diff options
Diffstat (limited to 'roles/dovecot/templates')
22 files changed, 391 insertions, 0 deletions
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2 new file mode 100644 index 0000000..2185d6d --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2 @@ -0,0 +1,10 @@ +auth_default_realm = {{ freeipa_realm }} + +auth_username_format = %Ln + +auth_gssapi_hostname = "$ALL" + +auth_mechanisms = gssapi plain login + +!include auth-system.conf.ext +!include auth-ldap.conf.ext diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2 new file mode 100644 index 0000000..9a3884a --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2 @@ -0,0 +1,31 @@ +mail_location = mdbox:~/mdbox + +namespace inbox { + type = private + separator = / + inbox = yes + subscriptions = yes +} + +namespace virtual { + location = virtual:/etc/dovecot/virtual:INDEX=~/.virtual:CONTROL=~/.virtual:VOLATILEDIR=~/.virtual:LAYOUT=fs + + type = private + separator = / + prefix = Virtual/ +} + +mail_plugins = $mail_plugins quota virtual fts fts_solr + +mail_privileged_group = {{ dovecot_vmail_user }} + +first_valid_uid = {{ dovecot_vmail_user_result.uid }} +last_valid_uid = {{ dovecot_vmail_user_result.uid }} + +first_valid_gid = {{ dovecot_vmail_user_result.group }} +last_valid_gid = {{ dovecot_vmail_user_result.group }} + +# recommended configuration for quota:count +protocol !indexer-worker { + mail_vsize_bg_after_count = 100 +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2 new file mode 100644 index 0000000..a2af8b3 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2 @@ -0,0 +1,31 @@ +service imap-login { + inet_listener imap { + port = 143 + } + + inet_listener imaps { + port = 993 + ssl = yes + } +} + +service lmtp { + user = {{ dovecot_vmail_user }} + inet_listener lmtp { + port = {{ dovecot_lmtp_port }} + } +} + +service auth-worker { + user = $default_internal_user +} + +# Allow the vmail user to write to stats. This isn't strictly necessary, but +# prevents dovecot-lda from spamming the mail log with errors. +service stats { + unix_listener stats-writer { + user = dovecot + group = {{ dovecot_vmail_user }} + mode = 0660 + } +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2 new file mode 100644 index 0000000..e677b44 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2 @@ -0,0 +1,10 @@ +ssl = required + +ssl_cert = <{{ dovecot_certificate_path }} +ssl_key = <{{ dovecot_certificate_key_path }} + +ssl_dh = <{{ dovecot_dhparams_path }} + +ssl_min_protocol = TLSv1.2 + +ssl_cipher_list = {{ dovecot_ssl_cipher_list }} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2 new file mode 100644 index 0000000..0ed20f5 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2 @@ -0,0 +1,10 @@ +recipient_delimiter = {{ dovecot_recipient_delimiter }} +lda_original_recipient_header = X-Original-To + +lda_mailbox_autocreate = yes + +lda_mailbox_autosubscribe = no + +protocol lda { + mail_plugins = $mail_plugins sieve +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2 new file mode 100644 index 0000000..af47fcc --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2 @@ -0,0 +1,36 @@ +namespace inbox { + + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + + mailbox Junk { + auto = subscribe + special_use = \Junk + } + + mailbox Trash { + auto = subscribe + special_use = \Trash + } + + mailbox Sent { + auto = subscribe + special_use = \Sent + } + + mailbox Archive { + auto = subscribe + special_use = \Archive + } + + # "auto = subscribe" on virtual folders causes dovecot to coredump. + mailbox "Virtual/All Messages" { + special_use = \All + } + + mailbox Virtual/Flagged { + special_use = \Flagged + } +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2 new file mode 100644 index 0000000..ae67bae --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2 @@ -0,0 +1,3 @@ +protocol imap { + mail_plugins = $mail_plugins imap_quota imap_sieve +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2 new file mode 100644 index 0000000..2619ce5 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2 @@ -0,0 +1,3 @@ +protocol lmtp { + mail_plugins = $mail_plugins sieve +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2 new file mode 100644 index 0000000..f4adea9 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2 @@ -0,0 +1,11 @@ +protocols = $protocols sieve + +service managesieve-login { + inet_listener sieve { + port = 4190 + } + + inet_listener sieve_deprecated { + port = 0 + } +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2 new file mode 100644 index 0000000..dbe2102 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2 @@ -0,0 +1,6 @@ +plugin { + fts_autoindex = yes + fts = solr + fts_solr = url=http://localhost:{{ dovecot_solr_port }}/solr/dovecot/ + fts_tika = http://localhost:{{ dovecot_tika_port }}/tika/ +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2 new file mode 100644 index 0000000..e1d4449 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2 @@ -0,0 +1,34 @@ +plugin { + quota = count:User quota + quota_vsizes = yes + quota_rule = *:storage={{ dovecot_default_user_quota }} + quota_grace = {{ dovecot_quota_grace_percent }}%% + + quota_max_mail_size = {{ dovecot_max_mail_size }} + + quota_status_success = DUNNO + quota_status_nouser = DUNNO + quota_status_overquota = "552 5.2.2 Mailbox is full" + + {% for percent in dovecot_quota_warning_percent | sort(reverse=True) %} + quota_warning{% if not loop.first %}{{ loop.index }}{% endif %} = storage={{ percent }}%% quota-warning {{ percent }} %u + {% endfor %} +} + +service quota-warning { + executable = script {{ dovecot_quota_warning_script }} + user = {{ dovecot_vmail_user }} + unix_listener quota-warning { + user = dovecot + group = {{ dovecot_vmail_user }} + mode = 0660 + } +} + +service quota-status { + executable = quota-status -p postfix + inet_listener { + port = {{ dovecot_quota_status_port }} + } + client_limit = 5 +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2 new file mode 100644 index 0000000..bab3d4f --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2 @@ -0,0 +1,5 @@ +plugin { + sieve_pipe_bin_dir = {{ dovecot_sieve_pipe_bin_dir }} + sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter + sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2 new file mode 100644 index 0000000..51ec533 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2 @@ -0,0 +1,30 @@ +plugin { + sieve = file:~/sieve;active=~/.dovecot.sieve + + sieve_before = {{ dovecot_sieve_before_dir }} + + sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute + + sieve_plugins = sieve_extprograms sieve_imapsieve + + sieve_quota_max_scripts = 10 + sieve_quota_max_storage = 2M + + sieve_user_email = %Ln@{{ dovecot_default_domain }} + + # The default value for this is "sender", but that will totally break SPF + sieve_redirect_envelope_from = orig_recipient + + # From elsewhere to Junk folder + imapsieve_mailbox1_name = Junk + imapsieve_mailbox1_causes = COPY + imapsieve_mailbox1_before = file:{{ dovecot_sieve_dir }}/report-spam.sieve + + # From Junk folder to elsewhere + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Junk + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_before = file:{{ dovecot_sieve_dir }}/report-ham.sieve + + sieve_global_extensions = +vnd.dovecot.pipe +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2 new file mode 100644 index 0000000..7b5ab0e --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2 @@ -0,0 +1,4 @@ +userdb { + driver = ldap + args = /etc/dovecot/dovecot-ldap.conf.ext +} diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2 new file mode 100644 index 0000000..a53dd53 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2 @@ -0,0 +1,3 @@ +passdb { + driver = pam +} diff --git a/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2 new file mode 100644 index 0000000..3f03c82 --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2 @@ -0,0 +1,16 @@ +hosts = {{ freeipa_hosts | join(' ') }} + +sasl_bind = yes +sasl_mech = gssapi +sasl_realm = {{ freeipa_realm }} + +base = {{ freeipa_user_basedn }} + +user_filter = (&(uid=%Ln)(memberof=cn={{ dovecot_access_group }},{{ freeipa_group_basedn }})) +user_attrs= \ + =uid={{ dovecot_vmail_user }}, \ + =gid={{ dovecot_vmail_user }}, \ + =home={{ dovecot_vmail_dir }}/%{ldap:uid} + +iterate_attrs = uid=user +iterate_filter = (memberof=cn={{ dovecot_access_group }},{{ freeipa_group_basedn }}) diff --git a/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2 b/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2 new file mode 100644 index 0000000..bfc16bf --- /dev/null +++ b/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2 @@ -0,0 +1,5 @@ +protocols = imap lmtp + +import_environment = $import_environment GSS_USE_PROXY=yes + +!include conf.d/*.conf diff --git a/roles/dovecot/templates/usr/lib/dovecot/sieve-pipe/report-ham.sh.j2 b/roles/dovecot/templates/usr/lib/dovecot/sieve-pipe/report-ham.sh.j2 new file mode 100644 index 0000000..fbce0bc --- /dev/null +++ b/roles/dovecot/templates/usr/lib/dovecot/sieve-pipe/report-ham.sh.j2 @@ -0,0 +1,7 @@ +#!/bin/bash + +exec /usr/bin/rspamc \ + --hostname={{ dovecot_rspamd_host | quote }} \ + --password={{ dovecot_rspamd_password | quote }} \ + --key={{ dovecot_rspamd_pubkey | quote }} \ + learn_ham diff --git a/roles/dovecot/templates/usr/lib/dovecot/sieve-pipe/report-spam.sh.j2 b/roles/dovecot/templates/usr/lib/dovecot/sieve-pipe/report-spam.sh.j2 new file mode 100644 index 0000000..393c5ec --- /dev/null +++ b/roles/dovecot/templates/usr/lib/dovecot/sieve-pipe/report-spam.sh.j2 @@ -0,0 +1,7 @@ +#!/bin/bash + +exec /usr/bin/rspamc \ + --hostname={{ dovecot_rspamd_host | quote }} \ + --password={{ dovecot_rspamd_password | quote }} \ + --key={{ dovecot_rspamd_pubkey | quote }} \ + learn_spam diff --git a/roles/dovecot/templates/usr/local/bin/dovecot-archive.sh.j2 b/roles/dovecot/templates/usr/local/bin/dovecot-archive.sh.j2 new file mode 100644 index 0000000..8f34b6a --- /dev/null +++ b/roles/dovecot/templates/usr/local/bin/dovecot-archive.sh.j2 @@ -0,0 +1,19 @@ +#!/bin/bash + +set -Eeu -o pipefail + +VMAIL_USER={{ dovecot_vmail_user | quote }} +{% raw %} +TMPDIR=$(mktemp -d .dovecot-XXXXXX) +trap 'rm -rf -- "$TMPDIR"' EXIT + +chown "$VMAIL_USER" "$TMPDIR" + +doveadm user '*' | xargs -r -I{} doveadm -o plugin/quota= backup -n inbox -f -u {} "mdbox:${TMPDIR}/{}/mdbox:LAYOUT=fs" + +TIMESTAMP=$(date +%Y%m%d%H%M%S) + +tar czf "mailboxes-${TIMESTAMP}.tar.gz" \ + --transform "s|^\.|mailboxes-${TIMESTAMP}|" \ + -C "$TMPDIR" . +{% endraw %} diff --git a/roles/dovecot/templates/usr/local/bin/dovecot-quota-warning.sh.j2 b/roles/dovecot/templates/usr/local/bin/dovecot-quota-warning.sh.j2 new file mode 100644 index 0000000..5ffe4b8 --- /dev/null +++ b/roles/dovecot/templates/usr/local/bin/dovecot-quota-warning.sh.j2 @@ -0,0 +1,19 @@ +#!/bin/bash + +set -Eeu -o pipefail + +PERCENT=$1 +USER=$2 + +cat << EOF | /usr/libexec/dovecot/dovecot-lda -d "$USER" -o "plugin/quota=count:User quota:noenforcing" +From: postmaster@{{ dovecot_default_domain }} +Subject: Mailbox quota warning + +This is an automatically generated message. + +Your mailbox is now ${PERCENT}% full. + +When your mailbox exceeds its quota, you will no longer receive new mail. + +Please delete some messages to free up space. +EOF diff --git a/roles/dovecot/templates/var/lib/solr/dovecot/conf/solrconfig.xml.j2 b/roles/dovecot/templates/var/lib/solr/dovecot/conf/solrconfig.xml.j2 new file mode 100644 index 0000000..af29a84 --- /dev/null +++ b/roles/dovecot/templates/var/lib/solr/dovecot/conf/solrconfig.xml.j2 @@ -0,0 +1,91 @@ +<?xml version="1.0" encoding="UTF-8" ?> + +<config> + <luceneMatchVersion>{{ solr_lucene_version }}</luceneMatchVersion> + + <lib dir="${solr.install.dir:../../../..}/contrib/extraction/lib" regex=".*\.jar" /> + <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-cell-\d.*\.jar" /> + + <lib dir="${solr.install.dir:../../../..}/contrib/clustering/lib/" regex=".*\.jar" /> + <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-clustering-\d.*\.jar" /> + + <lib dir="${solr.install.dir:../../../..}/contrib/langid/lib/" regex=".*\.jar" /> + <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-langid-\d.*\.jar" /> + + <lib dir="${solr.install.dir:../../../..}/contrib/velocity/lib" regex=".*\.jar" /> + <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-velocity-\d.*\.jar" /> + + <dataDir>${solr.data.dir:}</dataDir> + + <updateHandler class="solr.DirectUpdateHandler2"> + + <updateLog> + <str name="dir">${solr.ulog.dir:}</str> + <int name="numVersionBuckets">${solr.ulog.numVersionBuckets:65536}</int> + </updateLog> + + <autoCommit> + <maxTime>${solr.autoCommit.maxTime:15000}</maxTime> + <openSearcher>false</openSearcher> + </autoCommit> + + <autoSoftCommit> + <maxTime>${solr.autoSoftCommit.maxTime:-1}</maxTime> + </autoSoftCommit> + + </updateHandler> + + <query> + <filterCache class="solr.CaffeineCache" + size="512" + initialSize="512" + autowarmCount="0"/> + + <queryResultCache class="solr.CaffeineCache" + size="512" + initialSize="512" + autowarmCount="0"/> + + <documentCache class="solr.CaffeineCache" + size="512" + initialSize="512" + autowarmCount="0"/> + + <cache name="perSegFilter" + class="solr.search.CaffeineCache" + size="10" + initialSize="0" + autowarmCount="10" + regenerator="solr.NoOpRegenerator" /> + + <enableLazyFieldLoading>true</enableLazyFieldLoading> + + <queryResultWindowSize>20</queryResultWindowSize> + + <queryResultMaxDocsCached>200</queryResultMaxDocsCached> + + <useColdSearcher>false</useColdSearcher> + + </query> + + <requestDispatcher> + <httpCaching never304="true" /> + </requestDispatcher> + + <requestHandler name="/select" class="solr.SearchHandler"> + <lst name="defaults"> + <str name="echoParams">explicit</str> + <int name="rows">10</int> + </lst> + </requestHandler> + + <initParams path="/update/**,/select"> + <lst name="defaults"> + <str name="df">_text_</str> + </lst> + </initParams> + + <queryResponseWriter name="xml" + default="true" + class="solr.XMLResponseWriter" /> +</config> |