Giter Club home page Giter Club logo

mailfruit's Introduction

mailfruit

This role deploys a reasonably secure small mail server stack. This Ansible playbook installs and configures:

Requirements

  • Debian 12+
  • The hostname in mailfruit_server_hostname pointing to the server(s) this is deployed to, for Certbot to grab certificates :)

Role Variables

  • mailfruit_server_hostname - required
  • mailfruit_mail_domains - required a list of domains this server can accept mail for. The first item in this list is used as a default for various things.
  • mailfruit_admin_email - required
  • mailfruit_certbot_authenticator - optional, default: standalone
  • mailfruit_trees_git_ref - optional, default: master
  • mailfruit_dkim_selector - optional, default: mail. Set this to something unique per-server, unless you syncronize your DKIM keys another way.
  • mailfruit_extra_server_hostnames - optional, default: undefined. A list of extra hostnames to fetch SSL certificates for, with certbot.

Some notes

I've opted to require TLS at every step with pre-wrapped ports - ie, using port 993 for IMAPS instead of 143, where TLS is negotiated within a cleartext connection.

License

GPLv3

Post-deployment

Important: For each server you deploy this to, you must host the DKIM TXT record for each domain. This record can be found on each server at /etc/opendkim/keys/mail.txt. You must also configure your SPF/DMARC records. If you do not do this, you will have very poor email deliverability.

You should probably use something like fail2ban to prevent account harvesting & break-in attempts. You should almost certainly harden your SSH install. You should definitely take backups of this server, particularly the user database; without it, the mail files become unreadable. You should implement external monitoring of this server; in particular, if this monitoring sends emails to alert you, those email addresses shouldn't reside on this server ;)

mailfruit's People

Contributors

rtertiaer avatar

Stargazers

 avatar  avatar  avatar  avatar

Watchers

 avatar

Forkers

ptdel

mailfruit's Issues

suitable for listserv?

I think I asked you this a long while ago but would this be suitable for a listserv (mailing list)?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.