maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fix Postfix and Dovecot for Precise (Ubuntu 12.04)

Browse Source 
- Dovecot config updated for Dovecot2
- postfix delivery method 'dovecot' enabled again
This commit is contained in:
Chris Vigelius
2012-09-21 15:32:42 +02:00
parent 251a2ebd96
commit 2f1bbf7055
8 changed files with 173 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/configfiles/precise.inc.php
View File

@@ -299,15 +299,17 @@ return Array(
'dovecot' => Array(
'label' => 'Dovecot',
'commands_1' => Array(
'apt-get install dovecot-imapd dovecot-pop3d dovecot-postfix'
'apt-get install dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-mysql mail-stack-delivery'
),
'files' => Array(
'etc_dovecot_auth.d_01-dovecot-postfix.auth' => '/etc/dovecot/auth.d/01-dovecot-postfix.auth',
'etc_dovecot_conf.d_01-dovecot-postfix.conf' => '/etc/dovecot/conf.d/01-dovecot-postfix.conf',
'etc_dovecot_dovecot-sql.conf' => '/etc/dovecot/dovecot-sql.conf'
'etc_dovecot_conf.d_01_mail_stack_delivery.conf' => '/etc/dovecot/conf.d/01-mail-stack-delivery.conf',
'etc_dovecot_conf.d_10_auth.conf' => '/etc/dovecot/conf.d/10-auth.conf',
'etc_dovecot_conf.d_auth-sql.conf.ext' => '/etc/dovecot/conf.d/auth-sql.conf.ext',
'etc_dovecot_dovecot-sql.conf.ext' => '/etc/dovecot/dovecot-sql.conf.ext'
),
'commands_2' => Array(
'chmod 0640 /etc/dovecot/dovecot-sql.conf'
'chmod 0640 /etc/dovecot/dovecot-sql.conf.ext'
),
'restart' => Array(
'/etc/init.d/dovecot restart'

28
templates/misc/configfiles/ubuntu_precise/dovecot/etc_dovecot_auth.d_01-dovecot-postfix.auth
View File

@@ -1,28 +0,0 @@
mechanisms = plain login
socket listen {
client {
path = /var/spool/postfix/private/dovecot-auth
mode = 0660
user = postfix
group = postfix
}
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = vmail
}
}
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb prefetch {
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = vmail

39
templates/misc/configfiles/ubuntu_precise/dovecot/etc_dovecot_conf.d_01-dovecot-postfix.conf → templates/misc/configfiles/ubuntu_precise/dovecot/etc_dovecot_conf.d_01_mail_stack_delivery.conf
View File

@@ -1,11 +1,9 @@
# Some general options
protocols = imap pop3 <SSLPROTOCOLS>
mail_access_groups = vmail
## allow Plaintext Logins from foreign IP if the Connection doesn't use TLS
disable_plaintext_auth = no
protocols = imap pop3 sieve
disable_plaintext_auth = yes
ssl = yes
ssl_cert_file = /etc/ssl/certs/ssl-mail.pem
ssl_key_file = /etc/ssl/private/ssl-mail.key
ssl_cert = </etc/ssl/certs/ssl-mail.pem
ssl_key = </etc/ssl/private/ssl-mail.key
ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
mail_location = maildir:~/Maildir
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
@@ -14,27 +12,42 @@ auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345
protocol imap {
mail_plugins = quota imap_quota
mail_max_userip_connections = 10
imap_client_workarounds = outlook-idle delay-newmail
imap_client_workarounds = delay-newmail
}
# POP3 configuration
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = UID%u-%v
mail_plugins = quota
pop3_uidl_format = UID%u-%v
mail_plugins = quota
}
# LDA configuration
protocol lda {
# postmaster is the one in charge of the mail system. MUST be set to a valid address!
postmaster_address = <postmaster-address>
mail_plugins = quota
postmaster_address = postmaster
mail_plugins = sieve quota
quota_full_tempfail = yes
deliver_log_format = msgid=%m: %$
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
# Plugins configuration
plugin {
quota = maildir
sieve=~/.dovecot.sieve
sieve_dir=~/sieve
quota = maildir
}
# Authentication configuration
auth_mechanisms = plain login
service auth {
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/dovecot-auth {
mode = 0660
user = postfix
group = postfix
}
}

127
templates/misc/configfiles/ubuntu_precise/dovecot/etc_dovecot_conf.d_10_auth.conf Normal file
View File

@@ -0,0 +1,127 @@
##
## Authentication processes
##
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
#auth_cache_size = 0
# Time to live for cached data. After TTL expires the cached record is no
# longer used, *except* if the main database lookup returns internal failure.
# We also try to handle password changes automatically: If user's previous
# authentication was successful, but this one wasn't, the cache isn't used.
# For now this works only with plaintext authentication.
#auth_cache_ttl = 1 hour
# TTL for negative hits (user not found, password mismatch).
# 0 disables caching them completely.
#auth_cache_negative_ttl = 1 hour
# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
# Many clients simply use the first one listed here, so keep the default realm
# first.
#auth_realms =
# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm =
# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
# Username character translations before it's looked up from databases. The
# value contains series of from -> to characters. For example "#@/@" means
# that '#' and '/' characters are translated to '@'.
#auth_username_translation =
# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
#auth_username_format =
# If you want to allow master users to log in by specifying the master
# username within the normal username string (ie. not using SASL mechanism's
# support for it), you can specify the separator character here. The format
# is then <username><separator><master username>. UW-IMAP uses "*" as the
# separator, so that could be a good choice.
#auth_master_user_separator =
# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous
# Maximum number of dovecot-auth worker processes. They're used to execute
# blocking passdb and userdb queries (eg. MySQL and PAM). They're
# automatically created and destroyed as needed.
#auth_worker_max_count = 30
# Host name to use in GSSAPI principal names. The default is to use the
# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
# entries.
#auth_gssapi_hostname =
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file.
#auth_krb5_keytab =
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
#auth_use_winbind = no
# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth
# Time to delay before replying to failed authentications.
#auth_failure_delay = 2 secs
# Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no
# Take the username from client's SSL certificate, using
# X509_NAME_get_text_by_NID() which returns the subject's DN's
# CommonName.
#auth_ssl_username_from_cert = no
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain
##
## Password and user databases
##
#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>
#!include auth-deny.conf.ext
#!include auth-master.conf.ext
#!include auth-system.conf.ext
!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

8
templates/misc/configfiles/ubuntu_precise/dovecot/etc_dovecot_conf.d_auth-sql.conf.ext Normal file
View File

@@ -0,0 +1,8 @@
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}

2
templates/misc/configfiles/ubuntu_precise/dovecot/etc_dovecot_dovecot-sql.conf → templates/misc/configfiles/ubuntu_precise/dovecot/etc_dovecot_dovecot-sql.conf.ext
View File

@@ -1,5 +1,5 @@
driver = mysql
connect = host=xxx.xxx.xxx.xxx dbname=froxlor user=froxlor password=MYSQL_PASSWORD
connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
default_pass_scheme = CRYPT
password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp')
user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('maildir:storage=', (quota*1024)) as quota FROM mail_users WHERE (username = '%u' OR email = '%u')

150
templates/misc/configfiles/ubuntu_precise/dovecot/etc_dovecot_dovecot.conf
View File

@@ -1,150 +0,0 @@
auth_mechanisms = plain login
disable_plaintext_auth = no
login_greeting = Welcome to Mail Server.
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
#mail_debug = yes
mail_uid = vmail
mail_gid = vmail
# NFS Seting
#mail_fsync = always
#mail_nfs_storage = yes
#mmap_disable = no
#mail_nfs_index = no
ssl_ca = </etc/ssl/xxxx.crt
ssl_cert = </etc/ssl/xxxx.crt
ssl_key = </etc/ssl/xxxxx.key
#ssl_key_password = password cert
protocols = imap pop3 lmtp sieve
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf
driver = sql
}
userdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = maildir
sieve_max_script_size = 512K
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
chroot = login
client_limit = 256
executable = /usr/local/libexec/dovecot/imap-login
inet_listener imap {
address = *
port = 143
}
inet_listener imaps {
address = *
port = 993
}
process_limit = 128
process_min_avail = 2
service_count = 1
}
service imap {
executable = /usr/local/libexec/dovecot/imap
}
service pop3-login {
chroot = login
client_limit = 256
executable = /usr/local/libexec/dovecot/pop3-login
inet_listener pop3 {
address = *
port = 110
}
inet_listener pop3s {
address = *
port = 995
}
process_limit = 128
process_min_avail = 2
service_count = 1
}
service pop3 {
executable = /usr/local/libexec/dovecot/pop3
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
}
service managesieve {
# Max. number of ManageSieve processes (connections)
# pocess_count = 1024
}
protocol sieve {
managesieve_max_line_length = 65536
mail_max_userip_connections = 10
managesieve_logout_format = bytes=%i/%o
managesieve_implementation_string = Dovecot Pigeonhole
#managesieve_sieve_capability =
#managesieve_notify_capability =
managesieve_max_compile_errors = 5
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
imap_max_line_length = 64 k
mail_plugins = quota
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
protocol lmtp {
mail_plugins = quota, sieve
}

6
templates/misc/configfiles/ubuntu_precise/postfix_dovecot/etc_postfix_master.cf
View File

@@ -1,4 +1,4 @@
# Add this lines to be able to use dovecot as delivery agent
# Add these lines to be able to use dovecot as delivery agent
# Dovecot LDA
#dovecot unix - n n - - pipe
# flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -d ${recipient}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -d ${recipient}