Remove old files and add system service unit for HTTP

2023-01-30 17:51:09 +02:00 · 2023-01-30 17:51:09 +02:00 · edaa30868d
commit edaa30868d
parent 8e068484b6
15 changed files with 32 additions and 265 deletions
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -77,3 +77,20 @@
    name: "{{ dbmail_user }}"
    group: "{{ dbmail_group }}"
    shell: /dev/null
 - name: Set properties of service unit
  set_fact:
    unit_description: 'DBMail HTTP daemon to manage user mailbox'
    unit_exec_start: '/usr/local/sbin/dbmail-httpd -D'
 - name: Ensure dbmail-httpd service unit is present
  template:
    src: templates/service.unit.j2
    dest: /etc/systemd/system/dbmail-httpd.service
 - name: Ensure DBMail HTTP service is enabled
  ansible.builtin.systemd:
    state: restarted
    daemon_reload: true
    enabled: true
    name: dbmail-httpd
--- a/templates/authmysqlrc.j2
+++ b/templates/authmysqlrc.j2
@ -1,17 +0,0 @@
 MYSQL_SERVER localhost
 MYSQL_USERNAME {{ dbmail_db_user }}
 MYSQL_PASSWORD {{ dbmail_db_password }}
 MYSQL_PORT 0
 MYSQL_DATABASE {{ dbmail_db_name }}
 MYSQL_USER_TABLE users
 MYSQL_CRYPT_PWFIELD password
 #MYSQL_CLEAR_PWFIELD password
 MYSQL_UID_FIELD 5000
 MYSQL_GID_FIELD 5000
 MYSQL_LOGIN_FIELD email
 MYSQL_HOME_FIELD "/home/vmail"
 MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
 #MYSQL_NAME_FIELD
 MYSQL_QUOTA_FIELD quota
 MYSQL_OPT 0
 ##NAME: MARKER:0 # # Do not remove this section from this configuration file. This section # must be present at the end of this file.
--- a/templates/mailpw.j2
+++ b/templates/mailpw.j2
@ -1 +0,0 @@
 {{ masterpassword }}
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@ -1,56 +0,0 @@
 alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases
 append_dot_mydomain = no
 biff = no
 body_checks = regexp:/etc/postfix/maps/ecco_body_check.map
 broken_sasl_auth_clients = yes
 compatibility_level = 2
 header_checks = regexp:/etc/postfix/maps/whitelist_senders.map regexp:/etc/postfix/maps/ecco_header_check.map regexp:/etc/postfix/maps/ecco_header_check_manual.map regexp:/etc/postfix/maps/spam_filter_header_check.map
 html_directory = /usr/share/doc/postfix/html
 inet_interfaces = all
 inet_protocols = all
 mailbox_size_limit = 0
 mydestination = {{ mail_server_fqdn }}; localhost; localhost.localdomain
 myhostname = {{ mail_server_fqdn }}
 mynetworks = 127.0.0.0/8 /etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %}
 myorigin = /etc/mailname
 policy-spf_time_limit = 3600s
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
 readme_directory = /usr/share/doc/postfix
 recipient_delimiter = +
 relay_recipient_maps =
 smtpd_banner = $myhostname ESMTP $mail_name
 # Block clients that speak too early.
 smtpd_data_restrictions = reject_unauth_pipelining
 # Don't talk to mail systems that don't know their own hostname.
 smtpd_helo_restrictions = reject_unknown_helo_hostname
 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_tls_cert_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem
 smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
 smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
 smtpd_tls_key_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem
 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
 smtpd_use_tls = yes
 # If this is a backupmx or satellite then smtp_sasl_auth_enable = yes
 smtp_sasl_auth_enable = no
 #smtp_sasl_password_maps = hash:/etc/postfix/claves_smtp
 smtp_sasl_security_options = noanonymous
 smtp_sasl_type = cyrus
 smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
 smtp_use_tls = yes
 transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
 virtual_alias_domains =
 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
 virtual_gid_maps = static:5000
 virtual_mailbox_base = /home/vmail
 virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
 virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
 virtual_uid_maps = static:5000
 # For dbmail
 virtual_transport = dbmail-lmtp:127.0.0.1:{{ dbmail_configuration['LMTP']['port'] }}
--- a/templates/master.cf.j2
+++ b/templates/master.cf.j2
@ -1,143 +0,0 @@
 #
 # Postfix master process configuration file.
 # ATTENTION! Managed by Ansible
 # For details on the format
 # of the file, see the master(5) manual page (command: "man 5 master").
 #
 # Do not forget to execute "postfix reload" after editing this file.
 #
 # ==========================================================================
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)   (never) (100)
 # ==========================================================================
 # SMTP: Port 25
 smtp      inet  n       -       y       -       -       smtpd
 #  -o content_filter=filter:
 # Submission: Port 587
 submission inet n       -       y       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o content_filter=filter:
 # SMTPS: Port 465
 smtps     inet  n       -       y       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o content_filter=filter:
 #628       inet  n       -       y       -       -       qmqpd
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
 #qmgr     unix  n       -       n       300     1       oqmgr
 tlsmgr    unix  -       -       y       1000?   1       tlsmgr
 rewrite   unix  -       -       y       -       -       trivial-rewrite
 bounce    unix  -       -       y       -       0       bounce
 defer     unix  -       -       y       -       0       bounce
 trace     unix  -       -       y       -       0       bounce
 verify    unix  -       -       y       -       1       verify
 flush     unix  n       -       y       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       y       -       -       smtp
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
 relay     unix  -       -       y       -       -       smtp
        -o smtp_fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
 showq     unix  n       -       y       -       -       showq
 error     unix  -       -       y       -       -       error
 retry     unix  -       -       y       -       -       error
 discard   unix  -       -       y       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       y       -       -       lmtp
 anvil     unix  -       -       y       -       1       anvil
 scache    unix  -       -       y       -       1       scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
 # pages of the non-Postfix software to find out what options it wants.
 #
 # Many of the following services use the Postfix pipe(8) delivery
 # agent.  See the pipe(8) man page for information about ${recipient}
 # and other message envelope options.
 # ====================================================================
 #
 # maildrop. See the Postfix MAILDROP_README file for details.
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
 #
 maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
 #
 # ====================================================================
 #
 # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
 #
 # Specify in cyrus.conf:
 #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
 #
 # Specify in main.cf one or more of the following:
 #  mailbox_transport = lmtp:inet:localhost
 #  virtual_transport = lmtp:inet:localhost
 #
 # ====================================================================
 #
 # Cyrus 2.1.5 (Amos Gouaux)
 # Also specify in main.cf: cyrus_destination_recipient_limit=1
 #
 #cyrus     unix  -       n       n       -       -       pipe
 #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
 #
 # ====================================================================
 # Old example of delivery via Cyrus.
 #
 #old-cyrus unix  -       n       n       -       -       pipe
 #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
 #
 # ====================================================================
 #
 # See the Postfix UUCP_README file for configuration details.
 #
 uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 #
 # Other external delivery methods.
 #
 ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
 bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
 scalemail-backend unix  - n n - 2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
 mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
 amavis unix y y y - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
 127.0.0.1:10025 inet n y y - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
 {# filter     unix    -       n       n       -       -       pipe
  flags=Rq user=filter argv=/etc/postfix/scripts/disclaimer.sh -f ${sender} -- ${recipient} #}
 policy-spf  unix  -       n       n       -       -       spawn
       user=nobody argv=/usr/bin/policyd-spf
 greypolicy unix -   n    n   -  -   spawn
  user=nobody argv=/usr/bin/perl
  /usr/local/libexec/postfix/greylist.pl
 # For dbmail
 dbmail-lmtp     unix    -       -       n       -       -       lmtp
--- a/templates/mysql-body_checks.cf.j2
+++ b/templates/mysql-body_checks.cf.j2
@ -1,5 +0,0 @@
 user = {{ mail_db_user}}
 password = {{ mail_db_password }}
 dbname = {{ mail_db_name }}
 query = SELECT action FROM bannedcontent WHERE regexp='%s'
 hosts = 127.0.0.1
--- a/templates/mysql-virtual_domains.cf.j2
+++ b/templates/mysql-virtual_domains.cf.j2
@ -1,5 +0,0 @@
 user = {{ mail_db_user}}
 password = {{ mail_db_password }}
 dbname = {{ mail_db_name }}
 query = SELECT domain AS virtuald FROM domains WHERE domain='%s'
 hosts = 127.0.0.1
--- a/templates/mysql-virtual_email2email.cf.j2
+++ b/templates/mysql-virtual_email2email.cf.j2
@ -1,5 +0,0 @@
 user = {{ mail_db_user}}
 password = {{ mail_db_password }}
 dbname = {{ mail_db_name }}
 query = SELECT email FROM users WHERE email='%s'
 hosts = 127.0.0.1
--- a/templates/mysql-virtual_forwardings.cf.j2
+++ b/templates/mysql-virtual_forwardings.cf.j2
@ -1,5 +0,0 @@
 user = {{ mail_db_user}}
 password = {{ mail_db_password }}
 dbname = {{ mail_db_name }}
 query = SELECT destination FROM forwardings WHERE source='%s'
 hosts = 127.0.0.1
--- a/templates/mysql-virtual_mailbox_limit_maps.cf.j2
+++ b/templates/mysql-virtual_mailbox_limit_maps.cf.j2
@ -1,5 +0,0 @@
 user = {{ mail_db_user}}
 password = {{ mail_db_password }}
 dbname = {{ mail_db_name }}
 query = SELECT quota FROM users WHERE email='%s'
 hosts = 127.0.0.1
--- a/templates/mysql-virtual_mailboxes.cf.j2
+++ b/templates/mysql-virtual_mailboxes.cf.j2
@ -1,5 +0,0 @@
 user = {{ mail_db_user}}
 password = {{ mail_db_password }}
 dbname = {{ mail_db_name }}
 query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
 hosts = 127.0.0.1
--- a/templates/mysql-virtual_transports.cf.j2
+++ b/templates/mysql-virtual_transports.cf.j2
@ -1,5 +0,0 @@
 user = {{ mail_db_user}}
 password = {{ mail_db_password }}
 dbname = {{ mail_db_name }}
 query = SELECT transport FROM transport WHERE domain='%s'
 hosts = 127.0.0.1
--- a/templates/service.unit.j2
+++ b/templates/service.unit.j2
@ -0,0 +1,15 @@
 [Unit]
 Description={{ unit_description }}
 After=network.target network-online.target mysqld.service postgresql.service
 [Service]
 Type=notify
 ExecStartPre=-mkdir -p @runstatedir@/dbmail
 ExecStartPre=-chown dbmail:dbmail @runstatedir@/dbmail
 ExecStart={{ unit_exec_start }}
 Restart=always
 RestartSec=3s
 TimeoutStartSec = infinity
 [Install]
 WantedBy=multi-user.target
--- a/templates/smtp.j2
+++ b/templates/smtp.j2
@ -1,2 +0,0 @@
 auth    required   pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1
 account sufficient pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1
--- a/templates/smtpd.conf.j2
+++ b/templates/smtpd.conf.j2
@ -1,11 +0,0 @@
 pwcheck_method: saslauthd
 mech_list: plain login
 allow_plaintext: true
 auxprop_plugin: sql
 sql_engine: mysql
 sql_hostnames: 127.0.0.1
 sql_user: {{ mail_db_user}}
 sql_passwd: {{ mail_db_password }}
 sql_database: {{ mail_db_name }}
 sql_select: select password from users where email = '%u@%r'
 log_level: 9
		`@ -1,2 +0,0 @@`
			`auth required pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1`
			`account sufficient pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1`