debops.dovecot default variables
Sections
General Dovecot configuration
- dovecot_protocols
List of protocols which should be installed and enabled. Supported are:
imap
pop3
managesieve
lmtp
dovecot_protocols: [ 'imap' ]
- dovecot_auth_mechanisms
List of authentication mechanisms enabled. So far supported are:
plain, login
dovecot_auth_mechanisms: [ 'plain', 'login' ]
- dovecot_dependencies
Should the Dovecot role manage it's own dependencies?
dovecot_dependencies: True
- dovecot__version
Variable which specifies what Dovecot version is installed on the host. It is defined via Ansible local facts and can be used in conditions to modify the configuration as needed.
dovecot__version: '{{ ansible_local.dovecot.version|d("0.0.0") }}'
User database/mailbox configuration
- dovecot_user_accounts
User account lookup. So far supported are:
deny: Deny access for userssystem: Mail users are Linux system userssql: Mail users are stored in a SQL databaseldap: Mail users are stored in an LDAP directorypasswdfile: Users password are stored in a filecheckpassword: Users password are stored in an external program
dovecot_user_accounts: '{{ [ "deny", "ldap" ]
if dovecot__ldap_enabled|bool
else [ "deny", "system" ] }}'
- dovecot_deny_users
List of users for which mail acess is disabled.
dovecot_deny_users: [ 'root' ]
- dovecot_vmail_home
The vmail home directory is a per-user directory where Dovecot can save user-specific files. Dovecot's home directories have nothing to do with system users' home directories. It's irrelevant if it's under /home/ or /var/mail/ or wherever. For more information see: Home Directories for Virtual Users.
dovecot_vmail_home: '/var/vmail/%d/%n'
- dovecot_mail_location
Mailbox location. For mbox set something like mbox:~/mail:INBOX=/var/mail/%u.
For more information about the supported format, check Dovecot Mail
Location
dovecot_mail_location: 'maildir:~/Maildir'
- dovecot__auth_default_realm
The default domain (realm) to add to the usernames that don't specify one. Required to correctly point the clients to their mailbox directories.
dovecot__auth_default_realm: '{{ ansible_domain }}'
- dovecot_mail_dotlock
Mailbox Locking. The only standard way to lock an mbox is using a method
called dotlock. This means that a file named <mailbox-name>.lock is
created in the same directory as the mailbox being locked. Documentation
Location
dovecot_mail_dotlock: True
- dovecot_sql_driver
The SQL driver defines which SQL is used. This can be either mysql
or pgsql.
The database should have a structure like this:
CREATE TABLE `users` (
`userid` varchar(128) NOT NULL,
`domain` varchar(128) NOT NULL,
`password` varchar(128) NOT NULL,
`home` varchar(255) NOT NULL,
`uid` int(11) NOT NULL,
`gid` int(11) NOT NULL,
`active` char(1) NOT NULL DEFAULT 'Y',
`maildir` varchar(255) NOT NULL
dovecot_sql_driver: 'mysql'
- dovecot_sql_host
The hostname of the SQL server.
dovecot_sql_host: ''
- dovecot_sql_dbname
The SQL database name.
dovecot_sql_dbname: ''
- dovecot_sql_user
The username to access the SQL server.
dovecot_sql_user: ''
- dovecot_sql_password
The password to login into the SQL server.
dovecot_sql_password: ''
- dovecot_sql_default_pass_scheme
Default passwort scheme for passwords, stored in a SQL database. For more information about the supported schemes, check Authentication / PasswordSchemes
dovecot_sql_default_pass_scheme: 'SSHA512'
- dovecot_sql_password_query
SQL query string to get the password. This function should return the values
username, domain and password.
dovecot_sql_password_query: "SELECT userid AS username, domain, password FROM users WHERE userid = '%n' AND domain = '%d'"
- dovecot_sql_user_query
SQL query string to get the userdb. This function should return the values
home, uid and gid.
Optional the mail_location can be defined with the option mail.
For more information about the mail_location, check MailLocation
dovecot_sql_user_query: "SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d'"
- dovecot_sql_iterate_query
SQL query string to get a list of users. This function should return all values
user or both username and domain.
For more information about the iterate query , check AuthDatabase/SQL <https://wiki2.dovecot.org/AuthDatabase/SQL#User_iteration> _
dovecot_sql_iterate_query: "SELECT userid AS username, domain FROM users"
- dovecot_passwdfile_scheme
Scheme method use by dovecot with password authentication
dovecot_passwdfile_scheme: 'sha512-crypt'
- dovecot_passwdfile_path
Path to the dovecot password file
dovecot_passwdfile_path: '/etc/dovecot/private/'
- dovecot_passwdfile_name
Name to the dovecot password file
dovecot_passwdfile_name: 'passwd'
- dovecot_passwdfile_uid
uid use by Dovecot when it store mail in mailbox
dovecot_passwdfile_uid: 'dovecot-vmail'
- dovecot_passwdfile_gid
gid use by Dovecot when it store mail in mailbox
dovecot_passwdfile_gid: 'dovecot-vmail'
- dovecot_passwdfile_home
Path to the mailbox
dovecot_passwdfile_home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + dovecot_passwdfile_uid }}'
- dovecot_passwdfile_mailbox_path
Path inside the mailbox home directory
dovecot_passwdfile_mailbox_path: '%u'
- dovecot_checkpassword_passdb_command
Command to fetch password database in checkpassword auth mode
dovecot_checkpassword_passdb_command: '/usr/bin/checkpassword'
- dovecot_checkpassword_userdb_command
Command to fetch user database in checkpassword auth mode
dovecot_checkpassword_userdb_command: '/usr/bin/checkpassword'
PKI / TLS configuration
- dovecot_pki
Enable or disable support for TLS in Dovecot (using debops.pki)
dovecot_pki: '{{ ansible_local.pki.enabled|d() | bool }}'
- dovecot_pki_path
Base PKI directory
dovecot_pki_path: '{{ ansible_local.pki.path|d("/etc/pki/realms") }}'
- dovecot_pki_realm
Default PKI realm used by Dovecot
dovecot_pki_realm: '{{ ansible_local.pki.realm|d("domain") }}'
- dovecot__pki_ca
Name of the Root Certificate Authority certificate file used by Postfix, relative to the PKI realm directory.
dovecot__pki_ca: '{{ ansible_local.pki.ca|d("CA.crt") }}'
- dovecot_pki_crt
Default certificate, relative to dovecot_pki_realm variable
dovecot_pki_crt: '{{ ansible_local.pki.crt|d("default.crt") }}'
- dovecot_pki_key
Default private key, relative to dovecot_pki_realm variable
dovecot_pki_key: '{{ ansible_local.pki.key|d("default.key") }}'
- dovecot__tls_ca_cert_dir
Directory containing X509 Certification Authority certificates in PEM format which are to be recognized by the client in SSL/TLS connections. The files each contain one CA certificate.
dovecot__tls_ca_cert_dir: '/etc/ssl/certs/'
- dovecot_ssl_required
Requires SSL/TLS also for non-plaintext authentication. For more
information check ssl_required in Dovecot SSL Configuration
dovecot_ssl_required: True
- dovecot_ssl_min_protocol
SSL ciphers to use. On new distros you only specify the minimum ssl protocol version Dovecot accepts, defaulting to TLSv1. On old distros disable SSLv2,3 and allow TLSv1.0 or better.
dovecot_ssl_min_protocol: '{{ "!SSLv2 !SSLv3"
if (ansible_distribution_release in
[ "wheezy", "jessie", "precise", "trusty" ])
else "TLSv1" }}'
- dovecot_ssl_dh_parameters_length
Diffie-Hellman parameters length Only needed for Dovecot v2.2.x in old-distros.
dovecot_ssl_dh_parameters_length: 4096
- dovecot_ssl_cipher_list
SSL ciphers to use
dovecot_ssl_cipher_list: '{{ dovecot_ssl_cipher_list_default }}'
- dovecot_ssl_cipher_list_default
Default SSL ciphers
dovecot_ssl_cipher_list_default: 'ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH'
- dovecot_ssl_cipher_list_better_cypto
dovecot_ssl_cipher_list_better_cypto: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
- dovecot_ssl_cipher_list_ncsc_nl
'good' cipher suite from NCSC-NL TLS Guidelines v2.0 https://english.ncsc.nl/publications/publications/2019/juni/01/it-security-guidelines-for-transport-layer-security-tls
dovecot_ssl_cipher_list_ncsc_nl: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256'
- dovecot_pki_hook_name
Name of the hook script which will be stored in hook directory.
dovecot_pki_hook_name: 'dovecot'
- dovecot_pki_hook_path
Directory with PKI hooks.
dovecot_pki_hook_path: '{{ ansible_local.pki.hooks|d("/etc/pki/hooks") }}'
- dovecot_pki_hook_action
Specify how changes in PKI should affect dovecot, either 'reload' or 'restart'.
dovecot_pki_hook_action: 'reload'
Diffie-Hellman parameters
- dovecot__dhparam
Enable or disable support for custom Diffie-Hellman parameters managed by the debops.dhparam Ansible role.
dovecot__dhparam: '{{ ansible_local.dhparam.enabled
if (ansible_local|d() and ansible_local.dhparam|d() and
ansible_local.dhparam.enabled is defined)
else False }}'
- dovecot__dhparam_set
Name of the Diffie-Hellman parameter set to use in Dovecot configuration. See debops.dhparam Ansible role for more details.
dovecot__dhparam_set: 'default'
- dovecot__ssl_dh_file
Absolute path to Diffie-Hellman parameters file which should be used by Dovecot.
dovecot__ssl_dh_file: '{{ ansible_local.dhparam[dovecot__dhparam_set]
if (ansible_local|d() and ansible_local.dhparam|d() and
ansible_local.dhparam[dovecot__dhparam_set]|d())
else "" }}'
Dovecot custom configuration
- dovecot_imap_listeners
List of IMAP inet_listeners which will be enabled. See
dovecot_imap_listeners for more details.
dovecot_imap_listeners: '{{ [ "imap", "imaps" ]
if ( dovecot_pki|d(True) )
else [ "imap" ] }}'
- dovecot_imap_default_config_map
Default IMAP configuration properties. See dovecot_imap_config_map for more details.
dovecot_imap_default_config_map:
login-service:
inet_listener:
imap:
# Use only localhost when PKI is false, otherwise listen on all IPs
address: '{{ "0.0.0.0, [::]"
if (dovecot_pki|d(True))
else
"127.0.0.1, [::0]" }}'
port: 143
imaps:
address: '0.0.0.0, [::]'
# Disable IMAPS if PKI is false
port: '{{ 993 if (dovecot_pki|d(True)) else 0 }}'
ssl: 'yes'
- dovecot_mail_plugins
Mail plugins enabled in dovecot.
dovecot_mail_plugins: '$mail_plugins {{ "sieve"
if ("managesieve" in dovecot_protocols|d([]) and
dovecot_sieve_enabled|bool) else "" }}'
- dovecot_imap_config_map
Custom IMAP configuration properties. See dovecot_imap_config_map for more details.
dovecot_imap_config_map: {}
- dovecot_imap_combined_config_map
Combined IMAP configuration properties.
dovecot_imap_combined_config_map: '{{ dovecot_imap_default_config_map
|combine(
dovecot_imap_config_map,
recursive=True) }}'
- dovecot_pop3_listeners
List of POP3 inet_listeners which will be enabled. See
dovecot_pop3_listeners for more details.
dovecot_pop3_listeners: '{{ [ "pop3", "pop3s" ]
if ( dovecot_pki|d(True) )
else
[ "pop3" ] }}'
- dovecot_pop3_config_map
Custom POP3 configuration properties. See dovecot_pop3_config_map for more details.
dovecot_pop3_config_map: {}
- dovecot_sieve_enabled
Enable/disable the sieve mail plugin
dovecot_sieve_enabled: true
- dovecot_sieve_port
Managesieve port
dovecot_sieve_port: 4190
- dovecot_sieve_active_script
Location of link to active sieve script
dovecot_sieve_active_script: '~/.dovecot.sieve'
- dovecot_sieve_dir
Storage directory for sieve scripts uploaded by ManageSieve
dovecot_sieve_dir: 'file:~/sieve'
- dovecot_managesieve_listeners
List of ManageSieve inet_listeners which will be enabled. See
dovecot_managesieve_listeners for more details.
dovecot_managesieve_listeners: [ 'sieve' ]
- dovecot_managesieve_config_map
Custom ManageSieve configuration properties. See dovecot_managesieve_config_map for more details.
dovecot_managesieve_config_map:
login-service:
inet_listener:
sieve:
port: '{{ dovecot_sieve_port|int }}'
plugin:
sieve: '{{ dovecot_sieve_dir }}'
active: '{{ dovecot_sieve_active_script }}'
- dovecot_lda_config_map
Custom LDA configuration properties. See dovecot_lda_config_map for more details.
dovecot_lda_config_map:
protocol:
mail_plugins: '{{ dovecot_mail_plugins }}'
- dovecot_lmtp_listeners
List of LMTP inet_listeners or unix_listeners which will be enabled.
See dovecot_lmtp_listeners for more details.
dovecot_lmtp_listeners: [ '/var/spool/postfix/private/dovecot-lmtp' ]
- dovecot_lmtp_config_map
Custom LMTP configuration properties. See dovecot_lmtp_config_map for more details.
dovecot_lmtp_config_map:
service:
unix_listener:
/var/spool/postfix/private/dovecot-lmtp:
user: 'postfix'
group: 'postfix'
mode: '0600'
protocol:
mail_plugins: '{{ dovecot_mail_plugins }}'
- dovecot_postfix_transport
Postfix mail transport target if LMTP is enabled. For more details see dovecot_postfix_transport.
dovecot_postfix_transport: 'lmtp:unix:private/dovecot-lmtp'
- dovecot_auth_listeners
List of AUTH unix_listeners which will be enabled.
See dovecot_auth_listeners for more details.
dovecot_auth_listeners: [ '/var/spool/postfix/private/auth' ]
- dovecot_auth_config_map
Custom AUTH service configuration properties. See dovecot_auth_config_map for more details.
dovecot_auth_config_map:
service:
# Postfix smtp-auth socket.
unix_listener:
/var/spool/postfix/private/auth:
user: 'postfix'
group: 'postfix'
mode: '0600'
- dovecot_custom_localconf
Dovecot custom configuration added at the end of /etc/dovecot/local.conf
in a text block format
dovecot_custom_localconf: False
Firewall configuration
- dovecot__accept_any
Specofy the default firewall policy for dovecot IMAP services.
If True, any host can connect to the dovecot daemon unless allow
restrictions are defined using the variables below.
If False, no hosts can connect to the dovecot daemon by default. You
need to specify IP addresses or subnets that can access the services using
the variables below.
dovecot__accept_any: True
- dovecot__allow_imap
List of hosts/networks that can access the imap port (143).
dovecot__allow_imap: []
- dovecot__allow_imaps
List of hosts/networks that can access the imaps port (993).
dovecot__allow_imaps: []
- dovecot__allow_pop3
List of hosts/networks that can access the pop3 port (110).
dovecot__allow_pop3: []
- dovecot__allow_pop3s
List of hosts/networks that can access the pop3s port (995).
dovecot__allow_pop3s: []
- dovecot__allow_sieve
List of hosts/networks that can access the ManageSieve Protocol port (4190).
dovecot__allow_sieve: []
Virtual Mail
This settings help to configure to enable postfix to host multiple (virtual) domains, and thus provide email to several domains with just one mail server. Currently the Virtual Mail support works only with LDAP enabled, in the future mariaDB could be enabled.
- dovecot__vmail_posix_user
Virtual Mail POSIX username For the accesses to the mailbox directories a separate user vmail (Virtual Mail) is created, under which the accesses of Postfix, Dovecot and other components of the mail server should take place. On the one hand this prevents mail server components from accessing sensitive system directories, on the other hand it protects the mailboxes from external access. Only vmail (and root) are allowed to access the mailboxes.
dovecot__vmail_posix_user: '{{ ansible_local.postldap.vmail_posix_user|d("vmail") }}'
- dovecot__vmail_posix_group
Virtual Mail POSIX group
dovecot__vmail_posix_group: '{{ ansible_local.postldap.vmail_posix_group|d("vmail") }}'
LDAP
LDAP authentication
- dovecot__ldap_enabled
In order to enable Virtual Mail support LDAP authentication needs to be enabled. When enabled, dovecot will authenticate users against LDAP and authorize access to the user's mailbox.
dovecot__ldap_enabled: '{{ True
if (ansible_local|d() and ansible_local.ldap|d() and
(ansible_local.ldap.enabled|d())|bool)
else False }}'
- dovecot__ldap_base_dn
The base Distinguished Name which should be used to create Distinguished Names of the LDAP directory objects, defined as a YAML list.
dovecot__ldap_base_dn: '{{ ansible_local.ldap.base_dn|d([]) }}'
- dovecot__ldap_device_dn
The Distinguished Name of the current host LDAP object, defined as a YAML list. It will be used as a base for the Postfix/Dovecot Virtual Mail service account LDAP object. If the list is empty, the role will not create the account LDAP object automatically.
dovecot__ldap_device_dn: '{{ ansible_local.ldap.device_dn|d([]) }}'
- dovecot__ldap_self_rdn
The Relative Distinguished Name of the account LDAP object used by the dovecot service to access the LDAP directory.
dovecot__ldap_self_rdn: 'uid=dovecot'
- dovecot__ldap_self_object_classes
List of the LDAP object classes which will be used to create the LDAP object used by the dovecot service to access the LDAP directory.
dovecot__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
- dovecot__ldap_self_attributes
YAML dictionary that defines the attributes of the LDAP object used by the dovecot service to access the LDAP directory.
dovecot__ldap_self_attributes:
uid: '{{ dovecot__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ dovecot__ldap_bindpw }}'
host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
description: 'Account used by the "Dovecot" service to access the LDAP directory'
# ]]]
- dovecot__ldap_binddn
The Distinguished Name of the account LDAP object used by the Dovecot service to bind to the LDAP directory.
dovecot__ldap_binddn: '{{ ([ dovecot__ldap_self_rdn ]
+ dovecot__ldap_device_dn) | join(",") }}'
- dovecot__ldap_bindpw
The password stored in the account LDAP object used by the dovecot service to bind to the LDAP directory.
dovecot__ldap_bindpw: '{{ (lookup("password", secret + "/ldap/credentials/"
+ dovecot__ldap_binddn | to_uuid + ".password length=32 "
+ "chars=ascii_letters,digits,!@_$%^&*"))
if dovecot__ldap_enabled|bool
else "" }}'
- dovecot__ldap_people_rdn
The Relative Distinguished Name of the LDAP object which contains the user accounts stored in LDAP.
dovecot__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn|d("ou=People") }}'
- dovecot__ldap_people_dn
The Distinguished Name of the LDAP object which contains the user accounts used by Postfix and Dovecot.
dovecot__ldap_people_dn: '{{ [ dovecot__ldap_people_rdn ]
+ dovecot__ldap_base_dn }}'
LDAP connection options
- dovecot__ldap_uri
List of LDAP URIs that point to the directory servers which should be used by dovecot service.
dovecot__ldap_uri: '{{ ansible_local.ldap.uri|d([""]) }}'
- dovecot__ldap_start_tls
If True, STARTTLS will be used to connect to the LDAP server.
dovecot__ldap_start_tls: '{{ ansible_local.ldap.start_tls|d(True)|bool }}'
LDAP settings
- dovecot__ldap_user_filter
The LDAP filter used to look up user accounts in the directory. See LDAP tasks and administrative operations for more information.
dovecot__ldap_user_filter: '(&
(objectClass=inetOrgPerson)
(|
(uid=%u)
(mail=%u)
)
(|
(authorizedService=all)
(authorizedService=mail:access)
)
)'
- dovecot__ldap_quota_attribute
Set the LDAP attribute value to be read by Postfix in order to get the user quota.
dovecot__ldap_quota_attribute: 'mailQuota'
- dovecot__ldap_quota_default
User default LDAP quota. Use human-readable values, e.g. "2 GB".
dovecot__ldap_quota_default: '10 GB'
- dovecot__ldap_default_config
The LDAP configuration options defined by default.
dovecot__ldap_default_config: []
- dovecot__ldap_config
List of custom LDAP configuration options defined for all hosts in the Ansible inventory.
dovecot__ldap_config: []
- dovecot__group_ldap_config
List of custom LDAP configuration options defined on hosts in a specific Ansible inventory group.
dovecot__group_ldap_config: []
- dovecot__host_ldap_config
List of custom LDAP configuration options defined on specific hosts in the Ansible inventory.
dovecot__host_ldap_config: []
- dovecot__ldap_combined_config
The variable that combines default and user LDAP configuration and is used in the role tasks and templates.
dovecot__ldap_combined_config: '{{ dovecot__ldap_default_config
+ dovecot__ldap_config
+ dovecot__group_ldap_config
+ dovecot__host_ldap_config }}'
Configuration for other Ansible roles
- dovecot__ldap__dependent_tasks
Configuration for the debops.ldap Ansible role.
dovecot__ldap__dependent_tasks:
- name: 'Create Postfix account for {{ dovecot__ldap_device_dn | join(",") }}'
dn: '{{ dovecot__ldap_binddn }}'
objectClass: '{{ dovecot__ldap_self_object_classes }}'
attributes: '{{ dovecot__ldap_self_attributes }}'
no_log: '{{ dovecot__no_log|d(True) }}'
state: '{{ "present"
if (dovecot__ldap_enabled|bool and
dovecot__ldap_device_dn|d())
else "ignore" }}'
- dovecot__postfix__dependent_maincf
The main.cf configuration for debops.postfix Ansible role.
dovecot__postfix__dependent_maincf:
# The default TLS security level set by the 'postfix' role is "may", however
# when the mail is delivered over local UNIX socket, this results in
# a warning in the mail logs: "warning: smtp_connect_local: opportunistic TLS
# encryption is not appropriate for unix-domain destinations". Therefore if
# we know that Dovecot is installed locally and we deliver over an UNIX
# socket, we can disable the opportunistic TLS encryption for the LMTP
# protocol.
- name: 'lmtp_tls_security_level'
comment: |
Security level overridden via local Dovecot installation
value: '{{ "none"
if dovecot_postfix_transport.startswith("lmtp:unix:")
else "may" }}'
state: '{{ "present" if "lmtp" in dovecot_protocols else "ignore" }}'
# We don't care about the STARTTLS offer when we talk to Dovecot over an UNIX
# socket.
- name: 'lmtp_tls_note_starttls_offer'
value: '{{ False
if dovecot_postfix_transport.startswith("lmtp:unix:")
else True }}'
state: '{{ "present" if "lmtp" in dovecot_protocols else "ignore" }}'
- name: 'virtual_transport'
value: '{{ dovecot_postfix_transport }}'
state: '{{ "present"
if ("lmtp" in dovecot_protocols and
dovecot__ldap_enabled|bool)
else "ignore" }}'
- name: 'mailbox_transport'
value: '{{ dovecot_postfix_transport }}'
state: '{{ "present"
if ("lmtp" in dovecot_protocols and
not dovecot__ldap_enabled|bool)
else "ignore" }}'
- dovecot__postfix__dependent_mastercf
The master.cf configuration for debops.postfix Ansible role.
dovecot__postfix__dependent_mastercf: []
- dovecot__ferm__dependent_rules
Configuration for debops.ferm Ansible role.
dovecot__ferm__dependent_rules:
- name: 'dovecot_imap'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'imap2' ]
saddr: '{{ dovecot__allow_imap }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("imap" in dovecot_protocols|d([]))
else "absent" }}'
- name: 'dovecot_imaps'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'imaps' ]
saddr: '{{ dovecot__allow_imaps }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("imap" in dovecot_protocols|d([])
and dovecot_pki|d(True))
else "absent" }}'
- name: 'dovecot_pop3'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'pop3' ]
saddr: '{{ dovecot__allow_pop3 }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("pop3" in dovecot_protocols|d([]))
else "absent" }}'
- name: 'dovecot_pop3s'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'pop3s' ]
saddr: '{{ dovecot__allow_pop3s }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("pop3" in dovecot_protocols|d([])
and dovecot_pki|d(True))
else "absent" }}'
- name: 'dovecot_sieve'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'sieve' ]
saddr: '{{ dovecot__allow_sieve }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("managesieve" in dovecot_protocols|d([])
and dovecot_pki|d(True))
else "absent" }}'