Compare commits
4 Commits
11_0_0-11_
...
11_0_0-15_
Author | SHA1 | Date | |
---|---|---|---|
1c968bd743 | |||
b492b495bd | |||
877a1070f0 | |||
4ba4af692a |
16
createlinks
16
createlinks
@@ -212,3 +212,19 @@ safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd
|
||||
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
|
||||
event_link("systemd-reload", $event, "89");
|
||||
event_link("systemd-default", $event, "88");
|
||||
|
||||
$event = "dhparam-update";
|
||||
templates2events("/var/service/qpsmtpd/ssl/dhparam.pem", $event);
|
||||
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
|
||||
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
|
||||
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
|
||||
|
||||
|
||||
$event = "smeserver-base-update";
|
||||
templates2events("/var/service/qpsmtpd/ssl/dhparam.pem", $event);
|
||||
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
|
||||
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
|
||||
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
|
||||
|
||||
|
||||
|
||||
|
1
root/etc/cron.daily/tmpwatch-qpsmtpd
Normal file
1
root/etc/cron.daily/tmpwatch-qpsmtpd
Normal file
@@ -0,0 +1 @@
|
||||
[ -d /var/spool/qpsmtpd ] && /usr/sbin/tmpwatch -f 8 /var/spool/qpsmtpd
|
@@ -0,0 +1,5 @@
|
||||
TEMPLATE_PATH="/home/e-smith/dh.pem"
|
||||
OUTPUT_FILENAME="/var/service/qpsmtpd/ssl/dhparam.pem"
|
||||
UID="root"
|
||||
GID="root"
|
||||
PERMS=0644
|
@@ -1,5 +1,5 @@
|
||||
{
|
||||
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
|
||||
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
|
||||
use esmith::ssl;
|
||||
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
|
||||
}
|
||||
|
||||
|
@@ -1,9 +1,4 @@
|
||||
{
|
||||
$OUT .= 'SSLv23';
|
||||
$OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
use esmith::ssl;
|
||||
return SSLprotoQpsmtpd("qpsmtpd");
|
||||
}
|
||||
|
@@ -1,5 +1,5 @@
|
||||
{
|
||||
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
|
||||
return $sqpsmtpd{tlsCipher} || $uqpsmtpd{tlsCipher} ||$modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
|
||||
use esmith::ssl;
|
||||
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
|
||||
}
|
||||
|
||||
|
@@ -1,9 +1,4 @@
|
||||
{
|
||||
$OUT .= 'SSLv23';
|
||||
$OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
use esmith::ssl;
|
||||
return SSLprotoQpsmtpd("sqpsmtpd");
|
||||
}
|
||||
|
@@ -1,5 +1,5 @@
|
||||
{
|
||||
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
|
||||
return $uqpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
|
||||
use esmith::ssl;
|
||||
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
|
||||
}
|
||||
|
||||
|
@@ -1,9 +1,4 @@
|
||||
{
|
||||
$OUT .= 'SSLv23';
|
||||
$OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
|
||||
$OUT .= ':!TLSv1_3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
|
||||
use esmith::ssl;
|
||||
return SSLprotoQpsmtpd("uqpsmtpd");
|
||||
}
|
||||
|
@@ -30,12 +30,8 @@ export QPSMTPD_CONFIG=/var/service/$ServiceName/config
|
||||
[ -e /var/service/qpsmtpd/config/badrcptto_patterns ] && \
|
||||
rm -f /var/service/qpsmtpd/config/badrcptto_patterns
|
||||
|
||||
# Create dhparam
|
||||
[ -e /var/service/qpsmtpd/ssl/dhparam.pem ] || \
|
||||
RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
|
||||
|
||||
# Create a default dkim key pair
|
||||
[ -e /home/e-smith/dkim_keys/default/private ] || (\
|
||||
[ -s /home/e-smith/dkim_keys/default/private ] || (\
|
||||
RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
|
||||
/usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
|
||||
-out /home/e-smith/dkim_keys/default/public -pubout
|
||||
|
@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/qpsmtpd/
|
||||
|
||||
ExecStartPre=/sbin/e-smith/service-status qpsmtpd
|
||||
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
|
||||
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
|
||||
ExecStart=/usr/bin/qpsmtpd-forkserver \
|
||||
-u qpsmtpd \
|
||||
-l 0.0.0.0 \
|
||||
|
@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/sqpsmtpd/
|
||||
|
||||
ExecStartPre=/sbin/e-smith/service-status qpsmtpd
|
||||
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
|
||||
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
|
||||
ExecStart=/usr/bin/qpsmtpd-forkserver \
|
||||
-u qpsmtpd \
|
||||
-l 0.0.0.0 \
|
||||
|
@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/uqpsmtpd/
|
||||
|
||||
ExecStartPre=/sbin/e-smith/service-status uqpsmtpd
|
||||
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
|
||||
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
|
||||
ExecStart=/usr/bin/qpsmtpd-forkserver \
|
||||
-u qpsmtpd \
|
||||
-l 0.0.0.0 \
|
||||
|
@@ -4,7 +4,7 @@ Summary: SME Server qpsmtpd module
|
||||
%define name smeserver-qpsmtpd
|
||||
Name: %{name}
|
||||
%define version 11.0.0
|
||||
%define release 11
|
||||
%define release 15
|
||||
Version: %{version}
|
||||
Release: %{release}%{?dist}
|
||||
License: GPL
|
||||
@@ -20,6 +20,7 @@ Requires: perl(Mail::DMARC)
|
||||
Requires: perl(Net::IMAP::Simple) >= 1.2212
|
||||
Requires: qpsmtpd-plugins >= 0.0.1-sme04
|
||||
Requires: ipsvd
|
||||
Requires: tmpwatch
|
||||
Requires: smeserver-lib >= 1.16.0-08
|
||||
Requires: smeserver-clamav >= 2.7.0
|
||||
Obsoletes: e-smith-obtuse-smtpd
|
||||
@@ -32,7 +33,7 @@ Obsoletes: e-smith-qpsmtpd < %{version}
|
||||
Provides: e-smith-qpsmtpd
|
||||
Obsoletes: smeserver-qpsmtpd-tnef2mime < %{version}
|
||||
Provides: smeserver-qpsmtpd-tnef2mime
|
||||
Requires: smeserver-base >= 4.15.2
|
||||
Requires: smeserver-base >= 11.0.0-23
|
||||
Requires: perl-Convert-TNEF
|
||||
Requires: perl-IO-stringy
|
||||
Requires: perl-File-MMagic
|
||||
@@ -45,6 +46,19 @@ AutoReqProv: no
|
||||
SME Server qpsmtpd smtpd module
|
||||
|
||||
%changelog
|
||||
* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme
|
||||
- change dhparam generation [SME: 12814]
|
||||
|
||||
* Thu Mar 06 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
|
||||
- cleanup of qpsmptd spool [SME: 11671]
|
||||
|
||||
* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme
|
||||
- use esmith::ssl to set ciphers and protocol [SME: 12822]
|
||||
improve cipher order to get strongers first
|
||||
|
||||
* Tue Jan 14 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
|
||||
- fix /bin/sh is needed because of pretrans scriptlet [SME: 12871]
|
||||
|
||||
* Mon Nov 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
|
||||
- make compatible for postfix [SME: 1279]
|
||||
use postfix queue, qmail queue removed
|
||||
@@ -1085,16 +1099,6 @@ if [ $1 -gt 1 ] ; then
|
||||
fi
|
||||
fi
|
||||
|
||||
%pretrans
|
||||
TEMPLATES_DIR=/etc/e-smith/templates/var/service/qpsmtpd/config/peers
|
||||
[ -L $TEMPLATES_DIR/0 ] && rm -f $TEMPLATES_DIR/0
|
||||
[ -L $TEMPLATES_DIR/local ] && rm -f $TEMPLATES_DIR/local
|
||||
[ -L /var/service/sqpsmtpd/config ] && rm -f /var/service/sqpsmtpd/config
|
||||
[ -L /var/service/uqpsmtpd/config ] && rm -f /var/service/uqpsmtpd/config
|
||||
[ -L /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/06auth_imap ] && rm -f /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/06auth_imap
|
||||
[ -L /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/06auth_imap ] && rm -f /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/06auth_imap
|
||||
true
|
||||
|
||||
%post
|
||||
|
||||
#Fix spool perms on clam upgrade
|
||||
|
Reference in New Issue
Block a user