majic-ansible-roles Files · roles/mail

Files @ 17cf34f73ca6

Branch filter:

Location: majic-ansible-roles/roles/mail_server/defaults/main.yml

17cf34f73ca6 985 B text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-28: Implemented additional tests for mail_server role:

- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.

---

enable_backup: False
mail_ldap_tls_truststore: "{{ lookup('file', tls_certificate_dir + '/truststore.pem') }}"
mail_user: vmail
imap_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_imap.pem') }}"
imap_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + ansible_fqdn + '_imap.key') }}"
smtp_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_smtp.pem') }}"
smtp_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + ansible_fqdn + '_smtp.key') }}"
imap_folder_separator: "/"
smtp_rbl: []
mail_postmaster: "postmaster@{{ ansible_domain }}"
smtp_allow_relay_from: []
local_mail_aliases: {}
imap_max_user_connections_per_ip: 10
mail_server_tls_protocols:
  - "TLSv1.2"
mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"