A set of ansible scripts to build a personal mail server / private cloud / etc.
Switch branches/tags
Nothing to show
Clone or download
arodier Merge pull request #36 from progmaticltd/dev
Documentation update and default settings optimisation
Latest commit 207443a Oct 16, 2018

README.md

Documentation status Build Status

A set of Ansible scripts to setup a secure email and personal files server. This project is for you if:

  • You are interested to host your emails yourself, for privacy, security or any other reason.
  • You want your server to be secure against both physical and remote intrusion.
  • You want a low maintenance box that keep itself updated automatically.
  • You trust the Debian community to publish security updates.

Official documentation and user's guide

Current status and supported features

For a complete list of features, see the features page in the official documentation.

System installation and features

  • Custom Debian installer generation with full disk encryption and fully automatic installation.
  • Enter the passphrase through SSH when the server boots, no need to keyboard / monitor.
  • Install packages only from Debian stable (Stretch) or officially maintained repositories (rspamd).
  • Automatic SSL Certificates generation with letsencrypt.
  • Automatic security updates (optional).
  • Centralised authentication with an LDAP users database, SSL certificate, password policies, PAM integration.
  • AppArmor activated by default, profiles for all daemons.
  • Automatic backup of the deployment data to replay the installation with the same data.
  • Can be used at home, on a dedicated or virtual server hosted online.

Emails

  • Postfix configuration and installation, with LDAP lookups, internationalised email aliases, fully SSL compliant.
  • Generate DKIM keys, SPF and DMARC DNS records.
  • Automatic copy of sent emails into the sent folder.
  • Automatic creation of the postmaster account and special email addresses using RFC 2142 specifications.
  • Dovecot configuration, IMAPS, POP3S, Quotas, ManageSieve, simple spam and ham learning by moving emails in and out the Junk folder, sieve and vacation scripts.
  • Virtual folders for server search: unread messages, conversations view, all messages, flagged and messages labelled as "important".
  • Email addresses with recipient delimiter included, e.g. john.doe+lists@dbcooper.com.
  • Optional master user creation, e.g. for families with children or moderated communities.
  • Server side full text search inside emails, attached documents and files and compressed archives, with better results than GMail.
  • Optional Roundcube webmail with sieve filters management, password change form, automatic identity creation, master account access, etc.
  • Automatic import emails from Google Mail, Yahoo, Outlook.com or any other standard IMAP account.
  • Powerful and light antispam system with rspamd and optional access to the web interface.
  • Antivirus for inbound and outbound emails with clamav.
  • Automatic configuration for Thunderbird and Outlook using published XML and other clients with special DNS records (RFC 6186).

Other optional features

  • Incremental backups, encrypted, on multiple destination (SFTP, Samba share or USB drive), with email reporting. See backup documentation for details.
  • Jabber server, using ejabberd, with LDAP authentication, direct or offline file transfer and optional server to server communication.
  • Tor and Privoxy easy installation.
  • Embedded DNS server with DNSSEC and SSHFP (SSH fingerprint) records support
  • Automatic publication of DNS entries to Gandi DNS.
  • External IP address detection.
  • Static web site skeleton configuration, with https certificates.
  • Personal backup server for each user, using borgbackup.
  • Gogs git server, a fast and lightweight git server written in Golang.
  • Transmission daemon, accessible over https, public or private over your LAN. Files can be downloaded directly with a web browser, using LDAP credentials for authentication or whitelisted IP addresses (e.g. LAN).
  • Monitoring with Zabbix, with email and Jabber alerts.

Development

  • YAML files validation on each commit, using travis-ci.
  • End to end integration tests for the majority of components.
  • Playbooks to facilitate the installation or removal of development packages.
  • Global debug flag to activate the debug mode of all components.
  • Fully open source Ansible scripts licensed under GPLv3.