adelgado/ansible-role-dbmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit with previous code

Browse source
This commit is contained in:
Antonio J. Delgado 2022-10-11 10:18:54 +03:00
commit 448b2de582
22 changed files with 688 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
defaults/main.yml Normal file
View file

@ -0,0 +1,107 @@
---
dbmail_version: 3.3.0
dbmail_logfolder: /var/log/dbmail
dbmail_user: dbmail
dbmail_group: dbmail
dbmail_db_driver: mysql
dbmail_db_host: 127.0.0.1
dbmail_db_port: 3306
dbmail_db_name: dbmail
dbmail_db_user: dbmail
dbmail_db_password: "{{ vault_dbmail_password }}"
mail_server_fqdn: mail.example.com
dbmail_domains:
- example.com
admin_email: "mailmaster@{{ dbmail_domains[0] }}"
configure_ufw: true
ufw_allow_ports:
- 995
- 993
dbmail_systemd_units:
- dbmail-imapd
- dbmail-lmtpd
- dbmail-pop3d
- dbmail-timsieved
# Check dbmail.conf for all options
dbmail_configuration:
DBMAIL:
logfile: "{{ dbmail_logfolder }}/dbmail.log"
authdriver: sql
effective_user: "{{ dbmail_user }}"
effective_group: "{{ dbmail_group }}"
table_prefix: dbmail_
encoding: utf8
default_msg_encoding: utf8
sendmail: /usr/sbin/sendmail
file_logging_levels: 7
syslog_logging_levels: 31
query_time_info: 10
query_time_notice: 20
query_time_warning: 30
query_timeout: 300
bindip: 0.0.0.0
timeout: 300
login_timeout: 60
resolve_ip: no
authlog: no
errorlog: "{{ dbmail_logfolder }}/dbmail.err"
pid_directory: /var/run/dbmail
postmaster: "{{ admin_email }}"
hash_algorithm: SHA512
# tls_cafile:
# tls_cert:
# tls_key:
# tls_ciphers:
LMTP:
port: 24
IMAP:
port: 143
tls_port: 993
timeout: 4000
imap_before_smtp: 'no'
POP:
port: 110
tls_port: 995
login_disabled: 'no'
pop_before_smtp: 'no'
HTTP:
port: 3112
bindip: 127.0.0.1
admin: "admin:{{ vault_dbmail_admin_password }}"
SIEVE:
port: 2000
#tls_port:
LDAP:
port: 389
version: 3
hostname: 127.0.0.1
base_dn: ou=People,dc=mydomain,dc=com
bind_dn: cn=dbmail_admin,dc=mydomain,dc=com
bind_pw: "{{ vault_dbmail_ldap_password }}"
cn_string: uid
field_passwd: userPassword
field_mail: mail
field_quota: mailQuota
field_fwdtarget: mailForwardingAddress
scope: SubTree
referrals: yes
user_objectclass: top,account,dbmailUser
forw_objectclass: top,account,dbmailForwardingAddress
field_uid: uid
field_nid: uidNumber
min_nid: 10000
max_nid: 15000
field_cid: gidNumber
min_cid: 10000
max_cid: 15000
DELIVERY:
SIEVE: 'yes'
SUBADDRESS: 'yes'
SIEVE_VACATION: 'yes'
SIEVE_NOTIFY: 'yes'
SIEVE_DEBUG: 'no'
AUTO_NOTIFY: 'no'
AUTO_REPLY: 'no'
suppress_duplicates: 'no'
quota_failure: hard

4
handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
- name: Reload systemd daemon
systemd:
daemon_reload: true

72
tasks/configure_certificates.yml Normal file
View file

@ -0,0 +1,72 @@
---
- name: Get external IP of the node
uri:
url: http://checkip.dyndns.org
return_content: true
register: node_external_ip
- name: Set fact for mail server FQDN
set_fact:
mail_server_fqdn_ip: "{{ lookup('dig', mail_server_fqdn, '@1.1.1.1') }}"
- name: Ensure server certificate exists
shell: "certbot certonly --agree-tos --email {{ admin_email }} -n --webroot -d {{ mail_server_fqdn }} --webroot-path /var/www/html"
args:
creates: "/etc/letsencrypt/live/{{ mail_server_fqdn }}"
when: mail_server_fqdn_ip == node_external_ip
- name: Ensure dbmail certificate is configured
ini_file:
path: /etc/dbmail/dbmail.conf
create: true
section: DBMAIL
option: tls_cert
value: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/cert.pem"
- name: Ensure dbmail certificate's private key is configured
ini_file:
path: /etc/dbmail/dbmail.conf
create: true
section: DBMAIL
option: tls_key
value: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem"
- name: Ensure dbmail certificate's certificate authority certificate is configured
ini_file:
path: /etc/dbmail/dbmail.conf
create: true
section: DBMAIL
option: tls_cafile
value: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/chain.pem"
- name: Check if there is a public key
stat:
path: /root/.ssh/id_rsa.pub
register: pubkey
- name: Generate new key if it doesn't exist already
shell: ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ''
when: not pubkey.stat.exists
- name: Get SSH public key content
shell: cat /root/.ssh/id_rsa.pub
register: ssh_pubkey
- name: Add SSH public key to local (Ansible control node) file
lineinfile:
path: /tmp/pubkeys
regexp: "^{{ ssh_pubkey.stdout }}$"
line: "{{ ssh_pubkey.stdout }}"
create: true
delegate_to: 127.0.0.1
- name: Add SSH public keys to authorized_keys
authorized_key:
user: root
state: present
key: "{{ item }}"
loop: "{{ lookup('file', '/tmp/pubkeys') | split('\n') }}"
- name: Synchronize certificates
shell: "rsync -ar -e 'ssh -p 7227 -o StrictHostKeyChecking=no' {{ ansible_play_hosts[0] }}:/etc/letsencrypt /etc/letsencrypt"
when: inventory_hostname != ansible_play_hosts[0]

41
tasks/configure_dbmail.yml Normal file
View file

@ -0,0 +1,41 @@
---
- name: Ensure configureation folder exists
file:
path: /etc/dbmail
state: directory
- name: Copy initial configuration file
copy:
remote_src: true
src: "/usr/src/dbmail-{{ dbmail_version }}/dbmail.conf"
dest: /etc/dbmail/dbmail.conf
backup: yes
- name: Ensure dbmail is configured
template:
src: templates/dbmail.conf.j2
dest: /etc/dbmail/dbmail.conf
backup: yes
- name: Ensure run folder exists
file:
path: "{{ dbmail_configuration['DBMAIL']['pid_directory'] | default('/var/run/dbmail') }}"
state: directory
owner: "{{ dbmail_configuration['DBMAIL']['effective_user'] | default('dbmail') }}"
group: "{{ dbmail_configuration['DBMAIL']['effective_group'] | default('dbmail') }}"
- name: Ensure driver is configured
ini_file:
path: /etc/dbmail/dbmail.conf
create: true
section: DBMAIL
option: dburi
value: "{{ dbmail_db_driver }}://{{ dbmail_db_user }}:{{ dbmail_db_password }}@{{ dbmail_db_host }}:{{ dbmail_db_port }}/{{ dbmail_db_name }}"
- name: Ensure service units are enabled and started
systemd:
daemon_reload: true
name: "{{ item }}"
enabled: true
state: started
loop: "{{ dbmail_systemd_units }}"

74
tasks/configure_mysql_database.yml Normal file
View file

@ -0,0 +1,74 @@
---
- name: Initialize fact create_database
set_fact:
create_database: true
- name: Check for existing database
shell: mysql -Bqe 'show databases'
register: databases
ignore_errors: true
- name: Check for existing tables in database
shell: "mysql {{ dbmail_db_name }} -Bqe 'show tables'"
register: tables
when: "dbmail_db_name in databases.stdout"
- name: Update fact create_database
set_fact:
create_database: false
when:
- "dbmail_db_name in databases.stdout"
- "'dbmail_users' in tables.stdout"
- name: Create copy of create_tables to work with
copy:
remote_src: true
src: /usr/src/dbmail-3.3.0/sql/mysql/create_tables.mysql
dest: /tmp/create_tables.sql
when: create_database
- name: Fix index name for auto_notifications table
lineinfile:
path: /tmp/create_tables.sql
firstmatch: true
line: ' FOREIGN KEY an_user_idnr_fk (user_idnr)'
search_string: ' FOREIGN KEY user_idnr_fk (user_idnr)'
backup: yes
when: create_database
- name: Fix index name for auto_replies table
lineinfile:
path: /tmp/create_tables.sql
firstmatch: true
line: ' FOREIGN KEY ar_user_idnr_fk (user_idnr)'
search_string: ' FOREIGN KEY user_idnr_fk (user_idnr)'
backup: yes
when: create_database
- name: Create a new database from structure file
mysql_db:
name: "{{ dbmail_db_name }}"
state: import
target: /tmp/create_tables.sql
collation: utf8_general_ci
encoding: utf8
login_unix_socket: /var/run/mysqld/mysqld.sock
when: create_database
- name: Create database user with mail database privileges for remote access
mysql_user:
name: "{{ dbmail_db_user }}"
host: "{{ lookup('dig', item) }}"
password: "{{ dbmail_db_password }}"
priv: "{{ dbmail_db_name }}.*:ALL"
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
loop: "{{ ansible_play_hosts }}"
- name: Create database user with mail database privileges for local access
mysql_user:
name: "{{ dbmail_db_user }}"
password: "{{ dbmail_db_password }}"
priv: "{{ dbmail_db_name }}.*:ALL"
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock

6
tasks/configure_ufw.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Allow traffic to specific ports
ufw:
rule: allow
port: "{{ item }}"
loop: "{{ ufw_allow_ports }}"

78
tasks/install.yml Normal file
View file

@ -0,0 +1,78 @@
---
- name: Set list of required software
set_fact:
required_software:
- libsieve2-1
- libzdb11
- libglib2.0-dev
- libgmime-3.0-dev
- libsieve2-dev
- libmhash-dev
- libzdb-dev
- libevent-dev
- libldap-dev
- libssl-dev
- asciidoc
- name: Ensure required software is installed
package:
name: "{{ required_software }}"
- name: Ensure log folder exists
file:
path: "{{ dbmail_logfolder }}"
state: directory
#owner: ???
#group: ???
- name: Download source
get_url:
url: "https://github.com/dbmail/dbmail/archive/refs/tags/v{{ dbmail_version }}.tar.gz"
dest: "/tmp/dbmail.{{ dbmail_version }}.tar.gz"
- name: Decompress source
unarchive:
remote_src: true
src: "/tmp/dbmail.{{ dbmail_version }}.tar.gz"
dest: /usr/src
creates: "/usr/src/dbmail-{{ dbmail_version }}/configure"
- name: Compile source
shell: "/usr/src/dbmail-{{ dbmail_version }}/configure --with-zdb=/usr --with-sieve --with-ldap --localstatedir=/var/run/dbmail --runstatedir=/run/dbmail --enable-systemd --enable-manpages --sysconfdir=/etc/dbmail --with-logdir={{ dbmail_logfolder }}"
args:
chdir: "/usr/src/dbmail-{{ dbmail_version }}/"
creates: "/usr/src/dbmail-{{ dbmail_version }}/Makefile"
- name: Make source
shell: "make"
args:
chdir: "/usr/src/dbmail-{{ dbmail_version }}/"
creates: "/usr/src/dbmail-{{ dbmail_version }}/src/dbmail-imapd"
- name: Make installation
shell: "make install"
args:
chdir: "/usr/src/dbmail-{{ dbmail_version }}/"
creates: /usr/local/sbin/dbmail-imapd
- name: Copy cron task
copy:
remote_src: true
src: "/usr/src/dbmail-{{ dbmail_version }}/debian/dbmail.cron.d"
dest: /etc/cron.d/dbmail-util
- name: Copy logrotate configuration
copy:
remote_src: true
src: "/usr/src/dbmail-{{ dbmail_version }}/debian/dbmail.logrotate"
dest: /etc/logrotate.d/dbmail
- name: Ensure dbmail group exists
group:
name: "{{ dbmail_group }}"
- name: Ensure dbmail user exists
user:
name: "{{ dbmail_user }}"
group: "{{ dbmail_group }}"
shell: /dev/null

20
tasks/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: Ensure installation of software
include_tasks: install.yml
- name: Ensure configuration of MySQL database
include_tasks: configure_mysql_database.yml
when:
- dbmail_db_driver == 'mysql'
- "'127.0.0.' in dbmail_db_host or dbmail_db_host == 'localhost' or dbmail_db_host == ansible_host"
- name: Ensure configuration of dbmail
include_tasks: configure_dbmail.yml
- name: Ensure configuration of UFW for dbmail
include_tasks: configure_ufw.yml
when: configure_ufw
- name: Ensure certificates are configured
include_tasks: configure_certificates.yml
when: dbmail_configuration['POP']['tls_port'] > 0 or dbmail_configuration['IMAP']['tls_port'] > 0 or dbmail_configuration['SIEVE']['tls_port'] > 0

17
templates/authmysqlrc.j2 Normal file
View file

@ -0,0 +1,17 @@
MYSQL_SERVER localhost
MYSQL_USERNAME {{ dbmail_db_user }}
MYSQL_PASSWORD {{ dbmail_db_password }}
MYSQL_PORT 0
MYSQL_DATABASE {{ dbmail_db_name }}
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD
MYSQL_QUOTA_FIELD quota
MYSQL_OPT 0
##NAME: MARKER:0 # # Do not remove this section from this configuration file. This section # must be present at the end of this file.

21
templates/dbmail.conf.j2 Normal file
View file

@ -0,0 +1,21 @@
# Configuration file for DBMAIL
# ATTENTION! This file is managed by ansible local changes might get changed
#
# Copyright (c) 2000-2006 IC&S, The Netherlands
# Copyright (c) 2004-2013 NFG Net Facilities Group BV support@nfg.nl
# Copyright (c) 2014-2019 Paul J Stevens, The Netherlands, support@nfg.nl
# Copyright (c) 2020-2022 Alan Hicks, Persistent Objects Ltd support@p-o.co.uk
#
{% for section_name, section_options in dbmail_configuration.items() %}
[{{ section_name }}]
{% for key, value in section_options.items() %}
{% if value == True %}
{{ key }} = yes
{% else %}{% if value == False%}
{{ key }} = no
{% else %}
{{ key }} = {{ value }}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}

1
templates/mailpw.j2 Normal file
View file

@ -0,0 +1 @@
{{ masterpassword }}

56
templates/main.cf.j2 Normal file
View file

@ -0,0 +1,56 @@
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/maps/ecco_body_check.map
broken_sasl_auth_clients = yes
compatibility_level = 2
header_checks = regexp:/etc/postfix/maps/whitelist_senders.map regexp:/etc/postfix/maps/ecco_header_check.map regexp:/etc/postfix/maps/ecco_header_check_manual.map regexp:/etc/postfix/maps/spam_filter_header_check
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = {{ mail_server_fqdn }}; localhost; localhost.localdomain
myhostname = {{ mail_server_fqdn }}
mynetworks = 127.0.0.0/8 /etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %}
myorigin = /etc/mailname
policy-spf_time_limit = 3600s
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_recipient_maps =
smtpd_banner = $myhostname ESMTP $mail_name
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = yes
# If this is a backupmx or satellite then smtp_sasl_auth_enable = yes
smtp_sasl_auth_enable = no
#smtp_sasl_password_maps = hash:/etc/postfix/claves_smtp
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_uid_maps = static:5000
# For dbmail
virtual_transport = dbmail-lmtp:127.0.0.1:{{ dbmail_configuration['LMTP']['port'] }}

143
templates/master.cf.j2 Normal file
View file

@ -0,0 +1,143 @@
#
# Postfix master process configuration file.
# ATTENTION! Managed by Ansible
# For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
# SMTP: Port 25
smtp inet n - y - - smtpd
# -o content_filter=filter:
# Submission: Port 587
submission inet n - y - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=filter:
# SMTPS: Port 465
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=filter:
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - y - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
amavis unix y y y - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n y y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
{# filter unix - n n - - pipe
flags=Rq user=filter argv=/etc/postfix/scripts/disclaimer.sh -f ${sender} -- ${recipient} #}
policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf
greypolicy unix - n n - - spawn
user=nobody argv=/usr/bin/perl
/usr/local/libexec/postfix/greylist.pl
# For dbmail
dbmail-lmtp unix - - n - - lmtp

5
templates/mysql-body_checks.cf.j2 Normal file
View file

@ -0,0 +1,5 @@
user = {{ mail_db_user}}
password = {{ mail_db_password }}
dbname = {{ mail_db_name }}
query = SELECT action FROM bannedcontent WHERE regexp='%s'
hosts = 127.0.0.1

5
templates/mysql-virtual_domains.cf.j2 Normal file
View file

@ -0,0 +1,5 @@
user = {{ mail_db_user}}
password = {{ mail_db_password }}
dbname = {{ mail_db_name }}
query = SELECT domain AS virtuald FROM domains WHERE domain='%s'
hosts = 127.0.0.1

5
templates/mysql-virtual_email2email.cf.j2 Normal file
View file

@ -0,0 +1,5 @@
user = {{ mail_db_user}}
password = {{ mail_db_password }}
dbname = {{ mail_db_name }}
query = SELECT email FROM users WHERE email='%s'
hosts = 127.0.0.1

5
templates/mysql-virtual_forwardings.cf.j2 Normal file
View file

@ -0,0 +1,5 @@
user = {{ mail_db_user}}
password = {{ mail_db_password }}
dbname = {{ mail_db_name }}
query = SELECT destination FROM forwardings WHERE source='%s'
hosts = 127.0.0.1

5
templates/mysql-virtual_mailbox_limit_maps.cf.j2 Normal file
View file

@ -0,0 +1,5 @@
user = {{ mail_db_user}}
password = {{ mail_db_password }}
dbname = {{ mail_db_name }}
query = SELECT quota FROM users WHERE email='%s'
hosts = 127.0.0.1

5
templates/mysql-virtual_mailboxes.cf.j2 Normal file
View file

@ -0,0 +1,5 @@
user = {{ mail_db_user}}
password = {{ mail_db_password }}
dbname = {{ mail_db_name }}
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
hosts = 127.0.0.1

5
templates/mysql-virtual_transports.cf.j2 Normal file
View file

@ -0,0 +1,5 @@
user = {{ mail_db_user}}
password = {{ mail_db_password }}
dbname = {{ mail_db_name }}
query = SELECT transport FROM transport WHERE domain='%s'
hosts = 127.0.0.1

2
templates/smtp.j2 Normal file
View file

@ -0,0 +1,2 @@
auth required pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1

11
templates/smtpd.conf.j2 Normal file
View file

@ -0,0 +1,11 @@
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: {{ mail_db_user}}
sql_passwd: {{ mail_db_password }}
sql_database: {{ mail_db_name }}
sql_select: select password from users where email = '%u@%r'
log_level: 9