preparation for wheezy config-templates (just copied for now); fixed missing courier-templates for precise

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2013-05-13 18:40:30 +02:00
parent 2d54fb8187
commit 14e9b81995
52 changed files with 1620 additions and 1 deletions
--- a/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_acl_30_exim4-config_check_rcpt.rul
+++ b/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_acl_30_exim4-config_check_rcpt.rul
@@ -0,0 +1,125 @@
+### acl/30_exim4-config_check_rcpt
+#################################
+
+acl_check_rcpt:
+  accept
+    hosts = :
+
+  warn
+    hosts = +relay_from_hosts
+    control = submission/sender_retain
+
+  .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
+  deny
+    domains = +local_domains:+froxlor_domain
+    local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
+    message = restricted characters in address
+  .endif
+
+  .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
+  deny
+    domains = !+local_domains
+    local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
+    message = restricted characters in address
+  .endif
+
+  accept
+    .ifndef CHECK_RCPT_POSTMASTER
+    local_parts = postmaster
+    .else
+    local_parts = CHECK_RCPT_POSTMASTER
+    .endif
+    domains = +local_domains:+froxlor_domain
+
+  deny
+    message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+    !acl = acl_local_deny_exceptions
+    senders = ${if exists{CONFDIR/local_sender_blacklist}\
+                   {CONFDIR/local_sender_blacklist}\
+                   {}}
+
+  deny
+    message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+    !acl = acl_local_deny_exceptions
+    hosts = ${if exists{CONFDIR/local_host_blacklist}\
+                 {CONFDIR/local_host_blacklist}\
+                 {}}
+
+  .ifdef CHECK_RCPT_VERIFY_SENDER
+  deny
+    message = Sender verification failed
+    !acl = acl_local_deny_exceptions
+    !verify = sender
+  .endif
+
+  deny
+    !acl = acl_local_deny_exceptions
+    senders = ${if exists{CONFDIR/local_sender_callout}\
+                         {CONFDIR/local_sender_callout}\
+                   {}}
+    !verify = sender/callout
+
+  deny
+    !acl = acl_local_deny_exceptions
+    recipients = ${if exists{CONFDIR/local_rcpt_callout}\
+                            {CONFDIR/local_rcpt_callout}\
+                      {}}
+    !verify = recipient/callout
+
+  .ifdef CHECK_RCPT_REVERSE_DNS
+  warn
+    message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
+     condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
+                      {yes}{no}}
+  .endif
+
+  .ifdef CHECK_RCPT_IP_DNSBLS
+  warn
+    message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+    log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+    dnslists = CHECK_RCPT_IP_DNSBLS
+  .endif
+
+  .ifdef CHECK_RCPT_DOMAIN_DNSBLS
+  warn
+    message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+    log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+    !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
+                    {CONFDIR/local_domain_dnsbl_whitelist}\
+                    {}}
+    dnslists = CHECK_RCPT_DOMAIN_DNSBLS/$sender_address_domain
+  .endif
+
+  .ifdef CHECK_RCPT_LOCAL_ACL_FILE
+  .include CHECK_RCPT_LOCAL_ACL_FILE
+  .endif
+
+  accept
+    domains = +local_domains:+froxlor_domain
+    endpass
+    message = unknown user
+    verify = recipient
+
+  accept
+    domains = +relay_to_domains
+    endpass
+    .ifdef CHECK_RCPT_GIVE_UNKNOWN_USER
+    message = ${if eq{$acl_verify_message}{Unrouteable address}{unknown user}{$acl_verify_message}}
+    .else
+    message = unrouteable address
+    .endif
+    verify = recipient
+
+  ############
+  # If control reaches this point, the domain is neither in +local_domains
+  # nor in +relay_to_domains.
+  ############
+
+  accept
+    hosts = +relay_from_hosts
+
+  accept
+    authenticated = *
+
+  deny
+    message = relay not permitted
--- a/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_auth_30_froxlor-config
+++ b/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_auth_30_froxlor-config
@@ -0,0 +1,30 @@
+### auth/30_froxlor-config
+#################################
+
+plain_server:
+  driver = plaintext
+  public_name = PLAIN
+  server_condition = "${if and { \
+                        {!eq{$2}{}} \
+                        {!eq{$3}{}} \
+                        {crypteq{$3}{${lookup mysql{FROXLOR_AUTH_PLAIN}{$value}fail}}} \
+                        } {yes}{no}}"
+  server_set_id = $2
+  server_prompts = :
+#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+#   .endif
+
+login_server:
+  driver = plaintext
+  public_name = LOGIN
+  server_prompts = "Username:: : Password::"
+  server_condition = "${if and { \
+                        {!eq{$1}{}} \
+                        {!eq{$2}{}} \
+                        {crypteq{$2}{${lookup mysql{FROXLOR_AUTH_LOGIN}{$value}fail}}} \
+                        } {yes}{no}}"
+  server_set_id = $1
+#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+#   .endif
--- a/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_main_10_froxlor-config_options
+++ b/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_main_10_froxlor-config_options
@@ -0,0 +1,20 @@
+hide mysql_servers = <SQL_HOST>/<SQL_DB>/<SQL_UNPRIVILEGED_USER>/<SQL_UNPRIVILEGED_PASSWORD>
+
+FROXLOR_LOCAL_DOMAIN	= SELECT domain FROM panel_domains WHERE domain = '${quote_mysql:$domain}' AND isemaildomain = '1'
+
+FROXLOR_MAILALIAS		= SELECT REPLACE(destination,' ',',') FROM mail_virtual WHERE \
+				(( email = '${quote_mysql:$local_part}@${quote_mysql:$domain}' ) \
+				OR ( email = '@${quote_mysql:$domain}' AND iscatchall > 0 )) \
+				AND destination <> '' AND destination <> ' ' ORDER BY iscatchall ASC LIMIT 1
+
+FROXLOR_MAILUSER		= SELECT CONCAT(homedir,maildir) FROM mail_users WHERE \
+				email = '${quote_mysql:$local_part}@${quote_mysql:$domain}' AND postfix = 'y'
+
+FROXLOR_PARENT_DOMAIN	= SELECT parent.domain FROM `panel_domains` AS parent INNER JOIN panel_domains AS alias \
+				ON alias.domain = '${quote_mysql:$domain}' AND parent.id = alias.aliasdomain
+
+FROXLOR_AUTH_PLAIN	= SELECT password_enc FROM mail_users WHERE username = '${quote_mysql:$2}'
+
+FROXLOR_AUTH_LOGIN	= SELECT password_enc FROM mail_users WHERE username = '${quote_mysql:$1}'
+
+domainlist froxlor_domain = mysql;FROXLOR_LOCAL_DOMAIN
--- a/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_router_180_froxlor-config
+++ b/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_router_180_froxlor-config
@@ -0,0 +1,13 @@
+froxlor_mailalias:
+  debug_print = "R: froxlor_mailalias for $local_part@$domain"
+  driver = redirect
+  domains = +froxlor_domain
+  data = ${lookup mysql {FROXLOR_MAILALIAS}{$value}fail}
+
+froxlor_mailuser:
+  debug_print = "R: froxlor_mailuser for $local_part@$domain"
+  driver = redirect
+  domains = +froxlor_domain
+  data = ${lookup mysql {FROXLOR_MAILUSER}{$value}fail}
+  directory_transport = maildir_froxlor
+  no_more
--- a/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_transport_30_froxlor-config
+++ b/templates/misc/configfiles/debian_wheezy/exim4/etc_exim4_conf.d_transport_30_froxlor-config
@@ -0,0 +1,13 @@
+maildir_froxlor:
+  debug_print = "T: maildir_froxlor for $local_part@$domain"
+  driver = appendfile
+  create_directory
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  maildir_format
+  directory_mode = 0770
+  mode = 0660
+  mode_fail_narrower = false
+  user = 2000
+  group = 2000