summaryrefslogtreecommitdiffstats
path: root/roles/webmail
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-28 13:49:48 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-28 13:49:48 +0200
commit05d59141d1115cafb663305d680a930f089b4851 (patch)
tree63cd28251a4bcd060c2447da189f1125a4d47487 /roles/webmail
parent4872fcd0b60b21d6b016a9e2673e5662313815cb (diff)
Roundcube: route IMAP and managesieve traffic through IPSec.
Diffstat (limited to 'roles/webmail')
-rw-r--r--roles/webmail/tasks/roundcube.yml12
-rw-r--r--roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j220
2 files changed, 16 insertions, 16 deletions
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml
index 3d56af7..998026c 100644
--- a/roles/webmail/tasks/roundcube.yml
+++ b/roles/webmail/tasks/roundcube.yml
@@ -49,12 +49,12 @@
# IMAP
# WARNING: After hostname change update of mail_host column in users
# table is required to match old user data records with the new host.
- - { var: default_host, value: "'localhost'" }
- - { var: default_port, value: "143" }
- - { var: imap_auth_type, value: "'PLAIN'" }
- - { var: imap_cache, value: "null" }
- - { var: imap_timeout, value: "180" }
- - { var: messages_cache, value: "false" }
+ - { var: default_host, value: "'{{ ipsec[imapsvr.inventory_hostname_short] }}'" }
+ - { var: default_port, value: "143" }
+ - { var: imap_auth_type, value: "'PLAIN'" }
+ - { var: imap_cache, value: "null" }
+ - { var: imap_timeout, value: "180" }
+ - { var: messages_cache, value: "false" }
# SMTP
- { var: smtp_server, value: "'localhost'" }
- { var: smtp_port, value: "2525" }
diff --git a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2
index 6ad7343..dcaca06 100644
--- a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2
+++ b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2
@@ -10,7 +10,7 @@ $config['managesieve_port'] = 4190;
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
-$config['managesieve_host'] = 'sieve.fripost.org';
+$config['managesieve_host'] = '{{ ipsec[imapsvr.inventory_hostname_short] }}';
// authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
// or none. Optional, defaults to best method supported by server.
@@ -26,19 +26,19 @@ $config['managesieve_auth_pw'] = null;
// use or not TLS for managesieve server connection
// Note: tls:// prefix in managesieve_host is also supported
-$config['managesieve_usetls'] = true;
+$config['managesieve_usetls'] = false;
// Connection scket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
-$config['managesieve_conn_options'] = array(
- 'ssl' => array(
- 'verify_peer' => true,
- 'disable_compression' => true,
- 'ciphers' => 'EECDH+AES!MEDIUM!LOW!EXP!aNULL!eNULL',
- 'peer_fingerprint' => array('sha1' => '{{ lookup('pipe', 'openssl x509 -in certs/public/imap.fripost.org.pem -noout -fingerprint -sha1 | sed "s/[^=]*=\s*//" | tr -d :') }}'),
- ),
- );
+//$config['managesieve_conn_options'] = array(
+// 'ssl' => array(
+// 'verify_peer' => true,
+// 'verify_depth' => 3,
+// 'cafile' => '/etc/openssl/certs/ca.crt',
+// ),
+// );
+$config['managesieve_conn_options'] = null;
// default contents of filters script (eg. default spam filter)
$config['managesieve_default'] = '/etc/dovecot/sieve/global';