feat: implement dovecot backend server with postfix virtual mailbox integration

- create profiles::dovecot::backend class for IMAPS server configuration
- add virtual mailbox support to profiles::postfix::gateway with enable_dovecot parameter
- restructure common hieradata elements into mail.yaml
- add virtual mailbox and alias map templates with ERB generation
- add comprehensive type validation using Stdlib::Email, Stdlib::Fqdn, Stdlib::IP types
- configure vmail user (UID/GID 5000) with shared storage on /shared/apps/maildata
- update roles::infra::mail::backend to include both dovecot and postfix profiles
This commit is contained in:
2025-11-01 19:03:04 +11:00
parent 78adef0eee
commit 528fbe4190
9 changed files with 277 additions and 25 deletions
+20
View File
@@ -0,0 +1,20 @@
---
# Common mail server configuration
# base postfix configuration (passed to postfix class)
postfix::relayhost: 'direct'
postfix::myorigin: 'main.unkin.net'
postfix::manage_aliases: true
# Common postfix virtuals for all mail servers
postfix::virtuals:
'root':
ensure: present
destination: 'ben@main.unkin.net'
'postmaster':
ensure: present
destination: 'ben@main.unkin.net'
'abuse':
ensure: present
destination: 'ben@main.unkin.net'
+87
View File
@@ -0,0 +1,87 @@
---
# additional altnames
profiles::pki::vault::alt_names:
- mail.main.unkin.net
# manage dovecot
dovecot::install::packages:
- dovecot
- dovecot-pgsql
profiles::dovecot::server::maildir_path: "%{hiera('profiles::postfix::gateway::virtual_mailbox_base')}"
#dovecot::config:
# auth.conf:
# values:
# auth_mechanisms: 'plain login'
# auth_username_format: '%Lu'
# auth_default_realm: 'main.unkin.net'
# auth-vmail.conf:
# values:
# passdb: |
# {
# driver = pam
# }
# userdb: |
# {
# driver = passwd
# override_fields = uid=vmail gid=vmail home=/shared/apps/maildata/%u
# }
# mail.conf:
# values:
# mail_plugins: '$mail_plugins'
# namespace inbox: |
# {
# inbox = yes
# location =
# mailbox Drafts {
# special_use = \Drafts
# }
# mailbox Junk {
# special_use = \Junk
# }
# mailbox Sent {
# special_use = \Sent
# }
# mailbox "Sent Messages" {
# special_use = \Sent
# }
# mailbox Trash {
# special_use = \Trash
# }
# }
# sections:
# - name: 'namespace inbox'
# values:
# 'inbox': 'yes'
# 'seperator': '.'
# 'prefix': 'INBOX'
# backend-specific postfix configuration
postfix::mydestination: 'localhost'
postfix::mynetworks: '127.0.0.0/8 [::1]/128 10.10.12.0/24'
postfix::smtp_listen: ['0.0.0.0', '::']
postfix::use_dovecot_lda: true # use built-in dovecot LDA support
postfix::mail_user: 'vmail:vmail'
profiles::postfix::gateway::enable_postscreen: false # disable postscreen (backend doesn't need it)
profiles::postfix::gateway::myhostname: 'mail.main.unkin.net'
profiles::postfix::gateway::enable_dovecot: true # enable dovecot integration
profiles::postfix::gateway::virtual_mailbox_domains:
- 'main.unkin.net'
profiles::postfix::gateway::virtual_mailbox_base: '/shared/apps/maildata'
profiles::postfix::gateway::virtual_mailbox_maps:
'ben@main.unkin.net': 'main.unkin.net/ben/'
'root@main.unkin.net': 'main.unkin.net/ben/'
'postmaster@main.unkin.net': 'main.unkin.net/ben/'
'abuse@main.unkin.net': 'main.unkin.net/ben/'
profiles::postfix::gateway::smtpd_client_restrictions:
- 'permit_mynetworks'
- 'reject_unauth_destination'
profiles::postfix::gateway::smtpd_sender_restrictions:
- 'permit_mynetworks'
- 'reject_non_fqdn_sender'
profiles::postfix::gateway::smtpd_recipient_restrictions:
- 'permit_mynetworks'
- 'reject_non_fqdn_recipient'
- 'reject_unauth_destination'
+2 -20
View File
@@ -1,21 +1,15 @@
---
# additional altnames
profiles::pki::vault::alt_names:
- in-mta.main.unkin.net
# base postfix configuration (passed to postfix class)
postfix::relayhost: 'direct'
postfix::myorigin: 'main.unkin.net'
# gateway-specific postfix configuration
postfix::mydestination: 'blank'
postfix::mynetworks: '127.0.0.0/8 [::1]/128'
postfix::smtp_listen: '0.0.0.0'
postfix::mta: true
postfix::manage_aliases: true
# profile parameters for customization
profiles::postfix::gateway::myhostname: 'in-mta.main.unkin.net'
# postfix map content (templates)
profiles::postfix::gateway::relay_recipients_maps:
'@main.unkin.net': 'OK'
@@ -38,15 +32,3 @@ postfix::transports:
ensure: present
destination: 'relay'
nexthop: 'ausyd1nxvm2120.main.unkin.net:25'
# postfix virtuals
postfix::virtuals:
'root':
ensure: present
destination: 'ben@main.unkin.net'
'postmaster':
ensure: present
destination: 'ben@main.unkin.net'
'abuse':
ensure: present
destination: 'ben@main.unkin.net'