From 70fcaca22c04cfe1901db7ddd73388b5b00b99b0 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Thu, 26 Jun 2014 15:15:28 +0200 Subject: [PATCH] adding DOVECOT configuration files for wheezy --- .../templates/dovecot/alternc-dict-quota.conf | 47 +++ .../templates/dovecot/alternc-sql.conf | 137 ++++++++ .../templates/dovecot/conf.d/95_alternc.conf | 328 ++++++++++++++++++ 3 files changed, 512 insertions(+) create mode 100644 etc/alternc/templates/dovecot/alternc-dict-quota.conf create mode 100644 etc/alternc/templates/dovecot/alternc-sql.conf create mode 100644 etc/alternc/templates/dovecot/conf.d/95_alternc.conf diff --git a/etc/alternc/templates/dovecot/alternc-dict-quota.conf b/etc/alternc/templates/dovecot/alternc-dict-quota.conf new file mode 100644 index 00000000..b22e98ef --- /dev/null +++ b/etc/alternc/templates/dovecot/alternc-dict-quota.conf @@ -0,0 +1,47 @@ +# AUTO GENERATED FILE +# Modify template in /etc/alternc/templates/ +# and launch alternc.install if you want +# to modify this file. +# + +connect=host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% +#connect = host=localhost dbname=mails user=testuser password=pass + +# CREATE TABLE quota ( +# username varchar(100) not null, +# bytes bigint not null default 0, +# messages integer not null default 0, +# primary key (username) +# ); + +map { + pattern = priv/quota/storage + table = dovecot_view + username_field = user + value_field = quota_dovecot +} +map { + pattern = priv/quota/messages + table = dovecot_view + username_field = user + value_field = nb_messages +} + +# CREATE TABLE expires ( +# username varchar(100) not null, +# mailbox varchar(255) not null, +# expire_stamp integer not null, +# primary key (username, mailbox) +# ); + +#map { + # pattern = shared/expire/$user/$mailbox + # table = expires + # value_field = expire_stamp + + # fields { + # username = $user + # mailbox = $mailbox + # } +#} + diff --git a/etc/alternc/templates/dovecot/alternc-sql.conf b/etc/alternc/templates/dovecot/alternc-sql.conf new file mode 100644 index 00000000..e4bad783 --- /dev/null +++ b/etc/alternc/templates/dovecot/alternc-sql.conf @@ -0,0 +1,137 @@ +# AUTO GENERATED FILE +# Modify template in /etc/alternc/templates/ +# and launch alternc.install if you want +# to modify this file. +# +# This file is opened as root, so it should be owned by root and mode 0600. +# +# http://wiki2.dovecot.org/AuthDatabase/SQL +# +# For the sql passdb module, you'll need a database with a table that +# contains fields for at least the username and password. If you want to +# use the user@domain syntax, you might want to have a separate domain +# field as well. +# +# If your users all have the same uig/gid, and have predictable home +# directories, you can use the static userdb module to generate the home +# dir based on the username and domain. In this case, you won't need fields +# for home, uid, or gid in the database. +# +# If you prefer to use the sql userdb module, you'll want to add fields +# for home, uid, and gid. Here is an example table: +# +# CREATE TABLE users ( +# username VARCHAR(128) NOT NULL, +# domain VARCHAR(128) NOT NULL, +# password VARCHAR(64) NOT NULL, +# home VARCHAR(255) NOT NULL, +# uid INTEGER NOT NULL, +# gid INTEGER NOT NULL, +# active CHAR(1) DEFAULT 'Y' NOT NULL +# ); + +# Database driver: mysql, pgsql, sqlite +driver = mysql + +# Database connection string. This is driver-specific setting. +# +# HA / round-robin load-balancing is supported by giving multiple host +# settings, like: host=sql1.host.org host=sql2.host.org +# +# pgsql: +# For available options, see the PostgreSQL documention for the +# PQconnectdb function of libpq. +# Use maxconns=n (default 5) to change how many connections Dovecot can +# create to pgsql. +# +# mysql: +# Basic options emulate PostgreSQL option names: +# host, port, user, password, dbname +# +# But also adds some new settings: +# client_flags - See MySQL manual +# ssl_ca, ssl_ca_path - Set either one or both to enable SSL +# ssl_cert, ssl_key - For sending client-side certificates to server +# ssl_cipher - Set minimum allowed cipher security (default: HIGH) +# option_file - Read options from the given file instead of +# the default my.cnf location +# option_group - Read options from the given group (default: client) +# +# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock +# Note that currently you can't use spaces in parameters. +# +# sqlite: +# The path to the database file. +# +# Examples: +# connect = host=192.168.1.1 dbname=users +# connect = host=sql.example.com dbname=virtual user=virtual password=blarg +# connect = /etc/dovecot/authdb.sqlite +# +connect = host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% + +# Default password scheme. +# +# List of supported schemes is in +# http://wiki2.dovecot.org/Authentication/PasswordSchemes +# +default_pass_scheme = MD5 + +# passdb query to retrieve the password. It can return fields: +# password - The user's password. This field must be returned. +# user - user@domain from the database. Needed with case-insensitive lookups. +# username and domain - An alternative way to represent the "user" field. +# +# The "user" field is often necessary with case-insensitive lookups to avoid +# e.g. "name" and "nAme" logins creating two different mail directories. If +# your user and domain names are in separate fields, you can return "username" +# and "domain" fields instead of "user". +# +# The query can also return other fields which have a special meaning, see +# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields +# +# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables +# for full list): +# %u = entire user@domain +# %n = user part of user@domain +# %d = domain part of user@domain +# +# Note that these can be used only as input to SQL query. If the query outputs +# any of these substitutions, they're not touched. Otherwise it would be +# difficult to have eg. usernames containing '%' characters. +# +# Example: +# password_query = SELECT userid AS user, pw AS password \ +# FROM users WHERE userid = '%u' AND active = 'Y' +# +#password_query = \ +# SELECT username, domain, password \ +# FROM users WHERE username = '%n' AND domain = '%d' + +# userdb query to retrieve the user information. It can return fields: +# uid - System UID (overrides mail_uid setting) +# gid - System GID (overrides mail_gid setting) +# home - Home directory +# mail - Mail location (overrides mail_location setting) +# +# None of these are strictly required. If you use a single UID and GID, and +# home or mail directory fits to a template string, you could use userdb static +# instead. For a list of all fields that can be returned, see +# http://wiki2.dovecot.org/UserDatabase/ExtraFields +# +# Examples: +# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' +# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' +# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' +# +user_query = SELECT userdb_home AS home, userdb_uid AS uid, 1998 AS gid, userdb_quota_rule AS quota_rule FROM dovecot_view WHERE user = '%u'; + +# If you wish to avoid two SQL lookups (passdb + userdb), you can use +# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll +# also have to return userdb fields in password_query prefixed with "userdb_" +# string. For example: +# +password_query = SELECT user, password, userdb_home, userdb_uid, 1998 AS userdb_gid,userdb_quota_rule FROM dovecot_view where user= '%u'; + +# Query to get a list of all usernames. +#iterate_query = SELECT username AS user FROM users diff --git a/etc/alternc/templates/dovecot/conf.d/95_alternc.conf b/etc/alternc/templates/dovecot/conf.d/95_alternc.conf new file mode 100644 index 00000000..8cda78d0 --- /dev/null +++ b/etc/alternc/templates/dovecot/conf.d/95_alternc.conf @@ -0,0 +1,328 @@ +# AUTO GENERATED FILE +# Modify template in /etc/alternc/templates/ +# and launch alternc.install if you want +# to modify this file. +# +## Dovecot configuration file +# This is a concatenation of all /etc/dovecot/conf.d/* from DEBIAN package +# with rules adapted to AlternC best practices and link with MySQL tables. + +protocols = imap pop3 sieve + +## ------------------------------------------------------------------------- +## 10-auth + +# Disable LOGIN command and all other plaintext authentications unless +# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP +# matches the local IP (ie. you're connecting from the same computer), the +# connection is considered secure and plaintext authentication is allowed. +disable_plaintext_auth = no + +# Space separated list of wanted authentication mechanisms: +# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey +# gss-spnego +# NOTE: See also disable_plaintext_auth setting. +auth_mechanisms = plain login + +## +## Password and user databases +## + +# +# Password database is used to verify user's password (and nothing more). +# You can have multiple passdbs and userdbs. This is useful if you want to +# allow both system users (/etc/passwd) and virtual users to login without +# duplicating the system users into virtual database. +# +# +# +# User database specifies where mails are located and what user/group IDs +# own them. For single-UID configuration use "static" userdb. +# +# + +#!include auth-deny.conf.ext +#!include auth-master.conf.ext + +#!include auth-system.conf.ext +#!include auth-sql.conf.ext +#!include auth-ldap.conf.ext +#!include auth-passwdfile.conf.ext +#!include auth-checkpassword.conf.ext +#!include auth-vpopmail.conf.ext +#!include auth-static.conf.ext + + +# ---------------------------------------------------------------------------- +# 10-login.conf + +# Prefix for each line written to log file. % codes are in strftime(3) +# format. +#log_timestamp = "%b %d %H:%M:%S " +log_timestamp = "%Y-%m-%d %H:%M:%S " + +# ---------------------------------------------------------------------------- +# 10-mail.conf + + +# Location for users' mailboxes. This is the same as the old default_mail_env +# setting. The default is empty, which means that Dovecot tries to find the +# mailboxes automatically. This won't work if the user doesn't have any mail +# yet, so you should explicitly tell Dovecot the full location. +# +# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) +# isn't enough. You'll also need to tell Dovecot where the other mailboxes are +# kept. This is called the "root mail directory", and it must be the first +# path given in the mail_location setting. +# +# There are a few special variables you can use, eg.: +# +# %u - username +# %n - user part in user@domain, same as %u if there's no domain +# %d - domain part in user@domain, empty if there's no domain +# %h - home directory +# +# See for full list. +# Some examples: +# +# mail_location = maildir:~/Maildir +# mail_location = mbox:~/mail:INBOX=/var/mail/%u +# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n +# +# +# +mail_location = maildir:~/Maildir + + +# Group to enable temporarily for privileged operations. Currently this is +# used only with INBOX when either its initial creation or dotlocking fails. +# Typically this is set to "mail" to give access to /var/mail. +#mail_privileged_group = +mail_privileged_group = vmail + + +# Valid UID range for users, defaults to 500 and above. This is mostly +# to make sure that users can't log in as daemons or other system users. +# Note that denying root logins is hardcoded to dovecot binary and can't +# be done even if first_valid_uid is set to 0. +first_valid_uid = 2000 +last_valid_uid = 65000 + +# ---------------------------------------------------------------------------- +# 10-master.conf + +passdb { + driver = sql + args = /etc/dovecot/alternc-sql.conf +} + +userdb { + driver = sql + args = /etc/dovecot/alternc-sql.conf +} +userdb { + driver = prefetch +} + +service auth { + unix_listener /var/spool/postfix/private/auth { + group = postfix + mode = 0660 + user = postfix + } + unix_listener auth-master { + mode = 0600 + user = vmail + } +# user = vmail +} + + + + +# ---------------------------------------------------------------------------- +# 10-ssl.conf + +# SSL/TLS support: yes, no, required. +ssl = yes + +# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before +# dropping root privileges, so keep the key file unreadable by anyone but +# root. +#ssl_cert = (e.g. %Uf for the + # filename in uppercase) + # + # %v - Mailbox's IMAP UIDVALIDITY + # %u - Mail's IMAP UID + # %m - MD5 sum of the mailbox headers in hex (mbox only) + # %f - filename (maildir only) + # + # If you want UIDL compatibility with other POP3 servers, use: + # UW's ipop3d : %08Xv%08Xu + # Courier : %f or %v-%u (both might be used simultaneosly) + # Cyrus (<= 2.1.3) : %u + # Cyrus (>= 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + pop3_uidl_format = %08Xu%08Xv + + # Support for dynamically loadable plugins. mail_plugins is a space separated + # list of plugins to load. + mail_plugins = quota + #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 + +} + +service pop3 { + executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/pop3 +} + +# ---------------------------------------------------------------------------- +# 90-plugin.conf + +plugin { + + # Quota plugin. Multiple backends are supported: + # dirsize: Find and sum all the files found from mail directory. + # Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. + # dict: Keep quota stored in dictionary (eg. SQL) + # maildir: Maildir++ quota + # fs: Read-only support for filesystem quota + # + # Quota limits are set using "quota_rule" parameters, either in here or in + # userdb. It's also possible to give mailbox-specific limits, for example: + # quota_rule = *:storage=1048576 + quota_rule = *:storage=100M + quota_rule2 = Trash:storage=+10%% + # quota_rule2 = Trash:storage=102400 + # User has now 1GB quota, but when saving to Trash mailbox the user gets + # additional 100MB. + # + # Multiple quota roots are also possible, for example: + # quota = dict:user::proxy::quota + # quota2 = dict:domain:%d:proxy::quota_domain + # quota_rule = *:storage=102400 + # quota2_rule = *:storage=1048576 + # Gives each user their own 100MB quota and one shared 1GB quota within + # the domain. + # + # You can execute a given command when user exceeds a specified quota limit. + # Each quota root has separate limits. Only the command for the first + # exceeded limit is excecuted, so put the highest limit first. + # Note that % needs to be escaped as %%, otherwise "% " expands to empty. + # quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95 + # quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80 + quota_warning = storage=95%% /usr/lib/alternc/quota-warning.sh 95 + quota_warning2 = storage=80%% /usr/lib/alternc/quota-warning.sh 80 + #quota = maildir + quota = dict:user::proxy::quotadict + + + # Sieve plugin (http://wiki.dovecot.org/LDA/Sieve) and ManageSieve service + # + # Location of the active script. When ManageSieve is used this is actually + # a symlink pointing to the active script in the sieve storage directory. + sieve=~/.dovecot.sieve + # + # The path to the directory where the personal Sieve scripts are stored. For + # ManageSieve this is where the uploaded scripts are stored. + sieve_dir=~/sieve +} + +# Dictionary can be used by some plugins to store key=value lists, such as +# quota, expire and acl plugins. The dictionary can be used either directly or +# though a dictionary server. The following dict block maps dictionary names to +# URIs when the server is used. These can then be referenced using URIs in +# format "proxy::". + +dict { + quotadict = mysql:/etc/dovecot/alternc-dict-quota.conf + #expire = db:/var/lib/dovecot/expire.db +} + + +service auth-worker { + user = vmail +} + +service dict { + unix_listener dict { + mode = 0660 + user = vmail + group = vmail + } +} +