Remove old files and add system service unit for HTTP

tasks/install.yml

@@ -77,3 +77,20 @@
     name: "{{ dbmail_user }}"
     group: "{{ dbmail_group }}"
     shell: /dev/null
+
+- name: Set properties of service unit
+  set_fact:
+    unit_description: 'DBMail HTTP daemon to manage user mailbox'
+    unit_exec_start: '/usr/local/sbin/dbmail-httpd -D'
+
+- name: Ensure dbmail-httpd service unit is present
+  template:
+    src: templates/service.unit.j2
+    dest: /etc/systemd/system/dbmail-httpd.service
+
+- name: Ensure DBMail HTTP service is enabled
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    enabled: true
+    name: dbmail-httpd

templates/authmysqlrc.j2

@@ -1,17 +0,0 @@
-MYSQL_SERVER localhost
-MYSQL_USERNAME {{ dbmail_db_user }}
-MYSQL_PASSWORD {{ dbmail_db_password }}
-MYSQL_PORT 0
-MYSQL_DATABASE {{ dbmail_db_name }}
-MYSQL_USER_TABLE users
-MYSQL_CRYPT_PWFIELD password
-#MYSQL_CLEAR_PWFIELD password
-MYSQL_UID_FIELD 5000
-MYSQL_GID_FIELD 5000
-MYSQL_LOGIN_FIELD email
-MYSQL_HOME_FIELD "/home/vmail"
-MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
-#MYSQL_NAME_FIELD
-MYSQL_QUOTA_FIELD quota
-MYSQL_OPT 0
-##NAME: MARKER:0 # # Do not remove this section from this configuration file. This section # must be present at the end of this file.

templates/mailpw.j2

@@ -1 +0,0 @@
-{{ masterpassword }}

templates/main.cf.j2

@@ -1,56 +0,0 @@
-alias_database = hash:/etc/aliases
-alias_maps = hash:/etc/aliases
-append_dot_mydomain = no
-biff = no
-body_checks = regexp:/etc/postfix/maps/ecco_body_check.map
-broken_sasl_auth_clients = yes
-compatibility_level = 2
-header_checks = regexp:/etc/postfix/maps/whitelist_senders.map regexp:/etc/postfix/maps/ecco_header_check.map regexp:/etc/postfix/maps/ecco_header_check_manual.map regexp:/etc/postfix/maps/spam_filter_header_check.map
-html_directory = /usr/share/doc/postfix/html
-inet_interfaces = all
-inet_protocols = all
-mailbox_size_limit = 0
-mydestination = {{ mail_server_fqdn }}; localhost; localhost.localdomain
-myhostname = {{ mail_server_fqdn }}
-mynetworks = 127.0.0.0/8 /etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %}
-
-myorigin = /etc/mailname
-policy-spf_time_limit = 3600s
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
-readme_directory = /usr/share/doc/postfix
-recipient_delimiter = +
-relay_recipient_maps =
-smtpd_banner = $myhostname ESMTP $mail_name
-# Block clients that speak too early.
-smtpd_data_restrictions = reject_unauth_pipelining
-# Don't talk to mail systems that don't know their own hostname.
-smtpd_helo_restrictions = reject_unknown_helo_hostname
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-smtpd_sasl_auth_enable = yes
-smtpd_sasl_authenticated_header = yes
-smtpd_tls_cert_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem
-smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
-smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
-smtpd_tls_key_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem
-smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
-smtpd_use_tls = yes
-# If this is a backupmx or satellite then smtp_sasl_auth_enable = yes
-smtp_sasl_auth_enable = no
-#smtp_sasl_password_maps = hash:/etc/postfix/claves_smtp
-smtp_sasl_security_options = noanonymous
-smtp_sasl_type = cyrus
-smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
-smtp_use_tls = yes
-transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
-virtual_alias_domains =
-virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
-virtual_gid_maps = static:5000
-virtual_mailbox_base = /home/vmail
-virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
-virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
-virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
-virtual_uid_maps = static:5000
-
-# For dbmail
-virtual_transport = dbmail-lmtp:127.0.0.1:{{ dbmail_configuration['LMTP']['port'] }}

templates/master.cf.j2

@@ -1,143 +0,0 @@
-#
-# Postfix master process configuration file.
-# ATTENTION! Managed by Ansible
-# For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master").
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type  private unpriv  chroot  wakeup  maxproc command + args
-#               (yes)   (yes)   (no)   (never) (100)
-# ==========================================================================
-# SMTP: Port 25
-smtp      inet  n       -       y       -       -       smtpd
-#  -o content_filter=filter:
-# Submission: Port 587
-submission inet n       -       y       -       -       smtpd
-  -o smtpd_tls_security_level=encrypt
-  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-  -o milter_macro_daemon_name=ORIGINATING
-  -o content_filter=filter:
-# SMTPS: Port 465
-smtps     inet  n       -       y       -       -       smtpd
-  -o smtpd_tls_wrappermode=yes
-  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-  -o milter_macro_daemon_name=ORIGINATING
-  -o content_filter=filter:
-#628       inet  n       -       y       -       -       qmqpd
-pickup    unix  n       -       y       60      1       pickup
-cleanup   unix  n       -       y       -       0       cleanup
-qmgr      unix  n       -       n       300     1       qmgr
-#qmgr     unix  n       -       n       300     1       oqmgr
-tlsmgr    unix  -       -       y       1000?   1       tlsmgr
-rewrite   unix  -       -       y       -       -       trivial-rewrite
-bounce    unix  -       -       y       -       0       bounce
-defer     unix  -       -       y       -       0       bounce
-trace     unix  -       -       y       -       0       bounce
-verify    unix  -       -       y       -       1       verify
-flush     unix  n       -       y       1000?   0       flush
-proxymap  unix  -       -       n       -       -       proxymap
-proxywrite unix -       -       n       -       1       proxymap
-smtp      unix  -       -       y       -       -       smtp
-# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-relay     unix  -       -       y       -       -       smtp
-        -o smtp_fallback_relay=
-#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       y       -       -       showq
-error     unix  -       -       y       -       -       error
-retry     unix  -       -       y       -       -       error
-discard   unix  -       -       y       -       -       discard
-local     unix  -       n       n       -       -       local
-virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       y       -       -       lmtp
-anvil     unix  -       -       y       -       1       anvil
-scache    unix  -       -       y       -       1       scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent.  See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop  unix  -       n       n       -       -       pipe
-  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-#  mailbox_transport = lmtp:inet:localhost
-#  virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus     unix  -       n       n       -       -       pipe
-#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix  -       n       n       -       -       pipe
-#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp      unix  -       n       n       -       -       pipe
-  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail    unix  -       n       n       -       -       pipe
-  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp     unix  -       n       n       -       -       pipe
-  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix  - n n - 2       pipe
-  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman   unix  -       n       n       -       -       pipe
-  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
-  ${nexthop} ${user}
-
-amavis unix y y y - 2 smtp
-        -o smtp_data_done_timeout=1200
-        -o smtp_send_xforward_command=yes
-
-127.0.0.1:10025 inet n y y - - smtpd
-        -o content_filter=
-        -o local_recipient_maps=
-        -o relay_recipient_maps=
-        -o smtpd_restriction_classes=
-        -o smtpd_client_restrictions=
-        -o smtpd_helo_restrictions=
-        -o smtpd_sender_restrictions=
-        -o smtpd_recipient_restrictions=permit_mynetworks,reject
-        -o mynetworks=127.0.0.0/8
-        -o strict_rfc821_envelopes=yes
-        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-{# filter     unix    -       n       n       -       -       pipe
-  flags=Rq user=filter argv=/etc/postfix/scripts/disclaimer.sh -f ${sender} -- ${recipient} #}
-policy-spf  unix  -       n       n       -       -       spawn
-       user=nobody argv=/usr/bin/policyd-spf
-greypolicy unix -   n    n   -  -   spawn
-  user=nobody argv=/usr/bin/perl
-  /usr/local/libexec/postfix/greylist.pl
-
-# For dbmail
-dbmail-lmtp     unix    -       -       n       -       -       lmtp

templates/mysql-body_checks.cf.j2

@@ -1,5 +0,0 @@
-user = {{ mail_db_user}}
-password = {{ mail_db_password }}
-dbname = {{ mail_db_name }}
-query = SELECT action FROM bannedcontent WHERE regexp='%s'
-hosts = 127.0.0.1

templates/mysql-virtual_domains.cf.j2

@@ -1,5 +0,0 @@
-user = {{ mail_db_user}}
-password = {{ mail_db_password }}
-dbname = {{ mail_db_name }}
-query = SELECT domain AS virtuald FROM domains WHERE domain='%s'
-hosts = 127.0.0.1

templates/mysql-virtual_email2email.cf.j2

@@ -1,5 +0,0 @@
-user = {{ mail_db_user}}
-password = {{ mail_db_password }}
-dbname = {{ mail_db_name }}
-query = SELECT email FROM users WHERE email='%s'
-hosts = 127.0.0.1

templates/mysql-virtual_forwardings.cf.j2

@@ -1,5 +0,0 @@
-user = {{ mail_db_user}}
-password = {{ mail_db_password }}
-dbname = {{ mail_db_name }}
-query = SELECT destination FROM forwardings WHERE source='%s'
-hosts = 127.0.0.1

templates/mysql-virtual_mailbox_limit_maps.cf.j2

@@ -1,5 +0,0 @@
-user = {{ mail_db_user}}
-password = {{ mail_db_password }}
-dbname = {{ mail_db_name }}
-query = SELECT quota FROM users WHERE email='%s'
-hosts = 127.0.0.1

templates/mysql-virtual_mailboxes.cf.j2

@@ -1,5 +0,0 @@
-user = {{ mail_db_user}}
-password = {{ mail_db_password }}
-dbname = {{ mail_db_name }}
-query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
-hosts = 127.0.0.1

templates/mysql-virtual_transports.cf.j2

@@ -1,5 +0,0 @@
-user = {{ mail_db_user}}
-password = {{ mail_db_password }}
-dbname = {{ mail_db_name }}
-query = SELECT transport FROM transport WHERE domain='%s'
-hosts = 127.0.0.1

templates/service.unit.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description={{ unit_description }}
+After=network.target network-online.target mysqld.service postgresql.service
+
+[Service]
+Type=notify
+ExecStartPre=-mkdir -p @runstatedir@/dbmail
+ExecStartPre=-chown dbmail:dbmail @runstatedir@/dbmail
+ExecStart={{ unit_exec_start }}
+Restart=always
+RestartSec=3s
+TimeoutStartSec = infinity
+
+[Install]
+WantedBy=multi-user.target

templates/smtp.j2

@@ -1,2 +0,0 @@
-auth    required   pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1
-account sufficient pam_mysql.so user={{ mail_db_user}} passwd={{ mail_db_password }} host=127.0.0.1 db={{ mail_db_name }} table=users usercolumn=email passwdcolumn=password crypt=1

templates/smtpd.conf.j2

@@ -1,11 +0,0 @@
-pwcheck_method: saslauthd
-mech_list: plain login
-allow_plaintext: true
-auxprop_plugin: sql
-sql_engine: mysql
-sql_hostnames: 127.0.0.1
-sql_user: {{ mail_db_user}}
-sql_passwd: {{ mail_db_password }}
-sql_database: {{ mail_db_name }}
-sql_select: select password from users where email = '%u@%r'
-log_level: 9