From f83cfb74937d5132eca5a89d2c5f365acca39e93 Mon Sep 17 00:00:00 2001 From: Steven Mondji-Lerider Date: Fri, 13 Apr 2012 09:57:28 +0000 Subject: [PATCH] Templating dovecot+Postifx + Bugfix --- .gitattributes | 2 + debian/alternc.dirs | 1 + debian/alternc.postinst | 9 ++++ debian/alternc.preinst | 7 ++- debian/changelog | 9 ++++ debian/control | 2 +- etc/alternc/alternc-sudoers | 1 + .../templates/dovecot/dovecot-dict-quota.conf | 42 +++++++++++++++ .../templates/dovecot/dovecot-sql.conf | 9 +--- etc/alternc/templates/dovecot/dovecot.conf | 54 ++++++++++--------- etc/alternc/templates/postfix/myalias.cf | 5 +- etc/alternc/templates/postfix/myvirtual.cf | 3 +- install/mysql.sql | 20 +++++++ 13 files changed, 128 insertions(+), 36 deletions(-) create mode 100644 etc/alternc/alternc-sudoers create mode 100644 etc/alternc/templates/dovecot/dovecot-dict-quota.conf diff --git a/.gitattributes b/.gitattributes index e4c10b4f..ec160f2f 100644 --- a/.gitattributes +++ b/.gitattributes @@ -394,6 +394,7 @@ debian/po/fr.po -text debian/po/templates.pot -text debian/rules -text debian/templates -text +etc/alternc/alternc-sudoers -text etc/alternc/alternc.ini -text etc/alternc/apache2-ssl.conf -text etc/alternc/apache2.conf -text @@ -416,6 +417,7 @@ etc/alternc/templates/bind/templates/named.template -text etc/alternc/templates/bind/templates/slave.template -text etc/alternc/templates/bind/templates/zone.template -text etc/alternc/templates/default/saslauthd -text +etc/alternc/templates/dovecot/dovecot-dict-quota.conf -text etc/alternc/templates/dovecot/dovecot-sql.conf -text etc/alternc/templates/dovecot/dovecot.conf -text etc/alternc/templates/postfix/ca.der -text diff --git a/debian/alternc.dirs b/debian/alternc.dirs index 1e2c48cb..8abe90df 100644 --- a/debian/alternc.dirs +++ b/debian/alternc.dirs @@ -8,6 +8,7 @@ etc/cron.d etc/phpmyadmin etc/postfix etc/squirrelmail +/etc/sudoers.d usr/bin usr/lib/alternc usr/sbin diff --git a/debian/alternc.postinst b/debian/alternc.postinst index c80c1c48..45e72513 100644 --- a/debian/alternc.postinst +++ b/debian/alternc.postinst @@ -224,6 +224,15 @@ EOF # Update l18n files /usr/share/alternc/install/dopo.sh + + #sudo stuff allowing alterncpanel to use quota + if [ -d /etc/sudoers.d ]; then + cp /etc/alternc/alternc-sudoers /etc/sudoers.d/alternc-sudoers + chmod 0440 /etc/sudoers.d/alternc-sudoers + else + echo "running an older version of sudo" + echo "copy content of /usr/share/doc/aegir-provision/examples/example.sudoers into /etc/sudoers for aegir to run properly" + fi # important: postinst gele sans ca db_stop diff --git a/debian/alternc.preinst b/debian/alternc.preinst index a6eec44d..7c2cbd03 100644 --- a/debian/alternc.preinst +++ b/debian/alternc.preinst @@ -5,10 +5,13 @@ set -e . /usr/share/debconf/confmodule # Create AlternC Panel user for web server -addgroup --system --gid 1999 alterncpanel +if ! getent group alterncpanel ; then + addgroup --system --gid 1999 alterncpanel +fi +if ! getent passwd alterncpanel ; then adduser --system --home "/etc/alternc/.alterncpanel" \ --disabled-password --uid 1999 --ingroup alterncpanel alterncpanel - +fi case "$1" in install) ;; diff --git a/debian/changelog b/debian/changelog index 4fda4a11..6bc9ffc2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +alternc (1.1+nmu2) stable; urgency=low + + * Templating of dovecot and postfix + adding a view for dovecot usage (dovecot_view) + adding of user vmail dedicated to the mail system + * Bugfixes + + -- root Sat, 03 Mar 2012 13:09:06 +0100 + alternc (1.1+nmu1) stable; urgency=low * Dev in progres. diff --git a/debian/control b/debian/control index a3e105d8..a0984c3e 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Standards-Version: 3.9.1 Package: alternc Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0 -Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, squirrelmail, squirrelmail-locales, bind9, wget, rsync, quota, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, fam | gamin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, dnsutils, bash, acl, dovecot-common (>= 1:1.2.15), dovecot-imapd, dovecot-pop3d +Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, squirrelmail, squirrelmail-locales, bind9, wget, rsync, quota, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, fam | gamin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, bash, acl, dovecot-common (>= 1:1.2.15), dovecot-imapd, dovecot-pop3d Recommends: mysql-server, dovecot-managesieved, dovecot-sieve, dovecot-mysql Conflicts: alternc-admintools, alternc-awstats (< 1.0), alternc-webalizer (<= 0.9.4), alternc-mailman (< 2.0), courier-authdaemon Provides: alternc-admintools diff --git a/etc/alternc/alternc-sudoers b/etc/alternc/alternc-sudoers new file mode 100644 index 00000000..b827f7bd --- /dev/null +++ b/etc/alternc/alternc-sudoers @@ -0,0 +1 @@ +alterncpanel ALL = NOPASSWD : /usr/bin/quota, /usr/sbin/setquota diff --git a/etc/alternc/templates/dovecot/dovecot-dict-quota.conf b/etc/alternc/templates/dovecot/dovecot-dict-quota.conf new file mode 100644 index 00000000..c7767bef --- /dev/null +++ b/etc/alternc/templates/dovecot/dovecot-dict-quota.conf @@ -0,0 +1,42 @@ + +connect host=%%dbhost%% dbname=%%dbname%% user=%%dbuser%% password=%%dbpwd%% +#connect = host=localhost dbname=mails user=testuser password=pass + +# CREATE TABLE quota ( +# username varchar(100) not null, +# bytes bigint not null default 0, +# messages integer not null default 0, +# primary key (username) +# ); + +map { + pattern = priv/quota/storage + table = dovecot_view + username_field = user + value_field = quota_dovecot +} +map { + pattern = priv/quota/messages + table = dovecot_view + username_field = user + value_field = nb_messages +} + +# CREATE TABLE expires ( +# username varchar(100) not null, +# mailbox varchar(255) not null, +# expire_stamp integer not null, +# primary key (username, mailbox) +# ); + +#map { + # pattern = shared/expire/$user/$mailbox + # table = expires + # value_field = expire_stamp + + # fields { + # username = $user + # mailbox = $mailbox + # } +#} + diff --git a/etc/alternc/templates/dovecot/dovecot-sql.conf b/etc/alternc/templates/dovecot/dovecot-sql.conf index 0cbc9b21..67a8735d 100644 --- a/etc/alternc/templates/dovecot/dovecot-sql.conf +++ b/etc/alternc/templates/dovecot/dovecot-sql.conf @@ -116,16 +116,11 @@ default_pass_scheme = MD5 # user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' # user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' # -user_query = \ - SELECT concat(concat(%%ALTERNC_LOC%%, '/'), mailbox.path) AS home, domaines.compte AS uid, domaines.compte AS gid \ - FROM mailbox JOIN address ON address.id = mailbox.address_id JOIN domaines on domaines.id = address.domain_id WHERE '%u' IN (address.address, replace(address.address, '@', '_')) +query = SELECT mailbox.path AS home, domaines.compte AS uid, domaines.compte AS gid FROM mailbox JOIN address ON address.id = mailbox.address_id JOIN domaines on domaines.id = address.domain_id WHERE address.address = '%n' # If you wish to avoid two SQL lookups (passdb + userdb), you can use # userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll # also have to return userdb fields in password_query prefixed with "userdb_" # string. For example: -password_query = \ - SELECT '%u' AS user, address.password, \ - concat(concat(%%ALTERNC_LOC%%, '/'), mailbox.path) AS userdb_home, domaines.compte AS userdb_uid, domaines.compte AS userdb_gid \ - FROM mailbox JOIN address ON address.id = mailbox.address_id JOIN domaines on domaines.id = address.domain_id WHERE '%u' IN (address.address, replace(address.address, '@', '_')) +password_query = SELECT user, password, userdb_home, userdb_uid, userdb_gid,userdb_quota_rule FROM dovecot_view where user= '%u'; diff --git a/etc/alternc/templates/dovecot/dovecot.conf b/etc/alternc/templates/dovecot/dovecot.conf index 38a3d633..a9650b88 100644 --- a/etc/alternc/templates/dovecot/dovecot.conf +++ b/etc/alternc/templates/dovecot/dovecot.conf @@ -50,7 +50,7 @@ protocols = imap imaps pop3 pop3s managesieve # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. -disable_plaintext_auth = no +disable_plaintext_auth = yes # Should all IMAP and POP3 processes be killed when Dovecot master process # shuts down. Setting this to "no" means that Dovecot can be upgraded without @@ -92,15 +92,15 @@ log_timestamp = "%Y-%m-%d %H:%M:%S " #ssl_listen = # SSL/TLS support: yes, no, required. -#ssl = yes +ssl = required # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. -#ssl_cert_file = /etc/ssl/certs/dovecot.pem -ssl_cert_file = /etc/alternc/apache.pem -#ssl_key_file = /etc/ssl/private/dovecot.pem -ssl_key_file = /etc/alternc/apache.pem +ssl_cert_file = /etc/ssl/certs/dovecot.pem +#ssl_cert_file = /etc/alternc/apache.pem +ssl_key_file = /etc/ssl/private/dovecot.pem +#ssl_key_file = /etc/alternc/apache.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often @@ -246,15 +246,15 @@ mail_location = maildir:~/Maildir # explicitly, ie. mail_location does nothing unless you have a namespace # without a location setting. Default namespace is simply done by having a # namespace with empty prefix. -namespace private { +#namespace private { # Hierarchy separator to use. You should use the same separator for all # namespaces or some clients get confused. '/' is usually a good one. # The default however depends on the underlying mail storage format. - separator = . + # separator = . # Prefix required to access this namespace. This needs to be different for # all namespaces. For example "Public/". - prefix = INBOX. + # prefix = INBOX. # Physical location of the mailbox. This is in same format as # mail_location, which is also the default for it. @@ -262,7 +262,7 @@ namespace private { # There can be only one INBOX, and this setting defines which namespace # has it. - inbox = yes + #inbox = yes # If namespace is hidden, it's not advertised to clients via NAMESPACE # extension. You'll most likely also want to set list=no. This is mostly @@ -279,7 +279,7 @@ namespace private { # Namespace handles its own subscriptions. If set to "no", the parent # namespace handles them (empty prefix should always have this as "yes") #subscriptions = yes -} +#} # Example shared namespace configuration #namespace shared { @@ -384,8 +384,8 @@ mail_privileged_group = mail # to make sure that users can't log in as daemons or other system users. # Note that denying root logins is hardcoded to dovecot binary and can't # be done even if first_valid_uid is set to 0. -first_valid_uid = 33 -last_valid_uid = 33 +first_valid_uid = 2000 +last_valid_uid = 65000 # Valid GID range for users, defaults to non-root/wheel. Users having # non-valid GID as primary group ID aren't allowed to log in. If user @@ -579,6 +579,7 @@ protocol imap { # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. #mail_plugins = + mail_plugins = quota imap_quota #mail_plugin_dir = /usr/lib/dovecot/modules/imap # IMAP logout format string: @@ -698,6 +699,7 @@ protocol pop3 { # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. #mail_plugins = + mail_plugins = quota #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 # Workarounds for various client bugs: @@ -721,7 +723,7 @@ protocol managesieve { # ManageSieve executable location. See IMAP's mail_executable above for # examples how this could be changed. - #mail_executable = /usr/lib/dovecot/managesieve + mail_executable = /usr/lib/dovecot/managesieve # Maximum ManageSieve command line length in bytes. This setting is # directly borrowed from IMAP. But, since long command lines are very @@ -761,8 +763,8 @@ protocol lda { # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. - mail_plugins = sieve - mail_plugin_dir = /usr/lib/dovecot/modules/lda + mail_plugins = quota sieve + #mail_plugin_dir = /usr/lib/dovecot/modules/lda # If user is over quota, return with temporary failure instead of # bouncing the mail. @@ -776,7 +778,7 @@ protocol lda { #deliver_log_format = msgid=%m: %$ # Binary to use for sending mails. - sendmail_path = /usr/sbin/sendmail + #sendmail_path = /usr/sbin/sendmail # Subject: header to use for rejection mails. You can use the same variables # as for rejection_reason below. @@ -795,7 +797,7 @@ protocol lda { ## # Executable location -auth_executable = /usr/lib/dovecot/dovecot-auth +#auth_executable = /usr/lib/dovecot/dovecot-auth # Set max. process size in megabytes. #auth_process_size = 256 @@ -892,7 +894,7 @@ auth default { # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey # gss-spnego # NOTE: See also disable_plaintext_auth setting. - mechanisms = plain + mechanisms = plain login # # Password database is used to verify user's password (and nothing more). @@ -1032,8 +1034,8 @@ auth default { # This can be made to work with SQL and LDAP databases, see their example # configuration files for more information how to do it. # - #userdb prefetch { - #} + userdb prefetch { + } # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this # uses Name Service Switch, which is configured in /etc/nsswitch.conf. @@ -1100,7 +1102,7 @@ auth default { # authentication with BSDs internally accesses shadow files, which also # requires roots. Note that this user is NOT used to access mails. # That user is specified by userdb above. - user = mail + user = vmail # Directory where to chroot the process. Most authentication backends don't # work if this is set, and there's no point chrooting if auth_user is root. @@ -1127,7 +1129,7 @@ auth default { path = /var/run/dovecot/auth-master mode = 0666 # Default user/group is the one who started dovecot-auth (root) - #user = + user = vmail #group = } client { @@ -1166,7 +1168,7 @@ auth default { # format "proxy::". dict { - #quota = mysql:/etc/dovecot/dovecot-dict-quota.conf + quota = mysql:/etc/dovecot/dovecot-dict-quota.conf #expire = db:/var/lib/dovecot/expire.db } @@ -1192,6 +1194,7 @@ plugin { # Quota limits are set using "quota_rule" parameters, either in here or in # userdb. It's also possible to give mailbox-specific limits, for example: # quota_rule = *:storage=1048576 + quota_rule = *:storage=100M # quota_rule2 = Trash:storage=102400 # User has now 1GB quota, but when saving to Trash mailbox the user gets # additional 100MB. @@ -1209,8 +1212,11 @@ plugin { # exceeded limit is excecuted, so put the highest limit first. # Note that % needs to be escaped as %%, otherwise "% " expands to empty. # quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95 + # quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95 # quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80 + quota_warning = storage=80%% /usr/local/bin/quota-warning.sh 80 #quota = maildir + quota = dict:user:proxy::quotadict # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from maildir # directory. You can also optionally give a global ACL directory path where diff --git a/etc/alternc/templates/postfix/myalias.cf b/etc/alternc/templates/postfix/myalias.cf index 353e733b..a1079420 100644 --- a/etc/alternc/templates/postfix/myalias.cf +++ b/etc/alternc/templates/postfix/myalias.cf @@ -6,5 +6,8 @@ user = %%dbuser%% password = %%dbpwd%% hosts =%%dbhost%% dbname = %%dbname%% -query = select concat(if(isnull(mailbox.id), '', concat(address.address, '\n')), recipient.recipient) from recipient join address on address.id = recipient.address_id left outer join mailbox on mailbox.address_id = address.id where address.address='%s'; +query = select concat( if(isnull(mailbox.id), '', concat(concat(address.address,'@',domaines.domaine), '\n')), recipient.recipients ) from recipient join address on address.id = re +cipient.address_id left outer join mailbox on mailbox.address_id = address.id join domaines on domaines.id = address.domain_id where concat(address.address,'@',domaines.domaine)='% +s'; + diff --git a/etc/alternc/templates/postfix/myvirtual.cf b/etc/alternc/templates/postfix/myvirtual.cf index 481b7b5b..479af8f1 100644 --- a/etc/alternc/templates/postfix/myvirtual.cf +++ b/etc/alternc/templates/postfix/myvirtual.cf @@ -6,5 +6,6 @@ user = %%dbuser%% password = %%dbpwd%% hosts =%%dbhost%% dbname = %%dbname%% -select concat(path, '/Maildir/') from mailbox join address on address.id = mailbox.address_id where address.address='%s' +query = select concat(path, '/Maildir/') from mailbox join address on address.id = mailbox.address_id join domaines on domaines.id = address.domain_id where concat(address.address, +'@',domaines.domaine) ='%s'; diff --git a/install/mysql.sql b/install/mysql.sql index 5fbee2c8..21f7f9f7 100644 --- a/install/mysql.sql +++ b/install/mysql.sql @@ -638,3 +638,23 @@ CREATE TABLE IF NOT EXISTS `cron` ( PRIMARY KEY (`id`), KEY `uid` (`uid`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; + + + +-- +-- Structure de la vue `dovecot-view` +-- + +CREATE VIEW `dovecot_view` AS +SELECT concat(`address`.`address`,'@',`domaines`.`domaine`) AS `user`, +concat('*:storage=',cast(`mailbox`.`quota` as char charset latin1),'M') AS `userdb_quota_rule`, +`address`.`password` AS `password`, +`mailbox`.`path` AS `userdb_home`, +`domaines`.`compte` AS `userdb_uid`, +`domaines`.`compte` AS `userdb_gid`, +`mailbox`.`bytes` AS `quota_dovecot`, +`mailbox`.`messages` AS `nb_messages` +from ((`mailbox` +join `address` on((`address`.`id` = `mailbox`.`address_id`))) +join `domaines` on((`domaines`.`id` = `address`.`domain_id`))); +