@ -0,0 +1,10 @@ | |||
--- | |||
- hosts: biff | |||
roles: | |||
- role: lxc_guest | |||
vm_name: mail | |||
- hosts: mail | |||
roles: | |||
- role: postfix | |||
ldap_server: "{{ hostvars['ldap'].ansible_host }}" | |||
fqdn_domain: "lilik.it" |
@ -0,0 +1,5 @@ | |||
- name: restart_postfix | |||
service: name=postfix state=restarted | |||
- name: restart_dovecot | |||
service: name=dovecot state=restarted |
@ -0,0 +1,115 @@ | |||
- name: configure Postfix (domain) | |||
debconf: | |||
name: 'postfix' | |||
question: 'postfix/domainpostfix/main_mailer_type' | |||
vtype: 'string' | |||
value: 'Internet Site' | |||
- name: configure Postfix (organization) | |||
debconf: | |||
name: 'postfix' | |||
question: 'postfix/mailname' | |||
vtype: 'string' | |||
value: 'lilik.it' | |||
- name: install postfix packages | |||
apt: | |||
name: '{{ item }}' | |||
state: latest | |||
install_recommends: false | |||
with_items: | |||
- postfix | |||
# - postfix-ldap | |||
- dovecot-ldap | |||
- dovecot-imapd | |||
- rsyslog | |||
- dovecot-lmtpd | |||
# - amavisd-new | |||
# - postgrey #TODO | |||
# - spamassassin | |||
# - clamav-daemon | |||
#- name: upload ldap-aliases.cf | |||
# template: | |||
# src: ldap-aliases.cf.j2 | |||
# dest: "/etc/postfix/ldap-aliases.cf" | |||
# notify: restart_postfix | |||
#- lineinfile: dest=/etc/postfix/main.cf line="virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-aliases.cf" | |||
# notify: restart_postfix | |||
#- name: upload ldap-domains.cf | |||
# template: | |||
# src: ldap-domains.cf.j2 | |||
# dest: "/etc/postfix/ldap-domains.cf" | |||
# notify: restart_postfix | |||
#- lineinfile: dest=/etc/postfix/main.cf line="virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-domains.cf" | |||
# notify: restart_postfix | |||
#- name: upload ldap-accounts.cf | |||
# template: | |||
# src: ldap-accounts.cf.j2 | |||
# dest: "/etc/postfix/ldap-accounts.cf" | |||
# notify: restart_postfix | |||
#- lineinfile: dest=/etc/postfix/main.cf line="virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-accounts.cf" | |||
# notify: restart_postfix | |||
- lineinfile: dest=/etc/postfix/main.cf line="virtual_transport = lmtp:unix:private/dovecot-lmtp" state=present | |||
notify: restart_postfix | |||
- name: create postman group | |||
group: name=postman state=present gid=800 | |||
- name: create postman user | |||
user: name=postman state=present uid=800 shell=/dev/null | |||
- lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf regexp='^mail_location' state=absent | |||
notify: restart_dovecot | |||
- lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_location = maildir:/home/postman/%d/%n' state=present | |||
notify: restart_dovecot | |||
- lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_gid = 800' state=present | |||
notify: restart_dovecot | |||
- lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_uid = 800' state=present | |||
notify: restart_dovecot | |||
- lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="!include auth-system.conf.ext" state=absent | |||
notify: restart_dovecot | |||
- lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="!include auth-ldap.conf.ext" state=present | |||
notify: restart_dovecot | |||
- lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="auth_default_realm = {{ fqdn_domain }}" | |||
- template: src=dovecot-ldap.conf.ext.j2 dest=/etc/dovecot/dovecot-ldap.conf.ext | |||
notify: restart_dovecot | |||
#- lineinfile: dest=/etc/postfix/main.cf line="content_filter=smtp-amavis:[127.0.0.1]:10024" state=present | |||
# notify: restart_postfix | |||
#- blockinfile: | | |||
# dest=/etc/postfix/master.cf | |||
# content=" smtp-amavis unix - - n - 2 smtp | |||
# -o smtp_data_done_timeout=1200 | |||
# -o smtp_send_xforward_command=yes | |||
# -o disable_dns_lookups=yes | |||
# -o max_use=20 | |||
# | |||
# 127.0.0.1:10025 inet n - n - - smtpd | |||
# -o content_filter= | |||
# -o smtpd_delay_reject=no | |||
# -o smtpd_client_restrictions=permit_mynetworks,reject | |||
# -o smtpd_helo_restrictions= | |||
# -o smtpd_sender_restrictions= | |||
# -o smtpd_recipient_restrictions=permit_mynetworks,reject | |||
# -o smtpd_data_restrictions=reject_unauth_pipelining | |||
# -o smtpd_end_of_data_restrictions= | |||
# -o smtpd_restriction_classes= | |||
# -o mynetworks=127.0.0.0/8 | |||
# -o smtpd_error_sleep_time=0 | |||
# -o smtpd_soft_error_limit=1001 | |||
# -o smtpd_hard_error_limit=1000 | |||
# -o smtpd_client_connection_count_limit=0 | |||
# -o smtpd_client_connection_rate_limit=0 | |||
# -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters | |||
# -o local_header_rewrite_clients=" | |||
# notify: restart_postfix |
@ -0,0 +1,41 @@ | |||
uris = ldap://{{ ldap_server }} | |||
# choose bind method instead of simple authentication | |||
auth_bind = yes | |||
# pass_attrs | |||
# specifies a comma-separated list of attributes that are returned from the LDAP. | |||
# If you set it to empty, all the attributes are returned. | |||
# http://wiki2.dovecot.org/AuthDatabase/LDAP/PasswordLookups | |||
# pass_attrs = user=mail, | |||
# http://wiki.dovecot.org/PasswordDatabase | |||
# Returning a user field can be used to change the username. Typically used only for case changes (e.g. "UseR" -> "user"). | |||
# username: Like user, but doesn't drop existing domain name (e.g. "username=foo" for "user@domain" gives "foo@domain"). | |||
# domain: Updates the domain part of the username; domain=%{ldap:vd} | |||
pass_attrs = disableUser=user | |||
# pass_filter | |||
# specifies the LDAP filter how user is found from the LDAP. | |||
# You can use all the normal variables like %u in the filter. | |||
pass_filter = (&(objectClass=VirtualMailAccount)(mail=%n)(accountActive=TRUE)(delete=FALSE)) | |||
ldap_version = 3 | |||
# search in vd=domain,o=hosting,dc=lilik,dc=it | |||
base = vd=%d,o=hosting,dc=lilik,dc=it | |||
deref = always | |||
scope = subtree | |||
# ldap filter, return an entity that is a virtual mail account | |||
user_filter = (&(objectClass=VirtualMailAccount)(mail=%n)(accountActive=TRUE)(delete=FALSE)) | |||
# to prevent the uid and gid mappings from the ldap object to | |||
# dovecot mailbox, we map them to unused ldap fields | |||
# the sytnax is: "ldap_attribute = dovecot_attribute" | |||
# this is done because otherwise dovecot will deliver | |||
# emails to the user directory instead of the maildir directory | |||
# handled by the user postman | |||
user_attrs = disablehomeDirectory=home,disableuidNumber=uid,disablegidNumber=gid |
@ -0,0 +1,9 @@ | |||
server_host = {{ ldap_server }} | |||
search_base = vd=%D,o=hosting,dc=lilik,dc=it | |||
#query_filter = (&(objectClass=simpleSecurityObject)(mail=%s)) | |||
query_filter = (&(objectClass=VirtualMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE)) | |||
result_attribute = mail | |||
#result_attribute = uid | |||
#result_format = %D/%s/ | |||
dereference = 3 | |||
version = 3 |
@ -0,0 +1,9 @@ | |||
server_host = {{ ldap_server }} | |||
search_base = vd=%D,o=hosting,dc=lilik,dc=it | |||
#query_filter = (&(objectClass=simpleSecurityObject)(mail=%s)) | |||
query_filter = (&(objectClass=VirtualMailAlias)(mail=%u)(accountActive=TRUE)) | |||
result_attribute = maildrop | |||
#result_attribute = uid | |||
#result_format = %D/%s/ | |||
dereference = 3 | |||
version = 3 |
@ -0,0 +1,8 @@ | |||
server_host = {{ ldap_server }} | |||
search_base = o=hosting,dc=lilik,dc=it | |||
query_filter = (&(vd=%s)(objectClass=VirtualDomain)) | |||
result_attribute = vd | |||
#scope = one | |||
#cache = yes | |||
dereference = 3 | |||
version = 3 |
@ -0,0 +1,144 @@ | |||
# LDIF Export for dc=lilik,dc=it | |||
# Server: My LDAP Server (127.0.0.1) | |||
# Search Scope: sub | |||
# Search Filter: (objectClass=*) | |||
# Total Entries: 611 | |||
# | |||
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on February 19, 2016 7:30 pm | |||
# Version: 1.2.2 | |||
# Entry 4: o=Group,dc=lilik,dc=it | |||
dn: o=Group,dc=lilik,dc=it | |||
hassubordinates: TRUE | |||
o: Group | |||
objectclass: organization | |||
objectclass: top | |||
structuralobjectclass: organization | |||
subschemasubentry: cn=Subschema | |||
# Entry 10: cn=stdusers,o=Group,dc=lilik,dc=it | |||
dn: cn=stdusers,o=Group,dc=lilik,dc=it | |||
cn: stdusers | |||
gidnumber: 9000 | |||
hassubordinates: FALSE | |||
objectclass: posixGroup | |||
objectclass: top | |||
structuralobjectclass: posixGroup | |||
subschemasubentry: cn=Subschema | |||
# Entry 12: cn=users_sites,o=Group,dc=lilik,dc=it | |||
dn: cn=users_sites,o=Group,dc=lilik,dc=it | |||
cn: users_sites | |||
gidnumber: 500 | |||
hassubordinates: FALSE | |||
memberuid: tommyblue | |||
objectclass: posixGroup | |||
objectclass: top | |||
structuralobjectclass: posixGroup | |||
subschemasubentry: cn=Subschema | |||
# Entry 14: o=hosting,dc=lilik,dc=it | |||
dn: o=hosting,dc=lilik,dc=it | |||
description: mail.lilik.it hosting root | |||
hassubordinates: TRUE | |||
o: hosting | |||
objectclass: top | |||
objectclass: organization | |||
structuralobjectclass: organization | |||
subschemasubentry: cn=Subschema | |||
# Entry 22: vd=lilik.it,o=hosting,dc=lilik,dc=it | |||
dn: vd=lilik.it,o=hosting,dc=lilik,dc=it | |||
accountactive: TRUE | |||
delete: FALSE | |||
editav: FALSE | |||
hassubordinates: TRUE | |||
maxalias: 20 | |||
maxmail: 11 | |||
maxquota: 250 | |||
objectclass: top | |||
objectclass: VirtualDomain | |||
postfixtransport: maildrop: | |||
structuralobjectclass: VirtualDomain | |||
subschemasubentry: cn=Subschema | |||
vd: lilik.it | |||
lastChange: 1228821387 | |||
# Entry 23: cn=postmaster,vd=lilik.it,o=hosting,dc=lilik,dc=it | |||
dn: cn=postmaster,vd=lilik.it,o=hosting,dc=lilik,dc=it | |||
accountactive: TRUE | |||
cn: postmaster | |||
editaccounts: TRUE | |||
hassubordinates: FALSE | |||
mail: postmaster | |||
maildrop: postmaster | |||
objectclass: top | |||
objectclass: VirtualMailAlias | |||
sn: postmaster | |||
structuralobjectclass: VirtualMailAlias | |||
subschemasubentry: cn=Subschema | |||
userpassword: {SSHA}4IuBxQNWgMNPX/lCtP2GgbJeiYX+u4ud | |||
lastChange: 1228821387 | |||
# Entry 24: mail=abuse,vd=lilik.it,o=hosting,dc=lilik,dc=it | |||
dn: mail=abuse,vd=lilik.it,o=hosting,dc=lilik,dc=it | |||
accountactive: TRUE | |||
cn: NONAME | |||
givenname: NONAME | |||
hassubordinates: FALSE | |||
mail: abuse | |||
maildrop: root | |||
objectclass: top | |||
objectclass: VirtualMailAlias | |||
smtpauth: FALSE | |||
sn: NONAME | |||
structuralobjectclass: VirtualMailAlias | |||
subschemasubentry: cn=Subschema | |||
userpassword: {CRYPT}! | |||
lastChange: 1228821387 | |||
dn: mail=tommyblue,vd=lilik.it,o=hosting,dc=lilik,dc=it | |||
objectclass: alias | |||
objectclass: extensibleObject | |||
uid: alias | |||
aliasedobjectname: uid=tommyblue,o=People,dc=lilik,dc=it | |||
# Entry 319: o=People,dc=lilik,dc=it | |||
dn: o=People,dc=lilik,dc=it | |||
hassubordinates: TRUE | |||
o: People | |||
objectclass: organization | |||
objectclass: top | |||
structuralobjectclass: organization | |||
subschemasubentry: cn=Subschema | |||
dn: uid=tommyblue,o=People,dc=lilik,dc=it | |||
accountactive: TRUE | |||
cn: Tommaso Visconti | |||
delete: FALSE | |||
gidnumber: 100 | |||
givenname: Tommaso | |||
hassubordinates: FALSE | |||
homedirectory: /home/tommyblue | |||
loginshell: /bin/sh | |||
mail: tommyblue | |||
mailbox: lilik.it/tommyblue/ | |||
objectclass: top | |||
objectclass: inetOrgPerson | |||
objectclass: VirtualMailAccount | |||
objectclass: posixAccount | |||
objectclass: shadowAccount | |||
othertransport: phamm: | |||
quota: 1024000 | |||
shadowlastchange: 14281 | |||
smtpauth: FALSE | |||
sn: Visconti | |||
structuralobjectclass: VirtualMailAccount | |||
subschemasubentry: cn=Subschema | |||
uid: tommyblue | |||
uidnumber: 10001 | |||
userpassword: {CRYPT}$1$8jnl0tRQ$YiKqohvCe8M63Zmlx5T/h1 | |||
vdhome: /home/mail_deliver/lilik.it/tommyblue | |||
lastChange: 1228821387 |