summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf68
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf21
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext2
-rw-r--r--roles/IMAP/files/etc/dovecot/dovecot-ldap-userdb.conf.ext84
-rw-r--r--roles/IMAP/tasks/imap.yml12
-rw-r--r--roles/common-LDAP/templates/etc/ldap/database.ldif.j27
6 files changed, 193 insertions, 1 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf
new file mode 100644
index 0000000..6771cc7
--- /dev/null
+++ b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf
@@ -0,0 +1,68 @@
+##
+## IMAP specific settings
+##
+
+protocol imap {
+ # Maximum IMAP command line length. Some clients generate very long command
+ # lines with huge mailboxes, so you may need to raise this if you get
+ # "Too long argument" or "IMAP command line too large" errors often.
+ #imap_max_line_length = 64k
+
+ # Maximum number of IMAP connections allowed for a user from each IP address.
+ # NOTE: The username is compared case-sensitively.
+ #mail_max_userip_connections = 10
+
+ # Space separated list of plugins to load (default is global mail_plugins).
+ #mail_plugins = $mail_plugins antispam
+
+ # IMAP logout format string:
+ # %i - total number of bytes read from client
+ # %o - total number of bytes sent to client
+ #imap_logout_format = bytes=%i/%o
+
+ # Override the IMAP CAPABILITY response. If the value begins with '+',
+ # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+ #imap_capability =
+
+ # How long to wait between "OK Still here" notifications when client is
+ # IDLEing.
+ #imap_idle_notify_interval = 2 mins
+
+ # ID field names and values to send to clients. Using * as the value makes
+ # Dovecot use the default value. The following fields have default values
+ # currently: name, version, os, os-version, support-url, support-email.
+ #imap_id_send =
+
+ # ID fields sent by client to log. * means everything.
+ #imap_id_log =
+
+ # Workarounds for various client bugs:
+ # delay-newmail:
+ # Send EXISTS/RECENT new mail notifications only when replying to NOOP
+ # and CHECK commands. Some clients ignore them otherwise, for example OSX
+ # Mail (<v2.1). Outlook Express breaks more badly though, without this it
+ # may show user "Message no longer in server" errors. Note that OE6 still
+ # breaks even with this workaround if synchronization is set to
+ # "Headers Only".
+ # tb-extra-mailbox-sep:
+ # Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+ # adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+ # ignore the extra '/' instead of treating it as invalid mailbox name.
+ # tb-lsub-flags:
+ # Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+ # This makes Thunderbird realize they aren't selectable and show them
+ # greyed out, instead of only later giving "not selectable" popup error.
+ #
+ # The list is space-separated.
+ #imap_client_workarounds =
+
+ # Load the 'antispam' plugin for people using the content filter.
+ # (Otherwise fallback to the static userdb.)
+ userdb {
+ driver = ldap
+ args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
+
+ # Default fields can be used to specify defaults that LDAP may override
+ default_fields = home=/home/mail/%d/%n
+ }
+}
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf b/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf
new file mode 100644
index 0000000..6e60f0f
--- /dev/null
+++ b/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf
@@ -0,0 +1,21 @@
+##
+## Plugin settings
+##
+
+# All wanted plugins must be listed in mail_plugins setting before any of the
+# settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and
+# their configuration. Note that %variable expansion is done for all values.
+
+plugin {
+ antispam_backend = spool2dir
+
+ antispam_trash = TRASH
+ antispam_unsure_pattern_ignorecase = MailTrain;MailTrain/*
+ antispam_spam = SPAM
+
+ # The first %%lu is replaced by the current time.
+ # The second %%lu is replaced by a counter to generate unique names.
+ # These two tokens MUST be present in the template!
+ antispam_spool2dir_spam = /home/mail/spamspool/%u-%%10lu-%%06lu.spam
+ antispam_spool2dir_notspam = /home/mail/spamspool/%u-%%10lu-%%06lu.ham
+}
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
index 8e88b27..15eb306 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
@@ -23,7 +23,7 @@ passdb {
# args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
#
# # Default fields can be used to specify defaults that LDAP may override
-# #default_fields = home=/home/virtual/%u
+# default_fields = home=/home/mail/%d/%n
#}
# If you don't have any user-specific settings, you can avoid the userdb LDAP
diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap-userdb.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap-userdb.conf.ext
new file mode 100644
index 0000000..6c39bf6
--- /dev/null
+++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap-userdb.conf.ext
@@ -0,0 +1,84 @@
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb
+
+# Space separated list of LDAP hosts to use. host:port is allowed too.
+#hosts =
+
+# LDAP URIs to use. You can use this instead of hosts list. Note that this
+# setting isn't supported by all LDAP libraries.
+uris = ldapi://
+
+# Distinguished Name - the username used to login to the LDAP server.
+# Leave it commented out to bind anonymously.
+#dn =
+
+# Password for LDAP server, if dn is specified.
+#dnpass =
+
+# Use SASL binding instead of the simple binding. Note that this changes
+# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
+# and auth_bind=yes don't work together.
+sasl_bind = yes
+# SASL mechanism name to use.
+sasl_mech = EXTERNAL
+# SASL realm to use.
+#sasl_realm =
+# SASL authorization ID, ie. the dnpass is for this "master user", but the
+# dn is still the logged in user. Normally you want to keep this empty.
+#sasl_authz_id =
+
+# Use TLS to connect to the LDAP server.
+#tls = no
+# TLS options, currently supported only with OpenLDAP:
+#tls_ca_cert_file =
+#tls_ca_cert_dir =
+#tls_cipher_suite =
+# TLS cert/key is used only if LDAP server requires a client certificate.
+#tls_cert_file =
+#tls_key_file =
+# Valid values: never, hard, demand, allow, try
+#tls_require_cert =
+
+# Use the given ldaprc path.
+#ldaprc_path =
+
+# LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.
+# -1 = everything. You may need to recompile OpenLDAP with debugging enabled
+# to get enough output.
+#debug_level = 0
+
+# LDAP protocol version to use. Likely 2 or 3.
+ldap_version = 3
+
+# LDAP base. %variables can be used here.
+# For example: dc=mail, dc=example, dc=org
+base = fvl=%n,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+
+# Dereference: never, searching, finding, always
+deref = never
+
+# Search scope: base, onelevel, subtree
+scope = base
+
+# User attributes are given in LDAP-name=dovecot-internal-name list. The
+# internal names are:
+# uid - System UID
+# gid - System GID
+# home - Home directory
+# mail - Mail location
+#
+# There are also other special fields which can be returned, see
+# http://wiki2.dovecot.org/UserDatabase/ExtraFields
+user_attrs = =mail_plugins=antispam
+
+# Filter for user lookup. Some variables can be used (see
+# http://wiki2.dovecot.org/Variables for full list):
+# %u - username
+# %n - user part in user@domain, same as %u if there's no domain
+# %d - domain part in user@domain, empty if user there's no domain
+user_filter = (&(objectClass=FripostVirtualUser)(objectClass=AmavisAccount))
+
+# Attributes and filter to get a list of all users
+#iterate_attrs = uid=user
+#iterate_filter = (objectClass=posixAccount)
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml
index d8bb352..e39e4bf 100644
--- a/roles/IMAP/tasks/imap.yml
+++ b/roles/IMAP/tasks/imap.yml
@@ -5,6 +5,7 @@
- dovecot-ldap
- dovecot-imapd
- dovecot-lmtpd
+ - dovecot-antispam
- name: Create a user 'vmail'
user: name=vmail system=yes
@@ -42,6 +43,14 @@
- recent
- unseen
+- name: Create directory /home/mail/spamspool
+ # There is no possibility for a name clash, since 'spamspool' isn't a
+ # valid domain
+ file: path=/home/mail/spamspool
+ state=directory
+ owner=vmail group=vmail
+ mode=0700
+
- name: Configure Dovecot
copy: src=etc/dovecot/{{ item }}
dest=/etc/dovecot/{{ item }}
@@ -55,9 +64,12 @@
- conf.d/10-master.conf
- conf.d/10-ssl.conf
- conf.d/15-mailboxes.conf
+ - conf.d/20-imap.conf
- conf.d/20-lmtp.conf
+ - conf.d/90-plugin.conf
- conf.d/auth-ldap.conf.ext
- dovecot-ldap.conf.ext
+ - dovecot-ldap-userdb.conf.ext
notify:
- Restart Dovecot
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index c7a4379..56cd110 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -147,6 +147,13 @@ olcAccess: to dn.regex="^fvl=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost
filter=(&(objectClass=FripostVirtualUser)(objectClass=AmavisAccount)(fripostIsStatusActive=TRUE))
by dn.exact="username=amavis,cn=peercred,cn=external,cn=auth" =rsd
by users =0 break
+#
+# The following is required for the userdb
+olcAccess: to dn.regex="^fvl=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=org$"
+ attrs=entry,objectClass
+ filter=(objectClass=FripostVirtualUser)
+ by dn.exact="username=dovecot,cn=peercred,cn=external,cn=auth" =rsd
+ by users =0 break
{% endif %}
#
# Anonymous can authenticate into the services. (But not read or write the password.)