Initial Import

createlinks

@@ -0,0 +1,26 @@
+#!/usr/bin/perl -w
+
+use esmith::Build::CreateLinks qw(:all);
+
+service_link_enhanced("dovecot", "S65", "7");
+service_link_enhanced("dovecot", "K35", "6");
+service_link_enhanced("dovecot", "K35", "0");
+service_link_enhanced("dovecot", "K35", "1");
+
+templates2events("/etc/dovecot/dovecot.conf", qw(email-update bootstrap-console-save));
+templates2events("/etc/dovecot/master.users", qw(email-update bootstrap-console-save));
+templates2events("/etc/pam.d/dovecotadmin", qw(email-update bootstrap-console-save));
+
+safe_touch("root/var/service/dovecot/down");
+safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/dovecot');
+safe_symlink("/var/service/dovecot" , 'root/service/dovecot');
+safe_symlink("adjust", "root/etc/e-smith/events/email-update/services2adjust/dovecot");
+# Create a symlink for /service/imap so pop3s still find the imapd.pem file
+safe_symlink("/var/service/dovecot", "root/service/imap");
+
+event_link("adjust-dovecot", "email-update", "02");
+event_link("adjust-dovecot", "bootstrap-console-save", "02");
+event_link("dovecot-acl", "email-update", "85");
+event_link("dovecot-acl", "user-create", "85");
+
+safe_touch("root/var/lib/dovecot/sharedmailbox/dict.db");

root/etc/e-smith/db/configuration/defaults/dovecot/Quotas

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/dovecot/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/dovecot/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/defaults/imap/TCPPort

@@ -0,0 +1 @@
+143

root/etc/e-smith/db/configuration/defaults/imap/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/imap/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/imap/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/defaults/imaps/TCPPort

@@ -0,0 +1 @@
+993

root/etc/e-smith/db/configuration/defaults/imaps/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/imaps/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/imaps/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/defaults/sieve/TCPPort

@@ -0,0 +1 @@
+4190

root/etc/e-smith/db/configuration/defaults/sieve/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/sieve/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/sieve/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/events/actions/adjust-dovecot

@@ -0,0 +1,28 @@
+#!/usr/bin/perl -w
+
+
+# This script just ensure the dovecot service is enabled
+# if imap or imaps is enabled
+# It will also entirely disable the dovecot service if both imap
+# and imaps are disabled
+
+use esmith::ConfigDB;
+
+my $c = esmith::ConfigDB->open() or die "Couldn't open Config DB\n";
+
+my $imap = $c->get('imap');
+my $imaps = $c->get('imaps');
+my $dovecot = $c->get('dovecot') || $c->new_record('dovecot',
+                                                     { type => 'service',
+                                                       status => 'enabled'});
+
+my $imapStatus = $imap->prop('status') || 'enabled';
+my $imapsStatus = $imaps->prop('status') || 'enabled';
+
+if ($imapStatus eq 'enabled' or $imapsStatus eq 'enabled'){
+    $dovecot->set_prop('status', 'enabled');
+}
+else{
+    $dovecot->set_prop('status', 'disabled');
+}
+

root/etc/e-smith/events/actions/dovecot-acl

@@ -0,0 +1,87 @@
+#!/usr/bin/perl -w
+
+
+use esmith::ConfigDB;
+use esmith::AccountsDB;
+use File::Find;
+
+my $c = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n";
+my $a = esmith::AccountsDB->open_ro || die "Couldn't open AccountsdDB\n";
+
+my $dovecot = $c->get('dovecot');
+
+die "couldn't find dovecot service\n" unless ($dovecot);
+
+my $event = $ARGV[0];
+
+# SharedMailboxes disabled ?
+if (($dovecot->prop('SharedMailbox') || 'disabled') eq 'disabled'){
+    foreach my $user ($a->users){
+        my $name = $user->key;
+        die "Error removing SharedMailbox ACLs ($name"."'s Maildir)\n" unless (
+            system('/usr/bin/setfacl',
+                   '-R',
+                   '-x',
+                   'g:sharedmailbox',
+                   "/home/e-smith/files/users/$name") == 0 &&
+            system('/bin/chmod',
+                   '-R',
+                   'g-s',
+                   "/home/e-smith/files/users/$name/Maildir") == 0
+        );
+    }
+    $dovecot->set_prop('SharedMailboxAcl','no');
+    exit(0);
+}
+
+# If SharedMailbox is enabled
+
+# Set the correct ACL during user creation
+if ($event && $event eq 'user-create'){
+    my $user = $ARGV[1];
+    set_acl($user);
+}
+
+if (($dovecot->prop('SharedMailboxAcl') || 'no') ne 'yes'){
+    # ACL for existing users haven't been set yet
+    foreach my $user ($a->users){
+        my $name = $user->key;
+        set_acl($name);
+    }
+    $dovecot->set_prop('SharedMailboxAcl','yes');
+}
+
+# Set ACL on a user's Maildir
+sub set_acl {
+    my $user = shift;
+    die "Missing username\n" unless ($user);
+    die "Couldn't find $user"."'s home dir\n" unless (-e "/home/e-smith/files/users/$user");
+    die "Error applying permissions to $user 's Maildir\n" unless (
+        # sharedmailbox group needs read / write access on Maildir
+        system('/usr/bin/setfacl',
+               '-R',
+               '-m',
+               'g:sharedmailbox:rwX,d:g:sharedmailbox:rwX',
+               "/home/e-smith/files/users/$user/Maildir") == 0 &&
+        # Grant sharedmailbox group permission to go through
+        # the home dir so it can access the Maildir, but let it read
+        # anything else
+        system('/usr/bin/setfacl',
+               '-m',
+               'g:sharedmailbox:x',
+               "/home/e-smith/files/users/$user") == 0
+    );
+    find(\&sgid,  "/home/e-smith/files/users/$user/Maildir");
+}
+
+# The kernel will handle group perms when a user
+# create a dir in another user's Maildir (if IMAP ACL allows it)
+# This will prevent dovecot errors, see 
+# http://wiki2.dovecot.org/SharedMailboxes/Permissions and
+# http://wiki2.dovecot.org/Errors/ChgrpNoPerm
+sub sgid {
+    system('/bin/chmod',
+           'g+s',
+           "$_") if (-d);
+}
+

root/etc/e-smith/templates-user/.qmail/80DovecotLDA

@@ -0,0 +1,20 @@
+# Dovecot LDA delivery
+{
+    # vim: ft=perl:
+    use esmith::ConfigDB;
+    my $cdb = esmith::ConfigDB->open_ro || die "Couldn't open ConfigDB\n";
+    my $sieve = $cdb->get('sieve');
+    my $usersieve = $props{Sieve} || 'enabled';
+    my $globalsieve = ($sieve) ? ($sieve->prop('status') || 'disabled') : 'disabled';
+
+    if (($usersieve ne 'enabled') || ($globalsieve ne 'enabled')){
+        $OUT .= "# Sieve is disabled\n";
+    }
+    elsif ($props{EmailForward} !~ /^(local|both)$/) {
+        $OUT .= "# No local delivery (Dovecot LDA)\n";
+    }
+    else{
+        $OUT .= '| /var/qmail/bin/preline -f /usr/libexec/dovecot/dovecot-lda; if [ $? -ne 0 ] ; then exit -1; else exit 99; fi;';
+    }
+}
+

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/10protocols

@@ -0,0 +1,9 @@
+protocols = {
+    if ((($imap{'status'} || 'disabled') eq 'enabled') || 
+         (($imaps{'status'} || 'disabled') eq 'enabled')){
+        $OUT .= "imap";
+    }
+    if (($sieve{'status'} || 'disabled') eq 'enabled'){
+        $OUT .= " sieve";
+    }
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/15auth

@@ -0,0 +1,23 @@
+{
+my $greeting = $dovecot{'Greeting'} || 'SME Server IMAP service powered by doveot';
+$OUT .= "login_greeting = \"$greeting\"\n";
+}
+passdb \{
+  driver = pam
+\}
+{
+if (($dovecot{'AdminIsMaster'} || 'disabled') eq 'enabled'){
+    $OUT .=<<"HERE";
+
+passdb {
+  driver = pam
+  args = dovecotadmin
+  master = yes
+}
+auth_master_user_separator = *
+HERE
+}
+}
+userdb \{
+  driver = passwd
+\}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/20log

@@ -0,0 +1,3 @@
+log_path = /dev/stderr
+log_timestamp = ""
+auth_verbose = yes

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/25mail

@@ -0,0 +1,3 @@
+mail_location = maildir:~/Maildir
+first_valid_uid = 101
+

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/30listener

@@ -0,0 +1,39 @@
+{
+if ((($imap{'status'} || 'disabled') eq 'disabled') ||
+    (($imap{'AllowPlainText'} || 'enabled') eq 'disabled')){
+    $OUT .= "disable_plaintext_auth = yes\n";
+}
+}
+
+service imap-login \{
+  inet_listener imap \{
+    port = {$imap{'TCPPort'} || '143'}
+    address = *
+  \}
+  inet_listener imaps \{
+    port = {$imaps{'TCPPort'} || '993'}
+    ssl = yes
+    address = *
+  \} 
+    
+  service_count = 0
+  process_min_avail = 2
+
+\}
+
+{
+if (($sieve{'status'} || 'enabled') eq 'enabled'){
+    my $port = $sieve{'TCPPort'} || '4190';
+    my $address = $sieve{'Listen'} || '127.0.0.1';
+    $OUT .=<<"HERE";
+
+service managesieve-login {
+  inet_listener sieve {
+    port = $port
+    address = $address
+  }
+}
+
+HERE
+}
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/35ssl

@@ -0,0 +1,3 @@
+ssl = {$OUT .= (($imaps{'status'} || 'enabled') eq 'enabled') ? 'yes':'no';}
+ssl_cert = </var/service/dovecot/ssl/imapd.pem
+ssl_key = </var/service/dovecot/ssl/imapd.pem

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/40lda

@@ -0,0 +1,19 @@
+
+postmaster_address = postmaster@{$DomainName}
+lda_original_recipient_header = to
+
+{
+my $reason = $dovecot{'RejectMessage'} || '';
+my $subject = $dovecot{'RejectSubject'} || '';
+if ($reason ne ''){
+    $OUT .= "rejection_reason = $reason\n";
+}
+if ($subject ne ''){
+    $OUT .= "rejection_subject = $subject\n";
+}
+}
+
+protocol lda \{
+  mail_plugins = $mail_plugins {$OUT .= (($sieve{'status'} || 'disabled') eq 'enabled') ? 'sieve':''}
+\}
+

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/45pluginStart

@@ -0,0 +1,6 @@
+{
+@plugins = ();
+@imap_plugins = ();
+@conf = ();
+$OUT .= '';
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/50pluginQuotas

@@ -0,0 +1,16 @@
+
+{
+push @plugins, 'quota';
+push @imap_plugins, 'imap_quota';
+$OUT .= '';
+my $string =<<'HERE';
+
+plugin {
+  quota = fs:user
+}
+
+HERE
+
+push @conf, $string;
+}
+

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/55pluginLogs

@@ -0,0 +1,21 @@
+{
+
+if (($dovecot{'LogActions'} || 'disabled') eq 'enabled'){
+    push @plugins, 'mail_log';
+    push @plugins, 'notify';
+    my $string = <<'HERE';
+
+plugin {
+  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mailbox_create flag_change
+  mail_log_fields = uid box msgid from subject flags
+}
+
+HERE
+
+    push @conf, $string;
+    $OUT .= '';
+}
+else{
+    $OUT .= "# Actions loging is disabled\n";
+}
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/60pluginFts

@@ -0,0 +1,20 @@
+{
+if (($dovecot{'FullTextIndexing'} || 'disabled') eq 'enabled'){
+    push @plugins, 'fts';
+    push @plugins, 'fts_squat';
+    my $string =<<'HERE';
+
+plugin {
+  fts = squat
+  fts_squat = partial=4 full=10
+}
+
+HERE
+
+    push @conf, $string;
+    $OUT .= '';
+}
+else{
+    $OUT .= "# Full text indexing is disabled\n";
+}
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/65pluginAcl

@@ -0,0 +1,68 @@
+{
+return "" if (($dovecot{'SharedMailbox'} || 'disabled') eq 'disabled');
+
+push @plugins, 'acl';
+push @imap_plugins, 'imap_acl';
+
+my $string =<<'HERE';
+
+mail_access_groups = sharedmailbox
+
+service dict {
+  unix_listener dict {
+    mode = 0660
+    group = sharedmailbox
+  }
+}
+
+service auth {
+  unix_listener auth-userdb {
+    mode = 0660
+    group = sharedmailbox
+  }
+}
+
+service imap {
+  executable = imap imap-postlogin
+}
+
+service imap-postlogin {
+  executable = script-login -d /usr/bin/imap-postlogin
+  unix_listener imap-postlogin {
+  }
+}
+
+
+namespace {
+  type = private
+  separator = /
+  prefix =
+  inbox = yes
+}
+
+namespace {
+  type = shared
+  separator = /
+  prefix = shared/%%u/
+  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
+  subscriptions = no
+  list = children
+}
+
+plugin {
+  acl_shared_dict = file:/var/lib/dovecot/sharedmailbox/dict.db
+}
+
+plugin {
+  acl = vfile
+}
+
+plugin {
+  acl_anyone = allow
+}
+
+HERE
+
+push @conf, $string;
+$OUT .= '';
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/90pluginEnd

@@ -0,0 +1,7 @@
+{
+$OUT .= 'mail_plugins = $mail_plugins ' . join(' ', @plugins) ."\n\n";
+$OUT .= "protocol imap {\n";
+$OUT .= '  mail_plugins = $mail_plugins ' . join(' ', @imap_plugins) . "\n";
+$OUT .= "}\n";
+$OUT .= "$_\n" foreach (@conf);
+}

root/etc/e-smith/templates/etc/dovecot/master.users/10admin

@@ -0,0 +1 @@
+admin

root/etc/e-smith/templates/etc/pam.d/dovecotadmin/10All

@@ -0,0 +1,5 @@
+auth       required     pam_listfile.so item=user sense=allow file=/etc/dovecot/master.users onerr=fail
+auth       include      dovecot
+account    include      system-auth
+session    include      system-auth
+

root/etc/e-smith/templates/etc/pam.d/dovecotadmin/template-begin

@@ -0,0 +1,9 @@
+{
+    $OUT = <<HERE;
+#%PAM-1.0
+HERE
+
+    $OUT .= 
+    Text::Template::_load_text("/etc/e-smith/templates-default/template-begin");
+}
+

root/usr/bin/imap-postlogin

@@ -0,0 +1,5 @@
+#!/bin/sh
+ACL_GROUPS=`groups $USER | tr ' '  ','`
+export ACL_GROUPS
+export USERDB_KEYS="$USERDB_KEYS acl_groups"
+exec "$@"

root/var/service/dovecot/control/1

@@ -0,0 +1,41 @@
+#!/usr/bin/perl -w
+
+#----------------------------------------------------------------------
+# copyright (C) 2011 Firewall-Services
+# daniel@firewall-services.com
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#               
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#               
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+
+
+use esmith::util;
+use esmith::ConfigDB;
+use File::Copy;
+
+my $c = esmith::ConfigDB->open_ro;
+my $s = $c->get('SystemName')->value;
+my $d = $c->get('DomainName')->value;
+
+my $pem = "./ssl/imapd.pem";
+# Now copy system pem file into jail used by ldap
+copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$")
+  or die "failed to copy SSL PEM: $!";
+chmod 0400, "$pem.$$";
+esmith::util::chownFile("root", "root", "$pem.$$");
+rename("$pem.$$", "$pem")
+  or die "failed to rename $pem.$$ to $pem: $!";
+
+

root/var/service/dovecot/log/run

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+NUM=$(/sbin/e-smith/db configuration getprop dovecot KeepLogFiles)
+
+exec                                    \
+    /usr/local/bin/setuidgid smelog     \
+    /usr/local/bin/multilog t s5000000  \
+    n${NUM:-10}                 \
+    /var/log/dovecot/
+

root/var/service/dovecot/run

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+exec 2>&1
+./control/1
+exec /usr/sbin/dovecot -F
+

smeserver-dovecot.spec

@@ -0,0 +1,80 @@
+%define version 0.1
+%define release 0.beta26
+%define name smeserver-dovecot
+
+
+Summary: Dovecot IMAP server integration
+Name: %{name}
+Version: %{version}
+Release: %{release}%{?dist}
+License: GPL
+Group: Networking/Daemons
+Source: %{name}-%{version}.tar.gz
+
+Patch0: smeserver-dovecot-0.1-fix_sharedmailbox_dict_acl.patch
+Patch1: smeserver-dovecot-0.1-mailshare_group.patch
+Patch2: smeserver-dovecot-0.1-allow_anyone.patch
+Patch3: smeserver-dovecot-0.1-no_acl_on_dict.patch
+Patch4: smeserver-dovecot-0.1-sgid_recursive.patch
+
+BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
+BuildArchitectures: noarch
+BuildRequires: e-smith-devtools
+
+Requires: e-smith-base >= 5.2.0
+Requires: dovecot >= 2.0.15
+Requires: dovecot-pigeonhole >= 0.2.4
+Requires: dovecot-managesieve >= 0.2.4
+Requires: acl
+
+Provides: e-smith-imap
+Obsoletes: e-smith-imap
+
+%description
+Configure the dovecot IMAP server with sieve scripts support,
+quota, ACL, extended logging, master user
+
+%changelog
+* Tue Nov 29 2011 Daniel Berteaud <daniel@firewall-services.com> - 0.1
+- initial release
+
+%prep
+%setup -q -n %{name}-%{version}
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+
+%build
+%{__mkdir_p} root/var/log/dovecot
+%{__mkdir_p} root/var/service/dovecot/ssl
+perl createlinks
+
+%install
+/bin/rm -rf $RPM_BUILD_ROOT
+(cd root   ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
+/bin/rm -f %{name}-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
+   --file /var/service/dovecot/run 'attr(0755,root,root)' \
+   --file /var/service/dovecot/log/run 'attr(0755,root,root)' \
+   --file /var/service/dovecot/control/1 'attr(0755,root,root)' \
+   --dir /var/log/dovecot 'attr(0750,smelog,smelog)' \
+   --dir /var/lib/dovecot/sharedmailbox 'attr(2770,root,sharedmailbox)' \
+   --file /var/lib/dovecot/sharedmailbox/dict.db 'attr(0660,root,sharedmailbox) %config(noreplace)' \
+   --file /usr/bin/imap-postlogin 'attr(0755,root,root)' \
+  > %{name}-%{version}-filelist
+
+%files -f %{name}-%{version}-filelist
+%defattr(-,root,root)
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+/usr/sbin/groupadd -g 439 sharedmailbox 2> /dev/null || :
+
+%post
+
+%preun
+