* Thu Apr 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme

- add listening deamon on submission port 587 [SME: 6510]
- move qpsmtpd daemons to full systemd supervision [SME: 12615]
- separate configuration for the 3 qpsmtpd daemons [SME: 12451]
  increase default TLS version on u/sqpsmtpd as auth is required
- increase Softlimit  to 150M [SME: 12638]
- remove old qmail templates [SME: 9492]
  template for /var/qmail/control/{badrcptto,badmailfrom,rcpthosts}
  also import template for config/badmailfrom from smeserver-wbl
TODO organize peers content for u and s qpsmtpd
TODO check if more config modules needs per service config
This commit is contained in:
Jean-Philippe Pialasse 2024-04-25 17:24:35 -04:00
parent 2f7fb945df
commit 5b40bfd4f1
114 changed files with 589 additions and 431 deletions

View File

@ -2,7 +2,7 @@
use esmith::Build::CreateLinks qw(:all); use esmith::Build::CreateLinks qw(:all);
foreach $event (qw( foreach my $event (qw(
email-update email-update
domain-modify domain-modify
domain-create domain-create
@ -15,39 +15,6 @@ foreach $event (qw(
} }
my $service = "/var/service/qpsmtpd"; my $service = "/var/service/qpsmtpd";
foreach $event (qw(
network-create
network-delete
smeserver-qpsmtpd-update
))
{
templates2events("$service/config/relayclients", $event);
}
foreach $event (qw(
bootstrap-console-save
console-save
email-update
network-create
network-delete
smeserver-qpsmtpd-update
))
{
templates2events("$service/peers/0", $event);
templates2events("$service/peers/local", $event);
templates2events("$service/config/peers/0", $event);
templates2events("$service/config/peers/local", $event);
}
templates2events("$service/runenv", qw(
bootstrap-console-save
console-save
email-update
smeserver-qpsmtpd-update
));
templates2events("$service/ssl/cert.pem", qw( templates2events("$service/ssl/cert.pem", qw(
bootstrap-console-save bootstrap-console-save
console-save console-save
@ -67,42 +34,29 @@ templates2events($_, qw(
/home/e-smith/dkim_keys/default/selector /home/e-smith/dkim_keys/default/selector
)); ));
my $secure_service = "/var/service/sqpsmtpd"; #### start do this for qpsmtpd /sqpsmtpd/ uqpsmtpd
for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
{
$service = "/var/service/$daemon";
my $config = "$service/config"
templates2events("$secure_service/runenv", qw( foreach $event (qw(
bootstrap-console-save bootstrap-console-save
console-save console-save
email-update email-update
network-create
network-delete
smeserver-qpsmtpd-update smeserver-qpsmtpd-update
)); ))
{
templates2events("$service/peers/0", $event);
templates2events("$service/peers/local", $event);
my $control = "/var/qmail/control"; templates2events("$service/config/peers/0", $event);
templates2events("$control/badmailfrom", qw( templates2events("$service/config/peers/local", $event);
bootstrap-console-save }
console-save
email-update
smeserver-qpsmtpd-update
));
templates2events("$control/badrcptto", qw(
bootstrap-console-save
console-save
email-update
domain-create
domain-delete
user-create
user-delete
user-modify
group-create
group-delete
group-modify
pseudonym-create
pseudonym-delete
pseudonym-modify
smeserver-qpsmtpd-update
));
my $config = "/var/service/qpsmtpd/config"; templates2events("$config/$_", qw(
templates2events("$config/$_", qw(
bootstrap-console-save bootstrap-console-save
console-save console-save
email-update email-update
@ -113,6 +67,7 @@ templates2events("$config/$_", qw(
badhelo badhelo
badrcptto badrcptto
badrcptto_ext badrcptto_ext
badmailfrom
dnsbl_zones dnsbl_zones
dnsbl_allow dnsbl_allow
uribl_zones uribl_zones
@ -133,7 +88,8 @@ templates2events("$config/$_", qw(
tls_ciphers tls_ciphers
tls_protocols tls_protocols
)); ));
templates2events("$config/badrcptto_ext", qw(
templates2events("$config/badrcptto_ext", qw(
domain-create domain-create
domain-delete domain-delete
user-create user-create
@ -148,7 +104,13 @@ templates2events("$config/badrcptto_ext", qw(
smeserver-qpsmtpd-update smeserver-qpsmtpd-update
)); ));
templates2events("$config/$_", qw( templates2events("$config/relayclients", qw(
network-create
network-delete
smeserver-qpsmtpd-update
));
templates2events("$config/$_", qw(
ssl-update ssl-update
smeserver-qpsmtpd-update smeserver-qpsmtpd-update
)) ))
@ -158,9 +120,9 @@ templates2events("$config/$_", qw(
tls_protocols tls_protocols
)); ));
templates2events("$config/badhelo", 'ip-change'); templates2events("$config/badhelo", 'ip-change');
templates2events("$config/goodrcptto", qw( templates2events("$config/goodrcptto", qw(
bootstrap-console-save bootstrap-console-save
email-update email-update
domain-create domain-create
@ -177,8 +139,8 @@ templates2events("$config/goodrcptto", qw(
smeserver-qpsmtpd-update smeserver-qpsmtpd-update
)); ));
safe_touch("root/etc/e-smith/templates/$config/forcespamcheck/template-begin"); safe_touch("root/etc/e-smith/templates/$config/forcespamcheck/template-begin");
templates2events("$config/forcespamcheck", qw( templates2events("$config/forcespamcheck", qw(
bootstrap-console-save bootstrap-console-save
email-update email-update
domain-create domain-create
@ -196,25 +158,34 @@ templates2events("$config/forcespamcheck", qw(
)); ));
safe_symlink("restart",
for my $daemon ( qw(qpsmtpd sqpsmtpd) )
{
safe_symlink("sighup",
"root/etc/e-smith/events/email-update/services2adjust/$daemon"); "root/etc/e-smith/events/email-update/services2adjust/$daemon");
safe_symlink("sighup", safe_symlink("sighup",
"root/etc/e-smith/events/ssl-update/services2adjust/$daemon"); "root/etc/e-smith/events/ssl-update/services2adjust/$daemon");
for my $event (qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
{
templates2events("/usr/lib/systemd/system/$daemon.service.d/50koozali.conf", $event);
}
} }
#######end of per config dir
for my $event ( qw(network-create network-delete) ) for my $event ( qw(network-create network-delete) )
{ {
safe_symlink("sigusr1", safe_symlink("sigusr1",
"root/etc/e-smith/events/$event/services2adjust/qpsmtpd"); "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
safe_symlink("sigusr1",
"root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
safe_symlink("sigusr1",
"root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
} }
my $event = 'smeserver-qpsmtpd-update'; my $event = 'smeserver-qpsmtpd-update';
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd"); safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd"); safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd")
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event); templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
event_link("systemd-reload", $event, "89"); event_link("systemd-reload", $event, "89");
event_link("systemd-default", $event, "88"); event_link("systemd-default", $event, "88");

View File

@ -0,0 +1 @@
enabled

View File

@ -0,0 +1 @@
10

View File

@ -0,0 +1 @@
587

View File

@ -0,0 +1 @@
public

View File

@ -0,0 +1 @@
enabled

View File

@ -0,0 +1 @@
service

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/IP"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/badhelo"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/badmailfrom"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/badrcptto"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/badrcptto_ext"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/dnsbl_allow"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/dnsbl_zones"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/forcespamcheck"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/goodrcptto"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/invalid_resolvable_fromhost"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/loglevel"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/memory_threshold"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/norelayclients"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/plugin_dirs"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1 @@
OUTPUT_FILENAME="/var/service/sqpsmtpd/config/peers/0"

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/relayclients"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/rhsbl_zones"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/signatures_patterns"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/smtpgreeting"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/spool_dir"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/subject_prefix"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/timeout"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/timeoutsmtpd"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/uribl_zones"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,2 @@
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('qpsmtpd')->prop('access') eq "private") ? "000" : "0644"
TEMPLATE_PATH="/var/service/qpsmtpd/peers/0"

View File

@ -0,0 +1,2 @@
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('qpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/home/e-smith/ssl.pem"
OUTPUT_FILENAME="/var/service/qpsmtpd/ssl/cert.pem"
GID="qpsmtpd"
PERMS=0640

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/IP"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/badhelo"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/badmailfrom"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/badrcptto"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/badrcptto_ext"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/dnsbl_allow"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/dnsbl_zones"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/forcespamcheck"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/goodrcptto"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/invalid_resolvable_fromhost"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/loglevel"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/memory_threshold"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/norelayclients"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/plugin_dirs"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1 @@
OUTPUT_FILENAME="/var/service/uqpsmtpd/config/peers/0"

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/relayclients"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/rhsbl_zones"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/signatures_patterns"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/smtpgreeting"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/spool_dir"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/subject_prefix"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/timeout"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/timeoutsmtpd"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/uribl_zones"
UID="root"
GID="root"
PERMS=0644

View File

@ -0,0 +1,2 @@
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('access') eq "private") ? "000" : "0644"
TEMPLATE_PATH="/var/service/qpsmtpd/peers/0"

View File

@ -0,0 +1,2 @@
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"

View File

@ -0,0 +1,4 @@
TEMPLATE_PATH="/home/e-smith/ssl.pem"
OUTPUT_FILENAME="/var/service/qpsmtpd/ssl/cert.pem"
GID="qpsmtpd"
PERMS=0640

View File

@ -0,0 +1,10 @@
#qpsmtpd
:programname, startswith, "qpsmtpd" /var/log/qpsmtpd/qpsmtpd.log
& stop
:programname, startswith, "sqpsmtpd" /var/log/sqpsmtpd/sqpsmtpd.log
& stop
:programname, startswith, "uqpsmtpd" /var/log/uqpsmtpd/uqpsmtpd.log
& stop

View File

@ -0,0 +1,14 @@
[Service]
LimitDATA={$qpsmtpd{Softlimit} || "150000000"}
LimitSTACK={$qpsmtpd{Softlimit} || "150000000"}
LimitMEMLOCK={$qpsmtpd{Softlimit} || "150000000"}
Environment=
Environment={
$OUT = "QPSMTPD_CONFIG=/var/service/qpsmtpd/config";
$OUT .= " PORT=". ($qpsmtpd{TCPPort} || "25");
$OUT .= " INSTANCES=" . ($qpsmtpd{Instances} || "40");
$OUT .= " INSTANCES_PER_IP=" . ($qpsmtpd{InstancesPerIP} || "5");
$OUT .= " PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin";
$OUT .= " TCPLOCALHOST=$SystemName.$DomainName";
}

View File

@ -0,0 +1,14 @@
[Service]
LimitDATA={$sqpsmtpd{Softlimit} || $qpsmtpd{Softlimit} || "150000000"}
LimitSTACK={$sqpsmtpd{Softlimit} || $qpsmtpd{Softlimit} || "150000000"}
LimitMEMLOCK={$sqpsmtpd{Softlimit} || $qpsmtpd{Softlimit} || "150000000"}
Environment=
Environment={
$OUT = "QPSMTPD_CONFIG=/var/service/sqpsmtpd/config";
$OUT .= " PORT=". ($sqpsmtpd{TCPPort} || "465");
$OUT .= " INSTANCES=" . ($sqpsmtpd{Instances} || $qpsmtpd{Instances} || "40");
$OUT .= " INSTANCES_PER_IP=" . ($sqpsmtpd{InstancesPerIP} || $qpsmtpd{InstancesPerIP} ||"5");
$OUT .= " PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin";
$OUT .= " TCPLOCALHOST=$SystemName.$DomainName";
}

View File

@ -0,0 +1,14 @@
[Service]
LimitDATA={$uqpsmtpd{Softlimit} || $qpsmtpd{Softlimit} || "150000000"}
LimitSTACK={$uqpsmtpd{Softlimit} || $qpsmtpd{Softlimit} || "150000000"}
LimitMEMLOCK={$uqpsmtpd{Softlimit} || $qpsmtpd{Softlimit} || "150000000"}
Environment=
Environment={
$OUT = "QPSMTPD_CONFIG=/var/service/uqpsmtpd/config";
$OUT .= " PORT=". ($uqpsmtpd{TCPPort} || "587");
$OUT .= " INSTANCES=" . ($uqpsmtpd{Instances} || $qpsmtpd{Instances} || "40");
$OUT .= " INSTANCES_PER_IP=" . ($uqpsmtpd{InstancesPerIP} || $qpsmtpd{InstancesPerIP} ||"5");
$OUT .= " PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin";
$OUT .= " TCPLOCALHOST=$SystemName.$DomainName";
}

View File

@ -1,9 +0,0 @@
{
require esmith::AccountsDB;
require esmith::DomainsDB;
%Accounts = esmith::AccountsDB->as_hash;
%Domains = esmith::DomainsDB->as_hash;
"";
}

View File

@ -1,16 +0,0 @@
{
foreach my $account ( keys %Accounts )
{
next unless ( exists $Accounts{$account}{Visible}
and $Accounts{$account}{Visible} eq "internal" );
$OUT .= "$account\n";
$OUT .= "$account\@$DomainName\n";
foreach my $domain ( keys %Domains )
{
next unless $Domains{$domain}{type} eq "domain";
$OUT .= "$account\@$domain\n";
}
}
}

View File

@ -1,14 +0,0 @@
{
use esmith::DomainsDB;
my $ddb = esmith::DomainsDB->open_ro or die "Couldn't open DomainsDB\n";
my @rcpt_hosts = ( "$SystemName.$DomainName" );
foreach my $domain ( $ddb->get_all_by_prop( type => "domain" ) )
{
push @rcpt_hosts, $domain->key;
}
$OUT = join "\n", @rcpt_hosts;
}

View File

@ -1,5 +0,0 @@
{
return "" unless (defined $ExternalIP);
return "[$ExternalIP]";
}

View File

@ -1,6 +1,6 @@
{ {
$OUT .= ''; $OUT .= '';
foreach my $alias ( $a->users, $a->groups, $a->pseudonyms ){ foreach my $alias ( $a->users, $a->groups, $a->pseudonyms, $a->get_all_by_prop(type =>"system") ){
next unless ( $alias->prop('Visible') || '') =~ m/^(internal|none)$/i; next unless ( $alias->prop('Visible') || '') =~ m/^(internal|none)$/i;
$OUT .= $alias->key . "\n" and next if $alias->key =~ m/@/; $OUT .= $alias->key . "\n" and next if $alias->key =~ m/@/;

View File

@ -5,4 +5,5 @@ $OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled'; $OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled'; $OUT .= ':!TLSv1.1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled'; $OUT .= ':!TLSv1.2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
} }

View File

@ -0,0 +1,2 @@
# The next line should be set to 0 if you want to offer AUTH without TLS
1

View File

@ -0,0 +1,5 @@
{
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
return $sqpsmtpd{tlsCipher} || $uqpsmtpd{tlsCipher} ||$modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
}

View File

@ -0,0 +1,9 @@
{
$OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1.1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1.2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
}

View File

@ -1,4 +0,0 @@
# This templated file is sourced by the sqpsmtpd run
# file. Shell variables can be set here for use by the run
# script, or environment variables can be exported for use
# by sqpsmtpd.

View File

@ -1,3 +0,0 @@
{
return "INSTANCES=" . ($sqpsmtpd{Instances} || $qpsmtpd{Instances} || "10");
}

View File

@ -1,4 +0,0 @@
{
return "INSTANCES_PER_IP=" .
($sqpsmtpd{InstancesPerIP} || $qpsmtpd{InstancesPerIP} || "5");
}

View File

@ -1 +0,0 @@
export PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin

View File

@ -1,3 +0,0 @@
{
return "export PORT=" . (${sqpsmtpd}{TCPPort} || "465");
}

View File

@ -1,3 +0,0 @@
{
return "SOFTLIMIT=" . ($sqpsmtpd{Softlimit} || $qpsmtpd{Softlimit} || "50000000");
}

View File

@ -1,3 +0,0 @@
{
return "export TCPLOCALHOST=$SystemName.$DomainName";
}

View File

@ -0,0 +1,2 @@
# The next line should be set to 0 if you want to offer AUTH without TLS
1

View File

@ -0,0 +1,5 @@
{
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
return $uqpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
}

View File

@ -0,0 +1,9 @@
{
$OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1.1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1.2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
}

View File

@ -0,0 +1,17 @@
/var/log/qpsmtpd/qpsmtpd.log
/var/log/sqpsmtpd/sqpsmtpd.log
/var/log/uqpsmtpd/uqpsmtpd.log{
weekly
rotate 4
missingok
notifempty
compress
delaycompress
sharedscripts
su root root
create 600 root root
postrotate
/usr/bin/systemctl try-restart qpsmtpd.service sqpsmtpd.service uqpsmtpd.service >/dev/null 2>&1 || true
endscript
}

View File

@ -2,6 +2,7 @@
#---------------------------------------------------------------------- #----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation # copyright (C) 1999-2005 Mitel Networks Corporation
# Copyright (C) 2005-2006 Gordon Rowell <gordonr@gormand.com.au> # Copyright (C) 2005-2006 Gordon Rowell <gordonr@gormand.com.au>
# Copyright (C) 2013-2024 SME Server Koozali foundation
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -17,14 +18,13 @@
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#---------------------------------------------------------------------- #----------------------------------------------------------------------
ServiceName=$1
exec 2>&1 export QPSMTPD_CONFIG=/var/service/$ServiceName/config
[ -f ./runenv ] && . ./runenv /sbin/e-smith/systemd/qpsmtpd-tcpsvd $ServiceName
export QPSMTPD_CONFIG=/var/service/qpsmtpd/config #cleanup pre SME10
./control/1
[ -e /var/service/qpsmtpd/config/databytes ] && \ [ -e /var/service/qpsmtpd/config/databytes ] && \
rm -f /var/service/qpsmtpd/config/databytes rm -f /var/service/qpsmtpd/config/databytes
[ -e /var/service/qpsmtpd/config/badrcptto_patterns ] && \ [ -e /var/service/qpsmtpd/config/badrcptto_patterns ] && \
@ -51,23 +51,3 @@ export QPSMTPD_CONFIG=/var/service/qpsmtpd/config
chmod 640 /var/lib/qpsmtpd/dmarc/reports.sqlite chmod 640 /var/lib/qpsmtpd/dmarc/reports.sqlite
) )
exec /usr/bin/softlimit -d ${SOFTLIMIT:-50000000} -s ${SOFTLIMIT:-50000000} -l ${SOFTLIMIT:-50000000} \
/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \
-p ${PORT:-25} \
-c ${INSTANCES:-40} \
-m ${INSTANCES_PER_IP:-5}
#sub usage {
# print <<"EOT";
#usage: qpsmtpd-forkserver [ options ]
# -l, --listen-address addr : listen on a specific address; default 0.0.0.0
# -p, --port P : listen on a specific port; default 2525
# -c, --limit-connections N : limit concurrent connections to N; default 15
# -u, --user U : run as a particular user (defualt 'smtpd')
# -m, --max-from-ip M : limit connections from a single IP; default 5
#EOT
# exit 0;
#}
#

View File

@ -2,6 +2,7 @@
#---------------------------------------------------------------------- #----------------------------------------------------------------------
# copyright (C) 2005 Mitel Networks Corporation # copyright (C) 2005 Mitel Networks Corporation
# Copyright (C) 2006 Gordon Rowell <gordonr@gormand.com.au> # Copyright (C) 2006 Gordon Rowell <gordonr@gormand.com.au>
# Copyright (C) 2024 Koozali Foundation Inc.
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -19,8 +20,8 @@
#---------------------------------------------------------------------- #----------------------------------------------------------------------
use esmith::tcpsvd; use esmith::tcpsvd;
my $ServiceName = shift || "qpsmtpd";
esmith::tcpsvd::configure_peers('qpsmtpd'); esmith::tcpsvd::configure_peers($ServiceName);
esmith::tcpsvd::configure_peers('qpsmtpd', '/var/service/qpsmtpd/config/peers'); esmith::tcpsvd::configure_peers($ServiceName, "/var/service/$ServiceName/config/peers");
exit(0); exit(0);

View File

@ -1 +0,0 @@
/var/service/qpsmtpd

View File

@ -1 +0,0 @@
/var/service/sqpsmtpd

View File

@ -1,16 +1,26 @@
[Unit] [Unit]
Description=qpsmtpd Description=qpsmtpd
After=network.target After=network.target network-online.target
Conflicts=proqpsmtpdd.service
Requires=runit.service
[Service] [Service]
Type=oneshot Type=simple
LimitDATA=150000000
LimitSTACK=150000000
LimitMEMLOCK=150000000
Environment=PORT=25 INSTANCES=40 INSTANCES_PER_IP=5 QPSMTPD_CONFIG=/var/service/qpsmtpd/config PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin TCPLOCALHOST=me
WorkingDirectory=/var/service/qpsmtpd/
ExecStartPre=/sbin/e-smith/service-status qpsmtpd ExecStartPre=/sbin/e-smith/service-status qpsmtpd
ExecStart=/usr/bin/sv u /service/qpsmtpd ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStop=/usr/bin/sv stop /service/qpsmtpd ExecStart=/usr/bin/qpsmtpd-forkserver \
ExecReload=/usr/bin/sv h /service/qpsmtpd -u qpsmtpd \
RemainAfterExit=yes -l 0.0.0.0 \
-p $PORT \
-c $INSTANCES \
-m $INSTANCES_PER_IP
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=20s
[Install] [Install]
WantedBy=sme-server.target WantedBy=sme-server.target

View File

@ -1,16 +1,26 @@
[Unit] [Unit]
Description=sqpsmtpd Description=qpsmtpd
After=network.target After=network.target network-online.target qpsmtpd.service
Conflicts=prosqpsmtpdd.service
Requires=runit.service
[Service] [Service]
Type=oneshot Type=simple
ExecStartPre=/sbin/e-smith/service-status sqpsmtpd LimitDATA=150000000
ExecStart=/usr/bin/sv u /service/sqpsmtpd LimitSTACK=150000000
ExecStop=/usr/bin/sv stop /service/sqpsmtpd LimitMEMLOCK=150000000
ExecReload=/usr/bin/sv h /service/sqpsmtpd Environment=PORT=465 INSTANCES=40 INSTANCES_PER_IP=5 QPSMTPD_CONFIG=/var/service/sqpsmtpd/config PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin TCPLOCALHOST=me
RemainAfterExit=yes WorkingDirectory=/var/service/qpsmtpd/
ExecStartPre=/sbin/e-smith/service-status qpsmtpd
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStart=/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \
-p $PORT \
-c $INSTANCES \
-m $INSTANCES_PER_IP
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=20s
[Install] [Install]
WantedBy=sme-server.target WantedBy=sme-server.target

View File

@ -0,0 +1,26 @@
[Unit]
Description=qpsmtpd on submission port
After=network.target network-online.target qpsmtpd.service
[Service]
Type=simple
LimitDATA=150000000
LimitSTACK=150000000
LimitMEMLOCK=150000000
Environment=PORT=587 INSTANCES=40 INSTANCES_PER_IP=5 QPSMTPD_CONFIG=/var/service/uqpsmtpd/config PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin TCPLOCALHOST=me
WorkingDirectory=/var/service/qpsmtpd/
ExecStartPre=/sbin/e-smith/service-status uqpsmtpd
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStart=/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \
-p $PORT \
-c $INSTANCES \
-m $INSTANCES_PER_IP
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=20s
[Install]
WantedBy=sme-server.target

Some files were not shown because too many files have changed in this diff Show More