* Thu Apr 04 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme
- fix migrate fragment error [SME: 12548] - add support for quota-fs [SME: 11733] - fix ssl and config issues [SME: 12571] - use external dh parameter [SME: 10935]
This commit is contained in:
parent
e833d6e71d
commit
f65f3a8a6a
@ -20,7 +20,6 @@ event_link("adjust-dovecot", "smeserver-dovecot-update", "02");
|
|||||||
event_link("systemd-reload", "smeserver-dovecot-update", "89");
|
event_link("systemd-reload", "smeserver-dovecot-update", "89");
|
||||||
event_link("systemd-default", "smeserver-dovecot-update", "88");
|
event_link("systemd-default", "smeserver-dovecot-update", "88");
|
||||||
templates2events("/etc/rsyslog.conf","smeserver-dovecot-update");
|
templates2events("/etc/rsyslog.conf","smeserver-dovecot-update");
|
||||||
templates2events("/usr/lib/systemd/system/dovecot.service.d/50koozali.conf", qw(bootstrap-console-save console-save post-install post-upgrade smeserver-dovecot-update ));
|
|
||||||
|
|
||||||
# in case the ip change
|
# in case the ip change
|
||||||
safe_symlink("sigusr2", "root/etc/e-smith/events/ip-change/services2adjust/dovecot");
|
safe_symlink("sigusr2", "root/etc/e-smith/events/ip-change/services2adjust/dovecot");
|
||||||
|
@ -1,5 +1,11 @@
|
|||||||
{
|
{
|
||||||
foreach my $sservice qw(imap imaps pop3 pop3s) {
|
foreach my $sservice (qw(imap imaps pop3 pop3s)) {
|
||||||
$DB->set_prop($sservice, "type", "configuration") if $DB->${$sservice}->{type} eq "service";
|
$DB->set_prop($sservice, "type", "configuration") if ${$sservice}{type} eq "service";
|
||||||
}
|
}
|
||||||
|
# drop dovecot SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 and move to ssl_min_protocol
|
||||||
|
# drop dovecot dh
|
||||||
|
foreach my $prope (qw( SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 dh )) {
|
||||||
|
$DB->get_prop_and_delete('dovecot', $prope) if (exists $dovecot{$prope});
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -3,16 +3,11 @@ ssl_cert = </etc/dovecot/ssl/imapd.pem
|
|||||||
ssl_key = </etc/dovecot/ssl/imapd.pem
|
ssl_key = </etc/dovecot/ssl/imapd.pem
|
||||||
{
|
{
|
||||||
|
|
||||||
my $proto = '';
|
my %protos={SLv3=>1,TLSv1=>1, TLSv1.1=>1, TLSv1.2=>1,TLSv1.3=>1};
|
||||||
$proto .= ' !SSLv2' unless ($dovecot{'SSLv2'} || 'disabled') eq 'enabled';
|
my $proto = ( (exists $dovecot{'ssl_min_protocol'} ) && (exists $protos{$dovecot{'ssl_min_protocol'}} ) ) ? $dovecot{'ssl_min_protocol'} : 'TLSv1.2';
|
||||||
$proto .= ' !SSLv3' unless ($dovecot{'SSLv3'} || 'disabled') eq 'enabled';
|
|
||||||
$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'disabled') eq 'enabled';
|
|
||||||
$proto .= ' !TLSv1.1' unless ($dovecot{'TLSv1.1'} || 'disabled') eq 'enabled';
|
|
||||||
$proto .= ' !TLSv1.2' unless ($dovecot{'TLSv1.2'} || 'enabled') eq 'enabled';
|
|
||||||
|
|
||||||
my $dh = $dovecot{'dh'} || '4096';
|
$OUT .= "ssl_dh=</etc/dovecot/ssl/dhparam.pem\n";
|
||||||
$OUT .= "ssl_dh_parameters_length = $dh\n";
|
$OUT .= "ssl_min_protocol = $proto\n" if ($proto ne '');
|
||||||
$OUT .= "ssl_protocols = $proto\n" if ($proto ne '');
|
|
||||||
$OUT .= "ssl_prefer_server_ciphers = yes\n";
|
$OUT .= "ssl_prefer_server_ciphers = yes\n";
|
||||||
$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";
|
$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";
|
||||||
|
|
||||||
|
@ -1,2 +0,0 @@
|
|||||||
[Install]
|
|
||||||
WantedBy=sme-server.target
|
|
4
root/sbin/e-smith/systemd/dovecot-control
Normal file
4
root/sbin/e-smith/systemd/dovecot-control
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Create dhparam
|
||||||
|
[ -e /etc/dovecot/ssl/dhparam.pem ] || \
|
||||||
|
RANDFILE=/dev/null /usr/bin/openssl dhparam -out /etc/dovecot/ssl/dhparam.pem 2048
|
@ -6,5 +6,13 @@ ExecStartPre=-/sbin/e-smith/service-status dovecot
|
|||||||
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/dovecot.conf
|
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/dovecot.conf
|
||||||
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/master.users
|
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/master.users
|
||||||
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/ssl/imapd.pem
|
ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/ssl/imapd.pem
|
||||||
|
ExecStartPre=-/sbin/e-smith/systemd/dovecot-control
|
||||||
ExecStartPre=-/usr/sbin/portrelease dovecot
|
ExecStartPre=-/usr/sbin/portrelease dovecot
|
||||||
Restart=always
|
Restart=always
|
||||||
|
#SME:11733 needed for Dovecot quota-fs https://doc.dovecot.org/configuration_manual/quota/quota_fs/
|
||||||
|
PrivateDevices=off
|
||||||
|
#allow our expand-templates
|
||||||
|
PermissionsStartOnly=true
|
||||||
|
[Install]
|
||||||
|
WantedBy=sme-server.target
|
||||||
|
|
@ -1,5 +1,5 @@
|
|||||||
%define version 11.0.0
|
%define version 11.0.0
|
||||||
%define release 5
|
%define release 6
|
||||||
%define name smeserver-dovecot
|
%define name smeserver-dovecot
|
||||||
|
|
||||||
|
|
||||||
@ -38,6 +38,12 @@ Configure the dovecot IMAP server with sieve scripts support,
|
|||||||
quota, ACL, extended logging, master user
|
quota, ACL, extended logging, master user
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 04 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme
|
||||||
|
- fix migrate fragment error [SME: 12548]
|
||||||
|
- add support for quota-fs [SME: 11733]
|
||||||
|
- fix ssl and config issues [SME: 12571]
|
||||||
|
- use external dh parameter [SME: 10935]
|
||||||
|
|
||||||
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-5.sme
|
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-5.sme
|
||||||
- Set license file to GPL2.0 [SME: 12577]
|
- Set license file to GPL2.0 [SME: 12577]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user