Ansible role. FreeBSD. Install and configure Postfix and Dovecot2.
Feel free to share your feedback and report issues.
The roles are not listed in the meta file. Install them manually.
- vbotka.ansible_lib Library of Ansible tasks.
The below collections should be part of standard Ansible installation. If necessary install them manually.
- community.crypto
- community.general
- vbotka.freebsd_mailserver_spamassassin
- vbotka.freebsd-mailserver_sieve
- vbotka.freebsd_mailserver_roundcube
See the defaults and examples in vars.
- Change shell to /bin/sh if necessary
shell> ansible mailserver -e 'ansible_shell_type=csh ansible_shell_executable=/bin/csh' -a 'sudo pw usermod freebsd -s /bin/sh'
- Install roles
shell> ansible-galaxy role install vbotka.freebsd_mailserver
shell> ansible-galaxy role install vbotka.ansible_lib
Optionally, install roles
shell> ansible-galaxy role install vbotka.freebsd_mailserver_sieve
shell> ansible-galaxy role install vbotka.freebsd_mailserver_spamassassin
- If necessary install collections
shell> ansible-galaxy collection install community.crypto
shell> ansible-galaxy collection install community.general
-
Fit variables to your needs.
-
Generate OpenSSL Diffie-Hellman parameters
By default the file dovecot_ssl_dh is created by the Ansible module openssl_dhparam
dovecot_ssl_dh_generate: true
dovecot_ssl_dh_cmd_generate: false
It is possible to use custom command dovecot_ssl_dh_cmd to create dovecot_ssl_dh
dovecot_ssl_dh_generate: false
dovecot_ssl_dh_cmd_generate: true
dovecot_ssl_dh_cmd: "openssl dhparam -out {{ dovecot_ssl_dh }} {{dovecot_ssl_dh_bits }}"
The options dovecot_ssl_dh_generate (default: true) and dovecot_ssl_dh_cmd_generate (default: false) are mutually exclusive. If both options are false the file dovecot_ssl_dh_path (default: files/dh.pem) is used. This file is provided by the role for testing only. Never use it in production.
The generation of the file with Diffie-Hellman parameters may take a long time. For example 4096 bit parameters take ~40min with Intel(R) Core(TM) i5-8200Y CPU @ 1.30GHz. It's a good idea to generate the file separately to speedup the configuration.
dovecot_ssl_dh_generate: false
dovecot_ssl_dh_cmd_generate: false
dovecot_ssl_dh_path: <path-to-generated-Diffie-Hellman-file>
- Create playbook and inventory
shell> cat freebsd-mailserver.yml
- hosts: mailserver
roles:
- vbotka.freebsd_mailserver
shell> cat hosts
[mailserver]
<mailserver-ip-or-fqdn>
[mailserver:vars]
ansible_connection=ssh
ansible_user=freebsd
ansible_become=true
ansible_become_method=sudo
ansible_python_interpreter=/usr/local/bin/python3.9
ansible_perl_interpreter=/usr/local/bin/perl
- Check the syntax
shell> ansible-playbook freebsd-mailserver.yml --syntax-check
- Install packages
- Install packages from the role vbotka.freebsd_mailserver
shell> ansible-playbook freebsd-mailserver.yml -t fm-packages -e fm_install=true
- If you enable sieve
freebsd_mailserver_dovecot_protocols: imap pop3 lmtp sieve
install packages from the role vbotka.freebsd_mailserver_sieve
shell> ansible-playbook freebsd-mailserver-sieve.yml -t fm_ds_packages -e fm_ds_install=true
- If you enable spamassassin
postfix_master_cf_service_def: "inet n - - - - smtpd -o content_filter=spamfilter"
install packages from the role vbotka.freebsd_mailserver_spamassassin
shell> ansible-playbook freebsd-mailserver-spamassassin.yml -t fm_sa_packages -e fm_sa_install=true
- Create default configuration for Dovecot
shell> ansible-playbook freebsd-mailserver.yml -t dovecot_example_conf
- Dry-run and display changes
shell> ansible-playbook freebsd-mailserver.yml --check --diff
- Install and configure the mailserver
shell> ansible-playbook freebsd-mailserver.yml
- Consider to test the mailserver in http://mxtoolbox.com/
Create default configuration files of Dovecot to avoid error missing files
shell> ansible-playbook freebsd-mailserver.yml -t dovecot_example_conf
Then, run the check-mode
shell> ansible-playbook freebsd-mailserver.yml --check
Use the configuration file .ansible-lint.local when running ansible-lint. Some rules might be disabled and some warnings might be ignored. See the notes in the configuration file.
shell> ansible-lint -c .ansible-lint.local
- FreeBSD handbook: 31.5. Changing the Mail Transfer Agent
- FreeBSD handbook: 31.7.4. SMTP Authentication
- SMTP Email Server With Postfix
- FreeBSD-Postfix-MySQL-SpamAssassin-Maia-Virtual Setup
- Setting up a mail server with OpenSMTPD, Dovecot and Rspamd
- Postfix Documentation
- Postfix SMTP relay and access control
- Postfix SASL Howto
- SASL Authentication in the Postfix SMTP/LMTP client
- postfix-logwatch - A Postfix log parser and analysis utility
- Dovecot manual
- OpenDKIM + SPF FreeBSD Forum
- OpenDKIM Debian Wiki
- OpenDKIM ArchLinux Wiki