From c0392201a0b2e239ae90d07d869f90dddee334f9 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Pialasse Date: Fri, 26 Apr 2024 01:59:05 -0400 Subject: [PATCH] * Thu Apr 25 2024 Jean-Philippe Pialasse 11.0.0-8.sme - add listening deamon on submission port 587 [SME: 6510] - move qpsmtpd daemons to full systemd supervision [SME: 12615] - separate configuration for the 3 qpsmtpd daemons [SME: 12451] increase default TLS version on u/sqpsmtpd as auth is required - increase Softlimit to 150M [SME: 12638] - remove old qmail templates [SME: 9492] template for /var/qmail/control/{badrcptto,badmailfrom,rcpthosts} also import template for config/badmailfrom from smeserver-wbl TODO organize peers content for u and s qpsmtpd TODO check if more config modules needs per service config --- createlinks | 20 ++-- .../{upqsmtpd => uqpsmtpd}/Authentication | 0 .../defaults/{upqsmtpd => uqpsmtpd}/Instances | 0 .../defaults/{upqsmtpd => uqpsmtpd}/TCPPort | 0 .../defaults/{upqsmtpd => uqpsmtpd}/access | 0 .../defaults/{upqsmtpd => uqpsmtpd}/status | 0 .../defaults/{upqsmtpd => uqpsmtpd}/type | 0 .../var/service/sqpsmtpd/config/plugins | 1 + .../var/service/sqpsmtpd/peers/local | 2 + .../var/service/sqpsmtpd/peers/locals | 2 - .../var/service/uqpsmtpd/config/plugins | 1 + .../service/uqpsmtpd/peers/{locals => local} | 2 +- .../qpsmtpd/config/tls_protocols/10protocols | 6 +- .../sqpsmtpd/config/tls_protocols/10protocols | 6 +- .../uqpsmtpd/config/tls_protocols/10protocols | 6 +- root/var/service/sqpsmtpd/peers/.gitignore | 0 root/var/service/uqpsmtpd/peers/.gitignore | 0 smeserver-qpsmtpd.spec | 98 ++++++++++++------- 18 files changed, 87 insertions(+), 57 deletions(-) rename root/etc/e-smith/db/configuration/defaults/{upqsmtpd => uqpsmtpd}/Authentication (100%) rename root/etc/e-smith/db/configuration/defaults/{upqsmtpd => uqpsmtpd}/Instances (100%) rename root/etc/e-smith/db/configuration/defaults/{upqsmtpd => uqpsmtpd}/TCPPort (100%) rename root/etc/e-smith/db/configuration/defaults/{upqsmtpd => uqpsmtpd}/access (100%) rename root/etc/e-smith/db/configuration/defaults/{upqsmtpd => uqpsmtpd}/status (100%) rename root/etc/e-smith/db/configuration/defaults/{upqsmtpd => uqpsmtpd}/type (100%) create mode 100644 root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/local delete mode 100644 root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/locals rename root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/{locals => local} (71%) create mode 100644 root/var/service/sqpsmtpd/peers/.gitignore create mode 100644 root/var/service/uqpsmtpd/peers/.gitignore diff --git a/createlinks b/createlinks index f2c6624..1f054cd 100644 --- a/createlinks +++ b/createlinks @@ -1,8 +1,12 @@ #!/usr/bin/perl -w use esmith::Build::CreateLinks qw(:all); +my $event; +my $service; +my $daemon; +my $config; -foreach my $event (qw( +foreach $event (qw( email-update domain-modify domain-create @@ -14,7 +18,7 @@ foreach my $event (qw( event_link("domains-update-dkim", $event, "30"); } -my $service = "/var/service/qpsmtpd"; +$service = "/var/service/qpsmtpd"; templates2events("$service/ssl/cert.pem", qw( bootstrap-console-save console-save @@ -35,10 +39,10 @@ templates2events($_, qw( )); #### start do this for qpsmtpd /sqpsmtpd/ uqpsmtpd -for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) ) +for $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) ) { $service = "/var/service/$daemon"; - my $config = "$service/config" + $config = "$service/config"; foreach $event (qw( bootstrap-console-save @@ -163,7 +167,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) ) safe_symlink("sighup", "root/etc/e-smith/events/ssl-update/services2adjust/$daemon"); - for my $event (qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) ) + for $event ( qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) ) { templates2events("/usr/lib/systemd/system/$daemon.service.d/50koozali.conf", $event); } @@ -172,7 +176,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) ) } #######end of per config dir -for my $event ( qw(network-create network-delete) ) +for $event ( qw(network-create network-delete) ) { safe_symlink("sigusr1", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd"); @@ -182,10 +186,10 @@ for my $event ( qw(network-create network-delete) ) "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd"); } -my $event = 'smeserver-qpsmtpd-update'; +$event = 'smeserver-qpsmtpd-update'; safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd"); safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd"); -safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd") +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd"); templates2events("/etc/systemd/system-preset/49-koozali.preset", $event); event_link("systemd-reload", $event, "89"); event_link("systemd-default", $event, "88"); diff --git a/root/etc/e-smith/db/configuration/defaults/upqsmtpd/Authentication b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/Authentication similarity index 100% rename from root/etc/e-smith/db/configuration/defaults/upqsmtpd/Authentication rename to root/etc/e-smith/db/configuration/defaults/uqpsmtpd/Authentication diff --git a/root/etc/e-smith/db/configuration/defaults/upqsmtpd/Instances b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/Instances similarity index 100% rename from root/etc/e-smith/db/configuration/defaults/upqsmtpd/Instances rename to root/etc/e-smith/db/configuration/defaults/uqpsmtpd/Instances diff --git a/root/etc/e-smith/db/configuration/defaults/upqsmtpd/TCPPort b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/TCPPort similarity index 100% rename from root/etc/e-smith/db/configuration/defaults/upqsmtpd/TCPPort rename to root/etc/e-smith/db/configuration/defaults/uqpsmtpd/TCPPort diff --git a/root/etc/e-smith/db/configuration/defaults/upqsmtpd/access b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/access similarity index 100% rename from root/etc/e-smith/db/configuration/defaults/upqsmtpd/access rename to root/etc/e-smith/db/configuration/defaults/uqpsmtpd/access diff --git a/root/etc/e-smith/db/configuration/defaults/upqsmtpd/status b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/status similarity index 100% rename from root/etc/e-smith/db/configuration/defaults/upqsmtpd/status rename to root/etc/e-smith/db/configuration/defaults/uqpsmtpd/status diff --git a/root/etc/e-smith/db/configuration/defaults/upqsmtpd/type b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/type similarity index 100% rename from root/etc/e-smith/db/configuration/defaults/upqsmtpd/type rename to root/etc/e-smith/db/configuration/defaults/uqpsmtpd/type diff --git a/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/config/plugins b/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/config/plugins index efca5be..24474b5 100644 --- a/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/config/plugins +++ b/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/config/plugins @@ -1 +1,2 @@ OUTPUT_FILENAME="/var/service/sqpsmtpd/config/peers/0" +TEMPLATE_PATH="/var/service/sqpsmtpd/config/peers/0" diff --git a/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/local b/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/local new file mode 100644 index 0000000..1bb13d9 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/local @@ -0,0 +1,2 @@ +PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('sqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000" +TEMPLATE_PATH="/var/service/qpsmtpd/peers/local" diff --git a/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/locals b/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/locals deleted file mode 100644 index 6c67ec8..0000000 --- a/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/locals +++ /dev/null @@ -1,2 +0,0 @@ -PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('qpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000" -TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals" \ No newline at end of file diff --git a/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/config/plugins b/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/config/plugins index 46cffe1..269bec2 100644 --- a/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/config/plugins +++ b/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/config/plugins @@ -1 +1,2 @@ OUTPUT_FILENAME="/var/service/uqpsmtpd/config/peers/0" +TEMPLATE_PATH="/var/service/uqpsmtpd/config/peers/0" diff --git a/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/locals b/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/local similarity index 71% rename from root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/locals rename to root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/local index 96d893b..f24e739 100644 --- a/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/locals +++ b/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/local @@ -1,2 +1,2 @@ PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000" -TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals" \ No newline at end of file +TEMPLATE_PATH="/var/service/qpsmtpd/peers/local" diff --git a/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols b/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols index 37f611c..2c1452f 100644 --- a/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols +++ b/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols @@ -3,7 +3,7 @@ $OUT .= 'SSLv23'; $OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled'; $OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled'; $OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled'; -$OUT .= ':!TLSv1.1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled'; -$OUT .= ':!TLSv1.2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled'; -$OUT .= ':!TLSv1.3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled'; +$OUT .= ':!TLSv1_1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled'; +$OUT .= ':!TLSv1_2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled'; +$OUT .= ':!TLSv1_3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled'; } diff --git a/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols b/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols index df3ff2b..e780d74 100644 --- a/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols +++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols @@ -3,7 +3,7 @@ $OUT .= 'SSLv23'; $OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled'; $OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled'; $OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled'; -$OUT .= ':!TLSv1.1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled'; -$OUT .= ':!TLSv1.2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled'; -$OUT .= ':!TLSv1.3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled'; +$OUT .= ':!TLSv1_1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled'; +$OUT .= ':!TLSv1_2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled'; +$OUT .= ':!TLSv1_3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled'; } diff --git a/root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_protocols/10protocols b/root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_protocols/10protocols index 110f5c0..389d79c 100644 --- a/root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_protocols/10protocols +++ b/root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_protocols/10protocols @@ -3,7 +3,7 @@ $OUT .= 'SSLv23'; $OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled'; $OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled'; $OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled'; -$OUT .= ':!TLSv1.1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled'; -$OUT .= ':!TLSv1.2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled'; -$OUT .= ':!TLSv1.3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled'; +$OUT .= ':!TLSv1_1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled'; +$OUT .= ':!TLSv1_2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled'; +$OUT .= ':!TLSv1_3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled'; } diff --git a/root/var/service/sqpsmtpd/peers/.gitignore b/root/var/service/sqpsmtpd/peers/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/service/uqpsmtpd/peers/.gitignore b/root/var/service/uqpsmtpd/peers/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/smeserver-qpsmtpd.spec b/smeserver-qpsmtpd.spec index 4c58e13..174307c 100644 --- a/smeserver-qpsmtpd.spec +++ b/smeserver-qpsmtpd.spec @@ -958,6 +958,11 @@ TODO check if more config modules needs per service config %build perl createlinks +#we have issue upgrading from older rpms because of this link in a folder that was a link +#https://bugzilla.redhat.com/show_bug.cgi?id=975909 +#workaround to remove after SME11 alpha1 +rm -rf root/var/service/sqpsmtpd/config/dkim +rm -rf root/var/service/uqpsmtpd/config/dkim DAEMONS=" qpsmtpd @@ -965,44 +970,46 @@ sqpsmtpd uqpsmtpd " -for deamon in $DAEMONS +for daemon in $DAEMONS do -PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers" -mkdir -p $PEERS_CONFIG/0 -mkdir -p $PEERS_CONFIG/local -done - -DISABLE_LOCAL=" -09karma -10earlytalker -12count_unrecognized_commands -15helo -16resolvable_fromhost -19loadcheck -20rhsbl -22dnsbl -221spf -223dmarc -23naughty -34badrcptto_ext -70spamassassin -" - -for file in $DISABLE_LOCAL -do - echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file -done - -DISABLE_EXTERNAL=" -34badrcptto -65disclaimer -" - -for file in $DISABLE_EXTERNAL -do - echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file + PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers" + mkdir -p $PEERS_CONFIG/0 + mkdir -p $PEERS_CONFIG/local + + DISABLE_LOCAL=" + 09karma + 10earlytalker + 12count_unrecognized_commands + 15helo + 16resolvable_fromhost + 19loadcheck + 20rhsbl + 22dnsbl + 221spf + 223dmarc + 23naughty + 34badrcptto_ext + 70spamassassin + " + + for file in $DISABLE_LOCAL + do + echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file + done + + DISABLE_EXTERNAL=" + 34badrcptto + 65disclaimer + " + + for file in $DISABLE_EXTERNAL + do + echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file + done done +SQP_FOLDER=../../../sqpsmtpd/config/ +UQP_FOLDER=../../../uqpsmtpd/config/ ( cd root/etc/e-smith/templates/var/service/qpsmtpd/config/plugins for file in * @@ -1011,6 +1018,18 @@ done ln -s ../../plugins/$file ../peers/0/$file [ -e ../peers/local/$file ] || ln -s ../../plugins/$file ../peers/local/$file + #sqpsmptd + [ -e $SQP_FOLDER/peers/0/$file ] || + ln -s ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/0/$file + [ -e $SQP_FOLDER/peers/local/$file ] || + ln -s ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/local/$file + #uqpsmptd + [ -e $UQP_FOLDER/peers/0/$file ] || + ln -s ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/0/$file + [ -e $UQP_FOLDER/peers/local/$file ] || + ln -s ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/local/$file + + done ) @@ -1060,11 +1079,12 @@ if [ $1 -gt 1 ] ; then fi fi - +%pretrans TEMPLATES_DIR=/etc/e-smith/templates/var/service/qpsmtpd/config/peers - [ -L $TEMPLATES_DIR/0 ] && rm -f $TEMPLATES_DIR/0 [ -L $TEMPLATES_DIR/local ] && rm -f $TEMPLATES_DIR/local +[ -L /var/service/sqpsmtpd/config ] && rm -f /var/service/sqpsmtpd/config +[ -L /var/service/uqpsmtpd/config ] && rm -f /var/service/uqpsmtpd/config true %post @@ -1073,6 +1093,10 @@ true if [[ -d /var/spool/qpsmtpd ]]; then chown qpsmtpd:clamscan /var/spool/qpsmtpd; fi +# workaround to remove after SME11 alpha1 +[ -L /var/service/sqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/sqpsmtpd/config/dkim +[ -L /var/service/uqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/uqpsmtpd/config/dkim +true %clean rm -rf $RPM_BUILD_ROOT