From 7438786a24dccf58ac41e6edbf5a04b5bed224d0 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Sun, 15 Oct 2023 15:49:12 +0200 Subject: [PATCH] adjustments to support bootstrap 5.3 color-scheme; set gentoo config-templates to deprecated as there is no active maintainer for it; remove debian 10 and ubuntu 18.04 as they were deprecated in 2.0.x Signed-off-by: Michael Kaufmann --- .github/workflows/build-mariadb.yml | 4 +- .github/workflows/build-mysql.yml | 2 +- lib/configfiles/bionic.xml | 4759 ---------------- lib/configfiles/buster.xml | 4962 ----------------- lib/configfiles/gentoo.xml | 2 +- lib/init.php | 7 + templates/Froxlor/base.html.twig | 2 +- templates/Froxlor/config.json | 40 +- templates/Froxlor/settings/apcuinfo.html.twig | 105 +- 9 files changed, 91 insertions(+), 9792 deletions(-) delete mode 100644 lib/configfiles/bionic.xml delete mode 100644 lib/configfiles/buster.xml diff --git a/.github/workflows/build-mariadb.yml b/.github/workflows/build-mariadb.yml index 1a69d731..7e95b559 100644 --- a/.github/workflows/build-mariadb.yml +++ b/.github/workflows/build-mariadb.yml @@ -8,8 +8,8 @@ jobs: strategy: fail-fast: false matrix: - php-versions: ['7.4', '8.1'] - mariadb-version: [10.5, 10.4] + php-versions: ['7.4', '8.2'] + mariadb-version: [10.11, 10.5] steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/build-mysql.yml b/.github/workflows/build-mysql.yml index 8015674c..1542a521 100644 --- a/.github/workflows/build-mysql.yml +++ b/.github/workflows/build-mysql.yml @@ -8,7 +8,7 @@ jobs: strategy: fail-fast: false matrix: - php-versions: ['7.4', '8.1'] + php-versions: ['7.4', '8.2'] mysql-version: [8.0, 5.7] steps: - name: Checkout diff --git a/lib/configfiles/bionic.xml b/lib/configfiles/bionic.xml deleted file mode 100644 index f031ec18..00000000 --- a/lib/configfiles/bionic.xml +++ /dev/null @@ -1,4759 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - {{settings.system.apacheconf_vhost}} - - - - - {{settings.system.apacheconf_vhost}} - - - - - - - {{settings.system.apacheconf_diroptions}} - - - - - {{settings.system.apacheconf_diroptions}} - - - - - - - - - {{settings.system.deactivateddocroot}} - - - - - - - - - //service[@type='http']/general/commands - - - - {{settings.system.use_ssl}} - - - - - {{settings.phpfpm.enabled}} - - - - - {{settings.phpfpm.enabled}} - - - FastCgiIpcDir - - - Require all granted - Require env REDIRECT_STATUS - - -]]> - - - - {{settings.system.leenabled}} - - - Require all granted - -]]> - - - - - - - - - "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/") - -# default listening port for IPv6 falls back to the IPv4 port -include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port -include_shell "/usr/share/lighttpd/create-mime.assign.pl" -include_shell "/usr/share/lighttpd/include-conf-enabled.pl" -]]> - - - //service[@type='http']/general/commands - - {{settings.system.apacheconf_vhost}} - - > /etc/lighttpd/lighttpd.conf]]> - - - {{settings.system.apacheconf_vhost}} - - > /etc/lighttpd/lighttpd.conf]]> - - - {{settings.system.apacheconf_diroptions}} - - > /etc/lighttpd/lighttpd.conf]]> - - - {{settings.system.apacheconf_diroptions}} - - > /etc/lighttpd/lighttpd.conf]]> - - - - - - - - - - {{settings.phpfpm.enabled}} - - {{settings.system.mod_fcgid}} - - - - - - - - - - - - - {{settings.system.leenabled}} - - - - - - {{settings.phpfpm.enabled}} - - {{settings.system.mod_fcgid}} - - - - - //service[@type='http']/general/commands - - {{settings.phpfpm.enabled}} - - {{settings.system.mod_fcgid}} - - - - - - - - - - - - > /etc/bind/named.conf.local]]> - - - - - - - - - - -################################# -# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. -# -# allow-dnsupdate-from=127.0.0.0/8,::1 - -################################# -# allow-recursion List of subnets that are allowed to recurse -# -allow-recursion=127.0.0.1 - -################################# -# also-notify When notifying a domain, also notify these nameservers -# -# also-notify= - -################################# -# any-to-tcp Answer ANY queries with tc=1, shunting to TCP -# -# any-to-tcp=no - -################################# -# cache-ttl Seconds to store packets in the PacketCache -# -# cache-ttl=20 - -################################# -# carbon-interval Number of seconds between carbon (graphite) updates -# -# carbon-interval=30 - -################################# -# carbon-ourname If set, overrides our reported hostname for carbon stats -# -# carbon-ourname= - -################################# -# carbon-server If set, send metrics in carbon (graphite) format to this server -# -# carbon-server= - -################################# -# chroot If set, chroot to this directory for more security -# -# chroot= - -################################# -# config-dir Location of configuration directory (pdns.conf) -# -config-dir=/etc/powerdns - -################################# -# config-name Name of this virtual configuration - will rename the binary image -# -# config-name= - -################################# -# control-console Debugging switch - don't use -# -# control-console=no - -################################# -# daemon Operate as a daemon -# -daemon=yes - -################################# -# default-ksk-algorithms Default KSK algorithms -# -# default-ksk-algorithms=rsasha256 - -################################# -# default-ksk-size Default KSK size (0 means default) -# -# default-ksk-size=0 - -################################# -# default-soa-mail mail address to insert in the SOA record if none set in the backend -# -# default-soa-mail= - -################################# -# default-soa-name name to insert in the SOA record if none set in the backend -# -# default-soa-name=a.misconfigured.powerdns.server - -################################# -# default-ttl Seconds a result is valid if not set otherwise -# -# default-ttl=3600 - -################################# -# default-zsk-algorithms Default ZSK algorithms -# -# default-zsk-algorithms=rsasha256 - -################################# -# default-zsk-size Default ZSK size (0 means default) -# -# default-zsk-size=0 - -################################# -# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis -# -# direct-dnskey=no - -################################# -# disable-axfr Disable zonetransfers but do allow TCP queries -# -# disable-axfr=no - -################################# -# disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. -# -# disable-axfr-rectify=no - -################################# -# disable-tcp Do not listen to TCP queries -# -# disable-tcp=no - -################################# -# distributor-threads Default number of Distributor (backend) threads to start -# -# distributor-threads=3 - -################################# -# do-ipv6-additional-processing Do AAAA additional processing -# -# do-ipv6-additional-processing=yes - -################################# -# edns-subnet-processing If we should act on EDNS Subnet options -# -# edns-subnet-processing=no - -################################# -# entropy-source If set, read entropy from this file -# -# entropy-source=/dev/urandom - -################################# -# experimental-api-key REST API Static authentication key (required for API use) -# -# experimental-api-key= - -################################# -# experimental-api-readonly If the JSON API should disallow data modification -# -# experimental-api-readonly=no - -################################# -# experimental-dname-processing If we should support DNAME records -# -# experimental-dname-processing=no - -################################# -# experimental-dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. -# -# experimental-dnsupdate=no - -################################# -# experimental-json-interface If the webserver should serve JSON data -# -# experimental-json-interface=no - -################################# -# experimental-logfile Filename of the log file for JSON parser -# -# experimental-logfile=/var/log/pdns.log - -################################# -# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. -# -# forward-dnsupdate=yes - -################################# -# guardian Run within a guardian process -# -guardian=yes - -################################# -# include-dir Include *.conf files from this directory -# -# include-dir= - -################################# -# launch Which backends to launch and order to query them in -# -# launch= - -################################# -# load-modules Load this module - supply absolute or relative path -# -# load-modules= - -################################# -# local-address Local IP addresses to which we bind -# -local-address=,127.0.0.1 - -################################# -# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server -# -# local-address-nonexist-fail=yes - -################################# -# local-ipv6 Local IP address to which we bind -# -# local-ipv6= - -################################# -# local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server -# -# local-ipv6-nonexist-fail=yes - -################################# -# local-port The port on which we listen -# -# local-port=53 - -################################# -# log-dns-details If PDNS should log DNS non-erroneous details -# -# log-dns-details=no - -################################# -# log-dns-queries If PDNS should log all incoming DNS queries -# -# log-dns-queries=no - -################################# -# logging-facility Log under a specific facility -# -# logging-facility= - -################################# -# loglevel Amount of logging. Higher is more. Do not set below 3 -# -# loglevel=4 - -################################# -# lua-prequery-script Lua script with prequery handler -# -# lua-prequery-script= - -################################# -# master Act as a master -# -master=yes - -################################# -# max-cache-entries Maximum number of cache entries -# -# max-cache-entries=1000000 - -################################# -# max-ent-entries Maximum number of empty non-terminals in a zone -# -# max-ent-entries=100000 - -################################# -# max-nsec3-iterations Limit the number of NSEC3 hash iterations -# -# max-nsec3-iterations=500 - -################################# -# max-queue-length Maximum queuelength before considering situation lost -# -# max-queue-length=5000 - -################################# -# max-signature-cache-entries Maximum number of signatures cache entries -# -# max-signature-cache-entries= - -################################# -# max-tcp-connections Maximum number of TCP connections -# -# max-tcp-connections=10 - -################################# -# module-dir Default directory for modules -# -# module-dir=/usr/lib/TRIPLET/pdns - -################################# -# negquery-cache-ttl Seconds to store negative query results in the QueryCache -# -# negquery-cache-ttl=60 - -################################# -# no-shuffle Set this to prevent random shuffling of answers - for regression testing -# -# no-shuffle=off - -################################# -# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks -# -# only-notify=0.0.0.0/0,::/0 - -################################# -# out-of-zone-additional-processing Do out of zone additional processing -# -# out-of-zone-additional-processing=yes - -################################# -# overload-queue-length Maximum queuelength moving to packetcache only -# -# overload-queue-length=0 - -################################# -# pipebackend-abi-version Version of the pipe backend ABI -# -# pipebackend-abi-version=1 - -################################# -# prevent-self-notification Don't send notifications to what we think is ourself -# -# prevent-self-notification=yes - -################################# -# query-cache-ttl Seconds to store query results in the QueryCache -# -# query-cache-ttl=20 - -################################# -# query-local-address Source IP address for sending queries -# -# query-local-address=0.0.0.0 - -################################# -# query-local-address6 Source IPv6 address for sending queries -# -# query-local-address6=:: - -################################# -# query-logging Hint backends that queries should be logged -# -# query-logging=no - -################################# -# queue-limit Maximum number of milliseconds to queue a query -# -# queue-limit=1500 - -################################# -# receiver-threads Default number of receiver threads to start -# -# receiver-threads=1 - -################################# -# recursive-cache-ttl Seconds to store packets for recursive queries in the PacketCache -# -# recursive-cache-ttl=10 - -################################# -# recursor If recursion is desired, IP address of a recursing nameserver -# -# recursor=no - -################################# -# retrieval-threads Number of AXFR-retrieval threads for slave operation -# -# retrieval-threads=2 - -################################# -# reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket -# -# reuseport=no - -################################# -# security-poll-suffix Domain name from which to query security update notifications -# -# security-poll-suffix=secpoll.powerdns.com. - -################################# -# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority -# -# send-root-referral=no - -################################# -# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom -# -# server-id= - -################################# -# setgid If set, change group id to this gid for more security -# -setgid=pdns - -################################# -# setuid If set, change user id to this uid for more security -# -setuid=pdns - -################################# -# signing-threads Default number of signer threads to start -# -# signing-threads=3 - -################################# -# slave Act as a slave -# -# slave=no - -################################# -# slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds -# -# slave-cycle-interval=60 - -################################# -# slave-renotify If we should send out notifications for slaved updates -# -# slave-renotify=no - -################################# -# soa-expire-default Default SOA expire -# -# soa-expire-default=604800 - -################################# -# soa-minimum-ttl Default SOA minimum ttl -# -# soa-minimum-ttl=3600 - -################################# -# soa-refresh-default Default SOA refresh -# -# soa-refresh-default=10800 - -################################# -# soa-retry-default Default SOA retry -# -# soa-retry-default=3600 - -################################# -# socket-dir Where the controlsocket will live -# -# socket-dir=/var/run - -################################# -# tcp-control-address If set, PowerDNS can be controlled over TCP on this address -# -# tcp-control-address= - -################################# -# tcp-control-port If set, PowerDNS can be controlled over TCP on this address -# -# tcp-control-port=53000 - -################################# -# tcp-control-range If set, remote control of PowerDNS is possible over these networks only -# -# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 - -################################# -# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret -# -# tcp-control-secret= - -################################# -# traceback-handler Enable the traceback handler (Linux only) -# -# traceback-handler=yes - -################################# -# trusted-notification-proxy IP address of incoming notification proxy -# -# trusted-notification-proxy= - -################################# -# udp-truncation-threshold Maximum UDP response size before we truncate -# -# udp-truncation-threshold=1680 - -################################# -# version-string PowerDNS version in packets - full, anonymous, powerdns or custom -# - -version-string=powerdns -################################# -# webserver Start a webserver for monitoring -# -# webserver=no - -################################# -# webserver-address IP Address of webserver to listen on -# -# webserver-address=127.0.0.1 - -################################# -# webserver-allow-from Webserver access is only allowed from these subnets -# -# webserver-allow-from=0.0.0.0/0,::/0 - -################################# -# webserver-password Password required for accessing the webserver -# -# webserver-password= - -################################# -# webserver-port Port of webserver to listen on -# -# webserver-port=8081 - -################################# -# webserver-print-arguments If the webserver should print arguments -# -# webserver-print-arguments=no - -# include froxlor-bind-specific config -include-dir=/etc/powerdns/froxlor/ -]]> - - - - - - - - - - - - - - -################################# -# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. -# -# allow-dnsupdate-from=127.0.0.0/8,::1 - -################################# -# allow-recursion List of subnets that are allowed to recurse -# -allow-recursion=127.0.0.1 - -################################# -# also-notify When notifying a domain, also notify these nameservers -# -# also-notify= - -################################# -# any-to-tcp Answer ANY queries with tc=1, shunting to TCP -# -# any-to-tcp=no - -################################# -# cache-ttl Seconds to store packets in the PacketCache -# -# cache-ttl=20 - -################################# -# carbon-interval Number of seconds between carbon (graphite) updates -# -# carbon-interval=30 - -################################# -# carbon-ourname If set, overrides our reported hostname for carbon stats -# -# carbon-ourname= - -################################# -# carbon-server If set, send metrics in carbon (graphite) format to this server -# -# carbon-server= - -################################# -# chroot If set, chroot to this directory for more security -# -# chroot= - -################################# -# config-dir Location of configuration directory (pdns.conf) -# -config-dir=/etc/powerdns - -################################# -# config-name Name of this virtual configuration - will rename the binary image -# -# config-name= - -################################# -# control-console Debugging switch - don't use -# -# control-console=no - -################################# -# daemon Operate as a daemon -# -daemon=yes - -################################# -# default-ksk-algorithms Default KSK algorithms -# -# default-ksk-algorithms=rsasha256 - -################################# -# default-ksk-size Default KSK size (0 means default) -# -# default-ksk-size=0 - -################################# -# default-soa-mail mail address to insert in the SOA record if none set in the backend -# -# default-soa-mail= - -################################# -# default-soa-name name to insert in the SOA record if none set in the backend -# -# default-soa-name=a.misconfigured.powerdns.server - -################################# -# default-ttl Seconds a result is valid if not set otherwise -# -# default-ttl=3600 - -################################# -# default-zsk-algorithms Default ZSK algorithms -# -# default-zsk-algorithms=rsasha256 - -################################# -# default-zsk-size Default ZSK size (0 means default) -# -# default-zsk-size=0 - -################################# -# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis -# -# direct-dnskey=no - -################################# -# disable-axfr Disable zonetransfers but do allow TCP queries -# -# disable-axfr=no - -################################# -# disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. -# -# disable-axfr-rectify=no - -################################# -# disable-tcp Do not listen to TCP queries -# -# disable-tcp=no - -################################# -# distributor-threads Default number of Distributor (backend) threads to start -# -# distributor-threads=3 - -################################# -# do-ipv6-additional-processing Do AAAA additional processing -# -# do-ipv6-additional-processing=yes - -################################# -# edns-subnet-processing If we should act on EDNS Subnet options -# -# edns-subnet-processing=no - -################################# -# entropy-source If set, read entropy from this file -# -# entropy-source=/dev/urandom - -################################# -# experimental-api-key REST API Static authentication key (required for API use) -# -# experimental-api-key= - -################################# -# experimental-api-readonly If the JSON API should disallow data modification -# -# experimental-api-readonly=no - -################################# -# experimental-dname-processing If we should support DNAME records -# -# experimental-dname-processing=no - -################################# -# experimental-dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. -# -# experimental-dnsupdate=no - -################################# -# experimental-json-interface If the webserver should serve JSON data -# -# experimental-json-interface=no - -################################# -# experimental-logfile Filename of the log file for JSON parser -# -# experimental-logfile=/var/log/pdns.log - -################################# -# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. -# -# forward-dnsupdate=yes - -################################# -# guardian Run within a guardian process -# -guardian=yes - -################################# -# include-dir Include *.conf files from this directory -# -# include-dir= - -################################# -# launch Which backends to launch and order to query them in -# -# launch= -launch=bind - -################################# -# load-modules Load this module - supply absolute or relative path -# -# load-modules= - -################################# -# local-address Local IP addresses to which we bind -# -local-address=,127.0.0.1 - -################################# -# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server -# -# local-address-nonexist-fail=yes - -################################# -# local-ipv6 Local IP address to which we bind -# -# local-ipv6= - -################################# -# local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server -# -# local-ipv6-nonexist-fail=yes - -################################# -# local-port The port on which we listen -# -# local-port=53 - -################################# -# log-dns-details If PDNS should log DNS non-erroneous details -# -# log-dns-details=no - -################################# -# log-dns-queries If PDNS should log all incoming DNS queries -# -# log-dns-queries=no - -################################# -# logging-facility Log under a specific facility -# -# logging-facility= - -################################# -# loglevel Amount of logging. Higher is more. Do not set below 3 -# -# loglevel=4 - -################################# -# lua-prequery-script Lua script with prequery handler -# -# lua-prequery-script= - -################################# -# master Act as a master -# -master=yes - -################################# -# max-cache-entries Maximum number of cache entries -# -# max-cache-entries=1000000 - -################################# -# max-ent-entries Maximum number of empty non-terminals in a zone -# -# max-ent-entries=100000 - -################################# -# max-nsec3-iterations Limit the number of NSEC3 hash iterations -# -# max-nsec3-iterations=500 - -################################# -# max-queue-length Maximum queuelength before considering situation lost -# -# max-queue-length=5000 - -################################# -# max-signature-cache-entries Maximum number of signatures cache entries -# -# max-signature-cache-entries= - -################################# -# max-tcp-connections Maximum number of TCP connections -# -# max-tcp-connections=10 - -################################# -# module-dir Default directory for modules -# -# module-dir=/usr/lib/TRIPLET/pdns - -################################# -# negquery-cache-ttl Seconds to store negative query results in the QueryCache -# -# negquery-cache-ttl=60 - -################################# -# no-shuffle Set this to prevent random shuffling of answers - for regression testing -# -# no-shuffle=off - -################################# -# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks -# -# only-notify=0.0.0.0/0,::/0 - -################################# -# out-of-zone-additional-processing Do out of zone additional processing -# -# out-of-zone-additional-processing=yes - -################################# -# overload-queue-length Maximum queuelength moving to packetcache only -# -# overload-queue-length=0 - -################################# -# pipebackend-abi-version Version of the pipe backend ABI -# -# pipebackend-abi-version=1 - -################################# -# prevent-self-notification Don't send notifications to what we think is ourself -# -# prevent-self-notification=yes - -################################# -# query-cache-ttl Seconds to store query results in the QueryCache -# -# query-cache-ttl=20 - -################################# -# query-local-address Source IP address for sending queries -# -# query-local-address=0.0.0.0 - -################################# -# query-local-address6 Source IPv6 address for sending queries -# -# query-local-address6=:: - -################################# -# query-logging Hint backends that queries should be logged -# -# query-logging=no - -################################# -# queue-limit Maximum number of milliseconds to queue a query -# -# queue-limit=1500 - -################################# -# receiver-threads Default number of receiver threads to start -# -# receiver-threads=1 - -################################# -# recursive-cache-ttl Seconds to store packets for recursive queries in the PacketCache -# -# recursive-cache-ttl=10 - -################################# -# recursor If recursion is desired, IP address of a recursing nameserver -# -# recursor=no - -################################# -# retrieval-threads Number of AXFR-retrieval threads for slave operation -# -# retrieval-threads=2 - -################################# -# reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket -# -# reuseport=no - -################################# -# security-poll-suffix Domain name from which to query security update notifications -# -# security-poll-suffix=secpoll.powerdns.com. - -################################# -# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority -# -# send-root-referral=no - -################################# -# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom -# -# server-id= - -################################# -# setgid If set, change group id to this gid for more security -# -setgid=pdns - -################################# -# setuid If set, change user id to this uid for more security -# -setuid=pdns - -################################# -# signing-threads Default number of signer threads to start -# -# signing-threads=3 - -################################# -# slave Act as a slave -# -# slave=no - -################################# -# slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds -# -# slave-cycle-interval=60 - -################################# -# slave-renotify If we should send out notifications for slaved updates -# -# slave-renotify=no - -################################# -# soa-expire-default Default SOA expire -# -# soa-expire-default=604800 - -################################# -# soa-minimum-ttl Default SOA minimum ttl -# -# soa-minimum-ttl=3600 - -################################# -# soa-refresh-default Default SOA refresh -# -# soa-refresh-default=10800 - -################################# -# soa-retry-default Default SOA retry -# -# soa-retry-default=3600 - -################################# -# socket-dir Where the controlsocket will live -# -# socket-dir=/var/run - -################################# -# tcp-control-address If set, PowerDNS can be controlled over TCP on this address -# -# tcp-control-address= - -################################# -# tcp-control-port If set, PowerDNS can be controlled over TCP on this address -# -# tcp-control-port=53000 - -################################# -# tcp-control-range If set, remote control of PowerDNS is possible over these networks only -# -# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 - -################################# -# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret -# -# tcp-control-secret= - -################################# -# traceback-handler Enable the traceback handler (Linux only) -# -# traceback-handler=yes - -################################# -# trusted-notification-proxy IP address of incoming notification proxy -# -# trusted-notification-proxy= - -################################# -# udp-truncation-threshold Maximum UDP response size before we truncate -# -# udp-truncation-threshold=1680 - -################################# -# version-string PowerDNS version in packets - full, anonymous, powerdns or custom -# - -version-string=powerdns -################################# -# webserver Start a webserver for monitoring -# -# webserver=no - -################################# -# webserver-address IP Address of webserver to listen on -# -# webserver-address=127.0.0.1 - -################################# -# webserver-allow-from Webserver access is only allowed from these subnets -# -# webserver-allow-from=0.0.0.0/0,::/0 - -################################# -# webserver-password Password required for accessing the webserver -# -# webserver-password= - -################################# -# webserver-port Port of webserver to listen on -# -# webserver-port=8081 - -################################# -# webserver-print-arguments If the webserver should print arguments -# -# webserver-print-arguments=no - -# include froxlor-bind-specific config -include-dir=/etc/powerdns/froxlor/ -]]> - - - - - named.conf - -# How often to check for zone changes. See 'Operation' section. -bind-check-interval=180 - -# Uncomment to enable Huffman compression on zone data. -# Currently saves around 20% of memory actually used, but slows down operation. -# bind-enable-huffman -]]> - - - - - - - - - - - - {{settings.system.vmail_gid}} - - - - - {{settings.system.vmail_uid}} - - - - - - - - - - - - - - - - - -password = -dbname = -hosts = -query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' -]]> - - - - -password = -dbname = -hosts = -query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0 -]]> - - - - -password = -dbname = -expansion_limit = 1 -hosts = -query = SELECT CONCAT(homedir,maildir) FROM mail_users WHERE email = '%s' -]]> - - - - -password = -dbname = -hosts = -query = SELECT DISTINCT username FROM mail_users WHERE email in ((SELECT mail_virtual.email_full FROM mail_virtual WHERE mail_virtual.email = '%s' UNION SELECT mail_virtual.destination FROM mail_virtual WHERE mail_virtual.email = '%s')); -]]> - - - - -password = -dbname = -expansion_limit = 1 -hosts = -query = SELECT uid FROM mail_users WHERE email = '%s' -]]> - - - - -password = -dbname = -expansion_limit = 1 -hosts = -query = SELECT gid FROM mail_users WHERE email = '%s' -]]> - - - - -]]> - - - - - - - - - - - //service[@type='smtp']/general/commands[@index=1] - - //service[@type='smtp']/general/installs[@index=1] - - //service[@type='smtp']/general/commands[@index=2] - - - - -# SENDING MAIL -# -# The myorigin parameter specifies the domain that locally-posted -# mail appears to come from. The default is to append $myhostname, -# which is fine for small sites. If you run a domain with multiple -# machines, you should (1) change this to $mydomain and (2) set up -# a domain-wide alias database that aliases each user to -# user@that.users.mailhost. -# -# For the sake of consistency between sender and recipient addresses, -# myorigin also specifies the default domain name that is appended -# to recipient addresses that have no @domain part. -# -# Debian GNU/Linux specific: Specifying a file name will cause the -# first line of that file to be used as the name. The Debian default -# is /etc/mailname. -# -#myorigin = /etc/mailname -#myorigin = $myhostname -#myorigin = $mydomain - -# RECEIVING MAIL - -# The inet_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on. By default, -# the software claims all active interfaces on the machine. The -# parameter also controls delivery of mail to user@[ip.address]. -# -# See also the proxy_interfaces parameter, for network addresses that -# are forwarded to us via a proxy or network address translator. -# -# Note: you need to stop/start Postfix when this parameter changes. -# -inet_interfaces = all -#inet_interfaces = $myhostname -#inet_interfaces = $myhostname, localhost - -# The proxy_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on by way of a -# proxy or network address translation unit. This setting extends -# the address list specified with the inet_interfaces parameter. -# -# You must specify your proxy/NAT addresses when your system is a -# backup MX host for other domains, otherwise mail delivery loops -# will happen when the primary MX host is down. -# -#proxy_interfaces = -#proxy_interfaces = 1.2.3.4 - -# The mydestination parameter specifies the list of domains that this -# machine considers itself the final destination for. -# -# These domains are routed to the delivery agent specified with the -# local_transport parameter setting. By default, that is the UNIX -# compatible delivery agent that lookups all recipients in /etc/passwd -# and /etc/aliases or their equivalent. -# -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. -# -# Do not specify the names of virtual domains - those domains are -# specified elsewhere (see VIRTUAL_README). -# -# Do not specify the names of domains that this machine is backup MX -# host for. Specify those names via the relay_domains settings for -# the SMTP server, or use permit_mx_backup if you are lazy (see -# STANDARD_CONFIGURATION_README). -# -# The local machine is always the final destination for mail addressed -# to user@[the.net.work.address] of an interface that the mail system -# receives mail on (see the inet_interfaces parameter). -# -# Specify a list of host or domain names, /file/name or type:table -# patterns, separated by commas and/or whitespace. A /file/name -# pattern is replaced by its contents; a type:table is matched when -# a name matches a lookup key (the right-hand side is ignored). -# Continue long lines by starting the next line with whitespace. -# -# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". -# -#mydestination = $myhostname, localhost.$mydomain, localhost -mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain -#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, -# mail.$mydomain, www.$mydomain, ftp.$mydomain - -# REJECTING MAIL FOR UNKNOWN LOCAL USERS -# -# The local_recipient_maps parameter specifies optional lookup tables -# with all names or addresses of users that are local with respect -# to $mydestination, $inet_interfaces or $proxy_interfaces. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown local users. This parameter is defined by default. -# -# To turn off local recipient checking in the SMTP server, specify -# local_recipient_maps = (i.e. empty). -# -# The default setting assumes that you use the default Postfix local -# delivery agent for local delivery. You need to update the -# local_recipient_maps setting if: -# -# - You define $mydestination domain recipients in files other than -# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. -# For example, you define $mydestination domain recipients in -# the $virtual_mailbox_maps files. -# -# - You redefine the local delivery agent in master.cf. -# -# - You redefine the "local_transport" setting in main.cf. -# -# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" -# feature of the Postfix local delivery agent (see local(8)). -# -# Details are described in the LOCAL_RECIPIENT_README file. -# -# Beware: if the Postfix SMTP server runs chrooted, you probably have -# to access the passwd file via the proxymap service, in order to -# overcome chroot restrictions. The alternative, having a copy of -# the system passwd file in the chroot jail is just not practical. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify a bare username, an @domain.tld -# wild-card, or specify a user@domain.tld address. -# -#local_recipient_maps = unix:passwd.byname $alias_maps -#local_recipient_maps = proxy:unix:passwd.byname $alias_maps -#local_recipient_maps = - -# The unknown_local_recipient_reject_code specifies the SMTP server -# response code when a recipient domain matches $mydestination or -# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty -# and the recipient address or address local-part is not found. -# -# The default setting is 550 (reject mail) but it is safer to start -# with 450 (try again later) until you are certain that your -# local_recipient_maps settings are OK. -# -unknown_local_recipient_reject_code = 550 - -# TRUST AND RELAY CONTROL - -# The mynetworks parameter specifies the list of "trusted" SMTP -# clients that have more privileges than "strangers". -# -# In particular, "trusted" SMTP clients are allowed to relay mail -# through Postfix. See the smtpd_recipient_restrictions parameter -# in postconf(5). -# -# You can specify the list of "trusted" network addresses by hand -# or you can let Postfix do it for you (which is the default). -# -# By default (mynetworks_style = subnet), Postfix "trusts" SMTP -# clients in the same IP subnetworks as the local machine. -# On Linux, this does works correctly only with interfaces specified -# with the "ifconfig" command. -# -# Specify "mynetworks_style = class" when Postfix should "trust" SMTP -# clients in the same IP class A/B/C networks as the local machine. -# Don't do this with a dialup site - it would cause Postfix to "trust" -# your entire provider's network. Instead, specify an explicit -# mynetworks list by hand, as described below. -# -# Specify "mynetworks_style = host" when Postfix should "trust" -# only the local machine. -# -#mynetworks_style = class -#mynetworks_style = subnet -#mynetworks_style = host - -# Alternatively, you can specify the mynetworks list by hand, in -# which case Postfix ignores the mynetworks_style setting. -# -# Specify an explicit list of network/netmask patterns, where the -# mask specifies the number of bits in the network part of a host -# address. -# -# You can also specify the absolute pathname of a pattern file instead -# of listing the patterns here. Specify type:table for table-based lookups -# (the value on the table right-hand side is not used). -# -#mynetworks = 168.100.189.0/28, 127.0.0.0/8 -#mynetworks = $config_directory/mynetworks -#mynetworks = hash:/etc/postfix/network_table -mynetworks = 127.0.0.0/8 - -# The relay_domains parameter restricts what destinations this system will -# relay mail to. See the smtpd_recipient_restrictions description in -# postconf(5) for detailed information. -# -# By default, Postfix relays mail -# - from "trusted" clients (IP address matches $mynetworks) to any destination, -# - from "untrusted" clients to destinations that match $relay_domains or -# subdomains thereof, except addresses with sender-specified routing. -# The default relay_domains value is $mydestination. -# -# In addition to the above, the Postfix SMTP server by default accepts mail -# that Postfix is final destination for: -# - destinations that match $inet_interfaces or $proxy_interfaces, -# - destinations that match $mydestination -# - destinations that match $virtual_alias_domains, -# - destinations that match $virtual_mailbox_domains. -# These destinations do not need to be listed in $relay_domains. -# -# Specify a list of hosts or domains, /file/name patterns or type:name -# lookup tables, separated by commas and/or whitespace. Continue -# long lines by starting the next line with whitespace. A file name -# is replaced by its contents; a type:name table is matched when a -# (parent) domain appears as lookup key. -# -# NOTE: Postfix will not automatically forward mail for domains that -# list this system as their primary or backup MX host. See the -# permit_mx_backup restriction description in postconf(5). -# -#relay_domains = $mydestination - -# INTERNET OR INTRANET - -# The relayhost parameter specifies the default host to send mail to -# when no entry is matched in the optional transport(5) table. When -# no relayhost is given, mail is routed directly to the destination. -# -# On an intranet, specify the organizational domain name. If your -# internal DNS uses no MX records, specify the name of the intranet -# gateway host instead. -# -# In the case of SMTP, specify a domain, host, host:port, [host]:port, -# [address] or [address]:port; the form [host] turns off MX lookups. -# -# If you're connected via UUCP, see also the default_transport parameter. -# -#relayhost = $mydomain -#relayhost = [gateway.my.domain] -#relayhost = [mailserver.isp.tld] -#relayhost = uucphost -#relayhost = [an.ip.add.ress] - -# REJECTING UNKNOWN RELAY USERS -# -# The relay_recipient_maps parameter specifies optional lookup tables -# with all addresses in the domains that match $relay_domains. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown relay users. This feature is off by default. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify an @domain.tld wild-card, or specify -# a user@domain.tld address. -# -#relay_recipient_maps = hash:/etc/postfix/relay_recipients - -# INPUT RATE CONTROL -# -# The in_flow_delay configuration parameter implements mail input -# flow control. This feature is turned on by default, although it -# still needs further development (it's disabled on SCO UNIX due -# to an SCO bug). -# -# A Postfix process will pause for $in_flow_delay seconds before -# accepting a new message, when the message arrival rate exceeds the -# message delivery rate. With the default 100 SMTP server process -# limit, this limits the mail inflow to 100 messages a second more -# than the number of messages delivered per second. -# -# Specify 0 to disable the feature. Valid delays are 0..10. -# -#in_flow_delay = 1s - -# ADDRESS REWRITING -# -# The ADDRESS_REWRITING_README document gives information about -# address masquerading or other forms of address rewriting including -# username->Firstname.Lastname mapping. - -# ADDRESS REDIRECTION (VIRTUAL DOMAIN) -# -# The VIRTUAL_README document gives information about the many forms -# of domain hosting that Postfix supports. - -# "USER HAS MOVED" BOUNCE MESSAGES -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# TRANSPORT MAP -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# ALIAS DATABASE -# -# The alias_maps parameter specifies the list of alias databases used -# by the local delivery agent. The default list is system dependent. -# -# On systems with NIS, the default is to search the local alias -# database, then the NIS alias database. See aliases(5) for syntax -# details. -# -# If you change the alias database, run "postalias /etc/aliases" (or -# wherever your system stores the mail alias file), or simply run -# "newaliases" to build the necessary DBM or DB file. -# -# It will take a minute or so before changes become visible. Use -# "postfix reload" to eliminate the delay. -# -#alias_maps = dbm:/etc/aliases -#alias_maps = hash:/etc/aliases -#alias_maps = hash:/etc/aliases, nis:mail.aliases -#alias_maps = netinfo:/aliases - -# The alias_database parameter specifies the alias database(s) that -# are built with "newaliases" or "sendmail -bi". This is a separate -# configuration parameter, because alias_maps (see above) may specify -# tables that are not necessarily all under control by Postfix. -# -#alias_database = dbm:/etc/aliases -#alias_database = dbm:/etc/mail/aliases -#alias_database = hash:/etc/aliases -#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases - -# ADDRESS EXTENSIONS (e.g., user+foo) -# -# The recipient_delimiter parameter specifies the separator between -# user names and address extensions (user+foo). See canonical(5), -# local(8), relocated(5) and virtual(5) for the effects this has on -# aliases, canonical, virtual, relocated and .forward file lookups. -# Basically, the software tries user+foo and .forward+foo before -# trying user and .forward. -# -#recipient_delimiter = + - -# DELIVERY TO MAILBOX -# -# The home_mailbox parameter specifies the optional pathname of a -# mailbox file relative to a user's home directory. The default -# mailbox file is /var/spool/mail/user or /var/mail/user. Specify -# "Maildir/" for qmail-style delivery (the / is required). -# -#home_mailbox = Mailbox -#home_mailbox = Maildir/ - -# The mail_spool_directory parameter specifies the directory where -# UNIX-style mailboxes are kept. The default setting depends on the -# system type. -# -#mail_spool_directory = /var/mail -#mail_spool_directory = /var/spool/mail - -# The mailbox_command parameter specifies the optional external -# command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME environment settings. -# Exception: delivery for root is done as $default_user. -# -# Other environment variables of interest: USER (recipient username), -# EXTENSION (address extension), DOMAIN (domain part of address), -# and LOCAL (the address localpart). -# -# Unlike other Postfix configuration parameters, the mailbox_command -# parameter is not subjected to $parameter substitutions. This is to -# make it easier to specify shell syntax (see example below). -# -# Avoid shell meta characters because they will force Postfix to run -# an expensive shell process. Procmail alone is expensive enough. -# -# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN -# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. -# -mailbox_command = /usr/lib/dovecot/deliver -#mailbox_command = /usr/bin/procmail -a "$EXTENSION" - -# The mailbox_transport specifies the optional transport in master.cf -# to use after processing aliases and .forward files. This parameter -# has precedence over the mailbox_command, fallback_transport and -# luser_relay parameters. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" -# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. -#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp -# -# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and -# subsequent line in master.cf. -#mailbox_transport = cyrus - -# The fallback_transport specifies the optional transport in master.cf -# to use for recipients that are not found in the UNIX passwd database. -# This parameter has precedence over the luser_relay parameter. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#fallback_transport = lmtp:unix:/file/name -#fallback_transport = cyrus -#fallback_transport = - -# The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown@$mydestination, -# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned -# as undeliverable. -# -# The following expansions are done on luser_relay: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $local (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# -# luser_relay works only for the default Postfix local delivery agent. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must specify "local_recipient_maps =" (i.e. empty) in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#luser_relay = $user@other.host -#luser_relay = $local@other.host -#luser_relay = admin+$local - -# JUNK MAIL CONTROLS -# -# The controls listed here are only a very small subset. The file -# SMTPD_ACCESS_README provides an overview. - -# The header_checks parameter specifies an optional table with patterns -# that each logical message header is matched against, including -# headers that span multiple physical lines. -# -# By default, these patterns also apply to MIME headers and to the -# headers of attached messages. With older Postfix versions, MIME and -# attached message headers were treated as body text. -# -# For details, see "man header_checks". -# -#header_checks = regexp:/etc/postfix/header_checks - -# FAST ETRN SERVICE -# -# Postfix maintains per-destination logfiles with information about -# deferred mail, so that mail can be flushed quickly with the SMTP -# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". -# See the ETRN_README document for a detailed description. -# -# The fast_flush_domains parameter controls what destinations are -# eligible for this service. By default, they are all domains that -# this server is willing to relay mail to. -# -#fast_flush_domains = $relay_domains - -# SHOW SOFTWARE VERSION OR NOT -# -# The smtpd_banner parameter specifies the text that follows the 220 -# code in the SMTP server's greeting banner. Some people like to see -# the mail version advertised. By default, Postfix shows no version. -# -# You MUST specify $myhostname at the start of the text. That is an -# RFC requirement. Postfix itself does not care. -# -#smtpd_banner = $myhostname ESMTP $mail_name -#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) - - -# PARALLEL DELIVERY TO THE SAME DESTINATION -# -# How many parallel deliveries to the same user or domain? With local -# delivery, it does not make sense to do massively parallel delivery -# to the same user, because mailbox updates must happen sequentially, -# and expensive pipelines in .forward files can cause disasters when -# too many are run at the same time. With SMTP deliveries, 10 -# simultaneous connections to the same domain could be sufficient to -# raise eyebrows. -# -# Each message delivery transport has its XXX_destination_concurrency_limit -# parameter. The default is $default_destination_concurrency_limit for -# most delivery transports. For the local delivery agent the default is 2. - -#local_destination_concurrency_limit = 2 -#default_destination_concurrency_limit = 20 - -# DEBUGGING CONTROL -# -# The debug_peer_level parameter specifies the increment in verbose -# logging level when an SMTP client or server host name or address -# matches a pattern in the debug_peer_list parameter. -# -#debug_peer_level = 2 - -# The debug_peer_list parameter specifies an optional list of domain -# or network patterns, /file/name patterns or type:name tables. When -# an SMTP client or server host name or address matches a pattern, -# increase the verbose logging level by the amount specified in the -# debug_peer_level parameter. -# -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -# The debugger_command specifies the external command that is executed -# when a Postfix daemon program is run with the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -debugger_command = - PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - ddd $daemon_directory/$process_name $process_id & sleep 5 - -# If you can't use X, use this to capture the call stack when a -# daemon crashes. The result is in a file in the configuration -# directory, and is named after the process name and the process ID. -# -# debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; -# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 -# >$config_directory/$process_name.$process_id.log & sleep 5 -# -# Another possibility is to run gdb under a detached screen session. -# To attach to the screen session, su root and run "screen -r -# " where uniquely matches one of the detached -# sessions (from "screen -list"). -# -# debugger_command = -# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen -# -dmS $process_name gdb $daemon_directory/$process_name -# $process_id & sleep 1 - -# INSTALL-TIME CONFIGURATION INFORMATION -# -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases - -# mailq_path: The full pathname of the Postfix mailq command. This -# is the Sendmail-compatible mail queue listing command. -# -mailq_path = /usr/bin/mailq - -# setgid_group: The group for mail submission and queue management -# commands. This must be a group name with a numerical group ID that -# is not shared with other accounts, not even with the Postfix account. -# -setgid_group = postdrop - -# html_directory: The location of the Postfix HTML documentation. -# -html_directory = no - -# manpage_directory: The location of the Postfix on-line manual pages. -# -manpage_directory = /usr/share/man - -# sample_directory: The location of the Postfix sample configuration files. -# This parameter is obsolete as of Postfix 2.1. -# -sample_directory = /usr/share/doc/postfix - -# readme_directory: The location of the Postfix README files. -# -readme_directory = /usr/share/doc/postfix -inet_protocols = ipv4 - -append_dot_mydomain = no -biff = no -smtpd_helo_required = yes -smtpd_recipient_restrictions = permit_mynetworks, - permit_sasl_authenticated, - reject_unauth_destination, - reject_unauth_pipelining, - reject_non_fqdn_recipient -smtpd_sender_restrictions = permit_mynetworks, - reject_sender_login_mismatch, - permit_sasl_authenticated, - reject_unknown_helo_hostname, - reject_unknown_recipient_domain, - reject_unknown_sender_domain -smtpd_client_restrictions = permit_mynetworks, - permit_sasl_authenticated, - reject_unknown_client_hostname - -# Postfix 2.10 requires this option. Postfix < 2.10 ignores this. -# The option is intentionally left empty. -smtpd_relay_restrictions = - -# Maximum size of Message in bytes (50MB) -message_size_limit = 52428800 - -## SASL Auth Settings -smtpd_sasl_auth_enable = yes -smtpd_sasl_local_domain = $myhostname -broken_sasl_auth_clients = yes -## Dovecot Settings for deliver, SASL Auth and virtual transport -smtpd_sasl_type = dovecot -virtual_transport = dovecot -dovecot_destination_recipient_limit = 1 -smtpd_sasl_path = private/auth - -# Virtual delivery settings -virtual_mailbox_base = / -virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf -virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf -virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf -smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_permissions.cf -virtual_uid_maps = static: -virtual_gid_maps = static: - -# Local delivery settings -local_transport = local -alias_maps = $alias_database - -# Default Mailbox size, is set to 0 which means unlimited! -mailbox_size_limit = 0 -virtual_mailbox_limit = 0 - -### TLS settings -### -## TLS for outgoing mails from the server to another server -smtp_tls_security_level = may -smtp_tls_note_starttls_offer = yes -## TLS for incoming connections (clients or other mail servers) -smtpd_tls_security_level = may -smtpd_tls_cert_file = -smtpd_tls_key_file = -#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt -smtpd_tls_loglevel = 1 -smtpd_tls_received_header = yes -smtp_use_tls = yes -smtpd_use_tls = yes -smtpd_tls_session_cache_timeout = 3600s -]]> - - - //service[@type='smtp']/general/files[@index=0] - - - - - //service[@type='smtp']/general/commands[@index=3] - - - - - - - - - - - - - to select which instance is used (an alternative -# to -c ). The instance name is also added to Dovecot processes -# in ps output. -#instance_name = dovecot - -# Greeting message for clients. -#login_greeting = Dovecot ready. - -# Space separated list of trusted network ranges. Connections from these -# IPs are allowed to override their IP addresses and ports (for logging and -# for authentication checks). disable_plaintext_auth is also ignored for -# these networks. Typically you'd specify your IMAP proxy servers here. -#login_trusted_networks = - -# Space separated list of login access check sockets (e.g. tcpwrap) -#login_access_sockets = - -# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do -# proxying. This isn't necessary normally, but may be useful if the destination -# IP is e.g. a load balancer's IP. -#auth_proxy_self = - -# Show more verbose process titles (in ps). Currently shows user name and -# IP address. Useful for seeing who are actually using the IMAP processes -# (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no - -# Should all processes be killed when Dovecot master process shuts down. -# Setting this to "no" means that Dovecot can be upgraded without -# forcing existing client connections to close (although that could also be -# a problem if the upgrade is e.g. because of a security fix). -#shutdown_clients = yes - -# If non-zero, run mail commands via this many connections to doveadm server, -# instead of running them directly in the same process. -#doveadm_worker_count = 0 -# UNIX socket or host:port used for connecting to doveadm server -#doveadm_socket_path = doveadm-server - -# Space separated list of environment variables that are preserved on Dovecot -# startup and passed down to all of its child processes. You can also give -# key=value pairs to always set specific settings. -#import_environment = TZ - -## -## Dictionary server settings -## - -# Dictionary can be used to store key=value lists. This is used by several -# plugins. The dictionary can be accessed either directly or though a -# dictionary server. The following dict block maps dictionary names to URIs -# when the server is used. These can then be referenced using URIs in format -# "proxy::". - -dict { - #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext - #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext -} - -# Most of the actual configuration gets included below. The filenames are -# first sorted by their ASCII value and parsed in that order. The 00-prefixes -# in filenames are intended to make it easier to understand the ordering. -!include conf.d/*.conf - -# A config file can also tried to be included without giving an error if -# it's not found: -!include_try local.conf -]]> - - - - dbname= user= password=" - -# Default password scheme. -# -# List of supported schemes is in -# http://wiki2.dovecot.org/Authentication/PasswordSchemes -# -#default_pass_scheme = CRYPT - -# passdb query to retrieve the password. It can return fields: -# password - The user's password. This field must be returned. -# user - user@domain from the database. Needed with case-insensitive lookups. -# username and domain - An alternative way to represent the "user" field. -# -# The "user" field is often necessary with case-insensitive lookups to avoid -# e.g. "name" and "nAme" logins creating two different mail directories. If -# your user and domain names are in separate fields, you can return "username" -# and "domain" fields instead of "user". -# -# The query can also return other fields which have a special meaning, see -# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields -# -# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables -# for full list): -# %u = entire user@domain -# %n = user part of user@domain -# %d = domain part of user@domain -# -# Note that these can be used only as input to SQL query. If the query outputs -# any of these substitutions, they're not touched. Otherwise it would be -# difficult to have eg. usernames containing '%' characters. -# -# Example: -# password_query = SELECT userid AS user, pw AS password \ -# FROM users WHERE userid = '%u' AND active = 'Y' -# -#password_query = \ -# SELECT username, domain, password \ -# FROM users WHERE username = '%n' AND domain = '%d' - -# userdb query to retrieve the user information. It can return fields: -# uid - System UID (overrides mail_uid setting) -# gid - System GID (overrides mail_gid setting) -# home - Home directory -# mail - Mail location (overrides mail_location setting) -# -# None of these are strictly required. If you use a single UID and GID, and -# home or mail directory fits to a template string, you could use userdb static -# instead. For a list of all fields that can be returned, see -# http://wiki2.dovecot.org/UserDatabase/ExtraFields -# -# Examples: -# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' -# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' -# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' -# -#user_query = \ -# SELECT home, uid, gid \ -# FROM users WHERE username = '%n' AND domain = '%d' -user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota, 'M') as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') - -# If you wish to avoid two SQL lookups (passdb + userdb), you can use -# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll -# also have to return userdb fields in password_query prefixed with "userdb_" -# string. For example: -#password_query = \ -# SELECT userid AS user, password, \ -# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \ -# FROM users WHERE userid = '%u' -password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve'))) - -# Query to get a list of all usernames. -iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)" -]]> - - - - to characters. For example "#@/@" means -# that '#' and '/' characters are translated to '@'. -#auth_username_translation = - -# Username formatting before it's looked up from databases. You can use -# the standard variables here, eg. %Lu would lowercase the username, %n would -# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into -# "-AT-". This translation is done after auth_username_translation changes. -#auth_username_format = %Lu - -# If you want to allow master users to log in by specifying the master -# username within the normal username string (ie. not using SASL mechanism's -# support for it), you can specify the separator character here. The format -# is then . UW-IMAP uses "*" as the -# separator, so that could be a good choice. -#auth_master_user_separator = - -# Username to use for users logging in with ANONYMOUS SASL mechanism -#auth_anonymous_username = anonymous - -# Maximum number of dovecot-auth worker processes. They're used to execute -# blocking passdb and userdb queries (eg. MySQL and PAM). They're -# automatically created and destroyed as needed. -#auth_worker_max_count = 30 - -# Host name to use in GSSAPI principal names. The default is to use the -# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab -# entries. -#auth_gssapi_hostname = - -# Kerberos keytab to use for the GSSAPI mechanism. Will use the system -# default (usually /etc/krb5.keytab) if not specified. You may need to change -# the auth service to run as root to be able to read this file. -#auth_krb5_keytab = - -# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and -# ntlm_auth helper. -#auth_use_winbind = no - -# Path for Samba's ntlm_auth helper binary. -#auth_winbind_helper_path = /usr/bin/ntlm_auth - -# Time to delay before replying to failed authentications. -#auth_failure_delay = 2 secs - -# Require a valid SSL client certificate or the authentication fails. -#auth_ssl_require_client_cert = no - -# Take the username from client's SSL certificate, using -# X509_NAME_get_text_by_NID() which returns the subject's DN's -# CommonName. -#auth_ssl_username_from_cert = no - -# Space separated list of wanted authentication mechanisms: -# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey -# gss-spnego -# NOTE: See also disable_plaintext_auth setting. -auth_mechanisms = plain login - -## -## Password and user databases -## - -# -# Password database is used to verify user's password (and nothing more). -# You can have multiple passdbs and userdbs. This is useful if you want to -# allow both system users (/etc/passwd) and virtual users to login without -# duplicating the system users into virtual database. -# -# -# -# User database specifies where mails are located and what user/group IDs -# own them. For single-UID configuration use "static" userdb. -# -# - -#!include auth-deny.conf.ext -#!include auth-master.conf.ext - -#!include auth-system.conf.ext -!include auth-sql.conf.ext -#!include auth-ldap.conf.ext -#!include auth-passwdfile.conf.ext -#!include auth-checkpassword.conf.ext -#!include auth-vpopmail.conf.ext -#!include auth-static.conf.ext -]]> - - - - -# -mail_location = mbox:~/mail:INBOX=/var/mail/%u - -# If you need to set multiple mailbox locations or want to change default -# namespace settings, you can do it by defining namespace sections. -# -# You can have private, shared and public namespaces. Private namespaces -# are for user's personal mails. Shared namespaces are for accessing other -# users' mailboxes that have been shared. Public namespaces are for shared -# mailboxes that are managed by sysadmin. If you create any shared or public -# namespaces you'll typically want to enable ACL plugin also, otherwise all -# users can access all the shared mailboxes, assuming they have permissions -# on filesystem level to do so. -namespace inbox { - # Namespace type: private, shared or public - #type = private - - # Hierarchy separator to use. You should use the same separator for all - # namespaces or some clients get confused. '/' is usually a good one. - # The default however depends on the underlying mail storage format. - #separator = - - # Prefix required to access this namespace. This needs to be different for - # all namespaces. For example "Public/". - #prefix = - - # Physical location of the mailbox. This is in same format as - # mail_location, which is also the default for it. - #location = - - # There can be only one INBOX, and this setting defines which namespace - # has it. - inbox = yes - - # If namespace is hidden, it's not advertised to clients via NAMESPACE - # extension. You'll most likely also want to set list=no. This is mostly - # useful when converting from another server with different namespaces which - # you want to deprecate but still keep working. For example you can create - # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". - #hidden = no - - # Show the mailboxes under this namespace with LIST command. This makes the - # namespace visible for clients that don't support NAMESPACE extension. - # "children" value lists child mailboxes, but hides the namespace prefix. - #list = yes - - # Namespace handles its own subscriptions. If set to "no", the parent - # namespace handles them (empty prefix should always have this as "yes") - #subscriptions = yes -} - -# Example shared namespace configuration -#namespace { - #type = shared - #separator = / - - # Mailboxes are visible under "shared/user@domain/" - # %%n, %%d and %%u are expanded to the destination user. - #prefix = shared/%%u/ - - # Mail location for other users' mailboxes. Note that %variables and ~/ - # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the - # destination user's data. - #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u - - # Use the default namespace for saving subscriptions. - #subscriptions = no - - # List the shared/ namespace only if there are visible shared mailboxes. - #list = children -#} -# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? -#mail_shared_explicit_inbox = no - -# System user and group used to access mails. If you use multiple, userdb -# can override these by returning uid or gid fields. You can use either numbers -# or names. -#mail_uid = -#mail_gid = - -# Group to enable temporarily for privileged operations. Currently this is -# used only with INBOX when either its initial creation or dotlocking fails. -# Typically this is set to "mail" to give access to /var/mail. -#mail_privileged_group = - -# Grant access to these supplementary groups for mail processes. Typically -# these are used to set up access to shared mailboxes. Note that it may be -# dangerous to set these if users can create symlinks (e.g. if "mail" group is -# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' -# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). -mail_access_groups = vmail - -# Allow full filesystem access to clients. There's no access checks other than -# what the operating system does for the active UID/GID. It works with both -# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ -# or ~user/. -#mail_full_filesystem_access = no - -# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but -# soon intended to be used by METADATA as well. -#mail_attribute_dict = - -## -## Mail processes -## - -# Don't use mmap() at all. This is required if you store indexes to shared -# filesystems (NFS or clustered filesystem). -#mmap_disable = no - -# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL -# since version 3, so this should be safe to use nowadays by default. -#dotlock_use_excl = yes - -# When to use fsync() or fdatasync() calls: -# optimized (default): Whenever necessary to avoid losing important data -# always: Useful with e.g. NFS when write()s are delayed -# never: Never use it (best performance, but crashes can lose data) -#mail_fsync = optimized - -# Locking method for index files. Alternatives are fcntl, flock and dotlock. -# Dotlocking uses some tricks which may create more disk I/O than other locking -# methods. NFS users: flock doesn't work, remember to change mmap_disable. -#lock_method = fcntl - -# Directory in which LDA/LMTP temporarily stores incoming mails >128 kB. -#mail_temp_dir = /tmp - -# Valid UID range for users, defaults to 500 and above. This is mostly -# to make sure that users can't log in as daemons or other system users. -# Note that denying root logins is hardcoded to dovecot binary and can't -# be done even if first_valid_uid is set to 0. -#first_valid_uid = 500 -#last_valid_uid = 0 - -# Valid GID range for users, defaults to non-root/wheel. Users having -# non-valid GID as primary group ID aren't allowed to log in. If user -# belongs to supplementary groups with non-valid GIDs, those groups are -# not set. -#first_valid_gid = 1 -#last_valid_gid = 0 - -# Maximum allowed length for mail keyword name. It's only forced when trying -# to create new keywords. -#mail_max_keyword_length = 50 - -# ':' separated list of directories under which chrooting is allowed for mail -# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). -# This setting doesn't affect login_chroot, mail_chroot or auth chroot -# settings. If this setting is empty, "/./" in home dirs are ignored. -# WARNING: Never add directories here which local users can modify, that -# may lead to root exploit. Usually this should be done only if you don't -# allow shell access for users. -#valid_chroot_dirs = - -# Default chroot directory for mail processes. This can be overridden for -# specific users in user database by giving /./ in user's home directory -# (eg. /home/./user chroots into /home). Note that usually there is no real -# need to do chrooting, Dovecot doesn't allow users to access files outside -# their mail directory anyway. If your home directories are prefixed with -# the chroot directory, append "/." to mail_chroot. -#mail_chroot = - -# UNIX socket path to master authentication server to find users. -# This is used by imap (for shared users) and lda. -#auth_socket_path = /var/run/dovecot/auth-userdb - -# Directory where to look up mail plugins. -#mail_plugin_dir = /usr/lib/dovecot/modules - -# Space separated list of plugins to load for all services. Plugins specific to -# IMAP, LDA, etc. are added to this list in their own .conf files. -#mail_plugins = - -## -## Mailbox handling optimizations -## - -# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are -# also required for IMAP NOTIFY extension to be enabled. -#mailbox_list_index = no - -# The minimum number of mails in a mailbox before updates are done to cache -# file. This allows optimizing Dovecot's behavior to do less disk writes at -# the cost of more disk reads. -#mail_cache_min_mail_count = 0 - -# When IDLE command is running, mailbox is checked once in a while to see if -# there are any new mails or other changes. This setting defines the minimum -# time to wait between those checks. Dovecot can also use dnotify, inotify and -# kqueue to find out immediately when changes occur. -#mailbox_idle_check_interval = 30 secs - -# Save mails with CR+LF instead of plain LF. This makes sending those mails -# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. -# But it also creates a bit more disk I/O which may just make it slower. -# Also note that if other software reads the mboxes/maildirs, they may handle -# the extra CRs wrong and cause problems. -#mail_save_crlf = no - -# Max number of mails to keep open and prefetch to memory. This only works with -# some mailbox formats and/or operating systems. -#mail_prefetch_count = 0 - -# How often to scan for stale temporary files and delete them (0 = never). -# These should exist only after Dovecot dies in the middle of saving mails. -#mail_temp_scan_interval = 1w - -## -## Maildir-specific settings -## - -# By default LIST command returns all entries in maildir beginning with a dot. -# Enabling this option makes Dovecot return only entries which are directories. -# This is done by stat()ing each entry, so it causes more disk I/O. -# (For systems setting struct dirent->d_type, this check is free and it's -# done always regardless of this setting) -#maildir_stat_dirs = no - -# When copying a message, do it with hard links whenever possible. This makes -# the performance much better, and it's unlikely to have any side effects. -#maildir_copy_with_hardlinks = yes - -# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only -# when its mtime changes unexpectedly or when we can't find the mail otherwise. -#maildir_very_dirty_syncs = no - -# If enabled, Dovecot doesn't use the S= in the Maildir filenames for -# getting the mail's physical size, except when recalculating Maildir++ quota. -# This can be useful in systems where a lot of the Maildir filenames have a -# broken size. The performance hit for enabling this is very small. -#maildir_broken_filename_sizes = no - -# Always move mails from new/ directory to cur/, even when the \Recent flags -# aren't being reset. -#maildir_empty_new = no - -## -## mbox-specific settings -## - -# Which locking methods to use for locking mbox. There are four available: -# dotlock: Create .lock file. This is the oldest and most NFS-safe -# solution. If you want to use /var/mail/ like directory, the users -# will need write access to that directory. -# dotlock_try: Same as dotlock, but if it fails because of permissions or -# because there isn't enough disk space, just skip it. -# fcntl : Use this if possible. Works with NFS too if lockd is used. -# flock : May not exist in all systems. Doesn't work with NFS. -# lockf : May not exist in all systems. Doesn't work with NFS. -# -# You can use multiple locking methods; if you do the order they're declared -# in is important to avoid deadlocks if other MTAs/MUAs are using multiple -# locking methods as well. Some operating systems don't allow using some of -# them simultaneously. -# -# The Debian value for mbox_write_locks differs from upstream Dovecot. It is -# changed to be compliant with Debian Policy (section 11.6) for NFS safety. -# Dovecot: mbox_write_locks = dotlock fcntl -# Debian: mbox_write_locks = fcntl dotlock -# -#mbox_read_locks = fcntl -#mbox_write_locks = fcntl dotlock - -# Maximum time to wait for lock (all of them) before aborting. -#mbox_lock_timeout = 5 mins - -# If dotlock exists but the mailbox isn't modified in any way, override the -# lock file after this much time. -#mbox_dotlock_change_timeout = 2 mins - -# When mbox changes unexpectedly we have to fully read it to find out what -# changed. If the mbox is large this can take a long time. Since the change -# is usually just a newly appended mail, it'd be faster to simply read the -# new mails. If this setting is enabled, Dovecot does this but still safely -# fallbacks to re-reading the whole mbox file whenever something in mbox isn't -# how it's expected to be. The only real downside to this setting is that if -# some other MUA changes message flags, Dovecot doesn't notice it immediately. -# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK -# commands. -#mbox_dirty_syncs = yes - -# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, -# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. -#mbox_very_dirty_syncs = no - -# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK -# commands and when closing the mailbox). This is especially useful for POP3 -# where clients often delete all mails. The downside is that our changes -# aren't immediately visible to other MUAs. -#mbox_lazy_writes = yes - -# If mbox size is smaller than this (e.g. 100k), don't write index files. -# If an index file already exists it's still read, just not updated. -#mbox_min_index_size = 0 - -# Mail header selection algorithm to use for MD5 POP3 UIDLs when -# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired -# algorithm, but it fails if the first Received: header isn't unique in all -# mails. An alternative algorithm is "all" that selects all headers. -#mbox_md5 = apop3d - -## -## mdbox-specific settings -## - -# Maximum dbox file size until it's rotated. -#mdbox_rotate_size = 2M - -# Maximum dbox file age until it's rotated. Typically in days. Day begins -# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled. -#mdbox_rotate_interval = 0 - -# When creating new mdbox files, immediately preallocate their size to -# mdbox_rotate_size. This setting currently works only in Linux with some -# filesystems (ext4, xfs). -#mdbox_preallocate_space = no - -## -## Mail attachments -## - -# sdbox and mdbox support saving mail attachments to external files, which -# also allows single instance storage for them. Other backends don't support -# this for now. - -# Directory root where to store mail attachments. Disabled, if empty. -#mail_attachment_dir = - -# Attachments smaller than this aren't saved externally. It's also possible to -# write a plugin to disable saving specific attachments externally. -#mail_attachment_min_size = 128k - -# Filesystem backend to use for saving attachments: -# posix : No SiS done by Dovecot (but this might help FS's own deduplication) -# sis posix : SiS with immediate byte-by-byte comparison during saving -# sis-queue posix : SiS with delayed comparison and deduplication -#mail_attachment_fs = sis posix - -# Hash format to use in attachment filenames. You can add any text and -# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}. -# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits -#mail_attachment_hash = %{sha1} -]]> - - - - - #service_count = 1 - - # Number of processes to always keep waiting for more connections. - #process_min_avail = 0 - - # If you set service_count=0, you probably need to grow this. - #vsz_limit = $default_vsz_limit -} - -service pop3-login { - inet_listener pop3 { - #port = 110 - } - inet_listener pop3s { - #port = 995 - #ssl = yes - } -} - -service lmtp { - unix_listener lmtp { - #mode = 0666 - } - - # Create inet listener only if you can't use the above UNIX socket - #inet_listener lmtp { - # Avoid making LMTP visible for the entire internet - #address = - #port = - #} -} - -service imap { - # Most of the memory goes to mmap()ing files. You may need to increase this - # limit if you have huge mailboxes. - #vsz_limit = $default_vsz_limit - - # Max. number of IMAP processes (connections) - #process_limit = 1024 -} - -service pop3 { - # Max. number of POP3 processes (connections) - #process_limit = 1024 -} - -service auth { - # auth_socket_path points to this userdb socket by default. It's typically - # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have - # full permissions to this socket are able to get a list of all usernames and - # get the results of everyone's userdb lookups. - # - # The default 0666 mode allows anyone to connect to the socket, but the - # userdb lookups will succeed only if the userdb returns an "uid" field that - # matches the caller process's UID. Also if caller's uid or gid matches the - # socket's uid or gid the lookup succeeds. Anything else causes a failure. - # - # To give the caller full permissions to lookup all users, set the mode to - # something else than 0666 and Dovecot lets the kernel enforce the - # permissions (e.g. 0777 allows everyone full permissions). - unix_listener auth-userdb { - #mode = 0666 - #user = - #group = - } - - # Postfix smtp-auth - unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix - } - - # Exim4 smtp-auth - unix_listener auth-client { - mode = 0660 - user = mail - # group = Debian-exim - } - - # Auth process is run as this user. - #user = $default_internal_user -} - -service auth-worker { - # Auth worker process is run as root by default, so that it can access - # /etc/shadow. If this isn't necessary, the user should be changed to - # $default_internal_user. - #user = root -} - -service dict { - # If dict proxy is used, mail processes should have access to its socket. - # For example: mode=0660, group=vmail and global mail_access_groups=vmail - unix_listener dict { - #mode = 0600 - #user = - #group = - } -} -]]> - - - - -ssl = yes - -# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -# dropping root privileges, so keep the key file unreadable by anyone but -# root. Included doc/mkcert.sh can be used to easily generate self-signed -# certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = < -ssl_key = < - -# If key file is password protected, give the password here. Alternatively -# give it when starting dovecot with -p parameter. Since this file is often -# world-readable, you may want to place this setting instead to a different -# root owned 0600 file by using ssl_key_password = - - - - . %d expands to recipient domain. -postmaster_address = postmaster@ - -# Hostname to use in various parts of sent mails (e.g. in Message-Id) and -# in LMTP replies. Default is the system's real hostname@domain. -#hostname = - -# If user is over quota, return with temporary failure instead of -# bouncing the mail. -#quota_full_tempfail = no - -# Binary to use for sending mails. -#sendmail_path = /usr/sbin/sendmail - -# If non-empty, send mails via this SMTP host[:port] instead of sendmail. -#submission_host = - -# Subject: header to use for rejection mails. You can use the same variables -# as for rejection_reason below. -#rejection_subject = Rejected: %s - -# Human readable error message for rejection mails. You can use variables: -# %n = CRLF, %r = reason, %s = original subject, %t = recipient -#rejection_reason = Your message to <%t> was automatically rejected:%n%r - -# Delimiter character between local-part and detail in email address. -#recipient_delimiter = + - -# Header where the original recipient address (SMTP's RCPT TO: address) is taken -# from if not available elsewhere. With dovecot-lda -a parameter overrides this. -# A commonly used header for this is X-Original-To. -#lda_original_recipient_header = - -# Should saving a mail to a nonexistent mailbox automatically create it? -#lda_mailbox_autocreate = no - -# Should automatically created mailboxes be also automatically subscribed? -#lda_mailbox_autosubscribe = no - -protocol lda { - # Space separated list of plugins to load (default is global mail_plugins). - mail_plugins = $mail_plugins quota sieve -} -]]> - - - - - - - - - #service_count = 1 - - # Number of processes to always keep waiting for more connections. - #process_min_avail = 0 - - # If you set service_count=0, you probably need to grow this. - #vsz_limit = 64M -#} - -#service managesieve { - # Max. number of ManageSieve processes (connections) - #process_limit = 1024 -#} - -# Service configuration - -protocol sieve { - # Maximum ManageSieve command line length in bytes. ManageSieve usually does - # not involve overly long command lines, so this setting will not normally - # need adjustment - #managesieve_max_line_length = 65536 - - # Maximum number of ManageSieve connections allowed for a user from each IP - # address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 10 - - # Space separated list of plugins to load (none known to be useful so far). - # Do NOT try to load IMAP plugins here. - #mail_plugins = - - # MANAGESIEVE logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - #managesieve_logout_format = bytes=%i/%o - - # To fool ManageSieve clients that are focused on CMU's timesieved you can - # specify the IMPLEMENTATION capability that Dovecot reports to clients. - # For example: 'Cyrus timsieved v2.2.13' - #managesieve_implementation_string = Dovecot Pigeonhole - - # Explicitly specify the SIEVE and NOTIFY capability reported by the server - # before login. If left unassigned these will be reported dynamically - # according to what the Sieve interpreter supports by default (after login - # this may differ depending on the user). - #managesieve_sieve_capability = - #managesieve_notify_capability = - - # The maximum number of compile errors that are returned to the client upon - # script upload or script verification. - #managesieve_max_compile_errors = 5 - - # Refer to 90-sieve.conf for script quota configuration and configuration of - # Sieve execution limits. -} -]]> - - - - = 2.1.4) : %v.%u -# Dovecot v0.99.x : %v.%u -# tpop3d : %Mf -# -# Note that Outlook 2003 seems to have problems with %v.%u format which was -# Dovecot's default, so if you're building a new server it would be a good -# idea to change this. %08Xu%08Xv should be pretty fail-safe. -# -#pop3_uidl_format = %08Xu%08Xv - -# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes -# won't change those UIDLs. Currently this works only with Maildir. -#pop3_save_uidl = no - -# What to do about duplicate UIDLs if they exist? -# allow: Show duplicates to clients. -# rename: Append a temporary -2, -3, etc. counter after the UIDL. -#pop3_uidl_duplicates = allow - -# This option changes POP3 behavior so that it's not possible to actually -# delete mails via POP3, only hide them from future POP3 sessions. The mails -# will still be counted towards user's quota until actually deleted via IMAP. -# Use e.g. "$POP3Deleted" as the value (it will be visible as IMAP keyword). -# Make sure you can legally archive mails before enabling this setting. -#pop3_deleted_flag = - -# POP3 logout format string: -# %i - total number of bytes read from client -# %o - total number of bytes sent to client -# %t - number of TOP commands -# %p - number of bytes sent to client as a result of TOP command -# %r - number of RETR commands -# %b - number of bytes sent to client as a result of RETR command -# %d - number of deleted messages -# %m - number of messages (before deletion) -# %s - mailbox size in bytes (before deletion) -# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly -pop3_logout_format = in=%i out=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s - -# Workarounds for various client bugs: -# outlook-no-nuls: -# Outlook and Outlook Express hang if mails contain NUL characters. -# This setting replaces them with 0x80 character. -# oe-ns-eoh: -# Outlook Express and Netscape Mail breaks if end of headers-line is -# missing. This option simply sends it if it's missing. -# The list is space-separated. -#pop3_client_workarounds = - -protocol pop3 { - # Space separated list of plugins to load (default is global mail_plugins). - #mail_plugins = $mail_plugins - - # Maximum number of POP3 connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 10 -} -]]> - - - - See sieve_before fore executing scripts before the user's personal - # script. - #sieve_default = /var/lib/dovecot/sieve/default.sieve - - # Directory for :personal include scripts for the include extension. This - # is also where the ManageSieve service stores the user's scripts. - sieve_dir = ~/sieve - - # Directory for :global include scripts for the include extension. - #sieve_global_dir = - - # Path to a script file or a directory containing script files that need to be - # executed before the user's script. If the path points to a directory, all - # the Sieve scripts contained therein (with the proper .sieve extension) are - # executed. The order of execution within a directory is determined by the - # file names, using a normal 8bit per-character comparison. Multiple script - # file or directory paths can be specified by appending an increasing number. - #sieve_before = - #sieve_before2 = - #sieve_before3 = (etc...) - - # Identical to sieve_before, only the specified scripts are executed after the - # user's script (only when keep is still in effect!). Multiple script file or - # directory paths can be specified by appending an increasing number. - #sieve_after = - #sieve_after2 = - #sieve_after2 = (etc...) - - # Which Sieve language extensions are available to users. By default, all - # supported extensions are available, except for deprecated extensions or - # those that are still under development. Some system administrators may want - # to disable certain Sieve extensions or enable those that are not available - # by default. This setting can use '+' and '-' to specify differences relative - # to the default. For example `sieve_extensions = +imapflags' will enable the - # deprecated imapflags extension in addition to all extensions were already - # enabled by default. - #sieve_extensions = +notify +imapflags - - # Which Sieve language extensions are ONLY available in global scripts. This - # can be used to restrict the use of certain Sieve extensions to administrator - # control, for instance when these extensions can cause security concerns. - # This setting has higher precedence than the `sieve_extensions' setting - # (above), meaning that the extensions enabled with this setting are never - # available to the user's personal script no matter what is specified for the - # `sieve_extensions' setting. The syntax of this setting is similar to the - # `sieve_extensions' setting, with the difference that extensions are - # enabled or disabled for exclusive use in global scripts. Currently, no - # extensions are marked as such by default. - #sieve_global_extensions = - - # The Pigeonhole Sieve interpreter can have plugins of its own. Using this - # setting, the used plugins can be specified. Check the Dovecot wiki - # (wiki2.dovecot.org) or the pigeonhole website - # (http://pigeonhole.dovecot.org) for available plugins. - # The sieve_extprograms plugin is included in this release. - #sieve_plugins = - - # The separator that is expected between the :user and :detail - # address parts introduced by the subaddress extension. This may - # also be a sequence of characters (e.g. '--'). The current - # implementation looks for the separator from the left of the - # localpart and uses the first one encountered. The :user part is - # left of the separator and the :detail part is right. This setting - # is also used by Dovecot's LMTP service. - #recipient_delimiter = + - - # The maximum size of a Sieve script. The compiler will refuse to compile any - # script larger than this limit. If set to 0, no limit on the script size is - # enforced. - #sieve_max_script_size = 1M - - # The maximum number of actions that can be performed during a single script - # execution. If set to 0, no limit on the total number of actions is enforced. - #sieve_max_actions = 32 - - # The maximum number of redirect actions that can be performed during a single - # script execution. If set to 0, no redirect actions are allowed. - #sieve_max_redirects = 4 - - # The maximum number of personal Sieve scripts a single user can have. If set - # to 0, no limit on the number of scripts is enforced. - # (Currently only relevant for ManageSieve) - #sieve_quota_max_scripts = 0 - - # The maximum amount of disk storage a single user's scripts may occupy. If - # set to 0, no limit on the used amount of disk storage is enforced. - # (Currently only relevant for ManageSieve) - #sieve_quota_max_storage = 0 -} -]]> - - - - - - - - - - - - - - //service[@type='mail']/general/installs[@index=1] - - //service[@type='mail']/general/files[@index=1] - - //service[@type='mail']/general/commands[@index=1] - - - - - - - - - - " -[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=" -chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key -]]> - - - - - - - - FTP Server" -ServerType standalone -DeferWelcome off - -DefaultServer on -ShowSymlinks on - -TimeoutNoTransfer 600 -TimeoutStalled 600 -TimeoutIdle 1200 - -DisplayLogin welcome.msg -DisplayChdir .message true -ListOptions "-l" - -DenyFilter \*.*/ - -# Use this to jail all users in their homes -# DefaultRoot ~ - -# Users require a valid shell listed in /etc/shells to login. -# Use this directive to release that constrain. -# RequireValidShell off - -# Port 21 is the standard FTP port. -Port 21 - -# In some cases you have to specify passive ports range to by-pass -# firewall limitations. Ephemeral ports can be used for that, but -# feel free to use a more narrow range. -# PassivePorts 49152 65534 - -# If your host was NATted, this option is useful in order to -# allow passive transfers to work. You have to use your public -# address and opening the passive ports used on your firewall as well. -# MasqueradeAddress 1.2.3.4 - -# This is useful for masquerading address with dynamic IPs: -# refresh any configured MasqueradeAddress directives every 8 hours - -# DynMasqRefresh 28800 - - -# To prevent DoS attacks, set the maximum number of child processes -# to 30. If you need to allow more than 30 concurrent connections -# at once, simply increase this value. Note that this ONLY works -# in standalone mode, in inetd mode you should use an inetd server -# that allows you to limit maximum number of processes per service -# (such as xinetd) -MaxInstances 30 - -# Set the user and group that the server normally runs at. -User proftpd -Group nogroup - -# Umask 022 is a good standard umask to prevent new files and dirs -# (second parm) from being group and world writable. -Umask 022 022 -# Normally, we want files to be overwritable. -AllowOverwrite on - -# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: -# PersistentPasswd off - -# This is required to use both PAM-based authentication and local passwords -# AuthOrder mod_auth_pam.c* mod_auth_unix.c - -# Be warned: use of this directive impacts CPU average load! -# Uncomment this if you like to see progress and transfer rate with ftpwho -# in downloads. That is not needed for uploads rates. -# -# UseSendFile off - -TransferLog /var/log/proftpd/xferlog -SystemLog /var/log/proftpd/proftpd.log - -# Logging onto /var/log/lastlog is enabled but set to off by default -#UseLastlog on - -# In order to keep log file dates consistent after chroot, use timezone info -# from /etc/localtime. If this is not set, and proftpd is configured to -# chroot (e.g. DefaultRoot or ), it will use the non-daylight -# savings timezone regardless of whether DST is in effect. -#SetEnv TZ :/etc/localtime - - -QuotaEngine on - - - -Ratios off - - - -# Delay engine reduces impact of the so-called Timing Attack described in -# http://www.securityfocus.com/bid/11430/discuss -# It is on by default. - -DelayEngine on - - - -ControlsEngine off -ControlsMaxClients 2 -ControlsLog /var/log/proftpd/controls.log -ControlsInterval 5 -ControlsSocket /var/run/proftpd/proftpd.sock - - - -AdminControlsEngine off - - -# -# Alternative authentication frameworks -# -#Include /etc/proftpd/ldap.conf -Include /etc/proftpd/sql.conf - -# -# This is used for FTPS connections -# -Include /etc/proftpd/tls.conf - -# -# Useful to keep VirtualHost/VirtualRoot directives separated -# -#Include /etc/proftpd/virtuals.conf - -# A basic anonymous configuration, no upload directories. - -# -# User ftp -# Group nogroup -# # We want clients to be able to login with "anonymous" as well as "ftp" -# UserAlias anonymous ftp -# # Cosmetic changes, all files belongs to ftp user -# DirFakeUser on ftp -# DirFakeGroup on ftp -# -# RequireValidShell off -# -# # Limit the maximum number of anonymous logins -# MaxClients 10 -# -# # We want 'welcome.msg' displayed at login, and '.message' displayed -# # in each newly chdired directory. -# DisplayLogin welcome.msg -# DisplayChdir .message -# -# # Limit WRITE everywhere in the anonymous chroot -# -# -# DenyAll -# -# -# -# # Uncomment this if you're brave. -# # -# # # Umask 022 is a good standard umask to prevent new files and dirs -# # # (second parm) from being group and world writable. -# # Umask 022 022 -# # -# # DenyAll -# # -# # -# # AllowAll -# # -# # -# -# - -# Include other custom configuration files -Include /etc/proftpd/conf.d/ -]]> - - - - - - - - - -DefaultRoot ~ -RequireValidShell off -AuthOrder mod_sql.c - -# -# Choose a SQL backend among MySQL or PostgreSQL. -# Both modules are loaded in default configuration, so you have to specify the backend -# or comment out the unused module in /etc/proftpd/modules.conf. -# Use 'mysql' or 'postgres' as possible values. -# -SQLBackend mysql -# -SQLEngine on -SQLAuthenticate on -# -# Use both an encrypted or plaintext password -SQLAuthTypes Crypt OpenSSL - -SQLAuthenticate users* groups* - -# -# Connection -SQLConnectInfo @ -# -# Describes both users/groups tables -# -SQLUserInfo ftp_users username password uid gid homedir shell -SQLGroupInfo ftp_groups groupname gid members -# -SQLUserWhereClause "login_enabled = 'y'" - -SQLLog PASS login -SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users - -SQLLog RETR download -SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users - -SQLLog STOR upload -SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users - -QuotaEngine on -QuotaShowQuotas on -QuotaDisplayUnits Mb -QuotaLock /var/lock/ftpd.quotatab.lock -QuotaLimitTable sql:/get-quota-limit -QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally -SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'" -SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" -SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies -SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies - -]]> - - - - -TLSEngine on -TLSLog /var/log/proftpd/tls.log -TLSProtocol TLSv1.2 TLSv1.3 -TLSRSACertificateFile /etc/ssl/certs/proftpd.crt -TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key -TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt -TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key -TLSOptions NoSessionReuseRequired -TLSVerifyClient off - -# Are clients required to use FTP over TLS when talking to this server? -TLSRequired on - -# Allow SSL/TLS renegotiations when the client requests them, but -# do not force the renegotiations. Some clients do not support -# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these -# clients will close the data connection, or there will be a timeout -# on an idle data connection. -# -#TLSRenegotiate required off - -]]> - - - - -From 127.0.0.1 - - -MaxLoginAttempts 3 - - - BanEngine off - - - BanEngine on - -BanLog /var/log/proftpd/ban.log -BanTable /etc/proftpd/ban.tab -BanMessage "User %u was banned." -BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently" -BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00 -BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99 -BanControlsACLs all allow user root - - - -BanEngine off -DelayEngine off - - ]]> - - - - - - - - - " -openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072 -chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem -]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# Mandatory : user password. You must have a password. - -MYSQLPassword - - -# Mandatory : database to open. - -MYSQLDatabase - - -# Mandatory : how passwords are stored -# Valid values are : "cleartext", "crypt", "sha1", "md5" and "password" -# ("password" = MySQL password() function) -# You can also use "any" to try "crypt", "sha1", "md5" *and* "password" - -MYSQLCrypt any - - -# In the following directives, parts of the strings are replaced at -# run-time before performing queries : -# -# \L is replaced by the login of the user trying to authenticate. -# \I is replaced by the IP address the user connected to. -# \P is replaced by the port number the user connected to. -# \R is replaced by the IP address the user connected from. -# \D is replaced by the remote IP address, as a long decimal number. -# -# Very complex queries can be performed using these substitution strings, -# especially for virtual hosting. - - -# Query to execute in order to fetch the password - -MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y" - - -# Query to execute in order to fetch the system user name or uid - -MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y" - - -# Optional : default UID - if set this overrides MYSQLGetUID - -#MYSQLDefaultUID 1000 - - -# Query to execute in order to fetch the system user group or gid - -MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y" - - -# Optional : default GID - if set this overrides MYSQLGetGID - -#MYSQLDefaultGID 1000 - - -# Query to execute in order to fetch the home directory - -MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y" - - -# Optional : query to get the maximal number of files -# Pure-FTPd must have been compiled with virtual quotas support. - -# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User='\L' - - -# Optional : query to get the maximal disk usage (virtual quotas) -# The number should be in Megabytes. -# Pure-FTPd must have been compiled with virtual quotas support. - -MySQLGetQTASZ SELECT CASE WHEN panel_customers.diskspace = 0 THEN -1 WHEN panel_customers.diskspace <= -1 THEN 0 ELSE panel_customers.diskspace/1024 END AS QuotaSize FROM panel_customers, ftp_users WHERE username = "\L" AND panel_customers.loginname = SUBSTRING_INDEX('\L', 'ftp', 1) - - -# Optional : ratios. The server has to be compiled with ratio support. - -# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User='\L' -# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User='\L' - - -# Optional : bandwidth throttling. -# The server has to be compiled with throttling support. -# Values are in KB/s . - -# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User='\L' -# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User='\L' - -# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS : -# 1) You know what you are doing. -# 2) Real and virtual users match. - -# MySQLForceTildeExpansion 1 - - -# If you're using a transactionnal storage engine, you can enable SQL -# transactions to avoid races. Leave this commented if you are using the -# traditional MyIsam engine. - -# MySQLTransactions On -]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *.log { - missingok - daily - rotate 7 - compress - delaycompress - notifempty - create - sharedscripts - postrotate - > /dev/null 2>&1 || true - endscript -} -]]> - - - - - - - - - {{settings.system.mod_fcgid_ownvhost}} - - - - - - - - - - - - - - - {{settings.system.webserver}} - - - - - - {{settings.system.webserver}} - - - - - {{settings.phpfpm.enabled_ownvhost}} - - {{settings.phpfpm.vhost_httpuser}} - - - - - - {{settings.system.webserver}} - - {{settings.phpfpm.enabled_ownvhost}} - - - - - - - - - - bin/froxlor-cli /usr/local/bin/froxlor-cli]]> - bin/froxlor-cli froxlor:cron --run-task 99]]> - - - - - - diff --git a/lib/configfiles/buster.xml b/lib/configfiles/buster.xml deleted file mode 100644 index 91a2f359..00000000 --- a/lib/configfiles/buster.xml +++ /dev/null @@ -1,4962 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - {{settings.system.apacheconf_vhost}} - - - - - {{settings.system.apacheconf_vhost}} - - - - - - - {{settings.system.apacheconf_diroptions}} - - - - - {{settings.system.apacheconf_diroptions}} - - - - - - - - - {{settings.system.deactivateddocroot}} - - - - - - - - - //service[@type='http']/general/commands - - - - {{settings.system.use_ssl}} - - - - - {{settings.phpfpm.enabled}} - - - - - - {{settings.system.leenabled}} - - - Require all granted - -]]> - - - - - - - - - "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/") - -# default listening port for IPv6 falls back to the IPv4 port -include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port -include_shell "/usr/share/lighttpd/create-mime.assign.pl" -include_shell "/usr/share/lighttpd/include-conf-enabled.pl" -]]> - - - //service[@type='http']/general/commands - - {{settings.system.apacheconf_vhost}} - - > /etc/lighttpd/lighttpd.conf]]> - - - {{settings.system.apacheconf_vhost}} - - > /etc/lighttpd/lighttpd.conf]]> - - - {{settings.system.apacheconf_diroptions}} - - > /etc/lighttpd/lighttpd.conf]]> - - - {{settings.system.apacheconf_diroptions}} - - > /etc/lighttpd/lighttpd.conf]]> - - - - - - - - - - {{settings.phpfpm.enabled}} - - {{settings.system.mod_fcgid}} - - - - - - - - - - - - - {{settings.system.leenabled}} - - - - - - {{settings.phpfpm.enabled}} - - {{settings.system.mod_fcgid}} - - - - - //service[@type='http']/general/commands - - {{settings.phpfpm.enabled}} - - {{settings.system.mod_fcgid}} - - - - - - - - - - - - > /etc/bind/named.conf.local]]> - - - - - - - - - - -################################# -# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. -# -# allow-dnsupdate-from=127.0.0.0/8,::1 - -################################# -# also-notify When notifying a domain, also notify these nameservers -# -# also-notify= - -################################# -# any-to-tcp Answer ANY queries with tc=1, shunting to TCP -# -# any-to-tcp=no - -################################# -# cache-ttl Seconds to store packets in the PacketCache -# -# cache-ttl=20 - -################################# -# carbon-interval Number of seconds between carbon (graphite) updates -# -# carbon-interval=30 - -################################# -# carbon-ourname If set, overrides our reported hostname for carbon stats -# -# carbon-ourname= - -################################# -# carbon-server If set, send metrics in carbon (graphite) format to this server -# -# carbon-server= - -################################# -# chroot If set, chroot to this directory for more security -# -# chroot= - -################################# -# config-dir Location of configuration directory (pdns.conf) -# -config-dir=/etc/powerdns - -################################# -# config-name Name of this virtual configuration - will rename the binary image -# -# config-name= - -################################# -# control-console Debugging switch - don't use -# -# control-console=no - -################################# -# daemon Operate as a daemon -# -daemon=yes - -################################# -# default-ksk-algorithms Default KSK algorithms -# -# default-ksk-algorithms=rsasha256 - -################################# -# default-ksk-size Default KSK size (0 means default) -# -# default-ksk-size=0 - -################################# -# default-soa-mail mail address to insert in the SOA record if none set in the backend -# -# default-soa-mail= - -################################# -# default-soa-name name to insert in the SOA record if none set in the backend -# -# default-soa-name=a.misconfigured.powerdns.server - -################################# -# default-ttl Seconds a result is valid if not set otherwise -# -# default-ttl=3600 - -################################# -# default-zsk-algorithms Default ZSK algorithms -# -# default-zsk-algorithms=rsasha256 - -################################# -# default-zsk-size Default ZSK size (0 means default) -# -# default-zsk-size=0 - -################################# -# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis -# -# direct-dnskey=no - -################################# -# disable-axfr Disable zonetransfers but do allow TCP queries -# -# disable-axfr=no - -################################# -# disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. -# -# disable-axfr-rectify=no - -################################# -# disable-tcp Do not listen to TCP queries -# -# disable-tcp=no - -################################# -# distributor-threads Default number of Distributor (backend) threads to start -# -# distributor-threads=3 - -################################# -# do-ipv6-additional-processing Do AAAA additional processing -# -# do-ipv6-additional-processing=yes - -################################# -# edns-subnet-processing If we should act on EDNS Subnet options -# -# edns-subnet-processing=no - -################################# -# entropy-source If set, read entropy from this file -# -# entropy-source=/dev/urandom - -################################# -# experimental-api-key REST API Static authentication key (required for API use) -# -# experimental-api-key= - -################################# -# experimental-api-readonly If the JSON API should disallow data modification -# -# experimental-api-readonly=no - -################################# -# experimental-dname-processing If we should support DNAME records -# -# experimental-dname-processing=no - -################################# -# experimental-dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. -# -# experimental-dnsupdate=no - -################################# -# experimental-json-interface If the webserver should serve JSON data -# -# experimental-json-interface=no - -################################# -# experimental-logfile Filename of the log file for JSON parser -# -# experimental-logfile=/var/log/pdns.log - -################################# -# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. -# -# forward-dnsupdate=yes - -################################# -# guardian Run within a guardian process -# -guardian=yes - -################################# -# include-dir Include *.conf files from this directory -# -# include-dir= - -################################# -# launch Which backends to launch and order to query them in -# -# launch= - -################################# -# load-modules Load this module - supply absolute or relative path -# -# load-modules= - -################################# -# local-address Local IP addresses to which we bind -# -local-address=,127.0.0.1 - -################################# -# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server -# -# local-address-nonexist-fail=yes - -################################# -# local-ipv6 Local IP address to which we bind -# -# local-ipv6= - -################################# -# local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server -# -# local-ipv6-nonexist-fail=yes - -################################# -# local-port The port on which we listen -# -# local-port=53 - -################################# -# log-dns-details If PDNS should log DNS non-erroneous details -# -# log-dns-details=no - -################################# -# log-dns-queries If PDNS should log all incoming DNS queries -# -# log-dns-queries=no - -################################# -# logging-facility Log under a specific facility -# -# logging-facility= - -################################# -# loglevel Amount of logging. Higher is more. Do not set below 3 -# -# loglevel=4 - -################################# -# lua-prequery-script Lua script with prequery handler -# -# lua-prequery-script= - -################################# -# master Act as a master -# -master=yes - -################################# -# max-cache-entries Maximum number of cache entries -# -# max-cache-entries=1000000 - -################################# -# max-ent-entries Maximum number of empty non-terminals in a zone -# -# max-ent-entries=100000 - -################################# -# max-nsec3-iterations Limit the number of NSEC3 hash iterations -# -# max-nsec3-iterations=500 - -################################# -# max-queue-length Maximum queuelength before considering situation lost -# -# max-queue-length=5000 - -################################# -# max-signature-cache-entries Maximum number of signatures cache entries -# -# max-signature-cache-entries= - -################################# -# max-tcp-connections Maximum number of TCP connections -# -# max-tcp-connections=10 - -################################# -# module-dir Default directory for modules -# -# module-dir=/usr/lib/TRIPLET/pdns - -################################# -# negquery-cache-ttl Seconds to store negative query results in the QueryCache -# -# negquery-cache-ttl=60 - -################################# -# no-shuffle Set this to prevent random shuffling of answers - for regression testing -# -# no-shuffle=off - -################################# -# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks -# -# only-notify=0.0.0.0/0,::/0 - -################################# -# out-of-zone-additional-processing Do out of zone additional processing -# -# out-of-zone-additional-processing=yes - -################################# -# overload-queue-length Maximum queuelength moving to packetcache only -# -# overload-queue-length=0 - -################################# -# pipebackend-abi-version Version of the pipe backend ABI -# -# pipebackend-abi-version=1 - -################################# -# prevent-self-notification Don't send notifications to what we think is ourself -# -# prevent-self-notification=yes - -################################# -# query-cache-ttl Seconds to store query results in the QueryCache -# -# query-cache-ttl=20 - -################################# -# query-local-address Source IP address for sending queries -# -# query-local-address=0.0.0.0 - -################################# -# query-local-address6 Source IPv6 address for sending queries -# -# query-local-address6=:: - -################################# -# query-logging Hint backends that queries should be logged -# -# query-logging=no - -################################# -# queue-limit Maximum number of milliseconds to queue a query -# -# queue-limit=1500 - -################################# -# receiver-threads Default number of receiver threads to start -# -# receiver-threads=1 - -################################# -# retrieval-threads Number of AXFR-retrieval threads for slave operation -# -# retrieval-threads=2 - -################################# -# reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket -# -# reuseport=no - -################################# -# security-poll-suffix Domain name from which to query security update notifications -# -# security-poll-suffix=secpoll.powerdns.com. - -################################# -# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority -# -# send-root-referral=no - -################################# -# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom -# -# server-id= - -################################# -# setgid If set, change group id to this gid for more security -# -setgid=pdns - -################################# -# setuid If set, change user id to this uid for more security -# -setuid=pdns - -################################# -# signing-threads Default number of signer threads to start -# -# signing-threads=3 - -################################# -# slave Act as a slave -# -# slave=no - -################################# -# slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds -# -# slave-cycle-interval=60 - -################################# -# slave-renotify If we should send out notifications for slaved updates -# -# slave-renotify=no - -################################# -# soa-expire-default Default SOA expire -# -# soa-expire-default=604800 - -################################# -# soa-minimum-ttl Default SOA minimum ttl -# -# soa-minimum-ttl=3600 - -################################# -# soa-refresh-default Default SOA refresh -# -# soa-refresh-default=10800 - -################################# -# soa-retry-default Default SOA retry -# -# soa-retry-default=3600 - -################################# -# socket-dir Where the controlsocket will live -# -# socket-dir=/var/run - -################################# -# tcp-control-address If set, PowerDNS can be controlled over TCP on this address -# -# tcp-control-address= - -################################# -# tcp-control-port If set, PowerDNS can be controlled over TCP on this address -# -# tcp-control-port=53000 - -################################# -# tcp-control-range If set, remote control of PowerDNS is possible over these networks only -# -# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 - -################################# -# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret -# -# tcp-control-secret= - -################################# -# traceback-handler Enable the traceback handler (Linux only) -# -# traceback-handler=yes - -################################# -# trusted-notification-proxy IP address of incoming notification proxy -# -# trusted-notification-proxy= - -################################# -# udp-truncation-threshold Maximum UDP response size before we truncate -# -# udp-truncation-threshold=1680 - -################################# -# version-string PowerDNS version in packets - full, anonymous, powerdns or custom -# - -version-string=powerdns -################################# -# webserver Start a webserver for monitoring -# -# webserver=no - -################################# -# webserver-address IP Address of webserver to listen on -# -# webserver-address=127.0.0.1 - -################################# -# webserver-allow-from Webserver access is only allowed from these subnets -# -# webserver-allow-from=0.0.0.0/0,::/0 - -################################# -# webserver-password Password required for accessing the webserver -# -# webserver-password= - -################################# -# webserver-port Port of webserver to listen on -# -# webserver-port=8081 - -################################# -# webserver-print-arguments If the webserver should print arguments -# -# webserver-print-arguments=no - -# include froxlor-bind-specific config -include-dir=/etc/powerdns/froxlor/ -]]> - - - - - - - - - - - - - - -################################# -# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. -# -# allow-dnsupdate-from=127.0.0.0/8,::1 - -################################# -# also-notify When notifying a domain, also notify these nameservers -# -# also-notify= - -################################# -# any-to-tcp Answer ANY queries with tc=1, shunting to TCP -# -# any-to-tcp=no - -################################# -# cache-ttl Seconds to store packets in the PacketCache -# -# cache-ttl=20 - -################################# -# carbon-interval Number of seconds between carbon (graphite) updates -# -# carbon-interval=30 - -################################# -# carbon-ourname If set, overrides our reported hostname for carbon stats -# -# carbon-ourname= - -################################# -# carbon-server If set, send metrics in carbon (graphite) format to this server -# -# carbon-server= - -################################# -# chroot If set, chroot to this directory for more security -# -# chroot= - -################################# -# config-dir Location of configuration directory (pdns.conf) -# -config-dir=/etc/powerdns - -################################# -# config-name Name of this virtual configuration - will rename the binary image -# -# config-name= - -################################# -# control-console Debugging switch - don't use -# -# control-console=no - -################################# -# daemon Operate as a daemon -# -daemon=yes - -################################# -# default-ksk-algorithms Default KSK algorithms -# -# default-ksk-algorithms=rsasha256 - -################################# -# default-ksk-size Default KSK size (0 means default) -# -# default-ksk-size=0 - -################################# -# default-soa-mail mail address to insert in the SOA record if none set in the backend -# -# default-soa-mail= - -################################# -# default-soa-name name to insert in the SOA record if none set in the backend -# -# default-soa-name=a.misconfigured.powerdns.server - -################################# -# default-ttl Seconds a result is valid if not set otherwise -# -# default-ttl=3600 - -################################# -# default-zsk-algorithms Default ZSK algorithms -# -# default-zsk-algorithms=rsasha256 - -################################# -# default-zsk-size Default ZSK size (0 means default) -# -# default-zsk-size=0 - -################################# -# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis -# -# direct-dnskey=no - -################################# -# disable-axfr Disable zonetransfers but do allow TCP queries -# -# disable-axfr=no - -################################# -# disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. -# -# disable-axfr-rectify=no - -################################# -# disable-tcp Do not listen to TCP queries -# -# disable-tcp=no - -################################# -# distributor-threads Default number of Distributor (backend) threads to start -# -# distributor-threads=3 - -################################# -# do-ipv6-additional-processing Do AAAA additional processing -# -# do-ipv6-additional-processing=yes - -################################# -# edns-subnet-processing If we should act on EDNS Subnet options -# -# edns-subnet-processing=no - -################################# -# entropy-source If set, read entropy from this file -# -# entropy-source=/dev/urandom - -################################# -# experimental-api-key REST API Static authentication key (required for API use) -# -# experimental-api-key= - -################################# -# experimental-api-readonly If the JSON API should disallow data modification -# -# experimental-api-readonly=no - -################################# -# experimental-dname-processing If we should support DNAME records -# -# experimental-dname-processing=no - -################################# -# experimental-dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. -# -# experimental-dnsupdate=no - -################################# -# experimental-json-interface If the webserver should serve JSON data -# -# experimental-json-interface=no - -################################# -# experimental-logfile Filename of the log file for JSON parser -# -# experimental-logfile=/var/log/pdns.log - -################################# -# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. -# -# forward-dnsupdate=yes - -################################# -# guardian Run within a guardian process -# -guardian=yes - -################################# -# include-dir Include *.conf files from this directory -# -# include-dir= - -################################# -# launch Which backends to launch and order to query them in -# -# launch= -launch=bind - -################################# -# load-modules Load this module - supply absolute or relative path -# -# load-modules= - -################################# -# local-address Local IP addresses to which we bind -# -local-address=,127.0.0.1 - -################################# -# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server -# -# local-address-nonexist-fail=yes - -################################# -# local-ipv6 Local IP address to which we bind -# -# local-ipv6= - -################################# -# local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server -# -# local-ipv6-nonexist-fail=yes - -################################# -# local-port The port on which we listen -# -# local-port=53 - -################################# -# log-dns-details If PDNS should log DNS non-erroneous details -# -# log-dns-details=no - -################################# -# log-dns-queries If PDNS should log all incoming DNS queries -# -# log-dns-queries=no - -################################# -# logging-facility Log under a specific facility -# -# logging-facility= - -################################# -# loglevel Amount of logging. Higher is more. Do not set below 3 -# -# loglevel=4 - -################################# -# lua-prequery-script Lua script with prequery handler -# -# lua-prequery-script= - -################################# -# master Act as a master -# -master=yes - -################################# -# max-cache-entries Maximum number of cache entries -# -# max-cache-entries=1000000 - -################################# -# max-ent-entries Maximum number of empty non-terminals in a zone -# -# max-ent-entries=100000 - -################################# -# max-nsec3-iterations Limit the number of NSEC3 hash iterations -# -# max-nsec3-iterations=500 - -################################# -# max-queue-length Maximum queuelength before considering situation lost -# -# max-queue-length=5000 - -################################# -# max-signature-cache-entries Maximum number of signatures cache entries -# -# max-signature-cache-entries= - -################################# -# max-tcp-connections Maximum number of TCP connections -# -# max-tcp-connections=10 - -################################# -# module-dir Default directory for modules -# -# module-dir=/usr/lib/TRIPLET/pdns - -################################# -# negquery-cache-ttl Seconds to store negative query results in the QueryCache -# -# negquery-cache-ttl=60 - -################################# -# no-shuffle Set this to prevent random shuffling of answers - for regression testing -# -# no-shuffle=off - -################################# -# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks -# -# only-notify=0.0.0.0/0,::/0 - -################################# -# out-of-zone-additional-processing Do out of zone additional processing -# -# out-of-zone-additional-processing=yes - -################################# -# overload-queue-length Maximum queuelength moving to packetcache only -# -# overload-queue-length=0 - -################################# -# pipebackend-abi-version Version of the pipe backend ABI -# -# pipebackend-abi-version=1 - -################################# -# prevent-self-notification Don't send notifications to what we think is ourself -# -# prevent-self-notification=yes - -################################# -# query-cache-ttl Seconds to store query results in the QueryCache -# -# query-cache-ttl=20 - -################################# -# query-local-address Source IP address for sending queries -# -# query-local-address=0.0.0.0 - -################################# -# query-local-address6 Source IPv6 address for sending queries -# -# query-local-address6=:: - -################################# -# query-logging Hint backends that queries should be logged -# -# query-logging=no - -################################# -# queue-limit Maximum number of milliseconds to queue a query -# -# queue-limit=1500 - -################################# -# receiver-threads Default number of receiver threads to start -# -# receiver-threads=1 - -################################# -# retrieval-threads Number of AXFR-retrieval threads for slave operation -# -# retrieval-threads=2 - -################################# -# reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket -# -# reuseport=no - -################################# -# security-poll-suffix Domain name from which to query security update notifications -# -# security-poll-suffix=secpoll.powerdns.com. - -################################# -# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority -# -# send-root-referral=no - -################################# -# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom -# -# server-id= - -################################# -# setgid If set, change group id to this gid for more security -# -setgid=pdns - -################################# -# setuid If set, change user id to this uid for more security -# -setuid=pdns - -################################# -# signing-threads Default number of signer threads to start -# -# signing-threads=3 - -################################# -# slave Act as a slave -# -# slave=no - -################################# -# slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds -# -# slave-cycle-interval=60 - -################################# -# slave-renotify If we should send out notifications for slaved updates -# -# slave-renotify=no - -################################# -# soa-expire-default Default SOA expire -# -# soa-expire-default=604800 - -################################# -# soa-minimum-ttl Default SOA minimum ttl -# -# soa-minimum-ttl=3600 - -################################# -# soa-refresh-default Default SOA refresh -# -# soa-refresh-default=10800 - -################################# -# soa-retry-default Default SOA retry -# -# soa-retry-default=3600 - -################################# -# socket-dir Where the controlsocket will live -# -# socket-dir=/var/run - -################################# -# tcp-control-address If set, PowerDNS can be controlled over TCP on this address -# -# tcp-control-address= - -################################# -# tcp-control-port If set, PowerDNS can be controlled over TCP on this address -# -# tcp-control-port=53000 - -################################# -# tcp-control-range If set, remote control of PowerDNS is possible over these networks only -# -# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 - -################################# -# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret -# -# tcp-control-secret= - -################################# -# traceback-handler Enable the traceback handler (Linux only) -# -# traceback-handler=yes - -################################# -# trusted-notification-proxy IP address of incoming notification proxy -# -# trusted-notification-proxy= - -################################# -# udp-truncation-threshold Maximum UDP response size before we truncate -# -# udp-truncation-threshold=1680 - -################################# -# version-string PowerDNS version in packets - full, anonymous, powerdns or custom -# - -version-string=powerdns -################################# -# webserver Start a webserver for monitoring -# -# webserver=no - -################################# -# webserver-address IP Address of webserver to listen on -# -# webserver-address=127.0.0.1 - -################################# -# webserver-allow-from Webserver access is only allowed from these subnets -# -# webserver-allow-from=0.0.0.0/0,::/0 - -################################# -# webserver-password Password required for accessing the webserver -# -# webserver-password= - -################################# -# webserver-port Port of webserver to listen on -# -# webserver-port=8081 - -################################# -# webserver-print-arguments If the webserver should print arguments -# -# webserver-print-arguments=no - -# include froxlor-bind-specific config -include-dir=/etc/powerdns/froxlor/ -]]> - - - - - named.conf - -# How often to check for zone changes. See 'Operation' section. -bind-check-interval=180 - -# Uncomment to enable Huffman compression on zone data. -# Currently saves around 20% of memory actually used, but slows down operation. -# bind-enable-huffman -]]> - - - - - - - - - - - - {{settings.system.vmail_gid}} - - - - - {{settings.system.vmail_uid}} - - - - - - - - - - - - - - - - - -password = -dbname = -hosts = -query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' -]]> - - - - -password = -dbname = -hosts = -query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0 -]]> - - - - -password = -dbname = -expansion_limit = 1 -hosts = -query = SELECT CONCAT(homedir,maildir) FROM mail_users WHERE email = '%s' -]]> - - - - -password = -dbname = -hosts = -query = SELECT DISTINCT username FROM mail_users WHERE email in ((SELECT mail_virtual.email_full FROM mail_virtual WHERE mail_virtual.email = '%s' UNION SELECT mail_virtual.destination FROM mail_virtual WHERE mail_virtual.email = '%s')); -]]> - - - - -password = -dbname = -expansion_limit = 1 -hosts = -query = SELECT uid FROM mail_users WHERE email = '%s' -]]> - - - - -password = -dbname = -expansion_limit = 1 -hosts = -query = SELECT gid FROM mail_users WHERE email = '%s' -]]> - - - - -]]> - - - - - - - - - - - //service[@type='smtp']/general/commands[@index=1] - - //service[@type='smtp']/general/installs[@index=1] - - //service[@type='smtp']/general/commands[@index=2] - - - - -# SENDING MAIL -# -# The myorigin parameter specifies the domain that locally-posted -# mail appears to come from. The default is to append $myhostname, -# which is fine for small sites. If you run a domain with multiple -# machines, you should (1) change this to $mydomain and (2) set up -# a domain-wide alias database that aliases each user to -# user@that.users.mailhost. -# -# For the sake of consistency between sender and recipient addresses, -# myorigin also specifies the default domain name that is appended -# to recipient addresses that have no @domain part. -# -# Debian GNU/Linux specific: Specifying a file name will cause the -# first line of that file to be used as the name. The Debian default -# is /etc/mailname. -# -#myorigin = /etc/mailname -#myorigin = $myhostname -#myorigin = $mydomain - -# RECEIVING MAIL - -# The inet_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on. By default, -# the software claims all active interfaces on the machine. The -# parameter also controls delivery of mail to user@[ip.address]. -# -# See also the proxy_interfaces parameter, for network addresses that -# are forwarded to us via a proxy or network address translator. -# -# Note: you need to stop/start Postfix when this parameter changes. -# -inet_interfaces = all -#inet_interfaces = $myhostname -#inet_interfaces = $myhostname, localhost - -# The proxy_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on by way of a -# proxy or network address translation unit. This setting extends -# the address list specified with the inet_interfaces parameter. -# -# You must specify your proxy/NAT addresses when your system is a -# backup MX host for other domains, otherwise mail delivery loops -# will happen when the primary MX host is down. -# -#proxy_interfaces = -#proxy_interfaces = 1.2.3.4 - -# The mydestination parameter specifies the list of domains that this -# machine considers itself the final destination for. -# -# These domains are routed to the delivery agent specified with the -# local_transport parameter setting. By default, that is the UNIX -# compatible delivery agent that lookups all recipients in /etc/passwd -# and /etc/aliases or their equivalent. -# -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. -# -# Do not specify the names of virtual domains - those domains are -# specified elsewhere (see VIRTUAL_README). -# -# Do not specify the names of domains that this machine is backup MX -# host for. Specify those names via the relay_domains settings for -# the SMTP server, or use permit_mx_backup if you are lazy (see -# STANDARD_CONFIGURATION_README). -# -# The local machine is always the final destination for mail addressed -# to user@[the.net.work.address] of an interface that the mail system -# receives mail on (see the inet_interfaces parameter). -# -# Specify a list of host or domain names, /file/name or type:table -# patterns, separated by commas and/or whitespace. A /file/name -# pattern is replaced by its contents; a type:table is matched when -# a name matches a lookup key (the right-hand side is ignored). -# Continue long lines by starting the next line with whitespace. -# -# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". -# -#mydestination = $myhostname, localhost.$mydomain, localhost -mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain -#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, -# mail.$mydomain, www.$mydomain, ftp.$mydomain - -# REJECTING MAIL FOR UNKNOWN LOCAL USERS -# -# The local_recipient_maps parameter specifies optional lookup tables -# with all names or addresses of users that are local with respect -# to $mydestination, $inet_interfaces or $proxy_interfaces. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown local users. This parameter is defined by default. -# -# To turn off local recipient checking in the SMTP server, specify -# local_recipient_maps = (i.e. empty). -# -# The default setting assumes that you use the default Postfix local -# delivery agent for local delivery. You need to update the -# local_recipient_maps setting if: -# -# - You define $mydestination domain recipients in files other than -# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. -# For example, you define $mydestination domain recipients in -# the $virtual_mailbox_maps files. -# -# - You redefine the local delivery agent in master.cf. -# -# - You redefine the "local_transport" setting in main.cf. -# -# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" -# feature of the Postfix local delivery agent (see local(8)). -# -# Details are described in the LOCAL_RECIPIENT_README file. -# -# Beware: if the Postfix SMTP server runs chrooted, you probably have -# to access the passwd file via the proxymap service, in order to -# overcome chroot restrictions. The alternative, having a copy of -# the system passwd file in the chroot jail is just not practical. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify a bare username, an @domain.tld -# wild-card, or specify a user@domain.tld address. -# -#local_recipient_maps = unix:passwd.byname $alias_maps -#local_recipient_maps = proxy:unix:passwd.byname $alias_maps -#local_recipient_maps = - -# The unknown_local_recipient_reject_code specifies the SMTP server -# response code when a recipient domain matches $mydestination or -# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty -# and the recipient address or address local-part is not found. -# -# The default setting is 550 (reject mail) but it is safer to start -# with 450 (try again later) until you are certain that your -# local_recipient_maps settings are OK. -# -unknown_local_recipient_reject_code = 550 - -# TRUST AND RELAY CONTROL - -# The mynetworks parameter specifies the list of "trusted" SMTP -# clients that have more privileges than "strangers". -# -# In particular, "trusted" SMTP clients are allowed to relay mail -# through Postfix. See the smtpd_recipient_restrictions parameter -# in postconf(5). -# -# You can specify the list of "trusted" network addresses by hand -# or you can let Postfix do it for you (which is the default). -# -# By default (mynetworks_style = subnet), Postfix "trusts" SMTP -# clients in the same IP subnetworks as the local machine. -# On Linux, this does works correctly only with interfaces specified -# with the "ifconfig" command. -# -# Specify "mynetworks_style = class" when Postfix should "trust" SMTP -# clients in the same IP class A/B/C networks as the local machine. -# Don't do this with a dialup site - it would cause Postfix to "trust" -# your entire provider's network. Instead, specify an explicit -# mynetworks list by hand, as described below. -# -# Specify "mynetworks_style = host" when Postfix should "trust" -# only the local machine. -# -#mynetworks_style = class -#mynetworks_style = subnet -#mynetworks_style = host - -# Alternatively, you can specify the mynetworks list by hand, in -# which case Postfix ignores the mynetworks_style setting. -# -# Specify an explicit list of network/netmask patterns, where the -# mask specifies the number of bits in the network part of a host -# address. -# -# You can also specify the absolute pathname of a pattern file instead -# of listing the patterns here. Specify type:table for table-based lookups -# (the value on the table right-hand side is not used). -# -#mynetworks = 168.100.189.0/28, 127.0.0.0/8 -#mynetworks = $config_directory/mynetworks -#mynetworks = hash:/etc/postfix/network_table -mynetworks = 127.0.0.0/8 - -# The relay_domains parameter restricts what destinations this system will -# relay mail to. See the smtpd_recipient_restrictions description in -# postconf(5) for detailed information. -# -# By default, Postfix relays mail -# - from "trusted" clients (IP address matches $mynetworks) to any destination, -# - from "untrusted" clients to destinations that match $relay_domains or -# subdomains thereof, except addresses with sender-specified routing. -# The default relay_domains value is $mydestination. -# -# In addition to the above, the Postfix SMTP server by default accepts mail -# that Postfix is final destination for: -# - destinations that match $inet_interfaces or $proxy_interfaces, -# - destinations that match $mydestination -# - destinations that match $virtual_alias_domains, -# - destinations that match $virtual_mailbox_domains. -# These destinations do not need to be listed in $relay_domains. -# -# Specify a list of hosts or domains, /file/name patterns or type:name -# lookup tables, separated by commas and/or whitespace. Continue -# long lines by starting the next line with whitespace. A file name -# is replaced by its contents; a type:name table is matched when a -# (parent) domain appears as lookup key. -# -# NOTE: Postfix will not automatically forward mail for domains that -# list this system as their primary or backup MX host. See the -# permit_mx_backup restriction description in postconf(5). -# -#relay_domains = $mydestination - -# INTERNET OR INTRANET - -# The relayhost parameter specifies the default host to send mail to -# when no entry is matched in the optional transport(5) table. When -# no relayhost is given, mail is routed directly to the destination. -# -# On an intranet, specify the organizational domain name. If your -# internal DNS uses no MX records, specify the name of the intranet -# gateway host instead. -# -# In the case of SMTP, specify a domain, host, host:port, [host]:port, -# [address] or [address]:port; the form [host] turns off MX lookups. -# -# If you're connected via UUCP, see also the default_transport parameter. -# -#relayhost = $mydomain -#relayhost = [gateway.my.domain] -#relayhost = [mailserver.isp.tld] -#relayhost = uucphost -#relayhost = [an.ip.add.ress] - -# REJECTING UNKNOWN RELAY USERS -# -# The relay_recipient_maps parameter specifies optional lookup tables -# with all addresses in the domains that match $relay_domains. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown relay users. This feature is off by default. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify an @domain.tld wild-card, or specify -# a user@domain.tld address. -# -#relay_recipient_maps = hash:/etc/postfix/relay_recipients - -# INPUT RATE CONTROL -# -# The in_flow_delay configuration parameter implements mail input -# flow control. This feature is turned on by default, although it -# still needs further development (it's disabled on SCO UNIX due -# to an SCO bug). -# -# A Postfix process will pause for $in_flow_delay seconds before -# accepting a new message, when the message arrival rate exceeds the -# message delivery rate. With the default 100 SMTP server process -# limit, this limits the mail inflow to 100 messages a second more -# than the number of messages delivered per second. -# -# Specify 0 to disable the feature. Valid delays are 0..10. -# -#in_flow_delay = 1s - -# ADDRESS REWRITING -# -# The ADDRESS_REWRITING_README document gives information about -# address masquerading or other forms of address rewriting including -# username->Firstname.Lastname mapping. - -# ADDRESS REDIRECTION (VIRTUAL DOMAIN) -# -# The VIRTUAL_README document gives information about the many forms -# of domain hosting that Postfix supports. - -# "USER HAS MOVED" BOUNCE MESSAGES -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# TRANSPORT MAP -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# ALIAS DATABASE -# -# The alias_maps parameter specifies the list of alias databases used -# by the local delivery agent. The default list is system dependent. -# -# On systems with NIS, the default is to search the local alias -# database, then the NIS alias database. See aliases(5) for syntax -# details. -# -# If you change the alias database, run "postalias /etc/aliases" (or -# wherever your system stores the mail alias file), or simply run -# "newaliases" to build the necessary DBM or DB file. -# -# It will take a minute or so before changes become visible. Use -# "postfix reload" to eliminate the delay. -# -#alias_maps = dbm:/etc/aliases -#alias_maps = hash:/etc/aliases -#alias_maps = hash:/etc/aliases, nis:mail.aliases -#alias_maps = netinfo:/aliases - -# The alias_database parameter specifies the alias database(s) that -# are built with "newaliases" or "sendmail -bi". This is a separate -# configuration parameter, because alias_maps (see above) may specify -# tables that are not necessarily all under control by Postfix. -# -#alias_database = dbm:/etc/aliases -#alias_database = dbm:/etc/mail/aliases -#alias_database = hash:/etc/aliases -#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases - -# ADDRESS EXTENSIONS (e.g., user+foo) -# -# The recipient_delimiter parameter specifies the separator between -# user names and address extensions (user+foo). See canonical(5), -# local(8), relocated(5) and virtual(5) for the effects this has on -# aliases, canonical, virtual, relocated and .forward file lookups. -# Basically, the software tries user+foo and .forward+foo before -# trying user and .forward. -# -#recipient_delimiter = + - -# DELIVERY TO MAILBOX -# -# The home_mailbox parameter specifies the optional pathname of a -# mailbox file relative to a user's home directory. The default -# mailbox file is /var/spool/mail/user or /var/mail/user. Specify -# "Maildir/" for qmail-style delivery (the / is required). -# -#home_mailbox = Mailbox -#home_mailbox = Maildir/ - -# The mail_spool_directory parameter specifies the directory where -# UNIX-style mailboxes are kept. The default setting depends on the -# system type. -# -#mail_spool_directory = /var/mail -#mail_spool_directory = /var/spool/mail - -# The mailbox_command parameter specifies the optional external -# command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME environment settings. -# Exception: delivery for root is done as $default_user. -# -# Other environment variables of interest: USER (recipient username), -# EXTENSION (address extension), DOMAIN (domain part of address), -# and LOCAL (the address localpart). -# -# Unlike other Postfix configuration parameters, the mailbox_command -# parameter is not subjected to $parameter substitutions. This is to -# make it easier to specify shell syntax (see example below). -# -# Avoid shell meta characters because they will force Postfix to run -# an expensive shell process. Procmail alone is expensive enough. -# -# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN -# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. -# -mailbox_command = /usr/lib/dovecot/deliver -#mailbox_command = /usr/bin/procmail -a "$EXTENSION" - -# The mailbox_transport specifies the optional transport in master.cf -# to use after processing aliases and .forward files. This parameter -# has precedence over the mailbox_command, fallback_transport and -# luser_relay parameters. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" -# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. -#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp -# -# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and -# subsequent line in master.cf. -#mailbox_transport = cyrus - -# The fallback_transport specifies the optional transport in master.cf -# to use for recipients that are not found in the UNIX passwd database. -# This parameter has precedence over the luser_relay parameter. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#fallback_transport = lmtp:unix:/file/name -#fallback_transport = cyrus -#fallback_transport = - -# The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown@$mydestination, -# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned -# as undeliverable. -# -# The following expansions are done on luser_relay: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $local (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# -# luser_relay works only for the default Postfix local delivery agent. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must specify "local_recipient_maps =" (i.e. empty) in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#luser_relay = $user@other.host -#luser_relay = $local@other.host -#luser_relay = admin+$local - -# JUNK MAIL CONTROLS -# -# The controls listed here are only a very small subset. The file -# SMTPD_ACCESS_README provides an overview. - -# The header_checks parameter specifies an optional table with patterns -# that each logical message header is matched against, including -# headers that span multiple physical lines. -# -# By default, these patterns also apply to MIME headers and to the -# headers of attached messages. With older Postfix versions, MIME and -# attached message headers were treated as body text. -# -# For details, see "man header_checks". -# -#header_checks = regexp:/etc/postfix/header_checks - -# FAST ETRN SERVICE -# -# Postfix maintains per-destination logfiles with information about -# deferred mail, so that mail can be flushed quickly with the SMTP -# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". -# See the ETRN_README document for a detailed description. -# -# The fast_flush_domains parameter controls what destinations are -# eligible for this service. By default, they are all domains that -# this server is willing to relay mail to. -# -#fast_flush_domains = $relay_domains - -# SHOW SOFTWARE VERSION OR NOT -# -# The smtpd_banner parameter specifies the text that follows the 220 -# code in the SMTP server's greeting banner. Some people like to see -# the mail version advertised. By default, Postfix shows no version. -# -# You MUST specify $myhostname at the start of the text. That is an -# RFC requirement. Postfix itself does not care. -# -#smtpd_banner = $myhostname ESMTP $mail_name -#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) - - -# PARALLEL DELIVERY TO THE SAME DESTINATION -# -# How many parallel deliveries to the same user or domain? With local -# delivery, it does not make sense to do massively parallel delivery -# to the same user, because mailbox updates must happen sequentially, -# and expensive pipelines in .forward files can cause disasters when -# too many are run at the same time. With SMTP deliveries, 10 -# simultaneous connections to the same domain could be sufficient to -# raise eyebrows. -# -# Each message delivery transport has its XXX_destination_concurrency_limit -# parameter. The default is $default_destination_concurrency_limit for -# most delivery transports. For the local delivery agent the default is 2. - -#local_destination_concurrency_limit = 2 -#default_destination_concurrency_limit = 20 - -# DEBUGGING CONTROL -# -# The debug_peer_level parameter specifies the increment in verbose -# logging level when an SMTP client or server host name or address -# matches a pattern in the debug_peer_list parameter. -# -#debug_peer_level = 2 - -# The debug_peer_list parameter specifies an optional list of domain -# or network patterns, /file/name patterns or type:name tables. When -# an SMTP client or server host name or address matches a pattern, -# increase the verbose logging level by the amount specified in the -# debug_peer_level parameter. -# -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -# The debugger_command specifies the external command that is executed -# when a Postfix daemon program is run with the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -debugger_command = - PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - ddd $daemon_directory/$process_name $process_id & sleep 5 - -# If you can't use X, use this to capture the call stack when a -# daemon crashes. The result is in a file in the configuration -# directory, and is named after the process name and the process ID. -# -# debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; -# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 -# >$config_directory/$process_name.$process_id.log & sleep 5 -# -# Another possibility is to run gdb under a detached screen session. -# To attach to the screen session, su root and run "screen -r -# " where uniquely matches one of the detached -# sessions (from "screen -list"). -# -# debugger_command = -# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen -# -dmS $process_name gdb $daemon_directory/$process_name -# $process_id & sleep 1 - -# INSTALL-TIME CONFIGURATION INFORMATION -# -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases - -# mailq_path: The full pathname of the Postfix mailq command. This -# is the Sendmail-compatible mail queue listing command. -# -mailq_path = /usr/bin/mailq - -# setgid_group: The group for mail submission and queue management -# commands. This must be a group name with a numerical group ID that -# is not shared with other accounts, not even with the Postfix account. -# -setgid_group = postdrop - -# html_directory: The location of the Postfix HTML documentation. -# -html_directory = no - -# manpage_directory: The location of the Postfix on-line manual pages. -# -manpage_directory = /usr/share/man - -# sample_directory: The location of the Postfix sample configuration files. -# This parameter is obsolete as of Postfix 2.1. -# -sample_directory = /usr/share/doc/postfix - -# readme_directory: The location of the Postfix README files. -# -readme_directory = /usr/share/doc/postfix -inet_protocols = ipv4 - -append_dot_mydomain = no -biff = no -smtpd_helo_required = yes -smtpd_recipient_restrictions = permit_mynetworks, - permit_sasl_authenticated, - reject_unauth_destination, - reject_unauth_pipelining, - reject_non_fqdn_recipient -smtpd_sender_restrictions = permit_mynetworks, - reject_sender_login_mismatch, - permit_sasl_authenticated, - reject_unknown_helo_hostname, - reject_unknown_recipient_domain, - reject_unknown_sender_domain -smtpd_client_restrictions = permit_mynetworks, - permit_sasl_authenticated, - reject_unknown_client_hostname - -# Postfix 2.10 requires this option. Postfix < 2.10 ignores this. -# The option is intentionally left empty. -smtpd_relay_restrictions = - -# Maximum size of Message in bytes (50MB) -message_size_limit = 52428800 - -## SASL Auth Settings -smtpd_sasl_auth_enable = yes -smtpd_sasl_local_domain = $myhostname -broken_sasl_auth_clients = yes -## Dovecot Settings for deliver, SASL Auth and virtual transport -smtpd_sasl_type = dovecot -virtual_transport = dovecot -dovecot_destination_recipient_limit = 1 -smtpd_sasl_path = private/auth - -# Virtual delivery settings -virtual_mailbox_base = / -virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf -virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf -virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf -smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_permissions.cf -virtual_uid_maps = static: -virtual_gid_maps = static: - -# Local delivery settings -local_transport = local -alias_maps = $alias_database - -# Default Mailbox size, is set to 0 which means unlimited! -mailbox_size_limit = 0 -virtual_mailbox_limit = 0 - -### TLS settings -### -## TLS for outgoing mails from the server to another server -smtp_tls_security_level = may -smtp_tls_note_starttls_offer = yes -## TLS for incoming connections (clients or other mail servers) -smtpd_tls_security_level = may -smtpd_tls_cert_file = -smtpd_tls_key_file = -#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt -smtpd_tls_loglevel = 1 -smtpd_tls_received_header = yes -smtp_use_tls = yes -smtpd_use_tls = yes -smtpd_tls_session_cache_timeout = 3600s -]]> - - - //service[@type='smtp']/general/files[@index=0] - - - - - //service[@type='smtp']/general/commands[@index=3] - - - - - - - - - - - - - to select which instance is used (an alternative -# to -c ). The instance name is also added to Dovecot processes -# in ps output. -#instance_name = dovecot - -# Greeting message for clients. -#login_greeting = Dovecot ready. - -# Space separated list of trusted network ranges. Connections from these -# IPs are allowed to override their IP addresses and ports (for logging and -# for authentication checks). disable_plaintext_auth is also ignored for -# these networks. Typically you'd specify your IMAP proxy servers here. -#login_trusted_networks = - -# Space separated list of login access check sockets (e.g. tcpwrap) -#login_access_sockets = - -# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do -# proxying. This isn't necessary normally, but may be useful if the destination -# IP is e.g. a load balancer's IP. -#auth_proxy_self = - -# Show more verbose process titles (in ps). Currently shows user name and -# IP address. Useful for seeing who are actually using the IMAP processes -# (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no - -# Should all processes be killed when Dovecot master process shuts down. -# Setting this to "no" means that Dovecot can be upgraded without -# forcing existing client connections to close (although that could also be -# a problem if the upgrade is e.g. because of a security fix). -#shutdown_clients = yes - -# If non-zero, run mail commands via this many connections to doveadm server, -# instead of running them directly in the same process. -#doveadm_worker_count = 0 -# UNIX socket or host:port used for connecting to doveadm server -#doveadm_socket_path = doveadm-server - -# Space separated list of environment variables that are preserved on Dovecot -# startup and passed down to all of its child processes. You can also give -# key=value pairs to always set specific settings. -#import_environment = TZ - -## -## Dictionary server settings -## - -# Dictionary can be used to store key=value lists. This is used by several -# plugins. The dictionary can be accessed either directly or though a -# dictionary server. The following dict block maps dictionary names to URIs -# when the server is used. These can then be referenced using URIs in format -# "proxy::". - -dict { - #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext - #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext -} - -# Most of the actual configuration gets included below. The filenames are -# first sorted by their ASCII value and parsed in that order. The 00-prefixes -# in filenames are intended to make it easier to understand the ordering. -!include conf.d/*.conf - -# A config file can also tried to be included without giving an error if -# it's not found: -!include_try local.conf -]]> - - - - dbname= user= password=" - -# Default password scheme. -# -# List of supported schemes is in -# http://wiki2.dovecot.org/Authentication/PasswordSchemes -# -#default_pass_scheme = CRYPT - -# passdb query to retrieve the password. It can return fields: -# password - The user's password. This field must be returned. -# user - user@domain from the database. Needed with case-insensitive lookups. -# username and domain - An alternative way to represent the "user" field. -# -# The "user" field is often necessary with case-insensitive lookups to avoid -# e.g. "name" and "nAme" logins creating two different mail directories. If -# your user and domain names are in separate fields, you can return "username" -# and "domain" fields instead of "user". -# -# The query can also return other fields which have a special meaning, see -# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields -# -# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables -# for full list): -# %u = entire user@domain -# %n = user part of user@domain -# %d = domain part of user@domain -# -# Note that these can be used only as input to SQL query. If the query outputs -# any of these substitutions, they're not touched. Otherwise it would be -# difficult to have eg. usernames containing '%' characters. -# -# Example: -# password_query = SELECT userid AS user, pw AS password \ -# FROM users WHERE userid = '%u' AND active = 'Y' -# -#password_query = \ -# SELECT username, domain, password \ -# FROM users WHERE username = '%n' AND domain = '%d' - -# userdb query to retrieve the user information. It can return fields: -# uid - System UID (overrides mail_uid setting) -# gid - System GID (overrides mail_gid setting) -# home - Home directory -# mail - Mail location (overrides mail_location setting) -# -# None of these are strictly required. If you use a single UID and GID, and -# home or mail directory fits to a template string, you could use userdb static -# instead. For a list of all fields that can be returned, see -# http://wiki2.dovecot.org/UserDatabase/ExtraFields -# -# Examples: -# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' -# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' -# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' -# -#user_query = \ -# SELECT home, uid, gid \ -# FROM users WHERE username = '%n' AND domain = '%d' -user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota, 'M') as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') - -# If you wish to avoid two SQL lookups (passdb + userdb), you can use -# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll -# also have to return userdb fields in password_query prefixed with "userdb_" -# string. For example: -#password_query = \ -# SELECT userid AS user, password, \ -# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \ -# FROM users WHERE userid = '%u' -password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve'))) - -# Query to get a list of all usernames. -iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)" -]]> - - - - to characters. For example "#@/@" means -# that '#' and '/' characters are translated to '@'. -#auth_username_translation = - -# Username formatting before it's looked up from databases. You can use -# the standard variables here, eg. %Lu would lowercase the username, %n would -# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into -# "-AT-". This translation is done after auth_username_translation changes. -#auth_username_format = %Lu - -# If you want to allow master users to log in by specifying the master -# username within the normal username string (ie. not using SASL mechanism's -# support for it), you can specify the separator character here. The format -# is then . UW-IMAP uses "*" as the -# separator, so that could be a good choice. -#auth_master_user_separator = - -# Username to use for users logging in with ANONYMOUS SASL mechanism -#auth_anonymous_username = anonymous - -# Maximum number of dovecot-auth worker processes. They're used to execute -# blocking passdb and userdb queries (eg. MySQL and PAM). They're -# automatically created and destroyed as needed. -#auth_worker_max_count = 30 - -# Host name to use in GSSAPI principal names. The default is to use the -# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab -# entries. -#auth_gssapi_hostname = - -# Kerberos keytab to use for the GSSAPI mechanism. Will use the system -# default (usually /etc/krb5.keytab) if not specified. You may need to change -# the auth service to run as root to be able to read this file. -#auth_krb5_keytab = - -# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and -# ntlm_auth helper. -#auth_use_winbind = no - -# Path for Samba's ntlm_auth helper binary. -#auth_winbind_helper_path = /usr/bin/ntlm_auth - -# Time to delay before replying to failed authentications. -#auth_failure_delay = 2 secs - -# Require a valid SSL client certificate or the authentication fails. -#auth_ssl_require_client_cert = no - -# Take the username from client's SSL certificate, using -# X509_NAME_get_text_by_NID() which returns the subject's DN's -# CommonName. -#auth_ssl_username_from_cert = no - -# Space separated list of wanted authentication mechanisms: -# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey -# gss-spnego -# NOTE: See also disable_plaintext_auth setting. -auth_mechanisms = plain login - -## -## Password and user databases -## - -# -# Password database is used to verify user's password (and nothing more). -# You can have multiple passdbs and userdbs. This is useful if you want to -# allow both system users (/etc/passwd) and virtual users to login without -# duplicating the system users into virtual database. -# -# -# -# User database specifies where mails are located and what user/group IDs -# own them. For single-UID configuration use "static" userdb. -# -# - -#!include auth-deny.conf.ext -#!include auth-master.conf.ext - -#!include auth-system.conf.ext -!include auth-sql.conf.ext -#!include auth-ldap.conf.ext -#!include auth-passwdfile.conf.ext -#!include auth-checkpassword.conf.ext -#!include auth-vpopmail.conf.ext -#!include auth-static.conf.ext -]]> - - - - -# -mail_location = mbox:~/mail:INBOX=/var/mail/%u - -# If you need to set multiple mailbox locations or want to change default -# namespace settings, you can do it by defining namespace sections. -# -# You can have private, shared and public namespaces. Private namespaces -# are for user's personal mails. Shared namespaces are for accessing other -# users' mailboxes that have been shared. Public namespaces are for shared -# mailboxes that are managed by sysadmin. If you create any shared or public -# namespaces you'll typically want to enable ACL plugin also, otherwise all -# users can access all the shared mailboxes, assuming they have permissions -# on filesystem level to do so. -namespace inbox { - # Namespace type: private, shared or public - #type = private - - # Hierarchy separator to use. You should use the same separator for all - # namespaces or some clients get confused. '/' is usually a good one. - # The default however depends on the underlying mail storage format. - #separator = - - # Prefix required to access this namespace. This needs to be different for - # all namespaces. For example "Public/". - #prefix = - - # Physical location of the mailbox. This is in same format as - # mail_location, which is also the default for it. - #location = - - # There can be only one INBOX, and this setting defines which namespace - # has it. - inbox = yes - - # If namespace is hidden, it's not advertised to clients via NAMESPACE - # extension. You'll most likely also want to set list=no. This is mostly - # useful when converting from another server with different namespaces which - # you want to deprecate but still keep working. For example you can create - # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". - #hidden = no - - # Show the mailboxes under this namespace with LIST command. This makes the - # namespace visible for clients that don't support NAMESPACE extension. - # "children" value lists child mailboxes, but hides the namespace prefix. - #list = yes - - # Namespace handles its own subscriptions. If set to "no", the parent - # namespace handles them (empty prefix should always have this as "yes") - #subscriptions = yes - - # See 15-mailboxes.conf for definitions of special mailboxes. -} - -# Example shared namespace configuration -#namespace { - #type = shared - #separator = / - - # Mailboxes are visible under "shared/user@domain/" - # %%n, %%d and %%u are expanded to the destination user. - #prefix = shared/%%u/ - - # Mail location for other users' mailboxes. Note that %variables and ~/ - # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the - # destination user's data. - #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u - - # Use the default namespace for saving subscriptions. - #subscriptions = no - - # List the shared/ namespace only if there are visible shared mailboxes. - #list = children -#} -# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? -#mail_shared_explicit_inbox = no - -# System user and group used to access mails. If you use multiple, userdb -# can override these by returning uid or gid fields. You can use either numbers -# or names. -#mail_uid = -#mail_gid = - -# Group to enable temporarily for privileged operations. Currently this is -# used only with INBOX when either its initial creation or dotlocking fails. -# Typically this is set to "mail" to give access to /var/mail. -mail_privileged_group = mail - -# Grant access to these supplementary groups for mail processes. Typically -# these are used to set up access to shared mailboxes. Note that it may be -# dangerous to set these if users can create symlinks (e.g. if "mail" group is -# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' -# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). -#mail_access_groups = - -# Allow full filesystem access to clients. There's no access checks other than -# what the operating system does for the active UID/GID. It works with both -# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ -# or ~user/. -#mail_full_filesystem_access = no - -# Dictionary for key=value mailbox attributes. This is used for example by -# URLAUTH and METADATA extensions. -#mail_attribute_dict = - -# A comment or note that is associated with the server. This value is -# accessible for authenticated users through the IMAP METADATA server -# entry "/shared/comment". -#mail_server_comment = "" - -# Indicates a method for contacting the server administrator. According to -# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that -# is currently not enforced. Use for example mailto:admin@example.com. This -# value is accessible for authenticated users through the IMAP METADATA server -# entry "/shared/admin". -#mail_server_admin = - -## -## Mail processes -## - -# Don't use mmap() at all. This is required if you store indexes to shared -# filesystems (NFS or clustered filesystem). -#mmap_disable = no - -# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL -# since version 3, so this should be safe to use nowadays by default. -#dotlock_use_excl = yes - -# When to use fsync() or fdatasync() calls: -# optimized (default): Whenever necessary to avoid losing important data -# always: Useful with e.g. NFS when write()s are delayed -# never: Never use it (best performance, but crashes can lose data) -#mail_fsync = optimized - -# Locking method for index files. Alternatives are fcntl, flock and dotlock. -# Dotlocking uses some tricks which may create more disk I/O than other locking -# methods. NFS users: flock doesn't work, remember to change mmap_disable. -#lock_method = fcntl - -# Directory where mails can be temporarily stored. Usually it's used only for -# mails larger than >= 128 kB. It's used by various parts of Dovecot, for -# example LDA/LMTP while delivering large mails or zlib plugin for keeping -# uncompressed mails. -#mail_temp_dir = /tmp - -# Valid UID range for users, defaults to 500 and above. This is mostly -# to make sure that users can't log in as daemons or other system users. -# Note that denying root logins is hardcoded to dovecot binary and can't -# be done even if first_valid_uid is set to 0. -#first_valid_uid = 500 -#last_valid_uid = 0 - -# Valid GID range for users, defaults to non-root/wheel. Users having -# non-valid GID as primary group ID aren't allowed to log in. If user -# belongs to supplementary groups with non-valid GIDs, those groups are -# not set. -#first_valid_gid = 1 -#last_valid_gid = 0 - -# Maximum allowed length for mail keyword name. It's only forced when trying -# to create new keywords. -#mail_max_keyword_length = 50 - -# ':' separated list of directories under which chrooting is allowed for mail -# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). -# This setting doesn't affect login_chroot, mail_chroot or auth chroot -# settings. If this setting is empty, "/./" in home dirs are ignored. -# WARNING: Never add directories here which local users can modify, that -# may lead to root exploit. Usually this should be done only if you don't -# allow shell access for users. -#valid_chroot_dirs = - -# Default chroot directory for mail processes. This can be overridden for -# specific users in user database by giving /./ in user's home directory -# (eg. /home/./user chroots into /home). Note that usually there is no real -# need to do chrooting, Dovecot doesn't allow users to access files outside -# their mail directory anyway. If your home directories are prefixed with -# the chroot directory, append "/." to mail_chroot. -#mail_chroot = - -# UNIX socket path to master authentication server to find users. -# This is used by imap (for shared users) and lda. -#auth_socket_path = /var/run/dovecot/auth-userdb - -# Directory where to look up mail plugins. -#mail_plugin_dir = /usr/lib/dovecot/modules - -# Space separated list of plugins to load for all services. Plugins specific to -# IMAP, LDA, etc. are added to this list in their own .conf files. -#mail_plugins = - -## -## Mailbox handling optimizations -## - -# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are -# also required for IMAP NOTIFY extension to be enabled. -#mailbox_list_index = yes - -# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost -# of potentially returning out-of-date results after e.g. server crashes. -# The results will be automatically fixed once the folders are opened. -#mailbox_list_index_very_dirty_syncs = yes - -# Should INBOX be kept up-to-date in the mailbox list index? By default it's -# not, because most of the mailbox accesses will open INBOX anyway. -#mailbox_list_index_include_inbox = no - -# The minimum number of mails in a mailbox before updates are done to cache -# file. This allows optimizing Dovecot's behavior to do less disk writes at -# the cost of more disk reads. -#mail_cache_min_mail_count = 0 - -# When IDLE command is running, mailbox is checked once in a while to see if -# there are any new mails or other changes. This setting defines the minimum -# time to wait between those checks. Dovecot can also use inotify and -# kqueue to find out immediately when changes occur. -#mailbox_idle_check_interval = 30 secs - -# Save mails with CR+LF instead of plain LF. This makes sending those mails -# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. -# But it also creates a bit more disk I/O which may just make it slower. -# Also note that if other software reads the mboxes/maildirs, they may handle -# the extra CRs wrong and cause problems. -#mail_save_crlf = no - -# Max number of mails to keep open and prefetch to memory. This only works with -# some mailbox formats and/or operating systems. -#mail_prefetch_count = 0 - -# How often to scan for stale temporary files and delete them (0 = never). -# These should exist only after Dovecot dies in the middle of saving mails. -#mail_temp_scan_interval = 1w - -# How many slow mail accesses sorting can perform before it returns failure. -# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long. -# The untagged SORT reply is still returned, but it's likely not correct. -#mail_sort_max_read_count = 0 - -protocol !indexer-worker { - # If folder vsize calculation requires opening more than this many mails from - # disk (i.e. mail sizes aren't in cache already), return failure and finish - # the calculation via indexer process. Disabled by default. This setting must - # be 0 for indexer-worker processes. - #mail_vsize_bg_after_count = 0 -} - -## -## Maildir-specific settings -## - -# By default LIST command returns all entries in maildir beginning with a dot. -# Enabling this option makes Dovecot return only entries which are directories. -# This is done by stat()ing each entry, so it causes more disk I/O. -# (For systems setting struct dirent->d_type, this check is free and it's -# done always regardless of this setting) -#maildir_stat_dirs = no - -# When copying a message, do it with hard links whenever possible. This makes -# the performance much better, and it's unlikely to have any side effects. -#maildir_copy_with_hardlinks = yes - -# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only -# when its mtime changes unexpectedly or when we can't find the mail otherwise. -#maildir_very_dirty_syncs = no - -# If enabled, Dovecot doesn't use the S= in the Maildir filenames for -# getting the mail's physical size, except when recalculating Maildir++ quota. -# This can be useful in systems where a lot of the Maildir filenames have a -# broken size. The performance hit for enabling this is very small. -#maildir_broken_filename_sizes = no - -# Always move mails from new/ directory to cur/, even when the \Recent flags -# aren't being reset. -#maildir_empty_new = no - -## -## mbox-specific settings -## - -# Which locking methods to use for locking mbox. There are four available: -# dotlock: Create .lock file. This is the oldest and most NFS-safe -# solution. If you want to use /var/mail/ like directory, the users -# will need write access to that directory. -# dotlock_try: Same as dotlock, but if it fails because of permissions or -# because there isn't enough disk space, just skip it. -# fcntl : Use this if possible. Works with NFS too if lockd is used. -# flock : May not exist in all systems. Doesn't work with NFS. -# lockf : May not exist in all systems. Doesn't work with NFS. -# -# You can use multiple locking methods; if you do the order they're declared -# in is important to avoid deadlocks if other MTAs/MUAs are using multiple -# locking methods as well. Some operating systems don't allow using some of -# them simultaneously. -# -# The Debian value for mbox_write_locks differs from upstream Dovecot. It is -# changed to be compliant with Debian Policy (section 11.6) for NFS safety. -# Dovecot: mbox_write_locks = dotlock fcntl -# Debian: mbox_write_locks = fcntl dotlock -# -#mbox_read_locks = fcntl -#mbox_write_locks = fcntl dotlock - -# Maximum time to wait for lock (all of them) before aborting. -#mbox_lock_timeout = 5 mins - -# If dotlock exists but the mailbox isn't modified in any way, override the -# lock file after this much time. -#mbox_dotlock_change_timeout = 2 mins - -# When mbox changes unexpectedly we have to fully read it to find out what -# changed. If the mbox is large this can take a long time. Since the change -# is usually just a newly appended mail, it'd be faster to simply read the -# new mails. If this setting is enabled, Dovecot does this but still safely -# fallbacks to re-reading the whole mbox file whenever something in mbox isn't -# how it's expected to be. The only real downside to this setting is that if -# some other MUA changes message flags, Dovecot doesn't notice it immediately. -# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK -# commands. -#mbox_dirty_syncs = yes - -# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, -# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. -#mbox_very_dirty_syncs = no - -# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK -# commands and when closing the mailbox). This is especially useful for POP3 -# where clients often delete all mails. The downside is that our changes -# aren't immediately visible to other MUAs. -#mbox_lazy_writes = yes - -# If mbox size is smaller than this (e.g. 100k), don't write index files. -# If an index file already exists it's still read, just not updated. -#mbox_min_index_size = 0 - -# Mail header selection algorithm to use for MD5 POP3 UIDLs when -# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired -# algorithm, but it fails if the first Received: header isn't unique in all -# mails. An alternative algorithm is "all" that selects all headers. -#mbox_md5 = apop3d - -## -## mdbox-specific settings -## - -# Maximum dbox file size until it's rotated. -#mdbox_rotate_size = 10M - -# Maximum dbox file age until it's rotated. Typically in days. Day begins -# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled. -#mdbox_rotate_interval = 0 - -# When creating new mdbox files, immediately preallocate their size to -# mdbox_rotate_size. This setting currently works only in Linux with some -# filesystems (ext4, xfs). -#mdbox_preallocate_space = no - -## -## Mail attachments -## - -# sdbox and mdbox support saving mail attachments to external files, which -# also allows single instance storage for them. Other backends don't support -# this for now. - -# Directory root where to store mail attachments. Disabled, if empty. -#mail_attachment_dir = - -# Attachments smaller than this aren't saved externally. It's also possible to -# write a plugin to disable saving specific attachments externally. -#mail_attachment_min_size = 128k - -# Filesystem backend to use for saving attachments: -# posix : No SiS done by Dovecot (but this might help FS's own deduplication) -# sis posix : SiS with immediate byte-by-byte comparison during saving -# sis-queue posix : SiS with delayed comparison and deduplication -#mail_attachment_fs = sis posix - -# Hash format to use in attachment filenames. You can add any text and -# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}. -# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits -#mail_attachment_hash = %{sha1} - -# Settings to control adding $HasAttachment or $HasNoAttachment keywords. -# By default, all MIME parts with Content-Disposition=attachment, or inlines -# with filename parameter are consired attachments. -# add-flags-on-save - Add the keywords when saving new mails. -# content-type=type or !type - Include/exclude content type. Excluding will -# never consider the matched MIME part as attachment. Including will only -# negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar). -# exclude-inlined - Exclude any Content-Disposition=inline MIME part. -#mail_attachment_detection_options = -]]> - - - - - #service_count = 1 - - # Number of processes to always keep waiting for more connections. - #process_min_avail = 0 - - # If you set service_count=0, you probably need to grow this. - #vsz_limit = $default_vsz_limit -} - -service pop3-login { - inet_listener pop3 { - #port = 110 - } - inet_listener pop3s { - #port = 995 - #ssl = yes - } -} - -service submission-login { - inet_listener submission { - #port = 587 - } -} - -service lmtp { - unix_listener lmtp { - #mode = 0666 - } - - # Create inet listener only if you can't use the above UNIX socket - #inet_listener lmtp { - # Avoid making LMTP visible for the entire internet - #address = - #port = - #} -} - -service imap { - # Most of the memory goes to mmap()ing files. You may need to increase this - # limit if you have huge mailboxes. - #vsz_limit = $default_vsz_limit - - # Max. number of IMAP processes (connections) - #process_limit = 1024 -} - -service pop3 { - # Max. number of POP3 processes (connections) - #process_limit = 1024 -} - -service submission { - # Max. number of SMTP Submission processes (connections) - #process_limit = 1024 -} - -service auth { - # auth_socket_path points to this userdb socket by default. It's typically - # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have - # full permissions to this socket are able to get a list of all usernames and - # get the results of everyone's userdb lookups. - # - # The default 0666 mode allows anyone to connect to the socket, but the - # userdb lookups will succeed only if the userdb returns an "uid" field that - # matches the caller process's UID. Also if caller's uid or gid matches the - # socket's uid or gid the lookup succeeds. Anything else causes a failure. - # - # To give the caller full permissions to lookup all users, set the mode to - # something else than 0666 and Dovecot lets the kernel enforce the - # permissions (e.g. 0777 allows everyone full permissions). - unix_listener auth-userdb { - #mode = 0666 - #user = - #group = - } - - # Postfix smtp-auth - unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix - } - - # Exim4 smtp-auth - unix_listener auth-client { - mode = 0660 - user = mail - #group = Debian-exim - } - - # Auth process is run as this user. - #user = $default_internal_user -} - -service auth-worker { - # Auth worker process is run as root by default, so that it can access - # /etc/shadow. If this isn't necessary, the user should be changed to - # $default_internal_user. - #user = root -} - -service dict { - # If dict proxy is used, mail processes should have access to its socket. - # For example: mode=0660, group=vmail and global mail_access_groups=vmail - unix_listener dict { - #mode = 0600 - #user = - #group = - } -} - -service stats { - unix_listener stats-reader { - group = vmail - mode = 0666 - } - unix_listener stats-writer { - group = vmail - mode = 0666 - } -} -]]> - - - - -ssl = yes - -# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -# dropping root privileges, so keep the key file unreadable by anyone but -# root. Included doc/mkcert.sh can be used to easily generate self-signed -# certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = < -ssl_key = < - -# If key file is password protected, give the password here. Alternatively -# give it when starting dovecot with -p parameter. Since this file is often -# world-readable, you may want to place this setting instead to a different -# root owned 0600 file by using ssl_key_password = - - - - - -# Hostname to use in various parts of sent mails (e.g. in Message-Id) and -# in LMTP replies. Default is the system's real hostname@domain. -#hostname = - -# If user is over quota, return with temporary failure instead of -# bouncing the mail. -#quota_full_tempfail = no - -# Binary to use for sending mails. -#sendmail_path = /usr/sbin/sendmail - -# If non-empty, send mails via this SMTP host[:port] instead of sendmail. -#submission_host = - -# Subject: header to use for rejection mails. You can use the same variables -# as for rejection_reason below. -#rejection_subject = Rejected: %s - -# Human readable error message for rejection mails. You can use variables: -# %n = CRLF, %r = reason, %s = original subject, %t = recipient -#rejection_reason = Your message to <%t> was automatically rejected:%n%r - -# Delimiter character between local-part and detail in email address. -#recipient_delimiter = + - -# Header where the original recipient address (SMTP's RCPT TO: address) is taken -# from if not available elsewhere. With dovecot-lda -a parameter overrides this. -# A commonly used header for this is X-Original-To. -#lda_original_recipient_header = - -# Should saving a mail to a nonexistent mailbox automatically create it? -#lda_mailbox_autocreate = no - -# Should automatically created mailboxes be also automatically subscribed? -#lda_mailbox_autosubscribe = no - -protocol lda { - # Space separated list of plugins to load (default is global mail_plugins). - mail_plugins = $mail_plugins quota sieve -} -]]> - - - - - - - - - #service_count = 1 - - # Number of processes to always keep waiting for more connections. - #process_min_avail = 0 - - # If you set service_count=0, you probably need to grow this. - #vsz_limit = 64M -#} - -#service managesieve { - # Max. number of ManageSieve processes (connections) - #process_limit = 1024 -#} - -# Service configuration - -protocol sieve { - # Maximum ManageSieve command line length in bytes. ManageSieve usually does - # not involve overly long command lines, so this setting will not normally - # need adjustment - #managesieve_max_line_length = 65536 - - # Maximum number of ManageSieve connections allowed for a user from each IP - # address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 10 - - # Space separated list of plugins to load (none known to be useful so far). - # Do NOT try to load IMAP plugins here. - #mail_plugins = - - # MANAGESIEVE logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - # %{put_bytes} - Number of bytes saved using PUTSCRIPT command - # %{put_count} - Number of scripts saved using PUTSCRIPT command - # %{get_bytes} - Number of bytes read using GETCRIPT command - # %{get_count} - Number of scripts read using GETSCRIPT command - # %{get_bytes} - Number of bytes processed using CHECKSCRIPT command - # %{get_count} - Number of scripts checked using CHECKSCRIPT command - # %{deleted_count} - Number of scripts deleted using DELETESCRIPT command - # %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command - #managesieve_logout_format = bytes=%i/%o - - # To fool ManageSieve clients that are focused on CMU's timesieved you can - # specify the IMPLEMENTATION capability that Dovecot reports to clients. - # For example: 'Cyrus timsieved v2.2.13' - #managesieve_implementation_string = Dovecot Pigeonhole - - # Explicitly specify the SIEVE and NOTIFY capability reported by the server - # before login. If left unassigned these will be reported dynamically - # according to what the Sieve interpreter supports by default (after login - # this may differ depending on the user). - #managesieve_sieve_capability = - #managesieve_notify_capability = - - # The maximum number of compile errors that are returned to the client upon - # script upload or script verification. - #managesieve_max_compile_errors = 5 - - # Refer to 90-sieve.conf for script quota configuration and configuration of - # Sieve execution limits. -} -]]> - - - - = 2.1.4) : %v.%u -# Dovecot v0.99.x : %v.%u -# tpop3d : %Mf -# -# Note that Outlook 2003 seems to have problems with %v.%u format which was -# Dovecot's default, so if you're building a new server it would be a good -# idea to change this. %08Xu%08Xv should be pretty fail-safe. -# -#pop3_uidl_format = %08Xu%08Xv - -# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes -# won't change those UIDLs. Currently this works only with Maildir. -#pop3_save_uidl = no - -# What to do about duplicate UIDLs if they exist? -# allow: Show duplicates to clients. -# rename: Append a temporary -2, -3, etc. counter after the UIDL. -#pop3_uidl_duplicates = allow - -# This option changes POP3 behavior so that it's not possible to actually -# delete mails via POP3, only hide them from future POP3 sessions. The mails -# will still be counted towards user's quota until actually deleted via IMAP. -# Use e.g. "$POP3Deleted" as the value (it will be visible as IMAP keyword). -# Make sure you can legally archive mails before enabling this setting. -#pop3_deleted_flag = - -# POP3 logout format string: -# %i - total number of bytes read from client -# %o - total number of bytes sent to client -# %t - number of TOP commands -# %p - number of bytes sent to client as a result of TOP command -# %r - number of RETR commands -# %b - number of bytes sent to client as a result of RETR command -# %d - number of deleted messages -# %{deleted_bytes} - number of bytes in deleted messages -# %m - number of messages (before deletion) -# %s - mailbox size in bytes (before deletion) -# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly -pop3_logout_format = in=%i out=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s - -# Workarounds for various client bugs: -# outlook-no-nuls: -# Outlook and Outlook Express hang if mails contain NUL characters. -# This setting replaces them with 0x80 character. -# oe-ns-eoh: -# Outlook Express and Netscape Mail breaks if end of headers-line is -# missing. This option simply sends it if it's missing. -# The list is space-separated. -#pop3_client_workarounds = - -protocol pop3 { - # Space separated list of plugins to load (default is global mail_plugins). - #mail_plugins = $mail_plugins - - # Maximum number of POP3 connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 10 -} -]]> - - - - :]path[; - - - - - - - - - - - - - //service[@type='mail']/general/installs[@index=1] - - //service[@type='mail']/general/files[@index=1] - - //service[@type='mail']/general/commands[@index=1] - - - - - - - - - - " -[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=" -chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key -]]> - - - - - - - - FTP Server" -ServerType standalone -DeferWelcome off - -DefaultServer on -ShowSymlinks on - -TimeoutNoTransfer 600 -TimeoutStalled 600 -TimeoutIdle 1200 - -DisplayLogin welcome.msg -DisplayChdir .message true -ListOptions "-l" - -DenyFilter \*.*/ - -# Use this to jail all users in their homes -# DefaultRoot ~ - -# Users require a valid shell listed in /etc/shells to login. -# Use this directive to release that constrain. -# RequireValidShell off - -# Port 21 is the standard FTP port. -Port 21 - -# In some cases you have to specify passive ports range to by-pass -# firewall limitations. Ephemeral ports can be used for that, but -# feel free to use a more narrow range. -# PassivePorts 49152 65534 - -# If your host was NATted, this option is useful in order to -# allow passive transfers to work. You have to use your public -# address and opening the passive ports used on your firewall as well. -# MasqueradeAddress 1.2.3.4 - -# This is useful for masquerading address with dynamic IPs: -# refresh any configured MasqueradeAddress directives every 8 hours - -# DynMasqRefresh 28800 - - -# To prevent DoS attacks, set the maximum number of child processes -# to 30. If you need to allow more than 30 concurrent connections -# at once, simply increase this value. Note that this ONLY works -# in standalone mode, in inetd mode you should use an inetd server -# that allows you to limit maximum number of processes per service -# (such as xinetd) -MaxInstances 30 - -# Set the user and group that the server normally runs at. -User proftpd -Group nogroup - -# Umask 022 is a good standard umask to prevent new files and dirs -# (second parm) from being group and world writable. -Umask 022 022 -# Normally, we want files to be overwritable. -AllowOverwrite on - -# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: -# PersistentPasswd off - -# This is required to use both PAM-based authentication and local passwords -# AuthOrder mod_auth_pam.c* mod_auth_unix.c - -# Be warned: use of this directive impacts CPU average load! -# Uncomment this if you like to see progress and transfer rate with ftpwho -# in downloads. That is not needed for uploads rates. -# -# UseSendFile off - -TransferLog /var/log/proftpd/xferlog -SystemLog /var/log/proftpd/proftpd.log - -# Logging onto /var/log/lastlog is enabled but set to off by default -#UseLastlog on - -# In order to keep log file dates consistent after chroot, use timezone info -# from /etc/localtime. If this is not set, and proftpd is configured to -# chroot (e.g. DefaultRoot or ), it will use the non-daylight -# savings timezone regardless of whether DST is in effect. -#SetEnv TZ :/etc/localtime - - -QuotaEngine on - - - -Ratios off - - - -# Delay engine reduces impact of the so-called Timing Attack described in -# http://www.securityfocus.com/bid/11430/discuss -# It is on by default. - -DelayEngine on - - - -ControlsEngine off -ControlsMaxClients 2 -ControlsLog /var/log/proftpd/controls.log -ControlsInterval 5 -ControlsSocket /var/run/proftpd/proftpd.sock - - - -AdminControlsEngine off - - -# -# Alternative authentication frameworks -# -#Include /etc/proftpd/ldap.conf -Include /etc/proftpd/sql.conf - -# -# This is used for FTPS connections -# -Include /etc/proftpd/tls.conf - -# -# Useful to keep VirtualHost/VirtualRoot directives separated -# -#Include /etc/proftpd/virtuals.conf - -# A basic anonymous configuration, no upload directories. - -# -# User ftp -# Group nogroup -# # We want clients to be able to login with "anonymous" as well as "ftp" -# UserAlias anonymous ftp -# # Cosmetic changes, all files belongs to ftp user -# DirFakeUser on ftp -# DirFakeGroup on ftp -# -# RequireValidShell off -# -# # Limit the maximum number of anonymous logins -# MaxClients 10 -# -# # We want 'welcome.msg' displayed at login, and '.message' displayed -# # in each newly chdired directory. -# DisplayLogin welcome.msg -# DisplayChdir .message -# -# # Limit WRITE everywhere in the anonymous chroot -# -# -# DenyAll -# -# -# -# # Uncomment this if you're brave. -# # -# # # Umask 022 is a good standard umask to prevent new files and dirs -# # # (second parm) from being group and world writable. -# # Umask 022 022 -# # -# # DenyAll -# # -# # -# # AllowAll -# # -# # -# -# - -# Include other custom configuration files -Include /etc/proftpd/conf.d/ -]]> - - - - - - - - - -DefaultRoot ~ -RequireValidShell off -AuthOrder mod_sql.c - -# -# Choose a SQL backend among MySQL or PostgreSQL. -# Both modules are loaded in default configuration, so you have to specify the backend -# or comment out the unused module in /etc/proftpd/modules.conf. -# Use 'mysql' or 'postgres' as possible values. -# -SQLBackend mysql -# -SQLEngine on -SQLAuthenticate on -# -# Use both an encrypted or plaintext password -SQLAuthTypes Crypt OpenSSL - -SQLAuthenticate users* groups* - -# -# Connection -SQLConnectInfo @ -# -# Describes both users/groups tables -# -SQLUserInfo ftp_users username password uid gid homedir shell -SQLGroupInfo ftp_groups groupname gid members -# -SQLUserWhereClause "login_enabled = 'y'" - -SQLLog PASS login -SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users - -SQLLog RETR download -SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users - -SQLLog STOR upload -SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users - -QuotaEngine on -QuotaShowQuotas on -QuotaDisplayUnits Mb -QuotaLock /var/lock/ftpd.quotatab.lock -QuotaLimitTable sql:/get-quota-limit -QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally -SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'" -SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" -SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies -SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies - -]]> - - - - -TLSEngine on -TLSLog /var/log/proftpd/tls.log -TLSProtocol TLSv1.2 TLSv1.3 -TLSRSACertificateFile /etc/ssl/certs/proftpd.crt -TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key -TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt -TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key -TLSOptions NoSessionReuseRequired -TLSVerifyClient off - -# Are clients required to use FTP over TLS when talking to this server? -TLSRequired on - -# Allow SSL/TLS renegotiations when the client requests them, but -# do not force the renegotiations. Some clients do not support -# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these -# clients will close the data connection, or there will be a timeout -# on an idle data connection. -# -#TLSRenegotiate required off - -]]> - - - - -From 127.0.0.1 - - -MaxLoginAttempts 3 - - - BanEngine off - - - BanEngine on - -BanLog /var/log/proftpd/ban.log -BanTable /etc/proftpd/ban.tab -BanMessage "User %u was banned." -BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently" -BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00 -BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99 -BanControlsACLs all allow user root - - - -BanEngine off -DelayEngine off - - ]]> - - - - - - - - - " -openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072 -chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem -]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# Mandatory : user password. You must have a password. - -MYSQLPassword - - -# Mandatory : database to open. - -MYSQLDatabase - - -# Mandatory : how passwords are stored -# Valid values are : "cleartext", "crypt", "sha1", "md5" and "password" -# ("password" = MySQL password() function) -# You can also use "any" to try "crypt", "sha1", "md5" *and* "password" - -MYSQLCrypt any - - -# In the following directives, parts of the strings are replaced at -# run-time before performing queries : -# -# \L is replaced by the login of the user trying to authenticate. -# \I is replaced by the IP address the user connected to. -# \P is replaced by the port number the user connected to. -# \R is replaced by the IP address the user connected from. -# \D is replaced by the remote IP address, as a long decimal number. -# -# Very complex queries can be performed using these substitution strings, -# especially for virtual hosting. - - -# Query to execute in order to fetch the password - -MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y" - - -# Query to execute in order to fetch the system user name or uid - -MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y" - - -# Optional : default UID - if set this overrides MYSQLGetUID - -#MYSQLDefaultUID 1000 - - -# Query to execute in order to fetch the system user group or gid - -MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y" - - -# Optional : default GID - if set this overrides MYSQLGetGID - -#MYSQLDefaultGID 1000 - - -# Query to execute in order to fetch the home directory - -MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y" - - -# Optional : query to get the maximal number of files -# Pure-FTPd must have been compiled with virtual quotas support. - -# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User='\L' - - -# Optional : query to get the maximal disk usage (virtual quotas) -# The number should be in Megabytes. -# Pure-FTPd must have been compiled with virtual quotas support. - -MySQLGetQTASZ SELECT CASE WHEN panel_customers.diskspace = 0 THEN -1 WHEN panel_customers.diskspace <= -1 THEN 0 ELSE panel_customers.diskspace/1024 END AS QuotaSize FROM panel_customers, ftp_users WHERE username = "\L" AND panel_customers.loginname = SUBSTRING_INDEX('\L', 'ftp', 1) - - -# Optional : ratios. The server has to be compiled with ratio support. - -# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User='\L' -# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User='\L' - - -# Optional : bandwidth throttling. -# The server has to be compiled with throttling support. -# Values are in KB/s . - -# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User='\L' -# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User='\L' - -# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS : -# 1) You know what you are doing. -# 2) Real and virtual users match. - -# MySQLForceTildeExpansion 1 - - -# If you're using a transactionnal storage engine, you can enable SQL -# transactions to avoid races. Leave this commented if you are using the -# traditional MyIsam engine. - -# MySQLTransactions On -]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *.log { - missingok - daily - rotate 7 - compress - delaycompress - notifempty - create - sharedscripts - postrotate - > /dev/null 2>&1 || true - endscript -} -]]> - - - - - - - - - {{settings.system.mod_fcgid_ownvhost}} - - - - - - - - - - - - - - - {{settings.system.webserver}} - - - - - - {{settings.system.webserver}} - - - - - {{settings.phpfpm.enabled_ownvhost}} - - {{settings.phpfpm.vhost_httpuser}} - - - - - - {{settings.system.webserver}} - - {{settings.phpfpm.enabled_ownvhost}} - - - - - - - - - - bin/froxlor-cli /usr/local/bin/froxlor-cli]]> - bin/froxlor-cli froxlor:cron --run-task 99]]> - - - - - - diff --git a/lib/configfiles/gentoo.xml b/lib/configfiles/gentoo.xml index fbe8118f..068b34b5 100644 --- a/lib/configfiles/gentoo.xml +++ b/lib/configfiles/gentoo.xml @@ -1,7 +1,7 @@ + defaulteditor="/usr/bin/nano" deprecated="true"> diff --git a/lib/init.php b/lib/init.php index 7835ef56..c77046b0 100644 --- a/lib/init.php +++ b/lib/init.php @@ -188,6 +188,10 @@ if (is_array($_themeoptions) && (!array_key_exists('variants', $_themeoptions) | $themevariant = "default"; } +if (array_key_exists('global', $_themeoptions)) { + $_themeoptions['variants'][$themevariant] = array_merge_recursive($_themeoptions['variants'][$themevariant], $_themeoptions['global']); +} + // check for custom header-graphic $hl_path = 'templates/' . $theme . '/assets/img'; @@ -209,8 +213,11 @@ if (Settings::Get('panel.logo_overridecustom') == 0 && file_exists($hl_path . '/ } } +$color_scheme = $_themeoptions['variants'][$themevariant]['color-scheme'] ?? 'auto'; + UI::twig()->addGlobal('header_logo_login', $header_logo_login); UI::twig()->addGlobal('header_logo', $header_logo); +UI::twig()->addGlobal('color_scheme', $color_scheme); /** * Redirects to index.php (login page) if no session exists diff --git a/templates/Froxlor/base.html.twig b/templates/Froxlor/base.html.twig index f422d95d..c29fb63b 100644 --- a/templates/Froxlor/base.html.twig +++ b/templates/Froxlor/base.html.twig @@ -1,5 +1,5 @@ - + diff --git a/templates/Froxlor/config.json b/templates/Froxlor/config.json index c0888814..312d5906 100644 --- a/templates/Froxlor/config.json +++ b/templates/Froxlor/config.json @@ -1,33 +1,27 @@ { + "global": { + "css": [ + "custom.css" + ], + "js": [ + "main.js", + "apikey.js" + ], + "img": { + "ui": "logo_white.png", + "login": "logo.png" + } + }, "variants": { "default": { - "img": { - "login": "logo.png", - "ui": "logo_white.png" - }, - "css": [ - "main.css", - "custom.css" - ], - "js": [ - "main.js", - "apikey.js" - ], - "description": "Default" + "color-scheme": "light", + "description": "Default (light)" }, "dark": { + "color-scheme": "dark", "img": { - "login": "logo_white.png", - "ui": "logo_white.png" + "login": "logo_white.png" }, - "css": [ - "dark.css", - "custom.css" - ], - "js": [ - "main.js", - "apikey.js" - ], "description": "Darkmode" } }, diff --git a/templates/Froxlor/settings/apcuinfo.html.twig b/templates/Froxlor/settings/apcuinfo.html.twig index 93abf680..d0887414 100644 --- a/templates/Froxlor/settings/apcuinfo.html.twig +++ b/templates/Froxlor/settings/apcuinfo.html.twig @@ -20,9 +20,12 @@
{{ lng('apcuinfo.memnote') }}
-
-
- {{ apcuinfo.mem_used_percentage }}% +
+
+ {{ apcuinfo.mem_used_percentage }} + %
    @@ -45,10 +48,21 @@
    {{ lng('apcuinfo.hitmiss') }}
    -
    -
    -
    - {{ apcuinfo.num_hits_percentage }}% +
    +
    +
    +
    +
    +
    +
    + {{ apcuinfo.num_hits_percentage }} + %
      @@ -97,8 +111,13 @@
    {% if apcuinfo.fragmentation is iterable %}
    -
    - {{ apcuinfo.fragmentation.used_percentage }}% +
    + {{ apcuinfo.fragmentation.used_percentage }} + %
    • @@ -124,33 +143,33 @@
      - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + +
      {{ lng('apcuinfo.generaltitle') }}
      {{ lng('apcuinfo.version') }}{{ apcuinfo.apcversion }}
      {{ lng('apcuinfo.phpversion') }}{{ apcuinfo.phpversion }}
      {{ lng('admin.hostname') }}{{ apcuinfo.host }}
      {{ lng('admin.serversoftware') }}{{ apcuinfo.server }}
      {{ lng('apcuinfo.start') }}{{ apcuinfo.start_time|date('d.m.Y H:i:s') }}
      {{ lng('apcuinfo.uptime') }}{{ apcuinfo.uptime }}
      {{ lng('apcuinfo.generaltitle') }}
      {{ lng('apcuinfo.version') }}{{ apcuinfo.apcversion }}
      {{ lng('apcuinfo.phpversion') }}{{ apcuinfo.phpversion }}
      {{ lng('admin.hostname') }}{{ apcuinfo.host }}
      {{ lng('admin.serversoftware') }}{{ apcuinfo.server }}
      {{ lng('apcuinfo.start') }}{{ apcuinfo.start_time|date('d.m.Y H:i:s') }}
      {{ lng('apcuinfo.uptime') }}{{ apcuinfo.uptime }}
      @@ -159,15 +178,15 @@
      + + + + {% for k,v in apcuinfo.runtimelines %} - + + - {% for k,v in apcuinfo.runtimelines %} - - - - - {% endfor %} + {% endfor %}
      {{ lng('apcuinfo.runtime') }}
      {{ lng('apcuinfo.runtime') }}{{ k|raw }}{{ v|raw }}
      {{ k|raw }}{{ v|raw }}