summaryrefslogtreecommitdiffstats
path: root/roles/IMAP-proxy/tasks/main.yml
Commit message (Collapse)AuthorAgeFiles
* IMAP proxy: copy only the leaf cert, not the whole chain.Guilhem Moulin2016-05-221
| | | | The comment regarding stunnel4 seems to not be relevant any longer.
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-121
|
* Rename imap.conf → roundcube.confGuilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-071
|
* stunnel.conf → imap.confGuilhem Moulin2015-06-071
|
* Prefer '/usr/sbin/nologin' over '/bin/false' for system users.Guilhem Moulin2015-06-071
|
* Upgrade the webmail configuration from Wheezy to Jessie.Guilhem Moulin2015-06-071
|
* Don't auto-create home directories when adding system users.Guilhem Moulin2015-06-071
| | | | | Unlike adduser(8), ansible's 'user' module copies skeletal configuration files even for system users (unless called with createhome=no).
* Use stunnel to secure the connection from the IMAP proxy to the IMAP server.Guilhem Moulin2015-06-071
| | | | | | | The reason is that we don't want to rely on CAs to verify the certificate of our server. Dovecot currently doesn't offer a way to match said cert against a local copy or known fingerprint. stunnel does.
* Revert dovecot (imapc) to stable (2.1.7-7+deb7u1).Guilhem Moulin2015-06-071
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There seem to be multiple bugs with the version from wheezy-backports (2.2.9-1~bpo70+1), and the client is killed on THREAD commands: guilhem@elefant:~$ telnet localhost 143 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a LOGIN guilhem xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY] Logged in b SELECT INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 8060 EXISTS * 0 RECENT * OK [UIDVALIDITY 1302032711] UIDs valid * OK [UIDNEXT 78905] Predicted next UID * OK [NOMODSEQ] No permanent modsequences b OK [READ-WRITE] Select completed (0.395 secs). c THREAD REFERENCES UTF-8 ALL Connection closed by foreign host. :/var/log/syslog Jun 27 21:58:01 elefant dovecot: imap(guilhem@fripost.org): Fatal: master: service(imap): child 24907 killed with signal 11 (core dumps disabled) Jun 27 21:58:01 elefant kernel: [248570.057270] imap[24907]: segfault at 400 ip 00007f7651596e09 sp 00007fff6e267760 error 4 in libdovecot.so.0.0.0[7f765153a000+cc000] Other (less scary) errors can be found in the syslog: Jun 27 20:26:09 elefant dovecot: imap(xxxx@fripost.org): Error: file_dotlock_open() failed with file /home/imapproxy/fripost.org/xxxx/imapc/dovecot.list.index.log: No such file or directory Jun 27 21:30:10 elefant dovecot: imap(xxxx@fripost.org): Error: imapc(imap.fripost.org:993): Command '11 APPEND "Sent" (\Seen) {2512485}' timed out, disconnecting Jun 27 21:30:10 elefant dovecot: imap(xxxx@fripost.org): Error: imapc: COPY failed: Disconnected from server Jun 27 21:30:10 elefant dovecot: imap(xxxx@fripost.org): Disconnected: IMAP session state is inconsistent, please relogin. in=2512632 out=969 This is infortunate as we cannot benefit from the 'fetch-headers' imapc_features right now. However, the bugs (at least the segfault) seems to be fixed as of 2.2.13-1, the version which can currently be found in testing. Hopefully it'll be backported soon :-)
* Install dovecot from backports (for imapc).Guilhem Moulin2015-06-071
| | | | | Interesting features include caching of mail headers (v2.2.8+) as well as new IMAP capabilities.
* Assume a DNS entry for each role.Guilhem Moulin2015-06-071
| | | | | | E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though.
* Use a local IMAP caching proxy under the webmail.Guilhem Moulin2015-06-071
(Unless the webmail is itself a full IMAP server.) It replaces RoundCube's own IMAP and message caches. Dovecot's IMAPC storage backend is not very documented, but provides smart IMAP proxying. References include: http://dovecot.org/pipermail/dovecot/2011-January/056975.html http://wiki2.dovecot.org/HowTo/ImapcProxy http://wiki2.dovecot.org/Migration/Dsync