blee/ansible-role-disposable-mail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Flesh out readme and ensure services are started.

Browse Source
This commit is contained in:
Brian Lee 2023-08-21 09:20:49 -07:00
parent 0a286ccc1c
commit b9adfc923e
5 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -63,6 +63,13 @@ See the provided [example](docs/examples/backup.sh) script. Keep in mind that wh
ansible-playbook -e 'force_dovecot_passwd_file_maildir_ids=yes' playbooks/mail.yml ansible-playbook -e 'force_dovecot_passwd_file_maildir_ids=yes' playbooks/mail.yml
``` ```
## Troubleshooting
```shell
systemctl status opendkim dovecot postfix
journalctl -fu postfix@-
journalctl -fu dovecot
```
## Misc ## Misc
There are some interesting mta implementations that may replace or compliment parts of this stack in the future: There are some interesting mta implementations that may replace or compliment parts of this stack in the future:

30
docs/DEPLOYMENT.md
View File

@ -11,10 +11,10 @@
``` ```
The `A` and `MX` records are required, while the `TXT` records are optional but recommended. The `A` and `MX` records are required, while the `TXT` records are optional but recommended.
2. Set a password for the "main" virtual inbox: 2. Configure credentials for the "hello" virtual inbox on the server. Use your favorite password manager to generate a passphrase and then run this to configure it:
```shell ```shell
echo main:$(doveadm pw -s BLF-CRYPT) >> files/$TARGET/imap.passwd sudo echo hello:$(doveadm pw -s BLF-CRYPT):$(id -u maildir):$(id -g maildir) >> /etc/dovecot/imap.passwd
``` ```
Also, if you use `doas` rather than `sudo`, you need to permit your ansible_user to become opendkim in your `/etc/doas.conf`: Also, if you use `doas` rather than `sudo`, you need to permit your ansible_user to become opendkim in your `/etc/doas.conf`:
@ -23,26 +23,20 @@
permit nopass blee as opendkim permit nopass blee as opendkim
``` ```
3. Copy a vars/targets file, update the values, and run this playbook 3. configure some virtual aliases in /etc/postfix/virtual and run: `postmap virtual` (See `man 5 postconf` for details)
Troubleshooting: Sanity check opendkim (may need restart, although I think I fixed that): 4. Configure your playbook's variables and run this playbook.
* (should be fixed) Troubleshooting: Sanity check opendkim, the unix socket should exist and be writable
```shell ```shell
ls -AlF /var/spool/postfix/opendkim/opendkim.sock ls -AlF /var/spool/postfix/opendkim/opendkim.sock
``` ```
4. look at the maildir uid/gid in main.cf and use those in the imap.passwd file (switching to the dovecot role will fix that later) Validate your dns records: [mxtoolbox.com](https://mxtoolbox.com/)
5. configure some virtual aliases in /etc/postfix/virtual and run: ## Optional: sending authenticated mail
```shell * Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt
postmap virtual vmailbox
```
See `man 5 postconf` for details.
6. Sanity check: https://mxtoolbox.com/
7. (optional) Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt
Here's an example line in dnscontrol: Here's an example line in dnscontrol:
@ -51,13 +45,13 @@
``` ```
* See [print-rdata.py](examples/print-rdata.py) for a (kind of bad) example of how to automatically parse mail.txt * See [print-rdata.py](examples/print-rdata.py) for a (kind of bad) example of how to automatically parse mail.txt
* See [dnscontrol](https://dnscontrol.org/) as well as [octodns](https://github.com/octodns/octodns-easydns) * You can codify your records in a git repo using a tool like [dnscontrol](https://dnscontrol.org/) as well as [octodns](https://github.com/octodns/octodns-easydns)
If you're really feeling adventurous, you could even set up a proper dmarc address to replace the original placeholder TXT record. * If you're really feeling adventurous, you could even set up a proper dmarc address to replace the original placeholder TXT record.
```Javascript ```Javascript
TXT('_dmarc', 'v=DMARC1; p=reject; rua=mailto:dmarc@satstack.cloud; fo=1') TXT('_dmarc', 'v=DMARC1; p=reject; rua=mailto:dmarc@satstack.cloud; fo=1')
``` ```
After records propogate, verify outbound mail using [mail-tester](https://www.mail-tester.com/). After records propogate, verify outbound mail using [mail-tester](https://www.mail-tester.com/). I can score 10/10 by sending an email with an html mime type (just copypasta something from chatgpt).

8
tasks/dovecot.yml
View File

@ -39,4 +39,10 @@
regexp: '(.*):(\d+):(\d+)$' regexp: '(.*):(\d+):(\d+)$'
replace: '\1:{{ maildir_uid }}:{{ maildir_gid }}' replace: '\1:{{ maildir_uid }}:{{ maildir_gid }}'
when: force_dovecot_passwd_file_maildir_ids when: force_dovecot_passwd_file_maildir_ids
notify: restart dovecot notify: restart dovecot
- name: Ensure dovecot service is started and enabled.
ansible.builtin.service:
name: dovecot
state: started
enabled: yes

7
tasks/opendkim.yml
View File

@ -46,4 +46,11 @@
name: opendkim name: opendkim
state: restarted state: restarted
when: not opendkim_socket.stat.exists when: not opendkim_socket.stat.exists
- name: Ensure opendkim service is started and enabled.
ansible.builtin.service:
name: opendkim
state: started
enabled: yes

6
tasks/postfix.yml
View File

@ -79,11 +79,11 @@
path: "{{ postfix_smtpd_tls_dh1024_param_file }}" path: "{{ postfix_smtpd_tls_dh1024_param_file }}"
size: 2048 size: 2048
- name: Temporarily stop postfix - name: Ensure postfix service is started
ansible.builtin.service: ansible.builtin.service:
name: postfix name: postfix
state: stopped state: started
enabled: false enabled: yes
- name: Set up helper script to create new email aliases - name: Set up helper script to create new email aliases
ansible.builtin.template: ansible.builtin.template: