bundles/dovecot: introduce

This commit is contained in:
Franzi 2020-11-07 22:31:47 +01:00
parent f42dda5961
commit 18b573a9c6
Signed by: kunsi
GPG key ID: 12E3D2136B818350
7 changed files with 286 additions and 0 deletions

View file

@ -0,0 +1,5 @@
connect = host=localhost dbname=${dbname} user=${dbuser} password=${dbpass}
driver = pgsql
default_pass_scheme = MD5-CRYPT
password_query = SELECT username as user, password FROM mailbox WHERE username = '%u' AND active = true
user_query = SELECT '/var/mail/vmail' || maildir as home, 65534 as uid, 65534 as gid FROM mailbox WHERE username = '%u' AND active = true

View file

@ -0,0 +1,130 @@
!include conf.d/*.conf
namespace inbox {
type = private
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
mail_location = maildir:/var/mail/vmail/%d/%n
protocols = imap lmtp sieve
ssl = yes
ssl_cert = </var/lib/dehydrated/certs/${node.metadata['postfix']['myhostname']}/fullchain.pem
ssl_key = </var/lib/dehydrated/certs/${node.metadata['postfix']['myhostname']}/privkey.pem
ssl_dh = </etc/dovecot/ssl/dhparam.pem
login_greeting = IMAPd ready
auth_mechanisms = plain login
first_valid_uid = 65534
disable_plaintext_auth = yes
mail_plugins = $mail_plugins zlib
plugin {
zlib_save_level = 6
zlib_save = gz
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_dir = /var/mail/vmail/sieve/%d/%n/
sieve = /var/mail/vmail/sieve/%d/%n.sieve
sieve_pipe_bin_dir = /var/mail/vmail/sieve/bin
sieve_extensions = +vnd.dovecot.pipe
% if node.has_bundle('rspamd'):
sieve_before = /var/mail/vmail/sieve/global/spam-global.sieve
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:/var/mail/vmail/sieve/global/learn-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/var/mail/vmail/sieve/global/learn-ham.sieve
% endif
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0660
user = nobody
group = nogroup
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service imap {
executable = imap
}
service imap-login {
service_count = 1
process_min_avail = 8
vsz_limit = 64M
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
postmaster_address = ${admin_email}
}
protocol imap {
mail_plugins = $mail_plugins imap_zlib imap_sieve
mail_max_userip_connections = 50
imap_idle_notify_interval = 29 mins
}
protocol sieve {
plugin {
sieve = /var/mail/vmail/sieve/%d/%n.sieve
sieve_storage = /var/mail/vmail/sieve/%d/%n/
}
}

View file

@ -0,0 +1,15 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "${1}";
}
if string "${mailbox}" "Trash" {
stop;
}
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-ham.sh" [ "${username}" ];

View file

@ -0,0 +1,7 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-spam.sh" [ "${username}" ];

View file

@ -0,0 +1,11 @@
require ["fileinto", "imap4flags"];
if header :contains "X-Spam-Flag" "YES" {
setflag "\\seen";
fileinto "Junk";
}
if header :contains "X-Spam" "Yes" {
setflag "\\seen";
fileinto "Junk";
}

66
bundles/dovecot/items.py Normal file
View file

@ -0,0 +1,66 @@
# Postfix bundle creates metadata and directories which are also used
# by this bundle
assert node.has_bundle('postfix')
files = {
'/etc/dovecot/dovecot.conf': {
'content_type': 'mako',
'context': {
'admin_email': node.metadata['dovecot']['admin_email'],
},
'needs': {
'pkg_apt:'
},
'triggers': {
'svc_systemd:dovecot:restart',
},
},
'/etc/dovecot/dovecot-sql.conf': {
'content_type': 'mako',
'context': node.metadata['dovecot']['database'],
'needs': {
'pkg_apt:'
},
'triggers': {
'svc_systemd:dovecot:restart',
},
},
}
actions = {
'dovecot_generate_dhparam': {
'command': 'openssl dhparam -out /etc/dovecot/ssl/dhparam.pem 2048',
'unless': 'test -f /etc/dovecot/ssl/dhparam.pem',
'cascade_skip': False,
'needs': {
'pkg_apt:'
},
'triggers': {
'svc_systemd:dovecot:restart',
},
},
}
svc_systemd = {
'dovecot': {
'needs': {
'action:dovecot_generate_dhparam',
'file:/etc/dovecot/dovecot.conf',
'file:/etc/dovecot/dovecot-sql.conf',
},
},
}
if node.has_bundle('rspamd'):
files['/var/mail/vmail/sieve/global/learn-ham.sieve'] = {
'owner': 'nobody',
'group': 'nogroup',
}
files['/var/mail/vmail/sieve/global/learn-spam.sieve'] = {
'owner': 'nobody',
'group': 'nogroup',
}
files['/var/mail/vmail/sieve/global/spam-global.sieve'] = {
'owner': 'nobody',
'group': 'nogroup',
}

View file

@ -0,0 +1,52 @@
defaults = {
'apt': {
'packages': {
'dovecot-imapd': {},
'dovecot-lmtpd': {},
'dovecot-managesieved': {},
'dovecot-pgsql': {},
'dovecot-sieve': {},
},
},
'icinga2_api': {
'dovecot': {
'services': {
'DOVECOT PROCESS': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit dovecot',
},
'IMAP CONNECT': {
'check_command': 'check_imap',
'vars.imap_port': 143,
},
'IMAPS CONNECT': {
'check_command': 'check_imap',
'vars.imap_port': 993,
'vars.imap_ssl': True,
},
},
},
},
}
if node.has_bundle('postfixadmin'):
defaults['dovecot'] = {
'database': {
'dbname': 'postfixadmin',
'dbuser': 'postfixadmin',
},
}
@metadata_reactor
def import_database_settings_from_postfixadmin(metadata):
if not node.has_bundle('postfixadmin'):
raise DoNotRunAgain
return {
'dovecot': {
'admin_email': metadata.get('postfixadmin/admin_email'),
'database': {
'dbpass': metadata.get('postgresql/users/postfixadmin/password'),
},
},
}