add openSuSE 11 configs, based on the work of Andrej Semen and Wolfgang Rosenauer in the OBS, thanks!
Signed-off-by: Robert Förster (Dessa) <Dessa@froxlor.org>
This commit is contained in:
Robert Förster (Dessa)
@@ -0,0 +1,103 @@
|
||||
##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $
|
||||
#
|
||||
# Copyright 2000-2005 Double Precision, Inc. See COPYING for
|
||||
# distribution information.
|
||||
#
|
||||
# authdaemonrc created from authdaemonrc.dist by sysconftool
|
||||
#
|
||||
# Do not alter lines that begin with ##, they are used when upgrading
|
||||
# this configuration.
|
||||
#
|
||||
# This file configures authdaemond, the resident authentication daemon.
|
||||
#
|
||||
# Comments in this file are ignored. Although this file is intended to
|
||||
# be sourced as a shell script, authdaemond parses it manually, so
|
||||
# the acceptable syntax is a bit limited. Multiline variable contents,
|
||||
# with the \ continuation character, are not allowed. Everything must
|
||||
# fit on one line. Do not use any additional whitespace for indentation,
|
||||
# or anything else.
|
||||
|
||||
##NAME: authmodulelist:2
|
||||
#
|
||||
# The authentication modules that are linked into authdaemond. The
|
||||
# default list is installed. You may selectively disable modules simply
|
||||
# by removing them from the following list. The available modules you
|
||||
# can use are: authuserdb authpam authldap authmysql authcustom authpipe
|
||||
|
||||
authmodulelist="authmysql"
|
||||
|
||||
##NAME: authmodulelistorig:3
|
||||
#
|
||||
# This setting is used by Courier's webadmin module, and should be left
|
||||
# alone
|
||||
|
||||
authmodulelistorig="authcustom authcram authuserdb authldap authmysql authpam"
|
||||
|
||||
##NAME: daemons:0
|
||||
#
|
||||
# The number of daemon processes that are started. authdaemon is typically
|
||||
# installed where authentication modules are relatively expensive: such
|
||||
# as authldap, or authmysql, so it's better to have a number of them running.
|
||||
# PLEASE NOTE: Some platforms may experience a problem if there's more than
|
||||
# one daemon. Specifically, SystemV derived platforms that use TLI with
|
||||
# socket emulation. I'm suspicious of TLI's ability to handle multiple
|
||||
# processes accepting connections on the same filesystem domain socket.
|
||||
#
|
||||
# You may need to increase daemons if as your system load increases. Symptoms
|
||||
# include sporadic authentication failures. If you start getting
|
||||
# authentication failures, increase daemons. However, the default of 5
|
||||
# SHOULD be sufficient. Bumping up daemon count is only a short-term
|
||||
# solution. The permanent solution is to add more resources: RAM, faster
|
||||
# disks, faster CPUs...
|
||||
|
||||
daemons=5
|
||||
|
||||
##NAME: authdaemonvar:2
|
||||
#
|
||||
# authdaemonvar is here, but is not used directly by authdaemond. It's
|
||||
# used by various configuration and build scripts, so don't touch it!
|
||||
|
||||
authdaemonvar=/var/run/authdaemon.courier-imap
|
||||
|
||||
##NAME: DEBUG_LOGIN:0
|
||||
#
|
||||
# Dump additional diagnostics to syslog
|
||||
#
|
||||
# DEBUG_LOGIN=0 - turn off debugging
|
||||
# DEBUG_LOGIN=1 - turn on debugging
|
||||
# DEBUG_LOGIN=2 - turn on debugging + log passwords too
|
||||
#
|
||||
# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
|
||||
#
|
||||
# Note that most information is sent to syslog at level 'debug', so
|
||||
# you may need to modify your /etc/syslog.conf to be able to see it.
|
||||
|
||||
DEBUG_LOGIN=0
|
||||
|
||||
##NAME: DEFAULTOPTIONS:0
|
||||
#
|
||||
# A comma-separated list of option=value pairs. Each option is applied
|
||||
# to an account if the account does not have its own specific value for
|
||||
# that option. So for example, you can set
|
||||
# DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
|
||||
# and then enable webmail and/or imap on individual accounts by setting
|
||||
# disablewebmail=0 and/or disableimap=0 on the account.
|
||||
|
||||
DEFAULTOPTIONS=""
|
||||
|
||||
##NAME: LOGGEROPTS:0
|
||||
#
|
||||
# courierlogger(1) options, e.g. to set syslog facility
|
||||
#
|
||||
|
||||
LOGGEROPTS=""
|
||||
|
||||
##NAME: LDAP_TLS_OPTIONS:0
|
||||
#
|
||||
# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'.
|
||||
# Examples:
|
||||
#
|
||||
#LDAPTLS_CACERT=/path/to/cacert.pem
|
||||
#LDAPTLS_REQCERT=demand
|
||||
#LDAPTLS_CERT=/path/to/clientcert.pem
|
||||
#LDAPTLS_KEY=/path/to/clientkey.pem
|
||||
@@ -0,0 +1,12 @@
|
||||
MYSQL_SERVER <SQL_HOST>
|
||||
MYSQL_USERNAME <SQL_UNPRIVILEGED_USER>
|
||||
MYSQL_PASSWORD <SQL_UNPRIVILEGED_PASSWORD>
|
||||
MYSQL_PORT 3306
|
||||
MYSQL_DATABASE <SQL_DB>
|
||||
MYSQL_USER_TABLE mail_users
|
||||
MYSQL_CRYPT_PWFIELD password_enc
|
||||
MYSQL_UID_FIELD uid
|
||||
MYSQL_GID_FIELD gid
|
||||
MYSQL_LOGIN_FIELD username
|
||||
MYSQL_HOME_FIELD homedir
|
||||
MYSQL_MAILDIR_FIELD maildir
|
||||
@@ -0,0 +1,8 @@
|
||||
#
|
||||
# Set PATH, otherwise restart-scripts won't find start-stop-daemon
|
||||
#
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
#
|
||||
# Regular cron jobs for the froxlor package
|
||||
#
|
||||
*/5 * * * * root /usr/bin/php5 -q /srv/www/froxlor/scripts/froxlor_master_cronjob.php
|
||||
@@ -0,0 +1,3 @@
|
||||
Syslog yes
|
||||
Domain /etc/postfix/dkim/domains
|
||||
KeyList /etc/postfix/dkim/dkim-keys.conf
|
||||
@@ -0,0 +1,5 @@
|
||||
driver = mysql
|
||||
connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
|
||||
default_pass_scheme = CRYPT
|
||||
user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', (quota*1024)) as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
|
||||
password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', (quota*1024)) as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp')
|
||||
@@ -0,0 +1,71 @@
|
||||
protocols = imap pop3 <SSLPROTOCOLS>
|
||||
listen = *
|
||||
mail_access_groups = vmail
|
||||
mail_debug = no
|
||||
## allow Plaintext Logins from foreign IP if the Connection doesn't use TLS
|
||||
disable_plaintext_auth = no
|
||||
|
||||
### SSL Settings
|
||||
### After setting this options, set disable_plaintext_auth to yes (see above)
|
||||
### and add imaps pop3s to the protocols
|
||||
#ssl_cert_file = /etc/ssl/server/<SERVERNAME>.pem
|
||||
#ssl_key_file = /etc/ssl/server/<SERVERNAME>.key
|
||||
## This is an example with CACerts class3 cert!
|
||||
#ssl_ca_file = /path/to/cacert.class3.crt
|
||||
#ssl_cipher_list = ALL:!LOW:!SSLv2
|
||||
|
||||
protocol imap {
|
||||
mail_plugins = quota imap_quota
|
||||
}
|
||||
|
||||
protocol pop3 {
|
||||
# leave this uncommented if you are migrating from Courier also see Migration from Courier
|
||||
pop3_uidl_format = UID%u-%v
|
||||
mail_plugins = quota
|
||||
|
||||
}
|
||||
protocol lda {
|
||||
# postmaster is the one in charge of the mail system. MUST be set to a valid address!
|
||||
postmaster_address = <postmaster-address>
|
||||
auth_socket_path = /var/run/dovecot/auth-master
|
||||
mail_plugins = quota
|
||||
sendmail_path = /usr/sbin/sendmail
|
||||
}
|
||||
|
||||
auth default {
|
||||
mechanisms = plain login
|
||||
passdb sql {
|
||||
args = /etc/dovecot/dovecot-sql.conf
|
||||
}
|
||||
|
||||
userdb prefetch {
|
||||
}
|
||||
|
||||
userdb sql {
|
||||
args = /etc/dovecot/dovecot-sql.conf
|
||||
}
|
||||
|
||||
user = vmail
|
||||
socket listen {
|
||||
# Postfix uses the client socket for SMTP Auth
|
||||
client {
|
||||
# Assuming the default Postfix $queue_directory setting
|
||||
path = /var/spool/postfix/private/auth
|
||||
mode = 0660
|
||||
# Assuming the default Postfix user and group
|
||||
user = postfix
|
||||
group = postfix
|
||||
}
|
||||
# Note that we're setting a master socket. SMTP AUTH for Postfix and Exim uses client sockets.
|
||||
master {
|
||||
path = /var/run/dovecot/auth-master
|
||||
mode = 0660
|
||||
user = vmail
|
||||
group = vmail
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
plugin {
|
||||
quota = maildir:User quota
|
||||
}
|
||||
@@ -0,0 +1,125 @@
|
||||
### acl/30_exim4-config_check_rcpt
|
||||
#################################
|
||||
|
||||
acl_check_rcpt:
|
||||
accept
|
||||
hosts = :
|
||||
|
||||
warn
|
||||
hosts = +relay_from_hosts
|
||||
control = submission/sender_retain
|
||||
|
||||
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
|
||||
deny
|
||||
domains = +local_domains:+froxlor_domain
|
||||
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
|
||||
message = restricted characters in address
|
||||
.endif
|
||||
|
||||
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
|
||||
deny
|
||||
domains = !+local_domains
|
||||
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
|
||||
message = restricted characters in address
|
||||
.endif
|
||||
|
||||
accept
|
||||
.ifndef CHECK_RCPT_POSTMASTER
|
||||
local_parts = postmaster
|
||||
.else
|
||||
local_parts = CHECK_RCPT_POSTMASTER
|
||||
.endif
|
||||
domains = +local_domains:+froxlor_domain
|
||||
|
||||
deny
|
||||
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
|
||||
!acl = acl_local_deny_exceptions
|
||||
senders = ${if exists{CONFDIR/local_sender_blacklist}\
|
||||
{CONFDIR/local_sender_blacklist}\
|
||||
{}}
|
||||
|
||||
deny
|
||||
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
|
||||
!acl = acl_local_deny_exceptions
|
||||
hosts = ${if exists{CONFDIR/local_host_blacklist}\
|
||||
{CONFDIR/local_host_blacklist}\
|
||||
{}}
|
||||
|
||||
.ifdef CHECK_RCPT_VERIFY_SENDER
|
||||
deny
|
||||
message = Sender verification failed
|
||||
!acl = acl_local_deny_exceptions
|
||||
!verify = sender
|
||||
.endif
|
||||
|
||||
deny
|
||||
!acl = acl_local_deny_exceptions
|
||||
senders = ${if exists{CONFDIR/local_sender_callout}\
|
||||
{CONFDIR/local_sender_callout}\
|
||||
{}}
|
||||
!verify = sender/callout
|
||||
|
||||
deny
|
||||
!acl = acl_local_deny_exceptions
|
||||
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
|
||||
{CONFDIR/local_rcpt_callout}\
|
||||
{}}
|
||||
!verify = recipient/callout
|
||||
|
||||
.ifdef CHECK_RCPT_REVERSE_DNS
|
||||
warn
|
||||
message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
|
||||
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
|
||||
{yes}{no}}
|
||||
.endif
|
||||
|
||||
.ifdef CHECK_RCPT_IP_DNSBLS
|
||||
warn
|
||||
message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|
||||
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|
||||
dnslists = CHECK_RCPT_IP_DNSBLS
|
||||
.endif
|
||||
|
||||
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
|
||||
warn
|
||||
message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|
||||
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|
||||
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
|
||||
{CONFDIR/local_domain_dnsbl_whitelist}\
|
||||
{}}
|
||||
dnslists = CHECK_RCPT_DOMAIN_DNSBLS/$sender_address_domain
|
||||
.endif
|
||||
|
||||
.ifdef CHECK_RCPT_LOCAL_ACL_FILE
|
||||
.include CHECK_RCPT_LOCAL_ACL_FILE
|
||||
.endif
|
||||
|
||||
accept
|
||||
domains = +local_domains:+froxlor_domain
|
||||
endpass
|
||||
message = unknown user
|
||||
verify = recipient
|
||||
|
||||
accept
|
||||
domains = +relay_to_domains
|
||||
endpass
|
||||
.ifdef CHECK_RCPT_GIVE_UNKNOWN_USER
|
||||
message = ${if eq{$acl_verify_message}{Unrouteable address}{unknown user}{$acl_verify_message}}
|
||||
.else
|
||||
message = unrouteable address
|
||||
.endif
|
||||
verify = recipient
|
||||
|
||||
############
|
||||
# If control reaches this point, the domain is neither in +local_domains
|
||||
# nor in +relay_to_domains.
|
||||
############
|
||||
|
||||
accept
|
||||
hosts = +relay_from_hosts
|
||||
|
||||
accept
|
||||
authenticated = *
|
||||
|
||||
deny
|
||||
message = relay not permitted
|
||||
@@ -0,0 +1,30 @@
|
||||
### auth/30_froxlor-config
|
||||
#################################
|
||||
|
||||
plain_server:
|
||||
driver = plaintext
|
||||
public_name = PLAIN
|
||||
server_condition = "${if and { \
|
||||
{!eq{$2}{}} \
|
||||
{!eq{$3}{}} \
|
||||
{crypteq{$3}{${lookup mysql{FROXLOR_AUTH_PLAIN}{$value}fail}}} \
|
||||
} {yes}{no}}"
|
||||
server_set_id = $2
|
||||
server_prompts = :
|
||||
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
|
||||
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
|
||||
# .endif
|
||||
|
||||
login_server:
|
||||
driver = plaintext
|
||||
public_name = LOGIN
|
||||
server_prompts = "Username:: : Password::"
|
||||
server_condition = "${if and { \
|
||||
{!eq{$1}{}} \
|
||||
{!eq{$2}{}} \
|
||||
{crypteq{$2}{${lookup mysql{FROXLOR_AUTH_LOGIN}{$value}fail}}} \
|
||||
} {yes}{no}}"
|
||||
server_set_id = $1
|
||||
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
|
||||
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
|
||||
# .endif
|
||||
@@ -0,0 +1,20 @@
|
||||
hide mysql_servers = <SQL_HOST>/<SQL_DB>/<SQL_UNPRIVILEGED_USER>/<SQL_UNPRIVILEGED_PASSWORD>
|
||||
|
||||
FROXLOR_LOCAL_DOMAIN = SELECT domain FROM panel_domains WHERE domain = '${quote_mysql:$domain}' AND isemaildomain = '1'
|
||||
|
||||
FROXLOR_MAILALIAS = SELECT REPLACE(destination,' ',',') FROM mail_virtual WHERE \
|
||||
(( email = '${quote_mysql:$local_part}@${quote_mysql:$domain}' ) \
|
||||
OR ( email = '@${quote_mysql:$domain}' AND iscatchall > 0 )) \
|
||||
AND destination <> '' AND destination <> ' ' ORDER BY iscatchall ASC LIMIT 1
|
||||
|
||||
FROXLOR_MAILUSER = SELECT CONCAT(homedir,maildir) FROM mail_users WHERE \
|
||||
email = '${quote_mysql:$local_part}@${quote_mysql:$domain}' AND postfix = 'y'
|
||||
|
||||
FROXLOR_PARENT_DOMAIN = SELECT parent.domain FROM `panel_domains` AS parent INNER JOIN panel_domains AS alias \
|
||||
ON alias.domain = '${quote_mysql:$domain}' AND parent.id = alias.aliasdomain
|
||||
|
||||
FROXLOR_AUTH_PLAIN = SELECT password_enc FROM mail_users WHERE username = '${quote_mysql:$2}'
|
||||
|
||||
FROXLOR_AUTH_LOGIN = SELECT password_enc FROM mail_users WHERE username = '${quote_mysql:$1}'
|
||||
|
||||
domainlist froxlor_domain = mysql;FROXLOR_LOCAL_DOMAIN
|
||||
@@ -0,0 +1,12 @@
|
||||
froxlor_mailalias:
|
||||
debug_print = "R: froxlor_mailalias for $local_part@$domain"
|
||||
driver = redirect
|
||||
domains = +froxlor_domain
|
||||
data = ${lookup mysql {FROXLOR_MAILALIAS}{$value}fail}
|
||||
|
||||
froxlor_mailuser:
|
||||
debug_print = "R: froxlor_mailuser for $local_part@$domain"
|
||||
driver = redirect
|
||||
domains = +froxlor_domain
|
||||
data = ${lookup mysql {FROXLOR_MAILUSER}{$value}fail}
|
||||
directory_transport = maildir_froxlor
|
||||
@@ -0,0 +1,13 @@
|
||||
maildir_froxlor:
|
||||
debug_print = "T: maildir_froxlor for $local_part@$domain"
|
||||
driver = appendfile
|
||||
create_directory
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
maildir_format
|
||||
directory_mode = 0770
|
||||
mode = 0660
|
||||
mode_fail_narrower = false
|
||||
user = 2000
|
||||
group = 2000
|
||||
@@ -0,0 +1,63 @@
|
||||
queue_directory = /var/spool/postfix
|
||||
command_directory = /usr/sbin
|
||||
daemon_directory = /usr/lib/postfix
|
||||
mail_owner = postfix
|
||||
inet_interfaces = all
|
||||
unknown_local_recipient_reject_code = 550
|
||||
debug_peer_level = 2
|
||||
debugger_command =
|
||||
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||
xxgdb $daemon_directory/$process_name $process_id & sleep 5
|
||||
sendmail_path = /usr/sbin/sendmail
|
||||
newaliases_path = /usr/bin/newaliases
|
||||
mailq_path = /usr/bin/mailq
|
||||
setgid_group = maildrop
|
||||
html_directory = /usr/share/doc/packages/postfix/html
|
||||
manpage_directory = /usr/share/man
|
||||
sample_directory = /usr/share/doc/packages/postfix/samples
|
||||
readme_directory = /usr/share/doc/packages/postfix/README_FILES
|
||||
inet_protocols = all
|
||||
biff = no
|
||||
append_dot_mydomain = no
|
||||
mail_spool_directory = /var/mail
|
||||
canonical_maps = hash:/etc/postfix/canonical
|
||||
virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
|
||||
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
|
||||
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
|
||||
virtual_alias_domains =
|
||||
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
|
||||
virtual_uid_maps = static:<VIRTUAL_UID_MAPS>
|
||||
virtual_gid_maps = static:<VIRTUAL_GID_MAPS>
|
||||
virtual_maps = hash:/etc/postfix/virtual
|
||||
relocated_maps = hash:/etc/postfix/relocated
|
||||
transport_maps = hash:/etc/postfix/transport
|
||||
sender_canonical_maps = hash:/etc/postfix/sender_canonical
|
||||
masquerade_exceptions = root
|
||||
masquerade_classes = envelope_sender, header_sender, header_recipient
|
||||
myhostname = <SERVERNAME>
|
||||
program_directory = /usr/lib/postfix
|
||||
masquerade_domains =
|
||||
mydestination = $myhostname $mydomain localhost localhost.$mydomain
|
||||
mynetworks = 127.0.0.0/8
|
||||
defer_transports =
|
||||
disable_dns_lookups = no
|
||||
relayhost =
|
||||
mailbox_command =
|
||||
mailbox_transport =
|
||||
strict_8bitmime = no
|
||||
disable_mime_output_conversion = no
|
||||
smtpd_client_restrictions =
|
||||
smtpd_helo_required = no
|
||||
smtpd_helo_restrictions =
|
||||
strict_rfc821_envelopes = no
|
||||
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
|
||||
smtpd_sasl_auth_enable = yes
|
||||
smtpd_sasl_local_domain = $myhostname
|
||||
smtpd_sasl_security_options = noanonymous
|
||||
broken_sasl_auth_clients = yes
|
||||
#smtpd_use_tls = no
|
||||
#smtp_use_tls = no
|
||||
alias_maps = $alias_database
|
||||
mailbox_size_limit = 0
|
||||
virtual_mailbox_limit = 0
|
||||
message_size_limit = 10240000
|
||||
@@ -0,0 +1,8 @@
|
||||
user = <SQL_UNPRIVILEGED_USER>
|
||||
password = <SQL_UNPRIVILEGED_PASSWORD>
|
||||
dbname = <SQL_DB>
|
||||
table = mail_virtual
|
||||
select_field = destination
|
||||
where_field = email
|
||||
additional_conditions = and TRIM(destination) <> ''
|
||||
hosts = <SQL_HOST>
|
||||
@@ -0,0 +1,8 @@
|
||||
user = <SQL_UNPRIVILEGED_USER>
|
||||
password = <SQL_UNPRIVILEGED_PASSWORD>
|
||||
dbname = <SQL_DB>
|
||||
table = panel_domains
|
||||
select_field = domain
|
||||
where_field = domain
|
||||
additional_conditions = and isemaildomain = '1'
|
||||
hosts = <SQL_HOST>
|
||||
@@ -0,0 +1,7 @@
|
||||
user = <SQL_UNPRIVILEGED_USER>
|
||||
password = <SQL_UNPRIVILEGED_PASSWORD>
|
||||
dbname = <SQL_DB>
|
||||
table = mail_users
|
||||
select_field = maildir
|
||||
where_field = email
|
||||
hosts = <SQL_HOST>
|
||||
@@ -0,0 +1,9 @@
|
||||
pwcheck_method: auxprop
|
||||
auxprop_plugin: sql
|
||||
mech_list: plain login cram-md5 digest-md5
|
||||
sql_engine: mysql
|
||||
sql_hostnames: <SQL_HOST>
|
||||
sql_user: <SQL_UNPRIVILEGED_USER>
|
||||
sql_passwd: <SQL_UNPRIVILEGED_PASSWORD>
|
||||
sql_database: <SQL_DB>
|
||||
sql_select: select password from mail_users where username='%u@%r'
|
||||
@@ -0,0 +1,76 @@
|
||||
## General Postfix configuration
|
||||
|
||||
# should be different from $mydomain eg. "mail.$mydomain"
|
||||
myhostname = <SERVERNAME>
|
||||
|
||||
mydestination = $myhostname,
|
||||
$mydomain,
|
||||
localhost.$myhostname,
|
||||
localhost.$mydomain,
|
||||
localhost
|
||||
mynetworks = 127.0.0.0/8
|
||||
inet_interfaces = all
|
||||
append_dot_mydomain = no
|
||||
biff = no
|
||||
|
||||
# Postfix performance settings
|
||||
default_destination_concurrency_limit = 20
|
||||
local_destination_concurrency_limit = 2
|
||||
|
||||
# SMTPD Settings
|
||||
smtpd_banner = $myhostname ESMTP $mail_name
|
||||
smtpd_helo_required = yes
|
||||
smtpd_recipient_restrictions = permit_mynetworks,
|
||||
permit_sasl_authenticated,
|
||||
reject_unauth_destination,
|
||||
reject_unauth_pipelining,
|
||||
reject_non_fqdn_recipient
|
||||
smtpd_sender_restrictions = permit_mynetworks,
|
||||
reject_sender_login_mismatch,
|
||||
permit_sasl_authenticated,
|
||||
reject_unknown_helo_hostname,
|
||||
reject_unknown_recipient_domain,
|
||||
reject_unknown_sender_domain
|
||||
smtpd_client_restrictions = permit_mynetworks,
|
||||
permit_sasl_authenticated,
|
||||
reject_unknown_client_hostname
|
||||
# Maximum size of Message in bytes (50MB)
|
||||
message_size_limit = 52428800
|
||||
|
||||
## SASL Auth Settings
|
||||
smtpd_sasl_auth_enable = yes
|
||||
smtpd_sasl_local_domain = $myhostname
|
||||
broken_sasl_auth_clients = yes
|
||||
## Dovecot Settings for deliver, SASL Auth and virtual transport
|
||||
smtpd_sasl_type = dovecot
|
||||
mailbox_command = /usr/lib/dovecot/deliver
|
||||
virtual_transport = dovecot
|
||||
dovecot_destination_recipient_limit = 1
|
||||
smtpd_sasl_path = private/auth
|
||||
|
||||
# Virtual delivery settings
|
||||
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
|
||||
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
|
||||
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
|
||||
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
|
||||
|
||||
# Local delivery settings
|
||||
local_transport = local
|
||||
alias_maps = $alias_database
|
||||
|
||||
### TLS settings
|
||||
###
|
||||
## TLS for outgoing mails from the server to another server
|
||||
#smtp_tls_security_level = may
|
||||
#smtp_tls_note_starttls_offer = yes
|
||||
## TLS for email client
|
||||
#smtpd_tls_security_level = may
|
||||
#smtpd_tls_cert_file = /etc/ssl/server/<SERVERNAME>.pem
|
||||
#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||
#smtpd_tls_loglevel = 1
|
||||
#smtpd_tls_received_header = yes
|
||||
|
||||
debugger_command =
|
||||
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||
ddd $daemon_directory/$process_name $process_id & sleep 5
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
# Add this lines to be able to use dovecot as delivery agent
|
||||
# Dovecot LDA
|
||||
dovecot unix - n n - - pipe
|
||||
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
|
||||
@@ -0,0 +1,8 @@
|
||||
user = <SQL_UNPRIVILEGED_USER>
|
||||
password = <SQL_UNPRIVILEGED_PASSWORD>
|
||||
dbname = <SQL_DB>
|
||||
table = mail_virtual
|
||||
select_field = destination
|
||||
where_field = email
|
||||
additional_conditions = and TRIM(destination) <> ''
|
||||
hosts = <SQL_HOST>
|
||||
@@ -0,0 +1,8 @@
|
||||
user = <SQL_UNPRIVILEGED_USER>
|
||||
password = <SQL_UNPRIVILEGED_PASSWORD>
|
||||
dbname = <SQL_DB>
|
||||
table = panel_domains
|
||||
select_field = domain
|
||||
where_field = domain
|
||||
additional_conditions = and isemaildomain = '1'
|
||||
hosts = <SQL_HOST>
|
||||
@@ -0,0 +1,7 @@
|
||||
user = <SQL_UNPRIVILEGED_USER>
|
||||
password = <SQL_UNPRIVILEGED_PASSWORD>
|
||||
dbname = <SQL_DB>
|
||||
table = mail_users
|
||||
select_field = maildir
|
||||
where_field = email
|
||||
hosts = <SQL_HOST>
|
||||
@@ -0,0 +1,5 @@
|
||||
user = <SQL_UNPRIVILEGED_USER>
|
||||
password = <SQL_UNPRIVILEGED_PASSWORD>
|
||||
dbname = <SQL_DB>
|
||||
query = select distinct username from mail_users where email in ((select mail_virtual.email_full from mail_virtual where mail_virtual.email = '%s' union select mail_virtual.destination from mail_virtual where mail_virtual.email = '%s'));
|
||||
hosts = <SQL_HOST>
|
||||
@@ -0,0 +1,25 @@
|
||||
#
|
||||
# ATTENTION - this is not the full postfix-main.cf file
|
||||
#
|
||||
# it only provides additional configuration-entries!
|
||||
#
|
||||
|
||||
#
|
||||
# look for the follow statement
|
||||
#
|
||||
smtpd_recipient_restrictions = permit_mynetworks,
|
||||
permit_sasl_authenticated,
|
||||
reject_unauth_destination,
|
||||
reject_unauth_pipelining,
|
||||
reject_non_fqdn_recipient
|
||||
|
||||
#
|
||||
# and extend it with the following line
|
||||
# so it looks like this
|
||||
#
|
||||
smtpd_recipient_restrictions = permit_mynetworks,
|
||||
permit_sasl_authenticated,
|
||||
reject_unauth_destination,
|
||||
reject_unauth_pipelining,
|
||||
reject_non_fqdn_recipient,
|
||||
check_recipient_mx_access cidr:/etc/postfix/mx_access
|
||||
@@ -0,0 +1,9 @@
|
||||
0.0.0.0/8 REJECT Domain MX in broadcast network
|
||||
10.0.0.0/8 REJECT Domain MX in RFC 1918 private network
|
||||
169.254.0.0/16 REJECT Domain MX in link local network
|
||||
172.16.0.0/12 REJECT Domain MX in RFC 1918 private network
|
||||
192.0.2.0/24 REJECT Domain MX in TEST-NET network
|
||||
192.168.0.0/16 REJECT Domain MX in RFC 1918 private network
|
||||
224.0.0.0/4 REJECT Domain MX in class D multicast network
|
||||
240.0.0.0/5 REJECT Domain MX in class E reserved network
|
||||
248.0.0.0/5 REJECT Domain MX in reserved network
|
||||
@@ -0,0 +1,30 @@
|
||||
#
|
||||
# This file is used to manage DSO modules and features.
|
||||
#
|
||||
|
||||
# This is the directory where DSO modules resides
|
||||
|
||||
ModulePath /usr/lib/proftpd
|
||||
|
||||
# Allow only user root to load and unload modules, but allow everyone
|
||||
# to see which modules have been loaded
|
||||
|
||||
ModuleControlsACLs insmod,rmmod allow user root
|
||||
ModuleControlsACLs lsmod allow user *
|
||||
|
||||
#LoadModule mod_ctrls_admin.c
|
||||
LoadModule mod_tls.c
|
||||
LoadModule mod_sql.c
|
||||
#LoadModule mod_ldap.c
|
||||
LoadModule mod_sql_mysql.c
|
||||
#LoadModule mod_sql_postgres.c
|
||||
LoadModule mod_quotatab.c
|
||||
#LoadModule mod_quotatab_file.c
|
||||
#LoadModule mod_quotatab_ldap.c
|
||||
LoadModule mod_quotatab_sql.c
|
||||
#LoadModule mod_radius.c
|
||||
LoadModule mod_wrap.c
|
||||
LoadModule mod_rewrite.c
|
||||
|
||||
# keep this module the last one
|
||||
LoadModule mod_ifsession.c
|
||||
@@ -0,0 +1,84 @@
|
||||
Include /etc/proftpd/modules.conf
|
||||
|
||||
ServerName "<SERVERNAME> FTP Server"
|
||||
ServerType standalone
|
||||
DeferWelcome off
|
||||
|
||||
MultilineRFC2228 on
|
||||
DefaultServer on
|
||||
ShowSymlinks on
|
||||
AllowOverwrite on
|
||||
|
||||
TimeoutNoTransfer 600
|
||||
TimeoutStalled 600
|
||||
TimeoutIdle 1200
|
||||
|
||||
DisplayLogin welcome.msg
|
||||
DisplayChdir .message
|
||||
ListOptions "-l"
|
||||
|
||||
DenyFilter \*.*/
|
||||
|
||||
Port 21
|
||||
MaxInstances 30
|
||||
UseIPv6 off
|
||||
|
||||
TransferLog /var/log/proftpd/xferlog
|
||||
SystemLog /var/log/proftpd/proftpd.log
|
||||
|
||||
# Allow up- and downloads to be continued
|
||||
AllowRetrieveRestart On
|
||||
AllowStoreRestart On
|
||||
|
||||
# make proftpd faster / do not perform ident and reverse dns lookup
|
||||
UseReverseDNS off
|
||||
|
||||
# Set the user and group that the server normally runs at.
|
||||
User nobody
|
||||
Group nogroup
|
||||
|
||||
<Directory /*>
|
||||
# Umask 022 is a good standard umask to prevent new files and dirs
|
||||
# (second parm) from being group and world writable.
|
||||
Umask 022 022
|
||||
# Normally, we want files to be overwriteable.
|
||||
AllowOverwrite on
|
||||
</Directory>
|
||||
|
||||
<Global>
|
||||
# CH-Root all users
|
||||
DefaultRoot ~
|
||||
# Reject rootlogin (just for security)
|
||||
RootLogin off
|
||||
# Noo need to require valid shell, because user is virtual
|
||||
RequireValidShell off
|
||||
</Global>
|
||||
|
||||
AuthOrder mod_sql.c
|
||||
|
||||
SQLAuthTypes Crypt Plaintext
|
||||
SQLAuthenticate users* groups*
|
||||
SQLConnectInfo <SQL_DB>@<SQL_HOST> <SQL_UNPRIVILEGED_USER> <SQL_UNPRIVILEGED_PASSWORD>
|
||||
SQLUserInfo ftp_users username password uid gid homedir shell
|
||||
SQLGroupInfo ftp_groups groupname gid members
|
||||
SQLUserWhereClause "login_enabled = 'y'"
|
||||
|
||||
SQLLog PASS login
|
||||
SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users
|
||||
|
||||
SQLLog RETR download
|
||||
SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users
|
||||
|
||||
SQLLog STOR upload
|
||||
SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users
|
||||
|
||||
QuotaEngine on
|
||||
QuotaShowQuotas on
|
||||
QuotaDisplayUnits Mb
|
||||
QuotaLock /var/lock/ftpd.quotatab.lock
|
||||
QuotaLimitTable sql:/get-quota-limit
|
||||
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
|
||||
SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'"
|
||||
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
|
||||
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
|
||||
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
|
||||
@@ -0,0 +1,75 @@
|
||||
# Config file for /etc/init.d/pure-ftpd
|
||||
##Comment variables out to disable its features, or change the values in it... ##
|
||||
# Maximum number of simultaneous users
|
||||
|
||||
MaxClientsNumber 30
|
||||
|
||||
# Fork in background
|
||||
|
||||
Daemonize yes
|
||||
|
||||
# Maximum number of sim clients with the same IP address
|
||||
|
||||
MaxClientsPerIP 3
|
||||
|
||||
# Don't allow authenticated users - have a public anonymous FTP only.
|
||||
|
||||
# If you want to log all client commands, set this to "yes".
|
||||
# This directive can be duplicated to also log server responses.
|
||||
|
||||
VerboseLog no
|
||||
|
||||
# Allow dot-files
|
||||
AllowDotFiles yes
|
||||
|
||||
# List dot-files even when the client doesn't send "-a".
|
||||
|
||||
DisplayDotFiles yes
|
||||
|
||||
AnonymousOnly no
|
||||
|
||||
# Disallow anonymous connections. Only allow authenticated users.
|
||||
|
||||
NoAnonymous yes
|
||||
|
||||
# Don't resolve host names in log files. Logs are less verbose, but
|
||||
# it uses less bandwidth. Set this to "yes" on very busy servers or
|
||||
# if you don't have a working DNS.
|
||||
|
||||
DontResolve yes
|
||||
|
||||
# Maximum idle time in minutes (default = 15 minutes)
|
||||
|
||||
MaxIdleTime 15
|
||||
|
||||
# MySQL configuration file (see README.MySQL)
|
||||
|
||||
MySQLConfigFile /etc/pure-ftpd/pure-ftpd-mysql.conf
|
||||
|
||||
# If you want to enable PAM authentication, uncomment the following line
|
||||
|
||||
PAMAuthentication no
|
||||
|
||||
# 'ls' recursion limits. The first argument is the maximum number of
|
||||
# files to be displayed. The second one is the max subdirectories depth
|
||||
|
||||
LimitRecursion 2000 8
|
||||
|
||||
# Are anonymous users allowed to create new directories ?
|
||||
|
||||
AnonymousCanCreateDirs no
|
||||
|
||||
# If the system is more loaded than the following value,
|
||||
# anonymous users aren't allowed to download.
|
||||
|
||||
MaxLoad 4
|
||||
|
||||
...
|
||||
|
||||
# This option is useful with servers where anonymous upload is
|
||||
# allowed. As /var/ftp is in /var, it save some space and protect
|
||||
# the log files. When the partition is more that X percent full,
|
||||
# new uploads are disallowed.
|
||||
|
||||
MaxDiskUsage 90
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
## connect via port 3306
|
||||
#MYSQLServer localhost
|
||||
#MYSQLPort 3306
|
||||
## or connect via sock
|
||||
MYSQLSocket /var/lib/mysql/mysql.sock
|
||||
##
|
||||
MYSQLUser <SQL_UNPRIVILEGED_USER>
|
||||
MYSQLPassword <SQL_UNPRIVILEGED_PASSWORD>
|
||||
MYSQLDatabase <SQL_DB>
|
||||
MYSQLCrypt any
|
||||
MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
|
||||
MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y"
|
||||
MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y"
|
||||
MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y"
|
||||
MySQLGetQTASZ SELECT CONCAT( diskspace / 1024 ) AS diskspace FROM panel_customers WHERE loginname="\L" AND deactivated="0"
|
||||
Reference in New Issue
Block a user