senselab/ansible-role-dovecot
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
30 commits 1 branch 0 tags 93 KiB
Find a file
Exact
phil 6890391422 Probably fiy quota warning service
2025-12-01 15:01:29 +01:00
.vscode Add vscodium settings 2025-11-30 18:36:39 +01:00
defaults Fix values 2025-12-01 12:48:59 +01:00
files Add script 2025-11-30 19:04:13 +01:00
handlers WIP: Add tasks 2025-11-30 18:36:50 +01:00
meta Fix typo 2025-11-30 19:04:26 +01:00
tasks Fix typos in variables and tasks names 2025-12-01 12:44:10 +01:00
templates Probably fiy quota warning service 2025-12-01 15:01:29 +01:00
.gitignore Ignore files 2025-11-30 18:36:28 +01:00
README.md WIP: Optionally enable mail_crypt 2025-12-01 14:51:31 +01:00

README.md

Dovecot

This role installs Dovecot (>= 2.4) with the following features:

  • Protocols: IMAP, LMTP, POP, SIEVE
  • User quota with quota warning notifications via email
  • File based last login information
  • Login methods: PLAIN, LOGIN, XOAUTH2

The role does not use the split configuration under conf.d. All settings are managed via dovecot.conf.

Required Variables

In defaults/main.yml you will find most of the required variables.. You should definitly adapt these variables to you needs. Additionally you need to add these variables:

Variable Type Dovecot setting
dovevot_ssl_server_cert_file str ssl_server_cert_file
dovecot_ssl_server_key_file str ssl_server_key_file
dovecot_ssl_server_dh_file str ssl_server_dh_file
dovecot_quota_warning_mail_from_address str
ansible_managed str

Authentification

For authentification to work you need to configure passdb and userdb lookups like this:

passdb

dovecot_passdb:
  - type: ldap
    options:
      bind: "no"
      filter: '(&(objectClass=mailAccount)(|(|(cn=%{user})(mail=%{user}))(mailAlternateAddress=%{user})))'
      fields:
        user: "%{ldap:cn}"
        password: "%{ldap:userPassword}"
  - type: oauth2
    options:
      active_attribute: "active"
      active_value: "true"
      force_introspection: "yes"
      introspection_url: "https://<client_id>:<client_secret>@auth.example.org/application/o/introspect/"
      introspection_mode: "post"
      tokeninfo_url: "https://auth.example.org/application/o/userinfo/?access_token="
      tls_ca_cert_file: "/etc/ssl/certs/ca-certificates.crt"
      username_attribute: "preferred_username"

userdb lookup

dovecot_userdb:
  - type: ldap
    options:
      filter: '(&(objectClass=mailAccount)(|(|(cn=%{user})(mail=%{user}))(mailAlternateAddress=%{user})))'
      fields:
        user: "%{ldap:cn}"
        home: "{{ dovecot_mail_root }}/%{ldap:cn}"
      iterate_filter: "(objectClass=mailAccount)"
      iterate_fields:
        user: "%{ldap:cn}"

LDAP Auth

If you want to use LDAP as an authentification backend you need to configure the LDAP connection:

dovecot_ldap:
  ldap_uris:
    - "ldap://ldap.example.org"
  ldap_base: ou=People,o=server,dc=example,dc=org

Optional Variables

Variable Type Dovecot setting
dovecot_first_valid_uid int first_valid_uid
dovecot_last_valid_uid int last_valid_uid
dovecot_login_trusted_networks list (int) login_trusted_networks
dovecot_enable_mail_crypt bool mail_plugins --> mail_crypt

Self-signed certificates for local connections

dovecot_local_names:
  - name: "dovecot.host"
    ssl_server_cert_file: "/etc/ssl/certs/dovecot.host/fullchain.pem"
    ssl_server_key_file: "/etc/ssl/certs/dovecot.host/privkey.pem"

Import Environment Variables

dovecot_import_environment:
  userli_api_access_token: ""
  userli_host: ""
  tmpdir: /dovecot-tmp