debops.dovecot default variables¶
Sections
General Dovecot configuration¶
-
dovecot_protocols¶
List of protocols which should be installed and enabled. Supported are:
imappop3managesievelmtp
dovecot_protocols: [ 'imap' ]
-
dovecot_auth_mechanisms¶
List of authentication mechanisms enabled. So far supported are:
plain, login
dovecot_auth_mechanisms: [ 'plain', 'login' ]
-
dovecot_dependencies¶
Should the Dovecot role manage it's own dependencies?
dovecot_dependencies: True
-
dovecot__version¶
Variable which specifies what Dovecot version is installed on the host. It is defined via Ansible local facts and can be used in conditions to modify the configuration as needed.
dovecot__version: '{{ ansible_local.dovecot.version|d("0.0.0") }}'
User database/mailbox configuration¶
-
dovecot_user_accounts¶
User account lookup. So far supported are:
deny: Deny access for userssystem: Mail users are Linux system userssql: Mail users are stored in a SQL databaseldap: Mail users are stored in an LDAP directorypasswdfile: Users password are stored in a filecheckpassword: Users password are stored in an external program
dovecot_user_accounts: '{{ [ "deny", "ldap" ]
if dovecot__ldap_enabled|bool
else [ "deny", "system" ] }}'
-
dovecot_deny_users¶
List of users for which mail acess is disabled.
dovecot_deny_users: [ 'root' ]
-
dovecot_vmail_base¶
The base directory where user mail directories are located. This value is
used to construct the virtual mail home directory paths as well as defines
a prefix added to the mailHomeDirectory LDAP attribute if it's found in
the LDAP lookups.
dovecot_vmail_base: '/var/vmail'
-
dovecot_vmail_home¶
The vmail home directory is a per-user directory where Dovecot can save user-specific files. Dovecot's home directories have nothing to do with system users' home directories. It's irrelevant if it's under /home/ or /var/mail/ or wherever. For more information see: Home Directories for Virtual Users.
dovecot_vmail_home: '{{ dovecot_vmail_base ~ "/%d/%n" }}'
-
dovecot_mail_location¶
Mailbox location. For mbox set something like mbox:~/mail:INBOX=/var/mail/%u.
For more information about the supported format, check Dovecot Mail
Location
dovecot_mail_location: 'maildir:~/Maildir'
-
dovecot__auth_default_realm¶
The default domain (realm) to add to the usernames that don't specify one. Required to correctly point the clients to their mailbox directories.
dovecot__auth_default_realm: '{{ ansible_domain }}'
-
dovecot_mail_dotlock¶
Mailbox Locking. The only standard way to lock an mbox is using a method
called dotlock. This means that a file named <mailbox-name>.lock is
created in the same directory as the mailbox being locked. Documentation
Location
dovecot_mail_dotlock: True
-
dovecot_sql_driver¶
The SQL driver defines which SQL is used. This can be either mysql
or pgsql.
The database should have a structure like this:
CREATE TABLE `users` (
`userid` varchar(128) NOT NULL,
`domain` varchar(128) NOT NULL,
`password` varchar(128) NOT NULL,
`home` varchar(255) NOT NULL,
`uid` int(11) NOT NULL,
`gid` int(11) NOT NULL,
`active` char(1) NOT NULL DEFAULT 'Y',
`maildir` varchar(255) NOT NULL
dovecot_sql_driver: 'mysql'
-
dovecot_sql_host¶
The hostname of the SQL server.
dovecot_sql_host: ''
-
dovecot_sql_dbname¶
The SQL database name.
dovecot_sql_dbname: ''
-
dovecot_sql_user¶
The username to access the SQL server.
dovecot_sql_user: ''
-
dovecot_sql_password¶
The password to login into the SQL server.
dovecot_sql_password: ''
-
dovecot_sql_default_pass_scheme¶
Default passwort scheme for passwords, stored in a SQL database. For more information about the supported schemes, check Authentication / PasswordSchemes
dovecot_sql_default_pass_scheme: 'SSHA512'
-
dovecot_sql_password_query¶
SQL query string to get the password. This function should return the values
username, domain and password.
dovecot_sql_password_query: "SELECT userid AS username, domain, password FROM users WHERE userid = '%n' AND domain = '%d'"
-
dovecot_sql_user_query¶
SQL query string to get the userdb. This function should return the values
home, uid and gid.
Optional the mail_location can be defined with the option mail.
For more information about the mail_location, check MailLocation
dovecot_sql_user_query: "SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d'"
-
dovecot_sql_iterate_query¶
SQL query string to get a list of users. This function should return all values
user or both username and domain.
For more information about the iterate query , check AuthDatabase/SQL <https://wiki2.dovecot.org/AuthDatabase/SQL#User_iteration> _
dovecot_sql_iterate_query: "SELECT userid AS username, domain FROM users"
-
dovecot_passwdfile_scheme¶
Scheme method use by dovecot with password authentication
dovecot_passwdfile_scheme: 'sha512-crypt'
-
dovecot_passwdfile_path¶
Path to the dovecot password file
dovecot_passwdfile_path: '/etc/dovecot/private/'
-
dovecot_passwdfile_name¶
Name to the dovecot password file
dovecot_passwdfile_name: 'passwd'
-
dovecot_passwdfile_uid¶
uid use by Dovecot when it store mail in mailbox
dovecot_passwdfile_uid: 'dovecot-vmail'
-
dovecot_passwdfile_gid¶
gid use by Dovecot when it store mail in mailbox
dovecot_passwdfile_gid: 'dovecot-vmail'
-
dovecot_passwdfile_home¶
Path to the mailbox
dovecot_passwdfile_home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + dovecot_passwdfile_uid }}'
-
dovecot_passwdfile_mailbox_path¶
Path inside the mailbox home directory
dovecot_passwdfile_mailbox_path: '%u'
-
dovecot_checkpassword_passdb_command¶
Command to fetch password database in checkpassword auth mode
dovecot_checkpassword_passdb_command: '/usr/bin/checkpassword'
-
dovecot_checkpassword_userdb_command¶
Command to fetch user database in checkpassword auth mode
dovecot_checkpassword_userdb_command: '/usr/bin/checkpassword'
PKI / TLS configuration¶
-
dovecot_pki¶
Enable or disable support for TLS in Dovecot (using debops.pki)
dovecot_pki: '{{ ansible_local.pki.enabled|d() | bool }}'
-
dovecot_pki_path¶
Base PKI directory
dovecot_pki_path: '{{ ansible_local.pki.path|d("/etc/pki/realms") }}'
-
dovecot_pki_realm¶
Default PKI realm used by Dovecot
dovecot_pki_realm: '{{ ansible_local.pki.realm|d("domain") }}'
-
dovecot__pki_ca¶
Name of the Root Certificate Authority certificate file used by Postfix, relative to the PKI realm directory.
dovecot__pki_ca: '{{ ansible_local.pki.ca|d("CA.crt") }}'
-
dovecot_pki_crt¶
Default certificate, relative to dovecot_pki_realm variable
dovecot_pki_crt: '{{ ansible_local.pki.crt|d("default.crt") }}'
-
dovecot_pki_key¶
Default private key, relative to dovecot_pki_realm variable
dovecot_pki_key: '{{ ansible_local.pki.key|d("default.key") }}'
-
dovecot__tls_ca_cert_dir¶
Directory containing X509 Certification Authority certificates in PEM format which are to be recognized by the client in SSL/TLS connections. The files each contain one CA certificate.
dovecot__tls_ca_cert_dir: '/etc/ssl/certs/'
-
dovecot_ssl_required¶
Requires SSL/TLS also for non-plaintext authentication. For more
information check ssl_required in Dovecot SSL Configuration
dovecot_ssl_required: True
-
dovecot_ssl_min_protocol¶
SSL ciphers to use. On new distros you only specify the minimum ssl protocol version Dovecot accepts, defaulting to TLSv1. On old distros disable SSLv2,3 and allow TLSv1.0 or better.
dovecot_ssl_min_protocol: '{{ "!SSLv2 !SSLv3"
if (ansible_distribution_release in
[ "wheezy", "jessie", "precise", "trusty" ])
else "TLSv1" }}'
-
dovecot_ssl_dh_parameters_length¶
Diffie-Hellman parameters length Only needed for Dovecot v2.2.x in old-distros.
dovecot_ssl_dh_parameters_length: 4096
-
dovecot_ssl_cipher_list¶
SSL ciphers to use
dovecot_ssl_cipher_list: '{{ dovecot_ssl_cipher_list_default }}'
-
dovecot_ssl_cipher_list_default¶
Default SSL ciphers
dovecot_ssl_cipher_list_default: 'ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH'
-
dovecot_ssl_cipher_list_better_cypto¶
dovecot_ssl_cipher_list_better_cypto: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
-
dovecot_ssl_cipher_list_ncsc_nl¶
'good' cipher suite from NCSC-NL TLS Guidelines v2.0 https://english.ncsc.nl/publications/publications/2019/juni/01/it-security-guidelines-for-transport-layer-security-tls
dovecot_ssl_cipher_list_ncsc_nl: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256'
-
dovecot_pki_hook_name¶
Name of the hook script which will be stored in hook directory.
dovecot_pki_hook_name: 'dovecot'
-
dovecot_pki_hook_path¶
Directory with PKI hooks.
dovecot_pki_hook_path: '{{ ansible_local.pki.hooks|d("/etc/pki/hooks") }}'
-
dovecot_pki_hook_action¶
Specify how changes in PKI should affect dovecot, either 'reload' or 'restart'.
dovecot_pki_hook_action: 'reload'
Diffie-Hellman parameters¶
-
dovecot__dhparam¶
Enable or disable support for custom Diffie-Hellman parameters managed by the debops.dhparam Ansible role.
dovecot__dhparam: '{{ ansible_local.dhparam.enabled
if (ansible_local|d() and ansible_local.dhparam|d() and
ansible_local.dhparam.enabled is defined)
else False }}'
-
dovecot__dhparam_set¶
Name of the Diffie-Hellman parameter set to use in Dovecot configuration. See debops.dhparam Ansible role for more details.
dovecot__dhparam_set: 'default'
-
dovecot__ssl_dh_file¶
Absolute path to Diffie-Hellman parameters file which should be used by Dovecot.
dovecot__ssl_dh_file: '{{ ansible_local.dhparam[dovecot__dhparam_set]
if (ansible_local|d() and ansible_local.dhparam|d() and
ansible_local.dhparam[dovecot__dhparam_set]|d())
else "" }}'
Dovecot custom configuration¶
-
dovecot_imap_listeners¶
List of IMAP inet_listeners which will be enabled. See
dovecot_imap_listeners for more details.
dovecot_imap_listeners: '{{ [ "imap", "imaps" ]
if ( dovecot_pki|d(True) )
else [ "imap" ] }}'
-
dovecot_imap_default_config_map¶
Default IMAP configuration properties. See dovecot_imap_config_map for more details.
dovecot_imap_default_config_map:
login-service:
inet_listener:
imap:
# Use only localhost when PKI is false, otherwise listen on all IPs
address: '{{ "0.0.0.0, [::]"
if (dovecot_pki|d(True))
else
"127.0.0.1, [::0]" }}'
port: 143
imaps:
address: '0.0.0.0, [::]'
# Disable IMAPS if PKI is false
port: '{{ 993 if (dovecot_pki|d(True)) else 0 }}'
ssl: 'yes'
-
dovecot_mail_plugins¶
Mail plugins enabled in dovecot.
dovecot_mail_plugins: '$mail_plugins {{ "sieve"
if ("managesieve" in dovecot_protocols|d([]) and
dovecot_sieve_enabled|bool) else "" }}'
-
dovecot_imap_config_map¶
Custom IMAP configuration properties. See dovecot_imap_config_map for more details.
dovecot_imap_config_map: {}
-
dovecot_imap_combined_config_map¶
Combined IMAP configuration properties.
dovecot_imap_combined_config_map: '{{ dovecot_imap_default_config_map
|combine(
dovecot_imap_config_map,
recursive=True) }}'
-
dovecot_pop3_listeners¶
List of POP3 inet_listeners which will be enabled. See
dovecot_pop3_listeners for more details.
dovecot_pop3_listeners: '{{ [ "pop3", "pop3s" ]
if ( dovecot_pki|d(True) )
else
[ "pop3" ] }}'
-
dovecot_pop3_config_map¶
Custom POP3 configuration properties. See dovecot_pop3_config_map for more details.
dovecot_pop3_config_map: {}
-
dovecot_sieve_enabled¶
Enable/disable the sieve mail plugin
dovecot_sieve_enabled: true
-
dovecot_sieve_port¶
Managesieve port
dovecot_sieve_port: 4190
-
dovecot_sieve_active_script¶
Location of link to active sieve script
dovecot_sieve_active_script: '~/.dovecot.sieve'
-
dovecot_sieve_dir¶
Storage directory for sieve scripts uploaded by ManageSieve
dovecot_sieve_dir: 'file:~/sieve'
-
dovecot_managesieve_listeners¶
List of ManageSieve inet_listeners which will be enabled. See
dovecot_managesieve_listeners for more details.
dovecot_managesieve_listeners: [ 'sieve' ]
-
dovecot_managesieve_config_map¶
Custom ManageSieve configuration properties. See dovecot_managesieve_config_map for more details.
dovecot_managesieve_config_map:
login-service:
inet_listener:
sieve:
port: '{{ dovecot_sieve_port|int }}'
plugin:
sieve: '{{ dovecot_sieve_dir }}'
active: '{{ dovecot_sieve_active_script }}'
-
dovecot_lda_config_map¶
Custom LDA configuration properties. See dovecot_lda_config_map for more details.
dovecot_lda_config_map:
protocol:
mail_plugins: '{{ dovecot_mail_plugins }}'
-
dovecot_lmtp_listeners¶
List of LMTP inet_listeners or unix_listeners which will be enabled.
See dovecot_lmtp_listeners for more details.
dovecot_lmtp_listeners: [ '/var/spool/postfix/private/dovecot-lmtp' ]
-
dovecot_lmtp_config_map¶
Custom LMTP configuration properties. See dovecot_lmtp_config_map for more details.
dovecot_lmtp_config_map:
service:
unix_listener:
/var/spool/postfix/private/dovecot-lmtp:
user: 'postfix'
group: 'postfix'
mode: '0600'
protocol:
mail_plugins: '{{ dovecot_mail_plugins }}'
-
dovecot_postfix_transport¶
Postfix mail transport target if LMTP is enabled. For more details see dovecot_postfix_transport.
dovecot_postfix_transport: 'lmtp:unix:private/dovecot-lmtp'
-
dovecot_auth_listeners¶
List of AUTH unix_listeners which will be enabled.
See dovecot_auth_listeners for more details.
dovecot_auth_listeners: [ '/var/spool/postfix/private/auth' ]
-
dovecot_auth_config_map¶
Custom AUTH service configuration properties. See dovecot_auth_config_map for more details.
dovecot_auth_config_map:
service:
# Postfix smtp-auth socket.
unix_listener:
/var/spool/postfix/private/auth:
user: 'postfix'
group: 'postfix'
mode: '0600'
-
dovecot_custom_localconf¶
Dovecot custom configuration added at the end of /etc/dovecot/local.conf
in a text block format
dovecot_custom_localconf: False
Firewall configuration¶
-
dovecot__accept_any¶
Specofy the default firewall policy for dovecot IMAP services.
If True, any host can connect to the dovecot daemon unless allow
restrictions are defined using the variables below.
If False, no hosts can connect to the dovecot daemon by default. You
need to specify IP addresses or subnets that can access the services using
the variables below.
dovecot__accept_any: True
-
dovecot__allow_imap¶
List of hosts/networks that can access the imap port (143).
dovecot__allow_imap: []
-
dovecot__allow_imaps¶
List of hosts/networks that can access the imaps port (993).
dovecot__allow_imaps: []
-
dovecot__allow_pop3¶
List of hosts/networks that can access the pop3 port (110).
dovecot__allow_pop3: []
-
dovecot__allow_pop3s¶
List of hosts/networks that can access the pop3s port (995).
dovecot__allow_pop3s: []
-
dovecot__allow_sieve¶
List of hosts/networks that can access the ManageSieve Protocol port (4190).
dovecot__allow_sieve: []
Virtual Mail¶
This settings help to configure to enable postfix to host multiple (virtual) domains, and thus provide email to several domains with just one mail server. Currently the Virtual Mail support works only with LDAP enabled, in the future mariaDB could be enabled.
-
dovecot__vmail_posix_user¶
Virtual Mail POSIX username For the accesses to the mailbox directories a separate user vmail (Virtual Mail) is created, under which the accesses of Postfix, Dovecot and other components of the mail server should take place. On the one hand this prevents mail server components from accessing sensitive system directories, on the other hand it protects the mailboxes from external access. Only vmail (and root) are allowed to access the mailboxes.
dovecot__vmail_posix_user: '{{ ansible_local.postldap.vmail_posix_user|d("vmail") }}'
-
dovecot__vmail_posix_group¶
Virtual Mail POSIX group
dovecot__vmail_posix_group: '{{ ansible_local.postldap.vmail_posix_group|d("vmail") }}'
LDAP¶
LDAP authentication¶
-
dovecot__ldap_enabled¶
In order to enable Virtual Mail support LDAP authentication needs to be enabled. When enabled, dovecot will authenticate users against LDAP and authorize access to the user's mailbox.
dovecot__ldap_enabled: '{{ True
if (ansible_local|d() and ansible_local.ldap|d() and
(ansible_local.ldap.enabled|d())|bool)
else False }}'
-
dovecot__ldap_base_dn¶
The base Distinguished Name which should be used to create Distinguished Names of the LDAP directory objects, defined as a YAML list.
dovecot__ldap_base_dn: '{{ ansible_local.ldap.base_dn|d([]) }}'
-
dovecot__ldap_device_dn¶
The Distinguished Name of the current host LDAP object, defined as a YAML list. It will be used as a base for the Postfix/Dovecot Virtual Mail service account LDAP object. If the list is empty, the role will not create the account LDAP object automatically.
dovecot__ldap_device_dn: '{{ ansible_local.ldap.device_dn|d([]) }}'
-
dovecot__ldap_self_rdn¶
The Relative Distinguished Name of the account LDAP object used by the dovecot service to access the LDAP directory.
dovecot__ldap_self_rdn: 'uid=dovecot'
-
dovecot__ldap_self_object_classes¶
List of the LDAP object classes which will be used to create the LDAP object used by the dovecot service to access the LDAP directory.
dovecot__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
-
dovecot__ldap_self_attributes¶
YAML dictionary that defines the attributes of the LDAP object used by the dovecot service to access the LDAP directory.
dovecot__ldap_self_attributes:
uid: '{{ dovecot__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ dovecot__ldap_bindpw }}'
host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
description: 'Account used by the "Dovecot" service to access the LDAP directory'
# ]]]
-
dovecot__ldap_binddn¶
The Distinguished Name of the account LDAP object used by the Dovecot service to bind to the LDAP directory.
dovecot__ldap_binddn: '{{ ([ dovecot__ldap_self_rdn ]
+ dovecot__ldap_device_dn) | join(",") }}'
-
dovecot__ldap_bindpw¶
The password stored in the account LDAP object used by the dovecot service to bind to the LDAP directory.
dovecot__ldap_bindpw: '{{ (lookup("password", secret + "/ldap/credentials/"
+ dovecot__ldap_binddn | to_uuid + ".password length=32 "
+ "chars=ascii_letters,digits,!@_$%^&*"))
if dovecot__ldap_enabled|bool
else "" }}'
-
dovecot__ldap_people_rdn¶
The Relative Distinguished Name of the LDAP object which contains the user accounts stored in LDAP.
dovecot__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn|d("ou=People") }}'
-
dovecot__ldap_people_dn¶
The Distinguished Name of the LDAP object which contains the user accounts used by Postfix and Dovecot.
dovecot__ldap_people_dn: '{{ [ dovecot__ldap_people_rdn ]
+ dovecot__ldap_base_dn }}'
LDAP connection options¶
-
dovecot__ldap_uri¶
List of LDAP URIs that point to the directory servers which should be used by dovecot service.
dovecot__ldap_uri: '{{ ansible_local.ldap.uri|d([""]) }}'
-
dovecot__ldap_start_tls¶
If True, STARTTLS will be used to connect to the LDAP server.
dovecot__ldap_start_tls: '{{ ansible_local.ldap.start_tls|d(True)|bool }}'
LDAP settings¶
-
dovecot__ldap_user_filter¶
The LDAP filter used to look up user accounts in the directory. See LDAP tasks and administrative operations for more information.
dovecot__ldap_user_filter: '(&
(objectClass=mailRecipient)
(|
(uid=%n)
(mail=%u)
)
(|
(authorizedService=all)
(authorizedService=mail:access)
)
)'
-
dovecot__ldap_quota_attribute¶
Set the LDAP attribute value to be read by Postfix in order to get the user quota.
dovecot__ldap_quota_attribute: 'mailQuota'
-
dovecot__ldap_quota_default¶
User default LDAP quota. Use human-readable values, e.g. "2 GB".
dovecot__ldap_quota_default: '10 GB'
-
dovecot__ldap_default_config¶
The LDAP configuration options defined by default.
dovecot__ldap_default_config: []
-
dovecot__ldap_config¶
List of custom LDAP configuration options defined for all hosts in the Ansible inventory.
dovecot__ldap_config: []
-
dovecot__group_ldap_config¶
List of custom LDAP configuration options defined on hosts in a specific Ansible inventory group.
dovecot__group_ldap_config: []
-
dovecot__host_ldap_config¶
List of custom LDAP configuration options defined on specific hosts in the Ansible inventory.
dovecot__host_ldap_config: []
-
dovecot__ldap_combined_config¶
The variable that combines default and user LDAP configuration and is used in the role tasks and templates.
dovecot__ldap_combined_config: '{{ dovecot__ldap_default_config
+ dovecot__ldap_config
+ dovecot__group_ldap_config
+ dovecot__host_ldap_config }}'
Configuration for other Ansible roles¶
-
dovecot__ldap__dependent_tasks¶
Configuration for the debops.ldap Ansible role.
dovecot__ldap__dependent_tasks:
- name: 'Create Postfix account for {{ dovecot__ldap_device_dn | join(",") }}'
dn: '{{ dovecot__ldap_binddn }}'
objectClass: '{{ dovecot__ldap_self_object_classes }}'
attributes: '{{ dovecot__ldap_self_attributes }}'
no_log: '{{ dovecot__no_log|d(True) }}'
state: '{{ "present"
if (dovecot__ldap_enabled|bool and
dovecot__ldap_device_dn|d())
else "ignore" }}'
-
dovecot__postfix__dependent_maincf¶
The main.cf configuration for debops.postfix Ansible role.
dovecot__postfix__dependent_maincf:
# The default TLS security level set by the 'postfix' role is "may", however
# when the mail is delivered over local UNIX socket, this results in
# a warning in the mail logs: "warning: smtp_connect_local: opportunistic TLS
# encryption is not appropriate for unix-domain destinations". Therefore if
# we know that Dovecot is installed locally and we deliver over an UNIX
# socket, we can disable the opportunistic TLS encryption for the LMTP
# protocol.
- name: 'lmtp_tls_security_level'
comment: |
Security level overridden via local Dovecot installation
value: '{{ "none"
if dovecot_postfix_transport.startswith("lmtp:unix:")
else "may" }}'
state: '{{ "present" if "lmtp" in dovecot_protocols else "ignore" }}'
# We don't care about the STARTTLS offer when we talk to Dovecot over an UNIX
# socket.
- name: 'lmtp_tls_note_starttls_offer'
value: '{{ False
if dovecot_postfix_transport.startswith("lmtp:unix:")
else True }}'
state: '{{ "present" if "lmtp" in dovecot_protocols else "ignore" }}'
- name: 'virtual_transport'
value: '{{ dovecot_postfix_transport }}'
state: '{{ "present"
if ("lmtp" in dovecot_protocols and
dovecot__ldap_enabled|bool)
else "ignore" }}'
- name: 'mailbox_transport'
value: '{{ dovecot_postfix_transport }}'
state: '{{ "present"
if ("lmtp" in dovecot_protocols and
not dovecot__ldap_enabled|bool)
else "ignore" }}'
-
dovecot__postfix__dependent_mastercf¶
The master.cf configuration for debops.postfix Ansible role.
dovecot__postfix__dependent_mastercf: []
-
dovecot__ferm__dependent_rules¶
Configuration for debops.ferm Ansible role.
dovecot__ferm__dependent_rules:
- name: 'dovecot_imap'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'imap2' ]
saddr: '{{ dovecot__allow_imap }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("imap" in dovecot_protocols|d([]))
else "absent" }}'
- name: 'dovecot_imaps'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'imaps' ]
saddr: '{{ dovecot__allow_imaps }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("imap" in dovecot_protocols|d([])
and dovecot_pki|d(True))
else "absent" }}'
- name: 'dovecot_pop3'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'pop3' ]
saddr: '{{ dovecot__allow_pop3 }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("pop3" in dovecot_protocols|d([]))
else "absent" }}'
- name: 'dovecot_pop3s'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'pop3s' ]
saddr: '{{ dovecot__allow_pop3s }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("pop3" in dovecot_protocols|d([])
and dovecot_pki|d(True))
else "absent" }}'
- name: 'dovecot_sieve'
type: 'accept'
by_role: 'debops.dovecot'
dport: [ 'sieve' ]
saddr: '{{ dovecot__allow_sieve }}'
accept_any: '{{ dovecot__accept_any }}'
rule_state: '{{ "present"
if ("managesieve" in dovecot_protocols|d([])
and dovecot_pki|d(True))
else "absent" }}'