feat: implement dovecot backend server with postfix virtual mailbox integration
- create profiles::dovecot::backend class for IMAPS server configuration - add virtual mailbox support to profiles::postfix::gateway with enable_dovecot parameter - restructure common hieradata elements into mail.yaml - add virtual mailbox and alias map templates with ERB generation - add comprehensive type validation using Stdlib::Email, Stdlib::Fqdn, Stdlib::IP types - configure vmail user (UID/GID 5000) with shared storage on /shared/apps/maildata - update roles::infra::mail::backend to include both dovecot and postfix profiles
This commit is contained in:
@@ -0,0 +1,20 @@
|
||||
---
|
||||
|
||||
# Common mail server configuration
|
||||
|
||||
# base postfix configuration (passed to postfix class)
|
||||
postfix::relayhost: 'direct'
|
||||
postfix::myorigin: 'main.unkin.net'
|
||||
postfix::manage_aliases: true
|
||||
|
||||
# Common postfix virtuals for all mail servers
|
||||
postfix::virtuals:
|
||||
'root':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
'postmaster':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
'abuse':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
@@ -0,0 +1,87 @@
|
||||
---
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
- mail.main.unkin.net
|
||||
|
||||
# manage dovecot
|
||||
dovecot::install::packages:
|
||||
- dovecot
|
||||
- dovecot-pgsql
|
||||
profiles::dovecot::server::maildir_path: "%{hiera('profiles::postfix::gateway::virtual_mailbox_base')}"
|
||||
|
||||
#dovecot::config:
|
||||
# auth.conf:
|
||||
# values:
|
||||
# auth_mechanisms: 'plain login'
|
||||
# auth_username_format: '%Lu'
|
||||
# auth_default_realm: 'main.unkin.net'
|
||||
# auth-vmail.conf:
|
||||
# values:
|
||||
# passdb: |
|
||||
# {
|
||||
# driver = pam
|
||||
# }
|
||||
# userdb: |
|
||||
# {
|
||||
# driver = passwd
|
||||
# override_fields = uid=vmail gid=vmail home=/shared/apps/maildata/%u
|
||||
# }
|
||||
# mail.conf:
|
||||
# values:
|
||||
# mail_plugins: '$mail_plugins'
|
||||
# namespace inbox: |
|
||||
# {
|
||||
# inbox = yes
|
||||
# location =
|
||||
# mailbox Drafts {
|
||||
# special_use = \Drafts
|
||||
# }
|
||||
# mailbox Junk {
|
||||
# special_use = \Junk
|
||||
# }
|
||||
# mailbox Sent {
|
||||
# special_use = \Sent
|
||||
# }
|
||||
# mailbox "Sent Messages" {
|
||||
# special_use = \Sent
|
||||
# }
|
||||
# mailbox Trash {
|
||||
# special_use = \Trash
|
||||
# }
|
||||
# }
|
||||
# sections:
|
||||
# - name: 'namespace inbox'
|
||||
# values:
|
||||
# 'inbox': 'yes'
|
||||
# 'seperator': '.'
|
||||
# 'prefix': 'INBOX'
|
||||
|
||||
# backend-specific postfix configuration
|
||||
postfix::mydestination: 'localhost'
|
||||
postfix::mynetworks: '127.0.0.0/8 [::1]/128 10.10.12.0/24'
|
||||
postfix::smtp_listen: ['0.0.0.0', '::']
|
||||
postfix::use_dovecot_lda: true # use built-in dovecot LDA support
|
||||
postfix::mail_user: 'vmail:vmail'
|
||||
profiles::postfix::gateway::enable_postscreen: false # disable postscreen (backend doesn't need it)
|
||||
profiles::postfix::gateway::myhostname: 'mail.main.unkin.net'
|
||||
profiles::postfix::gateway::enable_dovecot: true # enable dovecot integration
|
||||
profiles::postfix::gateway::virtual_mailbox_domains:
|
||||
- 'main.unkin.net'
|
||||
profiles::postfix::gateway::virtual_mailbox_base: '/shared/apps/maildata'
|
||||
|
||||
profiles::postfix::gateway::virtual_mailbox_maps:
|
||||
'ben@main.unkin.net': 'main.unkin.net/ben/'
|
||||
'root@main.unkin.net': 'main.unkin.net/ben/'
|
||||
'postmaster@main.unkin.net': 'main.unkin.net/ben/'
|
||||
'abuse@main.unkin.net': 'main.unkin.net/ben/'
|
||||
|
||||
profiles::postfix::gateway::smtpd_client_restrictions:
|
||||
- 'permit_mynetworks'
|
||||
- 'reject_unauth_destination'
|
||||
profiles::postfix::gateway::smtpd_sender_restrictions:
|
||||
- 'permit_mynetworks'
|
||||
- 'reject_non_fqdn_sender'
|
||||
profiles::postfix::gateway::smtpd_recipient_restrictions:
|
||||
- 'permit_mynetworks'
|
||||
- 'reject_non_fqdn_recipient'
|
||||
- 'reject_unauth_destination'
|
||||
@@ -1,21 +1,15 @@
|
||||
---
|
||||
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
- in-mta.main.unkin.net
|
||||
|
||||
# base postfix configuration (passed to postfix class)
|
||||
postfix::relayhost: 'direct'
|
||||
postfix::myorigin: 'main.unkin.net'
|
||||
# gateway-specific postfix configuration
|
||||
postfix::mydestination: 'blank'
|
||||
postfix::mynetworks: '127.0.0.0/8 [::1]/128'
|
||||
postfix::smtp_listen: '0.0.0.0'
|
||||
postfix::mta: true
|
||||
postfix::manage_aliases: true
|
||||
|
||||
# profile parameters for customization
|
||||
profiles::postfix::gateway::myhostname: 'in-mta.main.unkin.net'
|
||||
|
||||
# postfix map content (templates)
|
||||
profiles::postfix::gateway::relay_recipients_maps:
|
||||
'@main.unkin.net': 'OK'
|
||||
|
||||
@@ -38,15 +32,3 @@ postfix::transports:
|
||||
ensure: present
|
||||
destination: 'relay'
|
||||
nexthop: 'ausyd1nxvm2120.main.unkin.net:25'
|
||||
|
||||
# postfix virtuals
|
||||
postfix::virtuals:
|
||||
'root':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
'postmaster':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
'abuse':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
|
||||
Reference in New Issue
Block a user