From 672082cf6449876ade5933de033bee892e49e210 Mon Sep 17 00:00:00 2001
From: Luciano Giacchetta <luciano@gianet.us>
Date: Tue, 10 Feb 2026 18:48:00 -0300
Subject: [PATCH] feat(dovecot): ensure strict permissions on vmail directory

Added a new task to ensure the `/var/vmail` directory exists with specific ownership and permissions.
- Sets owner and group to `vmail`
- Enforces mode `0700` for security
- Applied only when dovecot is enabled
---
 tasks/main.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tasks/main.yml b/tasks/main.yml
index ae73e8d..91cfcd0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -108,6 +108,17 @@
   tags:
     - dovecot_config
 
+- name: "DOVECOT | Ensure vmail directory permissions"
+  when: dovecot_enabled | default(false)
+  ansible.builtin.file:
+    path: /var/vmail
+    state: directory
+    owner: vmail
+    group: vmail
+    mode: '0700'
+  tags:
+    - dovecot_config
+
 - name: "DOVECOT | Generate user password hashes"
   when: dovecot_enabled | default(false) and dovecot_users | length > 0
   ansible.builtin.command: