Compare commits
21 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
8761671533 | ||
|
405eb1157d | ||
|
0075251890 | ||
|
79b21830af | ||
|
07711461cf | ||
|
8a97c4d939 | ||
|
af29cbe4dc | ||
|
20f8d3181a | ||
|
952bf0e709 | ||
|
0cd9571a65 | ||
|
bf99846901 | ||
|
c24e5140ec | ||
|
19d0c43c27 | ||
|
c635de001b | ||
|
2c96405523 | ||
|
238da5d92c | ||
|
7d231598c0 | ||
|
a6c24e6347 | ||
|
fbfdfd783d | ||
|
94d202cae6 | ||
|
5e98fd3ad9 |
|
@ -23,4 +23,4 @@ event_link("adjust-dovecot", "bootstrap-console-save", "02");
|
||||||
event_link("dovecot-acl", "email-update", "85");
|
event_link("dovecot-acl", "email-update", "85");
|
||||||
event_link("dovecot-acl", "user-create", "85");
|
event_link("dovecot-acl", "user-create", "85");
|
||||||
|
|
||||||
safe_touch("root/var/lib/dovecot/sharedmailbox/dict.db");
|
safe_touch("root/etc/dovecot/sharedmailbox/dict.db");
|
||||||
|
|
12
root/etc/e-smith/db/configuration/migrate/ImapsLimits
Normal file
12
root/etc/e-smith/db/configuration/migrate/ImapsLimits
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
|
||||||
|
# Those limits are now defined on the imap entry
|
||||||
|
foreach my $prop (qw/ConcurrencyLimit ConcurrencyLimitPerIP ProcessMemoryLimit/){
|
||||||
|
my $imaps_value = $DB->get_prop_and_delete('imaps', $prop);
|
||||||
|
next unless ($imaps_value);
|
||||||
|
my $imap_value = $DB->get_prop('imap', $prop);
|
||||||
|
next if ($imap_value);
|
||||||
|
$DB->set_prop('imap', $prop, $imaps_value);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -16,19 +16,21 @@ my $event = $ARGV[0];
|
||||||
|
|
||||||
# SharedMailboxes disabled ?
|
# SharedMailboxes disabled ?
|
||||||
if (($dovecot->prop('SharedMailbox') || 'disabled') eq 'disabled'){
|
if (($dovecot->prop('SharedMailbox') || 'disabled') eq 'disabled'){
|
||||||
foreach my $user ($a->users){
|
if (($dovecot->prop('SharedMailboxAcl') || 'yes') ne 'no'){
|
||||||
my $name = $user->key;
|
foreach my $user ($a->users){
|
||||||
die "Error removing SharedMailbox ACLs ($name"."'s Maildir)\n" unless (
|
my $name = $user->key;
|
||||||
system('/usr/bin/setfacl',
|
die "Error removing SharedMailbox ACLs ($name"."'s Maildir)\n" unless (
|
||||||
'-R',
|
system('/usr/bin/setfacl',
|
||||||
'-x',
|
'-R',
|
||||||
'g:sharedmailbox',
|
'-x',
|
||||||
"/home/e-smith/files/users/$name") == 0 &&
|
'g:sharedmailbox',
|
||||||
system('/bin/chmod',
|
"/home/e-smith/files/users/$name") == 0 &&
|
||||||
'-R',
|
system('/bin/chmod',
|
||||||
'g-s',
|
'-R',
|
||||||
"/home/e-smith/files/users/$name/Maildir") == 0
|
'g-s',
|
||||||
);
|
"/home/e-smith/files/users/$name/Maildir") == 0
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
$dovecot->set_prop('SharedMailboxAcl','no');
|
$dovecot->set_prop('SharedMailboxAcl','no');
|
||||||
exit(0);
|
exit(0);
|
||||||
|
@ -56,22 +58,22 @@ sub set_acl {
|
||||||
my $user = shift;
|
my $user = shift;
|
||||||
die "Missing username\n" unless ($user);
|
die "Missing username\n" unless ($user);
|
||||||
die "Couldn't find $user"."'s home dir\n" unless (-e "/home/e-smith/files/users/$user");
|
die "Couldn't find $user"."'s home dir\n" unless (-e "/home/e-smith/files/users/$user");
|
||||||
|
find(\&dirperm, "/home/e-smith/files/users/$user/Maildir");
|
||||||
die "Error applying permissions to $user 's Maildir\n" unless (
|
die "Error applying permissions to $user 's Maildir\n" unless (
|
||||||
# sharedmailbox group needs read / write access on Maildir
|
# sharedmailbox group needs read / write access on Maildir
|
||||||
system('/usr/bin/setfacl',
|
system('/usr/bin/setfacl',
|
||||||
'-R',
|
'-R',
|
||||||
'-m',
|
'-m',
|
||||||
'g:sharedmailbox:rwX,d:g:sharedmailbox:rwX',
|
'u::rwX,g::rwX,o::rX,g:sharedmailbox:rwX,d:u::rwX,d:g::rwX,d:g:sharedmailbox:rwX,d:o::rX',
|
||||||
"/home/e-smith/files/users/$user/Maildir") == 0 &&
|
"/home/e-smith/files/users/$user/Maildir") == 0 &&
|
||||||
# Grant sharedmailbox group permission to go through
|
# Grant sharedmailbox group permission to go through
|
||||||
# the home dir so it can access the Maildir, but let it read
|
# the home dir so it can access the Maildir, but don't let it read
|
||||||
# anything else
|
# anything (except the Maildir)
|
||||||
system('/usr/bin/setfacl',
|
system('/usr/bin/setfacl',
|
||||||
'-m',
|
'-m',
|
||||||
'g:sharedmailbox:x',
|
'g:sharedmailbox:x',
|
||||||
"/home/e-smith/files/users/$user") == 0
|
"/home/e-smith/files/users/$user") == 0
|
||||||
);
|
);
|
||||||
find(\&sgid, "/home/e-smith/files/users/$user/Maildir");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# The kernel will handle group perms when a user
|
# The kernel will handle group perms when a user
|
||||||
|
@ -79,7 +81,7 @@ sub set_acl {
|
||||||
# This will prevent dovecot errors, see
|
# This will prevent dovecot errors, see
|
||||||
# http://wiki2.dovecot.org/SharedMailboxes/Permissions and
|
# http://wiki2.dovecot.org/SharedMailboxes/Permissions and
|
||||||
# http://wiki2.dovecot.org/Errors/ChgrpNoPerm
|
# http://wiki2.dovecot.org/Errors/ChgrpNoPerm
|
||||||
sub sgid {
|
sub dirperm {
|
||||||
system('/bin/chmod',
|
system('/bin/chmod',
|
||||||
'g+s',
|
'g+s',
|
||||||
"$_") if (-d);
|
"$_") if (-d);
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
$OUT .= "# No local delivery (Dovecot LDA)\n";
|
$OUT .= "# No local delivery (Dovecot LDA)\n";
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
$OUT .= '| /var/qmail/bin/preline -f /usr/libexec/dovecot/dovecot-lda; if [ $? -ne 0 ] ; then exit -1; else exit 99; fi;';
|
$OUT .= '| /var/qmail/bin/preline -f /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT"; if [ $? -ne 0 ] ; then exit -1; else exit 99; fi;';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
{
|
{
|
||||||
my $greeting = $dovecot{'Greeting'} || 'SME Server IMAP service powered by doveot';
|
my $greeting = $dovecot{'Greeting'} || 'SME Server IMAP service powered by doveot';
|
||||||
$OUT .= "login_greeting = \"$greeting\"\n";
|
$OUT .= "login_greeting = \"$greeting\"\n";
|
||||||
|
our $args = $dovecot{PassDBArgs} || '';
|
||||||
}
|
}
|
||||||
passdb \{
|
passdb \{
|
||||||
driver = pam
|
driver = pam
|
||||||
|
{ $OUT .= ($args ne '') ? "args = $args\n" : ''; }
|
||||||
\}
|
\}
|
||||||
{
|
{
|
||||||
if (($dovecot{'AdminIsMaster'} || 'disabled') eq 'enabled'){
|
if (($dovecot{'AdminIsMaster'} || 'disabled') eq 'enabled'){
|
||||||
|
@ -11,7 +13,7 @@ if (($dovecot{'AdminIsMaster'} || 'disabled') eq 'enabled'){
|
||||||
|
|
||||||
passdb {
|
passdb {
|
||||||
driver = pam
|
driver = pam
|
||||||
args = dovecotadmin
|
args = $args dovecotadmin
|
||||||
master = yes
|
master = yes
|
||||||
}
|
}
|
||||||
auth_master_user_separator = *
|
auth_master_user_separator = *
|
||||||
|
|
18
root/etc/e-smith/templates/etc/dovecot/dovecot.conf/27Limits
Normal file
18
root/etc/e-smith/templates/etc/dovecot/dovecot.conf/27Limits
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{
|
||||||
|
|
||||||
|
my $ConcurrencyLimit = $imap{ConcurrencyLimit} || '400';
|
||||||
|
my $ConcurrencyLimitPerIP = $imap{ConcurrencyLimitPerIP} || '12';
|
||||||
|
my $ProcessMemoryLimit = $imap{ProcessMemoryLimit} || '256000000';
|
||||||
|
|
||||||
|
$OUT .=<<"END";
|
||||||
|
|
||||||
|
service imap {
|
||||||
|
process_limit = $ConcurrencyLimit
|
||||||
|
vsz_limit = $ProcessMemoryLimit
|
||||||
|
}
|
||||||
|
protocol imap {
|
||||||
|
mail_max_userip_connections = $ConcurrencyLimitPerIP
|
||||||
|
}
|
||||||
|
END
|
||||||
|
|
||||||
|
}
|
|
@ -15,5 +15,6 @@ if ($subject ne ''){
|
||||||
|
|
||||||
protocol lda \{
|
protocol lda \{
|
||||||
mail_plugins = $mail_plugins {$OUT .= (($sieve{'status'} || 'disabled') eq 'enabled') ? 'sieve':''}
|
mail_plugins = $mail_plugins {$OUT .= (($sieve{'status'} || 'disabled') eq 'enabled') ? 'sieve':''}
|
||||||
|
submission_host = 127.0.0.1
|
||||||
\}
|
\}
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ namespace {
|
||||||
}
|
}
|
||||||
|
|
||||||
plugin {
|
plugin {
|
||||||
acl_shared_dict = file:/var/lib/dovecot/sharedmailbox/dict.db
|
acl_shared_dict = file:/etc/dovecot/sharedmailbox/dict.db
|
||||||
}
|
}
|
||||||
|
|
||||||
plugin {
|
plugin {
|
||||||
|
|
|
@ -33,8 +33,8 @@ my $pem = "./ssl/imapd.pem";
|
||||||
# Now copy system pem file into jail used by ldap
|
# Now copy system pem file into jail used by ldap
|
||||||
copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$")
|
copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$")
|
||||||
or die "failed to copy SSL PEM: $!";
|
or die "failed to copy SSL PEM: $!";
|
||||||
chmod 0400, "$pem.$$";
|
chmod 0440, "$pem.$$";
|
||||||
esmith::util::chownFile("root", "root", "$pem.$$");
|
esmith::util::chownFile("root", "stunnel", "$pem.$$");
|
||||||
rename("$pem.$$", "$pem")
|
rename("$pem.$$", "$pem")
|
||||||
or die "failed to rename $pem.$$ to $pem: $!";
|
or die "failed to rename $pem.$$ to $pem: $!";
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
%define version 0.1
|
%define version 0.1.6
|
||||||
%define release 0.beta26
|
%define release 1.beta0
|
||||||
%define name smeserver-dovecot
|
%define name smeserver-dovecot
|
||||||
|
|
||||||
|
|
||||||
|
@ -29,6 +29,28 @@ Configure the dovecot IMAP server with sieve scripts support,
|
||||||
quota, ACL, extended logging, master user
|
quota, ACL, extended logging, master user
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 7 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.6-1
|
||||||
|
- Allow args in passdb
|
||||||
|
|
||||||
|
* Wed Jul 9 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.5-1
|
||||||
|
- Remove trailing / when defining permissions on sharedmailbox dir
|
||||||
|
|
||||||
|
* Fri Feb 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.4-1
|
||||||
|
- Migrate limits from imaps to imap DB entry
|
||||||
|
- Fix permissions on imapd.pem (for pop3s)
|
||||||
|
|
||||||
|
* Tue Dec 24 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.3-1
|
||||||
|
- Apply process limits
|
||||||
|
|
||||||
|
* Tue Oct 29 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.2-1
|
||||||
|
- Use SMTP for sending sieve notifications
|
||||||
|
|
||||||
|
* Mon Mar 25 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.1-1
|
||||||
|
- Fix ACL and default ACL to set 755/644 on maildirs
|
||||||
|
|
||||||
|
* Tue Feb 12 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.0-1
|
||||||
|
- Pass the recipient variable to dovcot-lda
|
||||||
|
|
||||||
* Tue Nov 29 2011 Daniel Berteaud <daniel@firewall-services.com> - 0.1
|
* Tue Nov 29 2011 Daniel Berteaud <daniel@firewall-services.com> - 0.1
|
||||||
- initial release
|
- initial release
|
||||||
|
|
||||||
|
@ -49,8 +71,8 @@ perl createlinks
|
||||||
--file /var/service/dovecot/log/run 'attr(0755,root,root)' \
|
--file /var/service/dovecot/log/run 'attr(0755,root,root)' \
|
||||||
--file /var/service/dovecot/control/1 'attr(0755,root,root)' \
|
--file /var/service/dovecot/control/1 'attr(0755,root,root)' \
|
||||||
--dir /var/log/dovecot 'attr(0750,smelog,smelog)' \
|
--dir /var/log/dovecot 'attr(0750,smelog,smelog)' \
|
||||||
--dir /var/lib/dovecot/sharedmailbox 'attr(2770,root,sharedmailbox)' \
|
--dir /etc/dovecot/sharedmailbox 'attr(2770,root,sharedmailbox)' \
|
||||||
--file /var/lib/dovecot/sharedmailbox/dict.db 'attr(0660,root,sharedmailbox) %config(noreplace)' \
|
--file /etc/dovecot/sharedmailbox/dict.db 'attr(0660,root,sharedmailbox) %config(noreplace)' \
|
||||||
--file /usr/bin/imap-postlogin 'attr(0755,root,root)' \
|
--file /usr/bin/imap-postlogin 'attr(0755,root,root)' \
|
||||||
> %{name}-%{version}-filelist
|
> %{name}-%{version}-filelist
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user