RubyGems - smailr - Versions diffs - 0.5.3 → 0.5.4 - Mend

smailr 0.5.3 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data/contrib/dovecot-sql.conf CHANGED Viewed

@@ -126,7 +126,7 @@ default_pass_scheme = MD5
 # string. For example:
 password_query = \
-  SELECT mailboxes.password AS password, \
+  SELECT '{SHA}' || mailboxes.password AS password, \
          mailboxes.localpart AS username, \
          domains.fqdn AS domain \
     FROM mailboxes, domains \

data/contrib/dovecot.conf CHANGED Viewed

@@ -22,7 +22,7 @@
 # Protocols we want to be serving: imap imaps pop3 pop3s managesieve
 # If you only want to use dovecot-auth, you can set this to "none".
 #protocols = imap imaps
-protocols = imap imaps
+protocols = imap imaps pop3 pop3s
 # A space separated list of IP or host addresses where to listen in for
 # connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6
@@ -376,7 +376,7 @@ mail_debug = no
 # Show more verbose process titles (in ps). Currently shows user name and
 # IP address. Useful for seeing who are actually using the IMAP processes
 # (eg. shared mailboxes or if same uid is used for multiple accounts).
-#verbose_proctitle = no
+verbose_proctitle = yes
 # Valid UID range for users, defaults to 500 and above. This is mostly
 # to make sure that users can't log in as daemons or other system users.

data/contrib/exim4.conf CHANGED Viewed

@@ -5,9 +5,11 @@ EXIM_CONF            = /etc/exim4
 SQLITE_DATABASE_FILE = EXIM_CONF/smailr.sqlite
+DKIM_SELECTOR        = mx
 DKIM_DOMAIN          = ${lc:${domain:$h_from:}}
-DKIM_SELECTOR        = mx
+TEERGRUBE            = 25s
 #############################################################################
 # Database Queries
@@ -93,12 +95,15 @@ message_size_limit        = 20M
 # Number of unknown SMTP commands we accept before dropping the connection
 smtp_max_unknown_commands = 10
+# Drop the sender if they start spewing commands before getting the 220 response
+smtp_enforce_sync         = true
 bounce_return_size_limit  = 10K
 # These protections need to take into account MailScanners need to do
 # MIME explosion.
-check_spool_inodes         = 1000
-check_spool_space          = 100M
+check_spool_inodes        = 1000
+check_spool_space         = 100M
 # do a reverse DNS lookup on every connection
 host_lookup = *
@@ -139,7 +144,7 @@ av_scanner = clamd:/var/run/clamav/clamd.ctl
 # ACL Configuration
 # We use the following ACLs:
-acl_smtp_connect  = accept
+acl_smtp_connect  = acl_check_conn
 acl_smtp_helo     = accept
 acl_smtp_starttls = accept
 acl_smtp_mail     = accept
@@ -152,13 +157,18 @@ acl_smtp_expn    = deny
 begin acl
-acl_check_rcpt:
-    # Accept if source is local SMTP (not over TCP). We do this by testing
-    # for an empty sending host field.
-    accept hosts          = :
+acl_check_conn:
+    # Accept everything from localhost and trustworthy hosts
+    accept hosts = : 127.0.0.1/8 : ::::1 : +relay_from_hosts
+    # Play a bit of good/bad cop with senders, by delaying the initial 220
+    # while enforcing SMTP protocol synchronization on both sides.
+    accept delay = ${randint:5}s
+acl_check_rcpt:
     # Accept everything from localhost
-    accept hosts          = 127.0.0.1/8 : ::::1
+    accept hosts          = : 127.0.0.1/8 : ::::1
     # Deny if the local part contains @ or % or / or | or !. These are rarely
     # found in genuine local parts, but are often tried by people looking to
@@ -178,6 +188,14 @@ acl_check_rcpt:
            !verify        = reverse_host_lookup
             delay         = TEERGRUBE
+    # Check ip against RBLs
+    deny    message       = REJECTED - ${sender_host_address} is blacklisted at $dnslist_domain ($dnslist_value); ${dnslist_text}
+           !dnslists      = hostkarma.junkemailfilter.com=127.0.0.1,127.0.0.3
+            dnslists      = zen.spamhaus.org/<;$sender_host_address;$sender_address_domain :\
+                            hostkarma.junkemailfilter.com=127.0.0.2 :\
+                            nomail.rhsbl.sorbs.net/$sender_address_domain
+            delay         = TEERGRUBE
     # Accept if the address is in a local domain, but only if the recipient can
     # be verified. Otherwise deny. The "endpass" line is the border between
     # passing on to the next ACL statement (if tests above it fail) or denying
@@ -222,6 +240,12 @@ acl_check_data:
 begin routers
+    system_aliases:
+      debug_print = "R: system_aliases for $local_part@$domain"
+      driver = redirect
+      domains = $primary_hostname
+      data = ${lookup{$local_part}lsearch{/etc/aliases}}
     # Aliases for local mailboxes
     virtual_alias:
         debug_print = "R: virtual_alias for $local_part@$domain"

data/lib/smailr/setup.rb CHANGED Viewed

@@ -1,12 +1,30 @@
 module Smailr
     module Setup
         def self.run
+            if Process.euid != 0
+                say "ERROR: YOU ARE NOT RUNNING THIS SCRIPT WITH ROOT PRIVILEGES, EXITING."
+                exit
+            end
             # This is still hardcoded, required too much brainfuck to deal
             # with mulitple possible configuration files locations ATM.
             if File.exists?("/etc/smailr.yml")
+                say "SYSTEM UPGRADE"
                 say "---------------------------------------------------------------------------"
-                say "Detected an existing smailr configuration on your system in /etc/smailr.yml"
-                if agree "Do you want to load the defaults from there, install a new one, or abort?"
+                say "You appear to already have a copy of smailr installed. Are you sure you want"
+                say "proceed with the setup routine?"
+                say ""
+                say "This script is going to replace exim and dovecot configuration files"
+                say "from /etc ; Backups of the existing config files will be created!"
+                say ""
+                say "FILES TO BE WRITTEN:"
+                say ""
+                say " - %s" % File.expand_path("exim4.conf", Smailr.config["exim_path"])
+                say " - %s" % File.expand_path("dovecot.conf", Smailr.config["dovecot_path"])
+                say " - %s" % File.expand_path("dovecot-sql.conf", Smailr.config["dovecot_path"])
+                say ""
+                if agree "Continue? [yes/no]"
                     defaults_file = "/etc/smailr.yml"
                 else
                     exit
@@ -89,7 +107,10 @@ module Smailr
         end
         def self.setup_mail_spool
-            exec "useradd -r -d #{Smailr.config["mail_spool_path"]} vmail"
+            unless Etc.getpwnam("vmail")
+                exec "useradd -r -d #{Smailr.config["mail_spool_path"]} vmail"
+            end
             FileUtils.mkdir_p "#{Smailr.config["mail_spool_path"]}/users"
             FileUtils.chown "vmail", "vmail", Smailr.config["mail_spool_path"]
         end

data/lib/smailr.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require 'commander/import'
 require 'fileutils'
 module Smailr
-    VERSION = '0.5.3'
+    VERSION = '0.5.4'
     autoload :Model,   'smailr/model'
     autoload :Domain,  'smailr/domain'

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: smailr
 version: !ruby/object:Gem::Version
-  hash: 13
+  hash: 3
   prerelease:
   segments:
   - 0
   - 5
-  - 3
-  version: 0.5.3
+  - 4
+  version: 0.5.4
 platform: ruby
 authors:
 - Stefan Schlesinger
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-04-26 00:00:00 Z
+date: 2012-12-10 00:00:00 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander
@@ -32,7 +32,7 @@ dependencies:
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: sequel
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement
     none: false
@@ -45,20 +45,6 @@ dependencies:
         version: "0"
   type: :runtime
   version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: sequel
-  prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
-  type: :runtime
-  version_requirements: *id003
 description: |-
   Smailr is a CLI tool which lets you manage your Exim/Dovecot setup
                              from the shell. It currently uses SQLite as a backend.
@@ -81,8 +67,6 @@ files:
 - contrib/dovecot-sql.conf
 - contrib/dovecot.conf
 - contrib/exim4.conf
-- contrib/exim4.spam.conf
-- contrib/install.pp
 - migrations/001_domains.rb
 - migrations/002_mailboxes.rb
 - migrations/003_aliases.rb
@@ -97,15 +81,19 @@ post_install_message: |+
   SMAILR /////////////////////////////////////////////////////////////////
-   TO FINISH THE LOCAL SMAILR INSTALLATION RUN:
-    * 'smailr setup' once, to create /etc/smailr.yml
+   TO FINISH THE LOCAL SMAILR INSTALLATION:
+    * Install Exim with SQLite support
+    * Install Dovecot with SQlite support
-    * Review the configuration file please
+    * run export PATH="/var/lib/gems/1.8/bin:${PATH}"
-    * 'smailr stetup' again, to initialize all configurations
+    * run "smailr setup" to create exim, dovecot and smailr configuration (you
+      can edit the configuration in an editor window before everyting is
+      initialized)
-    * 'smailr migrate' to initialize the database
+    * run "smailr migrate" to initialize the database file
   //////////////////////////////////////////////////////////////// ///////
@@ -136,7 +124,7 @@ requirements:
 - Dovecot
 - Debian
 rubyforge_project:
-rubygems_version: 1.8.21
+rubygems_version: 1.8.24
 signing_key:
 specification_version: 3
 summary: Simple MAIL manageR - Virtual mail hosting management from the CLI

data/contrib/exim4.spam.conf DELETED Viewed

@@ -1,281 +0,0 @@
-#############################################################################
-# Exim Transactional Mailerver Configuration
-EXIM_CONF            = /etc/exim4
-SQLITE_DATABASE_FILE = EXIM_CONF/smailr.sqlite
-DKIM_DOMAIN          = ${lc:${domain:$h_from:}}
-DKIM_SELECTOR        = mx
-#############################################################################
-# Database Queries
-VIRTUAL_DOMAINS_SQL  = SELECT DISTINCT fqdn FROM domains WHERE fqdn = '${quote_sqlite:$domain}'
-VIRTUAL_DOMAINS      = ${lookup sqlite{SQLITE_DATABASE_FILE VIRTUAL_DOMAINS_SQL}}
-R_VIRTUAL_ALIASES_DATA_SQL = \
-    SELECT aliases.dstlocalpart || '@' || aliases.dstdomain \
-      FROM aliases, domains \
-     WHERE aliases.localpart = '${quote_sqlite:$local_part}' \
-       AND domains.fqdn = '${quote_sqlite:$domain}' \
-       AND aliases.domain_id = domains.id
-R_VIRTUAL_ALIASES_DATA = ${lookup sqlite {SQLITE_DATABASE_FILE R_VIRTUAL_ALIASES_DATA_SQL}{$value}fail}
-R_VIRTUAL_MAILBOX_CONDITION_SQL = \
-    SELECT '/srv/mail/users/' || domains.fqdn || '/' || mailboxes.localpart \
-      FROM mailboxes, domains \
-     WHERE mailboxes.localpart = '${quote_sqlite:$local_part}' \
-       AND domains.fqdn        = '${quote_sqlite:$domain}' \
-       AND mailboxes.domain_id = domains.id
-R_VIRTUAL_MAILBOX_CONDITION = ${lookup sqlite{SQLITE_DATABASE_FILE R_VIRTUAL_MAILBOX_CONDITION_SQL}}
-DKIM_PRIVATE_KEY_SQL = \
-    SELECT private_key \
-      FROM dkims, domains \
-     WHERE dkims.selector  = 'mx' \
-       AND domains.fqdn    = '${quote_sqlite:DKIM_DOMAIN}' \
-       AND dkims.domain_id = domains.id
-DKIM_PRIVATE_KEY = ${lookup sqlite{SQLITE_DATABASE_FILE DKIM_PRIVATE_KEY_SQL}{$value}fail}
-################################################################################
-# Domain Lists
-domainlist local_domains    = @ : VIRTUAL_DOMAINS
-domainlist relay_to_domains =
-hostlist   relay_from_hosts =
-#############################################################################
-# Main Settings
-smtp_banner               = $primary_hostname NO UCE/NO UBE ESMTP MTA
-exim_user                 = Debian-exim
-exim_group                = Debian-exim
-never_users               = root
-daemon_smtp_ports         = 25 : 465 : 587
-tls_certificate           = /etc/exim4/exim.crt
-tls_privatekey            = /etc/exim4/exim.key
-tls_advertise_hosts       = *
-split_spool_directory     = true
-smtp_return_error_details = true
-log_selector              = +subject \
-                            +address_rewrite \
-                            +connection_reject \
-                            +delay_delivery \
-                            +delivery_size \
-                            +dnslist_defer \
-                            +lost_incoming_connection \
-                            +queue_run \
-                            +received_recipients \
-                            +sender_on_delivery \
-                            +size_reject \
-                            +smtp_confirmation \
-                            +smtp_protocol_error \
-                            +smtp_syntax_error \
-                            +tls_cipher \
-                            +tls_peerdn
-# Maximum message size
-message_size_limit        = 20M
-# Number of unknown SMTP commands we accept before dropping the connection
-smtp_max_unknown_commands = 10
-bounce_return_size_limit  = 10K
-# These protections need to take into account MailScanners need to do
-# MIME explosion.
-check_spool_inodes         = 1000
-check_spool_space          = 100M
-# do a reverse DNS lookup on every connection
-host_lookup = *
-# No RFC 1413 (ident)-lookups
-rfc1413_hosts = !*
-# Make ESMTP PIPELINING available in all cases
-pipelining_advertise_hosts = *
-# A bit of good cop / bad cop with helo
-helo_allow_chars        = "_"
-helo_verify_hosts       = !*
-helo_try_verify_hosts   = !*
-# Reverse DNS information is useful
-helo_lookup_domains     = *
-# Send a notification about forzen messages at these intervals
-delay_warning = 1h:2h:8h:24h:48h:72h
-# Don't send a notification for messages with Precedence:bulk|list|junk
-delay_warning_condition = "${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}"
-# Accept 8-bit MIME in Helo and Body.
-accept_8bitmime
-# Allow to manually specify a envelope-from when submitting local mail
-local_from_check          = false
-local_sender_retain       = true
-untrusted_set_sender      = *
-# Clamav socket
-av_scanner = clamd:/var/run/clamav/clamd.ctl
-#############################################################################
-# ACL Configuration
-# We use the following ACLs:
-acl_smtp_connect  = accept
-acl_smtp_helo     = accept
-acl_smtp_starttls = accept
-acl_smtp_mail     = accept
-acl_smtp_rcpt     = acl_check_rcpt
-acl_smtp_data     = acl_check_data
-# We dont allow VRFY/EXPN
-acl_smtp_vrfy    = deny
-acl_smtp_expn    = deny
-begin acl
-acl_check_rcpt:
-    # Accept if source is local SMTP (not over TCP). We do this by testing
-    # for an empty sending host field.
-    accept hosts          = :
-    # Accept everything from localhost
-    accept hosts          = 127.0.0.1/8 : ::::1
-    # Deny if the local part contains @ or % or / or | or !. These are rarely
-    # found in genuine local parts, but are often tried by people looking to
-    # circumvent relaying restrictions.
-    deny    local_parts   = ^.*[@%!/|] : ^\\.
-    # Accept authenticated messages.
-    accept  authenticated = *
-    # Deny relaying on port 587 if not authenticated.
-    deny   !authenticated = *
-            condition     = ${if eq {$interface_port}{587} {yes}{no}}
-            message       = Relaying denied. Proper authentication required on port 587.
-    # Teergrube any borken reverse DNS entries.
-    warn    message       = X-Broken-Reverse-DNS: no host name for IP address $sender_host_address
-           !verify        = reverse_host_lookup
-            delay         = TEERGRUBE
-    # Accept if the address is in a local domain, but only if the recipient can
-    # be verified. Otherwise deny. The "endpass" line is the border between
-    # passing on to the next ACL statement (if tests above it fail) or denying
-    # access (if tests below it fail).
-    accept  domains       = +local_domains
-            endpass
-            verify        = recipient
-    # Accept if the address is in a domain for which we are relaying, but again,
-    # only if the recipient can be verified (this saves your secondary
-    # MXes from accepting mail that they then can't send to your primary
-    # MX)
-    accept  domains       = +relay_to_domains
-            endpass
-            message       = unrouteable address
-            verify        = recipient/callout=30s/callout_defer_ok
-    accept  hosts         = +relay_from_hosts
-    # Reaching the end of the ACL causes a "deny".
-    deny    message       = <$local_part@$domain>: Relaying denied. Proper authentication required.
-            delay         = TEERGRUBE
-acl_check_data:
-    # Accept if source is local SMTP (i.e. not over TCP/IP). We do this by
-    # testing for an empty sending host field.
-    accept  hosts         = :
-    # Run clamav against the message and reject if it contains malware. This
-    # acl condition will not deny if there is a problem with clamav.
-    deny    message       = This message contains malware ($malware_name)
-            malware       = */defer_ok
-    accept
-#############################################################################
-# Router Configuration
-begin routers
-    # Aliases for local mailboxes
-    virtual_alias:
-        debug_print = "R: virtual_alias for $local_part@$domain"
-        driver = redirect
-        domains = +local_domains
-        allow_fail
-        allow_defer
-        # Lookup the mailbox which we route the message to
-        data = R_VIRTUAL_ALIASES_DATA
-    virtual_mailbox:
-        debug_print = "R: virtual_mailbox for $local_part@$domain"
-        driver = accept
-        domains = +local_domains
-        transport = dovecot_virtual_delivery
-        condition = R_VIRTUAL_MAILBOX_CONDITION
-    # This router routes to remote hosts over SMTP using a DNS lookup with
-    # default options.
-    dnslookup:
-      debug_print = "R: dnslookup for $local_part@$domain"
-      driver = dnslookup
-      domains = ! +local_domains
-      ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
-      cannot_route_message  = Unkown user $local_part in domain $domain
-      # Optimization since the dnslookup router is independent of the local part
-      same_domain_copy_routing = yes
-      transport = remote_smtp
-      no_more
-#############################################################################
-# Transport Configuration
-begin transports
-    remote_smtp:
-        debug_print = "T: remote_smtp for $local_part@$domain"
-        driver      = smtp
-        interface = "${lookup {${randint:5}} lsearch {/etc/exim4/source_ip_lookup}}"
-#############################################################################
-# Rewrites/Retries/Authenticatos
-begin rewrite
-begin retry
-    # Retry..   every 10 mins for 2 hours
-    # Then..    every hour for 24 hours
-    # Finaly..  every 6 hours for 4 days
-    # Domain   Error     Retry..     Then..      Finaly..
-    *          *         F,2h,10m;   F,24h,1h;   F,4d,6h
-begin authenticators

data/contrib/install.pp DELETED Viewed

@@ -1,95 +0,0 @@
-class smailr::mx
-{
-    include smailr::params
-    include smailr::mx::common
-    include smailr::mx::exim
-    include smailr::mx::dovecot
-}
-class smailr::params
-{
-    $smailr_version = "0.5.0"
-    $smailr_mailstorage = "/srv/mail"
-    $smailr_contrib = $lsbdistcodename ? {
-        "Debian": "/var/lib/ruby/gems/smailr-${version}/contrib",
-    }
-    $exim_package_name = $lsbdistid ? {
-        "Debian": "exim4-daemon-heavy"
-    }
-}
-class smailr::mx::common
-{
-    user { "vmail":
-        ensure => present,
-    }
-    group { "vmail":
-        ensure => present,
-    }
-    file {
-        $smailr_mailstorage:
-            ensure  => direcotry,
-            owner   => "vmail",
-            group   => "vmail",
-            mode    => 0660,
-            require => User["vmail"];
-        "${smailr_mailstorage}/users":
-            ensure  => directory,
-            owner   => "vmail",
-            group   => "vmail",
-            mode    => "0660",
-            require => File["/srv/mail"];
-    }
-}
-class smailr::mx::exim
-{
-    package { "exim4-daemon-heavy":
-        name   => $smailr::params::exim_package_name
-        ensure => present,
-    }
-    file {
-        "/etc/exim4/exim4.conf":
-            ensure  => present,
-            source  => "file:///${smailr_contrib}/exim4.conf"
-            require => Package["exim4-daemon-heavy"];
-        "/etc/default/exim4":
-            ensure  => present,
-            owner   => "root",
-            group   => "root",
-            source  => "file:///${smailr_contrib}/exim4.defaults",
-            require => Package["exim4-daemon-heavy"];
-    }
-}
-class smailr::mx::dovecot
-{
-    package { "dovecot-imapd":
-        ensure => present,
-    }
-    package { "dovecot-pop3d":
-        ensure => present,
-    }
-    file {
-        "/etc/dovecot/dovecot.conf":
-            ensure  => present,
-            source  => "file:///${smailr_contrib}/dovecot.conf"
-            require => Package["dovecot-imapd"];
-        "/etc/dovecot/dovecot.conf":
-            ensure  => present,
-            source  => "file:///${smailr_contrib}/dovecot-sql.conf"
-            require => Package["dovecot-imapd"];
-    }
-}