Automatic commit of package [ipasserelle-base] release [0.2.70-1].

Created by command:

/usr/bin/tito tag

.tito/packages/.readme

@@ -0,0 +1,3 @@
+the .tito/packages directory contains metadata files
+named after their packages. Each file has the latest tagged
+version and the project's relative directory.

.tito/packages/ipasserelle-base

@@ -0,0 +1 @@
+0.2.70-1 ./

.tito/releasers.conf

@@ -0,0 +1 @@
+../../tito_libs/releasers.conf

.tito/tito.props

@@ -0,0 +1,6 @@
+[buildconfig]
+builder = tito.builder.Builder
+tagger = tito.tagger.VersionTagger
+changelog_do_not_remove_cherrypick = 0
+changelog_format = %s (%ae)
+lib_dir = ../tito_libs

createlinks

@@ -27,6 +27,7 @@ foreach my $event (qw/ipasserelle-update bootstrap-ldap-save/){
 }
 
 # Activation de qmail-notify
+safe_symlink("/etc/e-smith/templates-default/template-begin-shell", "root/etc/e-smith/templates/etc/cron.hourly/qmail-notify/template-begin");
 templates2events("/etc/cron.hourly/qmail-notify", qw(email-update bootstrap-console-save));
 
 # Desactivation des checks RAID
@@ -60,6 +61,9 @@ service_link_enhanced("ipmi", "K74", "6");
 # Autofs
 service_link_enhanced("autofs", "S28", "7");
 service_link_enhanced("autofs", "K72", "6");
+# Netfs
+service_link_enhanced("netfs", "S25", "7");
+service_link_enhanced("netfs", "K75", "6");
 
 # Panels
 panel_link('userinfo','manager');

ipasserelle-base.spec

@@ -1,12 +1,13 @@
-%define version 0.2.10
-%define release 1.beta4
+%define version 0.2.64
+%define release 1
 %define name ipasserelle-base
 
 
 Summary: Meta-Package to turn a SME Server into an iPasserelle
-Name: %{name}
-Version: %{version}
-Release: %{release}%{?dist}
+Name: ipasserelle-base
+Version: 0.2.70
+Release: 1%{?dist}
+Epoch: 9
 License: GPL
 Group: Networking/Daemons
 Source: %{name}-%{version}.tar.gz
@@ -20,13 +21,12 @@ Requires: e-smith-ldap
 Requires: smeserver-remoteuseraccess
 Requires: smeserver-zabbix-agent
 Requires: smeserver-zabbix-proxy
-Requires: smeserver-denyhosts
 Requires: logwatch
 Requires: smeserver-shared-folders
 Requires: smeserver-qos
 Requires: smeserver-fetchmail
-Requires: smeserver-mailstats
 Requires: smeserver-webapps-common
+Requires: smeserver-expire-accounts
 Requires: bash-completion
 Requires: ipasserelle-repo
 Requires: qmail-notify
@@ -38,7 +38,10 @@ Requires: perl(Net::LDAP)
 Requires: perl(Proc::ProcessTable)
 Requires: perl(Proc::ProcessTable::Process)
 Requires: pbzip2
-
+Requires: yum >= 3.2.29-69
+Requires: smeserver-fail2ban
+Obsoletes: smeserver-denyhosts
+Obsoletes: smeserver-mailstats
 
 %description
 Meta package to configure an iPasserelle Server
@@ -46,7 +49,208 @@ Based on SMEServer, iPasserelle is a specially configured
 SME Server, with some additionnal modules
 
 %changelog
-* Fri Jun 7 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.10-1.sme
+* Thu Dec 19 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.70-1
+- Hide warning if year maildir already exists (daniel@firewall-services.com)
+
+* Thu Mar 14 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.69-1
+- Don't try to create or delete scan dir if no user has been passed
+  (daniel@firewall-services.com)
+
+* Tue Feb 06 2018 Daniel Berteaud <daniel@firewall-services.com> 0.2.68-1
+- Handle Bcc being a fully qualified address in rotate script GLPI #30996
+  (daniel@firewall-services.com)
+
+* Wed Dec 06 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.67-1
+- Typo in Category CGI param id (daniel@firewall-services.com)
+
+* Wed Dec 06 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.66-1
+- Remove GIT Changelog (daniel@firewall-services.com)
+
+* Wed Dec 06 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.65-1
+- new package built with tito
+- Add Support for buisnessCategory LDAP field
+* Wed Jul 19 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.64-1
+- Reduce spamassassin's BL score to 1.0 each
+
+* Thu Jun 8 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.63-1
+- Set admins member full privileges on public mailboxes
+  If smeserver-dovecot-extras >= 0.1.3
+
+* Thu Jun 8 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.62-1
+- Slightly reduce spamassassin BL scores
+
+* Mon Jun 5 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.61-1
+- Add some blacklists to spamassassin
+
+* Thu Apr 6 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.60-1
+- Add support for separated __VILLE__ __RUE__ and __CODE_POSTAL__ tags
+  for email signature
+
+* Wed Mar 8 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.59-1
+- Make sure bayes auto learn is disabled when not enabled
+- Adjust default bayes auto learn threshold
+
+* Wed Nov 9 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.58-1
+- Enable access to /server-status for localhost
+
+* Wed May 18 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.57-1
+- Remove MailSpike BL
+
+* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.56-1
+- Fix a syntax error in spamassassin conf template
+
+* Wed Apr 13 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.55-1
+- Remove S-A custom scores
+- Add MailSpike BL
+- Requires smeserver-expire-accounts
+- Add spamassassin autolearn param
+
+* Wed Dec 23 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.54-1
+- Fix home RecycleBin purge by using mtime instead of atime
+
+* Fri Dec 4 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.53-1
+- Define netfs service in the DB
+
+* Wed Dec 2 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.52-1
+- Fix /var/clamav ownership
+
+* Fri Nov 27 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.51-1
+- Ignore winnow.spam.ts.brokenspam.1 virus
+
+* Fri Aug 7 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.50-1
+- Requires recent enough yum instead of yum-downloadonly
+
+* Mon Jul 6 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.49-1
+- Remove hardcoded value for open_files_limit
+- Set the default open_files_limit to 8192
+
+* Mon Feb 9 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.48-1
+- Add a EmailPrimaryDomain prop to user account
+
+* Fri Jan 30 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.47-1
+- Download updates even when a dependencie issue would prevent the
+  transaction
+
+* Mon Jun 30 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.46-1
+- Replace header_access directive with request_header_access
+
+* Mon Jun 23 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.45-1
+- Replace syslog templates-custom with rsyslog fragment
+
+* Fri Mar 21 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.44-1
+- Fix AllowedRemoteIP (SPF Whitelist)
+
+* Wed Mar 12 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.43-1
+- Add SPF support (qpsmtpd and tinydns)
+
+* Fri Jan 24 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.42-1
+- Add a simple audit page in userinfo panel
+
+* Mon Jan 20 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.41-1
+- Update email address in LDAP if the first one in the list has changed
+
+* Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.40-1
+- Remove the non templated qmail-notify cron file
+
+* Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.39-1
+- Really fix qmail-notify cron
+
+* Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.38-1
+- Fix qmail-notify cron
+
+* Tue Nov 12 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.37-1
+- New branch for SME9
+
+* Fri Nov 8 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.36-1
+- Allow placeholders in signatures templates to be removed if the
+  corresponding value is empty
+- Strip http:// or https at the begining and / at the end of the Url
+  prop in the signature
+
+* Tue Oct 15 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.35-1
+- Remove phpmailer from the potential spam mailers
+- Reduce scrore for FSL_HELO_FIREWALL
+
+* Fri Sep 27 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.34-1
+- Reduce score for KHOP_BIG_TO_CC to 1.5
+- Fix a warning in purge-home-recycle script
+
+* Thu Sep 26 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.33-1
+- Reduce a few spamassassin score, which were too agressive
+
+* Wed Sep 25 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.32-1
+- Fix the purge-home-recycle script
+
+* Tue Sep 17 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.31-1
+- Other spamassassin scores adjustments
+
+* Thu Jun 13 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.30-1
+- Disable default samba logging
+
+* Thu Jun 6 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.29-1
+- Set default pyzor timeout to 15 sec
+- Add some spamassassin rules to fight against spam in french
+- Adjust some spamassassin scores
+- Fix another syntax erreor in share-modify-scan script
+
+* Wed Jun 5 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.28-1
+- Replace denyhosts with fail2ban
+- Obsoletes smeserver-mailstats
+
+* Fri Apr 19 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.27-1
+- add innodb_file_per_table directive to my.cnf
+
+* Fri Apr 19 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.26-1
+- Allow up to 500 connections to MySQL
+
+* Fri Dec 21 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.25-1
+- Fix updates download cron job
+
+* Mon Dec 3 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.24-1
+- Some scan require read permissions on directories
+
+* Wed Nov 28 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.23-1
+- Download available updates nightly
+
+* Tue Nov 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.22-1
+- More fixes for scan ACLs
+
+* Mon Nov 19 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.21-1
+- Fix a typo in share-modify-scan script
+
+* Thu Nov 15 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.20-1
+- Fix default ACL for admins group in scan share
+
+* Thu Nov 15 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1
+- Several fixes in scan share ACL
+
+* Fri Sep 28 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.18-1
+- Add SRV records for imap, imaps, smtp and smtps services
+
+* Fri Sep 28 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.17-1
+- add make-srv script to generate SRV records in tinydns
+
+* Mon Sep 10 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.16-1
+- Validation for the shell field
+- accept empty value for the shell and the chroot dir
+- add a script to purge home dir recycle bin
+
+* Fri Aug 24 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.15-1
+- Add a chroot field in user info panel
+
+* Tue Jul 17 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.14-1
+- Keep last 50 log files for mail services instead of 10
+
+* Tue Jun 26 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.13-1
+- Fix group mail addresses in viewgroup userpanel
+
+* Sun Jun 24 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.12-1
+- Move generated signatures in tools share
+
+* Sun Jun 17 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.11-1
+- Copy cacert in Primary ibay
+
+* Fri Jun 8 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.10-1.sme
 - Copy cacrl in Primary ibay
 
 * Tue May 29 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.9-1.sme
@@ -168,7 +372,7 @@ SME Server, with some additionnal modules
 - Add postalCode LDAP attribute
 - Add validation routine for some fields
 
-* Tue Mar 7 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
+* Tue Mar 8 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
 - Add extensionNumber LDAP attribute
 
 * Thu Jan 20 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
@@ -179,7 +383,7 @@ SME Server, with some additionnal modules
 %setup -q -n %{name}-%{version}
 
 %build
-%{__mkdir_p} root/home/e-smith/files/shares/tools/files/templates_signatures/
+%{__mkdir_p} root/home/e-smith/files/shares/tools/files/signatures/templates
 %{__mkdir_p} root/home/e-smith/files/scan
 %{__mkdir_p} root/var/lib/qpsmtpd/greylisting
 perl createlinks
@@ -191,12 +395,15 @@ perl createlinks
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
    --file /etc/cron.hourly/qpsmtpd-cleanup 'attr(0755,root,root)' \
    --file /etc/cron.monthly/maillog-rotate 'attr(0755,root,root)' \
-   --file /etc/cron.hourly/qmail-notify 'attr(0755,root,root)' \
    --file /etc/cron.hourly/cacrl 'attr(0755,root,root)' \
+   --file /etc/cron.daily/purge-homes-recycle 'attr(0755,root,root)' \
+   --file /etc/cron.daily/download-updates 'attr(0755,root,root)' \
    --dir /home/e-smith/files/scan 'attr(0750,root,shared)' \
    --dir /var/lib/qpsmtpd/greylisting 'attr(0750,qpsmtpd,qpsmtpd)' \
+   --file /usr/bin/make-srv 'attr(0755,root,root)' \
+   --dir /var/clamav 'attr(0755,clamav,clamav)' \
   > %{name}-%{version}-filelist
-echo "%doc CHANGELOG.git" >> %{name}-%{version}-filelist
+echo "%doc" >> %{name}-%{version}-filelist
 
 %files -f %{name}-%{version}-filelist
 %defattr(-,root,root)

root/etc/cron.daily/download-updates

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+/usr/bin/yum --downloadonly --skip-broken -y update > /dev/null 2>&1
+exit 0

root/etc/cron.daily/purge-homes-recycle

@@ -0,0 +1,57 @@
+#!/usr/bin/perl -w
+
+#----------------------------------------------------------------------
+# Copyright (C) 2012 Firewall Services
+# daniel@firewall-services.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+use esmith::AccountsDB;
+use esmith::ConfigDB;
+use File::Find;
+use File::stat;
+
+my $c = esmith::ConfigDB->open_ro || die "Error opening ConfigDB\n";
+my $a = esmith::AccountsDB->open_ro || die "Error opening AccountsDB\n";
+my $smb = $c->get('smb') || die "Can't find the smb service in the ConfigDB\n";
+my $recycle = $smb->prop('RecycleBin') || 'disabled';
+our $retention = $smb->prop('RecycleBinRetention') || 'unlimited';
+$retention = 'unlimited' unless ($retention =~ m/^\d+$/);
+
+exit(0) if (($recycle ne 'enabled') || ($retention eq 'unlimited'));
+
+# Convert retention in seconds
+$retention = 60*60*24*$retention;
+
+foreach my $user ($a->get_all_by_prop(type=>'user')){
+    my $key = $user->key;
+    # Skip the user if RecycleBin doesn't exists
+    next unless (-d "/home/e-smith/files/users/$key/home/Recycle Bin");
+    finddepth(\&remove, "/home/e-smith/files/users/$key/home/Recycle Bin/");
+}
+
+sub remove{
+    # Remove files with last modification older than $retention
+    if ( -f ){
+        my $mtime = stat($_)->mtime;
+        (time() - $mtime > $retention) && unlink($_);
+    }
+    # Remove empty directories
+    elsif ( -d ){
+        (scalar <"$_/*">) || rmdir("$_");
+    }
+}
+

root/etc/cron.monthly/maillog-rotate

@@ -11,15 +11,22 @@ if [ "$BCC" != "enabled" -o "$ARCHIVE" != "enabled" ]; then
 fi
 
 USER=$(db configuration getprop qpsmtpd BccUser || echo 'maillog')
+# Truncate if it's a mail address
+USER=${USER%@*}
 HOME="/home/e-smith/files/users/$USER"
 
+# Stop here if the home dir doesn't exist
+if [ \! -d $HOME ]; then
+  echo "$HOME doesn't exist"
+  exit 1
+fi
+
 MONTH=$(date +%m)
 YEAR=$(date +%Y)
 
-su - -s /bin/bash $USER -c "maildirmake -f $YEAR $HOME/Maildir"
+su - -s /bin/bash $USER -c "maildirmake -f $YEAR $HOME/Maildir" 2>&1 > /dev/null
 su - -s /bin/bash $USER -c "maildirmake -f $YEAR.$MONTH $HOME/Maildir"
 
-
 # Lock mail delivery
 chmod +t $HOME
 cd $HOME

root/etc/e-smith/db/configuration/defaults/mysqld/OpenFilesLimit

@@ -0,0 +1 @@
+8192

root/etc/e-smith/db/configuration/defaults/netfs/status

@@ -0,0 +1 @@
+disabled

root/etc/e-smith/db/configuration/defaults/netfs/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/defaults/qmail/KeepLogFiles

@@ -0,0 +1 @@
+50

root/etc/e-smith/db/configuration/defaults/qpsmtpd/KeepLogFiles

@@ -0,0 +1 @@
+50

root/etc/e-smith/db/configuration/defaults/spamassassin/PyzorTimeout

@@ -0,0 +1 @@
+15

root/etc/e-smith/db/configuration/defaults/sqpsmtpd/KeepLogFiles

@@ -0,0 +1 @@
+50

root/etc/e-smith/events/actions/generate-email-sign

@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 
 #----------------------------------------------------------------------
-# copyright (C) 2011 Firewall-Services
+# copyright (C) 2011-2012 Firewall-Services
 # daniel@firewall-services.com
 #
 # This program is free software; you can redistribute it and/or modify
@@ -26,8 +26,8 @@ use strict;
 use Errno;
 use esmith::ConfigDB;
 use esmith::AccountsDB;
-use esmith::templates;
 use User::pwent;
+use File::Copy qw(mv);
 use File::Path qw(mkpath);
 
 my $configdb = esmith::ConfigDB->open_ro or
@@ -48,82 +48,114 @@ my $event = shift;
 my $userName = shift;
 my @users;
 
-if (defined $userName)
-{
+if (defined $userName){
     my $rec = $accountsdb->get($userName);
     die 
         "Account $userName is not a user account; signature generation failed.\n"
         unless $userName eq 'admin' || ($rec && $rec->prop('type') eq "user");
     @users = ($rec);
 }
-else
-{
+else{
     @users = ( $accountsdb->users, $accountsdb->get('admin') );
 }
 
-foreach my $user (@users)
-{
+if (-d "/home/e-smith/files/shares/tools/files/templates_signatures"){
+    mv ("/home/e-smith/files/shares/tools/files/templates_signatures/",
+          "/home/e-smith/files/shares/tools/files/signatures/templates/");
+    rmdir "/home/e-smith/files/shares/tools/files/templates_signatures";
+}
+
+foreach my $user (@users){
     $userName = $user->key;
 
     setpwent();
     my $home = getpwnam($userName)->dir;
-    my $uid = getpwnam($userName)->uid;
-    my $gid = getpwnam($userName)->gid;
-    my $dir = $home . '/home/signature';
+    my $dir = '/home/e-smith/files/shares/tools/files/signatures/' . $userName;
+
+    # Migrate frmo previous path
+    if ( -d "$home/home/signature" && !-d $dir ){
+        mv ("$home/home/signature", $dir);
+    }
+    if (!-d "$dir"){
         mkpath "$dir";
-    chown $uid, $gid, $dir;
+    }
 
     my $first = $user->prop('FirstName') || '';
     my $last = $user->prop('LastName') || '';
     my $mail = $user->prop('PreferredEmail') || "$userName\@$domain";
-    my $tel = $user->prop('Phone') || $defTel;
+    my $tel = $user->prop('Phone') || '';
     my $mob = $user->prop('Mobile') || '';
     my $fax = $user->prop('Fax') || '';
     my $func = $user->prop('Function1') || '';
     my $func2 = $user->prop('Function2') || '';
     my $func3 = $user->prop('Function3') || '';
     my $func4 = $user->prop('Function4') || '';
-    my $comp = $user->prop('Company') || $defComp;
-    my $dep = $user->prop('Dept') || $defDep;
+    my $comp = $user->prop('Company') || '';
+    my $dep = $user->prop('Dept') || '';
     my $postalcode = $user->prop('PostalCode') || '';
-    my $street = $user->prop('Street') || $defStreet;
-    my $city = $user->prop('City') || $defCity;
+    my $street = $user->prop('Street') || '';
+    my $city = $user->prop('City') || '';
     my $url = $user->prop('Url') || '';
+    $url =~ s/^https?:\/\///;
+    $url =~ s/\/$//;
     my $template = $user->prop('SignatureTemplate') || "email";
 
     my $addr = "$street $postalcode $city";
 
-    $tel = ($tel eq '') ? '':"Tél.: $tel";
-    $mob = ($mob eq '') ? '':"Mobile: $mob";
-    $fax = ($fax eq '') ? '':"Fax: $fax";
-    $url = ($url eq '') ? '':"Web: $url";
-
     foreach my $ext (qw/txt html/){
-        open(R, '<', "/home/e-smith/files/shares/tools/files/templates_signatures/$template.$ext") ||
+        open(R, '<', "/home/e-smith/files/shares/tools/files/signatures/templates/$template.$ext") ||
             next;
         open(W, '>', "$dir/email.$ext") || die "Error opening output file $dir/email.$ext\n";
+        my $src = '';
+        $src .= $_ foreach (<R>);
+
+        # Delete if value is empty
+        $src =~ s/__START_NOM__.*__END_NOM__//smg if ($last eq '');
+        $src =~ s/__START_PRENOM__.*__END_PRENOM__//smg if ($first eq '');
+        $src =~ s/__START_EMAIL__.*__END_EMAIL__//smg if ($mail eq '');
+        $src =~ s/__START_TEL__.*__END_TEL__//smg if ($tel eq '');
+        $src =~ s/__START_MOBILE__.*__END_MOBILE__//smg if ($mob eq '');
+        $src =~ s/__START_FAX__.*__END_FAX__//smg if ($fax eq '');
+        $src =~ s/__START_FONCTION__.*__END_FONCTION__//smg if ($func eq '');
+        $src =~ s/__START_FONCTION2__.*__END_FONCTION2__//smg if ($func2 eq '');
+        $src =~ s/__START_FONCTION3__.*__END_FONCTION3__//smg if ($func3 eq '');
+        $src =~ s/__START_FONCTION4__.*__END_FONCTION4__//smg if ($func4 eq '');
+        $src =~ s/__START_ENTREPRISE__.*__END_ENTREPRISE__//smg if ($comp eq '');
+        $src =~ s/__START_CODE_POSTAL__.*__END_CODE_POSTAL__//smg if ($postalcode eq '');
+        $src =~ s/__START_RUE__.*__END_RUE__//smg if ($street eq '');
+        $src =~ s/__START_VILLE__.*__END_VILLE__//smg if ($city eq '');
+        $src =~ s/__START_ADRESSE__.*__END_ADRESSE__//smg if ($addr eq '');
+        $src =~ s/__START_URL__.*__END_URL__//smg if ($url eq '');
+
+        $src =~ s/__NOM__/$last/g;
+        $src =~ s/__PRENOM__/$first/g;
+        $src =~ s/__EMAIL__/$mail/g;
+        $src =~ s/__TEL__/$tel/g;
+        $src =~ s/__MOBILE__/$mob/g;
+        $src =~ s/__FAX__/$fax/g;
+        $src =~ s/__FONCTION__/$func/g;
+        $src =~ s/__FONCTION2__/$func2/g;
+        $src =~ s/__FONCTION3__/$func3/g;
+        $src =~ s/__FONCTION4__/$func4/g;
+        $src =~ s/__SERVICE__/$dep/g;
+        $src =~ s/__ENTREPRISE__/$comp/g;
+        $src =~ s/__ADRESSE__/$addr/g;
+        $src =~ s/__CODE_POSTAL__/$postalcode/g;
+        $src =~ s/__RUE__/$street/g;
+        $src =~ s/__VILLE__/$city/g;
+        $src =~ s/__URL__/$url/g;
+
+        # Now remove any remaining __START_ and __END_ tags
+        $src =~ s/__(START|END)_\w+__//g;
+        print W $src;
 
-        foreach (<R>){
-            s/__NOM__/$last/g;
-            s/__PRENOM__/$first/g;
-            s/__EMAIL__/$mail/g;
-            s/__TEL__/$tel/g;
-            s/__MOBILE__/$mob/g;
-            s/__FAX__/$fax/g;
-            s/__FONCTION__/$func/g;
-            s/__FONCTION2__/$func2/g;
-            s/__FONCTION3__/$func3/g;
-            s/__FONCTION4__/$func4/g;
-            s/__SERVICE__/$dep/g;
-            s/__ENTREPRISE__/$comp/g;
-            s/__ADRESSE__/$addr/g;
-            s/__URL__/$url/g;
-            print W $_;
-        }
         close R;
         close W;
     }
 }
 
+die "Failed to reset permissions on tools share"
+    unless ( system("/sbin/e-smith/signal-event", "share-modify-files", "tools") == 0 );
+
 exit (0);
 

root/etc/e-smith/events/actions/ipasserelle-init-shares

@@ -37,7 +37,8 @@ if (!$intranet){
         WriteGroups    => 'admins,equipe',
         smbAccess      => 'browseable',
         httpAccess     => 'none',
-        RecycleBin     => 'disabled'
+        RecycleBin     => 'disabled',
+        Removable      => 'no'
     });
 
     unless ( system("/sbin/e-smith/signal-event", "share-create", "intranet") == 0 ){
@@ -58,7 +59,8 @@ if (!$extranet){
         RequireSSL     => 'disabled',
         Indexes        => 'enabled',
         DynamicContent => 'disabled',
-        RecycleBin     => 'disabled'
+        RecycleBin     => 'disabled',
+        Removable      => 'no'
     });
 
     unless ( system("/sbin/e-smith/signal-event", "share-create", "extranet") == 0 ){
@@ -80,7 +82,8 @@ if (!$tools){
         RequireSSL     => 'disabled',
         Indexes        => 'enabled',
         DynamicContent => 'disabled',
-        RecycleBin     => 'disabled'
+        RecycleBin     => 'disabled',
+        Removable      => 'no'
     });
 
     unless ( system("/sbin/e-smith/signal-event", "share-create", "tools") == 0 ){

root/etc/e-smith/events/actions/ldap-update-info

@@ -69,14 +69,16 @@ foreach my $acc (@accounts){
     my $initials = $acc->prop('Initials') || '';
     my $dshell = $acc->prop('DesktopShell') || '';
     my $preferredemail = $acc->prop('PreferredEmail') || '';
+    my $category = $acc->prop('Category') || '';
     $preferredemail = "$user\@$domain" if ($preferredemail eq '');
     my $web = $acc->prop('Url') || '';
 
-    my (@postalcode,@mobile,@extension,@fax,@titles,@initials,@dshell,@preferredemail,@web) = ();
+    my (@postalcode,@mobile,@extension,@fax,@titles,@initials,@dshell,@preferredemail,@category,@web) = ();
     @postalcode = ($postalcode) unless ($postalcode eq '');
     @mobile = ($mobile) unless ($mobile eq '');
     @extension = ($extension) unless ($extension eq '');
     @fax = ($fax) unless ($fax eq '');
+    @category = ($category) unless ($category eq '');
     foreach ($function1, $function2, $function3, $function4){
         push @titles, $_ if ($_ ne '');
     }
@@ -94,6 +96,7 @@ foreach my $acc (@accounts){
                             initials => \@initials,
                             desktopLoginShell => \@dshell,
                             preferredMail => \@preferredemail,
+                            businessCategory => \@category,
                             labeledURI => \@web
                          }
               );

root/etc/e-smith/events/actions/private-cacert

@@ -5,7 +5,9 @@
 
 if [ -e /opt/phpki/phpki-store/CA/certs/cacert.pem ]; then
   cp -f /opt/phpki/phpki-store/CA/certs/cacert.pem /etc/pki/tls/certs/cacert.pem
+  cp -f /opt/phpki/phpki-store/CA/certs/cacert.pem /home/e-smith/files/ibays/Primary/html/cacert.crt
   chmod 644 /etc/pki/tls/certs/cacert.pem
+  chmod 644 /home/e-smith/files/ibays/Primary/html/cacert.crt
 fi
 
 /usr/bin/c_rehash /etc/pki/tls/certs/

root/etc/e-smith/events/actions/share-modify-scan

@@ -12,15 +12,17 @@ my $setfacl = "/usr/bin/setfacl";
 my $event = $ARGV [0];
 my $name = $ARGV [1];
 
-if ($event eq 'user-create'){
+die "Event name missing\n" unless (defined $event);
+
+if ($event eq 'user-create' and defined $name){
     mkpath "/home/e-smith/files/scan/$name";
     system ("$setfacl",
             '-m',
-            "u:scanner:w,u:$name:rwX,d:u:$name:rw",
+            "u:scanner:rwX,u:$name:rwX,g:admins:rwX,d:u:$name:rwX,d:g:admins:rwX",
             '--',
             "/home/e-smith/files/scan/$name");
 }
-elsif ($event eq 'user-delete'){
+elsif ($event eq 'user-delete' and defined $name){
     rmtree "/home/e-smith/files/scan/$name";
 }
 else {
@@ -32,15 +34,22 @@ else {
             "/home/e-smith/files/scan/");
 
     foreach ($a->users,$a->get('admin')){
-        my $name = $_->key;
-        mkdir "/home/e-smith/files/scan/$name", 0700
-            unless (-d "/home/e-smith/files/scan/$name");
+        $name = $_->key;
+        if (-d "/home/e-smith/files/scan/$name"){
+            chmod 0700, "/home/e-smith/files/scan/$name";
+        }
+        else {
+            mkdir "/home/e-smith/files/scan/$name", 0700;
+        }
         system ("$setfacl",
+                '-R',
                 '-m',
                 "u:scanner:rwX,u:$name:rwX,d:u:$name:rwX",
                 '--',
                 "/home/e-smith/files/scan/$name");
     }
+    chmod 0755, "/home/e-smith/files/scan/";
+    system ("$setfacl", "-R", "-m", "g:admins:rwX,d:g:admins:rwX", "/home/e-smith/files/scan/");
 }
 
 exit (0);

root/etc/e-smith/events/actions/update-ldap-pseudonyms

@@ -119,7 +119,7 @@ foreach my $acct (@accounts){
 
     my @alias = ();
     foreach (@pseudo){
-        $_ = $_ . "\@$domain" if $_ !~ /\@/;
+        $_ = $_ . "\@" . ($acct->prop('EmailPrimaryDomain') || $domain) if $_ !~ /\@/;
         push (@alias, unac_string(decode('utf-8',$_)));
     }
     @alias = uniq(@alias);
@@ -137,10 +137,12 @@ foreach my $acct (@accounts){
     foreach my $entry ($result->all_entries()){
         push @mails, $entry->get_value('mail');
     }
+    my $oldfirst = $mails[0];
+    my $newfirst = $alias[0];
     my $alias = join('\0', sort @alias);
     my $mails = join('\0', sort @mails);
 
-    unless ($alias eq $mails){ 
+    if (($alias ne $mails) or ($oldfirst ne $newfirst)){ 
         $result = $ldap->modify(
                      "$dn=$key,ou=$ou,$base",
                          replace => {

root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userinfo

@@ -12,6 +12,30 @@
         <trans>Cette page vous permet de modifier certaines informations liées aux utiliseurs. Ces informations seront publiées dans l'annuaire LDAP.</trans>
     </entry>
     <entry>
+        <base>AUDIT</base>
+        <trans>Audit</trans>
+    </entry>
+    <entry>
+        <base>USER_AUDIT</base>
+        <trans>Audit Utilisateur</trans>
+    </entry>
+    <entry>
+        <base>AUDIT_DESC</base>
+        <trans>Cette page permet d'obtenir la liste des partages auxquels l'utilisateur a accès</trans>
+    </entry>
+    <entry>
+        <base>USER_LOGIN</base>
+        <trans>Identifiant</trans>
+    </entry>
+    <entry>
+        <base>SHARE_READ</base>
+        <trans>Accès en lecture</trans>
+    </entry>
+    <entry>
+        <base>SHARE_WRITE</base>
+        <trans>Accès en écriture</trans>
+    </entry>
+    <entry>
         <base>USER_MODIFIED</base>
         <trans>Utilisateur modifié avec succès</trans>
     </entry>
@@ -40,6 +64,10 @@
         <trans>Société</trans>
     </entry>
     <entry>
+        <base>CATEGORY</base>
+        <trans>Catégorie</trans>
+    </entry>
+    <entry>
         <base>STREET_ADDRESS</base>
         <trans>Adresse</trans>
     </entry>
@@ -99,4 +127,16 @@
         <base>DESKTOP_SHELL</base>
         <trans>Shell de connexion aux postes de travail</trans>
     </entry>
+    <entry>
+        <base>CHROOT_DIR</base>
+        <trans>Répertoire racine (chroot)</trans>
+    </entry>
+    <entry>
+        <base>DIR_DOES_NOT_EXIST</base>
+        <trans>Ce répertoire n'existe pas</trans>
+    </entry>
+    <entry>
+        <base>IS_NOT_AN_EXECUTABLE</base>
+        <trans>Veuillez sélectionner un exécutable</trans>
+    </entry>
 </lexicon>

root/etc/e-smith/templates-custom/etc/syslog.conf/local5

@@ -1,2 +0,0 @@
-local5.=notice					-/var/log/smb_audit.log
-local5.*;local5.!=notice			-{ "${messages}" }

root/etc/e-smith/templates.metadata/etc/cron.hourly/qmail-notify

@@ -0,0 +1 @@
+PERMS=0755

root/etc/e-smith/templates/etc/cron.hourly/qmail-notify/10All

@@ -1,3 +1 @@
-#!/bin/sh
 exec qmail-notify -r -m -f /var/qmail/control/queuenotifymsg
-

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/99Status

@@ -0,0 +1,7 @@
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    deny from all
+    allow from 127.0.0.1
+</Location>
+ExtendedStatus On

root/etc/e-smith/templates/etc/mail/spamassassin/local.cf/10BayesAutoLearn

@@ -0,0 +1,16 @@
+{
+  if (($spamassassin{UseBayes} || '0') =~ m/^1|on|yes|enabled$/ && ($spamassassin{BayesAutoLearn} || 'no') =~ m/^1|on|yes|enabled$/){
+    my $ham_thres  = $spamassassin{BayesHamThreshold} || '-1.0';
+    my $spam_thres = $spamassassin{BayesSpamThreshold} || '6';
+    $OUT .=<<"_EOF";
+bayes_auto_learn 1 
+bayes_auto_learn_threshold_nonspam $ham_thres
+bayes_auto_learn_threshold_spam $spam_thres
+_EOF
+  }
+  else{
+    $OUT .=<<"_EOF";
+bayes_auto_learn 0
+_EOF
+  }
+}

root/etc/e-smith/templates/etc/mail/spamassassin/local.cf/90SpamFr

@@ -0,0 +1,83 @@
+#####################################################################################
+##### FRENCH SPECIFIC SPAMASSASSIN RULES. 
+##### USE AND REDISTRIBUTE WITH THIS NOTE AT YOUR OWN RISK AND PLEASURE.
+##### AUTHOR: John GALLET
+##### Version: 2008-JUNE-21
+##### Latest: http://www.saphirtech.fr/
+##### Status: It Works For Me (tm)
+#####################################################################################
+# Spam is legal in France !
+body FR_SPAMISLEGAL                     /\b(Conform.+ment|En vertu).\{0,5\}(article.\{0,4\}34.\{0,4\})?la loi\b/i
+describe FR_SPAMISLEGAL                 French: pretends spam is (l)awful.
+lang fr describe FR_SPAMISLEGAL         Invoque la loi informatique et libertes.
+score FR_SPAMISLEGAL                    1.0
+
+body FR_SPAMISLEGAL_2                   /\bdroit d.acc.+s.\{1,3\}(de modification)?.\{0,5\}de rectification\b/i
+describe FR_SPAMISLEGAL_2               French: pretends spam is (l)awful.
+lang fr describe FR_SPAMISLEGAL_2       Invoque le droit de rectification cnil.
+score FR_SPAMISLEGAL_2                  1.0
+
+#####
+# yeah, sure.
+body FR_NOTSPAM                         /\b(ceci|ce).\{1,9\} n.est pas.\{1,5\}spam\b/i
+describe FR_NOTSPAM                     French: claims not to be spam.
+lang fr describe FR_NOTSPAM             Affirme ne pas etre du spam.
+score FR_NOTSPAM                        2.5
+
+#####
+## I can pay my taxes
+body FR_PAYLESSTAXES                    /\b(paye|calcul|simul|r.+dui|investi).\{1,7\}(moins|vo|ses).\{0,5\}imp.+t(s)?\b/i
+describe FR_PAYLESSTAXES                French: Pay less taxes
+lang fr describe FR_PAYLESSTAXES        Simulateurs et reductions d'impots.
+score FR_PAYLESSTAXES                   2.0
+
+body FR_REALESTATE_INVEST               /\b(loi)? (de.robien|girardin).\{1,15\}(neuf|recentr.+|ancien|IR|IS|imp.+t(s)?|industriel(le)?)\b/i
+describe FR_REALESTATE_INVEST           French: Invest in real-estate with tax-reductions
+lang fr describe FR_REALESTATE_INVEST   Reduction impots immobilier.
+score FR_REALESTATE_INVEST              2.5
+
+#####
+# I won at the casino
+body FR_ONLINEGAMBLING                  /\b(casino(s)?|jeu(x)?|joueur(s)?) (en ligne|de grattage)\b/i
+describe FR_ONLINEGAMBLING              French: Online gambling
+lang fr describe FR_ONLINEGAMBLING      Jeux en ligne.
+score FR_ONLINEGAMBLING                 2.0
+
+#####
+# Baby, did you forget to take your meds ?
+body FR_ONLINEMEDS                      /\bpharmacie(s)? (en ligne|internet)\b/i
+describe FR_ONLINEMEDS                  French: Online meds ordering
+lang fr describe FR_ONLINEMEDS          Achat de medicaments en ligne.
+score FR_ONLINEMEDS                     2.5
+
+######
+# Tell me why
+body FR_REASON_SUBSCRIBE                /\bVous recevez ce(t|tte)? (message|mail|m.+l|lettre|news.+|information) (car|parce que)\b/i
+describe FR_REASON_SUBSCRIBE            French: you subscribed to my spam.
+lang fr describe FR_REASON_SUBSCRIBE    Indique pourquoi vous recevez le courrier.
+score FR_REASON_SUBSCRIBE               0.8
+
+#####
+# How to unsubscribe
+body FR_HOWTOUNSUBSCRIBE                /\b(souhaitez|d.+sirez|pour).\{1,10\}(plus.\{1,\}recevoir|d.+sincrire|d.+sinscription|d.+sabonner).\{0,10\}(information|email|mail|mailing|newsletter|lettre|liste|message|offre|promotion|programme)(s)?\b/i
+describe FR_HOWTOUNSUBSCRIBE            French: how to unsubscribe
+lang fr describe FR_HOWTOUNSUBSCRIBE    Indique comment se desabonner.
+score FR_HOWTOUNSUBSCRIBE               0.8
+
+####
+# Various "CRM" (Could Remove Me)
+#####
+header FR_MAILER_1                      X-Mailer =~ /(delosmail|cabestan|ems|mp6|wamailer|eMailink|Accucast|Benchmail|MailChimp)/i
+describe FR_MAILER_1                    French spammy X-Mailer
+lang fr describe FR_MAILER_1            X-Mailer couramment employe pour des spams en francais.
+score FR_MAILER_1                       1.0
+
+header FR_MAILER_2                      X-EMV-CampagneId =~ /.+/
+describe FR_MAILER_2                    French spammy mailer header
+lang fr describe FR_MAILER_2            X-Mailer couramment employe pour des spams en francais.
+score FR_MAILER_2                       2.0
+
+#####################################################################################
+##### END FRENCH SPECIFIC SPAMASSASSIN RULES.
+##################################################################################### 
+

root/etc/e-smith/templates/etc/mail/spamassassin/local.cf/95Blacklists

@@ -0,0 +1,129 @@
+# Check someblacklists
+
+header      RCVD_IN_GBUDB               eval:check_rbl('gbudb', 'truncate.gbudb.net.', '127.0.0.2')
+describe    RCVD_IN_GBUDB               Listed in truncate.gbudb.net
+tflags      RCVD_IN_GBUDB               net
+score       RCVD_IN_GBUDB               1.0
+
+header      RCVD_IN_IMP_SPAMLIST        eval:check_rbl('spamrbl-lastexternal','spamrbl.imp.ch.','127.0.1.5')
+describe    RCVD_IN_IMP_SPAMLIST        Listed in spamrbl.imp.ch
+tflags      RCVD_IN_IMP_SPAMLIST        net
+score       RCVD_IN_IMP_SPAMLIST        1.0
+
+header      RCVD_IN_INPS                eval:check_rbl('inps-de-lastexternal','dnsbl.inps.de.')
+describe    RCVD_IN_INPS                Received via a relay in inps.de DNSBL
+tflags      RCVD_IN_INPS                net
+score       RCVD_IN_INPS                1.0
+
+header      RCVD_IN_JMF_BL              eval:check_rbl_sub('JMF-lastexternal','hostkarma.junkemailfilter.com','127.0.0.2')
+describe    RCVD_IN_JMF_BL              Sender listed in JMF-BLACK
+tflags      RCVD_IN_JMF_BL              net
+score       RCVD_IN_JMF_BL              1.0
+
+header      RCVD_IN_NIX_SPAM            eval:check_rbl('nix-spam-lastexternal','ix.dnsbl.manitu.net.')
+describe    RCVD_IN_NIX_SPAM            Listed in NIX-SPAM DNSBL (heise.de)
+tflags      RCVD_IN_NIX_SPAM            net
+score       RCVD_IN_NIX_SPAM            1.0
+
+header      RCVD_IN_SORBS               eval:check_rbl('sorbscombined','dnsbl.sorbs.net.')
+describe    RCVD_IN_SORBS               Sender listed at http://www.sorbs.net
+tflags      RCVD_IN_SORBS               net
+score       RCVD_IN_SORBS               1.0
+
+header      RCVD_IN_SEM_BLACK           eval:check_rbl('semblack-lastexternal','bl.spameatingmonkey.net')
+tflags      RCVD_IN_SEM_BLACK           net
+describe    RCVD_IN_SEM_BLACK           Received from an IP listed by SEM-BLACK
+score       RCVD_IN_SEM_BLACK           1.0
+
+header      RCVD_IN_SEMNETBLACK         eval:check_rbl('semnetblack-lastexternal', 'netbl.spameatingmonkey.net')
+tflags      RCVD_IN_SEMNETBLACK         net
+describe    RCVD_IN_SEMNETBLACK         Received from an IP listed by SEM-NETBLACK
+score       RCVD_IN_SEMNETBLACK         1.0
+
+urirhssub   SEM_URIRED                  urired.spameatingmonkey.net. A 2
+body        SEM_URIRED                  eval:check_uridnsbl('SEM_URIRED')
+describe    SEM_URIRED                  Contains a URI listed by SEM-URIRED
+tflags      SEM_URIRED                  net
+score       SEM_URIRED                  1.0
+
+urirhssub   SEM_FRESH                   fresh.spameatingmonkey.net. A 2
+body        SEM_FRESH                   eval:check_uridnsbl('SEM_FRESH')
+describe    SEM_FRESH                   Contains a domain registered less than 5 days ago
+tflags      SEM_FRESH                   net
+score       SEM_FRESH                   1.0
+
+header      RCVD_IN_SPAMRATS_DYNA       eval:check_rbl('spamratsdyna-lastexternal','dyna.spamrats.com.')
+describe    RCVD_IN_SPAMRATS_DYNA       Sender listed in spamratsdyna
+tflags      RCVD_IN_SPAMRATS_DYNA       net
+score       RCVD_IN_SPAMRATS_DYNA       1.0
+
+header      RCVD_IN_SPAMRATS_NOPTR      eval:check_rbl('spamratsnoptr-lastexternal','noptr.spamrats.com.')
+describe    RCVD_IN_SPAMRATS_NOPTR      Sender listed in spamratsnoptr
+tflags      RCVD_IN_SPAMRATS_NOPTR      net
+score       RCVD_IN_SPAMRATS_NOPTR      1.0
+
+urirhsbl    URIBL_SC_SWINOG             uribl.swinog.ch.   A
+body        URIBL_SC_SWINOG             eval:check_uridnsbl('URIBL_SC_SWINOG')
+describe    URIBL_SC_SWINOG             URI's listed in uribl.swinog.ch.
+tflags      URIBL_SC_SWINOG             net
+score       URIBL_SC_SWINOG             1.0
+
+header      RCVD_IN_UCEPROTECT1         eval:check_rbl_txt('uceprotect1-lastexternal','dnsbl-1.uceprotect.net.')
+describe    RCVD_IN_UCEPROTECT1         Listed in dnsbl-1.uceprotect.net (open relay/proxy/dialup)
+tflags      RCVD_IN_UCEPROTECT1         net
+score       RCVD_IN_UCEPROTECT1         1.0
+
+header      RCVD_IN_UNSUBSCORE          eval:check_rbl('unsubscore-lastexternal','ubl.unsubscore.com.')
+describe    RCVD_IN_UNSUBSCORE          Listed in Lashback unsubscore.com
+tflags      RCVD_IN_UNSUBSCORE          net
+score       RCVD_IN_UNSUBSCORE          1.0
+
+header      RCVD_IN_WPBL                eval:check_rbl('wpbl-lastexternal','db.wpbl.info.','127.0.0.2')
+describe    RCVD_IN_WPBL                Listed in wpbl
+tflags      RCVD_IN_WPBL                net
+score       RCVD_IN_WPBL                1.0
+
+header      RCVD_IN_S5HBL               eval:check_rbl_txt('s5hbl', 'all.s5h.net')
+describe    RCVD_IN_S5HBL               Listed in all.s5h.net
+tflags      RCVD_IN_S5HBL               net
+score       RCVD_IN_S5HBL               1.0
+
+header      RCVD_IN_SPAMCANNIBAL        eval:check_rbl('spamcannibal', 'bl.spamcannibal.org')
+describe    RCVD_IN_SPAMCANNIBAL        Listed in bl.spamcannibal.org
+tflags      RCVD_IN_SPAMCANNIBAL        net
+score       RCVD_IN_SPAMCANNIBAL        1.0
+
+header      RCVD_IN_BACKSCATTERER       eval:check_rbl('backscatterer', 'ips.backscatterer.org')
+describe    RCVD_IN_BACKSCATTERER       Listed in ips.backscatterer.org
+tflags      RCVD_IN_BACKSCATTERER       net
+score       RCVD_IN_BACKSCATTERER       1.0
+
+header      RCVD_IN_FABEL               eval:check_rbl('fabel', 'spamsources.fabel.dk.')
+describe    RCVD_IN_FABEL               Received via a relay in spamsources.fabel.dk
+tflags      RCVD_IN_FABEL               net
+score       RCVD_IN_FABEL               1.0
+
+header      RCVD_IN_DRONEBL             eval:check_rbl('dronebl', 'dnsbl.dronebl.org')
+describe    RCVD_IN_DRONEBL             Listed in dnsbl.dronebl.org
+tflags      RCVD_IN_DRONEBL             net
+score       RCVD_IN_DRONEBL             1.0
+
+header      RCVD_IN_MANITU              eval:check_rbl('manitu', 'ix.dnsbl.manitu.net')
+describe    RCVD_IN_MANITU              Listed in ix.dnsbl.manitu.net
+tflags      RCVD_IN_MANITU              net
+score       RCVD_IN_MANITU              1.0
+
+header      RCVD_IN_SINGULAR            eval:check_rbl('singular', 'singular.ttk.pte.hu')
+describe    RCVD_IN_SINGULAR            Listed in singular.ttk.pte.hu
+tflags      RCVD_IN_SINGULAR            net
+score       RCVD_IN_SINGULAR            1.0
+
+header      RCVD_IN_SPAMBOT_DIGIBASE    eval:check_rbl('spambot-digibase', 'spambot.bls.digibase.ca')
+describe    RCVD_IN_SPAMBOT_DIGIBASE    Listed in spambot.bls.digibase.ca
+tflags      RCVD_IN_SPAMBOT_DIGIBASE    net
+score       RCVD_IN_SPAMBOT_DIGIBASE    1.0
+
+header      RCVD_IN_OPENPROXY_DIGIBASE  eval:check_rbl('openproxy-digibase', 'openproxy.bls.digibase.ca')
+describe    RCVD_IN_OPENPROXY_DIGIBASE  Listed in openproxy.bls.digibase.ca
+tflags      RCVD_IN_OPENPROXY_DIGIBASE  net
+score       RCVD_IN_OPENPROXY_DIGIBASE  1.0

root/etc/e-smith/templates/etc/my.cnf/009innodb_file_per_table

@@ -0,0 +1 @@
+innodb_file_per_table

root/etc/e-smith/templates/etc/my.cnf/035openfiles

@@ -1 +0,0 @@
-open_files_limit = 4096

root/etc/e-smith/templates/etc/my.cnf/037maxconnections

@@ -0,0 +1 @@
+max_connections = 500

root/etc/e-smith/templates/etc/rsyslog.conf/45smbAudit

@@ -0,0 +1,3 @@
+local5.notice						/var/log/smb_audit.log
+local5.notice ~
+

root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor

@@ -6,7 +6,7 @@ unless ($fwd =~ m/^yes|enabled|on|1$/i){
     $OUT .=<<"EOF";
 
 forwarded_for off
-header_access X-Forwarded-For deny all
+request_header_access X-Forwarded-For deny all
 
 EOF
 }

root/etc/e-smith/templates/home/e-smith/files/public/dovecot-acl/20Admins

@@ -0,0 +1 @@
+group=admins lrswtipekxa

root/etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/30check_spf

@@ -0,0 +1,5 @@
+{
+    my $spf = $qpsmtpd{'CheckSPF'} || 'disabled';
+    return '' unless ($spf =~ m/^[012]$/);
+    return "sender_permitted_from spf_deny $spf";
+}

root/etc/e-smith/templates/var/service/tinydns/root/data/80srvEmail

@@ -0,0 +1,11 @@
+{
+
+return "" unless (-x '/usr/bin/make-srv');
+
+$OUT .= "# SRV Records for Email services\n";
+$OUT .= `/usr/bin/make-srv -service _imap._tcp.$DomainName -target $SystemName.$DomainName -port 143`;
+$OUT .= `/usr/bin/make-srv -service _imaps._tcp.$DomainName -target $SystemName.$DomainName -port 993`;
+$OUT .= `/usr/bin/make-srv -service _smtp._tcp.$DomainName -target $SystemName.$DomainName -port 25`;
+$OUT .= `/usr/bin/make-srv -service _smtps._tcp.$DomainName -target $SystemName.$DomainName -port 465`;
+
+}

root/etc/e-smith/templates/var/service/tinydns/root/data/85Spf

@@ -0,0 +1,16 @@
+{
+  if (($qpsmtpd{RejectSpoofedLocalDomains} || 'disabled') eq 'enabled'){
+    $OUT .= "# SPF entries for local domains\n";
+    my $allowed = '';
+    foreach my $ip ( split /[;,]/, ($qpsmtpd{AllowedRemoteIP} || '')){
+        $allowed .= 'ip4\072'.$ip.' ';
+    }
+    foreach my $domain (get_domains()){
+        $OUT .= "'$domain:v=spf1 mx $allowed-all:3600\n";
+        $OUT .= ":$domain:99:\041v=spf1 mx $allowed-all:3600\n";
+    }
+  }
+  else{
+    $OUT .= "\n";
+  }
+}

root/etc/e-smith/web/functions/userinfo

@@ -7,7 +7,7 @@
 # navigation  : 2000 2100
 #----------------------------------------------------------------------
 #----------------------------------------------------------------------
-# copyright (C) 2011 Firewall-Services
+# Copyright (C) 2011-2014 Firewall-Services
 # daniel@firewall-services.com
 # 
 # This program is free software; you can redistribute it and/or modify
@@ -34,8 +34,6 @@ use esmith::FormMagick::Panel::userinfo;
 
 my $fm = esmith::FormMagick::Panel::userinfo->new();
 
-use CGI;
-my $q = new CGI;
 $fm->display();
 
 __DATA__
@@ -44,6 +42,24 @@ __DATA__
         <description>FIRSTPAGE_DESC</description>
         <subroutine src="print_user_table()" />
     </page>
+    <page name="Audit" pre-event="turn_off_buttons()">
+        <title>USER_AUDIT</title>
+        <description>AUDIT_DESC</description>
+        <field type="literal" id="acctName" value="$q->param('acctName')">
+            <label>USER_LOGIN</label>
+        </field>
+        <field type="literal" id="userName" value="get_name()">
+            <label>USER_NAME</label>
+        </field>
+        <subroutine src="print_section_bar()" />
+        <field type="literal" id="readShares" value="get_shares('read')">
+            <label>SHARE_READ</label>
+        </field>
+        <subroutine src="print_section_bar()" />
+        <field type="literal" id="writeShares" value="get_shares('write')">
+            <label>SHARE_WRITE</label>
+        </field>
+    </page>
     <page name="Modify" pre-event="turn_off_buttons()" post-event="modify_user()">
         <description>MODIFY_DESC</description>
         <field type="text" size="30" id="FirstName" validation="nonblank, pseudonym_clash"
@@ -62,6 +78,10 @@ __DATA__
             value="get_ldap_value('Company')">
             <label>COMPANY</label>
         </field>
+        <field type="text" size="30" id="Category"
+            value="get_ldap_value('Category')">
+            <label>CATEGORY</label>
+        </field>
         <field type="text" size="30" id="Street"
             value="get_ldap_value('Street')">
             <label>STREET_ADDRESS</label>
@@ -135,13 +155,17 @@ __DATA__
             <label>URL</label>
         </field>
         <field type="text" size="30" id="Shell"
-            value="get_ldap_value('Shell')">
+            value="get_ldap_value('Shell')" validation="exec_exists_or_empty">
             <label>SHELL</label>
         </field>
         <field type="text" size="30" id="DesktopShell"
             value="get_ldap_value('DesktopShell')">
             <label>DESKTOP_SHELL</label>
         </field>
+        <field type="text" size="30" id="ChrootDir"
+            value="get_ldap_value('ChrootDir')" validation="dir_exists_or_empty">
+            <label>CHROOT_DIR</label>
+        </field>
         <subroutine src="print_save_button()" />
     </page>
 </form>

root/usr/bin/make-srv

@@ -0,0 +1,181 @@
+#!/usr/bin/perl
+# $Header: /u/cvsroot/env/b/make-srv,v 1.3 2002/10/30 17:26:42 mayoff Exp $
+
+use strict;
+use Getopt::Long;
+use Pod::Usage;
+
+my $priority = 0;
+my $weight = 0;
+my $service;
+my $port;
+my $target;
+my $help = 0;
+
+my $result = GetOptions(
+    'help|?' => \$help,
+    'service=s' => \$service,
+    'priority=i' => \$priority,
+    'weight=i' => \$weight,
+    'port=i' => \$port,
+    'target=s' => \$target
+) || pod2usage(2);
+
+pod2usage(1) if $help;
+pod2usage(3) if (!defined($service) || !defined($port) || !defined($target));
+
+my $data = tinydns_escape(
+    pack("nnn", $priority, $weight, $port)
+    . dotted_sequence_to_label_sequence($target));
+
+print ":$service:33:$data\n";
+
+exit 0;
+
+sub tinydns_escape {
+    my ($data) = @_;
+
+    $data =~ s{[\000-\037:\\\177-\377]}{
+	sprintf("\\%03o", unpack('C', $&))
+    }ge;
+
+    return $data;
+}
+
+sub dotted_sequence_to_label_sequence {
+    my ($dotted) = @_;
+    my @chars = split(//, $dotted);
+    my $l = scalar(@chars);
+    my $out = '';
+    my $label = '';
+
+    my $i = 0;
+    while (1) {
+	my $c;
+	if ($i < $l) {
+	    $c = $chars[$i];
+	    $i++;
+	}
+
+	else {
+	    $c = '.';
+	}
+
+	if ($c eq '.') {
+	    my $ll = length($label);
+	    if ($ll > 63) {
+		die "$dotted contains a label of length $ll, but max length is 63";
+	    }
+	    if ($ll > 0) {
+		$out .= pack('C', $ll);
+		$out .= $label;
+		$label = '';
+	    }
+
+	    last if ($i >= $l);
+
+	    next;
+	}
+
+	if ($c eq '\\') {
+	    if ($i < $l) {
+		$c = $chars[$i];
+		$i++;
+		if ($c ge '0' && $c le '7') {
+		    my $o = $c;
+		    if ($i < $l) {
+			$c = $chars[$i];
+			if ($c ge '0' && $c le '7') {
+			    $i++;
+			    $o .= $c;
+			    if ($i < $l) {
+				$c = $chars[$i];
+				if ($c ge '0' && $c le '7') {
+				    $i++;
+				    $o .= $c;
+				}
+			    }
+			}
+		    }
+		    $c = pack('C', oct($o));
+		}
+	    }
+	}
+
+	$label .= $c;
+    }
+
+    $out .= "\000";
+    return $out;
+}
+
+__END__
+
+=head1 NAME
+
+make-srv - Make an SRV record for tinydns
+
+=head1 SYNOPSIS
+
+make-srv -service I<service> -target I<target> -port I<port> [I<options>]
+
+Options:
+
+=over 4
+
+=item -priority I<priority>
+
+=item -weight I<weight>
+
+=head1 DESCRIPTION
+
+This command prints a DNS SRV record to standard output in
+C<tinydns-data> format. This record is defined by RFC 2052.
+
+The C<-service> flag specifies the domain name for which
+the SRV record is defined. This name should have the format
+I<service>C<.>I<protocol>C<.>I<domain>. For example:
+C<http.tcp.dqd.com>.  You must specify the C<-service> flag.
+
+The C<-target> flag specifies the target domain name of the record.  The
+I<target> must be a domain name with an associated A record.  (This
+command doesn't verify that, but the RFC says it's a requirement.)  You
+must specify the C<-target> flag.
+
+The C<-port> flag specifies the port number of the record.  You must
+specify the C<-port> flag.
+
+The C<-priority> and C<-weight> flags specify the priority and weight of
+the record.  These flags are optional; I<priority> and I<weight> are
+zero by default.
+
+Example:
+
+    $ make-srv -service http.tcp.dqd.com -target zot.dqd.com -port 80
+    :http.tcp.dqd.com:33:\000\000\000\000\000P\003zot\003dqd\003com\000
+
+You may add the I<ttl>, I<timestamp>, and I<lo> fields to the end of the
+line yourself if necessary.  For example,
+
+    :http.tcp.dqd.com:33:\000\000\000\000\000P\003zot\003dqd\003com\000:::in
+
+is the same SRV record as in the example above, but will be visible only
+to clients in the C<in> location.  See the C<tinydns-data> documentation
+for help with these fields.
+
+=head1 LINKS
+
+=over
+
+=item *
+
+RFC 2052: L<http://www.ietf.org/rfc/rfc2052.txt>
+
+=item *
+
+C<tinydns-data> documentation: L<http://cr.yp.to/djbdns/tinydns-data.html>
+
+=back
+
+=cut
+

root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/userinfo.pm

@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w 
 
 #---------------------------------------------------------------------
-# copyright (C) 2011 Firewall-Services
+# Copyright (C) 2011-2014 Firewall-Services
 # daniel@firewall-services.com
 # 
 # This program is free software; you can redistribute it and/or modify
@@ -27,6 +27,7 @@ use esmith::AccountsDB;
 use esmith::ConfigDB;
 use esmith::cgi;
 use esmith::util;
+use List::MoreUtils qw(uniq);
 use File::Basename;
 use Exporter;
 use Carp qw(verbose);
@@ -35,6 +36,9 @@ our @ISA = qw(esmith::FormMagick Exporter);
 
 our @EXPORT = qw(
     print_user_table
+    print_section_bar
+    get_name
+    get_shares
     get_ldap_value
     print_save_button
     get_prop
@@ -54,10 +58,6 @@ sub new {
 sub print_user_table {
     my $self = shift;
     my $q = $self->{cgi};
-    my $account = $self->localise('ACCOUNT');
-    my $acctName = $self->localise('USER_NAME');
-
-    my $modify  = $self->localise('MODIFY');
 
     my @users = $accountdb->get('admin');
     push @users, $accountdb->users();
@@ -69,23 +69,27 @@ sub print_user_table {
     print "  <tr>\n    <td colspan=\"2\">\n      ";
     print $q->start_table ({-CLASS => "sme-border"}),"\n        ";
     print $q->Tr(
-        esmith::cgi::genSmallCell($q, $self->localise($account),"header"),
-        esmith::cgi::genSmallCell($q, $self->localise($acctName),"header"),
-        esmith::cgi::genSmallCell($q, $self->localise('ACTION'),"header",4));
+        esmith::cgi::genSmallCell($q, $self->localise('ACCOUNT'),"header"),
+        esmith::cgi::genSmallCell($q, $self->localise('USER_NAME'),"header"),
+        esmith::cgi::genSmallCell($q, $self->localise('ACTION'),"header",4)
+    );
 
     my $scriptname = basename($0);
-    my $index=0;
 
     foreach my $u (@users) {
         my $username = $u->key();
         my $first    = $u->prop('FirstName');
         my $last     = $u->prop('LastName');
 
-        my $action1 = "<a href=\"$scriptname?page=0&page_stack=&acctName=$username&Next=Next&action=modify&wherenext=Modify\">$modify</a>";
+        my $action1 = "<a href=\"$scriptname?page=0&page_stack=&acctName=$username&wherenext=Modify\">" .
+                      $self->localise('MODIFY') . "</a>";
+        my $action2 = "<a href=\"$scriptname?page=0&page_stack=&acctName=$username&wherenext=Audit\">" .
+                      $self->localise('AUDIT') . "</a>";
 
         print $q->Tr(esmith::cgi::genSmallCell($q, $username,"normal"),"        ",
         esmith::cgi::genSmallCell($q, "$first $last","normal"),"        ",
-        esmith::cgi::genSmallCell($q, "$action1","normal"));
+        esmith::cgi::genSmallCell($q, "$action1","normal"),"        ",
+        esmith::cgi::genSmallCell($q, "$action2","normal"));
     }
 
     print qq(</table></td></tr>\n);
@@ -93,6 +97,69 @@ sub print_user_table {
     return "";
 }
 
+sub print_section_bar{
+        my $self = shift;
+        print "  <tr>\n    <td colspan='2'>\n";
+        print "<hr class=\"sectionbar\"/>\n";
+        return undef;
+}
+
+sub get_shares {
+    my ($self, $mode) = @_;
+    my $q = $self->{cgi};
+
+    my $user = $q->param('acctName');
+
+    my @read;
+    my @write;
+
+    # Loop through all the ibays to check which ones are accessible
+    foreach my $ibay ($accountdb->ibays){
+        my $name = $ibay->key;
+        my $desc = $ibay->prop('Name');
+        my $group = $ibay->prop('Group');
+        next unless $accountdb->is_user_in_group($user, $group);
+        my $perm = $ibay->prop('UserAccess');
+        if ($perm eq 'wr-admin-rd-group'){
+            push @read, $name . " ($desc)";
+        }
+        else{
+            push @write, $name . " ($desc)";
+        }
+    }
+    # Now check shared folders
+    foreach my $share ($accountdb->get_all_by_prop(type=>'share')){
+        my $name = $share->key;
+        my $desc = $share->prop('Name');
+        foreach my $group (split /[;,]/, ($share->prop('ReadGroups') || '')){
+            push @read, $name . " ($desc)" if $accountdb->is_user_in_group($user, $group);
+        }
+        foreach my $u (split /[;,]/, ($share->prop('ReadUsers') || '')){
+            push @read, $name . " ($desc)" if $user eq $u;
+        }
+        foreach my $group (split /[;,]/, ($share->prop('WriteGroups') || '')){
+            push @write, $name . " ($desc)" if $accountdb->is_user_in_group($user, $group);
+        }
+        foreach my $u (split /[;,]/, ($share->prop('WriteUsers') || '')){
+            push @write, $name . " ($desc)" if $user eq $u;
+        }
+    }
+    @write = uniq @write;
+    @read = uniq @read;
+    my @tmp = ();
+    foreach my $r (@read){
+        push @tmp, $r unless grep { $r eq $_ } @write;
+    }
+    @read = @tmp;
+    my @res = ($mode eq 'write') ? @write : @read;
+    return join "<br>", @res;
+}
+
+sub get_name {
+    my ($self) = @_;
+    return get_ldap_value($self, 'FirstName') . " " . get_ldap_value($self, 'LastName');
+}
+
 sub get_ldap_value {
     my ($self, $field) = @_;
 
@@ -105,8 +172,6 @@ sub print_save_button {
 
     my ($self) = @_;
 
-    my $cgi = $self->{cgi};
-
     $self->print_button("SAVE");
 }
 
@@ -148,9 +213,11 @@ sub modify_user {
             'AltEmail3'      => $self->{cgi}->param('AltEmail3'),
             'AltEmail4'      => $self->{cgi}->param('AltEmail4'),
             'PreferredEmail' => $self->{cgi}->param('PreferredEmail'),
+            'Category'       => $self->{cgi}->param('Category'),
             'Url'            => $self->{cgi}->param('Url'),
             'Shell'          => $self->{cgi}->param('Shell'),
             'DesktopShell'   => $self->{cgi}->param('DesktopShell'),
+            'ChrootDir'      => $self->{cgi}->param('ChrootDir'),
         );
 
         $acct->merge_props(%newProperties);
@@ -234,4 +301,21 @@ sub url_or_empty {
     return $ret;
 }
 
+sub dir_exists_or_empty {
+    my ($self, $field) = @_;
+    my $ret = $self->localise('DIR_DOES_NOT_EXIST');
+
+    $ret = 'OK' if ((-d "$field") || ($field eq ''));
+    return $ret;
+}
+
+sub exec_exists_or_empty {
+
+    my ($self, $field) = @_;
+    my $ret = $self->localise('IS_NOT_AN_EXECUTABLE');
+
+    $ret = 'OK' if ((-x "$field") || ($field eq ''));
+    return $ret;
+}
+
 1;

root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/userpanelViewgroups.pm

@@ -82,7 +82,10 @@ sub get_group_mail {
     my $domain = $db->get('DomainName')->value();
     my @mails = ("$group\@$domain");
     foreach ($accounts->pseudonyms()){
-        push @mails, $_->key . "\@$domain" if (($_->prop('Account') || '') eq $group);
+        next unless (($_->prop('Account') || '') eq $group);
+        my $mail = $_->key;
+        $mail .= "\@$domain" if ($mail !~ /\@/);
+        push @mails, $mail;
     }
     return join("<br>",@mails);
 }

root/var/clamav/ipasserelle.ign2

@@ -0,0 +1 @@
+winnow.spam.ts.brokenspam.1