42ad894d45
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2787|8|2779|6|:-1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/275//ansiblelint">Evolix » ansible-roles » unstable #275</a>
gitea/ansible-roles/pipeline/head This commit looks good
77 lines
2.3 KiB
Django/Jinja
77 lines
2.3 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
# Plugins list (must be before filters {} that modify it)
|
|
mail_plugins = $mail_plugins old_stats
|
|
|
|
# Autorise les mécanismes PLAIN/LOGIN même sans SSL/TLS
|
|
disable_plaintext_auth = no
|
|
auth_mechanisms = plain login
|
|
|
|
# Authentification LDAP + intégration avec Postfix pour l'auth SMTP
|
|
!include auth-ldap.conf.ext
|
|
service auth {
|
|
unix_listener auth-userdb {
|
|
mode = 0600
|
|
user = vmail
|
|
group = vmail
|
|
}
|
|
unix_listener /var/spool/postfix/private/auth-client {
|
|
mode = 0666
|
|
user = postfix
|
|
group = postfix
|
|
}
|
|
}
|
|
|
|
# Stockage des emails dans /home/mail avec UID/GID 5000/5000
|
|
mail_location = maildir:/home/vmail/%d/%n
|
|
mail_uid = 5000
|
|
mail_gid = 5000
|
|
|
|
# Activation Sieve
|
|
protocol lda {
|
|
mail_plugins = sieve
|
|
}
|
|
|
|
# Optimisations
|
|
service login {
|
|
process_limit = 256
|
|
}
|
|
mail_max_userip_connections = 42
|
|
|
|
# Configuration pour stats dovecot
|
|
protocol imap {
|
|
mail_plugins = $mail_plugins imap_old_stats
|
|
}
|
|
plugin {
|
|
old_stats_refresh = 30 secs
|
|
old_stats_track_cmds = yes
|
|
}
|
|
service old-stats {
|
|
fifo_listener old-stats-mail {
|
|
user = vmail
|
|
group = vmail
|
|
mode = 0660
|
|
}
|
|
unix_listener old-stats-reader {
|
|
user = vmail
|
|
group = vmail
|
|
mode = 0660
|
|
}
|
|
|
|
unix_listener old-stats-writer {
|
|
user = vmail
|
|
group = vmail
|
|
mode = 0660
|
|
}
|
|
}
|
|
|
|
# SSL/TLS
|
|
ssl = yes
|
|
ssl_prefer_server_ciphers = yes
|
|
ssl_dh=</etc/ssl/dhparams.pem
|
|
ssl_options = no_compression no_ticket
|
|
ssl_min_protocol = TLSv1.2
|
|
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
|
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
|