xpk/automation.postfixadmin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
xpk
2019-01-16 00:00:44 +08:00
commit 97f6a2b73d
5 changed files with 629 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pfa-dovecot/tasks/main.yml
+354
View File
@@ -0,0 +1,354 @@
- name: Install dovecot and postfix
# for EL6 w/o IUS: ['dovecot-mysql', 'dovecot', 'postfix', 'python-pip', 'gcc', 'python-devel', 'unzip']
yum:
name: ['dovecot22u-mysql', 'dovecot22u', 'postfix', 'python2-pip', 'gcc', 'python-devel', 'unzip']
state: present
- name: Disable firewalls
service:
name: "{{item}}"
state: stopped
enabled: no
with_items:
- iptables
- firewalld
- name: Download pfa
get_url:
url: https://netix.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.2/postfixadmin-3.2-fedora.noarch.rpm
dest: /tmp/postfixadmin-3.2-fedora.noarch.rpm
force: no
- name: Download rainloop webmail
get_url:
url: https://www.rainloop.net/repository/webmail/rainloop-community-latest.zip
dest: /tmp/rainloop-community-latest.zip
force: no
- name: Install pfa rpm
yum:
name: /tmp/postfixadmin-3.2-fedora.noarch.rpm
validate_certs: no
state: installed
- name: Install MySQL-python
pip:
name: MySQL-python
state: present
- name: Create postfix database
mysql_db:
name: postfix
encoding: utf8
state: present
- name: Create postfix database user
mysql_user:
name: pfa
password: pfa-rocks-2018
priv: 'postfix.*:ALL'
state: present
- name: Wipe pfa database config
copy:
content: ""
dest: /etc/postfixadmin/config.local.php
- name: Create pfa database config
blockinfile:
create: yes
path: /etc/postfixadmin/config.local.php
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"
block: |
<?php
$CONF['database_type'] = 'mysqli';
$CONF['database_user'] = 'pfa';
$CONF['database_password'] = 'pfa-rocks-2018';
$CONF['database_name'] = 'postfix';
$CONF['configured'] = true;
$CONF['setup_password'] = '86f9fd9bd36a205055206e46ad31d421:dd74ee7940a549fc9349376c013d1912c43fe85c';
?>
- name: Create postfixadmin apache config
blockinfile:
path: /etc/httpd/conf.d/pfa.conf
create: yes
block: |
Alias /postfixadmin /usr/share/postfixadmin/public
<Directory /usr/share/postfixadmin>
Require all granted
Options FollowSymLinks
php_admin_flag allow_url_include off
php_admin_flag allow_url_fopen off
php_admin_value open_basedir "/usr/share/postfixadmin:/etc/postfixadmin:/var/cache/postfixadmin:/usr/bin/doveadm"
php_admin_value session.save_path /var/cache/postfixadmin/sessions
</Directory>
<Directory /usr/share/postfixadmin/public>
require all granted
</Directory>
- name: Give apache read access to pfa config
file:
path: "{{item}}"
mode: 0644
with_items:
- /etc/postfixadmin/config.inc.php
- /etc/postfixadmin/config.local.php
- name: Config postfix to listen to all
replace:
dest: /etc/postfix/main.cf
regexp: '^inet_interfaces.*'
replace: 'inet_interfaces = all'
- name: Update postfix main.cf
blockinfile:
path: /etc/postfix/main.cf
block: |
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:1001
virtual_gid_maps = static:12
# smtpd tls
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/postfix/server.key
smtpd_tls_cert_file = /etc/postfix/server.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
# smtp auth
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
# relay restrictions, bare minimal
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
- name: Setup submission port on postfix
blockinfile:
path: /etc/postfix/master.cf
block:
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o broken_sasl_auth_clients=yes
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- name: Generate self-signed cert for postfix
shell: openssl req -new -x509 -newkey rsa:2048 -keyout /etc/postfix/server.key -nodes -out /etc/postfix/server.crt -days 3650 -set_serial 201811 -subj "/C=US/ST=NJ/L=SelfSigned City/O=SelfSigned Company/OU=Mail/CN=mail.domain.tld"
- name: Create sql directory in postfix
file:
path: /etc/postfix/sql
state: directory
- name: Create mysql_virtual_alias_maps.cf
blockinfile:
path: /etc/postfix/sql/mysql_virtual_alias_maps.cf
create: yes
block: |
user = pfa
password = pfa-rocks-2018
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
- name: Create mysql_virtual_alias_domain_maps.cf
blockinfile:
path: /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
create: yes
block: |
user = pfa
password = pfa-rocks-2018
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
- name: Create mysql_virtual_alias_domain_catchall_maps.cf
blockinfile:
path: /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
create: yes
block: |
user = pfa
password = pfa-rocks-2018
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
- name: Create mysql_virtual_domains_maps.cf
blockinfile:
path: /etc/postfix/sql/mysql_virtual_domains_maps.cf
create: yes
block: |
user = pfa
password = pfa-rocks-2018
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
- name: Create mysql_virtual_mailbox_maps.cf
blockinfile:
path: /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
create: yes
block: |
user = pfa
password = pfa-rocks-2018
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
- name: Create mysql_virtual_alias_domain_mailbox_maps.cf
blockinfile:
path: /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
create: yes
block: |
user = pfa
password = pfa-rocks-2018
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
- name: Create vmail directory
file:
path: /var/vmail
state: directory
owner: 1001
group: mail
mode: 0755
- name: Wipe existing dovecot config
copy:
content: ""
dest: /etc/dovecot/dovecot.conf
- name: Configure dovecot
blockinfile:
path: /etc/dovecot/dovecot.conf
create: yes
block: |
mail_location = maildir:/var/vmail/%d/%n/
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox "Sent Messages" {
special_use = \Sent
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
prefix =
}
protocols = "imap pop3"
ssl = no
# login is for outlook express smtpd auth
auth_mechanisms = plain login
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
first_valid_uid = 1000
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
auth_verbose = yes
auth_debug = yes
mail_debug = yes
# postfix smtp auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
# enable ssl
ssl = yes
ssl_cert = </etc/postfix/server.crt
ssl_key = </etc/postfix/server.key
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!3DES:!RC4:!MD5:!DSS:!DH:!MEDIUM
- name: Create dovecot-sql.conf
blockinfile:
create: yes
path: /etc/dovecot/dovecot-sql.conf
block: |
connect = host=localhost dbname=postfix user=pfa password=pfa-rocks-2018
driver = mysql
default_pass_scheme = MD5-CRYPT
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
user_query = SELECT maildir, 1001 AS uid, 1001 AS gid FROM mailbox WHERE username = '%u' AND active='1'
- name: Prepare rainloop webmail installation
stat:
path: /var/log/rainloop-installed
register: rainloopInstalled
- name: Install rainloop webmail
shell: touch /var/log/rainloop-installed; mkdir /var/www/rainloop; unzip /tmp/rainloop-community-latest.zip -d /var/www/rainloop
when: rainloopInstalled.stat.exists == False
- name: Create rainloop apache config
blockinfile:
path: /etc/httpd/conf.d/rainloop.conf
create: yes
block: |
Alias /webmail /var/www/rainloop
<Directory /var/www/rainloop>
Require all granted
</Directory>
<Directory /var/www/rainloop/data>
Require all denied
</Directory>
- name: Set rainloop data directory perm
file:
path: /var/www/rainloop/data
owner: apache
- name: Restart apache, postfix, and dovecot
service:
name: "{{item}}"
state: restarted
enabled: yes
with_items:
- httpd
- postfix
- dovecot