Deprecation Warning

This role is not maintained anymore!

Ansible Role - iRedMail

Role to deploy iRedMail mail servers.

Tested:

• Debian 11

Source Notes

First: I personally prefer other projects like MailCow as the upgrade-process is easier and there is a bigger community.

You can find the OpenSource Repository to the software here: REPO

The installation script used by the repository is installing and configuring MANY dependencies.

Therefore, I cannot make the installation transparent without porting the whole script to Ansible.

As I currently have not got the time to do so - I analyzed the outcome of the script to make it somewhat transparent.

You can see the changes in Systemd, packages and files in this document: Transparency

Install

ansible-galaxy install ansibleguy.sw_iredmail

# or to custom role-path
ansible-galaxy install ansibleguy.sw_iredmail --roles-path ./roles

# install dependencies
ansible-galaxy install -r requirements.yml

Prerequisites

See: Prerequisites

Functionality

• Package installation

  • Ansible dependencies (minimal)
  • MariaDB => using THIS Role
  • Nginx => using THIS Role
  • iRedMail Setup Script
    • Postfix (mail sender/receiver)
    • Dovecot (mail storage/client communication)
    • Amavisd (middleware for virus scanning and sender verification [spf/dkim])
    • ClamAV (virus scanner)
    • SpamAssassin (spam scanner)
    • iRedAPD (Postfix policy server)
    • mlmmj (Mailing list management)
    • mlmmjadmin (Mailing list Rest-API)
    • PHP
    • See 'Default opt-ins'
    • See 'Default opt-outs'

• Configuration

  • Default config:

    • Data directory: '/var/vmail'
    • Admin user: admin@DOMAIN.TLD
    • Script directory: '/usr/local/sbin/iredmail' (for managing aliases, dkim keys, ...)

  • Default opt-ins:

    • Package installation
      • ManageSieve
      • RoundCube Webmail
      • Fail2Ban
    • Postscreen

  • Default opt-outs:

    • Package installation
      • NetData (Monitoring/Troubleshooting Utility)
      • SOGo Groupware (Webmail/Calendar/Contacts/Client Sync)
    • NFTables firewall management

Info

• Info: Consider using a Mail Gateway to gain Security!

  Per example: Proxmox Mail Gateway

• Note: this role currently only supports debian-based systems

• Note: Most of the role's functionality can be opted in or out.

  For all available options - see the default-config located in the main defaults-file!

• Warning: Not every setting/variable you provide will be checked for validity. Bad config might break the role!

• Note: After the installation, a configuration dump-file is created!

  In this file you can find the credentials and useful information to the services.

  It can be found at:

  • the controller: /tmp/{{ inventory_hostname }}_iRedMail.tips
  • the target system: /var/log/iredadmin/iRedMail.tips

• Warning: If 'postscreen' is enabled (default) - mail clients need to connect via port 587 instead of 25!

• Info: If you want to use mail clients with this server - follow this nice documentation of iRedMail: LINK

• Info: The installation script's output is saved to '/var/log/iredmail/install_stdout.log'.

  Other logs that are helpful for troubleshooting can also be found there.

• Info: You can modify many settings (exports) of the installation script.

  Not all make sense or are safe to be changed. => BE WARNED.

  1. You are able to override any basic global variable shown in 'core' or 'global' - using the 'iredmail.overrides.settings' dictionary. (this is supported by the script)
  2. You can change config inside any file in the 'conf' directory - using the 'iredmail.overrides.conf' dictionary. (this is NOT SUPPORTED by the script)

• Info: You can only configure one domain as further domains can be configured using the iRedAdmin web interface.

  It can be found at: https://SRV.DOMAIN.TLD/iredadmin (credentials in setup TIPS)

• Info: More advanced configuration like 'aliases' and 'forwarding rules' are not configurable using the web-interface - unless you upgrade to iRedAdmin PRO.

  Therefore, I created some useful scripts to make their management easier.

  You can find them at: '/usr/local/sbin/iredmail'

Usage

Config

Define the config as needed:

iredmail:
  fqdn: 'srv.template.ansibleguy.net'
  # per example: 'srv.template.ansibleguy.net' must be a valid, public dns-hostname of the server

  manage:
    sogo: true  # install SOGo component

  nginx:  # configure the webserver settings => see: https://github.com/ansibleguy/infra_nginx
    aliases: ['mail.template.ansibleguy.net']  # additional domains to add to the certificate
    ssl:
      mode: 'letsencrypt'  # or selfsigned/ca
      #  if you use 'selfsigned' or 'ca':
      #    cert:
      #      cn: 'iRedMail Server'
      #      org: 'AnsibleGuy'
      #      email: 'iredmail@template.ansibleguy.net'
    letsencrypt:
      email: 'iredmail@template.ansibleguy.net'

Bare minimum example:

iredmail:
  fqdn: 'srv.template.ansibleguy.net'

Execution

Run the playbook:

ansible-playbook -K -D -i inventory/hosts.yml playbook.yml

There are also some useful tags available:

• database
• config
• base