smartmachine 1.2.2 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_machine/buildpackers/buildpacker.rb +0 -42
- data/lib/smart_machine/buildpackers/rails.rb +60 -0
- data/lib/smart_machine/commands/grid.rb +8 -0
- data/lib/smart_machine/commands/grid_commands/emailer.rb +107 -0
- data/lib/smart_machine/commands/grid_commands/roundcube.rb +65 -0
- data/lib/smart_machine/configuration.rb +35 -2
- data/lib/smart_machine/credentials.rb +10 -0
- data/lib/smart_machine/engine.rb +6 -0
- data/lib/smart_machine/grids/adminer.rb +1 -0
- data/lib/smart_machine/grids/certbot.rb +1 -0
- data/lib/smart_machine/grids/emailer/.keep +0 -0
- data/lib/smart_machine/grids/emailer.rb +188 -0
- data/lib/smart_machine/grids/haproxy.rb +1 -0
- data/lib/smart_machine/grids/mariadb.rb +1 -0
- data/lib/smart_machine/grids/postgresql.rb +1 -0
- data/lib/smart_machine/grids/roundcube.rb +114 -0
- data/lib/smart_machine/machine.rb +49 -0
- data/lib/smart_machine/syncer.rb +10 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/docker/command.rb +50 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/docker/entrypoint.rb +196 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/docker/logtailer.rb +75 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/10-auth.conf +132 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/10-mail.conf +427 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/10-master.conf +153 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/10-ssl.conf +87 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/15-mailboxes.conf +94 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/20-imap.conf +102 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/20-lmtp.conf +43 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/90-quota.conf +114 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/90-sieve.conf +229 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/dovecot-sql.conf.ext +163 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/sieve/learn-ham.sh +2 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/sieve/learn-ham.sieve +5 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/sieve/learn-spam.sh +2 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/sieve/learn-spam.sieve +2 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/sieve-after/spam-to-folder.sieve +6 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/haproxy/haproxy.cfg +58 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/monit/conf.d/services.cfg +70 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/monit/monitrc +344 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/opendkim.conf +71 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/main.cf +123 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/master.cf +149 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-sender-login-maps.cf +7 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-domains.cf +7 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-domains.cf +7 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-masters.cf +7 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-users.cf +7 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-userstothemselves.cf +7 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-mailbox-domains.cf +7 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-mailbox-maps.cf +7 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix-policyd-spf-python/policyd-spf.conf +12 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/spamassassin/local.cf +124 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer/usr/local/bin/quota-warning.sh +22 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/emailer.yml +37 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/engine.yml +2 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/roundcube/etc/apache2/sites-available/000-default.conf +35 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/roundcube/usr/local/etc/php/conf.d/zzz_roundcube-custom.ini +4 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/roundcube/var/roundcube/config/config.custom.inc.php +25 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/roundcube.yml +41 -0
- data/lib/smart_machine/templates/dotsmartmachine/config/users.yml +1 -1
- data/lib/smart_machine/version.rb +2 -2
- data/lib/smart_machine.rb +2 -0
- metadata +55 -4
data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/10-mail.conf
ADDED
@@ -0,0 +1,427 @@
|
|
1
|
+
##
|
2
|
+
## Mailbox locations and namespaces
|
3
|
+
##
|
4
|
+
|
5
|
+
# Location for users' mailboxes. The default is empty, which means that Dovecot
|
6
|
+
# tries to find the mailboxes automatically. This won't work if the user
|
7
|
+
# doesn't yet have any mail, so you should explicitly tell Dovecot the full
|
8
|
+
# location.
|
9
|
+
#
|
10
|
+
# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
|
11
|
+
# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
|
12
|
+
# kept. This is called the "root mail directory", and it must be the first
|
13
|
+
# path given in the mail_location setting.
|
14
|
+
#
|
15
|
+
# There are a few special variables you can use, eg.:
|
16
|
+
#
|
17
|
+
# %u - username
|
18
|
+
# %n - user part in user@domain, same as %u if there's no domain
|
19
|
+
# %d - domain part in user@domain, empty if there's no domain
|
20
|
+
# %h - home directory
|
21
|
+
#
|
22
|
+
# See doc/wiki/Variables.txt for full list. Some examples:
|
23
|
+
#
|
24
|
+
# mail_location = maildir:~/Maildir
|
25
|
+
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
|
26
|
+
# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
|
27
|
+
#
|
28
|
+
# <doc/wiki/MailLocation.txt>
|
29
|
+
#
|
30
|
+
##### SmartMachine Begin.
|
31
|
+
#mail_location = mbox:~/mail:INBOX=/var/mail/%u
|
32
|
+
mail_location = maildir:~/Maildir
|
33
|
+
##### SmartMachine Close.
|
34
|
+
|
35
|
+
# If you need to set multiple mailbox locations or want to change default
|
36
|
+
# namespace settings, you can do it by defining namespace sections.
|
37
|
+
#
|
38
|
+
# You can have private, shared and public namespaces. Private namespaces
|
39
|
+
# are for user's personal mails. Shared namespaces are for accessing other
|
40
|
+
# users' mailboxes that have been shared. Public namespaces are for shared
|
41
|
+
# mailboxes that are managed by sysadmin. If you create any shared or public
|
42
|
+
# namespaces you'll typically want to enable ACL plugin also, otherwise all
|
43
|
+
# users can access all the shared mailboxes, assuming they have permissions
|
44
|
+
# on filesystem level to do so.
|
45
|
+
namespace inbox {
|
46
|
+
# Namespace type: private, shared or public
|
47
|
+
#type = private
|
48
|
+
|
49
|
+
# Hierarchy separator to use. You should use the same separator for all
|
50
|
+
# namespaces or some clients get confused. '/' is usually a good one.
|
51
|
+
# The default however depends on the underlying mail storage format.
|
52
|
+
#separator =
|
53
|
+
|
54
|
+
# Prefix required to access this namespace. This needs to be different for
|
55
|
+
# all namespaces. For example "Public/".
|
56
|
+
#prefix =
|
57
|
+
|
58
|
+
# Physical location of the mailbox. This is in same format as
|
59
|
+
# mail_location, which is also the default for it.
|
60
|
+
#location =
|
61
|
+
|
62
|
+
# There can be only one INBOX, and this setting defines which namespace
|
63
|
+
# has it.
|
64
|
+
inbox = yes
|
65
|
+
|
66
|
+
# If namespace is hidden, it's not advertised to clients via NAMESPACE
|
67
|
+
# extension. You'll most likely also want to set list=no. This is mostly
|
68
|
+
# useful when converting from another server with different namespaces which
|
69
|
+
# you want to deprecate but still keep working. For example you can create
|
70
|
+
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
|
71
|
+
#hidden = no
|
72
|
+
|
73
|
+
# Show the mailboxes under this namespace with LIST command. This makes the
|
74
|
+
# namespace visible for clients that don't support NAMESPACE extension.
|
75
|
+
# "children" value lists child mailboxes, but hides the namespace prefix.
|
76
|
+
#list = yes
|
77
|
+
|
78
|
+
# Namespace handles its own subscriptions. If set to "no", the parent
|
79
|
+
# namespace handles them (empty prefix should always have this as "yes")
|
80
|
+
#subscriptions = yes
|
81
|
+
|
82
|
+
# See 15-mailboxes.conf for definitions of special mailboxes.
|
83
|
+
}
|
84
|
+
|
85
|
+
# Example shared namespace configuration
|
86
|
+
#namespace {
|
87
|
+
#type = shared
|
88
|
+
#separator = /
|
89
|
+
|
90
|
+
# Mailboxes are visible under "shared/user@domain/"
|
91
|
+
# %%n, %%d and %%u are expanded to the destination user.
|
92
|
+
#prefix = shared/%%u/
|
93
|
+
|
94
|
+
# Mail location for other users' mailboxes. Note that %variables and ~/
|
95
|
+
# expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
|
96
|
+
# destination user's data.
|
97
|
+
#location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
|
98
|
+
|
99
|
+
# Use the default namespace for saving subscriptions.
|
100
|
+
#subscriptions = no
|
101
|
+
|
102
|
+
# List the shared/ namespace only if there are visible shared mailboxes.
|
103
|
+
#list = children
|
104
|
+
#}
|
105
|
+
# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
|
106
|
+
#mail_shared_explicit_inbox = no
|
107
|
+
|
108
|
+
# System user and group used to access mails. If you use multiple, userdb
|
109
|
+
# can override these by returning uid or gid fields. You can use either numbers
|
110
|
+
# or names. <doc/wiki/UserIds.txt>
|
111
|
+
#mail_uid =
|
112
|
+
#mail_gid =
|
113
|
+
|
114
|
+
# Group to enable temporarily for privileged operations. Currently this is
|
115
|
+
# used only with INBOX when either its initial creation or dotlocking fails.
|
116
|
+
# Typically this is set to "mail" to give access to /var/mail.
|
117
|
+
mail_privileged_group = mail
|
118
|
+
|
119
|
+
# Grant access to these supplementary groups for mail processes. Typically
|
120
|
+
# these are used to set up access to shared mailboxes. Note that it may be
|
121
|
+
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
|
122
|
+
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
|
123
|
+
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
|
124
|
+
#mail_access_groups =
|
125
|
+
|
126
|
+
# Allow full filesystem access to clients. There's no access checks other than
|
127
|
+
# what the operating system does for the active UID/GID. It works with both
|
128
|
+
# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
|
129
|
+
# or ~user/.
|
130
|
+
#mail_full_filesystem_access = no
|
131
|
+
|
132
|
+
# Dictionary for key=value mailbox attributes. This is used for example by
|
133
|
+
# URLAUTH and METADATA extensions.
|
134
|
+
#mail_attribute_dict =
|
135
|
+
|
136
|
+
# A comment or note that is associated with the server. This value is
|
137
|
+
# accessible for authenticated users through the IMAP METADATA server
|
138
|
+
# entry "/shared/comment".
|
139
|
+
#mail_server_comment = ""
|
140
|
+
|
141
|
+
# Indicates a method for contacting the server administrator. According to
|
142
|
+
# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
|
143
|
+
# is currently not enforced. Use for example mailto:admin@example.com. This
|
144
|
+
# value is accessible for authenticated users through the IMAP METADATA server
|
145
|
+
# entry "/shared/admin".
|
146
|
+
#mail_server_admin =
|
147
|
+
|
148
|
+
##
|
149
|
+
## Mail processes
|
150
|
+
##
|
151
|
+
|
152
|
+
# Don't use mmap() at all. This is required if you store indexes to shared
|
153
|
+
# filesystems (NFS or clustered filesystem).
|
154
|
+
#mmap_disable = no
|
155
|
+
|
156
|
+
# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
|
157
|
+
# since version 3, so this should be safe to use nowadays by default.
|
158
|
+
#dotlock_use_excl = yes
|
159
|
+
|
160
|
+
# When to use fsync() or fdatasync() calls:
|
161
|
+
# optimized (default): Whenever necessary to avoid losing important data
|
162
|
+
# always: Useful with e.g. NFS when write()s are delayed
|
163
|
+
# never: Never use it (best performance, but crashes can lose data)
|
164
|
+
#mail_fsync = optimized
|
165
|
+
|
166
|
+
# Locking method for index files. Alternatives are fcntl, flock and dotlock.
|
167
|
+
# Dotlocking uses some tricks which may create more disk I/O than other locking
|
168
|
+
# methods. NFS users: flock doesn't work, remember to change mmap_disable.
|
169
|
+
#lock_method = fcntl
|
170
|
+
|
171
|
+
# Directory where mails can be temporarily stored. Usually it's used only for
|
172
|
+
# mails larger than >= 128 kB. It's used by various parts of Dovecot, for
|
173
|
+
# example LDA/LMTP while delivering large mails or zlib plugin for keeping
|
174
|
+
# uncompressed mails.
|
175
|
+
#mail_temp_dir = /tmp
|
176
|
+
|
177
|
+
# Valid UID range for users, defaults to 500 and above. This is mostly
|
178
|
+
# to make sure that users can't log in as daemons or other system users.
|
179
|
+
# Note that denying root logins is hardcoded to dovecot binary and can't
|
180
|
+
# be done even if first_valid_uid is set to 0.
|
181
|
+
#first_valid_uid = 500
|
182
|
+
#last_valid_uid = 0
|
183
|
+
|
184
|
+
# Valid GID range for users, defaults to non-root/wheel. Users having
|
185
|
+
# non-valid GID as primary group ID aren't allowed to log in. If user
|
186
|
+
# belongs to supplementary groups with non-valid GIDs, those groups are
|
187
|
+
# not set.
|
188
|
+
#first_valid_gid = 1
|
189
|
+
#last_valid_gid = 0
|
190
|
+
|
191
|
+
# Maximum allowed length for mail keyword name. It's only forced when trying
|
192
|
+
# to create new keywords.
|
193
|
+
#mail_max_keyword_length = 50
|
194
|
+
|
195
|
+
# ':' separated list of directories under which chrooting is allowed for mail
|
196
|
+
# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
|
197
|
+
# This setting doesn't affect login_chroot, mail_chroot or auth chroot
|
198
|
+
# settings. If this setting is empty, "/./" in home dirs are ignored.
|
199
|
+
# WARNING: Never add directories here which local users can modify, that
|
200
|
+
# may lead to root exploit. Usually this should be done only if you don't
|
201
|
+
# allow shell access for users. <doc/wiki/Chrooting.txt>
|
202
|
+
#valid_chroot_dirs =
|
203
|
+
|
204
|
+
# Default chroot directory for mail processes. This can be overridden for
|
205
|
+
# specific users in user database by giving /./ in user's home directory
|
206
|
+
# (eg. /home/./user chroots into /home). Note that usually there is no real
|
207
|
+
# need to do chrooting, Dovecot doesn't allow users to access files outside
|
208
|
+
# their mail directory anyway. If your home directories are prefixed with
|
209
|
+
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
|
210
|
+
#mail_chroot =
|
211
|
+
|
212
|
+
# UNIX socket path to master authentication server to find users.
|
213
|
+
# This is used by imap (for shared users) and lda.
|
214
|
+
#auth_socket_path = /var/run/dovecot/auth-userdb
|
215
|
+
|
216
|
+
# Directory where to look up mail plugins.
|
217
|
+
#mail_plugin_dir = /usr/lib/dovecot/modules
|
218
|
+
|
219
|
+
# Space separated list of plugins to load for all services. Plugins specific to
|
220
|
+
# IMAP, LDA, etc. are added to this list in their own .conf files.
|
221
|
+
#mail_plugins =
|
222
|
+
##### SmartMachine Begin.
|
223
|
+
mail_plugins = quota
|
224
|
+
##### SmartMachine Close.
|
225
|
+
|
226
|
+
##
|
227
|
+
## Mailbox handling optimizations
|
228
|
+
##
|
229
|
+
|
230
|
+
# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
|
231
|
+
# also required for IMAP NOTIFY extension to be enabled.
|
232
|
+
#mailbox_list_index = yes
|
233
|
+
|
234
|
+
# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
|
235
|
+
# of potentially returning out-of-date results after e.g. server crashes.
|
236
|
+
# The results will be automatically fixed once the folders are opened.
|
237
|
+
#mailbox_list_index_very_dirty_syncs = yes
|
238
|
+
|
239
|
+
# Should INBOX be kept up-to-date in the mailbox list index? By default it's
|
240
|
+
# not, because most of the mailbox accesses will open INBOX anyway.
|
241
|
+
#mailbox_list_index_include_inbox = no
|
242
|
+
|
243
|
+
# The minimum number of mails in a mailbox before updates are done to cache
|
244
|
+
# file. This allows optimizing Dovecot's behavior to do less disk writes at
|
245
|
+
# the cost of more disk reads.
|
246
|
+
#mail_cache_min_mail_count = 0
|
247
|
+
|
248
|
+
# When IDLE command is running, mailbox is checked once in a while to see if
|
249
|
+
# there are any new mails or other changes. This setting defines the minimum
|
250
|
+
# time to wait between those checks. Dovecot can also use inotify and
|
251
|
+
# kqueue to find out immediately when changes occur.
|
252
|
+
#mailbox_idle_check_interval = 30 secs
|
253
|
+
|
254
|
+
# Save mails with CR+LF instead of plain LF. This makes sending those mails
|
255
|
+
# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
|
256
|
+
# But it also creates a bit more disk I/O which may just make it slower.
|
257
|
+
# Also note that if other software reads the mboxes/maildirs, they may handle
|
258
|
+
# the extra CRs wrong and cause problems.
|
259
|
+
#mail_save_crlf = no
|
260
|
+
|
261
|
+
# Max number of mails to keep open and prefetch to memory. This only works with
|
262
|
+
# some mailbox formats and/or operating systems.
|
263
|
+
#mail_prefetch_count = 0
|
264
|
+
|
265
|
+
# How often to scan for stale temporary files and delete them (0 = never).
|
266
|
+
# These should exist only after Dovecot dies in the middle of saving mails.
|
267
|
+
#mail_temp_scan_interval = 1w
|
268
|
+
|
269
|
+
# How many slow mail accesses sorting can perform before it returns failure.
|
270
|
+
# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
|
271
|
+
# The untagged SORT reply is still returned, but it's likely not correct.
|
272
|
+
#mail_sort_max_read_count = 0
|
273
|
+
|
274
|
+
protocol !indexer-worker {
|
275
|
+
# If folder vsize calculation requires opening more than this many mails from
|
276
|
+
# disk (i.e. mail sizes aren't in cache already), return failure and finish
|
277
|
+
# the calculation via indexer process. Disabled by default. This setting must
|
278
|
+
# be 0 for indexer-worker processes.
|
279
|
+
#mail_vsize_bg_after_count = 0
|
280
|
+
}
|
281
|
+
|
282
|
+
##
|
283
|
+
## Maildir-specific settings
|
284
|
+
##
|
285
|
+
|
286
|
+
# By default LIST command returns all entries in maildir beginning with a dot.
|
287
|
+
# Enabling this option makes Dovecot return only entries which are directories.
|
288
|
+
# This is done by stat()ing each entry, so it causes more disk I/O.
|
289
|
+
# (For systems setting struct dirent->d_type, this check is free and it's
|
290
|
+
# done always regardless of this setting)
|
291
|
+
#maildir_stat_dirs = no
|
292
|
+
|
293
|
+
# When copying a message, do it with hard links whenever possible. This makes
|
294
|
+
# the performance much better, and it's unlikely to have any side effects.
|
295
|
+
#maildir_copy_with_hardlinks = yes
|
296
|
+
|
297
|
+
# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
|
298
|
+
# when its mtime changes unexpectedly or when we can't find the mail otherwise.
|
299
|
+
#maildir_very_dirty_syncs = no
|
300
|
+
|
301
|
+
# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
|
302
|
+
# getting the mail's physical size, except when recalculating Maildir++ quota.
|
303
|
+
# This can be useful in systems where a lot of the Maildir filenames have a
|
304
|
+
# broken size. The performance hit for enabling this is very small.
|
305
|
+
#maildir_broken_filename_sizes = no
|
306
|
+
|
307
|
+
# Always move mails from new/ directory to cur/, even when the \Recent flags
|
308
|
+
# aren't being reset.
|
309
|
+
#maildir_empty_new = no
|
310
|
+
|
311
|
+
##
|
312
|
+
## mbox-specific settings
|
313
|
+
##
|
314
|
+
|
315
|
+
# Which locking methods to use for locking mbox. There are four available:
|
316
|
+
# dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
|
317
|
+
# solution. If you want to use /var/mail/ like directory, the users
|
318
|
+
# will need write access to that directory.
|
319
|
+
# dotlock_try: Same as dotlock, but if it fails because of permissions or
|
320
|
+
# because there isn't enough disk space, just skip it.
|
321
|
+
# fcntl : Use this if possible. Works with NFS too if lockd is used.
|
322
|
+
# flock : May not exist in all systems. Doesn't work with NFS.
|
323
|
+
# lockf : May not exist in all systems. Doesn't work with NFS.
|
324
|
+
#
|
325
|
+
# You can use multiple locking methods; if you do the order they're declared
|
326
|
+
# in is important to avoid deadlocks if other MTAs/MUAs are using multiple
|
327
|
+
# locking methods as well. Some operating systems don't allow using some of
|
328
|
+
# them simultaneously.
|
329
|
+
#
|
330
|
+
# The Debian value for mbox_write_locks differs from upstream Dovecot. It is
|
331
|
+
# changed to be compliant with Debian Policy (section 11.6) for NFS safety.
|
332
|
+
# Dovecot: mbox_write_locks = dotlock fcntl
|
333
|
+
# Debian: mbox_write_locks = fcntl dotlock
|
334
|
+
#
|
335
|
+
#mbox_read_locks = fcntl
|
336
|
+
#mbox_write_locks = fcntl dotlock
|
337
|
+
|
338
|
+
# Maximum time to wait for lock (all of them) before aborting.
|
339
|
+
#mbox_lock_timeout = 5 mins
|
340
|
+
|
341
|
+
# If dotlock exists but the mailbox isn't modified in any way, override the
|
342
|
+
# lock file after this much time.
|
343
|
+
#mbox_dotlock_change_timeout = 2 mins
|
344
|
+
|
345
|
+
# When mbox changes unexpectedly we have to fully read it to find out what
|
346
|
+
# changed. If the mbox is large this can take a long time. Since the change
|
347
|
+
# is usually just a newly appended mail, it'd be faster to simply read the
|
348
|
+
# new mails. If this setting is enabled, Dovecot does this but still safely
|
349
|
+
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
|
350
|
+
# how it's expected to be. The only real downside to this setting is that if
|
351
|
+
# some other MUA changes message flags, Dovecot doesn't notice it immediately.
|
352
|
+
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
|
353
|
+
# commands.
|
354
|
+
#mbox_dirty_syncs = yes
|
355
|
+
|
356
|
+
# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
|
357
|
+
# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored.
|
358
|
+
#mbox_very_dirty_syncs = no
|
359
|
+
|
360
|
+
# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK
|
361
|
+
# commands and when closing the mailbox). This is especially useful for POP3
|
362
|
+
# where clients often delete all mails. The downside is that our changes
|
363
|
+
# aren't immediately visible to other MUAs.
|
364
|
+
#mbox_lazy_writes = yes
|
365
|
+
|
366
|
+
# If mbox size is smaller than this (e.g. 100k), don't write index files.
|
367
|
+
# If an index file already exists it's still read, just not updated.
|
368
|
+
#mbox_min_index_size = 0
|
369
|
+
|
370
|
+
# Mail header selection algorithm to use for MD5 POP3 UIDLs when
|
371
|
+
# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired
|
372
|
+
# algorithm, but it fails if the first Received: header isn't unique in all
|
373
|
+
# mails. An alternative algorithm is "all" that selects all headers.
|
374
|
+
#mbox_md5 = apop3d
|
375
|
+
|
376
|
+
##
|
377
|
+
## mdbox-specific settings
|
378
|
+
##
|
379
|
+
|
380
|
+
# Maximum dbox file size until it's rotated.
|
381
|
+
#mdbox_rotate_size = 10M
|
382
|
+
|
383
|
+
# Maximum dbox file age until it's rotated. Typically in days. Day begins
|
384
|
+
# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
|
385
|
+
#mdbox_rotate_interval = 0
|
386
|
+
|
387
|
+
# When creating new mdbox files, immediately preallocate their size to
|
388
|
+
# mdbox_rotate_size. This setting currently works only in Linux with some
|
389
|
+
# filesystems (ext4, xfs).
|
390
|
+
#mdbox_preallocate_space = no
|
391
|
+
|
392
|
+
##
|
393
|
+
## Mail attachments
|
394
|
+
##
|
395
|
+
|
396
|
+
# sdbox and mdbox support saving mail attachments to external files, which
|
397
|
+
# also allows single instance storage for them. Other backends don't support
|
398
|
+
# this for now.
|
399
|
+
|
400
|
+
# Directory root where to store mail attachments. Disabled, if empty.
|
401
|
+
#mail_attachment_dir =
|
402
|
+
|
403
|
+
# Attachments smaller than this aren't saved externally. It's also possible to
|
404
|
+
# write a plugin to disable saving specific attachments externally.
|
405
|
+
#mail_attachment_min_size = 128k
|
406
|
+
|
407
|
+
# Filesystem backend to use for saving attachments:
|
408
|
+
# posix : No SiS done by Dovecot (but this might help FS's own deduplication)
|
409
|
+
# sis posix : SiS with immediate byte-by-byte comparison during saving
|
410
|
+
# sis-queue posix : SiS with delayed comparison and deduplication
|
411
|
+
#mail_attachment_fs = sis posix
|
412
|
+
|
413
|
+
# Hash format to use in attachment filenames. You can add any text and
|
414
|
+
# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
|
415
|
+
# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
|
416
|
+
#mail_attachment_hash = %{sha1}
|
417
|
+
|
418
|
+
# Settings to control adding $HasAttachment or $HasNoAttachment keywords.
|
419
|
+
# By default, all MIME parts with Content-Disposition=attachment, or inlines
|
420
|
+
# with filename parameter are consired attachments.
|
421
|
+
# add-flags - Add the keywords when saving new mails or when fetching can
|
422
|
+
# do it efficiently.
|
423
|
+
# content-type=type or !type - Include/exclude content type. Excluding will
|
424
|
+
# never consider the matched MIME part as attachment. Including will only
|
425
|
+
# negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar).
|
426
|
+
# exclude-inlined - Exclude any Content-Disposition=inline MIME part.
|
427
|
+
#mail_attachment_detection_options =
|
data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/10-master.conf
ADDED
@@ -0,0 +1,153 @@
|
|
1
|
+
#default_process_limit = 100
|
2
|
+
#default_client_limit = 1000
|
3
|
+
|
4
|
+
# Default VSZ (virtual memory size) limit for service processes. This is mainly
|
5
|
+
# intended to catch and kill processes that leak memory before they eat up
|
6
|
+
# everything.
|
7
|
+
#default_vsz_limit = 256M
|
8
|
+
|
9
|
+
# Login user is internally used by login processes. This is the most untrusted
|
10
|
+
# user in Dovecot system. It shouldn't have access to anything at all.
|
11
|
+
#default_login_user = dovenull
|
12
|
+
|
13
|
+
# Internal user is used by unprivileged processes. It should be separate from
|
14
|
+
# login user, so that login processes can't disturb other processes.
|
15
|
+
#default_internal_user = dovecot
|
16
|
+
|
17
|
+
service imap-login {
|
18
|
+
inet_listener imap {
|
19
|
+
#port = 143
|
20
|
+
##### SmartMachine Begin.
|
21
|
+
port = 0
|
22
|
+
##### SmartMachine Close.
|
23
|
+
}
|
24
|
+
inet_listener imaps {
|
25
|
+
#port = 993
|
26
|
+
#ssl = yes
|
27
|
+
}
|
28
|
+
|
29
|
+
# Number of connections to handle before starting a new process. Typically
|
30
|
+
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
31
|
+
# is faster. <doc/wiki/LoginProcess.txt>
|
32
|
+
#service_count = 1
|
33
|
+
|
34
|
+
# Number of processes to always keep waiting for more connections.
|
35
|
+
#process_min_avail = 0
|
36
|
+
|
37
|
+
# If you set service_count=0, you probably need to grow this.
|
38
|
+
#vsz_limit = $default_vsz_limit
|
39
|
+
}
|
40
|
+
|
41
|
+
service pop3-login {
|
42
|
+
inet_listener pop3 {
|
43
|
+
#port = 110
|
44
|
+
##### SmartMachine Begin.
|
45
|
+
port = 0
|
46
|
+
##### SmartMachine Close.
|
47
|
+
}
|
48
|
+
inet_listener pop3s {
|
49
|
+
#port = 995
|
50
|
+
#ssl = yes
|
51
|
+
}
|
52
|
+
}
|
53
|
+
|
54
|
+
service submission-login {
|
55
|
+
inet_listener submission {
|
56
|
+
#port = 587
|
57
|
+
}
|
58
|
+
}
|
59
|
+
|
60
|
+
service lmtp {
|
61
|
+
##### SmartMachine Begin.
|
62
|
+
#unix_listener lmtp {
|
63
|
+
# #mode = 0666
|
64
|
+
#}
|
65
|
+
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
66
|
+
mode = 0600
|
67
|
+
user = postfix
|
68
|
+
group = postfix
|
69
|
+
}
|
70
|
+
##### SmartMachine Close.
|
71
|
+
|
72
|
+
# Create inet listener only if you can't use the above UNIX socket
|
73
|
+
#inet_listener lmtp {
|
74
|
+
# Avoid making LMTP visible for the entire internet
|
75
|
+
#address =
|
76
|
+
#port =
|
77
|
+
#}
|
78
|
+
}
|
79
|
+
|
80
|
+
service imap {
|
81
|
+
# Most of the memory goes to mmap()ing files. You may need to increase this
|
82
|
+
# limit if you have huge mailboxes.
|
83
|
+
#vsz_limit = $default_vsz_limit
|
84
|
+
|
85
|
+
# Max. number of IMAP processes (connections)
|
86
|
+
#process_limit = 1024
|
87
|
+
}
|
88
|
+
|
89
|
+
service pop3 {
|
90
|
+
# Max. number of POP3 processes (connections)
|
91
|
+
#process_limit = 1024
|
92
|
+
}
|
93
|
+
|
94
|
+
service submission {
|
95
|
+
# Max. number of SMTP Submission processes (connections)
|
96
|
+
#process_limit = 1024
|
97
|
+
}
|
98
|
+
|
99
|
+
service auth {
|
100
|
+
# auth_socket_path points to this userdb socket by default. It's typically
|
101
|
+
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
|
102
|
+
# full permissions to this socket are able to get a list of all usernames and
|
103
|
+
# get the results of everyone's userdb lookups.
|
104
|
+
#
|
105
|
+
# The default 0666 mode allows anyone to connect to the socket, but the
|
106
|
+
# userdb lookups will succeed only if the userdb returns an "uid" field that
|
107
|
+
# matches the caller process's UID. Also if caller's uid or gid matches the
|
108
|
+
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
|
109
|
+
#
|
110
|
+
# To give the caller full permissions to lookup all users, set the mode to
|
111
|
+
# something else than 0666 and Dovecot lets the kernel enforce the
|
112
|
+
# permissions (e.g. 0777 allows everyone full permissions).
|
113
|
+
unix_listener auth-userdb {
|
114
|
+
#mode = 0666
|
115
|
+
#user =
|
116
|
+
#group =
|
117
|
+
}
|
118
|
+
|
119
|
+
# Postfix smtp-auth
|
120
|
+
#unix_listener /var/spool/postfix/private/auth {
|
121
|
+
# mode = 0666
|
122
|
+
#}
|
123
|
+
##### SmartMachine Begin.
|
124
|
+
unix_listener /var/spool/postfix/private/auth {
|
125
|
+
mode = 0660
|
126
|
+
user = postfix
|
127
|
+
group = postfix
|
128
|
+
}
|
129
|
+
##### SmartMachine Close.
|
130
|
+
|
131
|
+
# Auth process is run as this user.
|
132
|
+
#user = $default_internal_user
|
133
|
+
}
|
134
|
+
|
135
|
+
service auth-worker {
|
136
|
+
# Auth worker process is run as root by default, so that it can access
|
137
|
+
# /etc/shadow. If this isn't necessary, the user should be changed to
|
138
|
+
# $default_internal_user.
|
139
|
+
#user = root
|
140
|
+
##### SmartMachine Begin.
|
141
|
+
user = $default_internal_user
|
142
|
+
##### SmartMachine Close.
|
143
|
+
}
|
144
|
+
|
145
|
+
service dict {
|
146
|
+
# If dict proxy is used, mail processes should have access to its socket.
|
147
|
+
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
|
148
|
+
unix_listener dict {
|
149
|
+
#mode = 0600
|
150
|
+
#user =
|
151
|
+
#group =
|
152
|
+
}
|
153
|
+
}
|
data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/dovecot/conf.d/10-ssl.conf
ADDED
@@ -0,0 +1,87 @@
|
|
1
|
+
##
|
2
|
+
## SSL settings
|
3
|
+
##
|
4
|
+
|
5
|
+
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
|
6
|
+
##### SmartMachine Begin.
|
7
|
+
#ssl = yes
|
8
|
+
ssl = required
|
9
|
+
##### SmartMachine Close.
|
10
|
+
|
11
|
+
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
12
|
+
# dropping root privileges, so keep the key file unreadable by anyone but
|
13
|
+
# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
14
|
+
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
15
|
+
##### SmartMachine Begin.
|
16
|
+
#ssl_cert = </etc/dovecot/private/dovecot.pem
|
17
|
+
#ssl_key = </etc/dovecot/private/dovecot.key
|
18
|
+
ssl_cert = </etc/letsencrypt/live/%<fqdn>s/fullchain.pem
|
19
|
+
ssl_key = </etc/letsencrypt/live/%<fqdn>s/key.pem
|
20
|
+
##### SmartMachine Close.
|
21
|
+
|
22
|
+
# If key file is password protected, give the password here. Alternatively
|
23
|
+
# give it when starting dovecot with -p parameter. Since this file is often
|
24
|
+
# world-readable, you may want to place this setting instead to a different
|
25
|
+
# root owned 0600 file by using ssl_key_password = <path.
|
26
|
+
#ssl_key_password =
|
27
|
+
|
28
|
+
# PEM encoded trusted certificate authority. Set this only if you intend to use
|
29
|
+
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
|
30
|
+
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
|
31
|
+
#ssl_ca =
|
32
|
+
|
33
|
+
# Require that CRL check succeeds for client certificates.
|
34
|
+
#ssl_require_crl = yes
|
35
|
+
|
36
|
+
# Directory and/or file for trusted SSL CA certificates. These are used only
|
37
|
+
# when Dovecot needs to act as an SSL client (e.g. imapc backend or
|
38
|
+
# submission service). The directory is usually /etc/ssl/certs in
|
39
|
+
# Debian-based systems and the file is /etc/pki/tls/cert.pem in
|
40
|
+
# RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
|
41
|
+
# large CA bundles, because it leads to excessive memory usage.
|
42
|
+
#ssl_client_ca_dir =
|
43
|
+
ssl_client_ca_dir = /etc/ssl/certs
|
44
|
+
#ssl_client_ca_file =
|
45
|
+
|
46
|
+
# Require valid cert when connecting to a remote server
|
47
|
+
#ssl_client_require_valid_cert = yes
|
48
|
+
|
49
|
+
# Request client to send a certificate. If you also want to require it, set
|
50
|
+
# auth_ssl_require_client_cert=yes in auth section.
|
51
|
+
#ssl_verify_client_cert = no
|
52
|
+
|
53
|
+
# Which field from certificate to use for username. commonName and
|
54
|
+
# x500UniqueIdentifier are the usual choices. You'll also need to set
|
55
|
+
# auth_ssl_username_from_cert=yes.
|
56
|
+
#ssl_cert_username_field = commonName
|
57
|
+
|
58
|
+
# SSL DH parameters
|
59
|
+
# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
|
60
|
+
# Or migrate from old ssl-parameters.dat file with the command dovecot
|
61
|
+
# gives on startup when ssl_dh is unset.
|
62
|
+
ssl_dh = </usr/share/dovecot/dh.pem
|
63
|
+
|
64
|
+
# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
|
65
|
+
# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
|
66
|
+
#ssl_min_protocol = TLSv1
|
67
|
+
|
68
|
+
# SSL ciphers to use, the default is:
|
69
|
+
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
70
|
+
# To disable non-EC DH, use:
|
71
|
+
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
72
|
+
|
73
|
+
# Colon separated list of elliptic curves to use. Empty value (the default)
|
74
|
+
# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
|
75
|
+
# example of a valid value.
|
76
|
+
#ssl_curve_list =
|
77
|
+
|
78
|
+
# Prefer the server's order of ciphers over client's.
|
79
|
+
#ssl_prefer_server_ciphers = no
|
80
|
+
|
81
|
+
# SSL crypto device to use, for valid values run "openssl engine"
|
82
|
+
#ssl_crypto_device =
|
83
|
+
|
84
|
+
# SSL extra options. Currently supported options are:
|
85
|
+
# compression - Enable compression.
|
86
|
+
# no_ticket - Disable SSL session tickets.
|
87
|
+
#ssl_options =
|