From daef0cf448af17357b552245f39067a9d340ce3d Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sun, 27 Apr 2025 21:15:30 -0700
Subject: Waow

---
 .../templates/volumes/data/dms/config/dovecot.cf   | 27 ++++++++++++++++++++++
 .../volumes/data/dms/config/postfix-master.cf      |  3 +++
 .../volumes/data/dms/config/user-patches.sh        | 13 ++++++-----
 3 files changed, 37 insertions(+), 6 deletions(-)
 create mode 100644 playbooks/roles/mail/templates/volumes/data/dms/config/dovecot.cf
 create mode 100644 playbooks/roles/mail/templates/volumes/data/dms/config/postfix-master.cf

(limited to 'playbooks/roles/mail/templates/volumes/data/dms/config')

diff --git a/playbooks/roles/mail/templates/volumes/data/dms/config/dovecot.cf b/playbooks/roles/mail/templates/volumes/data/dms/config/dovecot.cf
new file mode 100644
index 0000000..62d0550
--- /dev/null
+++ b/playbooks/roles/mail/templates/volumes/data/dms/config/dovecot.cf
@@ -0,0 +1,27 @@
+haproxy_trusted_networks = {{ homelab_network }}
+
+service imap-login {
+  inet_listener imap {
+    haproxy = yes
+  }
+
+  inet_listener imaps {
+    haproxy = yes
+  }
+}
+
+service pop3-login {
+  inet_listener pop3 {
+    haproxy = yes
+  }
+
+  inet_listener pop3s {
+    haproxy = yes
+  }
+}
+
+service managesieve-login {
+  inet_listener sieve {
+    haproxy = yes
+  }
+}
diff --git a/playbooks/roles/mail/templates/volumes/data/dms/config/postfix-master.cf b/playbooks/roles/mail/templates/volumes/data/dms/config/postfix-master.cf
new file mode 100644
index 0000000..1885f4d
--- /dev/null
+++ b/playbooks/roles/mail/templates/volumes/data/dms/config/postfix-master.cf
@@ -0,0 +1,3 @@
+smtp/inet/postscreen_upstream_proxy_protocol=haproxy
+submission/inet/smtpd_upstream_proxy_protocol=haproxy
+submissions/inet/smtpd_upstream_proxy_protocol=haproxy
diff --git a/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh b/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
index c62753f..1749499 100755
--- a/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
+++ b/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
@@ -3,7 +3,13 @@
 postconf -e 'smtpd_sasl_type = dovecot'
 postconf -e 'smtpd_sasl_path = /dev/shm/sasl-auth.sock'
 postconf -e 'smtpd_sasl_auth_enable = yes'
-postconf -e 'broken_sasl_auth_clients = yes'
+postconf -e 'broken_sasl_auth_clients = no'
+postconf -e 'smtpd_tls_auth_only = yes'
+postconf -e 'smtpd_tls_security_level = encrypt'
+
+postconf -e 'postscreen_bare_newline_enable = no'
+postconf -e 'postscreen_non_smtp_command_enable = no'
+postconf -e 'postscreen_pipelining_enable = no'
 
 postconf -e 'smtp_tls_wrappermode = yes' # for relay
 
@@ -34,8 +40,3 @@ userdb {
     args = username_format=%u uid=docker gid=docker home=/var/mail/%d/%u
     default_fields = uid=docker gid=docker home=/var/mail/%d/%u
 }" > /etc/dovecot/conf.d/auth-ldap.conf.ext
-
-#userdb {
-#    driver = static
-#    args = home=/var/mail/%u
-#}" 
-- 
cgit v1.2.3-70-g09d2