From 83a4bad18ec224e15cc95a9b8b29c64550f3f9f9 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Sun, 15 Apr 2018 12:33:53 -0400 Subject: [PATCH] Re-roll patches to build for wheezy --- wheezy/95_alternc.conf | 694 +++++++-------- wheezy/alternc-dict-quota.conf | 47 -- wheezy/alternc-roundcube.postinst | 19 + wheezy/alternc-sql.conf | 137 --- wheezy/alternc-ssl.install.php | 39 + wheezy/alternc.install | 147 ++++ wheezy/alternc.install.diff | 46 - wheezy/apache2.conf | 43 + wheezy/bureau.conf | 11 + wheezy/changelog | 22 + wheezy/changelog.diff | 13 - wheezy/config.inc.php | 449 ++++++++++ wheezy/control | 51 ++ wheezy/control.diff | 49 -- wheezy/dovecot-dict-quota.conf | 53 ++ wheezy/dovecot-sql.conf | 138 +++ wheezy/dovecot.conf | 1302 +++++++++++++++++++++++++++++ wheezy/main.inc.php | 809 ++++++++++++++++++ wheezy/patch.sh | 31 +- wheezy/roundcube-install | 33 + wheezy/ssl.conf | 13 + wheezy/vhost.conf | 17 + 22 files changed, 3507 insertions(+), 656 deletions(-) delete mode 100644 wheezy/alternc-dict-quota.conf create mode 100644 wheezy/alternc-roundcube.postinst delete mode 100644 wheezy/alternc-sql.conf create mode 100644 wheezy/alternc-ssl.install.php create mode 100644 wheezy/alternc.install delete mode 100644 wheezy/alternc.install.diff create mode 100644 wheezy/apache2.conf create mode 100644 wheezy/bureau.conf create mode 100644 wheezy/changelog delete mode 100644 wheezy/changelog.diff create mode 100644 wheezy/config.inc.php create mode 100644 wheezy/control delete mode 100644 wheezy/control.diff create mode 100644 wheezy/dovecot-dict-quota.conf create mode 100644 wheezy/dovecot-sql.conf create mode 100644 wheezy/dovecot.conf create mode 100644 wheezy/main.inc.php create mode 100644 wheezy/roundcube-install create mode 100644 wheezy/ssl.conf create mode 100644 wheezy/vhost.conf diff --git a/wheezy/95_alternc.conf b/wheezy/95_alternc.conf index dda55336..7606a750 100644 --- a/wheezy/95_alternc.conf +++ b/wheezy/95_alternc.conf @@ -1,344 +1,350 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# -## Dovecot configuration file -# This is a concatenation of all /etc/dovecot/conf.d/* from DEBIAN package -# with rules adapted to AlternC best practices and link with MySQL tables. - -protocols = imap pop3 sieve - -default_process_limit = 1000 - -## ------------------------------------------------------------------------- -## 10-auth - -# Disable LOGIN command and all other plaintext authentications unless -# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP -# matches the local IP (ie. you're connecting from the same computer), the -# connection is considered secure and plaintext authentication is allowed. -disable_plaintext_auth = no - -# Space separated list of wanted authentication mechanisms: -# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey -# gss-spnego -# NOTE: See also disable_plaintext_auth setting. -auth_mechanisms = plain login - -## -## Password and user databases -## - -# -# Password database is used to verify user's password (and nothing more). -# You can have multiple passdbs and userdbs. This is useful if you want to -# allow both system users (/etc/passwd) and virtual users to login without -# duplicating the system users into virtual database. -# -# -# -# User database specifies where mails are located and what user/group IDs -# own them. For single-UID configuration use "static" userdb. -# -# - -#!include auth-deny.conf.ext -#!include auth-master.conf.ext - -#!include auth-system.conf.ext -#!include auth-sql.conf.ext -#!include auth-ldap.conf.ext -#!include auth-passwdfile.conf.ext -#!include auth-checkpassword.conf.ext -#!include auth-vpopmail.conf.ext -#!include auth-static.conf.ext - - -# ---------------------------------------------------------------------------- -# 10-login.conf - -# Prefix for each line written to log file. % codes are in strftime(3) -# format. -#log_timestamp = "%b %d %H:%M:%S " -log_timestamp = "%Y-%m-%d %H:%M:%S " - -# ---------------------------------------------------------------------------- -# 10-mail.conf - - -# Location for users' mailboxes. This is the same as the old default_mail_env -# setting. The default is empty, which means that Dovecot tries to find the -# mailboxes automatically. This won't work if the user doesn't have any mail -# yet, so you should explicitly tell Dovecot the full location. -# -# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) -# isn't enough. You'll also need to tell Dovecot where the other mailboxes are -# kept. This is called the "root mail directory", and it must be the first -# path given in the mail_location setting. -# -# There are a few special variables you can use, eg.: -# -# %u - username -# %n - user part in user@domain, same as %u if there's no domain -# %d - domain part in user@domain, empty if there's no domain -# %h - home directory -# -# See for full list. -# Some examples: -# -# mail_location = maildir:~/Maildir -# mail_location = mbox:~/mail:INBOX=/var/mail/%u -# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n -# -# -# -mail_location = maildir:~/Maildir - - -# Group to enable temporarily for privileged operations. Currently this is -# used only with INBOX when either its initial creation or dotlocking fails. -# Typically this is set to "mail" to give access to /var/mail. -#mail_privileged_group = -mail_privileged_group = vmail - - -# Valid UID range for users, defaults to 500 and above. This is mostly -# to make sure that users can't log in as daemons or other system users. -# Note that denying root logins is hardcoded to dovecot binary and can't -# be done even if first_valid_uid is set to 0. -first_valid_uid = 2000 -last_valid_uid = 65000 - -# ---------------------------------------------------------------------------- -# 10-master.conf - -passdb { - driver = sql - args = /etc/dovecot/alternc-sql.conf -} - -userdb { - driver = sql - args = /etc/dovecot/alternc-sql.conf -} -userdb { - driver = prefetch -} - -service auth { - unix_listener /var/spool/postfix/private/auth { - group = postfix - mode = 0660 - user = postfix - } - unix_listener auth-master { - mode = 0600 - user = vmail - } - - # set this to (default_client_limit * number of services using it) - client_limit = 5000 -} - -service anvil { - # set this to (default_client_limit * number of services using it) - client_limit = 5000 -} - - -# ---------------------------------------------------------------------------- -# 10-ssl.conf - -# SSL/TLS support: yes, no, required. -ssl = yes - -# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -# dropping root privileges, so keep the key file unreadable by anyone but -# root. -#ssl_cert = (e.g. %Uf for the - # filename in uppercase) - # - # %v - Mailbox's IMAP UIDVALIDITY - # %u - Mail's IMAP UID - # %m - MD5 sum of the mailbox headers in hex (mbox only) - # %f - filename (maildir only) - # - # If you want UIDL compatibility with other POP3 servers, use: - # UW's ipop3d : %08Xv%08Xu - # Courier : %f or %v-%u (both might be used simultaneosly) - # Cyrus (<= 2.1.3) : %u - # Cyrus (>= 2.1.4) : %v.%u - # Dovecot v0.99.x : %v.%u - # tpop3d : %Mf - # - # Note that Outlook 2003 seems to have problems with %v.%u format which was - # Dovecot's default, so if you're building a new server it would be a good - # idea to change this. %08Xu%08Xv should be pretty fail-safe. - # - pop3_uidl_format = %08Xu%08Xv - - # Support for dynamically loadable plugins. mail_plugins is a space separated - # list of plugins to load. - mail_plugins = quota - #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 - -} - -service pop3 { - executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/pop3 -} - -# ---------------------------------------------------------------------------- -# 90-plugin.conf - -plugin { - - # Quota plugin. Multiple backends are supported: - # dirsize: Find and sum all the files found from mail directory. - # Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. - # dict: Keep quota stored in dictionary (eg. SQL) - # maildir: Maildir++ quota - # fs: Read-only support for filesystem quota - # - # Quota limits are set using "quota_rule" parameters, either in here or in - # userdb. It's also possible to give mailbox-specific limits, for example: - # quota_rule = *:storage=1048576 - quota_rule = *:storage=100M - quota_rule2 = Trash:storage=+10%% - # quota_rule2 = Trash:storage=102400 - # User has now 1GB quota, but when saving to Trash mailbox the user gets - # additional 100MB. - # - # Multiple quota roots are also possible, for example: - # quota = dict:user::proxy::quota - # quota2 = dict:domain:%d:proxy::quota_domain - # quota_rule = *:storage=102400 - # quota2_rule = *:storage=1048576 - # Gives each user their own 100MB quota and one shared 1GB quota within - # the domain. - # - # You can execute a given command when user exceeds a specified quota limit. - # Each quota root has separate limits. Only the command for the first - # exceeded limit is excecuted, so put the highest limit first. - # Note that % needs to be escaped as %%, otherwise "% " expands to empty. - # quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95 - # quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80 - quota_warning = storage=95%% /usr/lib/alternc/quota-warning.sh 95 - quota_warning2 = storage=80%% /usr/lib/alternc/quota-warning.sh 80 - #quota = maildir - quota = dict:user::proxy::quotadict - - - # Sieve plugin (http://wiki.dovecot.org/LDA/Sieve) and ManageSieve service - # - # Location of the active script. When ManageSieve is used this is actually - # a symlink pointing to the active script in the sieve storage directory. - sieve=~/.dovecot.sieve - # - # The path to the directory where the personal Sieve scripts are stored. For - # ManageSieve this is where the uploaded scripts are stored. - sieve_dir=~/sieve -} - -# Dictionary can be used by some plugins to store key=value lists, such as -# quota, expire and acl plugins. The dictionary can be used either directly or -# though a dictionary server. The following dict block maps dictionary names to -# URIs when the server is used. These can then be referenced using URIs in -# format "proxy::". - -dict { - quotadict = mysql:/etc/dovecot/alternc-dict-quota.conf - #expire = db:/var/lib/dovecot/expire.db -} - - -service auth-worker { - user = vmail -} - -service dict { - unix_listener dict { - mode = 0660 - user = vmail - group = vmail - } -} +diff --git a/etc/alternc/templates/dovecot/conf.d/95_alternc.conf b/etc/alternc/templates/dovecot/conf.d/95_alternc.conf +deleted file mode 100644 +index dda55336..00000000 +--- a/etc/alternc/templates/dovecot/conf.d/95_alternc.conf ++++ /dev/null +@@ -1,344 +0,0 @@ +-# AUTO GENERATED FILE +-# Modify template in /etc/alternc/templates/ +-# and launch alternc.install if you want +-# to modify this file. +-# +-## Dovecot configuration file +-# This is a concatenation of all /etc/dovecot/conf.d/* from DEBIAN package +-# with rules adapted to AlternC best practices and link with MySQL tables. +- +-protocols = imap pop3 sieve +- +-default_process_limit = 1000 +- +-## ------------------------------------------------------------------------- +-## 10-auth +- +-# Disable LOGIN command and all other plaintext authentications unless +-# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP +-# matches the local IP (ie. you're connecting from the same computer), the +-# connection is considered secure and plaintext authentication is allowed. +-disable_plaintext_auth = no +- +-# Space separated list of wanted authentication mechanisms: +-# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey +-# gss-spnego +-# NOTE: See also disable_plaintext_auth setting. +-auth_mechanisms = plain login +- +-## +-## Password and user databases +-## +- +-# +-# Password database is used to verify user's password (and nothing more). +-# You can have multiple passdbs and userdbs. This is useful if you want to +-# allow both system users (/etc/passwd) and virtual users to login without +-# duplicating the system users into virtual database. +-# +-# +-# +-# User database specifies where mails are located and what user/group IDs +-# own them. For single-UID configuration use "static" userdb. +-# +-# +- +-#!include auth-deny.conf.ext +-#!include auth-master.conf.ext +- +-#!include auth-system.conf.ext +-#!include auth-sql.conf.ext +-#!include auth-ldap.conf.ext +-#!include auth-passwdfile.conf.ext +-#!include auth-checkpassword.conf.ext +-#!include auth-vpopmail.conf.ext +-#!include auth-static.conf.ext +- +- +-# ---------------------------------------------------------------------------- +-# 10-login.conf +- +-# Prefix for each line written to log file. % codes are in strftime(3) +-# format. +-#log_timestamp = "%b %d %H:%M:%S " +-log_timestamp = "%Y-%m-%d %H:%M:%S " +- +-# ---------------------------------------------------------------------------- +-# 10-mail.conf +- +- +-# Location for users' mailboxes. This is the same as the old default_mail_env +-# setting. The default is empty, which means that Dovecot tries to find the +-# mailboxes automatically. This won't work if the user doesn't have any mail +-# yet, so you should explicitly tell Dovecot the full location. +-# +-# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) +-# isn't enough. You'll also need to tell Dovecot where the other mailboxes are +-# kept. This is called the "root mail directory", and it must be the first +-# path given in the mail_location setting. +-# +-# There are a few special variables you can use, eg.: +-# +-# %u - username +-# %n - user part in user@domain, same as %u if there's no domain +-# %d - domain part in user@domain, empty if there's no domain +-# %h - home directory +-# +-# See for full list. +-# Some examples: +-# +-# mail_location = maildir:~/Maildir +-# mail_location = mbox:~/mail:INBOX=/var/mail/%u +-# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n +-# +-# +-# +-mail_location = maildir:~/Maildir +- +- +-# Group to enable temporarily for privileged operations. Currently this is +-# used only with INBOX when either its initial creation or dotlocking fails. +-# Typically this is set to "mail" to give access to /var/mail. +-#mail_privileged_group = +-mail_privileged_group = vmail +- +- +-# Valid UID range for users, defaults to 500 and above. This is mostly +-# to make sure that users can't log in as daemons or other system users. +-# Note that denying root logins is hardcoded to dovecot binary and can't +-# be done even if first_valid_uid is set to 0. +-first_valid_uid = 2000 +-last_valid_uid = 65000 +- +-# ---------------------------------------------------------------------------- +-# 10-master.conf +- +-passdb { +- driver = sql +- args = /etc/dovecot/alternc-sql.conf +-} +- +-userdb { +- driver = sql +- args = /etc/dovecot/alternc-sql.conf +-} +-userdb { +- driver = prefetch +-} +- +-service auth { +- unix_listener /var/spool/postfix/private/auth { +- group = postfix +- mode = 0660 +- user = postfix +- } +- unix_listener auth-master { +- mode = 0600 +- user = vmail +- } +- +- # set this to (default_client_limit * number of services using it) +- client_limit = 5000 +-} +- +-service anvil { +- # set this to (default_client_limit * number of services using it) +- client_limit = 5000 +-} +- +- +-# ---------------------------------------------------------------------------- +-# 10-ssl.conf +- +-# SSL/TLS support: yes, no, required. +-ssl = yes +- +-# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before +-# dropping root privileges, so keep the key file unreadable by anyone but +-# root. +-#ssl_cert = (e.g. %Uf for the +- # filename in uppercase) +- # +- # %v - Mailbox's IMAP UIDVALIDITY +- # %u - Mail's IMAP UID +- # %m - MD5 sum of the mailbox headers in hex (mbox only) +- # %f - filename (maildir only) +- # +- # If you want UIDL compatibility with other POP3 servers, use: +- # UW's ipop3d : %08Xv%08Xu +- # Courier : %f or %v-%u (both might be used simultaneosly) +- # Cyrus (<= 2.1.3) : %u +- # Cyrus (>= 2.1.4) : %v.%u +- # Dovecot v0.99.x : %v.%u +- # tpop3d : %Mf +- # +- # Note that Outlook 2003 seems to have problems with %v.%u format which was +- # Dovecot's default, so if you're building a new server it would be a good +- # idea to change this. %08Xu%08Xv should be pretty fail-safe. +- # +- pop3_uidl_format = %08Xu%08Xv +- +- # Support for dynamically loadable plugins. mail_plugins is a space separated +- # list of plugins to load. +- mail_plugins = quota +- #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 +- +-} +- +-service pop3 { +- executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/pop3 +-} +- +-# ---------------------------------------------------------------------------- +-# 90-plugin.conf +- +-plugin { +- +- # Quota plugin. Multiple backends are supported: +- # dirsize: Find and sum all the files found from mail directory. +- # Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. +- # dict: Keep quota stored in dictionary (eg. SQL) +- # maildir: Maildir++ quota +- # fs: Read-only support for filesystem quota +- # +- # Quota limits are set using "quota_rule" parameters, either in here or in +- # userdb. It's also possible to give mailbox-specific limits, for example: +- # quota_rule = *:storage=1048576 +- quota_rule = *:storage=100M +- quota_rule2 = Trash:storage=+10%% +- # quota_rule2 = Trash:storage=102400 +- # User has now 1GB quota, but when saving to Trash mailbox the user gets +- # additional 100MB. +- # +- # Multiple quota roots are also possible, for example: +- # quota = dict:user::proxy::quota +- # quota2 = dict:domain:%d:proxy::quota_domain +- # quota_rule = *:storage=102400 +- # quota2_rule = *:storage=1048576 +- # Gives each user their own 100MB quota and one shared 1GB quota within +- # the domain. +- # +- # You can execute a given command when user exceeds a specified quota limit. +- # Each quota root has separate limits. Only the command for the first +- # exceeded limit is excecuted, so put the highest limit first. +- # Note that % needs to be escaped as %%, otherwise "% " expands to empty. +- # quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95 +- # quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80 +- quota_warning = storage=95%% /usr/lib/alternc/quota-warning.sh 95 +- quota_warning2 = storage=80%% /usr/lib/alternc/quota-warning.sh 80 +- #quota = maildir +- quota = dict:user::proxy::quotadict +- +- +- # Sieve plugin (http://wiki.dovecot.org/LDA/Sieve) and ManageSieve service +- # +- # Location of the active script. When ManageSieve is used this is actually +- # a symlink pointing to the active script in the sieve storage directory. +- sieve=~/.dovecot.sieve +- # +- # The path to the directory where the personal Sieve scripts are stored. For +- # ManageSieve this is where the uploaded scripts are stored. +- sieve_dir=~/sieve +-} +- +-# Dictionary can be used by some plugins to store key=value lists, such as +-# quota, expire and acl plugins. The dictionary can be used either directly or +-# though a dictionary server. The following dict block maps dictionary names to +-# URIs when the server is used. These can then be referenced using URIs in +-# format "proxy::". +- +-dict { +- quotadict = mysql:/etc/dovecot/alternc-dict-quota.conf +- #expire = db:/var/lib/dovecot/expire.db +-} +- +- +-service auth-worker { +- user = vmail +-} +- +-service dict { +- unix_listener dict { +- mode = 0660 +- user = vmail +- group = vmail +- } +-} diff --git a/wheezy/alternc-dict-quota.conf b/wheezy/alternc-dict-quota.conf deleted file mode 100644 index 8ad06548..00000000 --- a/wheezy/alternc-dict-quota.conf +++ /dev/null @@ -1,47 +0,0 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# - -connect=host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% -#connect = host=localhost dbname=mails user=testuser password=pass - -# CREATE TABLE quota ( -# username varchar(100) not null, -# bytes bigint not null default 0, -# messages integer not null default 0, -# primary key (username) -# ); - -map { - pattern = priv/quota/storage - table = dovecot_quota - username_field = user - value_field = quota_dovecot -} -map { - pattern = priv/quota/messages - table = dovecot_quota - username_field = user - value_field = nb_messages -} - -# CREATE TABLE expires ( -# username varchar(100) not null, -# mailbox varchar(255) not null, -# expire_stamp integer not null, -# primary key (username, mailbox) -# ); - -#map { - # pattern = shared/expire/$user/$mailbox - # table = expires - # value_field = expire_stamp - - # fields { - # username = $user - # mailbox = $mailbox - # } -#} - diff --git a/wheezy/alternc-roundcube.postinst b/wheezy/alternc-roundcube.postinst new file mode 100644 index 00000000..5c54e746 --- /dev/null +++ b/wheezy/alternc-roundcube.postinst @@ -0,0 +1,19 @@ +diff --git a/debian/alternc-roundcube.postinst b/debian/alternc-roundcube.postinst +index 0d99169d..6dfe23c9 100644 +--- a/debian/alternc-roundcube.postinst ++++ b/debian/alternc-roundcube.postinst +@@ -27,10 +27,10 @@ case "$1" in + chown -R www-data:root /etc/roundcube/debian-db.php + chmod -R 460 /etc/roundcube/debian-db.php + +- dpkg-statoverride --list /etc/roundcube/config.inc.php >/dev/null && +- dpkg-statoverride --remove /etc/roundcube/config.inc.php +- chown -R www-data:root /etc/roundcube/config.inc.php +- chmod -R 460 /etc/roundcube/config.inc.php ++ dpkg-statoverride --list /etc/roundcube/main.inc.php >/dev/null && ++ dpkg-statoverride --remove /etc/roundcube/main.inc.php ++ chown -R www-data:root /etc/roundcube/main.inc.php ++ chmod -R 460 /etc/roundcube/main.inc.php + + dpkg-statoverride --list /var/log/roundcube >/dev/null && + dpkg-statoverride --remove /var/log/roundcube diff --git a/wheezy/alternc-sql.conf b/wheezy/alternc-sql.conf deleted file mode 100644 index e4bad783..00000000 --- a/wheezy/alternc-sql.conf +++ /dev/null @@ -1,137 +0,0 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# -# This file is opened as root, so it should be owned by root and mode 0600. -# -# http://wiki2.dovecot.org/AuthDatabase/SQL -# -# For the sql passdb module, you'll need a database with a table that -# contains fields for at least the username and password. If you want to -# use the user@domain syntax, you might want to have a separate domain -# field as well. -# -# If your users all have the same uig/gid, and have predictable home -# directories, you can use the static userdb module to generate the home -# dir based on the username and domain. In this case, you won't need fields -# for home, uid, or gid in the database. -# -# If you prefer to use the sql userdb module, you'll want to add fields -# for home, uid, and gid. Here is an example table: -# -# CREATE TABLE users ( -# username VARCHAR(128) NOT NULL, -# domain VARCHAR(128) NOT NULL, -# password VARCHAR(64) NOT NULL, -# home VARCHAR(255) NOT NULL, -# uid INTEGER NOT NULL, -# gid INTEGER NOT NULL, -# active CHAR(1) DEFAULT 'Y' NOT NULL -# ); - -# Database driver: mysql, pgsql, sqlite -driver = mysql - -# Database connection string. This is driver-specific setting. -# -# HA / round-robin load-balancing is supported by giving multiple host -# settings, like: host=sql1.host.org host=sql2.host.org -# -# pgsql: -# For available options, see the PostgreSQL documention for the -# PQconnectdb function of libpq. -# Use maxconns=n (default 5) to change how many connections Dovecot can -# create to pgsql. -# -# mysql: -# Basic options emulate PostgreSQL option names: -# host, port, user, password, dbname -# -# But also adds some new settings: -# client_flags - See MySQL manual -# ssl_ca, ssl_ca_path - Set either one or both to enable SSL -# ssl_cert, ssl_key - For sending client-side certificates to server -# ssl_cipher - Set minimum allowed cipher security (default: HIGH) -# option_file - Read options from the given file instead of -# the default my.cnf location -# option_group - Read options from the given group (default: client) -# -# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock -# Note that currently you can't use spaces in parameters. -# -# sqlite: -# The path to the database file. -# -# Examples: -# connect = host=192.168.1.1 dbname=users -# connect = host=sql.example.com dbname=virtual user=virtual password=blarg -# connect = /etc/dovecot/authdb.sqlite -# -connect = host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% - -# Default password scheme. -# -# List of supported schemes is in -# http://wiki2.dovecot.org/Authentication/PasswordSchemes -# -default_pass_scheme = MD5 - -# passdb query to retrieve the password. It can return fields: -# password - The user's password. This field must be returned. -# user - user@domain from the database. Needed with case-insensitive lookups. -# username and domain - An alternative way to represent the "user" field. -# -# The "user" field is often necessary with case-insensitive lookups to avoid -# e.g. "name" and "nAme" logins creating two different mail directories. If -# your user and domain names are in separate fields, you can return "username" -# and "domain" fields instead of "user". -# -# The query can also return other fields which have a special meaning, see -# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields -# -# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables -# for full list): -# %u = entire user@domain -# %n = user part of user@domain -# %d = domain part of user@domain -# -# Note that these can be used only as input to SQL query. If the query outputs -# any of these substitutions, they're not touched. Otherwise it would be -# difficult to have eg. usernames containing '%' characters. -# -# Example: -# password_query = SELECT userid AS user, pw AS password \ -# FROM users WHERE userid = '%u' AND active = 'Y' -# -#password_query = \ -# SELECT username, domain, password \ -# FROM users WHERE username = '%n' AND domain = '%d' - -# userdb query to retrieve the user information. It can return fields: -# uid - System UID (overrides mail_uid setting) -# gid - System GID (overrides mail_gid setting) -# home - Home directory -# mail - Mail location (overrides mail_location setting) -# -# None of these are strictly required. If you use a single UID and GID, and -# home or mail directory fits to a template string, you could use userdb static -# instead. For a list of all fields that can be returned, see -# http://wiki2.dovecot.org/UserDatabase/ExtraFields -# -# Examples: -# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' -# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' -# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' -# -user_query = SELECT userdb_home AS home, userdb_uid AS uid, 1998 AS gid, userdb_quota_rule AS quota_rule FROM dovecot_view WHERE user = '%u'; - -# If you wish to avoid two SQL lookups (passdb + userdb), you can use -# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll -# also have to return userdb fields in password_query prefixed with "userdb_" -# string. For example: -# -password_query = SELECT user, password, userdb_home, userdb_uid, 1998 AS userdb_gid,userdb_quota_rule FROM dovecot_view where user= '%u'; - -# Query to get a list of all usernames. -#iterate_query = SELECT username AS user FROM users diff --git a/wheezy/alternc-ssl.install.php b/wheezy/alternc-ssl.install.php new file mode 100644 index 00000000..9d524944 --- /dev/null +++ b/wheezy/alternc-ssl.install.php @@ -0,0 +1,39 @@ +diff --git a/ssl/alternc-ssl.install.php b/ssl/alternc-ssl.install.php +index ba568910..041eef80 100644 +--- a/ssl/alternc-ssl.install.php ++++ b/ssl/alternc-ssl.install.php +@@ -9,7 +9,9 @@ if ($argv[1] == "templates") { + // install ssl.conf + echo "[alternc-ssl] Installing ssl.conf template\n"; + copy("/etc/alternc/templates/apache2/mods-available/ssl.conf","/etc/apache2/mods-available/ssl.conf"); +- mkdir("/var/run/alternc-ssl"); ++ if (!is_dir('/var/run/alternc-ssl')) { ++ mkdir("/var/run/alternc-ssl"); ++ } + chown("/var/run/alternc-ssl","alterncpanel"); + chgrp("/var/run/alternc-ssl","alterncpanel"); + // replace open_basedir line if necessary : +@@ -64,4 +66,23 @@ if ($argv[1] == "before-reload") { + $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='php52-mixssl';"); + } + ++ // Enable name-based virtual hosts in Apache2 : ++ $f = fopen("/etc/apache2/ports.conf", "rb"); ++ if (!$f) { ++ echo "FATAL: there is no /etc/apache2/ports.conf ! I can't configure name-based virtual hosts\n"; ++ } else { ++ $found = false; ++ while ($s = fgets($f, 1024)) { ++ if (preg_match(":^[^#]*NameVirtualHost.*443:", $s)) { ++ $found = true; ++ break; ++ } ++ } ++ fclose($f); ++ if (!$found) { ++ $f = fopen("/etc/apache2/ports.conf", "ab"); ++ fputs($f, "\n\n NameVirtualHost *:443\n\n\n"); ++ fclose($f); ++ } ++ } + } // before-reload diff --git a/wheezy/alternc.install b/wheezy/alternc.install new file mode 100644 index 00000000..e036cac2 --- /dev/null +++ b/wheezy/alternc.install @@ -0,0 +1,147 @@ +diff --git a/install/alternc.install b/install/alternc.install +index 95060b7c..10bcbacc 100644 +--- a/install/alternc.install ++++ b/install/alternc.install +@@ -79,7 +79,7 @@ if [ -e /etc/default/saslauthd ]; then + fi + + if [ -e /etc/dovecot/dovecot.conf ]; then +- CONFIG_FILES="$CONFIG_FILES etc/dovecot/alternc-sql.conf etc/dovecot/alternc-dict-quota.conf etc/dovecot/conf.d/95_alternc.conf" ++ CONFIG_FILES="$CONFIG_FILES etc/dovecot/dovecot.conf etc/dovecot/dovecot-sql.conf etc/dovecot/dovecot-dict-quota.conf" + fi + + INSTALLED_CONFIG_TAR="/var/lib/alternc/backups/etc-installed.tar.gz" +@@ -279,20 +279,12 @@ rm -f $SED_SCRIPT + # Ad-hoc fixes + # + +-php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.*\)\.so$/\1/' | tail -1`" +-if [ "$php" = "7.0" ] +-then +- ln -fs /etc/alternc/alternc.ini /etc/php/$php/apache2/conf.d/alternc.ini || true +- ln -fs /etc/alternc/alternc.ini /etc/php/$php/cli/conf.d/alternc.ini || true +-else +- ln -fs /etc/alternc/alternc.ini /etc/php$php/apache2/conf.d/alternc.ini || true +- ln -fs /etc/alternc/alternc.ini /etc/php$php/cli/conf.d/alternc.ini || true +-fi +- ++php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.\)\.so$/php\1/' | tail -1`" ++ln -fs /etc/alternc/alternc.ini /etc/$php/apache2/conf.d/alternc.ini || true ++ln -fs /etc/alternc/alternc.ini /etc/$php/cli/conf.d/alternc.ini || true + if [ -x /usr/sbin/apache2 ]; then + # hook + run-parts --arg=apache2 /usr/lib/alternc/install.d +- a2enmod mpm_itk + + s="" + # unused from AlternC 1.0, FIXME: remove it later +@@ -301,9 +293,9 @@ if [ -x /usr/sbin/apache2 ]; then + a2dismod vhost_alias + s="apache2" + fi +- if ! [ -L /etc/apache2/mods-enabled/php$php.load ] ++ if ! [ -L /etc/apache2/mods-enabled/$php.load ] + then +- a2enmod php$php ++ a2enmod $php + fi + if ! [ -L /etc/apache2/mods-enabled/rewrite.load ] + then +@@ -319,14 +311,13 @@ if [ -x /usr/sbin/apache2 ]; then + a2enmod ssl + s="apache2" + fi +- if [ ! -h /etc/apache2/conf-available/alternc-ssl.conf ] && [ -e /etc/apache2/conf-available/ ]; then +- ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf-available/alternc-ssl.conf +- a2enconf alternc-ssl ++ if [ ! -h /etc/apache2/conf.d/alternc-ssl.conf ] && [ -e /etc/apache2/conf.d/ ]; then ++ ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf.d/alternc-ssl.conf + s="apache2" + fi + + # We enable dovecot SSL certificate instructions: (on wheezy we should use a new file in /etc/dovecot/conf.d/ ) +- ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = /etc/dovecot/conf.d/96_ssl.conf ++ sed -i -e 's#^ssl_cert_file.*$#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem#' -e 's#^ssl_key_file.*$#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key#' /etc/dovecot/dovecot.conf + + else + # We disable proftpd tls module +@@ -335,18 +326,17 @@ if [ -x /usr/sbin/apache2 ]; then + cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/ + + # We disable dovecot SSL certificate instructions: (on wheezy we should remove a file in /etc/dovecot/conf.d/ ) +- ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = /etc/dovecot/conf.d/96_ssl.conf ++ sed -i -e 's#^ssl_cert_file.*$#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem#' -e 's#^ssl_key_file.*$#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key#' /etc/dovecot/dovecot.conf + + echo "SSL not configured" + echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install" + fi +- if [ ! -h /etc/apache2/conf-available/alternc.conf ] && [ -e /etc/apache2/conf-available/ ]; then +- ln -sf /etc/alternc/apache2.conf /etc/apache2/conf-available/alternc.conf +- a2enconf alternc.conf ++ if [ ! -h /etc/apache2/conf.d/alternc.conf ] && [ -e /etc/apache2/conf.d/ ]; then ++ ln -sf /etc/alternc/apache2.conf /etc/apache2/conf.d/alternc.conf + s="apache2" + fi +- if [ -e /etc/apache2/sites-enabled/000-default.conf ]; then +- a2dissite 000-default ++ if [ -e /etc/apache2/sites-enabled/000-default ]; then ++ a2dissite default + s="apache2" + fi + SERVICES="$SERVICES $s" +@@ -440,7 +430,7 @@ OLDDESTINATION=`postconf mydestination | awk -F '=' '{print $2}'` + echo "$OLDDESTINATION" | grep -q -v "$FQDN" && postconf -e "mydestination = $FQDN, $OLDDESTINATION" + + # Remove phpmyadmin apache2 configuration +-a2disconf phpmyadmin ++rm -f /etc/apache2/conf.d/phpmyadmin.conf || true + + # Configure PHPMyAdmin + include_str='include("/etc/alternc/phpmyadmin.inc.php")' +@@ -592,14 +582,9 @@ else + mysql --defaults-file=/etc/alternc/my.cnf -e "UPDATE db_servers SET host='$MYSQL_HOST', login='$MYSQL_USER', password='$MYSQL_PASS', client='$MYSQL_HOST_CLIENT' WHERE name='Default';" + fi + +-# giving vmail user read access on dovecot sql file +-chgrp vmail /etc/dovecot/alternc-sql.conf +-chmod g+r /etc/dovecot/alternc-sql.conf +-# Override some dovecot 2.0 configuration that may have happened during dovecot postinst: +-sed -i -e 's/^ *!include/#!include/' /etc/dovecot/conf.d/10-auth.conf +- +-# Changing owner of web panel's files +-chown -R alterncpanel:alterncpanel "/usr/share/alternc/panel/" ++#giving vmail user read access on dovecot sql file ++chgrp vmail /etc/dovecot/dovecot.conf ++chmod g+r /etc/dovecot/dovecot.conf + + # We force the re-computing of the DNS zones, since we may have changed the IP address (see #460) + /usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='UPDATE' WHERE gesdns=1;" +@@ -612,7 +597,7 @@ grep -q "^localhost\$" /etc/opendkim/TrustedHosts || echo "localhost" >>/etc/ope + grep -q "^$PUBLIC_IP\$" /etc/opendkim/TrustedHosts || echo "$PUBLIC_IP" >>/etc/opendkim/TrustedHosts + + # Add opendkim to service to restart +-SERVICES="$SERVICES opendkim bind9" ++SERVICES="$SERVICES opendkim" + + # hook + run-parts --arg=before-reload /usr/lib/alternc/install.d +@@ -620,7 +605,7 @@ run-parts --arg=before-reload /usr/lib/alternc/install.d + ####################################################################### + # Reload services + # +-for service in postfix dovecot cron proftpd ; do ++for service in postfix bind9 apache2 dovecot cron proftpd ; do + invoke-rc.d $service force-reload || true + done + +@@ -628,10 +613,6 @@ done + for service in $SERVICES; do + test -x /etc/init.d/$service && invoke-rc.d $service stop || true + done +- +-# on Jessie, apache2 does not stop/start properly due to "service" and "apache2ctl" having different behavior pid-file-wise +-killall apache2 +- + for service in $SERVICES; do + test -x /etc/init.d/$service && invoke-rc.d $service start || true + done diff --git a/wheezy/alternc.install.diff b/wheezy/alternc.install.diff deleted file mode 100644 index e8aaae24..00000000 --- a/wheezy/alternc.install.diff +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/install/alternc.install b/install/alternc.install -index b9691b0..2ee07b8 100644 ---- alternc.install.squeeze -+++ alternc.install -@@ -79,7 +79,7 @@ if [ -e /etc/default/saslauthd ]; then - fi - - if [ -e /etc/dovecot/dovecot.conf ]; then -- CONFIG_FILES="$CONFIG_FILES etc/dovecot/dovecot.conf etc/dovecot/dovecot-sql.conf etc/dovecot/dovecot-dict-quota.conf" -+ CONFIG_FILES="$CONFIG_FILES etc/dovecot/alternc-sql.conf etc/dovecot/alternc-dict-quota.conf etc/dovecot/conf.d/95_alternc.conf" - fi - - INSTALLED_CONFIG_TAR="/var/lib/alternc/backups/etc-installed.tar.gz" -@@ -317,7 +317,7 @@ if [ -x /usr/sbin/apache2 ]; then - fi - - # We enable dovecot SSL certificate instructions: (on wheezy we should use a new file in /etc/dovecot/conf.d/ ) -- sed -i -e 's#^ssl_cert_file.*$#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem#' -e 's#^ssl_key_file.*$#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key#' /etc/dovecot/dovecot.conf -+ ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = /etc/dovecot/conf.d/96_ssl.conf - - else - # We disable proftpd tls module -@@ -326,7 +326,7 @@ if [ -x /usr/sbin/apache2 ]; then - cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/ - - # We disable dovecot SSL certificate instructions: (on wheezy we should remove a file in /etc/dovecot/conf.d/ ) -- sed -i -e 's#^ssl_cert_file.*$#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem#' -e 's#^ssl_key_file.*$#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key#' /etc/dovecot/dovecot.conf -+ ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = /etc/dovecot/conf.d/96_ssl.conf - - echo "SSL not configured" - echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install" -@@ -574,9 +574,11 @@ if [ "$HAS_ROOT" != "1" ]; then - fi - fi - --#giving vmail user read access on dovecot sql file --chgrp vmail /etc/dovecot/dovecot.conf --chmod g+r /etc/dovecot/dovecot.conf -+# giving vmail user read access on dovecot sql file -+chgrp vmail /etc/dovecot/alternc-sql.conf -+chmod g+r /etc/dovecot/alternc-sql.conf -+# Override some dovecot 2.0 configuration that may have happened during dovecot postinst: -+sed -i -e 's/^ *!include/#!include/' /etc/dovecot/conf.d/10-auth.conf - - # We force the re-computing of the DNS zones, since we may have changed the IP address (see #460) - /usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='UPDATE' WHERE gesdns=1;" diff --git a/wheezy/apache2.conf b/wheezy/apache2.conf new file mode 100644 index 00000000..a5920e1e --- /dev/null +++ b/wheezy/apache2.conf @@ -0,0 +1,43 @@ +diff --git a/etc/alternc/templates/alternc/apache2.conf b/etc/alternc/templates/alternc/apache2.conf +index 0732de07..514d695d 100644 +--- a/etc/alternc/templates/alternc/apache2.conf ++++ b/etc/alternc/templates/alternc/apache2.conf +@@ -9,9 +9,12 @@ + # Define the default user and group for mpm-itk + AssignUserId www-data www-data + ++# Logformat information ++Include /etc/alternc/apache_logformat.conf ++ + # Deny access to the root filesystem + +- Options +FollowSymLinks ++ Options FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all +@@ -42,7 +45,7 @@ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + + AllowOverride AuthConfig FileInfo Limit Options Indexes +- Options -Indexes +Includes -FollowSymLinks +MultiViews +SymLinksIfOwnerMatch ++ Options Indexes Includes -FollowSymLinks MultiViews SymLinksIfOwnerMatch + Order allow,deny + Allow from all + php_admin_flag safe_mode_gid off +@@ -62,13 +65,13 @@ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + + AllowOverride AuthConfig Options FileInfo Limit Indexes +- Options +Indexes +Includes +FollowSymLinks +MultiViews ++ Options Indexes Includes FollowSymLinks MultiViews + Order allow,deny + Allow from all + + + AllowOverride AuthConfig Options FileInfo Limit Indexes +- Options +Indexes +Includes +FollowSymLinks +MultiViews ++ Options Indexes Includes FollowSymLinks MultiViews + Order allow,deny + Allow from all + diff --git a/wheezy/bureau.conf b/wheezy/bureau.conf new file mode 100644 index 00000000..208ca040 --- /dev/null +++ b/wheezy/bureau.conf @@ -0,0 +1,11 @@ +diff --git a/etc/alternc/templates/alternc/bureau.conf b/etc/alternc/templates/alternc/bureau.conf +index 65bca635..aa7066b9 100644 +--- a/etc/alternc/templates/alternc/bureau.conf ++++ b/etc/alternc/templates/alternc/bureau.conf +@@ -33,5 +33,5 @@ + + + # will be used to define aliases such as /javascript /webmail /squirrelmail ... +- IncludeOptional /etc/alternc/apache-panel.d/*.conf ++ Include /etc/alternc/apache-panel.d/*.conf + diff --git a/wheezy/changelog b/wheezy/changelog new file mode 100644 index 00000000..77c98890 --- /dev/null +++ b/wheezy/changelog @@ -0,0 +1,22 @@ +diff --git a/debian/changelog b/debian/changelog +index 3ed86856..943f76d2 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,17 +1,3 @@ +-alternc (3.3.10) stable; urgency=low +- +- * Version identical to 3.1 for Squeeze +- * Includes small patches / dependency for apache & dovecot 2.0 for Jessie +- +- -- Benjamin Sonntag Fri, 15 Jan 2016 15:26:00 +0100 +- +-alternc (3.2.10) oldstable; urgency=low +- +- * Version identical to 3.1 for Squeeze +- * Includes a small dovecot patch / dependency for dovecot 2.0 for Wheezy +- +- -- Benjamin Sonntag Fri, 15 Jan 2016 15:26:00 +0100 +- + alternc (3.1.11) oldoldstable; urgency=low + + * fix This is a big security upgrade of AlternC 3.x diff --git a/wheezy/changelog.diff b/wheezy/changelog.diff deleted file mode 100644 index 47156ff7..00000000 --- a/wheezy/changelog.diff +++ /dev/null @@ -1,13 +0,0 @@ ---- changelog 2014-06-24 13:42:50.234304438 +0200 -+++ changelog.wheezy 2014-06-24 13:43:51.978313552 +0200 -@@ -1,3 +1,10 @@ -+alternc (3.2.10) oldstable; urgency=low -+ -+ * Version identical to 3.1 for Squeeze -+ * Includes a small dovecot patch / dependency for dovecot 2.0 for Wheezy -+ -+ -- Benjamin Sonntag Fri, 15 Jan 2016 15:26:00 +0100 -+ - alternc (3.1.11) oldoldstable; urgency=low - - * fix This is a big security upgrade of AlternC 3.x diff --git a/wheezy/config.inc.php b/wheezy/config.inc.php new file mode 100644 index 00000000..891252d2 --- /dev/null +++ b/wheezy/config.inc.php @@ -0,0 +1,449 @@ +diff --git a/roundcube/templates/roundcube/plugins/password/config.inc.php b/roundcube/templates/roundcube/plugins/password/config.inc.php +index 6d49ef6e..f2741c57 100644 +--- a/roundcube/templates/roundcube/plugins/password/config.inc.php ++++ b/roundcube/templates/roundcube/plugins/password/config.inc.php +@@ -1,56 +1,47 @@ + /dev/null'; ++$rcmail_config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null'; + + + // XMail Driver options + // --------------------- +-$config['xmail_host'] = 'localhost'; +-$config['xmail_user'] = 'YourXmailControlUser'; +-$config['xmail_pass'] = 'YourXmailControlPass'; +-$config['xmail_port'] = 6017; ++$rcmail_config['xmail_host'] = 'localhost'; ++$rcmail_config['xmail_user'] = 'YourXmailControlUser'; ++$rcmail_config['xmail_pass'] = 'YourXmailControlPass'; ++$rcmail_config['xmail_port'] = 6017; + + + // hMail Driver options +@@ -312,9 +293,9 @@ $config['xmail_port'] = 6017; + // Remote hMailServer configuration + // true: HMailserver is on a remote box (php.ini: com.allow_dcom = true) + // false: Hmailserver is on same box as PHP +-$config['hmailserver_remote_dcom'] = false; ++$rcmail_config['hmailserver_remote_dcom'] = false; + // Windows credentials +-$config['hmailserver_server'] = array( ++$rcmail_config['hmailserver_server'] = array( + 'Server' => 'localhost', // hostname or ip address + 'Username' => 'administrator', // windows username + 'Password' => 'password' // windows user password +@@ -332,70 +313,6 @@ $config['hmailserver_server'] = array( + // 5: domain-username + // 6: username_domain + // 7: domain_username +-$config['password_virtualmin_format'] = 0; +- +- +-// pw_usermod Driver options +-// -------------------------- +-// Use comma delimited exlist to disable password change for users +-// Add the following line to visudo to tighten security: +-// www ALL=NOPASSWORD: /usr/sbin/pw +-$config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n'; +- +- +-// DBMail Driver options +-// ------------------- +-// Additional arguments for the dbmail-users call +-$config['password_dbmail_args'] = '-p sha512'; +- +- +-// Expect Driver options +-// --------------------- +-// Location of expect binary +-$config['password_expect_bin'] = '/usr/bin/expect'; +- +-// Location of expect script (see helpers/passwd-expect) +-$config['password_expect_script'] = ''; +- +-// Arguments for the expect script. See the helpers/passwd-expect file for details. +-// This is probably a good starting default: +-// -telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log +-$config['password_expect_params'] = ''; +- +- +-// smb Driver options +-// --------------------- +-// Samba host (default: localhost) +-// Supported replacement variables: +-// %n - hostname ($_SERVER['SERVER_NAME']) +-// %t - hostname without the first part +-// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) +-$config['password_smb_host'] = 'localhost'; +-// Location of smbpasswd binary +-$config['password_smb_cmd'] = '/usr/bin/smbpasswd'; +- +-// gearman driver options +-// --------------------- +-// Gearman host (default: localhost) +-$config['password_gearman_host'] = 'localhost'; +- +- +- +-// Plesk/PPA Driver options +-// -------------------- +-// You need to allow RCP for IP of roundcube-server in Plesk/PPA Panel +- +-// Plesk RCP Host +-$config['password_plesk_host'] = '10.0.0.5'; +- +-// Plesk RPC Username +-$config['password_plesk_user'] = 'admin'; +- +-// Plesk RPC Password +-$config['password_plesk_pass'] = 'password'; +- +-// Plesk RPC Port +-$config['password_plesk_rpc_port'] = '8443'; ++$rcmail_config['password_virtualmin_format'] = 0; + +-// Plesk RPC Path +-$config['password_plesk_rpc_path'] = 'enterprise/control/agent.php'; ++?> diff --git a/wheezy/control b/wheezy/control new file mode 100644 index 00000000..0a1d6937 --- /dev/null +++ b/wheezy/control @@ -0,0 +1,51 @@ +diff --git a/debian/control b/debian/control +index 551f6171..394506f9 100644 +--- a/debian/control ++++ b/debian/control +@@ -38,19 +38,16 @@ Depends: debianutils (>= 1.13.1) + , sudo + , adduser + , dnsutils +- , dovecot-core (>=1:2.1.7) +- , dovecot-imapd (>=1:2.1.7) +- , dovecot-pop3d (>=1:2.1.7) +- , dovecot-mysql ++ , dovecot-common (>=1:1.2.15) ++ , dovecot-common(<< 1:2.0) ++ , dovecot-imapd (>= 1:1.2.15) ++ , dovecot-pop3d (>= 1:1.2.15) + , vlogger + , mailutils | mailx + , zip + , incron + , cron + , opendkim +- , opendkim-tools +- , dovecot-sieve +- , dovecot-managesieved + , mysql-client(>= 5.0) | mariadb-client + , php5-curl | php7.0-curl + , quota +@@ -126,18 +123,15 @@ Depends: debianutils (>= 1.13.1) + , gettext (>= 0.10.40-5) + , adduser + , sudo +- , dovecot-core (>=1:2.1.7) +- , dovecot-imapd (>=1:2.1.7) +- , dovecot-pop3d (>=1:2.1.7) +- , dovecot-mysql ++ , dovecot-common (>=1:1.2.15) ++ , dovecot-common(<< 1:2.0) ++ , dovecot-imapd (>= 1:1.2.15) ++ , dovecot-pop3d (>= 1:1.2.15) + , vlogger + , mailutils | mailx + , incron + , cron + , opendkim +- , opendkim-tools +- , dovecot-sieve +- , dovecot-managesieved + , mysql-client(>= 5.0) | mariadb-client + , php5-curl + , ${misc:Depends} diff --git a/wheezy/control.diff b/wheezy/control.diff deleted file mode 100644 index 3e6d38b0..00000000 --- a/wheezy/control.diff +++ /dev/null @@ -1,49 +0,0 @@ ---- control.squeeze 2017-10-06 12:01:52.272243664 +0200 -+++ control 2017-10-06 12:03:02.016307914 +0200 -@@ -38,16 +38,19 @@ - , sudo - , adduser - , dnsutils -- , dovecot-common (>=1:1.2.15) -- , dovecot-common(<< 1:2.0) -- , dovecot-imapd (>= 1:1.2.15) -- , dovecot-pop3d (>= 1:1.2.15) -+ , dovecot-common (>=1:2.1.7) -+ , dovecot-imapd -+ , dovecot-pop3d -+ , dovecot-mysql - , vlogger - , mailutils | mailx - , zip - , incron - , cron - , opendkim -+ , opendkim-tools -+ , dovecot-sieve -+ , dovecot-managesieved - , mysql-client(>= 5.0) | mariadb-client - , php5-curl - , quota -@@ -123,15 +126,18 @@ - , gettext (>= 0.10.40-5) - , adduser - , sudo -- , dovecot-common (>=1:1.2.15) -- , dovecot-common(<< 1:2.0) -- , dovecot-imapd (>= 1:1.2.15) -- , dovecot-pop3d (>= 1:1.2.15) -+ , dovecot-common (>=1:2.1.7) -+ , dovecot-imapd -+ , dovecot-pop3d -+ , dovecot-mysql - , vlogger - , mailutils | mailx - , incron - , cron - , opendkim -+ , opendkim-tools -+ , dovecot-sieve -+ , dovecot-managesieved - , mysql-client(>= 5.0) | mariadb-client - , php5-curl - , ${misc:Depends} diff --git a/wheezy/dovecot-dict-quota.conf b/wheezy/dovecot-dict-quota.conf new file mode 100644 index 00000000..d1987934 --- /dev/null +++ b/wheezy/dovecot-dict-quota.conf @@ -0,0 +1,53 @@ +diff --git a/etc/alternc/templates/dovecot/dovecot-dict-quota.conf b/etc/alternc/templates/dovecot/dovecot-dict-quota.conf +new file mode 100644 +index 00000000..8ad06548 +--- /dev/null ++++ b/etc/alternc/templates/dovecot/dovecot-dict-quota.conf +@@ -0,0 +1,47 @@ ++# AUTO GENERATED FILE ++# Modify template in /etc/alternc/templates/ ++# and launch alternc.install if you want ++# to modify this file. ++# ++ ++connect=host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% ++#connect = host=localhost dbname=mails user=testuser password=pass ++ ++# CREATE TABLE quota ( ++# username varchar(100) not null, ++# bytes bigint not null default 0, ++# messages integer not null default 0, ++# primary key (username) ++# ); ++ ++map { ++ pattern = priv/quota/storage ++ table = dovecot_quota ++ username_field = user ++ value_field = quota_dovecot ++} ++map { ++ pattern = priv/quota/messages ++ table = dovecot_quota ++ username_field = user ++ value_field = nb_messages ++} ++ ++# CREATE TABLE expires ( ++# username varchar(100) not null, ++# mailbox varchar(255) not null, ++# expire_stamp integer not null, ++# primary key (username, mailbox) ++# ); ++ ++#map { ++ # pattern = shared/expire/$user/$mailbox ++ # table = expires ++ # value_field = expire_stamp ++ ++ # fields { ++ # username = $user ++ # mailbox = $mailbox ++ # } ++#} ++ diff --git a/wheezy/dovecot-sql.conf b/wheezy/dovecot-sql.conf new file mode 100644 index 00000000..79c743ff --- /dev/null +++ b/wheezy/dovecot-sql.conf @@ -0,0 +1,138 @@ +diff --git a/etc/alternc/templates/dovecot/dovecot-sql.conf b/etc/alternc/templates/dovecot/dovecot-sql.conf +new file mode 100644 +index 00000000..befef217 +--- /dev/null ++++ b/etc/alternc/templates/dovecot/dovecot-sql.conf +@@ -0,0 +1,132 @@ ++# AUTO GENERATED FILE ++# Modify template in /etc/alternc/templates/ ++# and launch alternc.install if you want ++# to modify this file. ++# ++ ++# This file is opened as root, so it should be owned by root and mode 0600. ++# ++# http://wiki.dovecot.org/AuthDatabase/SQL ++# ++# For the sql passdb module, you'll need a database with a table that ++# contains fields for at least the username and password. If you want to ++# use the user@domain syntax, you might want to have a separate domain ++# field as well. ++# ++# If your users all have the same uig/gid, and have predictable home ++# directories, you can use the static userdb module to generate the home ++# dir based on the username and domain. In this case, you won't need fields ++# for home, uid, or gid in the database. ++# ++# If you prefer to use the sql userdb module, you'll want to add fields ++# for home, uid, and gid. Here is an example table: ++# ++# CREATE TABLE users ( ++# username VARCHAR(128) NOT NULL, ++# domain VARCHAR(128) NOT NULL, ++# password VARCHAR(64) NOT NULL, ++# home VARCHAR(255) NOT NULL, ++# uid INTEGER NOT NULL, ++# gid INTEGER NOT NULL, ++# active CHAR(1) DEFAULT 'Y' NOT NULL ++# ); ++ ++# Database driver: mysql, pgsql, sqlite ++driver = mysql ++ ++# Database connection string. This is driver-specific setting. ++# ++# pgsql: ++# For available options, see the PostgreSQL documention for the ++# PQconnectdb function of libpq. ++# ++# mysql: ++# Basic options emulate PostgreSQL option names: ++# host, port, user, password, dbname ++# ++# But also adds some new settings: ++# client_flags - See MySQL manual ++# ssl_ca, ssl_ca_path - Set either one or both to enable SSL ++# ssl_cert, ssl_key - For sending client-side certificates to server ++# ssl_cipher - Set minimum allowed cipher security (default: HIGH) ++# option_file - Read options from the given file instead of ++# the default my.cnf location ++# option_group - Read options from the given group (default: client) ++# ++# You can connect to UNIX sockets by using host: host=/var/run/mysqld/mysqld.sock ++# Note that currently you can't use spaces in parameters. ++# ++# MySQL supports multiple host parameters for load balancing / HA. ++# ++# sqlite: ++# The path to the database file. ++# ++# Examples: ++# connect = host=192.168.1.1 dbname=users ++# connect = host=sql.example.com dbname=virtual user=virtual password=blarg ++# connect = /etc/dovecot/authdb.sqlite ++# ++connect = host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% ++ ++# Default password scheme. ++# ++# List of supported schemes is in ++# http://wiki.dovecot.org/Authentication/PasswordSchemes ++# ++default_pass_scheme = MD5 ++ ++# passdb query to retrieve the password. It can return fields: ++# password - The user's password. This field must be returned. ++# user - user@domain from the database. Needed with case-insensitive lookups. ++# username and domain - An alternative way to represent the "user" field. ++# ++# The "user" field is often necessary with case-insensitive lookups to avoid ++# e.g. "name" and "nAme" logins creating two different mail directories. If ++# your user and domain names are in separate fields, you can return "username" ++# and "domain" fields instead of "user". ++# ++# The query can also return other fields which have a special meaning, see ++# http://wiki.dovecot.org/PasswordDatabase/ExtraFields ++# ++# Commonly used available substitutions (see http://wiki.dovecot.org/Variables ++# for full list): ++# %u = entire user@domain ++# %n = user part of user@domain ++# %d = domain part of user@domain ++# ++# Note that these can be used only as input to SQL query. If the query outputs ++# any of these substitutions, they're not touched. Otherwise it would be ++# difficult to have eg. usernames containing '%' characters. ++# ++# Example: ++# password_query = SELECT userid AS user, pw AS password \ ++# FROM users WHERE userid = '%u' AND active = 'Y' ++# ++#password_query = \ ++# SELECT username, domain, password \ ++# FROM users WHERE username = '%n' AND domain = '%d' ++ ++# userdb query to retrieve the user information. It can return fields: ++# uid - System UID (overrides mail_uid setting) ++# gid - System GID (overrides mail_gid setting) ++# home - Home directory ++# mail - Mail location (overrides mail_location setting) ++# ++# None of these are strictly required. If you use a single UID and GID, and ++# home or mail directory fits to a template string, you could use userdb static ++# instead. For a list of all fields that can be returned, see ++# http://wiki.dovecot.org/UserDatabase/ExtraFields ++# ++# Examples: ++# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' ++# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' ++# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' ++# ++user_query = SELECT userdb_home AS home, userdb_uid AS uid, 1998 AS gid, userdb_quota_rule AS quota_rule FROM dovecot_view WHERE user = '%u'; ++ ++# If you wish to avoid two SQL lookups (passdb + userdb), you can use ++# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll ++# also have to return userdb fields in password_query prefixed with "userdb_" ++# string. For example: ++password_query = SELECT user, password, userdb_home, userdb_uid, 1998 AS userdb_gid,userdb_quota_rule FROM dovecot_view where user= '%u'; ++ diff --git a/wheezy/dovecot.conf b/wheezy/dovecot.conf new file mode 100644 index 00000000..4121ec18 --- /dev/null +++ b/wheezy/dovecot.conf @@ -0,0 +1,1302 @@ +diff --git a/etc/alternc/templates/dovecot/dovecot.conf b/etc/alternc/templates/dovecot/dovecot.conf +new file mode 100644 +index 00000000..4af42e21 +--- /dev/null ++++ b/etc/alternc/templates/dovecot/dovecot.conf +@@ -0,0 +1,1296 @@ ++# AUTO GENERATED FILE ++# Modify template in /etc/alternc/templates/ ++# and launch alternc.install if you want ++# to modify this file. ++# ++## Dovecot configuration file ++ ++# If you're in a hurry, see http://wiki.dovecot.org/QuickConfiguration ++ ++# "dovecot -n" command gives a clean output of the changed settings. Use it ++# instead of copy&pasting this file when posting to the Dovecot mailing list. ++ ++# '#' character and everything after it is treated as comments. Extra spaces ++# and tabs are ignored. If you want to use either of these explicitly, put the ++# value inside quotes, eg.: key = "# char and trailing whitespace " ++ ++# Default values are shown for each setting, it's not required to uncomment ++# those. These are exceptions to this though: No sections (e.g. namespace {}) ++# or plugin settings are added by default, they're listed only as examples. ++# Paths are also just examples with the real defaults being based on configure ++# options. The paths listed here are for configure --prefix=/usr ++# --sysconfdir=/etc --localstatedir=/var --with-ssldir=/etc/ssl ++ ++# Base directory where to store runtime data. ++#base_dir = /var/run/dovecot ++ ++# Protocols we want to be serving: imap imaps pop3 pop3s managesieve ++# If you only want to use dovecot-auth, you can set this to "none". ++protocols = imap imaps pop3 pop3s managesieve ++ ++# A space separated list of IP or host addresses where to listen in for ++# connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6 ++# interfaces. Use "*, [::]" for listening both IPv4 and IPv6. ++# ++# If you want to specify ports for each service, you will need to configure ++# these settings inside the protocol imap/pop3/managesieve { ... } section, ++# so you can specify different ports for IMAP/POP3/MANAGESIEVE. For example: ++# protocol imap { ++# listen = *:10143 ++# ssl_listen = *:10943 ++# .. ++# } ++# protocol pop3 { ++# listen = *:10100 ++# .. ++# } ++# protocol managesieve { ++# listen = *:12000 ++# .. ++# } ++listen = * ++ ++# Disable LOGIN command and all other plaintext authentications unless ++# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP ++# matches the local IP (ie. you're connecting from the same computer), the ++# connection is considered secure and plaintext authentication is allowed. ++disable_plaintext_auth = yes ++ ++# Should all IMAP and POP3 processes be killed when Dovecot master process ++# shuts down. Setting this to "no" means that Dovecot can be upgraded without ++# forcing existing client connections to close (although that could also be ++# a problem if the upgrade is eg. because of a security fix). This however ++# means that after master process has died, the client processes can't write ++# to log files anymore. ++#shutdown_clients = yes ++ ++## ++## Logging ++## ++ ++# Log file to use for error messages, instead of sending them to syslog. ++# /dev/stderr can be used to log into stderr. ++#log_path = ++ ++# Log file to use for informational and debug messages. ++# Default is the same as log_path. ++#info_log_path = ++ ++# Prefix for each line written to log file. % codes are in strftime(3) ++# format. ++#log_timestamp = "%b %d %H:%M:%S " ++log_timestamp = "%Y-%m-%d %H:%M:%S " ++ ++# Syslog facility to use if you're logging to syslog. Usually if you don't ++# want to use "mail", you'll use local0..local7. Also other standard ++# facilities are supported. ++#syslog_facility = mail ++ ++## ++## SSL settings ++## ++ ++# IP or host address where to listen in for SSL connections. Remember to also ++# add imaps and/or pop3s to protocols setting. Defaults to same as "listen" ++# setting if not specified. ++#ssl_listen = ++ ++# SSL/TLS support: yes, no, required. ++ssl = required ++ ++# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before ++# dropping root privileges, so keep the key file unreadable by anyone but ++# root. ++ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ++#ssl_cert_file = /etc/alternc/apache.pem ++ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key ++#ssl_key_file = /etc/alternc/apache.pem ++ ++# If key file is password protected, give the password here. Alternatively ++# give it when starting dovecot with -p parameter. Since this file is often ++# world-readable, you may want to place this setting instead to a different ++# root owned 0600 file by using !include_try . ++#ssl_key_password = ++ ++# File containing trusted SSL certificate authorities. Set this only if you ++# intend to use ssl_verify_client_cert=yes. The CAfile should contain the ++# CA-certificate(s) followed by the matching CRL(s). ++#ssl_ca_file = ++ ++# Request client to send a certificate. If you also want to require it, set ++# ssl_require_client_cert=yes in auth section. ++#ssl_verify_client_cert = no ++ ++# Which field from certificate to use for username. commonName and ++# x500UniqueIdentifier are the usual choices. You'll also need to set ++# ssl_username_from_cert=yes. ++#ssl_cert_username_field = commonName ++ ++# How often to regenerate the SSL parameters file. Generation is quite CPU ++# intensive operation. The value is in hours, 0 disables regeneration ++# entirely. ++#ssl_parameters_regenerate = 168 ++ ++# SSL ciphers to use ++#ssl_cipher_list = ALL:!LOW:!SSLv2 ++ ++# Show protocol level SSL errors. ++#verbose_ssl = no ++ ++## ++## Login processes ++## ++ ++# ++ ++# Directory where authentication process places authentication UNIX sockets ++# which login needs to be able to connect to. The sockets are created when ++# running as root, so you don't have to worry about permissions. Note that ++# everything in this directory is deleted when Dovecot is started. ++#login_dir = /var/run/dovecot/login ++ ++# chroot login process to the login_dir. Only reason not to do this is if you ++# wish to run the whole Dovecot without roots. ++#login_chroot = yes ++ ++# User to use for the login process. Create a completely new user for this, ++# and don't use it anywhere else. The user must also belong to a group where ++# only it has access, it's used to control access for authentication process. ++# Note that this user is NOT used to access mails. ++#login_user = dovecot ++ ++# Set max. process size in megabytes. If you don't use ++# login_process_per_connection you might need to grow this. ++#login_process_size = 64 ++ ++# Should each login be processed in it's own process (yes), or should one ++# login process be allowed to process multiple connections (no)? Yes is more ++# secure, espcially with SSL/TLS enabled. No is faster since there's no need ++# to create processes all the time. ++#login_process_per_connection = yes ++ ++# Number of login processes to keep for listening new connections. ++#login_processes_count = 3 ++ ++# Maximum number of login processes to create. The listening process count ++# usually stays at login_processes_count, but when multiple users start logging ++# in at the same time more extra processes are created. To prevent fork-bombing ++# we check only once in a second if new processes should be created - if all ++# of them are used at the time, we double their amount until the limit set by ++# this setting is reached. ++#login_max_processes_count = 128 ++ ++# Maximum number of connections allowed per each login process. This setting ++# is used only if login_process_per_connection=no. Once the limit is reached, ++# the process notifies master so that it can create a new login process. ++#login_max_connections = 256 ++ ++# Greeting message for clients. ++#login_greeting = Dovecot ready. ++ ++# Space separated list of trusted network ranges. Connections from these ++# IPs are allowed to override their IP addresses and ports (for logging and ++# for authentication checks). disable_plaintext_auth is also ignored for ++# these networks. Typically you'd specify your IMAP proxy servers here. ++#login_trusted_networks = ++ ++# Space-separated list of elements we want to log. The elements which have ++# a non-empty variable value are joined together to form a comma-separated ++# string. ++#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c ++ ++# Login log format. %$ contains login_log_format_elements string, %s contains ++# the data we want to log. ++#login_log_format = %$: %s ++ ++## ++## Mailbox locations and namespaces ++## ++ ++# Location for users' mailboxes. This is the same as the old default_mail_env ++# setting. The default is empty, which means that Dovecot tries to find the ++# mailboxes automatically. This won't work if the user doesn't have any mail ++# yet, so you should explicitly tell Dovecot the full location. ++# ++# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) ++# isn't enough. You'll also need to tell Dovecot where the other mailboxes are ++# kept. This is called the "root mail directory", and it must be the first ++# path given in the mail_location setting. ++# ++# There are a few special variables you can use, eg.: ++# ++# %u - username ++# %n - user part in user@domain, same as %u if there's no domain ++# %d - domain part in user@domain, empty if there's no domain ++# %h - home directory ++# ++# See for full list. ++# Some examples: ++# ++# mail_location = maildir:~/Maildir ++# mail_location = mbox:~/mail:INBOX=/var/mail/%u ++# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n ++# ++# ++# ++mail_location = maildir:~/Maildir ++ ++# If you need to set multiple mailbox locations or want to change default ++# namespace settings, you can do it by defining namespace sections. ++# ++# You can have private, shared and public namespaces. Private namespaces ++# are for user's personal mails. Shared namespaces are for accessing other ++# users' mailboxes that have been shared. Public namespaces are for shared ++# mailboxes that are managed by sysadmin. If you create any shared or public ++# namespaces you'll typically want to enable ACL plugin also, otherwise all ++# users can access all the shared mailboxes, assuming they have permissions ++# on filesystem level to do so. ++# ++# REMEMBER: If you add any namespaces, the default namespace must be added ++# explicitly, ie. mail_location does nothing unless you have a namespace ++# without a location setting. Default namespace is simply done by having a ++# namespace with empty prefix. ++#namespace private { ++ # Hierarchy separator to use. You should use the same separator for all ++ # namespaces or some clients get confused. '/' is usually a good one. ++ # The default however depends on the underlying mail storage format. ++ # separator = . ++ ++ # Prefix required to access this namespace. This needs to be different for ++ # all namespaces. For example "Public/". ++ # prefix = INBOX. ++ ++ # Physical location of the mailbox. This is in same format as ++ # mail_location, which is also the default for it. ++ #location = ++ ++ # There can be only one INBOX, and this setting defines which namespace ++ # has it. ++ #inbox = yes ++ ++ # If namespace is hidden, it's not advertised to clients via NAMESPACE ++ # extension. You'll most likely also want to set list=no. This is mostly ++ # useful when converting from another server with different namespaces which ++ # you want to deprecate but still keep working. For example you can create ++ # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". ++ #hidden = yes ++ ++ # Show the mailboxes under this namespace with LIST command. This makes the ++ # namespace visible for clients that don't support NAMESPACE extension. ++ # "children" value lists child mailboxes, but hides the namespace prefix. ++ #list = yes ++ ++ # Namespace handles its own subscriptions. If set to "no", the parent ++ # namespace handles them (empty prefix should always have this as "yes") ++ #subscriptions = yes ++#} ++ ++# Example shared namespace configuration ++#namespace shared { ++ #separator = / ++ ++ # Mailboxes are visible under "shared/user@domain/" ++ # %%n, %%d and %%u are expanded to the destination user. ++ #prefix = shared/%%u/ ++ ++ # Mail location for other users' mailboxes. Note that %variables and ~/ ++ # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the ++ # destination user's data. ++ #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u ++ ++ # Use the default namespace for saving subscriptions. ++ #subscriptions = no ++ ++ # List the shared/ namespace only if there are visible shared mailboxes. ++ #list = children ++#} ++ ++# System user and group used to access mails. If you use multiple, userdb ++# can override these by returning uid or gid fields. You can use either numbers ++# or names. ++#mail_uid = ++#mail_gid = ++ ++# Group to enable temporarily for privileged operations. Currently this is ++# used only with INBOX when either its initial creation or dotlocking fails. ++# Typically this is set to "mail" to give access to /var/mail. ++#mail_privileged_group = ++mail_privileged_group = vmail ++ ++# Grant access to these supplementary groups for mail processes. Typically ++# these are used to set up access to shared mailboxes. Note that it may be ++# dangerous to set these if users can create symlinks (e.g. if "mail" group is ++# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' ++# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). ++#mail_access_groups = ++ ++# Allow full filesystem access to clients. There's no access checks other than ++# what the operating system does for the active UID/GID. It works with both ++# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ ++# or ~user/. ++#mail_full_filesystem_access = no ++ ++## ++## Mail processes ++## ++ ++# Enable mail process debugging. This can help you figure out why Dovecot ++# isn't finding your mails. ++#mail_debug = no ++ ++# Log prefix for mail processes. See ++# for list of possible variables you can use. ++#mail_log_prefix = "%Us(%u): " ++ ++# Max. number of lines a mail process is allowed to log per second before it's ++# throttled. 0 means unlimited. Typically there's no need to change this ++# unless you're using mail_log plugin, which may log a lot. This setting is ++# ignored while mail_debug=yes to avoid pointless throttling. ++#mail_log_max_lines_per_sec = 10 ++ ++# Don't use mmap() at all. This is required if you store indexes to shared ++# filesystems (NFS or clustered filesystem). ++#mmap_disable = no ++ ++# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL ++# since version 3, so this should be safe to use nowadays by default. ++#dotlock_use_excl = yes ++ ++# Don't use fsync() or fdatasync() calls. This makes the performance better ++# at the cost of potential data loss if the server (or the file server) ++# goes down. ++#fsync_disable = no ++ ++# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches ++# whenever needed. If you're using only a single mail server this isn't needed. ++#mail_nfs_storage = no ++# Mail index files also exist in NFS. Setting this to yes requires ++# mmap_disable=yes and fsync_disable=no. ++#mail_nfs_index = no ++ ++# Locking method for index files. Alternatives are fcntl, flock and dotlock. ++# Dotlocking uses some tricks which may create more disk I/O than other locking ++# methods. NFS users: flock doesn't work, remember to change mmap_disable. ++#lock_method = fcntl ++ ++# Drop all privileges before exec()ing the mail process. This is mostly ++# meant for debugging, otherwise you don't get core dumps. It could be a small ++# security risk if you use single UID for multiple users, as the users could ++# ptrace() each others processes then. ++#mail_drop_priv_before_exec = no ++ ++# Show more verbose process titles (in ps). Currently shows user name and ++# IP address. Useful for seeing who are actually using the IMAP processes ++# (eg. shared mailboxes or if same uid is used for multiple accounts). ++#verbose_proctitle = no ++ ++# Valid UID range for users, defaults to 500 and above. This is mostly ++# to make sure that users can't log in as daemons or other system users. ++# Note that denying root logins is hardcoded to dovecot binary and can't ++# be done even if first_valid_uid is set to 0. ++first_valid_uid = 2000 ++last_valid_uid = 65000 ++ ++# Valid GID range for users, defaults to non-root/wheel. Users having ++# non-valid GID as primary group ID aren't allowed to log in. If user ++# belongs to supplementary groups with non-valid GIDs, those groups are ++# not set. ++#first_valid_gid = 1 ++#last_valid_gid = 0 ++ ++# Maximum number of running mail processes. When this limit is reached, ++# new users aren't allowed to log in. ++#max_mail_processes = 512 ++ ++# Set max. process size in megabytes. Most of the memory goes to mmap()ing ++# files, so it shouldn't harm much even if this limit is set pretty high. ++#mail_process_size = 256 ++ ++# Maximum allowed length for mail keyword name. It's only forced when trying ++# to create new keywords. ++#mail_max_keyword_length = 50 ++ ++# ':' separated list of directories under which chrooting is allowed for mail ++# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). ++# This setting doesn't affect login_chroot, mail_chroot or auth chroot ++# settings. If this setting is empty, "/./" in home dirs are ignored. ++# WARNING: Never add directories here which local users can modify, that ++# may lead to root exploit. Usually this should be done only if you don't ++# allow shell access for users. ++#valid_chroot_dirs = ++ ++# Default chroot directory for mail processes. This can be overridden for ++# specific users in user database by giving /./ in user's home directory ++# (eg. /home/./user chroots into /home). Note that usually there is no real ++# need to do chrooting, Dovecot doesn't allow users to access files outside ++# their mail directory anyway. If your home directories are prefixed with ++# the chroot directory, append "/." to mail_chroot. ++#mail_chroot = ++ ++## ++## Mailbox handling optimizations ++## ++ ++# The minimum number of mails in a mailbox before updates are done to cache ++# file. This allows optimizing Dovecot's behavior to do less disk writes at ++# the cost of more disk reads. ++#mail_cache_min_mail_count = 0 ++ ++# When IDLE command is running, mailbox is checked once in a while to see if ++# there are any new mails or other changes. This setting defines the minimum ++# time in seconds to wait between those checks. Dovecot can also use dnotify, ++# inotify and kqueue to find out immediately when changes occur. ++#mailbox_idle_check_interval = 30 ++ ++# Save mails with CR+LF instead of plain LF. This makes sending those mails ++# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. ++# But it also creates a bit more disk I/O which may just make it slower. ++# Also note that if other software reads the mboxes/maildirs, they may handle ++# the extra CRs wrong and cause problems. ++#mail_save_crlf = no ++ ++## ++## Maildir-specific settings ++## ++ ++# By default LIST command returns all entries in maildir beginning with a dot. ++# Enabling this option makes Dovecot return only entries which are directories. ++# This is done by stat()ing each entry, so it causes more disk I/O. ++# (For systems setting struct dirent->d_type, this check is free and it's ++# done always regardless of this setting) ++#maildir_stat_dirs = no ++ ++# When copying a message, do it with hard links whenever possible. This makes ++# the performance much better, and it's unlikely to have any side effects. ++#maildir_copy_with_hardlinks = yes ++ ++# When copying a message, try to preserve the base filename. Only if the ++# destination mailbox already contains the same name (ie. the mail is being ++# copied there twice), a new name is given. The destination filename check is ++# done only by looking at dovecot-uidlist file, so if something outside ++# Dovecot does similar filename preserving copies, you may run into problems. ++# NOTE: This setting requires maildir_copy_with_hardlinks = yes to work. ++#maildir_copy_preserve_filename = no ++ ++# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only ++# when its mtime changes unexpectedly or when we can't find the mail otherwise. ++#maildir_very_dirty_syncs = no ++ ++## ++## mbox-specific settings ++## ++ ++# Which locking methods to use for locking mbox. There are four available: ++# dotlock: Create .lock file. This is the oldest and most NFS-safe ++# solution. If you want to use /var/mail/ like directory, the users ++# will need write access to that directory. ++# dotlock_try: Same as dotlock, but if it fails because of permissions or ++# because there isn't enough disk space, just skip it. ++# fcntl : Use this if possible. Works with NFS too if lockd is used. ++# flock : May not exist in all systems. Doesn't work with NFS. ++# lockf : May not exist in all systems. Doesn't work with NFS. ++# ++# You can use multiple locking methods; if you do the order they're declared ++# in is important to avoid deadlocks if other MTAs/MUAs are using multiple ++# locking methods as well. Some operating systems don't allow using some of ++# them simultaneously. ++# ++# The Debian value for mbox_write_locks differs from upstream Dovecot. It is ++# changed to be compliant with Debian Policy (section 11.6) for NFS safety. ++# Dovecot: mbox_write_locks = dotlock fcntl ++# Debian: mbox_write_locks = fcntl dotlock ++# ++#mbox_read_locks = fcntl ++#mbox_write_locks = fcntl dotlock ++ ++# Maximum time in seconds to wait for lock (all of them) before aborting. ++#mbox_lock_timeout = 300 ++ ++# If dotlock exists but the mailbox isn't modified in any way, override the ++# lock file after this many seconds. ++#mbox_dotlock_change_timeout = 120 ++ ++# When mbox changes unexpectedly we have to fully read it to find out what ++# changed. If the mbox is large this can take a long time. Since the change ++# is usually just a newly appended mail, it'd be faster to simply read the ++# new mails. If this setting is enabled, Dovecot does this but still safely ++# fallbacks to re-reading the whole mbox file whenever something in mbox isn't ++# how it's expected to be. The only real downside to this setting is that if ++# some other MUA changes message flags, Dovecot doesn't notice it immediately. ++# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK ++# commands. ++#mbox_dirty_syncs = yes ++ ++# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, ++# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. ++#mbox_very_dirty_syncs = no ++ ++# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK ++# commands and when closing the mailbox). This is especially useful for POP3 ++# where clients often delete all mails. The downside is that our changes ++# aren't immediately visible to other MUAs. ++#mbox_lazy_writes = yes ++ ++# If mbox size is smaller than this (in kilobytes), don't write index files. ++# If an index file already exists it's still read, just not updated. ++#mbox_min_index_size = 0 ++ ++## ++## dbox-specific settings ++## ++ ++# Maximum dbox file size in kilobytes until it's rotated. ++#dbox_rotate_size = 2048 ++ ++# Minimum dbox file size in kilobytes before it's rotated ++# (overrides dbox_rotate_days) ++#dbox_rotate_min_size = 16 ++ ++# Maximum dbox file age in days until it's rotated. Day always begins from ++# midnight, so 1 = today, 2 = yesterday, etc. 0 = check disabled. ++#dbox_rotate_days = 0 ++ ++## ++## IMAP specific settings ++## ++ ++protocol imap { ++ # Login executable location. ++ #login_executable = /usr/lib/dovecot/imap-login ++ ++ # IMAP executable location. Changing this allows you to execute other ++ # binaries before the imap process is executed. ++ # ++ # This would write rawlogs into user's ~/dovecot.rawlog/, if it exists: ++ # mail_executable = /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap ++ # ++ # ++ # This would attach gdb into the imap process and write backtraces into ++ # /tmp/gdbhelper.* files: ++ # mail_executable = /usr/lib/dovecot/gdbhelper /usr/lib/dovecot/imap ++ # ++ mail_executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/imap ++ ++ # Maximum IMAP command line length in bytes. Some clients generate very long ++ # command lines with huge mailboxes, so you may need to raise this if you get ++ # "Too long argument" or "IMAP command line too large" errors often. ++ #imap_max_line_length = 65536 ++ ++ # Maximum number of IMAP connections allowed for a user from each IP address. ++ # NOTE: The username is compared case-sensitively. ++ #mail_max_userip_connections = 10 ++ ++ # Support for dynamically loadable plugins. mail_plugins is a space separated ++ # list of plugins to load. ++ #mail_plugins = ++ mail_plugins = quota imap_quota ++ #mail_plugin_dir = /usr/lib/dovecot/modules/imap ++ ++ # IMAP logout format string: ++ # %i - total number of bytes read from client ++ # %o - total number of bytes sent to client ++ #imap_logout_format = bytes=%i/%o ++ ++ # Override the IMAP CAPABILITY response. ++ #imap_capability = ++ ++ # How many seconds to wait between "OK Still here" notifications when ++ # client is IDLEing. ++ #imap_idle_notify_interval = 120 ++ ++ # ID field names and values to send to clients. Using * as the value makes ++ # Dovecot use the default value. The following fields have default values ++ # currently: name, version, os, os-version, support-url, support-email. ++ #imap_id_send = ++ ++ # ID fields sent by client to log. * means everything. ++ #imap_id_log = ++ ++ # Workarounds for various client bugs: ++ # delay-newmail: ++ # Send EXISTS/RECENT new mail notifications only when replying to NOOP ++ # and CHECK commands. Some clients ignore them otherwise, for example OSX ++ # Mail ( (e.g. %Uf for the ++ # filename in uppercase) ++ # ++ # %v - Mailbox's IMAP UIDVALIDITY ++ # %u - Mail's IMAP UID ++ # %m - MD5 sum of the mailbox headers in hex (mbox only) ++ # %f - filename (maildir only) ++ # ++ # If you want UIDL compatibility with other POP3 servers, use: ++ # UW's ipop3d : %08Xv%08Xu ++ # Courier : %f or %v-%u (both might be used simultaneosly) ++ # Cyrus (<= 2.1.3) : %u ++ # Cyrus (>= 2.1.4) : %v.%u ++ # Dovecot v0.99.x : %v.%u ++ # tpop3d : %Mf ++ # ++ # Note that Outlook 2003 seems to have problems with %v.%u format which was ++ # Dovecot's default, so if you're building a new server it would be a good ++ # idea to change this. %08Xu%08Xv should be pretty fail-safe. ++ # ++ pop3_uidl_format = %08Xu%08Xv ++ ++ # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes ++ # won't change those UIDLs. Currently this works only with Maildir. ++ #pop3_save_uidl = no ++ ++ # POP3 logout format string: ++ # %i - total number of bytes read from client ++ # %o - total number of bytes sent to client ++ # %t - number of TOP commands ++ # %p - number of bytes sent to client as a result of TOP command ++ # %r - number of RETR commands ++ # %b - number of bytes sent to client as a result of RETR command ++ # %d - number of deleted messages ++ # %m - number of messages (before deletion) ++ # %s - mailbox size in bytes (before deletion) ++ #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s ++ ++ # Maximum number of POP3 connections allowed for a user from each IP address. ++ # NOTE: The username is compared case-sensitively. ++ #mail_max_userip_connections = 3 ++ ++ # Support for dynamically loadable plugins. mail_plugins is a space separated ++ # list of plugins to load. ++ #mail_plugins = ++ mail_plugins = quota ++ #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 ++ ++ # Workarounds for various client bugs: ++ # outlook-no-nuls: ++ # Outlook and Outlook Express hang if mails contain NUL characters. ++ # This setting replaces them with 0x80 character. ++ # oe-ns-eoh: ++ # Outlook Express and Netscape Mail breaks if end of headers-line is ++ # missing. This option simply sends it if it's missing. ++ # The list is space-separated. ++ #pop3_client_workarounds = ++} ++ ++## ++## ManageSieve specific settings ++## ++ ++protocol managesieve { ++ # Login executable location. ++ #login_executable = /usr/lib/dovecot/managesieve-login ++ ++ # ManageSieve executable location. See IMAP's mail_executable above for ++ # examples how this could be changed. ++ mail_executable = /usr/lib/dovecot/managesieve ++ ++ # Maximum ManageSieve command line length in bytes. This setting is ++ # directly borrowed from IMAP. But, since long command lines are very ++ # unlikely with ManageSieve, changing this will not be very useful. ++ #managesieve_max_line_length = 65536 ++ ++ # ManageSieve logout format string: ++ # %i - total number of bytes read from client ++ # %o - total number of bytes sent to client ++ #managesieve_logout_format = bytes=%i/%o ++ ++ # If, for some inobvious reason, the sieve_storage remains unset, the ++ # ManageSieve daemon uses the specification of the mail_location to find out ++ # where to store the sieve files (see explaination in README.managesieve). ++ # The example below, when uncommented, overrides any global mail_location ++ # specification and stores all the scripts in '~/mail/sieve' if sieve_storage ++ # is unset. However, you should always use the sieve_storage setting. ++ # mail_location = mbox:~/mail ++ ++ # To fool ManageSieve clients that are focused on timesieved you can ++ # specify the IMPLEMENTATION capability that the dovecot reports to clients ++ # (default: "dovecot"). ++ #managesieve_implementation_string = Cyrus timsieved v2.2.13 ++} ++ ++## ++## LDA specific settings ++## ++ ++protocol lda { ++ # Address to use when sending rejection mails (e.g. postmaster@example.com). ++ postmaster_address = postmaster@localhost ++ ++ # Hostname to use in various parts of sent mails, eg. in Message-Id. ++ # Default is the system's real hostname. ++ #hostname = ++ ++ # Support for dynamically loadable plugins. mail_plugins is a space separated ++ # list of plugins to load. ++ mail_plugins = quota sieve ++ #mail_plugin_dir = /usr/lib/dovecot/modules/lda ++ ++ # If user is over quota, return with temporary failure instead of ++ # bouncing the mail. ++ #quota_full_tempfail = no ++ ++ # Format to use for logging mail deliveries. You can use variables: ++ # %$ - Delivery status message (e.g. "saved to INBOX") ++ # %m - Message-ID ++ # %s - Subject ++ # %f - From address ++ #deliver_log_format = msgid=%m: %$ ++ ++ # Binary to use for sending mails. ++ #sendmail_path = /usr/sbin/sendmail ++ ++ # Subject: header to use for rejection mails. You can use the same variables ++ # as for rejection_reason below. ++ #rejection_subject = Rejected: %s ++ ++ # Human readable error message for rejection mails. You can use variables: ++ # %n = CRLF, %r = reason, %s = original subject, %t = recipient ++ #rejection_reason = Your message to <%t> was automatically rejected:%n%r ++ ++ # UNIX socket path to master authentication server to find users. ++ auth_socket_path = /var/run/dovecot/auth-master ++} ++ ++## ++## Authentication processes ++## ++ ++# Executable location ++#auth_executable = /usr/lib/dovecot/dovecot-auth ++ ++# Set max. process size in megabytes. ++#auth_process_size = 256 ++ ++# Authentication cache size in kilobytes. 0 means it's disabled. ++# Note that bsdauth, PAM and vpopmail require cache_key to be set for caching ++# to be used. ++#auth_cache_size = 0 ++# Time to live in seconds for cached data. After this many seconds the cached ++# record is no longer used, *except* if the main database lookup returns ++# internal failure. We also try to handle password changes automatically: If ++# user's previous authentication was successful, but this one wasn't, the ++# cache isn't used. For now this works only with plaintext authentication. ++#auth_cache_ttl = 3600 ++# TTL for negative hits (user not found, password mismatch). ++# 0 disables caching them completely. ++#auth_cache_negative_ttl = 3600 ++ ++# Space separated list of realms for SASL authentication mechanisms that need ++# them. You can leave it empty if you don't want to support multiple realms. ++# Many clients simply use the first one listed here, so keep the default realm ++# first. ++#auth_realms = ++ ++# Default realm/domain to use if none was specified. This is used for both ++# SASL realms and appending @domain to username in plaintext logins. ++#auth_default_realm = ++ ++# List of allowed characters in username. If the user-given username contains ++# a character not listed in here, the login automatically fails. This is just ++# an extra check to make sure user can't exploit any potential quote escaping ++# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, ++# set this value to empty. ++#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ ++ ++# Username character translations before it's looked up from databases. The ++# value contains series of from -> to characters. For example "#@/@" means ++# that '#' and '/' characters are translated to '@'. ++#auth_username_translation = ++ ++# Username formatting before it's looked up from databases. You can use ++# the standard variables here, eg. %Lu would lowercase the username, %n would ++# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into ++# "-AT-". This translation is done after auth_username_translation changes. ++#auth_username_format = ++ ++# If you want to allow master users to log in by specifying the master ++# username within the normal username string (ie. not using SASL mechanism's ++# support for it), you can specify the separator character here. The format ++# is then . UW-IMAP uses "*" as the ++# separator, so that could be a good choice. ++#auth_master_user_separator = ++ ++# Username to use for users logging in with ANONYMOUS SASL mechanism ++#auth_anonymous_username = anonymous ++ ++# Log unsuccessful authentication attempts and the reasons why they failed. ++#auth_verbose = no ++ ++# Even more verbose logging for debugging purposes. Shows for example SQL ++# queries. ++#auth_debug = no ++ ++# In case of password mismatches, log the passwords and used scheme so the ++# problem can be debugged. Enabling this also enables auth_debug. ++#auth_debug_passwords = no ++ ++# Maximum number of dovecot-auth worker processes. They're used to execute ++# blocking passdb and userdb queries (eg. MySQL and PAM). They're ++# automatically created and destroyed as needed. ++#auth_worker_max_count = 30 ++ ++# Host name to use in GSSAPI principal names. The default is to use the ++# name returned by gethostname(). Use "$ALL" to allow all keytab entries. ++#auth_gssapi_hostname = ++ ++# Kerberos keytab to use for the GSSAPI mechanism. Will use the system ++# default (usually /etc/krb5.keytab) if not specified. ++#auth_krb5_keytab = ++ ++# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and ++# ntlm_auth helper. ++# ++#auth_use_winbind = no ++ ++# Path for Samba's ntlm_auth helper binary. ++#auth_winbind_helper_path = /usr/bin/ntlm_auth ++ ++# Number of seconds to delay before replying to failed authentications. ++#auth_failure_delay = 2 ++ ++auth default { ++ # Space separated list of wanted authentication mechanisms: ++ # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey ++ # gss-spnego ++ # NOTE: See also disable_plaintext_auth setting. ++ mechanisms = plain login ++ ++ # ++ # Password database is used to verify user's password (and nothing more). ++ # You can have multiple passdbs and userdbs. This is useful if you want to ++ # allow both system users (/etc/passwd) and virtual users to login without ++ # duplicating the system users into virtual database. ++ # ++ # ++ # ++ # By adding master=yes setting inside a passdb you make the passdb a list ++ # of "master users", who can log in as anyone else. Unless you're using PAM, ++ # you probably still want the destination user to be looked up from passdb ++ # that it really exists. This can be done by adding pass=yes setting to the ++ # master passdb. ++ ++ # Users can be temporarily disabled by adding a passdb with deny=yes. ++ # If the user is found from that database, authentication will fail. ++ # The deny passdb should always be specified before others, so it gets ++ # checked first. Here's an example: ++ ++ #passdb passwd-file { ++ # File contains a list of usernames, one per line ++ #args = /etc/dovecot/dovecot.deny ++ #deny = yes ++ #} ++ ++ # PAM authentication. Preferred nowadays by most systems. ++ # Note that PAM can only be used to verify if user's password is correct, ++ # so it can't be used as userdb. If you don't want to use a separate user ++ # database (passwd usually), you can use static userdb. ++ # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM ++ # authentication to actually work. ++ #passdb pam { ++ # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=] ++ # [cache_key=] [] ++ # ++ # session=yes makes Dovecot open and immediately close PAM session. Some ++ # PAM plugins need this to work, such as pam_mkhomedir. ++ # ++ # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins ++ # need that. They aren't ever deleted though, so this isn't enabled by ++ # default. ++ # ++ # max_requests specifies how many PAM lookups to do in one process before ++ # recreating the process. The default is 100, because many PAM plugins ++ # leak memory. ++ # ++ # cache_key can be used to enable authentication caching for PAM ++ # (auth_cache_size also needs to be set). It isn't enabled by default ++ # because PAM modules can do all kinds of checks besides checking password, ++ # such as checking IP address. Dovecot can't know about these checks ++ # without some help. cache_key is simply a list of variables (see ++ # /usr/share/doc/dovecot-common/wiki/Variables.txt) which must match ++ # for the cached data to be used. ++ # Here are some examples: ++ # %u - Username must match. Probably sufficient for most uses. ++ # %u%r - Username and remote IP address must match. ++ # %u%s - Username and service (ie. IMAP, POP3) must match. ++ # ++ # The service name can contain variables, for example %Ls expands to ++ # pop3 or imap. ++ # ++ # Some examples: ++ # args = session=yes %Ls ++ # args = cache_key=%u dovecot ++ #args = dovecot ++ #} ++ ++ # System users (NSS, /etc/passwd, or similiar) ++ # In many systems nowadays this uses Name Service Switch, which is ++ # configured in /etc/nsswitch.conf. ++ #passdb passwd { ++ # [blocking=yes] - See userdb passwd for explanation ++ #args = ++ #} ++ ++ # Shadow passwords for system users (NSS, /etc/shadow or similiar). ++ # Deprecated by PAM nowadays. ++ # ++ #passdb shadow { ++ # [blocking=yes] - See userdb passwd for explanation ++ #args = ++ #} ++ ++ # PAM-like authentication for OpenBSD. ++ # ++ #passdb bsdauth { ++ # [cache_key=] - See cache_key in PAM for explanation. ++ #args = ++ #} ++ ++ # passwd-like file with specified location ++ # ++ #passdb passwd-file { ++ # [scheme=] [username_format=] ++ # ++ #args = ++ #} ++ ++ # checkpassword executable authentication ++ # NOTE: You will probably want to use "userdb prefetch" with this. ++ # ++ #passdb checkpassword { ++ # Path for checkpassword binary ++ #args = ++ #} ++ ++ # SQL database ++ passdb sql { ++ # Path for SQL configuration file ++ args = /etc/dovecot/dovecot-sql.conf ++ } ++ ++ # LDAP database ++ #passdb ldap { ++ # Path for LDAP configuration file ++ #args = /etc/dovecot/dovecot-ldap.conf ++ #} ++ ++ # vpopmail authentication ++ #passdb vpopmail { ++ # [cache_key=] - See cache_key in PAM for explanation. ++ # [quota_template=