smeserver/smeserver-qpsmtpd
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: smeserver:11_0_0-12_el8_sme
Branches Tags
smeserver:master
smeserver:11_0_0-15_el8_sme smeserver:11_0_0-14_el8_sme smeserver:11_0_0-13_el8_sme smeserver:11_0_0-12_el8_sme smeserver:11_0_0-11_el8_sme smeserver:11_0_0-10_el8_sme smeserver:11_0_0-9_el8_sme smeserver:11_0_0-8_el8_sme smeserver:11_0_0-7_el8_sme smeserver:11_0_0-6_el8_sme smeserver:11_0_0-4 smeserver:11_0_0-3_el8_sme smeserver:11_0_0-2_el8_sme smeserver:11_0_0-1_el8_sme smeserver:2.7.0
...
compare: smeserver:11_0_0-15_el8_sme
Branches Tags
smeserver:master
smeserver:11_0_0-15_el8_sme smeserver:11_0_0-14_el8_sme smeserver:11_0_0-13_el8_sme smeserver:11_0_0-12_el8_sme smeserver:11_0_0-11_el8_sme smeserver:11_0_0-10_el8_sme smeserver:11_0_0-9_el8_sme smeserver:11_0_0-8_el8_sme smeserver:11_0_0-7_el8_sme smeserver:11_0_0-6_el8_sme smeserver:11_0_0-4 smeserver:11_0_0-3_el8_sme smeserver:11_0_0-2_el8_sme smeserver:11_0_0-1_el8_sme smeserver:2.7.0

3 Commits
11_0_0-12_ ... 11_0_0-15_

Author SHA1 Message Date
Jean-Philippe Pialasse
1c968bd743 * Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme 
- change dhparam generation [SME: 12814]
 2025-03-18 00:57:21 -04:00
Jean-Philippe Pialasse
b492b495bd * Thu Mar 06 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme 
- cleanup of qpsmptd spool [SME: 11671]
 2025-03-06 17:23:36 -05:00
Jean-Philippe Pialasse
877a1070f0 * Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme 
- use esmith::ssl to set ciphers and protocol [SME: 12822]
  improve cipher order to get strongers first
 2025-01-18 16:14:46 -05:00
14 changed files with 51 additions and 34 deletions
Expand all files Collapse all files

16
createlinks
View File

@@ -212,3 +212,19 @@ safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
event_link("systemd-reload", $event, "89");
event_link("systemd-default", $event, "88");
$event = "dhparam-update";
templates2events("/var/service/qpsmtpd/ssl/dhparam.pem", $event);
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
$event = "smeserver-base-update";
templates2events("/var/service/qpsmtpd/ssl/dhparam.pem", $event);
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");

1
root/etc/cron.daily/tmpwatch-qpsmtpd Normal file
View File

@@ -0,0 +1 @@
[ -d /var/spool/qpsmtpd ] && /usr/sbin/tmpwatch -f 8 /var/spool/qpsmtpd

5
root/etc/e-smith/templates.metadata/var/service/qpsmtpd/ssl/dhparam.pem Normal file
View File

@@ -0,0 +1,5 @@
TEMPLATE_PATH="/home/e-smith/dh.pem"
OUTPUT_FILENAME="/var/service/qpsmtpd/ssl/dhparam.pem"
UID="root"
GID="root"
PERMS=0644

4
root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_ciphers/10ciphers
View File

@@ -1,5 +1,5 @@
{
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
use esmith::ssl;
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
}

9
root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols
View File

@@ -1,9 +1,4 @@
{
$OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
use esmith::ssl;
return SSLprotoQpsmtpd("qpsmtpd");
}

4
root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_ciphers/10ciphers
View File

@@ -1,5 +1,5 @@
{
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
return $sqpsmtpd{tlsCipher} || $uqpsmtpd{tlsCipher} ||$modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
use esmith::ssl;
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
}

9
root/etc/e-smith/templates/var/service/sqpsmtpd/config/tls_protocols/10protocols
View File

@@ -1,9 +1,4 @@
{
$OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
use esmith::ssl;
return SSLprotoQpsmtpd("sqpsmtpd");
}

4
root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_ciphers/10ciphers
View File

@@ -1,5 +1,5 @@
{
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
return $uqpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
use esmith::ssl;
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
}

9
root/etc/e-smith/templates/var/service/uqpsmtpd/config/tls_protocols/10protocols
View File

@@ -1,9 +1,4 @@
{
$OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
use esmith::ssl;
return SSLprotoQpsmtpd("uqpsmtpd");
}

6
root/sbin/e-smith/systemd/qpsmtpd-init
View File

@@ -30,12 +30,8 @@ export QPSMTPD_CONFIG=/var/service/$ServiceName/config
[ -e /var/service/qpsmtpd/config/badrcptto_patterns ] && \
rm -f /var/service/qpsmtpd/config/badrcptto_patterns
# Create dhparam
[ -e /var/service/qpsmtpd/ssl/dhparam.pem ] || \
RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
# Create a default dkim key pair
[ -e /home/e-smith/dkim_keys/default/private ] || (\
[ -s /home/e-smith/dkim_keys/default/private ] || (\
RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
/usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
-out /home/e-smith/dkim_keys/default/public -pubout

1
root/usr/lib/systemd/system/qpsmtpd.service
View File

@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/qpsmtpd/
ExecStartPre=/sbin/e-smith/service-status qpsmtpd
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
ExecStart=/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \

1
root/usr/lib/systemd/system/sqpsmtpd.service
View File

@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/sqpsmtpd/
ExecStartPre=/sbin/e-smith/service-status qpsmtpd
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
ExecStart=/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \

1
root/usr/lib/systemd/system/uqpsmtpd.service
View File

@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/uqpsmtpd/
ExecStartPre=/sbin/e-smith/service-status uqpsmtpd
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
ExecStart=/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \

15
smeserver-qpsmtpd.spec
View File

@@ -4,7 +4,7 @@ Summary: SME Server qpsmtpd module
%define name smeserver-qpsmtpd
Name: %{name}
%define version 11.0.0
%define release 12
%define release 15
Version: %{version}
Release: %{release}%{?dist}
License: GPL
@@ -20,6 +20,7 @@ Requires: perl(Mail::DMARC)
Requires: perl(Net::IMAP::Simple) >= 1.2212
Requires: qpsmtpd-plugins >= 0.0.1-sme04
Requires: ipsvd
Requires: tmpwatch
Requires: smeserver-lib >= 1.16.0-08
Requires: smeserver-clamav >= 2.7.0
Obsoletes: e-smith-obtuse-smtpd
@@ -32,7 +33,7 @@ Obsoletes: e-smith-qpsmtpd < %{version}
Provides: e-smith-qpsmtpd
Obsoletes: smeserver-qpsmtpd-tnef2mime < %{version}
Provides: smeserver-qpsmtpd-tnef2mime
Requires: smeserver-base >= 4.15.2
Requires: smeserver-base >= 11.0.0-23
Requires: perl-Convert-TNEF
Requires: perl-IO-stringy
Requires: perl-File-MMagic
@@ -45,6 +46,16 @@ AutoReqProv: no
SME Server qpsmtpd smtpd module
%changelog
* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme
- change dhparam generation [SME: 12814]
* Thu Mar 06 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
- cleanup of qpsmptd spool [SME: 11671]
* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme
- use esmith::ssl to set ciphers and protocol [SME: 12822]
improve cipher order to get strongers first
* Tue Jan 14 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
- fix /bin/sh is needed because of pretrans scriptlet [SME: 12871]