[trees] - created external reachable mailserver

  * mailserver accessable via ssl
  * domain: trees.testing
  * SSL cert needs to be accepted when used with thunderbird
  * changed vbox box name

vagrant/Vagrantfile

@@ -11,7 +11,7 @@ Vagrant.configure("2") do |config|
     config.vm.provider "virtualbox" do |v|
       v.memory = 1024
       v.cpus = 2
-      v.name = "trees-debian-testing"
+      v.name = "trees-debian-stretch"
     end
 
     config.ssh.forward_agent = true

vagrant/ansible/roles/dovecot/tasks/install.yml

@@ -62,6 +62,8 @@
    - 10-master.conf
    - 10-mail.conf
    - 10-auth.conf
+   - 10-ssl.conf
+   - 15-mailboxes.conf
    - auth-sql.conf.ext
   notify: restart dovecot
 

vagrant/ansible/roles/dovecot/templates/dovecot/conf.d/10-master.conf.j2

@@ -13,11 +13,11 @@
 
 service imap-login {
   inet_listener imap {
-    #port = 143
+    port = 143
   }
   inet_listener imaps {
-    #port = 993
-    #ssl = yes
+    port = 993
+    ssl = yes
   }
 
   # Number of connections to handle before starting a new process. Typically

vagrant/ansible/roles/dovecot/templates/dovecot/conf.d/10-ssl.conf.j2

+##
+## SSL settings
+##
+
+# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+ssl = required
+
+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+# dropping root privileges, so keep the key file unreadable by anyone but
+# root. Included doc/mkcert.sh can be used to easily generate self-signed
+# certificate, just make sure to update the domains in dovecot-openssl.cnf
+ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
+ssl_key  = </etc/ssl/private/ssl-cert-snakeoil.key
+
+# If key file is password protected, give the password here. Alternatively
+# give it when starting dovecot with -p parameter. Since this file is often
+# world-readable, you may want to place this setting instead to a different
+# root owned 0600 file by using ssl_key_password = <path.
+#ssl_key_password =
+
+# PEM encoded trusted certificate authority. Set this only if you intend to use
+# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
+# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
+#ssl_ca = </etc/ssl/certs/gandi_intermediate_cert.pem
+
+# Require that CRL check succeeds for client certificates.
+#ssl_require_crl = yes
+
+# Request client to send a certificate. If you also want to require it, set
+# auth_ssl_require_client_cert=yes in auth section.
+#ssl_verify_client_cert = no
+
+# Which field from certificate to use for username. commonName and
+# x500UniqueIdentifier are the usual choices. You'll also need to set
+# auth_ssl_username_from_cert=yes.
+#ssl_cert_username_field = commonName
+
+# How often to regenerate the SSL parameters file. Generation is quite CPU
+# intensive operation. The value is in hours, 0 disables regeneration
+# entirely.
+#ssl_parameters_regenerate = 168
+
+# SSL protocols to use
+ssl_protocols = !SSLv3
+
+# SSL ciphers to use
+ssl_cipher_list = ALL:!LOW:!RC4:!EXP:!aNULL
+
+# SSL crypto device to use, for valid values run "openssl engine"
+#ssl_crypto_device =
+
+# disallow small DH parameters
+ssl_dh_parameters_length = 2048
+
+# prefer our order
+ssl_prefer_server_ciphers = yes
\ No newline at end of file

vagrant/ansible/roles/dovecot/templates/dovecot/conf.d/15-mailboxes.conf.j2

+##
+## Mailbox definitions
+##
+
+# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
+namespace inbox {
+
+  #mailbox name {
+    # auto=create will automatically create this mailbox.
+    # auto=subscribe will both create and subscribe to the mailbox.
+    #auto = no
+
+    # Space separated list of IMAP SPECIAL-USE attributes as specified by
+    # RFC 6154: \All \Archive \Drafts \Flagged \Junk \Sent \Trash
+    #special_use =
+  #}
+
+  # These mailboxes are widely used and could perhaps be created automatically:
+  mailbox Drafts {
+	auto = subscribe
+    special_use = \Drafts
+  }
+  mailbox Junk {
+    auto = subscribe
+    special_use = \Junk
+    autoexpunge = 30d
+  }
+  mailbox Trash {
+	auto = subscribe
+    special_use = \Trash
+    autoexpunge = 30d
+  }
+
+  # For \Sent mailboxes there are two widely used names. We'll mark both of
+  # them as \Sent. User typically deletes one of them if duplicates are created.
+  mailbox Sent {
+	auto = subscribe
+    special_use = \Sent
+  }
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+
+  # If you have a virtual "All messages" mailbox:
+  #mailbox virtual/All {
+  #  special_use = \All
+  #}
+
+  # If you have a virtual "Flagged" mailbox:
+  #mailbox virtual/Flagged {
+  #  special_use = \Flagged
+  #}
+}

vagrant/ansible/roles/postfix/tasks/main.yml

 ---
 
-- name: ensure posftix is installed
+- name: ensure postfix is installed
   apt:
     pkg: "{{ item }}"
     state: present

vagrant/ansible/roles/postfix/templates/main.cf.j2

@@ -30,7 +30,7 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
 
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = trees.testing
+myhostname = {{ postfix_mail_name | default(ansible_hostname)}}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname

vagrant/ansible/roles/postfix/templates/mysql-virtual-mailbox-maps.cf

@@ -2,4 +2,4 @@ user = {{ mysql.user }}
 password = {{ mysql.user_password }}
 hosts = 127.0.0.1
 dbname = {{ mysql.database }}
-query = SELECT 1 FROM virtual_users WHERE email='%s' AND deleted=0
+query = SELECT 1 FROM virtual_users WHERE email='%s'