simponic/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make dmarc more aggressive, fix unresolved mail addresses

Browse Source
This commit is contained in:
Elizabeth Hunt 2024-01-07 02:38:42 -05:00
parent ae64628958
commit ce4c85dd6f
4 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
roles/mail/files/postmaster-main.cf Normal file
View File

@ -0,0 +1,3 @@
virtual_mailbox_domains = /etc/postfix/vhost
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_alias_maps =

14
roles/mail/tasks/main.yml
View File

@ -42,6 +42,20 @@
group: root group: root
mode: 0700 mode: 0700
- name: ensure mail docker/compose volume exist
file:
path: /etc/docker/compose/mail/docker-data/dms/config
state: directory
owner: root
group: root
mode: 0700
# https://github.com/docker-mailserver/docker-mailserver/issues/1562
- name: ensure mail docker/compose ldap overrides exist
copy:
src: ../files/postmaster-main.cf
dest: /etc/docker/compose/mail/docker-data/dms/config/postfix-main.cf
- name: build mail docker-compose.yml.j2 - name: build mail docker-compose.yml.j2
template: template:
src: ../templates/docker-compose.yml.j2 src: ../templates/docker-compose.yml.j2

2
roles/nameservers/templates/db.simponic.xyz.j2
View File

@ -38,5 +38,5 @@ simponic.xyz. 1 IN MX 10 mail.simponic.xyz.
mail._domainkey.simponic.xyz. 1 IN TXT ( "v=DKIM1; h=sha256; k=rsa; " mail._domainkey.simponic.xyz. 1 IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ktysbZaewsAo1Uk+FfLvVeL9ii6ejTDxxYE1RoGTxFDulFYXdpvO+MErDq62IvaQ6E4TYTc0RULoqp3BjuVVG6IG85SmhWME9XYSrxLm1pq7yRN1s1b6pBqNC6+yiyxwSjThS7RzH3sxwBL7R8AHRuEV+2UKsvT2wOCyRXAth+lrB7t9S9niWNOB3lvDqe0/oPf9JDrKjpuO6" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ktysbZaewsAo1Uk+FfLvVeL9ii6ejTDxxYE1RoGTxFDulFYXdpvO+MErDq62IvaQ6E4TYTc0RULoqp3BjuVVG6IG85SmhWME9XYSrxLm1pq7yRN1s1b6pBqNC6+yiyxwSjThS7RzH3sxwBL7R8AHRuEV+2UKsvT2wOCyRXAth+lrB7t9S9niWNOB3lvDqe0/oPf9JDrKjpuO6"
"lKZ3nglGzPfdJEpfLyXBP4l5UlxqWYUIrCzqHY9bNmyPepb1CJT97AD5jGGngCrnMCmllAdyOKa1ds5uoPjjGaLO8bOoBWXQuacn++hDsdyQ78Y673T2935CN/uGgrLBs9UiA0BQIDAQAB" ) ; ----- DKIM key mail for simponic.xyz "lKZ3nglGzPfdJEpfLyXBP4l5UlxqWYUIrCzqHY9bNmyPepb1CJT97AD5jGGngCrnMCmllAdyOKa1ds5uoPjjGaLO8bOoBWXQuacn++hDsdyQ78Y673T2935CN/uGgrLBs9UiA0BQIDAQAB" ) ; ----- DKIM key mail for simponic.xyz
_dmarc.simponic.xyz. IN TXT "v=DMARC1; p=none; sp=none; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@simponic.xyz; ruf=mailto:dmarc.report@simponic.xyz" _dmarc.simponic.xyz. 1 IN TXT "v=DMARC1; p=quarantine; sp=quarantine; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@simponic.xyz; ruf=mailto:dmarc.report@simponic.xyz"
simponic.xyz. 1 IN TXT "v=spf1 mx ip4:192.3.248.205 ~all" simponic.xyz. 1 IN TXT "v=spf1 mx ip4:192.3.248.205 ~all"

3
roles/private/tasks/main.yml
View File

@ -87,7 +87,8 @@
- name: add daily letsencrypt cronjob for cert renewal based on hash of domain name to prevent hitting LE rate limits - name: add daily letsencrypt cronjob for cert renewal based on hash of domain name to prevent hitting LE rate limits
cron: cron:
name: "letsencrypt_renewal_{{ item.stdout }}" name: "letsencrypt_renewal_{{ item.stdout }}"
special_time: "daily" minute: "0"
hour: "5,17"
job: "REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/{{ step_bootstrap_ca_url }}.crt letsencrypt renew --server https://{{ step_bootstrap_ca_url }}:{{ step_ca_port }}/acme/ACME/directory --cert-name {{ item.stdout }} -n --webroot -w /var/www/letsencrypt --agree-tos --email {{ step_acme_cert_contact }} && service nginx reload" job: "REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/{{ step_bootstrap_ca_url }}.crt letsencrypt renew --server https://{{ step_bootstrap_ca_url }}:{{ step_ca_port }}/acme/ACME/directory --cert-name {{ item.stdout }} -n --webroot -w /var/www/letsencrypt --agree-tos --email {{ step_acme_cert_contact }} && service nginx reload"
loop: "{{ extracted_domains.results }}" loop: "{{ extracted_domains.results }}"
when: item.stdout != "" when: item.stdout != ""