From a7c269731d00361b1eec052274a04819855fa8ac Mon Sep 17 00:00:00 2001 From: Julian Rother Date: Tue, 14 Jan 2025 16:16:36 +0100 Subject: [PATCH] Initial commit --- README.md | 16 ++++++++++++++++ defaults/main.yml | 10 ++++++++++ handlers/main.yml | 4 ++++ tasks/main.yml | 25 ++++++++++++++++++++++++ templates/dovecot.conf.j2 | 38 +++++++++++++++++++++++++++++++++++++ templates/proxy-sql.conf.j2 | 4 ++++ 6 files changed, 97 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/dovecot.conf.j2 create mode 100644 templates/proxy-sql.conf.j2 diff --git a/README.md b/README.md new file mode 100644 index 0000000..95f108e --- /dev/null +++ b/README.md @@ -0,0 +1,16 @@ +# MUA-facing IMAP and SMTP (submission) proxy with Dovecot + +Forwards IMAP and SMTP (submission) connections from MUAs to different backend servers based on the mail domain. + +```yaml +dovecot_proxy: + domain_proxies: + example.com: + backend_host: myoldmailsetup.net + mymaildomain.org: + backend_host: mynewmailsetup.org +``` + +This proxies users with `@example.com` email addresses to myoldmailsetup.net and users with `@mymaildomain.org` email addresses to mynewmailsetup.org. + +Make sure to setup ssl certificates (see defaults for `ssl_cert` and `ssl_key`). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..1acafef --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,10 @@ +dovecot_proxy: + debug_log_enabled: false # Logs passwords and more to /var/log/dovecot.debug.log + ssl_cert: "/etc/ssl/{{ inventory_hostname }}.chain.crt" + ssl_key: "/etc/ssl/private/{{ inventory_hostname }}.key" + auth_mechanisms: plain login + imaps_enabled: true + submission_enabled: true + submissions_enabled: false # Only works if submission_enabled is true! + + domain_proxies: {} diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..9265d96 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Reload dovecot + ansible.builtin.systemd_service: + name: dovecot + state: reloaded diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..49481f9 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,25 @@ +- name: Install dovecot + ansible.builtin.apt: + pkg: + - dovecot-common + - dovecot-imapd + - dovecot-submissiond + +- name: Copy dovecot config + ansible.builtin.template: + src: dovecot.conf.j2 + dest: /etc/dovecot/dovecot.conf + owner: root + group: root + mode: 0644 + notify: Reload dovecot + +- name: Copy dovecot proxy configs + ansible.builtin.template: + src: proxy-sql.conf.j2 + dest: "/etc/dovecot/proxy-domain-{{ item.key }}-sql.conf" + owner: root + group: root + mode: 0644 + loop: "{{ dovecot_proxy.domain_proxies|dict2items }}" + notify: Reload dovecot diff --git a/templates/dovecot.conf.j2 b/templates/dovecot.conf.j2 new file mode 100644 index 0000000..cc08801 --- /dev/null +++ b/templates/dovecot.conf.j2 @@ -0,0 +1,38 @@ +{% if dovecot_proxy.debug_log_enabled %} +auth_verbose = yes +auth_debug = yes +auth_debug_passwords = yes +mail_debug = yes +debug_log_path = /var/log/dovecot.debug.log +{% endif %} + +auth_mechanisms = {{ dovecot_proxy.auth_mechanisms }} + +protocols = {% if dovecot_proxy.imaps_enabled %}imap {% endif %}{% if dovecot_proxy.submission_enabled %}submission{% endif %} + +{% if dovecot_proxy.submissions_enabled %} +service submission-login { + inet_listener submissions { + port = 465 + ssl = yes + } +} +{% endif %} + +ssl = required +ssl_ca =