Fix mail_virtual_domains config reading in opendkim
without this change it fails on ansible(2.2.0.0) with the following message:
TASK [mailserver : Generate OpenDKIM keys] *************************************
fatal: [sovereign.host]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'unicode object' has no attribute 'name'\n\nThe error appears to have been in '/Users/nfedyashev/Projects/sovereign/roles/mailserver/tasks/opendkim.yml': line 19, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Generate OpenDKIM keys\n ^ here\n"}
Newer versions of Ansible complain when using bare variables like
`mail_virtual_users` and prefer the newer `'{{ mail_virtual_users }}'`
syntax.
Noticed the depreciation warning with Ansible version 2.1.2.0.
Use a Unix socket instead of a TCP socket as a Unix socket doesn't play nicely with postfix running
smtpd in a chroot. The author of rmilter recommends using a TCP socket per
https://github.com/vstakhov/rmilter/issues/39
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.
Instead of registering a handler to run when the database is created,
register a variable and check it immediately to run the schema import.
This avoids a problem where an error between database creation and
schema import 1) leaves the server in a broken state, and 2) rerunning
the playbook doesn't fix it.
Currently client email is submitted via ssmtp (port 465). This has been
deprecated for years. The correct way to submit email is via
submission (port 587).
This patch adds port 587 as a second and the default way of submitting
email for delivery. Port 465 remains open for backwards compatibility
with existing clients.
An earlier commit started transitioning opendmarc to use postgres, but
this was incomplete. This patch reverts that change and uses mysql for
the reporting database.
Other changes:
* Do not maintain a copy of the database import schema. A copy is
included in the distribution in /usr/share/doc, so that is used
instead.
* The configuration file is replaced with the distribution's sample
configuration. A second patch will restore the actual configuration.
This will make the changes easier to see if the default configuraton
file changes in future versions of opendmarc.
Take changes to the tomcat6 default configuration and apply to tomcat7
configuration. This was done by review of the diff between sovereign's
tomcat6 configuration and the default tomcat7 configuration.
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.