An Ansible role that automates the installation and configuration of Postfix and Dovecot with MySQL authentication on Ubuntu. The MySQL schema is derived from the following Digital Ocean tutorial. You can view the MySQL schema used in schema.sql.
127.0.0.1
.servermail
.usermail
.SHA512-CRYPT
./etc/mailname
.ipv4
. This defaults to all
.permit_sasl_authenticated
and reject
.yes
.permit_sasl_authenticated
, permit_mynetworks
, and reject_unauth_destination
.permit_mynetworks
, permit_sasl_authenticated
, and defer_unauth_destination
.127.0.0.0/8
, [::ffff:127.0.0.0]/104
, [::1]/128
.mydestination
. For information on visit the Postfix documentation.
This defaults to localhost
.SELECT destination FROM virtual_aliases WHERE source='%s';
.SELECT 1 FROM virtual_domains WHERE name='%s';
.SELECT 1 FROM virtual_users WHERE email='%s';
.SELECT email as user, password FROM virtual_users WHERE email='%u';
.dane
, for Red Hat 7 is may
. For more information visit the Postfix documentationlmtp
and imap
. To enable POP3, add pop3
to this variable. (note: apt install dovecot-pop3d
on the target to use pop3) dovecot_mail_location
.
This gives Dovecot's mail process the ability to write in the folder. This defaults to mail
.plain
and login
.
For more informationm read Dovecot's Authentication Mechanisms documentation.true
.true
.
Note that to also enable POP3S, you need to add pop3 to the dovecot_protocols
list variable.required
.
For more information, read Dovecot's SSL Configuration documentation.*
(all IPv4) and '::' (all IPv6).true
, adds example users to the databaserequirements.yml
roles:
- name: stackfocus.postfix-dovecot
site.yml
- hosts: all
become: yes
gather_facts: true
roles:
- stackfocus.postfix-dovecot
vars:
postfix_dovecot_mysql_db_name: mailserver
postfix_dovecot_mysql_user: mailuser
postfix_dovecot_mysql_password: mailpass
postfix_default_domain: example.com
dovecot_protocols:
- imap
- pop3
- lmtp
dovecot_mail_privileged_group: vmail
dovecot_ssl_cert: /etc/ssl/certs/dovecot.pem
dovecot_ssl_key: /etc/ssl/private/dovecot.pem
postfix_ssl_cert: /etc/ssl/certs/postfix.pem
postfix_ssl_key: /etc/ssl/private/postfix.pem
$ ansible-galaxy install -r requirements.yml
$ ansible-playbook -i inventory site.yml --ask-become-pass
In this example we use some geerlingguy's roles to handle database and certbot's certificates.
requirements.yml
roles:
- name: stackfocus.postfix-dovecot
- name: geerlingguy.mysql
- name: geerlingguy.certbot
Playbook prepare for you:
---
- name: Setup mail
hosts: mailserver.tld
become: true
vars:
mail_domain: mycooldomain.com
mail_database: maildb
mail_db_pass: 'ultrasafepassword'
roles:
- role: geerlingguy.mysql
mysql_databases:
- name: '{{ mail_database }}'
encoding: utf8mb4
collation: utf8mb4_czech_ci
mysql_users:
- name: '{{ mail_database }}'
host: "localhost"
password: '{{ mail_db_pass }}'
priv: "{{ mail_database }}.*:ALL"
- role: geerlingguy.certbot
certbot_certs:
- domains:
- '{{ mail_domain }}'
- 'mail.{{ mail_domain }}'
- role: stackfocus.postfix-dovecot
postfix_dovecot_mysql_db_name: '{{ mail_database }}'
postfix_dovecot_mysql_user: '{{ mail_database }}'
postfix_dovecot_mysql_password: '{{ mail_db_pass }}'
postfix_default_domain: '{{ mail_domain }}'
dovecot_protocols:
- imap
- pop3
- lmtp
dovecot_mail_privileged_group: vmail
dovecot_ssl_cert: /etc/letsencrypt/live/{{ mail_domain }}/fullchain.pem
dovecot_ssl_key: /etc/letsencrypt/live/{{ mail_domain }}/privkey.pem
postfix_ssl_cert: /etc/letsencrypt/live/{{ mail_domain }}/fullchain.pem
postfix_ssl_key: /etc/letsencrypt/live/{{ mail_domain }}/privkey.pem
postfix_smtp_tls_security_level: 'dane'
postfix_mydestination: '{{mail_domain}}'
postfix_myhostname: 'mail.{{mail_domain}}'