blee/ansible-role-disposable-mail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags 56 KiB
Jinja 100%
f63f8bf0a6
Go to file
Brian Lee f63f8bf0a6 Initialize repo for alias mail role.
2023-07-22 15:55:57 -07:00
defaults Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
docs Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
files Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
handlers Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
meta Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
tasks Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
templates Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
vars Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
.gitignore Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
LICENSE Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
README.md Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00
requirements.yml Initialize repo for alias mail role. 2023-07-22 15:55:57 -07:00

README.md

Ansible Role: disposable-mail

This is an Ansible role that sets up a mail server by installing and configuring postfix, dovecot, and opendkim.

It is intended to facilitate using smtp and imap service with disposable mail aliases for a single user. It stores mail using Maildir, which is a simple plaintext format. The configuration uses unix sockets for inter-process communication and prefers strong encryption for network connections. The configured header_checks filter out unnecessary postfix mail headers to limit leakage of personal information.

This configuration is not intended to replace a user's primary personal email account. Do not use a disposable alias for important or sensitive accounts. Messages are by default stored in plaintext on your server (unless you've set up disk encryption separately).

It includes a helper script to create new email aliases. You can create an alias to call it.

alias addmail='ssh root@host create-email-alias'

Usage: addmail newservice creates an alias to receive mail at newservice@example.com

Requirements

See requirements.yml

Variables

postfix_domain: example.com
postfix_hostname: mail.example.com
postfix_smtpd_tls_cert_file: ""
postfix_smtpd_tls_key_file: ""
postfix_smtpd_tls_dh1024_param_file: ""

See the default variables.

Example Playbook

- hosts: mail
  become: yes
  roles:
    - bleetube.mail

Example Deployment

See docs/DEPLOYMENT.md

Security

For hardening, we recommend that network access to dovecot (TCP/993) be restricted to trusted IPs. See cve details.

Privacy

Postfix master.cf should configure smtpd behavior to require encrypted client connections. In practice, this means figuring out what connection method for a given mail client that is going to work with a mail server that requires strong encryption.

See docs/CLIENTS.md for notes on mail clients.

Misc

There are some interesting mta implementations that may replace or compliment parts of this stack in the future:

Credit

Thanks to Mischa ter Smitten for his work on the ansible-postfix role. The postfix setup process is largely a modified version of that role. The relevant license and copyright notice can be found in postfix.yml.