You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

ipasserelle-base.spec 15KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415
  1. %define version 0.2.64
  2. %define release 1
  3. %define name ipasserelle-base
  4. Summary: Meta-Package to turn a SME Server into an iPasserelle
  5. Name: ipasserelle-base
  6. Version: 0.2.69
  7. Release: 1%{?dist}
  8. Epoch: 9
  9. License: GPL
  10. Group: Networking/Daemons
  11. Source: %{name}-%{version}.tar.gz
  12. BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
  13. BuildArchitectures: noarch
  14. BuildRequires: e-smith-devtools
  15. Requires: e-smith-base >= 5.2.0
  16. Requires: e-smith-ldap
  17. Requires: smeserver-remoteuseraccess
  18. Requires: smeserver-zabbix-agent
  19. Requires: smeserver-zabbix-proxy
  20. Requires: logwatch
  21. Requires: smeserver-shared-folders
  22. Requires: smeserver-qos
  23. Requires: smeserver-fetchmail
  24. Requires: smeserver-webapps-common
  25. Requires: smeserver-expire-accounts
  26. Requires: bash-completion
  27. Requires: ipasserelle-repo
  28. Requires: qmail-notify
  29. Requires: iftop
  30. Requires: openssl-perl
  31. Requires: perl(List::MoreUtils)
  32. Requires: perl(Text::Unaccent::PurePerl)
  33. Requires: perl(Net::LDAP)
  34. Requires: perl(Proc::ProcessTable)
  35. Requires: perl(Proc::ProcessTable::Process)
  36. Requires: pbzip2
  37. Requires: yum >= 3.2.29-69
  38. Requires: smeserver-fail2ban
  39. Obsoletes: smeserver-denyhosts
  40. Obsoletes: smeserver-mailstats
  41. %description
  42. Meta package to configure an iPasserelle Server
  43. Based on SMEServer, iPasserelle is a specially configured
  44. SME Server, with some additionnal modules
  45. %changelog
  46. * Thu Mar 14 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.69-1
  47. - Don't try to create or delete scan dir if no user has been passed
  48. (daniel@firewall-services.com)
  49. * Tue Feb 06 2018 Daniel Berteaud <daniel@firewall-services.com> 0.2.68-1
  50. - Handle Bcc being a fully qualified address in rotate script GLPI #30996
  51. (daniel@firewall-services.com)
  52. * Wed Dec 06 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.67-1
  53. - Typo in Category CGI param id (daniel@firewall-services.com)
  54. * Wed Dec 06 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.66-1
  55. - Remove GIT Changelog (daniel@firewall-services.com)
  56. * Wed Dec 06 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.65-1
  57. - new package built with tito
  58. - Add Support for buisnessCategory LDAP field
  59. * Wed Jul 19 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.64-1
  60. - Reduce spamassassin's BL score to 1.0 each
  61. * Thu Jun 8 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.63-1
  62. - Set admins member full privileges on public mailboxes
  63. If smeserver-dovecot-extras >= 0.1.3
  64. * Thu Jun 8 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.62-1
  65. - Slightly reduce spamassassin BL scores
  66. * Mon Jun 5 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.61-1
  67. - Add some blacklists to spamassassin
  68. * Thu Apr 6 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.60-1
  69. - Add support for separated __VILLE__ __RUE__ and __CODE_POSTAL__ tags
  70. for email signature
  71. * Wed Mar 8 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.59-1
  72. - Make sure bayes auto learn is disabled when not enabled
  73. - Adjust default bayes auto learn threshold
  74. * Wed Nov 9 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.58-1
  75. - Enable access to /server-status for localhost
  76. * Wed May 18 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.57-1
  77. - Remove MailSpike BL
  78. * Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.56-1
  79. - Fix a syntax error in spamassassin conf template
  80. * Wed Apr 13 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.55-1
  81. - Remove S-A custom scores
  82. - Add MailSpike BL
  83. - Requires smeserver-expire-accounts
  84. - Add spamassassin autolearn param
  85. * Wed Dec 23 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.54-1
  86. - Fix home RecycleBin purge by using mtime instead of atime
  87. * Fri Dec 4 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.53-1
  88. - Define netfs service in the DB
  89. * Wed Dec 2 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.52-1
  90. - Fix /var/clamav ownership
  91. * Fri Nov 27 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.51-1
  92. - Ignore winnow.spam.ts.brokenspam.1 virus
  93. * Fri Aug 7 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.50-1
  94. - Requires recent enough yum instead of yum-downloadonly
  95. * Mon Jul 6 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.49-1
  96. - Remove hardcoded value for open_files_limit
  97. - Set the default open_files_limit to 8192
  98. * Mon Feb 9 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.48-1
  99. - Add a EmailPrimaryDomain prop to user account
  100. * Fri Jan 30 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.47-1
  101. - Download updates even when a dependencie issue would prevent the
  102. transaction
  103. * Mon Jun 30 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.46-1
  104. - Replace header_access directive with request_header_access
  105. * Mon Jun 23 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.45-1
  106. - Replace syslog templates-custom with rsyslog fragment
  107. * Fri Mar 21 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.44-1
  108. - Fix AllowedRemoteIP (SPF Whitelist)
  109. * Wed Mar 12 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.43-1
  110. - Add SPF support (qpsmtpd and tinydns)
  111. * Fri Jan 24 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.42-1
  112. - Add a simple audit page in userinfo panel
  113. * Mon Jan 20 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.41-1
  114. - Update email address in LDAP if the first one in the list has changed
  115. * Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.40-1
  116. - Remove the non templated qmail-notify cron file
  117. * Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.39-1
  118. - Really fix qmail-notify cron
  119. * Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.38-1
  120. - Fix qmail-notify cron
  121. * Tue Nov 12 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.37-1
  122. - New branch for SME9
  123. * Fri Nov 8 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.36-1
  124. - Allow placeholders in signatures templates to be removed if the
  125. corresponding value is empty
  126. - Strip http:// or https at the begining and / at the end of the Url
  127. prop in the signature
  128. * Tue Oct 15 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.35-1
  129. - Remove phpmailer from the potential spam mailers
  130. - Reduce scrore for FSL_HELO_FIREWALL
  131. * Fri Sep 27 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.34-1
  132. - Reduce score for KHOP_BIG_TO_CC to 1.5
  133. - Fix a warning in purge-home-recycle script
  134. * Thu Sep 26 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.33-1
  135. - Reduce a few spamassassin score, which were too agressive
  136. * Wed Sep 25 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.32-1
  137. - Fix the purge-home-recycle script
  138. * Tue Sep 17 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.31-1
  139. - Other spamassassin scores adjustments
  140. * Thu Jun 13 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.30-1
  141. - Disable default samba logging
  142. * Thu Jun 6 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.29-1
  143. - Set default pyzor timeout to 15 sec
  144. - Add some spamassassin rules to fight against spam in french
  145. - Adjust some spamassassin scores
  146. - Fix another syntax erreor in share-modify-scan script
  147. * Wed Jun 5 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.28-1
  148. - Replace denyhosts with fail2ban
  149. - Obsoletes smeserver-mailstats
  150. * Fri Apr 19 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.27-1
  151. - add innodb_file_per_table directive to my.cnf
  152. * Fri Apr 19 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.26-1
  153. - Allow up to 500 connections to MySQL
  154. * Fri Dec 21 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.25-1
  155. - Fix updates download cron job
  156. * Mon Dec 3 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.24-1
  157. - Some scan require read permissions on directories
  158. * Wed Nov 28 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.23-1
  159. - Download available updates nightly
  160. * Tue Nov 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.22-1
  161. - More fixes for scan ACLs
  162. * Mon Nov 19 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.21-1
  163. - Fix a typo in share-modify-scan script
  164. * Thu Nov 15 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.20-1
  165. - Fix default ACL for admins group in scan share
  166. * Thu Nov 15 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1
  167. - Several fixes in scan share ACL
  168. * Fri Sep 28 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.18-1
  169. - Add SRV records for imap, imaps, smtp and smtps services
  170. * Fri Sep 28 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.17-1
  171. - add make-srv script to generate SRV records in tinydns
  172. * Mon Sep 10 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.16-1
  173. - Validation for the shell field
  174. - accept empty value for the shell and the chroot dir
  175. - add a script to purge home dir recycle bin
  176. * Fri Aug 24 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.15-1
  177. - Add a chroot field in user info panel
  178. * Tue Jul 17 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.14-1
  179. - Keep last 50 log files for mail services instead of 10
  180. * Tue Jun 26 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.13-1
  181. - Fix group mail addresses in viewgroup userpanel
  182. * Sun Jun 24 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.12-1
  183. - Move generated signatures in tools share
  184. * Sun Jun 17 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.11-1
  185. - Copy cacert in Primary ibay
  186. * Fri Jun 8 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.10-1.sme
  187. - Copy cacrl in Primary ibay
  188. * Tue May 29 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.9-1.sme
  189. - Update private cacert
  190. * Thu May 24 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.8-1.sme
  191. - Use pbzip2 instead of bzip2 for maillog rotation
  192. * Wed May 23 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.7-1.sme
  193. - Include CHANGELOG
  194. * Fri May 18 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.6-1.sme
  195. - Optimizations in LDAP updates scripts
  196. * Tue Apr 24 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.5-1.sme
  197. - Kill qpsmtpd after 1h instead of 30min
  198. * Mon Apr 16 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.4-1.sme
  199. - Revert previous commit, havp is now in front of squid
  200. * Mon Apr 16 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.3-1.sme
  201. - Don't hide X_Forwarded_For headers in squid if havp is enabled
  202. * Fri Apr 13 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.2-1.sme
  203. - Revert previous commit, bootstrap.min.css will go in webapps
  204. * Thu Apr 12 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.1-1.sme
  205. - Add bootstrap.min.css
  206. * Tue Apr 03 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1.sme
  207. - Switch to git
  208. - Fix PATH in cron script
  209. - Initialize PasswordSet, AllowRSSH and VPNClientAccess prop for special accounts
  210. * Sun Mar 04 2012 Daniel Berteaud <daniel@firewall-services.com> 0.1-24.sme
  211. - Fix cron scripts permissions
  212. - Add scan share with required permissions for scan2file (smb)
  213. - Fix private cacert script
  214. - Work arround a bug with spam score in some locales
  215. - Add greylisting support in qpsmtpd
  216. * Thu Mar 01 2012 Daniel Berteaud <daniel@firewall-services.com> 0.1-23.sme
  217. - Rise MySQL open_files_limit to 4096
  218. * Thu Dec 01 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-22.sme
  219. - Monthly archive maillog's Maildir (if qpsmtpd->ArchiveBcc is enabled)
  220. - Add a new url attribute (not in LDAP, only for signature __URL__)
  221. - Requires openssl-perl
  222. - Stop running navigation-conf in ipasserelle-update
  223. - Chown signature dir to the user
  224. - Use larger fields in panel
  225. * Fri Oct 28 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-20.sme
  226. - Add a custom template (no other choice) to send samba audit log to a separate file
  227. * Thu Jul 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-19.sme
  228. - Remove LL::NG dep and all portal related stuff
  229. - Separate tel and mob in signature generation script
  230. - Add all functions variable in email signature generation script
  231. - Kill stalled qpsmtpd process to prevent reaching instance limit
  232. - Allow to choose email signature template per user (SignatureTemplate)
  233. - Rename tag __SECTEUR__ to __SERVICE__ for the signature
  234. * Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-18.sme
  235. - Remove defaults example vhost and categories from LL::NG conf
  236. - LL::NG Self protect the manager
  237. * Fri Jul 08 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-17.sme
  238. - Generate both txt and html version of the signature
  239. * Fri Jul 08 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-16.sme
  240. - Fix tel tag in signature
  241. * Thu Jul 07 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-15.sme
  242. - Disable weekly raid checks
  243. - Add a basic email signature generator
  244. - Fix a small typo in userinfo fr locale
  245. - requires iftop
  246. * Mon Jul 04 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-14.sme
  247. - Depend on LL::NG and add / change some default config to match what
  248. is expected on iPasserelle
  249. * Tue Jun 28 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-13.sme
  250. - Fix a typo in group-modify event
  251. * Mon Jun 20 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-12.sme
  252. - Add support for qmail-notify
  253. * Sun Jun 19 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme
  254. - Add PreferredMail as the first mail attribute in LDAP
  255. - Fix copyright header
  256. * Sat Jun 18 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme
  257. - Add alternative Email addresses in userinfo panel
  258. * Wed May 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme
  259. - Don't let Squid send XForwardedFor headers
  260. - Don't cache yum repo data with squid
  261. * Tue May 10 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme
  262. - Fix a typo in the tools share ReadGroup prop
  263. * Wed Apr 06 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme
  264. - Display group alias in viewgroups panel
  265. * Tue Apr 05 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme
  266. - Add userpanel-viewgroups
  267. * Mon Apr 04 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme
  268. - Re-create userpanels symlinks in ipasserelle-update
  269. * Thu Mar 17 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme
  270. - Add desktopLoginShell LDAP attr
  271. - Allow empty preferred mail
  272. * Mon Mar 14 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
  273. - Add autofs and ipmi service entries in the DB
  274. - Add postalCode LDAP attribute
  275. - Add validation routine for some fields
  276. * Tue Mar 8 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
  277. - Add extensionNumber LDAP attribute
  278. * Thu Jan 20 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
  279. - initial release
  280. %prep
  281. %setup -q -n %{name}-%{version}
  282. %build
  283. %{__mkdir_p} root/home/e-smith/files/shares/tools/files/signatures/templates
  284. %{__mkdir_p} root/home/e-smith/files/scan
  285. %{__mkdir_p} root/var/lib/qpsmtpd/greylisting
  286. perl createlinks
  287. %install
  288. /bin/rm -rf $RPM_BUILD_ROOT
  289. (cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
  290. /bin/rm -f %{name}-%{version}-filelist
  291. /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
  292. --file /etc/cron.hourly/qpsmtpd-cleanup 'attr(0755,root,root)' \
  293. --file /etc/cron.monthly/maillog-rotate 'attr(0755,root,root)' \
  294. --file /etc/cron.hourly/cacrl 'attr(0755,root,root)' \
  295. --file /etc/cron.daily/purge-homes-recycle 'attr(0755,root,root)' \
  296. --file /etc/cron.daily/download-updates 'attr(0755,root,root)' \
  297. --dir /home/e-smith/files/scan 'attr(0750,root,shared)' \
  298. --dir /var/lib/qpsmtpd/greylisting 'attr(0750,qpsmtpd,qpsmtpd)' \
  299. --file /usr/bin/make-srv 'attr(0755,root,root)' \
  300. --dir /var/clamav 'attr(0755,clamav,clamav)' \
  301. > %{name}-%{version}-filelist
  302. echo "%doc" >> %{name}-%{version}-filelist
  303. %files -f %{name}-%{version}-filelist
  304. %defattr(-,root,root)
  305. %clean
  306. rm -rf $RPM_BUILD_ROOT
  307. %post
  308. %preun