Remove obsolete roles
This commit is contained in:
parent
bf6bfe2809
commit
40fd7b3c42
|
@ -1,37 +0,0 @@
|
||||||
---
|
|
||||||
# Default configurations
|
|
||||||
# I populate these from external configs; I indicate what they are as inline comments
|
|
||||||
|
|
||||||
domain: "{{ blsedomains_admindomain }}" # Base domain name
|
|
||||||
postmaster: "root@{{ blsedomains_rootdomain }}" # Postmaster email address
|
|
||||||
|
|
||||||
# Roundcube
|
|
||||||
smtp_host: "{{ blsecluster_smtphost }}" # The hostname for SMTP access, usually the public name of your mail server
|
|
||||||
support_url: "https://www.{{ blsedomains_webdomain }}" # Some website address for Roundcube support
|
|
||||||
logo_filename: "bl-logo-roundcube.png" # The Roundcube logo under files/
|
|
||||||
roundcube_deskey: "{{ passwd_roundcube_deskey }}" # The Roundcube DES key
|
|
||||||
|
|
||||||
# Postfix
|
|
||||||
banner_hostname: "{{ ansible_hostname }}.{{ domain }}" # Public hostname of *this* mail host
|
|
||||||
myhostname: "{{ banner_hostname }}" # Hostname for Postfix myhostame
|
|
||||||
mydomain: "{{ domain }}" # Domain for Postfix mydomain
|
|
||||||
mynetworks: "{{ blsecluster_remote1v4 }} {{ blsecluster_remote2v4 }} {{ blsecluster_remote3v4 }} {{ blsecluster_hostsubnetv4 }}" # IP addresses for Postfix mynetworks
|
|
||||||
|
|
||||||
# Dovecot
|
|
||||||
# Note: SSL listeners aren't provided; HAProxy is expected to do SSL termination for us
|
|
||||||
trusted_networks: "{{ blsecluster_hostsubnetv4 }} {{ blsecluster_hostsubnetv6 }}" # Trusted network ranges for Dovecot
|
|
||||||
haproxy: yes # Enable HAProxy-specific (Proxy protocol) listeners on ports 10143 and 10110
|
|
||||||
|
|
||||||
# LDAP integration (Postfix, Dovecot, Roundcube)
|
|
||||||
ldap_host: "{{ blsecluster_ldaphost }}" # The hostname for LDAP access
|
|
||||||
ldap_port: 389 # The LDAP port (always non-SSL)
|
|
||||||
ldap_basedn: "o=domains,dc=bonilan,dc=net" # The LDAP base DN
|
|
||||||
ldap_bind_username: "{{ username_ldap_admin }}" # The LDAP bind user name (usually cn=admin)
|
|
||||||
ldap_bind_password: "{{ passwd_ldap_admin }}" # The LDAP bind user password
|
|
||||||
|
|
||||||
# MySQL integration (Roundcube)
|
|
||||||
mysql_host: "{{ blsecluster_sqlhost }}" # The hostname for MySQL access
|
|
||||||
mysql_port: "{{ mysql_client['mail'].port }}" # The port for MySQL access
|
|
||||||
mysql_database: "{{ mysql_client['mail'].database }}" # The database name
|
|
||||||
mysql_username: "{{ mysql_client['mail'].username }}" # The database user
|
|
||||||
mysql_password: "{{ mysql_client['mail'].passwd }}" # The database password
|
|
Binary file not shown.
Before Width: | Height: | Size: 6.4 KiB |
|
@ -1,23 +0,0 @@
|
||||||
---
|
|
||||||
- name: postmap transport
|
|
||||||
command: "postmap /etc/postfix/transport"
|
|
||||||
- name: restart amavis
|
|
||||||
service:
|
|
||||||
name: "amavis"
|
|
||||||
state: "restarted"
|
|
||||||
- name: restart saslauthd
|
|
||||||
service:
|
|
||||||
name: "saslauthd"
|
|
||||||
state: "restarted"
|
|
||||||
- name: restart postfix
|
|
||||||
service:
|
|
||||||
name: "postfix"
|
|
||||||
state: "restarted"
|
|
||||||
- name: restart dovecot
|
|
||||||
service:
|
|
||||||
name: "dovecot"
|
|
||||||
state: "restarted"
|
|
||||||
- name: restart apache2
|
|
||||||
service:
|
|
||||||
name: "apache2"
|
|
||||||
state: "restarted"
|
|
|
@ -1,222 +0,0 @@
|
||||||
---
|
|
||||||
- name: install filtering packages and monitoring components
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- postfix
|
|
||||||
- postfix-ldap
|
|
||||||
- postfix-pcre
|
|
||||||
- dovecot-core
|
|
||||||
- dovecot-imapd
|
|
||||||
- dovecot-pop3d
|
|
||||||
- dovecot-lmtpd
|
|
||||||
- dovecot-sieve
|
|
||||||
- dovecot-managesieved
|
|
||||||
- dovecot-ldap
|
|
||||||
- dovecot-mysql
|
|
||||||
- apache2
|
|
||||||
- libapache2-mod-php
|
|
||||||
- roundcube
|
|
||||||
- roundcube-plugins
|
|
||||||
- php-ldap
|
|
||||||
- php-net-sieve
|
|
||||||
- mailgraph
|
|
||||||
- amavis
|
|
||||||
- spamassassin
|
|
||||||
- clamav-daemon
|
|
||||||
- libnet-dns-perl
|
|
||||||
- libmail-spf-perl
|
|
||||||
- pyzor
|
|
||||||
- razor
|
|
||||||
- pfqueue
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
- name: install compression algorithms for scanning
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- p7zip-full
|
|
||||||
- arj
|
|
||||||
- bzip2
|
|
||||||
- cabextract
|
|
||||||
- cpio
|
|
||||||
- file
|
|
||||||
- gzip
|
|
||||||
- lhasa
|
|
||||||
- liblz4-tool
|
|
||||||
- lrzip
|
|
||||||
- lzop
|
|
||||||
- nomarch
|
|
||||||
- pax
|
|
||||||
- rar
|
|
||||||
- rpm
|
|
||||||
- unrar-free
|
|
||||||
- unzip
|
|
||||||
- xz-utils
|
|
||||||
- zip
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
# ClamAV
|
|
||||||
- name: ensure clamav is in amavis group
|
|
||||||
user:
|
|
||||||
name: "clamav"
|
|
||||||
append: "yes"
|
|
||||||
groups: "amavis"
|
|
||||||
|
|
||||||
- name: ensure amavis is in clamav group
|
|
||||||
user:
|
|
||||||
name: "amavis"
|
|
||||||
append: "yes"
|
|
||||||
groups: "clamav"
|
|
||||||
|
|
||||||
# Amavis
|
|
||||||
- name: install Amavis configs
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/amavis/conf.d/{{ item }}"
|
|
||||||
notify:
|
|
||||||
- restart amavis
|
|
||||||
with_items:
|
|
||||||
- 15-content_filter_mode
|
|
||||||
- 50-user
|
|
||||||
|
|
||||||
# Postfix
|
|
||||||
- name: install Postfix main configs
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/postfix/{{ item }}"
|
|
||||||
notify:
|
|
||||||
- restart postfix
|
|
||||||
with_items:
|
|
||||||
- main.cf
|
|
||||||
- master.cf
|
|
||||||
- helo_access.pcre
|
|
||||||
- transport
|
|
||||||
|
|
||||||
- name: map transport
|
|
||||||
command: postmap /etc/postfix/transport
|
|
||||||
|
|
||||||
- name: create LDAP config dir
|
|
||||||
file:
|
|
||||||
name: "/etc/postfix/ldap"
|
|
||||||
state: "directory"
|
|
||||||
|
|
||||||
- name: install Postfix LDAP configs
|
|
||||||
template:
|
|
||||||
src: "postfix-ldap/{{ item }}.j2"
|
|
||||||
dest: "/etc/postfix/ldap/{{ item }}"
|
|
||||||
mode: "640"
|
|
||||||
group: "postfix"
|
|
||||||
notify:
|
|
||||||
- restart postfix
|
|
||||||
with_items:
|
|
||||||
- catchall_maps.cf
|
|
||||||
- recipient_bcc_maps_domain.cf
|
|
||||||
- recipient_bcc_maps_user.cf
|
|
||||||
- relay_domains.cf
|
|
||||||
- sender_bcc_maps_domain.cf
|
|
||||||
- sender_bcc_maps_user.cf
|
|
||||||
- sender_login_maps.cf
|
|
||||||
- transport_maps_domain.cf
|
|
||||||
- transport_maps_user.cf
|
|
||||||
- virtual_alias_maps.cf
|
|
||||||
- virtual_group_maps.cf
|
|
||||||
- virtual_group_members_maps.cf
|
|
||||||
- virtual_mailbox_domains.cf
|
|
||||||
- virtual_mailbox_maps.cf
|
|
||||||
|
|
||||||
- name: link /etc/mailname to /etc/hostname
|
|
||||||
file:
|
|
||||||
dest: "/etc/mailname"
|
|
||||||
src: "/etc/hostname"
|
|
||||||
state: "link"
|
|
||||||
force: "yes"
|
|
||||||
|
|
||||||
# Dovecot
|
|
||||||
- name: install Dovecot main configs
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/dovecot/{{ item }}"
|
|
||||||
notify:
|
|
||||||
- restart dovecot
|
|
||||||
with_items:
|
|
||||||
- dovecot.conf
|
|
||||||
- dovecot-ldap.conf
|
|
||||||
|
|
||||||
- name: add vmail group
|
|
||||||
group:
|
|
||||||
name: "vmail"
|
|
||||||
gid: "2000"
|
|
||||||
state: "present"
|
|
||||||
|
|
||||||
- name: add vmail user
|
|
||||||
user:
|
|
||||||
name: "vmail"
|
|
||||||
home: "/srv/vmail"
|
|
||||||
shell: "/bin/false"
|
|
||||||
uid: "2000"
|
|
||||||
group: "vmail"
|
|
||||||
state: "present"
|
|
||||||
|
|
||||||
- name: ensure log ownership
|
|
||||||
file:
|
|
||||||
dest: "/var/log/{{ item }}"
|
|
||||||
owner: "vmail"
|
|
||||||
group: "adm"
|
|
||||||
mode: "644"
|
|
||||||
state: "touch"
|
|
||||||
with_items:
|
|
||||||
- dovecot.log
|
|
||||||
- dovecot-lmtp.log
|
|
||||||
|
|
||||||
# Roundcube
|
|
||||||
- name: Install roundcube PHP configs
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/roundcube/{{ item }}"
|
|
||||||
mode: "640"
|
|
||||||
group: "www-data"
|
|
||||||
with_items:
|
|
||||||
- debian-db.php
|
|
||||||
- config.inc.php
|
|
||||||
|
|
||||||
- name: Remove default apache2 config
|
|
||||||
file:
|
|
||||||
name: "/etc/apache2/sites-enabled/000-default.conf"
|
|
||||||
state: "absent"
|
|
||||||
notify:
|
|
||||||
- restart apache2
|
|
||||||
|
|
||||||
- name: Install roundcube ports config
|
|
||||||
template:
|
|
||||||
src: "ports.conf.j2"
|
|
||||||
dest: "/etc/apache2/ports.conf"
|
|
||||||
notify:
|
|
||||||
- restart apache2
|
|
||||||
|
|
||||||
- name: Install roundcube apache2 config
|
|
||||||
template:
|
|
||||||
src: "roundcube.conf.j2"
|
|
||||||
dest: "/etc/roundcube/apache.conf"
|
|
||||||
notify:
|
|
||||||
- restart apache2
|
|
||||||
|
|
||||||
- name: create logo dir
|
|
||||||
file:
|
|
||||||
dest: "/var/lib/roundcube/images"
|
|
||||||
state: "directory"
|
|
||||||
|
|
||||||
- name: install Roundcube logo
|
|
||||||
copy:
|
|
||||||
src: "{{ logo_filename }}"
|
|
||||||
dest: "/var/lib/roundcube/images/{{ logo_filename }}"
|
|
||||||
|
|
||||||
# General
|
|
||||||
- name: ensure services are running (and enabled at boot)
|
|
||||||
service:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: "started"
|
|
||||||
enabled: "yes"
|
|
||||||
with_items:
|
|
||||||
- postfix
|
|
||||||
- amavis
|
|
||||||
- clamav-daemon
|
|
||||||
- dovecot
|
|
|
@ -1,12 +0,0 @@
|
||||||
use strict;
|
|
||||||
|
|
||||||
# Amavis filter configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
@bypass_virus_checks_maps = (
|
|
||||||
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
|
|
||||||
|
|
||||||
@bypass_spam_checks_maps = (
|
|
||||||
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
|
|
||||||
|
|
||||||
1; # ensure a defined return
|
|
|
@ -1,12 +0,0 @@
|
||||||
use strict;
|
|
||||||
|
|
||||||
@local_domains_acl = ( "." );
|
|
||||||
$sa_tag_level_deflt = -9999;
|
|
||||||
$sa_tag2_level_deflt = 4.5;
|
|
||||||
$sa_kill_level_deflt = 4.5;
|
|
||||||
$sa_spam_subject_tag = '*** SPAM *** ';
|
|
||||||
|
|
||||||
$forward_method = 'smtp:[::1]:10025';
|
|
||||||
|
|
||||||
#------------ Do not modify anything below this line -------------
|
|
||||||
1; # ensure a defined return
|
|
|
@ -1,111 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
/* Local configuration for Roundcube Webmail */
|
|
||||||
/* {{ ansible_managed }} */
|
|
||||||
|
|
||||||
$config['imap_auth_type'] = 'LOGIN';
|
|
||||||
$config['imap_delimiter'] = '/';
|
|
||||||
|
|
||||||
// ----------------------------------
|
|
||||||
// SMTP
|
|
||||||
// ----------------------------------
|
|
||||||
$config['smtp_server'] = '{{ smtp_host }}';
|
|
||||||
$config['smtp_auth_type'] = 'LOGIN';
|
|
||||||
|
|
||||||
$config['support_url'] = '{{ support_url }}';
|
|
||||||
|
|
||||||
array(
|
|
||||||
"elastic:login[small]" => "/images/logo_login_small.png",
|
|
||||||
"elastic:login" => "/images/logo_login.png",
|
|
||||||
"elastic:*[small]" => "/images/logo_small.png",
|
|
||||||
"larry:*" => "/images/larry.png",
|
|
||||||
"login" => "/images/logo_login.png",
|
|
||||||
"[print]" => "/images/logo_print.png",
|
|
||||||
);
|
|
||||||
$config['skin_logo'] = 'images/{{ logo_filename }}';
|
|
||||||
|
|
||||||
$config['des_key'] = '{{ roundcube_deskey }}';
|
|
||||||
|
|
||||||
// ----------------------------------
|
|
||||||
// PLUGINS
|
|
||||||
// ----------------------------------
|
|
||||||
$config['plugins'] = array('managesieve');
|
|
||||||
$config['create_default_folders'] = true;
|
|
||||||
$config['quota_zero_as_unlimited'] = true;
|
|
||||||
$config['ldap_public'] = array (
|
|
||||||
'global_ldap_abook' =>
|
|
||||||
array (
|
|
||||||
'name' => 'Global LDAP Address Book',
|
|
||||||
'hosts' =>
|
|
||||||
array (
|
|
||||||
0 => '{{ ldap_host }}',
|
|
||||||
),
|
|
||||||
'port' => {{ ldap_port }},
|
|
||||||
'use_tls' => false,
|
|
||||||
'ldap_version' => '3',
|
|
||||||
'network_timeout' => 10,
|
|
||||||
'user_specific' => true,
|
|
||||||
'base_dn' => '{{ ldap_basedn }}',
|
|
||||||
'bind_dn' => 'mail=%u@%d,ou=Users,domainName=%d,{{ ldap_basedn }}',
|
|
||||||
'hidden' => false,
|
|
||||||
'searchonly' => false,
|
|
||||||
'writable' => false,
|
|
||||||
'search_fields' =>
|
|
||||||
array (
|
|
||||||
0 => 'mail',
|
|
||||||
1 => 'cn',
|
|
||||||
2 => 'sn',
|
|
||||||
3 => 'givenName',
|
|
||||||
4 => 'street',
|
|
||||||
5 => 'telephoneNumber',
|
|
||||||
6 => 'mobile',
|
|
||||||
7 => 'stree',
|
|
||||||
8 => 'postalCode',
|
|
||||||
),
|
|
||||||
'fieldmap' =>
|
|
||||||
array (
|
|
||||||
'name' => 'cn',
|
|
||||||
'surname' => 'sn',
|
|
||||||
'firstname' => 'givenName',
|
|
||||||
'title' => 'title',
|
|
||||||
'email' => 'mail:*',
|
|
||||||
'phone:work' => 'telephoneNumber',
|
|
||||||
'phone:mobile' => 'mobile',
|
|
||||||
'street' => 'street',
|
|
||||||
'zipcode' => 'postalCode',
|
|
||||||
'locality' => 'l',
|
|
||||||
'department' => 'departmentNumber',
|
|
||||||
'notes' => 'description',
|
|
||||||
'phone:workfax' => 'facsimileTelephoneNumber',
|
|
||||||
'photo' => 'jpegPhoto',
|
|
||||||
),
|
|
||||||
'sort' => 'cn',
|
|
||||||
'scope' => 'sub',
|
|
||||||
'filter' => '(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))',
|
|
||||||
'fuzzy_search' => true,
|
|
||||||
'vlv' => false,
|
|
||||||
'sizelimit' => '0',
|
|
||||||
'timelimit' => '0',
|
|
||||||
'referrals' => false,
|
|
||||||
'group_filters' =>
|
|
||||||
array (
|
|
||||||
'departments' =>
|
|
||||||
array (
|
|
||||||
'name' => 'Mailing Lists',
|
|
||||||
'scope' => 'sub',
|
|
||||||
'base_dn' => '{{ ldap_basedn }}',
|
|
||||||
'filter' => '(&(objectclass=mailList)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))',
|
|
||||||
'name_attr' => 'cn',
|
|
||||||
'email' => 'mail',
|
|
||||||
),
|
|
||||||
),
|
|
||||||
),
|
|
||||||
);
|
|
||||||
$config['autocomplete_addressbooks'] = array('sql', 'global_ldap_abook');
|
|
||||||
$config['skin'] = 'elastic';
|
|
||||||
$config['addressbook_sort_col'] = 'name';
|
|
||||||
$config['draft_autosave'] = 60;
|
|
||||||
$config['check_all_folders'] = true;
|
|
||||||
$config['autoexpand_threads'] = 2;
|
|
||||||
|
|
||||||
include_once("/etc/roundcube/debian-db-roundcube.php");
|
|
|
@ -1,9 +0,0 @@
|
||||||
<?php
|
|
||||||
/* {{ ansible_managed }} */
|
|
||||||
$dbuser='{{ mysql_username }}';
|
|
||||||
$dbpass='{{ mysql_password }}';
|
|
||||||
$basepath='';
|
|
||||||
$dbname='{{ mysql_database }}';
|
|
||||||
$dbserver='{{ mysql_host }}';
|
|
||||||
$dbport='{{ mysql_port }}';
|
|
||||||
$dbtype='mysql';
|
|
|
@ -1,21 +0,0 @@
|
||||||
# Dovecot LDAP interface configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
hosts = {{ ldap_host }}:{{ ldap_port }}
|
|
||||||
ldap_version = 3
|
|
||||||
auth_bind = yes
|
|
||||||
dn = {{ ldap_bind_username }}
|
|
||||||
dnpass = {{ ldap_bind_password }}
|
|
||||||
base = {{ ldap_basedn }}
|
|
||||||
scope = subtree
|
|
||||||
deref = never
|
|
||||||
|
|
||||||
# Below two are required by command 'doveadm mailbox ...'
|
|
||||||
iterate_attrs = mail=user
|
|
||||||
iterate_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))
|
|
||||||
|
|
||||||
user_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
|
|
||||||
user_attrs = mail=user,homeDirectory=home,=mail=maildir:~/Maildir/,mailQuota=quota_rule=*:bytes=%$
|
|
||||||
pass_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
|
|
||||||
pass_attrs = mail=user,userPassword=password
|
|
||||||
default_pass_scheme = SSHA
|
|
|
@ -1,177 +0,0 @@
|
||||||
# Dovecot main configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
listen = *, [::]
|
|
||||||
mail_plugins = quota
|
|
||||||
protocols = pop3 imap sieve lmtp
|
|
||||||
mail_uid = 2000
|
|
||||||
mail_gid = 2000
|
|
||||||
first_valid_uid = 2000
|
|
||||||
last_valid_uid = 2000
|
|
||||||
log_path = /var/log/dovecot.log
|
|
||||||
mail_debug = no
|
|
||||||
auth_verbose = no
|
|
||||||
auth_debug = no
|
|
||||||
auth_debug_passwords = no
|
|
||||||
auth_verbose_passwords = no
|
|
||||||
ssl = no
|
|
||||||
mailbox_list_index = yes
|
|
||||||
disable_plaintext_auth = no
|
|
||||||
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/:VOLATILEDIR=/tmp/dovecot-volatile/%d/%u
|
|
||||||
auth_default_realm = {{ domain }}
|
|
||||||
auth_mechanisms = PLAIN LOGIN
|
|
||||||
haproxy_trusted_networks = {{ trusted_networks }}
|
|
||||||
haproxy_timeout = 5s
|
|
||||||
service auth {
|
|
||||||
unix_listener /var/spool/postfix/private/dovecot-auth {
|
|
||||||
user = postfix
|
|
||||||
group = postfix
|
|
||||||
mode = 0666
|
|
||||||
}
|
|
||||||
unix_listener auth-master {
|
|
||||||
user = vmail
|
|
||||||
group = vmail
|
|
||||||
mode = 0666
|
|
||||||
}
|
|
||||||
unix_listener auth-userdb {
|
|
||||||
user = vmail
|
|
||||||
group = vmail
|
|
||||||
mode = 0660
|
|
||||||
}
|
|
||||||
}
|
|
||||||
service lmtp {
|
|
||||||
user = vmail
|
|
||||||
process_min_avail = 5
|
|
||||||
executable = lmtp -L
|
|
||||||
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
|
||||||
user = postfix
|
|
||||||
group = postfix
|
|
||||||
mode = 0600
|
|
||||||
}
|
|
||||||
inet_listener lmtp {
|
|
||||||
port = 24
|
|
||||||
}
|
|
||||||
}
|
|
||||||
service stats {
|
|
||||||
unix_listener stats-reader {
|
|
||||||
user = dovecot
|
|
||||||
group = postfix
|
|
||||||
mode = 0660
|
|
||||||
}
|
|
||||||
unix_listener stats-writer {
|
|
||||||
user = dovecot
|
|
||||||
group = postfix
|
|
||||||
mode = 0660
|
|
||||||
}
|
|
||||||
}
|
|
||||||
userdb {
|
|
||||||
args = /etc/dovecot/dovecot-ldap.conf
|
|
||||||
driver = ldap
|
|
||||||
}
|
|
||||||
passdb {
|
|
||||||
args = /etc/dovecot/dovecot-ldap.conf
|
|
||||||
driver = ldap
|
|
||||||
}
|
|
||||||
plugin {
|
|
||||||
auth_socket_path = /var/run/dovecot/auth-master
|
|
||||||
acl = vfile
|
|
||||||
acl_shared_dict = proxy::acl
|
|
||||||
sieve_dir = /%Lh/sieve
|
|
||||||
sieve = /%Lh/sieve/dovecot.sieve
|
|
||||||
sieve_global_dir = /srv/vmail/sieve
|
|
||||||
sieve_default = /srv/vmail/sieve/dovecot.sieve
|
|
||||||
}
|
|
||||||
service dict {
|
|
||||||
unix_listener dict {
|
|
||||||
mode = 0660
|
|
||||||
user = vmail
|
|
||||||
group = vmail
|
|
||||||
}
|
|
||||||
}
|
|
||||||
protocol lda {
|
|
||||||
mail_plugins = $mail_plugins sieve
|
|
||||||
auth_socket_path = /run/dovecot/auth-master
|
|
||||||
log_path = /var/log/dovecot.log
|
|
||||||
lda_mailbox_autocreate = yes
|
|
||||||
postmaster_address = {{ postmaster }}
|
|
||||||
}
|
|
||||||
protocol lmtp {
|
|
||||||
info_log_path = /var/log/dovecot-lmtp.log
|
|
||||||
mail_plugins = quota sieve
|
|
||||||
postmaster_address = {{ postmaster }}
|
|
||||||
lmtp_save_to_detail_mailbox = yes
|
|
||||||
recipient_delimiter = +
|
|
||||||
}
|
|
||||||
protocol imap {
|
|
||||||
mail_plugins = $mail_plugins imap_quota
|
|
||||||
imap_client_workarounds = tb-extra-mailbox-sep
|
|
||||||
}
|
|
||||||
protocol pop3 {
|
|
||||||
mail_plugins = $mail_plugins
|
|
||||||
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
|
|
||||||
pop3_uidl_format = %08Xu%08Xv
|
|
||||||
}
|
|
||||||
service imap-login {
|
|
||||||
service_count = 1
|
|
||||||
process_limit = 500
|
|
||||||
inet_listener imap {
|
|
||||||
port = 143
|
|
||||||
}
|
|
||||||
{% if haproxy %}
|
|
||||||
inet_listener imap-haproxy {
|
|
||||||
port = 10143
|
|
||||||
haproxy = yes
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
service pop3-login {
|
|
||||||
service_count = 1
|
|
||||||
process_limit = 500
|
|
||||||
inet_listener pop3 {
|
|
||||||
port = 110
|
|
||||||
}
|
|
||||||
{% if haproxy %}
|
|
||||||
inet_listener pop3-haproxy {
|
|
||||||
port = 10110
|
|
||||||
haproxy = yes
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
namespace {
|
|
||||||
type = private
|
|
||||||
separator = /
|
|
||||||
prefix =
|
|
||||||
inbox = yes
|
|
||||||
mailbox Sent {
|
|
||||||
auto = subscribe
|
|
||||||
special_use = \Sent
|
|
||||||
}
|
|
||||||
mailbox "Sent Messages" {
|
|
||||||
auto = no
|
|
||||||
special_use = \Sent
|
|
||||||
}
|
|
||||||
mailbox Drafts {
|
|
||||||
auto = subscribe
|
|
||||||
special_use = \Drafts
|
|
||||||
}
|
|
||||||
mailbox Trash {
|
|
||||||
auto = subscribe
|
|
||||||
special_use = \Trash
|
|
||||||
}
|
|
||||||
mailbox Junk {
|
|
||||||
auto = subscribe
|
|
||||||
special_use = \Junk
|
|
||||||
}
|
|
||||||
mailbox Spam {
|
|
||||||
auto = no
|
|
||||||
special_use = \Junk
|
|
||||||
}
|
|
||||||
}
|
|
||||||
namespace {
|
|
||||||
type = shared
|
|
||||||
separator = /
|
|
||||||
prefix = Shared/%%u/
|
|
||||||
location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u:VOLATILEDIR=/tmp/dovecot-volatile/Shared/%%u
|
|
||||||
subscriptions = yes
|
|
||||||
list = children
|
|
||||||
}
|
|
|
@ -1,143 +0,0 @@
|
||||||
# Main Postfix configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
# No one will use these in helo command.
|
|
||||||
/^(localhost)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/^(localhost.localdomain)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(\.local)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
|
|
||||||
# Reject who use IP address as helo.
|
|
||||||
# Correct: [xxx.xxx.xxx.xxx]
|
|
||||||
# Incorrect: xxx.xxx.xxx.xxx
|
|
||||||
/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (${1})
|
|
||||||
|
|
||||||
#
|
|
||||||
# This is the real HELO identify of these ISPs:
|
|
||||||
# sohu.com websmtp.sohu.com relay2nd.mail.sohu.com
|
|
||||||
# 126.com m15-78.126.com
|
|
||||||
# 163.com m31-189.vip.163.com m13-49.163.com
|
|
||||||
# sina.com mail2-209.sinamail.sina.com.cn
|
|
||||||
# gmail.com xx-out-NNNN.google.com
|
|
||||||
/^(126\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
|
|
||||||
/^(163\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
|
|
||||||
/^(163\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
|
|
||||||
/^(sohu\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
|
|
||||||
/(gmail\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
|
|
||||||
/^(google\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
|
|
||||||
/^(yahoo\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
|
|
||||||
/^(yahoo\.co\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
|
|
||||||
|
|
||||||
#
|
|
||||||
# Spammers.
|
|
||||||
#
|
|
||||||
/^(728154EA470B4AA\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(taj-co\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(CF8D3DB045C1455\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(dsgsfdg\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(se\.nit7-ngbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(mail\.goo\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(n-ong_an\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(meqail\.teamefs-ine5tl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(zzg\.jhf-sp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(din_glo-ng\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(fda-cnc\.ie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(yrtaj-yrco\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(m\.am\.biz\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(xr_haig\.roup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(hjn\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(we_blf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(netvigator\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(mysam\.biz)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(mail\.teams-intl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(seningbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(nblf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(kdn\.ktguide\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(zzsp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(nblongan\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(dpu\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(nbalton\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(cncie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(xinhaigroup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/^(wz\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/(\.zj\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
/(\.kornet)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
|
|
||||||
|
|
||||||
/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/^(system\.mail)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/^(speedtouch\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
|
|
||||||
#
|
|
||||||
# Reject adsl spammers.
|
|
||||||
#
|
|
||||||
/(adsl)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(dynamic)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(pppoe)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(dsl\.brasiltelecom\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(dsl\.optinet\.hr)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(dsl\.telesp\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(dialup)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(dhcp)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(pool-)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/^(cpe-)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(\.cpe\.)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
|
|
||||||
/(speedy\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(speedyterra\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(static\.sbb\.rs)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
/(static\.vsnl\.net\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
|
|
||||||
|
|
||||||
/(advance\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(airtelbroadband\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(bb\.netvision\.net\.il)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(bezeqint\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(broadband3\.iol\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(cable\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(catv\.broadband\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(chello\.nl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(chello\.sk)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(client\.mchsi\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(comunitel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(coprosys\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(dclient\.hispeed\.ch)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(dip0\.t-ipconnect\.de)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(domain\.invalid)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(dyn\.centurytel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(embarqhsd\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(emcali\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(epm\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(eutelia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(fastwebnet\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(fibertel\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(freedom2surf\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(hgcbroadband\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(HINET-IP\.hinet\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(infonet\.by)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(is74\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(kievnet\.com\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(metrotel\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(nw\.nuvox\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(pldt\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(pool\.invitel\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(pool\.ukrtel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(pools\.arcor-ip\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(pppoe\.avangarddsl\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(retail\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(revip2\.asianet\.co\.th)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(tim\.ro)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(tsi\.tychy\.pl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(ttnet\.net\.tr)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(tttmaxnet\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(user\.veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(utk\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(virtua\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(wanamaroc\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(wbt\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(wireless\.iaw\.on\.ca)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(business\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(cotas\.com\.bo)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(marunouchi\.tokyo\.ocn\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(amedex\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
||||||
/(aageneva\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
|
|
|
@ -1,89 +0,0 @@
|
||||||
# Main Postfix configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
smtpd_banner = {{ banner_hostname }} ESMTP $mail_name (Debian/GNU)
|
|
||||||
biff = no
|
|
||||||
append_dot_mydomain = no
|
|
||||||
delay_warning_time = 48h
|
|
||||||
maximal_queue_lifetime = 14d
|
|
||||||
bounce_queue_lifetime = 14d
|
|
||||||
readme_directory = no
|
|
||||||
compatibility_level = 2
|
|
||||||
|
|
||||||
smtp_use_tls=yes
|
|
||||||
smtp_tls_cert_file=/etc/ssl/{{ banner_hostname }}.crt
|
|
||||||
smtp_tls_key_file=/etc/ssl/{{ banner_hostname }}.key
|
|
||||||
smtpd_tls_cert_file=/etc/ssl/letsencrypt/infrastructure.pem
|
|
||||||
smtpd_tls_key_file=/etc/ssl/letsencrypt/infrastructure.pem
|
|
||||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
||||||
|
|
||||||
myhostname = {{ myhostname }}
|
|
||||||
mydomain = {{ mydomain }}
|
|
||||||
alias_maps = hash:/etc/aliases
|
|
||||||
alias_database = hash:/etc/aliases
|
|
||||||
myorigin = /etc/mailname
|
|
||||||
mydestination = localhost
|
|
||||||
|
|
||||||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ mynetworks }}
|
|
||||||
mailbox_size_limit = 0
|
|
||||||
recipient_delimiter = +
|
|
||||||
inet_interfaces = all
|
|
||||||
inet_protocols = all
|
|
||||||
|
|
||||||
swap_bangpath = no
|
|
||||||
mynetworks_style = host
|
|
||||||
smtpd_data_restrictions = reject_unauth_pipelining
|
|
||||||
smtpd_reject_unlisted_recipient = yes
|
|
||||||
smtpd_reject_unlisted_sender = yes
|
|
||||||
smtp_tls_security_level = may
|
|
||||||
smtp_tls_CAfile = $smtpd_tls_CAfile
|
|
||||||
smtp_tls_loglevel = 0
|
|
||||||
smtp_tls_note_starttls_offer = yes
|
|
||||||
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
|
|
||||||
smtp_data_init_timeout = 240s
|
|
||||||
smtp_data_xfer_timeout = 600s
|
|
||||||
smtpd_helo_required = yes
|
|
||||||
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
|
|
||||||
queue_run_delay = 300s
|
|
||||||
minimal_backoff_time = 300s
|
|
||||||
maximal_backoff_time = 4000s
|
|
||||||
enable_original_recipient = no
|
|
||||||
disable_vrfy_command = yes
|
|
||||||
home_mailbox = Maildir/
|
|
||||||
allow_min_user = no
|
|
||||||
message_size_limit = 52428800
|
|
||||||
virtual_minimum_uid = 2000
|
|
||||||
virtual_uid_maps = static:2000
|
|
||||||
virtual_gid_maps = static:2000
|
|
||||||
virtual_mailbox_base = /srv/vmail
|
|
||||||
|
|
||||||
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf, hash:/etc/postfix/transport
|
|
||||||
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_members_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
|
|
||||||
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
|
|
||||||
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
|
|
||||||
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf
|
|
||||||
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf
|
|
||||||
|
|
||||||
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
|
|
||||||
smtpd_sasl_auth_enable = yes
|
|
||||||
smtpd_sasl_local_domain =
|
|
||||||
broken_sasl_auth_clients = yes
|
|
||||||
smtpd_sasl_security_options = noanonymous
|
|
||||||
smtpd_tls_auth_only = no
|
|
||||||
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
|
|
||||||
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
|
|
||||||
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
|
|
||||||
smtpd_tls_security_level = may
|
|
||||||
smtpd_tls_loglevel = 0
|
|
||||||
tls_random_source = dev:/dev/urandom
|
|
||||||
|
|
||||||
command_time_limit = 12h
|
|
||||||
ipc_timeout = 12h
|
|
||||||
|
|
||||||
mailbox_command = /usr/lib/dovecot/deliver
|
|
||||||
virtual_transport = dovecot
|
|
||||||
dovecot_destination_recipient_limit = 1
|
|
||||||
smtpd_sasl_type = dovecot
|
|
||||||
smtpd_sasl_path = private/dovecot-auth
|
|
||||||
smtp-amavis_destination_recipient_limit = 1
|
|
||||||
virtual_alias_domains =
|
|
|
@ -1,73 +0,0 @@
|
||||||
# Postfix master process configuration file
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
# ==========================================================================
|
|
||||||
# service type private unpriv chroot wakeup maxproc command + args
|
|
||||||
# (yes) (yes) (yes) (never) (100)
|
|
||||||
# ==========================================================================
|
|
||||||
smtp inet n - y - - smtpd
|
|
||||||
pickup unix n - y 60 1 pickup
|
|
||||||
-o content_filter=
|
|
||||||
-o receive_override_options=no_header_body_checks
|
|
||||||
cleanup unix n - y - 0 cleanup
|
|
||||||
qmgr unix n - n 300 1 qmgr
|
|
||||||
tlsmgr unix - - y 1000? 1 tlsmgr
|
|
||||||
rewrite unix - - y - - trivial-rewrite
|
|
||||||
bounce unix - - y - 0 bounce
|
|
||||||
defer unix - - y - 0 bounce
|
|
||||||
trace unix - - y - 0 bounce
|
|
||||||
verify unix - - y - 1 verify
|
|
||||||
flush unix n - y 1000? 0 flush
|
|
||||||
proxymap unix - - n - - proxymap
|
|
||||||
proxywrite unix - - n - 1 proxymap
|
|
||||||
smtp unix - - y - - smtp
|
|
||||||
smtp-ipv4 unix - - y - - smtp
|
|
||||||
-o inet_protocols=ipv4
|
|
||||||
relay unix - - y - - smtp
|
|
||||||
showq unix n - y - - showq
|
|
||||||
error unix - - y - - error
|
|
||||||
retry unix - - y - - error
|
|
||||||
discard unix - - y - - discard
|
|
||||||
local unix - n n - - local
|
|
||||||
virtual unix - n n - - virtual
|
|
||||||
lmtp unix - - y - - lmtp
|
|
||||||
anvil unix - - y - 1 anvil
|
|
||||||
scache unix - - y - 1 scache
|
|
||||||
|
|
||||||
submission inet n - n - - smtpd
|
|
||||||
-o smtpd_enforce_tls=no
|
|
||||||
-o smtpd_sasl_auth_enable=yes
|
|
||||||
-o smtpd_upstream_proxy_protocol=haproxy
|
|
||||||
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
|
||||||
-o content_filter=smtp-amavis:[::1]:10024
|
|
||||||
|
|
||||||
dovecot unix - n n - - pipe
|
|
||||||
-o soft_bounce=yes
|
|
||||||
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
|
|
||||||
|
|
||||||
smtp-amavis unix - - y - 2 smtp
|
|
||||||
-o smtp_data_done_timeout=1200
|
|
||||||
-o smtp_send_xforward_command=yes
|
|
||||||
-o disable_dns_lookups=yes
|
|
||||||
-o max_use=20
|
|
||||||
|
|
||||||
[::1]:10025 inet n - y - - smtpd
|
|
||||||
-o inet_protocols=ipv6
|
|
||||||
-o content_filter=
|
|
||||||
-o local_recipient_maps=
|
|
||||||
-o relay_recipient_maps=
|
|
||||||
-o smtpd_restriction_classes=
|
|
||||||
-o smtpd_delay_reject=no
|
|
||||||
-o smtpd_client_restrictions=permit_mynetworks,reject
|
|
||||||
-o smtpd_helo_restrictions=
|
|
||||||
-o smtpd_sender_restrictions=
|
|
||||||
-o smtpd_recipient_restrictions=permit_mynetworks,reject
|
|
||||||
-o smtpd_data_restrictions=reject_unauth_pipelining
|
|
||||||
-o smtpd_end_of_data_restrictions=
|
|
||||||
-o mynetworks=127.0.0.0/8,[::1]/128
|
|
||||||
-o smtpd_error_sleep_time=0
|
|
||||||
-o smtpd_soft_error_limit=1001
|
|
||||||
-o smtpd_hard_error_limit=1000
|
|
||||||
-o smtpd_client_connection_count_limit=0
|
|
||||||
-o smtpd_client_connection_rate_limit=0
|
|
||||||
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
|
|
|
@ -1,4 +0,0 @@
|
||||||
# Roundcube custom port configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
Listen 81
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = sub
|
|
||||||
query_filter = (&(objectClass=mailUser)(accountStatus=active)(|(mail=@%d)(shadowAddress=@%d)))
|
|
||||||
result_attribute= mailForwardingAddress
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = one
|
|
||||||
query_filter = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))
|
|
||||||
result_attribute= domainRecipientBccAddress
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = ou=Users,domainName=%d,{{ ldap_basedn }}
|
|
||||||
scope = one
|
|
||||||
query_filter = (&(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))
|
|
||||||
result_attribute= userRecipientBccAddress
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
version = 3
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = one
|
|
||||||
query_filter = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(domainBackupMX=yes)(accountStatus=active)(enabledService=mail))
|
|
||||||
result_attribute= domainName
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = one
|
|
||||||
query_filter = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))
|
|
||||||
result_attribute= domainSenderBccAddress
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = ou=Users,domainName=%d,{{ ldap_basedn }}
|
|
||||||
scope = one
|
|
||||||
query_filter = (&(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))
|
|
||||||
result_attribute= userSenderBccAddress
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = sub
|
|
||||||
query_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=smtp)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s))))
|
|
||||||
result_attribute= mail
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = one
|
|
||||||
query_filter = (&(objectClass=mailDomain)(accountStatus=active)(enabledService=mail)(|(domainName=%s)(domainAliasName=%s)))
|
|
||||||
result_attribute= mtaTransport
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = ou=Users,domainName=%d,{{ ldap_basedn }}
|
|
||||||
scope = one
|
|
||||||
query_filter = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail))
|
|
||||||
result_attribute= mtaTransport
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = sub
|
|
||||||
query_filter = (&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
|
|
||||||
result_attribute= mailForwardingAddress
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = sub
|
|
||||||
query_filter = (&(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(&(|(memberOfGroup=%s)(shadowAddress=%s))(objectClass=mailUser))(&(memberOfGroup=%s)(!(shadowAddress=%s))(|(objectClass=mailExternalUser)(objectClass=mailList)(objectClass=mailAlias)))))
|
|
||||||
result_attribute= mail
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = sub
|
|
||||||
query_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s))))
|
|
||||||
result_attribute= mail
|
|
||||||
debuglevel = 0
|
|
|
@ -1,13 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
version = 3
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = one
|
|
||||||
query_filter = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(!(domainBackupMX=yes))(accountStatus=active)(enabledService=mail))
|
|
||||||
result_attribute= domainName
|
|
||||||
debuglevel = 0
|
|
|
@ -1,14 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_host = {{ ldap_host }}
|
|
||||||
server_port = {{ ldap_port }}
|
|
||||||
version = 3
|
|
||||||
bind = yes
|
|
||||||
start_tls = no
|
|
||||||
bind_dn = {{ ldap_bind_username }}
|
|
||||||
bind_pw = {{ ldap_bind_password }}
|
|
||||||
search_base = {{ ldap_basedn }}
|
|
||||||
scope = sub
|
|
||||||
query_filter = (&(objectClass=mailUser)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(accountStatus=active)(enabledService=mail)(enabledService=deliver))
|
|
||||||
result_attribute= mailMessageStore
|
|
||||||
result_format = %s/Maildir/
|
|
||||||
debuglevel = 0
|
|
|
@ -1,47 +0,0 @@
|
||||||
DocumentRoot /var/lib/roundcube
|
|
||||||
Alias /mail /var/lib/roundcube
|
|
||||||
|
|
||||||
<Directory /var/lib/roundcube/>
|
|
||||||
Options +FollowSymLinks
|
|
||||||
# This is needed to parse /var/lib/roundcube/.htaccess. See its
|
|
||||||
# content before setting AllowOverride to None.
|
|
||||||
AllowOverride All
|
|
||||||
<IfVersion >= 2.3>
|
|
||||||
Require all granted
|
|
||||||
</IfVersion>
|
|
||||||
<IfVersion < 2.3>
|
|
||||||
Order allow,deny
|
|
||||||
Allow from all
|
|
||||||
</IfVersion>
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
# Protecting basic directories:
|
|
||||||
<Directory /var/lib/roundcube/config>
|
|
||||||
Options -FollowSymLinks
|
|
||||||
AllowOverride None
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
<Directory /var/lib/roundcube/temp>
|
|
||||||
Options -FollowSymLinks
|
|
||||||
AllowOverride None
|
|
||||||
<IfVersion >= 2.3>
|
|
||||||
Require all denied
|
|
||||||
</IfVersion>
|
|
||||||
<IfVersion < 2.3>
|
|
||||||
Order allow,deny
|
|
||||||
Deny from all
|
|
||||||
</IfVersion>
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
<Directory /var/lib/roundcube/logs>
|
|
||||||
Options -FollowSymLinks
|
|
||||||
AllowOverride None
|
|
||||||
<IfVersion >= 2.3>
|
|
||||||
Require all denied
|
|
||||||
</IfVersion>
|
|
||||||
<IfVersion < 2.3>
|
|
||||||
Order allow,deny
|
|
||||||
Deny from all
|
|
||||||
</IfVersion>
|
|
||||||
</Directory>
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
# Gmail-specific transfer policy
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
gmail.com smtp-ipv4:
|
|
|
@ -1,35 +0,0 @@
|
||||||
---
|
|
||||||
# Default configurations
|
|
||||||
# I populate these from external configs; I indicate what the are as inline comments
|
|
||||||
|
|
||||||
# Postfix
|
|
||||||
|
|
||||||
# A list of relay domains and their target (square-bracked hostname/IP + port); examples follow
|
|
||||||
relay_domains: "{{ blse_relaydomains }}"
|
|
||||||
# - domain: "some.domain.tld"
|
|
||||||
# relay: "[mail.domain.tld]"
|
|
||||||
# - domain: "other.domain.tld"
|
|
||||||
# relay: "[secure.domain.tld]:465"
|
|
||||||
|
|
||||||
# A list of RBLs to check for rejecting incoming mail
|
|
||||||
remote_block_lists:
|
|
||||||
- bl.spamcop.net
|
|
||||||
- zen.spamhaus.org
|
|
||||||
- cbl.abuseat.org
|
|
||||||
|
|
||||||
# Enable TLS (literal yes/no only) and, if yes, the cert and key files
|
|
||||||
tls_enabled: "yes"
|
|
||||||
tls_cert: "/etc/ssl/{{ ansible_fqdn }}.crt"
|
|
||||||
tls_key: "/etc/ssl/{{ ansible_fqdn }}.key"
|
|
||||||
|
|
||||||
# Virtual address maps
|
|
||||||
virtual_maps:
|
|
||||||
- regex: "/^postmaster@/"
|
|
||||||
map: "root@{{ blsedomains_admindomain }}"
|
|
||||||
|
|
||||||
# SpamAssassin
|
|
||||||
notify_admin: "joshua@boniface.me" # Administrative address to notify
|
|
||||||
notify_method: "smtp:{{ blsecluster_smtphost }}:25"
|
|
||||||
custom_sender_scores:
|
|
||||||
- "[qr'^(offers)@'i => 1.0]"
|
|
||||||
- "[qr'^.*@pizzanova.com'i => 1.0]"
|
|
|
@ -1,2 +0,0 @@
|
||||||
Populate me with spam-tagged legit emails.
|
|
||||||
Then `tar -cvJf ham-sample.txz ham-sample/` in the parent directory.
|
|
|
@ -1,2 +0,0 @@
|
||||||
Populate me with spam-tagged legit emails.
|
|
||||||
Then `tar -cvJf ham-sample.txz ham-sample/` in the parent directory.
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
- name: postmap transport
|
|
||||||
command: "postmap /etc/postfix/transport"
|
|
||||||
- name: restart amavis
|
|
||||||
service:
|
|
||||||
name: "amavis"
|
|
||||||
state: "restarted"
|
|
||||||
- name: restart saslauthd
|
|
||||||
service:
|
|
||||||
name: "saslauthd"
|
|
||||||
state: "restarted"
|
|
||||||
- name: restart postfix
|
|
||||||
service:
|
|
||||||
name: "postfix"
|
|
||||||
state: "restarted"
|
|
||||||
- name: restart spamassassin
|
|
||||||
service:
|
|
||||||
name: "spamassassin"
|
|
||||||
state: "restarted"
|
|
|
@ -1,220 +0,0 @@
|
||||||
---
|
|
||||||
#
|
|
||||||
# Install role packages
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: install filtering packages and monitoring components
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- postfix
|
|
||||||
- postfix-pcre
|
|
||||||
- mailgraph
|
|
||||||
- amavis
|
|
||||||
- spamassassin
|
|
||||||
- clamav-daemon
|
|
||||||
- libnet-dns-perl
|
|
||||||
- libmail-spf-perl
|
|
||||||
- postfix-policyd-spf-python
|
|
||||||
- pfqueue
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
- name: install compression algorithms for scanning
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- p7zip-full
|
|
||||||
- arj
|
|
||||||
- bzip2
|
|
||||||
- cabextract
|
|
||||||
- cpio
|
|
||||||
- file
|
|
||||||
- gzip
|
|
||||||
- lhasa
|
|
||||||
- liblz4-tool
|
|
||||||
- lrzip
|
|
||||||
- lzop
|
|
||||||
- nomarch
|
|
||||||
- pax
|
|
||||||
- rar
|
|
||||||
- rpm
|
|
||||||
- unrar-free
|
|
||||||
- unzip
|
|
||||||
- xz-utils
|
|
||||||
- zip
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
#
|
|
||||||
# ClamAV
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: ensure clamav is in amavis group
|
|
||||||
user:
|
|
||||||
name: "clamav"
|
|
||||||
append: "yes"
|
|
||||||
groups: "amavis"
|
|
||||||
|
|
||||||
- name: ensure amavis is in clamav group
|
|
||||||
user:
|
|
||||||
name: "amavis"
|
|
||||||
append: "yes"
|
|
||||||
groups: "clamav"
|
|
||||||
|
|
||||||
#
|
|
||||||
# policyd SPF
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: install policyd-spf config
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/postfix-policyd-spf-python/{{ item }}"
|
|
||||||
notify:
|
|
||||||
- restart postfix
|
|
||||||
with_items:
|
|
||||||
- "policyd-spf.conf"
|
|
||||||
|
|
||||||
#
|
|
||||||
# SpamAssassin
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: install SpamAssassin config
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/spamassassin/{{ item }}"
|
|
||||||
notify:
|
|
||||||
- restart spamassassin
|
|
||||||
- restart amavis
|
|
||||||
with_items:
|
|
||||||
- "local.cf"
|
|
||||||
- "90_customrules.cf"
|
|
||||||
|
|
||||||
#
|
|
||||||
# Amavis
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: install Amavis configs
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/amavis/conf.d/{{ item }}"
|
|
||||||
notify:
|
|
||||||
- restart amavis
|
|
||||||
with_items:
|
|
||||||
- "15-content_filter_mode"
|
|
||||||
- "50-user"
|
|
||||||
|
|
||||||
#
|
|
||||||
# Postfix
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: create the Postfix local config dir
|
|
||||||
file:
|
|
||||||
state: directory
|
|
||||||
dest: "/etc/postfix/local"
|
|
||||||
|
|
||||||
- name: install the Postfix main configs
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/postfix/{{ item }}"
|
|
||||||
notify:
|
|
||||||
- restart postfix
|
|
||||||
with_items:
|
|
||||||
- "main.cf"
|
|
||||||
- "master.cf"
|
|
||||||
|
|
||||||
- name: install the Postfix local configs
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/postfix/local/{{ item }}"
|
|
||||||
notify:
|
|
||||||
- restart postfix
|
|
||||||
with_items:
|
|
||||||
- helo_access
|
|
||||||
- recipient_access
|
|
||||||
- relay_domains
|
|
||||||
- transport
|
|
||||||
- virtual
|
|
||||||
|
|
||||||
- name: link /etc/mailname to /etc/hostname
|
|
||||||
file:
|
|
||||||
dest: "/etc/mailname"
|
|
||||||
src: "/etc/hostname"
|
|
||||||
state: "link"
|
|
||||||
force: "yes"
|
|
||||||
|
|
||||||
#
|
|
||||||
# Verify and enable services
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: verify and enable services
|
|
||||||
service:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: "started"
|
|
||||||
enabled: "yes"
|
|
||||||
with_items:
|
|
||||||
- "postfix"
|
|
||||||
- "amavis"
|
|
||||||
- "clamav-daemon"
|
|
||||||
|
|
||||||
#
|
|
||||||
# SpamAssassin training
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: download spam sample archive
|
|
||||||
copy:
|
|
||||||
src: "spam-sample.txz"
|
|
||||||
dest: "/var/cache/spam-sample.txz"
|
|
||||||
owner: "root"
|
|
||||||
group: "root"
|
|
||||||
mode: "400"
|
|
||||||
register: spamsample
|
|
||||||
|
|
||||||
- name: make temporary directory
|
|
||||||
command: "mktemp -d"
|
|
||||||
register: tempdirspam
|
|
||||||
when: spamsample.changed
|
|
||||||
|
|
||||||
- name: extract spam sample archive to temporary directory
|
|
||||||
unarchive:
|
|
||||||
remote_src: "yes"
|
|
||||||
src: "/var/cache/spam-sample.txz"
|
|
||||||
dest: "{{ tempdirspam.stdout }}/"
|
|
||||||
when: spamsample.changed
|
|
||||||
|
|
||||||
- name: sa-learn from the spam sample
|
|
||||||
command: "sa-learn --spam {{ tempdirspam.stdout }}/spam-sample/"
|
|
||||||
when: spamsample.changed
|
|
||||||
|
|
||||||
- name: remove temporary directory
|
|
||||||
file:
|
|
||||||
dest: "{{ tempdirspam.stdout }}"
|
|
||||||
state: "absent"
|
|
||||||
when: spamsample.changed
|
|
||||||
|
|
||||||
- name: download ham sample archive
|
|
||||||
copy:
|
|
||||||
src: "ham-sample.txz"
|
|
||||||
dest: "/var/cache/ham-sample.txz"
|
|
||||||
owner: "root"
|
|
||||||
group: "root"
|
|
||||||
mode: "400"
|
|
||||||
register: hamsample
|
|
||||||
|
|
||||||
- name: make temporary directory
|
|
||||||
command: "mktemp -d"
|
|
||||||
register: tempdirham
|
|
||||||
when: hamsample.changed
|
|
||||||
|
|
||||||
- name: extract ham sample archive to temporary directory
|
|
||||||
unarchive:
|
|
||||||
remote_src: "yes"
|
|
||||||
src: "/var/cache/ham-sample.txz"
|
|
||||||
dest: "{{ tempdirham.stdout }}/"
|
|
||||||
when: hamsample.changed
|
|
||||||
|
|
||||||
- name: sa-learn from the ham sample
|
|
||||||
command: "sa-learn --ham {{ tempdirham.stdout }}/ham-sample/"
|
|
||||||
when: hamsample.changed
|
|
||||||
|
|
||||||
- name: remove temporary directory
|
|
||||||
file:
|
|
||||||
dest: "{{ tempdirham.stdout }}"
|
|
||||||
state: "absent"
|
|
||||||
when: hamsample.changed
|
|
|
@ -1,12 +0,0 @@
|
||||||
use strict;
|
|
||||||
|
|
||||||
# Amavis filter configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
@bypass_virus_checks_maps = (
|
|
||||||
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
|
|
||||||
|
|
||||||
@bypass_spam_checks_maps = (
|
|
||||||
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
|
|
||||||
|
|
||||||
1; # ensure a defined return
|
|
|
@ -1,40 +0,0 @@
|
||||||
use strict;
|
|
||||||
|
|
||||||
@local_domains_acl = ( "." );
|
|
||||||
$sa_tag_level_deflt = -9999;
|
|
||||||
$sa_tag2_level_deflt = 5;
|
|
||||||
$sa_kill_level_deflt = 9999;
|
|
||||||
$sa_spam_subject_tag = '*** SPAM *** ';
|
|
||||||
$final_spam_destiny = 'D_PASS';
|
|
||||||
|
|
||||||
$bad_header_quarantine_method = undef;
|
|
||||||
|
|
||||||
$notify_method = '{{ notify_method }}';
|
|
||||||
|
|
||||||
$newvirus_admin = '{{ notify_admin }}';
|
|
||||||
$virus_admin = '{{ notify_admin }}';
|
|
||||||
$spam_admin = '{{ notify_admin }}';
|
|
||||||
|
|
||||||
$banned_admin = \@virus_admin_maps; # for compatibility with pre-2.2.1
|
|
||||||
$bad_header_admin = \@virus_admin_maps; # for compatibility with pre-2.2.1
|
|
||||||
@newvirus_admin_maps = (\$newvirus_admin);
|
|
||||||
@virus_admin_maps = (\%virus_admin, \$virus_admin);
|
|
||||||
@spam_admin_maps = (\%spam_admin, \$spam_admin);
|
|
||||||
@banned_admin_maps = (\$banned_admin);
|
|
||||||
@bad_header_admin_maps= (\$bad_header_admin);
|
|
||||||
|
|
||||||
{% if custom_sender_scores is defined %}
|
|
||||||
# Custom sender_map scores
|
|
||||||
@score_sender_maps = ({
|
|
||||||
'.' => [
|
|
||||||
new_RE(
|
|
||||||
{% for score in custom_sender_scores %}
|
|
||||||
{{ score }},
|
|
||||||
{% endfor %}
|
|
||||||
),
|
|
||||||
],
|
|
||||||
});
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#------------ Do not modify anything below this line -------------
|
|
||||||
1; # ensure a defined return
|
|
|
@ -1,7 +0,0 @@
|
||||||
# Adjustments to default SpamAssassin scoring
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
score RCVD_IN_PSBL 3.5 # Increase default score significantly
|
|
||||||
score URIBL_BLACK 3.5 # Increase default score significantly
|
|
||||||
score LOTS_OF_MONEY 2 # Increase default score a little
|
|
||||||
score ADVANCE_FEE_4_NEW 2 # Increase default score a little
|
|
||||||
score RDNS_NONE 0.5 # Decrease default score a little
|
|
|
@ -1,2 +0,0 @@
|
||||||
/^\[[0-9]{1,3}(\.[0-9]{1,3}){3}\]$/ DUNNO announced self using an address literal
|
|
||||||
/^[0-9]{1,3}(\.[0-9]{1,3}){3}$/ REJECT announced self with an IP address instead of a domain name
|
|
|
@ -1,27 +0,0 @@
|
||||||
# SpamAssassin local config
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
report_safe 1
|
|
||||||
required_score 4.5
|
|
||||||
|
|
||||||
use_bayes 1
|
|
||||||
bayes_auto_learn 1
|
|
||||||
bayes_auto_learn_threshold_nonspam -0.1
|
|
||||||
bayes_auto_learn_threshold_spam 9.0
|
|
||||||
|
|
||||||
score BAYES_00 -4
|
|
||||||
score BAYES_05 -2
|
|
||||||
score BAYES_80 2
|
|
||||||
score BAYES_95 6
|
|
||||||
score BAYES_99 8
|
|
||||||
|
|
||||||
bayes_ignore_header X-Bogosity
|
|
||||||
bayes_ignore_header X-Spam-Flag
|
|
||||||
bayes_ignore_header X-Spam-Status
|
|
||||||
|
|
||||||
bayes_path /var/spamassassin/bayes_db/bayes
|
|
||||||
bayes_file_mode 0777
|
|
||||||
|
|
||||||
skip_rbl_checks 0
|
|
||||||
ok_languages all
|
|
||||||
ok_locales all
|
|
|
@ -1,91 +0,0 @@
|
||||||
# Main Postfix configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
myorigin = /etc/mailname
|
|
||||||
myhostname = {{ ansible_fqdn }}
|
|
||||||
|
|
||||||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
|
||||||
message_size_limit = 26214400
|
|
||||||
mailbox_size_limit = 0
|
|
||||||
default_process_limit = 1000
|
|
||||||
recipient_delimiter = +
|
|
||||||
inet_interfaces = all
|
|
||||||
|
|
||||||
smtpd_banner = {{ ansible_fqdn }} ESMTP $mail_name (Debian/GNU)
|
|
||||||
biff = no
|
|
||||||
append_dot_mydomain = no
|
|
||||||
delay_warning_time = 48h
|
|
||||||
maximal_queue_lifetime = 14d
|
|
||||||
bounce_queue_lifetime = 14d
|
|
||||||
readme_directory = no
|
|
||||||
compatibility_level = 2
|
|
||||||
|
|
||||||
smtpd_use_tls={{ tls_enabled }}
|
|
||||||
smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem
|
|
||||||
smtpd_tls_cert_file={{ tls_cert }}
|
|
||||||
smtpd_tls_key_file={{ tls_key }}
|
|
||||||
smtpd_tls_ask_ccert = yes
|
|
||||||
smtpd_tls_received_header = yes
|
|
||||||
smtpd_tls_loglevel = 1
|
|
||||||
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache
|
|
||||||
smtpd_tls_security_level = may
|
|
||||||
smtpd_tls_protocols = !SSLv2,!SSLv3
|
|
||||||
smtpd_tls_ciphers = medium
|
|
||||||
smtpd_tls_exclude_ciphers = RC4, CAMELLIA, SEED, 3DES
|
|
||||||
|
|
||||||
smtp_use_tls={{ tls_enabled }}
|
|
||||||
smtp_tls_cert_file={{ tls_cert }}
|
|
||||||
smtp_tls_key_file={{ tls_key }}
|
|
||||||
smtp_tls_session_cache_database = btree:$data_directory/smtp_scache
|
|
||||||
smtp_tls_loglevel = 1
|
|
||||||
smtp_tls_security_level = may
|
|
||||||
smtp_tls_protocols = $smtpd_tls_protocols
|
|
||||||
smtp_tls_ciphers = $smtpd_tls_ciphers
|
|
||||||
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
|
|
||||||
|
|
||||||
mydestination =
|
|
||||||
local_recipient_maps =
|
|
||||||
alias_maps =
|
|
||||||
alias_database =
|
|
||||||
virtual_alias_maps = pcre:$config_directory/local/virtual
|
|
||||||
local_transport = error:local mail delivery is disabled
|
|
||||||
transport_maps = pcre:$config_directory/local/transport
|
|
||||||
relay_domains = $config_directory/local/relay_domains
|
|
||||||
|
|
||||||
content_filter = smtp-amavis:[127.0.0.1]:10024
|
|
||||||
smtpd_client_recipient_rate_limit = 250
|
|
||||||
strict_rfc821_envelopes = yes
|
|
||||||
receive_override_options = no_address_mappings
|
|
||||||
policyd-spf_time_limit = 3600
|
|
||||||
smtpd_relay_restrictions =
|
|
||||||
permit_mynetworks
|
|
||||||
reject_unauth_destination
|
|
||||||
check_policy_service unix:private/policyd-spf
|
|
||||||
{% for rbl in remote_block_lists %}
|
|
||||||
reject_rbl_client {{ rbl }}
|
|
||||||
{% endfor %}
|
|
||||||
warn_if_reject reject_unknown_client
|
|
||||||
|
|
||||||
smtpd_helo_required = yes
|
|
||||||
smtpd_helo_restrictions =
|
|
||||||
check_helo_access pcre:$config_directory/local/helo_access
|
|
||||||
reject_invalid_hostname
|
|
||||||
|
|
||||||
smtpd_sender_restrictions =
|
|
||||||
check_sender_mx_access cidr:$config_directory/local/mx_access
|
|
||||||
reject_unknown_sender_domain
|
|
||||||
reject_non_fqdn_sender
|
|
||||||
check_sender_access pcre:$config_directory/local/sender_access
|
|
||||||
|
|
||||||
smtpd_recipient_restrictions =
|
|
||||||
reject_unknown_recipient_domain
|
|
||||||
reject_non_fqdn_recipient
|
|
||||||
reject_unauth_pipelining
|
|
||||||
reject_unauth_destination
|
|
||||||
check_policy_service unix:private/policyd-spf
|
|
||||||
check_recipient_access pcre:$config_directory/local/recipient_access
|
|
||||||
reject_unverified_recipient
|
|
||||||
|
|
||||||
smtpd_data_restrictions =
|
|
||||||
reject_multi_recipient_bounce
|
|
||||||
reject_unauth_pipelining
|
|
|
@ -1,62 +0,0 @@
|
||||||
# Postfix master process configuration file
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
# ==========================================================================
|
|
||||||
# service type private unpriv chroot wakeup maxproc command + args
|
|
||||||
# (yes) (yes) (yes) (never) (100)
|
|
||||||
# ==========================================================================
|
|
||||||
smtp inet n - y - - smtpd
|
|
||||||
pickup unix n - y 60 1 pickup
|
|
||||||
-o content_filter=
|
|
||||||
-o receive_override_options=no_header_body_checks
|
|
||||||
cleanup unix n - y - 0 cleanup
|
|
||||||
qmgr unix n - n 300 1 qmgr
|
|
||||||
tlsmgr unix - - y 1000? 1 tlsmgr
|
|
||||||
rewrite unix - - y - - trivial-rewrite
|
|
||||||
bounce unix - - y - 0 bounce
|
|
||||||
defer unix - - y - 0 bounce
|
|
||||||
trace unix - - y - 0 bounce
|
|
||||||
verify unix - - y - 1 verify
|
|
||||||
flush unix n - y 1000? 0 flush
|
|
||||||
proxymap unix - - n - - proxymap
|
|
||||||
proxywrite unix - - n - 1 proxymap
|
|
||||||
smtp unix - - y - - smtp
|
|
||||||
relay unix - - y - - smtp
|
|
||||||
showq unix n - y - - showq
|
|
||||||
error unix - - y - - error
|
|
||||||
retry unix - - y - - error
|
|
||||||
discard unix - - y - - discard
|
|
||||||
local unix - n n - - local
|
|
||||||
virtual unix - n n - - virtual
|
|
||||||
lmtp unix - - y - - lmtp
|
|
||||||
anvil unix - - y - 1 anvil
|
|
||||||
scache unix - - y - 1 scache
|
|
||||||
|
|
||||||
policyd-spf unix - n n - 0 spawn
|
|
||||||
user=policyd-spf argv=/usr/bin/policyd-spf
|
|
||||||
|
|
||||||
smtp-amavis unix - - y - 2 smtp
|
|
||||||
-o smtp_data_done_timeout=1200
|
|
||||||
-o smtp_send_xforward_command=yes
|
|
||||||
-o disable_dns_lookups=yes
|
|
||||||
-o max_use=20
|
|
||||||
|
|
||||||
127.0.0.1:10025 inet n - y - - smtpd
|
|
||||||
-o content_filter=
|
|
||||||
-o local_recipient_maps=
|
|
||||||
-o relay_recipient_maps=
|
|
||||||
-o smtpd_restriction_classes=
|
|
||||||
-o smtpd_delay_reject=no
|
|
||||||
-o smtpd_client_restrictions=permit_mynetworks,reject
|
|
||||||
-o smtpd_helo_restrictions=
|
|
||||||
-o smtpd_sender_restrictions=
|
|
||||||
-o smtpd_recipient_restrictions=permit_mynetworks,reject
|
|
||||||
-o smtpd_data_restrictions=reject_unauth_pipelining
|
|
||||||
-o smtpd_end_of_data_restrictions=
|
|
||||||
-o mynetworks=127.0.0.0/8
|
|
||||||
-o smtpd_error_sleep_time=0
|
|
||||||
-o smtpd_soft_error_limit=1001
|
|
||||||
-o smtpd_hard_error_limit=1000
|
|
||||||
-o smtpd_client_connection_count_limit=0
|
|
||||||
-o smtpd_client_connection_rate_limit=0
|
|
||||||
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
|
|
|
@ -1,12 +0,0 @@
|
||||||
# policyd SPF config
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
debugLevel = 1
|
|
||||||
|
|
||||||
HELO_reject = False
|
|
||||||
Mail_From_reject = False
|
|
||||||
|
|
||||||
PermError_reject = False
|
|
||||||
TempError_Defer = False
|
|
||||||
|
|
||||||
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
|
|
|
@ -1,4 +0,0 @@
|
||||||
/[%!@].*[%!@]/ REJECT sender-specified routing in recipient address
|
|
||||||
/&.*@/ REJECT invalid user
|
|
||||||
/^(daemon|bin|sys|sync|games|man|lp|news|uucp|proxy|www-data|backup|list|irc|gnats|nobody)@/ REJECT reserved system user
|
|
||||||
/^(ntp|sshd|munin|postfix|clamav|sqlgrey|policyd-spf|bind|statd|freerad|mysql|smokeping|systemd-.+|)@/ REJECT reserved system user
|
|
|
@ -1,3 +0,0 @@
|
||||||
{% for domain in relay_domains %}
|
|
||||||
{{ domain.domain }}
|
|
||||||
{% endfor %}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{% for domain in relay_domains %}
|
|
||||||
/@{{ domain.domain }}$/ relay:{{ domain.relay }}
|
|
||||||
{% endfor %}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{% for map in virtual_maps %}
|
|
||||||
{{ map.regex }} {{ map.map }}
|
|
||||||
{% endfor %}
|
|
|
@ -1,31 +0,0 @@
|
||||||
# package-radarr
|
|
||||||
|
|
||||||
This package configures the Radarr Movie download manager on a Debian/Ubuntu system.
|
|
||||||
|
|
||||||
# Package variables
|
|
||||||
|
|
||||||
## Configurable
|
|
||||||
|
|
||||||
These variables should be configured in the host group that imports this role.
|
|
||||||
|
|
||||||
### `radarr_version`: The version to use.
|
|
||||||
* Should be a valid release version.
|
|
||||||
|
|
||||||
### `radarr_sha256sum`: The SHA256 sum of the GitHub release binary.
|
|
||||||
* Must match the artifact for the version specified in `radarr_version`.
|
|
||||||
|
|
||||||
## Defaults
|
|
||||||
|
|
||||||
These variables should not need to be changed.
|
|
||||||
|
|
||||||
### `radarr_user`: The service username.
|
|
||||||
* Default: `radarr`
|
|
||||||
|
|
||||||
### `radarr_uid`: The service user UID.
|
|
||||||
* Default: `219`
|
|
||||||
|
|
||||||
### `radarr_path`: The homedir for the service user and application.
|
|
||||||
* Default: `/srv/radarr`
|
|
||||||
|
|
||||||
### `radarr_url`: The GitHub release artifact URL
|
|
||||||
* Default: `https://github.com/Radarr/Radarr/releases/download/v{{ radarr_version }}/Radarr.develop.{{ radarr_version }}.linux.tar.gz`
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- name: restart radarr
|
|
||||||
service:
|
|
||||||
name: "radarr"
|
|
||||||
state: "restarted"
|
|
|
@ -1,79 +0,0 @@
|
||||||
---
|
|
||||||
- name: install dependency packages
|
|
||||||
apt:
|
|
||||||
pkg:
|
|
||||||
- mono-runtime
|
|
||||||
- libmono-cil-dev
|
|
||||||
- libcurl3-nss
|
|
||||||
- mediainfo
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
- name: add service user
|
|
||||||
user:
|
|
||||||
name: "{{ radarr_user }}"
|
|
||||||
group: "daemon"
|
|
||||||
system: yes
|
|
||||||
uid: "{{ radarr_uid }}"
|
|
||||||
home: "{{ radarr_path }}"
|
|
||||||
shell: "/usr/sbin/nologin"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: create service directories
|
|
||||||
file:
|
|
||||||
dest: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
owner: "{{ radarr_user }}"
|
|
||||||
group: "daemon"
|
|
||||||
mode: 0755
|
|
||||||
with_items:
|
|
||||||
- "{{ radarr_path }}"
|
|
||||||
- "{{ radarr_path }}/bin"
|
|
||||||
|
|
||||||
- name: download application from GitHub
|
|
||||||
get_url:
|
|
||||||
url: "{{ radarr_url }}"
|
|
||||||
checksum: "sha256:{{ radarr_sha256sum }}"
|
|
||||||
dest: "{{ radarr_path }}/radarr.{{ radarr_version }}.tgz"
|
|
||||||
owner: "{{ radarr_user }}"
|
|
||||||
group: "sudo"
|
|
||||||
register: download
|
|
||||||
notify:
|
|
||||||
- restart radarr
|
|
||||||
|
|
||||||
- name: extract application tarball
|
|
||||||
unarchive:
|
|
||||||
src: "{{ radarr_path }}/radarr.{{ radarr_version }}.tgz"
|
|
||||||
dest: "{{ radarr_path }}/bin"
|
|
||||||
remote_src: yes
|
|
||||||
when: download.changed
|
|
||||||
|
|
||||||
- name: correct archive permissions
|
|
||||||
file:
|
|
||||||
owner: "{{ radarr_user }}"
|
|
||||||
group: "sudo"
|
|
||||||
mode: "u+rw,g+r"
|
|
||||||
recurse: yes
|
|
||||||
dest: "{{ radarr_path }}/bin"
|
|
||||||
when: download.changed
|
|
||||||
|
|
||||||
- name: install systemd unit files
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/systemd/system/{{ item }}"
|
|
||||||
register: systemd_file
|
|
||||||
with_items:
|
|
||||||
- radarr.service
|
|
||||||
|
|
||||||
- name: reload systemd to apply previous changes
|
|
||||||
command: "systemctl daemon-reload"
|
|
||||||
when: systemd_file.changed
|
|
||||||
notify:
|
|
||||||
- restart radarr
|
|
||||||
|
|
||||||
- name: start and enable systemd units
|
|
||||||
service:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
with_items:
|
|
||||||
- radarr.service
|
|
|
@ -1,14 +0,0 @@
|
||||||
# Radarr service unit file
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
[Unit]
|
|
||||||
Description = Radarr Movie download manager
|
|
||||||
After = network-online.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type = simple
|
|
||||||
User = {{ radarr_user }}
|
|
||||||
ExecStart = /usr/bin/mono --debug {{ radarr_path }}/bin/Radarr/Radarr.exe -nobrowser
|
|
||||||
Restart = on-failure
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy = multi-user.target
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
radarr_user: "radarr"
|
|
||||||
radarr_uid: "219"
|
|
||||||
radarr_path: "/srv/radarr"
|
|
||||||
radarr_url: "https://github.com/Radarr/Radarr/releases/download/v{{ radarr_version }}/Radarr.develop.{{ radarr_version }}.linux.tar.gz"
|
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
- name: restart matrix-synapse
|
|
||||||
service:
|
|
||||||
name: matrix-synapse
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: restart mxisd
|
|
||||||
service:
|
|
||||||
name: mxisd
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: restart nginx
|
|
||||||
service:
|
|
||||||
name: nginx
|
|
||||||
state: restarted
|
|
|
@ -1,122 +0,0 @@
|
||||||
---
|
|
||||||
- name: install matrix packages
|
|
||||||
apt:
|
|
||||||
pkg:
|
|
||||||
- matrix-synapse
|
|
||||||
- matrix-synapse-ldap3
|
|
||||||
- python3-psycopg2
|
|
||||||
- python3-jinja2
|
|
||||||
- python3-bleach
|
|
||||||
- openjdk-8-jre-headless
|
|
||||||
- mxisd
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
- name: install the rest auth provider
|
|
||||||
get_url:
|
|
||||||
url: "https://raw.githubusercontent.com/kamax-matrix/matrix-synapse-rest-auth/master/rest_auth_provider.py"
|
|
||||||
dest: "/usr/lib/python3/dist-packages/rest_auth_provider.py"
|
|
||||||
|
|
||||||
- name: ensure services are started and enabled
|
|
||||||
service:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
with_items:
|
|
||||||
- matrix-synapse
|
|
||||||
- mxisd
|
|
||||||
|
|
||||||
- name: install matrix-synapse configurations
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}.j2"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
owner: matrix-synapse
|
|
||||||
group: adm
|
|
||||||
mode: 0640
|
|
||||||
notify: restart matrix-synapse
|
|
||||||
with_items:
|
|
||||||
- { src: "matrix-homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml" }
|
|
||||||
- { src: "matrix-server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml" }
|
|
||||||
- { src: "matrix-report_stats.yaml", dest: "/etc/matrix-synapse/conf.d/report_stats.yaml" }
|
|
||||||
- { src: "matrix-homeserver.signing.key", dest: "/etc/matrix-synapse/homeserver.signing.key" }
|
|
||||||
|
|
||||||
- name: install mxisd configurations
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}.j2"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
owner: mxisd
|
|
||||||
group: adm
|
|
||||||
mode: 0640
|
|
||||||
notify: restart mxisd
|
|
||||||
with_items:
|
|
||||||
- { src: "mxisd.yaml", dest: "/etc/mxisd/mxisd.yaml" }
|
|
||||||
|
|
||||||
- name: link the res folder to the right place
|
|
||||||
file:
|
|
||||||
src: "/usr/lib/python3/dist-packages/synapse/res"
|
|
||||||
dest: "/var/lib/matrix-synapse/res"
|
|
||||||
state: link
|
|
||||||
|
|
||||||
- name: create matrix data directories
|
|
||||||
file:
|
|
||||||
dest: "/srv/matrix/{{ item }}"
|
|
||||||
state: directory
|
|
||||||
owner: matrix-synapse
|
|
||||||
group: sudo
|
|
||||||
mode: 0750
|
|
||||||
with_items:
|
|
||||||
- media
|
|
||||||
- uploads
|
|
||||||
|
|
||||||
- name: install nginx packages
|
|
||||||
apt:
|
|
||||||
pkg:
|
|
||||||
- nginx
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
- name: ensure services are started and enabled
|
|
||||||
service:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
with_items:
|
|
||||||
- nginx
|
|
||||||
|
|
||||||
- name: disable default nginx configuration
|
|
||||||
file:
|
|
||||||
dest: "/etc/nginx/sites-enabled/default"
|
|
||||||
state: "absent"
|
|
||||||
|
|
||||||
- name: install nginx configuration
|
|
||||||
template:
|
|
||||||
src: "riot-nginx.j2"
|
|
||||||
dest: "/etc/nginx/sites-enabled/riot"
|
|
||||||
notify: restart nginx
|
|
||||||
|
|
||||||
- name: download riot
|
|
||||||
get_url:
|
|
||||||
url: "https://github.com/vector-im/riot-web/releases/download/{{ riot_version }}/riot-{{ riot_version }}.tar.gz"
|
|
||||||
dest: "/var/www/riot.tar.gz"
|
|
||||||
|
|
||||||
- name: extract riot
|
|
||||||
unarchive:
|
|
||||||
src: "/var/www/riot.tar.gz"
|
|
||||||
dest: "/var/www"
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
copy: no
|
|
||||||
creates: "/var/www/riot-{{ riot_version }}"
|
|
||||||
|
|
||||||
- name: create versionless riot symlink
|
|
||||||
file:
|
|
||||||
src: "/var/www/riot-{{ riot_version }}"
|
|
||||||
dest: "/var/www/riot"
|
|
||||||
state: link
|
|
||||||
|
|
||||||
- name: install riot configuration
|
|
||||||
template:
|
|
||||||
src: "riot-config.json.j2"
|
|
||||||
dest: "/var/www/riot/config.json"
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
notify: restart nginx
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
{{ matrix_homeserver_signing_key }}
|
|
|
@ -1,123 +0,0 @@
|
||||||
---
|
|
||||||
# Matrix homeserver configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
no_tls: True
|
|
||||||
tls_fingerprints: []
|
|
||||||
pid_file: "/var/run/matrix-synapse.pid"
|
|
||||||
soft_file_limit: 0
|
|
||||||
public_baseurl: "https://im.{{ blsedomains_webdomain }}"
|
|
||||||
listeners:
|
|
||||||
- port: 8008
|
|
||||||
tls: false
|
|
||||||
bind_addresses:
|
|
||||||
- '::'
|
|
||||||
type: http
|
|
||||||
x_forwarded: true
|
|
||||||
resources:
|
|
||||||
- names: [client, webclient]
|
|
||||||
compress: true
|
|
||||||
- names: [federation]
|
|
||||||
compress: false
|
|
||||||
database:
|
|
||||||
name: psycopg2
|
|
||||||
args:
|
|
||||||
user: "{{ postgres_client['matrix'].username }}"
|
|
||||||
password: "{{ postgres_client['matrix'].passwd }}"
|
|
||||||
database: "{{ postgres_client['matrix'].database }}"
|
|
||||||
host: "{{ postgres_client['matrix'].host }}"
|
|
||||||
port: "{{ postgres_client['matrix'].port_readwrite }}"
|
|
||||||
cp_min: 5
|
|
||||||
cp_max: 10
|
|
||||||
event_cache_size: "10K"
|
|
||||||
log_config: "/etc/matrix-synapse/log.yaml"
|
|
||||||
rc_messages_per_second: 2.0
|
|
||||||
rc_message_burst_count: 10.0
|
|
||||||
federation_rc_window_size: 1000
|
|
||||||
federation_rc_sleep_limit: 10
|
|
||||||
federation_rc_sleep_delay: 500
|
|
||||||
federation_rc_reject_limit: 50
|
|
||||||
federation_rc_concurrent: 3
|
|
||||||
media_store_path: "/srv/matrix/media"
|
|
||||||
uploads_path: "/srv/matrix/uploads"
|
|
||||||
max_upload_size: "10M"
|
|
||||||
max_image_pixels: "32M"
|
|
||||||
dynamic_thumbnails: false
|
|
||||||
thumbnail_sizes:
|
|
||||||
- width: 32
|
|
||||||
height: 32
|
|
||||||
method: crop
|
|
||||||
- width: 96
|
|
||||||
height: 96
|
|
||||||
method: crop
|
|
||||||
- width: 320
|
|
||||||
height: 240
|
|
||||||
method: scale
|
|
||||||
- width: 640
|
|
||||||
height: 480
|
|
||||||
method: scale
|
|
||||||
- width: 800
|
|
||||||
height: 600
|
|
||||||
method: scale
|
|
||||||
url_preview_enabled: False
|
|
||||||
max_spider_size: "10M"
|
|
||||||
enable_registration_captcha: False
|
|
||||||
enable_registration: False
|
|
||||||
bcrypt_rounds: 12
|
|
||||||
allow_guest_access: False
|
|
||||||
trusted_third_party_id_servers:
|
|
||||||
- "im.{{ blsedomains_webdomain }}"
|
|
||||||
auto_join_rooms:
|
|
||||||
- "#hallway:{{ blsedomains_webdomain }}"
|
|
||||||
- "#fun:{{ blsedomains_webdomain }}"
|
|
||||||
- "#games:{{ blsedomains_webdomain }}"
|
|
||||||
enable_metrics: False
|
|
||||||
room_invite_state_types:
|
|
||||||
- "m.room.join_rules"
|
|
||||||
- "m.room.canonical_alias"
|
|
||||||
- "m.room.avatar"
|
|
||||||
- "m.room.name"
|
|
||||||
app_service_config_files: []
|
|
||||||
expire_access_token: False
|
|
||||||
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
|
|
||||||
old_signing_keys: {}
|
|
||||||
key_refresh_interval: "1d" # 1 Day.
|
|
||||||
perspectives:
|
|
||||||
servers:
|
|
||||||
"matrix.org":
|
|
||||||
verify_keys:
|
|
||||||
"ed25519:auto":
|
|
||||||
key: "{{ matrixorg_verify_key }}"
|
|
||||||
password_config:
|
|
||||||
enabled: true
|
|
||||||
email:
|
|
||||||
enable_notifs: true
|
|
||||||
smtp_host: "{{ blsecluster_smtphost }}"
|
|
||||||
smtp_port: 587
|
|
||||||
smtp_user: "{{ username_email_root }}"
|
|
||||||
smtp_pass: "{{ passwd_email_root }}"
|
|
||||||
require_transport_security: True
|
|
||||||
notif_from: "The BLSE Matrix Server <matrix@{{ blsedomains_webdomain }}"
|
|
||||||
app_name: Matrix
|
|
||||||
template_dir: res/templates
|
|
||||||
notif_template_html: notif_mail.html
|
|
||||||
notif_template_text: notif_mail.txt
|
|
||||||
notif_for_new_users: True
|
|
||||||
riot_base_url: "https://riot.{{ blsedomains_webdomain }}"
|
|
||||||
password_providers:
|
|
||||||
- module: "rest_auth_provider.RestAuthProvider"
|
|
||||||
config:
|
|
||||||
endpoint: "http://localhost:8090"
|
|
||||||
# - module: "ldap_auth_provider.LdapAuthProvider"
|
|
||||||
# config:
|
|
||||||
# enabled: true
|
|
||||||
# uri: "ldap://{{ blsecluster_ldaphost }}:389"
|
|
||||||
# start_tls: false
|
|
||||||
# base: "{{ ldap_basedn }}"
|
|
||||||
# attributes:
|
|
||||||
# uid: "uid"
|
|
||||||
# mail: "mail"
|
|
||||||
# name: "cn"
|
|
||||||
# bind_dn: "{{ username_ldap_admin }}"
|
|
||||||
# bind_password: "{{ passwd_ldap_admin }}"
|
|
||||||
# filter: "(&(objectClass=mailUser)(accountStatus=active))"
|
|
||||||
enable_group_creation: false
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
# Matrix report_stats configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
report_stats: false
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
# Matrix server_name configuration
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
server_name: "{{ blsedomains_webdomain }}"
|
|
|
@ -1,47 +0,0 @@
|
||||||
---
|
|
||||||
# mxisd configuration file
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
matrix:
|
|
||||||
domain: "im.{{ blsedomains_webdomain }}"
|
|
||||||
key:
|
|
||||||
path: '/var/lib/mxisd/keys'
|
|
||||||
storage:
|
|
||||||
provider:
|
|
||||||
sqlite:
|
|
||||||
database: '/var/lib/mxisd/store.db'
|
|
||||||
ldap:
|
|
||||||
enabled: true
|
|
||||||
connection:
|
|
||||||
host: "{{ blsecluster_ldaphost }}"
|
|
||||||
port: 389
|
|
||||||
bindDn: "{{ username_ldap_admin }}"
|
|
||||||
bindPassword: "{{ passwd_ldap_admin }}"
|
|
||||||
baseDNs:
|
|
||||||
- "{{ ldap_basedn }}"
|
|
||||||
filter: "(&(objectClass=mailUser)(accountStatus=active))"
|
|
||||||
attribute:
|
|
||||||
uid:
|
|
||||||
type: "uid"
|
|
||||||
value: "uid"
|
|
||||||
name: "cn"
|
|
||||||
threepid:
|
|
||||||
email:
|
|
||||||
- "mail"
|
|
||||||
threepid:
|
|
||||||
medium:
|
|
||||||
email:
|
|
||||||
identity:
|
|
||||||
from: "matrix@{{ blsedomains_webdomain }}"
|
|
||||||
connectors:
|
|
||||||
smtp:
|
|
||||||
host: "{{ blsecluster_smtphost }}"
|
|
||||||
port: 587
|
|
||||||
tls: 1
|
|
||||||
login: "{{ username_email_root }}"
|
|
||||||
password: "{{ passwd_email_root }}"
|
|
||||||
dns:
|
|
||||||
overwrite:
|
|
||||||
homeserver:
|
|
||||||
client:
|
|
||||||
- name: 'im.{{ blsedomains_webdomain }}'
|
|
||||||
value: 'http://localhost:8008'
|
|
|
@ -1,37 +0,0 @@
|
||||||
{
|
|
||||||
"default_hs_url": "https://im.{{ blsedomains_webdomain }}",
|
|
||||||
"default_is_url": "https://im.{{ blsedomains_webdomain }}",
|
|
||||||
"disable_custom_urls": false,
|
|
||||||
"disable_guests": false,
|
|
||||||
"disable_login_language_selector": false,
|
|
||||||
"disable_3pid_login": false,
|
|
||||||
"brand": "Riot",
|
|
||||||
"integrations_ui_url": "https://scalar.vector.im/",
|
|
||||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
|
||||||
"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
|
|
||||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
|
||||||
"features": {
|
|
||||||
"feature_groups": "labs",
|
|
||||||
"feature_pinning": "labs"
|
|
||||||
},
|
|
||||||
"default_federate": true,
|
|
||||||
"default_theme": "light",
|
|
||||||
"roomDirectory": {
|
|
||||||
"servers": [
|
|
||||||
"{{ blsedomains_webdomain }}",
|
|
||||||
"im.{{ blsedomains_webdomain }}"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"welcomeUserId": "@riot-bot:matrix.org",
|
|
||||||
"piwik": {
|
|
||||||
"url": "https://piwik.riot.im/",
|
|
||||||
"whitelistedHSUrls": ["https://{{ blsedomains_webdomain }}", "https://im.{{ blsedomains_webdomain }}", "https://matrix.org"],
|
|
||||||
"whitelistedISUrls": ["https://{{ blsedomains_webdomain }}", "https://im.{{ blsedomains_webdomain }}", "https://vector.im", "https://matrix.org"],
|
|
||||||
"siteId": 1
|
|
||||||
},
|
|
||||||
"enable_presence_by_hs_url": {
|
|
||||||
"https://{{ blsedomains_webdomain }}": true,
|
|
||||||
"https://im.{{ blsedomains_webdomain }}": true,
|
|
||||||
"https://matrix.org": true
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,16 +0,0 @@
|
||||||
# Simple and straightforward web server for Riot
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
server {
|
|
||||||
listen 80 default_server;
|
|
||||||
listen [::]:80 default_server;
|
|
||||||
|
|
||||||
root /var/www/riot;
|
|
||||||
|
|
||||||
index index.html;
|
|
||||||
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue