mejoras generales

defaults/main.yml

@@ -100,3 +100,9 @@ dovecot_quota_additional_limit:
 
 # gracia (en porcentaje o M)
 dovecot_quota_grace: 10%
+
+# submission
+dovecot_submission_enable: yes
+dovecot_submission_relay_host: postfix
+dovecot_submission_relay_port: 25
+dovecot_submission_relay_trusted: yes

files/Dockerfile

@@ -2,7 +2,11 @@ FROM eumau/debian:buster-slim
 LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
-ENV SUBMISSION_ENABLE= \
+ENV \
+    MAIL_DOMAINS= \
+    AUTH_MECHANISMS=plain \
+    AUTH_USERNAME_FORMAT="%Lu" \
+    AUTH_MASTER_ENABLE= \
     SUBMISSION_RELAY_HOST= \
     SUBMISSION_RELAY_PORT=25 \
     SUBMISSION_RELAY_TRUSTED=yes \
@@ -11,9 +15,25 @@ ENV SUBMISSION_ENABLE= \
     SUBMISSION_RELAY_PASSWORD= \
     SUBMISSION_RELAY_SSL=starttls \
     SUBMISSION_RELAY_SSL_VERIFY=no \
-    SUBMISSION_RELAY_RAWLOG_DIR=
+    SUBMISSION_RELAY_RAWLOG_DIR= \
+    LDAP_ENABLE= \
+    LDAP_HOSTS="ldap:389" \
+    LDAP_URIS= \
+    LDAP_BIND=yes \
+    LDAP_VERSION=3 \
+    LDAP_BASE="dc=example,dc=org" \
+    LDAP_SCOPE=sub \
+    LDAP_USER_ATTRS="=home=/vmail/mail/%d/%n, =uid=5000, =gid=5000" \
+    LDAP_USER_FILTER="(&(objectClass=inetOrgPerson)(uid=%n))" \
+    LDAP_PASS_ATTRS="userPassword=password, =userdb_home=/vmail/mail/%d/%n, =userdb_uid=5000, =userdb_gid=5000" \
+    LDAP_PASS_FILTER="(&(objectClass=inetOrgPerson)(uid=%n))" \
+    LDAP_ITERATE_ATTRS="=user=%{ldap:uid}@%d" \
+    LDAP_ITERATE_FILTER="(objectClass=inetOrgPerson)" \
+    LDAP_DEFAULT_PASS_SCHEME=CRYPT
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
+  && mkdir -p /vmail && chown vmail:vmail /vmail \
+  && apt-get update && apt-get install -y --no-install-recommends \
      dovecot-lmtpd \
      dovecot-imapd \
      dovecot-ldap \
@@ -24,8 +44,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
      bogofilter \
      ssl-cert \
   && rm -rf /var/lib/apt/lists/* \
-  && groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
-  && mkdir -p /vmail && chown vmail:vmail /vmail \
   && mkdir -p /ssl && chmod 700 /ssl \
   && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
   && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
@@ -44,13 +62,7 @@ ADD 10-mail.conf \
 ADD local.conf /etc/dovecot/
 ADD junk-filter.sieve /etc/dovecot/sieve/before/
 
-ADD \
-  10-auth.conf.tmpl \
-  20-lmtp.conf.tmpl \
-  ldap.conf.ext.tmpl \
-  submission.conf.tmpl \
-  /etc/confd/templates/
-ADD confd-*.toml /etc/confd/conf.d/
+ADD confd /etc/confd/
 
 RUN sievec /etc/dovecot/sieve/before
 

files/confd/conf.d/auth.toml

@@ -6,5 +6,5 @@ keys = [
     "/auth/username/format",
     "/auth/mechanisms",
     "/auth/master/enable",
-    "/auth/ldap/enable"
+    "/ldap/enable"
 ]

files/confd/conf.d/submission.toml

@@ -2,7 +2,6 @@
 src = "submission.conf.tmpl"
 dest = "/etc/dovecot/local.d/submission.conf"
 keys = [
-    "/submission/enable",
     "/submission/relay/host",
     "/submission/relay/port",
     "/submission/relay/trusted",

files/confd/templates/10-auth.conf.tmpl

@@ -17,7 +17,7 @@ passdb {
 {{ end }}
 
 
-{{ if eq (getv "/auth/ldap/enable") "yes"}}
+{{ if eq (getv "/ldap/enable") "yes"}}
 passdb {
   driver = ldap
   args = /etc/dovecot/local.d/ldap.conf.ext

files/confd/templates/submission.conf.tmpl

@@ -1,5 +1,3 @@
-{{ if eq (getv "/submission/enable") "yes"}}
-protocols = $protocols submission
 submission_relay_host = {{getv "/submission/relay/host"}}
 submission_relay_port = {{getv "/submission/relay/port"}}
 submission_relay_trusted = {{getv "/submission/relay/trusted"}}
@@ -9,6 +7,3 @@ submission_relay_password = {{getv "/submission/relay/password"}}
 submission_relay_ssl = {{getv "/submission/relay/ssl"}}
 submission_relay_ssl_verify = {{getv "/submission/relay/ssl/verify"}}
 submission_relay_rawlog_dir = {{getv "/submission/relay/rawlog/dir"}}
-{{else}}
-# submission service disabled
-{{end}}

tasks/main.yml

@@ -11,24 +11,16 @@
     dest: /root/.dovecot-docker-image
   loop:
     - Dockerfile
-    - 10-auth.conf.tmpl
     - 10-mail.conf
     - 10-master.conf
     - 10-ssl.conf
     - 15-mailboxes.conf
     - 20-imap.conf
-    - 20-lmtp.conf.tmpl
     - 90-antispam.conf
     - 90-sieve.conf
-    - ldap.conf.ext.tmpl
     - junk-filter.sieve
     - local.conf
-    - submission.conf.tmpl
-    - confd-auth.toml
-    - confd-ldap.toml
-    - confd-ldap2.toml
-    - confd-lmtp.toml
-    - confd-submission.toml
+    - confd
   tags: skip_me
 
 - name: Crear imagen {{ dovecot_image }}
@@ -50,25 +42,27 @@
       - "{{ dovecot_volume_ssl }}:/ssl/"
     networks:
       - name: "{{ docker_network_name }}"
-    ports:
-      - 143:143
-      - 2000:2000
+    ports: >-
+      [ "143:143",
+        {{ '"587:587",' if dovecot_submission_enable else '' }}
+        "2000:2000"
+      ]
+
     env:
       MAIL_DOMAINS: "{{ mail_domains.keys() | list | join(' ') }}"
       AUTH_MECHANISMS: "{{ dovecot_auth_mechanisms }}"
       AUTH_USERNAME_FORMAT: "{{ dovecot_auth_username_format }}"
-      AUTH_LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}"
       AUTH_MASTER_ENABLE: "{{ 'yes' if dovecot_auth_master_enable else '' }}"
-      SUBMISSION_ENABLE: "yes"
-      SUBMISSION_RELAY_HOST: postfix
-      SUBMISSION_RELAY_PORT: "25"
-      SUBMISSION_RELAY_TRUSTED: "yes"
+      SUBMISSION_RELAY_HOST: "{{ dovecot_submission_relay_host }}"
+      SUBMISSION_RELAY_PORT: "{{ dovecot_submission_relay_port | string }}"
+      SUBMISSION_RELAY_TRUSTED: "{{ 'yes' if dovecot_submission_relay_trusted else 'no' }}"
       # SUBMISSION_RELAY_USER:
       # SUBMISSION_RELAY_MASTER_USER:
       # SUBMISSION_RELAY_PASSWORD:
       # SUBMISSION_RELAY_SSL: starttls
       # SUBMISSION_RELAY_SSL_VERIFY: "no"
       # SUBMISSION_RELAY_RAWLOG_DIR:
+      LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}"
       LDAP_HOSTS: "{{ dovecot_ldap_hosts | join(' ') }}"
       LDAP_URIS: "{{ dovecot_ldap_uris | join(' ') }}"
       LDAP_BIND: "{{ 'yes' if dovecot_ldap_bind else 'no' }}"