smartmachine 1.2.3 → 1.3.0

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/opendkim.conf

@@ -0,0 +1,71 @@
+# This is a basic configuration for signing and verifying. It can easily be
+# adapted to suit a basic installation. See opendkim.conf(5) and
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
+# documentation of available configuration parameters.
+
+Syslog                  yes
+SyslogSuccess           yes
+#LogWhy                 no
+
+# Common signing and verification parameters. In Debian, the "From" header is
+# oversigned, because it is often the identity key used by reputation systems
+# and thus somewhat security sensitive.
+Canonicalization        relaxed/simple
+#Mode                   sv
+#SubDomains             no
+OversignHeaders         From
+
+# Signing domain, selector, and key (required). For example, perform signing
+# for domain "example.com" with selector "2020" (2020._domainkey.example.com),
+# using the private key stored in /etc/dkimkeys/example.private. More granular
+# setup options can be found in /usr/share/doc/opendkim/README.opendkim.
+#Domain                 example.com
+#Selector               2020
+#KeyFile                /etc/dkimkeys/example.private
+
+# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
+# using a local socket with MTAs that access the socket as a non-privileged
+# user (for example, Postfix). You may need to add user "postfix" to group
+# "opendkim" in that case.
+UserID                  opendkim
+UMask                   007
+
+# Socket for the MTA connection (required). If the MTA is inside a chroot jail,
+# it must be ensured that the socket is accessible. In Debian, Postfix runs in
+# a chroot in /var/spool/postfix, therefore a Unix socket would have to be
+# configured as shown on the last line below.
+##### SmartMachine Begin.
+#Socket                  local:/run/opendkim/opendkim.sock
+Socket                  local:/var/spool/postfix/opendkim/opendkim.sock
+##### SmartMachine Close.
+#Socket                 inet:8891@localhost
+#Socket                 inet:8891
+#Socket                 local:/var/spool/postfix/opendkim/opendkim.sock
+
+##### SmartMachine Begin.
+#PidFile                 /run/opendkim/opendkim.pid
+PidFile                 /var/run/opendkim/opendkim.pid
+##### SmartMachine Close.
+
+# Hosts for which to sign rather than verify, default is 127.0.0.1. See the
+# OPERATION section of opendkim(8) for more information.
+#InternalHosts          192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
+
+# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided
+# by the package dns-root-data.
+TrustAnchorFile         /usr/share/dns/root.key
+#Nameservers            127.0.0.1
+
+##### SmartMachine Begin.
+# Map domains in From addresses to keys used to sign messages
+KeyTable                /etc/opendkim/key.table
+SigningTable            refile:/etc/opendkim/signing.table
+
+# Hosts to ignore when verifying signatures
+ExternalIgnoreList      /etc/opendkim/trusted.hosts
+InternalHosts           /etc/opendkim/trusted.hosts
+
+# Commonly-used options
+AutoRestart             yes
+AutoRestartRate         10/1M
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/main.cf

@@ -0,0 +1,123 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+
+
+# TLS parameters
+##### SmartMachine Begin.
+#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_cert_file=/etc/letsencrypt/live/%<fqdn>s/fullchain.pem
+#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_key_file=/etc/letsencrypt/live/%<fqdn>s/key.pem
+smtpd_tls_security_level=may
+smtpd_tls_auth_only=yes
+
+smtpd_sasl_type=dovecot
+smtpd_sasl_path=private/auth
+smtpd_sasl_auth_enable=yes
+smtpd_sasl_security_options=noanonymous, noplaintext
+smtpd_sasl_tls_security_options=noanonymous
+
+smtpd_sender_login_maps=mysql:/etc/postfix/mysql-sender-login-maps.cf
+##### SmartMachine Close.
+
+smtp_tls_CApath=/etc/ssl/certs
+smtp_tls_security_level=may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+##### SmartMachine Begin.
+smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname
+smtpd_sender_restrictions = reject_sender_login_mismatch, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination, check_policy_service unix:private/policyd-spf, check_policy_service unix:private/quota-status
+##### SmartMachine Close.
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+##### SmartMachine Begin.
+#myhostname = 3df7015f65ea
+myhostname = %<fqdn>s
+##### SmartMachine Close.
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+##### SmartMachine Begin.
+mydomain = %<mailname>s
+##### SmartMachine Close.
+myorigin = $mydomain
+##### SmartMachine Begin.
+#mydestination = <mailname>, $myhostname, 3df7015f65ea, localhost.localdomain, localhost
+mydestination = localhost
+##### SmartMachine Close.
+relayhost = 
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+
+##### SmartMachine Begin.
+# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
+virtual_transport = lmtp:unix:private/dovecot-lmtp
+
+# Virtual domains, users, and aliases
+# Domains that are not aliases
+virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
+# Users
+virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
+# Domains that are aliases of other domains
+virtual_alias_domains = mysql:/etc/postfix/mysql-virtual-alias-domains.cf
+# Alias mappings for domains, users and users to themselves.
+virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps-domains.cf, mysql:/etc/postfix/mysql-virtual-alias-maps-masters.cf, mysql:/etc/postfix/mysql-virtual-alias-maps-users.cf, mysql:/etc/postfix/mysql-virtual-alias-maps-userstothemselves.cf
+
+# Even more Restrictions and MTA params
+disable_vrfy_command = yes
+strict_rfc821_envelopes = yes
+#smtpd_etrn_restrictions = reject
+#smtpd_reject_unlisted_sender = yes
+#smtpd_reject_unlisted_recipient = yes
+smtpd_helo_required = yes
+smtpd_timeout = 30s
+smtp_helo_timeout = 15s
+smtp_rcpt_timeout = 15s
+smtpd_recipient_limit = 40
+minimal_backoff_time = 180s
+maximal_backoff_time = 3h
+
+# Reply Rejection Codes
+invalid_hostname_reject_code = 550
+non_fqdn_reject_code = 550
+unknown_address_reject_code = 550
+unknown_client_reject_code = 550
+unknown_hostname_reject_code = 550
+unverified_recipient_reject_code = 550
+unverified_sender_reject_code = 550
+
+# SPF
+# postfix-policyd-spf-python
+policyd-spf_time_limit = 3600
+
+# OpenDKIM
+# Milter configuration
+milter_default_action = accept
+# Postfix >= 2.6 milter_protocol = 6, Postfix <= 2.5 milter_protocol = 2
+milter_protocol = 6
+smtpd_milters = local:opendkim/opendkim.sock
+non_smtpd_milters = local:opendkim/opendkim.sock
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/master.cf

@@ -0,0 +1,149 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+##### SmartMachine Begin.
+#smtp      inet  n       -       y       -       -       smtpd
+smtp      inet  n       -       y       -       -       smtpd
+  -o content_filter=spamassassin
+##### SmartMachine Close.
+#smtp      inet  n       -       y       -       1       postscreen
+#smtpd     pass  -       -       y       -       -       smtpd
+#dnsblog   unix  -       -       y       -       0       dnsblog
+#tlsproxy  unix  -       -       y       -       0       tlsproxy
+#submission inet n       -       y       -       -       smtpd
+#  -o syslog_name=postfix/submission
+#  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_tls_auth_only=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+##### SmartMachine Begin.
+submission inet n       -       y       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_tls_auth_only=yes
+  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
+##### SmartMachine Close.
+#smtps     inet  n       -       y       -       -       smtpd
+#  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#628       inet  n       -       y       -       -       qmqpd
+pickup    unix  n       -       y       60      1       pickup
+cleanup   unix  n       -       y       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       y       1000?   1       tlsmgr
+rewrite   unix  -       -       y       -       -       trivial-rewrite
+bounce    unix  -       -       y       -       0       bounce
+defer     unix  -       -       y       -       0       bounce
+trace     unix  -       -       y       -       0       bounce
+verify    unix  -       -       y       -       1       verify
+flush     unix  n       -       y       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       y       -       -       smtp
+relay     unix  -       -       y       -       -       smtp
+        -o syslog_name=postfix/$service_name
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       y       -       -       showq
+error     unix  -       -       y       -       -       error
+retry     unix  -       -       y       -       -       error
+discard   unix  -       -       y       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       y       -       -       lmtp
+anvil     unix  -       -       y       -       1       anvil
+scache    unix  -       -       y       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix -       n       n       -       2       pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
+##### SmartMachine Begin.
+spamassassin unix -     n       n       -       -       pipe
+  user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+policyd-spf  unix  -       n       n       -       0       spawn
+  user=policyd-spf argv=/usr/bin/policyd-spf
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-sender-login-maps.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT email FROM virtual_users WHERE email IN ('%s', (SELECT CONCAT('%u', '@', destination_name) FROM virtual_domains WHERE name='%d' AND destination_name IS NOT NULL)) UNION SELECT destination FROM virtual_aliases WHERE source IN ('%s', (SELECT CONCAT('%u', '@', destination_name) FROM virtual_domains WHERE name='%d' AND destination_name IS NOT NULL))
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-domains.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT 1 FROM virtual_domains WHERE name='%s' AND destination_name IS NOT NULL
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-domains.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT concat('@', destination_name) FROM virtual_domains WHERE CONCAT('@', name)='%s' AND destination_name IS NOT NULL
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-masters.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT email FROM virtual_users WHERE email='%<sysadmin_email>s' AND ('%u'='postmaster' OR '%u'='abuse' OR '%u'='hostmaster' OR '%u'='webmaster')
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-users.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT destination FROM virtual_aliases WHERE source='%s'
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-userstothemselves.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT email FROM virtual_users WHERE email='%s'
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-mailbox-domains.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT 1 FROM virtual_domains WHERE name='%s' AND destination_name IS NULL
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-mailbox-maps.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT 1 FROM virtual_users WHERE email='%s'
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix-policyd-spf-python/policyd-spf.conf

@@ -0,0 +1,12 @@
+#  For a fully commented sample config file see policyd-spf.conf.commented
+
+debugLevel = 1
+TestOnly = 1
+
+HELO_reject = Fail
+Mail_From_reject = Fail
+
+PermError_reject = False
+TempError_Defer = False
+
+skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/spamassassin/local.cf

@@ -0,0 +1,124 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# Only a small subset of options are listed below
+#
+###########################################################################
+
+#    A 'contact address' users should contact for more info. (replaces
+#    _CONTACTADDRESS_ in the report template)
+# report_contact youremailaddress@domain.tld
+
+
+#   Add *****SPAM***** to the Subject header of spam e-mails
+#
+# rewrite_header Subject *****SPAM*****
+
+
+#   Save spam messages as a message/rfc822 MIME attachment instead of
+#   modifying the original message (0: off, 2: use text/plain instead)
+#
+# report_safe 1
+
+
+#   Set which networks or hosts are considered 'trusted' by your mail
+#   server (i.e. not spammers)
+#
+# trusted_networks 212.17.35.
+
+
+#   Set file-locking method (flock is not safe over NFS, but is faster)
+#
+# lock_method flock
+
+
+#   Set the threshold at which a message is considered spam (default: 5.0)
+#
+# required_score 5.0
+
+
+#   Use Bayesian classifier (default: 1)
+#
+# use_bayes 1
+
+
+#   Bayesian classifier auto-learning (default: 1)
+#
+# bayes_auto_learn 1
+
+
+#   Set headers which may provide inappropriate cues to the Bayesian
+#   classifier
+#
+# bayes_ignore_header X-Bogosity
+# bayes_ignore_header X-Spam-Flag
+# bayes_ignore_header X-Spam-Status
+
+
+#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
+#   them to UTF-8 before the text is given over to rules processing.
+#
+# normalize_charset 1
+
+#   Textual body scan limit    (default: 50000)
+#
+#   Amount of data per email text/* mimepart, that will be run through body
+#   rules.  This enables safer and faster scanning of large messages,
+#   perhaps having very large textual attachments.  There should be no need
+#   to change this well tested default.
+#
+# body_part_scan_size 50000
+
+#   Textual rawbody data scan limit    (default: 500000)
+#
+#   Amount of data per email text/* mimepart, that will be run through
+#   rawbody rules.
+#
+# rawbody_part_scan_size 500000
+
+#   Some shortcircuiting, if the plugin is enabled
+# 
+ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
+#
+#   default: strongly-whitelisted mails are *really* whitelisted now, if the
+#   shortcircuiting plugin is active, causing early exit to save CPU load.
+#   Uncomment to turn this on
+#
+#   SpamAssassin tries hard not to launch DNS queries before priority -100. 
+#   If you want to shortcircuit without launching unneeded queries, make
+#   sure such rule priority is below -100. These examples are already:
+#
+# shortcircuit USER_IN_WHITELIST       on
+# shortcircuit USER_IN_DEF_WHITELIST   on
+# shortcircuit USER_IN_ALL_SPAM_TO     on
+# shortcircuit SUBJECT_IN_WHITELIST    on
+
+#   the opposite; blacklisted mails can also save CPU
+#
+# shortcircuit USER_IN_BLACKLIST       on
+# shortcircuit USER_IN_BLACKLIST_TO    on
+# shortcircuit SUBJECT_IN_BLACKLIST    on
+
+#   if you have taken the time to correctly specify your "trusted_networks",
+#   this is another good way to save CPU
+#
+# shortcircuit ALL_TRUSTED             on
+
+#   and a well-trained bayes DB can save running rules, too
+#
+# shortcircuit BAYES_99                spam
+# shortcircuit BAYES_00                ham
+
+endif # Mail::SpamAssassin::Plugin::Shortcircuit
+
+##### SmartMachine Begin.
+loadplugin Mail::SpamAssassin::Plugin::DCC
+
+report_safe             0
+required_score          10.0
+use_razor2              0
+use_dcc                 0
+use_pyzor               0
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/usr/local/bin/quota-warning.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+PERCENT=$1
+USER=$2
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"
+From: Email Postmaster <postmaster@%<mailname>s>
+Subject: Your mailbox is $PERCENT% full.
+
+Hello there,
+
+Your mailbox can store a limited amount of emails. Currently it is $PERCENT% full. New emails will not be stored if you reach 100%.
+
+To get more space in your mailbox you can:
+1. Contact your email provider and upgrade your plan.
+2. Delete emails from your mailbox.
+
+If using option 2, please ensure you have emptied your Trash folder to free up the space.
+
+Thanks for reading. Hope this was helpful.
+
+Regards,
+Your Email Postmaster
+EOF

data/lib/smart_machine/templates/dotsmartmachine/config/emailer.yml

@@ -0,0 +1,37 @@
+emailerone:
+  fqdn: "youremailerone.yourdomain.com"
+  mailname: "yourdomain.com"
+  sysadmin_email: "adminname@yourdomain.com"
+  networks: ["mysqlone-network"]
+  mysql_host: mysqlone
+  mysql_port: 3306
+  mysql_user: <%= SmartMachine.credentials.dig(:emailerone, :mysql_user) %>
+  mysql_password: <%= SmartMachine.credentials.dig(:emailerone, :mysql_password) %>
+  mysql_database_name: <%= SmartMachine.credentials.dig(:emailerone, :mysql_database_name) %>
+  monit_smtp_email_name: "Your Emailer One"
+  monit_smtp_email_address: "yourmachineemailerone@yourdomain.com"
+  monit_smtp_host: "youremailerone.yourdomain.com"
+  monit_smtp_port: 587
+  monit_smtp_username: <%= SmartMachine.credentials.dig(:emailerone, :monit_smtp_username) %>
+  monit_smtp_password: <%= SmartMachine.credentials.dig(:emailerone, :monit_smtp_password) %>
+  oracle_ips_allowed: []
+  oracle_deflect_url: "https://yourdomain.com"
+
+# emailertwo:
+#   fqdn: "youremailertwo.yourdomain.com"
+#   mailname: "yourdomain.com"
+#   sysadmin_email: "adminname@yourdomain.com"
+#   networks: ["mysqlone-network"]
+#   mysql_host: mysqlone
+#   mysql_port: 3306
+#   mysql_user: <%= SmartMachine.credentials.dig(:emailertwo, :mysql_user) %>
+#   mysql_password: <%= SmartMachine.credentials.dig(:emailertwo, :mysql_password) %>
+#   mysql_database_name: <%= SmartMachine.credentials.dig(:emailertwo, :mysql_database_name) %>
+#   monit_smtp_email_name: "Your Emailer Two"
+#   monit_smtp_email_address: "yourmachineemailertwo@yourdomain.com"
+#   monit_smtp_host: "youremailertwo.yourdomain.com"
+#   monit_smtp_port: 587
+#   monit_smtp_username: <%= SmartMachine.credentials.dig(:emailertwo, :monit_smtp_username) %>
+#   monit_smtp_password: <%= SmartMachine.credentials.dig(:emailertwo, :monit_smtp_password) %>
+#   oracle_ips_allowed: []
+#   oracle_deflect_url: "https://yourdomain.com"

data/lib/smart_machine/templates/dotsmartmachine/config/engine.yml

@@ -0,0 +1,2 @@
+engineone:
+  timezone: "Etc/UTC"

data/lib/smart_machine/templates/dotsmartmachine/config/roundcube/etc/apache2/sites-available/000-default.conf

@@ -0,0 +1,35 @@
+<VirtualHost *:80>
+        # The ServerName directive sets the request scheme, hostname and port that
+        # the server uses to identify itself. This is used when creating
+        # redirection URLs. In the context of virtual hosts, the ServerName
+        # specifies what hostname must appear in the request's Host: header to
+        # match this virtual host. For the default virtual host (this file) this
+        # value is not decisive as it is used as a last resort host regardless.
+        # However, you must set it for any further virtual host explicitly.
+        #ServerName www.example.com
+
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+
+        ServerSignature Off
+
+	# If you are setting a different request_path other than '/' in roundcube.yml config file,
+	# then please uncomment the below line and add that path here as an alias.
+        #Alias /your/request/path /var/www/html
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+        # error, crit, alert, emerg.
+        # It is also possible to configure the loglevel for particular
+        # modules, e.g.
+        #LogLevel info ssl:warn
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+        # For most configuration files from conf-available/, which are
+        # enabled or disabled at a global level, it is possible to
+        # include a line for only one particular virtual host. For example the
+        # following line enables the CGI configuration for this host only
+        # after it has been globally disabled with "a2disconf".
+        #Include conf-available/serve-cgi-bin.conf
+</VirtualHost>

data/lib/smart_machine/templates/dotsmartmachine/config/roundcube/usr/local/etc/php/conf.d/zzz_roundcube-custom.ini

@@ -0,0 +1,4 @@
+; Add custom PHP config here. It will be used when running roundcube.
+
+expose_php=Off
+;memory_limit=128M