* Thu Apr 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme

- add listening deamon on submission port 587 [SME: 6510] - move qpsmtpd daemons to full systemd supervision [SME: 12615] - separate configuration for the 3 qpsmtpd daemons [SME: 12451] increase default TLS version on u/sqpsmtpd as auth is required - increase Softlimit to 150M [SME: 12638] - remove old qmail templates [SME: 9492] template for /var/qmail/control/{badrcptto,badmailfrom,rcpthosts} also import template for config/badmailfrom from smeserver-wbl TODO organize peers content for u and s qpsmtpd TODO check if more config modules needs per service config
2024-04-25 17:24:35 -04:00
parent 2f7fb945df
commit 5b40bfd4f1
114 changed files with 589 additions and 431 deletions
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_before_auth/10Auth
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_before_auth/10Auth
@@ -0,0 +1,2 @@
+# The next line should be set to 0 if you want to offer AUTH without TLS
+1
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_ciphers/10ciphers
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_ciphers/10ciphers
@@ -0,0 +1,5 @@
+{
+    # When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
+    return $sqpsmtpd{tlsCipher} || $uqpsmtpd{tlsCipher} ||$modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
+}
+
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols
@@ -0,0 +1,9 @@
+{
+$OUT .= 'SSLv23';
+$OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
+$OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1.1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1.2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1.3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
+}
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/00preamble
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/00preamble
@@ -1,4 +0,0 @@
-# This templated file is sourced by the sqpsmtpd run
-# file. Shell variables can be set here for use by the run
-# script, or environment variables can be exported for use
-# by sqpsmtpd.
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/INSTANCES
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/INSTANCES
@@ -1,3 +0,0 @@
-{
-    return "INSTANCES=" . ($sqpsmtpd{Instances} || $qpsmtpd{Instances} || "10");
-}
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/INSTANCES_PER_IP
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/INSTANCES_PER_IP
@@ -1,4 +0,0 @@
-{
-    return "INSTANCES_PER_IP=" . 
-	($sqpsmtpd{InstancesPerIP} || $qpsmtpd{InstancesPerIP} || "5");
-}
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/PATH
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/PATH
@@ -1 +0,0 @@
-export PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/PORT
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/PORT
@@ -1,3 +0,0 @@
-{
-    return "export PORT=" . (${sqpsmtpd}{TCPPort} || "465");
-}
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/SOFTLIMIT
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/SOFTLIMIT
@@ -1,3 +0,0 @@
-{
-    return "SOFTLIMIT=" . ($sqpsmtpd{Softlimit} || $qpsmtpd{Softlimit} || "50000000");
-}
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/TCPLOCALHOST
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/runenv/TCPLOCALHOST
@@ -1,3 +0,0 @@
-{
-    return "export TCPLOCALHOST=$SystemName.$DomainName";
-}
				`@@ -1 +0,0 @@`
				`export PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin`