74 lines
2.5 KiB
YAML
74 lines
2.5 KiB
YAML
# ansible playbook
|
|
#
|
|
# Install a complete mail system with
|
|
#
|
|
# - postfix
|
|
# - dovecot
|
|
# - clamav (with unofficial signatures)
|
|
# - rspamd (integrating clamav)
|
|
#
|
|
# not included here: list server, roundcube, account and alias management
|
|
#
|
|
# Please edit the host's config (inventory/host_vars/${hostname}):
|
|
# Add a new dictionary 'mailserver':
|
|
#
|
|
# mailserver:
|
|
# postgresql:
|
|
# host: 127.0.0.1
|
|
# port: 5432
|
|
# dbname: mailserver
|
|
# username: mailserver
|
|
# password: !vault |
|
|
# $ANSIBLE_VAULT;1.1;AES256
|
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
# postfix:
|
|
# overwrite_config: no
|
|
# reject_sender_login_mismatch: yes
|
|
# mynetworks: "10.0.0.0/24 [2a01:XXXX:XXXX:XXXX::]/64"
|
|
# verp_marker: rstxyz
|
|
# dovecot:
|
|
# auth_default_realm: mymaindomain.org
|
|
#
|
|
# Take care thate the verp_marker only contains [a-z0-9]+ (NO UPPER CASE LETTERS!).
|
|
#
|
|
# (Use ansible-vault encrypt_string to encrypt the password.)
|
|
#
|
|
# TODOs after running this playbook:
|
|
#
|
|
# Open the firewall:
|
|
#
|
|
# - open or DNAT the TCP ports 25, 143, 587, 4190 to the host (incoming)
|
|
# - allow outgoing traffic
|
|
#
|
|
# Configure mail DNS for your host:
|
|
#
|
|
# - MX
|
|
# - PTR (IPv4 and IPv6)
|
|
#
|
|
# Add SPF, DMARC and DKIM DNS records whenever you add a mail domain:
|
|
#
|
|
# - SPF ('IN TXT "v=spf1 mx"' or more)
|
|
# - DMARC ('_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:admin@mymaindomain.org; adkim=s; aspf=s;"')
|
|
# - DKIM (rspamadm dkim_keygen -d mymaindomain.org -s 20190911 -b 4096;
|
|
# get the DNS entry and also save the private key)
|
|
#
|
|
# Replace the ssl certificates with signed ones.
|
|
#
|
|
# Users and domains can be added to the PostgreSQL tables;
|
|
# code for that is not part of this playbook.
|
|
# Mind that if you create a catchall alias, you must also
|
|
# add an alias for each account to the aliases, or you can
|
|
# prepend the following to the SELECT in /etc/postfix/aliases.cf
|
|
# SELECT u.username || '@' || d.name FROM users u JOIN domains d ON u.domain_id=d.id WHERE d.relay_transport is null AND u.username || '@' || d.name = '%s'
|
|
# UNION
|
|
|
|
- name: install mail_system
|
|
user: root
|
|
hosts: mail
|
|
roles:
|
|
- mail_system
|