tls_key** (string, mandatory)

  Path to file that contains the private key used for TLS for SMTP service.

**imap_folder_separator** (string, mandatory)

  Character used for separating the IMAP folders when clients are requesting

  listing from the server. Usually either slash(``/``) or dot(``.``).

**smtp_rbl** (list, mandatory)

  List of RBLs to use for detecting servers which send out spam. Each item is a

  string resembling the RBL domain.

**mail_postmaster** (string, mandatory)

  Mail address to use for the postmaster account in Dovecot.