commit
8a5bf83225
40 changed files with 570 additions and 0 deletions
@ -0,0 +1,26 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
use esmith::Build::CreateLinks qw(:all); |
||||
|
||||
service_link_enhanced("dovecot", "S65", "7"); |
||||
service_link_enhanced("dovecot", "K35", "6"); |
||||
service_link_enhanced("dovecot", "K35", "0"); |
||||
service_link_enhanced("dovecot", "K35", "1"); |
||||
|
||||
templates2events("/etc/dovecot/dovecot.conf", qw(email-update bootstrap-console-save)); |
||||
templates2events("/etc/dovecot/master.users", qw(email-update bootstrap-console-save)); |
||||
templates2events("/etc/pam.d/dovecotadmin", qw(email-update bootstrap-console-save)); |
||||
|
||||
safe_touch("root/var/service/dovecot/down"); |
||||
safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/dovecot'); |
||||
safe_symlink("/var/service/dovecot" , 'root/service/dovecot'); |
||||
safe_symlink("adjust", "root/etc/e-smith/events/email-update/services2adjust/dovecot"); |
||||
# Create a symlink for /service/imap so pop3s still find the imapd.pem file |
||||
safe_symlink("/var/service/dovecot", "root/service/imap"); |
||||
|
||||
event_link("adjust-dovecot", "email-update", "02"); |
||||
event_link("adjust-dovecot", "bootstrap-console-save", "02"); |
||||
event_link("dovecot-acl", "email-update", "85"); |
||||
event_link("dovecot-acl", "user-create", "85"); |
||||
|
||||
safe_touch("root/var/lib/dovecot/sharedmailbox/dict.db"); |
@ -0,0 +1 @@ |
||||
enabled |
@ -0,0 +1 @@ |
||||
enabled |
@ -0,0 +1 @@ |
||||
service |
@ -0,0 +1 @@ |
||||
143 |
@ -0,0 +1 @@ |
||||
private |
@ -0,0 +1 @@ |
||||
enabled |
@ -0,0 +1 @@ |
||||
service |
@ -0,0 +1 @@ |
||||
993 |
@ -0,0 +1 @@ |
||||
private |
@ -0,0 +1 @@ |
||||
enabled |
@ -0,0 +1 @@ |
||||
service |
@ -0,0 +1 @@ |
||||
4190 |
@ -0,0 +1 @@ |
||||
private |
@ -0,0 +1 @@ |
||||
enabled |
@ -0,0 +1 @@ |
||||
service |
@ -0,0 +1,28 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
|
||||
# This script just ensure the dovecot service is enabled |
||||
# if imap or imaps is enabled |
||||
# It will also entirely disable the dovecot service if both imap |
||||
# and imaps are disabled |
||||
|
||||
use esmith::ConfigDB; |
||||
|
||||
my $c = esmith::ConfigDB->open() or die "Couldn't open Config DB\n"; |
||||
|
||||
my $imap = $c->get('imap'); |
||||
my $imaps = $c->get('imaps'); |
||||
my $dovecot = $c->get('dovecot') || $c->new_record('dovecot', |
||||
{ type => 'service', |
||||
status => 'enabled'}); |
||||
|
||||
my $imapStatus = $imap->prop('status') || 'enabled'; |
||||
my $imapsStatus = $imaps->prop('status') || 'enabled'; |
||||
|
||||
if ($imapStatus eq 'enabled' or $imapsStatus eq 'enabled'){ |
||||
$dovecot->set_prop('status', 'enabled'); |
||||
} |
||||
else{ |
||||
$dovecot->set_prop('status', 'disabled'); |
||||
} |
||||
|
@ -0,0 +1,87 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
|
||||
use esmith::ConfigDB; |
||||
use esmith::AccountsDB; |
||||
use File::Find; |
||||
|
||||
my $c = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n"; |
||||
my $a = esmith::AccountsDB->open_ro || die "Couldn't open AccountsdDB\n"; |
||||
|
||||
my $dovecot = $c->get('dovecot'); |
||||
|
||||
die "couldn't find dovecot service\n" unless ($dovecot); |
||||
|
||||
my $event = $ARGV[0]; |
||||
|
||||
# SharedMailboxes disabled ? |
||||
if (($dovecot->prop('SharedMailbox') || 'disabled') eq 'disabled'){ |
||||
foreach my $user ($a->users){ |
||||
my $name = $user->key; |
||||
die "Error removing SharedMailbox ACLs ($name"."'s Maildir)\n" unless ( |
||||
system('/usr/bin/setfacl', |
||||
'-R', |
||||
'-x', |
||||
'g:sharedmailbox', |
||||
"/home/e-smith/files/users/$name") == 0 && |
||||
system('/bin/chmod', |
||||
'-R', |
||||
'g-s', |
||||
"/home/e-smith/files/users/$name/Maildir") == 0 |
||||
); |
||||
} |
||||
$dovecot->set_prop('SharedMailboxAcl','no'); |
||||
exit(0); |
||||
} |
||||
|
||||
# If SharedMailbox is enabled |
||||
|
||||
# Set the correct ACL during user creation |
||||
if ($event && $event eq 'user-create'){ |
||||
my $user = $ARGV[1]; |
||||
set_acl($user); |
||||
} |
||||
|
||||
if (($dovecot->prop('SharedMailboxAcl') || 'no') ne 'yes'){ |
||||
# ACL for existing users haven't been set yet |
||||
foreach my $user ($a->users){ |
||||
my $name = $user->key; |
||||
set_acl($name); |
||||
} |
||||
$dovecot->set_prop('SharedMailboxAcl','yes'); |
||||
} |
||||
|
||||
# Set ACL on a user's Maildir |
||||
sub set_acl { |
||||
my $user = shift; |
||||
die "Missing username\n" unless ($user); |
||||
die "Couldn't find $user"."'s home dir\n" unless (-e "/home/e-smith/files/users/$user"); |
||||
die "Error applying permissions to $user 's Maildir\n" unless ( |
||||
# sharedmailbox group needs read / write access on Maildir |
||||
system('/usr/bin/setfacl', |
||||
'-R', |
||||
'-m', |
||||
'g:sharedmailbox:rwX,d:g:sharedmailbox:rwX', |
||||
"/home/e-smith/files/users/$user/Maildir") == 0 && |
||||
# Grant sharedmailbox group permission to go through |
||||
# the home dir so it can access the Maildir, but let it read |
||||
# anything else |
||||
system('/usr/bin/setfacl', |
||||
'-m', |
||||
'g:sharedmailbox:x', |
||||
"/home/e-smith/files/users/$user") == 0 |
||||
); |
||||
find(\&sgid, "/home/e-smith/files/users/$user/Maildir"); |
||||
} |
||||
|
||||
# The kernel will handle group perms when a user |
||||
# create a dir in another user's Maildir (if IMAP ACL allows it) |
||||
# This will prevent dovecot errors, see |
||||
# http://wiki2.dovecot.org/SharedMailboxes/Permissions and |
||||
# http://wiki2.dovecot.org/Errors/ChgrpNoPerm |
||||
sub sgid { |
||||
system('/bin/chmod', |
||||
'g+s', |
||||
"$_") if (-d); |
||||
} |
||||
|
@ -0,0 +1,20 @@ |
||||
# Dovecot LDA delivery |
||||
{ |
||||
# vim: ft=perl: |
||||
use esmith::ConfigDB; |
||||
my $cdb = esmith::ConfigDB->open_ro || die "Couldn't open ConfigDB\n"; |
||||
my $sieve = $cdb->get('sieve'); |
||||
my $usersieve = $props{Sieve} || 'enabled'; |
||||
my $globalsieve = ($sieve) ? ($sieve->prop('status') || 'disabled') : 'disabled'; |
||||
|
||||
if (($usersieve ne 'enabled') || ($globalsieve ne 'enabled')){ |
||||
$OUT .= "# Sieve is disabled\n"; |
||||
} |
||||
elsif ($props{EmailForward} !~ /^(local|both)$/) { |
||||
$OUT .= "# No local delivery (Dovecot LDA)\n"; |
||||
} |
||||
else{ |
||||
$OUT .= '| /var/qmail/bin/preline -f /usr/libexec/dovecot/dovecot-lda; if [ $? -ne 0 ] ; then exit -1; else exit 99; fi;'; |
||||
} |
||||
} |
||||
|
@ -0,0 +1,9 @@ |
||||
protocols = { |
||||
if ((($imap{'status'} || 'disabled') eq 'enabled') || |
||||
(($imaps{'status'} || 'disabled') eq 'enabled')){ |
||||
$OUT .= "imap"; |
||||
} |
||||
if (($sieve{'status'} || 'disabled') eq 'enabled'){ |
||||
$OUT .= " sieve"; |
||||
} |
||||
} |
@ -0,0 +1,23 @@ |
||||
{ |
||||
my $greeting = $dovecot{'Greeting'} || 'SME Server IMAP service powered by doveot'; |
||||
$OUT .= "login_greeting = \"$greeting\"\n"; |
||||
} |
||||
passdb \{ |
||||
driver = pam |
||||
\} |
||||
{ |
||||
if (($dovecot{'AdminIsMaster'} || 'disabled') eq 'enabled'){ |
||||
$OUT .=<<"HERE"; |
||||
|
||||
passdb { |
||||
driver = pam |
||||
args = dovecotadmin |
||||
master = yes |
||||
} |
||||
auth_master_user_separator = * |
||||
HERE |
||||
} |
||||
} |
||||
userdb \{ |
||||
driver = passwd |
||||
\} |
@ -0,0 +1,3 @@ |
||||
log_path = /dev/stderr |
||||
log_timestamp = "" |
||||
auth_verbose = yes |
@ -0,0 +1,3 @@ |
||||
mail_location = maildir:~/Maildir |
||||
first_valid_uid = 101 |
||||
|
@ -0,0 +1,39 @@ |
||||
{ |
||||
if ((($imap{'status'} || 'disabled') eq 'disabled') || |
||||
(($imap{'AllowPlainText'} || 'enabled') eq 'disabled')){ |
||||
$OUT .= "disable_plaintext_auth = yes\n"; |
||||
} |
||||
} |
||||
|
||||
service imap-login \{ |
||||
inet_listener imap \{ |
||||
port = {$imap{'TCPPort'} || '143'} |
||||
address = * |
||||
\} |
||||
inet_listener imaps \{ |
||||
port = {$imaps{'TCPPort'} || '993'} |
||||
ssl = yes |
||||
address = * |
||||
\} |
||||
|
||||
service_count = 0 |
||||
process_min_avail = 2 |
||||
|
||||
\} |
||||
|
||||
{ |
||||
if (($sieve{'status'} || 'enabled') eq 'enabled'){ |
||||
my $port = $sieve{'TCPPort'} || '4190'; |
||||
my $address = $sieve{'Listen'} || '127.0.0.1'; |
||||
$OUT .=<<"HERE"; |
||||
|
||||
service managesieve-login { |
||||
inet_listener sieve { |
||||
port = $port |
||||
address = $address |
||||
} |
||||
} |
||||
|
||||
HERE |
||||
} |
||||
} |
@ -0,0 +1,3 @@ |
||||
ssl = {$OUT .= (($imaps{'status'} || 'enabled') eq 'enabled') ? 'yes':'no';} |
||||
ssl_cert = </var/service/dovecot/ssl/imapd.pem |
||||
ssl_key = </var/service/dovecot/ssl/imapd.pem |
@ -0,0 +1,19 @@ |
||||
|
||||
postmaster_address = postmaster@{$DomainName} |
||||
lda_original_recipient_header = to |
||||
|
||||
{ |
||||
my $reason = $dovecot{'RejectMessage'} || ''; |
||||
my $subject = $dovecot{'RejectSubject'} || ''; |
||||
if ($reason ne ''){ |
||||
$OUT .= "rejection_reason = $reason\n"; |
||||
} |
||||
if ($subject ne ''){ |
||||
$OUT .= "rejection_subject = $subject\n"; |
||||
} |
||||
} |
||||
|
||||
protocol lda \{ |
||||
mail_plugins = $mail_plugins {$OUT .= (($sieve{'status'} || 'disabled') eq 'enabled') ? 'sieve':''} |
||||
\} |
||||
|
@ -0,0 +1,6 @@ |
||||
{ |
||||
@plugins = (); |
||||
@imap_plugins = (); |
||||
@conf = (); |
||||
$OUT .= ''; |
||||
} |
@ -0,0 +1,16 @@ |
||||
|
||||
{ |
||||
push @plugins, 'quota'; |
||||
push @imap_plugins, 'imap_quota'; |
||||
$OUT .= ''; |
||||
my $string =<<'HERE'; |
||||
|
||||
plugin { |
||||
quota = fs:user |
||||
} |
||||
|
||||
HERE |
||||
|
||||
push @conf, $string; |
||||
} |
||||
|
@ -0,0 +1,21 @@ |
||||
{ |
||||
|
||||
if (($dovecot{'LogActions'} || 'disabled') eq 'enabled'){ |
||||
push @plugins, 'mail_log'; |
||||
push @plugins, 'notify'; |
||||
my $string = <<'HERE'; |
||||
|
||||
plugin { |
||||
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mailbox_create flag_change |
||||
mail_log_fields = uid box msgid from subject flags |
||||
} |
||||
|
||||
HERE |
||||
|
||||
push @conf, $string; |
||||
$OUT .= ''; |
||||
} |
||||
else{ |
||||
$OUT .= "# Actions loging is disabled\n"; |
||||
} |
||||
} |
@ -0,0 +1,20 @@ |
||||
{ |
||||
if (($dovecot{'FullTextIndexing'} || 'disabled') eq 'enabled'){ |
||||
push @plugins, 'fts'; |
||||
push @plugins, 'fts_squat'; |
||||
my $string =<<'HERE'; |
||||
|
||||
plugin { |
||||
fts = squat |
||||
fts_squat = partial=4 full=10 |
||||
} |
||||
|
||||
HERE |
||||
|
||||
push @conf, $string; |
||||
$OUT .= ''; |
||||
} |
||||
else{ |
||||
$OUT .= "# Full text indexing is disabled\n"; |
||||
} |
||||
} |
@ -0,0 +1,68 @@ |
||||
{ |
||||
return "" if (($dovecot{'SharedMailbox'} || 'disabled') eq 'disabled'); |
||||
|
||||
push @plugins, 'acl'; |
||||
push @imap_plugins, 'imap_acl'; |
||||
|
||||
my $string =<<'HERE'; |
||||
|
||||
mail_access_groups = sharedmailbox |
||||
|
||||
service dict { |
||||
unix_listener dict { |
||||
mode = 0660 |
||||
group = sharedmailbox |
||||
} |
||||
} |
||||
|
||||
service auth { |
||||
unix_listener auth-userdb { |
||||
mode = 0660 |
||||
group = sharedmailbox |
||||
} |
||||
} |
||||
|
||||
service imap { |
||||
executable = imap imap-postlogin |
||||
} |
||||
|
||||
service imap-postlogin { |
||||
executable = script-login -d /usr/bin/imap-postlogin |
||||
unix_listener imap-postlogin { |
||||
} |
||||
} |
||||
|
||||
|
||||
namespace { |
||||
type = private |
||||
separator = / |
||||
prefix = |
||||
inbox = yes |
||||
} |
||||
|
||||
namespace { |
||||
type = shared |
||||
separator = / |
||||
prefix = shared/%%u/ |
||||
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u |
||||
subscriptions = no |
||||
list = children |
||||
} |
||||
|
||||
plugin { |
||||
acl_shared_dict = file:/var/lib/dovecot/sharedmailbox/dict.db |
||||
} |
||||
|
||||
plugin { |
||||
acl = vfile |
||||
} |
||||
|
||||
plugin { |
||||
acl_anyone = allow |
||||
} |
||||
|
||||
HERE |
||||
|
||||
push @conf, $string; |
||||
$OUT .= ''; |
||||
} |
@ -0,0 +1,7 @@ |
||||
{ |
||||
$OUT .= 'mail_plugins = $mail_plugins ' . join(' ', @plugins) ."\n\n"; |
||||
$OUT .= "protocol imap {\n"; |
||||
$OUT .= ' mail_plugins = $mail_plugins ' . join(' ', @imap_plugins) . "\n"; |
||||
$OUT .= "}\n"; |
||||
$OUT .= "$_\n" foreach (@conf); |
||||
} |
@ -0,0 +1 @@ |
||||
admin |
@ -0,0 +1,5 @@ |
||||
auth required pam_listfile.so item=user sense=allow file=/etc/dovecot/master.users onerr=fail |
||||
auth include dovecot |
||||
account include system-auth |
||||
session include system-auth |
||||
|
@ -0,0 +1,9 @@ |
||||
{ |
||||
$OUT = <<HERE; |
||||
#%PAM-1.0 |
||||
HERE |
||||
|
||||
$OUT .= |
||||
Text::Template::_load_text("/etc/e-smith/templates-default/template-begin"); |
||||
} |
||||
|
@ -0,0 +1,5 @@ |
||||
#!/bin/sh |
||||
ACL_GROUPS=`groups $USER | tr ' ' ','` |
||||
export ACL_GROUPS |
||||
export USERDB_KEYS="$USERDB_KEYS acl_groups" |
||||
exec "$@" |
@ -0,0 +1,41 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
#---------------------------------------------------------------------- |
||||
# copyright (C) 2011 Firewall-Services |
||||
# daniel@firewall-services.com |
||||
# |
||||
# This program is free software; you can redistribute it and/or modify |
||||
# it under the terms of the GNU General Public License as published by |
||||
# the Free Software Foundation; either version 2 of the License, or |
||||
# (at your option) any later version. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
||||
# |
||||
#---------------------------------------------------------------------- |
||||
|
||||
|
||||
use esmith::util; |
||||
use esmith::ConfigDB; |
||||
use File::Copy; |
||||
|
||||
my $c = esmith::ConfigDB->open_ro; |
||||
my $s = $c->get('SystemName')->value; |
||||
my $d = $c->get('DomainName')->value; |
||||
|
||||
my $pem = "./ssl/imapd.pem"; |
||||
# Now copy system pem file into jail used by ldap |
||||
copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$") |
||||
or die "failed to copy SSL PEM: $!"; |
||||
chmod 0400, "$pem.$$"; |
||||
esmith::util::chownFile("root", "root", "$pem.$$"); |
||||
rename("$pem.$$", "$pem") |
||||
or die "failed to rename $pem.$$ to $pem: $!"; |
||||
|
||||
|
@ -0,0 +1,10 @@ |
||||
#!/bin/sh |
||||
|
||||
NUM=$(/sbin/e-smith/db configuration getprop dovecot KeepLogFiles) |
||||
|
||||
exec \ |
||||
/usr/local/bin/setuidgid smelog \ |
||||
/usr/local/bin/multilog t s5000000 \ |
||||
n${NUM:-10} \ |
||||
/var/log/dovecot/ |
||||
|
@ -0,0 +1,6 @@ |
||||
#!/bin/sh |
||||
|
||||
exec 2>&1 |
||||
./control/1 |
||||
exec /usr/sbin/dovecot -F |
||||
|
@ -0,0 +1,80 @@ |
||||
%define version 0.1 |
||||
%define release 0.beta26 |
||||
%define name smeserver-dovecot |
||||
|
||||
|
||||
Summary: Dovecot IMAP server integration |
||||
Name: %{name} |
||||
Version: %{version} |
||||
Release: %{release}%{?dist} |
||||
License: GPL |
||||
Group: Networking/Daemons |
||||
Source: %{name}-%{version}.tar.gz |
||||
|
||||
Patch0: smeserver-dovecot-0.1-fix_sharedmailbox_dict_acl.patch |
||||
Patch1: smeserver-dovecot-0.1-mailshare_group.patch |
||||
Patch2: smeserver-dovecot-0.1-allow_anyone.patch |
||||
Patch3: smeserver-dovecot-0.1-no_acl_on_dict.patch |
||||
Patch4: smeserver-dovecot-0.1-sgid_recursive.patch |
||||
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
||||
BuildArchitectures: noarch |
||||
BuildRequires: e-smith-devtools |
||||
|
||||
Requires: e-smith-base >= 5.2.0 |
||||
Requires: dovecot >= 2.0.15 |
||||
Requires: dovecot-pigeonhole >= 0.2.4 |
||||
Requires: dovecot-managesieve >= 0.2.4 |
||||
Requires: acl |
||||
|
||||
Provides: e-smith-imap |
||||
Obsoletes: e-smith-imap |
||||
|
||||
%description |
||||
Configure the dovecot IMAP server with sieve scripts support, |
||||
quota, ACL, extended logging, master user |
||||
|
||||
%changelog |
||||
* Tue Nov 29 2011 Daniel Berteaud <daniel@firewall-services.com> - 0.1 |
||||
- initial release |
||||
|
||||
%prep |
||||
%setup -q -n %{name}-%{version} |
||||
%patch0 -p1 |
||||
%patch1 -p1 |
||||
%patch2 -p1 |
||||
%patch3 -p1 |
||||
%patch4 -p1 |
||||
|
||||
%build |
||||
%{__mkdir_p} root/var/log/dovecot |
||||
%{__mkdir_p} root/var/service/dovecot/ssl |
||||
perl createlinks |
||||
|
||||
%install |
||||
/bin/rm -rf $RPM_BUILD_ROOT |
||||
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) |
||||
/bin/rm -f %{name}-%{version}-filelist |
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ |
||||
--file /var/service/dovecot/run 'attr(0755,root,root)' \ |
||||
--file /var/service/dovecot/log/run 'attr(0755,root,root)' \ |
||||
--file /var/service/dovecot/control/1 'attr(0755,root,root)' \ |
||||
--dir /var/log/dovecot 'attr(0750,smelog,smelog)' \ |
||||
--dir /var/lib/dovecot/sharedmailbox 'attr(2770,root,sharedmailbox)' \ |
||||
--file /var/lib/dovecot/sharedmailbox/dict.db 'attr(0660,root,sharedmailbox) %config(noreplace)' \ |
||||
--file /usr/bin/imap-postlogin 'attr(0755,root,root)' \ |
||||
> %{name}-%{version}-filelist |
||||
|
||||
%files -f %{name}-%{version}-filelist |
||||
%defattr(-,root,root) |
||||
|
||||
%clean |
||||
rm -rf $RPM_BUILD_ROOT |
||||
|
||||
%pre |
||||
/usr/sbin/groupadd -g 439 sharedmailbox 2> /dev/null || : |
||||
|
||||
%post |
||||
|
||||
%preun |
||||
|
Loading…
Reference in new issue