Fix Dovecot's mail location.

author: Guilhem Moulin <guilhem@fripost.org> 2014-07-09 03:38:53 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:52:50 +0200
commit: 508fa5dad16a62630b3063a4d0b395b0ca6ae005 (patch)
tree: db23a6f2f0f38e7cf3c4e276e660f991bda1b6a6 /roles
parent: 55e9b2a0ebc87a353f9c9496a77b313e41e47bd4 (diff)
4 files changed, 10 insertions, 6 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf
index fa127c6..2557b78 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf
@@ -46,23 +46,23 @@ protocol imap {
   #     "Headers Only".
   #   tb-extra-mailbox-sep:
   #     Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
   #     adds extra '/' suffixes to mailbox names. This option causes Dovecot to
   #     ignore the extra '/' instead of treating it as invalid mailbox name.
   #   tb-lsub-flags:
   #     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
   #     This makes Thunderbird realize they aren't selectable and show them
   #     greyed out, instead of only later giving "not selectable" popup error.
   #
   # The list is space-separated.
   #imap_client_workarounds = 
 
   # Load the 'antispam' plugin for people using the content filter.
   # (Otherwise fallback to the static userdb.)
   userdb {
     driver = ldap
     args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
 
     # Default fields can be used to specify defaults that LDAP may override
-    default_fields = home=/home/mail/%d/%n
+    default_fields = home=/home/mail/virtual/%d/%n
   }
 }
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
index 0b38f00..5237fc2 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
@@ -7,33 +7,33 @@ passdb {
 
   # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
   args = /etc/dovecot/dovecot-ldap.conf.ext
 }
 
 # "prefetch" user database means that the passdb already provided the
 # needed information and there's no need to do a separate userdb lookup.
 # <doc/wiki/UserDatabase.Prefetch.txt>
 #userdb {
 #  driver = prefetch
 #}
 
 #userdb {
 #  driver = ldap
 #  # This should be a different file from the passdb's, in order to perform
 #  # asynchronous requests.
 #
 #  args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
 #
 #  # Default fields can be used to specify defaults that LDAP may override
-#  default_fields = home=/home/mail/%d/%n
+#  default_fields = home=/home/mail/virtual/%d/%n
 #}
 
 # If you don't have any user-specific settings, you can avoid the userdb LDAP
 # lookup by using userdb static instead of userdb ldap, for example:
 # <doc/wiki/UserDatabase.Static.txt>
 userdb {
   driver = static
 
   # The MTA has already verified the existence of users when doing alias resolution,
   # so we can skip the passdb lookup here.
-  args = home=/home/mail/%d/%n allow_all_users=yes
+  args = home=/home/mail/virtual/%d/%n allow_all_users=yes
 }
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml
index 25f876d..b142ba6 100644
--- a/roles/IMAP/tasks/imap.yml
+++ b/roles/IMAP/tasks/imap.yml
@@ -16,65 +16,69 @@
         shell=/bin/false
         password=!
         state=present
 
 # Required for dbox, see
 # http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox
 - name: Create a nightly cron job to purge expunged messages
   cron: name="Purge expunged messages"
         minute=7 hour=5
         user=vmail cron_file=doveadm-purge
         job="/usr/bin/doveadm purge -A"
 
 # The ownership and permissions ensure that dovecot won't try to
 # deliver mails under an umounted mountpoint.
 - name: Create a home directory for user 'vmail'
   file: path=/home/mail
         state=directory
         owner=root group=root
         mode=0755
 
+- name: Create /home/mail/virtual
+  file: path=/home/mail/virtual
+        state=directory
+        owner=vmail group=vmail
+        mode=0700
+
 - name: Create virtual mailbox directories
   file: path=/etc/dovecot/virtual/{{ item }}
         state=directory
         owner=root group=root
         mode=0755
   with_items:
     - all
     - flagged
     - recent
     - unseen
 
 - name: Create virtual mailboxes
   copy: src=etc/dovecot/virtual/{{ item }}/dovecot-virtual
         dest=/etc/dovecot/virtual/{{ item }}/dovecot-virtual
         owner=root group=root
         mode=0644
   with_items:
     - all
     - flagged
     - recent
     - unseen
 
 - name: Create directory /home/mail/spamspool
-  # There is no possibility for a name clash, since 'spamspool' isn't a
-  # valid domain
   file: path=/home/mail/spamspool
         state=directory
         owner=vmail group=vmail
         mode=0700
 
 - name: Create directory /etc/dovecot/ssl
   file: path=/etc/dovecot/ssl
         state=directory
         owner=root group=root
         mode=0755
 
 - name: Generate a private key and a X.509 certificate for Dovecot
   command: genkeypair.sh x509
                          --pubkey=/etc/dovecot/ssl/imap.fripost.org.pem
                          --privkey=/etc/dovecot/ssl/imap.fripost.org.key
                          --ou=IMAP --cn=imap.fripost.org
                          -t rsa -b 4096 -h sha512
   register: r1
   changed_when: r1.rc == 0
   failed_when: r1.rc > 1
diff --git a/roles/common/templates/etc/iptables/services.j2 b/roles/common/templates/etc/iptables/services.j2
index d24b55d..c2ba3d0 100644
--- a/roles/common/templates/etc/iptables/services.j2
+++ b/roles/common/templates/etc/iptables/services.j2
@@ -24,23 +24,23 @@ out     tcp     {{ postfix_instance.IMAP.port }}
 out     tcp     {{ postfix_instance.lists.port }}
 {% endif %}
 {% if 'out' in group_names %}
 in      tcp     {{ postfix_instance.out.port }}
 out     tcp     25                                      # SMTP
 {% else %}
 out     tcp     {{ postfix_instance.out.port }}
 {% endif %}
 {% if 'IMAP' in group_names %}
 in      tcp     993                                     # IMAPS
 in      tcp     4190                                    # ManageSieve
 {% endif %}
 {% if 'MDA' in group_names %}
 in      tcp     {{ postfix_instance.IMAP.port }}
 {% endif %}
 {% if 'MSA' in group_names %}
 in      tcp     587                                     # SMTP-AUTH
 {% endif %}
 {% if 'webmail' in group_names %}
 in     tcp      80,443                                  # HTTP/HTTPS
-out    tcp      993                                     # IMAP # TODO imapc
+out    tcp      993                                     # IMAP
 out    tcp      4190
 {% endif %}
author	Guilhem Moulin <guilhem@fripost.org>	2014-07-09 03:38:53 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:52:50 +0200
commit	508fa5dad16a62630b3063a4d0b395b0ca6ae005 (patch)
tree	db23a6f2f0f38e7cf3c4e276e660f991bda1b6a6 /roles
parent	55e9b2a0ebc87a353f9c9496a77b313e41e47bd4 (diff)