* Thu Apr 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme

- add listening deamon on submission port 587 [SME: 6510]
- move qpsmtpd daemons to full systemd supervision [SME: 12615]
- separate configuration for the 3 qpsmtpd daemons [SME: 12451]
  increase default TLS version on u/sqpsmtpd as auth is required
- increase Softlimit  to 150M [SME: 12638]
- remove old qmail templates [SME: 9492]
  template for /var/qmail/control/{badrcptto,badmailfrom,rcpthosts}
  also import template for config/badmailfrom from smeserver-wbl
TODO organize peers content for u and s qpsmtpd
TODO check if more config modules needs per service config

createlinks

@@ -1,8 +1,12 @@
 #!/usr/bin/perl -w
 
 use esmith::Build::CreateLinks qw(:all);
+my $event;
+my $service;
+my $daemon;
+my $config;
 
-foreach my $event (qw(
+foreach $event (qw(
                     email-update
                     domain-modify
                     domain-create
@@ -14,7 +18,7 @@ foreach my $event (qw(
     event_link("domains-update-dkim", $event, "30");
 }
 
-my $service = "/var/service/qpsmtpd";
+$service = "/var/service/qpsmtpd";
 templates2events("$service/ssl/cert.pem", qw(
 			bootstrap-console-save
 			console-save
@@ -35,10 +39,10 @@ templates2events($_, qw(
                         ));
 
 #### start do this for qpsmtpd /sqpsmtpd/ uqpsmtpd
-for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
+for  $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
 {
 	$service = "/var/service/$daemon";
-    my $config = "$service/config"
+        $config = "$service/config";
 
 	foreach $event (qw(
 				bootstrap-console-save
@@ -163,7 +167,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
     safe_symlink("sighup",
 	"root/etc/e-smith/events/ssl-update/services2adjust/$daemon");
 
-	for my $event (qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
+	for $event ( qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
 	{
 		templates2events("/usr/lib/systemd/system/$daemon.service.d/50koozali.conf", $event);
 	}
@@ -172,7 +176,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
 }
 #######end of per config dir
 
-for my $event ( qw(network-create network-delete) )
+for $event ( qw(network-create network-delete) )
 {
     safe_symlink("sigusr1",
 	"root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
@@ -182,10 +186,10 @@ for my $event ( qw(network-create network-delete) )
         "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
 }
 
-my $event = 'smeserver-qpsmtpd-update';
+$event = 'smeserver-qpsmtpd-update';
 safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
 safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd")
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
 templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
 event_link("systemd-reload", $event, "89");
 event_link("systemd-default", $event, "88");

root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/config/plugins

@@ -1 +1,2 @@
 OUTPUT_FILENAME="/var/service/sqpsmtpd/config/peers/0"
+TEMPLATE_PATH="/var/service/sqpsmtpd/config/peers/0"

root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/local

@@ -0,0 +1,2 @@
+PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('sqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
+TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"

root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/locals

@@ -1,2 +0,0 @@
-PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('qpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
-TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"

root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/config/plugins

@@ -1 +1,2 @@
 OUTPUT_FILENAME="/var/service/uqpsmtpd/config/peers/0"
+TEMPLATE_PATH="/var/service/uqpsmtpd/config/peers/0"

root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/local

@@ -1,2 +1,2 @@
 PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
-TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"
+TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"

root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols

@@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
 $OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled';
 $OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
 $OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
 }

root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols

@@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
 $OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
 $OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
 $OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
-$OUT .= ':!TLSv1.1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
-$OUT .= ':!TLSv1.2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1_2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
 }

root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_protocols/10protocols

@@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
 $OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
 $OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
 $OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
-$OUT .= ':!TLSv1.1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
-$OUT .= ':!TLSv1.2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1_2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
 }

smeserver-qpsmtpd.spec

@@ -958,6 +958,11 @@ TODO check if more config modules needs per service config
 
 %build
 perl createlinks
+#we have issue upgrading from older rpms because of this link in a folder that was a link
+#https://bugzilla.redhat.com/show_bug.cgi?id=975909
+#workaround to remove after SME11 alpha1
+rm  -rf root/var/service/sqpsmtpd/config/dkim
+rm  -rf root/var/service/uqpsmtpd/config/dkim
 
 DAEMONS="
 qpsmtpd
@@ -965,44 +970,46 @@ sqpsmtpd
 uqpsmtpd
 "
 
-for deamon in $DAEMONS
+for daemon in $DAEMONS
 do
-PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers"
-mkdir -p $PEERS_CONFIG/0
-mkdir -p $PEERS_CONFIG/local
-done
-
-DISABLE_LOCAL="
-09karma
-10earlytalker
-12count_unrecognized_commands
-15helo
-16resolvable_fromhost
-19loadcheck
-20rhsbl
-22dnsbl
-221spf
-223dmarc
-23naughty
-34badrcptto_ext
-70spamassassin
-"
-
-for file in $DISABLE_LOCAL
-do
-    echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file
-done
-
-DISABLE_EXTERNAL="
-34badrcptto
-65disclaimer
-"
-
-for file in $DISABLE_EXTERNAL
-do
-    echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file
+    PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers"
+    mkdir -p $PEERS_CONFIG/0
+    mkdir -p $PEERS_CONFIG/local
+
+    DISABLE_LOCAL="
+    09karma
+    10earlytalker
+    12count_unrecognized_commands
+    15helo
+    16resolvable_fromhost
+    19loadcheck
+    20rhsbl
+    22dnsbl
+    221spf
+    223dmarc
+    23naughty
+    34badrcptto_ext
+    70spamassassin
+    "
+
+    for file in $DISABLE_LOCAL
+    do
+	echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file
+    done
+
+    DISABLE_EXTERNAL="
+    34badrcptto
+    65disclaimer
+    "
+
+    for file in $DISABLE_EXTERNAL
+    do
+	echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file
+    done
 done
 
+SQP_FOLDER=../../../sqpsmtpd/config/
+UQP_FOLDER=../../../uqpsmtpd/config/
 (
     cd root/etc/e-smith/templates/var/service/qpsmtpd/config/plugins
     for file in *
@@ -1011,6 +1018,18 @@ done
             ln -s ../../plugins/$file ../peers/0/$file
         [ -e ../peers/local/$file ] || 
             ln -s ../../plugins/$file ../peers/local/$file
+	#sqpsmptd
+        [ -e $SQP_FOLDER/peers/0/$file ] ||
+            ln -s  ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/0/$file
+        [ -e $SQP_FOLDER/peers/local/$file ] ||
+            ln -s ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/local/$file
+        #uqpsmptd
+        [ -e $UQP_FOLDER/peers/0/$file ] ||
+            ln -s  ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/0/$file
+        [ -e $UQP_FOLDER/peers/local/$file ] ||
+            ln -s ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/local/$file
+
+
     done
 )
 
@@ -1060,11 +1079,12 @@ if [ $1 -gt 1 ] ; then
   fi
 fi
 
-
+%pretrans
 TEMPLATES_DIR=/etc/e-smith/templates/var/service/qpsmtpd/config/peers
-
 [ -L $TEMPLATES_DIR/0 ]     && rm -f $TEMPLATES_DIR/0
 [ -L $TEMPLATES_DIR/local ] && rm -f $TEMPLATES_DIR/local
+[ -L /var/service/sqpsmtpd/config ] && rm -f /var/service/sqpsmtpd/config
+[ -L /var/service/uqpsmtpd/config ] && rm -f /var/service/uqpsmtpd/config
 true
 
 %post
@@ -1073,6 +1093,10 @@ true
 if [[ -d /var/spool/qpsmtpd ]]; then
   chown qpsmtpd:clamscan /var/spool/qpsmtpd;
 fi
+# workaround to remove after SME11 alpha1
+[ -L /var/service/sqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/sqpsmtpd/config/dkim
+[ -L /var/service/uqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/uqpsmtpd/config/dkim
+true
 
 %clean
 rm -rf $RPM_BUILD_ROOT