diff options
| author | Lars Wirzenius <liw@liw.fi> | 2017-03-18 19:36:51 +0200 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2017-03-18 19:36:51 +0200 |
| commit | 3e051823b9882447f3862c261a516d14f5bc7876 (patch) | |
| tree | 84c47e61a22d1bef6862752e8db7e6bd59a2366c /ansible/roles/mail-server | |
| parent | 369fc2e57989a493ecd66e13331bcaaa41a9c0b2 (diff) | |
| download | ansibleness-3e051823b9882447f3862c261a516d14f5bc7876.tar.gz | |
Configure dovecot to provide Postfix with SASL
Configure Postfix to require SASL for relay.
Diffstat (limited to 'ansible/roles/mail-server')
| -rw-r--r-- | ansible/roles/mail-server/tasks/dovecot-master.conf | 7 | ||||
| -rw-r--r-- | ansible/roles/mail-server/tasks/dovecot.yml | 12 | ||||
| -rw-r--r-- | ansible/roles/mail-server/templates/postfix.main.cf.j2 | 11 |
3 files changed, 30 insertions, 0 deletions
diff --git a/ansible/roles/mail-server/tasks/dovecot-master.conf b/ansible/roles/mail-server/tasks/dovecot-master.conf new file mode 100644 index 0000000..ceb24ea --- /dev/null +++ b/ansible/roles/mail-server/tasks/dovecot-master.conf @@ -0,0 +1,7 @@ +service auth { + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } +} diff --git a/ansible/roles/mail-server/tasks/dovecot.yml b/ansible/roles/mail-server/tasks/dovecot.yml index 165c6ff..401acb6 100644 --- a/ansible/roles/mail-server/tasks/dovecot.yml +++ b/ansible/roles/mail-server/tasks/dovecot.yml @@ -1,3 +1,9 @@ +- name: add user pienirelay + user: + name: pienirelay + comment: E-mail relay + password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay | mkpasswd -m SHA-512 -s') }}" + - name: install dovecot apt: name: dovecot-imapd @@ -7,3 +13,9 @@ src: dovecot-ssl.conf dest: /etc/dovecot/conf.d/11-ssl.conf notify: restart dovecot + +- name: install dovecot "service auth" config + copy: + src: dovecot-master.conf + dest: /etc/dovecot/conf.d/11-master.conf + notify: restart dovecot diff --git a/ansible/roles/mail-server/templates/postfix.main.cf.j2 b/ansible/roles/mail-server/templates/postfix.main.cf.j2 index 936e4c9..67cefe0 100644 --- a/ansible/roles/mail-server/templates/postfix.main.cf.j2 +++ b/ansible/roles/mail-server/templates/postfix.main.cf.j2 @@ -26,3 +26,14 @@ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_loglevel = 1 + +# SASL authentication +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_auth_enable = yes +smtpd_sasl_security_options = noanonymous, nodictionary + +smtpd_relay_restrictions = + permit_mynetworks + permit_sasl_authenticated + reject_unauth_destination |