* Thu Apr 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme

- add listening deamon on submission port 587 [SME: 6510] - move qpsmtpd daemons to full systemd supervision [SME: 12615] - separate configuration for the 3 qpsmtpd daemons [SME: 12451] increase default TLS version on u/sqpsmtpd as auth is required - increase Softlimit to 150M [SME: 12638] - remove old qmail templates [SME: 9492] template for /var/qmail/control/{badrcptto,badmailfrom,rcpthosts} also import template for config/badmailfrom from smeserver-wbl TODO organize peers content for u and s qpsmtpd TODO check if more config modules needs per service config
2024-04-26 01:59:05 -04:00 · 2024-04-26 01:59:05 -04:00 · c0392201a0
commit c0392201a0
parent 5b40bfd4f1
18 changed files with 87 additions and 57 deletions
--- a/20
+++ b/20
@ -1,8 +1,12 @@
 #!/usr/bin/perl -w
 use esmith::Build::CreateLinks qw(:all);
 my $event;
 my $service;
 my $daemon;
 my $config;
-foreach my $event (qw(
+foreach $event (qw(
                    email-update
                    domain-modify
                    domain-create
@ -14,7 +18,7 @@ foreach my $event (qw(
    event_link("domains-update-dkim", $event, "30");
 }
-my $service = "/var/service/qpsmtpd";
+$service = "/var/service/qpsmtpd";
 templates2events("$service/ssl/cert.pem", qw(
 			bootstrap-console-save
 			console-save
@ -35,10 +39,10 @@ templates2events($_, qw(
                        ));
 #### start do this for qpsmtpd /sqpsmtpd/ uqpsmtpd
-for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
+for  $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
 {
 	$service = "/var/service/$daemon";
-    my $config = "$service/config"
+        $config = "$service/config";
 	foreach $event (qw(
 				bootstrap-console-save
@ -163,7 +167,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
    safe_symlink("sighup",
 	"root/etc/e-smith/events/ssl-update/services2adjust/$daemon");
-	for my $event (qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
+	for $event ( qw(smeserver-qpsmtpd-update email-update console-save bootstrap-console-save post-install post-upgrade) )
 	{
 		templates2events("/usr/lib/systemd/system/$daemon.service.d/50koozali.conf", $event);
 	}
@ -172,7 +176,7 @@ for my $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
 }
 #######end of per config dir
-for my $event ( qw(network-create network-delete) )
+for $event ( qw(network-create network-delete) )
 {
    safe_symlink("sigusr1",
 	"root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
@ -182,10 +186,10 @@ for my $event ( qw(network-create network-delete) )
        "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
 }
-my $event = 'smeserver-qpsmtpd-update';
+$event = 'smeserver-qpsmtpd-update';
 safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
 safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd")
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
 templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
 event_link("systemd-reload", $event, "89");
 event_link("systemd-default", $event, "88");
--- a/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/Authentication
+++ b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/Authentication
--- a/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/Instances
+++ b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/Instances
--- a/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/TCPPort
+++ b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/TCPPort
--- a/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/access
+++ b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/access
--- a/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/status
+++ b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/status
--- a/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/type
+++ b/root/etc/e-smith/db/configuration/defaults/uqpsmtpd/type
--- a/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/config/plugins
+++ b/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/config/plugins
@ -1 +1,2 @@
 OUTPUT_FILENAME="/var/service/sqpsmtpd/config/peers/0"
 TEMPLATE_PATH="/var/service/sqpsmtpd/config/peers/0"
--- a/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/local
+++ b/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/local
@ -0,0 +1,2 @@
 PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('sqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
 TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"
--- a/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/locals
+++ b/root/etc/e-smith/templates.metadata/var/service/sqpsmtpd/peers/locals
@ -1,2 +0,0 @@
 PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('qpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
 TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"
--- a/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/config/plugins
+++ b/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/config/plugins
@ -1 +1,2 @@
 OUTPUT_FILENAME="/var/service/uqpsmtpd/config/peers/0"
 TEMPLATE_PATH="/var/service/uqpsmtpd/config/peers/0"
--- a/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/locals
+++ b/root/etc/e-smith/templates.metadata/var/service/uqpsmtpd/peers/locals
@ -1,2 +1,2 @@
 PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"
-TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"
+TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"
--- a/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols
+++ b/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols
@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
 $OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled';
 $OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
 $OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
 }
--- a/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols
+++ b/root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols
@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
 $OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
 $OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
 $OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
-$OUT .= ':!TLSv1.1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1_1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
-$OUT .= ':!TLSv1.2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
 }
--- a/root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_protocols/10protocols
+++ b/root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_protocols/10protocols
@ -3,7 +3,7 @@ $OUT .= 'SSLv23';
 $OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
 $OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
 $OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
-$OUT .= ':!TLSv1.1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
+$OUT .= ':!TLSv1_1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
-$OUT .= ':!TLSv1.2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
-$OUT .= ':!TLSv1.3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
+$OUT .= ':!TLSv1_3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
 }
--- a/root/var/service/sqpsmtpd/peers/.gitignore
+++ b/root/var/service/sqpsmtpd/peers/.gitignore
--- a/root/var/service/uqpsmtpd/peers/.gitignore
+++ b/root/var/service/uqpsmtpd/peers/.gitignore
--- a/smeserver-qpsmtpd.spec
+++ b/smeserver-qpsmtpd.spec
@ -958,6 +958,11 @@ TODO check if more config modules needs per service config
 %build
 perl createlinks
 #we have issue upgrading from older rpms because of this link in a folder that was a link
 #https://bugzilla.redhat.com/show_bug.cgi?id=975909
 #workaround to remove after SME11 alpha1
 rm  -rf root/var/service/sqpsmtpd/config/dkim
 rm  -rf root/var/service/uqpsmtpd/config/dkim
 DAEMONS="
 qpsmtpd
@ -965,44 +970,46 @@ sqpsmtpd
 uqpsmtpd
 "
-for deamon in $DAEMONS
+for daemon in $DAEMONS
 do
-PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers"
+    PEERS_CONFIG="root/etc/e-smith/templates/var/service/$daemon/config/peers"
-mkdir -p $PEERS_CONFIG/0
+    mkdir -p $PEERS_CONFIG/0
-mkdir -p $PEERS_CONFIG/local
+    mkdir -p $PEERS_CONFIG/local
 done
-DISABLE_LOCAL="
+    DISABLE_LOCAL="
-09karma
+    09karma
-10earlytalker
+    10earlytalker
-12count_unrecognized_commands
+    12count_unrecognized_commands
-15helo
+    15helo
-16resolvable_fromhost
+    16resolvable_fromhost
-19loadcheck
+    19loadcheck
-20rhsbl
+    20rhsbl
-22dnsbl
+    22dnsbl
-221spf
+    221spf
-223dmarc
+    223dmarc
-23naughty
+    23naughty
-34badrcptto_ext
+    34badrcptto_ext
-70spamassassin
+    70spamassassin
-"
+    "
-for file in $DISABLE_LOCAL
+    for file in $DISABLE_LOCAL
-do
+    do
 	echo "# $file disabled for local connections" > $PEERS_CONFIG/local/$file
-done
+    done
-DISABLE_EXTERNAL="
+    DISABLE_EXTERNAL="
-34badrcptto
+    34badrcptto
-65disclaimer
+    65disclaimer
-"
+    "
-for file in $DISABLE_EXTERNAL
+    for file in $DISABLE_EXTERNAL
-do
+    do
 	echo "# $file disabled for external connections" > $PEERS_CONFIG/0/$file
    done
 done
 SQP_FOLDER=../../../sqpsmtpd/config/
 UQP_FOLDER=../../../uqpsmtpd/config/
 (
    cd root/etc/e-smith/templates/var/service/qpsmtpd/config/plugins
    for file in *
@ -1011,6 +1018,18 @@ done
            ln -s ../../plugins/$file ../peers/0/$file
        [ -e ../peers/local/$file ] || 
            ln -s ../../plugins/$file ../peers/local/$file
 	#sqpsmptd
        [ -e $SQP_FOLDER/peers/0/$file ] ||
            ln -s  ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/0/$file
        [ -e $SQP_FOLDER/peers/local/$file ] ||
            ln -s ../../../../qpsmtpd/config/plugins/$file $SQP_FOLDER/peers/local/$file
        #uqpsmptd
        [ -e $UQP_FOLDER/peers/0/$file ] ||
            ln -s  ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/0/$file
        [ -e $UQP_FOLDER/peers/local/$file ] ||
            ln -s ../../../../qpsmtpd/config/plugins/$file $UQP_FOLDER/peers/local/$file
    done
 )
@ -1060,11 +1079,12 @@ if [ $1 -gt 1 ] ; then
  fi
 fi
-
+%pretrans
 TEMPLATES_DIR=/etc/e-smith/templates/var/service/qpsmtpd/config/peers
 [ -L $TEMPLATES_DIR/0 ]     && rm -f $TEMPLATES_DIR/0
 [ -L $TEMPLATES_DIR/local ] && rm -f $TEMPLATES_DIR/local
 [ -L /var/service/sqpsmtpd/config ] && rm -f /var/service/sqpsmtpd/config
 [ -L /var/service/uqpsmtpd/config ] && rm -f /var/service/uqpsmtpd/config
 true
 %post
@ -1073,6 +1093,10 @@ true
 if [[ -d /var/spool/qpsmtpd ]]; then
  chown qpsmtpd:clamscan /var/spool/qpsmtpd;
 fi
 # workaround to remove after SME11 alpha1
 [ -L /var/service/sqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/sqpsmtpd/config/dkim
 [ -L /var/service/uqpsmtpd/config/dkim ] || ln -s ../../qpsmtpd/config/dkim /var/service/uqpsmtpd/config/dkim
 true
 %clean
 rm -rf $RPM_BUILD_ROOT
`@ -1 +1,2 @@`
	`OUTPUT_FILENAME="/var/service/sqpsmtpd/config/peers/0"`	`OUTPUT_FILENAME="/var/service/sqpsmtpd/config/peers/0"`
		`TEMPLATE_PATH="/var/service/sqpsmtpd/config/peers/0"`
		`@ -0,0 +1,2 @@`
							`PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('sqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"`
							`TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"`
		`@ -1,2 +0,0 @@`
			`PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('qpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"`
			`TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"`
`@ -1 +1,2 @@`
	`OUTPUT_FILENAME="/var/service/uqpsmtpd/config/peers/0"`	`OUTPUT_FILENAME="/var/service/uqpsmtpd/config/peers/0"`
		`TEMPLATE_PATH="/var/service/uqpsmtpd/config/peers/0"`
`@ -1,2 +1,2 @@`
	`PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"`	`PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('uqpsmtpd')->prop('status') eq "enabled") ? "0644" : "0000"`
	`TEMPLATE_PATH="/var/service/qpsmtpd/peers/locals"`	`TEMPLATE_PATH="/var/service/qpsmtpd/peers/local"`