diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 73223bc7ad3cf609064972447b335be3635d2271..42e20b69b9bd01d113567b263b66a712630343db 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -589,3 +589,105 @@ Here is an example configuration for setting-up XMPP server using Prosody: prosody_ldap_scope: "onelevel" prosody_ldap_tls: "true" prosody_ldap_base: "ou=people,dc=example,dc=com" + + +Mail Server +----------- + +The ``mail_server`` role can be used for setting-up a complete mail server +solution, which includes both SMTP and IMAP service, on destination machine. + +Postfix is used SMTP, while Dovecot is used for IMAP. + +The role implements the following: + +* Adds the Wheezy backports repository. +* Installs and configures Dovecot (from backports), Postfix, ClamAV, and ClamAV + Milter. +* Purges Exim4 configuration (just in case). +* Installs SWAKS (utility for testing SMTP servers). + +Deployed services are configured as follows: + +* Both Postfix and Dovecot look-up available domains, users, and aliases in + LDAP. +* Incoming and outgoing mail is scanned with ClamAV (via ClamAV + Milter). Infected mails are rejected. +* Mail is stored in directory ``/var/MAIL_USER/DOMAIN/USER``, using ``Maildir`` + format. +* TLS is required for user log-ins for both SMTP and IMAP. +* RBL's are used for combating spam (if any is specified in configuration, see + below). + +Both Postfix and Dovecot expect a specific directory structure in LDAP when +doing look-ups: + +* Postfix will log-in to LDAP as user + ``cn=postfix,ou=services,MAIL_LDAP_ROOT_DN``. +* Dovecot will log-in to LDAP as user + ``cn=dovecot,ou=services,MAIL_LDAP_ROOT_DN``. +* Domain entries need to be available as + ``dc=DOMAIN,ou=domains,ou=mail,ou=services,MAIL_LDAP_ROOT_DN``. +* Alias entries need to be available as + ``cn=ALIAS,ou=aliases,ou=mail,ou=services,MAIL_LDAP_ROOT_DN``. +* User entries are read from sub-tree (first-level only) + ``ou=people,MAIL_LDAP_ROOT_DN``. Query filter used for finding users is + ``(&(mail=%s)(memberOf=cn=mail,ou=groups,MAIL_LDAP_ROOT_DN))``. This allows + group-based granting of mail services to users. + + +Parameters +~~~~~~~~~~ + +**mail_ldap_url** (string, mandatory) + LDAP URL that should be used for connecting to the LDAP server for doing + domain/user look-ups. + +**mail_ldap_tls_truststore** (string, mandatory) + Path to TLS truststore used for verifying the LDAP certificate. Should be in + PEM format. + +**mail_ldap_root_dn** (string, mandatory) + Root DN in LDAP under where the entries (domains, users, aliases) can be + found. + +**mail_ldap_postfix_password** (string, mandatory) + Password for authenticating the Postfix LDAP user. + +**mail_ldap_dovecot_password** (string, mandatory) + Password for authenticating the Dovecot LDAP user. + +**mail_user** (string, mandatory) + Name of the user that owns all the mail files. + +**mail_user_uid** (integer, mandatory) + UID of the user that owns all the mail files. + +**mail_user_gid** (integer, mandatory) + GID of the user that owns all the mail files. + +**imap_tls_certificate** (string, mandatory) + Path to file that contains the X.509 certificate used for TLS for IMAP and + ManageSieve services. + +**imap_tls_key** (string, mandatory) + Path to file that contains the private key used for TLS for IMAP and + ManageSieve services. + +**smtp_tls_certificate** (string, mandatory) + Path to file that contains the X.509 certificate used for TLS for SMTP + service. + +**smtp_tls_key** (string, mandatory) + Path to file that contains the private key used for TLS for SMTP service. + +**imap_folder_separator** (string, mandatory) + Character used for separating the IMAP folders when clients are requesting + listing from the server. Usually either slash(``/``) or dot(``.``). + +**smtp_rbl** (list, mandatory) + List of RBLs to use for detecting servers which send out spam. Each item is a + string resembling the RBL domain. + +**mail_postmaster** (string, mandatory) + Mail address to use for the postmaster account in Dovecot.