* Thu Apr 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme

- add listening deamon on submission port 587 [SME: 6510]
- move qpsmtpd daemons to full systemd supervision [SME: 12615]
- separate configuration for the 3 qpsmtpd daemons [SME: 12451]
  increase default TLS version on u/sqpsmtpd as auth is required
- increase Softlimit  to 150M [SME: 12638]
- remove old qmail templates [SME: 9492]
  template for /var/qmail/control/{badrcptto,badmailfrom,rcpthosts}
  also import template for config/badmailfrom from smeserver-wbl
TODO organize peers content for u and s qpsmtpd
TODO check if more config modules needs per service config
This commit is contained in:
Jean-Philippe Pialasse 2024-04-26 01:59:05 -04:00
parent 5b40bfd4f1
commit c0392201a0
18 changed files with 87 additions and 57 deletions

View File

@ -1,8 +1,12 @@
#!/usr/bin/perl -w
use esmith::Build::CreateLinks qw(:all);
my $event;
my $service;
my $daemon;
my $config;
foreach my $event (qw(
foreach $event (qw(
email-update
domain-modify
domain-create
@ -14,7 +18,7 @@ foreach my $event (qw(
event_link("domains-update-dkim", $event, "30");
}
my $service = "/var/service/qpsmtpd";
$service = "/var/service/qpsmtpd";
templates2events("$service/ssl/cert.pem", qw(
bootstrap-console-save
console-save
@ -35,10 +39,10 @@ templates2events($_, qw(
));
#### start do this for qpsmtpd /sqpsmtpd/ uqpsmtpd
for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
for $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
{
$service = "/var/service/$daemon";
my $config = "$service/config"
$config = "$service/config";
foreach $event (qw(
bootstrap-console-save
@ -163,7 +167,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
safe_symlink("sighup",
"root/etc/e-smith/events/ssl-update/services2adjust/$daemon");
for my $event (qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
for $event ( qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
{
templates2events("/usr/lib/systemd/system/$daemon.service.d/50koozali.conf", $event);
}
@ -172,7 +176,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
}
#######end of per config dir
for my $event ( qw(network-create network-delete) )
for $event ( qw(network-create network-delete) )
{
safe_symlink("sigusr1",
"root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
@ -182,10 +186,10 @@ for my $event ( qw(network-create network-delete) )
"root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
}
my $event = 'smeserver-qpsmtpd-update';
$event = 'smeserver-qpsmtpd-update';
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd")
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
event_link("systemd-reload", $event, "89");
event_link("systemd-default", $event, "88");

View File

@ -1 +1,2 @@
OUTPUT_FILENAME="/var/service/sqpsmtpd/config/peers/0"
TEMPLATE_PATH="/var/service/sqpsmtpd/config/peers/0"

View File

@ -0,0 +1,2 @@
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('sqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"

View File

@ -1,2 +0,0 @@
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('qpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"

View File

@ -1 +1,2 @@
OUTPUT_FILENAME="/var/service/uqpsmtpd/config/peers/0"
TEMPLATE_PATH="/var/service/uqpsmtpd/config/peers/0"

View File

@ -1,2 +1,2 @@
PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"
TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"

View File

@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
}

View File

@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1.1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1.2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
}

View File

@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1.1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1.2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1.3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
}

View File

View File

View File

@ -958,6 +958,11 @@ TODO check if more config modules needs per service config
%build
perl createlinks
#we have issue upgrading from older rpms because of this link in a folder that was a link
#https://bugzilla.redhat.com/show_bug.cgi?id=975909
#workaround to remove after SME11 alpha1
rm -rf root/var/service/sqpsmtpd/config/dkim
rm -rf root/var/service/uqpsmtpd/config/dkim
DAEMONS="
qpsmtpd
@ -965,44 +970,46 @@ sqpsmtpd
uqpsmtpd
"
for deamon in $DAEMONS
for daemon in $DAEMONS
do
PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers"
mkdir -p $PEERS_CONFIG/0
mkdir -p $PEERS_CONFIG/local
done
DISABLE_LOCAL="
09karma
10earlytalker
12count_unrecognized_commands
15helo
16resolvable_fromhost
19loadcheck
20rhsbl
22dnsbl
221spf
223dmarc
23naughty
34badrcptto_ext
70spamassassin
"
for file in $DISABLE_LOCAL
do
echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file
done
DISABLE_EXTERNAL="
34badrcptto
65disclaimer
"
for file in $DISABLE_EXTERNAL
do
echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file
PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers"
mkdir -p $PEERS_CONFIG/0
mkdir -p $PEERS_CONFIG/local
DISABLE_LOCAL="
09karma
10earlytalker
12count_unrecognized_commands
15helo
16resolvable_fromhost
19loadcheck
20rhsbl
22dnsbl
221spf
223dmarc
23naughty
34badrcptto_ext
70spamassassin
"
for file in $DISABLE_LOCAL
do
echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file
done
DISABLE_EXTERNAL="
34badrcptto
65disclaimer
"
for file in $DISABLE_EXTERNAL
do
echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file
done
done
SQP_FOLDER=../../../sqpsmtpd/config/
UQP_FOLDER=../../../uqpsmtpd/config/
(
cd root/etc/e-smith/templates/var/service/qpsmtpd/config/plugins
for file in *
@ -1011,6 +1018,18 @@ done
ln -s ../../plugins/$file ../peers/0/$file
[ -e ../peers/local/$file ] ||
ln -s ../../plugins/$file ../peers/local/$file
#sqpsmptd
[ -e $SQP_FOLDER/peers/0/$file ] ||
ln -s ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/0/$file
[ -e $SQP_FOLDER/peers/local/$file ] ||
ln -s ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/local/$file
#uqpsmptd
[ -e $UQP_FOLDER/peers/0/$file ] ||
ln -s ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/0/$file
[ -e $UQP_FOLDER/peers/local/$file ] ||
ln -s ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/local/$file
done
)
@ -1060,11 +1079,12 @@ if [ $1 -gt 1 ] ; then
fi
fi
%pretrans
TEMPLATES_DIR=/etc/e-smith/templates/var/service/qpsmtpd/config/peers
[ -L $TEMPLATES_DIR/0 ] && rm -f $TEMPLATES_DIR/0
[ -L $TEMPLATES_DIR/local ] && rm -f $TEMPLATES_DIR/local
[ -L /var/service/sqpsmtpd/config ] && rm -f /var/service/sqpsmtpd/config
[ -L /var/service/uqpsmtpd/config ] && rm -f /var/service/uqpsmtpd/config
true
%post
@ -1073,6 +1093,10 @@ true
if [[ -d /var/spool/qpsmtpd ]]; then
chown qpsmtpd:clamscan /var/spool/qpsmtpd;
fi
# workaround to remove after SME11 alpha1
[ -L /var/service/sqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/sqpsmtpd/config/dkim
[ -L /var/service/uqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/uqpsmtpd/config/dkim
true
%clean
rm -rf $RPM_BUILD_ROOT