12 Commits

Author SHA1 Message Date
1c968bd743 * Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme
- change dhparam generation [SME: 12814]
2025-03-18 00:57:21 -04:00
b492b495bd * Thu Mar 06 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
- cleanup of qpsmptd spool [SME: 11671]
2025-03-06 17:23:36 -05:00
877a1070f0 * Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme
- use esmith::ssl to set ciphers and protocol [SME: 12822]
  improve cipher order to get strongers first
2025-01-18 16:14:46 -05:00
4ba4af692a * Tue Jan 14 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
- fix /bin/sh is needed because of pretrans scriptlet [SME: 12871]
2025-01-14 21:49:49 -05:00
1b6e9088fd * Mon Nov 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
- make compatible for postfix [SME: 1279]
  use postfix queue, qmail queue removed
  copy templates of rcpthosts to (us)qpsmtpd for rcpt_ok
  copy templates of smtproutes to (us)qpsmtpd for check_smtp_forward
2024-12-17 07:14:18 -05:00
2b17a8653d * Mon Nov 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
- make compatible for postfix [SME: 1279]
  use postfix queue, qmail queue removed
  copy templates of rcpthosts to (us)qpsmtpd for rcpt_ok
  copy templates of smtproutes to (us)qpsmtpd for check_smtp_forward
2024-12-16 23:25:44 -05:00
302f649f00 * Mon Nov 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
- make compatible for postfix [SME: 1279]
  use postfix queue, qmail queue removed
  copy templates of rcpthosts to (us)qpsmtpd for rcpt_ok
  copy templates of smtproutes to (us)qpsmtpd for check_smtp_forward
2024-12-16 23:21:59 -05:00
ec4d24ba46 Add *.bak to .gitignore 2024-11-12 19:21:34 +00:00
136ed02b53 Deleting spurious *.spec.bak files 2024-11-12 19:21:32 +00:00
185a02376e Update README with specific Bugzilla links with status options 2024-10-27 14:29:28 +00:00
33e2000fc6 Update readme bugzilla link to show all outstanding bugs 2024-10-27 12:06:08 +00:00
c299cf93c5 * Mon Oct 21 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
- fix configuration for auth per deamon [SME: 12451]
- remove deamontools requirement [SME: 12615]
2024-10-21 23:40:51 -04:00
32 changed files with 213 additions and 55 deletions

1
.gitignore vendored
View File

@@ -2,3 +2,4 @@
*.log
*spec-20*
*.tar.xz
*.bak

View File

@@ -15,7 +15,14 @@ SMEServer Koozali developed git repo for smeserver-qpsmtpd smeserver
<br />https://wiki.koozali.org/Qpsmtpd:helo
## Bugzilla
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-qpsmtpd&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
Show list of outstanding bugs:
[All](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&bug_status=VERIFIED&cf_package=smeserver-qpsmtpd&classification=SME+Server&list_id=105756&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
[Confirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=CONFIRMED&cf_package=smeserver-qpsmtpd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
[Unconfirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&cf_package=smeserver-qpsmtpd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
[Need info](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=NEEDINFO&cf_package=smeserver-qpsmtpd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
[In progress](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=IN_PROGRESS&cf_package=smeserver-qpsmtpd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
[Resolved](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=RESOLVED&cf_package=smeserver-qpsmtpd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
[Verified](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=VERIFIED&cf_package=smeserver-qpsmtpd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
## Description

View File

@@ -86,6 +86,7 @@ for $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
spool_dir
subject_prefix
invalid_resolvable_fromhost
smtproutes
timeout
timeoutsmtpd
tls_before_auth
@@ -93,6 +94,24 @@ for $daemon ( qw(qpsmtpd sqpsmtpd uqpsmtpd) )
tls_protocols
));
templates2events("$config/$_", qw(
console-save
bootstrap-console-save
domain-create
domain-delete
ip-change
email-update
host-create
host-delete
host-modify
post-upgrade
smeserver-qpsmtpd-update
))
for (qw(
rcpthosts
smtproutes
));
templates2events("$config/badrcptto_ext", qw(
domain-create
domain-delete
@@ -193,3 +212,19 @@ safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
event_link("systemd-reload", $event, "89");
event_link("systemd-default", $event, "88");
$event = "dhparam-update";
templates2events("/var/service/qpsmtpd/ssl/dhparam.pem", $event);
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
$event = "smeserver-base-update";
templates2events("/var/service/qpsmtpd/ssl/dhparam.pem", $event);
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");

View File

@@ -0,0 +1 @@
[ -d /var/spool/qpsmtpd ] && /usr/sbin/tmpwatch -f 8 /var/spool/qpsmtpd

View File

@@ -1 +1 @@
enabled
disabled

View File

@@ -0,0 +1,5 @@
TEMPLATE_PATH="/home/e-smith/dh.pem"
OUTPUT_FILENAME="/var/service/qpsmtpd/ssl/dhparam.pem"
UID="root"
GID="root"
PERMS=0644

View File

@@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/rcpthosts"
UID="root"
GID="root"
PERMS=0644

View File

@@ -0,0 +1,5 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/smtproutes"
UID="root"
GID="root"
PERMS=0644

View File

@@ -0,0 +1,4 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/rcpthosts"
UID="root"
GID="root"
PERMS=0644

View File

@@ -0,0 +1,5 @@
TEMPLATE_PATH="/var/service/qpsmtpd/config/smtproutes"
UID="root"
GID="root"
PERMS=0644

View File

@@ -0,0 +1,5 @@
{
my $auth_smtp = ($qpsmtpd{Authentication} eq 'enabled') ? 'yes' : 'no';
return "# auth/auth_imap disabled " if $auth_smtp eq "no";
$OUT = "auth/auth_imap 127.0.0.1 143";
}

View File

@@ -0,0 +1,5 @@
{
my $auth_smtp = ($qpsmtpd{Authentication} eq 'enabled') ? 'yes' : 'no';
return "# auth/auth_imap disabled " if $auth_smtp eq "no";
$OUT = "auth/auth_imap 127.0.0.1 143";
}

View File

@@ -0,0 +1 @@
queue/postfix-queue FLAG_MASK_EXTERNAL

View File

@@ -1,5 +0,0 @@
{
#return "# DelegateMailServer set" if $DelegateMailServer;
return "queue/qmail-queue";
}

View File

@@ -0,0 +1,14 @@
{
use esmith::DomainsDB;
my $ddb = esmith::DomainsDB->open_ro or die "Couldn't open DomainsDB\n";
my @rcpt_hosts = ( "$SystemName.$DomainName" );
foreach my $domain ( $ddb->get_all_by_prop( type => "domain" ) )
{
push @rcpt_hosts, $domain->key;
}
$OUT = join "\n", @rcpt_hosts;
}

View File

@@ -0,0 +1,5 @@
{
return "" unless (defined $ExternalIP);
return "[$ExternalIP]";
}

View File

@@ -0,0 +1,25 @@
{
#
# qmail's smtproutes mechanism works such that the LAST BEST match
# found in /var/qmail/control/smtproutes will be used in preference
# to any other entry.
#
# Consider the following /var/qmail/control/smtproutes example:
#
# :smarthost.somewhere
# domain.place:some.host
# domain.place:other.host
# :some.other.smarthost.elsewhere
#
# Mail for user@domain.place will ALWAYS be delivered to
# other.host. The entry for some.host will NEVER be used.
#
# Mail for any other domain will ALWAYS be delivered to
# some.other.smarthost.elsewhere. The entry for smarthost.somewhere
# will NEVER be used.
#
# Therefore, if you wish to make any customisations to the
# /var/qmail/control/smtproutes templates, you must ensure that they
# appear AFTER the standard e-smith template entries.
#
}

View File

@@ -0,0 +1,17 @@
{
$OUT = "";
use esmith::DomainsDB;
my $ddb = esmith::DomainsDB->open_ro();
for my $domain ( $ddb->domains )
{
my $mail_server = $domain->prop('MailServer')
|| $DelegateMailServer
|| 'localhost';
next if ( $mail_server eq 'localhost' );
$OUT .= $domain->key . ":$mail_server\n";
}
}

View File

@@ -0,0 +1,28 @@
{
$OUT = "";
#--------------------------------------------------
# Now check for SMTP smart host
#--------------------------------------------------
if (
$SMTPSmartHost
&&
($SMTPSmartHost ne 'off')
&&
($SMTPSmartHost !~ /^\s*$/)
)
{
# Is the smtp-auth-proxy enabled?
if (${'smtp-auth-proxy'}{'status'} eq 'enabled')
{
$OUT .= ":localhost:26";
}
else
{
$OUT .= ":$SMTPSmartHost";
}
}
chomp ($OUT);
}

View File

@@ -1,5 +1,5 @@
{
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
use esmith::ssl;
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
}

View File

@@ -1,9 +1,4 @@
{
$OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($qpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
use esmith::ssl;
return SSLprotoQpsmtpd("qpsmtpd");
}

View File

@@ -1,5 +1,5 @@
{
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
return $sqpsmtpd{tlsCipher} || $uqpsmtpd{tlsCipher} ||$modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
use esmith::ssl;
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
}

View File

@@ -1,9 +1,4 @@
{
$OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($sqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($sqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($sqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($sqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($sqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($sqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
use esmith::ssl;
return SSLprotoQpsmtpd("sqpsmtpd");
}

View File

@@ -1,5 +1,5 @@
{
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
return $uqpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
use esmith::ssl;
return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || $smeCiphers;
}

View File

@@ -1,9 +1,4 @@
{
$OUT .= 'SSLv23';
$OUT .= ':!SSLv2' unless ($uqpsmtpd{SSLv2} || 'disabled') eq 'enabled';
$OUT .= ':!SSLv3' unless ($uqpsmtpd{SSLv3} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1' unless ($uqpsmtpd{TLSv1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_1' unless ($uqpsmtpd{TLSv1.1} || 'disabled') eq 'enabled';
$OUT .= ':!TLSv1_2' unless ($uqpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
$OUT .= ':!TLSv1_3' unless ($uqpsmtpd{TLSv1.3} || 'enabled') eq 'enabled';
use esmith::ssl;
return SSLprotoQpsmtpd("uqpsmtpd");
}

View File

@@ -30,12 +30,8 @@ export QPSMTPD_CONFIG=/var/service/$ServiceName/config
[ -e /var/service/qpsmtpd/config/badrcptto_patterns ] && \
rm -f /var/service/qpsmtpd/config/badrcptto_patterns
# Create dhparam
[ -e /var/service/qpsmtpd/ssl/dhparam.pem ] || \
RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
# Create a default dkim key pair
[ -e /home/e-smith/dkim_keys/default/private ] || (\
[ -s /home/e-smith/dkim_keys/default/private ] || (\
RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
/usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
-out /home/e-smith/dkim_keys/default/public -pubout

View File

@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/qpsmtpd/
ExecStartPre=/sbin/e-smith/service-status qpsmtpd
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
ExecStart=/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \

View File

@@ -8,10 +8,11 @@ LimitDATA=150000000
LimitSTACK=150000000
LimitMEMLOCK=150000000
Environment=PORT=465 INSTANCES=40 INSTANCES_PER_IP=5 QPSMTPD_CONFIG=/var/service/sqpsmtpd/config PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin TCPLOCALHOST=me
WorkingDirectory=/var/service/qpsmtpd/
WorkingDirectory=/var/service/sqpsmtpd/
ExecStartPre=/sbin/e-smith/service-status qpsmtpd
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
ExecStart=/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \

View File

@@ -8,10 +8,11 @@ LimitDATA=150000000
LimitSTACK=150000000
LimitMEMLOCK=150000000
Environment=PORT=587 INSTANCES=40 INSTANCES_PER_IP=5 QPSMTPD_CONFIG=/var/service/uqpsmtpd/config PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin TCPLOCALHOST=me
WorkingDirectory=/var/service/qpsmtpd/
WorkingDirectory=/var/service/uqpsmtpd/
ExecStartPre=/sbin/e-smith/service-status uqpsmtpd
ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
ExecStart=/usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \

View File

@@ -4,7 +4,7 @@ Summary: SME Server qpsmtpd module
%define name smeserver-qpsmtpd
Name: %{name}
%define version 11.0.0
%define release 8
%define release 15
Version: %{version}
Release: %{release}%{?dist}
License: GPL
@@ -18,11 +18,10 @@ Requires: perl(Mail::DKIM::DkSignature)
Requires: perl(ClamAV::Client)
Requires: perl(Mail::DMARC)
Requires: perl(Net::IMAP::Simple) >= 1.2212
Requires: daemontools
Requires: qpsmtpd-plugins >= 0.0.1-sme04
Requires: ipsvd
Requires: tmpwatch
Requires: smeserver-lib >= 1.16.0-08
#Requires: smeserver-cvm-unix-local
Requires: smeserver-clamav >= 2.7.0
Obsoletes: e-smith-obtuse-smtpd
Obsoletes: e-smith-qmail-smtpd
@@ -34,7 +33,7 @@ Obsoletes: e-smith-qpsmtpd < %{version}
Provides: e-smith-qpsmtpd
Obsoletes: smeserver-qpsmtpd-tnef2mime < %{version}
Provides: smeserver-qpsmtpd-tnef2mime
Requires: smeserver-base >= 4.15.2
Requires: smeserver-base >= 11.0.0-23
Requires: perl-Convert-TNEF
Requires: perl-IO-stringy
Requires: perl-File-MMagic
@@ -47,6 +46,29 @@ AutoReqProv: no
SME Server qpsmtpd smtpd module
%changelog
* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme
- change dhparam generation [SME: 12814]
* Thu Mar 06 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
- cleanup of qpsmptd spool [SME: 11671]
* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme
- use esmith::ssl to set ciphers and protocol [SME: 12822]
improve cipher order to get strongers first
* Tue Jan 14 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
- fix /bin/sh is needed because of pretrans scriptlet [SME: 12871]
* Mon Nov 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
- make compatible for postfix [SME: 1279]
use postfix queue, qmail queue removed
copy templates of rcpthosts to (us)qpsmtpd for rcpt_ok
copy templates of smtproutes to (us)qpsmtpd for check_smtp_forward
* Mon Oct 21 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
- fix configuration for auth per deamon [SME: 12451]
- remove deamontools requirement [SME: 12615]
* Thu Apr 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
- add listening deamon on submission port 587 [SME: 6510]
- move qpsmtpd daemons to full systemd supervision [SME: 12615]
@@ -1077,14 +1099,6 @@ if [ $1 -gt 1 ] ; then
fi
fi
%pretrans
TEMPLATES_DIR=/etc/e-smith/templates/var/service/qpsmtpd/config/peers
[ -L $TEMPLATES_DIR/0 ] && rm -f $TEMPLATES_DIR/0
[ -L $TEMPLATES_DIR/local ] && rm -f $TEMPLATES_DIR/local
[ -L /var/service/sqpsmtpd/config ] && rm -f /var/service/sqpsmtpd/config
[ -L /var/service/uqpsmtpd/config ] && rm -f /var/service/uqpsmtpd/config
true
%post
#Fix spool perms on clam upgrade