Merge pull request #84 from byteworkshosting/master

Providing Dovecot 2.x configuration steps on FreeBSD

lib/configfiles/freebsd.inc.php

@@ -39,6 +39,40 @@ return Array(
 			'http' => Array(
 				'label' => $lng['admin']['configfiles']['http'],
 				'daemons' => Array(
+
+					// Begin: Nginx Config
+					'nginx' => array(
+					'label' => 'Nginx Webserver',
+					'commands_1' => array(
+							'cd /usr/ports/www/nginx',
+							'make config',
+							'set [x] IPv6 protocol (default)',
+							'set [x] Enable HTTP module (default)',
+							'set [x] Enable http_cache module (default)',
+							'set [x] Enable http_gzip_static module',
+							'set [x] Enable http_rewrite module (default)',
+							'set [x] Enable http_ssl module (default)',
+							'set [x] Enable http_stub_status module (default)',
+							'make install clean; rehash',
+						),
+						'commands_2' => array(
+							$configcommand['vhost'],
+							$configcommand['diroptions'],
+							($settings['system']['deactivateddocroot'] != '') ? 'mkdir -p '. $settings['system']['deactivateddocroot'] : null,
+							'mkdir -p '. $settings['system']['documentroot_prefix'],
+							'mkdir -p '. $settings['system']['mod_fcgid_tmpdir'],
+							'mkdir -p '. $settings['system']['logfiles_directory'],
+							'echo "nginx_enable=\"YES\"" >> /etc/rc.conf'
+						),
+						'files' => array(
+							'usr_local_etc_nginx_nginx.conf' => '/usr/local/etc/nginx/nginx.conf',
+						),
+						'restart' => array(
+							'/usr/local/etc/rc.d/nginx restart'
+						)
+					),
+					// End: Nginx Config
+
 					'apache2' => Array(
 						'label' => 'Apache2 Webserver',
 						'commands' => Array(
@@ -69,6 +103,42 @@ return Array(
 			'dns' => Array(
 				'label' => $lng['admin']['configfiles']['dns'],
 				'daemons' => Array(
+
+					// Begin: Bind 9.x Config
+					'bind9' => array(
+					'label' => 'Bind9 Nameserver',
+					'commands_1' => array(
+							'cd /usr/ports/dns/bind99',
+							'make config',
+							'set [x] International Domain Names',
+							'set [x] IPv6 protocol (default)',
+							'set [x] 64-bit file support',
+							'set [x] Replace base BIND with this version',
+							'set [x] Enable RPZ NSDNAME policy records',
+							'set [x] Enable RPZ NSIP trigger rules',
+							'set [x] dig/host/nslookup will do DNSSEC validation',
+							'set [x] Build with OpenSSL (Required for DNSSEC) (default)',
+							'set [x] Threading support (default)',
+							'make install clean; rehash',
+						),
+						'commands_2' => array(
+							'echo "named_enable=\"YES\"" >> /etc/rc.conf',
+							PHP_EOL,
+							(strpos($settings['system']['bindconf_directory'], '/etc/namedb') === false) ? '(TIP: Be sure the path below is "/etc/namedb", if not you have configured the bind-directory in a false way in PANEL->SETTINGS->NAMESERVER SETTINGS!)' : null,
+							'echo "include \"'. $settings['system']['bindconf_directory'] .'froxlor_bind.conf\";" >> '. $settings['system']['bindconf_directory'] .'named.conf',
+							'echo "include \"'. $settings['system']['bindconf_directory'] .'default-zone\";" >> '. $settings['system']['bindconf_directory'] .'named.conf',
+						),
+						'files' => array(
+							'etc_namedb_named.conf' => $settings['system']['bindconf_directory'] .'named.conf',
+							'etc_namedb_master_default.zone' => $settings['system']['bindconf_directory'] .'master/default.zone',
+							'etc_namedb_default-zone' => $settings['system']['bindconf_directory'] .'default-zone',
+						),
+						'restart' => array(
+							'/etc/rc.d/named restart'
+						)
+					),
+					// End: Bind 9.x Config
+
 					'powerdns' => Array(
 						'label' => 'PowerDNS',
 						'commands_1' => Array(
@@ -203,7 +273,39 @@ return Array(
 						'restart' => Array(
 							'sh /usr/local/etc/rc.d/dovecot restart'
 						)
+					),
+
+					// Begin: Dovecot 2.x Config
+					'dovecot2' => array(
+						'label' => 'Dovecot 2.x',
+						'commands_1' => array(
+							'cd /usr/ports/mail/dovecot2',
+							'make config',
+							'set [x] kqueue(2) support (default)',
+							'set [x] MySQL database',
+							'set [x] SSL protocol (default)',
+							'make install clean; rehash',
+						),
+						'commands_2' => array(
+							'echo "dovecot_enable=\"YES\"" >> /etc/rc.conf',
+							PHP_EOL,
+							'pw adduser '. $vmail_username .' -g '. $vmail_groupname .' -u '. $settings['system']['vmail_gid'] .' -d /nonexistent -s /usr/sbin/nologin -c "User for virtual mailtransport used by Postfix and Dovecot"',
+							PHP_EOL,
+							'chmod 0640 /usr/local/etc/dovecot-sql.conf'
+						),
+						'files' => array(
+							'usr_local_etc_dovecot_dovecot.conf' => '/usr/local/etc/dovecot/dovecot.conf',
+							'usr_local_etc_dovecot_dovecot-sql.conf' => '/usr/local/etc/dovecot/dovecot-sql.conf'
+						),
+						'commands_3' => array(
+							'echo "dovecot unix - n n - - pipe'. PHP_EOL .'flags=DRhu user='. $vmail_username .':'. $vmail_groupname .' argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} -a ${recipient}" >> /usr/local/etc/postfix/master.cf',
+						),
+						'restart' => array(
+							'/usr/local/etc/rc.d/dovecot restart'
+						)
 					)
+					// End: Dovecot 2.x Config
+
 				)
 			),
 			'ftp' => Array(

templates/misc/configfiles/freebsd/bind9/etc_namedb_default-zone

@@ -0,0 +1,4 @@
+zone "default.zone" {
+	type master;
+	file "/etc/namedb/master/default.zone";
+};

templates/misc/configfiles/freebsd/bind9/etc_namedb_master_default.zone

@@ -0,0 +1,45 @@
+; default zone
+
+$TTL 1W
+
+; SOA Record
+@ IN SOA ns0 hostmaster (
+	2013031201 ; serial
+	1D	; refresh
+	1H	; retry
+	1W	; expiry
+	1D	; minimum
+)
+
+@	IN	NS	ns0
+	IN	MX	10 mail
+
+@	IN	A	<SERVERIP>
+	IN	MX	10 mail
+
+*	IN	A	<SERVERIP>
+	IN	MX	10 mail
+
+; Subdomain Records
+ns0	IN	A	<SERVERIP>
+mail	IN	A	<SERVERIP>
+
+; Additional Records
+@	IN	RP	hostmaster .
+	IN	SPF	"v=spf1 a mx -all"
+	IN	TXT	"dkim=all"
+
+; Services Records
+_http._tcp		IN	SRV	1 0 80 @
+_http._tcp.www		IN	SRV	0 0 80 www
+_ftp._tcp		IN	SRV	0 0 20 @
+_ftp._tcp		IN	SRV	0 0 21 @
+_dns._udp.ns0		IN	SRV	0 1 53 ns0
+_dns._tcp.ns0		IN	SRV	0 0 53 ns0
+_smtps._tcp.mail	IN	SRV	0 0 587 mail
+_smtps._tcp.mail	IN	SRV	1 0 465 mail
+_smtp._tcp.mail		IN	SRV	2 0 25 mail
+_imaps._tcp.mail	IN	SRV	0 0 993 mail
+_imap._tcp.mail		IN	SRV	1 0 143 mail
+_sieve._tcp.mail	IN	SRV	0 0 4190 mail
+_sieve._tcp.mail	IN	SRV	1 0 2000 mail

templates/misc/configfiles/freebsd/bind9/etc_namedb_named.conf

@@ -0,0 +1,32 @@
+options {
+
+	...
+
+	[snip]
+
+	# General
+	directory		"/etc/namedb/working";
+	pid-file		"/var/run/named.pid";
+
+	auth-nxdomain		no;
+
+	# Cache
+	dump-file		"/var/db/named";
+	max-cache-size		8m;
+
+	# DNSSEC
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-enable		yes;
+	dnssec-validation	yes;
+	dnssec-lookaside	auto;
+
+	random-device		"/dev/urandom";
+
+	[/snip]
+
+	...
+
+};

templates/misc/configfiles/freebsd/dovecot2/usr_local_etc_dovecot_dovecot-sql.conf

@@ -0,0 +1,8 @@
+driver = mysql
+connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
+default_pass_scheme = CRYPT
+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
+user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', (quota*1024)) as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
+
+# this query is used for doveadm:
+iterate_query = SELECT username AS user FROM mail_users

templates/misc/configfiles/freebsd/dovecot2/usr_local_etc_dovecot_dovecot.conf

@@ -0,0 +1,138 @@
+### Dovecot 2.x configuration file ###
+
+mail_plugins =
+protocols = imap lmtp sieve
+listen = *, [::]
+
+mail_uid = vmail
+mail_gid = vmail
+mail_access_groups = vmail
+
+disable_plaintext_auth = yes
+auth_mechanisms = plain login
+auth_cache_negative_ttl = 1 mins
+auth_cache_size = 1 k
+
+ssl = yes
+#ssl_cert = </example.crt
+#ssl_key = </example.key
+#ssl_ca = </example_ca.pem
+ssl_require_crl = yes
+ssl_protocols = TLSv1
+ssl_cipher_list = HIGH
+
+
+passdb {
+	args = /usr/local/etc/dovecot/dovecot-sql.conf
+	driver = sql
+}
+
+userdb {
+	args = /usr/local/etc/dovecot/dovecot-sql.conf
+	driver = sql
+}
+
+
+plugin {
+
+	# put your plugins here
+
+}
+
+
+service auth {
+
+	unix_listener /var/spool/postfix/private/auth {
+		group = postfix
+		mode = 0660
+		user = postfix
+	}
+
+}
+
+
+service auth-worker {
+
+	user = dovecot
+
+}
+
+
+lmtp_save_to_detail_mailbox = yes
+
+	service lmtp {
+
+		unix_listener /var/spool/postfix/private/dovecot-lmtp {
+		group = postfix
+		mode = 0660
+		user = postfix
+	}
+
+}
+
+
+service imap-login {
+
+	chroot = login
+	client_limit = 256
+	executable = /usr/local/libexec/dovecot/imap-login
+
+	process_min_avail = 2
+	process_limit = 128
+	service_count = 1
+
+	inet_listener imap {
+		address = *, [::]
+		port = 143
+	}
+
+	inet_listener imaps {
+		address = *, [::]
+		port = 993
+	}
+
+}
+
+
+service imap {
+
+	executable = /usr/local/libexec/dovecot/imap
+
+}
+
+
+service managesieve-login {
+
+	inet_listener sieve {
+		port = 4190
+	}
+
+	inet_listener sieve_deprecated {
+		port = 2000
+	}
+
+}
+
+
+protocol sieve {
+
+	# not implemented yet
+
+}
+
+
+protocol imap {
+
+	mail_plugins = $mail_plugins
+	imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
+	imap_max_line_length = 64 k
+
+}
+
+
+protocol lmtp {
+
+	mail_plugins = $mail_plugins
+	postmaster_address = postmaster@example.net
+
+}

templates/misc/configfiles/freebsd/nginx/usr_local_etc_nginx_nginx.conf

@@ -0,0 +1,62 @@
+### Nginx configuration file ###
+
+daemon on;
+user www www;
+worker_processes 4;
+
+error_log /var/log/nginx/nginx.log crit;
+pid /var/run/nginx.pid;
+
+
+events {
+	use	kqueue;
+	worker_connections	64;
+	accept_mutex_delay	50ms;
+}
+
+
+http {
+
+	access_log	/var/log/nginx/access.log;
+
+	include	mime.types;
+	default_type	application/octet-stream;
+	charset	utf-8;
+
+	sendfile	on;
+	tcp_nopush	on;
+	tcp_nodelay	on;
+
+	# Open File Cache
+	open_file_cache	max=512 inactive=20m;
+	open_file_cache_valid	60s;
+	open_file_cache_errors	on;
+
+	# FastCGI Cache
+	fastcgi_cache_key	"$scheme$request_method$host$request_uri";
+	fastcgi_cache_path	/var/tmp/nginx levels=1:2 keys_zone=cache:10m inactive=20m max_size=12m;
+	fastcgi_temp_path	/var/tmp/nginx 1 2;
+	fastcgi_cache	cache;
+	fastcgi_cache_valid	200	20m;
+	fastcgi_cache_valid	301 302 304	1h;
+	fastcgi_cache_valid	any	1m;
+	fastcgi_cache_use_stale	error timeout invalid_header http_500;
+
+	# SSL
+	#ssl_client_certificate	/path/to/example.pem;
+	#ssl_crl	/path/to/example.crl;
+	ssl_protocols	TLSv1 TLSv1.1 TLSv1.2;
+	ssl_ciphers	HIGH;
+	ssl_prefer_server_ciphers	on;
+	ssl_session_cache	builtin:256 shared:SSL:64k;
+	ssl_session_timeout	20m;
+
+	# GZip
+	gzip	on;
+	gzip_vary	on;
+	gzip_comp_level	6;
+	gzip_static	on;
+
+	include /usr/local/etc/nginx/conf.d/*.conf;
+
+}