ansible role for debian buster setting up a mailserver with postfix, rspamd, dovecot and clamav and based on PostgreSQL; journal-postfix is a log parser for postfix; Attention: user and domain administration (in PostgreSQL) is not covered here
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

63 lines
2.1 KiB

# install a complete mail system with
#
# - postfix
# - dovecot
# - clamav (with unofficial signatures)
# - rspamd (integrating clamav)
#
# not included here: list server, roundcube
#
# Please edit the host's config (inventory/host_vars/${hostname}):
# Add a new dictionary 'mailserver':
#
# mailserver:
# postgresql:
# host: 127.0.0.1
# port: 5432
# dbname: mailserver
# username: mailserver
# password: !vault |
# $ANSIBLE_VAULT;1.1;AES256
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# postfix:
# overwrite_config: no
# reject_sender_login_mismatch: yes
# mynetworks: "10.0.0.0/24 [2a01:XXXX:XXXX:XXXX::]/64"
# verp_marker: rstxyz
# dovecot:
# auth_default_realm: mymaindomain.org
#
# Take care thate the verp_marker only contains [a-z0-9]+ (NO UPPER CASE LETTERS!).
#
# (Use ansible-vault encrypt_string zo encrypt the password.)
#
# TODOs after running this playbook:
#
# Configure mail DNS:
#
# - MX
# - PTR (IPv4 and IPv6)
#
# SPF, DMARC and DKIM DNS records should be created when adding a domain:
#
# - SPF (IN TXT "v=spf1 mx" or more)
# - DMARC (_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:admin@mymaindomain.org; adkim=s; aspf=s;")
# - DKIM (rspamadm dkim_keygen -d mymaindomain.org -s 20190911 -b 4096;
# get the DNS entry and save the private key
#
# Please open the firewall: open or DNAT tcp ports 25, 143, 587, 4190 to the host (incoming)
#
# Replace the ssl certificates with signed ones.
#
# Users and domains can be added to the PostgreSQL tables;
# code for that is not part of this playbook.
- name: install mail_system
user: root
hosts: mail
roles:
- mail_system