* Thu Apr 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme

- add listening deamon on submission port 587 [SME: 6510]
- move qpsmtpd daemons to full systemd supervision [SME: 12615]
- separate configuration for the 3 qpsmtpd daemons [SME: 12451]
  increase default TLS version on u/sqpsmtpd as auth is required
- increase Softlimit  to 150M [SME: 12638]
- remove old qmail templates [SME: 9492]
  template for /var/qmail/control/{badrcptto,badmailfrom,rcpthosts}
  also import template for config/badmailfrom from smeserver-wbl
TODO organize peers content for u and s qpsmtpd
TODO check if more config modules needs per service config

root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_before_auth/10Auth

@@ -0,0 +1,2 @@
+# The next line should be set to 0 if you want to offer AUTH without TLS
+1

root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_ciphers/10ciphers

@@ -0,0 +1,5 @@
+{
+    # When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
+    return $sqpsmtpd{tlsCipher} || $uqpsmtpd{tlsCipher} ||$modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
+}
+

root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols

@@ -0,0 +1,9 @@
+{
+$OUT .= 'SSLv23';
+$OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
+$OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1.1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1.2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1.3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
+}