diff options
Diffstat (limited to 'roles/dovecot/templates/etc')
17 files changed, 248 insertions, 0 deletions
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2 new file mode 100644 index 0000000..2185d6d --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2 @@ -0,0 +1,10 @@ +auth_default_realm = {{ freeipa_realm }} + +auth_username_format = %Ln + +auth_gssapi_hostname = "$ALL" + +auth_mechanisms = gssapi plain login + +!include auth-system.conf.ext +!include auth-ldap.conf.ext diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2 new file mode 100644 index 0000000..9a3884a --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2 @@ -0,0 +1,31 @@ +mail_location = mdbox:~/mdbox + +namespace inbox { + type = private + separator = / + inbox = yes + subscriptions = yes +} + +namespace virtual { + location = virtual:/etc/dovecot/virtual:INDEX=~/.virtual:CONTROL=~/.virtual:VOLATILEDIR=~/.virtual:LAYOUT=fs + + type = private + separator = / + prefix = Virtual/ +} + +mail_plugins = $mail_plugins quota virtual fts fts_solr + +mail_privileged_group = {{ dovecot_vmail_user }} + +first_valid_uid = {{ dovecot_vmail_user_result.uid }} +last_valid_uid = {{ dovecot_vmail_user_result.uid }} + +first_valid_gid = {{ dovecot_vmail_user_result.group }} +last_valid_gid = {{ dovecot_vmail_user_result.group }} + +# recommended configuration for quota:count +protocol !indexer-worker { + mail_vsize_bg_after_count = 100 +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2 new file mode 100644 index 0000000..a2af8b3 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2 @@ -0,0 +1,31 @@ +service imap-login { + inet_listener imap { + port = 143 + } + + inet_listener imaps { + port = 993 + ssl = yes + } +} + +service lmtp { + user = {{ dovecot_vmail_user }} + inet_listener lmtp { + port = {{ dovecot_lmtp_port }} + } +} + +service auth-worker { + user = $default_internal_user +} + +# Allow the vmail user to write to stats. This isn't strictly necessary, but +# prevents dovecot-lda from spamming the mail log with errors. +service stats { + unix_listener stats-writer { + user = dovecot + group = {{ dovecot_vmail_user }} + mode = 0660 + } +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2 new file mode 100644 index 0000000..e677b44 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2 @@ -0,0 +1,10 @@ +ssl = required + +ssl_cert = <{{ dovecot_certificate_path }} +ssl_key = <{{ dovecot_certificate_key_path }} + +ssl_dh = <{{ dovecot_dhparams_path }} + +ssl_min_protocol = TLSv1.2 + +ssl_cipher_list = {{ dovecot_ssl_cipher_list }} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2 new file mode 100644 index 0000000..0ed20f5 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2 @@ -0,0 +1,10 @@ +recipient_delimiter = {{ dovecot_recipient_delimiter }} +lda_original_recipient_header = X-Original-To + +lda_mailbox_autocreate = yes + +lda_mailbox_autosubscribe = no + +protocol lda { + mail_plugins = $mail_plugins sieve +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2 new file mode 100644 index 0000000..af47fcc --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2 @@ -0,0 +1,36 @@ +namespace inbox { + + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + + mailbox Junk { + auto = subscribe + special_use = \Junk + } + + mailbox Trash { + auto = subscribe + special_use = \Trash + } + + mailbox Sent { + auto = subscribe + special_use = \Sent + } + + mailbox Archive { + auto = subscribe + special_use = \Archive + } + + # "auto = subscribe" on virtual folders causes dovecot to coredump. + mailbox "Virtual/All Messages" { + special_use = \All + } + + mailbox Virtual/Flagged { + special_use = \Flagged + } +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2 new file mode 100644 index 0000000..ae67bae --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2 @@ -0,0 +1,3 @@ +protocol imap { + mail_plugins = $mail_plugins imap_quota imap_sieve +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2 new file mode 100644 index 0000000..2619ce5 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2 @@ -0,0 +1,3 @@ +protocol lmtp { + mail_plugins = $mail_plugins sieve +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2 new file mode 100644 index 0000000..f4adea9 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2 @@ -0,0 +1,11 @@ +protocols = $protocols sieve + +service managesieve-login { + inet_listener sieve { + port = 4190 + } + + inet_listener sieve_deprecated { + port = 0 + } +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2 new file mode 100644 index 0000000..dbe2102 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2 @@ -0,0 +1,6 @@ +plugin { + fts_autoindex = yes + fts = solr + fts_solr = url=http://localhost:{{ dovecot_solr_port }}/solr/dovecot/ + fts_tika = http://localhost:{{ dovecot_tika_port }}/tika/ +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2 new file mode 100644 index 0000000..e1d4449 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2 @@ -0,0 +1,34 @@ +plugin { + quota = count:User quota + quota_vsizes = yes + quota_rule = *:storage={{ dovecot_default_user_quota }} + quota_grace = {{ dovecot_quota_grace_percent }}%% + + quota_max_mail_size = {{ dovecot_max_mail_size }} + + quota_status_success = DUNNO + quota_status_nouser = DUNNO + quota_status_overquota = "552 5.2.2 Mailbox is full" + + {% for percent in dovecot_quota_warning_percent | sort(reverse=True) %} + quota_warning{% if not loop.first %}{{ loop.index }}{% endif %} = storage={{ percent }}%% quota-warning {{ percent }} %u + {% endfor %} +} + +service quota-warning { + executable = script {{ dovecot_quota_warning_script }} + user = {{ dovecot_vmail_user }} + unix_listener quota-warning { + user = dovecot + group = {{ dovecot_vmail_user }} + mode = 0660 + } +} + +service quota-status { + executable = quota-status -p postfix + inet_listener { + port = {{ dovecot_quota_status_port }} + } + client_limit = 5 +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2 new file mode 100644 index 0000000..bab3d4f --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2 @@ -0,0 +1,5 @@ +plugin { + sieve_pipe_bin_dir = {{ dovecot_sieve_pipe_bin_dir }} + sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter + sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2 new file mode 100644 index 0000000..51ec533 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2 @@ -0,0 +1,30 @@ +plugin { + sieve = file:~/sieve;active=~/.dovecot.sieve + + sieve_before = {{ dovecot_sieve_before_dir }} + + sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute + + sieve_plugins = sieve_extprograms sieve_imapsieve + + sieve_quota_max_scripts = 10 + sieve_quota_max_storage = 2M + + sieve_user_email = %Ln@{{ dovecot_default_domain }} + + # The default value for this is "sender", but that will totally break SPF + sieve_redirect_envelope_from = orig_recipient + + # From elsewhere to Junk folder + imapsieve_mailbox1_name = Junk + imapsieve_mailbox1_causes = COPY + imapsieve_mailbox1_before = file:{{ dovecot_sieve_dir }}/report-spam.sieve + + # From Junk folder to elsewhere + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Junk + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_before = file:{{ dovecot_sieve_dir }}/report-ham.sieve + + sieve_global_extensions = +vnd.dovecot.pipe +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2 new file mode 100644 index 0000000..7b5ab0e --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2 @@ -0,0 +1,4 @@ +userdb { + driver = ldap + args = /etc/dovecot/dovecot-ldap.conf.ext +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2 new file mode 100644 index 0000000..a53dd53 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2 @@ -0,0 +1,3 @@ +passdb { + driver = pam +} diff --git a/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2 new file mode 100644 index 0000000..3f03c82 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2 @@ -0,0 +1,16 @@ +hosts = {{ freeipa_hosts | join(' ') }} + +sasl_bind = yes +sasl_mech = gssapi +sasl_realm = {{ freeipa_realm }} + +base = {{ freeipa_user_basedn }} + +user_filter = (&(uid=%Ln)(memberof=cn={{ dovecot_access_group }},{{ freeipa_group_basedn }})) +user_attrs= \ + =uid={{ dovecot_vmail_user }}, \ + =gid={{ dovecot_vmail_user }}, \ + =home={{ dovecot_vmail_dir }}/%{ldap:uid} + +iterate_attrs = uid=user +iterate_filter = (memberof=cn={{ dovecot_access_group }},{{ freeipa_group_basedn }}) diff --git a/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2 b/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2 new file mode 100644 index 0000000..bfc16bf --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2 @@ -0,0 +1,5 @@ +protocols = imap lmtp + +import_environment = $import_environment GSS_USE_PROXY=yes + +!include conf.d/*.conf |