maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Merge branch 'master' of github.com:Froxlor/Froxlor

Browse Source
This commit is contained in:
Michael Kaufmann (d00p)
2016-02-28 22:07:04 +01:00
parent 573fd69c95 71f502f508
commit cf8fbe2224
5 changed files with 271 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
lib/configfiles/gentoo.xml
View File

@@ -139,7 +139,7 @@ server.errorlog = var.logdir + "/error.log"
server.indexfiles = ("index.php", "index.html",
"index.htm", "default.htm")
server.name = "<SERVERNAME>"
server.port = 80
server.bind = "<SERVERIP>"
@@ -351,27 +351,27 @@ exit "$RETVAL"
<install><![CDATA[emerge net-dns/bind]]></install>
<file name="/etc/bind/default.zone">
<content><![CDATA[
$TTL 1W
@ IN SOA ns root (
2015020101 ; serial
8H ; refresh
2H ; retry
1W ; expiry
11h) ; minimum
$TTL 1W
@ IN SOA ns root (
2015020101 ; serial
8H ; refresh
2H ; retry
1W ; expiry
11h) ; minimum
IN NS ns
IN MX 10 mail
IN NS ns
IN MX 10 mail
IN A <SERVERIP>
IN MX 10 mail
IN A <SERVERIP>
IN MX 10 mail
* IN A <SERVERIP>
IN MX 10 mail
IN MX 10 mail
ns IN A <SERVERIP>
ns IN A <SERVERIP>
mail IN A <SERVERIP>
IN MX 10 mail
IN MX 10 mail
]]>
</content>
</file>
@@ -1091,9 +1091,9 @@ smtpd_recipient_restrictions = permit_mynetworks,
reject_non_fqdn_recipient
smtpd_sender_restrictions = permit_mynetworks,
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject_unknown_hostname,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
reject_unknown_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
@@ -1392,9 +1392,9 @@ smtpd_recipient_restrictions = permit_mynetworks,
reject_non_fqdn_recipient
smtpd_sender_restrictions = permit_mynetworks,
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject_unknown_hostname,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
reject_unknown_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
@@ -1489,7 +1489,7 @@ mail_debug = no
protocols = imap pop3 sieve
### SSL Settings
### After you obtained an SSL-certificate enable ssl here and
### After you obtained an SSL-certificate enable ssl here and
### set disable_plaintext_auth to yes (see above)
ssl = no
#ssl_cert = </etc/ssl/server/<SERVERNAME>.pem
@@ -1502,7 +1502,7 @@ passdb {
plugin {
quota = maildir:User Quota
# Sieve-Configuration
sieve = ~/sieve/.dovecot.sieve
sieve_dir = ~/sieve
@@ -1541,7 +1541,7 @@ userdb {
protocol imap {
mail_plugins = quota imap_quota
# IMAP logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
@@ -1551,7 +1551,7 @@ protocol imap {
protocol pop3 {
mail_plugins = quota
pop3_uidl_format = UID%u-%v
# POP3 logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
@@ -1696,7 +1696,7 @@ protocol sieve {
#
# location = [<type>:]path[;<option>[=<value>][;...]]
#
# If the type prefix is omitted, the script location type is 'file' and the
# If the type prefix is omitted, the script location type is 'file' and the
# location is interpreted as a local filesystem path pointing to a Sieve script
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
# information.
@@ -1707,7 +1707,7 @@ plugin {
# delivery. The "include" extension uses this location for retrieving
# :personal" scripts. This is also where the ManageSieve service will store
# the user's scripts, if supported.
#
#
# Currently only the 'file:' location type supports ManageSieve operation.
# Other location types like 'dict:' and 'ldap:' can currently only
# be used as a read-only script source ().
@@ -1727,15 +1727,15 @@ plugin {
# script.
#sieve_default = /var/lib/dovecot/sieve/default.sieve
# The name by which the default Sieve script (as configured by the
# sieve_default setting) is visible to the user through ManageSieve.
#sieve_default_name =
# The name by which the default Sieve script (as configured by the
# sieve_default setting) is visible to the user through ManageSieve.
#sieve_default_name =
# Location for ":global" include scripts as used by the "include" extension.
#sieve_global =
# Location Sieve of scripts that need to be executed before the user's
# personal script. If a 'file' location path points to a directory, all the
# personal script. If a 'file' location path points to a directory, all the
# Sieve scripts contained therein (with the proper `.sieve' extension) are
# executed. The order of execution within that directory is determined by the
# file names, using a normal 8bit per-character comparison.
@@ -2552,7 +2552,7 @@ POP3_TLS_REQUIRED=0
COURIERTLS=/usr/sbin/couriertls
##NAME: TLS_PROTOCOL:0
#
#
# TLS_PROTOCOL sets the protocol version. The possible versions are:
#
# SSL2 - SSLv2
@@ -2562,7 +2562,7 @@ COURIERTLS=/usr/sbin/couriertls
TLS_PROTOCOL=SSL3
##NAME: TLS_STARTTLS_PROTOCOL:0
#
#
# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS
# extension, as opposed to POP3 over SSL on port 995.
#
@@ -2756,7 +2756,7 @@ IMAP_TLS_REQUIRED=0
COURIERTLS=/usr/sbin/couriertls
##NAME: TLS_PROTOCOL:0
#
#
# TLS_PROTOCOL sets the protocol version. The possible versions are:
#
# SSL2 - SSLv2
@@ -2766,7 +2766,7 @@ COURIERTLS=/usr/sbin/couriertls
TLS_PROTOCOL=SSL3
##NAME: TLS_STARTTLS_PROTOCOL:0
#
#
# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
# extension, as opposed to IMAP over SSL on port 993.
#
@@ -2871,6 +2871,11 @@ MAILDIRPATH=.maildir
<daemon name="proftpd" title="ProFTPd" default="true">
<command><![CDATA[echo "net-ftp/proftpd mysql" >> /etc/portage/package.use]]></command>
<install><![CDATA[emerge net-ftp/proftpd]]></install>
<commands>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
</commands>
<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
@@ -2947,20 +2952,23 @@ SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, b
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
# TLS settings
#<IfModule mod_tls.c>
#TLSEngine on
#TLSLog /var/log/proftpd-tls.log
#TLSProtocol SSLv23
#TLSTimeoutHandshake 120
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd-tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
#TLSTimeoutHandshake 120
# Really important for WinClients and some clients
#TLSOptions NoCertRequest NoSessionReuseRequired
#TLSRSACertificateFile /etc/ssl/server/<SERVERNAME>.crt
#TLSRSACertificateKeyFile /etc/ssl/server/<SERVERNAME>.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
# Authenticate client that want to use FTP over TLS?
#TLSVerifyClient off
TLSVerifyClient off
# Uncomment the following line to force tls login
#TLSRequired off
#</IfModule>
#TLSRequired on
</IfModule>
# LOG settings
# Logging Formats
@@ -3207,7 +3215,7 @@ password <SQL_UNPRIVILEGED_PASSWORD>
</file>
<file name="/etc/nsswitch.conf" backup="true">
<content><![CDATA[
# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
# You should place mysql at the end, so that it is queried after the other mechanisams
#
passwd: compat mysql
@@ -3292,7 +3300,7 @@ aliases: files
<content><![CDATA[# remove "-D PHP5" from /etc/conf.d/apache2]]></content>
</command>
</commands>
<!-- instead of just restarting apache, we let the cronjob do all the
<!-- instead of just restarting apache, we let the cronjob do all the
dirty work -->
<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
</daemon>
@@ -3330,7 +3338,7 @@ aliases: files
</visibility>
<command><![CDATA[# remove "-D PHP5" from /etc/conf.d/apache2]]></command>
</commands>
<!-- instead of just restarting apache, we let the cronjob do all the
<!-- instead of just restarting apache, we let the cronjob do all the
dirty work -->
<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
</daemon>

198
lib/configfiles/jessie.xml
View File

@@ -217,7 +217,7 @@ http {
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
@@ -233,17 +233,17 @@ http {
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
#
# server {
# listen localhost:143;
# protocol imap;
@@ -1116,7 +1116,7 @@ data_directory = /var/lib/postfix
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
@@ -1133,7 +1133,7 @@ myhostname = mail.$mydomain
mydomain = <SERVERNAME>
# SENDING MAIL
#
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
@@ -1235,7 +1235,7 @@ mydomain = <SERVERNAME>
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
@@ -1255,7 +1255,7 @@ mydomain = <SERVERNAME>
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
@@ -1287,16 +1287,16 @@ unknown_local_recipient_reject_code = 550
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
@@ -1326,7 +1326,7 @@ mynetworks = 127.0.0.0/8
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
@@ -1334,7 +1334,7 @@ mynetworks = 127.0.0.0/8
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
@@ -1379,7 +1379,7 @@ mynetworks = 127.0.0.0/8
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
@@ -1388,15 +1388,15 @@ mynetworks = 127.0.0.0/8
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#
#in_flow_delay = 1s
# ADDRESS REWRITING
@@ -1426,7 +1426,7 @@ mynetworks = 127.0.0.0/8
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
@@ -1469,7 +1469,7 @@ mynetworks = 127.0.0.0/8
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
@@ -1511,7 +1511,7 @@ mynetworks = 127.0.0.0/8
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
@@ -1533,7 +1533,7 @@ mynetworks = 127.0.0.0/8
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/file/name
@@ -1556,15 +1556,15 @@ mynetworks = 127.0.0.0/8
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
@@ -1586,11 +1586,11 @@ mynetworks = 127.0.0.0/8
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
@@ -1616,7 +1616,7 @@ smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
@@ -1674,10 +1674,10 @@ debugger_command =
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
#
sendmail_path = /usr/sbin/sendmail
# newaliases_path: The full pathname of the Postfix newaliases command.
@@ -1687,7 +1687,7 @@ newaliases_path = /usr/bin/newaliases
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
#
mailq_path = /usr/bin/mailq
# setgid_group: The group for mail submission and queue management
@@ -1724,9 +1724,9 @@ smtpd_recipient_restrictions = permit_mynetworks,
reject_non_fqdn_recipient
smtpd_sender_restrictions = permit_mynetworks,
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject_unknown_helo_hostname,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
reject_unknown_helo_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
@@ -1734,7 +1734,7 @@ smtpd_client_restrictions = permit_mynetworks,
# Postfix 2.10 requires this option. Postfix < 2.10 ignores this.
# The option is intentionally left empty.
smtpd_relay_restrictions =
smtpd_relay_restrictions =
# Maximum size of Message in bytes (50MB)
message_size_limit = 52428800
@@ -1954,7 +1954,7 @@ dovecot unix - n n - - pipe
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
# A comma separated list of IPs or hosts where to listen in for connections.
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
@@ -1979,7 +1979,7 @@ dovecot unix - n n - - pipe
#login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
#login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
@@ -2068,7 +2068,7 @@ dict {
# );
# Database driver: mysql, pgsql, sqlite
driver = mysql
driver = mysql
# Database connection string. This is driver-specific setting.
#
@@ -2095,7 +2095,7 @@ driver = mysql
# option_file - Read options from the given file instead of
# the default my.cnf location
# option_group - Read options from the given group (default: client)
#
#
# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
# Note that currently you can't use spaces in parameters.
#
@@ -2134,7 +2134,7 @@ default_pass_scheme = CRYPT
# %u = entire user@domain
# %n = user part of user@domain
# %d = domain part of user@domain
#
#
# Note that these can be used only as input to SQL query. If the query outputs
# any of these substitutions, they're not touched. Otherwise it would be
# difficult to have eg. usernames containing '%' characters.
@@ -2218,7 +2218,7 @@ password_query = SELECT username AS user, password_enc AS password, CONCAT(homed
# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm =
#auth_default_realm =
# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
@@ -2261,7 +2261,7 @@ password_query = SELECT username AS user, password_enc AS password, CONCAT(homed
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file.
#auth_krb5_keytab =
#auth_krb5_keytab =
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
@@ -2276,9 +2276,9 @@ password_query = SELECT username AS user, password_enc AS password, CONCAT(homed
# Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no
# Take the username from client's SSL certificate, using
# Take the username from client's SSL certificate, using
# X509_NAME_get_text_by_NID() which returns the subject's DN's
# CommonName.
# CommonName.
#auth_ssl_username_from_cert = no
# Space separated list of wanted authentication mechanisms:
@@ -2368,11 +2368,11 @@ namespace inbox {
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format.
#separator =
#separator =
# Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/".
#prefix =
#prefix =
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
@@ -2501,7 +2501,7 @@ mail_access_groups = vmail
# WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you don't
# allow shell access for users. <doc/wiki/Chrooting.txt>
#valid_chroot_dirs =
#valid_chroot_dirs =
# Default chroot directory for mail processes. This can be overridden for
# specific users in user database by giving /./ in user's home directory
@@ -2509,7 +2509,7 @@ mail_access_groups = vmail
# need to do chrooting, Dovecot doesn't allow users to access files outside
# their mail directory anyway. If your home directories are prefixed with
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
#mail_chroot =
#mail_chroot =
# UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda.
@@ -2520,7 +2520,7 @@ mail_access_groups = vmail
# Space separated list of plugins to load for all services. Plugins specific to
# IMAP, LDA, etc. are added to this list in their own .conf files.
#mail_plugins =
#mail_plugins =
##
## Mailbox handling optimizations
@@ -2626,7 +2626,7 @@ mail_access_groups = vmail
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
# how it's expected to be. The only real downside to this setting is that if
# some other MUA changes message flags, Dovecot doesn't notice it immediately.
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
# commands.
#mbox_dirty_syncs = yes
@@ -2753,7 +2753,7 @@ service lmtp {
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#port =
#}
}
@@ -2787,8 +2787,8 @@ service auth {
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
#user =
#group =
}
# Postfix smtp-auth
@@ -2821,8 +2821,8 @@ service dict {
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
#user =
#group =
}
}
]]>
@@ -2841,7 +2841,7 @@ postmaster_address = postmaster@<SERVERNAME>
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
# in LMTP replies. Default is the system's real hostname@domain.
#hostname =
#hostname =
# If user is over quota, return with temporary failure instead of
# bouncing the mail.
@@ -2865,7 +2865,7 @@ postmaster_address = postmaster@<SERVERNAME>
#recipient_delimiter = +
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
# A commonly used header for this is X-Original-To.
#lda_original_recipient_header =
@@ -2901,7 +2901,7 @@ protocol lda {
# Override the IMAP CAPABILITY response. If the value begins with '+',
# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
#imap_capability =
#imap_capability =
# How long to wait between "OK Still here" notifications when client is
# IDLEing.
@@ -2910,7 +2910,7 @@ protocol lda {
# ID field names and values to send to clients. Using * as the value makes
# Dovecot use the default value. The following fields have default values
# currently: name, version, os, os-version, support-url, support-email.
#imap_id_send =
#imap_id_send =
# ID fields sent by client to log. * means everything.
#imap_id_log =
@@ -2933,7 +2933,7 @@ protocol lda {
# greyed out, instead of only later giving "not selectable" popup error.
#
# The list is space-separated.
#imap_client_workarounds =
#imap_client_workarounds =
# Host allowed in URLAUTH URLs sent by client. "*" allows all.
#imap_urlauth_host =
@@ -3122,7 +3122,7 @@ protocol sieve {
# Outlook Express and Netscape Mail breaks if end of headers-line is
# missing. This option simply sends it if it's missing.
# The list is space-separated.
#pop3_client_workarounds =
#pop3_client_workarounds =
protocol pop3 {
# Space separated list of plugins to load (default is global mail_plugins).
@@ -3276,6 +3276,11 @@ plugin {
<!-- Proftpd -->
<daemon name="proftpd" title="ProFTPd" default="true">
<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
<commands>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
</commands>
<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
@@ -3283,7 +3288,7 @@ plugin {
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
@@ -3311,7 +3316,7 @@ ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
@@ -3390,7 +3395,7 @@ Ratios off
# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
@@ -3416,7 +3421,7 @@ Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
@@ -3433,24 +3438,24 @@ Include /etc/proftpd/sql.conf
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
#
# RequireValidShell off
#
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
@@ -3463,7 +3468,7 @@ Include /etc/proftpd/sql.conf
# # AllowAll
# # </Limit>
# # </Directory>
#
#
# </Anonymous>
# Include other custom configuration files
@@ -3501,7 +3506,7 @@ LoadModule mod_sql.c
#LoadModule mod_ldap.c
#
# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives
# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives
# are required to have SQL authorization working. You can also comment out the
# unused module here, in alternative.
#
@@ -3510,7 +3515,7 @@ LoadModule mod_sql.c
# mod_sql.c module to use this.
LoadModule mod_sql_mysql.c
# Install proftpd-mod-pgsql and decomment the previous
# Install proftpd-mod-pgsql and decomment the previous
# mod_sql.c module to use this.
#LoadModule mod_sql_postgres.c
@@ -3522,7 +3527,7 @@ LoadModule mod_sql_mysql.c
# mod_sql.c module to use this
#LoadModule mod_sql_odbc.c
# Install one of the previous SQL backends and decomment
# Install one of the previous SQL backends and decomment
# the previous mod_sql.c module to use this
#LoadModule mod_sql_passwd.c
@@ -3533,7 +3538,7 @@ LoadModule mod_quotatab_file.c
# Install proftpd-mod-ldap to use this
#LoadModule mod_quotatab_ldap.c
# Install one of the previous SQL backends and decomment
# Install one of the previous SQL backends and decomment
# the previous mod_sql.c module to use this
LoadModule mod_quotatab_sql.c
LoadModule mod_quotatab_radius.c
@@ -3543,7 +3548,7 @@ LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
# Install one of the previous SQL backends and decomment
# Install one of the previous SQL backends and decomment
# the previous mod_sql.c module to use this
#LoadModule mod_wrap2_sql.c
LoadModule mod_dynmasq.c
@@ -3554,7 +3559,7 @@ LoadModule mod_site_misc.c
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
# Install one of the previous SQL backends and decomment
# Install one of the previous SQL backends and decomment
# the previous mod_sql.c module to use this
#LoadModule mod_sftp_sql.c
@@ -3590,7 +3595,7 @@ AuthOrder mod_sql.c
#
# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
@@ -3599,13 +3604,13 @@ SQLBackend mysql
SQLEngine on
SQLAuthenticate on
#
# Use both a crypted or plaintext password
# Use both a crypted or plaintext password
SQLAuthTypes Crypt
SQLAuthenticate users* groups*
#
# Connection
# Connection
SQLConnectInfo <SQL_DB>@<SQL_HOST> <SQL_UNPRIVILEGED_USER> <SQL_UNPRIVILEGED_PASSWORD>
#
# Describes both users/groups tables
@@ -3635,6 +3640,33 @@ SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/tls.conf" chown="root:root" chmod="0644" backup="true">
<content><![CDATA[
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>
@@ -3777,7 +3809,7 @@ MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled=
MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y"
# Optional : query to get the maximal number of files
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User='\L'
@@ -3971,7 +4003,7 @@ password <SQL_UNPRIVILEGED_PASSWORD>
</file>
<file name="/etc/nsswitch.conf" backup="true">
<content><![CDATA[
# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
# You should place mysql at the end, so that it is queried after the other mechanisams
#
passwd: compat mysql
@@ -4036,7 +4068,7 @@ aliases: files
<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
<command><![CDATA[a2dismod php5]]></command>
</commands>
<!-- instead of just restarting apache, we let the cronjob do all the
<!-- instead of just restarting apache, we let the cronjob do all the
dirty work -->
<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
</daemon>
@@ -4074,7 +4106,7 @@ aliases: files
</visibility>
<command><![CDATA[a2dismod php5]]></command>
</commands>
<!-- instead of just restarting apache, we let the cronjob do all the
<!-- instead of just restarting apache, we let the cronjob do all the
dirty work -->
<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
</daemon>

34
lib/configfiles/precise.xml
View File

@@ -1098,6 +1098,11 @@ MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
<!-- Proftpd -->
<daemon name="proftpd" title="ProFTPd" default="true">
<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
<commands>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
</commands>
<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
@@ -1230,7 +1235,7 @@ Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
Include /etc/proftpd/tls.conf
]]>
</content>
</file>
@@ -1337,6 +1342,33 @@ SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/tls.conf" chown="root:root" chmod="0644" backup="true">
<content><![CDATA[
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>

34
lib/configfiles/trusty.xml
View File

@@ -1101,6 +1101,11 @@ MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
<!-- Proftpd -->
<daemon name="proftpd" title="ProFTPd" default="true">
<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
<commands>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
</commands>
<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
@@ -1233,7 +1238,7 @@ Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
Include /etc/proftpd/tls.conf
]]>
</content>
</file>
@@ -1340,6 +1345,33 @@ SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/tls.conf" chown="root:root" chmod="0644" backup="true">
<content><![CDATA[
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>

34
lib/configfiles/wheezy.xml
View File

@@ -4381,6 +4381,11 @@ MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
<!-- Proftpd -->
<daemon name="proftpd" title="ProFTPd" default="true">
<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
<commands>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
</commands>
<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
@@ -4521,7 +4526,7 @@ Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
@@ -4716,6 +4721,33 @@ SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/tls.conf" chown="root:root" chmod="0644" backup="true">
<content><![CDATA[
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>