Postfix email server with Salt configuration

Here's a Salt repo for quickly configuring an email server running Ubuntu 13.10. Includes configuration for Postfix, Dovecot, Nginx, Stud (SSL for Nginx), Roundcube, PostgreSQL, OpenDKIM, and DSPAM. Git repo with my local configuration stripped out. This configuration is based on NSA-proof your e-mail in 2 hours by Drew Crawford.

A few steps are not done automatically by Salt. You need to write a pillar configuration to fill in a lot of variables. For example - /srv/pillar/mail.sls:

mail:
  dbname: mailserver
  dbuser: postfix
  dbpass: (database_password)
  domain: example.com
  users:
    - user1:
      email: user1@example.com
      password: (unix password hash)
    - user2:
      email: user2@example.com
      password: (another hash)
  aliases:
    root@example.com: user1@example.com
    postmaster@example.com: user1@example.com

The encfs that stores all the email isn't mounted by default. That way the passphrase isn't stored on the server itself. Create the encfs at /var/mail/encrypted:

encfs /var/mail/encrypted /var/mail/decrypted

Also a top level pillar config - /srv/pillar/top.sls:

base:
  '*':
    - mail

SSL certs need to be installed too. Dovecot/Postfix:

/etc/ssl/certs/dovecot.pem
/etc/ssl/private/dovecot.pem

For STUD (needs to be both public and private components merged into one PEM):

/var/cert/ssl.pem

Then run Salt to set the rest up.

salt-call --local state.highstate -l debug

Hopefully that all works on a fresh Ubuntu 13.10 install. I've tested it once but made some changes since, so comment if you run into problems or make a pull request with a fix! It should at least get you close to a quick mailserver without a lot of effort.

Comments