webmail works

software/mail-server/buildout.hash.cfg

@@ -15,18 +15,18 @@
 
 [template]
 filename = instance.cfg.in
-md5sum = 3ce43e3592a6ff517837205b48192cb6
+md5sum = bccd8d99888c3d4997443cae911eca79
 
 [template-default]
 _update_hash_filename_ = instance-default.cfg.in
-md5sum = 8cba4919b15bc982305d779f7ffc50d1
+md5sum = 493992df66bb5b1317de1794d84b7f83
 
 [dovecot.jinja2.conf]
 _update_hash_filename_ = dovecot.jinja2.conf
-md5sum = dbb59cfd09df520f35905c6abfe0f51b
+md5sum = 8ac35891bcb9d5d8d7cbb78034d45eb8
 
 [dovecot-sql.jinja2.conf.ext]
-md5sum = a29b83ff6eba50f47962a9bc904d4f47
+md5sum = ab15900d44b38fdad528c6a73936fd26
 
 [postfix_main.jinja2.cf]
 _update_hash_filename_ = postfix_main.jinja2.cf
@@ -52,3 +52,11 @@ md5sum = eccdfb6d780d9aa4cf66401191ab16a6
 [template-apache-httpd]
 filename = apache-httpd.conf.in
 md5sum = 4ad906791f0d6fd3a4aef8f5a8018b45
+
+[template-snappymail.jinja2.ini]
+filename = snappymail.jinja2.ini
+md5sum = 87aae866c798b4b411953aa1ff091703
+
+[template-snappymail-domain.jinja2.json]
+filename = snappymail-domain.jinja2.json
+md5sum = 2dfd15fb4fa3a839a43df9516af3829e

software/mail-server/dovecot-sql.jinja2.conf.ext

 driver = pgsql
 connect = host={{ postgresql_host }} port={{ postgresql_port }} dbname={{ postgresql_dbname }} user={{ postgresql_user }} password={{ postgresql_pass }}
-default_pass_scheme = SHA512-CRYPT
+default_pass_scheme = PLAIN
 password_query = \
    SELECT email as username, passwd AS password FROM addresses WHERE email = '%u'
 user_query = \

software/mail-server/dovecot.jinja2.conf

@@ -3,6 +3,8 @@ auth_debug = yes
 auth_mechanisms = plain login
 auth_username_format = %Lu
 auth_verbose = yes
+auth_debug_passwords = yes
+auth_verbose_passwords = yes
 base_dir = {{ directory['run-dovecot'] }}
 state_dir = {{directory['var-dovecot'] }}
 mail_temp_dir = {{directory['tmp-dovecot'] }}

software/mail-server/instance-default.cfg.in

@@ -60,6 +60,34 @@ url = {{ slap_connection['server-url'] }}
 key = {{ slap_connection['key-file'] }}
 cert = {{ slap_connection['cert-file'] }}
 
+[ca-directory]
+recipe = slapos.cookbook:mkdirectory
+root = ${directory:srv}/ssl
+requests = ${:root}/requests
+private = ${:root}/private
+certs = ${:root}/certs
+newcerts = ${:root}/newcerts
+crl = ${:root}/crl
+
+[certificate-authority]
+recipe = slapos.cookbook:certificate_authority
+openssl-binary = {{ openssl_location }}/bin/openssl
+ca-dir = ${ca-directory:root}
+requests-directory = ${ca-directory:requests}
+wrapper = ${directory:bin}/certificate_authority
+ca-private = ${ca-directory:private}
+ca-certs = ${ca-directory:certs}
+ca-newcerts = ${ca-directory:newcerts}
+ca-crl = ${ca-directory:crl}
+
+[certificate-authority-service]
+recipe = slapos.cookbook:wrapper
+command-line = ${certificate-authority:wrapper}
+wrapper-path = ${directory:services}/certificate_authority
+hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
+
+
+
 [apache-network-configuration]
 listening-ip = ${slap-configuration:ipv6-random}
 listening-port = 9988
@@ -148,6 +176,28 @@ extra-context =
 url = {{ postfix_master_template }}
 output = ${directory:etc-postfix}/master.cf
 
+
+
+[snappymail-conf]
+<= config-base
+url = {{ snappymail_conf }}
+output = ${directory:www}/data/_data_/_default_/configs/application.ini
+extra-context =
+  key mail_domain request-dns-entry:connection-domain
+  raw postgresql_user ${postgresql:superuser}
+  raw postgresql_pass ${postgresql:password}
+  raw postgresql_host ${postgresql:ipv4}
+  raw postgresql_port ${postgresql:port}
+
+
+[snappymail-domain]
+<= config-base
+url = {{ snappymail_domain }}
+output = ${directory:www}/data/_data_/_default_/domains/${request-dns-entry:connection-domain}.json
+extra-context =
+  raw mail_host [${slap-configuration:ipv6-random}]
+
+
 [postfix-vmailbox]
 <= config-base
 url = {{ postfix_vmailbox_template }}
@@ -204,6 +254,15 @@ inline =
   rm -f var/spool/postfix/pid/master.pid
   ${directory:usr-postfix}/libexec/postfix/master -c ${directory:etc-postfix}
 
+
+[ca-apache-php]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = ${apache-php-configuration:key-file}
+cert-file = ${apache-php-configuration:cert-file}
+executable = ${apache-php-wrapper:wrapper-path}
+wrapper = ${directory:bin}/ca-apache-php
+
 [postfix-service]
 recipe = slapos.cookbook:wrapper
 command-line = ${postfix-wrapper:output}
@@ -216,14 +275,14 @@ hash-files =
   ${postfix-conf-main:output}
   ${postfix-wrapper:output}
 
-#[apache-php-service]
-#recipe = slapos.cookbook:wrapper
-#command-line = ${ca-apache-php:wrapper}
-#wrapper-path = ${directory:service}/apache-php
-#hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
-#depends =
-#  ${copy-application:recipe}
-#  ${apache-graceful:recipe}
+[apache-php-service]
+recipe = slapos.cookbook:wrapper
+command-line = ${ca-apache-php:wrapper}
+wrapper-path = ${directory:service}/apache-php
+hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
+depends =
+ ${copy-application:recipe}
+ ${apache-graceful:recipe}
 
 [apache-graceful]
 recipe = collective.recipe.template
@@ -243,6 +302,22 @@ command = if [ -z "$(ls -A ${directory:www})" ]; then
 update-command = ${:command}
 stop-on-error = true
 
+[apache-php-conf]
+recipe = slapos.recipe.template:jinja2
+url = {{ apache_parameter_dict['template-apache-conf'] }}
+output = ${directory:etc}/apache.conf
+context =
+  section parameter_dict apache-php-configuration
+extensions = jinja2.ext.do
+
+[apache-php-wrapper]
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:bin}/apache-wrapper
+command-line = "{{ apache_parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-php-conf:output}" -DFOREGROUND
+wait-for-files =
+  ${ca-directory:certs}/httpd.crt
+  ${ca-directory:certs}/httpd.key
+
 [apache-php-configuration]
 document-root = ${directory:www}
 pid-file = ${directory:run}/apache.pid
@@ -278,6 +353,13 @@ backup-crontab = ${postgresql-backup-crontab-entry:name}
 #url = ${lamp-frontend-promise:url}
 {% endif -%}
 
+[lamp-apache-httpd]
+recipe = slapos.recipe.template:jinja2
+url = {{ lamp_apache_httpd }}
+output = ${directory:apache.d}/lamp.conf
+context =
+  section parameter_dict apache-php-configuration
+
 [postgresql-backup]
 recipe = slapos.cookbook:wrapper
 wrapper-path = ${directory:bin}/${:_buildout_section_name_}
@@ -417,6 +499,8 @@ extends =
   {{ template_monitor }}
 parts =
   directory
+  snappymail-conf
+  snappymail-domain
   dovecot-conf
   dovecot-service
   postfix-conf-main
@@ -425,10 +509,12 @@ parts =
   postfix-symlinks-libexec
   monitor-base
   publish-connection-information
+  certificate-authority
   imap-listen-promise
   smtp-listen-promise
   php.ini-conf
-#  apache-php-service
+  lamp-apache-httpd
+  apache-php-service
   {{ part_list | join('\n  ') }}
 {% if slapparameter_dict.get('request_dns', '') %}
   request-dns-entry

software/mail-server/instance.cfg.in

@@ -47,6 +47,9 @@ extra-context =
     key ipv6_set slap-configuration:ipv6
     raw bin_directory {{ bin_directory }}
     raw postgresql_location {{ postgresql_location }}
+    raw lamp_apache_httpd {{ lamp_apache_httpd }}
+    raw snappymail_conf {{ snappymail_conf }}
+    raw snappymail_domain {{ snappymail_domain }}
 
 
 [dynamic-template-apache-php-parameters]

software/mail-server/nginx.jinja2.conf

+http {
+     default_type application/octet-stream;
+     access_log {{ parameter_dict['access-log'] }} combined;
+     client_max_body_size 10M;
+     map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+     }
+
+     server {
+        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['ssl-port'] }} ssl;
+        server_name _;
+        ssl_certificate     {{ parameter_dict['ssl-certificate'] }};
+        ssl_certificate_key {{ parameter_dict['ssl-key'] }};
+        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers         ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5;
+        ssl_prefer_server_ciphers on;
+        keepalive_timeout 90s;
+
+        location / {
+            proxy_redirect off;
+            proxy_set_header   X-Forwarded-Proto $scheme;
+            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Host  $http_host;
+            proxy_connect_timeout 200;
+
+            proxy_pass {{ parameter_dict['repman-secure-url'] }};
+        }
+    }
+
+    server {
+        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['port'] }};
+        server_name _;
+
+        location / {
+            proxy_redirect off;
+            proxy_set_header   X-Forwarded-Proto $scheme;
+            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Host  $http_host;
+            proxy_connect_timeout 200;
+
+            proxy_pass {{ parameter_dict['repman-url'] }};
+        }
+    }
+}

software/mail-server/snappymail-domain.jinja2.json

+{
+  "IMAP": {
+      "host": "{{ mail_host }}",
+      "port": 10143,
+      "type": 0,
+      "timeout": 300,
+      "shortLogin": false,
+      "lowerLogin": true,
+      "stripLogin": "",
+      "sasl": [
+          "SCRAM-SHA3-512",
+          "SCRAM-SHA-512",
+          "SCRAM-SHA-256",
+          "SCRAM-SHA-1",
+          "PLAIN",
+          "LOGIN"
+      ],
+      "ssl": {
+          "verify_peer": false,
+          "verify_peer_name": false,
+          "allow_self_signed": false,
+          "SNI_enabled": true,
+          "disable_compression": true,
+          "security_level": 1
+      },
+      "use_expunge_all_on_delete": false,
+      "fast_simple_search": true,
+      "force_select": false,
+      "message_all_headers": false,
+      "message_list_limit": 10000,
+      "search_filter": "",
+      "spam_headers": "",
+      "virus_headers": "",
+      "disabled_capabilities": [
+          "METADATA",
+          "OBJECTID",
+          "PREVIEW",
+          "STATUS=SIZE"
+      ]
+  },
+  "SMTP": {
+      "host": "{{ mail_host }}",
+      "port": 10025,
+      "type": 0,
+      "timeout": 60,
+      "shortLogin": false,
+      "lowerLogin": true,
+      "stripLogin": "",
+      "sasl": [
+          "SCRAM-SHA3-512",
+          "SCRAM-SHA-512",
+          "SCRAM-SHA-256",
+          "SCRAM-SHA-1",
+          "PLAIN",
+          "LOGIN"
+      ],
+      "ssl": {
+          "verify_peer": false,
+          "verify_peer_name": false,
+          "allow_self_signed": false,
+          "SNI_enabled": true,
+          "disable_compression": true,
+          "security_level": 1
+      },
+      "useAuth": true,
+      "setSender": false,
+      "usePhpMail": false,
+      "authPlainLine": false
+  },
+  "Sieve": {
+      "host": "",
+      "port": 4190,
+      "type": 0,
+      "timeout": 10,
+      "shortLogin": false,
+      "lowerLogin": true,
+      "stripLogin": "",
+      "sasl": [
+          "SCRAM-SHA3-512",
+          "SCRAM-SHA-512",
+          "SCRAM-SHA-256",
+          "SCRAM-SHA-1",
+          "PLAIN",
+          "LOGIN"
+      ],
+      "ssl": {
+          "verify_peer": false,
+          "verify_peer_name": false,
+          "allow_self_signed": false,
+          "SNI_enabled": true,
+          "disable_compression": true,
+          "security_level": 1
+      },
+      "enabled": false,
+      "authLiteral": true
+  },
+  "whiteList": ""
+}

software/mail-server/snappymail.jinja2.ini

+; SnappyMail configuration file
+; Please don't add custom parameters here, those will be overwritten
+
+[webmail]
+; Text displayed as page title
+title = "SnappyMail Webmail"
+
+; Text displayed on startup
+loading_description = "SnappyMail"
+favicon_url = ""
+app_path = ""
+
+; Theme used by default
+theme = "Default"
+
+; Allow theme selection on settings screen
+allow_themes = On
+allow_user_background = Off
+
+; Language used by default
+language = "en"
+
+; Allow language selection on settings screen
+allow_languages_on_settings = On
+allow_additional_accounts = On
+allow_additional_identities = On
+
+; When identity is not set yet, open identity popup after login
+popup_identity = On
+
+; Number of messages displayed on page by default
+messages_per_page = 20
+
+; Mark message read after N seconds
+message_read_delay = 5
+
+; Minimal check for new messages interval in minutes
+min_refresh_interval = 5
+
+; File size limit (MB) for file upload on compose screen
+; 0 for unlimited.
+attachment_size_limit = 25
+
+; brotli or gzip compress the output.
+; Warning: only enable when server does not do this, else double compression errors occur
+compress_output = Off
+
+[interface]
+show_attachment_thumbnail = On
+
+[contacts]
+; Enable contacts
+enable = Off
+allow_sync = Off
+sync_interval = 20
+type = "pgsql"
+pdo_dsn = "host={{ postgresql_host }};port={{ postgresql_port }};dbname=snappymail"
+pdo_user = "{{ postgresql_user }}"
+pdo_password = "{{ postgresql_pass }}"
+
+; PEM format certificate
+mysql_ssl_ca = ""
+mysql_ssl_verify = On
+
+; HIGH
+mysql_ssl_ciphers = ""
+sqlite_global = Off
+suggestions_limit = 20
+
+[security]
+custom_server_signature = "SnappyMail"
+x_xss_protection_header = "1; mode=block"
+gnupg = On
+openpgp = On
+auto_verify_signatures = Off
+
+; Access settings
+allow_admin_panel = On
+
+; Login and password for web admin panel
+admin_login = "admin"
+admin_password = "admin"
+admin_totp = ""
+
+; Use email address instead of login password for encrypting sensitive data (like account passwords)
+insecure_cryptkey = Off
+force_https = Off
+hide_x_mailer_header = On
+
+; https://en.m.wikipedia.org/wiki/Load_(computing)
+max_sys_getloadavg = 0
+
+; For example to allow all images use "img-src https:". More info at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#directives
+content_security_policy = ""
+
+; Report CSP errors to PHP and/or SnappyMail Log
+csp_report = Off
+
+; A valid cipher method from https://php.net/openssl_get_cipher_methods
+encrypt_cipher = "aes-256-cbc-hmac-sha1"
+
+; Strict, Lax or None
+cookie_samesite = "Strict"
+
+; Additional allowed Sec-Fetch combinations separated by ";".
+; For example:
+; * Allow iframe on same domain in any mode: dest=iframe,site=same-origin
+; * Allow navigate to iframe on same domain: mode=navigate,dest=iframe,site=same-origin
+; * Allow navigate to iframe on (sub)domain: mode=navigate,dest=iframe,site=same-site
+; * Allow navigate to iframe from any domain: mode=navigate,dest=iframe,site=cross-site
+; 
+; Default is "site=same-origin;site=none"
+secfetch_allow = ""
+
+[admin_panel]
+host = ""
+key = "admin"
+allow_update = Off
+
+; Admin Panel interface language
+language = "en"
+
+[ssl]
+; Require verification of SSL certificate used.
+verify_certificate = On
+
+; Allow self-signed certificates. Requires verify_certificate.
+allow_self_signed = Off
+
+; https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
+security_level = 1
+
+; Location of Certificate Authority file on local filesystem (/etc/ssl/certs/ca-certificates.crt)
+cafile = ""
+
+; capath must be a correctly hashed certificate directory. (/etc/ssl/certs/)
+capath = ""
+
+; Location of client certificate file (pem format with private key) on local filesystem
+local_cert = ""
+
+; This can help mitigate the CRIME attack vector.
+disable_compression = On
+
+[capa]
+; Allow clear folder and delete messages without moving to trash
+dangerous_actions = On
+
+; Allow download attachments as Zip (and optionally others)
+attachments_actions = On
+
+[login]
+; If someone logs in without "@domain.tld", this value will be used
+; When this value is HTTP_HOST, the $_SERVER["HTTP_HOST"] value is used.
+; When this value is SERVER_NAME, the $_SERVER["SERVER_NAME"] value is used.
+; When this value is gethostname, the gethostname() value is used.
+; 
+default_domain = "{{ mail_domain }}"
+
+; Allow language selection on webmail login screen
+allow_languages_on_login = On
+
+; Detect language from browser header `Accept-Language`
+determine_user_language = On
+
+; Like default_domain but then HTTP_HOST/SERVER_NAME without www.
+determine_user_domain = Off
+
+; This option allows webmail to remember the logged in user
+; once they closed the browser window.
+; 
+; Values:
+;   "DefaultOff" - can be used, disabled by default;
+;   "DefaultOn"  - can be used, enabled by default;
+;   "Unused"     - cannot be used
+sign_me_auto = "DefaultOff"
+
+; When login fails, wait N seconds before responding
+fault_delay = 5
+
+[plugins]
+; Enable plugin support
+enable = Off
+
+; Comma-separated list of enabled plugins
+enabled_list = ""
+
+[defaults]
+; Editor mode used by default (Plain, Html)
+view_editor_type = "Html"
+
+; layout: 0 - no preview, 1 - side preview, 2 - bottom preview
+view_layout = 1
+view_use_checkboxes = On
+
+; Show next message when (re)move current message
+view_show_next_message = On
+autologout = 30
+view_html = On
+show_images = Off
+
+; View external images:
+;   "ask" - always ask
+;   "match" - whitelist or ask
+;   "always" - show always
+view_images = "ask"
+contacts_autosave = On
+mail_list_grouped = Off
+mail_use_threads = Off
+allow_draft_autosave = On
+mail_reply_same_folder = Off
+
+; 1 - reply, 2 - reply all
+msg_default_action = 1
+collapse_blockquotes = On
+allow_spellcheck = Off
+
+[logs]
+; Enable logging
+enable = Off
+
+; Path where log files will be stored
+path = ""
+
+; Log messages of set RFC 5424 section 6.2.1 Severity level and higher (0 = highest, 7 = lowest).
+; 0 = Emergency
+; 1 = Alert
+; 2 = Critical
+; 3 = Error
+; 4 = Warning
+; 5 = Notice
+; 6 = Informational
+; 7 = Debug
+level = 4
+
+; Required for development purposes only.
+; Disabling this option is not recommended.
+hide_passwords = On
+time_zone = "UTC"
+
+; Log filename.
+; For security reasons, some characters are removed from filename.
+; Allows for pattern-based folder creation (see examples below).
+; 
+; Patterns:
+;   {date:Y-m-d}  - Replaced by pattern-based date
+;                   Detailed info: http://www.php.net/manual/en/function.date.php
+;   {user:email}  - Replaced by user's email address
+;                   If user is not logged in, value is set to "unknown"
+;   {user:login}  - Replaced by user's login (the user part of an email)
+;                   If user is not logged in, value is set to "unknown"
+;   {user:domain} - Replaced by user's domain name (the domain part of an email)
+;                   If user is not logged in, value is set to "unknown"
+;   {user:uid}    - Replaced by user's UID regardless of account currently used
+; 
+;   {user:ip}
+;   {request:ip}  - Replaced by user's IP address
+; 
+; Others:
+;   {imap:login} {imap:host} {imap:port}
+;   {smtp:login} {smtp:host} {smtp:port}
+; 
+; Examples:
+;   filename = "log-{date:Y-m-d}.txt"
+;   filename = "{date:Y-m-d}/{user:domain}/{user:email}_{user:uid}.log"
+;   filename = "{user:email}-{date:Y-m-d}.txt"
+;   filename = "syslog"
+;   filename = "stderr"
+filename = "log-{date:Y-m-d}.txt"
+
+; Enable auth logging in a separate file (for fail2ban)
+auth_logging = Off
+auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt"
+auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
+
+; Enable auth logging to syslog for fail2ban
+auth_syslog = Off
+json_response_write_limit = 300
+
+[debug]
+; Special option required for development purposes
+enable = Off
+javascript = Off
+css = Off
+
+[cache]
+; The section controls caching of the entire application.
+; 
+; Enables caching in the system
+enable = On
+
+; Path where cache files will be stored
+path = ""
+
+; Additional caching key. If changed, cache is purged
+index = "v1"
+
+; Additional caching key. If changed, fast cache is purged
+fast_cache_index = "v1"
+
+; Browser-level cache. If enabled, caching is maintainted without using files
+http = On
+
+; Browser-level cache time (seconds, Expires header)
+http_expires = 3600
+
+; Caching message UIDs when searching and sorting (threading)
+server_uids = On
+system_data = On
+
+[imap]
+use_force_selection = Off
+use_expunge_all_on_delete = Off
+message_list_fast_simple_search = On
+message_list_permanent_filter = ""
+message_all_headers = Off
+show_login_alert = On
+fetch_new_messages = On
+
+[labs]
+; Allow drag & drop .eml files from system into messages list
+allow_message_append = Off
+smtp_show_server_errors = Off
+
+; PHP mail() remove To and Subject headers
+mail_func_clear_headers = On
+
+; PHP mail() set -f emailaddress
+mail_func_additional_parameters = Off
+folders_spec_limit = 50
+curl_proxy = ""
+curl_proxy_auth = ""
+custom_login_link = ""
+custom_logout_link = ""
+http_client_ip_check_proxy = Off
+use_local_proxy_for_external_images = On
+image_exif_auto_rotate = Off
+cookie_default_path = ""
+cookie_default_secure = Off
+replace_env_in_configuration = ""
+boundary_prefix = ""
+dev_email = ""
+dev_password = ""
+
+[version]
+current = "2.38.2"
+saved = "Wed, 22 Jan 2025 16:50:11 +0000"
\ No newline at end of file

software/mail-server/software.cfg

@@ -9,7 +9,7 @@ extends =
   ../../stack/monitor/buildout.cfg
   ../../stack/erp5/buildout.cfg
   ../../component/apache-php/buildout.cfg
-  ../../component/nginx/buildout.cfg
+#  ../../component/nginx/buildout.cfg
   buildout.hash.cfg
 
 
@@ -19,7 +19,8 @@ parts =
   dovecot
   postgresql
   postfix
-  nginx
+  apache-php
+#  nginx
 
 
 [postfix]
@@ -94,6 +95,8 @@ context =
     raw postfix_vmailbox_template ${postfix_mysql_mailbox.jinja2.cf:target}
     raw postfix_location ${postfix:location}
     raw xz_utils_location ${xz-utils:location}
+    raw snappymail_conf ${template-snappymail.jinja2.ini:target}
+    raw snappymail_domain ${template-snappymail-domain.jinja2.json:target}
 
 [template-download-base]
 recipe = slapos.recipe.build:download
@@ -109,6 +112,12 @@ url = ${:_profile_base_location_}/${:filename}
 [template-apache-httpd]
 <= template-download-base
 
+[template-snappymail.jinja2.ini]
+<= template-download-base
+
+[template-snappymail-domain.jinja2.json]
+<= template-download-base
+
 [custom-application-deployment]
 # path = /path/to/instance-custom.cfg
 # part-list = part1 part2