diff --git a/tasks/install.yml b/tasks/install.yml index f23d96b..c106a0b 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -77,3 +77,20 @@ name: "{{ dbmail_user }}" group: "{{ dbmail_group }}" shell: /dev/null + +- name: Set properties of service unit + set_fact: + unit_description: 'DBMail HTTP daemon to manage user mailbox' + unit_exec_start: '/usr/local/sbin/dbmail-httpd -D' + +- name: Ensure dbmail-httpd service unit is present + template: + src: templates/service.unit.j2 + dest: /etc/systemd/system/dbmail-httpd.service + +- name: Ensure DBMail HTTP service is enabled + ansible.builtin.systemd: + state: restarted + daemon_reload: true + enabled: true + name: dbmail-httpd diff --git a/templates/authmysqlrc.j2 b/templates/authmysqlrc.j2 deleted file mode 100644 index 50fd829..0000000 --- a/templates/authmysqlrc.j2 +++ /dev/null @@ -1,17 +0,0 @@ -MYSQL_SERVER localhost -MYSQL_USERNAME {{ dbmail_db_user }} -MYSQL_PASSWORD {{ dbmail_db_password }} -MYSQL_PORT 0 -MYSQL_DATABASE {{ dbmail_db_name }} -MYSQL_USER_TABLE users -MYSQL_CRYPT_PWFIELD password -#MYSQL_CLEAR_PWFIELD password -MYSQL_UID_FIELD 5000 -MYSQL_GID_FIELD 5000 -MYSQL_LOGIN_FIELD email -MYSQL_HOME_FIELD "/home/vmail" -MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') -#MYSQL_NAME_FIELD -MYSQL_QUOTA_FIELD quota -MYSQL_OPT 0 -##NAME: MARKER:0 # # Do not remove this section from this configuration file. This section # must be present at the end of this file. diff --git a/templates/mailpw.j2 b/templates/mailpw.j2 deleted file mode 100644 index 847002a..0000000 --- a/templates/mailpw.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ masterpassword }} diff --git a/templates/main.cf.j2 b/templates/main.cf.j2 deleted file mode 100644 index de0488a..0000000 --- a/templates/main.cf.j2 +++ /dev/null @@ -1,56 +0,0 @@ -alias_database = hash:/etc/aliases -alias_maps = hash:/etc/aliases -append_dot_mydomain = no -biff = no -body_checks = regexp:/etc/postfix/maps/ecco_body_check.map -broken_sasl_auth_clients = yes -compatibility_level = 2 -header_checks = regexp:/etc/postfix/maps/whitelist_senders.map regexp:/etc/postfix/maps/ecco_header_check.map regexp:/etc/postfix/maps/ecco_header_check_manual.map regexp:/etc/postfix/maps/spam_filter_header_check.map -html_directory = /usr/share/doc/postfix/html -inet_interfaces = all -inet_protocols = all -mailbox_size_limit = 0 -mydestination = {{ mail_server_fqdn }}; localhost; localhost.localdomain -myhostname = {{ mail_server_fqdn }} -mynetworks = 127.0.0.0/8 /etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %} - -myorigin = /etc/mailname -policy-spf_time_limit = 3600s -proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps -readme_directory = /usr/share/doc/postfix -recipient_delimiter = + -relay_recipient_maps = -smtpd_banner = $myhostname ESMTP $mail_name -# Block clients that speak too early. -smtpd_data_restrictions = reject_unauth_pipelining -# Don't talk to mail systems that don't know their own hostname. -smtpd_helo_restrictions = reject_unknown_helo_hostname -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -smtpd_sasl_auth_enable = yes -smtpd_sasl_authenticated_header = yes -smtpd_tls_cert_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem -smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem -smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA -smtpd_tls_key_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem -smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache -smtpd_use_tls = yes -# If this is a backupmx or satellite then smtp_sasl_auth_enable = yes -smtp_sasl_auth_enable = no -#smtp_sasl_password_maps = hash:/etc/postfix/claves_smtp -smtp_sasl_security_options = noanonymous -smtp_sasl_type = cyrus -smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache -smtp_use_tls = yes -transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf -virtual_alias_domains = -virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf -virtual_gid_maps = static:5000 -virtual_mailbox_base = /home/vmail -virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf -virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf -virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf -virtual_uid_maps = static:5000 - -# For dbmail -virtual_transport = dbmail-lmtp:127.0.0.1:{{ dbmail_configuration['LMTP']['port'] }} diff --git a/templates/master.cf.j2 b/templates/master.cf.j2 deleted file mode 100644 index f25483f..0000000 --- a/templates/master.cf.j2 +++ /dev/null @@ -1,143 +0,0 @@ -# -# Postfix master process configuration file. -# ATTENTION! Managed by Ansible -# For details on the format -# of the file, see the master(5) manual page (command: "man 5 master"). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (no) (never) (100) -# ========================================================================== -# SMTP: Port 25 -smtp inet n - y - - smtpd -# -o content_filter=filter: -# Submission: Port 587 -submission inet n - y - - smtpd - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING - -o content_filter=filter: -# SMTPS: Port 465 -smtps inet n - y - - smtpd - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING - -o content_filter=filter: -#628 inet n - y - - qmqpd -pickup unix n - y 60 1 pickup -cleanup unix n - y - 0 cleanup -qmgr unix n - n 300 1 qmgr -#qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - y 1000? 1 tlsmgr -rewrite unix - - y - - trivial-rewrite -bounce unix - - y - 0 bounce -defer unix - - y - 0 bounce -trace unix - - y - 0 bounce -verify unix - - y - 1 verify -flush unix n - y 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp -# When relaying mail as backup MX, disable fallback_relay to avoid MX loops -relay unix - - y - - smtp - -o smtp_fallback_relay= -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - y - - showq -error unix - - y - - error -retry unix - - y - - error -discard unix - - y - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - y - - lmtp -anvil unix - - y - 1 anvil -scache unix - - y - 1 scache -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# Recent Cyrus versions can use the existing "lmtp" master.cf entry. -# -# Specify in cyrus.conf: -# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 -# -# Specify in main.cf one or more of the following: -# mailbox_transport = lmtp:inet:localhost -# virtual_transport = lmtp:inet:localhost -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# Old example of delivery via Cyrus. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# Other external delivery methods. -# -ifmail unix - n n - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe - flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} -mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py - ${nexthop} ${user} - -amavis unix y y y - 2 smtp - -o smtp_data_done_timeout=1200 - -o smtp_send_xforward_command=yes - -127.0.0.1:10025 inet n y y - - smtpd - -o content_filter= - -o local_recipient_maps= - -o relay_recipient_maps= - -o smtpd_restriction_classes= - -o smtpd_client_restrictions= - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o mynetworks=127.0.0.0/8 - -o strict_rfc821_envelopes=yes - -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -{# filter unix - n n - - pipe - flags=Rq user=filter argv=/etc/postfix/scripts/disclaimer.sh -f ${sender} -- ${recipient} #} -policy-spf unix - n n - - spawn - user=nobody argv=/usr/bin/policyd-spf -greypolicy unix - n n - - spawn - user=nobody argv=/usr/bin/perl - /usr/local/libexec/postfix/greylist.pl - -# For dbmail -dbmail-lmtp unix - - n - - lmtp \ No newline at end of file diff --git a/templates/mysql-body_checks.cf.j2 b/templates/mysql-body_checks.cf.j2 deleted file mode 100644 index 2e22d82..0000000 --- a/templates/mysql-body_checks.cf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -user = {{ mail_db_user}} -password = {{ mail_db_password }} -dbname = {{ mail_db_name }} -query = SELECT action FROM bannedcontent WHERE regexp='%s' -hosts = 127.0.0.1 diff --git a/templates/mysql-virtual_domains.cf.j2 b/templates/mysql-virtual_domains.cf.j2 deleted file mode 100644 index 3b2f4c4..0000000 --- a/templates/mysql-virtual_domains.cf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -user = {{ mail_db_user}} -password = {{ mail_db_password }} -dbname = {{ mail_db_name }} -query = SELECT domain AS virtuald FROM domains WHERE domain='%s' -hosts = 127.0.0.1 diff --git a/templates/mysql-virtual_email2email.cf.j2 b/templates/mysql-virtual_email2email.cf.j2 deleted file mode 100644 index 08efe82..0000000 --- a/templates/mysql-virtual_email2email.cf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -user = {{ mail_db_user}} -password = {{ mail_db_password }} -dbname = {{ mail_db_name }} -query = SELECT email FROM users WHERE email='%s' -hosts = 127.0.0.1 diff --git a/templates/mysql-virtual_forwardings.cf.j2 b/templates/mysql-virtual_forwardings.cf.j2 deleted file mode 100644 index db61e71..0000000 --- a/templates/mysql-virtual_forwardings.cf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -user = {{ mail_db_user}} -password = {{ mail_db_password }} -dbname = {{ mail_db_name }} -query = SELECT destination FROM forwardings WHERE source='%s' -hosts = 127.0.0.1 diff --git a/templates/mysql-virtual_mailbox_limit_maps.cf.j2 b/templates/mysql-virtual_mailbox_limit_maps.cf.j2 deleted file mode 100644 index ea6a6af..0000000 --- a/templates/mysql-virtual_mailbox_limit_maps.cf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -user = {{ mail_db_user}} -password = {{ mail_db_password }} -dbname = {{ mail_db_name }} -query = SELECT quota FROM users WHERE email='%s' -hosts = 127.0.0.1 diff --git a/templates/mysql-virtual_mailboxes.cf.j2 b/templates/mysql-virtual_mailboxes.cf.j2 deleted file mode 100644 index db327a2..0000000 --- a/templates/mysql-virtual_mailboxes.cf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -user = {{ mail_db_user}} -password = {{ mail_db_password }} -dbname = {{ mail_db_name }} -query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s' -hosts = 127.0.0.1 diff --git a/templates/mysql-virtual_transports.cf.j2 b/templates/mysql-virtual_transports.cf.j2 deleted file mode 100644 index 8a6d00e..0000000 --- a/templates/mysql-virtual_transports.cf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -user = {{ mail_db_user}} -password = {{ mail_db_password }} -dbname = {{ mail_db_name }} -query = SELECT transport FROM transport WHERE domain='%s' -hosts = 127.0.0.1 diff --git a/templates/service.unit.j2 b/templates/service.unit.j2 new file mode 100644 index 0000000..5e35ac1 --- /dev/null +++ b/templates/service.unit.j2 @@ -0,0 +1,15 @@ +[Unit] +Description={{ unit_description }} +After=network.target network-online.target mysqld.service postgresql.service + +[Service] +Type=notify +ExecStartPre=-mkdir -p @runstatedir@/dbmail +ExecStartPre=-chown dbmail:dbmail @runstatedir@/dbmail +ExecStart={{ unit_exec_start }} +Restart=always +RestartSec=3s +TimeoutStartSec = infinity + +[Install] +WantedBy=multi-user.target diff --git a/templates/smtp.j2 b/templates/smtp.j2 deleted file mode 100644 index 9f3cd6b..0000000 --- a/templates/smtp.j2 +++ /dev/null @@ -1,2 +0,0 @@ -auth required pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1 -account sufficient pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1 diff --git a/templates/smtpd.conf.j2 b/templates/smtpd.conf.j2 deleted file mode 100644 index 477a240..0000000 --- a/templates/smtpd.conf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -pwcheck_method: saslauthd -mech_list: plain login -allow_plaintext: true -auxprop_plugin: sql -sql_engine: mysql -sql_hostnames: 127.0.0.1 -sql_user: {{ mail_db_user}} -sql_passwd: {{ mail_db_password }} -sql_database: {{ mail_db_name }} -sql_select: select password from users where email = '%u@%r' -log_level: 9