* Wed Sep 11 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme

- merge dovecot-extra [SME: 12735]

README.md

@@ -11,8 +11,4 @@ Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?compo
 
 ## Description
 
-<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
-*Once it has been checked, then this comment will be deleted*
-<br />
-
-Dovecot is an open source software service that provides secure access to emails, calendars, and other applications for both users and administrators. It works by creating a secure connection between a mail server and an email client, allowing users to securely sync and download their emails, calendar events, contacts, and other data. Dovecot also provides a secure authentication process to ensure that only users with the proper credentials can access the email server. It is highly reliable and scalable, making it a popular choice for large and small businesses alike. Additionally, Dovecot is easy to install and configure, so businesses can get started quickly and easily.
+Dovecot is an open source software service that provides secure access to emails, calendars, and other applications for both users and administrators. It works by creating a secure connection between a mail server and an email client, allowing users to securely sync and download their emails, calendar events, contacts, and other data. Dovecot also provides a secure authentication process to ensure that only users with the proper credentials can access the email server. It is highly reliable and scalable, making it a popular choice for large and small businesses alike. 

createlinks

@@ -14,13 +14,26 @@ event_link("adjust-dovecot", "email-update", "02");
 event_link("adjust-dovecot", "bootstrap-console-save", "02");
 
 #smeserver-dovecot-update
-safe_symlink("restart", "root/etc/e-smith/events/smeserver-dovecot-update/services2adjust/dovecot");
-safe_symlink("restart", "root/etc/e-smith/events/smeserver-dovecot-update/services2adjust/rsyslog");
-event_link("adjust-dovecot", "smeserver-dovecot-update", "02");
-event_link("systemd-reload", "smeserver-dovecot-update", "89");
-event_link("systemd-default", "smeserver-dovecot-update", "88");
-templates2events("/etc/rsyslog.conf","smeserver-dovecot-update");
+my $event = "smeserver-dovecot-update";
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dovecot");
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog");
+event_link("adjust-dovecot", $event, "02");
+event_link("systemd-reload", $event, "89");
+event_link("systemd-default", $event, "88");
+templates2events("/etc/rsyslog.conf", $event);
 
 # in case the ip change
 safe_symlink("sigusr2", "root/etc/e-smith/events/ip-change/services2adjust/dovecot");
 
+# dovecot-extras
+event_link("dovecot-acl", $event,  "30");
+event_link("dovecot-compile-sieve", $event,  "40");
+event_link("dovecot-acl", "email-update", "85");
+event_link("dovecot-acl", "user-create", "85");
+event_link("dovecot-acl", "post-upgrade", "85");
+event_link("dovecot-compile-sieve", "email-update", "86");
+
+safe_touch("root/home/e-smith/db/dovecot/sharedmailbox.db");
+
+templates2events("/home/e-smith/files/public/dovecot-acl", "email-update");
+

root/etc/e-smith/db/configuration/defaults/sieve/TCPPort

@@ -0,0 +1 @@
+4190

root/etc/e-smith/db/configuration/defaults/sieve/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/sieve/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/sieve/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/defaults/spamassassin/SpamLearning

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/events/actions/dovecot-acl

@@ -0,0 +1,89 @@
+#!/usr/bin/perl -w
+
+
+use esmith::ConfigDB;
+use esmith::AccountsDB;
+use File::Find;
+
+my $c = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n";
+my $a = esmith::AccountsDB->open_ro || die "Couldn't open AccountsdDB\n";
+
+my $dovecot = $c->get('dovecot');
+
+die "couldn't find dovecot service\n" unless ($dovecot);
+
+my $event = $ARGV[0];
+
+# SharedMailboxes disabled ?
+if (($dovecot->prop('SharedMailbox') || 'disabled') eq 'disabled'){
+    if (($dovecot->prop('SharedMailboxAcl') || 'yes') ne 'no'){
+        foreach my $user ($a->users){
+            my $name = $user->key;
+            die "Error removing SharedMailbox ACLs ($name"."'s Maildir)\n" unless (
+                system('/usr/bin/setfacl',
+                       '-R',
+                       '-x',
+                       'g:sharedmailbox',
+                       "/home/e-smith/files/users/$name") == 0 &&
+                system('/bin/chmod',
+                       '-R',
+                       'g-s',
+                       "/home/e-smith/files/users/$name/Maildir") == 0
+            );
+        }
+    }
+    $dovecot->set_prop('SharedMailboxAcl','no');
+    exit(0);
+}
+
+# If SharedMailbox is enabled
+
+# Set the correct ACL during user creation
+if ($event && $event eq 'user-create'){
+    my $user = $ARGV[1];
+    set_acl($user);
+}
+
+if (($dovecot->prop('SharedMailboxAcl') || 'no') ne 'yes'){
+    # ACL for existing users haven't been set yet
+    foreach my $user ($a->users){
+        my $name = $user->key;
+        set_acl($name);
+    }
+    $dovecot->set_prop('SharedMailboxAcl','yes');
+}
+
+# Set ACL on a user's Maildir
+sub set_acl {
+    my $user = shift;
+    die "Missing username\n" unless ($user);
+    die "Couldn't find $user"."'s home dir\n" unless (-e "/home/e-smith/files/users/$user");
+    find(\&dirperm,  "/home/e-smith/files/users/$user/Maildir");
+    die "Error applying permissions to $user 's Maildir\n" unless (
+        # sharedmailbox group needs read / write access on Maildir
+        system('/usr/bin/setfacl',
+               '-R',
+               '-m',
+               'u::rwX,g::rwX,o::rX,g:sharedmailbox:rwX,d:u::rwX,d:g::rwX,d:g:sharedmailbox:rwX,d:o::rX',
+               "/home/e-smith/files/users/$user/Maildir") == 0 &&
+        # Grant sharedmailbox group permission to go through
+        # the home dir so it can access the Maildir, but don't let it read
+        # anything (except the Maildir)
+        system('/usr/bin/setfacl',
+               '-m',
+               'g:sharedmailbox:x',
+               "/home/e-smith/files/users/$user") == 0
+    );
+}
+
+# The kernel will handle group perms when a user
+# create a dir in another user's Maildir (if IMAP ACL allows it)
+# This will prevent dovecot errors, see 
+# http://wiki2.dovecot.org/SharedMailboxes/Permissions and
+# http://wiki2.dovecot.org/Errors/ChgrpNoPerm
+sub dirperm {
+    system('/bin/chmod',
+           'g+s',
+           "$_") if (-d);
+}
+

root/etc/e-smith/events/actions/dovecot-compile-sieve

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+status=$(/sbin/e-smith/config getprop spamassassin UseBayes || echo 0)
+if [ "$status" = "1" ]
+then
+    systemctl restart dovecot
+    /usr/bin/sievec /usr/libexec/dovecot/sieve/
+fi
+#/usr/bin/sievec /usr/libexec/dovecot/sieve/

root/etc/e-smith/templates-user/.qmail/80DovecotLDA

@@ -0,0 +1,20 @@
+# Dovecot LDA delivery
+{
+    # vim: ft=perl:
+    use esmith::ConfigDB;
+    my $cdb = esmith::ConfigDB->open_ro || die "Couldn't open ConfigDB\n";
+    my $sieve = $cdb->get('sieve');
+    my $usersieve = $props{Sieve} || 'enabled';
+    my $globalsieve = ($sieve) ? ($sieve->prop('status') || 'disabled') : 'disabled';
+
+    if (($usersieve ne 'enabled') || ($globalsieve ne 'enabled')){
+        $OUT .= "# Sieve is disabled\n";
+    }
+    elsif ($props{EmailForward} !~ /^(local|both)$/) {
+        $OUT .= "# No local delivery (Dovecot LDA)\n";
+    }
+    else{
+        $OUT .= '| /var/qmail/bin/preline -f /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT"; if [ $? -ne 0 ] ; then exit -1; else exit 99; fi;';
+    }
+}
+

root/etc/e-smith/templates.metadata/home/e-smith/files/public/dovecot-acl

@@ -0,0 +1 @@
+GID="sharedmailbox"

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/10protocols11sieve

@@ -0,0 +1,6 @@
+{
+if (($sieve{'status'} || 'disabled') eq 'enabled'){
+    $proto .= " sieve";
+}
+$OUT .= "";
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/30listener11sieve

@@ -0,0 +1,19 @@
+{
+if (($sieve{'status'} || 'enabled') eq 'enabled'){
+    my $port = $sieve{'TCPPort'} || '4190';
+    my $address = $sieve{'Listen'} || '127.0.0.1';
+    $OUT .=<<"HERE";
+
+service managesieve-login {
+  inet_listener sieve {
+    port = $port
+    address = $address
+  }
+}
+
+HERE
+}
+else {
+    $OUT .= "# Sieve is disabled";
+}
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/65pluginAcl

@@ -0,0 +1,89 @@
+{
+return "# Mailbox sharing is not enabled"
+  if (($dovecot{'SharedMailbox'} || 'disabled') eq 'disabled') && (($dovecot{'PublicMailbox'} || 'disabled') eq 'disabled');
+
+push @plugins, 'acl';
+push @imap_plugins, 'imap_acl';
+
+my $common =<<'_EOF';
+
+mail_access_groups = sharedmailbox
+
+service dict {
+  unix_listener dict {
+    mode = 0660
+    group = sharedmailbox
+  }
+}
+
+service auth {
+  unix_listener auth-userdb {
+    mode = 0660
+    group = sharedmailbox
+  }
+}
+
+service imap {
+  executable = imap imap-postlogin
+}
+
+service imap-postlogin {
+  executable = script-login -d /usr/bin/imap-postlogin
+  unix_listener imap-postlogin {
+  }
+}
+
+
+namespace {
+  type = private
+  separator = /
+  prefix =
+  inbox = yes
+}
+_EOF
+
+my $shared_mb = "\n# SharedMailbox is disabled\n";
+my $public_mb = "\n# PublicMailbox is disabled\n";
+if (($dovecot{'SharedMailbox'} || 'disabled') eq 'enabled'){
+ $shared_mb =<<'_EOF';
+namespace {
+  type = shared
+  separator = /
+  prefix = shared/%%u/
+  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
+  subscriptions = no
+  list = children
+}
+_EOF
+}
+if (($dovecot{'PublicMailbox'} || 'disabled') eq 'enabled'){
+  $public_mb =<<'_EOF';
+namespace {
+  type = public
+  separator = /
+  prefix = public/
+  location = maildir:/home/e-smith/files/public
+  subscriptions = no
+  list = children
+}
+_EOF
+}
+
+my $acl =<<'_EOF';
+plugin {
+  acl_shared_dict = file:/home/e-smith/db/dovecot/sharedmailbox.db
+}
+
+plugin {
+  acl = vfile
+}
+
+plugin {
+  acl_anyone = allow
+}
+
+_EOF
+
+push @conf, $common, $shared_mb, $public_mb, $acl;
+$OUT .= '';
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/70pluginImapSieve

@@ -0,0 +1,52 @@
+{
+# If we have imap_sieve plugin, enable it
+if (( -e '/usr/lib64/dovecot/lib95_imap_sieve_plugin.so' || -e '/usr/lib/dovecot/lib95_imap_sieve_plugin.so') &&
+    ($spamassassin{'UseBayes'} || 'disabled') =~ m/^1|on|yes|enabled$/){
+  push @imap_plugins, 'imap_sieve';
+  my $index = 1;
+  $OUT.= <<'_EOF';
+
+plugin {
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+  sieve_execute_bin_dir = /usr/libexec/dovecot
+  sieve_pipe_bin_dir = /usr/libexec/dovecot
+  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
+
+_EOF
+
+  if (($dovecot{'LearnSpam'} || 'enabled') =~ m/^1|on|yes|enabled$/){
+    $OUT.= <<"_EOF";
+  # Copy from anywhere to junkmail
+  imapsieve_mailbox$index\_name = junkmail
+  imapsieve_mailbox$index\_causes = COPY
+  imapsieve_mailbox$index\_before = file:/usr/libexec/dovecot/sieve/report-spam.sieve
+_EOF
+    $index++;
+    $OUT.= <<"_EOF";
+  imapsieve_mailbox$index\_name = Junk
+  imapsieve_mailbox$index\_causes = COPY
+  imapsieve_mailbox$index\_before = file:/usr/libexec/dovecot/sieve/report-spam.sieve
+_EOF
+    $index++;
+  }
+  if (($dovecot{'LearnHam'} || 'enabled') =~ m/^1|on|yes|enabled$/){
+    $OUT.= <<"_EOF";
+  # Copy from junkmail to anywhere
+  imapsieve_mailbox$index\_name = *
+  imapsieve_mailbox$index\_from = junkmail
+  imapsieve_mailbox$index\_causes = COPY
+  imapsieve_mailbox$index\_before = file:/usr/libexec/dovecot/sieve/report-ham.sieve
+_EOF
+    $index++;
+    $OUT.= <<"_EOF";
+  imapsieve_mailbox$index\_name = *
+  imapsieve_mailbox$index\_from = Junk
+  imapsieve_mailbox$index\_causes = COPY
+  imapsieve_mailbox$index\_before = file:/usr/libexec/dovecot/sieve/report-ham.sieve
+_EOF
+    $index++;
+  }
+
+  $OUT .= '}';
+}
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/91lda

@@ -0,0 +1,19 @@
+
+postmaster_address = postmaster@{$DomainName}
+lda_original_recipient_header = to
+
+{
+my $reason = $dovecot{'RejectMessage'} || '';
+my $subject = $dovecot{'RejectSubject'} || '';
+if ($reason ne ''){
+    $OUT .= "rejection_reason = $reason\n";
+}
+if ($subject ne ''){
+    $OUT .= "rejection_subject = $subject\n";
+}
+}
+
+protocol lda \{
+  mail_plugins = $mail_plugins {$OUT .= (($sieve{'status'} || 'disabled') eq 'enabled') ? 'sieve':''}
+\}
+

root/etc/e-smith/templates/home/e-smith/files/public/dovecot-acl/10All

@@ -0,0 +1,11 @@
+{
+
+if (($dovecot{'PublicMailbox'} || 'disabled') eq 'enabled'){
+  my @PublicMailboxAdmins = split /[,:]/, ($dovecot{PublicMailboxAdmins} || '');
+  $OUT .= "user=admin lrswtipekxa" . "\n";
+  foreach my $PublicMailboxAdmins (sort @PublicMailboxAdmins){
+    $OUT .= 'user=' . "$PublicMailboxAdmins " . 'lrswtipekxa' . "\n";  
+  }
+}
+
+}

root/usr/bin/imap-postlogin

@@ -0,0 +1,5 @@
+#!/bin/sh
+ACL_GROUPS=`groups $USER | tr ' '  ','`
+export ACL_GROUPS
+export USERDB_KEYS="$USERDB_KEYS acl_groups"
+exec "$@"

root/usr/libexec/dovecot/learn-ham.sh

@@ -0,0 +1 @@
+exec /usr/bin/spamc -L ham

root/usr/libexec/dovecot/learn-spam.sh

@@ -0,0 +1 @@
+exec /usr/bin/spamc -L spam

root/usr/libexec/dovecot/sieve/report-ham.sieve

@@ -0,0 +1,11 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+if environment :matches "imap.mailbox" "*" {
+  set "mailbox" "${1}";
+}
+if anyof (string "${mailbox}" "Trash",
+          string "${mailbox}" "junkmail",
+          string "${mailbox}" "Junk",
+          string "${mailbox}" "Éléments supprimés") {
+  stop;
+}
+pipe :copy "learn-ham.sh";

root/usr/libexec/dovecot/sieve/report-spam.sieve

@@ -0,0 +1,2 @@
+require ["vnd.dovecot.pipe", "copy"];
+pipe :copy "learn-spam.sh";

smeserver-dovecot.spec

@@ -1,5 +1,5 @@
 %define version 11.0.0
-%define release 7
+%define release 8
 %define name smeserver-dovecot
 
 
@@ -24,6 +24,7 @@ Provides: smeserver-imap
 Provides: smeserver-pop3
 Provides: e-smith-imap
 Provides: e-smith-pop3
+Provides: smeserver-dovecot-extras
 Obsoletes: e-smith-imap
 Obsoletes: e-smith-pop3
 Obsoletes: e-smith-ssl-imap
@@ -39,6 +40,9 @@ Configure the dovecot IMAP server with sieve scripts support,
 quota, ACL, extended logging, master user
 
 %changelog
+* Wed Sep 11 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
+- merge dovecot-extra [SME: 12735]
+
 * Fri Apr 05 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
 - add missing requirement for portreserve [SME: 12589]
 
@@ -225,6 +229,16 @@ perl createlinks
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
    --file /sbin/e-smith/systemd/dovecot-control 'attr(0554,root,root)'\
    --dir /var/log/dovecot 'attr(0750,smelog,smelog)' \
+   --dir /home/e-smith/db/dovecot 'attr(2770,root,sharedmailbox)' \
+   --dir /home/e-smith/files/public 'attr(2770,root,sharedmailbox)' \
+   --dir /home/e-smith/files/public/cur 'attr(2770,root,sharedmailbox)' \
+   --dir /home/e-smith/files/public/new 'attr(2770,root,sharedmailbox)' \
+   --dir /home/e-smith/files/public/tmp 'attr(2770,root,sharedmailbox)' \
+   --file /home/e-smith/db/dovecot/sharedmailbox.db 'attr(0660,root,sharedmailbox) %config(noreplace)' \
+   --file /usr/bin/imap-postlogin 'attr(0755,root,root)' \
+   --file /usr/libexec/dovecot/learn-spam.sh 'attr(0755,root,root)' \
+   --file /usr/libexec/dovecot/learn-ham.sh 'attr(0755,root,root)' \
+   --ignoredir /usr/bin \
   > %{name}-%{version}-filelist
 
 %files -f %{name}-%{version}-filelist