Hello Bruce et al,
One thing I did not specify. I have very strict idea in the way I am installing a package on a server I put online.
Ideally, I want to have some install process I setup once and I don't have to worry about anything, especially security.
When I have to install a software, let's say Roundcube, I prefer to use the native version that comes with Debian server. Of course, it is a little bit outdated, but I know there is a security team behind that publishes security patches. I know these security patches will be applied, while I sleep or while I am in holidays, if I install and configure correctly unattended upgrades packages.
If really I want more control, I know there is packages on Debian that will send me an email when updates are available, and I can install them from anywhere using SSH.
In no case, I would be comfortable installing, on a Live server, Roundcube from the git repository, which is done fir this project. It is far too easy to forget and leave it for months with security issues opened for a while.
Yes, I know there is cron scripts I can use to update the repository. But even in this case, who is guarantee me that nothing will break on my server? Once again, there is a Debian team that do a fabulous integration work, and I don't want to break my mail server just to have the latest version of Roundcube or Owncloud.
By staying inside the Debian ecosystem, I am also sure that some third party applications or repositories will stay nicely integrated with the current state of my server. For instance, I know that I should be able to add syncthing (https://apt.syncthing.net/) repository as part of the deployment process, without worrying too much about conflict from files overwritten by these kind of manipulations.
I don't say one opinion is better that the other, it is just the way I prefer to work - and as a matter - to live.
Kind regards, André
On 10/12/17 19:46, André Rodier wrote:
Thank you,
I remember to had a look at this project, and I found it huge.
I started mine because I want LDAP authentication.
I also wanted less features / programs, less obtrusive, and better attention to small details, like automatic DKIM generation and DNS updates.
I hope not to end up with something as huge.
André
On 10/12/17 19:19, bruce@secryption.com wrote:
Check out https://github.com/sovereign/sovereign/blob/master/README.md
Might have some of what you are looking for already done.
Bruce
On Dec 10, 2017 2:06 PM, André Rodier <andre@rodier.me> wrote:
Hello everyone,
I have been using Postfix and Dovecot for my personal emails for years. After being tired of reinstalling my personal mail server many times, I am currently writing some Ansible scripts to do it automatically.
I obviously checked the other projects, and did not found anything close to what I am looking for, so I am implementing it now.
The final goal is to have a box that once online, would setup itself, by creating the certificates, the DKIM keys and update the appropriate DNS records.
This is so far what I have achieved:
- Automatic generation of certificates using LetsEncrypt
- Automatic update of the domain entries: imap, smtp, webmail, etc.
- Automatic generation of a DKIM keys
- Automatic update of specific records (MX, SPF, DKIM, etc.)
- LDAP server for user accounts, with or without system login.
- Installation of Postfix, Dovecot and Roundcube
Sending DKIM signed emails is working, and the IMAP server is configured as well, although basic.
The postfix and dovecot configuration are not yet entirely finished. I am planing to add an anti spam system, and sieve, amongst other things.
Although in development during my spare time, the system is normally robust and you should be able to run it multiple times without errors.
If anyone is interested to use it, to have a look, or to take part, it is here: https://github.com/progmaticltd/homebox
Kind regards, André Rodier.