Ajout d'une variable docker_mailserver_saslauthd_mechanisms, révision de la documentation
This commit is contained in:
parent
d3b3551e9b
commit
5ca909f6b0
5 changed files with 113 additions and 39 deletions
18
LICENSE
Normal file
18
LICENSE
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the "Software"), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||||
|
the Software, and to permit persons to whom the Software is furnished to do so,
|
||||||
|
subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||||
|
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||||
|
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||||
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
101
README.md
101
README.md
|
@ -1,52 +1,85 @@
|
||||||
# Role : docker_mailserver
|
# docker_mailserver
|
||||||
|
|
||||||
|
|
||||||
## Services fournis
|
|
||||||
|
|
||||||
Installation de mailserver sur un serveur docker_host, en lien avec un annuaire LDAP.
|
Installation de mailserver sur un serveur docker_host, en lien avec un annuaire LDAP.
|
||||||
|
|
||||||
|
## Prérequis
|
||||||
|
|
||||||
|
* un serveur préparé avec rôle docker_host
|
||||||
|
* un annuaire LDAP préparé avec le role docker_openldap
|
||||||
|
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
Fournir les variables suivantes. Par exemple :
|
Fournir les variables suivantes. Par exemple :
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
# Le nom de domaine pour lequel le service mailserver répond
|
||||||
docker_mailserver_fqdn: mailserver.example.com
|
docker_mailserver_fqdn: mailserver.example.com
|
||||||
|
# Version de l'image docker pour mailserver
|
||||||
docker_mailserver_version: 13.2.0
|
docker_mailserver_version: 13.2.0
|
||||||
|
# L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service
|
||||||
docker_mailserver_data_dir: /data1
|
docker_mailserver_data_dir: /data1
|
||||||
|
# Le nom de service souhaité : conditionne le nommage des volumes
|
||||||
docker_mailserver_service_id: mailserver
|
docker_mailserver_service_id: mailserver
|
||||||
|
# Adresse du postmaster
|
||||||
docker_mailserver_postmaster_address: postmaster@example.com
|
docker_mailserver_postmaster_address: postmaster@example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Si le conteneur docker_mailserver ne doit pas écouter sur toutes les interfaces, il est possible de spécifier les adresses d'écoute avec ces variables :
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
docker_mailserver_listen_ipv4: "1.2.3.4"
|
||||||
|
docker_mailserver_listen_ipv6: "2345:425:1234::1234"
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Si couplage avec un annuaire LDAP, définir à minima les variables suivantes :
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# URI du serveur LDAP
|
||||||
|
docker_mailserver_ldap_server: ldaps://ldap.example.com:636
|
||||||
|
# Base de recherche LDAP
|
||||||
|
docker_mailserver_ldap_search_base: "dc=example,dc=com"
|
||||||
|
# DN du compte de service de connexion à l'annuaire
|
||||||
|
docker_mailserver_ldap_bind_dn: "uid=mailserver,ou=serviceaccounts,dc=example,dc=com"
|
||||||
|
# Mot de passe du compte de service
|
||||||
|
docker_mailserver_ldap_bind_pwd: mypassword
|
||||||
|
```
|
||||||
|
|
||||||
|
D'autres variables ont des valeurs par défaut qu'il est possible de surchrager et qui sont présentes dans defaults/main.yml.
|
||||||
|
|
||||||
|
|
||||||
Consulter https://docker-mailserver.github.io/docker-mailserver/latest/ pour les détails des options de configuration
|
Consulter https://docker-mailserver.github.io/docker-mailserver/latest/ pour les détails des options de configuration
|
||||||
|
|
||||||
| Option | Valeur par défaut | Description |
|
|
||||||
|--------------------------------------------|-------------------|-------------------------------------------------------------------------------------------|
|
## Dépendances
|
||||||
| docker_mailserver_fqdn | | Le nom de domaine pour lequel le service mailserver répond |
|
|
||||||
| docker_mailserver_version | | Version de l'image docker pour mailserver |
|
Aucune
|
||||||
| docker_mailserver_data_dir | | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service |
|
|
||||||
| docker_mailserver_service_id | | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik |
|
|
||||||
| docker_mailserver_postmaster_address | | Adresse du postmaster |
|
## Exemple de playbook
|
||||||
| docker_mailserver_enable_amavis | 1 | Active le filtrage de contenu avec clamav ou spamassassin |
|
|
||||||
| docker_mailserver_enable_clamav | 1 | Active l'antivirus clamav |
|
```yaml
|
||||||
| docker_mailserver_enable_spamassassin | 1 | Active le filte antispam spamassassin |
|
- hosts: all
|
||||||
| docker_mailserver_enable_dnsbl | 1 | Active l'utilisation de DNSBL |
|
|
||||||
| docker_mailserver_enable_fail2ban | 1 | Active fail2ban |
|
vars:
|
||||||
| docker_mailserver_enable_managesieve | 1 | Active la gestion des filtres sieve sur le port 4190 |
|
docker_mailserver_fqdn: mail.example.com
|
||||||
| docker_mailserver_fail2ban_bantime | 1h | Temps de bannissement par fail2ban |
|
docker_mailserver_data_dir: /data/my-docker-mailserver-volume
|
||||||
| docker_mailserver_fail2ban_findtime | 1h | Temps pendant lequel un hote doit faire moins que maxretries pour ne pas être banni |
|
docker_mailserver_service_id: mailserver_mail_example_com
|
||||||
| docker_mailserver_fail2ban_maxretry | 15 | Nombre de tentatives pendant findtime avant d'être banni |
|
docker_mailserver_version: 13.1.0
|
||||||
| docker_mailserver_fail2ban_ignoreip | "" | Hotes qui ne seront pas bannis |
|
docker_mailserver_listen_ipv4: 1.2.3.4
|
||||||
| docker_mailserver_ldap_server | | URI du serveur LDAP |
|
docker_mailserver_ldap_server: "ldaps://ldap.example.com:636"
|
||||||
| docker_mailserver_ldap_search_base | | Base de recherche LDAP |
|
docker_mailserver_ldap_search_base: "dc=example,dc=com"
|
||||||
| docker_mailserver_ldap_bind_dn | | DN du compte de service de connexion à l'annuaire |
|
docker_mailserver_ldap_bind_dn: "uid=mailserver,ou=serviceaccounts,dc=example,dc=com"
|
||||||
| docker_mailserver_ldap_bind_pwd | | Mot de passe du compte de service |
|
docker_mailserver_ldap_bind_pwd: !vault |
|
||||||
| docker_mailserver_ldap_query_filter_user | cf. defaults | Filtre de recherche des utilisateurs |
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
| docker_mailserver_ldap_query_filter_group | cf. defaults | Filtre de recherche des groupes |
|
1234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
| docker_mailserver_ldap_query_filter_alias | cf. defaults | Filtre de recherche des alias |
|
12345678901234567890123456789
|
||||||
| docker_mailserver_ldap_query_filter_domain | cf. defaults | Filtre de recherche des domaines |
|
|
||||||
| docker_mailserver_dovecot_user_filter | cf. defaults | Filtre de recherche des utilisateurs pour dovecot |
|
roles:
|
||||||
| docker_mailserver_dovecot_user_attrs | cf. defaults | Valeur de user_attrs pour dovecot |
|
- docker_mailserver
|
||||||
| docker_mailserver_saslauthd_ldap_filter | cf. defaults | Filtre de recherche des utilisateurs pour saslauthd |
|
```
|
||||||
| docker_mailserver_default_relay_host | "" | Relai sortant par défaut (pour tous les mails) |
|
|
||||||
| docker_mailserver_relay_host | "" | Relai sortant par défaut (configuration par domaine) |
|
# Licence
|
||||||
|
|
||||||
|
MIT
|
||||||
|
|
|
@ -1,25 +1,48 @@
|
||||||
|
# Active le filtrage de contenu avec clamav ou spamassassin
|
||||||
docker_mailserver_enable_amavis: "1"
|
docker_mailserver_enable_amavis: "1"
|
||||||
|
# Active l'antivirus clamav
|
||||||
docker_mailserver_enable_clamav: "1"
|
docker_mailserver_enable_clamav: "1"
|
||||||
|
# Active le filte antispam spamassassin
|
||||||
docker_mailserver_enable_spamassassin: "1"
|
docker_mailserver_enable_spamassassin: "1"
|
||||||
|
# Active l'utilisation de DNSBL
|
||||||
docker_mailserver_enable_dnsbl: "1"
|
docker_mailserver_enable_dnsbl: "1"
|
||||||
|
# Active fail2ban
|
||||||
docker_mailserver_enable_fail2ban: "1"
|
docker_mailserver_enable_fail2ban: "1"
|
||||||
|
# Active la gestion des filtres sieve sur le port 4190
|
||||||
docker_mailserver_enable_managesieve: "1"
|
docker_mailserver_enable_managesieve: "1"
|
||||||
|
# Temps de bannissement par fail2ban
|
||||||
docker_mailserver_fail2ban_bantime: "1h"
|
docker_mailserver_fail2ban_bantime: "1h"
|
||||||
|
# Temps pendant lequel un hote doit faire moins que maxretries pour ne pas être banni
|
||||||
docker_mailserver_fail2ban_findtime: "1h"
|
docker_mailserver_fail2ban_findtime: "1h"
|
||||||
|
# Nombre de tentatives pendant findtime avant d'être banni
|
||||||
docker_mailserver_fail2ban_maxretry: "15"
|
docker_mailserver_fail2ban_maxretry: "15"
|
||||||
|
# Hotes qui ne seront pas bannis
|
||||||
docker_mailserver_fail2ban_ignoreip: ""
|
docker_mailserver_fail2ban_ignoreip: ""
|
||||||
|
# Séparateur à considérer pour identifier une sous-adresse
|
||||||
docker_mailserver_recipient_delimiter: "+"
|
docker_mailserver_recipient_delimiter: "+"
|
||||||
|
|
||||||
|
# Si couplage à un annuaire LDAP
|
||||||
|
# Groupe contenant les utilisateurs du serveur de mail
|
||||||
docker_mailserver_ldap_mail_users_group_dn: "cn=mail-users,ou=groups,{{ docker_mailserver_ldap_search_base }}"
|
docker_mailserver_ldap_mail_users_group_dn: "cn=mail-users,ou=groups,{{ docker_mailserver_ldap_search_base }}"
|
||||||
|
# Filtre de recherche des utilisateurs
|
||||||
docker_mailserver_ldap_query_filter_user: "(&(mail=%s)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
docker_mailserver_ldap_query_filter_user: "(&(mail=%s)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
||||||
|
# Filtre de recherche des groupes
|
||||||
docker_mailserver_ldap_query_filter_group: "(&(mailGroupMember=%s)(objectClass=PostfixBookMailAccount)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
docker_mailserver_ldap_query_filter_group: "(&(mailGroupMember=%s)(objectClass=PostfixBookMailAccount)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
||||||
|
# Filtre de recherche des alias
|
||||||
docker_mailserver_ldap_query_filter_alias: "(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
docker_mailserver_ldap_query_filter_alias: "(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
||||||
|
# Filtre de recherche des domaines
|
||||||
docker_mailserver_ldap_query_filter_domain: "(&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(objectClass=PostfixBookMailAccount)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
docker_mailserver_ldap_query_filter_domain: "(&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(objectClass=PostfixBookMailAccount)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
||||||
|
# Filtre de recherche des utilisateurs pour dovecot
|
||||||
docker_mailserver_dovecot_user_filter: "(&(objectClass=PostfixBookMailAccount)(mail=%u)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
docker_mailserver_dovecot_user_filter: "(&(objectClass=PostfixBookMailAccount)(mail=%u)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
||||||
|
# Valeur de user_attrs pour dovecot
|
||||||
docker_mailserver_dovecot_user_attrs: "mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail,mailQuota=quota_rule=*:bytes=%$"
|
docker_mailserver_dovecot_user_attrs: "mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail,mailQuota=quota_rule=*:bytes=%$"
|
||||||
|
# Type d'authentification pour saslauthd
|
||||||
|
docker_mailserver_saslauthd_mechanisms: rimap
|
||||||
|
# si docker_mailserver_saslauthd_mechanisms: ldap, filtre de recherche des utilisateurs pour saslauthd
|
||||||
docker_mailserver_saslauthd_ldap_filter: "(&(uid=%U)(objectClass=PostfixBookMailAccount)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
docker_mailserver_saslauthd_ldap_filter: "(&(uid=%U)(objectClass=PostfixBookMailAccount)(memberOf={{ docker_mailserver_ldap_mail_users_group_dn }}))"
|
||||||
|
|
||||||
|
# Si les mails sortants doivent passer par un relai
|
||||||
|
# Relai sortant par défaut (pour tous les mails)
|
||||||
docker_mailserver_default_relay_host: ""
|
docker_mailserver_default_relay_host: ""
|
||||||
|
# Relai sortant par défaut (configuration par domaine)
|
||||||
docker_mailserver_relay_host: ""
|
docker_mailserver_relay_host: ""
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Olivier Navas
|
author: Olivier Navas
|
||||||
description: Modèle d'installation Libretic pour mailserver
|
description: Modèle d'installation Libretic pour mailserver
|
||||||
license: GPL-3.0-only
|
license: MIT
|
||||||
min_ansible_version: 2.9
|
min_ansible_version: 2.9
|
||||||
galaxy_tags: []
|
galaxy_tags: []
|
||||||
|
|
||||||
|
|
|
@ -387,11 +387,11 @@ ENABLE_SASLAUTHD=1
|
||||||
# `mysql` => authenticate against mysql db
|
# `mysql` => authenticate against mysql db
|
||||||
# `rimap` => authenticate against imap server
|
# `rimap` => authenticate against imap server
|
||||||
# Note: can be a list of mechanisms like pam ldap shadow
|
# Note: can be a list of mechanisms like pam ldap shadow
|
||||||
SASLAUTHD_MECHANISMS=ldap
|
SASLAUTHD_MECHANISMS={{ docker_mailserver_saslauthd_mechanisms }}
|
||||||
|
|
||||||
# empty => None
|
# empty => None
|
||||||
# e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
|
# e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
|
||||||
SASLAUTHD_MECH_OPTIONS=
|
SASLAUTHD_MECH_OPTIONS=127.0.0.1
|
||||||
|
|
||||||
# empty => Use value of LDAP_SERVER_HOST
|
# empty => Use value of LDAP_SERVER_HOST
|
||||||
# Note: since version 10.0.0, you can specify a protocol here (like ldaps://); this deprecates SASLAUTHD_LDAP_SSL.
|
# Note: since version 10.0.0, you can specify a protocol here (like ldaps://); this deprecates SASLAUTHD_LDAP_SSL.
|
||||||
|
|
Loading…
Reference in a new issue