You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jeff Moe 80b307740d
DNS records for mx1 notes
7 years ago
..
group_vars Ansible mail server: dos2unix... remove ipv6, many small updates 7 years ago
roles Don't reject dmarc for now 7 years ago
.gitignore rename app dirs 7 years ago
LICENSE.AGPLv3 Ansible mail server: dos2unix... remove ipv6, many small updates 7 years ago
LICENSE.GPLv3 Ansible mail server: dos2unix... remove ipv6, many small updates 7 years ago
README.md Ansible mail server: dos2unix... remove ipv6, many small updates 7 years ago
TODO DNS records for mx1 notes 7 years ago
ansible.cfg Ansible mail server: dos2unix... remove ipv6, many small updates 7 years ago
inventory.yml Ansible mail server: dos2unix... remove ipv6, many small updates 7 years ago
site.yml Ansible mail server: dos2unix... remove ipv6, many small updates 7 years ago

README.md

Forksand Bootstrap Postfix

This Ansible playbook was written to set up a mail server on Debian systems.

Table of contents

  1. Requirements
  2. Quick Start
  3. Project Structure
  4. Ansible Logging
  5. Troubleshooting

Requirements

The following applications are required to utilize this playbook. Ansible can be installed using Python PIP.

  • Ansible 2.4.x+
  • Python 2.7.9+

Quick Start

The follow steps will help quickly set up and execute this playbook.

Project Configuration

The following files need to be edited and configured before executing this playbook.

File Description
groups_vars/all.yml Server credential information and domain variables
inventory.yml List of server IPs to connect to

Playbook Execution

After having configured the server credentials and added the server IP to the inventory, use the following command to execute the playbook.

ansible-playbook -i inventory.yml site.yml

Project Structure

The following tree depicts the high level structure of this Ansible project.

├── ansible.cfg
├── group_vars
│   └── all.yml
├── inventory.yml
├── LICENSE.AGPLv3
├── LICENSE.GPLv3
├── README.md
├── roles
│   ├── dkim_configuration
│   ├── dovecot_configuration
│   ├── fail2ban_configuration
│   ├── letsencrypt_configuration
│   ├── mikegleasonjr.firewall
│   ├── outputs
│   ├── postfix_configuration
│   ├── server_tasks
│   ├── spamassassin_configuration
│   └── sqlgrey_configuration
├── playbook_execution.log
└── site.yml

File and Directory Descriptions

The following table consists of a description of what each file and directory stands for.

Name Description
site.yml Master playbook. Executes all roles in sequential order
inventory.yml Inventory file containing server IP addresses
ansible.cfg Ansible configuration file for various Ansible options.
group_vars/ Group_vars directory contains variable files for the entire group. The files are named according to the group name. 'all.yml' = group 'all'
group_vars/all.yml Group variables for the 'all' group. Contains server connection information along with domain variables
roles/ Directory containing all roles needed by this project

Role descriptions

The following table consists of descriptions of each role and their purpose. The roles listed below are listed in the required order of execution to ensure successful completion of the playbook.

Role Name Role Description Depends on
server_tasks This roles performs all server tasks. Updating server, configuring SSH, disable IPv6, etc. Depends on the mikegleasonjr.firewall role. mikebleasonjr.firewall
mikegleasonjr.firewall This role set up iptables rules. It is called and ran by the server_tasks roles. None
letsencrypt_configuration This role installs and executes let's encrypt None
postfix_configuration This roles installs postfix, configures postfix using postconf, and sets up virtual file, master.cf file, and aliases file letsencrypt_configuration
dkim_configuration This roles installs OpenDKIM, OpenDMARC and configures them. None
dovecot_configuration This role installs and configures dovecot letsencrypt_configuration
spamassassin_configuration This role installs spamassassin. None
sqlgrey_configuration This role installs sqlgrey. None
fail2ban_configuration This role installs fail2ban. None
outputs This role gathers DNS information for the SPF, DMARC, and DKIM records and outputs them to the screen. None

Ansible Logging

Ansible playbook executions are automatically logged to a file called playbook-execution.log in the root directory of the project. The path to this log file can be changed by editing ansible.cfg in the project root directory and specifying a different path.

Troubleshooting

Ansible has a built in debug output. Simple run Ansible with a -v. There are 5 levels of debug output and they are denoted by the number of v's listed. Each level up provide more debug output than the level before it.

Level 1: -v

Level 2: -vv

Level 3: -vvv

Level 4: -vvvv

Level 5: -vvvvv

Example execution with level 3 debug output: ansible-playbook -i inventory.yml site.yml -vvv