From 3c59b9f45ef843667cc2c039ed53c7a59fff4cef Mon Sep 17 00:00:00 2001 From: alban Date: Sun, 29 Jun 2014 00:15:29 +0200 Subject: [PATCH] =?UTF-8?q?[git]=C2=A0merge=20master?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitattributes | 1 + .travis.yml | 1 + awstats/alternc-awstats | 11 +- awstats/bureau/class/m_aws.php | 40 +- bureau/admin/index.php | 7 +- bureau/admin/mail_list.php | 6 + bureau/class/m_admin.php | 19 +- bureau/class/m_ftp.php | 2 +- bureau/class/m_mail.php | 6 +- bureau/class/m_mem.php | 236 ++- bureau/class/m_piwik.php | 9 +- debian/alternc-awstats.cron.d | 2 +- debian/alternc.config | 60 +- debian/changelog | 14 + debian/control | 6 +- .../templates/dovecot/dovecot-dict-quota.conf | 47 - .../templates/dovecot/dovecot-sql.conf | 132 -- etc/alternc/templates/dovecot/dovecot.conf | 1296 ----------------- etc/alternc/templates/postfix/master.cf | 2 +- install/alternc.install | 14 +- phpunit/tests/_datasets/membres.yml | 4 +- phpunit/tests/bureau/class/m_adminTest.php | 38 +- phpunit/tests/bureau/class/m_ftpTest.php | 16 +- phpunit/tests/bureau/class/m_memTest.php | 78 +- .../plugins/managesieve/config.inc.php | 2 +- src/delete_logs.sh | 2 +- src/update_quota_mail.sh | 150 +- wheezy/95_alternc.conf | 6 +- wheezy/alternc.install.diff | 12 +- wheezy/changelog.diff | 14 +- 30 files changed, 483 insertions(+), 1750 deletions(-) delete mode 100644 etc/alternc/templates/dovecot/dovecot-dict-quota.conf delete mode 100644 etc/alternc/templates/dovecot/dovecot-sql.conf delete mode 100644 etc/alternc/templates/dovecot/dovecot.conf diff --git a/.gitattributes b/.gitattributes index 2b205bfe..75c54189 100644 --- a/.gitattributes +++ b/.gitattributes @@ -654,6 +654,7 @@ src/generate_apache_conf.php -text src/generate_bind_conf.php -text src/inotify_do_actions.sh -text src/inotify_update_domains.sh -text +src/mail_add.php -text src/mail_dodelete.php -text src/mem_add -text src/mem_del -text diff --git a/.travis.yml b/.travis.yml index bd2a5e41..4ca24f93 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,6 @@ language: php php: + - 5.5 - 5.4 - 5.3 script: phpunit --coverage-clover=coverage.clover diff --git a/awstats/alternc-awstats b/awstats/alternc-awstats index 4ac14dc5..bc23ca6c 100755 --- a/awstats/alternc-awstats +++ b/awstats/alternc-awstats @@ -1,11 +1,12 @@ #!/bin/bash -# Appelé seul, lance les stats AWStats du jour. -# Appelé avec "all" lance les stats avec tous les fichiers .gz situés dans /var/log/apache -# Appelé avec un nom de domaine en paramètre, rescanne tous les fichiers .gz pour ce domaine uniquement. +# Called with no parameters, launch the daily awstats stats +# called with "all", launch all stats with all apache log files from /var/log/alternc/sites/ +# called with a domain name, launch the stats for this domain from all apache log files -# Include some usefull functions -. /usr/lib/alternc/functions.sh +cd /usr/lib/alternc +# AlternC system functions +. ./functions.sh # Regenerate the awstat etc cache files : if [ -x ./awstats.cache.php ] diff --git a/awstats/bureau/class/m_aws.php b/awstats/bureau/class/m_aws.php index eeb6d9bd..932e5f53 100644 --- a/awstats/bureau/class/m_aws.php +++ b/awstats/bureau/class/m_aws.php @@ -478,7 +478,7 @@ class m_aws { $err->raise("aws",_("Login already exist")); return false; } - $pass=_md5cr($pass); + $pass=$this->crypt_apr1_md5($pass); // FIXME retourner une erreur l'insert se passe pas bien $db->query("INSERT INTO aws_users (uid,login,pass) VALUES ('$cuid','$login','$pass');"); return $this->_createhtpasswd(); @@ -498,7 +498,7 @@ class m_aws { $err->raise("aws",_("Login does not exists")); // Login does not exists return false; } - $pass=_md5c($pass); + $pass=$this->crypt_apr1_md5($pass); $db->query("UPDATE aws_users SET pass='$pass' WHERE login='$login';"); return $this->_createhtpasswd(); } @@ -794,6 +794,42 @@ class m_aws { return $str; } + + /* ----------------------------------------------------------------- */ + /** + * from http://php.net/crypt#73619 + */ + function crypt_apr1_md5($plainpasswd) { + $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8); + $len = strlen($plainpasswd); + $text = $plainpasswd.'$apr1$'.$salt; + $bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd)); + for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); } + for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; } + $bin = pack("H32", md5($text)); + for($i = 0; $i < 1000; $i++) { + $new = ($i & 1) ? $plainpasswd : $bin; + if ($i % 3) $new .= $salt; + if ($i % 7) $new .= $plainpasswd; + $new .= ($i & 1) ? $bin : $plainpasswd; + $bin = pack("H32", md5($new)); + } + for ($i = 0; $i < 5; $i++) { + $k = $i + 6; + $j = $i + 12; + if ($j == 16) $j = 5; + $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp; + } + $tmp = chr(0).chr(0).$bin[11].$tmp; + $tmp = strtr(strrev(substr(base64_encode($tmp), 2)), + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); + return "$"."apr1"."$".$salt."$".$tmp; + } + + + + } /* CLASSE m_aws */ ?> diff --git a/bureau/admin/index.php b/bureau/admin/index.php index a028342b..d3ca1d8a 100644 --- a/bureau/admin/index.php +++ b/bureau/admin/index.php @@ -74,12 +74,9 @@ if ( empty($logo) || ! $logo ) {
ATTENTION : vous allez acc�der � votre panel en mode *non s�curis�*
- Cliquez ici pour passer en mode s�curis�"; + if (variable_get('https_warning', true, 'warn users to switch to HTTPS') && !isset($_SERVER['HTTPS'])) { + echo '

' . sprintf(_('WARNING: you are trying to access the control panel insecurely, click here to go to secure mode'), $_SERVER["HTTP_HOST"]) . '

'; } - */ ?>
diff --git a/bureau/admin/mail_list.php b/bureau/admin/mail_list.php index 2572cb0b..d0dba089 100644 --- a/bureau/admin/mail_list.php +++ b/bureau/admin/mail_list.php @@ -202,6 +202,7 @@ if (date("Y-m-d")==substr($val["lastlogin"],0,10)) echo substr($val["lastlogin"]
+ srv_submission) { ?>

    @@ -213,6 +214,8 @@ if (date("Y-m-d")==substr($val["lastlogin"],0,10)) echo substr($val["lastlogin"]
  • STARTTLS
+ + srv_smtp) { ?>

    @@ -224,6 +227,8 @@ if (date("Y-m-d")==substr($val["lastlogin"],0,10)) echo substr($val["lastlogin"]
  • STARTTLS
+ + srv_smtps) { ?>

    @@ -235,6 +240,7 @@ if (date("Y-m-d")==substr($val["lastlogin"],0,10)) echo substr($val["lastlogin"]
  • SSL
+
diff --git a/bureau/class/m_admin.php b/bureau/class/m_admin.php index 6f38641d..e2d92efd 100644 --- a/bureau/class/m_admin.php +++ b/bureau/class/m_admin.php @@ -68,9 +68,11 @@ class m_admin { ); $this->archive=variable_get('archive_del_data','','If folder specified html folder of deleted user is archived, else it is deleted. '); } + /** + * Builds the admin menu * - * @global type $mem + * @global m_mem $mem * @global type $cuid * @global type $debug_alternc * @global type $L_INOTIFY_UPDATE_DOMAIN @@ -173,6 +175,21 @@ class m_admin { return $db->f('uid'); } + /** + * return the name of an alternc account + * + * @global type $db + * @param type $uid + * @return null if missing + */ + function get_login_by_uid($uid) { + global $db; + $db->query("SELECT login FROM membres WHERE uid=$uid;"); + if (! $db->next_record()) { + return null; + } + return $db->f('login'); + } /** * Returns the known information about a hosted account diff --git a/bureau/class/m_ftp.php b/bureau/class/m_ftp.php index d2cca69b..a56c1d6c 100644 --- a/bureau/class/m_ftp.php +++ b/bureau/class/m_ftp.php @@ -279,7 +279,7 @@ class m_ftp { } // Explicitly look for only allowed chars - if ( ! preg_match("/^[A-Za-z0-9_\.\-]+$/", $l) ) { + if ( ! preg_match("/^[A-Za-z0-9]+[A-Za-z0-9_\.\-]*$/", $l) ) { $err->raise('ftp', _("FTP login is incorrect")); return false; } diff --git a/bureau/class/m_mail.php b/bureau/class/m_mail.php index be85fece..14d75532 100644 --- a/bureau/class/m_mail.php +++ b/bureau/class/m_mail.php @@ -85,9 +85,9 @@ class m_mail { * */ function m_mail() { - $this->srv_submission = variable_get('mail_human_submission', '%%FQDN%%','Human name for mail server (submission protocol)', array('desc'=>'Name','type'=>'string')); - $this->srv_smtp = variable_get('mail_human_smtp', '%%FQDN%%','Human name for mail server (SMTP protocol)', array('desc'=>'Name','type'=>'string')); - $this->srv_smtps = variable_get('mail_human_smtps', '%%FQDN%%','Human name for mail server (SMTPS protocol)', array('desc'=>'Name','type'=>'string')); + $this->srv_submission = variable_get('mail_human_submission', '%%FQDN%%','Human name for mail server (submission protocol), leave empty to disable help', array('desc'=>'Name','type'=>'string')); + $this->srv_smtp = variable_get('mail_human_smtp', '%%FQDN%%','Human name for mail server (SMTP protocol), leave empty to disable help', array('desc'=>'Name','type'=>'string')); + $this->srv_smtps = variable_get('mail_human_smtps', '%%FQDN%%','Human name for mail server (SMTPS protocol), leave empty to disable help', array('desc'=>'Name','type'=>'string')); $this->srv_imap = variable_get('mail_human_imap', '%%FQDN%%','Human name for IMAP mail server', array('desc'=>'Name','type'=>'string')); $this->srv_imaps = variable_get('mail_human_imaps', '%%FQDN%%','Human name for IMAPS mail server', array('desc'=>'Name','type'=>'string')); $this->srv_pop3 = variable_get('mail_human_pop3', '%%FQDN%%','Human name for POP3 mail server', array('desc'=>'Name','type'=>'string')); diff --git a/bureau/class/m_mem.php b/bureau/class/m_mem.php index e0d889f2..be78a426 100644 --- a/bureau/class/m_mem.php +++ b/bureau/class/m_mem.php @@ -31,7 +31,7 @@ class m_mem { /** Original uid for the temporary uid swapping (for administrators) */ - var $olduid=0; + var $olduid = 0; /** This array contains the Tableau contenant les champs de la table "membres" du membre courant * Ce tableau est utilisable globalement par toutes les classes filles. @@ -54,11 +54,9 @@ class m_mem { /** * Password kind used in this class (hook for admin class) + * + * @return array */ - /** - * - * @return type - */ function alternc_password_policy() { return array("mem"=>"AlternC's account password"); } @@ -68,7 +66,7 @@ class m_mem { * @return type */ function hook_menu() { - $obj = array( + $obj = array( 'title' => _("Settings"), 'ico' => 'images/settings.png', 'link' => 'mem_param.php', @@ -109,17 +107,17 @@ class m_mem { * @param type $authip_token * @return boolean */ - function login($username,$password,$restrictip=0,$authip_token=false) { + function login($username,$password,$restrictip = 0,$authip_token = false) { global $db,$err,$cuid,$authip,$admin; $err->log("mem","login",$username); - $db->query("select * from membres where login='$username';"); + $db->query("select * from membres where login = '$username';"); if ($db->num_rows()==0) { $err->raise("mem",_("User or password incorrect")); return false; } $db->next_record(); if (_md5cr($password,$db->f("pass"))!=$db->f("pass")) { - $db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid='".$db->f("uid")."';"); + $db->query("UPDATE membres SET lastfail = lastfail+1 WHERE uid = '".$db->f("uid")."';"); $err->raise("mem",_("User or password incorrect")); return false; } @@ -127,20 +125,20 @@ class m_mem { $err->raise("mem",_("This account is locked, contact the administrator")); return false; } - $this->user=$db->Record; - $cuid=$db->f("uid"); + $this->user = $db->Record; + $cuid = $db->f("uid"); if (panel_islocked() && $cuid != 2000) { $err->raise("mem",_("This website is currently under maintenance, login is currently disabled.")); return false; } - $allowed_ip=false; + $allowed_ip = false; if ( $authip_token ) $allowed_ip = $this->authip_tokencheck($authip_token); - $aga = $authip->get_allowed('panel'); + $aga = $authip->get_allowed('panel'); foreach ($aga as $k=>$v ) { - if ( $authip->is_in_subnet(get_remote_ip(), $v['ip'], $v['subnet']) ) $allowed=true ; + if ( $authip->is_in_subnet(get_remote_ip(), $v['ip'], $v['subnet']) ) $allowed = true ; } if ( sizeof($aga)>1 && !$allowed_ip && !$authip->is_wl(get_remote_ip()) ) { @@ -149,19 +147,21 @@ class m_mem { } if ($restrictip) { - $ip="'".get_remote_ip()."'"; - } else $ip="''"; + $ip = "'".get_remote_ip()."'"; + } else $ip = "''"; $db->query("DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)query("insert into sessions (sid,ip,uid) values ('$sess',$ip,'$cuid');"); - setcookie("session",$sess,0,"/"); - $err->error=0; - $db->query("SELECT * FROM local WHERE uid='$cuid';"); + if( !preg_match("/^cli/",PHP_SAPI) ){ + setcookie("session",$sess,0,"/"); + } + $err->error = 0; + $db->query("SELECT * FROM local WHERE uid = '$cuid';"); if ($db->num_rows()) { $db->next_record(); - $this->local=$db->Record; + $this->local = $db->Record; } return true; } @@ -187,26 +187,26 @@ class m_mem { function setid($id) { global $db,$err,$cuid,$mysql,$quota; $err->log("mem","setid",$id); - $db->query("select * from membres where uid='$id';"); + $db->query("select * from membres where uid = '$id';"); if ($db->num_rows()==0) { $err->raise("mem",_("User or password incorrect")); return false; } $db->next_record(); - $this->user=$db->Record; - $cuid=$db->f("uid"); + $this->user = $db->Record; + $cuid = $db->f("uid"); $mysql->reload_dbus(); - $ip=get_remote_ip(); - $sess=md5(uniqid(mt_rand())); - $_REQUEST["session"]=$sess; + $ip = get_remote_ip(); + $sess = md5(uniqid(mt_rand())); + $_REQUEST["session"] = $sess; $db->query("insert into sessions (sid,ip,uid) values ('$sess','$ip','$cuid');"); setcookie("session",$sess,0,"/"); - $err->error=0; - $db->query("SELECT * FROM local WHERE uid='$cuid';"); + $err->error = 0; + $db->query("SELECT * FROM local WHERE uid = '$cuid';"); if ($db->num_rows()) { $db->next_record(); - $this->local=$db->Record; + $this->local = $db->Record; } $quota->getquota('', true); return true; @@ -221,9 +221,9 @@ class m_mem { */ function resetlast() { global $db,$cuid; - $ip=addslashes(getenv("REMOTE_HOST")); - if (!$ip) $ip=addslashes(get_remote_ip()); - $db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';"); + $ip = addslashes(getenv("REMOTE_HOST")); + if (!$ip) $ip = addslashes(get_remote_ip()); + $db->query("UPDATE membres SET lastlogin = NOW(), lastfail = 0, lastip = '$ip' WHERE uid = '$cuid';"); } /** @@ -233,19 +233,17 @@ class m_mem { * @param type $bis * @return type */ - function authip_token($bis=false) { + function authip_token($bis = false) { global $db,$cuid; - $db->query("select pass from membres where uid='$cuid';"); + $db->query("select pass from membres where uid = '$cuid';"); $db->next_record(); - $i=intval(time()/3600); + $i = intval(time()/3600); if ($bis) ++$i; return md5("$i--".$db->f('pass')); } /** * @param boolean $t - */ - /** * * @param type $t * @return boolean @@ -263,10 +261,10 @@ class m_mem { */ function authip_class() { global $cuid; - $c = Array(); - $c['name']="Panel access"; - $c['protocol']="mem"; - $c['values']=Array($cuid=>''); + $c = Array(); + $c['name'] = "Panel access"; + $c['protocol'] = "mem"; + $c['values'] = Array($cuid=>''); return $c; } @@ -299,13 +297,13 @@ class m_mem { return $this->login($_REQUEST["username"],$_REQUEST["password"], (isset($_REQUEST["restrictip"])?$_REQUEST["restrictip"]:0) ); } } // end isset - $_COOKIE["session"]=isset($_COOKIE["session"])?addslashes($_COOKIE["session"]):""; + $_COOKIE["session"] = isset($_COOKIE["session"])?addslashes($_COOKIE["session"]):""; if (strlen($_COOKIE["session"])!=32) { $err->raise("mem",_("Identity lost or unknown, please login")); return false; } - $ip=get_remote_ip(); - $db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'"); + $ip = get_remote_ip(); + $db->query("select uid,'$ip' as me,ip from sessions where sid = '".$_COOKIE["session"]."'"); if ($db->num_rows()==0) { $err->raise("mem",_("Session unknown, contact the administrator")); return false; @@ -317,21 +315,21 @@ class m_mem { return false; } } - $cuid=$db->f("uid"); + $cuid = $db->f("uid"); if (panel_islocked() && $cuid != 2000) { $err->raise("mem",_("This website is currently under maintenance, login is currently disabled.")); return false; } - $db->query("select * from membres where uid='$cuid';"); + $db->query("select * from membres where uid = '$cuid';"); $db->next_record(); - $this->user=$db->Record; - $err->error=0; - $db->query("SELECT * FROM local WHERE uid='$cuid';"); + $this->user = $db->Record; + $err->error = 0; + $db->query("SELECT * FROM local WHERE uid = '$cuid';"); if ($db->num_rows()) { $db->next_record(); - $this->local=$db->Record; + $this->local = $db->Record; } return true; } @@ -352,15 +350,15 @@ class m_mem { function su($uid) { global $cuid,$db,$err,$mysql; if (!$this->olduid) - $this->olduid=$cuid; - $db->query("select * from membres where uid='$uid';"); + $this->olduid = $cuid; + $db->query("select * from membres where uid = '$uid';"); if ($db->num_rows()==0) { $err->raise("mem",_("User or password incorrect")); return false; } $db->next_record(); - $this->user=$db->Record; - $cuid=$db->f("uid"); + $this->user = $db->Record; + $cuid = $db->f("uid"); $mysql->reload_dbus(); return true; @@ -380,7 +378,7 @@ class m_mem { if (!$this->olduid) return false; $this->su($this->olduid); - $this->olduid=0; + $this->olduid = 0; $mysql->reload_dbus(); return true; } @@ -400,19 +398,19 @@ class m_mem { */ function del_session() { global $db,$err,$cuid,$classes,$hooks; - $_COOKIE["session"]=addslashes(isset($_COOKIE["session"])?$_COOKIE["session"]:''); + $_COOKIE["session"] = addslashes(isset($_COOKIE["session"])?$_COOKIE["session"]:''); setcookie("session","",0,"/"); setcookie("oldid","",0,"/"); if ($_COOKIE["session"]=="") { - $err->error=0; + $err->error = 0; return true; } if (strlen($_COOKIE["session"])!=32) { $err->raise("mem",_("Cookie incorrect, please accept the session cookie")); return false; } - $ip=get_remote_ip(); - $db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'"); + $ip = get_remote_ip(); + $db->query("select uid,'$ip' as me,ip from sessions where sid = '".$_COOKIE["session"]."'"); if ($db->num_rows()==0) { $err->raise("mem",_("Session unknown, contact the administrator")); return false; @@ -422,9 +420,9 @@ class m_mem { $err->raise("mem",_("IP address incorrect, please contact the administrator")); return false; } - $cuid=$db->f("uid"); - $db->query("delete from sessions where sid='".$_COOKIE["session"]."';"); - $err->error=0; + $cuid = $db->f("uid"); + $db->query("delete from sessions where sid = '".$_COOKIE["session"]."';"); + $err->error = 0; # Invoker le logout dans toutes les autres classes @@ -455,9 +453,9 @@ class m_mem { function passwd($oldpass,$newpass,$newpass2) { global $db,$err,$cuid,$admin; $err->log("mem","passwd"); - $oldpass=stripslashes($oldpass); - $newpass=stripslashes($newpass); - $newpass2=stripslashes($newpass2); + $oldpass = stripslashes($oldpass); + $newpass = stripslashes($newpass); + $newpass2 = stripslashes($newpass2); if (!$this->user["canpass"]) { $err->raise("mem",_("You are not allowed to change your password.")); return false; @@ -470,20 +468,20 @@ class m_mem { $err->raise("mem",_("The new passwords are differents, please retry")); return false; } - $db->query("SELECT login FROM membres WHERE uid='$cuid';"); + $db->query("SELECT login FROM membres WHERE uid = '$cuid';"); $db->next_record(); - $login=$db->Record["login"]; + $login = $db->Record["login"]; if (!$admin->checkPolicy("mem",$login,$newpass)) { return false; // The error has been raised by checkPolicy() } - $newpass=_md5cr($newpass); - $db->query("UPDATE membres SET pass='$newpass' WHERE uid='$cuid';"); - $err->error=0; + $newpass = _md5cr($newpass); + $db->query("UPDATE membres SET pass = '$newpass' WHERE uid = '$cuid';"); + $err->error = 0; return true; } /** Change les pr�f�rences administrateur d'un compte - * @param integer $admlist Mode de visualisation des membres (0=large 1=courte) + * @param integer $admlist Mode de visualisation des membres (0 = large 1 = courte) * @return boolean TRUE si les pr�f�rences ont �t� chang�es, FALSE sinon. */ /** @@ -501,8 +499,8 @@ class m_mem { $err->raise("mem",_("You must be a system administrator to do this.")); return false; } - $db->query("UPDATE membres SET admlist='$admlist' WHERE uid='$cuid';"); - $err->error=0; + $db->query("UPDATE membres SET admlist = '$admlist' WHERE uid = '$cuid';"); + $err->error = 0; return true; } @@ -524,7 +522,7 @@ class m_mem { function send_pass($login) { global $err,$db,$L_HOSTING,$L_FQDN; $err->log("mem","send_pass"); - $db->query("SELECT * FROM membres WHERE login='$login';"); + $db->query("SELECT * FROM membres WHERE login = '$login';"); if (!$db->num_rows()) { $err->raise("mem",_("This account is locked, contact the administrator.")); return false; @@ -534,7 +532,7 @@ class m_mem { $err->raise("mem",_("The new passwords are differents, please retry")); return false; } - $txt=sprintf(_("Hello, + $txt = sprintf(_("Hello, You requested the modification of your password for your account %s on %s @@ -554,7 +552,7 @@ If it happens again, please contact your server's Administrator. Cordially. "), $login, $L_HOSTING, $db->f("login"), $db->f("pass")); mail($db->f("mail"),"Your password on $L_HOSTING",$txt,"From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN"); - $db->query("UPDATE membres SET lastaskpass=".time()." WHERE login='$login';"); + $db->query("UPDATE membres SET lastaskpass = ".time()." WHERE login = '$login';"); return true; } @@ -576,17 +574,17 @@ Cordially. function ChangeMail1($newmail) { global $err,$db,$L_HOSTING,$L_FQDN,$cuid; $err->log("mem","changemail1",$newmail); - $db->query("SELECT * FROM membres WHERE uid='$cuid';"); + $db->query("SELECT * FROM membres WHERE uid = '$cuid';"); if (!$db->num_rows()) { $err->raise("mem",_("This account is locked, contact the administrator")); return false; } $db->next_record(); - $COOKIE=substr(md5(uniqid(rand(), true)),0,20); - $KEY=substr(md5(uniqid(rand(), true)),0,6); - $link="https://$L_FQDN/mem_cm.php?usr=$cuid&cookie=$COOKIE"; - $txt=sprintf(_("Hello, + $COOKIE = substr(md5(uniqid(rand(), true)),0,20); + $KEY = substr(md5(uniqid(rand(), true)),0,6); + $link = "https://$L_FQDN/mem_cm.php?usr = $cuid&cookie = $COOKIE"; + $txt = sprintf(_("Hello, Someone (maybe you) requested an email's address modification of the account %s on %s @@ -606,9 +604,9 @@ again, please contact your server's administrator. Cordially. "), $db->f("login"), $L_HOSTING, $link); mail($newmail,"Email modification request on $L_HOSTING",$txt,"From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN"); - $db->query("DELETE FROM chgmail WHERE uid='$cuid';"); + $db->query("DELETE FROM chgmail WHERE uid = '$cuid';"); $db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ('$COOKIE','$KEY','$cuid','$newmail',".time().");"); - $lts=time()-86400; + $lts = time()-86400; $db->query("DELETE FROM chgmail WHERE ts<'$lts';"); return $KEY; } @@ -633,17 +631,17 @@ Cordially. function ChangeMail2($COOKIE,$KEY,$uid) { global $err,$db,$L_HOSTING,$L_FQDN; $err->log("mem","changemail2",$uid); - $db->query("SELECT * FROM chgmail WHERE cookie='$COOKIE' and ckey='$KEY' and uid='$uid';"); + $db->query("SELECT * FROM chgmail WHERE cookie = '$COOKIE' and ckey = '$KEY' and uid = '$uid';"); if (!$db->num_rows()) { $err->raise("mem",_("The information you entered is incorrect.")); return false; } $db->next_record(); - $db->query("UPDATE membres SET mail='".$db->f("mail")."' WHERE uid='$uid';"); + $db->query("UPDATE membres SET mail = '".$db->f("mail")."' WHERE uid = '$uid';"); - $db->query("DELETE FROM chgmail WHERE uid='$uid';"); - $lts=time()-86400; + $db->query("DELETE FROM chgmail WHERE uid = '$uid';"); + $lts = time()-86400; $db->query("DELETE FROM chgmail WHERE ts<'$lts';"); return true; } @@ -661,7 +659,7 @@ Cordially. function set_help_param($show) { global $db,$err,$cuid; $err->log("mem","set_help_param",$show); - $db->query("UPDATE membres SET show_help='$show' WHERE uid='$cuid';"); + $db->query("UPDATE membres SET show_help = '$show' WHERE uid = '$cuid';"); } /** Dit si l'aide en ligne est demand�e @@ -686,15 +684,15 @@ Cordially. * @param type $force * @return boolean */ - function show_help($file,$force=false) { + function show_help($file,$force = false) { global $err; if ($this->user["show_help"] || $force) { - $hlp=_("hlp_$file"); + $hlp = _("hlp_$file"); if ($hlp!="hlp_$file") { - $hlp=preg_replace( + $hlp = preg_replace( "#HELPID_([0-9]*)#", - "\""._("Help")."\"",$hlp); - echo "

".$hlp."

"; + "\""._("Help")."\"",$hlp); + echo "

".$hlp."

"; return true; } return false; @@ -716,7 +714,7 @@ Cordially. function get_creator_by_uid($uid) { global $db,$err; $err->log("dom","get_creator_by_uid"); - $uid=mysql_real_escape_string(intval($uid)); + $uid = mysql_real_escape_string(intval($uid)); $db->query("select creator from membres where uid = '$uid';"); if (! $db->next_record()) return false; return intval($db->f('creator') ); @@ -736,19 +734,19 @@ Cordially. function alternc_export_conf() { global $db,$err; $err->log("mem","export"); - $str=" \n"; - $users=$this->user; - $str.=" ".$users["uid"]."\n"; - $str.=" ".$users["login"]."\n"; - $str.=" ".$users["enabled"]."\n"; - $str.=" ".$users["su"]."\n"; - $str.=" ".$users["pass"]."\n"; - $str.=" ".$users["mail"]."\n"; - $str.=" ".$users["created"]."\n"; - $str.=" ".$users["lastip"]."\n"; - $str.=" ".$users["lastlogin"]."\n"; - $str.=" ".$users["lastfail"]."\n"; - $str.=" \n"; + $str = " \n"; + $users = $this->user; + $str .= " ".$users["uid"]."\n"; + $str .= " ".$users["login"]."\n"; + $str .= " ".$users["enabled"]."\n"; + $str .= " ".$users["su"]."\n"; + $str .= " ".$users["pass"]."\n"; + $str .= " ".$users["mail"]."\n"; + $str .= " ".$users["created"]."\n"; + $str .= " ".$users["lastip"]."\n"; + $str .= " ".$users["lastlogin"]."\n"; + $str .= " ".$users["lastfail"]."\n"; + $str .= " \n"; return $str; } @@ -761,12 +759,12 @@ Cordially. function session_tempo_params_get($v) { global $uid; if (empty($_COOKIE['session'])) return false; - $sid=$_COOKIE['session']; + $sid = $_COOKIE['session']; if ( empty($_SESSION[$sid.'-'.$uid]) ) { // si pas de session de params tempo return false; } - $j=$_SESSION[$sid.'-'.$uid]; - $j=json_decode($j, true); + $j = $_SESSION[$sid.'-'.$uid]; + $j = json_decode($j, true); if ( ! empty($j[$v] ) ) { // si on a bien qque chose a retourner :) return $j[$v]; } @@ -781,20 +779,20 @@ Cordially. * @param type $ecrase * @return boolean */ - function session_tempo_params_set($k, $v, $ecrase=false) { + function session_tempo_params_set($k, $v, $ecrase = false) { global $uid; if (empty($_COOKIE['session'])) return false; - $sid=$_COOKIE['session']; - $p=Array(); + $sid = $_COOKIE['session']; + $p = Array(); if ( ! empty($_SESSION[$sid.'-'.$uid]) ) { - $p = json_decode($_SESSION[$sid.'-'.$uid], true); + $p = json_decode($_SESSION[$sid.'-'.$uid], true); } if (! $ecrase && (isset($p[$k]) && is_array($p[$k])) && is_array($v) ) { - $v=array_merge($p[$k], $v); // overwrite entry with the same name + $v = array_merge($p[$k], $v); // overwrite entry with the same name } - $p[$k]=$v; - $_SESSION[$sid.'-'.$uid]=json_encode($p); + $p[$k] = $v; + $_SESSION[$sid.'-'.$uid] = json_encode($p); return true; } diff --git a/bureau/class/m_piwik.php b/bureau/class/m_piwik.php index 510557f3..0c58a0b0 100644 --- a/bureau/class/m_piwik.php +++ b/bureau/class/m_piwik.php @@ -133,8 +133,7 @@ class m_piwik { $user_login = $this->clean_user_name($user_login); $user_pass = create_pass(); - $user_mail = $user_mail ? $user_mail : $mem->user['mail']; - $user_mail = create_pass(4) . '@gmail.com'; // FIXME $user_mail; Unicité sur les emails ... Soit on ajoute + random soit, on prompt + $user_mail = $mem->user['mail']; $user_alias = $user_login; $api_data = $this->call_privileged_page('API', 'UsersManager.addUser', array('userLogin' => $user_login, 'password' => $user_pass, 'email' => $user_mail, 'alias' => $user_alias), 'JSON'); @@ -405,9 +404,10 @@ class m_piwik { * @return boolean */ function site_add($siteName, $urls, $ecommerce = FALSE) { + global $db, $cuid; $urls = is_array($urls) ? implode(',', $urls) : $urls; $api_data = $this->call_privileged_page('API', 'SitesManager.addSite', array('siteName' => $siteName, 'urls' => $urls)); - printvar($api_data); + $db->query("INSERT INTO piwik_sites set uid='$cuid', piwik_id='{$api_data->value}'"); return TRUE; } @@ -485,7 +485,8 @@ class m_piwik { * @return type */ function clean_user_name($username) { - return mysql_real_escape_string(trim($username)); + global $admin, $cuid; + return 'alternc_' . $admin->get_login_by_uid($cuid) . '_' . mysql_real_escape_string(trim($username)); } diff --git a/debian/alternc-awstats.cron.d b/debian/alternc-awstats.cron.d index 0149d9d0..96cc5555 100644 --- a/debian/alternc-awstats.cron.d +++ b/debian/alternc-awstats.cron.d @@ -1 +1 @@ -30 4 * * * root /usr/lib/alternc/alternc-awstats +30 4 * * * root /usr/lib/alternc/alternc-awstats diff --git a/debian/alternc.config b/debian/alternc.config index 2784ed09..5544818e 100644 --- a/debian/alternc.config +++ b/debian/alternc.config @@ -1,14 +1,11 @@ -#!/bin/bash - -set -e +#!/bin/bash -e # Source debconf library. . /usr/share/debconf/confmodule db_capb backup - -#Return if everything is good, exit error number otherwise +# Validate an IPv4 address. function valid_ip() { local ip=$1 @@ -27,7 +24,7 @@ function valid_ip() } -#checking mysql connectivity and updating local.sh variables accordingly +# Checking mysql connectivity and updating local.sh environment variables accordingly check_mysql() { STATE=0 @@ -68,12 +65,9 @@ check_mysql() done } +# Return the deepest existing directory in a path function get_first_existing_dir() { - # Prend en premier parametre un chemin - # Retourne le répertoire parent existant le plus "proche" - # Exemple: on lui donne /var/www/alternc/gerard/dupont/ mais - # seul /var/www/alternc existe, ca répond /var/www/alternc dir="$1" if [ -z "$dir" ] ; then return 0 @@ -86,7 +80,7 @@ function get_first_existing_dir() } -# default values for local.sh +# Compute default values for local.sh MYSQL_HOST=127.0.0.1 MYSQL_DATABASE=alternc MYSQL_USER=sysusr @@ -114,6 +108,28 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do if [ -r /etc/alternc/local.sh ]; then # source the current config . /etc/alternc/local.sh + # and push it into debconf (its values have priority over anything!) + db_set alternc/hostingname "$HOSTING" + db_set alternc/desktopname "`echo $FQDN | tr '[:upper:]' '[:lower:]'`" + db_set alternc/public_ip "$PUBLIC_IP" + db_set alternc/internal_ip "$INTERNAL_IP" + db_set alternc/ns1 "$NS1_HOSTNAME" + db_set alternc/ns2 "$NS2_HOSTNAME" + db_set alternc/default_mx "$DEFAULT_MX" + db_set alternc/alternc_html "$ALTERNC_HTML" + db_set alternc/alternc_mail "$ALTERNC_MAIL" + db_set alternc/alternc_logs "$ALTERNC_LOGS" + db_set alternc/monitor_ip "$MONITOR_IP" + db_set alternc/default_mx2 "$DEFAULT_SECONDARY_MX" + db_set alternc/mysql/host "$MYSQL_HOST" + db_set alternc/mysql/db "$MYSQL_DATABASE" + db_set alternc/mysql/user "$MYSQL_USER" + db_set alternc/mysql/password "$MYSQL_PASS" + db_set alternc/mysql/client "$MYSQL_CLIENT" + db_set alternc/sql/backup_type "$SQLBACKUP_TYPE" + db_set alternc/sql/backup_overwrite "$SQLBACKUP_OVERWRITE" + db_set alternc/mysql/alternc_mail_user "$MYSQL_MAIL_USER" + db_set alternc/mysql/alternc_mail_password "$MYSQL_MAIL_PASS" fi # upgrade <= 3.0 to >= 3.1 if [ "x$ALTERNC_LOC" != "x" ]; then @@ -121,7 +137,7 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do ALTERNC_MAIL="$ALTERNC_LOC/mail" fi - #We ask for the hosting name and the FQDN + # We ask for the hosting name and the FQDN db_get alternc/hostingname if [ -z "$RET" ]; then db_set alternc/hostingname "$HOSTING" @@ -135,13 +151,12 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do db_set alternc/desktopname "$FQDN" db_input high alternc/desktopname || true fi - # Be sure that the FQDN is lowercase (Bug #1405) + # Ensure that the FQDN is lowercase (Fixes #1405) db_get alternc/desktopname db_set alternc/desktopname "`echo $RET | tr '[:upper:]' '[:lower:]'`" - # End bug #1405 ;; 3) - #we ask for the public and private ip + # Ask for the public and private ip db_get alternc/public_ip if [ -z "$RET" ]; then db_set alternc/public_ip "$PUBLIC_IP" @@ -172,7 +187,7 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do done ;; 4) - #private IP + # Private IP db_get alternc/internal_ip if [ -z "$RET" ]; then db_set alternc/internal_ip "$INTERNAL_IP" @@ -190,7 +205,7 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do done ;; 5) - #We ask for the DNS server for the ip + # Ask for the DNS servers db_get alternc/ns1 if [ -z "$RET" ]; then db_set alternc/ns1 "$NS1_HOSTNAME" @@ -225,7 +240,7 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do 10) db_get alternc/use_remote_mysql if [ "$RET" == "true" ]; then - # user want to use a remote server + # User want to use a remote server check_mysql fi ;; @@ -240,10 +255,10 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do db_get alternc/alternc_html ALTERNC_HTML="$RET" - #checking acl and quota activation. + # Checking acl and quota activation. basedir=`get_first_existing_dir "$ALTERNC_HTML"`; MOUNT_POINT=$(df -P ${basedir} | tail -n 1 | awk '{print $6}') - #we get the first existing dir + # Get the first existing dir aclcheckfile="$basedir/test-acl" touch "$aclcheckfile" setfacl -m u:root:rwx "$aclcheckfile" 2>/dev/null || ( @@ -259,7 +274,6 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do if [ -z "$RET" ]; then db_input critical alternc/quotauninstalled || true db_go - #db_reset alternc/quotauninstalled || true db_set alternc/quotauninstalled "false" || true fi ) @@ -323,8 +337,8 @@ if [ -z "$RET" ]; then db_set alternc/mysql/host "$MYSQL_HOST" fi -#Even if we asked the question concerning the database earlier in the process -#those calls are needed to pass the variable of remote sql server to AlternC +# Even if we asked the question concerning the database earlier in the process +# Those calls are needed to pass the variable of remote sql server to AlternC db_get alternc/mysql/db if [ -z "$RET" ]; then db_set alternc/mysql/db "$MYSQL_DATABASE" diff --git a/debian/changelog b/debian/changelog index e6b5a2dd..43c9821c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +alternc (3.3~rc1) stable; urgency=low + + * unofficial Prerelease of AlternC 3.3 + * update_domaines now in PHP and using classes and hooks instead of BASH + + -- Benjamin Sonntag Thu, 26 Jun 2014 15:13:00 +0200 + +alternc (3.2.1) stable; urgency=low + + * Version identical to 3.1 for Squeeze + * Includes a small dovecot patch / dependency for dovecot 2.0 for Wheezy + + -- Benjamin Sonntag Thu, 28 Mar 2014 18:19:00 +0200 + alternc (3.1.1) oldstable; urgency=low * many bugfixed from 3.1 / 3.2 : diff --git a/debian/control b/debian/control index dbd3a5b1..f4a7df63 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Standards-Version: 3.9.4 Package: alternc Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0, bash (>= 4), acl -Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:1.2.15), dovecot-common(<< 1:2.0), dovecot-imapd (>= 1:1.2.15), dovecot-pop3d (>= 1:1.2.15), vlogger, mailutils | mailx, incron, cron, opendkim, mysql-client(>= 5.0), ${misc:Depends} +Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:2.1.7), dovecot-imapd, dovecot-pop3d, dovecot-mysql, vlogger, mailutils | mailx, incron, cron, opendkim, opendkim-tools, dovecot-sieve, dovecot-managesieved, ${misc:Depends} Recommends: mysql-server(>= 5.0), ntp, quota, unzip, bzip2 Conflicts: alternc-admintools, alternc-awstats (<< 1.0), alternc-webalizer (<= 0.9.4), alternc-mailman (<< 2.0), courier-authlib Provides: alternc-admintools @@ -38,8 +38,8 @@ Description-fr.UTF-8: Suite logicielle d'hébergement mutualisé pour Debian Package: alternc-slave Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0, acl -Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:1.2.15), dovecot-imapd, dovecot-pop3d, vlogger, mailutils | mailx, incron, cron, opendkim, ${misc:Depends} -Recommends: dovecot-managesieved, dovecot-sieve, dovecot-mysql, quota +Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:2.1.7), dovecot-imapd, dovecot-pop3d, dovecot-mysql, vlogger, mailutils | mailx, incron, cron, opendkim, opendkim-tools, dovecot-managesieved, dovecot-sieve, dovecot-mysql, ${misc:Depends} +Recommends: quota Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc Provides: alternc Replaces: alternc diff --git a/etc/alternc/templates/dovecot/dovecot-dict-quota.conf b/etc/alternc/templates/dovecot/dovecot-dict-quota.conf deleted file mode 100644 index b22e98ef..00000000 --- a/etc/alternc/templates/dovecot/dovecot-dict-quota.conf +++ /dev/null @@ -1,47 +0,0 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# - -connect=host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% -#connect = host=localhost dbname=mails user=testuser password=pass - -# CREATE TABLE quota ( -# username varchar(100) not null, -# bytes bigint not null default 0, -# messages integer not null default 0, -# primary key (username) -# ); - -map { - pattern = priv/quota/storage - table = dovecot_view - username_field = user - value_field = quota_dovecot -} -map { - pattern = priv/quota/messages - table = dovecot_view - username_field = user - value_field = nb_messages -} - -# CREATE TABLE expires ( -# username varchar(100) not null, -# mailbox varchar(255) not null, -# expire_stamp integer not null, -# primary key (username, mailbox) -# ); - -#map { - # pattern = shared/expire/$user/$mailbox - # table = expires - # value_field = expire_stamp - - # fields { - # username = $user - # mailbox = $mailbox - # } -#} - diff --git a/etc/alternc/templates/dovecot/dovecot-sql.conf b/etc/alternc/templates/dovecot/dovecot-sql.conf deleted file mode 100644 index befef217..00000000 --- a/etc/alternc/templates/dovecot/dovecot-sql.conf +++ /dev/null @@ -1,132 +0,0 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# - -# This file is opened as root, so it should be owned by root and mode 0600. -# -# http://wiki.dovecot.org/AuthDatabase/SQL -# -# For the sql passdb module, you'll need a database with a table that -# contains fields for at least the username and password. If you want to -# use the user@domain syntax, you might want to have a separate domain -# field as well. -# -# If your users all have the same uig/gid, and have predictable home -# directories, you can use the static userdb module to generate the home -# dir based on the username and domain. In this case, you won't need fields -# for home, uid, or gid in the database. -# -# If you prefer to use the sql userdb module, you'll want to add fields -# for home, uid, and gid. Here is an example table: -# -# CREATE TABLE users ( -# username VARCHAR(128) NOT NULL, -# domain VARCHAR(128) NOT NULL, -# password VARCHAR(64) NOT NULL, -# home VARCHAR(255) NOT NULL, -# uid INTEGER NOT NULL, -# gid INTEGER NOT NULL, -# active CHAR(1) DEFAULT 'Y' NOT NULL -# ); - -# Database driver: mysql, pgsql, sqlite -driver = mysql - -# Database connection string. This is driver-specific setting. -# -# pgsql: -# For available options, see the PostgreSQL documention for the -# PQconnectdb function of libpq. -# -# mysql: -# Basic options emulate PostgreSQL option names: -# host, port, user, password, dbname -# -# But also adds some new settings: -# client_flags - See MySQL manual -# ssl_ca, ssl_ca_path - Set either one or both to enable SSL -# ssl_cert, ssl_key - For sending client-side certificates to server -# ssl_cipher - Set minimum allowed cipher security (default: HIGH) -# option_file - Read options from the given file instead of -# the default my.cnf location -# option_group - Read options from the given group (default: client) -# -# You can connect to UNIX sockets by using host: host=/var/run/mysqld/mysqld.sock -# Note that currently you can't use spaces in parameters. -# -# MySQL supports multiple host parameters for load balancing / HA. -# -# sqlite: -# The path to the database file. -# -# Examples: -# connect = host=192.168.1.1 dbname=users -# connect = host=sql.example.com dbname=virtual user=virtual password=blarg -# connect = /etc/dovecot/authdb.sqlite -# -connect = host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% - -# Default password scheme. -# -# List of supported schemes is in -# http://wiki.dovecot.org/Authentication/PasswordSchemes -# -default_pass_scheme = MD5 - -# passdb query to retrieve the password. It can return fields: -# password - The user's password. This field must be returned. -# user - user@domain from the database. Needed with case-insensitive lookups. -# username and domain - An alternative way to represent the "user" field. -# -# The "user" field is often necessary with case-insensitive lookups to avoid -# e.g. "name" and "nAme" logins creating two different mail directories. If -# your user and domain names are in separate fields, you can return "username" -# and "domain" fields instead of "user". -# -# The query can also return other fields which have a special meaning, see -# http://wiki.dovecot.org/PasswordDatabase/ExtraFields -# -# Commonly used available substitutions (see http://wiki.dovecot.org/Variables -# for full list): -# %u = entire user@domain -# %n = user part of user@domain -# %d = domain part of user@domain -# -# Note that these can be used only as input to SQL query. If the query outputs -# any of these substitutions, they're not touched. Otherwise it would be -# difficult to have eg. usernames containing '%' characters. -# -# Example: -# password_query = SELECT userid AS user, pw AS password \ -# FROM users WHERE userid = '%u' AND active = 'Y' -# -#password_query = \ -# SELECT username, domain, password \ -# FROM users WHERE username = '%n' AND domain = '%d' - -# userdb query to retrieve the user information. It can return fields: -# uid - System UID (overrides mail_uid setting) -# gid - System GID (overrides mail_gid setting) -# home - Home directory -# mail - Mail location (overrides mail_location setting) -# -# None of these are strictly required. If you use a single UID and GID, and -# home or mail directory fits to a template string, you could use userdb static -# instead. For a list of all fields that can be returned, see -# http://wiki.dovecot.org/UserDatabase/ExtraFields -# -# Examples: -# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' -# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' -# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' -# -user_query = SELECT userdb_home AS home, userdb_uid AS uid, 1998 AS gid, userdb_quota_rule AS quota_rule FROM dovecot_view WHERE user = '%u'; - -# If you wish to avoid two SQL lookups (passdb + userdb), you can use -# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll -# also have to return userdb fields in password_query prefixed with "userdb_" -# string. For example: -password_query = SELECT user, password, userdb_home, userdb_uid, 1998 AS userdb_gid,userdb_quota_rule FROM dovecot_view where user= '%u'; - diff --git a/etc/alternc/templates/dovecot/dovecot.conf b/etc/alternc/templates/dovecot/dovecot.conf deleted file mode 100644 index 4af42e21..00000000 --- a/etc/alternc/templates/dovecot/dovecot.conf +++ /dev/null @@ -1,1296 +0,0 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# -## Dovecot configuration file - -# If you're in a hurry, see http://wiki.dovecot.org/QuickConfiguration - -# "dovecot -n" command gives a clean output of the changed settings. Use it -# instead of copy&pasting this file when posting to the Dovecot mailing list. - -# '#' character and everything after it is treated as comments. Extra spaces -# and tabs are ignored. If you want to use either of these explicitly, put the -# value inside quotes, eg.: key = "# char and trailing whitespace " - -# Default values are shown for each setting, it's not required to uncomment -# those. These are exceptions to this though: No sections (e.g. namespace {}) -# or plugin settings are added by default, they're listed only as examples. -# Paths are also just examples with the real defaults being based on configure -# options. The paths listed here are for configure --prefix=/usr -# --sysconfdir=/etc --localstatedir=/var --with-ssldir=/etc/ssl - -# Base directory where to store runtime data. -#base_dir = /var/run/dovecot - -# Protocols we want to be serving: imap imaps pop3 pop3s managesieve -# If you only want to use dovecot-auth, you can set this to "none". -protocols = imap imaps pop3 pop3s managesieve - -# A space separated list of IP or host addresses where to listen in for -# connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6 -# interfaces. Use "*, [::]" for listening both IPv4 and IPv6. -# -# If you want to specify ports for each service, you will need to configure -# these settings inside the protocol imap/pop3/managesieve { ... } section, -# so you can specify different ports for IMAP/POP3/MANAGESIEVE. For example: -# protocol imap { -# listen = *:10143 -# ssl_listen = *:10943 -# .. -# } -# protocol pop3 { -# listen = *:10100 -# .. -# } -# protocol managesieve { -# listen = *:12000 -# .. -# } -listen = * - -# Disable LOGIN command and all other plaintext authentications unless -# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP -# matches the local IP (ie. you're connecting from the same computer), the -# connection is considered secure and plaintext authentication is allowed. -disable_plaintext_auth = yes - -# Should all IMAP and POP3 processes be killed when Dovecot master process -# shuts down. Setting this to "no" means that Dovecot can be upgraded without -# forcing existing client connections to close (although that could also be -# a problem if the upgrade is eg. because of a security fix). This however -# means that after master process has died, the client processes can't write -# to log files anymore. -#shutdown_clients = yes - -## -## Logging -## - -# Log file to use for error messages, instead of sending them to syslog. -# /dev/stderr can be used to log into stderr. -#log_path = - -# Log file to use for informational and debug messages. -# Default is the same as log_path. -#info_log_path = - -# Prefix for each line written to log file. % codes are in strftime(3) -# format. -#log_timestamp = "%b %d %H:%M:%S " -log_timestamp = "%Y-%m-%d %H:%M:%S " - -# Syslog facility to use if you're logging to syslog. Usually if you don't -# want to use "mail", you'll use local0..local7. Also other standard -# facilities are supported. -#syslog_facility = mail - -## -## SSL settings -## - -# IP or host address where to listen in for SSL connections. Remember to also -# add imaps and/or pop3s to protocols setting. Defaults to same as "listen" -# setting if not specified. -#ssl_listen = - -# SSL/TLS support: yes, no, required. -ssl = required - -# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -# dropping root privileges, so keep the key file unreadable by anyone but -# root. -ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem -#ssl_cert_file = /etc/alternc/apache.pem -ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key -#ssl_key_file = /etc/alternc/apache.pem - -# If key file is password protected, give the password here. Alternatively -# give it when starting dovecot with -p parameter. Since this file is often -# world-readable, you may want to place this setting instead to a different -# root owned 0600 file by using !include_try . -#ssl_key_password = - -# File containing trusted SSL certificate authorities. Set this only if you -# intend to use ssl_verify_client_cert=yes. The CAfile should contain the -# CA-certificate(s) followed by the matching CRL(s). -#ssl_ca_file = - -# Request client to send a certificate. If you also want to require it, set -# ssl_require_client_cert=yes in auth section. -#ssl_verify_client_cert = no - -# Which field from certificate to use for username. commonName and -# x500UniqueIdentifier are the usual choices. You'll also need to set -# ssl_username_from_cert=yes. -#ssl_cert_username_field = commonName - -# How often to regenerate the SSL parameters file. Generation is quite CPU -# intensive operation. The value is in hours, 0 disables regeneration -# entirely. -#ssl_parameters_regenerate = 168 - -# SSL ciphers to use -#ssl_cipher_list = ALL:!LOW:!SSLv2 - -# Show protocol level SSL errors. -#verbose_ssl = no - -## -## Login processes -## - -# - -# Directory where authentication process places authentication UNIX sockets -# which login needs to be able to connect to. The sockets are created when -# running as root, so you don't have to worry about permissions. Note that -# everything in this directory is deleted when Dovecot is started. -#login_dir = /var/run/dovecot/login - -# chroot login process to the login_dir. Only reason not to do this is if you -# wish to run the whole Dovecot without roots. -#login_chroot = yes - -# User to use for the login process. Create a completely new user for this, -# and don't use it anywhere else. The user must also belong to a group where -# only it has access, it's used to control access for authentication process. -# Note that this user is NOT used to access mails. -#login_user = dovecot - -# Set max. process size in megabytes. If you don't use -# login_process_per_connection you might need to grow this. -#login_process_size = 64 - -# Should each login be processed in it's own process (yes), or should one -# login process be allowed to process multiple connections (no)? Yes is more -# secure, espcially with SSL/TLS enabled. No is faster since there's no need -# to create processes all the time. -#login_process_per_connection = yes - -# Number of login processes to keep for listening new connections. -#login_processes_count = 3 - -# Maximum number of login processes to create. The listening process count -# usually stays at login_processes_count, but when multiple users start logging -# in at the same time more extra processes are created. To prevent fork-bombing -# we check only once in a second if new processes should be created - if all -# of them are used at the time, we double their amount until the limit set by -# this setting is reached. -#login_max_processes_count = 128 - -# Maximum number of connections allowed per each login process. This setting -# is used only if login_process_per_connection=no. Once the limit is reached, -# the process notifies master so that it can create a new login process. -#login_max_connections = 256 - -# Greeting message for clients. -#login_greeting = Dovecot ready. - -# Space separated list of trusted network ranges. Connections from these -# IPs are allowed to override their IP addresses and ports (for logging and -# for authentication checks). disable_plaintext_auth is also ignored for -# these networks. Typically you'd specify your IMAP proxy servers here. -#login_trusted_networks = - -# Space-separated list of elements we want to log. The elements which have -# a non-empty variable value are joined together to form a comma-separated -# string. -#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c - -# Login log format. %$ contains login_log_format_elements string, %s contains -# the data we want to log. -#login_log_format = %$: %s - -## -## Mailbox locations and namespaces -## - -# Location for users' mailboxes. This is the same as the old default_mail_env -# setting. The default is empty, which means that Dovecot tries to find the -# mailboxes automatically. This won't work if the user doesn't have any mail -# yet, so you should explicitly tell Dovecot the full location. -# -# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) -# isn't enough. You'll also need to tell Dovecot where the other mailboxes are -# kept. This is called the "root mail directory", and it must be the first -# path given in the mail_location setting. -# -# There are a few special variables you can use, eg.: -# -# %u - username -# %n - user part in user@domain, same as %u if there's no domain -# %d - domain part in user@domain, empty if there's no domain -# %h - home directory -# -# See for full list. -# Some examples: -# -# mail_location = maildir:~/Maildir -# mail_location = mbox:~/mail:INBOX=/var/mail/%u -# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n -# -# -# -mail_location = maildir:~/Maildir - -# If you need to set multiple mailbox locations or want to change default -# namespace settings, you can do it by defining namespace sections. -# -# You can have private, shared and public namespaces. Private namespaces -# are for user's personal mails. Shared namespaces are for accessing other -# users' mailboxes that have been shared. Public namespaces are for shared -# mailboxes that are managed by sysadmin. If you create any shared or public -# namespaces you'll typically want to enable ACL plugin also, otherwise all -# users can access all the shared mailboxes, assuming they have permissions -# on filesystem level to do so. -# -# REMEMBER: If you add any namespaces, the default namespace must be added -# explicitly, ie. mail_location does nothing unless you have a namespace -# without a location setting. Default namespace is simply done by having a -# namespace with empty prefix. -#namespace private { - # Hierarchy separator to use. You should use the same separator for all - # namespaces or some clients get confused. '/' is usually a good one. - # The default however depends on the underlying mail storage format. - # separator = . - - # Prefix required to access this namespace. This needs to be different for - # all namespaces. For example "Public/". - # prefix = INBOX. - - # Physical location of the mailbox. This is in same format as - # mail_location, which is also the default for it. - #location = - - # There can be only one INBOX, and this setting defines which namespace - # has it. - #inbox = yes - - # If namespace is hidden, it's not advertised to clients via NAMESPACE - # extension. You'll most likely also want to set list=no. This is mostly - # useful when converting from another server with different namespaces which - # you want to deprecate but still keep working. For example you can create - # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". - #hidden = yes - - # Show the mailboxes under this namespace with LIST command. This makes the - # namespace visible for clients that don't support NAMESPACE extension. - # "children" value lists child mailboxes, but hides the namespace prefix. - #list = yes - - # Namespace handles its own subscriptions. If set to "no", the parent - # namespace handles them (empty prefix should always have this as "yes") - #subscriptions = yes -#} - -# Example shared namespace configuration -#namespace shared { - #separator = / - - # Mailboxes are visible under "shared/user@domain/" - # %%n, %%d and %%u are expanded to the destination user. - #prefix = shared/%%u/ - - # Mail location for other users' mailboxes. Note that %variables and ~/ - # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the - # destination user's data. - #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u - - # Use the default namespace for saving subscriptions. - #subscriptions = no - - # List the shared/ namespace only if there are visible shared mailboxes. - #list = children -#} - -# System user and group used to access mails. If you use multiple, userdb -# can override these by returning uid or gid fields. You can use either numbers -# or names. -#mail_uid = -#mail_gid = - -# Group to enable temporarily for privileged operations. Currently this is -# used only with INBOX when either its initial creation or dotlocking fails. -# Typically this is set to "mail" to give access to /var/mail. -#mail_privileged_group = -mail_privileged_group = vmail - -# Grant access to these supplementary groups for mail processes. Typically -# these are used to set up access to shared mailboxes. Note that it may be -# dangerous to set these if users can create symlinks (e.g. if "mail" group is -# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' -# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). -#mail_access_groups = - -# Allow full filesystem access to clients. There's no access checks other than -# what the operating system does for the active UID/GID. It works with both -# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ -# or ~user/. -#mail_full_filesystem_access = no - -## -## Mail processes -## - -# Enable mail process debugging. This can help you figure out why Dovecot -# isn't finding your mails. -#mail_debug = no - -# Log prefix for mail processes. See -# for list of possible variables you can use. -#mail_log_prefix = "%Us(%u): " - -# Max. number of lines a mail process is allowed to log per second before it's -# throttled. 0 means unlimited. Typically there's no need to change this -# unless you're using mail_log plugin, which may log a lot. This setting is -# ignored while mail_debug=yes to avoid pointless throttling. -#mail_log_max_lines_per_sec = 10 - -# Don't use mmap() at all. This is required if you store indexes to shared -# filesystems (NFS or clustered filesystem). -#mmap_disable = no - -# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL -# since version 3, so this should be safe to use nowadays by default. -#dotlock_use_excl = yes - -# Don't use fsync() or fdatasync() calls. This makes the performance better -# at the cost of potential data loss if the server (or the file server) -# goes down. -#fsync_disable = no - -# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches -# whenever needed. If you're using only a single mail server this isn't needed. -#mail_nfs_storage = no -# Mail index files also exist in NFS. Setting this to yes requires -# mmap_disable=yes and fsync_disable=no. -#mail_nfs_index = no - -# Locking method for index files. Alternatives are fcntl, flock and dotlock. -# Dotlocking uses some tricks which may create more disk I/O than other locking -# methods. NFS users: flock doesn't work, remember to change mmap_disable. -#lock_method = fcntl - -# Drop all privileges before exec()ing the mail process. This is mostly -# meant for debugging, otherwise you don't get core dumps. It could be a small -# security risk if you use single UID for multiple users, as the users could -# ptrace() each others processes then. -#mail_drop_priv_before_exec = no - -# Show more verbose process titles (in ps). Currently shows user name and -# IP address. Useful for seeing who are actually using the IMAP processes -# (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no - -# Valid UID range for users, defaults to 500 and above. This is mostly -# to make sure that users can't log in as daemons or other system users. -# Note that denying root logins is hardcoded to dovecot binary and can't -# be done even if first_valid_uid is set to 0. -first_valid_uid = 2000 -last_valid_uid = 65000 - -# Valid GID range for users, defaults to non-root/wheel. Users having -# non-valid GID as primary group ID aren't allowed to log in. If user -# belongs to supplementary groups with non-valid GIDs, those groups are -# not set. -#first_valid_gid = 1 -#last_valid_gid = 0 - -# Maximum number of running mail processes. When this limit is reached, -# new users aren't allowed to log in. -#max_mail_processes = 512 - -# Set max. process size in megabytes. Most of the memory goes to mmap()ing -# files, so it shouldn't harm much even if this limit is set pretty high. -#mail_process_size = 256 - -# Maximum allowed length for mail keyword name. It's only forced when trying -# to create new keywords. -#mail_max_keyword_length = 50 - -# ':' separated list of directories under which chrooting is allowed for mail -# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). -# This setting doesn't affect login_chroot, mail_chroot or auth chroot -# settings. If this setting is empty, "/./" in home dirs are ignored. -# WARNING: Never add directories here which local users can modify, that -# may lead to root exploit. Usually this should be done only if you don't -# allow shell access for users. -#valid_chroot_dirs = - -# Default chroot directory for mail processes. This can be overridden for -# specific users in user database by giving /./ in user's home directory -# (eg. /home/./user chroots into /home). Note that usually there is no real -# need to do chrooting, Dovecot doesn't allow users to access files outside -# their mail directory anyway. If your home directories are prefixed with -# the chroot directory, append "/." to mail_chroot. -#mail_chroot = - -## -## Mailbox handling optimizations -## - -# The minimum number of mails in a mailbox before updates are done to cache -# file. This allows optimizing Dovecot's behavior to do less disk writes at -# the cost of more disk reads. -#mail_cache_min_mail_count = 0 - -# When IDLE command is running, mailbox is checked once in a while to see if -# there are any new mails or other changes. This setting defines the minimum -# time in seconds to wait between those checks. Dovecot can also use dnotify, -# inotify and kqueue to find out immediately when changes occur. -#mailbox_idle_check_interval = 30 - -# Save mails with CR+LF instead of plain LF. This makes sending those mails -# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. -# But it also creates a bit more disk I/O which may just make it slower. -# Also note that if other software reads the mboxes/maildirs, they may handle -# the extra CRs wrong and cause problems. -#mail_save_crlf = no - -## -## Maildir-specific settings -## - -# By default LIST command returns all entries in maildir beginning with a dot. -# Enabling this option makes Dovecot return only entries which are directories. -# This is done by stat()ing each entry, so it causes more disk I/O. -# (For systems setting struct dirent->d_type, this check is free and it's -# done always regardless of this setting) -#maildir_stat_dirs = no - -# When copying a message, do it with hard links whenever possible. This makes -# the performance much better, and it's unlikely to have any side effects. -#maildir_copy_with_hardlinks = yes - -# When copying a message, try to preserve the base filename. Only if the -# destination mailbox already contains the same name (ie. the mail is being -# copied there twice), a new name is given. The destination filename check is -# done only by looking at dovecot-uidlist file, so if something outside -# Dovecot does similar filename preserving copies, you may run into problems. -# NOTE: This setting requires maildir_copy_with_hardlinks = yes to work. -#maildir_copy_preserve_filename = no - -# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only -# when its mtime changes unexpectedly or when we can't find the mail otherwise. -#maildir_very_dirty_syncs = no - -## -## mbox-specific settings -## - -# Which locking methods to use for locking mbox. There are four available: -# dotlock: Create .lock file. This is the oldest and most NFS-safe -# solution. If you want to use /var/mail/ like directory, the users -# will need write access to that directory. -# dotlock_try: Same as dotlock, but if it fails because of permissions or -# because there isn't enough disk space, just skip it. -# fcntl : Use this if possible. Works with NFS too if lockd is used. -# flock : May not exist in all systems. Doesn't work with NFS. -# lockf : May not exist in all systems. Doesn't work with NFS. -# -# You can use multiple locking methods; if you do the order they're declared -# in is important to avoid deadlocks if other MTAs/MUAs are using multiple -# locking methods as well. Some operating systems don't allow using some of -# them simultaneously. -# -# The Debian value for mbox_write_locks differs from upstream Dovecot. It is -# changed to be compliant with Debian Policy (section 11.6) for NFS safety. -# Dovecot: mbox_write_locks = dotlock fcntl -# Debian: mbox_write_locks = fcntl dotlock -# -#mbox_read_locks = fcntl -#mbox_write_locks = fcntl dotlock - -# Maximum time in seconds to wait for lock (all of them) before aborting. -#mbox_lock_timeout = 300 - -# If dotlock exists but the mailbox isn't modified in any way, override the -# lock file after this many seconds. -#mbox_dotlock_change_timeout = 120 - -# When mbox changes unexpectedly we have to fully read it to find out what -# changed. If the mbox is large this can take a long time. Since the change -# is usually just a newly appended mail, it'd be faster to simply read the -# new mails. If this setting is enabled, Dovecot does this but still safely -# fallbacks to re-reading the whole mbox file whenever something in mbox isn't -# how it's expected to be. The only real downside to this setting is that if -# some other MUA changes message flags, Dovecot doesn't notice it immediately. -# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK -# commands. -#mbox_dirty_syncs = yes - -# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, -# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. -#mbox_very_dirty_syncs = no - -# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK -# commands and when closing the mailbox). This is especially useful for POP3 -# where clients often delete all mails. The downside is that our changes -# aren't immediately visible to other MUAs. -#mbox_lazy_writes = yes - -# If mbox size is smaller than this (in kilobytes), don't write index files. -# If an index file already exists it's still read, just not updated. -#mbox_min_index_size = 0 - -## -## dbox-specific settings -## - -# Maximum dbox file size in kilobytes until it's rotated. -#dbox_rotate_size = 2048 - -# Minimum dbox file size in kilobytes before it's rotated -# (overrides dbox_rotate_days) -#dbox_rotate_min_size = 16 - -# Maximum dbox file age in days until it's rotated. Day always begins from -# midnight, so 1 = today, 2 = yesterday, etc. 0 = check disabled. -#dbox_rotate_days = 0 - -## -## IMAP specific settings -## - -protocol imap { - # Login executable location. - #login_executable = /usr/lib/dovecot/imap-login - - # IMAP executable location. Changing this allows you to execute other - # binaries before the imap process is executed. - # - # This would write rawlogs into user's ~/dovecot.rawlog/, if it exists: - # mail_executable = /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap - # - # - # This would attach gdb into the imap process and write backtraces into - # /tmp/gdbhelper.* files: - # mail_executable = /usr/lib/dovecot/gdbhelper /usr/lib/dovecot/imap - # - mail_executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/imap - - # Maximum IMAP command line length in bytes. Some clients generate very long - # command lines with huge mailboxes, so you may need to raise this if you get - # "Too long argument" or "IMAP command line too large" errors often. - #imap_max_line_length = 65536 - - # Maximum number of IMAP connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 10 - - # Support for dynamically loadable plugins. mail_plugins is a space separated - # list of plugins to load. - #mail_plugins = - mail_plugins = quota imap_quota - #mail_plugin_dir = /usr/lib/dovecot/modules/imap - - # IMAP logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - #imap_logout_format = bytes=%i/%o - - # Override the IMAP CAPABILITY response. - #imap_capability = - - # How many seconds to wait between "OK Still here" notifications when - # client is IDLEing. - #imap_idle_notify_interval = 120 - - # ID field names and values to send to clients. Using * as the value makes - # Dovecot use the default value. The following fields have default values - # currently: name, version, os, os-version, support-url, support-email. - #imap_id_send = - - # ID fields sent by client to log. * means everything. - #imap_id_log = - - # Workarounds for various client bugs: - # delay-newmail: - # Send EXISTS/RECENT new mail notifications only when replying to NOOP - # and CHECK commands. Some clients ignore them otherwise, for example OSX - # Mail ( (e.g. %Uf for the - # filename in uppercase) - # - # %v - Mailbox's IMAP UIDVALIDITY - # %u - Mail's IMAP UID - # %m - MD5 sum of the mailbox headers in hex (mbox only) - # %f - filename (maildir only) - # - # If you want UIDL compatibility with other POP3 servers, use: - # UW's ipop3d : %08Xv%08Xu - # Courier : %f or %v-%u (both might be used simultaneosly) - # Cyrus (<= 2.1.3) : %u - # Cyrus (>= 2.1.4) : %v.%u - # Dovecot v0.99.x : %v.%u - # tpop3d : %Mf - # - # Note that Outlook 2003 seems to have problems with %v.%u format which was - # Dovecot's default, so if you're building a new server it would be a good - # idea to change this. %08Xu%08Xv should be pretty fail-safe. - # - pop3_uidl_format = %08Xu%08Xv - - # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes - # won't change those UIDLs. Currently this works only with Maildir. - #pop3_save_uidl = no - - # POP3 logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - # %t - number of TOP commands - # %p - number of bytes sent to client as a result of TOP command - # %r - number of RETR commands - # %b - number of bytes sent to client as a result of RETR command - # %d - number of deleted messages - # %m - number of messages (before deletion) - # %s - mailbox size in bytes (before deletion) - #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s - - # Maximum number of POP3 connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 3 - - # Support for dynamically loadable plugins. mail_plugins is a space separated - # list of plugins to load. - #mail_plugins = - mail_plugins = quota - #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 - - # Workarounds for various client bugs: - # outlook-no-nuls: - # Outlook and Outlook Express hang if mails contain NUL characters. - # This setting replaces them with 0x80 character. - # oe-ns-eoh: - # Outlook Express and Netscape Mail breaks if end of headers-line is - # missing. This option simply sends it if it's missing. - # The list is space-separated. - #pop3_client_workarounds = -} - -## -## ManageSieve specific settings -## - -protocol managesieve { - # Login executable location. - #login_executable = /usr/lib/dovecot/managesieve-login - - # ManageSieve executable location. See IMAP's mail_executable above for - # examples how this could be changed. - mail_executable = /usr/lib/dovecot/managesieve - - # Maximum ManageSieve command line length in bytes. This setting is - # directly borrowed from IMAP. But, since long command lines are very - # unlikely with ManageSieve, changing this will not be very useful. - #managesieve_max_line_length = 65536 - - # ManageSieve logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - #managesieve_logout_format = bytes=%i/%o - - # If, for some inobvious reason, the sieve_storage remains unset, the - # ManageSieve daemon uses the specification of the mail_location to find out - # where to store the sieve files (see explaination in README.managesieve). - # The example below, when uncommented, overrides any global mail_location - # specification and stores all the scripts in '~/mail/sieve' if sieve_storage - # is unset. However, you should always use the sieve_storage setting. - # mail_location = mbox:~/mail - - # To fool ManageSieve clients that are focused on timesieved you can - # specify the IMPLEMENTATION capability that the dovecot reports to clients - # (default: "dovecot"). - #managesieve_implementation_string = Cyrus timsieved v2.2.13 -} - -## -## LDA specific settings -## - -protocol lda { - # Address to use when sending rejection mails (e.g. postmaster@example.com). - postmaster_address = postmaster@localhost - - # Hostname to use in various parts of sent mails, eg. in Message-Id. - # Default is the system's real hostname. - #hostname = - - # Support for dynamically loadable plugins. mail_plugins is a space separated - # list of plugins to load. - mail_plugins = quota sieve - #mail_plugin_dir = /usr/lib/dovecot/modules/lda - - # If user is over quota, return with temporary failure instead of - # bouncing the mail. - #quota_full_tempfail = no - - # Format to use for logging mail deliveries. You can use variables: - # %$ - Delivery status message (e.g. "saved to INBOX") - # %m - Message-ID - # %s - Subject - # %f - From address - #deliver_log_format = msgid=%m: %$ - - # Binary to use for sending mails. - #sendmail_path = /usr/sbin/sendmail - - # Subject: header to use for rejection mails. You can use the same variables - # as for rejection_reason below. - #rejection_subject = Rejected: %s - - # Human readable error message for rejection mails. You can use variables: - # %n = CRLF, %r = reason, %s = original subject, %t = recipient - #rejection_reason = Your message to <%t> was automatically rejected:%n%r - - # UNIX socket path to master authentication server to find users. - auth_socket_path = /var/run/dovecot/auth-master -} - -## -## Authentication processes -## - -# Executable location -#auth_executable = /usr/lib/dovecot/dovecot-auth - -# Set max. process size in megabytes. -#auth_process_size = 256 - -# Authentication cache size in kilobytes. 0 means it's disabled. -# Note that bsdauth, PAM and vpopmail require cache_key to be set for caching -# to be used. -#auth_cache_size = 0 -# Time to live in seconds for cached data. After this many seconds the cached -# record is no longer used, *except* if the main database lookup returns -# internal failure. We also try to handle password changes automatically: If -# user's previous authentication was successful, but this one wasn't, the -# cache isn't used. For now this works only with plaintext authentication. -#auth_cache_ttl = 3600 -# TTL for negative hits (user not found, password mismatch). -# 0 disables caching them completely. -#auth_cache_negative_ttl = 3600 - -# Space separated list of realms for SASL authentication mechanisms that need -# them. You can leave it empty if you don't want to support multiple realms. -# Many clients simply use the first one listed here, so keep the default realm -# first. -#auth_realms = - -# Default realm/domain to use if none was specified. This is used for both -# SASL realms and appending @domain to username in plaintext logins. -#auth_default_realm = - -# List of allowed characters in username. If the user-given username contains -# a character not listed in here, the login automatically fails. This is just -# an extra check to make sure user can't exploit any potential quote escaping -# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, -# set this value to empty. -#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ - -# Username character translations before it's looked up from databases. The -# value contains series of from -> to characters. For example "#@/@" means -# that '#' and '/' characters are translated to '@'. -#auth_username_translation = - -# Username formatting before it's looked up from databases. You can use -# the standard variables here, eg. %Lu would lowercase the username, %n would -# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into -# "-AT-". This translation is done after auth_username_translation changes. -#auth_username_format = - -# If you want to allow master users to log in by specifying the master -# username within the normal username string (ie. not using SASL mechanism's -# support for it), you can specify the separator character here. The format -# is then . UW-IMAP uses "*" as the -# separator, so that could be a good choice. -#auth_master_user_separator = - -# Username to use for users logging in with ANONYMOUS SASL mechanism -#auth_anonymous_username = anonymous - -# Log unsuccessful authentication attempts and the reasons why they failed. -#auth_verbose = no - -# Even more verbose logging for debugging purposes. Shows for example SQL -# queries. -#auth_debug = no - -# In case of password mismatches, log the passwords and used scheme so the -# problem can be debugged. Enabling this also enables auth_debug. -#auth_debug_passwords = no - -# Maximum number of dovecot-auth worker processes. They're used to execute -# blocking passdb and userdb queries (eg. MySQL and PAM). They're -# automatically created and destroyed as needed. -#auth_worker_max_count = 30 - -# Host name to use in GSSAPI principal names. The default is to use the -# name returned by gethostname(). Use "$ALL" to allow all keytab entries. -#auth_gssapi_hostname = - -# Kerberos keytab to use for the GSSAPI mechanism. Will use the system -# default (usually /etc/krb5.keytab) if not specified. -#auth_krb5_keytab = - -# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and -# ntlm_auth helper. -# -#auth_use_winbind = no - -# Path for Samba's ntlm_auth helper binary. -#auth_winbind_helper_path = /usr/bin/ntlm_auth - -# Number of seconds to delay before replying to failed authentications. -#auth_failure_delay = 2 - -auth default { - # Space separated list of wanted authentication mechanisms: - # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey - # gss-spnego - # NOTE: See also disable_plaintext_auth setting. - mechanisms = plain login - - # - # Password database is used to verify user's password (and nothing more). - # You can have multiple passdbs and userdbs. This is useful if you want to - # allow both system users (/etc/passwd) and virtual users to login without - # duplicating the system users into virtual database. - # - # - # - # By adding master=yes setting inside a passdb you make the passdb a list - # of "master users", who can log in as anyone else. Unless you're using PAM, - # you probably still want the destination user to be looked up from passdb - # that it really exists. This can be done by adding pass=yes setting to the - # master passdb. - - # Users can be temporarily disabled by adding a passdb with deny=yes. - # If the user is found from that database, authentication will fail. - # The deny passdb should always be specified before others, so it gets - # checked first. Here's an example: - - #passdb passwd-file { - # File contains a list of usernames, one per line - #args = /etc/dovecot/dovecot.deny - #deny = yes - #} - - # PAM authentication. Preferred nowadays by most systems. - # Note that PAM can only be used to verify if user's password is correct, - # so it can't be used as userdb. If you don't want to use a separate user - # database (passwd usually), you can use static userdb. - # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM - # authentication to actually work. - #passdb pam { - # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=] - # [cache_key=] [] - # - # session=yes makes Dovecot open and immediately close PAM session. Some - # PAM plugins need this to work, such as pam_mkhomedir. - # - # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins - # need that. They aren't ever deleted though, so this isn't enabled by - # default. - # - # max_requests specifies how many PAM lookups to do in one process before - # recreating the process. The default is 100, because many PAM plugins - # leak memory. - # - # cache_key can be used to enable authentication caching for PAM - # (auth_cache_size also needs to be set). It isn't enabled by default - # because PAM modules can do all kinds of checks besides checking password, - # such as checking IP address. Dovecot can't know about these checks - # without some help. cache_key is simply a list of variables (see - # /usr/share/doc/dovecot-common/wiki/Variables.txt) which must match - # for the cached data to be used. - # Here are some examples: - # %u - Username must match. Probably sufficient for most uses. - # %u%r - Username and remote IP address must match. - # %u%s - Username and service (ie. IMAP, POP3) must match. - # - # The service name can contain variables, for example %Ls expands to - # pop3 or imap. - # - # Some examples: - # args = session=yes %Ls - # args = cache_key=%u dovecot - #args = dovecot - #} - - # System users (NSS, /etc/passwd, or similiar) - # In many systems nowadays this uses Name Service Switch, which is - # configured in /etc/nsswitch.conf. - #passdb passwd { - # [blocking=yes] - See userdb passwd for explanation - #args = - #} - - # Shadow passwords for system users (NSS, /etc/shadow or similiar). - # Deprecated by PAM nowadays. - # - #passdb shadow { - # [blocking=yes] - See userdb passwd for explanation - #args = - #} - - # PAM-like authentication for OpenBSD. - # - #passdb bsdauth { - # [cache_key=] - See cache_key in PAM for explanation. - #args = - #} - - # passwd-like file with specified location - # - #passdb passwd-file { - # [scheme=] [username_format=] - # - #args = - #} - - # checkpassword executable authentication - # NOTE: You will probably want to use "userdb prefetch" with this. - # - #passdb checkpassword { - # Path for checkpassword binary - #args = - #} - - # SQL database - passdb sql { - # Path for SQL configuration file - args = /etc/dovecot/dovecot-sql.conf - } - - # LDAP database - #passdb ldap { - # Path for LDAP configuration file - #args = /etc/dovecot/dovecot-ldap.conf - #} - - # vpopmail authentication - #passdb vpopmail { - # [cache_key=] - See cache_key in PAM for explanation. - # [quota_template=