Spec file update

createlinks

@@ -23,4 +23,4 @@ event_link("adjust-dovecot", "bootstrap-console-save", "02");
 event_link("dovecot-acl", "email-update", "85");
 event_link("dovecot-acl", "user-create", "85");
 
-safe_touch("root/var/lib/dovecot/sharedmailbox/dict.db");
+safe_touch("root/etc/dovecot/sharedmailbox/dict.db");

root/etc/e-smith/db/configuration/migrate/ImapsLimits

@@ -0,0 +1,12 @@
+{
+
+# Those limits are now defined on the imap entry
+foreach my $prop (qw/ConcurrencyLimit ConcurrencyLimitPerIP ProcessMemoryLimit/){
+    my $imaps_value = $DB->get_prop_and_delete('imaps', $prop);
+    next unless ($imaps_value);
+    my $imap_value = $DB->get_prop('imap', $prop);
+    next if ($imap_value);
+    $DB->set_prop('imap', $prop, $imaps_value);
+}
+
+}

root/etc/e-smith/events/actions/dovecot-acl

@@ -16,19 +16,21 @@ my $event = $ARGV[0];
 
 # SharedMailboxes disabled ?
 if (($dovecot->prop('SharedMailbox') || 'disabled') eq 'disabled'){
-    foreach my $user ($a->users){
-        my $name = $user->key;
-        die "Error removing SharedMailbox ACLs ($name"."'s Maildir)\n" unless (
-            system('/usr/bin/setfacl',
-                   '-R',
-                   '-x',
-                   'g:sharedmailbox',
-                   "/home/e-smith/files/users/$name") == 0 &&
-            system('/bin/chmod',
-                   '-R',
-                   'g-s',
-                   "/home/e-smith/files/users/$name/Maildir") == 0
-        );
+    if (($dovecot->prop('SharedMailboxAcl') || 'yes') ne 'no'){
+        foreach my $user ($a->users){
+            my $name = $user->key;
+            die "Error removing SharedMailbox ACLs ($name"."'s Maildir)\n" unless (
+                system('/usr/bin/setfacl',
+                       '-R',
+                       '-x',
+                       'g:sharedmailbox',
+                       "/home/e-smith/files/users/$name") == 0 &&
+                system('/bin/chmod',
+                       '-R',
+                       'g-s',
+                       "/home/e-smith/files/users/$name/Maildir") == 0
+            );
+        }
     }
     $dovecot->set_prop('SharedMailboxAcl','no');
     exit(0);
@@ -56,22 +58,22 @@ sub set_acl {
     my $user = shift;
     die "Missing username\n" unless ($user);
     die "Couldn't find $user"."'s home dir\n" unless (-e "/home/e-smith/files/users/$user");
+    find(\&dirperm,  "/home/e-smith/files/users/$user/Maildir");
     die "Error applying permissions to $user 's Maildir\n" unless (
         # sharedmailbox group needs read / write access on Maildir
         system('/usr/bin/setfacl',
                '-R',
                '-m',
-               'g:sharedmailbox:rwX,d:g:sharedmailbox:rwX',
+               'u::rwX,g::rwX,o::rX,g:sharedmailbox:rwX,d:u::rwX,d:g::rwX,d:g:sharedmailbox:rwX,d:o::rX',
                "/home/e-smith/files/users/$user/Maildir") == 0 &&
         # Grant sharedmailbox group permission to go through
-        # the home dir so it can access the Maildir, but let it read
-        # anything else
+        # the home dir so it can access the Maildir, but don't let it read
+        # anything (except the Maildir)
         system('/usr/bin/setfacl',
                '-m',
                'g:sharedmailbox:x',
                "/home/e-smith/files/users/$user") == 0
     );
-    find(\&sgid,  "/home/e-smith/files/users/$user/Maildir");
 }
 
 # The kernel will handle group perms when a user
@@ -79,7 +81,7 @@ sub set_acl {
 # This will prevent dovecot errors, see 
 # http://wiki2.dovecot.org/SharedMailboxes/Permissions and
 # http://wiki2.dovecot.org/Errors/ChgrpNoPerm
-sub sgid {
+sub dirperm {
     system('/bin/chmod',
            'g+s',
            "$_") if (-d);

root/etc/e-smith/templates-user/.qmail/80DovecotLDA

@@ -14,7 +14,7 @@
         $OUT .= "# No local delivery (Dovecot LDA)\n";
     }
     else{
-        $OUT .= '| /var/qmail/bin/preline -f /usr/libexec/dovecot/dovecot-lda; if [ $? -ne 0 ] ; then exit -1; else exit 99; fi;';
+        $OUT .= '| /var/qmail/bin/preline -f /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT"; if [ $? -ne 0 ] ; then exit -1; else exit 99; fi;';
     }
 }
 

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/15auth

@@ -1,9 +1,11 @@
 {
 my $greeting = $dovecot{'Greeting'} || 'SME Server IMAP service powered by doveot';
 $OUT .= "login_greeting = \"$greeting\"\n";
+our $args = $dovecot{PassDBArgs} || '';
 }
 passdb \{
   driver = pam
+  { $OUT .= ($args ne '') ? "args = $args\n" : ''; }
 \}
 {
 if (($dovecot{'AdminIsMaster'} || 'disabled') eq 'enabled'){
@@ -11,7 +13,7 @@ if (($dovecot{'AdminIsMaster'} || 'disabled') eq 'enabled'){
 
 passdb {
   driver = pam
-  args = dovecotadmin
+  args = $args dovecotadmin
   master = yes
 }
 auth_master_user_separator = *

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/27Limits

@@ -0,0 +1,18 @@
+{
+
+my $ConcurrencyLimit = $imap{ConcurrencyLimit} || '400';
+my $ConcurrencyLimitPerIP = $imap{ConcurrencyLimitPerIP} || '12';
+my $ProcessMemoryLimit = $imap{ProcessMemoryLimit} || '256000000';
+
+$OUT .=<<"END";
+
+service imap {
+  process_limit = $ConcurrencyLimit
+  vsz_limit = $ProcessMemoryLimit
+}
+protocol imap {
+  mail_max_userip_connections = $ConcurrencyLimitPerIP
+}
+END
+
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/40lda

@@ -15,5 +15,6 @@ if ($subject ne ''){
 
 protocol lda \{
   mail_plugins = $mail_plugins {$OUT .= (($sieve{'status'} || 'disabled') eq 'enabled') ? 'sieve':''}
+  submission_host = 127.0.0.1
 \}
 

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/65pluginAcl

@@ -50,7 +50,7 @@ namespace {
 }
 
 plugin {
-  acl_shared_dict = file:/var/lib/dovecot/sharedmailbox/dict.db
+  acl_shared_dict = file:/etc/dovecot/sharedmailbox/dict.db
 }
 
 plugin {

root/var/service/dovecot/control/1

@@ -33,8 +33,8 @@ my $pem = "./ssl/imapd.pem";
 # Now copy system pem file into jail used by ldap
 copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$")
   or die "failed to copy SSL PEM: $!";
-chmod 0400, "$pem.$$";
-esmith::util::chownFile("root", "root", "$pem.$$");
+chmod 0440, "$pem.$$";
+esmith::util::chownFile("root", "stunnel", "$pem.$$");
 rename("$pem.$$", "$pem")
   or die "failed to rename $pem.$$ to $pem: $!";
 

smeserver-dovecot.spec

@@ -1,5 +1,5 @@
-%define version 0.1
-%define release 0.beta26
+%define version 0.1.6
+%define release 1.beta0
 %define name smeserver-dovecot
 
 
@@ -29,6 +29,28 @@ Configure the dovecot IMAP server with sieve scripts support,
 quota, ACL, extended logging, master user
 
 %changelog
+* Wed Jan 7 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.6-1
+- Allow args in passdb
+
+* Wed Jul 9 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.5-1
+- Remove trailing / when defining permissions on sharedmailbox dir
+
+* Fri Feb 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.4-1
+- Migrate limits from imaps to imap DB entry
+- Fix permissions on imapd.pem (for pop3s)
+
+* Tue Dec 24 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.3-1
+- Apply process limits
+
+* Tue Oct 29 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.2-1
+- Use SMTP for sending sieve notifications
+
+* Mon Mar 25 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.1-1
+- Fix ACL and default ACL to set 755/644 on maildirs
+
+* Tue Feb 12 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.0-1
+- Pass the recipient variable to dovcot-lda
+
 * Tue Nov 29 2011 Daniel Berteaud <daniel@firewall-services.com> - 0.1
 - initial release
 
@@ -49,8 +71,8 @@ perl createlinks
    --file /var/service/dovecot/log/run 'attr(0755,root,root)' \
    --file /var/service/dovecot/control/1 'attr(0755,root,root)' \
    --dir /var/log/dovecot 'attr(0750,smelog,smelog)' \
-   --dir /var/lib/dovecot/sharedmailbox 'attr(2770,root,sharedmailbox)' \
-   --file /var/lib/dovecot/sharedmailbox/dict.db 'attr(0660,root,sharedmailbox) %config(noreplace)' \
+   --dir /etc/dovecot/sharedmailbox 'attr(2770,root,sharedmailbox)' \
+   --file /etc/dovecot/sharedmailbox/dict.db 'attr(0660,root,sharedmailbox) %config(noreplace)' \
    --file /usr/bin/imap-postlogin 'attr(0755,root,root)' \
   > %{name}-%{version}-filelist