Add dovecot part of this role

host_vars/mail01.l3d.space/vars.yml

@@ -22,6 +22,11 @@ accounts:
 # mail domains
 additional_dns_maildomains: 'mail.l3d.space imap.l3d.space smtp.l3d.space'
 
+# mail mysql access
+mailserver__mysql_password: "{{ _mailserver__mysql_password }}"
+mailserver__mysql_user: "{{ _mailserver__mysql_user }}"
+mailserver__ssl_cert: "{{ _mailserver__ssl_cert }}"
+mailserver__ssl_key: "{{ _mailserver__ssl_key }}"
 
 nginx_sites:
   - name: 'mail.l3d.space'
@@ -42,6 +47,7 @@ firewall_allowed_tcp_ports:
 # mysql
 mysql_bind_address: "{{ _mysql_bind_address }}"
 mysql_root_password: "{{ _mysql_root_password }}"
+mailserver__mysql_database: "{{ _mailserver__mysql_database }}"
 
 # mailserver
 mailserver_domain: "{{ inventory_hostname }}"

host_vars/mail01.l3d.space/vault.yml

@@ -1,62 +1,78 @@
 $ANSIBLE_VAULT;1.1;AES256
-31623234383732623436363661306139383333633634323633303135663231346266356233336365
-3034316632303630386635363866663135383838633363360a356139363732383533623935393838
-66643662333733333165393835636533616565633263363264636466323431353933653933353033
-3164626132653961390a656663646632343830303563313538623734643338326432666635623031
-65383963346237376363313366356366343633666165396463623435366135356261346339613433
-38313161373431653838356337653434666532636237333066386435376438633535353932626638
-30616335633237393066396638653064616232363135653361376261346365306135623933633635
-64313531383533346163383138613335663430366132373538643935346436656230376639346662
-30373232653465646161396566656539333336616331356238613230383662313264366533346431
-63323039366533663832666466646533313735373931626163313036363431363564633732303963
-62663236653933366637383964343836616162393432386139363866313565376563663738396663
-65303536373039373339326635653661646565376130613530653136643636306334363135313832
-64613038336139323862653739363966643462386335613764646163353964666232623033646135
-30333562303231626663383639333236633365336436333933386337306335363765646633306333
-30656135346663353234366262383237303134613163383936386330383738363561613531343963
-30353830333139636231336239396239366633623835373735393434376161393035346462386235
-62663132626366323365346662386430343262646561366338303633353130353034363036623333
-32363831333833363835633962366563653165643138663932383264363038343763623533333364
-36616438373836666161613836663334666663303666643734323834666539336562386566346632
-33363264376561623235373430366133303330623364353034656338656334633666643936383065
-63373137626334326638333866333934343237303833366437373033363262653439323166646531
-33383262393438646239653162313530386265663633343839326466326130666538643364383133
-35356162373034313830383833336666313331633630336633633633356534663637656466376231
-30316535643235626132356262613134636438363962303030396239376464383230323362313331
-36336662633431633330313838336534306265326662316333373136386432323664663765316564
-35366365376538346163373363376530303766333764353430343165366534623361626634613630
-36326232386530393339323836386639396537383334333032626231616534663934653766303332
-61616565326630336539393636373663393864366432623633353237373465643039373130323739
-64656665646630393139303132363361306134613164323835303538333264336666303762316334
-31316530633663323361316232393765653931653239316139626631656431303731323465376237
-36333165326632623831386538326266633432383938636131653866323166326434303939616433
-35323733376533656634363631323639313439663465373939346533656231303231356232346465
-62376238343632333932636630656462353439383166353734613863333435303735616361393636
-30316536613130376661353761393738633364653332396162366563636335613537353465386630
-63303966343736643639636466373137326132343763393733383536346461343462313831383134
-39323838336434326437373838346132336637663162663838376133313735386235666164303736
-61323938646161393336323936326436633863316430643065376331323863353961643361316666
-62333331316563313263663436626661373738383037653438316566323963353330356466313934
-36363537376237363630353433613035373064343966376265316630653561616437396430616338
-35653539346638616464303735653665313361373262663032653065343138353561666335313335
-61373230336231376530613765316661666664636233333631373630333435356636313861393334
-66383665663538333661386564353834666135356637353238663165303461323865633762353437
-61363237646366323638626331643430326364313639383166343633633631626264323035353133
-35373262663634323630613834323665656261326435313137323262373431336439643033363931
-38663963393637383737366338303635316662333465303462396139333138383935303237326161
-39363734336662333932363766396132303566326466653361316135386235343865353639373736
-31366632343366326666633161323835346433313265643861343963613862646265346439313733
-37646566653635656163653334386631643562613435653335326562333364663035323434343232
-61313138326561373565356233663465393162336638353161613264303863353162366533383664
-62643330373965623564616130313736326266653762336431303733303030383831623732306265
-30363133346535343339373639383962303936393166653136316462306662376464313737313634
-35656332643632306536333636393864326431616136623138663464363730383462666166373163
-62366362666238316439373165643133666136343931356166323665336334343132333236633133
-61396166323931366338656637356438393335663131333364363665366638663338383162626164
-64323565616435366533303330393133613239396434346438356432663065306263643061633662
-31363630626231653431616662333363346433303436373964333536336430373634356363353534
-35393565343032636163386231323831646562633338303630636333383638633234363961363262
-38393162653764346264366333366236316331343730336366656537356434646234646237643433
-62313461306334383633666633666435346561633630613361326463356435623134653738303734
-38643666333037303539623165663032306435383462323035303338663337356562393834323339
-3431
+39613263323435313431386261663865613332323661306238313937616639316530313366653531
+3738306137626637663363316234336430623533333835650a303365643437313162396534613031
+64343031616336643965333366343730363938396164333361633765656366376139613033306366
+3330343766663761390a303265383937626432656439613863363534376563643535666366663866
+63623930393832343939333163336431653637613238396532626433376535376235376337636230
+64643937613735313830393337313637613933653463323435353836303164373738373266643038
+35663565336261363537396538396434373932383136643531373164666139303066653038623331
+64623066663363323761663539323732383735373065336464356137656337623731653335373430
+30643430626463616439613939383731313164366162333331306231633934666635613666626161
+30636439366532356536626632626563626264376666333737333330646339353633356132666530
+39343761623236376531333235396564313765373230613133336263666165663437613966653465
+31376364363562336132613632633062623732646366393134346235393763366565323062356635
+35623232633032623837633164666664343564616465373161663462306333636232336139396666
+66393838316236646630623465373664383364386430613661613837613738666463383233656535
+66366266663463343835396536393331373431636431366661386231333663323138316335363134
+35663034353761636139623964363061326637643937383838626364646235333565306161343631
+37373162626638336339633163623835333631623239376231626439326232373264623435383266
+63393734666166323230326137323834386262303263646335636230366436366437663134383639
+37393262343665616136386361353737333332643131366266326233343564373064366138666264
+34326666336439323366343933386131336262326662303261663830633732393062663064323730
+64346635653264623161636561656537373063393764636236646265343961653430313161333037
+30346431373732646530396537363436633835363938343038356633623331386638343964643665
+39663565356334376234313766646532643763653365356136303164336465373636323431313439
+31326535656635323335373362613037353332616539333932326633396461306239653865663239
+61303131623939333233386635333564386434313532613464383630336263646135613365363765
+37373962363538613831646362663636333931646664656366303430613465626566336336303364
+62336561636131633463333537393062383663376332643938336136303932633366666166333135
+33306663316233666462336664306233303031636665313062333032353836393766366264363638
+62656238616439353730616163366364653739323034353935376332343831633461636236666236
+65376639383232636536613336626637653831383137386631656366303065366330383634353031
+65373736373636363532306134376539376564376462343737363866303930303064393036343566
+61616331396533653138306536336239356462376366613932363336333765333762383337313531
+62333238363130376232346534623939373136663435616530323762633438343666303639386236
+37656665346130666634383364383766303739373063333262663861383862646535303336313633
+39626336313831616139626638363464383262613766363633623134363232353464653231333733
+34336463343538613866303231326637383665313064313134336639353032653663353637366539
+36326439653738353635373230666463353534393134636162633738643630336432366332643065
+36366230623837343533356635353439633836343336346430616466376138653663363234306637
+61373332386430336365613766303265393564363730663833376664663936663138336639323566
+65353839363037313432623831303165303932356533313631396139626664633738343132636430
+36623365386363336531386663303039633666666562653463356364633064303663353339363864
+62646134313034326434666562353462323062356137343337353038326132633730313832373663
+63396437663366336531633737333435623533356430396633343663386234386562336636366563
+34323365383832313330663263316335343930323537386535613265643939306662306533363638
+37303661333439353464363962333133353631663663323864313961313035653566376132643965
+35303562323765656465646634323133366136316461376335303036356339373761616537336161
+33393035326264346339653130613133396432303166303066383563623832366637366663353732
+64613231323636353937346430653561373763643539643033613365313863366635633362616634
+62383532663566663264393738353037613239343730633764323034343733353838323366636662
+61623133376231653338353432363666643363333362343530393136333338313065646663336530
+66613934343866663461303135626635373738393639646430363262363131656361393262356262
+37666164643434353636613163646434333834386433356262656164366639643030356363363239
+33343066356437653437353061303263303232343237323363666462326661306338633838373832
+30386632363730646465343066313965643732623663303464656632303832636363666230656361
+33653835623864393063306561316334623237373834643138663035393837326362303535663435
+39326636356130656364313337653833653563663139613834666533633134356263623133643162
+66646332636266333065343037653435623361333838386362363364336164633161373230303135
+33383032363939386335373963653034303266653865653137363039303961336233376630386435
+36333061353837653737356365373166623236373635323035366238653765336532343463623163
+62323766343637383032313438633731356530613035346239343938333431386439633739376537
+35313832383739303666356335613665653438363562643835343836383661313333366531316239
+66653331353034343266306462633765303631376339633935396236356465343461663931323634
+36626632656662383261303666616630393935636132616466663031373765633635336565666338
+64363065333632373966356366383966363032356665336565373934656534623161356237363966
+39393866616366323564653033343362613437303136393931653864363532653339623263376161
+33643538376565366162613731396335663031653138663632623538633132323331636639333462
+31333664343639346638663466623461633165303661623164363837636139653764643664613634
+61646336646364343035613561393639663062323761366665356463346665363138343531373935
+31306536363631326431643939653563656432643130326166633134666565303637663666623237
+63653930633534353562653832353533303461613564656331623731383430363566346564646333
+66393038373330306134656465363862653964346366366161356163383764623139663036646266
+63626332313264613430653330313138626330383633396163353936663964633633393130336138
+65303865646665356330376637343636656662353835373538373135356263386339666362616565
+39353262346462363434646535353062613739383530303132633834636162643237306663353032
+62613965656563343936353630393137626230663733626532646565653639346639366261323161
+66656333376531613462353865346161366138363763376138343866656564636562336130616130
+36393564653432353662636264363837323765316334643739656461616463613161

roles/mailserver_dovecot/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+
+# perform basic versionscheck (true is recomended)
+submodules_versioncheck: false
+
+mailserver__user: 'vmail'
+mailserver__group: 'vmail'
+mailserver__home: '/var/vmail'
+
+
+mailserver__ssl_cert: '/etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem'
+mailserver__ssl_key: '/etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem'
+
+mailserver__mysql_user: 'vmail'
+mailserver__mysql_database: 'vmail'
+mailserver__mysql_password: 'StrongPa$$w0rt'
+
+mailserver__postmaster_address: "postmaster@{{ ansible_fqdn }}"

roles/mailserver_dovecot/files/learn-ham.sieve

@@ -0,0 +1,11 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+
+if environment :matches "imap.mailbox" "*" {
+    set "mailbox" "${1}";
+}
+
+if string "${mailbox}" "Trash" {
+    stop;
+}
+
+pipe :copy "rspamc" ["learn_ham"];

roles/mailserver_dovecot/files/learn-spam.sieve

@@ -0,0 +1,2 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+pipe :copy "rspamc" ["learn_spam"];

roles/mailserver_dovecot/files/spam-global.sieve

@@ -0,0 +1,9 @@
+require "fileinto";
+
+if header :contains "X-Spam-Flag" "YES" {
+    fileinto "Spam";
+}
+
+if header :is "X-Spam" "Yes" {
+    fileinto "Spam";
+}

roles/mailserver_dovecot/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for dovecot

roles/mailserver_dovecot/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- include_tasks: versioncheck.yml
+  when: submodules_versioncheck|bool
+
+- name: Delete default config
+  become: true
+  file:
+    state: absent
+    path: /etc/dovecot/
+
+- name: Create config directory
+  become: true
+  file:
+    path: /etc/dovecot
+    state: directory
+    mode: '0755'
+
+- name: create dovecot config
+  include_tasks: templates.yml
+
+- name: create dhparam
+  become: true
+  openssl_dhparam:
+    path: '/etc/dovecot/dh4096.pem'
+    size: 4096
+
+

roles/mailserver_dovecot/tasks/templates.yml

@@ -0,0 +1,42 @@
+---
+
+- name: Template dovecot.conf
+  become: true
+  template:
+    src: templates/dovecot.conf.j2
+    dest: /etc/dovecot/dovecot.conf
+    mode: "0644"
+
+- name: Template dovecot-sql.conf
+  become: true
+  template:
+    src: templates/dovecot-sql.j2
+    dest: /etc/dovecot/dovecot-sql.conf
+    mode: "0440"
+
+- name: Copy spam-global.sieve
+  become: true
+  copy:
+    src: files/spam-global.sieve
+    dest: /var/vmail/sieve/global/spam-global.sieve
+    owner: vmail
+    group: vmail
+    mode: "0644"
+
+- name: Copy learn-spam.sieve
+  become: true
+  copy:
+    src: files/learn-spam.sieve
+    dest: /var/vmail/sieve/global/learn-spam.sieve
+    owner: vmail
+    group: vmail
+    mode: "0644"
+
+- name: Copy learn-ham.sieve
+  become: true
+  copy:
+    src: files/learn-ham.sieve
+    dest: /var/vmail/sieve/global/learn-ham.sieve
+    owner: vmail
+    group: vmail
+    mode: "0644"

roles/mailserver_dovecot/tasks/versioncheck.yml

@@ -0,0 +1,46 @@
+---
+- name: Create directory for versionscheck
+  become: true
+  file:
+    path: '/etc/.ansible-version'
+    state: directory
+    mode: 0755
+  when: submodules_versioncheck|bool
+
+- name: check playbook version
+  become: true
+  slurp:
+    src: "/etc/.ansible-version/{{ playbook_version_path }}"
+  register: playbook_version
+  when: submodules_versioncheck|bool
+  ignore_errors: yes
+  failed_when: false
+
+- name: Print remote role version
+  debug:
+    msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
+  when: submodules_versioncheck|bool
+
+- name: Print locale role version
+  debug:
+    msg: "Local role version: '{{ playbook_version_number|string }}'."
+  when: submodules_versioncheck|bool
+
+- name: Check if your version is outdated
+  fail:
+    msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
+  when:
+    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
+
+- name: check if '/etc/ansible-version/' is empty
+  find:
+    paths: '/etc/ansible-version/'
+  register: filesFound
+
+- name: write new version to remote disk
+  become: true
+  copy:
+    content: "{{ playbook_version_number }}"
+    dest: "/etc/.ansible-version/{{ playbook_version_path }}"
+    mode: 0644
+  when: submodules_versioncheck|bool

roles/mailserver_dovecot/templates/dovecot-sql.j2

@@ -0,0 +1,7 @@
+driver=mysql
+connect = "host=localhost dbname={{ mailserver__mysql_database }} user={{ mailserver__mysql_user }} password={{ mailserver__mysql_password }}"
+default_pass_scheme = SHA512-CRYPT
+
+password_query = SELECT username AS user, domain, password FROM accounts WHERE username = '%Ln' AND domain = '%Ld' and enabled = true;
+user_query = SELECT concat('*:storage=', quota, 'M') AS quota_rule FROM accounts WHERE username = '%Ln' AND domain = '%Ld' AND sendonly = false;
+iterate_query = SELECT username, domain FROM accounts where sendonly = false;

roles/mailserver_dovecot/templates/dovecot.conf.j2

@@ -0,0 +1,163 @@
+# {{ ansible_managed }}
+###
+### Aktivierte Protokolle
+#############################
+
+protocols = imap lmtp sieve
+
+###
+### TLS Config
+### Quelle: https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d&guideline=5.4
+#######################
+
+ssl = required
+ssl_cert = <{{ mailserver__ssl_cert }}
+ssl_key = <{{ mailserver__ssl_key }}
+ssl_dh = </etc/dovecot/dh4096.pem
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ssl_prefer_server_ciphers = yes
+
+###
+### Dovecot services
+################################
+
+service imap-login {
+  inet_listener imap {
+    port = 143
+  }
+}
+
+service managesieve-login {
+  inet_listener sieve {
+    port = 4190
+  }
+}
+
+service lmtp {
+  unix_listener /var/spool/postfix/private/dovecot-lmtp {
+    mode = 0660
+    group = postfix
+    user = postfix
+  }
+
+  user = {{ mailserver__user }}
+}
+
+service auth {
+  ### Auth socket für Postfix
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0660
+    user = postfix
+    group = postfix
+  }
+
+  ### Auth socket für LMTP-Dienst
+  unix_listener auth-userdb {
+    mode = 0660
+    user = {{ mailserver__user }}
+    group = {{ mailserver__group }}
+  }
+}
+
+###
+###  Protocol settings
+#############################
+
+protocol imap {
+  mail_plugins = $mail_plugins quota imap_quota imap_sieve
+  mail_max_userip_connections = 20
+  imap_idle_notify_interval = 29 mins
+}
+
+protocol lmtp {
+    postmaster_address = {{ mailserver__postmaster_address }}
+    mail_plugins = $mail_plugins sieve notify push_notification
+}
+
+###
+### Client authentication
+#############################
+
+disable_plaintext_auth = yes
+auth_mechanisms = plain login
+auth_username_format = %Lu
+
+passdb {
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf
+}
+
+userdb {
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf
+}
+
+###
+### Mail location
+#######################
+
+mail_uid = {{ mailserver__user }}
+mail_gid = {{ mailserver__group }}
+mail_privileged_group = {{ mailserver__group }}
+
+mail_home = {{ mailserver__home }}/mailboxes/%d/%n
+mail_location = maildir:~/mail:LAYOUT=fs
+
+###
+### Mailbox configuration
+########################################
+
+namespace inbox {
+  inbox = yes
+
+  mailbox Spam {
+    auto = subscribe
+    special_use = \Junk
+  }
+
+  mailbox Trash {
+    auto = subscribe
+    special_use = \Trash
+  }
+
+  mailbox Drafts {
+    auto = subscribe
+    special_use = \Drafts
+  }
+
+  mailbox Sent {
+    auto = subscribe
+    special_use = \Sent
+  }
+}
+
+###
+### Mail plugins
+############################
+
+plugin {
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+  sieve_before = {{ mailserver__home }}/sieve/global/spam-global.sieve
+  sieve = file:{{ mailserver__home }}/sieve/%d/%n/scripts;active={{ mailserver__home }}/sieve/%d/%n/active-script.sieve
+
+  ###
+  ### Spam learning
+  ###
+  # From elsewhere to Spam folder
+  imapsieve_mailbox1_name = Spam
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_before = file:{{ mailserver__home }}/sieve/global/learn-spam.sieve
+
+  # From Spam folder to elsewhere
+  imapsieve_mailbox2_name = *
+  imapsieve_mailbox2_from = Spam
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_before = file:{{ mailserver__home }}/sieve/global/learn-ham.sieve
+
+  sieve_pipe_bin_dir = /usr/bin
+  sieve_global_extensions = +vnd.dovecot.pipe
+
+  quota = maildir:User quota
+  quota_exceeded_message = Benutzer %u hat das Speichervolumen überschritten. / User %u has exhausted allowed storage space.
+}

roles/mailserver_dovecot/vars/main.yml

@@ -0,0 +1,3 @@
+---
+playbook_version_number: 8 # should be int
+playbook_version_path: 'role-mailserver_dovecot_roles-ansile_github.com.version'

roles/mailserver_preperation/tasks/user.yml

@@ -23,10 +23,10 @@
     recurse: true
 
 - name: Create mail user mailbox directory
-  bevome: true
+  become: true
   file:
     path: /var/vmail/mailboxes
     state: directory
     owner: vmail
     group: vmail
-    mode: 0770
+    mode: '0770'

site.yml

@@ -38,5 +38,5 @@
     - { role: acmetool2, tags: [mail,acmetool]}
     - { role: nginx2, tags: [mail,nginx]}
     - { role: geerlingguy.mysql, tags: [mail,mysql,mariadb]}
-    - { role: robertdebock.dovecot, tags: [mail,postfix]}
-#    - { role: dovecot, tags: [mail,dovecot]}
+    - { role: robertdebock.dovecot, tags: [mail,dovecot]}
+    - { role: mailserver_dovecot, tags: [mail,dovecot,mailserver_dovecot]}