Merge branch 'master' of adellam/mailman into master

2020-02-04 11:30:44 +01:00 · 2020-02-04 11:30:44 +01:00 · 884a890f39
parent 4232023f98 12b3d9ce7c
commit 884a890f39
6 changed files with 395 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,74 @@
 ---
 mailman_user: 'mailman'
 mailman_home: '/opt/{{ mailman_user }}'
 mailman_conf_dir: '/etc/mailman'
 mailman_var_dir: '/var/lib/mailman'
 mailman_log_dir: '/var/log/mailman'
 mailman_layout: 'fhs'
 mailman_site_owner: 'mailman@example.com'
 mailman_noreply_addr: 'noreply'
 mailman_rh_dependencies:
  - python3
  - python3-pip
  - git
  - lynx
 mailman_postorious_rh_dependencies:
  - uwsgi-logger-systemd
  - uwsgi-plugin-python36
  - uwsgi
  - sassc
 mailman_virtualenv_name: 'venv'
 mailman_bindir: '{{ mailman_home }}/{{ mailman_virtualenv_name }}/bin'
 mailman_pip_packages:
  - { pkg: 'mailman' }
  - { pkg: 'rcssmin', extra_args: '--install-option="--without-c-extensions"' }
  - { pkg: 'rjsmin' }
  - { pkg: 'django-compressor' }
  - { pkg: 'django', version: '2.2.9' }
  - { pkg: 'postorius' }
  - { pkg: 'hyperkitty' }
  - { pkg: 'mailman-hyperkitty' }
  - { pkg: 'psycopg2-binary' }
  - { pkg: 'whoosh' }
 mailman_db: postgresql
 mailman_db_host: 'localhost'
 mailman_db_name: mailman
 mailman_db_user: mailman_u
 # mailman_db_pwd: ''
 mailman_mta_incoming: 'mailman.mta.postfix.LMTP'
 mailman_mta_outgoing: 'mailman.mta.deliver.deliver'
 mailman_lmtp_host: 'localhost'
 mailman_lmtp_port: 1024
 mailman_smtp_host: '127.0.0.1'
 mailman_smtp_port: 25
 mailman_smtp_auth: False
 mailman_smtp_user: ''
 mailman_smtp_pwd: ''
 mailman_smtp_secure_mode: starttls
 mailman_smtp_conf: '/etc/mailman/postfix-mailman.cfg'
 mailman_password_length: 12
 mailman_webservice_hostname: 'localhost'
 mailman_webservice_port: 8001
 mailman_webservice_https: 'no'
 mailman_webservice_tracebacks: 'no'
 # mailman_rest_api_pwd: ''
 mailman_arc_enabled: 'no'
 mailman_dmarc_enabled: 'yes'
 mailman_dkim_enabled: 'yes'
 mailman_antispam_header_checks:
  - 'X-Spam: (yes|maybe)'
  - 'X-Spam: (YES)'
  - 'X-Spam-Flag: (yes|maybe)'
  - 'X-Spam-Flag: (YES)'
  #- 'Authentication-Results: mail.example.com; dmarc=(fail|quarantine)'
 mailman_start_nntp_runner: 'no'
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,19 @@
 ---
 galaxy_info:
  author: adellam
  description: Mailman 3 installation, configuration, and management for Linux using pip
  company: ISTI-CNR
  license: license (EUPL)
  min_ansible_version: 2.7
  platforms:
    - name: EL
      versions:
        - 7
  galaxy_tags:
    - mail
    - mailing
    - list
    - lists
    - mailman
 dependencies: []
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,19 @@
 ---
 - name: Install the distribution dependencies
  block:
    - name: mailman distribution dependencies, RH/CentOS
      yum: pkg={{ mailman_rh_dependencies }} state=present
    - name: postorious distribution dependencies, RH/CentOS
      yum: pkg={{ mailman_postorious_rh_dependencies }} state=present
  when: ansible_distribution_file_variety == "RedHat"
  tags: [ 'mailman' ]
 - name: Create the mailman user
  block:
    - name: mailman user
      user: name={{ mailman_srv_user }} createhome=yes shell=/bin/bash system=yes comment='Mailman User' generate_ssh_key=yes home={{ mailman_home }}
  when: ansible_distribution_file_variety == "RedHat"
  tags: [ 'mailman' ]
--- a/templates/mailman.cfg.j2
+++ b/templates/mailman.cfg.j2
@ -0,0 +1,251 @@
 # AUTOMATICALLY GENERATED BY MAILMAN ON 2020-01-20 11:51:47 UTC
 #
 # This is your GNU Mailman 3 configuration file.  You can edit this file to
 # configure Mailman to your needs, and Mailman will never overwrite it.
 # Additional configuration information is available here:
 #
 # https://mailman.readthedocs.io/en/latest/src/mailman/config/docs/config.html
 #
 # For example, uncomment the following lines to run Mailman in developer mode.
 #
 # [devmode]
 # enabled: yes
 # recipient: your.address@your.domain
 [mailman]
 # This address is the "site owner" address.  Certain messages which must be
 # delivered to a human, but which can't be delivered to a list owner (e.g. a
 # bounce from a list owner), will be sent to this address.  It should point to
 # a human.
 site_owner: {{ mailman_site_owner }}
 # This is the local-part of an email address used in the From field whenever a
 # message comes from some entity to which there is no natural reply recipient.
 # Mailman will append '@' and the host name of the list involved.  This
 # address must not bounce and it must not point to a Mailman process.
 noreply_address: {{ mailman_noreply_addr }}
 layout: 'fhs'
 [database]
 {% if mailman_db == 'postgresql' %}
 class: mailman.database.postgresql.PostgreSQLDatabase
 url: postgres://{{ mailman_db_user }}:{{ mailman_db_pwd }}@{{ mailman_db_host }}/{{ mailman_db_name }}
 {% endif %}
 [mta]
 incoming: {{ mailman_mta_incoming }}
 outgoing: {{ mailman_mta_outgoing }}
 lmtp_host: {{ mailman_lmtp_host }}
 lmtp_port: {{ mailman_lmtp_port }}
 smtp_host: {{ mailman_smtp_host }}
 # How to connect to the outgoing MTA.  If smtp_user and smtp_pass is given,
 # then Mailman will attempt to log into the MTA when making a new connection.
 smtp_port: {{ mailman_smtp_port }}
 {% if mailman_smtp_auth %}
 smtp_user: {{ mailman_smtp_user }}
 smtp_pass: {{ mailman_smtp_pwd }}
 {% endif %}
 {% if mailman_smtp_secure_mode == 'starttls' %}
 smtp_secure_mode: {{ mailman_smtp_secure_mode }}
 {% endif %}
 configuration: {{ mailman_smtp_conf }}
 [paths.master]
 # Important directories for Mailman operation.  These are defined here so that
 # different layouts can be supported.   For example, a developer layout would
 # be different from a FHS layout.  Most paths are based off the var_dir, and
 # often just setting that will do the right thing for all the other paths.
 # You might also have to set spool_dir though.
 #
 # Substitutions are allowed, but must be of the form $var where 'var' names a
 # configuration variable in the paths.* section.  Substitutions are expanded
 # recursively until no more $-variables are present.  Beware of infinite
 # expansion loops!
 #
 # This is the root of the directory structure that Mailman will use to store
 # its run-time data.
 var_dir: /opt/mailman/var
 # This is where the Mailman queue files directories will be created.
 queue_dir: $var_dir/queue
 # All list-specific data.
 list_data_dir: $var_dir/lists
 # Directory where log files go.
 log_dir: /var/log/mailman
 # Directory for system-wide locks.
 lock_dir: $var_dir/locks
 # Directory for system-wide data.
 data_dir: $var_dir/data
 # Cache files.
 cache_dir: $var_dir/cache
 # Directory for configuration files and such.
 etc_dir: $var_dir/etc
 # Directory containing Mailman plugins.
 ext_dir: $var_dir/ext
 # Directory where the default IMessageStore puts its messages.
 messages_dir: $var_dir/messages
 # Directory for archive backends to store their messages in.  Archivers should
 # create a subdirectory in here to store their files.
 archive_dir: $var_dir/archives
 # Root directory for site-specific template override files.
 template_dir: $var_dir/templates
 # There are also a number of paths to specific file locations that can be
 # defined.  For these, the directory containing the file must already exist,
 # or be one of the directories created by Mailman as per above.
 #
 # This is where PID file for the master runner is stored.
 pid_file: $var_dir/master.pid
 # Lock file.
 lock_file: $lock_dir/master.lck
 [paths.fhs]
 var_dir: {{ mailman_var_dir }}
 # This is where the Mailman queue files directories will be created.
 queue_dir: /var/spool/mailman
 log_dir: {{ mailman_log_dir }}
 lock_dir: /var/lock/mailman
 # Directory for configuration files and such.
 etc_dir: {{ mailman_conf_dir }}
 list_data_dir: $var_dir/lists
 data_dir: $var_dir/data
 cache_dir: $var_dir/cache
 ext_dir: $var_dir/ext
 messages_dir: $var_dir/messages
 archive_dir: $var_dir/archives
 template_dir: $var_dir/templates
 # This is where PID file for the master runner is stored.
 pid_file: $var_dir/master.pid
 [passwords]
 # When Mailman generates them, this is the default length of passwords.
 password_length: {{ mailman_password_length }}
 [webservice]
 # The hostname at which admin web service resources are exposed.
 hostname: {{ mailman_webservice_hostname }}
 # The port at which the admin web service resources are exposed.
 port: {{ mailman_webservice_port}}
 # Whether or not requests to the web service are secured through SSL.
 use_https: {{ mailman_webservice_https }}
 # Whether or not to show tracebacks in an HTTP response for a request that
 # raised an exception.
 show_tracebacks: {{ mailman_webservice_tracebacks }}
 # The API version number for the current (highest) API.
 api_version: 3.1
 # The administrative username.
 admin_user: restadmin
 # The administrative password.
 #admin_pass: '{{ mailman_vault_rest_api_pwd }}'
 admin_pass: '{{ mailman_rest_api_pwd }}'
 # Number of workers to start.
 # http://docs.gunicorn.org/en/stable/settings.html#workers
 workers: {{ ansible_processor_count * 2 }}
 [ARC]
 # This section defines email authetication parameters, in particular, with
 # respect to the ARC(Authenticated-Recieved-Chain) protocol. See
 # http://arc-spec.org/ for reference.
 #
 # The DMARC protocol is the industry standard for cryptographically validating
 # both the content and originating source of email. However it is regularly
 # the case that mailing lists break this source of authentication via modifying
 # the From, and possibly other headers, and altering the contents of
 # emails by, say, adding a common footer to outgoing mail.
 # The ARC protocol is the industry standard for rectify this.
 # ARC cryptographically seals the outgoing emails by adding a collection
 # of headers.  These headers act quite analagously to a chain of DKIM
 # signatures, where each intermediary validates the ARC signature(if one exists)
 # of the incomming message, and then appends its own collection of header fields.
 # Enabling this protocol makes it possible for email service providers
 # to validate the content & originator of an email, even if it has taken multiple
 # steps from the originator to the recipient.
 #
 # The general implementation of ARC within Mailman is addition of two
 # additional handlers to the pipeline.  One, ate the very beginning of the
 # pipeline cryptographically validaties the incomming ARC headers before the
 # message has been modified, and appends its results to the
 # Authentication-Results header.
 #
 # The second handler is at the end of the pipeline.  It cryptographically
 # signs the message, with all modifications that have been made, along
 # with the analysis of the validation handler, and adds its output as
 # a new set of ARC header fields.
 # This flag globally enables ARC signing & validation. To enable, set this to
 # yes.
 enabled: {{ mailman_arc_enabled }}
 # DKIM & DMARC authentication checks on incoming email is critical to using ARC
 # successfully. Mailman can do these check on its own, but if you already perform
 # these checks earlier in your pipeline, say via a milter previous to Mailman,
 # they can be used instead, as long as you specify your domain as a trusted
 # domain below.  If those checks are not placed in an Authentication-Results
 # header from a trusted domain they will be ignored.
 dmarc: {{ mailman_dmarc_enabled }}
 dkim: {{ mailman_dkim_enabled }}
 # TRUSTED DOMAINS
 #
 # This is the domain name of your mailserver.  Necessary to set correctly.
 # authserv_id: your_domain.com
 authserv_id:
 # This list should include all additional domains
 # that you manage that may be handling your incoming mail
 # Only necessary to update if there are local domains or subdomains
 # that are performing DKIM, DMARC, or SPF checks.
 # trusted_authserv_ids: subdomain.your_domain.com, trusted_other_domain.com
 trusted_authserv_ids:
 # KEY MANAGEMENT
 #
 # In order for your server to be able to cryptographical sign its messages
 # a DKIM public/private key pair will need to be created.
 # See: http://www.gettingemaildelivered.com/dkim-explained-how-to-set-up-and-use-domainkeys-identified-mail-effectively
 # for reference.  The following parameters let the software find your
 # private & public keys
 # privkey: /some/location/yourprivatekey.pem
 # selector: test
 # domain: your_domain.com
 privkey:
 selector:
 domain:
 [antispam]
 # This section defines basic antispam detection settings.
 # This value contains lines which specify RFC 822 headers in the email to
 # check for spamminess.  Each line contains a `key: value` pair, where the key
 # is the header to check and the value is a Python regular expression to match
 # against the header's value.  Multiple checks should be entered as multiline
 # value with leading spaces:
 #
 # header_checks:
 #   X-Spam: (yes|maybe)
 #   Authentication-Results: mail.example.com; dmarc=(fail|quarantine)
 #
 # The header value and regular expression are always matched
 # case-insensitively.
 header_checks:
 {% for h in  mailman_antispam_header_checks %}
   {{ h }}
 {% endfor %}
 # The chain to jump to if any of the header patterns matches.  This must be
 # the name of an existing chain such as 'discard', 'reject', 'hold', or
 # 'accept', otherwise 'hold' will be used.
 jump_chain: hold
 [runner.nntp]
 class: mailman.runners.nntp.NNTPRunner
 start: {{ mailman_start_nntp_runner }}
--- a/templates/mailman.service.systemd.j2
+++ b/templates/mailman.service.systemd.j2
@ -0,0 +1,17 @@
 [Unit]
 Description=Mailman 3 service
 After=network.target
 Documentation=https://mailman.readthedocs.io/
 ConditionPathExists={{ mailman_conf_dir }}/mailman.cfg
 [Service]
 ExecStart={{ mailman_bindir }}/mailman -C {{ mailman_conf_dir }}/mailman.cfg start
 ExecReload={{ mailman_bindir }}/mailman -C {{ mailman_conf_dir }}/mailman.cfg restart
 ExecStop={{ mailman_bindir }}/mailman -C {{ mailman_conf_dir }}/mailman.cfg stop
 Type=forking
 PIDFile={{ mailman_var_dir }}/master.pid
 SyslogIdentifier=mailman
 User={{ mailman_user }}
 Group={{ mailman_user }}
 [Install]
--- a/templates/postfix-mailman.cfg.j2
+++ b/templates/postfix-mailman.cfg.j2
@ -0,0 +1,15 @@
 [postfix]
 transport_file_type: regex
 # This variable describe the program to use for regenerating the transport map
 # db file, from the associated plain text files.  The file being updated will
 # be appended to this string (with a separating space), so it must be
 # appropriate for os.system().
 postmap_command: /sbin/postmap
 # This variable describes the type of transport maps that will be generated by
 # mailman to be used with postfix for LMTP transport. By default, it is set to
 # hash, but mailman also supports `regex` tables.
 #transport_file_type: hash