smeserver/smeserver-dovecot
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Thu Apr 04 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme

Browse Source 
- fix migrate fragment error  [SME: 12548]
- add support for quota-fs [SME: 11733]
- fix ssl and config issues [SME: 12571]
- use external dh parameter [SME: 10935]
This commit is contained in:
Jean-Philippe Pialasse
2024-04-05 00:38:53 -04:00
parent e833d6e71d
commit f65f3a8a6a
7 changed files with 31 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
root/etc/e-smith/templates/etc/dovecot/dovecot.conf/35ssl
View File

@@ -3,16 +3,11 @@ ssl_cert = </etc/dovecot/ssl/imapd.pem
ssl_key = </etc/dovecot/ssl/imapd.pem
{
my $proto = '';
$proto .= ' !SSLv2' unless ($dovecot{'SSLv2'} || 'disabled') eq 'enabled';
$proto .= ' !SSLv3' unless ($dovecot{'SSLv3'} || 'disabled') eq 'enabled';
$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'disabled') eq 'enabled';
$proto .= ' !TLSv1.1' unless ($dovecot{'TLSv1.1'} || 'disabled') eq 'enabled';
$proto .= ' !TLSv1.2' unless ($dovecot{'TLSv1.2'} || 'enabled') eq 'enabled';
my %protos={SLv3=>1,TLSv1=>1, TLSv1.1=>1, TLSv1.2=>1,TLSv1.3=>1};
my $proto = ( (exists $dovecot{'ssl_min_protocol'} ) && (exists $protos{$dovecot{'ssl_min_protocol'}} ) ) ? $dovecot{'ssl_min_protocol'} : 'TLSv1.2';
my $dh = $dovecot{'dh'} || '4096';
$OUT .= "ssl_dh_parameters_length = $dh\n";
$OUT .= "ssl_protocols = $proto\n" if ($proto ne '');
$OUT .= "ssl_dh=</etc/dovecot/ssl/dhparam.pem\n";
$OUT .= "ssl_min_protocol = $proto\n" if ($proto ne '');
$OUT .= "ssl_prefer_server_ciphers = yes\n";
$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";

10
root/etc/e-smith/templates/usr/lib/systemd/system/dovecot.service.d/50koozali.conf/40service
View File

@@ -1,10 +0,0 @@
[Service]
#first we reset the ExecStartPre
ExecStartPre=
#our needs
ExecStartPre=-/sbin/e-smith/service-status dovecot
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/dovecot.conf
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/master.users
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/ssl/imapd.pem
ExecStartPre=-/usr/sbin/portrelease dovecot
Restart=always

2
root/etc/e-smith/templates/usr/lib/systemd/system/dovecot.service.d/50koozali.conf/80install
View File

@@ -1,2 +0,0 @@
[Install]
WantedBy=sme-server.target