new roles warehost and mailserver
This commit is contained in:
parent
ff28b2215f
commit
4adbf717bf
|
@ -0,0 +1,98 @@
|
||||||
|
Role Name
|
||||||
|
=========
|
||||||
|
|
||||||
|
A brief description of the role goes here.
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
------------
|
||||||
|
|
||||||
|
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||||
|
|
||||||
|
- hosts: servers
|
||||||
|
roles:
|
||||||
|
- { role: username.rolename, x: 42 }
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
BSD
|
||||||
|
|
||||||
|
Author Information
|
||||||
|
------------------
|
||||||
|
|
||||||
|
Test Mail
|
||||||
|
=================
|
||||||
|
|
||||||
|
`nc ipaddress 25` und einfach passten.
|
||||||
|
|
||||||
|
delimiter
|
||||||
|
---
|
||||||
|
```
|
||||||
|
EHLO apus.h.sum7.eu
|
||||||
|
MAIL FROM:<test@apus.h.sum7.eu>
|
||||||
|
RCPT TO:<genofire+test@apus.h.sum7.eu>
|
||||||
|
DATA
|
||||||
|
Subject: Test Delimiter mail (GTUBE)
|
||||||
|
|
||||||
|
This is the GTUBE, the
|
||||||
|
Generic
|
||||||
|
Test for
|
||||||
|
Unsolicited
|
||||||
|
Bulk
|
||||||
|
Email
|
||||||
|
|
||||||
|
If your spam filter supports it, the GTUBE provides a test by which you
|
||||||
|
can verify that the filter is installed correctly and is detecting incoming
|
||||||
|
spam.
|
||||||
|
|
||||||
|
.
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Spam and delimiter
|
||||||
|
-------------------
|
||||||
|
```
|
||||||
|
EHLO apus.h.sum7.eu
|
||||||
|
MAIL FROM:<test@apus.h.sum7.eu>
|
||||||
|
RCPT TO:<genofire+test@apus.h.sum7.eu>
|
||||||
|
DATA
|
||||||
|
Subject: Test spam mail (GTUBE)
|
||||||
|
|
||||||
|
This is the GTUBE, the
|
||||||
|
Generic
|
||||||
|
Test for
|
||||||
|
Unsolicited
|
||||||
|
Bulk
|
||||||
|
Email
|
||||||
|
|
||||||
|
If your spam filter supports it, the GTUBE provides a test by which you
|
||||||
|
can verify that the filter is installed correctly and is detecting incoming
|
||||||
|
spam. You can send yourself a test mail containing the following string of
|
||||||
|
characters (in upper case and with no white spaces and line breaks):
|
||||||
|
|
||||||
|
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
|
||||||
|
|
||||||
|
You should send this test mail from an account outside of your network.
|
||||||
|
|
||||||
|
.
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
mail_db_host: localhost
|
||||||
|
mail_db_dbname: '{{warehost_db_dbname}}'
|
||||||
|
mail_db_user: '{{warehost_db_user}}'
|
||||||
|
mail_db_pass: '{{warehost_db_pass}}'
|
||||||
|
mail_homedir: /srv/mail
|
||||||
|
#mail_ssl_private:
|
||||||
|
#mail_ssl_public:
|
||||||
|
#mail_domain:
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: reload postfix
|
||||||
|
service: name=postfix state=reloaded
|
||||||
|
|
||||||
|
- name: restart postfix
|
||||||
|
service: name=postfix state=restarted
|
||||||
|
|
||||||
|
- name: restart dovecot
|
||||||
|
service: name=dovecot state=restarted
|
||||||
|
|
||||||
|
- name: restart spamassassin
|
||||||
|
service: name=spamassassin state=restarted
|
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
- name: Configure dovecot
|
||||||
|
template: src={{item}} dest=/etc/dovecot/{{item}} owner=vmail group=vmail mode=640
|
||||||
|
with_items:
|
||||||
|
- dovecot.conf
|
||||||
|
- dovecot-sql.conf
|
||||||
|
- dovecot-sql_lda.conf
|
||||||
|
notify: restart dovecot
|
||||||
|
|
||||||
|
# Authentification
|
||||||
|
- name: Download warehost-auth (TODO current copy)
|
||||||
|
copy: src=warehost-auth dest=/usr/local/bin/warehost-auth owner=root group=root mode=0755
|
||||||
|
|
||||||
|
- name: Configurate authentification
|
||||||
|
template: src=warehost-auth.conf dest=/etc/warehost/auth.conf mode=660 owner=vmail group=vmail
|
||||||
|
|
||||||
|
- name: Install warehost-auth to dovecot
|
||||||
|
template: src=dovecot_auth.sh dest=/etc/dovecot/warehost-auth-dovecot mode=770 owner=vmail group=vmail
|
||||||
|
|
||||||
|
# Sieve
|
||||||
|
- name: Create sieve folder
|
||||||
|
file: path=/var/lib/dovecot/sieve/ state=directory mode=770 owner=vmail group=vmail
|
||||||
|
|
||||||
|
- name: Sieve for Spamassassin
|
||||||
|
template: src=sieve_default dest=/var/lib/dovecot/sieve/default.sieve owner=root group=root mode=644
|
||||||
|
notify: restart dovecot
|
||||||
|
|
||||||
|
- name: Generate sieve
|
||||||
|
command: sievec /var/lib/dovecot/sieve/default.sieve creates=/var/lib/dovecot/sieve/default.svbin
|
||||||
|
|
||||||
|
- name: Enable dovecot
|
||||||
|
service: name=dovecot state=started enabled=yes
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: Install dependencies
|
||||||
|
pacman: name={{item}} state=present
|
||||||
|
with_items:
|
||||||
|
- postfix
|
||||||
|
- dovecot
|
||||||
|
- pigeonhole
|
||||||
|
- spamassassin
|
||||||
|
- procmail
|
||||||
|
notify:
|
||||||
|
- restart postfix
|
||||||
|
- restart dovecot
|
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
- include: install_archlinux.yml
|
||||||
|
when: ansible_os_family == 'Archlinux'
|
||||||
|
|
||||||
|
- name: Add service smtp lines
|
||||||
|
lineinfile: dest=/etc/services regexp='^smtps {{item}}' line="smtps {{item}}"
|
||||||
|
with_items:
|
||||||
|
- 465/tcp
|
||||||
|
- 465/udp
|
||||||
|
|
||||||
|
- name: Create vmail group
|
||||||
|
group: name=vmail state=present
|
||||||
|
|
||||||
|
- name: Create vmail user
|
||||||
|
user: name=vmail group=vmail shell=/usr/bin/nologin home={{mail_homedir}}
|
||||||
|
|
||||||
|
- name: Create homedir
|
||||||
|
file: path={{mail_homedir}} state=directory mode=770 owner=vmail group=vmail
|
||||||
|
|
||||||
|
- include: postfix.yml
|
||||||
|
- include: dovecot.yml
|
||||||
|
- include: spamassassin.yml
|
|
@ -0,0 +1,25 @@
|
||||||
|
---
|
||||||
|
- name: Configure postfix
|
||||||
|
template: src=postfix_{{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=640
|
||||||
|
with_items:
|
||||||
|
- master.cf
|
||||||
|
- main.cf
|
||||||
|
notify: reload postfix
|
||||||
|
|
||||||
|
- name: Configure postfix-dbconnection
|
||||||
|
template: src=postfix_{{item}} dest=/etc/postfix/{{item}} owner=root group=postfix mode=640
|
||||||
|
with_items:
|
||||||
|
- virtual_mailbox_domains.cf
|
||||||
|
- virtual_mailbox_maps.cf
|
||||||
|
- virtual_alias_maps.cf
|
||||||
|
- virtual_sender_login_maps.cf
|
||||||
|
notify: reload postfix
|
||||||
|
|
||||||
|
- name: Generate default aliases postfix
|
||||||
|
command: postalias /etc/postfix/aliases creates=/etc/postfix/aliases.db
|
||||||
|
|
||||||
|
- name: Generate default transport postfix
|
||||||
|
command: postmap /etc/postfix/transport creates=/etc/postfix/transport.db
|
||||||
|
|
||||||
|
- name: Enable postfix
|
||||||
|
service: name=postfix state=started enabled=yes
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Spamassassin update
|
||||||
|
command: /usr/bin/vendor_perl/sa-update -v
|
||||||
|
register: bass_result
|
||||||
|
changed_when: "bass_result.rc != 1"
|
||||||
|
ignore_errors: yes
|
||||||
|
notify: restart spamassassin
|
||||||
|
|
||||||
|
- name: Enable spamassassin
|
||||||
|
service: name=spamassassin enabled=yes
|
|
@ -0,0 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
driver = pgsql
|
||||||
|
connect = host={{mail_db_host}} dbname={{mail_db_dbname}} user={{mail_db_user}} password='{{mail_db_pass}}'
|
||||||
|
user_query = SELECT CONCAT('{{mail_homedir}}/',m.login,'/') as home, CONCAT('maildir:{{mail_homedir}}/',m.login,'/') as mail, 5000 AS uid, 5000 AS gid, 'dirsize:storage=512000000' AS quota FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE ml.mail='%u' AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1'
|
|
@ -0,0 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
driver = pgsql
|
||||||
|
connect = host={{mail_db_host}} dbname={{mail_db_dbname}} user={{mail_db_user}} password='{{mail_db_pass}}'
|
||||||
|
user_query = SELECT CONCAT('{{mail_homedir}}/',m.login,'/') as home, CONCAT('maildir:{{mail_homedir}}/',m.login,'/') as mail, 5000 AS uid, 5000 AS gid, 'dirsize:storage=512000000' AS quota FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%u','@',1) AND fqdn=split_part('%u','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1'
|
|
@ -0,0 +1,61 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
protocols = imap pop3 sieve
|
||||||
|
|
||||||
|
auth_mechanisms = plain login
|
||||||
|
#ipv4 only -> *,:: for both (später)
|
||||||
|
listen = *,::
|
||||||
|
|
||||||
|
postmaster_address = hostmaster@{{mail_domain}}
|
||||||
|
|
||||||
|
passdb {
|
||||||
|
driver = checkpassword
|
||||||
|
args = /etc/dovecot/warehost-auth-dovecot
|
||||||
|
}
|
||||||
|
userdb {
|
||||||
|
driver = sql
|
||||||
|
args = /etc/dovecot/dovecot-sql.conf
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protocol lda {
|
||||||
|
mail_plugins = $mail_plugins sieve
|
||||||
|
userdb {
|
||||||
|
driver = sql
|
||||||
|
args = /etc/dovecot/dovecot-sql_lda.conf
|
||||||
|
}
|
||||||
|
}
|
||||||
|
protocol sieve {
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
service auth {
|
||||||
|
unix_listener auth-client {
|
||||||
|
group = postfix
|
||||||
|
mode = 0660
|
||||||
|
user = postfix
|
||||||
|
}
|
||||||
|
user = root
|
||||||
|
}
|
||||||
|
service managesieve-login {
|
||||||
|
inet_listener sieve {
|
||||||
|
port = 4190
|
||||||
|
}
|
||||||
|
}
|
||||||
|
service managesieve {
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
sieve = ~/.dovecot.sieve
|
||||||
|
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
|
||||||
|
sieve_dir = ~/sieve
|
||||||
|
sieve_global_dir = /var/lib/dovecot/sieve/global/
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
mail_home = maildir:{{mail_homedir}}/%u
|
||||||
|
mail_location = maildir:~
|
||||||
|
|
||||||
|
ssl = yes
|
||||||
|
ssl_cert = <{{mail_ssl_public}}
|
||||||
|
ssl_key = <{{mail_ssl_private}}
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
read -d $'\x0' -r -u 3 USER;
|
||||||
|
read -d $'\x0' -r -u 3 PASSWD;
|
||||||
|
/usr/local/bin/warehost-auth -c /etc/warehost/auth.conf -u "$USER" -p "$PASSWD";
|
||||||
|
output=$?;
|
||||||
|
|
||||||
|
if [ "$output" == "0" ]; then
|
||||||
|
exec "$1";
|
||||||
|
fi
|
||||||
|
exit $output;
|
|
@ -0,0 +1,87 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
compatibility_level = 2
|
||||||
|
|
||||||
|
queue_directory = /var/spool/postfix
|
||||||
|
|
||||||
|
command_directory = /usr/bin
|
||||||
|
daemon_directory = /usr/lib/postfix/bin
|
||||||
|
data_directory = /var/lib/postfix
|
||||||
|
|
||||||
|
mail_owner = postfix
|
||||||
|
|
||||||
|
myhostname = {{mail_domain}}
|
||||||
|
myorigin = $mydomain
|
||||||
|
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||||
|
|
||||||
|
mynetworks_style = host
|
||||||
|
|
||||||
|
# TODO-verify
|
||||||
|
relay_domains = $mydestination
|
||||||
|
|
||||||
|
# Defaults
|
||||||
|
alias_maps = hash:/etc/postfix/aliases
|
||||||
|
alias_database = $alias_maps
|
||||||
|
|
||||||
|
# Optionale Delimitier
|
||||||
|
recipient_delimiter = +
|
||||||
|
|
||||||
|
home_mailbox = Maildir/
|
||||||
|
|
||||||
|
mail_spool_directory = /var/mail
|
||||||
|
|
||||||
|
# Defaults
|
||||||
|
debug_peer_level = 2
|
||||||
|
debugger_command =
|
||||||
|
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||||
|
ddd $daemon_directory/$process_name $process_id & sleep 5
|
||||||
|
|
||||||
|
|
||||||
|
sendmail_path = /usr/bin/sendmail
|
||||||
|
newaliases_path = /usr/bin/newaliases
|
||||||
|
mailq_path = /usr/bin/mailq
|
||||||
|
setgid_group = postdrop
|
||||||
|
html_directory = no
|
||||||
|
manpage_directory = /usr/share/man
|
||||||
|
sample_directory = /etc/postfix
|
||||||
|
readme_directory = /usr/share/doc/postfix
|
||||||
|
#ipv4 only -> "all" for both (später)
|
||||||
|
inet_protocols = all
|
||||||
|
meta_directory = /etc/postfix
|
||||||
|
shlib_directory = /usr/lib/postfix
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
|
||||||
|
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
|
||||||
|
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
|
||||||
|
#TODO Create Folder
|
||||||
|
virtual_mailbox_base = {{mail_homedir}}/
|
||||||
|
virtual_mailbox_limit = 512000000
|
||||||
|
virtual_minimum_uid = 5000
|
||||||
|
virtual_transport = dovecot
|
||||||
|
virtual_uid_maps = static:5000
|
||||||
|
virtual_gid_maps = static:5000
|
||||||
|
# Eine Mail zurzeit an Dovecot übergeben (Mehrere Empfänger)
|
||||||
|
dovecot_destination_recipient_limit = 1
|
||||||
|
local_transport = dovecot
|
||||||
|
local_recipient_maps = $virtual_mailbox_maps
|
||||||
|
transport_maps = hash:/etc/postfix/transport
|
||||||
|
|
||||||
|
smtpd_sasl_auth_enable = yes
|
||||||
|
smtpd_sasl_type = dovecot
|
||||||
|
smtpd_sasl_path = /var/run/dovecot/auth-client
|
||||||
|
smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/virtual_sender_login_maps.cf
|
||||||
|
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_sender_login_mismatch, permit_sasl_authenticated
|
||||||
|
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
||||||
|
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
||||||
|
smtpd_sasl_security_options = noanonymous
|
||||||
|
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
|
||||||
|
smtpd_tls_security_level = may
|
||||||
|
smtpd_tls_auth_only = yes
|
||||||
|
smtpd_tls_received_header = yes
|
||||||
|
smtpd_tls_cert_file = {{mail_ssl_public}}
|
||||||
|
smtpd_tls_key_file = {{mail_ssl_private}}
|
||||||
|
smtpd_sasl_local_domain = $mydomain
|
||||||
|
broken_sasl_auth_clients = yes
|
||||||
|
smtpd_tls_loglevel = 1
|
|
@ -0,0 +1,134 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
#
|
||||||
|
# Postfix master process configuration file. For details on the format
|
||||||
|
# of the file, see the master(5) manual page (command: "man 5 master" or
|
||||||
|
# on-line: http://www.postfix.org/master.5.html).
|
||||||
|
#
|
||||||
|
# Do not forget to execute "postfix reload" after editing this file.
|
||||||
|
#
|
||||||
|
# ==========================================================================
|
||||||
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
|
# (yes) (yes) (no) (never) (100)
|
||||||
|
# ==========================================================================
|
||||||
|
smtp inet n - n - - smtpd
|
||||||
|
# -o content_filter=spamassassin
|
||||||
|
#smtp inet n - n - 1 postscreen
|
||||||
|
#smtpd pass - - n - - smtpd
|
||||||
|
#dnsblog unix - - n - 0 dnsblog
|
||||||
|
#tlsproxy unix - - n - 0 tlsproxy
|
||||||
|
submission inet n - n - - smtpd
|
||||||
|
# -o syslog_name=postfix/submission
|
||||||
|
-o smtpd_tls_security_level=encrypt
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
# -o smtpd_recipient_restrictions=
|
||||||
|
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
smtps inet n - n - - smtpd
|
||||||
|
# -o syslog_name=postfix/smtps
|
||||||
|
-o smtpd_tls_wrappermode=yes
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
# -o smtpd_recipient_restrictions=
|
||||||
|
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
#628 inet n - n - - qmqpd
|
||||||
|
pickup unix n - n 60 1 pickup
|
||||||
|
cleanup unix n - n - 0 cleanup
|
||||||
|
qmgr unix n - n 300 1 qmgr
|
||||||
|
#qmgr unix n - n 300 1 oqmgr
|
||||||
|
tlsmgr unix - - n 1000? 1 tlsmgr
|
||||||
|
rewrite unix - - n - - trivial-rewrite
|
||||||
|
bounce unix - - n - 0 bounce
|
||||||
|
defer unix - - n - 0 bounce
|
||||||
|
trace unix - - n - 0 bounce
|
||||||
|
verify unix - - n - 1 verify
|
||||||
|
flush unix n - n 1000? 0 flush
|
||||||
|
proxymap unix - - n - - proxymap
|
||||||
|
proxywrite unix - - n - 1 proxymap
|
||||||
|
smtp unix - - n - - smtp
|
||||||
|
relay unix - - n - - smtp
|
||||||
|
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
|
||||||
|
showq unix n - n - - showq
|
||||||
|
error unix - - n - - error
|
||||||
|
retry unix - - n - - error
|
||||||
|
discard unix - - n - - discard
|
||||||
|
local unix - n n - - local
|
||||||
|
virtual unix - n n - - virtual
|
||||||
|
lmtp unix - - n - - lmtp
|
||||||
|
anvil unix - - n - 1 anvil
|
||||||
|
scache unix - - n - 1 scache
|
||||||
|
dovecot unix - n n - - pipe
|
||||||
|
flags=DRhu user=vmail:vmail argv=/usr/bin/vendor_perl/spamc -u spamd -e /usr/lib/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
# Interfaces to non-Postfix software. Be sure to examine the manual
|
||||||
|
# pages of the non-Postfix software to find out what options it wants.
|
||||||
|
#
|
||||||
|
# Many of the following services use the Postfix pipe(8) delivery
|
||||||
|
# agent. See the pipe(8) man page for information about ${recipient}
|
||||||
|
# and other message envelope options.
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# maildrop. See the Postfix MAILDROP_README file for details.
|
||||||
|
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#maildrop unix - n n - - pipe
|
||||||
|
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
|
||||||
|
#
|
||||||
|
# Specify in cyrus.conf:
|
||||||
|
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
|
||||||
|
#
|
||||||
|
# Specify in main.cf one or more of the following:
|
||||||
|
# mailbox_transport = lmtp:inet:localhost
|
||||||
|
# virtual_transport = lmtp:inet:localhost
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Cyrus 2.1.5 (Amos Gouaux)
|
||||||
|
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#cyrus unix - n n - - pipe
|
||||||
|
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Old example of delivery via Cyrus.
|
||||||
|
#
|
||||||
|
#old-cyrus unix - n n - - pipe
|
||||||
|
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# See the Postfix UUCP_README file for configuration details.
|
||||||
|
#
|
||||||
|
#uucp unix - n n - - pipe
|
||||||
|
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Other external delivery methods.
|
||||||
|
#
|
||||||
|
#ifmail unix - n n - - pipe
|
||||||
|
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
||||||
|
#
|
||||||
|
#bsmtp unix - n n - - pipe
|
||||||
|
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
|
||||||
|
#
|
||||||
|
#scalemail-backend unix - n n - 2 pipe
|
||||||
|
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
|
||||||
|
# ${nexthop} ${user} ${extension}
|
||||||
|
#
|
||||||
|
#mailman unix - n n - - pipe
|
||||||
|
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||||
|
# ${nexthop} ${user}
|
|
@ -0,0 +1,6 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
hosts = {{mail_db_host}}
|
||||||
|
dbname = {{mail_db_dbname}}
|
||||||
|
user = {{mail_db_user}}
|
||||||
|
password = {{mail_db_pass}}
|
||||||
|
query = SELECT mf.to as goto FROM host_mail_forward mf LEFT JOIN host_mail m on m.id = mf.mail LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' EXCEPT SELECT '%s' UNION SELECT '%s' FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1';
|
|
@ -0,0 +1,6 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
hosts = {{mail_db_host}}
|
||||||
|
dbname = {{mail_db_dbname}}
|
||||||
|
user = {{mail_db_user}}
|
||||||
|
password = {{mail_db_pass}}
|
||||||
|
query = SELECT fqdn as description FROM host_domain d LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE fqdn='%s' AND l.active='1' AND d.mail='1' AND d.active='1';
|
|
@ -0,0 +1,6 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
hosts = {{mail_db_host}}
|
||||||
|
dbname = {{mail_db_dbname}}
|
||||||
|
user = {{mail_db_user}}
|
||||||
|
password = {{mail_db_pass}}
|
||||||
|
query = SELECT CONCAT(m.login,'/') as maildir FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name='%u' AND fqdn='%d' AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1';
|
|
@ -0,0 +1,6 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
hosts = {{mail_db_host}}
|
||||||
|
dbname = {{mail_db_dbname}}
|
||||||
|
user = {{mail_db_user}}
|
||||||
|
password = {{mail_db_pass}}
|
||||||
|
query = SELECT ml.mail FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1';
|
|
@ -0,0 +1,5 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
require ["fileinto","mailbox"];
|
||||||
|
if header :contains "X-Spam-Flag" "YES" {
|
||||||
|
fileinto :create "Junk";
|
||||||
|
}
|
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
database: "host={{mail_db_host}} user={{mail_db_user}} dbname={{mail_db_dbname}} password={{mail_db_pass}} sslmode=disable"
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
warehost_db_host: localhost
|
||||||
|
warehost_web_internal_ip: 127.0.0.1
|
||||||
|
warehost_web_internal_port: 60000
|
||||||
|
warehost_web_webroot: /srv/warehost-web
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: reload daemon-reload
|
||||||
|
command: systemctl daemon-reload
|
||||||
|
|
||||||
|
- name: restart warehost-web
|
||||||
|
service: name=warehost-web state=restarted
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- warehost-meta
|
||||||
|
- warehost-db
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- name: Download Warehost-web (TODO current copy)
|
||||||
|
copy: src=warehost-web dest=/usr/local/bin/warehost-web owner=root group=root mode=0755
|
||||||
|
|
||||||
|
- name: Create web folder
|
||||||
|
file: path={{warehost_web_webroot}} state=directory owner=warehost group=http mode=0770
|
||||||
|
|
||||||
|
- name: Configurate warehost
|
||||||
|
template: src=config.yml dest=/etc/warehost/web.conf owner=warehost mode=0600
|
||||||
|
notify: restart warehost-web
|
||||||
|
|
||||||
|
- name: Install service
|
||||||
|
template: src=warehost-web.unit dest=/lib/systemd/system/warehost-web.service owner=root mode=644
|
||||||
|
notify:
|
||||||
|
- reload daemon-reload
|
||||||
|
- restart warehost-web
|
||||||
|
|
||||||
|
- name: Enable warehost
|
||||||
|
service: name=warehost-web state=started enabled=yes
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
address: {{warehost_web_internal_ip}}
|
||||||
|
port: {{warehost_web_internal_port}}
|
||||||
|
webroot: {{warehost_web_webroot}}
|
||||||
|
log:
|
||||||
|
path: /var/log/warehost/web.log
|
||||||
|
database: "host={{warehost_db_host}} user={{warehost_db_user}} dbname={{warehost_db_dbname}} password={{warehost_db_pass}} sslmode=disable"
|
||||||
|
databasedebug: false
|
|
@ -0,0 +1,21 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Warehost web v2
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
After=postgresql.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
# Modify these two values and uncomment them if you have
|
||||||
|
# repos with lots of files and get an HTTP error 500 because
|
||||||
|
# of that
|
||||||
|
###
|
||||||
|
#LimitMEMLOCK=infinity
|
||||||
|
#LimitNOFILE=65535
|
||||||
|
Type=simple
|
||||||
|
User=warehost
|
||||||
|
Group=nobody
|
||||||
|
ExecStart=/usr/local/bin/warehost-web -c /etc/warehost/web.conf
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Reference in New Issue