From 8e1fb4145b25b3bbb01a6277459c4b0926fda56e Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Thu, 3 Apr 2014 10:51:04 +0200 Subject: [PATCH 01/28] typos and comment and removing of french in alternc.config --- debian/alternc-awstats.cron.d | 2 +- debian/alternc.config | 40 +++++++++++++++-------------------- 2 files changed, 18 insertions(+), 24 deletions(-) diff --git a/debian/alternc-awstats.cron.d b/debian/alternc-awstats.cron.d index 0149d9d0..96cc5555 100644 --- a/debian/alternc-awstats.cron.d +++ b/debian/alternc-awstats.cron.d @@ -1 +1 @@ -30 4 * * * root /usr/lib/alternc/alternc-awstats +30 4 * * * root /usr/lib/alternc/alternc-awstats diff --git a/debian/alternc.config b/debian/alternc.config index 2784ed09..35ea3f4f 100644 --- a/debian/alternc.config +++ b/debian/alternc.config @@ -1,14 +1,11 @@ -#!/bin/bash - -set -e +#!/bin/bash -e # Source debconf library. . /usr/share/debconf/confmodule db_capb backup - -#Return if everything is good, exit error number otherwise +# Validate an IPv4 address. function valid_ip() { local ip=$1 @@ -27,7 +24,7 @@ function valid_ip() } -#checking mysql connectivity and updating local.sh variables accordingly +# Checking mysql connectivity and updating local.sh environment variables accordingly check_mysql() { STATE=0 @@ -68,12 +65,9 @@ check_mysql() done } +# Return the deepest existing directory in a path function get_first_existing_dir() { - # Prend en premier parametre un chemin - # Retourne le répertoire parent existant le plus "proche" - # Exemple: on lui donne /var/www/alternc/gerard/dupont/ mais - # seul /var/www/alternc existe, ca répond /var/www/alternc dir="$1" if [ -z "$dir" ] ; then return 0 @@ -86,7 +80,7 @@ function get_first_existing_dir() } -# default values for local.sh +# Compute default values for local.sh MYSQL_HOST=127.0.0.1 MYSQL_DATABASE=alternc MYSQL_USER=sysusr @@ -114,6 +108,8 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do if [ -r /etc/alternc/local.sh ]; then # source the current config . /etc/alternc/local.sh + # and push it into debconf (its values have priority over anything + fi # upgrade <= 3.0 to >= 3.1 if [ "x$ALTERNC_LOC" != "x" ]; then @@ -121,7 +117,7 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do ALTERNC_MAIL="$ALTERNC_LOC/mail" fi - #We ask for the hosting name and the FQDN + # We ask for the hosting name and the FQDN db_get alternc/hostingname if [ -z "$RET" ]; then db_set alternc/hostingname "$HOSTING" @@ -135,13 +131,12 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do db_set alternc/desktopname "$FQDN" db_input high alternc/desktopname || true fi - # Be sure that the FQDN is lowercase (Bug #1405) + # Ensure that the FQDN is lowercase (Fixes #1405) db_get alternc/desktopname db_set alternc/desktopname "`echo $RET | tr '[:upper:]' '[:lower:]'`" - # End bug #1405 ;; 3) - #we ask for the public and private ip + # Ask for the public and private ip db_get alternc/public_ip if [ -z "$RET" ]; then db_set alternc/public_ip "$PUBLIC_IP" @@ -172,7 +167,7 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do done ;; 4) - #private IP + # Private IP db_get alternc/internal_ip if [ -z "$RET" ]; then db_set alternc/internal_ip "$INTERNAL_IP" @@ -190,7 +185,7 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do done ;; 5) - #We ask for the DNS server for the ip + # Ask for the DNS servers db_get alternc/ns1 if [ -z "$RET" ]; then db_set alternc/ns1 "$NS1_HOSTNAME" @@ -225,7 +220,7 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do 10) db_get alternc/use_remote_mysql if [ "$RET" == "true" ]; then - # user want to use a remote server + # User want to use a remote server check_mysql fi ;; @@ -240,10 +235,10 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do db_get alternc/alternc_html ALTERNC_HTML="$RET" - #checking acl and quota activation. + # Checking acl and quota activation. basedir=`get_first_existing_dir "$ALTERNC_HTML"`; MOUNT_POINT=$(df -P ${basedir} | tail -n 1 | awk '{print $6}') - #we get the first existing dir + # Get the first existing dir aclcheckfile="$basedir/test-acl" touch "$aclcheckfile" setfacl -m u:root:rwx "$aclcheckfile" 2>/dev/null || ( @@ -259,7 +254,6 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do if [ -z "$RET" ]; then db_input critical alternc/quotauninstalled || true db_go - #db_reset alternc/quotauninstalled || true db_set alternc/quotauninstalled "false" || true fi ) @@ -323,8 +317,8 @@ if [ -z "$RET" ]; then db_set alternc/mysql/host "$MYSQL_HOST" fi -#Even if we asked the question concerning the database earlier in the process -#those calls are needed to pass the variable of remote sql server to AlternC +# Even if we asked the question concerning the database earlier in the process +# Those calls are needed to pass the variable of remote sql server to AlternC db_get alternc/mysql/db if [ -z "$RET" ]; then db_set alternc/mysql/db "$MYSQL_DATABASE" From bc645605f667c270e421bcc159d7b0d9979d0351 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Thu, 3 Apr 2014 10:52:55 +0200 Subject: [PATCH 02/28] Fixing bug from Pilou's patch, which causes debconf values having priority over *existing* local.sh file. --- debian/alternc.config | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/debian/alternc.config b/debian/alternc.config index 35ea3f4f..5544818e 100644 --- a/debian/alternc.config +++ b/debian/alternc.config @@ -108,8 +108,28 @@ while [ "$QUEST_STATE" != 0 -a "$QUEST_STATE" != 14 ]; do if [ -r /etc/alternc/local.sh ]; then # source the current config . /etc/alternc/local.sh - # and push it into debconf (its values have priority over anything - + # and push it into debconf (its values have priority over anything!) + db_set alternc/hostingname "$HOSTING" + db_set alternc/desktopname "`echo $FQDN | tr '[:upper:]' '[:lower:]'`" + db_set alternc/public_ip "$PUBLIC_IP" + db_set alternc/internal_ip "$INTERNAL_IP" + db_set alternc/ns1 "$NS1_HOSTNAME" + db_set alternc/ns2 "$NS2_HOSTNAME" + db_set alternc/default_mx "$DEFAULT_MX" + db_set alternc/alternc_html "$ALTERNC_HTML" + db_set alternc/alternc_mail "$ALTERNC_MAIL" + db_set alternc/alternc_logs "$ALTERNC_LOGS" + db_set alternc/monitor_ip "$MONITOR_IP" + db_set alternc/default_mx2 "$DEFAULT_SECONDARY_MX" + db_set alternc/mysql/host "$MYSQL_HOST" + db_set alternc/mysql/db "$MYSQL_DATABASE" + db_set alternc/mysql/user "$MYSQL_USER" + db_set alternc/mysql/password "$MYSQL_PASS" + db_set alternc/mysql/client "$MYSQL_CLIENT" + db_set alternc/sql/backup_type "$SQLBACKUP_TYPE" + db_set alternc/sql/backup_overwrite "$SQLBACKUP_OVERWRITE" + db_set alternc/mysql/alternc_mail_user "$MYSQL_MAIL_USER" + db_set alternc/mysql/alternc_mail_password "$MYSQL_MAIL_PASS" fi # upgrade <= 3.0 to >= 3.1 if [ "x$ALTERNC_LOC" != "x" ]; then From a80e22b0122076db3beba8203163c5374db30df3 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Thu, 3 Apr 2014 11:00:13 +0200 Subject: [PATCH 03/28] fixing patch of alternc.install for wheezy due to line shifting (prevent some Hunk #x succeeded at y (offset z line). --- wheezy/alternc.install.diff | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/wheezy/alternc.install.diff b/wheezy/alternc.install.diff index e5681e1b..dc7aa90c 100644 --- a/wheezy/alternc.install.diff +++ b/wheezy/alternc.install.diff @@ -1,6 +1,6 @@ ---- alternc.install 2013-08-22 09:16:54.818542162 +0200 -+++ alternc.install.wheezy 2013-08-22 09:58:06.713339922 +0200 -@@ -78,7 +78,7 @@ +--- alternc.install 2014-03-28 17:30:31.378712101 +0100 ++++ alternc.install.wheezy 2014-04-03 10:57:57.840148474 +0200 +@@ -79,7 +79,7 @@ fi if [ -e /etc/dovecot/dovecot.conf ]; then @@ -9,7 +9,7 @@ fi INSTALLED_CONFIG_TAR="/var/lib/alternc/backups/etc-installed.tar.gz" -@@ -305,7 +305,7 @@ +@@ -315,7 +315,7 @@ fi # We enable dovecot SSL certificate instructions: (on wheezy we should use a new file in /etc/dovecot/conf.d/ ) @@ -18,7 +18,7 @@ else # We disable proftpd tls module -@@ -314,7 +314,7 @@ +@@ -324,7 +324,7 @@ cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/ # We disable dovecot SSL certificate instructions: (on wheezy we should remove a file in /etc/dovecot/conf.d/ ) @@ -27,7 +27,7 @@ echo "SSL not configured" echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install" -@@ -533,9 +533,11 @@ +@@ -569,9 +569,11 @@ fi fi From a074328fae04218681d428fdda463285b2edfc2a Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Fri, 4 Apr 2014 11:53:46 +0200 Subject: [PATCH 04/28] adding crypt_apr1_md5 method into awstats --- awstats/bureau/class/m_aws.php | 40 ++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/awstats/bureau/class/m_aws.php b/awstats/bureau/class/m_aws.php index eeb6d9bd..932e5f53 100644 --- a/awstats/bureau/class/m_aws.php +++ b/awstats/bureau/class/m_aws.php @@ -478,7 +478,7 @@ class m_aws { $err->raise("aws",_("Login already exist")); return false; } - $pass=_md5cr($pass); + $pass=$this->crypt_apr1_md5($pass); // FIXME retourner une erreur l'insert se passe pas bien $db->query("INSERT INTO aws_users (uid,login,pass) VALUES ('$cuid','$login','$pass');"); return $this->_createhtpasswd(); @@ -498,7 +498,7 @@ class m_aws { $err->raise("aws",_("Login does not exists")); // Login does not exists return false; } - $pass=_md5c($pass); + $pass=$this->crypt_apr1_md5($pass); $db->query("UPDATE aws_users SET pass='$pass' WHERE login='$login';"); return $this->_createhtpasswd(); } @@ -794,6 +794,42 @@ class m_aws { return $str; } + + /* ----------------------------------------------------------------- */ + /** + * from http://php.net/crypt#73619 + */ + function crypt_apr1_md5($plainpasswd) { + $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8); + $len = strlen($plainpasswd); + $text = $plainpasswd.'$apr1$'.$salt; + $bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd)); + for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); } + for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; } + $bin = pack("H32", md5($text)); + for($i = 0; $i < 1000; $i++) { + $new = ($i & 1) ? $plainpasswd : $bin; + if ($i % 3) $new .= $salt; + if ($i % 7) $new .= $plainpasswd; + $new .= ($i & 1) ? $bin : $plainpasswd; + $bin = pack("H32", md5($new)); + } + for ($i = 0; $i < 5; $i++) { + $k = $i + 6; + $j = $i + 12; + if ($j == 16) $j = 5; + $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp; + } + $tmp = chr(0).chr(0).$bin[11].$tmp; + $tmp = strtr(strrev(substr(base64_encode($tmp), 2)), + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); + return "$"."apr1"."$".$salt."$".$tmp; + } + + + + } /* CLASSE m_aws */ ?> From 1c627d243fe39ebf95b15f23f6283e263855ecac Mon Sep 17 00:00:00 2001 From: Alan Garcia Date: Mon, 7 Apr 2014 16:28:48 +0000 Subject: [PATCH 05/28] Test unitaires de demo --- bureau/class/m_ftp.php | 2 +- phpunit/tests/bureau/class/m_ftpTest.php | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bureau/class/m_ftp.php b/bureau/class/m_ftp.php index 48f7c2ce..c7922fcd 100644 --- a/bureau/class/m_ftp.php +++ b/bureau/class/m_ftp.php @@ -224,7 +224,7 @@ class m_ftp { } // Explicitly look for only allowed chars - if ( ! preg_match("/^[A-Za-z0-9_\.\-]+$/", $l) ) { + if ( ! preg_match("/^[A-Za-z0-9]+[A-Za-z0-9_\.\-]*$/", $l) ) { $err->raise('ftp', _("FTP login is incorrect")); return false; } diff --git a/phpunit/tests/bureau/class/m_ftpTest.php b/phpunit/tests/bureau/class/m_ftpTest.php index dccf94b5..85251f26 100644 --- a/phpunit/tests/bureau/class/m_ftpTest.php +++ b/phpunit/tests/bureau/class/m_ftpTest.php @@ -118,10 +118,13 @@ class m_ftpTest extends PHPUnit_Framework_TestCase */ public function testCheck_login() { - // Remove the following lines when you implement this test. - $this->markTestIncomplete( - 'This test has not been implemented yet.' - ); + // Allowed + $this->assertTrue($this->object->check_login('plop')); + $this->assertTrue($this->object->check_login('00')); + + // Forbidden + $this->assertFalse($this->object->check_login('_plop')); + $this->assertFalse($this->object->check_login('arf+')); } /** @@ -238,9 +241,6 @@ class m_ftpTest extends PHPUnit_Framework_TestCase */ public function testHook_upnp_list() { - // Remove the following lines when you implement this test. - $this->markTestIncomplete( - 'This test has not been implemented yet.' - ); + $this->assertArrayHasKey('ftp', $this->object->hook_upnp_list()); } } From 0e5349956701160eed783f37987227d01d3e8716 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Tue, 8 Apr 2014 09:48:18 +0200 Subject: [PATCH 06/28] fixing NICE in delete_logs --- src/delete_logs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/delete_logs.sh b/src/delete_logs.sh index 64e3911e..38eb1a29 100644 --- a/src/delete_logs.sh +++ b/src/delete_logs.sh @@ -17,4 +17,4 @@ done stop_if_jobs_locked # ALTERNC_LOGS is from local.sh -nice -n 10 find "$ALTERNC_LOGS" -mtime +$DAYS -delete +find "$ALTERNC_LOGS" -mtime +$DAYS -delete From b60146447d4866d78b27144f4f4b22cb17a79aaf Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Fri, 25 Apr 2014 11:20:27 +0200 Subject: [PATCH 07/28] adding support for + recipient delimiter in DOVECOT. from http://wiki2.dovecot.org/LDA/Postfix#Virtual_users --- etc/alternc/templates/postfix/master.cf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/alternc/templates/postfix/master.cf b/etc/alternc/templates/postfix/master.cf index 5840dae2..a7016407 100644 --- a/etc/alternc/templates/postfix/master.cf +++ b/etc/alternc/templates/postfix/master.cf @@ -113,6 +113,6 @@ mailman unix - n n - - pipe ${nexthop} ${user} #dovecot LDA, as explained here: http://wiki.dovecot.org/LDA/Postfix dovecot unix - n n - 0 pipe - flags=DRhu user=vmail:vmail argv=/usr/bin/sudo /usr/lib/dovecot/deliver -f ${sender} -d ${recipient} + flags=DRhu user=vmail:vmail argv=/usr/bin/sudo /usr/lib/dovecot/deliver -f ${sender} -a ${recipient} -d ${user}@${nexthop} From a8832b655e3c20586586e5dd345d38c4c015f68c Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Fri, 25 Apr 2014 11:21:07 +0200 Subject: [PATCH 08/28] fixing RoundCube Managesieve plugin NOT using proper TCP port for SIEVE (4190 instead of 2000) --- .../templates/roundcube/plugins/managesieve/config.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roundcube/templates/roundcube/plugins/managesieve/config.inc.php b/roundcube/templates/roundcube/plugins/managesieve/config.inc.php index 3558a104..838c3995 100644 --- a/roundcube/templates/roundcube/plugins/managesieve/config.inc.php +++ b/roundcube/templates/roundcube/plugins/managesieve/config.inc.php @@ -10,7 +10,7 @@ /***********************************************************************/ // managesieve server port -$rcmail_config['managesieve_port'] = 2000; +$rcmail_config['managesieve_port'] = 4190; // managesieve server address, default is localhost. // Replacement variables supported in host name: From 1c3d154fa960779f238d55ef7078ebdf36779f5c Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Mon, 28 Apr 2014 14:53:18 +0200 Subject: [PATCH 09/28] NOT requiring SSL for dovecot --- wheezy/95_alternc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wheezy/95_alternc.conf b/wheezy/95_alternc.conf index 7db2ff53..fd6305eb 100644 --- a/wheezy/95_alternc.conf +++ b/wheezy/95_alternc.conf @@ -144,7 +144,7 @@ service auth { # 10-ssl.conf # SSL/TLS support: yes, no, required. -ssl = required +ssl = yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but From da08e287e4a64f8df1be66731a2ce7dcc5ff33b9 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Mon, 28 Apr 2014 15:05:10 +0200 Subject: [PATCH 10/28] fixing PATH in alternc-awstats cron --- awstats/alternc-awstats | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/awstats/alternc-awstats b/awstats/alternc-awstats index 4ac14dc5..bc23ca6c 100755 --- a/awstats/alternc-awstats +++ b/awstats/alternc-awstats @@ -1,11 +1,12 @@ #!/bin/bash -# Appelé seul, lance les stats AWStats du jour. -# Appelé avec "all" lance les stats avec tous les fichiers .gz situés dans /var/log/apache -# Appelé avec un nom de domaine en paramètre, rescanne tous les fichiers .gz pour ce domaine uniquement. +# Called with no parameters, launch the daily awstats stats +# called with "all", launch all stats with all apache log files from /var/log/alternc/sites/ +# called with a domain name, launch the stats for this domain from all apache log files -# Include some usefull functions -. /usr/lib/alternc/functions.sh +cd /usr/lib/alternc +# AlternC system functions +. ./functions.sh # Regenerate the awstat etc cache files : if [ -x ./awstats.cache.php ] From 6ead6f692ec904aafbbd138d2284827049734029 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Mon, 28 Apr 2014 15:10:05 +0200 Subject: [PATCH 11/28] =?UTF-8?q?c'est=20mal=20mais=20on=20doit=20autorise?= =?UTF-8?q?r=20une=20auth=20non=20s=C3=A9curis=C3=A9e=20par=20d=C3=A9faut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wheezy/95_alternc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wheezy/95_alternc.conf b/wheezy/95_alternc.conf index fd6305eb..22ceb2c8 100644 --- a/wheezy/95_alternc.conf +++ b/wheezy/95_alternc.conf @@ -16,7 +16,7 @@ protocols = imap pop3 sieve # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. -disable_plaintext_auth = yes +disable_plaintext_auth = no # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey From c76903673b079746b66d4ecc599749817f7ade05 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Fri, 2 May 2014 18:26:49 +0200 Subject: [PATCH 12/28] adding LOGIN for outlook under MAC / WIN --- wheezy/95_alternc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wheezy/95_alternc.conf b/wheezy/95_alternc.conf index 22ceb2c8..8cda78d0 100644 --- a/wheezy/95_alternc.conf +++ b/wheezy/95_alternc.conf @@ -22,7 +22,7 @@ disable_plaintext_auth = no # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey # gss-spnego # NOTE: See also disable_plaintext_auth setting. -auth_mechanisms = plain +auth_mechanisms = plain login ## ## Password and user databases From fbb834c75e74c6ecdf99a4746bfe7ba3105a59b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=EF=BF=BD=EF=BF=BD?= Date: Fri, 16 May 2014 19:40:14 +0000 Subject: [PATCH 13/28] add script to create emails by hand from the commandline --- .gitattributes | 1 + src/mail_add.php | 147 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 148 insertions(+) create mode 100644 src/mail_add.php diff --git a/.gitattributes b/.gitattributes index 2b205bfe..75c54189 100644 --- a/.gitattributes +++ b/.gitattributes @@ -654,6 +654,7 @@ src/generate_apache_conf.php -text src/generate_bind_conf.php -text src/inotify_do_actions.sh -text src/inotify_update_domains.sh -text +src/mail_add.php -text src/mail_dodelete.php -text src/mem_add -text src/mem_del -text diff --git a/src/mail_add.php b/src/mail_add.php new file mode 100644 index 00000000..47ff2b9f --- /dev/null +++ b/src/mail_add.php @@ -0,0 +1,147 @@ +#!/usr/bin/php -q + ... + +email: full email adress, including domain, which must exist +alias: one or many aliases the email should forward to, space separated + +EOF; + error_log($u); + exit(1); +} + +if (count($argv) < 2) { + usage(); +} + +$user = preg_split('/@/', $argv[1])[0]; // first argument is user@domain +$domain = preg_split('/@/', $argv[1])[1]; +$recipients = array_slice($argv, 2); // rest is recipients + +// there's no function to do that, oddly enough... +// there's one to extract the compte from the mail_id (!) but we +// haven't created it yet... +$db->query('SELECT id,compte FROM domaines WHERE domaine="'.addslashes($domain).'"'); +if ($db->next_record()) { + $compte = $db->f('compte'); + $domain_id = $db->f('id'); +} +else { + error_log("domain $domain not found"); + exit(2); +} + +foreach ($generators as $generator) { + $password = `$generator 2>/dev/null`; + if (!is_null($password) and strlen($password) > 7) { + $password = trim($password); + break; + } +} +if (is_null($password)) { + error_log('password generators failed to produce 8 characters: ' . join("\n", $generators)); + exit(3); +} + +/* need not to be $quota because that would replace alternc's global + * $quota... even though we don't say global $quota anywhere here, yay + * php scoping. + */ +$quotas = $default_quotas; +$r = join(", ", $recipients); + +print <<su($compte); +print "cuid: $cuid\n"; + +/* function signature is: + * function create($dom_id, $mail,$type="",$dontcheck=false) + * yet $type is never passed anywhere and is actually empty in the + * database (!) $dontcheck is undocumented, so we'll ignore it + * + * also, this function explicitely tells me to not use it, but doesn't + * provide an alternative. i choose to disobey instead of rewriting it + * from scratch + */ +if (!($mail_id = $mail->create($domain_id, $user))) { + error_log('failed to create: ' . $err->errstr()); + exit(4); +} + +/* function set_passwd($mail_id,$pass) + * + * just set the password + * + * no idea why this is a different function. + */ +if (!$mail->set_passwd($mail_id,$password)) { + error_log("failed to set password on mail $mail_id: " . $err->errstr()); + exit(5); +} + +/* function set_details($mail_id, $islocal, $quotamb, + * $recipients,$delivery="dovecot",$dontcheck=false) + * + * you read that right, recipients is a string (!) + * + * if we have no aliases, it's a mailbox. deal with it. + */ +if (!$mail->set_details($mail_id, !count($recipients), $quota, join("\n", $recipients))) { + error_log('failed to set details: ' . $err->errstr()); + exit(6); +} + +// maybe we need to call the hooks? i don't know! + /* $rh=$hooks->invoke("mail_edit_post",array($mail_id)); */ + /* if (in_array(false,$res,true)) { */ + /* include ("mail_edit.php"); */ + /* exit(); */ + /* } else { */ + /* foreach($rh as $h) if ($h) $error.=$h."
"; */ + /* } */ + From a65afb62c333f884955c14ec96c77f27e0832aa2 Mon Sep 17 00:00:00 2001 From: Steven Mondji-Lerider Date: Fri, 23 May 2014 15:21:26 +0000 Subject: [PATCH 14/28] Upating mailboxes quota fixing script to work with arguments --- src/update_quota_mail.sh | 74 ++++++++++++++++++++++++++++++---------- 1 file changed, 56 insertions(+), 18 deletions(-) diff --git a/src/update_quota_mail.sh b/src/update_quota_mail.sh index 0e3f12d4..6cfe867f 100755 --- a/src/update_quota_mail.sh +++ b/src/update_quota_mail.sh @@ -4,29 +4,67 @@ #You can call this script either without arguments, inwich case each maildir quotas will be recalculated #or you can call it with a directory reffering to a maildir to just sync one mailbox -#basic checks -if [ $# -gt 1 ]; then - echo "usage : update_quota_mail.sh (Maildir)." - exit -fi - -if [ $# -eq 1 ];then - if [ ! -d "$1" ];then - echo "$1 is not a directory, aborting." +#gerer les options : tout , 1boite , un domaine, un compte +while getopts "a:m:d:c:" optname +do + case "$optname" in + "a") + maildirs=`find "$ALTERNC_MAIL/" -maxdepth 2 -mindepth 2 -type d` + ;; + "m") + if [[ "$OPTARG" =~ ^[^\@]*@[^\@]*$ ]] ; then + if [[ "$(mysql_query "select userdb_home from dovecot_view where user = '$OPTARG'")" ]]; then + maildirs=$(mysql_query "select userdb_home from dovecot_view where user = '$OPTARG'") + else + echo "Bad mail provided" + fi + else + echo "Bad mail provided" + fi + ;; + "d") + if [[ "$OPTARG" =~ ^[a-z\-]+(\.[a-z\-]+)+$ ]] ; then + if [[ "$(mysql_query "select domaine from domaines where domaine = '$OPTARG'")" ]]; then + maildirs=$(mysql_query "select userdb_home from dovecot_view where user like '%@$OPTARG'") + else + echo "Bad domain provided" + fi + else + echo "Bad domain provided 2" + fi + ;; + "c") + if [[ "$OPTARG" =~ ^[a-z]*$ ]] ; then + if [[ "$(mysql_query "select domaine from domaines where domaine = '$1'")" ]]; then + maildirs=$(mysql_query "select userdb_home from dovecot_view where userdb_uid = $OPTARG") + else + echo "Bad account provided" + fi + else + echo "Bad account provided" + fi + ;; + "?") + echo "Unknown option $OPTARG - stop processing" exit - else - d="$1" - fi -else - #Fist we set the quotas no 0 (infinite for each already existing account - t=`mysql_query "UPDATE mailbox SET quota='0' WHERE quota IS NULL"` - d=`find "$ALTERNC_MAIL/" -maxdepth 2 -mindepth 2 -type d` -fi + ;; + ":") + echo "No argument value for option $OPTARG - stop processing" + exit + ;; + *) + # Should not occur + echo "Unknown error while processing options" + exit + ;; + esac +done + #Then we loop through every maildir to get the maildir size -for i in $d ; do +for i in $maildirs ; do if [ -d "$i" ];then user=`ls -l $i| tail -n 1|cut -d' ' -f 3` From 42b898802286650529ed27650e5984b4f0119b46 Mon Sep 17 00:00:00 2001 From: Alan Garcia Date: Fri, 23 May 2014 15:59:40 +0000 Subject: [PATCH 15/28] Qque suggestion sur update_quota_mail --- src/update_quota_mail.sh | 86 ++++++++++++++++++++++++---------------- 1 file changed, 52 insertions(+), 34 deletions(-) diff --git a/src/update_quota_mail.sh b/src/update_quota_mail.sh index 6cfe867f..14d484d7 100755 --- a/src/update_quota_mail.sh +++ b/src/update_quota_mail.sh @@ -4,93 +4,111 @@ #You can call this script either without arguments, inwich case each maildir quotas will be recalculated #or you can call it with a directory reffering to a maildir to just sync one mailbox -#gerer les options : tout , 1boite , un domaine, un compte +function showhelp() { + echo "FIXME: some help" + exit +} + + +# Generate the $maildirs list based on the arguments while getopts "a:m:d:c:" optname do case "$optname" in "a") + # All mails + # FIXME replace it by a select in da DB maildirs=`find "$ALTERNC_MAIL/" -maxdepth 2 -mindepth 2 -type d` ;; "m") + # An email if [[ "$OPTARG" =~ ^[^\@]*@[^\@]*$ ]] ; then if [[ "$(mysql_query "select userdb_home from dovecot_view where user = '$OPTARG'")" ]]; then maildirs=$(mysql_query "select userdb_home from dovecot_view where user = '$OPTARG'") else echo "Bad mail provided" + showhelp fi else echo "Bad mail provided" + showhelp fi ;; "d") - if [[ "$OPTARG" =~ ^[a-z\-]+(\.[a-z\-]+)+$ ]] ; then - if [[ "$(mysql_query "select domaine from domaines where domaine = '$OPTARG'")" ]]; then - maildirs=$(mysql_query "select userdb_home from dovecot_view where user like '%@$OPTARG'") - else - echo "Bad domain provided" - fi - else - echo "Bad domain provided 2" + # Expecting a domain + + # Check if domain is well-formed + if [[ ! "$OPTARG" =~ ^[a-z\-]+(\.[a-z\-]+)+$ ]] ; then + echo "Bad domain provided" + showhelp fi + + # Attemp to get from database. + if [[ ! "$(mysql_query "select domaine from domaines where domaine = '$OPTARG'")" ]]; then + # Seem to be empty + echo "Bad domain provided" + showhelp + fi + + maildirs=$(mysql_query "select userdb_home from dovecot_view where user like '%@$OPTARG'") ;; "c") + # An account if [[ "$OPTARG" =~ ^[a-z]*$ ]] ; then if [[ "$(mysql_query "select domaine from domaines where domaine = '$1'")" ]]; then maildirs=$(mysql_query "select userdb_home from dovecot_view where userdb_uid = $OPTARG") else echo "Bad account provided" + showhelp fi else echo "Bad account provided" + showhelp fi ;; "?") echo "Unknown option $OPTARG - stop processing" + showhelp exit ;; ":") echo "No argument value for option $OPTARG - stop processing" + showhelp exit ;; *) # Should not occur echo "Unknown error while processing options" + showhelp exit ;; esac done +# Now we have $maildirs, we can work on it - +# FIXME add check if maildir is empty #Then we loop through every maildir to get the maildir size for i in $maildirs ; do - if [ -d "$i" ];then - user=`ls -l $i| tail -n 1|cut -d' ' -f 3` - # We grep only mails, not the others files - mails=`find $i -type f | egrep "(^$i)*[0-9]+\.M"` - - # This part only count mails size - #size=0 - #for j in $mails - #do - # size=$(( $size + `du -b $j|awk '{print $1}'`)) - #done - - # This part count the total mailbox size (mails + sieve scripts + ...) - size=`du -b -s $i|awk '{print $1}'` - - mail_count=`echo $mails|wc -w` - echo "folder : "$i - echo "mail count : "$mail_count - echo "dir size : "$size - echo "" - #update the mailbox table accordingly - mysql_query "UPDATE mailbox SET bytes=$size WHERE path='$i' " - mysql_query "UPDATE mailbox SET messages=$mail_count WHERE path='$i' " - else + if [ ! -d "$i" ];then echo "The maildir $i does not exists. It's quota won't be resync" + continue fi + + # We grep only mails, not the others files + mails=`find $i -type f | egrep "(^$i)*[0-9]+\.M"` + + # This part count the total mailbox size (mails + sieve scripts + ...) + size=`du -b -s $i|awk '{print $1}'` + + mail_count=`echo $mails|wc -w` + echo "folder : "$i + echo "mail count : "$mail_count + echo "dir size : "$size + echo "" + #update the mailbox table accordingly + mysql_query "UPDATE mailbox SET bytes=$size WHERE path='$i' ; " + mysql_query "UPDATE mailbox SET messages=$mail_count WHERE path='$i' ; " done From dbd029d8cfa234b4704bd9f9bb104ec28b0828e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=EF=BF=BD=EF=BF=BD?= Date: Tue, 17 Jun 2014 20:57:26 +0000 Subject: [PATCH 16/28] warn users to switch to HTTPS if it's not enable, admins can opt out through a variable --- bureau/admin/index.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/bureau/admin/index.php b/bureau/admin/index.php index a028342b..9f0995a5 100644 --- a/bureau/admin/index.php +++ b/bureau/admin/index.php @@ -74,12 +74,9 @@ if ( empty($logo) || ! $logo ) {
ATTENTION : vous allez acc�der � votre panel en mode *non s�curis�*
- Cliquez ici pour passer en mode s�curis�"; + if (variable_get('https_warning', true, 'warn users to switch to HTTPS') && !isset($_SERVER['HTTPS'])) { + echo __('

WARNING: you are trying to access the control panel insecurely, click here to go to secure mode

', $_SERVER["HTTP_HOST"]); } - */ ?>
From 954ffc2ab0c57c7d0df24c623d3ae2721300f99f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=EF=BF=BD=EF=BF=BD?= Date: Wed, 18 Jun 2014 14:40:07 +0000 Subject: [PATCH 17/28] fix the way we interpolate the URL --- bureau/admin/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bureau/admin/index.php b/bureau/admin/index.php index 9f0995a5..d3ca1d8a 100644 --- a/bureau/admin/index.php +++ b/bureau/admin/index.php @@ -75,7 +75,7 @@ if ( empty($logo) || ! $logo ) { WARNING: you are trying to access the control panel insecurely, click here to go to secure mode', $_SERVER["HTTP_HOST"]); + echo '

' . sprintf(_('WARNING: you are trying to access the control panel insecurely, click here to go to secure mode'), $_SERVER["HTTP_HOST"]) . '

'; } ?>
From fb9d6d845732d2af646f522ebb277c5202f408b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=EF=BF=BD=EF=BF=BD?= Date: Wed, 18 Jun 2014 15:05:34 +0000 Subject: [PATCH 18/28] piwik: properly record the site id after creation --- bureau/class/m_piwik.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bureau/class/m_piwik.php b/bureau/class/m_piwik.php index 58940475..6d776261 100644 --- a/bureau/class/m_piwik.php +++ b/bureau/class/m_piwik.php @@ -292,9 +292,10 @@ class m_piwik { // Ajoute un site à Piwik // can't figure out how to pass multiple url through the API function site_add($siteName, $urls, $ecommerce = FALSE) { + global $db, $cuid; $urls = is_array($urls) ? implode(',', $urls) : $urls; $api_data = $this->call_privileged_page('API', 'SitesManager.addSite', array('siteName' => $siteName, 'urls' => $urls)); - printvar($api_data); + $db->query("INSERT INTO piwik_sites set uid='$cuid', piwik_id='{$api_data->value}'"); return TRUE; } From dd6ace0c0c14a12f36e7063d4d37831fe8cfa912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=EF=BF=BD=EF=BF=BD?= Date: Wed, 18 Jun 2014 15:24:38 +0000 Subject: [PATCH 19/28] don't create piwik accounts with random gmail addresses, properly prefix the accounts so they're unique --- bureau/class/m_piwik.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/bureau/class/m_piwik.php b/bureau/class/m_piwik.php index 6d776261..982fdf1c 100644 --- a/bureau/class/m_piwik.php +++ b/bureau/class/m_piwik.php @@ -102,8 +102,7 @@ class m_piwik { $user_login = $this->clean_user_name($user_login); $user_pass = create_pass(); - $user_mail = $user_mail ? $user_mail : $mem->user['mail']; - $user_mail = create_pass(4) . '@gmail.com'; // FIXME $user_mail; Unicité sur les emails ... Soit on ajoute + random soit, on prompt + $user_mail = $mem->user['mail']; $user_alias = $user_login; $api_data = $this->call_privileged_page('API', 'UsersManager.addUser', array('userLogin' => $user_login, 'password' => $user_pass, 'email' => $user_mail, 'alias' => $user_alias), 'JSON'); @@ -345,10 +344,10 @@ class m_piwik { - /* Helper code FIXME: rename those function using "private" + "_" prefix */ - + /* return a clean username with a unique prefix per account */ function clean_user_name($username) { - return mysql_real_escape_string(trim($username)); + global $admin, $cuid; + return 'alternc_' . $admin->get_login_by_uid($cuid) . '_' . mysql_real_escape_string(trim($username)); } From 73606b8e26ee5de3095bed2db4d33d4de9d388fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=EF=BF=BD=EF=BF=BD?= Date: Wed, 18 Jun 2014 15:26:53 +0000 Subject: [PATCH 20/28] add get_login_by_uid API --- bureau/class/m_admin.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/bureau/class/m_admin.php b/bureau/class/m_admin.php index 9f3f1c73..adf5bd98 100644 --- a/bureau/class/m_admin.php +++ b/bureau/class/m_admin.php @@ -173,6 +173,21 @@ class m_admin { return $db->f('uid'); } + /** + * return the name of an alternc account + * + * @global type $db + * @param type $uid + * @return null if missing + */ + function get_login_by_uid($uid) { + global $db; + $db->query("SELECT login FROM membres WHERE uid=$uid;"); + if (! $db->next_record()) { + return null; + } + return $db->f('login'); + } /** * Returns the known information about a hosted account From 8113d2b866ab469e4b8f208eb1ab35a8a065ccc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=EF=BF=BD=EF=BF=BD?= Date: Wed, 18 Jun 2014 18:55:00 +0000 Subject: [PATCH 21/28] disable help texts if empty, partly (missing IMAP/POP) --- bureau/admin/mail_list.php | 6 ++++++ bureau/class/m_mail.php | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/bureau/admin/mail_list.php b/bureau/admin/mail_list.php index 2572cb0b..d0dba089 100644 --- a/bureau/admin/mail_list.php +++ b/bureau/admin/mail_list.php @@ -202,6 +202,7 @@ if (date("Y-m-d")==substr($val["lastlogin"],0,10)) echo substr($val["lastlogin"]
+ srv_submission) { ?>

    @@ -213,6 +214,8 @@ if (date("Y-m-d")==substr($val["lastlogin"],0,10)) echo substr($val["lastlogin"]
  • STARTTLS
+ + srv_smtp) { ?>

    @@ -224,6 +227,8 @@ if (date("Y-m-d")==substr($val["lastlogin"],0,10)) echo substr($val["lastlogin"]
  • STARTTLS
+ + srv_smtps) { ?>

    @@ -235,6 +240,7 @@ if (date("Y-m-d")==substr($val["lastlogin"],0,10)) echo substr($val["lastlogin"]
  • SSL
+
diff --git a/bureau/class/m_mail.php b/bureau/class/m_mail.php index dbe77023..fe3d9197 100644 --- a/bureau/class/m_mail.php +++ b/bureau/class/m_mail.php @@ -82,9 +82,9 @@ class m_mail { * Constructeur */ function m_mail() { - $this->srv_submission = variable_get('mail_human_submission', '%%FQDN%%','Human name for mail server (submission protocol)', array('desc'=>'Name','type'=>'string')); - $this->srv_smtp = variable_get('mail_human_smtp', '%%FQDN%%','Human name for mail server (SMTP protocol)', array('desc'=>'Name','type'=>'string')); - $this->srv_smtps = variable_get('mail_human_smtps', '%%FQDN%%','Human name for mail server (SMTPS protocol)', array('desc'=>'Name','type'=>'string')); + $this->srv_submission = variable_get('mail_human_submission', '%%FQDN%%','Human name for mail server (submission protocol), leave empty to disable help', array('desc'=>'Name','type'=>'string')); + $this->srv_smtp = variable_get('mail_human_smtp', '%%FQDN%%','Human name for mail server (SMTP protocol), leave empty to disable help', array('desc'=>'Name','type'=>'string')); + $this->srv_smtps = variable_get('mail_human_smtps', '%%FQDN%%','Human name for mail server (SMTPS protocol), leave empty to disable help', array('desc'=>'Name','type'=>'string')); $this->srv_imap = variable_get('mail_human_imap', '%%FQDN%%','Human name for IMAP mail server', array('desc'=>'Name','type'=>'string')); $this->srv_imaps = variable_get('mail_human_imaps', '%%FQDN%%','Human name for IMAPS mail server', array('desc'=>'Name','type'=>'string')); $this->srv_pop3 = variable_get('mail_human_pop3', '%%FQDN%%','Human name for POP3 mail server', array('desc'=>'Name','type'=>'string')); From 8a8cf94328bc9d0afa20d4ab0c9129b31084f68c Mon Sep 17 00:00:00 2001 From: squidly Date: Tue, 24 Jun 2014 13:48:12 +0200 Subject: [PATCH 22/28] Bugfixing wheezy changelog patch to avoid dpkg-build failure when applied --- wheezy/changelog.diff | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/wheezy/changelog.diff b/wheezy/changelog.diff index 04202ea2..14a64f68 100644 --- a/wheezy/changelog.diff +++ b/wheezy/changelog.diff @@ -1,13 +1,13 @@ ---- changelog 2013-10-18 15:17:57.640081683 +0200 -+++ changelog.wheezy 2013-10-18 15:19:58.442690776 +0200 -@@ -1,0 +1,7 @@ +--- changelog 2014-06-24 13:42:50.234304438 +0200 ++++ changelog.wheezy 2014-06-24 13:43:51.978313552 +0200 +@@ -1,3 +1,10 @@ +alternc (3.2.1) stable; urgency=low + + * Version identical to 3.1 for Squeeze + * Includes a small dovecot patch / dependency for dovecot 2.0 for Wheezy + -+ -- Benjamin Sonntag Thu, 28 Mar 2013 18:19:00 +0200 ++ -- Benjamin Sonntag Thu, 28 Mar 2014 18:19:00 +0200 + -alternc (3.1.1) oldstable; urgency=low - - * many bugfixed from 3.1 / 3.2 : + alternc (3.1.1) oldstable; urgency=low + + * many bugfixed from 3.1 / 3.2 : From d35f34e35045fe216a99fdb5ffd3f24d2e6bd6ec Mon Sep 17 00:00:00 2001 From: Alan Garcia Date: Tue, 24 Jun 2014 14:11:51 +0000 Subject: [PATCH 23/28] Compile aussi en php 5.5 sur travis --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index bd2a5e41..4ca24f93 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,6 @@ language: php php: + - 5.5 - 5.4 - 5.3 script: phpunit --coverage-clover=coverage.clover From a7412ce0a0d0c3d54c54aac4fed1f6d40c5ecaee Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Thu, 26 Jun 2014 15:13:36 +0200 Subject: [PATCH 24/28] starting wheezy-only 3.3~rc1 --- debian/changelog | 14 + debian/control | 6 +- .../templates/dovecot/dovecot-dict-quota.conf | 47 - .../templates/dovecot/dovecot-sql.conf | 132 -- etc/alternc/templates/dovecot/dovecot.conf | 1296 ----------------- install/alternc.install | 14 +- 6 files changed, 25 insertions(+), 1484 deletions(-) delete mode 100644 etc/alternc/templates/dovecot/dovecot-dict-quota.conf delete mode 100644 etc/alternc/templates/dovecot/dovecot-sql.conf delete mode 100644 etc/alternc/templates/dovecot/dovecot.conf diff --git a/debian/changelog b/debian/changelog index e6b5a2dd..43c9821c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +alternc (3.3~rc1) stable; urgency=low + + * unofficial Prerelease of AlternC 3.3 + * update_domaines now in PHP and using classes and hooks instead of BASH + + -- Benjamin Sonntag Thu, 26 Jun 2014 15:13:00 +0200 + +alternc (3.2.1) stable; urgency=low + + * Version identical to 3.1 for Squeeze + * Includes a small dovecot patch / dependency for dovecot 2.0 for Wheezy + + -- Benjamin Sonntag Thu, 28 Mar 2014 18:19:00 +0200 + alternc (3.1.1) oldstable; urgency=low * many bugfixed from 3.1 / 3.2 : diff --git a/debian/control b/debian/control index dbd3a5b1..f4a7df63 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Standards-Version: 3.9.4 Package: alternc Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0, bash (>= 4), acl -Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:1.2.15), dovecot-common(<< 1:2.0), dovecot-imapd (>= 1:1.2.15), dovecot-pop3d (>= 1:1.2.15), vlogger, mailutils | mailx, incron, cron, opendkim, mysql-client(>= 5.0), ${misc:Depends} +Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:2.1.7), dovecot-imapd, dovecot-pop3d, dovecot-mysql, vlogger, mailutils | mailx, incron, cron, opendkim, opendkim-tools, dovecot-sieve, dovecot-managesieved, ${misc:Depends} Recommends: mysql-server(>= 5.0), ntp, quota, unzip, bzip2 Conflicts: alternc-admintools, alternc-awstats (<< 1.0), alternc-webalizer (<= 0.9.4), alternc-mailman (<< 2.0), courier-authlib Provides: alternc-admintools @@ -38,8 +38,8 @@ Description-fr.UTF-8: Suite logicielle d'hébergement mutualisé pour Debian Package: alternc-slave Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0, acl -Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:1.2.15), dovecot-imapd, dovecot-pop3d, vlogger, mailutils | mailx, incron, cron, opendkim, ${misc:Depends} -Recommends: dovecot-managesieved, dovecot-sieve, dovecot-mysql, quota +Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:2.1.7), dovecot-imapd, dovecot-pop3d, dovecot-mysql, vlogger, mailutils | mailx, incron, cron, opendkim, opendkim-tools, dovecot-managesieved, dovecot-sieve, dovecot-mysql, ${misc:Depends} +Recommends: quota Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc Provides: alternc Replaces: alternc diff --git a/etc/alternc/templates/dovecot/dovecot-dict-quota.conf b/etc/alternc/templates/dovecot/dovecot-dict-quota.conf deleted file mode 100644 index b22e98ef..00000000 --- a/etc/alternc/templates/dovecot/dovecot-dict-quota.conf +++ /dev/null @@ -1,47 +0,0 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# - -connect=host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% -#connect = host=localhost dbname=mails user=testuser password=pass - -# CREATE TABLE quota ( -# username varchar(100) not null, -# bytes bigint not null default 0, -# messages integer not null default 0, -# primary key (username) -# ); - -map { - pattern = priv/quota/storage - table = dovecot_view - username_field = user - value_field = quota_dovecot -} -map { - pattern = priv/quota/messages - table = dovecot_view - username_field = user - value_field = nb_messages -} - -# CREATE TABLE expires ( -# username varchar(100) not null, -# mailbox varchar(255) not null, -# expire_stamp integer not null, -# primary key (username, mailbox) -# ); - -#map { - # pattern = shared/expire/$user/$mailbox - # table = expires - # value_field = expire_stamp - - # fields { - # username = $user - # mailbox = $mailbox - # } -#} - diff --git a/etc/alternc/templates/dovecot/dovecot-sql.conf b/etc/alternc/templates/dovecot/dovecot-sql.conf deleted file mode 100644 index befef217..00000000 --- a/etc/alternc/templates/dovecot/dovecot-sql.conf +++ /dev/null @@ -1,132 +0,0 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# - -# This file is opened as root, so it should be owned by root and mode 0600. -# -# http://wiki.dovecot.org/AuthDatabase/SQL -# -# For the sql passdb module, you'll need a database with a table that -# contains fields for at least the username and password. If you want to -# use the user@domain syntax, you might want to have a separate domain -# field as well. -# -# If your users all have the same uig/gid, and have predictable home -# directories, you can use the static userdb module to generate the home -# dir based on the username and domain. In this case, you won't need fields -# for home, uid, or gid in the database. -# -# If you prefer to use the sql userdb module, you'll want to add fields -# for home, uid, and gid. Here is an example table: -# -# CREATE TABLE users ( -# username VARCHAR(128) NOT NULL, -# domain VARCHAR(128) NOT NULL, -# password VARCHAR(64) NOT NULL, -# home VARCHAR(255) NOT NULL, -# uid INTEGER NOT NULL, -# gid INTEGER NOT NULL, -# active CHAR(1) DEFAULT 'Y' NOT NULL -# ); - -# Database driver: mysql, pgsql, sqlite -driver = mysql - -# Database connection string. This is driver-specific setting. -# -# pgsql: -# For available options, see the PostgreSQL documention for the -# PQconnectdb function of libpq. -# -# mysql: -# Basic options emulate PostgreSQL option names: -# host, port, user, password, dbname -# -# But also adds some new settings: -# client_flags - See MySQL manual -# ssl_ca, ssl_ca_path - Set either one or both to enable SSL -# ssl_cert, ssl_key - For sending client-side certificates to server -# ssl_cipher - Set minimum allowed cipher security (default: HIGH) -# option_file - Read options from the given file instead of -# the default my.cnf location -# option_group - Read options from the given group (default: client) -# -# You can connect to UNIX sockets by using host: host=/var/run/mysqld/mysqld.sock -# Note that currently you can't use spaces in parameters. -# -# MySQL supports multiple host parameters for load balancing / HA. -# -# sqlite: -# The path to the database file. -# -# Examples: -# connect = host=192.168.1.1 dbname=users -# connect = host=sql.example.com dbname=virtual user=virtual password=blarg -# connect = /etc/dovecot/authdb.sqlite -# -connect = host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% - -# Default password scheme. -# -# List of supported schemes is in -# http://wiki.dovecot.org/Authentication/PasswordSchemes -# -default_pass_scheme = MD5 - -# passdb query to retrieve the password. It can return fields: -# password - The user's password. This field must be returned. -# user - user@domain from the database. Needed with case-insensitive lookups. -# username and domain - An alternative way to represent the "user" field. -# -# The "user" field is often necessary with case-insensitive lookups to avoid -# e.g. "name" and "nAme" logins creating two different mail directories. If -# your user and domain names are in separate fields, you can return "username" -# and "domain" fields instead of "user". -# -# The query can also return other fields which have a special meaning, see -# http://wiki.dovecot.org/PasswordDatabase/ExtraFields -# -# Commonly used available substitutions (see http://wiki.dovecot.org/Variables -# for full list): -# %u = entire user@domain -# %n = user part of user@domain -# %d = domain part of user@domain -# -# Note that these can be used only as input to SQL query. If the query outputs -# any of these substitutions, they're not touched. Otherwise it would be -# difficult to have eg. usernames containing '%' characters. -# -# Example: -# password_query = SELECT userid AS user, pw AS password \ -# FROM users WHERE userid = '%u' AND active = 'Y' -# -#password_query = \ -# SELECT username, domain, password \ -# FROM users WHERE username = '%n' AND domain = '%d' - -# userdb query to retrieve the user information. It can return fields: -# uid - System UID (overrides mail_uid setting) -# gid - System GID (overrides mail_gid setting) -# home - Home directory -# mail - Mail location (overrides mail_location setting) -# -# None of these are strictly required. If you use a single UID and GID, and -# home or mail directory fits to a template string, you could use userdb static -# instead. For a list of all fields that can be returned, see -# http://wiki.dovecot.org/UserDatabase/ExtraFields -# -# Examples: -# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' -# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' -# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' -# -user_query = SELECT userdb_home AS home, userdb_uid AS uid, 1998 AS gid, userdb_quota_rule AS quota_rule FROM dovecot_view WHERE user = '%u'; - -# If you wish to avoid two SQL lookups (passdb + userdb), you can use -# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll -# also have to return userdb fields in password_query prefixed with "userdb_" -# string. For example: -password_query = SELECT user, password, userdb_home, userdb_uid, 1998 AS userdb_gid,userdb_quota_rule FROM dovecot_view where user= '%u'; - diff --git a/etc/alternc/templates/dovecot/dovecot.conf b/etc/alternc/templates/dovecot/dovecot.conf deleted file mode 100644 index 4af42e21..00000000 --- a/etc/alternc/templates/dovecot/dovecot.conf +++ /dev/null @@ -1,1296 +0,0 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# -## Dovecot configuration file - -# If you're in a hurry, see http://wiki.dovecot.org/QuickConfiguration - -# "dovecot -n" command gives a clean output of the changed settings. Use it -# instead of copy&pasting this file when posting to the Dovecot mailing list. - -# '#' character and everything after it is treated as comments. Extra spaces -# and tabs are ignored. If you want to use either of these explicitly, put the -# value inside quotes, eg.: key = "# char and trailing whitespace " - -# Default values are shown for each setting, it's not required to uncomment -# those. These are exceptions to this though: No sections (e.g. namespace {}) -# or plugin settings are added by default, they're listed only as examples. -# Paths are also just examples with the real defaults being based on configure -# options. The paths listed here are for configure --prefix=/usr -# --sysconfdir=/etc --localstatedir=/var --with-ssldir=/etc/ssl - -# Base directory where to store runtime data. -#base_dir = /var/run/dovecot - -# Protocols we want to be serving: imap imaps pop3 pop3s managesieve -# If you only want to use dovecot-auth, you can set this to "none". -protocols = imap imaps pop3 pop3s managesieve - -# A space separated list of IP or host addresses where to listen in for -# connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6 -# interfaces. Use "*, [::]" for listening both IPv4 and IPv6. -# -# If you want to specify ports for each service, you will need to configure -# these settings inside the protocol imap/pop3/managesieve { ... } section, -# so you can specify different ports for IMAP/POP3/MANAGESIEVE. For example: -# protocol imap { -# listen = *:10143 -# ssl_listen = *:10943 -# .. -# } -# protocol pop3 { -# listen = *:10100 -# .. -# } -# protocol managesieve { -# listen = *:12000 -# .. -# } -listen = * - -# Disable LOGIN command and all other plaintext authentications unless -# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP -# matches the local IP (ie. you're connecting from the same computer), the -# connection is considered secure and plaintext authentication is allowed. -disable_plaintext_auth = yes - -# Should all IMAP and POP3 processes be killed when Dovecot master process -# shuts down. Setting this to "no" means that Dovecot can be upgraded without -# forcing existing client connections to close (although that could also be -# a problem if the upgrade is eg. because of a security fix). This however -# means that after master process has died, the client processes can't write -# to log files anymore. -#shutdown_clients = yes - -## -## Logging -## - -# Log file to use for error messages, instead of sending them to syslog. -# /dev/stderr can be used to log into stderr. -#log_path = - -# Log file to use for informational and debug messages. -# Default is the same as log_path. -#info_log_path = - -# Prefix for each line written to log file. % codes are in strftime(3) -# format. -#log_timestamp = "%b %d %H:%M:%S " -log_timestamp = "%Y-%m-%d %H:%M:%S " - -# Syslog facility to use if you're logging to syslog. Usually if you don't -# want to use "mail", you'll use local0..local7. Also other standard -# facilities are supported. -#syslog_facility = mail - -## -## SSL settings -## - -# IP or host address where to listen in for SSL connections. Remember to also -# add imaps and/or pop3s to protocols setting. Defaults to same as "listen" -# setting if not specified. -#ssl_listen = - -# SSL/TLS support: yes, no, required. -ssl = required - -# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -# dropping root privileges, so keep the key file unreadable by anyone but -# root. -ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem -#ssl_cert_file = /etc/alternc/apache.pem -ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key -#ssl_key_file = /etc/alternc/apache.pem - -# If key file is password protected, give the password here. Alternatively -# give it when starting dovecot with -p parameter. Since this file is often -# world-readable, you may want to place this setting instead to a different -# root owned 0600 file by using !include_try . -#ssl_key_password = - -# File containing trusted SSL certificate authorities. Set this only if you -# intend to use ssl_verify_client_cert=yes. The CAfile should contain the -# CA-certificate(s) followed by the matching CRL(s). -#ssl_ca_file = - -# Request client to send a certificate. If you also want to require it, set -# ssl_require_client_cert=yes in auth section. -#ssl_verify_client_cert = no - -# Which field from certificate to use for username. commonName and -# x500UniqueIdentifier are the usual choices. You'll also need to set -# ssl_username_from_cert=yes. -#ssl_cert_username_field = commonName - -# How often to regenerate the SSL parameters file. Generation is quite CPU -# intensive operation. The value is in hours, 0 disables regeneration -# entirely. -#ssl_parameters_regenerate = 168 - -# SSL ciphers to use -#ssl_cipher_list = ALL:!LOW:!SSLv2 - -# Show protocol level SSL errors. -#verbose_ssl = no - -## -## Login processes -## - -# - -# Directory where authentication process places authentication UNIX sockets -# which login needs to be able to connect to. The sockets are created when -# running as root, so you don't have to worry about permissions. Note that -# everything in this directory is deleted when Dovecot is started. -#login_dir = /var/run/dovecot/login - -# chroot login process to the login_dir. Only reason not to do this is if you -# wish to run the whole Dovecot without roots. -#login_chroot = yes - -# User to use for the login process. Create a completely new user for this, -# and don't use it anywhere else. The user must also belong to a group where -# only it has access, it's used to control access for authentication process. -# Note that this user is NOT used to access mails. -#login_user = dovecot - -# Set max. process size in megabytes. If you don't use -# login_process_per_connection you might need to grow this. -#login_process_size = 64 - -# Should each login be processed in it's own process (yes), or should one -# login process be allowed to process multiple connections (no)? Yes is more -# secure, espcially with SSL/TLS enabled. No is faster since there's no need -# to create processes all the time. -#login_process_per_connection = yes - -# Number of login processes to keep for listening new connections. -#login_processes_count = 3 - -# Maximum number of login processes to create. The listening process count -# usually stays at login_processes_count, but when multiple users start logging -# in at the same time more extra processes are created. To prevent fork-bombing -# we check only once in a second if new processes should be created - if all -# of them are used at the time, we double their amount until the limit set by -# this setting is reached. -#login_max_processes_count = 128 - -# Maximum number of connections allowed per each login process. This setting -# is used only if login_process_per_connection=no. Once the limit is reached, -# the process notifies master so that it can create a new login process. -#login_max_connections = 256 - -# Greeting message for clients. -#login_greeting = Dovecot ready. - -# Space separated list of trusted network ranges. Connections from these -# IPs are allowed to override their IP addresses and ports (for logging and -# for authentication checks). disable_plaintext_auth is also ignored for -# these networks. Typically you'd specify your IMAP proxy servers here. -#login_trusted_networks = - -# Space-separated list of elements we want to log. The elements which have -# a non-empty variable value are joined together to form a comma-separated -# string. -#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c - -# Login log format. %$ contains login_log_format_elements string, %s contains -# the data we want to log. -#login_log_format = %$: %s - -## -## Mailbox locations and namespaces -## - -# Location for users' mailboxes. This is the same as the old default_mail_env -# setting. The default is empty, which means that Dovecot tries to find the -# mailboxes automatically. This won't work if the user doesn't have any mail -# yet, so you should explicitly tell Dovecot the full location. -# -# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) -# isn't enough. You'll also need to tell Dovecot where the other mailboxes are -# kept. This is called the "root mail directory", and it must be the first -# path given in the mail_location setting. -# -# There are a few special variables you can use, eg.: -# -# %u - username -# %n - user part in user@domain, same as %u if there's no domain -# %d - domain part in user@domain, empty if there's no domain -# %h - home directory -# -# See for full list. -# Some examples: -# -# mail_location = maildir:~/Maildir -# mail_location = mbox:~/mail:INBOX=/var/mail/%u -# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n -# -# -# -mail_location = maildir:~/Maildir - -# If you need to set multiple mailbox locations or want to change default -# namespace settings, you can do it by defining namespace sections. -# -# You can have private, shared and public namespaces. Private namespaces -# are for user's personal mails. Shared namespaces are for accessing other -# users' mailboxes that have been shared. Public namespaces are for shared -# mailboxes that are managed by sysadmin. If you create any shared or public -# namespaces you'll typically want to enable ACL plugin also, otherwise all -# users can access all the shared mailboxes, assuming they have permissions -# on filesystem level to do so. -# -# REMEMBER: If you add any namespaces, the default namespace must be added -# explicitly, ie. mail_location does nothing unless you have a namespace -# without a location setting. Default namespace is simply done by having a -# namespace with empty prefix. -#namespace private { - # Hierarchy separator to use. You should use the same separator for all - # namespaces or some clients get confused. '/' is usually a good one. - # The default however depends on the underlying mail storage format. - # separator = . - - # Prefix required to access this namespace. This needs to be different for - # all namespaces. For example "Public/". - # prefix = INBOX. - - # Physical location of the mailbox. This is in same format as - # mail_location, which is also the default for it. - #location = - - # There can be only one INBOX, and this setting defines which namespace - # has it. - #inbox = yes - - # If namespace is hidden, it's not advertised to clients via NAMESPACE - # extension. You'll most likely also want to set list=no. This is mostly - # useful when converting from another server with different namespaces which - # you want to deprecate but still keep working. For example you can create - # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". - #hidden = yes - - # Show the mailboxes under this namespace with LIST command. This makes the - # namespace visible for clients that don't support NAMESPACE extension. - # "children" value lists child mailboxes, but hides the namespace prefix. - #list = yes - - # Namespace handles its own subscriptions. If set to "no", the parent - # namespace handles them (empty prefix should always have this as "yes") - #subscriptions = yes -#} - -# Example shared namespace configuration -#namespace shared { - #separator = / - - # Mailboxes are visible under "shared/user@domain/" - # %%n, %%d and %%u are expanded to the destination user. - #prefix = shared/%%u/ - - # Mail location for other users' mailboxes. Note that %variables and ~/ - # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the - # destination user's data. - #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u - - # Use the default namespace for saving subscriptions. - #subscriptions = no - - # List the shared/ namespace only if there are visible shared mailboxes. - #list = children -#} - -# System user and group used to access mails. If you use multiple, userdb -# can override these by returning uid or gid fields. You can use either numbers -# or names. -#mail_uid = -#mail_gid = - -# Group to enable temporarily for privileged operations. Currently this is -# used only with INBOX when either its initial creation or dotlocking fails. -# Typically this is set to "mail" to give access to /var/mail. -#mail_privileged_group = -mail_privileged_group = vmail - -# Grant access to these supplementary groups for mail processes. Typically -# these are used to set up access to shared mailboxes. Note that it may be -# dangerous to set these if users can create symlinks (e.g. if "mail" group is -# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' -# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). -#mail_access_groups = - -# Allow full filesystem access to clients. There's no access checks other than -# what the operating system does for the active UID/GID. It works with both -# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ -# or ~user/. -#mail_full_filesystem_access = no - -## -## Mail processes -## - -# Enable mail process debugging. This can help you figure out why Dovecot -# isn't finding your mails. -#mail_debug = no - -# Log prefix for mail processes. See -# for list of possible variables you can use. -#mail_log_prefix = "%Us(%u): " - -# Max. number of lines a mail process is allowed to log per second before it's -# throttled. 0 means unlimited. Typically there's no need to change this -# unless you're using mail_log plugin, which may log a lot. This setting is -# ignored while mail_debug=yes to avoid pointless throttling. -#mail_log_max_lines_per_sec = 10 - -# Don't use mmap() at all. This is required if you store indexes to shared -# filesystems (NFS or clustered filesystem). -#mmap_disable = no - -# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL -# since version 3, so this should be safe to use nowadays by default. -#dotlock_use_excl = yes - -# Don't use fsync() or fdatasync() calls. This makes the performance better -# at the cost of potential data loss if the server (or the file server) -# goes down. -#fsync_disable = no - -# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches -# whenever needed. If you're using only a single mail server this isn't needed. -#mail_nfs_storage = no -# Mail index files also exist in NFS. Setting this to yes requires -# mmap_disable=yes and fsync_disable=no. -#mail_nfs_index = no - -# Locking method for index files. Alternatives are fcntl, flock and dotlock. -# Dotlocking uses some tricks which may create more disk I/O than other locking -# methods. NFS users: flock doesn't work, remember to change mmap_disable. -#lock_method = fcntl - -# Drop all privileges before exec()ing the mail process. This is mostly -# meant for debugging, otherwise you don't get core dumps. It could be a small -# security risk if you use single UID for multiple users, as the users could -# ptrace() each others processes then. -#mail_drop_priv_before_exec = no - -# Show more verbose process titles (in ps). Currently shows user name and -# IP address. Useful for seeing who are actually using the IMAP processes -# (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no - -# Valid UID range for users, defaults to 500 and above. This is mostly -# to make sure that users can't log in as daemons or other system users. -# Note that denying root logins is hardcoded to dovecot binary and can't -# be done even if first_valid_uid is set to 0. -first_valid_uid = 2000 -last_valid_uid = 65000 - -# Valid GID range for users, defaults to non-root/wheel. Users having -# non-valid GID as primary group ID aren't allowed to log in. If user -# belongs to supplementary groups with non-valid GIDs, those groups are -# not set. -#first_valid_gid = 1 -#last_valid_gid = 0 - -# Maximum number of running mail processes. When this limit is reached, -# new users aren't allowed to log in. -#max_mail_processes = 512 - -# Set max. process size in megabytes. Most of the memory goes to mmap()ing -# files, so it shouldn't harm much even if this limit is set pretty high. -#mail_process_size = 256 - -# Maximum allowed length for mail keyword name. It's only forced when trying -# to create new keywords. -#mail_max_keyword_length = 50 - -# ':' separated list of directories under which chrooting is allowed for mail -# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). -# This setting doesn't affect login_chroot, mail_chroot or auth chroot -# settings. If this setting is empty, "/./" in home dirs are ignored. -# WARNING: Never add directories here which local users can modify, that -# may lead to root exploit. Usually this should be done only if you don't -# allow shell access for users. -#valid_chroot_dirs = - -# Default chroot directory for mail processes. This can be overridden for -# specific users in user database by giving /./ in user's home directory -# (eg. /home/./user chroots into /home). Note that usually there is no real -# need to do chrooting, Dovecot doesn't allow users to access files outside -# their mail directory anyway. If your home directories are prefixed with -# the chroot directory, append "/." to mail_chroot. -#mail_chroot = - -## -## Mailbox handling optimizations -## - -# The minimum number of mails in a mailbox before updates are done to cache -# file. This allows optimizing Dovecot's behavior to do less disk writes at -# the cost of more disk reads. -#mail_cache_min_mail_count = 0 - -# When IDLE command is running, mailbox is checked once in a while to see if -# there are any new mails or other changes. This setting defines the minimum -# time in seconds to wait between those checks. Dovecot can also use dnotify, -# inotify and kqueue to find out immediately when changes occur. -#mailbox_idle_check_interval = 30 - -# Save mails with CR+LF instead of plain LF. This makes sending those mails -# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. -# But it also creates a bit more disk I/O which may just make it slower. -# Also note that if other software reads the mboxes/maildirs, they may handle -# the extra CRs wrong and cause problems. -#mail_save_crlf = no - -## -## Maildir-specific settings -## - -# By default LIST command returns all entries in maildir beginning with a dot. -# Enabling this option makes Dovecot return only entries which are directories. -# This is done by stat()ing each entry, so it causes more disk I/O. -# (For systems setting struct dirent->d_type, this check is free and it's -# done always regardless of this setting) -#maildir_stat_dirs = no - -# When copying a message, do it with hard links whenever possible. This makes -# the performance much better, and it's unlikely to have any side effects. -#maildir_copy_with_hardlinks = yes - -# When copying a message, try to preserve the base filename. Only if the -# destination mailbox already contains the same name (ie. the mail is being -# copied there twice), a new name is given. The destination filename check is -# done only by looking at dovecot-uidlist file, so if something outside -# Dovecot does similar filename preserving copies, you may run into problems. -# NOTE: This setting requires maildir_copy_with_hardlinks = yes to work. -#maildir_copy_preserve_filename = no - -# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only -# when its mtime changes unexpectedly or when we can't find the mail otherwise. -#maildir_very_dirty_syncs = no - -## -## mbox-specific settings -## - -# Which locking methods to use for locking mbox. There are four available: -# dotlock: Create .lock file. This is the oldest and most NFS-safe -# solution. If you want to use /var/mail/ like directory, the users -# will need write access to that directory. -# dotlock_try: Same as dotlock, but if it fails because of permissions or -# because there isn't enough disk space, just skip it. -# fcntl : Use this if possible. Works with NFS too if lockd is used. -# flock : May not exist in all systems. Doesn't work with NFS. -# lockf : May not exist in all systems. Doesn't work with NFS. -# -# You can use multiple locking methods; if you do the order they're declared -# in is important to avoid deadlocks if other MTAs/MUAs are using multiple -# locking methods as well. Some operating systems don't allow using some of -# them simultaneously. -# -# The Debian value for mbox_write_locks differs from upstream Dovecot. It is -# changed to be compliant with Debian Policy (section 11.6) for NFS safety. -# Dovecot: mbox_write_locks = dotlock fcntl -# Debian: mbox_write_locks = fcntl dotlock -# -#mbox_read_locks = fcntl -#mbox_write_locks = fcntl dotlock - -# Maximum time in seconds to wait for lock (all of them) before aborting. -#mbox_lock_timeout = 300 - -# If dotlock exists but the mailbox isn't modified in any way, override the -# lock file after this many seconds. -#mbox_dotlock_change_timeout = 120 - -# When mbox changes unexpectedly we have to fully read it to find out what -# changed. If the mbox is large this can take a long time. Since the change -# is usually just a newly appended mail, it'd be faster to simply read the -# new mails. If this setting is enabled, Dovecot does this but still safely -# fallbacks to re-reading the whole mbox file whenever something in mbox isn't -# how it's expected to be. The only real downside to this setting is that if -# some other MUA changes message flags, Dovecot doesn't notice it immediately. -# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK -# commands. -#mbox_dirty_syncs = yes - -# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, -# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. -#mbox_very_dirty_syncs = no - -# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK -# commands and when closing the mailbox). This is especially useful for POP3 -# where clients often delete all mails. The downside is that our changes -# aren't immediately visible to other MUAs. -#mbox_lazy_writes = yes - -# If mbox size is smaller than this (in kilobytes), don't write index files. -# If an index file already exists it's still read, just not updated. -#mbox_min_index_size = 0 - -## -## dbox-specific settings -## - -# Maximum dbox file size in kilobytes until it's rotated. -#dbox_rotate_size = 2048 - -# Minimum dbox file size in kilobytes before it's rotated -# (overrides dbox_rotate_days) -#dbox_rotate_min_size = 16 - -# Maximum dbox file age in days until it's rotated. Day always begins from -# midnight, so 1 = today, 2 = yesterday, etc. 0 = check disabled. -#dbox_rotate_days = 0 - -## -## IMAP specific settings -## - -protocol imap { - # Login executable location. - #login_executable = /usr/lib/dovecot/imap-login - - # IMAP executable location. Changing this allows you to execute other - # binaries before the imap process is executed. - # - # This would write rawlogs into user's ~/dovecot.rawlog/, if it exists: - # mail_executable = /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap - # - # - # This would attach gdb into the imap process and write backtraces into - # /tmp/gdbhelper.* files: - # mail_executable = /usr/lib/dovecot/gdbhelper /usr/lib/dovecot/imap - # - mail_executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/imap - - # Maximum IMAP command line length in bytes. Some clients generate very long - # command lines with huge mailboxes, so you may need to raise this if you get - # "Too long argument" or "IMAP command line too large" errors often. - #imap_max_line_length = 65536 - - # Maximum number of IMAP connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 10 - - # Support for dynamically loadable plugins. mail_plugins is a space separated - # list of plugins to load. - #mail_plugins = - mail_plugins = quota imap_quota - #mail_plugin_dir = /usr/lib/dovecot/modules/imap - - # IMAP logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - #imap_logout_format = bytes=%i/%o - - # Override the IMAP CAPABILITY response. - #imap_capability = - - # How many seconds to wait between "OK Still here" notifications when - # client is IDLEing. - #imap_idle_notify_interval = 120 - - # ID field names and values to send to clients. Using * as the value makes - # Dovecot use the default value. The following fields have default values - # currently: name, version, os, os-version, support-url, support-email. - #imap_id_send = - - # ID fields sent by client to log. * means everything. - #imap_id_log = - - # Workarounds for various client bugs: - # delay-newmail: - # Send EXISTS/RECENT new mail notifications only when replying to NOOP - # and CHECK commands. Some clients ignore them otherwise, for example OSX - # Mail ( (e.g. %Uf for the - # filename in uppercase) - # - # %v - Mailbox's IMAP UIDVALIDITY - # %u - Mail's IMAP UID - # %m - MD5 sum of the mailbox headers in hex (mbox only) - # %f - filename (maildir only) - # - # If you want UIDL compatibility with other POP3 servers, use: - # UW's ipop3d : %08Xv%08Xu - # Courier : %f or %v-%u (both might be used simultaneosly) - # Cyrus (<= 2.1.3) : %u - # Cyrus (>= 2.1.4) : %v.%u - # Dovecot v0.99.x : %v.%u - # tpop3d : %Mf - # - # Note that Outlook 2003 seems to have problems with %v.%u format which was - # Dovecot's default, so if you're building a new server it would be a good - # idea to change this. %08Xu%08Xv should be pretty fail-safe. - # - pop3_uidl_format = %08Xu%08Xv - - # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes - # won't change those UIDLs. Currently this works only with Maildir. - #pop3_save_uidl = no - - # POP3 logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - # %t - number of TOP commands - # %p - number of bytes sent to client as a result of TOP command - # %r - number of RETR commands - # %b - number of bytes sent to client as a result of RETR command - # %d - number of deleted messages - # %m - number of messages (before deletion) - # %s - mailbox size in bytes (before deletion) - #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s - - # Maximum number of POP3 connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 3 - - # Support for dynamically loadable plugins. mail_plugins is a space separated - # list of plugins to load. - #mail_plugins = - mail_plugins = quota - #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 - - # Workarounds for various client bugs: - # outlook-no-nuls: - # Outlook and Outlook Express hang if mails contain NUL characters. - # This setting replaces them with 0x80 character. - # oe-ns-eoh: - # Outlook Express and Netscape Mail breaks if end of headers-line is - # missing. This option simply sends it if it's missing. - # The list is space-separated. - #pop3_client_workarounds = -} - -## -## ManageSieve specific settings -## - -protocol managesieve { - # Login executable location. - #login_executable = /usr/lib/dovecot/managesieve-login - - # ManageSieve executable location. See IMAP's mail_executable above for - # examples how this could be changed. - mail_executable = /usr/lib/dovecot/managesieve - - # Maximum ManageSieve command line length in bytes. This setting is - # directly borrowed from IMAP. But, since long command lines are very - # unlikely with ManageSieve, changing this will not be very useful. - #managesieve_max_line_length = 65536 - - # ManageSieve logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - #managesieve_logout_format = bytes=%i/%o - - # If, for some inobvious reason, the sieve_storage remains unset, the - # ManageSieve daemon uses the specification of the mail_location to find out - # where to store the sieve files (see explaination in README.managesieve). - # The example below, when uncommented, overrides any global mail_location - # specification and stores all the scripts in '~/mail/sieve' if sieve_storage - # is unset. However, you should always use the sieve_storage setting. - # mail_location = mbox:~/mail - - # To fool ManageSieve clients that are focused on timesieved you can - # specify the IMPLEMENTATION capability that the dovecot reports to clients - # (default: "dovecot"). - #managesieve_implementation_string = Cyrus timsieved v2.2.13 -} - -## -## LDA specific settings -## - -protocol lda { - # Address to use when sending rejection mails (e.g. postmaster@example.com). - postmaster_address = postmaster@localhost - - # Hostname to use in various parts of sent mails, eg. in Message-Id. - # Default is the system's real hostname. - #hostname = - - # Support for dynamically loadable plugins. mail_plugins is a space separated - # list of plugins to load. - mail_plugins = quota sieve - #mail_plugin_dir = /usr/lib/dovecot/modules/lda - - # If user is over quota, return with temporary failure instead of - # bouncing the mail. - #quota_full_tempfail = no - - # Format to use for logging mail deliveries. You can use variables: - # %$ - Delivery status message (e.g. "saved to INBOX") - # %m - Message-ID - # %s - Subject - # %f - From address - #deliver_log_format = msgid=%m: %$ - - # Binary to use for sending mails. - #sendmail_path = /usr/sbin/sendmail - - # Subject: header to use for rejection mails. You can use the same variables - # as for rejection_reason below. - #rejection_subject = Rejected: %s - - # Human readable error message for rejection mails. You can use variables: - # %n = CRLF, %r = reason, %s = original subject, %t = recipient - #rejection_reason = Your message to <%t> was automatically rejected:%n%r - - # UNIX socket path to master authentication server to find users. - auth_socket_path = /var/run/dovecot/auth-master -} - -## -## Authentication processes -## - -# Executable location -#auth_executable = /usr/lib/dovecot/dovecot-auth - -# Set max. process size in megabytes. -#auth_process_size = 256 - -# Authentication cache size in kilobytes. 0 means it's disabled. -# Note that bsdauth, PAM and vpopmail require cache_key to be set for caching -# to be used. -#auth_cache_size = 0 -# Time to live in seconds for cached data. After this many seconds the cached -# record is no longer used, *except* if the main database lookup returns -# internal failure. We also try to handle password changes automatically: If -# user's previous authentication was successful, but this one wasn't, the -# cache isn't used. For now this works only with plaintext authentication. -#auth_cache_ttl = 3600 -# TTL for negative hits (user not found, password mismatch). -# 0 disables caching them completely. -#auth_cache_negative_ttl = 3600 - -# Space separated list of realms for SASL authentication mechanisms that need -# them. You can leave it empty if you don't want to support multiple realms. -# Many clients simply use the first one listed here, so keep the default realm -# first. -#auth_realms = - -# Default realm/domain to use if none was specified. This is used for both -# SASL realms and appending @domain to username in plaintext logins. -#auth_default_realm = - -# List of allowed characters in username. If the user-given username contains -# a character not listed in here, the login automatically fails. This is just -# an extra check to make sure user can't exploit any potential quote escaping -# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, -# set this value to empty. -#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ - -# Username character translations before it's looked up from databases. The -# value contains series of from -> to characters. For example "#@/@" means -# that '#' and '/' characters are translated to '@'. -#auth_username_translation = - -# Username formatting before it's looked up from databases. You can use -# the standard variables here, eg. %Lu would lowercase the username, %n would -# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into -# "-AT-". This translation is done after auth_username_translation changes. -#auth_username_format = - -# If you want to allow master users to log in by specifying the master -# username within the normal username string (ie. not using SASL mechanism's -# support for it), you can specify the separator character here. The format -# is then . UW-IMAP uses "*" as the -# separator, so that could be a good choice. -#auth_master_user_separator = - -# Username to use for users logging in with ANONYMOUS SASL mechanism -#auth_anonymous_username = anonymous - -# Log unsuccessful authentication attempts and the reasons why they failed. -#auth_verbose = no - -# Even more verbose logging for debugging purposes. Shows for example SQL -# queries. -#auth_debug = no - -# In case of password mismatches, log the passwords and used scheme so the -# problem can be debugged. Enabling this also enables auth_debug. -#auth_debug_passwords = no - -# Maximum number of dovecot-auth worker processes. They're used to execute -# blocking passdb and userdb queries (eg. MySQL and PAM). They're -# automatically created and destroyed as needed. -#auth_worker_max_count = 30 - -# Host name to use in GSSAPI principal names. The default is to use the -# name returned by gethostname(). Use "$ALL" to allow all keytab entries. -#auth_gssapi_hostname = - -# Kerberos keytab to use for the GSSAPI mechanism. Will use the system -# default (usually /etc/krb5.keytab) if not specified. -#auth_krb5_keytab = - -# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and -# ntlm_auth helper. -# -#auth_use_winbind = no - -# Path for Samba's ntlm_auth helper binary. -#auth_winbind_helper_path = /usr/bin/ntlm_auth - -# Number of seconds to delay before replying to failed authentications. -#auth_failure_delay = 2 - -auth default { - # Space separated list of wanted authentication mechanisms: - # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey - # gss-spnego - # NOTE: See also disable_plaintext_auth setting. - mechanisms = plain login - - # - # Password database is used to verify user's password (and nothing more). - # You can have multiple passdbs and userdbs. This is useful if you want to - # allow both system users (/etc/passwd) and virtual users to login without - # duplicating the system users into virtual database. - # - # - # - # By adding master=yes setting inside a passdb you make the passdb a list - # of "master users", who can log in as anyone else. Unless you're using PAM, - # you probably still want the destination user to be looked up from passdb - # that it really exists. This can be done by adding pass=yes setting to the - # master passdb. - - # Users can be temporarily disabled by adding a passdb with deny=yes. - # If the user is found from that database, authentication will fail. - # The deny passdb should always be specified before others, so it gets - # checked first. Here's an example: - - #passdb passwd-file { - # File contains a list of usernames, one per line - #args = /etc/dovecot/dovecot.deny - #deny = yes - #} - - # PAM authentication. Preferred nowadays by most systems. - # Note that PAM can only be used to verify if user's password is correct, - # so it can't be used as userdb. If you don't want to use a separate user - # database (passwd usually), you can use static userdb. - # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM - # authentication to actually work. - #passdb pam { - # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=] - # [cache_key=] [] - # - # session=yes makes Dovecot open and immediately close PAM session. Some - # PAM plugins need this to work, such as pam_mkhomedir. - # - # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins - # need that. They aren't ever deleted though, so this isn't enabled by - # default. - # - # max_requests specifies how many PAM lookups to do in one process before - # recreating the process. The default is 100, because many PAM plugins - # leak memory. - # - # cache_key can be used to enable authentication caching for PAM - # (auth_cache_size also needs to be set). It isn't enabled by default - # because PAM modules can do all kinds of checks besides checking password, - # such as checking IP address. Dovecot can't know about these checks - # without some help. cache_key is simply a list of variables (see - # /usr/share/doc/dovecot-common/wiki/Variables.txt) which must match - # for the cached data to be used. - # Here are some examples: - # %u - Username must match. Probably sufficient for most uses. - # %u%r - Username and remote IP address must match. - # %u%s - Username and service (ie. IMAP, POP3) must match. - # - # The service name can contain variables, for example %Ls expands to - # pop3 or imap. - # - # Some examples: - # args = session=yes %Ls - # args = cache_key=%u dovecot - #args = dovecot - #} - - # System users (NSS, /etc/passwd, or similiar) - # In many systems nowadays this uses Name Service Switch, which is - # configured in /etc/nsswitch.conf. - #passdb passwd { - # [blocking=yes] - See userdb passwd for explanation - #args = - #} - - # Shadow passwords for system users (NSS, /etc/shadow or similiar). - # Deprecated by PAM nowadays. - # - #passdb shadow { - # [blocking=yes] - See userdb passwd for explanation - #args = - #} - - # PAM-like authentication for OpenBSD. - # - #passdb bsdauth { - # [cache_key=] - See cache_key in PAM for explanation. - #args = - #} - - # passwd-like file with specified location - # - #passdb passwd-file { - # [scheme=] [username_format=] - # - #args = - #} - - # checkpassword executable authentication - # NOTE: You will probably want to use "userdb prefetch" with this. - # - #passdb checkpassword { - # Path for checkpassword binary - #args = - #} - - # SQL database - passdb sql { - # Path for SQL configuration file - args = /etc/dovecot/dovecot-sql.conf - } - - # LDAP database - #passdb ldap { - # Path for LDAP configuration file - #args = /etc/dovecot/dovecot-ldap.conf - #} - - # vpopmail authentication - #passdb vpopmail { - # [cache_key=] - See cache_key in PAM for explanation. - # [quota_template=