Ben Vincent
528fbe4190
- create profiles::dovecot::backend class for IMAPS server configuration - add virtual mailbox support to profiles::postfix::gateway with enable_dovecot parameter - restructure common hieradata elements into mail.yaml - add virtual mailbox and alias map templates with ERB generation - add comprehensive type validation using Stdlib::Email, Stdlib::Fqdn, Stdlib::IP types - configure vmail user (UID/GID 5000) with shared storage on /shared/apps/maildata - update roles::infra::mail::backend to include both dovecot and postfix profiles
88 lines
2.6 KiB
YAML
88 lines
2.6 KiB
YAML
---
|
|
# additional altnames
|
|
profiles::pki::vault::alt_names:
|
|
- mail.main.unkin.net
|
|
|
|
# manage dovecot
|
|
dovecot::install::packages:
|
|
- dovecot
|
|
- dovecot-pgsql
|
|
profiles::dovecot::server::maildir_path: "%{hiera('profiles::postfix::gateway::virtual_mailbox_base')}"
|
|
|
|
#dovecot::config:
|
|
# auth.conf:
|
|
# values:
|
|
# auth_mechanisms: 'plain login'
|
|
# auth_username_format: '%Lu'
|
|
# auth_default_realm: 'main.unkin.net'
|
|
# auth-vmail.conf:
|
|
# values:
|
|
# passdb: |
|
|
# {
|
|
# driver = pam
|
|
# }
|
|
# userdb: |
|
|
# {
|
|
# driver = passwd
|
|
# override_fields = uid=vmail gid=vmail home=/shared/apps/maildata/%u
|
|
# }
|
|
# mail.conf:
|
|
# values:
|
|
# mail_plugins: '$mail_plugins'
|
|
# namespace inbox: |
|
|
# {
|
|
# inbox = yes
|
|
# location =
|
|
# mailbox Drafts {
|
|
# special_use = \Drafts
|
|
# }
|
|
# mailbox Junk {
|
|
# special_use = \Junk
|
|
# }
|
|
# mailbox Sent {
|
|
# special_use = \Sent
|
|
# }
|
|
# mailbox "Sent Messages" {
|
|
# special_use = \Sent
|
|
# }
|
|
# mailbox Trash {
|
|
# special_use = \Trash
|
|
# }
|
|
# }
|
|
# sections:
|
|
# - name: 'namespace inbox'
|
|
# values:
|
|
# 'inbox': 'yes'
|
|
# 'seperator': '.'
|
|
# 'prefix': 'INBOX'
|
|
|
|
# backend-specific postfix configuration
|
|
postfix::mydestination: 'localhost'
|
|
postfix::mynetworks: '127.0.0.0/8 [::1]/128 10.10.12.0/24'
|
|
postfix::smtp_listen: ['0.0.0.0', '::']
|
|
postfix::use_dovecot_lda: true # use built-in dovecot LDA support
|
|
postfix::mail_user: 'vmail:vmail'
|
|
profiles::postfix::gateway::enable_postscreen: false # disable postscreen (backend doesn't need it)
|
|
profiles::postfix::gateway::myhostname: 'mail.main.unkin.net'
|
|
profiles::postfix::gateway::enable_dovecot: true # enable dovecot integration
|
|
profiles::postfix::gateway::virtual_mailbox_domains:
|
|
- 'main.unkin.net'
|
|
profiles::postfix::gateway::virtual_mailbox_base: '/shared/apps/maildata'
|
|
|
|
profiles::postfix::gateway::virtual_mailbox_maps:
|
|
'ben@main.unkin.net': 'main.unkin.net/ben/'
|
|
'root@main.unkin.net': 'main.unkin.net/ben/'
|
|
'postmaster@main.unkin.net': 'main.unkin.net/ben/'
|
|
'abuse@main.unkin.net': 'main.unkin.net/ben/'
|
|
|
|
profiles::postfix::gateway::smtpd_client_restrictions:
|
|
- 'permit_mynetworks'
|
|
- 'reject_unauth_destination'
|
|
profiles::postfix::gateway::smtpd_sender_restrictions:
|
|
- 'permit_mynetworks'
|
|
- 'reject_non_fqdn_sender'
|
|
profiles::postfix::gateway::smtpd_recipient_restrictions:
|
|
- 'permit_mynetworks'
|
|
- 'reject_non_fqdn_recipient'
|
|
- 'reject_unauth_destination'
|