fripost-ansible/roles/IMAP, branch master

IMAP: Adjust dovecot configuration to bullseye.

2024-09-08T00:10:41+00:00

Provisioning /etc/dovecot/conf.d/*.conf is a pain on upgrade so we
consolidate that by reverting these files to the distro-provided ones
and shipping a single /etc/dovecot/conf.d/99-local.conf override
instead.

Remove module ‘mysql_user2’.

2022-10-11T18:03:03+00:00

These days upstream's ‘mysql_user’ is good enough.

dovecot: Bump VSZ to 1G.

2022-10-11T12:00:04+00:00

Prefix ‘ipaddr’ and ‘ipv4’ with ‘ansible.utils.’.

2022-10-11T11:57:22+00:00

This silences the following deprecation warning:

  Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01.
  Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

Postfix: Install -lmdb in all roles using db=lmdb.

2020-05-21T01:42:54+00:00

And drop -ldap from all roles other than MX.  -lmdb is included in
roles/common but it can be helpful to have it individual roles as well
as they can be run individually.

dovecot-auth-proxy: replace directory traversal with LDAP lookups.

2020-05-21T00:26:16+00:00

This provides better isolation opportunity as the service doesn't need
to run as ‘vmail’ user.  We use a dedicated system user instead, and
LDAP ACLs to limit its access to the strict minimum.

The new solution is also more robust to quoting/escaping, and doesn't
depend on ‘home=/home/mail/virtual/%d/%n’ (we might use $entryUUID
instead of %d/%n at some point to make user renaming simpler).

OTOH we no longer lists users that have been removed from LDAP but still
have a mailstore lingering around.  This is fair.

dovecot-auth-proxy: Bump protocol version to 2.2.

2020-05-20T13:27:50+00:00

This a regression rom 829f4d830aefedd95a75e61cfc9aa3e03f039c6f.

There are no relevant interface changes between 2.2.27 (stretch) and
2.3.4 (buster) cf. `git diff 2.2.27..2.3.4 src/lib-dict/dict-client.h`
and https://github.com/dovecot/core/commits/2.3.4/src/lib-dict/dict-client.h .

IMAP: Update role to Debian Buster.

2020-05-19T05:56:01+00:00

For `ssl_cipher_list` we pick the suggested value from
https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d

At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’
to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’.

AEAD ciphers: Add EECDH+CHACHA20 macro.

2020-05-18T02:34:17+00:00

This adds the following two ciphers:

  ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH  Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
  ECDHE-RSA-CHACHA20-POLY1305   TLSv1.2 Kx=ECDH  Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD

dovecot: raise default_vsz_limit from 256MB to 512MB.

2019-05-23T17:19:16+00:00

This avoids lmtp errors like

        Error: mmap(size=0) failed with file […] dbox-Mails/dovecot.index.cache: Cannot allocate memory

See https://www.dovecot.org/list/dovecot/2012-August/137569.html and
https://www.dovecot.org/list/dovecot/2011-December/132455.html .