* Thu Apr 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
- add listening deamon on submission port 587 [SME: 6510] - move qpsmtpd daemons to full systemd supervision [SME: 12615] - separate configuration for the 3 qpsmtpd daemons [SME: 12451] increase default TLS version on u/sqpsmtpd as auth is required - increase Softlimit to 150M [SME: 12638] - remove old qmail templates [SME: 9492] template for /var/qmail/control/{badrcptto,badmailfrom,rcpthosts} also import template for config/badmailfrom from smeserver-wbl TODO organize peers content for u and s qpsmtpd TODO check if more config modules needs per service config
This commit is contained in:
parent
5b40bfd4f1
commit
c0392201a0
20
createlinks
20
createlinks
@ -1,8 +1,12 @@
|
||||
#!/usr/bin/perl -w
|
||||
|
||||
use esmith::Build::CreateLinks qw(:all);
|
||||
my $event;
|
||||
my $service;
|
||||
my $daemon;
|
||||
my $config;
|
||||
|
||||
foreach my $event (qw(
|
||||
foreach $event (qw(
|
||||
email-update
|
||||
domain-modify
|
||||
domain-create
|
||||
@ -14,7 +18,7 @@ foreach my $event (qw(
|
||||
event_link("domains-update-dkim", $event, "30");
|
||||
}
|
||||
|
||||
my $service = "/var/service/qpsmtpd";
|
||||
$service = "/var/service/qpsmtpd";
|
||||
templates2events("$service/ssl/cert.pem", qw(
|
||||
bootstrap-console-save
|
||||
console-save
|
||||
@ -35,10 +39,10 @@ templates2events($_, qw(
|
||||
));
|
||||
|
||||
#### start do this for qpsmtpd /sqpsmtpd/ uqpsmtpd
|
||||
for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
|
||||
for $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
|
||||
{
|
||||
$service = "/var/service/$daemon";
|
||||
my $config = "$service/config"
|
||||
$config = "$service/config";
|
||||
|
||||
foreach $event (qw(
|
||||
bootstrap-console-save
|
||||
@ -163,7 +167,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
|
||||
safe_symlink("sighup",
|
||||
"root/etc/e-smith/events/ssl-update/services2adjust/$daemon");
|
||||
|
||||
for my $event (qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
|
||||
for $event ( qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
|
||||
{
|
||||
templates2events("/usr/lib/systemd/system/$daemon.service.d/50koozali.conf", $event);
|
||||
}
|
||||
@ -172,7 +176,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
|
||||
}
|
||||
#######end of per config dir
|
||||
|
||||
for my $event ( qw(network-create network-delete) )
|
||||
for $event ( qw(network-create network-delete) )
|
||||
{
|
||||
safe_symlink("sigusr1",
|
||||
"root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
|
||||
@ -182,10 +186,10 @@ for my $event ( qw(network-create network-delete) )
|
||||
"root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
|
||||
}
|
||||
|
||||
my $event = 'smeserver-qpsmtpd-update';
|
||||
$event = 'smeserver-qpsmtpd-update';
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd")
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
|
||||
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
|
||||
event_link("systemd-reload", $event, "89");
|
||||
event_link("systemd-default", $event, "88");
|
||||
|
@ -1 +1,2 @@
|
||||
OUTPUT_FILENAME="/var/service/sqpsmtpd/config/peers/0"
|
||||
TEMPLATE_PATH="/var/service/sqpsmtpd/config/peers/0"
|
||||
|
@ -0,0 +1,2 @@
|
||||
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('sqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
|
||||
TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"
|
@ -1,2 +0,0 @@
|
||||
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('qpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
|
||||
TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"
|
@ -1 +1,2 @@
|
||||
OUTPUT_FILENAME="/var/service/uqpsmtpd/config/peers/0"
|
||||
TEMPLATE_PATH="/var/service/uqpsmtpd/config/peers/0"
|
||||
|
@ -1,2 +1,2 @@
|
||||
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
|
||||
TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"
|
||||
TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"
|
@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
|
||||
$OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
}
|
||||
|
@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
|
||||
$OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
}
|
||||
|
@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
|
||||
$OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1.3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
}
|
||||
|
0
root/var/service/sqpsmtpd/peers/.gitignore
vendored
Normal file
0
root/var/service/sqpsmtpd/peers/.gitignore
vendored
Normal file
0
root/var/service/uqpsmtpd/peers/.gitignore
vendored
Normal file
0
root/var/service/uqpsmtpd/peers/.gitignore
vendored
Normal file
@ -958,6 +958,11 @@ TODO check if more config modules needs per service config
|
||||
|
||||
%build
|
||||
perl createlinks
|
||||
#we have issue upgrading from older rpms because of this link in a folder that was a link
|
||||
#https://bugzilla.redhat.com/show_bug.cgi?id=975909
|
||||
#workaround to remove after SME11 alpha1
|
||||
rm -rf root/var/service/sqpsmtpd/config/dkim
|
||||
rm -rf root/var/service/uqpsmtpd/config/dkim
|
||||
|
||||
DAEMONS="
|
||||
qpsmtpd
|
||||
@ -965,44 +970,46 @@ sqpsmtpd
|
||||
uqpsmtpd
|
||||
"
|
||||
|
||||
for deamon in $DAEMONS
|
||||
for daemon in $DAEMONS
|
||||
do
|
||||
PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers"
|
||||
mkdir -p $PEERS_CONFIG/0
|
||||
mkdir -p $PEERS_CONFIG/local
|
||||
done
|
||||
|
||||
DISABLE_LOCAL="
|
||||
09karma
|
||||
10earlytalker
|
||||
12count_unrecognized_commands
|
||||
15helo
|
||||
16resolvable_fromhost
|
||||
19loadcheck
|
||||
20rhsbl
|
||||
22dnsbl
|
||||
221spf
|
||||
223dmarc
|
||||
23naughty
|
||||
34badrcptto_ext
|
||||
70spamassassin
|
||||
"
|
||||
|
||||
for file in $DISABLE_LOCAL
|
||||
do
|
||||
echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file
|
||||
done
|
||||
|
||||
DISABLE_EXTERNAL="
|
||||
34badrcptto
|
||||
65disclaimer
|
||||
"
|
||||
|
||||
for file in $DISABLE_EXTERNAL
|
||||
do
|
||||
echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file
|
||||
PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers"
|
||||
mkdir -p $PEERS_CONFIG/0
|
||||
mkdir -p $PEERS_CONFIG/local
|
||||
|
||||
DISABLE_LOCAL="
|
||||
09karma
|
||||
10earlytalker
|
||||
12count_unrecognized_commands
|
||||
15helo
|
||||
16resolvable_fromhost
|
||||
19loadcheck
|
||||
20rhsbl
|
||||
22dnsbl
|
||||
221spf
|
||||
223dmarc
|
||||
23naughty
|
||||
34badrcptto_ext
|
||||
70spamassassin
|
||||
"
|
||||
|
||||
for file in $DISABLE_LOCAL
|
||||
do
|
||||
echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file
|
||||
done
|
||||
|
||||
DISABLE_EXTERNAL="
|
||||
34badrcptto
|
||||
65disclaimer
|
||||
"
|
||||
|
||||
for file in $DISABLE_EXTERNAL
|
||||
do
|
||||
echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file
|
||||
done
|
||||
done
|
||||
|
||||
SQP_FOLDER=../../../sqpsmtpd/config/
|
||||
UQP_FOLDER=../../../uqpsmtpd/config/
|
||||
(
|
||||
cd root/etc/e-smith/templates/var/service/qpsmtpd/config/plugins
|
||||
for file in *
|
||||
@ -1011,6 +1018,18 @@ done
|
||||
ln -s ../../plugins/$file ../peers/0/$file
|
||||
[ -e ../peers/local/$file ] ||
|
||||
ln -s ../../plugins/$file ../peers/local/$file
|
||||
#sqpsmptd
|
||||
[ -e $SQP_FOLDER/peers/0/$file ] ||
|
||||
ln -s ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/0/$file
|
||||
[ -e $SQP_FOLDER/peers/local/$file ] ||
|
||||
ln -s ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/local/$file
|
||||
#uqpsmptd
|
||||
[ -e $UQP_FOLDER/peers/0/$file ] ||
|
||||
ln -s ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/0/$file
|
||||
[ -e $UQP_FOLDER/peers/local/$file ] ||
|
||||
ln -s ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/local/$file
|
||||
|
||||
|
||||
done
|
||||
)
|
||||
|
||||
@ -1060,11 +1079,12 @@ if [ $1 -gt 1 ] ; then
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
%pretrans
|
||||
TEMPLATES_DIR=/etc/e-smith/templates/var/service/qpsmtpd/config/peers
|
||||
|
||||
[ -L $TEMPLATES_DIR/0 ] && rm -f $TEMPLATES_DIR/0
|
||||
[ -L $TEMPLATES_DIR/local ] && rm -f $TEMPLATES_DIR/local
|
||||
[ -L /var/service/sqpsmtpd/config ] && rm -f /var/service/sqpsmtpd/config
|
||||
[ -L /var/service/uqpsmtpd/config ] && rm -f /var/service/uqpsmtpd/config
|
||||
true
|
||||
|
||||
%post
|
||||
@ -1073,6 +1093,10 @@ true
|
||||
if [[ -d /var/spool/qpsmtpd ]]; then
|
||||
chown qpsmtpd:clamscan /var/spool/qpsmtpd;
|
||||
fi
|
||||
# workaround to remove after SME11 alpha1
|
||||
[ -L /var/service/sqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/sqpsmtpd/config/dkim
|
||||
[ -L /var/service/uqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/uqpsmtpd/config/dkim
|
||||
true
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
Loading…
Reference in New Issue
Block a user