Add email support

3 files changed, 112 insertions, 0 deletions

diff --git a/cluster/prod/app/email/config/dovecot/certs.gen b/cluster/prod/app/email/config/dovecot/certs.gen
new file mode 100755
index 0000000..f26e917
--- /dev/null
+++ b/cluster/prod/app/email/config/dovecot/certs.gen
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr"
+openssl req \
+  -new \
+  -newkey rsa:4096 \
+  -days 3650 \
+  -nodes \
+  -x509 \
+  -subj ${TLSINFO} \
+  -keyout dovecot.key \
+  -out dovecot.crt
+
diff --git a/cluster/prod/app/email/config/dovecot/dovecot-ldap.conf.tpl b/cluster/prod/app/email/config/dovecot/dovecot-ldap.conf.tpl
new file mode 100644
index 0000000..d04bcfa
--- /dev/null
+++ b/cluster/prod/app/email/config/dovecot/dovecot-ldap.conf.tpl
@@ -0,0 +1,12 @@
+hosts = {{ env "meta.site" }}.bottin.service.prod.consul
+dn = {{ key "secrets/email/dovecot/ldap_binddn" | trimSpace }}
+dnpass = {{ key "secrets/email/dovecot/ldap_bindpwd" | trimSpace }}
+base = dc=deuxfleurs,dc=fr
+scope = subtree
+user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr)))
+pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr)))
+user_attrs = \
+  =user=%{ldap:cn}, \
+  =mail=maildir:/var/mail/%{ldap:cn}, \
+  =uid=1000, \
+  =gid=1000 
diff --git a/cluster/prod/app/email/config/dovecot/dovecot.conf b/cluster/prod/app/email/config/dovecot/dovecot.conf
new file mode 100644
index 0000000..5f89a07
--- /dev/null
+++ b/cluster/prod/app/email/config/dovecot/dovecot.conf
@@ -0,0 +1,87 @@
+auth_mechanisms = plain login
+auth_username_format = %u
+log_timestamp = "%Y-%m-%d %H:%M:%S "
+mail_location = maildir:/var/mail/%u
+mail_privileged_group = mail
+
+log_path = /dev/stderr
+info_log_path = /dev/stdout
+debug_log_path = /dev/stdout
+
+protocols = imap sieve lmtp
+
+ssl_cert = < /etc/ssl/certs/dovecot.crt
+ssl_key = < /etc/ssl/private/dovecot.key
+
+service auth {
+ inet_listener {
+   port = 1337
+ }
+}
+
+
+
+service lmtp {
+  inet_listener lmtp {
+    address = 0.0.0.0
+    port = 24
+  }
+}
+
+# https://doc.dovecot.org/configuration_manual/authentication/ldap_authentication/
+passdb {
+  args = /etc/dovecot/dovecot-ldap.conf
+  driver = ldap
+}
+userdb {
+  driver = prefetch
+}
+userdb {
+  args = /etc/dovecot/dovecot-ldap.conf
+  driver = ldap
+}
+
+
+service imap-login {
+  service_count = 0 # performance mode. set to 1 for secure mode
+  process_min_avail = 1
+  inet_listener imap {
+    port = 143
+  }
+  inet_listener imaps {
+    port = 993
+  }
+}
+
+protocol imap {
+  mail_plugins = $mail_plugins imap_sieve
+}
+
+protocol lda {
+  auth_socket_path = /var/run/dovecot/auth-master
+  info_log_path = /var/log/dovecot-deliver.log
+  log_path = /var/log/dovecot-deliver-errors.log
+  postmaster_address = postmaster@deuxfleurs.fr
+  mail_plugins = $mail_plugins sieve
+}
+
+plugin {
+  sieve = file:~/sieve;active=~/dovecot.sieve
+  sieve_before = /etc/dovecot/all_before.sieve
+
+  # antispam learn
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug
+  sieve_pipe_bin_dir = /usr/bin
+
+  imapsieve_mailbox1_name = Junk
+  imapsieve_mailbox1_causes = COPY FLAG APPEND
+  imapsieve_mailbox1_before = file:/etc/dovecot/report-spam.sieve
+
+  imapsieve_mailbox2_name = *
+  imapsieve_mailbox2_from = Spam
+  imapsieve_mailbox2_causes = COPY APPEND
+  imapsieve_mailbox2_before = file:/etc/dovecot/report-ham.sieve
+
+}
+