kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

removing patches for jessie / wheezy

This commit is contained in:
Benjamin Sonntag 2018-06-21 18:02:16 +02:00
parent 19871eb355
commit eae85dcbe7
20 changed files with 0 additions and 2330 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
jessie/alternc-roundcube.postinst
View File

@ -1,49 +0,0 @@
#!/bin/bash
set -e
# Source debconf library.
. /usr/share/debconf/confmodule
CONFIGFILE="/etc/alternc/local.sh"
LOGROTATE="/etc/logrotate.d/roundcube-core"
case "$1" in
configure)
# add alternc-roundcube user for php-itk special rights
if ! getent passwd alternc-roundcube; then
useradd -g nogroup -u 1996 alternc-roundcube -d /usr/share/roundcube
fi
# removed from 3.1 & 3.2 :
dpkg-statoverride --list /var/lib/roundcube/temp >/dev/null &&
dpkg-statoverride --remove /var/lib/roundcube/temp
chown -R www-data:root /var/lib/roundcube/temp
chmod -R 750 /var/lib/roundcube/temp
dpkg-statoverride --list /etc/roundcube/debian-db.php >/dev/null &&
dpkg-statoverride --remove /etc/roundcube/debian-db.php
chown -R www-data:root /etc/roundcube/debian-db.php
chmod -R 460 /etc/roundcube/debian-db.php
dpkg-statoverride --list /etc/roundcube/config.inc.php >/dev/null &&
dpkg-statoverride --remove /etc/roundcube/config.inc.php
chown -R www-data:root /etc/roundcube/config.inc.php
chmod -R 460 /etc/roundcube/config.inc.php
dpkg-statoverride --list /var/log/roundcube >/dev/null &&
dpkg-statoverride --remove /var/log/roundcube
chown -R www-data:root /var/log/roundcube
chmod -R 750 /var/log/roundcube
echo "**********************************************"
echo "* ALTERNC-ROUNDCUBE: *"
echo "* Please run alternc.install to fully deploy *"
echo "**********************************************"
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#

67
jessie/alternc-ssl.install.php
View File

@ -1,67 +0,0 @@
#!/usr/bin/php
<?php
/*
at alternc.install time
synchronize the required domain templates with the current install
(do they have php52, roundcube, squirrelmail, etc.?)
*/
if ($argv[1] == "templates") {
// install ssl.conf
echo "[alternc-ssl] Installing ssl.conf template\n";
copy("/etc/alternc/templates/apache2/mods-available/ssl.conf","/etc/apache2/mods-available/ssl.conf");
mkdir("/var/run/alternc-ssl");
chown("/var/run/alternc-ssl","alterncpanel");
chgrp("/var/run/alternc-ssl","alterncpanel");
// replace open_basedir line if necessary :
exec('sed -i -e "s#:/var/run/alternc#:/var/run#" -e "s#:/run/alternc#:/run#" /etc/alternc/apache2.conf /etc/alternc/templates/alternc/apache2.conf');
}
if ($argv[1] == "before-reload") {
// Bootstrap
require_once("/usr/share/alternc/panel/class/config_nochk.php");
echo "[alternc-ssl] Installing domaines-types\n";
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
('vhost-ssl', 'Locally hosted forcing HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);");
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
('vhost-mixssl', 'Locally hosted HTTP and HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 1);");
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
('panel-ssl', 'HTTPS AlternC panel access', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'txt,mx,mx2,defmx,defmx2', 'ALL', 0, 0, 1);");
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
('url-ssl', 'URL redirection, HTTP & HTTPS', 'URL', '%SUB% IN A @@PUBLIC_IP@@', 'txt,mx,mx2,defmx,defmx2', 'ALL', 0, 0, 1);");
$db->query("SELECT * FROM domaines_type WHERE name='roundcube';");
if ($db->next_record()) {
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
('roundcube-ssl', 'HTTPS Roundcube Webmail', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'mx,mx2,defmx,defmx2,txt', 'ALL', 0, 0, 1);");
} else {
$db->query("DELETE FROM domaines_type WHERE name='roundcube-ssl';");
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='roundcube-ssl';");
}
$db->query("SELECT * FROM domaines_type WHERE name='squirrelmail';");
if ($db->next_record()) {
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
('squirrelmail-ssl', 'HTTPS Squirrelmail Webmail', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'mx,mx2,defmx,defmx2,txt', 'ALL', 0, 0, 1);");
} else {
$db->query("DELETE FROM domaines_type WHERE name='squirrelmail-ssl';");
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='squirrelmail-ssl';");
}
$db->query("SELECT * FROM domaines_type WHERE name='php52';");
if ($db->next_record()) {
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
('php52-ssl', 'php52 forcing HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);");
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
('php52-mixssl', 'php52 HTTP and HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);");
} else {
$db->query("DELETE FROM domaines_type WHERE name='php52-ssl';");
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='php52-ssl';");
$db->query("DELETE FROM domaines_type WHERE name='php52-mixssl';");
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='php52-mixssl';");
}
} // before-reload

666
jessie/alternc.install
View File

@ -1,666 +0,0 @@
#!/bin/bash
# ----------------------------------------------------------------------
# AlternC - Web Hosting System
# Copyright (C) 2000-2012 by the AlternC Development Team.
# https://alternc.org/
# ----------------------------------------------------------------------
# LICENSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License (GPL)
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# To read the license please visit http://www.gnu.org/copyleft/gpl.html
# ----------------------------------------------------------------------
# Purpose of file: Main install script, launch it anytime ;)
# ----------------------------------------------------------------------
# Somes check before start operations
if [ `id -u` -ne 0 ]; then
echo "must be launched as root"
exit 1
fi
for i in $*; do
case "$i" in
-f|--force)
export force=1; shift;;
-s|--slave)
export slave=1; shift;;
--)
break;;
*)
echo "unknown option $i"; shift;;
esac
done
. /usr/lib/alternc/functions.sh
# Lock the jobs !
lock_jobs
# hook
run-parts --arg=startup /usr/lib/alternc/install.d
#######################################################################
# Script configuration
#
# Configuration template location
TEMPLATE_DIR="/etc/alternc/templates"
# Find needed configuration files (without the initial '/')
# replace this one unconditionnally
CONFIG_FILES="etc/alternc/bureau.conf etc/apache2/envvars etc/alternc/apache2.conf etc/alternc/apache_logformat.conf etc/alternc/phpmyadmin.inc.php"
if [ -e /etc/bind/named.conf ]; then
CONFIG_FILES="$CONFIG_FILES etc/bind/named.conf.options"
fi
if [ -d /etc/postfix ]; then
CONFIG_FILES="$CONFIG_FILES etc/postfix/master.cf etc/postfix/myalias.cf etc/postfix/myrelay.cf
etc/postfix/mydomain.cf etc/postfix/myrelay-domain.cf etc/postfix/mymail2mail.cf etc/postfix/mygid.cf etc/postfix/myquota.cf
etc/postfix/myvirtual.cf etc/postfix/mytransport.cf etc/postfix/sasl/smtpd.conf
etc/alternc/postfix/postfix.cf etc/alternc/postfix/postfix-slave.cf
etc/opendkim.conf etc/default/opendkim"
fi
if [ -e /etc/proftpd/proftpd.conf ]; then
CONFIG_FILES="$CONFIG_FILES etc/proftpd/proftpd.conf etc/proftpd/welcome.msg etc/proftpd/modules.conf"
fi
if [ -e /etc/default/saslauthd ]; then
CONFIG_FILES="$CONFIG_FILES etc/default/saslauthd"
fi
if [ -e /etc/dovecot/dovecot.conf ]; then
CONFIG_FILES="$CONFIG_FILES etc/dovecot/alternc-sql.conf etc/dovecot/alternc-dict-quota.conf etc/dovecot/conf.d/95_alternc.conf"
fi
INSTALLED_CONFIG_TAR="/var/lib/alternc/backups/etc-installed.tar.gz"
#######################################################################
# Look for modified configuration files
#
if [ -f "$INSTALLED_CONFIG_TAR" ]; then
CHANGED="`env LANG=C tar -zdf "$INSTALLED_CONFIG_TAR" -C / 2> /dev/null |
grep -v 'postfix/main.cf' | grep -v 'Uid differs'|grep -v 'Gid differs' |grep -v 'Mode differs' |
sed -e 's#^\([^:]*\).*# /\1#' | sort -u`"
if [ ! -z "$CHANGED" ]; then
echo "The following configuration files has changed since last AlternC"
echo "installation :"
echo "$CHANGED"
echo ""
if [ "$force" = "1" ]; then
echo "Replacing them as you requested."
else
echo "These configuration files should normally be modified by"
echo "changing the template in $TEMPLATE_DIR and then calling"
echo "$0 to perform the update."
echo ""
echo "Please examine the situation closely and call '$0 -f'"
echo "if you still want to actually overwrite these files."
exit 1
fi
fi
fi
# Upgrade the DATA and DB SCHEMA
/usr/share/alternc/install/upgrade_check.sh
# Launch upgrade of alternc modules
run-parts --arg=upgrade /usr/lib/alternc/install.d
#######################################################################
# Prepare template expansions
#
chown :alterncpanel /etc/alternc/local.sh
. /etc/alternc/local.sh
# May be missing
test -d /var/run/alternc || ( mkdir -p /var/run/alternc && chown alterncpanel:alterncpanel /var/run/alternc )
# Create the target directory
for i in "$ALTERNC_HTML" "$ALTERNC_MAIL" "$ALTERNC_LOGS" ; do
test -d "$i" || mkdir -p "$i"
done
for i in a b c d e f g h i j k l m n o p q r s t u v w x y z _ 0 1 2 3 4 5 6 7 8 9; do
test -d "$ALTERNC_HTML/$i" || ( mkdir -p "$ALTERNC_HTML/$i" && chown alterncpanel:alterncpanel "$ALTERNC_HTML/$i" && chmod 775 "$ALTERNC_HTML/$i" )
test -d "$ALTERNC_MAIL/$i" || ( mkdir -p "$ALTERNC_MAIL/$i" && chown vmail:vmail "$ALTERNC_MAIL/$i" && chmod 775 "$ALTERNC_MAIL/$i" )
done
find $ALTERNC_LOGS -maxdepth 1 -type d -exec chown alterncpanel:adm {} \;
find $ALTERNC_HTML -maxdepth 1 -type d -exec chown alterncpanel:alterncpanel {} \;
find $ALTERNC_MAIL -maxdepth 1 -type d -exec chown vmail:vmail {} \;
# Check ACL
aclcheckfile="$ALTERNC_HTML/test-acl"
touch "$aclcheckfile"
setfacl -m u:root:rwx "$aclcheckfile" 2>/dev/null || ( echo "Error : ACL aren't activated on $ALTERNC_HTML . AlternC can't work without it." ; test -e "$aclcheckfile" && rm -f "$aclcheckfile" ; exit 2)
test -e "$aclcheckfile" && rm -f "$aclcheckfile"
# XXX: copy-paste from debian/config
if [ -r /etc/alternc/my.cnf ]; then
# make mysql configuration available as shell variables
# to convert from .cnf to shell syntax, we:
# * match only lines with "equal" in them (/=/)
# * remove whitespace around the = and add a left quote operator ' (;s)
# * add a right quote operator at the end of line (;s)
# * convert mysql variables into our MYSQL_ naming convention (;s)
# * print the result (;p)
eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf`
chown root:alterncpanel /etc/alternc/my.cnf
chmod 640 /etc/alternc/my.cnf
fi
if [ -r /etc/alternc/my_mail.cnf ]; then
# make mysql configuration available as shell variables
# to convert from .cnf to shell syntax, we:
# * match only lines with "equal" in them (/=/)
# * remove whitespace around the = and add a left quote operator ' (;s)
# * add a right quote operator at the end of line (;s)
# * convert mysql variables into our MYSQL_ naming convention (;s)
# * print the result (;p)
eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_MAIL_USER/;s/password/MYSQL_MAIL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my_mail.cnf`
chown root:alterncpanel /etc/alternc/my_mail.cnf
chmod 640 /etc/alternc/my_mail.cnf
fi
WARNING="WARNING: Do not edit this file, edit the one in /etc/alternc/templates and launch alternc.install again."
if [ "$slave" = "1" ]; then
VERSION="`dpkg -s alternc-slave | sed -n -e 's/^Version: \(.*\)/\1/p'`"
else
VERSION="`dpkg -s alternc | sed -n -e 's/^Version: \(.*\)/\1/p'`"
fi
# /var/ alternc/dns/d/www.example.com
FQDN_LETTER="`echo $FQDN | sed -e 's/.*\.\([^\.]\)[^\.]*\.[^\.]*$/\1/'`"
if [ "$FQDN_LETTER" = "$FQDN" ]
then
FQDN_LETTER="_"
fi
NS2_IP=`perl -e "\\$h = (gethostbyname(\"$NS2_HOSTNAME\"))[4];
@ip = unpack('C4', \\$h);
print join (\".\", @ip);"`
if [ -z "$MONITOR_IP" ]; then
MONITOR_IP="127.0.0.1"
fi
PUBLIC_IP_BEGIN=$(echo $PUBLIC_IP|cut -c 1)
# Secret for PhpMyAdmin sessions
PHPMYADMIN_BLOWFISH="$(generate_string 24)"
# XXX: I assume this is secure if /tmp is sticky (+t)
# we should have a better way to deal with templating, of course.
SED_SCRIPT="/tmp/alternc.install.sedscript"
cat > $SED_SCRIPT <<EOF
s\\%%hosting%%\\$HOSTING\\;
s\\%%fqdn%%\\$FQDN\\;
s\\%%public_ip%%\\$PUBLIC_IP\\;
s\\%%public_ip_begin%%\\$PUBLIC_IP_BEGIN\\;
s\\%%internal_ip%%\\$INTERNAL_IP\\;
s\\%%monitor_ip%%\\$MONITOR_IP\\;
s\\%%ns1%%\\$NS1_HOSTNAME\\;
s\\%%ns2%%\\$NS2_HOSTNAME\\;
s\\%%mx%%\\$DEFAULT_MX\\;
s\\%%dbhost%%\\$MYSQL_HOST\\;
s\\%%dbname%%\\$MYSQL_DATABASE\\;
s\\%%dbuser%%\\$MYSQL_USER\\;
s\\%%dbpwd%%\\$MYSQL_PASS\\;
s\\%%db_mail_user%%\\$MYSQL_MAIL_USER\\;
s\\%%db_mail_pwd%%\\$MYSQL_MAIL_PASS\\;
s\\%%warning_message%%\\$WARNING\\;
s\\%%fqdn_lettre%%\\$FQDN_LETTER\\;
s\\%%version%%\\$VERSION\\;
s\\%%ns2_ip%%\\$NS2_IP\\;
s\\%%ALTERNC_HTML%%\\$ALTERNC_HTML\\;
s\\%%ALTERNC_MAIL%%\\$ALTERNC_MAIL\\;
s\\%%ALTERNC_LOGS%%\\$ALTERNC_LOGS\\;
s\\%%PHPMYADMIN_BLOWFISH%%\\$PHPMYADMIN_BLOWFISH\\;
EOF
# hook
test -d /usr/lib/alternc/install.d || mkdir -p /usr/lib/alternc/install.d
run-parts --arg=templates /usr/lib/alternc/install.d
######################################################################
# Backup the Main database
DB_BACKUP="/var/lib/alternc/backups/${MYSQL_DATABASE}-db-`date +%Y%m%d-%H:%M:%S`.gz"
db_dump="mysqldump --defaults-file=/etc/alternc/my.cnf --add-drop-table --allow-keywords --quote-names --force --quick --add-locks --lock-tables --extended-insert ${MYSQL_DATABASE}"
$db_dump | /bin/gzip -c > $DB_BACKUP || echo "backup of the main database failed"
#######################################################################
# Backup configuration files
#
BACKUP_FILE="/var/lib/alternc/backups/etc-original-`date +%Y%m%d-%H%M`.tar.gz"
# Only backup what we are really going to replace
BACKUPS=""
for file in $CONFIG_FILES; do
TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
if [ -f "$TEMPLATE" ]; then
BACKUPS="$BACKUPS $file"
fi
done
# also backup main.cf since we're doing major changes to it
BACKUPS="$BACKUPS etc/postfix/main.cf"
tar -zcf "$BACKUP_FILE" -C / $BACKUPS 2>/dev/null || true
chmod 600 "$BACKUP_FILE"
#######################################################################
# Expand templates in the right place
#
echo -n "Expanding variables in configuration files:"
for file in $CONFIG_FILES; do
TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
echo -n " $file"
if [ -f "$TEMPLATE" ]; then
sed -f "$SED_SCRIPT" < $TEMPLATE > /$file
fi
done
echo "."
rm -f $SED_SCRIPT
########################################################################
# Ad-hoc fixes
#
php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.*\)\.so$/\1/' | tail -1`"
if [ "$php" = "7.0" ]
then
ln -fs /etc/alternc/alternc.ini /etc/php/$php/apache2/conf.d/alternc.ini || true
ln -fs /etc/alternc/alternc.ini /etc/php/$php/cli/conf.d/alternc.ini || true
else
ln -fs /etc/alternc/alternc.ini /etc/php$php/apache2/conf.d/alternc.ini || true
ln -fs /etc/alternc/alternc.ini /etc/php$php/cli/conf.d/alternc.ini || true
fi
if [ -x /usr/sbin/apache2 ]; then
# hook
run-parts --arg=apache2 /usr/lib/alternc/install.d
a2enmod mpm_itk
s=""
# unused from AlternC 1.0, FIXME: remove it later
if [ -L /etc/apache2/mods-enabled/vhost_alias.load ]
then
a2dismod vhost_alias
s="apache2"
fi
if ! [ -L /etc/apache2/mods-enabled/php$php.load ]
then
a2enmod php$php
fi
if ! [ -L /etc/apache2/mods-enabled/rewrite.load ]
then
a2enmod rewrite
fi
if [ -e /etc/alternc/apache.pem ]; then
# We enable proftpd tls module
cat /etc/proftpd/modules.conf | sed -e 's/^#LoadModule mod_tls.c/LoadModule mod_tls.c/' > /etc/proftpd/modules.conf.alternc-new
mv /etc/proftpd/modules.conf.alternc-new /etc/proftpd/modules.conf
cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/
# We enable apache2 SSL :
if [ ! -L /etc/apache2/mods-enabled/ssl.load ] ; then
a2enmod ssl
s="apache2"
fi
if [ ! -h /etc/apache2/conf-available/alternc-ssl.conf ] && [ -e /etc/apache2/conf-available/ ]; then
ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf-available/alternc-ssl.conf
a2enconf alternc-ssl
s="apache2"
fi
# We enable dovecot SSL certificate instructions: (on wheezy we should use a new file in /etc/dovecot/conf.d/ )
( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = </etc/alternc/apache.pem" ; echo "ssl_key = </etc/alternc/apache.pem" ) >/etc/dovecot/conf.d/96_ssl.conf
else
# We disable proftpd tls module
cat /etc/proftpd/modules.conf | sed -e 's/^LoadModule mod_tls.c/#LoadModule mod_tls.c/' > /etc/proftpd/modules.conf.alternc-new
mv /etc/proftpd/modules.conf.alternc-new /etc/proftpd/modules.conf
cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/
# We disable dovecot SSL certificate instructions: (on wheezy we should remove a file in /etc/dovecot/conf.d/ )
( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem" ; echo "ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key" ) >/etc/dovecot/conf.d/96_ssl.conf
echo "SSL not configured"
echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install"
fi
if [ ! -h /etc/apache2/conf-available/alternc.conf ] && [ -e /etc/apache2/conf-available/ ]; then
ln -sf /etc/alternc/apache2.conf /etc/apache2/conf-available/alternc.conf
a2enconf alternc.conf
s="apache2"
fi
if [ -e /etc/apache2/sites-enabled/000-default.conf ]; then
a2dissite 000-default
s="apache2"
fi
SERVICES="$SERVICES $s"
fi
# Manage sudoers.d include appearing in Squeeze:
# if the "includedir" is not here, we add it ONLY IF visudo -c is happy.
if ! grep -q "#includedir */etc/sudoers.d" /etc/sudoers ; then
if ! cat /etc/sudoers.d/* | visudo -c -f - >/dev/null ; then
echo -e "\033[31m**********************************************"
echo "* *"
echo "* ALTERNC ACTION REQUESTED *"
echo "* *"
echo "* SUDO is NOT configured properly *"
echo "* check your files in /etc/sudoers.d ! *"
echo "* then launch alternc.install again *"
echo "* *"
echo "**********************************************"
echo -e "\033[0m"
exit 1
else
echo "#includedir */etc/sudoers.d" >>/etc/sudoers
fi
fi
# Copy postfix *_checks if they do not exist
for file in body_checks header_checks; do
if [ ! -e "/etc/postfix/$file" ]; then
cp /usr/share/alternc/install/$file /etc/postfix
fi
done
# Attribute the correct rights to critical postfix files
if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfix/mygid.cf -o -e /etc/postfix/myrelay-domain.sh -o -e /etc/postfix/myvirtual.cf -o -e /etc/postfix/myrelay.cf -o -e /etc/postfix/myquota.cf ]; then
chown root:postfix /etc/postfix/my*
chmod 640 /etc/postfix/my*
fi
if [ ! -f /etc/postfix/main.cf ]
then
echo -e "\033[31m**********************************************"
echo "* *"
echo "* ALTERNC ACTION REQUESTED *"
echo "* *"
echo "* POSTFIX is NOT configured properly *"
echo "* launch dpkg-reconfigure -plow postfix *"
echo "* and choose 'Internet Site' *"
echo "* then launch alternc.install again *"
echo "* *"
echo "**********************************************"
echo -e "\033[0m"
exit 1
fi
# configure Postfix appropriatly for our needs
if [ "$slave" = "1" ]; then
postfix_conf=/etc/alternc/postfix/postfix-slave.cf
else
postfix_conf=/etc/alternc/postfix/postfix.cf
fi
grep -v '^\ *#' $postfix_conf |while read line ; do
if echo "$line" | grep -qi '^smtpd_tls_dcert_file' ;then
line_strip=`echo "$line"|tr -d '[:blank:]'`
pattern="*="
cert_file=${line_strip#$pattern}
echo $cert_file
echo $line
echo $line_strip
if [ -e $cert_file ];then
postconf -e "$line"
else
echo -e "\033[31m*****************************************************"
echo "* The certificate file : $cert_file does not exists *"
echo "* If you want to be able to use SSL/TLS *"
echo "* please go to https://alternc.com/SSL *"
echo "* to get information on how to create a certificate *"
echo "* Finally relaunch alternc.install *"
echo "*****************************************************"
echo -e "\033[0m"
fi
else
postconf -e "$line"
fi
done
# Conviguring delivery used by Postfix
/usr/lib/alternc/alternc_add_policy_dovecot
# Bug #1215: configure mydestination when $FQDN is not in
OLDDESTINATION=`postconf mydestination | awk -F '=' '{print $2}'`
echo "$OLDDESTINATION" | grep -q -v "$FQDN" && postconf -e "mydestination = $FQDN, $OLDDESTINATION"
# Remove phpmyadmin apache2 configuration
a2disconf phpmyadmin
# Configure PHPMyAdmin
include_str='include("/etc/alternc/phpmyadmin.inc.php")'
pma_config='/etc/phpmyadmin/config.inc.php'
# Sur une configuration vierge, inclure la configuration alternc
if ! grep -e "${include_str/\"/\\\"}" $pma_config > /dev/null 2>&1; then
echo "$include_str;" >> $pma_config
fi
# Le template de /etc/alternc/phpmyadmin.inc.php viens d'être réappliqué, on
# regénére la liste des serveurs MySQL disponible dedans.
mysql_query "select id,host,name from db_servers;" | while read id host name ; do
echo "
// Server #$id in db_servers
\$i++;
\$cfg['Servers'][\$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket')
\$cfg['Servers'][\$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)?
\$cfg['Servers'][\$i]['hide_db'] = 'information_schema';
\$cfg['Servers'][\$i]['verbose'] = '$name'; // human name
\$cfg['Servers'][\$i]['host'] = '$host'; // MySQL hostname or IP address
" >> '/etc/alternc/phpmyadmin.inc.php'
done
# Reload incron. Useless, but who know?
SERVICES="$SERVICES incron"
if [ -e /etc/proftpd.conf ] ; then
chmod 640 /etc/proftpd/proftpd.conf
fi
if [ -x /usr/sbin/locale-gen ] ; then
touch /etc/locale.gen
LOCALECHANGED=""
# Add de_DE ISO-8859-1, en_US ISO-8859-1, es_ES ISO-8859-1, fr_FR ISO-8859-1 to the locales :
if ! grep -q "^de_DE ISO-8859-1$" /etc/locale.gen ; then
echo "de_DE ISO-8859-1" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^en_US ISO-8859-1$" /etc/locale.gen ; then
echo "en_US ISO-8859-1" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^es_ES ISO-8859-1$" /etc/locale.gen ; then
echo "es_ES ISO-8859-1" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^fr_FR ISO-8859-1$" /etc/locale.gen ; then
echo "fr_FR ISO-8859-1" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^de_DE.UTF-8 UTF-8$" /etc/locale.gen ; then
echo "de_DE.UTF-8 UTF-8" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^fr_FR.UTF-8 UTF-8$" /etc/locale.gen ; then
echo "fr_FR.UTF-8 UTF-8" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^es_ES.UTF-8 UTF-8$" /etc/locale.gen ; then
echo "es_ES.UTF-8 UTF-8" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^en_US.UTF-8 UTF-8$" /etc/locale.gen ; then
echo "en_US.UTF-8 UTF-8" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^it_IT.UTF-8 UTF-8$" /etc/locale.gen ; then
echo "it_IT.UTF-8 UTF-8" >>/etc/locale.gen
LOCALECHANGED=1
fi
if ! grep -q "^nl_NL.UTF-8 UTF-8$" /etc/locale.gen ; then
echo "nl_NL.UTF-8 UTF-8" >>/etc/locale.gen
LOCALECHANGED=1
fi
if [ "$LOCALECHANGED" ] ; then
locale-gen
fi
fi
# remaining steps are only for the master
if [ "$slave" = "1" ]; then
exit 0
fi
#######################################################################
# populate alternc database with the mailname used by postfix to send mail for each vhost
#
# If mailname does not exist, create it. Fix #1495
test -e "/etc/mailname" || hostname -f > "/etc/mailname"
# Allow for all the users to view /etc/mailname
chmod +r "/etc/mailname"
#######################################################################
# Save installed files to check them during next install
#
tar -zcf "$INSTALLED_CONFIG_TAR" -C / $CONFIG_FILES
#######################################################################
# Last touches
#
find $ALTERNC_HTML -maxdepth 1 -type d -exec setfacl -b -k -m d:g:alterncpanel:-wx -m d:u:alterncpanel:-wx -m u:alterncpanel:-wx -m g:alterncpanel:-wx {} \;
#creating log file
if [ ! -e "/var/log/alternc/bureau.log" ]; then
test -d "/var/log/alternc/" || mkdir -p "/var/log/alternc/"
touch "/var/log/alternc/bureau.log"
fi
if [ ! -e "/var/log/alternc/update_domains.log" ]; then
test -d "/var/log/alternc/" || mkdir -p "/var/log/alternc/"
touch "/var/log/alternc/update_domains.log"
fi
# Be sure of the owner of the logs files
chmod 640 /var/log/alternc/bureau.log /var/log/alternc/update_domains.log
chown alterncpanel:adm /var/log/alternc/bureau.log /var/log/alternc/update_domains.log
# Creating admin user if needed
HAS_ROOT=`mysql --defaults-file=/etc/alternc/my.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" | tail -1`
if [ "$HAS_ROOT" != "1" ]; then
echo "Creating admin user..."
echo ""
if su - alterncpanel -s /bin/bash -c /usr/share/alternc/install/newone.php
then
echo "*******************************************"
echo "* *"
echo "* Admin account *"
echo "* ------------ *"
echo "* *"
echo "* user: admin password: admin *"
echo "* *"
echo "* Please change this as soon as possible! *"
echo "* *"
echo "*******************************************"
else
echo "Unable to create the first AlternC account (named 'admin'). newone.php returned $?. Check your MySQL database, PHP, and the /etc/alternc/local.sh file. Also check for any error above during install."
fi
else
##UPDATE default db_server following /etc/alternc/my.cnf values
if [ "$MYSQL_HOST" == "localhost" ]; then
MYSQL_HOST_CLIENT="localhost"
else
MYSQL_HOST_CLIENT="%"
fi
mysql --defaults-file=/etc/alternc/my.cnf -e "UPDATE db_servers SET host='$MYSQL_HOST', login='$MYSQL_USER', password='$MYSQL_PASS', client='$MYSQL_HOST_CLIENT' WHERE name='Default';"
fi
# giving vmail user read access on dovecot sql file
chgrp vmail /etc/dovecot/alternc-sql.conf
chmod g+r /etc/dovecot/alternc-sql.conf
# Override some dovecot 2.0 configuration that may have happened during dovecot postinst:
sed -i -e 's/^ *!include/#!include/' /etc/dovecot/conf.d/10-auth.conf
# Changing owner of web panel's files
chown -R alterncpanel:alterncpanel "/usr/share/alternc/panel/"
# We force the re-computing of the DNS zones, since we may have changed the IP address (see #460)
/usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='UPDATE' WHERE gesdns=1;"
# We ensure localhost is trusted to opendkim
mkdir -p "/etc/opendkim/keys"
touch /etc/opendkim/TrustedHosts /etc/opendkim/SigningTable /etc/opendkim/KeyTable
grep -q "^127.0.0.1\$" /etc/opendkim/TrustedHosts || echo "127.0.0.1" >>/etc/opendkim/TrustedHosts
grep -q "^localhost\$" /etc/opendkim/TrustedHosts || echo "localhost" >>/etc/opendkim/TrustedHosts
grep -q "^$PUBLIC_IP\$" /etc/opendkim/TrustedHosts || echo "$PUBLIC_IP" >>/etc/opendkim/TrustedHosts
# Add opendkim to service to restart
SERVICES="$SERVICES opendkim bind9"
# hook
run-parts --arg=before-reload /usr/lib/alternc/install.d
#######################################################################
# Reload services
#
for service in postfix dovecot cron proftpd ; do
invoke-rc.d $service force-reload || true
done
# We should restart apaches after all configuration stuff ...
for service in $SERVICES; do
test -x /etc/init.d/$service && invoke-rc.d $service stop || true
done
# on Jessie, apache2 does not stop/start properly due to "service" and "apache2ctl" having different behavior pid-file-wise
killall apache2
for service in $SERVICES; do
test -x /etc/init.d/$service && invoke-rc.d $service start || true
done
echo "Fix all the permission. May be quite long..."
echo "YOU CAN INTERUPT THIS BY USING Ctrl-c THEN y TO BYPASS THE ERROR."
/usr/lib/alternc/fixperms.sh
echo "Compile PO files"
# TODO : includes the .MO in debian package ;)
find /usr/share/alternc/panel/locales -maxdepth 1 -mindepth 1 -type d -name "*_*" | while read A
do
B="$A/LC_MESSAGES"
cd $B
rm -f alternc.mo alternc.po
msgcat --use-first *.po alternc >alternc.po
msgfmt alternc.po -o alternc.mo
done
# Fix some perms
# Fix phpmyadmin import trac#1557
test -d "/var/lib/phpmyadmin/tmp" && dpkg-statoverride --update --add www-data alterncpanel 0775 "/var/lib/phpmyadmin/tmp" 2>/dev/null || true
test -f "/etc/phpmyadmin/config-db.php" && dpkg-statoverride --update --add www-data alterncpanel 0644 "/etc/phpmyadmin/config-db.php" 2>/dev/null || true
# hook
run-parts --arg=end /usr/lib/alternc/install.d
# Unlock jobs !
unlock_jobs
# Rebuild all web configuration
/usr/lib/alternc/rebuild_all_webconf.sh --force

81
jessie/apache2.conf
View File

@ -1,81 +0,0 @@
# AUTO GENERATED FILE
# Modify template in /etc/alternc/templates/
# and launch alternc.install if you want
# to modify this file.
#
# This module is loaded in /etc/apache/modules, and enabled by apache-modconf
# LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so
# Define the default user and group for mpm-itk
AssignUserId www-data www-data
# Deny access to the root filesystem
<Directory />
Options +FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
#### End security parameters
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
<Directory /usr/share/alternc/panel/admin/>
Order allow,deny
Allow from all
php_admin_flag safe_mode_gid off
php_admin_flag safe_mode off
AddDefaultCharset UTF-8
# open_basedir allows access to specifics directories. We need to grant access to these directories for alternc, awstats, mailman...
php_admin_value open_basedir /usr/share/alternc-mailman/patches/:/etc/alternc/:/run/alternc:/var/run/alternc/:/usr/share/alternc/panel/:%%ALTERNC_HTML%%/:/tmp:/usr/share/php/:/var/cache/alternc-webalizer/:/etc/locale.gen:%%ALTERNC_LOGS%%:/etc/awstats/:/var/log/alternc/:/var/lib/alternc/panel/
</Directory>
<Directory %%ALTERNC_HTML%% >
AllowOverride AuthConfig FileInfo Limit Options Indexes
Options -Indexes +Includes -FollowSymLinks +MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
php_admin_flag safe_mode_gid off
php_admin_flag safe_mode off
php_admin_flag enable_dl off
php_admin_value disable_functions chmod,chown,chgrp,link,symlink
php_admin_value safe_mode_exec_dir /usr/lib/alternc/safe_mode_exec_dir
php_admin_value disable_functions chgrp,link,symlink
php_admin_value sendmail_path /usr/lib/alternc/sendmail
# Default upload_tmp_dir is /tmp . Be carefull, this value MUST be surcharged
# by the vhost to be a directory INSIDE the home of the user. If you don't do
# that, ACLs could be "strange" or inexistent.
php_admin_value upload_tmp_dir /tmp
</Directory>
<Directory /usr/share/phpmyadmin>
AllowOverride AuthConfig Options FileInfo Limit Indexes
Options +Indexes +Includes +FollowSymLinks +MultiViews
Order allow,deny
Allow from all
</Directory>
<Directory /usr/share/squirrelmail>
AllowOverride AuthConfig Options FileInfo Limit Indexes
Options +Indexes +Includes +FollowSymLinks +MultiViews
Order allow,deny
Allow from all
</Directory>
<VirtualHost *:80>
Include /etc/alternc/bureau.conf
</VirtualHost>
# Now we include all the generated configuration
Include /var/lib/alternc/apache-vhost/vhosts_all.conf

37
jessie/bureau.conf
View File

@ -1,37 +0,0 @@
AssignUserId alterncpanel alterncpanel
SetEnv LOGIN "0000-panel"
DocumentRoot /usr/share/alternc/panel/admin
ServerName %%fqdn%%
# Mail autoconfig
ServerAlias autoconfig.*
ServerAlias autodiscover.*
RewriteEngine on
RewriteRule ^/admin/(.*) /$1 [R=301,L]
alias /alternc-sql /usr/share/phpmyadmin
RewriteEngine On
RewriteRule ^webmail /webmail-redirect.php [L]
# Mail autoconfig
RewriteRule ^/mail/mailautoconfig.xml$ /mailautoconfig_thunderbird.php [L]
RewriteRule ^/mail/config-v1.1.xml$ /mailautoconfig_thunderbird.php [L]
RewriteRule ^mail/mailautoconfig.xml$ /mailautoconfig_thunderbird.php [L]
RewriteRule ^mail/config-v1.1.xml$ /mailautoconfig_thunderbird.php [L]
RewriteRule ^/autodiscover/autodiscover.xml$ /mailautoconfig_outlook.php [L]
RewriteRule ^/Autodiscover/Autodiscover.xml$ /mailautoconfig_outlook.php [L]
RewriteRule ^/Autodiscover.xml$ mailautoconfig_outlook.php [L]
RewriteRule ^/autodiscover.xml$ mailautoconfig_outlook.php [L]
RewriteRule ^autodiscover/autodiscover.xml$ /mailautoconfig_outlook.php [L]
RewriteRule ^Autodiscover/Autodiscover.xml$ /mailautoconfig_outlook.php [L]
RewriteRule ^Autodiscover.xml$ mailautoconfig_outlook.php [L]
RewriteRule ^autodiscover.xml$ mailautoconfig_outlook.php [L]
# will be used to define aliases such as /javascript /webmail /squirrelmail ...
IncludeOptional /etc/alternc/apache-panel.d/*.conf

13
jessie/changelog.diff
View File

@ -1,13 +0,0 @@
--- changelog 2014-06-24 13:42:50.234304438 +0200
+++ changelog.wheezy 2014-06-24 13:43:51.978313552 +0200
@@ -1,1 +1,8 @@
+alternc (3.3.10) stable; urgency=low
+
+ * Version identical to 3.1 for Squeeze
+ * Includes small patches / dependency for apache & dovecot 2.0 for Jessie
+
+ -- Benjamin Sonntag <benjamin@sonntag.fr> Fri, 15 Jan 2016 15:26:00 +0100
+
alternc (3.2.10) oldstable; urgency=low
* Version identical to 3.1 for Squeeze

28
jessie/control.diff
View File

@ -1,28 +0,0 @@
--- control.wheezy 2017-10-06 12:13:49.765062335 +0200
+++ control 2017-10-06 12:15:52.021333089 +0200
@@ -38,9 +38,9 @@
, sudo
, adduser
, dnsutils
- , dovecot-common (>=1:2.1.7)
- , dovecot-imapd
- , dovecot-pop3d
+ , dovecot-core (>=1:2.1.7)
+ , dovecot-imapd (>=1:2.1.7)
+ , dovecot-pop3d (>=1:2.1.7)
, dovecot-mysql
, vlogger
, mailutils | mailx
@@ -126,9 +126,9 @@
, gettext (>= 0.10.40-5)
, adduser
, sudo
- , dovecot-common (>=1:2.1.7)
- , dovecot-imapd
- , dovecot-pop3d
+ , dovecot-core (>=1:2.1.7)
+ , dovecot-imapd (>=1:2.1.7)
+ , dovecot-pop3d (>=1:2.1.7)
, dovecot-mysql
, vlogger
, mailutils | mailx

28
jessie/patch.sh
View File

@ -1,28 +0,0 @@
#!/bin/bash
# Migrate a repository to WHEEZY
# DON'T COMMIT ANYTHING AFTER launching this
# reset your subversion repos back to the serverside one!
cd `dirname $0`
pushd ../debian
patch <../jessie/control.diff
patch <../jessie/changelog.diff
popd
cp vhost.conf ../etc/alternc/templates/apache2/
cp bureau.conf ../etc/alternc/templates/alternc/
cp alternc.install ../install/
cp apache2.conf ../etc/alternc/templates/alternc/
# alternc-roundcube package :
cp roundcube.config.inc.php ../roundcube/templates/roundcube/config.inc.php
rm ../roundcube/templates/roundcube/main.inc.php
cp roundcube.password.config.inc.php ../roundcube/templates/roundcube/plugins/password/config.inc.php
cp roundcube-install ../roundcube/
cp alternc-roundcube.postinst ../debian/
# alternc-ssl package :
cp ssl.conf ../ssl/
cp alternc-ssl.install.php ../ssl/

98
jessie/roundcube-install
View File

@ -1,98 +0,0 @@
#!/bin/bash
# ----------------------------------------------------------------------
# AlternC - Web Hosting System
# Copyright (C) 2000-2012 by the AlternC Development Team.
# https://alternc.org/
# ----------------------------------------------------------------------
# LICENSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License (GPL)
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# To read the license please visit http://www.gnu.org/copyleft/gpl.html
# ----------------------------------------------------------------------
# Purpose of file: Install roundcube conf files.
# ----------------------------------------------------------------------
if [ "$1" = "templates" ]
then
echo "Installing Roundcube Templates ..."
# cp -f /etc/alternc/templates/roundcube/avelsieve-config.php /etc/alternc/templates/roundcube/apache.conf /etc/roundcube/
# cp -f /etc/alternc/templates/javascript-common/javascript-common.conf /etc/javascript-common/
LOGIN="0000_roundcube"
PASSWORD="`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..10)'`"
DESKEY="`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..24)'`"
# Add new variables to the sed script ...
SED_SCRIPT="/tmp/alternc-roundcube.sedscript"
# cf alternc.install for more explanations on this horror :
eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf`
. /etc/alternc/local.sh
# Configuration template location
TEMPLATE_DIR="/etc/alternc/templates"
CONFIG_FILES="etc/roundcube/config.inc.php etc/roundcube/plugins/password/config.inc.php"
cat > $SED_SCRIPT <<EOF
s\\%%ALTERNC_LOC%%\\$ALTERNC_LOC\\;
s\\%%dbhost%%\\$MYSQL_HOST\\;
s\\%%dbname%%\\$MYSQL_DATABASE\\;
s\\%%roundcube-login%%\\$LOGIN\\;
s\\%%roundcube-password%%\\$PASSWORD\\;
s\\%%deskey%%\\$DESKEY\\;
EOF
for file in $CONFIG_FILES; do
TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
echo -n " $file"
if [ -f "$TEMPLATE" ]; then
sed -f "$SED_SCRIPT" < $TEMPLATE > /$file
fi
done
rm -f $SED_SCRIPT
echo " Done"
. /usr/lib/alternc/functions.sh
echo "giving write access to roundcube to the email password ..."
# now database host user and password are mysql root account values ;)
mysql_query "GRANT UPDATE (password) ON ${database}.address TO '${LOGIN}'@'${MYSQL_CLIENT}' IDENTIFIED BY '${PASSWORD}';"
mysql_query "GRANT SELECT ON ${database}.address TO '${LOGIN}'@'${MYSQL_CLIENT}';"
mysql_query "GRANT SELECT ON ${database}.domaines TO '${LOGIN}'@'${MYSQL_CLIENT}';"
echo " Done"
echo "Setting roundcube domaintype"
mysql_query "INSERT IGNORE INTO domaines_type (name ,description ,target ,entry ,compatibility ,enable ,only_dns ,need_dns ,advanced )VALUES ('roundcube','Roundcube Webmail access', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'txt', 'ALL', '0', '0', '0');"
echo " Done"
echo "Migrating old webmail domaine type to roundcube one:"
# migration of the "webmail" hosts to "roundcube" hosts:
mysql_query "INSERT IGNORE INTO sub_domaines (compte, domaine, sub, valeur, type, web_action, web_result, enable) SELECT compte, domaine, sub, valeur,'roundcube', 'UPDATE',0, enable FROM sub_domaines WHERE type='WEBMAIL';"
mysql_query "UPDATE sub_domaines SET web_action='DELETE' WHERE type='WEBMAIL';"
echo " Done"
echo "Deconfiguring javascript-common alias"
if [ -f /etc/apache2/conf.d/javascript-common.conf ]; then
rm -f /etc/apache2/conf.d/javascript-common.conf
fi
if [ -f /etc/apache2/conf-available/javascript-common.conf ] ; then
a2disconf javascript-common.conf
service apache2 reload
fi
# just in case
if [ -f /etc/javascript-common/javascript-common.conf ]; then
sed -i -e "s/^Alias \/javascript/# Do not uncomment, commented by AlternC to prevent a global alias\n#Alias \/javascript/" /etc/javascript-common/javascript-common.conf
fi
echo " Done"
fi

83
jessie/roundcube.config.inc.php
View File

@ -1,83 +0,0 @@
<?php
/*
+-----------------------------------------------------------------------+
| Local configuration for the Roundcube Webmail installation. |
| |
| This is a sample configuration file only containing the minimum |
| setup required for a functional installation. Copy more options |
| from defaults.inc.php to this file to override the defaults. |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2013, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
+-----------------------------------------------------------------------+
*/
$config = array();
/* Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database ! */
include_once("/etc/roundcube/debian-db-roundcube.php");
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = 'localhost';
// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = '';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 25;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '';
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '';
// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = 'Roundcube Webmail';
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
$config['des_key'] = 'PFMKPD0[UcU3tvt8zrODOIsQ';
// List of active plugins (in plugins/ directory)
$config['plugins'] = array(
'archive',
'zipdownload',
'managesieve',
'password'
);
// skin name: folder from skins/
$config['skin'] = 'larry';

401
jessie/roundcube.password.config.inc.php
View File

@ -1,401 +0,0 @@
<?php
// Password Plugin options
// -----------------------
// A driver to use for password change. Default: "sql".
// See README file for list of supported driver names.
$config['password_driver'] = 'sql';
// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;
// Require the new password to be a certain length.
// set to blank to allow passwords of any length
$config['password_minimum_length'] = 8;
// Require the new password to contain a letter and punctuation character
// Change to false to remove this check.
$config['password_require_nonalpha'] = true;
// Enables logging of password changes into logs/password
$config['password_log'] = true;
// Comma-separated list of login exceptions for which password change
// will be not available (no Password tab in Settings)
$config['password_login_exceptions'] = null;
// Array of hosts that support password changing. Default is NULL.
// Listed hosts will feature a Password option in Settings; others will not.
// Example:
//$config['password_hosts'] = array('mail.example.com', 'mail2.example.org');
$config['password_hosts'] = null;
// Enables saving the new password even if it matches the old password. Useful
// for upgrading the stored passwords after the encryption scheme has changed.
$config['password_force_save'] = false;
// Enables forcing new users to change their password at their first login.
$config['password_force_new_user'] = false;
// SQL Driver options
// ------------------
// PEAR database DSN for performing the query. By default
// Roundcube DB settings are used.
$config['password_db_dsn'] = 'mysql://%%roundcube-login%%:%%roundcube-password%%@%%dbhost%%/%%dbname%%';
// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as follows:
// %p is replaced with the plaintext new password
// %c is replaced with the crypt version of the new password, MD5 if available
// otherwise DES. More hash function can be enabled using the password_crypt_hash
// configuration parameter.
// %D is replaced with the dovecotpw-crypted version of the new password
// %o is replaced with the password before the change
// %n is replaced with the hashed version of the new password
// %q is replaced with the hashed password before the change
// %h is replaced with the imap host (from the session info)
// %u is replaced with the username (from the session info)
// %l is replaced with the local part of the username
// (in case the username is an email address)
// %d is replaced with the domain part of the username
// (in case the username is an email address)
// Escaping of macros is handled by this module.
// Default: "SELECT update_passwd(%c, %u)"
$config['password_query'] = 'UPDATE address a LEFT JOIN domaines d ON d.id=a.domain_id SET a.password=%c WHERE d.domaine=%d AND address=%l';
// By default the crypt() function which is used to create the '%c'
// parameter uses the md5 algorithm. To use different algorithms
// you can choose between: des, md5, blowfish, sha256, sha512.
// Before using other hash functions than des or md5 please make sure
// your operating system supports the other hash functions.
$config['password_crypt_hash'] = 'md5';
// By default domains in variables are using unicode.
// Enable this option to use punycoded names
$config['password_idn_ascii'] = false;
// Path for dovecotpw (if not in $PATH)
// $config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw';
// Dovecot method (dovecotpw -s 'method')
$config['password_dovecotpw_method'] = 'CRAM-MD5';
// Enables use of password with crypt method prefix in %D, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/
$config['password_dovecotpw_with_method'] = false;
// Using a password hash for %n and %q variables.
// Determine which hashing algorithm should be used to generate
// the hashed new and current password for using them within the
// SQL query. Requires PHP's 'hash' extension.
$config['password_hash_algorithm'] = 'sha1';
// You can also decide whether the hash should be provided
// as hex string or in base64 encoded format.
$config['password_hash_base64'] = false;
// Iteration count parameter for Blowfish-based hashing algo.
// It must be between 4 and 31. Default: 12.
// Be aware, the higher the value, the longer it takes to generate the password hashes.
$config['password_blowfish_cost'] = 12;
// Poppassd Driver options
// -----------------------
// The host which changes the password
$config['password_pop_host'] = 'localhost';
// TCP port used for poppassd connections
$config['password_pop_port'] = 106;
// SASL Driver options
// -------------------
// Additional arguments for the saslpasswd2 call
$config['password_saslpasswd_args'] = '';
// LDAP and LDAP_SIMPLE Driver options
// -----------------------------------
// LDAP server name to connect to.
// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
// Default: 'localhost'
$config['password_ldap_host'] = 'localhost';
// LDAP server port to connect to
// Default: '389'
$config['password_ldap_port'] = '389';
// TLS is started after connecting
// Using TLS for password modification is recommanded.
// Default: false
$config['password_ldap_starttls'] = false;
// LDAP version
// Default: '3'
$config['password_ldap_version'] = '3';
// LDAP base name (root directory)
// Exemple: 'dc=exemple,dc=com'
$config['password_ldap_basedn'] = 'dc=exemple,dc=com';
// LDAP connection method
// There is two connection method for changing a user's LDAP password.
// 'user': use user credential (recommanded, require password_confirm_current=true)
// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
// Default: 'user'
$config['password_ldap_method'] = 'user';
// LDAP Admin DN
// Used only in admin connection mode
// Default: null
$config['password_ldap_adminDN'] = null;
// LDAP Admin Password
// Used only in admin connection mode
// Default: null
$config['password_ldap_adminPW'] = null;
// LDAP user DN mask
// The user's DN is mandatory and as we only have his login,
// we need to re-create his DN using a mask
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
$config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';
// LDAP search DN
// The DN roundcube should bind with to find out user's DN
// based on his login. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// Use this if you cannot specify a general template for user DN with
// password_ldap_userDN_mask. You need to perform a search based on
// users login to find his DN instead. A common reason might be that
// your users are placed under different ou's like engineering or
// sales which cannot be derived from their login only.
$config['password_ldap_searchDN'] = 'cn=roundcube,ou=services,dc=example,dc=com';
// LDAP search password
// If password_ldap_searchDN is set, the password to use for
// binding to search for user's DN. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// Warning: Be sure to set approperiate permissions on this file so this password
// is only accesible to roundcube and don't forget to restrict roundcube's access to
// your directory as much as possible using ACLs. Should this password be compromised
// you want to minimize the damage.
$config['password_ldap_searchPW'] = 'secret';
// LDAP search base
// If password_ldap_searchDN is set, the base to search in using the filter below.
// Note that you should comment out the default password_ldap_userDN_mask setting
// for this to take effect.
$config['password_ldap_search_base'] = 'ou=people,dc=example,dc=com';
// LDAP search filter
// If password_ldap_searchDN is set, the filter to use when
// searching for user's DN. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
// Example: '(uid=%login)'
// Example: '(&(objectClass=posixAccount)(uid=%login))'
$config['password_ldap_search_filter'] = '(uid=%login)';
// LDAP password hash type
// Standard LDAP encryption type which must be one of: crypt,
// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, ad, cram-md5 (dovecot style) or clear.
// Please note that most encodage types require external libraries
// to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info.
// Multiple password Values can be generated by concatenating encodings with a +. E.g. 'cram-md5+crypt'
// Default: 'crypt'.
$config['password_ldap_encodage'] = 'crypt';
// LDAP password attribute
// Name of the ldap's attribute used for storing user password
// Default: 'userPassword'
$config['password_ldap_pwattr'] = 'userPassword';
// LDAP password force replace
// Force LDAP replace in cases where ACL allows only replace not read
// See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace
// Default: true
$config['password_ldap_force_replace'] = true;
// LDAP Password Last Change Date
// Some places use an attribute to store the date of the last password change
// The date is meassured in "days since epoch" (an integer value)
// Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange)
$config['password_ldap_lchattr'] = '';
// LDAP Samba password attribute, e.g. sambaNTPassword
// Name of the LDAP's Samba attribute used for storing user password
$config['password_ldap_samba_pwattr'] = '';
// LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet
// Some places use an attribute to store the date of the last password change
// The date is meassured in "seconds since epoch" (an integer value)
// Whenever the password is changed, the attribute will be updated if set
$config['password_ldap_samba_lchattr'] = '';
// DirectAdmin Driver options
// --------------------------
// The host which changes the password
// Use 'ssl://host' instead of 'tcp://host' when running DirectAdmin over SSL.
// The host can contain the following macros that will be expanded as follows:
// %h is replaced with the imap host (from the session info)
// %d is replaced with the domain part of the username (if the username is an email)
$config['password_directadmin_host'] = 'tcp://localhost';
// TCP port used for DirectAdmin connections
$config['password_directadmin_port'] = 2222;
// vpopmaild Driver options
// -----------------------
// The host which changes the password
$config['password_vpopmaild_host'] = 'localhost';
// TCP port used for vpopmaild connections
$config['password_vpopmaild_port'] = 89;
// Timout used for the connection to vpopmaild (in seconds)
$config['password_vpopmaild_timeout'] = 10;
// cPanel Driver options
// --------------------------
// The cPanel Host name
$config['password_cpanel_host'] = 'host.domain.com';
// The cPanel admin username
$config['password_cpanel_username'] = 'username';
// The cPanel admin password
$config['password_cpanel_password'] = 'password';
// The cPanel port to use
$config['password_cpanel_port'] = 2087;
// XIMSS (Communigate server) Driver options
// -----------------------------------------
// Host name of the Communigate server
$config['password_ximss_host'] = 'mail.example.com';
// XIMSS port on Communigate server
$config['password_ximss_port'] = 11024;
// chpasswd Driver options
// ---------------------
// Command to use
$config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null';
// XMail Driver options
// ---------------------
$config['xmail_host'] = 'localhost';
$config['xmail_user'] = 'YourXmailControlUser';
$config['xmail_pass'] = 'YourXmailControlPass';
$config['xmail_port'] = 6017;
// hMail Driver options
// -----------------------
// Remote hMailServer configuration
// true: HMailserver is on a remote box (php.ini: com.allow_dcom = true)
// false: Hmailserver is on same box as PHP
$config['hmailserver_remote_dcom'] = false;
// Windows credentials
$config['hmailserver_server'] = array(
'Server' => 'localhost', // hostname or ip address
'Username' => 'administrator', // windows username
'Password' => 'password' // windows user password
);
// Virtualmin Driver options
// -------------------------
// Username format:
// 0: username@domain
// 1: username%domain
// 2: username.domain
// 3: domain.username
// 4: username-domain
// 5: domain-username
// 6: username_domain
// 7: domain_username
$config['password_virtualmin_format'] = 0;
// pw_usermod Driver options
// --------------------------
// Use comma delimited exlist to disable password change for users
// Add the following line to visudo to tighten security:
// www ALL=NOPASSWORD: /usr/sbin/pw
$config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n';
// DBMail Driver options
// -------------------
// Additional arguments for the dbmail-users call
$config['password_dbmail_args'] = '-p sha512';
// Expect Driver options
// ---------------------
// Location of expect binary
$config['password_expect_bin'] = '/usr/bin/expect';
// Location of expect script (see helpers/passwd-expect)
$config['password_expect_script'] = '';
// Arguments for the expect script. See the helpers/passwd-expect file for details.
// This is probably a good starting default:
// -telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log
$config['password_expect_params'] = '';
// smb Driver options
// ---------------------
// Samba host (default: localhost)
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
$config['password_smb_host'] = 'localhost';
// Location of smbpasswd binary
$config['password_smb_cmd'] = '/usr/bin/smbpasswd';
// gearman driver options
// ---------------------
// Gearman host (default: localhost)
$config['password_gearman_host'] = 'localhost';
// Plesk/PPA Driver options
// --------------------
// You need to allow RCP for IP of roundcube-server in Plesk/PPA Panel
// Plesk RCP Host
$config['password_plesk_host'] = '10.0.0.5';
// Plesk RPC Username
$config['password_plesk_user'] = 'admin';
// Plesk RPC Password
$config['password_plesk_pass'] = 'password';
// Plesk RPC Port
$config['password_plesk_rpc_port'] = '8443';
// Plesk RPC Path
$config['password_plesk_rpc_path'] = 'enterprise/control/agent.php';

91
jessie/ssl.conf
View File

@ -1,91 +0,0 @@
# ############################################################################
# WARNING : this file is overwritten by alternc.install.
# Edit /etc/alternc/templates/apache2/mods-available/ instead.
# ############################################################################
<IfModule mod_ssl.c>
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
Mutex file:${APACHE_RUN_DIR}
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate. See the
# ciphers(1) man page from the openssl package for list of all available
# options.
# Enable only secure ciphers:
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM
# Other possible ciphersuite (requires wheezy-version of apache2 at least)
#SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
#SSLProtocol all -SSLv2
SSLProtocol all -SSLv2 -SSLv3
# Allow insecure renegotiation with clients which do not yet support the
# secure renegotiation protocol. Default: Off
#SSLInsecureRenegotiation on
# Whether to forbid non-SNI clients to access name based virtual hosts.
# Default: Off
SSLStrictSNIVHostCheck Off
</IfModule>

25
jessie/vhost.conf
View File

@ -1,25 +0,0 @@
<VirtualHost *:80>
ServerName %%fqdn%%
DocumentRoot "%%document_root%%"
AssignUserId #%%UID%% #%%GID%%
SetEnv LOGIN "%%UID%%-%%LOGIN%%"
<Directory "%%document_root%%">
php_admin_value open_basedir "%%account_root%%:/usr/share/php/"
php_admin_value upload_tmp_dir %%account_root%%/tmp
php_admin_value sendmail_path '/usr/lib/alternc/sendmail "%%mail_account%%" '
php_admin_flag mail.add_x_header on
Options -MultiViews -FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Limit Options Indexes
Order allow,deny
Allow from all
Require all granted
</Directory>
# If you want to log the errors also in /var/log/alternc/sites/
# WARNING: this WILL FORK a vlogger for EACH VHOST havingg this !!! the load on the machine may be high
# on hosting with many vhosts. as a consequence, this is disabled by default
# ErrorLog "|| /usr/sbin/vlogger -e -u alterncpanel -g alterncpanel -s error.log -t \"error-%Y%m%d.log\" /var/log/alternc/sites/%%UID%%-%%LOGIN%%/"
</VirtualHost>

344
wheezy/95_alternc.conf
View File

@ -1,344 +0,0 @@
# AUTO GENERATED FILE
# Modify template in /etc/alternc/templates/
# and launch alternc.install if you want
# to modify this file.
#
## Dovecot configuration file
# This is a concatenation of all /etc/dovecot/conf.d/* from DEBIAN package
# with rules adapted to AlternC best practices and link with MySQL tables.
protocols = imap pop3 sieve
default_process_limit = 1000
## -------------------------------------------------------------------------
## 10-auth
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
disable_plaintext_auth = no
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
##
## Password and user databases
##
#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>
#!include auth-deny.conf.ext
#!include auth-master.conf.ext
#!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext
# ----------------------------------------------------------------------------
# 10-login.conf
# Prefix for each line written to log file. % codes are in strftime(3)
# format.
#log_timestamp = "%b %d %H:%M:%S "
log_timestamp = "%Y-%m-%d %H:%M:%S "
# ----------------------------------------------------------------------------
# 10-mail.conf
# Location for users' mailboxes. This is the same as the old default_mail_env
# setting. The default is empty, which means that Dovecot tries to find the
# mailboxes automatically. This won't work if the user doesn't have any mail
# yet, so you should explicitly tell Dovecot the full location.
#
# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
# kept. This is called the "root mail directory", and it must be the first
# path given in the mail_location setting.
#
# There are a few special variables you can use, eg.:
#
# %u - username
# %n - user part in user@domain, same as %u if there's no domain
# %d - domain part in user@domain, empty if there's no domain
# %h - home directory
#
# See </usr/share/doc/dovecot-common/wiki/Variables.txt> for full list.
# Some examples:
#
# mail_location = maildir:~/Maildir
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
#
# </usr/share/doc/dovecot-common/wiki/MailLocation.txt>
#
mail_location = maildir:~/Maildir
# Group to enable temporarily for privileged operations. Currently this is
# used only with INBOX when either its initial creation or dotlocking fails.
# Typically this is set to "mail" to give access to /var/mail.
#mail_privileged_group =
mail_privileged_group = vmail
# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
first_valid_uid = 2000
last_valid_uid = 65000
# ----------------------------------------------------------------------------
# 10-master.conf
passdb {
driver = sql
args = /etc/dovecot/alternc-sql.conf
}
userdb {
driver = sql
args = /etc/dovecot/alternc-sql.conf
}
userdb {
driver = prefetch
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
# set this to (default_client_limit * number of services using it)
client_limit = 5000
}
service anvil {
# set this to (default_client_limit * number of services using it)
client_limit = 5000
}
# ----------------------------------------------------------------------------
# 10-ssl.conf
# SSL/TLS support: yes, no, required. </usr/share/doc/dovecot-common/wiki/SSL.txt>
ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root.
#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_cert_file = /etc/alternc/apache.pem
#ssl_key = </etc/dovecot/dovecot.pem
#ssl_key_file = /etc/alternc/apache.pem
# ----------------------------------------------------------------------------
# 15-lda.conf
##
## LDA specific settings
##
protocol lda {
# Address to use when sending rejection mails (e.g. postmaster@example.com).
postmaster_address = postmaster@localhost
# Hostname to use in various parts of sent mails, eg. in Message-Id.
# Default is the system's real hostname.
#hostname =
# Support for dynamically loadable plugins. mail_plugins is a space separated
# list of plugins to load.
mail_plugins = quota sieve
#mail_plugin_dir = /usr/lib/dovecot/modules/lda
# UNIX socket path to master authentication server to find users.
auth_socket_path = /var/run/dovecot/auth-master
}
# ----------------------------------------------------------------------------
# 20-imap.conf
protocol imap {
# Support for dynamically loadable plugins. mail_plugins is a space separated
# list of plugins to load.
mail_plugins = quota imap_quota
#mail_plugin_dir = /usr/lib/dovecot/modules/imap
mail_max_userip_connections = 500
}
service imap {
executable = imap imap-postlogin
vsz_limit = 512M
}
service imap-postlogin {
executable = script-login /usr/lib/alternc/popimap-log-login.sh
# the script process runs as the user specified here (v2.0.14+):
# user = $default_internal_user
# this UNIX socket listener must use the same name as given to imap executable
unix_listener imap-postlogin {
}
}
# ----------------------------------------------------------------------------
# 20-managesieve.conf
protocol sieve {
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
}
service managesieve {
executable = /usr/lib/dovecot/managesieve
}
# ----------------------------------------------------------------------------
# 20-pop3.conf
protocol pop3 {
# POP3 UIDL (unique mail identifier) format to use. You can use following
# variables, along with the variable modifiers described in
# </usr/share/doc/dovecot-common/wiki/Variables.txt> (e.g. %Uf for the
# filename in uppercase)
#
# %v - Mailbox's IMAP UIDVALIDITY
# %u - Mail's IMAP UID
# %m - MD5 sum of the mailbox headers in hex (mbox only)
# %f - filename (maildir only)
#
# If you want UIDL compatibility with other POP3 servers, use:
# UW's ipop3d : %08Xv%08Xu
# Courier : %f or %v-%u (both might be used simultaneosly)
# Cyrus (<= 2.1.3) : %u
# Cyrus (>= 2.1.4) : %v.%u
# Dovecot v0.99.x : %v.%u
# tpop3d : %Mf
#
# Note that Outlook 2003 seems to have problems with %v.%u format which was
# Dovecot's default, so if you're building a new server it would be a good
# idea to change this. %08Xu%08Xv should be pretty fail-safe.
#
pop3_uidl_format = %08Xu%08Xv
# Support for dynamically loadable plugins. mail_plugins is a space separated
# list of plugins to load.
mail_plugins = quota
#mail_plugin_dir = /usr/lib/dovecot/modules/pop3
}
service pop3 {
executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/pop3
}
# ----------------------------------------------------------------------------
# 90-plugin.conf
plugin {
# Quota plugin. Multiple backends are supported:
# dirsize: Find and sum all the files found from mail directory.
# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
# dict: Keep quota stored in dictionary (eg. SQL)
# maildir: Maildir++ quota
# fs: Read-only support for filesystem quota
#
# Quota limits are set using "quota_rule" parameters, either in here or in
# userdb. It's also possible to give mailbox-specific limits, for example:
# quota_rule = *:storage=1048576
quota_rule = *:storage=100M
quota_rule2 = Trash:storage=+10%%
# quota_rule2 = Trash:storage=102400
# User has now 1GB quota, but when saving to Trash mailbox the user gets
# additional 100MB.
#
# Multiple quota roots are also possible, for example:
# quota = dict:user::proxy::quota
# quota2 = dict:domain:%d:proxy::quota_domain
# quota_rule = *:storage=102400
# quota2_rule = *:storage=1048576
# Gives each user their own 100MB quota and one shared 1GB quota within
# the domain.
#
# You can execute a given command when user exceeds a specified quota limit.
# Each quota root has separate limits. Only the command for the first
# exceeded limit is excecuted, so put the highest limit first.
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
# quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95
# quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80
quota_warning = storage=95%% /usr/lib/alternc/quota-warning.sh 95
quota_warning2 = storage=80%% /usr/lib/alternc/quota-warning.sh 80
#quota = maildir
quota = dict:user::proxy::quotadict
# Sieve plugin (http://wiki.dovecot.org/LDA/Sieve) and ManageSieve service
#
# Location of the active script. When ManageSieve is used this is actually
# a symlink pointing to the active script in the sieve storage directory.
sieve=~/.dovecot.sieve
#
# The path to the directory where the personal Sieve scripts are stored. For
# ManageSieve this is where the uploaded scripts are stored.
sieve_dir=~/sieve
}
# Dictionary can be used by some plugins to store key=value lists, such as
# quota, expire and acl plugins. The dictionary can be used either directly or
# though a dictionary server. The following dict block maps dictionary names to
# URIs when the server is used. These can then be referenced using URIs in
# format "proxy::<name>".
dict {
quotadict = mysql:/etc/dovecot/alternc-dict-quota.conf
#expire = db:/var/lib/dovecot/expire.db
}
service auth-worker {
user = vmail
}
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}

47
wheezy/alternc-dict-quota.conf
View File

@ -1,47 +0,0 @@
# AUTO GENERATED FILE
# Modify template in /etc/alternc/templates/
# and launch alternc.install if you want
# to modify this file.
#
connect=host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%%
#connect = host=localhost dbname=mails user=testuser password=pass
# CREATE TABLE quota (
# username varchar(100) not null,
# bytes bigint not null default 0,
# messages integer not null default 0,
# primary key (username)
# );
map {
pattern = priv/quota/storage
table = dovecot_quota
username_field = user
value_field = quota_dovecot
}
map {
pattern = priv/quota/messages
table = dovecot_quota
username_field = user
value_field = nb_messages
}
# CREATE TABLE expires (
# username varchar(100) not null,
# mailbox varchar(255) not null,
# expire_stamp integer not null,
# primary key (username, mailbox)
# );
#map {
# pattern = shared/expire/$user/$mailbox
# table = expires
# value_field = expire_stamp
# fields {
# username = $user
# mailbox = $mailbox
# }
#}

137
wheezy/alternc-sql.conf
View File

@ -1,137 +0,0 @@
# AUTO GENERATED FILE
# Modify template in /etc/alternc/templates/
# and launch alternc.install if you want
# to modify this file.
#
# This file is opened as root, so it should be owned by root and mode 0600.
#
# http://wiki2.dovecot.org/AuthDatabase/SQL
#
# For the sql passdb module, you'll need a database with a table that
# contains fields for at least the username and password. If you want to
# use the user@domain syntax, you might want to have a separate domain
# field as well.
#
# If your users all have the same uig/gid, and have predictable home
# directories, you can use the static userdb module to generate the home
# dir based on the username and domain. In this case, you won't need fields
# for home, uid, or gid in the database.
#
# If you prefer to use the sql userdb module, you'll want to add fields
# for home, uid, and gid. Here is an example table:
#
# CREATE TABLE users (
# username VARCHAR(128) NOT NULL,
# domain VARCHAR(128) NOT NULL,
# password VARCHAR(64) NOT NULL,
# home VARCHAR(255) NOT NULL,
# uid INTEGER NOT NULL,
# gid INTEGER NOT NULL,
# active CHAR(1) DEFAULT 'Y' NOT NULL
# );
# Database driver: mysql, pgsql, sqlite
driver = mysql
# Database connection string. This is driver-specific setting.
#
# HA / round-robin load-balancing is supported by giving multiple host
# settings, like: host=sql1.host.org host=sql2.host.org
#
# pgsql:
# For available options, see the PostgreSQL documention for the
# PQconnectdb function of libpq.
# Use maxconns=n (default 5) to change how many connections Dovecot can
# create to pgsql.
#
# mysql:
# Basic options emulate PostgreSQL option names:
# host, port, user, password, dbname
#
# But also adds some new settings:
# client_flags - See MySQL manual
# ssl_ca, ssl_ca_path - Set either one or both to enable SSL
# ssl_cert, ssl_key - For sending client-side certificates to server
# ssl_cipher - Set minimum allowed cipher security (default: HIGH)
# option_file - Read options from the given file instead of
# the default my.cnf location
# option_group - Read options from the given group (default: client)
#
# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
# Note that currently you can't use spaces in parameters.
#
# sqlite:
# The path to the database file.
#
# Examples:
# connect = host=192.168.1.1 dbname=users
# connect = host=sql.example.com dbname=virtual user=virtual password=blarg
# connect = /etc/dovecot/authdb.sqlite
#
connect = host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%%
# Default password scheme.
#
# List of supported schemes is in
# http://wiki2.dovecot.org/Authentication/PasswordSchemes
#
default_pass_scheme = MD5
# passdb query to retrieve the password. It can return fields:
# password - The user's password. This field must be returned.
# user - user@domain from the database. Needed with case-insensitive lookups.
# username and domain - An alternative way to represent the "user" field.
#
# The "user" field is often necessary with case-insensitive lookups to avoid
# e.g. "name" and "nAme" logins creating two different mail directories. If
# your user and domain names are in separate fields, you can return "username"
# and "domain" fields instead of "user".
#
# The query can also return other fields which have a special meaning, see
# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
#
# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
# for full list):
# %u = entire user@domain
# %n = user part of user@domain
# %d = domain part of user@domain
#
# Note that these can be used only as input to SQL query. If the query outputs
# any of these substitutions, they're not touched. Otherwise it would be
# difficult to have eg. usernames containing '%' characters.
#
# Example:
# password_query = SELECT userid AS user, pw AS password \
# FROM users WHERE userid = '%u' AND active = 'Y'
#
#password_query = \
# SELECT username, domain, password \
# FROM users WHERE username = '%n' AND domain = '%d'
# userdb query to retrieve the user information. It can return fields:
# uid - System UID (overrides mail_uid setting)
# gid - System GID (overrides mail_gid setting)
# home - Home directory
# mail - Mail location (overrides mail_location setting)
#
# None of these are strictly required. If you use a single UID and GID, and
# home or mail directory fits to a template string, you could use userdb static
# instead. For a list of all fields that can be returned, see
# http://wiki2.dovecot.org/UserDatabase/ExtraFields
#
# Examples:
# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
#
user_query = SELECT userdb_home AS home, userdb_uid AS uid, 1998 AS gid, userdb_quota_rule AS quota_rule FROM dovecot_view WHERE user = '%u';
# If you wish to avoid two SQL lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
# also have to return userdb fields in password_query prefixed with "userdb_"
# string. For example:
#
password_query = SELECT user, password, userdb_home, userdb_uid, 1998 AS userdb_gid,userdb_quota_rule FROM dovecot_view where user= '%u';
# Query to get a list of all usernames.
#iterate_query = SELECT username AS user FROM users

46
wheezy/alternc.install.diff
View File

@ -1,46 +0,0 @@
diff --git a/install/alternc.install b/install/alternc.install
index b9691b0..2ee07b8 100644
--- alternc.install.squeeze
+++ alternc.install
@@ -79,7 +79,7 @@ if [ -e /etc/default/saslauthd ]; then
fi
if [ -e /etc/dovecot/dovecot.conf ]; then
- CONFIG_FILES="$CONFIG_FILES etc/dovecot/dovecot.conf etc/dovecot/dovecot-sql.conf etc/dovecot/dovecot-dict-quota.conf"
+ CONFIG_FILES="$CONFIG_FILES etc/dovecot/alternc-sql.conf etc/dovecot/alternc-dict-quota.conf etc/dovecot/conf.d/95_alternc.conf"
fi
INSTALLED_CONFIG_TAR="/var/lib/alternc/backups/etc-installed.tar.gz"
@@ -317,7 +317,7 @@ if [ -x /usr/sbin/apache2 ]; then
fi
# We enable dovecot SSL certificate instructions: (on wheezy we should use a new file in /etc/dovecot/conf.d/ )
- sed -i -e 's#^ssl_cert_file.*$#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem#' -e 's#^ssl_key_file.*$#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key#' /etc/dovecot/dovecot.conf
+ ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = </etc/alternc/apache.pem" ; echo "ssl_key = </etc/alternc/apache.pem" ) >/etc/dovecot/conf.d/96_ssl.conf
else
# We disable proftpd tls module
@@ -326,7 +326,7 @@ if [ -x /usr/sbin/apache2 ]; then
cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/
# We disable dovecot SSL certificate instructions: (on wheezy we should remove a file in /etc/dovecot/conf.d/ )
- sed -i -e 's#^ssl_cert_file.*$#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem#' -e 's#^ssl_key_file.*$#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key#' /etc/dovecot/dovecot.conf
+ ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem" ; echo "ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key" ) >/etc/dovecot/conf.d/96_ssl.conf
echo "SSL not configured"
echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install"
@@ -574,9 +574,11 @@ if [ "$HAS_ROOT" != "1" ]; then
fi
fi
-#giving vmail user read access on dovecot sql file
-chgrp vmail /etc/dovecot/dovecot.conf
-chmod g+r /etc/dovecot/dovecot.conf
+# giving vmail user read access on dovecot sql file
+chgrp vmail /etc/dovecot/alternc-sql.conf
+chmod g+r /etc/dovecot/alternc-sql.conf
+# Override some dovecot 2.0 configuration that may have happened during dovecot postinst:
+sed -i -e 's/^ *!include/#!include/' /etc/dovecot/conf.d/10-auth.conf
# We force the re-computing of the DNS zones, since we may have changed the IP address (see #460)
/usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='UPDATE' WHERE gesdns=1;"

13
wheezy/changelog.diff
View File

@ -1,13 +0,0 @@
--- changelog 2014-06-24 13:42:50.234304438 +0200
+++ changelog.wheezy 2014-06-24 13:43:51.978313552 +0200
@@ -1,3 +1,10 @@
+alternc (3.2.10) oldstable; urgency=low
+
+ * Version identical to 3.1 for Squeeze
+ * Includes a small dovecot patch / dependency for dovecot 2.0 for Wheezy
+
+ -- Benjamin Sonntag <benjamin@sonntag.fr> Fri, 15 Jan 2016 15:26:00 +0100
+
alternc (3.1.11) oldoldstable; urgency=low
* fix This is a big security upgrade of AlternC 3.x

49
wheezy/control.diff
View File

@ -1,49 +0,0 @@
--- control.squeeze 2017-10-06 12:01:52.272243664 +0200
+++ control 2017-10-06 12:03:02.016307914 +0200
@@ -38,16 +38,19 @@
, sudo
, adduser
, dnsutils
- , dovecot-common (>=1:1.2.15)
- , dovecot-common(<< 1:2.0)
- , dovecot-imapd (>= 1:1.2.15)
- , dovecot-pop3d (>= 1:1.2.15)
+ , dovecot-common (>=1:2.1.7)
+ , dovecot-imapd
+ , dovecot-pop3d
+ , dovecot-mysql
, vlogger
, mailutils | mailx
, zip
, incron
, cron
, opendkim
+ , opendkim-tools
+ , dovecot-sieve
+ , dovecot-managesieved
, mysql-client(>= 5.0) | mariadb-client
, php5-curl
, quota
@@ -123,15 +126,18 @@
, gettext (>= 0.10.40-5)
, adduser
, sudo
- , dovecot-common (>=1:1.2.15)
- , dovecot-common(<< 1:2.0)
- , dovecot-imapd (>= 1:1.2.15)
- , dovecot-pop3d (>= 1:1.2.15)
+ , dovecot-common (>=1:2.1.7)
+ , dovecot-imapd
+ , dovecot-pop3d
+ , dovecot-mysql
, vlogger
, mailutils | mailx
, incron
, cron
, opendkim
+ , opendkim-tools
+ , dovecot-sieve
+ , dovecot-managesieved
, mysql-client(>= 5.0) | mariadb-client
, php5-curl
, ${misc:Depends}

27
wheezy/patch.sh
View File

@ -1,27 +0,0 @@
#!/bin/bash
# Migrate a repository to WHEEZY
# DON'T COMMIT ANYTHING AFTER launching this
# reset your subversion repos back to the serverside one!
cd `dirname $0`
pushd ../debian
patch <../wheezy/control.diff
patch <../wheezy/changelog.diff
popd
pushd ../install
patch <../wheezy/alternc.install.diff
popd
cp -vf alternc-dict-quota.conf alternc-sql.conf ../etc/alternc/templates/dovecot/
mkdir -p ../etc/alternc/templates/dovecot/conf.d/
cp -vf 95_alternc.conf ../etc/alternc/templates/dovecot/conf.d/
pushd ../etc/alternc/templates/dovecot
rm -vf dovecot.conf dovecot-dict-quota.conf dovecot-sql.conf
popd