Installs and configures a mail server using Postfix, Dovecot, PostfixAdmin and SpamAssassin, including Amazon SES support.
This cookbook has been tested on the following platforms:
- Amazon Linux
- CentOS
>= 6.0
- Debian
>= 7.0
- Fedora
>= 17.0
- Ubuntu
>= 12.04
Please, let us know if you use it successfully on any other platform.
- chef-vault
- build-essential
- dovecot
- onddo-spamassassin
- postfixadmin
- postfix-full by Malte Swart
- ssl_certificate
- yum
- Dovecot
>= 2
: requires this version of dovecot to be available by the distribution's package manager - Chef
12.5
or higher. - Ruby
2.2
or higher.
Attribute | Default | Description |
---|---|---|
node['postfix-dovecot']['postmaster_address'] |
'[email protected]' |
Postmaster mail address. |
node['postfix-dovecot']['hostname'] |
node['fqdn'] |
Hostname. |
node['postfix-dovecot']['rbls'] |
[] |
Mail RBLs array. |
node['postfix-dovecot']['database']['type'] |
'mysql' |
Database type. Possible values are: 'mysql' , 'postgresql' (Please, see below). |
node['postfix-dovecot']['sieve']['enabled'] |
true |
Whether to enable sieve. |
node['postfix-dovecot']['sieve']['global_path'] |
"#{default['dovecot']['conf_path']}/sieve/default.sieve" |
Sieve global path. |
node['postfix-dovecot']['spamc']['enabled'] |
true |
Whether to enable SpamAssassin. |
node['postfix-dovecot']['spamc']['recipe'] |
'onddo-spamassassin' |
Spamc recipe name to use. |
node['postfix-dovecot']['vmail']['user'] |
'vmail' |
Virtual mail system user name. |
node['postfix-dovecot']['vmail']['group'] |
node['postfix-dovecot']['vmail']['user'] |
Virtual mail system group name. |
node['postfix-dovecot']['vmail']['uid'] |
5000 |
Virtual mail system user id. |
node['postfix-dovecot']['vmail']['gid'] |
node['postfix-dovecot']['vmail']['uid'] |
Virtual mail system group id. |
node['postfix-dovecot']['vmail']['home'] |
'/var/vmail' |
Virtual mail user home path. |
You can use node['postfix-dovecot']['ses']['enabled']
to enable SES for sending emails.
Attribute | Default | Description |
---|---|---|
node['postfix-dovecot']['ses']['enabled'] |
false |
Whether to enable Amazon SES. |
node['postfix-dovecot']['ses']['source'] |
'attributes' |
Where to read the credentials from. Possible values: 'attributes' , 'chef-vault' . |
node['postfix-dovecot']['ses']['vault'] |
'amazon' |
Chef Vault bag to read SES credentials from. |
node['postfix-dovecot']['ses']['item'] |
'ses' |
Chef Vault item. |
node['postfix-dovecot']['ses']['region'] |
'us-east-1' |
Amazon AWS region, used to calculate the servers. |
node['postfix-dovecot']['ses']['servers'] |
calculated | Amazon SES SMTP servers array. |
node['postfix-dovecot']['ses']['username'] |
'USERNAME' |
SES SMTP username. See Obtaining Your Amazon SES SMTP Credentials documentation. |
node['postfix-dovecot']['ses']['password'] |
'PASSWORD' |
Amazon SES SMTP password. |
When Chef Vault is disabled in node['postfix-dovecot']['ses']['source']
, this is the default behavior, the credentials are read from ['username']
and ['password']
attributes.
When credentials should be read using chef-vault
, the Chef Vault bag must have the following structure:
{
"username": "AMAZON_USERNAME",
"password": "AMAZON_PASSWORD"
}
See the Chef-Vault documentation to learn how to create chef-vault bags.
This cookbook uses the ssl_certificate
cookbook to create the SSL certificate. The namespace used is node['postfix-dovecot']
. For example:
node.default['postfix-dovecot']['common_name'] = 'mail.example.com'
include_recipe 'postfix-dovecot'
This certificate is used for Postfix and Dovecot. For PostfixAdmin, you should use the node['postfixadmin']
namespace.
You can also tweak the supported SSL ciphers setting the node['ssl_certificate']['service']['compatibility']
attribute:
node.default['ssl_certificate']['service']['compatibility'] = :modern
include_recipe 'postfix-dovecot'
See the ssl_certificate
namespace documentation for more information.
Installs and configures everything.
Creates vmail user.
Installs and configures SpamAssassin.
Installs and configures Postfix.
Installs Postfix package with MySQL support. Used by the postfix-dovecot::postfix
recipe.
Installs Postfix package with PostgreSQL support. Used by the postfix-dovecot::postfix
recipe.
Installs and configures PostfixAdmin.
Installs and configures Dovecot 2.
Running it from a recipe:
node['postfix-dovecot']['postmaster_address'] = '[email protected]'
node['postfix-dovecot']['hostname'] = 'mail.foobar.com'
include_recipe 'postfix-dovecot::default'
postfixadmin_admin '[email protected]' do
password 'sup3r-s3cr3t-p4ss'
action :create
end
postfixadmin_domain 'foobar.com' do
login_username '[email protected]'
login_password 'sup3r-s3cr3t-p4ss'
end
postfixadmin_mailbox '[email protected]' do
password 'alice'
login_username '[email protected]'
login_password 'sup3r-s3cr3t-p4ss'
end
postfixadmin_alias '[email protected]' do
goto '[email protected]'
login_username '[email protected]'
login_password 'sup3r-s3cr3t-p4ss'
end
Don't forget to include the postfix-dovecot
cookbook as a dependency in the metadata.
# metadata.rb
# [...]
depends 'postfix-dovecot'
Another alternative is to include the default recipe in your Run List.
{
"name": "mail.example.com",
"[...]": "[...]",
"run_list": [
"[...]",
"recipe[postfix-dovecot]"
]
}
You can enable some RBLs to avoid spam:
node.default['postfix-dovecot']['rbls'] = %w(
dnsbl.sorbs.net
zen.spamhaus.org
bl.spamcop.net
cbl.abuseat.org
)
include_recipe 'postfix-dovecot::default'
PostgreSQL support should be considered experimental at the moment. Use at your own risk.
Any feedback you can provide regarding the PostgreSQL support will be greatly appreciated.
The latest CentOS and Fedora versions come without PostgreSQL support in their Postfix package. So we need to recompile it using the SRPM, enabling the PostgreSQL support.
The postfix-dovecot::postfix_postgresql
recipe takes care of it transparently. This recipe has been tested using test-kitchen
, but it may not work for all cases. This code has been tested in the following platforms:
- CentOS
6.5
and7.0
- Fedora
19
and20
.
Please, let us know if you use PostgreSQL support successfully on any other platform.
Support for PostgreSQL on Amazon Linux is still not finished because of the need to patch the provided SRPM. Its implementation would require a little monkey-patching.
Please, open an issue if you need the support of PostgreSQL on Amazon Linux.
If you are using PostgreSQL version < 9.3
, you may need to adjust the shmmax
and shmall
kernel parameters to configure the shared memory. You can see the example used for the integration tests.
Some cookbook attributes are used internally to add PostgreSQL support. They can make your journey smoother if you need to improve PostgreSQL support.
Attribute | Default | Description |
---|---|---|
node['postfix-dovecot']['yum'] |
calculated | A list of yum repositories to add to include the source SRPMs. |
node['postfix-dovecot']['postfix']['srpm']['packages'] |
calculated | Packages required for compiling Postfix from sources. |
node['postfix-dovecot']['postfix']['srpm']['rpm_regexp'] |
calculated | An array with two values, a pattern and a replacement. This Regexp is used to get the final Postfix RPM name from the SRPM name. |
node['postfix-dovecot']['postfix']['srpm']['rpm_build_args'] |
calculated | A string with the arguments to pass to rpmbuild application. Normally contains the required option to enable PostgreSQL in the Postfix SRPM. |
See the attributes/postfix_postgresql.rb file for default examples.
Please do not hesitate to make a PR if you improve the PostgreSQL support ;-)
See TESTING.md.
Please do not hesitate to open an issue with any questions or problems.
See CONTRIBUTING.md.
See TODO.md.
Author: | Xabier de Zuazo ([email protected]) |
Contributor: | Uwe Stuehler |
Copyright: | Copyright (c) 2015, Xabier de Zuazo |
Copyright: | Copyright (c) 2014-2015, Onddo Labs, SL. |
License: | Apache License, Version 2.0 |
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.