smailr 0.3.0

data/contrib/exim4.conf

@@ -0,0 +1,308 @@
+################################################################################
+# Smailr Exim Configuration
+
+
+# DATABASE QUERIES
+
+ACL_DONT_SCAN_TWIZE_SECRET = Quai2tohr7TeeGh
+
+SQLITE_DATABASE_FILE = /etc/exim4/smailr.sqlite
+
+VIRTUAL_DOMAINS_SQL  = SELECT DISTINCT fqdn FROM domains WHERE fqdn = '${quote_sqlite:$domain}'
+VIRTUAL_DOMAINS      = ${lookup sqlite{SQLITE_DATABASE_FILE VIRTUAL_DOMAINS_SQL}}
+
+R_VIRTUAL_MAILBOX_CONDITION_SQL = \
+    SELECT '/srv/mail/users/' || domains.fqdn || '/' || mailboxes.localpart \
+      FROM mailboxes, domains \
+     WHERE mailboxes.localpart = '${quote_sqlite:$local_part}' \
+       AND domains.fqdn        = '${quote_sqlite:$domain}' \
+       AND mailboxes.domain_id = domains.id
+
+R_VIRTUAL_MAILBOX_CONDITION = ${lookup sqlite{SQLITE_DATABASE_FILE R_VIRTUAL_MAILBOX_CONDITION_SQL}}
+
+domainlist local_domains = @ : VIRTUAL_DOMAINS
+
+#############################################################################
+# Main Settings
+
+smtp_banner               = $primary_hostname NO UCE/NO UBE ESMTP MTA
+
+exim_user                 = Debian-exim
+exim_group                = Debian-exim
+never_users               = root
+
+daemon_smtp_ports         = 25 : 465 : 587
+
+tls_certificate           = /etc/exim4/exim.crt
+tls_privatekey            = /etc/exim4/exim.key
+tls_advertise_hosts       = *
+
+split_spool_directory     = true
+
+smtp_return_error_details = true
+
+log_selector              = +subject \
+                            +address_rewrite \
+                            +connection_reject \
+                            +delay_delivery \
+                            +delivery_size \
+                            +dnslist_defer \
+                            +lost_incoming_connection \
+                            +queue_run \
+                            +received_recipients \
+                            +sender_on_delivery \
+                            +size_reject \
+                            +smtp_confirmation \
+                            +smtp_protocol_error \
+                            +smtp_syntax_error \
+                            +tls_cipher \
+                            +tls_peerdn
+
+# Maximum message size
+message_size_limit        = 20M
+
+# Number of unknown SMTP commands we accept before dropping the connection
+smtp_max_unknown_commands = 10
+
+bounce_return_size_limit  = 10K
+
+# These protections need to take into account MailScanners need to do
+# MIME explosion.
+check_spool_inodes         = 1000
+check_spool_space          = 100M
+
+# do a reverse DNS lookup on every connection
+host_lookup = *
+
+# No RFC 1413 (ident)-lookups
+rfc1413_hosts = !*
+
+# Make ESMTP PIPELINING available in all cases
+pipelining_advertise_hosts = *
+
+# A bit of good cop / bad cop with helo
+helo_allow_chars        = "_"
+helo_verify_hosts       = !*
+helo_try_verify_hosts   = !*
+
+# Reverse DNS information is useful
+helo_lookup_domains     = *
+
+# Send a notification about forzen messages at these intervals
+delay_warning = 1h:2h:8h:24h:48h:72h
+
+# Don't send a notification for messages with Precedence:bulk|list|junk
+delay_warning_condition = "${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}"
+
+# Accept 8-bit MIME in Helo and Body.
+accept_8bitmime
+
+# Allow to manually specify a envelope-from when submitting local mail
+local_from_check          = false
+local_sender_retain       = true
+untrusted_set_sender      = *
+
+# Clamav socket
+av_scanner = clamd:/var/run/clamav/clamd.ctl
+
+
+#############################################################################
+# ACL Configuration
+
+# We use the following ACLs:
+acl_smtp_connect  = accept
+acl_smtp_helo     = accept
+acl_smtp_starttls = accept
+acl_smtp_mail     = accept
+acl_smtp_rcpt     = acl_check_rcpt
+acl_smtp_data     = acl_check_data
+
+# We dont allow VRFY/EXPN
+acl_smtp_vrfy    = deny
+acl_smtp_expn    = deny
+
+begin acl
+
+acl_check_rcpt:
+    # TODO: Put up propper spam detection
+
+    # Accept if source is local SMTP (not over TCP). We do this by testing
+    # for an empty sending host field.
+    accept hosts          = :
+
+    # Accept everything from localhost
+    accept hosts          = 127.0.0.1/8 : ::::1
+
+    # Deny if the local part contains @ or % or / or | or !. These are rarely
+    # found in genuine local parts, but are often tried by people looking to
+    # circumvent relaying restrictions.
+    deny    local_parts   = ^.*[@%!/|] : ^\\.
+
+    # Don't scan messages with our cryptographic header.
+    # This is needed for messages, which run the ACL twize, (eg. redirects)
+    # to save processing time.
+    warn    message       = X-SA-Do-Not-Run: Yes
+            condition     = ${if eq{\
+                                ${hmac{md5}{ACL_DONT_SCAN_TWIZE_SECRET}{$body_linecount}}}\
+                                {$h_X-Scan-Signature:}\
+                                {1}{0}}
+
+    # Accept authenticated messages.
+    accept  authenticated = *
+
+    # Deny relaying on port 587 if not authenticated.
+    deny   !authenticated = *
+            condition     = ${if eq {$interface_port}{587} {yes}{no}}
+            message       = Relaying denied. Proper authentication required on port 587.
+
+    # Teergrube any borken reverse DNS entries.
+    warn    message       = X-Broken-Reverse-DNS: no host name for IP address $sender_host_address
+           !verify        = reverse_host_lookup
+            delay         = TEERGRUBE
+
+    # Accept if the address is in a local domain, but only if the recipient can
+    # be verified. Otherwise deny. The "endpass" line is the border between
+    # passing on to the next ACL statement (if tests above it fail) or denying
+    # access (if tests below it fail).
+    accept  domains       = +local_domains
+            endpass
+            verify        = recipient
+
+    # Accept if the address is in a domain for which we are relaying, but again,
+    # only if the recipient can be verified (this saves your secondary
+    # MXes from accepting mail that they then can't send to your primary
+    # MX)
+    accept  domains       = +relay_to_domains
+            endpass
+            message       = unrouteable address
+            verify        = recipient/callout=30s/callout_defer_ok
+
+    accept  hosts         = +relay_from_hosts
+
+    # Reaching the end of the ACL causes a "deny".
+    deny    message       = <$local_part@$domain>: Relaying denied. Proper authentication required.
+            delay         = TEERGRUBE
+
+
+acl_check_data:
+
+    # Accept if source is local SMTP (i.e. not over TCP/IP). We do this by
+    # testing for an empty sending host field.
+    accept  hosts         = :
+
+    # Run clamav against the message and reject if it contains malware. This
+    # acl condition will not deny if there is a problem with clamav.
+    deny    message       = This message contains malware ($malware_name)
+            malware       = */defer_ok
+
+    accept
+
+
+
+#############################################################################
+# Router Configuration
+
+begin routers
+
+    # Aliases for local mailboxes
+    virtual_alias:
+        debug_print = "R: virtual_alias for $local_part@$domain"
+        driver = redirect
+        domains = +local_domains
+        allow_fail
+        allow_defer
+        # Lookup the mailbox which we route to
+        data = ${lookup sqlite {SQLITE_DATABASE_FILE \
+                    SELECT mailboxes.localpart || '@' || domains.fqdn \
+                      FROM mailboxes, domains, aliases \
+                     WHERE aliases.address = '${quote_sqlite:$local_part}@${quote_sqlite:$domain}' \
+                       AND domains.fqdn = '${quote_sqlite:$domain}' \
+                       AND mailboxes.domain_id = domains.id \
+                       AND aliases.mailbox_id = mailboxes.id }{$value}fail}
+
+    virtual_mailbox:
+        debug_print = "R: virtual_mailbox for $local_part@$domain"
+        driver = accept
+        domains = +local_domains
+        transport = dovecot_virtual_delivery
+        condition = R_VIRTUAL_MAILBOX_CONDITION
+                    
+    # This router routes to remote hosts over SMTP using a DNS lookup with
+    # default options.
+    dnslookup:
+      debug_print = "R: dnslookup for $local_part@$domain"
+      driver = dnslookup
+      domains = ! +local_domains
+      ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
+      cannot_route_message  = Unkown user $local_part in domain $domain
+      # Optimization since the dnslookup router is independent of the local part
+      same_domain_copy_routing = yes
+      transport = remote_smtp
+      no_more
+
+
+
+#############################################################################
+# Transport Configuration
+
+begin transports
+
+    remote_smtp:
+        debug_print = "T: remote_smtp for $local_part@$domain"
+        driver      = smtp
+        hosts_nopass_tls = *
+        hosts_avoid_tls = +hosts_avoid_tls
+        hosts_try_auth = +hosts_try_auth
+        headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned:X-SA-Exim-Rcpt-From:X-SA-Exim-Rcpt-To:X-SA-Exim-Version"
+
+
+    dovecot_virtual_delivery:
+        debug_print = "T: dovecot_virtual_delivery for $local_part@$domain"
+        driver = pipe
+        command = /usr/lib/dovecot/deliver -d $local_part@$domain  -f $sender_address -a $original_local_part@$original_domain
+        message_prefix =
+        message_suffix =
+        delivery_date_add
+        envelope_to_add
+        return_path_add
+        log_output
+        user = vmail
+        temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
+        # Remove the X-SA_Exim-Rcpt-To header again, otherwise we would expose BCCs
+        headers_remove = "X-SA-Exim-Rcpt-To"
+
+
+#############################################################################
+# Rewrites/Retries/Authenticatos
+
+begin rewrite
+
+
+begin retry
+
+    # Retry..   every 10 mins for 2 hours
+    # Then..    every hour for 24 hours
+    # Finaly..  every 6 hours for 4 days
+
+    # Domain   Error     Retry..     Then..      Finaly..
+    *          *         F,2h,10m;   F,24h,1h;   F,4d,6h
+
+begin authenticators
+
+    plain:
+        driver = plaintext
+        public_name = PLAIN
+        server_set_id = $2
+        server_debug_print = yes
+        server_prompts = :
+        server_condition = \
+                    "${if and { \
+                      {!eq{$2}{}} \
+                      {!eq{$3}{}} \
+                      {crypteq{$3}{\\{sha1\\}${lookup sqlite{SQLITE_DATABASE_FILE \
+                                                SELECT mailboxes.password \
+                                                  FROM mailboxes, domains \
+                                                 WHERE mailboxes.localpart = '${quote_sqlite:${local_part:$auth2}}' \
+                                                   AND domains.fqdn = '${quote_sqlite:${domain:$auth2}}' \
+                                                   AND domains.id = mailboxes.domain_id} \
+                      {$value}fail}} }} {yes}{no}}"

data/lib/smailr/alias.rb

@@ -0,0 +1,36 @@
+module Smailr
+    module Alias
+        def self.add(source, destinations)
+            srclocalpart, srcdomain = source.split('@')
+
+            # We don't want aliases for non-local domains, since the
+            # exim router won't accept it.
+            if not Model::Domain[:fqdn => srcdomain].exists?
+                say_error "You are trying to add an alias for a non-local domain: #{source}"
+                exit 1
+            end
+
+            destinations.each do |dst|
+                dstlocalpart, dstdomain = dst.split('@')
+
+                Model::Alias.find_or_create(:domain       => Model::Domain[:fqdn => srcdomain],
+                                            :localpart    => srclocalpart,
+                                            :dstdomain    => dstdomain,
+                                            :dstlocalpart => dstlocalpart)
+            end
+        end
+
+        def self.rm(source, destinations)
+            srclocalpart, srcdomain = source.split('@')
+
+            destinations.each do |dst|
+                dstlocalpart, dstdomain = dst.split('@')
+
+                Model::Alias.filter(:domain       => Model::Domain[:fqdn => srcdomain],
+                                    :localpart    => srclocalpart,
+                                    :dstdomain    => dstdomain,
+                                    :dstlocalpart => dstlocalpart).delete
+            end
+        end
+    end
+end

data/lib/smailr/dkim.rb

@@ -0,0 +1,35 @@
+require 'date'
+require 'openssl'
+
+module Smailr
+    module Dkim
+        def self.add(fqdn, options)
+            options.testing ||= true
+
+            if not Model::Domain[:fqdn => fqdn]
+                say_error "You trying to add a DKIM key for a non existing domain: #{fqdn}"
+                exit 1
+            end
+
+            private_key, public_key = generate_rsa_key
+            dkim = Model::Dkim.for_domain!(fqdn)
+            dkim.set(:private_key => private_key,
+                     :public_key  => public_key,
+                     :testing     => options.testing)
+            dkim.save
+        end
+
+        def self.rm(fqdn, options)
+            dkim = Model::Dkim.for_domain(fqdn)
+            dkim.destroy
+        end
+
+        private
+
+            def self.generate_rsa_key(length = 1024)
+                rsa_key     = OpenSSL::PKey::RSA.new(length)
+                [ rsa_key.to_pem,
+                  rsa_key.public_key.to_pem ]
+            end
+    end
+end

data/lib/smailr/domain.rb

@@ -0,0 +1,18 @@
+module Smailr
+    module Domain
+        def self.add(fqdn)
+            puts "Adding domain: #{fqdn}"
+            Model::Domain.create(:fqdn => fqdn)
+        end
+
+        def self.rm(fqdn, force = false)
+            if force or
+                agree("Do you want to remove the domain #{fqdn} and all related items? (yes/no) ")
+
+                domain = Model::Domain[:fqdn => fqdn]
+                domain.rm_related
+                domain.destroy
+            end
+        end
+    end
+end

data/lib/smailr/mailbox.rb

@@ -0,0 +1,22 @@
+module Smailr
+    module Mailbox
+        def self.add(address, password)
+            fqdn = address.split('@')[1]
+
+            if not Model::Domain[:fqdn => fqdn]
+                say_error "Trying to add a mailbox for a non existing domain: #{fqdn}"
+                exit 1
+            end
+
+            mbox = Model::Mailbox.for_address!(address)
+            mbox.password = password
+            mbox.save
+        end
+
+        def self.rm(address, options)
+            mbox = Model::Mailbox.for_address(address)
+            mbox.rm_related
+            mbox.destroy
+        end
+    end
+end

data/lib/smailr/model.rb

@@ -0,0 +1,68 @@
+require 'digest/sha1'
+
+module Smailr
+    module Model
+        class Domain < Sequel::Model
+            one_to_many :mailboxes
+            one_to_many :aliases
+            one_to_many :dkims
+
+            def rm_related
+                self.remove_all_mailboxes
+                self.remove_all_aliases
+                self.remove_all_dkims
+            end
+        end
+
+        class Dkim < Sequel::Model
+            many_to_one :domain
+
+            def self.for_domain(fqdn)
+                self[:domain => Domain[:fqdn => fqdn]]
+            end
+
+            def self.for_domain!(fqdn)
+                find_or_create(:domain => Domain[:fqdn => fqdn])
+            end
+            one_to_many :aliases
+         end
+
+        class Mailbox < Sequel::Model
+            many_to_one :domain
+
+            def password=(clear)
+                self[:password] = Digest::SHA1.hexdigest(clear)
+            end
+
+            def rm_related
+                self.aliases.destroy
+            end
+
+            def aliases
+                Model::Alias.where(
+                    :dstlocalpart => self.localpart,
+                    :dstdomain   => self.domain.fqdn
+                )
+            end
+
+            def self.domain(fqdn)
+                Domain[:fqdn => fqdn]
+            end
+
+            def self.for_address(address)
+                localpart, fqdn = address.split('@')
+                self[:localpart => localpart, :domain => domain(fqdn)]
+            end
+
+            def self.for_address!(address)
+                localpart, fqdn = address.split('@')
+                find_or_create(:localpart => localpart, :domain => domain(fqdn))
+            end
+
+        end
+
+        class Alias < Sequel::Model
+            many_to_one :domain
+        end
+    end
+end

data/lib/smailr.rb

@@ -0,0 +1,22 @@
+require 'rubygems'
+require 'sqlite3'
+require 'sequel'
+require 'commander/import'
+
+module Smailr
+    autoload :Model,   'smailr/model'
+    autoload :Domain,  'smailr/domain'
+    autoload :Mailbox, 'smailr/mailbox'
+    autoload :Alias,   'smailr/alias'
+    autoload :Dkim,    'smailr/dkim'
+
+    class << self;
+        attr_accessor :contrib_directory
+        attr_accessor :migrations_directory
+    end
+
+    VERSION = '0.3.0'
+end
+
+Smailr.contrib_directory    ||= File.expand_path('../../contrib', __FILE__)
+Smailr.migrations_directory ||= File.expand_path('../../migrations', __FILE__)

data/migrations/001_domains.rb

@@ -0,0 +1,8 @@
+Sequel.migration do
+    change do
+        create_table :domains do
+            primary_key :id
+            String :fqdn, :unique => true
+        end
+    end
+end

data/migrations/002_mailboxes.rb

@@ -0,0 +1,12 @@
+Sequel.migration do
+    change do
+        create_table :mailboxes do
+            primary_key :id
+            foreign_key :domain_id
+            String :localpart, :required => true
+            String :password,  :required => true
+
+            index [:domain_id, :localpart], :unique => true
+        end
+    end
+end

data/migrations/003_aliases.rb

@@ -0,0 +1,12 @@
+Sequel.migration do
+    change do
+        create_table :aliases do
+            primary_key :id
+            foreign_key :domain_id
+            String :localpart
+            String :dstlocalpart
+            String :dstdomain
+            index [:domain_id, :localpart, :dstlocalpart, :dstdomain], :unique => true
+        end
+    end
+end

data/migrations/004_dkims.rb

@@ -0,0 +1,12 @@
+Sequel.migration do
+    change do
+        create_table :dkims do
+            primary_key :id
+            foreign_key :domain_id
+            String  :private_key, :required => true
+            String  :public_key,  :required => true
+            String  :mode,        :required => true
+            Boolean :testing,     :required => true
+        end
+    end
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification 
+name: smailr
+version: !ruby/object:Gem::Version 
+  hash: 19
+  prerelease: 
+  segments: 
+  - 0
+  - 3
+  - 0
+  version: 0.3.0
+platform: ruby
+authors: 
+- Stefan Schlesinger
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-04-26 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: commander
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: sqlite3
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: sequel
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id003
+description: |-
+  Smailr is a CLI tool which lets you manage your Exim/Dovecot setup
+                             from the shell. It currently uses SQLite as a backend.
+email: sts@ono.at
+executables: 
+- smailr
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- bin/smailr
+- lib/smailr/alias.rb
+- lib/smailr/dkim.rb
+- lib/smailr/domain.rb
+- lib/smailr/mailbox.rb
+- lib/smailr/model.rb
+- lib/smailr.rb
+- contrib/dovecot-sql.conf
+- contrib/dovecot.conf
+- contrib/exim4.conf
+- migrations/001_domains.rb
+- migrations/002_mailboxes.rb
+- migrations/003_aliases.rb
+- migrations/004_dkims.rb
+homepage: http://github.com/sts/smailr
+licenses: []
+
+post_install_message: |+
+  
+  
+  SMAILR /////////////////////////////////////////////////////////////////
+  
+     To finish the installation copy the example Exim and Dovecot
+     configuration files from the contrib directory and run
+     'smailr migrate' to initialize the database.
+  
+  //////////////////////////////////////////////////////////////// ///////
+  
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: 
+- Exim
+- Dovecot
+- Debian
+rubyforge_project: 
+rubygems_version: 1.8.21
+signing_key: 
+specification_version: 3
+summary: Simple MAIL manageR - Virtual mail hosting management from the CLI
+test_files: []
+