├── LICENSE
├── README.md
├── defaults
    └── main.yml
├── handlers
    └── main.yml
├── meta
    └── main.yml
├── tasks
    └── main.yml
├── templates
    ├── 10-auth.conf.j2
    ├── 10-director.conf.j2
    ├── 10-logging.conf.j2
    ├── 10-mail.conf.j2
    ├── 10-master.conf.j2
    ├── 10-ssl.conf.j2
    ├── 15-lda.conf.j2
    ├── 15-mailboxes.conf.j2
    ├── 20-imap.conf.j2
    ├── 20-managesieve.conf.j2
    ├── 90-plugin.conf.j2
    ├── 90-sieve-extprograms.conf.j2
    ├── 90-sieve.conf.j2
    ├── auth-passwdfile.conf.ext.j2
    ├── auth-static.conf.ext.j2
    ├── blacklist-recipients.j2
    ├── dkim_signing.conf.j2
    ├── domains.j2
    ├── dovecot.conf.j2
    ├── global-default.sieve.j2
    ├── ip_whitelist.map.j2
    ├── multimap.conf.j2
    ├── passwd.j2
    ├── report-ham.sieve.j2
    ├── report-spam.sieve.j2
    ├── sa-learn-ham.sh.j2
    ├── sa-learn-spam.sh.j2
    ├── smtpd.conf.j2
    ├── virtuals.j2
    └── whitelist.sender.domain.map.j2
├── tests
    ├── inventory
    └── test.yml
└── vars
    └── main.yml


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2022 gonzalo@x61.sh
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | Ansible role for a Mailserver
  2 | =============================
  3 | 
  4 | Ansible role to create a Mailserver on OpenBSD (>=7.5 & -current) with OpenSMTPD, Dovecot and Rspamd.
  5 | 
  6 | Requirements
  7 | ------------
  8 | 
  9 | OpenBSD, Python 3 (on client machine) and 10 minutes.
 10 | 
 11 | Notes
 12 | -----
 13 | 
 14 | This is still a WIP, so far, you need to create DKIM keys with rspamd (https://rspamd.com/doc/modules/dkim_signing.html),
 15 | new users and DNS entries. Also, you need to enable dovecot, smtpd and rspamd at boot.
 16 | 
 17 | You need to adjust your pf.conf (example bellow).
 18 | 
 19 | Also, you need to delete examples on /etc/mail/virtuals and /etc/mail/domains
 20 | 
 21 | Feedback is welcome.
 22 | 
 23 | Example pf.conf
 24 | ---------------
 25 | 
 26 | For IMAPs I like to keep bruteforce people away with some tweaks on pf.conf, keep in mind that
 27 | lower numbers than that, can couse problems checking emails on huge directories like misc or mailing list.
 28 | 
 29 | ```
 30 | ...
 31 | pass in quick on egress proto tcp from any \
 32 |         to (egress) port imaps \
 33 |         flags S/SA modulate state \
 34 |         (max-src-conn 50, max-src-conn-rate 50/5, overload <bruteforce> flush global)
 35 | ...
 36 | ```
 37 | 
 38 | For SMTP I have pretty the same:
 39 | 
 40 | ```
 41 | ...
 42 | pass in quick log (to pflog1) proto tcp from any \
 43 |         to (egress) port smtp
 44 | 
 45 | pass in quick log (to pflog1) proto tcp from any \
 46 |         to (egress) port { submission, smtps } \
 47 |         flags S/SA modulate state \
 48 |         (max-src-conn 50, max-src-conn-rate 25/5, overload <bruteforce> flush global)
 49 | ...
 50 | ```
 51 | 
 52 | Example Ansible
 53 | ---------------
 54 | 
 55 | This example is for a remote setup, so ,,test'' is your future mailserver, you
 56 | already put your ssh key on ,,test'' and this server already have python3.8
 57 | installed.
 58 | 
 59 | ```
 60 | $ doas pkg_add ansible
 61 | ...
 62 | $ cd /tmp && mkdir ansible && cd ansible
 63 | $ git clone https://github.com/gonzalo-/ansible-role-mailserver
 64 | ...
 65 | ...
 66 | ...
 67 | $ mv ansible-role-mailserver gonzalo-.mailserver
 68 | $ cat hosts
 69 | test ansible_python_interpreter=/usr/local/bin/python3.8
 70 | $ cat mailserver.yml
 71 | ---
 72 | - hosts: test
 73 |   roles:
 74 |      - role: gonzalo-.mailserver
 75 |   become: yes
 76 |   become_method: doas
 77 | 
 78 |   vars:
 79 |    domain: 'foobar.com'
 80 |    mail_dir: '/var/vmail'
 81 |    mail_user: 'gonzalo'
 82 |    release: '7.5'
 83 |    arch: 'amd64'
 84 |    installurl_mirror: 'https://cdn.openbsd.org/pub/OpenBSD/'
 85 |    pkg_path: 'https://cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
 86 |    packages_list:
 87 |     - dovecot
 88 |     - dovecot-pigeonhole
 89 |     - opensmtpd-extras
 90 |     - opensmtpd-filter-rspamd
 91 |     - opensmtpd-filter-senderscore
 92 |     - rspamd
 93 | $ ansible-playbook -i hosts mailserver.yml
 94 | ...MAGIC...
 95 | $
 96 | ```
 97 | 
 98 | Example Playbook
 99 | ----------------
100 | ```
101 | ---
102 | - hosts: test
103 |   roles:
104 |      - role: gonzalo-.mailserver
105 |   become: yes
106 |   become_method: doas
107 | 
108 |   vars:
109 |    domain: 'foobar.com'
110 |    mail_dir: '/var/vmail'
111 |    mail_user: 'gonzalo'
112 |    release: '7.5'
113 |    arch: 'amd64'
114 |    installurl_mirror: 'https://cdn.openbsd.org/pub/OpenBSD/'
115 |    pkg_path: 'https://cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
116 |    packages_list:
117 |     - dovecot
118 |     - dovecot-pigeonhole
119 |     - opensmtpd-extras
120 |     - opensmtpd-filter-rspamd
121 |     - opensmtpd-filter-senderscore
122 |     - rspamd
123 | ```
124 | 
125 | Enable Spam Learning with Dovecot Antispam
126 | ------------------------------------------
127 | The rspamd system can be trained to learn spam (or ham) by checking if users move
128 | their email from a folder in their Inbox to the Spam folder (to flag as spam), or
129 | the reverse: move incorrectly flagged spam out of the Spam folder. This will incur
130 | some overhead when it comes to moving messages, but it can enable the system to learn
131 | spam/ham more efficiently.
132 | 
133 | Note: This ONLY works with IMAP
134 | 
135 | To enable, modify the following line in /etc/dovecot/conf.d/20-imap.conf:
136 | ```
137 | mail_plugins = $mail_plugins imap_sieve
138 | ```
139 | 
140 | Also edit /etc/dovecot/conf.d/90-plugin.conf if you want to enable more logging
141 | or to change the default Spam and Trash folders (if they are different on your system)
142 | and then restart dovecot with: ```rcctl restart dovecot```
143 | 
144 | 
145 | Author Information
146 | ------------------
147 | 
148 | https://x61.sh/
149 | 


--------------------------------------------------------------------------------
/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for ansible-rol-mailserver


--------------------------------------------------------------------------------
/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for ansible-rol-mailserver


--------------------------------------------------------------------------------
/meta/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | galaxy_info:
 3 |   author: gonzalo-
 4 |   description: Role to setup a mailserver with opensmtpd, dovecot, dkimproxy and rspamd.
 5 |   license: BSD
 6 |   min_ansible_version: 1.9
 7 |   galaxy_tags:
 8 |   - openbsd
 9 |   - system
10 |   - opensmtpd
11 |   - opensmtpd-extras
12 |   - mailserver
13 |   - rspamd
14 |   - dovecot
15 |   - dovecot-pigeonhole
16 |   - dovecot-antispam
17 |   - dkimproxy
18 |   - antispam
19 |   platforms:
20 |   - name: OpenBSD
21 |     versions:
22 |      - 7.2
23 |      - 7.1
24 |      - 7.0
25 |      - 6.9
26 |      - 6.8
27 |      - 6.7
28 |      - 6.6
29 | dependencies: []
30 | 


--------------------------------------------------------------------------------
/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: set installurl
 4 |   lineinfile:
 5 |       dest=/etc/installurl
 6 |       line="{{ installurl_mirror }}"
 7 |       insertafter=EOF
 8 |       create=True
 9 | 
10 | - group:
11 |     name: vmail
12 |     state: present
13 | 
14 | - user:
15 |     name: vmail
16 |     comment: "Virtual Mail"
17 |     shell: /sbin/nologin
18 |     home: "{{ mail_dir }}"
19 |     group: vmail
20 | 
21 | - sieve:
22 |   name: sieve-global
23 |   file: path=/var/sieve state=directory
24 |   group: vmail
25 | 
26 | - name: Installing packages
27 |   openbsd_pkg: name={{ item }} state=present
28 |   with_items: "{{ packages_list }}"
29 | 
30 | -  template: src=smtpd.conf.j2 dest="/etc/mail/smtpd.conf" owner="root" group="wheel" mode="0644"
31 | -  template: src=blacklist-recipients.j2 dest="/etc/mail/blacklist-recipients" owner="root" group="wheel" mode="0644"
32 | -  template: src=domains.j2 dest="/etc/mail/domains" owner="root" group="wheel" mode="0644"
33 | -  template: src=virtuals.j2 dest="/etc/mail/virtuals" owner="root" group="wheel" mode="0644"
34 | -  template: src=passwd.j2 dest="/etc/mail/passwd" owner="_dovecot" group="_smtpd" mode="0440"
35 | -  template: src=dkimproxy_in.conf.j2 dest="/etc/dkimproxy_in.conf" owner="root" group="wheel" mode="0644"
36 | -  template: src=dkimproxy_out.conf.j2 dest="/etc/dkimproxy_out.conf" owner="root" group="wheel" mode="0644"
37 | -  template: src=90-plugin.conf.j2 dest="/etc/dovecot/conf.d/90-plugin.conf" owner="root" group="wheel" mode="0644"
38 | -  template: src=90-sieve.conf.j2 dest="/etc/dovecot/conf.d/90-sieve.conf" owner="root" group="wheel" mode="0644"
39 | -  template: src=10-auth.conf.j2 dest="/etc/dovecot/conf.d/10-auth.conf" owner="root" group="wheel" mode="0644"
40 | -  template: src=20-imap.conf.j2 dest="/etc/dovecot/conf.d/20-imap.conf" owner="root" group="wheel" mode="0644"
41 | -  template: src=15-lda.conf.j2 dest="/etc/dovecot/conf.d/15-lda.conf" owner="root" group="wheel" mode="0644"
42 | -  template: src=15-mailboxes.conf.j2 dest="/etc/dovecot/conf.d/15-mailboxes.conf.j2" owner="root" group="wheel" mode="0644"
43 | -  template: src=10-director.conf.j2 dest="/etc/dovecot/conf.d/10-director" owner="root" group="wheel" mode="0644"
44 | -  template: src=20-managesieve.conf.j2 dest="/etc/dovecot/conf.d/20-managesieve.conf" owner="root" group="wheel" mode="0644"
45 | -  template: src=10-mail.conf.j2 dest="/etc/dovecot/conf.d/10-mail.conf" owner="root" group="wheel" mode="0644"
46 | -  template: src=10-master.conf.j2 dest="/etc/dovecot/conf.d/10-master.conf" owner="root" group="wheel" mode="0644"
47 | -  template: src=auth-passwdfile.conf.ext.j2 dest="/etc/dovecot/conf.d/auth-passwdfile.conf.ext" owner="root" group="wheel" mode="0644"
48 | -  template: src=dovecot.conf.j2 dest="/etc/dovecot/dovecot.conf" owner="root" group="wheel" mode="0644"
49 | -  template: src=10-logging.conf.j2 dest="/etc/dovecot/conf.d/10-logging.conf" owner="root" group="wheel" mode="0644"
50 | -  template: src=10-ssl.conf.j2 dest="/etc/dovecot/conf.d/10-ssl.conf" owner="root" group="wheel" mode="0644"
51 | -  template: src=auth-static.conf.ext.j2 dest="/etc/dovecot/conf.d/auth-static.conf.ext" owner="root" group="wheel" mode="0644"
52 | -  template: src=global-default.sieve.j2 dest="/var/sieve/global-default.sieve" owner="root" group="wheel" mode="0644"
53 | -  template: src=report-ham.sieve.j2 dest="/usr/local/lib/dovecot/sieve/report-ham.sieve" owner="root" group="wheel" mode="0644"
54 | -  template: src=report-spam.sieve.j2 dest="/usr/local/lib/dovecot/sieve/report-spam.sieve" owner="root" group="wheel" mode="0644"
55 | -  template: src=sa-learn-ham.sh.j2 dest="/usr/local/lib/dovecot/sieve/sa-learn-ham.sh" owner="_dovecot" group="wheel" mode="0755"
56 | -  template: src=sa-learn-spam.sh.j2 dest="/usr/local/lib/dovecot/sieve/sa-learn-spam.sh" owner="_dovecot" group="wheel" mode="0755"
57 | -  template: src=ip_whitelist.map.j2 dest="/etc/rspamd/local.d/ip_whitelist.map" owner="root" group="wheel" mode="0644"
58 | -  template: src=multimap.conf.j2 dest="/etc/rspamd/local.d/multimap.conf" owner="root" group="wheel" mode="0644"
59 | -  template: src=whitelist.sender.domain.map.j2 dest="/etc/rspamd/local.d/whitelist.sender.domain.map" owner="root" group="wheel" mode="0644"
60 | 
61 | - blockinfile: |
62 |       dest=/etc/login.conf backup=yes
63 |       content="## Dovecot
64 |         dovecot:\
65 |                 :openfiles-cur=1024:\
66 |                 :openfiles-max=2048:\
67 |                 :tc=daemon:"
68 |       insertafter=EOF
69 | 
70 | - name: Enable smtpd
71 |   service: name=smtpd state=started enabled=yes
72 | 
73 | - name: Enable dovecot
74 |   service: name=dovecot state=started enabled=yes
75 | 
76 | -  command: /usr/local/bin/sievec /usr/local/lib/dovecot/sieve/report-ham.sieve /usr/local/lib/dovecot/sieve/report-ham.svbin
77 | -  command: /usr/local/bin/sievec /usr/local/lib/dovecot/sieve/report-spam.sieve /usr/local/lib/dovecot/sieve/report-spam.svbin
78 | 
79 | - name: Enable rspamd
80 |   service: name=rspamd state=started enabled=yes
81 | 


--------------------------------------------------------------------------------
/templates/10-auth.conf.j2:
--------------------------------------------------------------------------------
1 | auth_mechanisms = plain
2 | !include auth-passwdfile.conf.ext
3 | 


--------------------------------------------------------------------------------
/templates/10-director.conf.j2:
--------------------------------------------------------------------------------
 1 | service imap-login {
 2 | 	inet_listener imap {
 3 | 		port = 0
 4 | 	}
 5 | }
 6 | 
 7 | service pop3-login {
 8 | 	inet_listener pop3 {
 9 | 		port = 0
10 | 	}
11 | }
12 | 


--------------------------------------------------------------------------------
/templates/10-logging.conf.j2:
--------------------------------------------------------------------------------
1 | auth_verbose = no
2 | #debug_log_path = /var/log/dovecot-debug.log
3 | mail_debug = no
4 | 


--------------------------------------------------------------------------------
/templates/10-mail.conf.j2:
--------------------------------------------------------------------------------
 1 | mail_home = {{ mail_dir }}/%d/%n
 2 | mbox_write_locks = fcntl
 3 | namespace inbox {
 4 | 	inbox = yes
 5 | 	location = maildir:{{ mail_dir }}/%d/%n/Maildir:LAYOUT=fs
 6 | 	mailbox Drafts {
 7 | 		special_use = \Drafts
 8 | 	}
 9 | 	mailbox Spam {
10 | 		special_use = \Junk
11 | 	}
12 | 	mailbox Sent {
13 | 		special_use = \Sent
14 | 	}
15 | 	mailbox "Sent Messages" {
16 | 		special_use = \Sent
17 | 	}
18 | 	mailbox Trash {
19 | 		special_use = \Trash
20 | 	}
21 | 	prefix =
22 | 	separator = /
23 | }
24 | mmap_disable = yes
25 | 


--------------------------------------------------------------------------------
/templates/10-master.conf.j2:
--------------------------------------------------------------------------------
 1 | service auth {
 2 | 	unix_listener auth-userdb {
 3 | 		group = vmail
 4 | 		mode = 0666
 5 | 		user = vmail
 6 | 	}
 7 | }
 8 | 
 9 | service imap-login {
10 |   inet_listener imap {
11 |     #port = 143
12 |   }
13 |   inet_listener imaps {
14 |     #port = 993
15 |     #ssl = yes
16 |   }
17 | 
18 |   # Number of connections to handle before starting a new process. Typically
19 |   # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
20 |   # is faster. <doc/wiki/LoginProcess.txt>
21 |   #service_count = 1
22 | 
23 |   # Number of processes to always keep waiting for more connections.
24 |   #process_min_avail = 0
25 | 
26 |   # If you set service_count=0, you probably need to grow this.
27 |   #vsz_limit = $default_vsz_limit
28 | }
29 | 
30 | service pop3-login {
31 |   inet_listener pop3 {
32 |     #port = 110
33 |   }
34 |   inet_listener pop3s {
35 |     #port = 995
36 |     #ssl = yes
37 |   }
38 | }
39 | 
40 | service lmtp {
41 |   unix_listener lmtp {
42 |     #mode = 0666
43 |   }
44 | 
45 |   # Create inet listener only if you can't use the above UNIX socket
46 |   #inet_listener lmtp {
47 |     # Avoid making LMTP visible for the entire internet
48 |     #address =
49 |     #port = 
50 |   #}
51 | }
52 | 
53 | service imap {
54 |   # Most of the memory goes to mmap()ing files. You may need to increase this
55 |   # limit if you have huge mailboxes.
56 |   #vsz_limit = $default_vsz_limit
57 | 
58 |   # Max. number of IMAP processes (connections)
59 |   #process_limit = 1024
60 | }
61 | 
62 | service pop3 {
63 |   # Max. number of POP3 processes (connections)
64 |   #process_limit = 1024
65 | }
66 | 
67 | service auth-worker {
68 |   # Auth worker process is run as root by default, so that it can access
69 |   # /etc/shadow. If this isn't necessary, the user should be changed to
70 |   # $default_internal_user.
71 |   #user = root
72 | }
73 | 
74 | service dict {
75 |   # If dict proxy is used, mail processes should have access to its socket.
76 |   # For example: mode=0660, group=vmail and global mail_access_groups=vmail
77 |   unix_listener dict {
78 |     #mode = 0600
79 |     #user = 
80 |     #group = 
81 |   }
82 | }
83 | 


--------------------------------------------------------------------------------
/templates/10-ssl.conf.j2:
--------------------------------------------------------------------------------
1 | #ssl = required
2 | #ssl_cert = </etc/ssl/{{ domain }}_fullchain.pem
3 | #ssl_key = </etc/ssl/private/{{ domain }}_private.pem
4 | #ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH
5 | #ssl_prefer_server_ciphers = yes
6 | #ssl_min_protocol = TLSv1.2
7 | 


--------------------------------------------------------------------------------
/templates/15-lda.conf.j2:
--------------------------------------------------------------------------------
1 | protocol lda {
2 | 	#info_log_path = /var/log/dovecot-deliver.log
3 | 	#log_path = /var/log/dovecot-deliver-errors.log
4 | 	mail_plugins = $mail_plugins sieve
5 | 	#postmaster_address = postmaster@foobar.org
6 | }
7 | 


--------------------------------------------------------------------------------
/templates/15-mailboxes.conf.j2:
--------------------------------------------------------------------------------
 1 | ##
 2 | ## Mailbox definitions
 3 | ##
 4 | 
 5 | # Each mailbox is specified in a separate mailbox section. The section name
 6 | # specifies the mailbox name. If it has spaces, you can put the name
 7 | # "in quotes". These sections can contain the following mailbox settings:
 8 | #
 9 | # auto:
10 | #   Indicates whether the mailbox with this name is automatically created
11 | #   implicitly when it is first accessed. The user can also be automatically
12 | #   subscribed to the mailbox after creation. The following values are
13 | #   defined for this setting:
14 | # 
15 | #     no        - Never created automatically.
16 | #     create    - Automatically created, but no automatic subscription.
17 | #     subscribe - Automatically created and subscribed.
18 | #  
19 | # special_use:
20 | #   A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
21 | #   mailbox. There are no validity checks, so you could specify anything
22 | #   you want in here, but it's not a good idea to use flags other than the
23 | #   standard ones specified in the RFC:
24 | #
25 | #     \All      - This (virtual) mailbox presents all messages in the
26 | #                 user's message store. 
27 | #     \Archive  - This mailbox is used to archive messages.
28 | #     \Drafts   - This mailbox is used to hold draft messages.
29 | #     \Flagged  - This (virtual) mailbox presents all messages in the
30 | #                 user's message store marked with the IMAP \Flagged flag.
31 | #     \Junk     - This mailbox is where messages deemed to be junk mail
32 | #                 are held.
33 | #     \Sent     - This mailbox is used to hold copies of messages that
34 | #                 have been sent.
35 | #     \Trash    - This mailbox is used to hold messages that have been
36 | #                 deleted.
37 | #
38 | # comment:
39 | #   Defines a default comment or note associated with the mailbox. This
40 | #   value is accessible through the IMAP METADATA mailbox entries
41 | #   "/shared/comment" and "/private/comment". Users with sufficient
42 | #   privileges can override the default value for entries with a custom
43 | #   value.
44 | 
45 | # NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
46 | namespace inbox {
47 |   # These mailboxes are widely used and could perhaps be created automatically:
48 |   mailbox Drafts {
49 |     special_use = \Drafts
50 |   }
51 |   mailbox Spam {
52 |     special_use = \Junk
53 |   }
54 |   mailbox Trash {
55 |     special_use = \Trash
56 |   }
57 | 
58 |   # For \Sent mailboxes there are two widely used names. We'll mark both of
59 |   # them as \Sent. User typically deletes one of them if duplicates are created.
60 |   mailbox Sent {
61 |     special_use = \Sent
62 |   }
63 |   mailbox "Sent Messages" {
64 |     special_use = \Sent
65 |   }
66 | 
67 |   # If you have a virtual "All messages" mailbox:
68 |   #mailbox virtual/All {
69 |   #  special_use = \All
70 |   #  comment = All my messages
71 |   #}
72 | 
73 |   # If you have a virtual "Flagged" mailbox:
74 |   #mailbox virtual/Flagged {
75 |   #  special_use = \Flagged
76 |   #  comment = All my flagged messages
77 |   #}
78 | }
79 | 


--------------------------------------------------------------------------------
/templates/20-imap.conf.j2:
--------------------------------------------------------------------------------
1 | ## No need it on new versions
2 | #imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
3 | 
4 | protocol imap {
5 | 	mail_plugins = $mail_plugins imap_sieve
6 | 	mail_max_userip_connections = 20
7 | }
8 | 


--------------------------------------------------------------------------------
/templates/20-managesieve.conf.j2:
--------------------------------------------------------------------------------
 1 | protocols = $protocols sieve
 2 | 
 3 | service managesieve-login {
 4 | 	inet_listener sieve {
 5 | 	port = 4190
 6 | 	}
 7 | 	inet_listener sieve_deprecated {
 8 | 	port = 2000
 9 |   }
10 | }
11 | 
12 | protocol sieve {
13 | 	managesieve_notify_capability = mailto
14 | 	managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart
15 | }
16 | 


--------------------------------------------------------------------------------
/templates/90-plugin.conf.j2:
--------------------------------------------------------------------------------
 1 | plugin {
 2 | 	sieve_plugins = sieve_imapsieve sieve_extprograms
 3 | 
 4 | 	# From elsewhere to Spam folder
 5 | 	imapsieve_mailbox1_name = Spam
 6 | 	imapsieve_mailbox1_causes = COPY
 7 | 	imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve
 8 | 
 9 | 	# From Spam folder to elsewhere
10 | 	imapsieve_mailbox2_name = *
11 | 	imapsieve_mailbox2_from = Spam
12 | 	imapsieve_mailbox2_causes = COPY
13 | 	imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve
14 | 
15 | 	sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
16 | 
17 | 	sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
18 | }
19 | 


--------------------------------------------------------------------------------
/templates/90-sieve-extprograms.conf.j2:
--------------------------------------------------------------------------------
 1 | # Sieve Extprograms plugin configuration
 2 | 
 3 | # Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
 4 | # Also enable the extensions you need (one or more of vnd.dovecot.pipe,
 5 | # vnd.dovecot.filter and vnd.dovecot.execute) by adding these	to the
 6 | # sieve_extensions or sieve_global_extensions settings. Restricting these
 7 | # extensions to a global context using sieve_global_extensions is recommended.
 8 | 
 9 | plugin {
10 | 
11 |   # The directory where the program sockets are located for the
12 |   # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
13 |   # respectively. The name of each unix socket contained in that directory
14 |   # directly maps to a program-name referenced from the Sieve script.
15 |   #sieve_pipe_socket_dir = sieve-pipe
16 |   #sieve_filter_socket_dir = sieve-filter
17 |   #sieve_execute_socket_dir = sieve-execute
18 | 
19 |   # The directory where the scripts are located for direct execution by the
20 |   # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
21 |   # respectively. The name of each script contained in that directory
22 |   # directly maps to a program-name referenced from the Sieve script.
23 |   #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
24 |   #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
25 |   #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
26 | }
27 | 
28 | # An example program service called 'do-something' to pipe messages to
29 | #service do-something {
30 |   # Define the executed script as parameter to the sieve service
31 |   #executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
32 | 
33 |   # Use some unprivileged user for executing the program
34 |   #user = dovenull
35 | 
36 |   # The unix socket located in the sieve_pipe_socket_dir (as defined in the 
37 |   # plugin {} section above)
38 |   #unix_listener sieve-pipe/do-something {
39 |     # LDA/LMTP must have access
40 |   #  user = vmail  
41 |   #  mode = 0600
42 |   #}
43 | #}
44 | 
45 | 


--------------------------------------------------------------------------------
/templates/90-sieve.conf.j2:
--------------------------------------------------------------------------------
 1 | plugin {
 2 | 	sieve = {{ mail_dir }}/%d/%n/%n.sieve
 3 | 	sieve_global_dir = /var/sieve
 4 | 	sieve_global_path = /var/sieve/global-default.sieve
 5 | 	sieve_extensions = +spamtest +spamtestplus
 6 | 	sieve_spamtest_status_type = score
 7 | 	sieve_spamtest_status_header = X-Spamd-Result: default: [[:alnum:]]+ \[(-?[[:digit:]]+\.[[:digit:]]+) / -?[[:digit:]]+\.[[:digit:]]+\]
 8 | 	sieve_spamtest_max_header    = X-Spamd-Result: default: [[:alnum:]]+ \[-?[[:digit:]]+\.[[:digit:]]+ / (-?[[:digit:]]+\.[[:digit:]]+)\]
 9 | }
10 | 


--------------------------------------------------------------------------------
/templates/auth-passwdfile.conf.ext.j2:
--------------------------------------------------------------------------------
 1 | passdb {
 2 | 	args = scheme=blf-crypt /etc/mail/passwd
 3 | 	driver = passwd-file
 4 | }
 5 | 
 6 | userdb {
 7 | 	args = uid=vmail gid=vmail home={{ mail_dir }}/%d/%n
 8 | 	driver = static
 9 | }
10 | 


--------------------------------------------------------------------------------
/templates/auth-static.conf.ext.j2:
--------------------------------------------------------------------------------
1 | userdb {
2 | 	args = uid=vmail gid=vmail home={{ mail_dir }}/%d/%n
3 | 	driver = static
4 | }
5 | 


--------------------------------------------------------------------------------
/templates/blacklist-recipients.j2:
--------------------------------------------------------------------------------
  1 | 1ink.com@cruisses.bid
  2 | AmazingSUV@surafceclen.bid
  3 | AnastasiaBeautiesTeam@mdicare.bid
  4 | Angeline-6354@nicolasruston.co.uk
  5 | AsianGirlsTeam@lastclick.bid
  6 | BionicSteelHose@memoriss.bid
  7 | BreakingOnForbs@cludcomputting.bid
  8 | BulletBottleOpener@smllbusines.bid
  9 | Coconut-Oil-Secret@bestbattry.bid
 10 | ConcealedCarryBraveResponseGunHolster@mortageplan.bid
 11 | CookOnRedCopperSquare@dattingg.bid
 12 | CookOnRedCopperSquare@phonesys.bid
 13 | CopperChefGrill&Bake@lifeinsrance.bid
 14 | DONOTREPLY@CWOH.COM
 15 | DONOTREPLY@FLOKIS.GR
 16 | DiabetesDefeat@ofrbst.bid
 17 | DisasterSurvival@hawaiivac.bid
 18 | DiySmartSaw@reverseplann.bid
 19 | Eco-Windows@callonchp.bid
 20 | ExposeCheaters@phonsysttem.bid
 21 | ForwardHeadPosture@newoffrbest.bid
 22 | ForwordHeadPosture@fittopen.bid
 23 | FreeEdtMiniMultitool@godiupps.bid
 24 | FungusKeyPro@dibterducr.bid
 25 | GoogleSniper@rvrstinntss.bid
 26 | GreenEnergyGenerator@mrtage.bid
 27 | HealthMagazineExclusive@lessfathip.bid
 28 | HealthyGarcinia@heartbrn.bid
 29 | HighBloodPressure@golfdate.bid
 30 | HurricaneSpinScrubberOffer@reehabalchl.bid
 31 | KATHRINE.WHITEROW@VIPSPICS.COM
 32 | Kathrine_64@thesweetenercompany.co.uk
 33 | Loraine.9432@x61.com.ar
 34 | LotteryStrategies@nuttrra.bid
 35 | MarkMorris@gainhair.bid
 36 | MicrosoftFlightSimulator@mypoliccy.bid
 37 | MicrosoftFlightSimulator@reverseoff.bid
 38 | Miranda.bramley@baltecbalancas.com
 39 | NATHANIAL.YAIR@MANOLA.AT
 40 | NTGenerator@christmattch.bid
 41 | Newsletter@selectedinc.com
 42 | NoReply@boutiquerealtyservices.com
 43 | NoReply@grupogas.com.mx
 44 | NoReply@southernoffshoreng.com
 45 | OnlineRoofingQuotes@diabetesys.bid
 46 | OnlineRoofingQuotes@homsalar.us
 47 | OnlineRoofingQuotes@offersrc.bid
 48 | PaleoCookbook@earnfrmeng.bid
 49 | PatrioticParacordBracelet@hvacfree.bid
 50 | PianoForAll@gettnewofrr.bid
 51 | PocketRadio@seniorcare.bid
 52 | Pocketlight@translateearn.bid
 53 | RelationshipMagic@btrycndition.bid
 54 | RestoreBatteriesSystem@amazingption.bid
 55 | RocketLanguages@expertcnctr.bid
 56 | SharkTank@alaskacrsis.bid
 57 | SimpleOff-GridSystem@datinng.bid
 58 | SolarAirLantern@tatticll.bid
 59 | SolarStirlingPlant@callinchep.bid
 60 | Sue-500@alanstrang.worldonline.co.uk
 61 | SurvivalBag@brazildating.bid
 62 | SurvivalBag@legallhlp.bid
 63 | SurvivalTrademate@constption.bid
 64 | Sylvester-31@theheugh.globalnet.co.uk
 65 | TacticalPen@alcohalrah.us
 66 | TacticalPen@hrpsprtcol.bid
 67 | Tasha.mckean@terzake.nu
 68 | Teds-plans@clouddcompting.bid
 69 | The2020VisionSystem@whittenrr.bid
 70 | TheBigdiabeteslie@datesenior.bid
 71 | TheCoconutOilSecret@efaxing.bid
 72 | TheHybeamFlashlight@summerpro.bid
 73 | Tonya@x61.com.ar
 74 | USInsuranceOpportunity@fstdgree.bid
 75 | UltraFX10@alcholdrink.bid
 76 | UltraForeclosurePartner@fasttooffer.bid
 77 | UltraOmegaBurn@ntionalfmily.bid
 78 | Vogenesis@degreeonline.bid
 79 | WindowRemodel@specloffr.host
 80 | WoodworkingBusiness@schlrrsip.bid
 81 | ZZSnore@aqusttic.bid
 82 | ZZSnore@hellthofr.bid
 83 | admin@securenext.trade
 84 | admin@vip.gist-edu.cn
 85 | administracion@planproductivo.com
 86 | advice@hotgadgetdeals.com
 87 | alexander.bluhm@gmx.de
 88 | alfa@redpositiva.info
 89 | alfa@redpositiva.org
 90 | andrea@espacioverde.com.ar
 91 | app@couponstoday.co.uk
 92 | avisos@infoadsnews3.com
 93 | bancarias@planproductivo.com
 94 | bltsigbj@speedy.com.ar
 95 | bonus@teloenviamos.org
 96 | bounceback@smile-magenta.com
 97 | bounceback@weather-gusty.com
 98 | calendario@cursosuba.com
 99 | cambiocheques@cilandrogroup.org
100 | ccmtl33g@infovia.com.ar
101 | connected.cars@readwrite.us
102 | contact@entregador.org
103 | contact@experts-advice.com
104 | contact@feelhappybehappy.com
105 | contact@maile-ar.com
106 | contact@panel.nuevatendencia.biz
107 | contact@thehappyradish.com
108 | contact@tkp2017.net
109 | contact@vaikra.org
110 | contact@xtechraiox.com.br
111 | contacto@mayoristadevinos.com.ar
112 | cursoenlinea@participacionempresarial.com
113 | cursos@arizmendi.com
114 | cv@aliantec.com
115 | cvdqomtl33g@infovia.com.ar
116 | cvdqqomtl33g@infovia.com.ar
117 | danske.bocenter@danskebank.se
118 | decisiones@participacionempresarial.com
119 | demo@alunos.sanchoensino.pt
120 | direccion@nmm01.com
121 | donotreply@bottlecutting.co.uk
122 | donotreply@cloudninegiftshop.co.uk
123 | donotreply@jakemayesracing.co.uk
124 | dulcec@participacionempresarial.com
125 | elounlei@formarse.com.ar
126 | emma@virgil.ilj.trade
127 | enelformulario@teloenviamos.org
128 | envios@correoverificado.org
129 | envios@toocontacto2.com
130 | epoint@epointmerchandising.com
131 | ercas@yopmail.com
132 | escuela@excelencia.com
133 | estellapangman@score.worldonline.co.uk
134 | evaluacion@planproductivo.com
135 | eventosonline@participacionempresarial.com
136 | events@readwrite.us
137 | factorwow@participacionempresarial.com
138 | fekiw@aiaisi.win
139 | gegewo@aisila.win
140 | gerencia@participacionempresarial.com
141 | gerentes@participacionempresarial.com
142 | gidohufo@hcdmza.gov.ar
143 | harriett.decon95@serraseed.com.br
144 | hugo@victimaprotagonista.com
145 | impactofiscal@participacionempresarial.com
146 | indicadoresrh@participacionempresarial.com
147 | info@altosdetinogasta.com.ar
148 | info@aol.com
149 | info@emailprobox.com
150 | info@enjoymailoffer.com
151 | info@enviosnew.com
152 | info@europeanquality.es
153 | info@hrampu.com
154 | info@inboxar.com
155 | info@infinmediagroup.com
156 | info@joyinmailing.net
157 | info@laaldea.com.ar
158 | info@latekha.com
159 | info@lopfieip.com
160 | info@mailer.navysofaeighteen.xyz
161 | info@mailer.navysofaone.xyz
162 | info@mailer.navysofaseventeen.xyz
163 | info@mktenvios.com
164 | info@movistarcorporativo.club
165 | info@negociosconusa.com.ar
166 | info@okservicios.net
167 | info@opcionmail.com
168 | info@pahikai.com
169 | info@planespersonal.com.ar
170 | info@planetagone.com
171 | info@proseguridad.info
172 | info@quvuni.com
173 | info@schfdultz.com
174 | info@sonypictures.net
175 | info@thfompson.com
176 | info@tiendanaif.com
177 | info@totalserviciosuno.com
178 | info@tuwebsystems.com
179 | info@unicreditgroup.eu
180 | info@vivaisara.it
181 | infohdp@hijosdeprada.com.ar
182 | infomovistar@cilandrogroup.org
183 | informatica@sgociudad.gov.ar
184 | isidaigrai@telectronica.com
185 | itvadia@info-trans.com.ar
186 | john.lucas@vacanciesaustralia.com.au
187 | kim@shane.ufwe.cn
188 | kodierqo@mgmsa.com.ar
189 | kpwcqc@uol.com.ar
190 | ledagrantze8v@o2.pl
191 | liberman@headhunttalent.au.com
192 | lili@bbotou.win
193 | lo.arturo@participacionempresarial.com
194 | lo@imailmarketing.biz
195 | lorena.garcia@participacionempresarial.com
196 | love@imailmarketing.biz
197 | luosongtan@yeah.net
198 | majournee2017@gmail.com
199 | malaris@dinamai.com.ar
200 | mar@stelead.org
201 | marketing@cicalifeinc.com
202 | mconstantini@edee.com.ar
203 | mconstantini@escueladeejecutivos.com.ar
204 | meettracker@tracknowls.eu
205 | miralaweb@teloenviamos.org
206 | motivacion@participacionempresarial.com
207 | msf@medicinaysalud.org
208 | negocios@participacionempresarial.com
209 | nehelena1@listo.ru
210 | nei@teloenviamos.org
211 | net@teloenviamos.org
212 | neu@teloenviamos.org
213 | news@credisense.com.ar
214 | news@crucerosargentina.com
215 | news@desafio.org
216 | news@ilikecompras.com
217 | news@pestelliemails.com.ar
218 | news@plannacionalautos.com.ar
219 | news@procreautoargentina.com.ar
220 | news@superofertasypromos.com
221 | newspromo@infoautoplan.com
222 | nick@happyinamail.com
223 | niet@imailmarketing.biz
224 | niet@teloenviamos.org
225 | nigmaifa@trebliner.com.ar
226 | non@teloenviamos.org
227 | noreply@argmark.online
228 | noresponder@cocheras.org
229 | noresponder@gmail.com
230 | novedades@infoadsnews1.com
231 | novedades@infoadsnews2.com
232 | osorno.patricia@planproductivo.com
233 | osp65@r75.fssprus.ru
234 | otake@TELEFONICA.COM.AR
235 | plr@instastall.com
236 | pousadapuertoparaiso@gmail.com
237 | programaventas@participacionempresarial.com
238 | psiacacmtl33g@infovia.com.ar
239 | qibi@newlifes.win
240 | ralph@carrie.ufy.trade
241 | reifenwechsel@reifen-fechtelhoff.de
242 | rgemldsgif@gmail.com
243 | s.osaki@midorinet-shiga.com
244 | sales4@lr-link.com
245 | sebastianguillermo.gomez@prosegur.com
246 | send1@publoprod.com
247 | send@datoscreativos.info
248 | send@malenquiweb.info
249 | send@miawebs.info
250 | send@nuevatendencia.co
251 | send@professionasec.com
252 | send@prosechome.com
253 | send@rombosur.info
254 | send@stelead.org
255 | send@tuwebmart.com
256 | sender@smartersender.com
257 | silvia@freda.afq.trade
258 | soliaw@toothache.win
259 | staciqlyshodge@o2.pl
260 | tcljce@0342.com
261 | telefonica@participacionempresarial.com
262 | tizadomontevideo@cilandrogroup.org
263 | tts@news.porviajar.com
264 | vairbofriegoa@guazunet.com.ar
265 | ventas@aguablanda.com.ar
266 | ventas@orlhornos.com.ar
267 | visahome@mails-ssl.com
268 | wubiw@bbotou.win
269 | xiao@ymdlifes.win
270 | xpoloER@uerLooper.top
271 | xxlusb03@126.com
272 | 


--------------------------------------------------------------------------------
/templates/dkim_signing.conf.j2:
--------------------------------------------------------------------------------
 1 | allow_username_mismatch = true;
 2 | 
 3 | domain {
 4 | 	## https://rspamd.com/doc/modules/dkim_signing.html
 5 | 	{{ domain }} {
 6 | 		path = "/etc/mail/dkim/{{ domain }}.key";
 7 | 		selector = "dkim";
 8 | 	}
 9 | }
10 | 


--------------------------------------------------------------------------------
/templates/domains.j2:
--------------------------------------------------------------------------------
1 | {{ domain }}
2 | foobar.com
3 | foobar.org.ar
4 | 


--------------------------------------------------------------------------------
/templates/dovecot.conf.j2:
--------------------------------------------------------------------------------
1 | listen = *
2 | mail_home = {{ mail_dir }}/%d/%n
3 | protocols = imap sieve 
4 | 
5 | !include conf.d/*.conf
6 | 


--------------------------------------------------------------------------------
/templates/global-default.sieve.j2:
--------------------------------------------------------------------------------
1 | require ["fileinto", "envelope"];
2 | 
3 | if header :is "X-Spam" "Yes" {
4 |     fileinto "Spam";
5 |     stop;
6 | }
7 | 


--------------------------------------------------------------------------------
/templates/ip_whitelist.map.j2:
--------------------------------------------------------------------------------
1 | 192.43.244.163
2 | 


--------------------------------------------------------------------------------
/templates/multimap.conf.j2:
--------------------------------------------------------------------------------
 1 | WHITELIST_SENDER_DOMAIN {
 2 | 	type = "from";
 3 | 	filter = "email:domain";
 4 | 	map = "/etc/rspamd/local.d/whitelist.sender.domain.map";
 5 | 	score = -20.0
 6 | }
 7 | 
 8 | IP_WHITELIST {
 9 | 	type = "ip";
10 | 	prefilter = "true";
11 | 	map = "/etc/rspamd/local.d/ip_whitelist.map";
12 | 	action = "accept";
13 | }
14 | 


--------------------------------------------------------------------------------
/templates/passwd.j2:
--------------------------------------------------------------------------------
1 | ## You can create passwords with:
2 | ## doas smtpctl encrypt
3 | {{ mail_user }}@{{ domain }}:$2b$06$lZBnDxujxORpoNLou37NvDEg2ab2QIP3LN3CR1KUIPZZ8QLm::::::
4 | 


--------------------------------------------------------------------------------
/templates/report-ham.sieve.j2:
--------------------------------------------------------------------------------
 1 | require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
 2 | 
 3 | if environment :matches "imap.mailbox" "*" {
 4 |   set "mailbox" "${1}";
 5 | }
 6 | 
 7 | if string "${mailbox}" "Trash" {
 8 |   stop;
 9 | }
10 | 
11 | if environment :matches "imap.user" "*" {
12 |   set "username" "${1}";
13 | }
14 | 
15 | pipe :copy "sa-learn-ham.sh";
16 | 


--------------------------------------------------------------------------------
/templates/report-spam.sieve.j2:
--------------------------------------------------------------------------------
1 | require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
2 | 
3 | if environment :matches "imap.user" "*" {
4 |   set "username" "${1}";
5 | }
6 | 
7 | pipe :copy "sa-learn-spam.sh";
8 | 


--------------------------------------------------------------------------------
/templates/sa-learn-ham.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | exec /usr/local/bin/rspamc -h localhost:11334 learn_ham
3 | 


--------------------------------------------------------------------------------
/templates/sa-learn-spam.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | exec /usr/local/bin/rspamc -h localhost:11334 learn_spam
3 | 


--------------------------------------------------------------------------------
/templates/smtpd.conf.j2:
--------------------------------------------------------------------------------
 1 | ## PKI
 2 | pki {{ domain }} cert		"/etc/ssl/{{ domain }}_fullchain.pem"
 3 | pki {{ domain }} key		"/etc/ssl/private/{{ domain }}_private.pem"
 4 | 
 5 | ## Since >=6.9 SNI is possible
 6 | #pki another-domain.org cert	"/etc/ssl/another-domain.org_fullchain.pem"
 7 | #pki another-domain.org key	"/etc/ssl/private/another-domain.org_private.pem"
 8 | 
 9 | ## Filters
10 | filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \
11 | 	disconnect "550 no residential connections"
12 | 
13 | filter check_rdns phase connect match !rdns \
14 | 	disconnect "550 no rDNS"
15 | 
16 | filter check_fcrdns phase connect match !fcrdns \
17 | 	disconnect "550 no FCrDNS"
18 | 
19 | filter senderscore \
20 | 	proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000"
21 | 
22 | filter rspamd proc-exec "filter-rspamd"
23 | 
24 | ## Tables
25 | table aliases			file:/etc/mail/aliases
26 | table domains			file:/etc/mail/domains
27 | table passwd			passwd:/etc/mail/passwd
28 | table virtuals			file:/etc/mail/virtuals
29 | table blacklist-recipients	file:/etc/mail/blacklist-recipients
30 | 
31 | ## Limits
32 | smtp ciphers "HIGH:!aNULL:!TLSv1:!MD5:!RC4:!GOST89MAC:@STRENGTH"
33 | smtp max-message-size 90M
34 | 
35 | ## Ports
36 | listen on all tls pki {{ domain }} hostname {{ domain }} \
37 | 	filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }
38 | listen on all smtps pki {{ domain }} hostname {{ domain }} \
39 |         auth <passwd> filter rspamd
40 | listen on all port submission tls-require pki {{ domain }} \
41 |         hostname {{ domain }} auth <passwd> mask-src filter rspamd
42 | 
43 | ## Actions
44 | action "mda_with_aliases" mda \
45 | 	"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}" \
46 | 	alias <aliases> user vmail
47 | 
48 | action "mda_with_virtuals" mda \
49 | 	"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}" \
50 | 	virtual <virtuals> user vmail
51 | 
52 | action "mda_without_rspamd" mda \
53 | 	"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}" \
54 | 	virtual <virtuals> user vmail
55 | 
56 | action "relay" relay
57 | 
58 | match from any mail-from <blacklist-recipients> for domain <domains> reject
59 | match for local action "mda_with_virtuals"
60 | match auth from any for domain <domains> action "mda_without_rspamd"
61 | match from any for domain <domains> action "mda_with_virtuals"
62 | match from local for any action "relay"
63 | match auth from any for any action "relay"
64 | 


--------------------------------------------------------------------------------
/templates/virtuals.j2:
--------------------------------------------------------------------------------
 1 | abuse@{{ domain }}		{{ mail_user }}@{{ domain }}
 2 | postmaster@{{ domain }}		{{ mail_user }}@{{ domain }}
 3 | webmaster@{{ domain }}		{{ mail_user }}@{{ domain }}
 4 | root@{{ domain }}		{{ mail_user }}@{{ domain }}
 5 | {{ mail_user }}@{{ domain }}	vmail
 6 | 
 7 | user2@foobar.org		{{ mail_user }}@{{ domain }}
 8 | user2@foobar.org		{{ mail_user }}@{{ domain }}
 9 | root@foobar.org			{{ mail_user }}@{{ domain }}
10 | 


--------------------------------------------------------------------------------
/templates/whitelist.sender.domain.map.j2:
--------------------------------------------------------------------------------
1 | paypal.com
2 | openbsd.org
3 | cvs.openbsd.org
4 | lists.openbsd.org
5 | 


--------------------------------------------------------------------------------
/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 | 


--------------------------------------------------------------------------------
/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 |   gather_facts: true
4 |   become: True
5 |   become_method: doas
6 |   roles:
7 |     - ansible-rol-mailserver
8 | 


--------------------------------------------------------------------------------
/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 


--------------------------------------------------------------------------------