andreas/kopano-docker
1
0
Fork 0
Code Issues 8 Pull Requests Packages Projects 1 Releases Wiki Activity

added kopano & postifx configuration files

Browse Source
This commit is contained in:
Andreas Balogh
2022-01-21 21:24:34 +00:00
parent f20744f49e
commit 521b52e668
57 changed files with 4174 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile
View File

@@ -1,11 +0,0 @@
FROM ubuntu:20.04
RUN apt update -y && apt install -y \
apt-transport-https
postfix \
apache2 \
libapache2-mod-php7.4
# https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#configure-kopano-dagent-for-delivery-via-unix-socket
RUN mkdir -p /var/spool/kopano \
chown kopano:kopano /var/spool/kopano \
chmod go= /var/spool/kopano \
setfacl -m u:postfix:rwx /var/spool/kopano

2
build
View File

@@ -1,2 +0,0 @@
#!/usr/bin/bash
docker build .

2
build.sh Normal file
View File

@@ -0,0 +1,2 @@
#!/usr/bin/bash
docker build -f kopano.dockerfile -t kopano:1 .

2
deploy-kopano.sh Normal file
View File

@@ -0,0 +1,2 @@
tar xzf core-11.0.2.50.507cbae-Ubuntu_20.04-amd64.tar.gz
tar xzf webapp-6.0.0.57.1049268-Ubuntu_20.04-all.tar.gz

7
etc/kopano/admin.cfg Normal file
View File

@@ -0,0 +1,7 @@
# The language for folders in newly-created stores, specified as a
# locale identifier ("en_US", "de_DE", etc.)
#default_store_locale =
#server_socket = default:
#sslkey_file = some.pem
#sslkey_pass = magic

22
etc/kopano/autorespond.cfg Normal file
View File

@@ -0,0 +1,22 @@
##############################################################
# AUTORESPOND SETTINGS
# Autorespond if the recipient is in the Cc field
#autorespond_cc = no
# Autorespond if the recipient is in the Bcc field
#autorespond_bcc = no
# Autorespond if the recipient is not in any of To, Cc or Bcc
# (i.e. received the message through a distribution list)
#autorespond_norecip = no
# Only send reply to same e-mail address once per 24 hours
#timelimit = 86400
# File which contains when vacation message was sent
#senddb = /var/lib/kopano/autorespond.db
# Copy to sentmail - whether responses should be saved in the
# users sentmail folder or not
#copy_to_sentmail = yes

31
etc/kopano/backup.cfg Normal file
View File

@@ -0,0 +1,31 @@
##############################################################
# SERVER SETTINGS
# Socket to find the connection to the storage server.
# Use https to reach servers over the network
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/search.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
##############################################################
# LOG SETTINGS
# Logging method (syslog, file)
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Logfile for log_method = file, use '-' for stderr
# Default: -
#log_file = /var/log/kopano/backup.log
##############################################################
# BACKUP SETTINGS
# maximum number of stores to backup in parallel
#worker_processes = 1

92
etc/kopano/dagent.cfg Normal file
View File

@@ -0,0 +1,92 @@
# See the kopano-dagent.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for LMTP connections.
#
# "unix:/var/spool/kopano/dagent.sock" — local socket
# "*:236" — port 2003, all protocols
# "[::]:236" — port 2003 on IPv6 only
# "[2001:db8::1]:236" — port 2003 on specific address only
#
#lmtp_listen = *%lo:2003
lmtp_listen = unix:/var/spool/kopano/dagent.sock
# connection to the storage server
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/dagent.pem
# The password of the SSL Key
#sslkey_pass = replace-with-dagent-cert-password
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_file = /var/log/kopano/dagent.log
log_timestamp = yes
# Log raw message to a file. Can be "no", "all", or a list of usernames
# for which messages should be saved.
#log_raw_message = no
#log_raw_message_path = /var/lib/kopano
# Maximum LMTP threads that can be running simultaneously
# This is also limited by your SMTP server. (20 is the postfix default concurrency limit)
#lmtp_max_threads = 20
# The following e-mail header will mark the mail as spam, so the mail
# is placed in the Junk Mail folder, and not the Inbox.
# The name is case insensitive.
# set to empty to not use this detection scheme.
#spam_header_name = X-Spam-Status
# If the above header is found, and contains the following value
# the mail will be considered as spam.
# Notes:
# - The value is case insensitive.
# - Leading and trailing spaces are stripped.
# - The word 'bayes' also contains the word 'yes'.
#spam_header_value = Yes,
# Enable archive_on_delivery to automatically archive all incoming
# messages on delivery.
# This will do nothing if no archive is attached to the target mailbox.
#archive_on_delivery = no
# Enable the dagent Python plugin framework. Disables threading.
#plugin_enabled = yes
# Path to the activated dagent plugins.
# This folder contains symlinks to the kopano plugins and custom scripts. The plugins are
# installed in '/usr/share/kopano-dagent/python/plugins/'. To activate a plugin create a symbolic
# link in the 'plugin_path' directory.
#
# Example:
# $ ln -s /usr/share/kopano-dagent/python/plugins/BMP2PNG.py /var/lib/kopano/dagent/plugins/BMP2PNG.py
#plugin_path = /var/lib/kopano/dagent/plugins
##############################################################
# DAGENT RULE SETTINGS
# Enable the addition of X-Kopano-Rule-Action headers on messages
# that have been forwarded or replied by a rule.
#set_rule_headers = yes
# Enable this option to prevent rules from potentially causing a loop. An
# e-mail can only be forwarded once when this option is enabled. Requires the
# set_rule_headers option to also be enabled.
#no_double_forward = yes
# Domain list to which forwarding is allowed. (Cuts off after 1000 characters,
# and knows no escape chars, so use the _file variants if needed.)
#forward_whitelist_domains = *
#forward_whitelist_domains_file =
#forward_whitelist_domain_subject = REJECT: %subject not forwarded (administratively blocked)
#forward_whitelist_domain_message = The Kopano mail system has rejected your request to forward your e-mail with subject %subject (via mail filters) to %sender: the operation is not permitted.\n\nRemove the rule or contact your administrator about the forward_whitelist_domains setting.
#forward_whitelist_domain_message_file =
# When multiple HTML MIME parts are found, they can be joined to form a
# continuous e-mail. (If not, they will become attachments.) Joining them
# however can compromise the document integrity, as stylesheets and JavaScripts
# affect the entire joined document.
#
#insecure_html_join = no

47
etc/kopano/gateway.cfg Normal file
View File

@@ -0,0 +1,47 @@
# See the kopano-gateway.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
# imaps is normally on 993, pop3s on 995.
#
#pop3_listen = *%lo:110
#pop3s_listen =
#imap_listen = *%lo:143
#imaps_listen =
# File with RSA key for SSL
#ssl_private_key_file = /etc/kopano/gateway/privkey.pem
#File with certificate for SSL
#ssl_certificate_file = /etc/kopano/gateway/cert.pem
# Disable all plaintext authentications unless SSL/TLS is used
#disable_plaintext_auth = no
# Verify client certificate
#ssl_verify_client = no
# Client verify file and/or path
#ssl_verify_file =
#ssl_verify_path =
#tls_min_proto = tls1.2
# Connection to the storage server.
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
#server_socket = http://localhost:236/
# Bypass authentification when connecting as an administrator to the UNIX socket.
#bypass_auth = no
# Whether to show the hostname in the logon greeting to clients.
#server_hostname_greeting = no
# Override own DNS name for presentation in the protocol greeting line.
#server_hostname =
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_file = /var/log/kopano/gateway.log
#log_timestamp = yes
# Only mail folder for IMAP or all subfolders (calendar, contacts, tasks, etc. too)
#imap_only_mailfolders = yes
# Show Public folders for IMAP
#imap_public_folders = yes
# The maximum size of an email that can be uploaded to the gateway
#imap_max_messagesize = 128M

38
etc/kopano/grapi.cfg Normal file
View File

@@ -0,0 +1,38 @@
##############################################################
# Groupware REST API SETTINGS
# Number of worker processes.
num_workers = 2
# Disable TLS validation for all client request.
# When set to yes, TLS certificate validation is turned off. This is insecure
# and should not be used in production setups.
#insecure = no
# Path where to create the gc-rest sockets.
#socket_path = /var/run/kopano-grapi
# Socket to find the connection to the storage server.
# Use https to reach servers over the network.
#server_socket = file:///var/run/kopano/server.sock
# Path where to store persistent runtime data.
#persistency_path = /var/lib/kopano-grapi
# Path where to find translation catalogs.
#translations_path = /usr/share/kopano-grapi/i18n
# The API includes experimental endpoints which are not yet recommended to run
# in production setups and are thus disabled by default. When set to yes, all
# endpoints marked experimental are made available. Defaults to no.
#enable_experimental_endpoints = yes
###############################################################
# Log settings
# Log level controls the verbosity of the output log. It can be one of
# `critical`, `error`, `warning`, `info` or `debug`. Defaults to `info`.
log_level = info
log_method = file
log_file = /var/log/kopano/server.log

34
etc/kopano/ical.cfg Normal file
View File

@@ -0,0 +1,34 @@
# See the kopano-ical.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
# ical has often been placed on 8080 and icals on 8443.
#
#ical_listen = *%lo:8080
#icals_listen =
#tls_min_proto = tls1.2
# File with RSA key for SSL
#ssl_private_key_file = /etc/kopano/ical/privkey.pem
# File with certificate for SSL
#ssl_certificate_file = /etc/kopano/ical/cert.pem
# Verify client certificate
#ssl_verify_client = no
# Client verify file and/or path
#ssl_verify_file =
#ssl_verify_path =
# default connection to the storage server
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
#server_socket = http://localhost:236/
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = /var/log/kopano/ical.log
#log_timestamp = yes
# The timezone of the system clock
#server_timezone = Europe/Amsterdam
# Enable the iCalendar GET method for downloading calendars
#enable_ical_get = yes

1
etc/kopano/kapid-pubs-secret.key Normal file
View File

@@ -0,0 +1 @@
3be77a9c8294eb60dadf05399576a9048582bb77f8fc86af40660f931d743b65

66
etc/kopano/kapid.cfg Normal file
View File

@@ -0,0 +1,66 @@
##############################################################
# Kopano API SETTINGS
# OpenID Connect Issuer Identifier.
#oidc_issuer_identifier=
# Address:port specifier for where kapid should listen for
# incoming connections.
#listen = 127.0.0.1:8039
# Disable TLS validation for all client request.
# When set to yes, TLS certificate validation is turned off. This is insecure
# and should not be used in production setups.
#insecure = no
# Comman separated list of plugin names which should be loaded.
# If this is not set or the value is empty, kapid scans the plugins_path
# on startup and loads all plugins found.
#plugins =
# Path to the location of kapi plugins.
#plugins_path = /usr/lib/kopano/kapi-plugins
###############################################################
# Log settings
# Log level controls the verbosity of the output log. It can be one of
# `panic`, `fatal`, `error`, `warn`, `info` or `debug`. Defaults to `info`.
#log_level = info
###############################################################
# Groupware REST API (grapi) Plugin settings
# Path where to find Kopano Groupware REST (grapi) sockets.
#plugin_grapi_socket_path = /var/run/kopano-grapi
###############################################################
# Pubs API (pubs) Plugin settings
# Path to a key file to be used as secret for Pubs HMAC tokens.
# If no secret_key file is set, a random value will be generated on
# startup (not suitable for production use, since it changes on
# restart). A suitable key file can be generated with
# `openssl rand -out /etc/kopano/kapid-pubs-secret.key -hex 64`.
#plugin_pubs_secret_key = /etc/kopano/kapid-pubs-secret.key
###############################################################
# Key value store API (kvs) Plugin settings
# Database backend to use for persistent storage of kvs data. A supported
# backend must be set (sqlite3, mysql). Defaults to `sqlite3` if not set.
#plugin_kvs_db_drivername = sqlite3
# Database backend data source name. This setting depends on the storage
# backend (plugin_kvs_db_drivername). A DNS is required to use the kvs plugin.
# - For `sqlite3` the value should be the full path to the database file.
# - For `mysql`, us a MySQL DSN in the following format:
# [username[:password]@][protocol[(address)]]/dbname[?param1=value1&...&paramN=valueN]
# See https://github.com/go-sql-driver/mysql#dsn-data-source-name for a
# full list of supported MySQL DSN params with examples.
# If not set and plugin_kvs_db_drivername is also not set a default value will
# be used which uses SQLite3.
#plugin_kvs_db_datasource = /var/lib/kopano/kapi-kvs/kvs.db
# Path where to find the database migration scripts.
#plugin_kvs_db_migrations = /usr/lib/kopano/kapi-kvs/db/migrations

1
etc/kopano/konnectd-encryption-secret.key Normal file
View File

@@ -0,0 +1 @@
<EFBFBD>r<EFBFBD><EFBFBD>L<EFBFBD>(<28>k<EFBFBD><6B><10>"u$ԟ+o<>F<1D><02>3

14
etc/kopano/konnectd-identifier-scopes.yaml Normal file
View File

@@ -0,0 +1,14 @@
# This file contains additional scopes for Konnect. All of the scopes listed
# here are made available to clients upon request if not limited by other means.
---
scopes:
kopano/kwm:
description: "Access Kopano Meet"
kopano/kvs:
description: "Access Kopano Key Value Store"
kopano/pubs:
description: "Access Kopano Pub/Sub"

1
etc/kopano/konnectd-signing-private-key.pem Symbolic link
View File

@@ -0,0 +1 @@
konnectkeys/konnect-20210314-0ae1.pem

146
etc/kopano/konnectd.cfg Normal file
View File

@@ -0,0 +1,146 @@
##############################################################
# Kopano Konnect SETTINGS
# OpenID Connect Issuer Identifier.
# This setting defines the OpenID Connect Issuer Identifier to be provided by
# this Konnect server. Setting this is mandatory and the setting must be a
# https URL which can be accessed by all applications and users which are to
# use this Konnect for sign-in or validation. Defaults to "https://localhost" to
# allow unconfigured startup.
#oidc_issuer_identifier=https://localhost
# Address:port specifier for where konnectd should listen for
# incoming connections. Defaults to `127.0.0.1:8777`.
#listen = 127.0.0.1:8777
# Disable TLS validation for all client request.
# When set to yes, TLS certificate validation is turned off. This is insecure
# and should not be used in production setups. Defaults to `no`.
#insecure = no
# Identity manager which provides the user backend Konnect should use. This is
# one of `kc` or `ldap`. Defaults to `kc`, which means Konnect will use a
# Kopano Groupware Storage server as backend.
#identity_manager = kc
# Full file path to a PEM encoded PKCS#1 or PKCS#5 private key which is used to
# sign tokens. This file must exist and be valid to be able to start the
# service. A suitable key can be generated with:
# `openssl genpkey -algorithm RSA \
# -out konnectd-signing-private-key.pem.pem \
# -pkeyopt rsa_keygen_bits:4096`
# If this is not set, Konnect will try to load
# /etc/kopano/konnectd-signing-private-key.pem
# and if not found, fall back to a random key on every startup. Not set by
# default. If set, the file must be there.
#signing_private_key = /etc/kopano/konnectd-signing-private-key.pem
# Key ID to use in created JWT. This setting is useful once private keys need
# to be changed because they expire. It should be a unique value identiying
# the signing_private_key. Example: `k20180912-1`. Not set by default, which
# means that Konnect uses the file name of the key file (dereferencing symlinks)
# without extension.
#signing_kid =
# JWT signing method. This must match the private key type as defined in
# signing_private_key and defaults to `PS256`.
#signing_method = PS256
# Full path to a directory containing pem encoded keys for validation. Konnect
# loads all `*.pem` files in that directory and adds the public key parts (if
# found) to the validator for received tokens using the file name without
# extension as key ID.
#validation_keys_path =
# Full file path to a encryption secret key file containing random bytes. This
# file must exist to be able to start the service. A suitable file can be
# generated with:
# `openssl rand -out konnectd-encryption-secret.key 32`
# If this is not set, Konnect will try to load
# /etc/kopano/konnectd-encryption-secret.key
# and if not found, fall back to a random key on every startup. Not set by
# default. If set, the file must be there.
#encryption_secret_key = /etc/kopano/konnectd-encryption-secret.key
# Full file path to the identifier registration configuration file. This file
# must exist to be able to start the service. An example file is shipped with
# the documentation / sources. If not set, Konnect will try to load
# /etc/kopano/konnectd-identifier-registration.yaml
# without failing when the file is not there. If set, the file must be there.
#identifier_registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
# Full file path to the identifier scopes configuration file. An example file is
# shipped with the documentation / sources. If not set, Konnect will try to
# load /etc/kopano/konnectd-identifier-scopes.yaml without failing if the file
# is not there. If set, the file must be there.
#identifier_scopes_conf = /etc/kopano/konnectd-identifier-scopes.yaml
# Path to the location of konnectd web resources. This is a mandatory setting
# since Konnect needs to find its web resources to start.
#web_resources_path = /usr/share/kopano-konnect
# Custom base path for URI endpoints for Konnect API and the identifier web
# application. This needs to be changed when Konnect is served from a path
# instead of the root of the domain.
#uri_base_path = /
# Space separated list of scopes to be accepted by this Konnect server. By
# default this is not set, which means that all scopes which are known by the
# Konnect server and its configured identifier backend are allowed.
#allowed_scopes =
# Space separated list of IP address or CIDR network ranges of remote addresses
# which are to be trusted. This is used to allow special behavior if Konnect
# runs behind a trusted proxy which injects authentication credentials into
# HTTP requests. Not set by default.
#trusted_proxies =
# Flag to enable client controlled guest support. When set to `yes`, a registered
# client can send authorize guests, by sending signed requests. Defaults to `no`.
#allow_client_guests = no
# Flag to enable dynamic client registration API. When set to `yes`, clients
# can register themselves and make authorized calls to the token endpoint.
# Defaults to `no`.
#allow_dynamic_client_registration = no
# Additional arguments to be passed to the identity manager.
#identity_manager_args =
###############################################################
# Log settings
# Log level controls the verbosity of the output log. It can be one of
# `panic`, `fatal`, `error`, `warn`, `info` or `debug`. Defaults to `info`.
#log_level = info
###############################################################
# Kopano Groupware Storage Server Identity Manager (kc)
# URI for connecting to the Kopano Groupware Storage server. This can either be
# a http(s):// URL for remote systems or a file:// URI to a socket for local
# connection. Defaults to `file:///run/kopano/server.sock` and is only used
# when the identity_manager is `kc`.
#kc_server_uri = file:///run/kopano/server.sock
# Session timeout for sessions of the Kopano Groupware Storage server in
# seconds. Access token valid duration is limited to this value and Konnect
# will expire sessions if they are inactive for the timeout duration. This value
# needs to be lower or same as the corresponding value used in the Kopano
# Groupware Storage server's configuration to avoid constant session expiration
# and recreation.
#kc_session_timeout = 300
###############################################################
# LDAP Identity Manager (ldap)
# Below are the settings for the LDAP identity manager. They are only used when
# the identity_manager is `ldap`.
#ldap_uri =
#ldap_binddn =
#ldap_bindpw =
#ldap_basedn =
#ldap_scope = sub
#ldap_login_attribute = uid
#ldap_uuid_attribute = uidNumber
#ldap_filter = (objectClass=inetOrgPerson)

52
etc/kopano/konnectkeys/konnect-20210314-0ae1.pem Normal file
View File

@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDKeeORq+iJ/Rzp
Q9Jhqldvx0jEprZkTz30DWQrxgzr3lgpowY4sPT9P4uu73Y+czMv8CvMX9gacBv8
ctbhPL2unmYpRX1Vpgw25E768CyX4etn+LCkZy4KvevuPB8Z6Hx1BseM3tu/nWYP
Uf9TczHN48vjLKrsu6zeEXy3TsUpmEqgIQN9DxdMCVlzh9wl7+gx/9JrpM24slFA
4S/ieeaOtlzv8nIWWUB+qeWM35b5ZEtejsiqDaBGHhNhj2z6igUfRrmEkL3V0lkd
nwaMIWYg0mhiZrX1fQy2wsEpWwDjhy6GQp15IIySv9NgjN5P/PqnCjhPQAxwznt8
KwZucCAh52g/rwykPoMW14SlfVe97zxjEw1MfFmjwi/7jFHh8AGTNl+BVIbZZ/O/
YgxLurKbNEeNcyl/aaZFlNL11RYRa5QOwrc65+ChRhO4rbvsenstpQbky/vvbZ8v
9BbvcuC/I0TTWJxFBpGHuK2iTFiViAE9bLfKAxsXuZofw74pwltTXU2wyTm/weih
HVTs4DlUtUefsltZRFHVBDDTcUc9WwVtKjvCNKUbE5ZXHRkiZuWxLgjci/4UvrRj
WstQVzbGfGWgi710ZovvKqn1gRJoakJTrdYk9YQMnKuLWuq9DNby4N/jdlbAs7NM
8jEe9TTnJW8z7HX6NQPT/ugoqfnPFQIDAQABAoICAFVU8VefP62IAvs8HhoTFC6D
qmNWb1/vFYkZa7IXEbMGTdmeXyzdRyLD+TaMrSS8oEH/0jWb3xOlU+Yc7/qVAsvo
7d1O7/d8t4Eazz5qoiCQkgmLgcaHxZu5VwlcRS9CD9GyPb9c3PfweebTA+xDjCXd
bzwawx5qKfydGhaXF/jjue+qejHmfkcJWa2bAGjspssLqb68Agdo/118ihXEkipr
KNfnMbXBf7DiIWAxiwsn/auoOWGRxI5IdpqTO7aLHIWF5QG9joPi1rPpJXVBTi1e
/6cY6m6/ePA9O/MV61X4zt6+jGdUFGp0db0nITpMv8ZORFUCBTw1iU1XRKqejqt6
/dYb1BTSy5vSUUkjV5isrvXsZd4ZEXzC8xvdu4PyXfIUXDJrCR4N/bLCup6C0r82
7goPw1Lxlr1nPN5A8rzABFrRgcWiiQNs0s82qbE+bf/ZLDXkjK62dDg9ziKE5mQ6
sXQOBZYIYrdAXLs7SRHcPXyWgCZKlps02jA1w0jWRJPXooeq34ce7N0BlkS6oSde
nH/m+EiYf3EFJtgIRcp+Wp3uXc2Se87fSs6GFK6FkHt496yZLY8UuFdXky1XQQJB
FsrPNJr9vuYz38AwACm7mylw7G1zn9WvIbBP83lA/TmlO/dhQiX/zgcILhA4lYod
ackLcmQlJCY1Oa9tVUIBAoIBAQDx5oJ/99xq0PC9zNBew9NTMqsDhLjNwEq6xdIe
RcXRlXubZVA7yTnQ6xRQsEyRU2538hq8ErVCngNMOrgS3iTiADIWhRLr0VBEe4rj
IGJGIXbrXNUE3tZvnn/OljNz08grzqsCRJSk2OYvCk/9W7v5gXNIkTXIpUO4TXys
s78BSGkg5k4AWv8i16PUrVblOTJgjCD2EkYrBWD4BazjlkbKNwGnbpEAjfgjuKmT
DyK4fJ+vHc1pjR+2QZyEy94CyVsSi+n9al90ydTzf6kzIPBaYTjbp8edp8Z3dZKL
fyUaQoZ1a+bEBxBQp0qVsFeOCUhMSq65cwt4je2W4TLLmyOhAoIBAQDWRx0nkmIa
zQpsyr7ebpUJ7i973gw4qynnMrWQYlRq7TgGNoYBKmPe/3d+PBBjTsTWT7q8AdFD
KAENEaWM+FzGErR3bu3sR1Flo1aF02mA6p4BEcSVX25PDsBdzBEg5CwVn+pHf1u4
4GpXlmLhd3HiSzXOUPKrRRhzJHm3GKqoCRIW00eFllPI4vr/4kpgh8V/l4JpKZow
/Sx882EjtxeGC14xKm9y9MF56oajxrPqxu574tBlfTn4eXyTiW4BsTcLcuf+s/lz
R39Ky/FTY9P42QNHIlSX1tlXTe1gRc2qE3QlQYXcc2+P+yasiXNeEiAQFo63TH4I
pWYKmaiTxPb1AoIBAQChr76YhHbK2t+fLbA1N1UgLiTKlELmG9qXXrRkUaS4wt68
7oojfAvuDcMlb8Gt/YNAHw4pmaOYZH+1yyXQTrV+bj0MemQ8RUsOizk5OSMW1zVi
eklUGRJhxyKMVi8MA4mvZlM9j9N/IA8zcAQpR9CsJA+HeK/nbjeGkBx+XyKTW/AQ
8n8+k5QnmNVDyZzkWEfI6sD5WRuXk9/NyBVYhdDJRt0PKcM4CKzMS5jk1+AQShR9
+0CahZ6lttNEm/PIDwiVq/l5zkkBigqRu0nACAs/je5wO4QcZ9ErdeW+4fxNwhuX
jsjPTB1mm3sp9JWBNckiXWTORgxrxwoAqIPIPekhAoIBAQCt5TSR4shfO7uUIs3X
siKd1oEOo1uDudTd3lde/43G4REwaZtC4uX+GZEeDxy1mz0/N6Ex5r+vIo4HzyRt
TTntPUzcCFhqAk7ajz4uiS38A2uLLqI9Hx9kZXJULMJR0Rq9yfPVZlRHq0hiIJfK
pqbzoVnfP+5QdFitSRLGNux4RjQ59ej7Ts5cH2jXtQvrXwQ20fxx3+NUkoJCPTm+
RF6A2ETu3aNoxZ0mleAClcV5aUwtmhrJ4mDjd6RUD5oJIYqsbeo82E4+8e0qBGyq
4j8qmuOAHSpNt3zWz1UvZjbMKdF+UriR+dS2Inp2V24bD9aZd9UGiLtXxPMU8zLO
CXDpAoIBAEycsfTcArULdH9q8mDEM+PiTr49kNL9X7UYDLziNTuU363jcYQ/iXDp
gAdL21caMhcV3C+iAjSb70HwXu6NKEO7Lb703OtgTWHZE9kFssRlA91VSw3X5fCT
I88MqRzFDsdrE9tUlDbQ2S3GP18PuMhLFJdPuZ4whdqiQMfnQxD25rG/Gi8eypz9
J/t/LhciIJxaaBaT5YU/t0KGEAlsSrpuPN3sSq7iQYrrUKQY2Mghy4wKP1qwLhLX
DEr1HZ3gfTZcdvk5ftkGvy4QP6rNRMNo/74l1yp+vAUf/4uA1Wu9QWOJfFOVvfV3
bPlsxOijJGo9JSDH/en3wE654P52ygY=
-----END PRIVATE KEY-----

0
etc/kopano/kweb/.kweb/.setup-done Normal file
View File

137
etc/kopano/kwebd.cfg Normal file
View File

@@ -0,0 +1,137 @@
##############################################################
# Kopano Web SETTINGS
# Site's host name.
# Full qualified host name. If set, kweb provides HTTP/HTTPS for this host
# including automatic ACME CA TLS and Content Security Policy generation. If not
# set (the default), kweb is available under all names and does not try to
# obtain a certificate via ACME.
#hostname=
# ACME CA email.
# To allow automatic TLS via ACME, the CA needs an email address. Provide your
# email address here to enable automatic TLS via ACME. If tls_acme_email and
# hostname are set, kweb will automatically manage TLS certificates unless
# explictly disabled by other settings.
#tls_acme_email =
# ACME CA subscriber agreement.
# Set to `yes` to accept the CA's subscriber agreement. If this is `no` or
# not set and kweb is otherwise configured to use ACME, kweb will log the link
# to the CA's subscriber agreement and then exit. You have to change this
# setting to `yes` to use automatic TLS via ACME.
#tls_acme_agree = no
# ACME CA server directory.
# URL to the certificate authority's ACME server directory. Default is to use
# Let's Encrypt (https://acme-v02.api.letsencrypt.org/directory).
#tls_acme_ca = https://acme-v02.api.letsencrypt.org/directory
# HTTP Strict Transport Security.
# Value for HTTP Strict Transport Security response header. Default to
# `max-age=31536000;` and is only used if hostname is set. Set explicitly to
# empty to disable.
#hsts=max-age=31536000;
# Bind address to bind the listeners.
# This setting defines where to bind kweb http listeners. By default kweb binds
# to all interfaces/ips since it needs to be available from external.
#bind=0.0.0.0
# Web root folder.
# Full path to the web root. All files below that folder are served by kweb and
# the path is used as base for otherwise relative paths.
# Default: `/usr/share/kopano-kweb/www`
#web_root = /usr/share/kopano-kweb/www
# Port for HTTPS listener.
# When TLS is enabled, kweb will serve the TLS listener on this port. Defaults
# to 9443 if `hostname` is not set and `443` otherwise.
#https_port = 443
# Port for HTTP listener.
# When TLS is disabled, kweb will serve the listener on this port. Defaults to
# 9080 if `hostname` is not set and `80` otherwise.
#http_port = 80
# HTTP/2 support.
# Set to `yes` to enable HTTP/2 support on all TLS listeners. HTTP/2 is enabled
# by default. Set to `no` to disable.
#http2 = yes
# QUIC support.
# Experimental support for QUIC. Set to `true` to enable. Default is `no`.
#quic = no
###############################################################
# Log settings
# HTTP request log file (access log in combined format).
# Full path to log file where to log HTTP requests. Not set by default which
# means requests are not logged.
#request_log_file = /var/log/kopano-kweb/access.log
###############################################################
# TLS settings
# TLS support.
# Support encrypted listeners and automatic TLS certificate creation when set
# to `yes`. Set to `no` to disable all TLS and listen on plain HTTP.
#tls = yes
# TLS certificate bundle.
# Path to a TLS certificate bundle (concatenation of the server's certificate
# followed by the CA's certificate chain). If set, the TLS listener will use
# that certificate instead of trying automatic TLS.
#tls_cert =
# TLS private key.
# Path to the server's private key file which matches the certificate bundle. It
# must match the certificate in tls_cert.
#tls_key =
# TLS protocols.
# Minimal and maximal TLS protocol versions to be offered. Defaults to TLS 1.2
# and TLS 1.3 (`tls1.2 tls1.3`).
#tls_protocols = tls1.2 tls1.3
# TLS self sign.
# By default kweb creates self signed TLS certificates on startup on if ACME is
# not possible due to missing settings. If set to `yes`, ACME is disabled and a
# self signed certificate will always be created. Default: `no`.
#tls_always_self_sign = no
# TLS must stable.
# Enables must stable for certificates managed by kweb. If this is set to `yes`
# and kweb requests certificates via ACME, those certificates will require that
# the OSCP information is stapled with the response. Defaults to `no`.
#tls_must_staple = no
###############################################################
# App settings
# Default top level redirect.
# When set, top level requests `/` will redirect to the configured value.
# Not set by default.
#default_redirect =
# Legacy support.
# To make integration into existing environments easier kwebd can act as a
# reverse proxy to allow serving requests Kopano WebApp and Z-Push running e.g.
# in Apache or Nginx. Set the address to the legacy web server here. Not set by
# default.
#legacy_reverse_proxy = 127.0.0.1:8000
###############################################################
# Limiting settings
# Rate limit tate.
# Limits Excessive access to services. Requests will be terminated with an error
# 429 (Too Many Requests) and X-RateLimit-RetryAfter is added.
# Format "rate burst unit", Defaults to "100 200 minute".
#ratelimit_rate = "100 200 minute"
# Rate limit whitelist.
# Your trusted IPs (comma separated). Defines the CIDR IP range you don't want
# to perform rate limit. Defaults to `127.0.0.1/8`.
#ratelimit_whitelist = 127.0.0.1/8

36
etc/kopano/ldap.cfg Normal file
View File

@@ -0,0 +1,36 @@
# See the kopano-ldap.cfg(5) manpage for details and more directives
# Select implementation.
# If you have any reason to override settings from /usr/share/kopano/*.cfg,
# do so at the end of this (/etc-resident) config file.
#
!include /usr/share/kopano/ldap.openldap.cfg
#!include /usr/share/kopano/ldap.active-directory.cfg
# List of URIs of LDAP servers to use. Make sure that etc/ldap/ldap.conf is
# /configured correctly with TLS_CACERT when using "ldaps".
ldap_uri =
#ldap_starttls = no
# The DN of the user to bind as for normal operations.
# When empty, uses anonymous binding.
ldap_bind_user =
ldap_bind_passwd =
# Top level search base, every object should be available under this tree
ldap_search_base =
# The timeout for network operations in seconds
#ldap_network_timeout = 30
# ldap_page_size limits the number of results from a query that will be downloaded at a time.
# Default ADS MaxPageSize is 1000.
#ldap_page_size = 1000
#ldap_membership_cache_size = 256k
#ldap_membership_cache_lifetime = 5
# Use custom defined LDAP property mappings
# This is not a requirement for most environments but allows custom mappings of
# special LDAP properties to custom MAPI attributes
#!propmap /etc/kopano/ldap.propmap.cfg

28
etc/kopano/monitor.cfg Normal file
View File

@@ -0,0 +1,28 @@
# See the kopano-monitor.cfg(5) manpage for details and more directives.
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/monitor.pem
# The password of the SSL Key
#sslkey_pass = replace-with-monitor-cert-password
# in a multi-server environment, which servers to monitor (default all)
#servers =
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = -
#log_timestamp = yes
# Quota check interval (in minutes)
#quota_check_interval = 15
# Quota mail interval in days
#mailquota_resend_interval = 1
# Template to be used for quota emails which are sent to the user
# when the various user quota levels have been exceeded.
#userquota_warning_template = /etc/kopano/quotamail/userwarning.mail
# Templates to be used for quota emails which are sent to the company administrators
# when the company quota level has been exceeded.
#companyquota_warning_template = /etc/kopano/quotamail/companywarning.mail

30
etc/kopano/php-mapi.cfg Normal file
View File

@@ -0,0 +1,30 @@
##############################################################
# LOG SETTINGS
# Logging method (syslog, file), syslog facility is 'mail'
#log_method = syslog
# Logfile (for log_method = file, '-' for stderr)
#log_file = /var/log/kopano/php-mapi.log
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Log timestamp - prefix each log line with timestamp in 'file'
# logging mode
#log_timestamp = yes
# Buffer logging in what sized blocks. 0 for line-buffered (syslog-style).
#log_buffer_size = 0
# This setting will make php-mapi trace how long each MAPI-call
# took into the selected logfile.
# Make sure that the file exists and/or can be written to by the
# apache user.
# php_mapi_performance_trace_file = /var/log/kopano/php-mapi-perf-trace.log
# Enable debug output for the mapi extension
# Bitmask:
# 1 = Log start of a function
# 2 = Log end of a function
#php_mapi_debug = 0

11
etc/kopano/quotamail/companywarning.mail Normal file
View File

@@ -0,0 +1,11 @@
Subject: Quota of company ${KOPANO_QUOTA_COMPANY} has been exceeded
The size of the public store for company ${KOPANO_QUOTA_COMPANY} has exceeded
the size limits set by the administrator.
The public store size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limit:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded this warning message will be sent
See client Help for more information.

17
etc/kopano/quotamail/userhard.mail Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

17
etc/kopano/quotamail/usersoft.mail Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

17
etc/kopano/quotamail/userwarning.mail Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

40
etc/kopano/search.cfg Normal file
View File

@@ -0,0 +1,40 @@
# See kopano-search.cfg(5) for more details and directives.
# Location of the index files
#index_path = /var/lib/kopano/search/
# Limit the number of results returned (0 = no limit)
#limit_results = 1000
# Socket to the storage server.
# Use https to reach servers over the network
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/search.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
# To setup for multi-server, use: http://0.0.0.0:port or https://0.0.0.0:port
#server_bind_name = file:///var/run/kopano/search.sock
# File with certificate for SSL, used when server_bind_name uses https://...
#ssl_certificate_file = /etc/kopano/search/cert.pem
# File with RSA key for SSL, used when server_bind_name uses https://...
#ssl_private_key_file = /etc/kopano/search/privkey.pem
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_file = /var/log/kopano/search.log
#log_timestamp = yes
# Number of indexing processes used during initial indexing
#index_processes = 1
#index_drafts = yes
#index_junk = yes
# Prepare search suggestions ("did-you-mean?") during indexing
# This takes up a large percentage of the used disk space
#suggestions = yes
# Should attachments be indexed
#index_attachments = no
# Maximum file size for attachments
#index_attachment_max_size = 5M

120
etc/kopano/server.cfg Normal file
View File

@@ -0,0 +1,120 @@
# See the kopano-server.cfg(5) manpage for details and more directives.
# If a directive is not used (i.e. commented out), the built-in server default
# is used, so to disable certain features, the empty string value must explicitly be
# set on them.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
server_listen = 0.0.0.0:236
#server_listen_tls =
#server_ssl_key_file = /etc/kopano/ssl/server.pem
#server_ssl_key_pass =
#server_ssl_ca_file = /etc/kopano/ssl/cacert.pem
#server_ssl_ca_path =
#server_tls_min_proto = tls1.2
# Path of SSL Public keys of clients
#sslkeys_path = /etc/kopano/sslkeys
# Name for identifying the server in a multi-server environment. Need
# not be a DNS name, but this name needs to be present on a LDAP
# kopano-server object's cn value.
server_name = mail.zntrl.de
# Multi-server
#enable_distributed_kopano = false
database_engine = mysql
mysql_host = localhost
mysql_port = 3306
mysql_user = kopano
mysql_password = zAKt(85&
mysql_database = kopano
# Allow connections from normal users through the Unix socket
#allow_local_users = yes
# Space-separated list of users that are considered Kopano admins.
local_admin_users = root kopano
log_method = file
log_file = /var/log/kopano/server.log
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_timestamp = yes
# Attachment backend driver type: "database", "files", "files_v2", "s3"
#attachment_storage = files
#attachment_path = /var/lib/kopano/attachments
#attachment_s3_hostname = s3-eu-west-1.amazonaws.com
# The region where the bucket is located, e.g. "eu-west-1"
#attachment_s3_region =
# The protocol that should be used to connect to S3, 'http' or 'https' (preferred)
#attachment_s3_protocol =
# The URL style of the bucket, "virtualhost" or "path"
#attachment_s3_uristyle =
# The access key id of your S3 account
#attachment_s3_accesskeyid =
# The secret access key of your S3 account
#attachment_s3_secretaccesskey =
# The bucket name in which the files will be stored
#attachment_s3_bucketname =
# User backend driver type: "db", "unix", "ldap"
#user_plugin = db
#user_plugin_config = /etc/kopano/ldap.cfg
#enable_sso = false
# Hostname override for Kerberos SSO
#server_hostname =
# OpenID Connect Issuer Identifier. When set, the server attempts OIDC discovery
# and initialization on startup, using the configured issuer identifier.
#kcoidc_issuer_identifier =
#kcoidc_initialize_timeout = 60
# Skip creation/deletion of users for testing purposes, instead log it.
#user_safe_mode = no
# Multi-tenancy
#enable_hosted_kopano = false
# Display format of store name
# Allowed variables:
# %u Username
# %f Full name
# %c Tenant's name
#storename_format = %f
# Loginname format for multi-tenancy installations
# When the user does not login through a system-wide unique
# username (like the email address) a unique name is created
# by combining the username and the tenantname.
# With this configuration option you can set how the
# loginname should be built up.
#
# Note: Do not use the = character in the format.
#
# Allowed variables:
# %u Username
# %c Teantname
#
#loginname_format = %u
#enable_gab = yes
# Whether to hide/show the special GAB "Everyone" group that contains
# every user and group for non-admins.
#hide_everyone = no
# Whether to hide/show the special GAB "SYSTEM" user for non-admins.
#hide_system = yes
# Synchronize GAB users on every open of the GAB (otherwise, only on
# kopano-admin --sync)
#sync_gab_realtime = yes
# Use indexing service for faster searching.
# Enabling this option requires kopano-indexd or kopano-search to be active.
#search_enabled = yes
#search_socket = file:///var/run/kopano/search.sock
#search_timeout = 10
# Disable features for users. This list is space separated.
# Currently valid values: imap pop3 mobile outlook webapp
disabled_features = pop3

53
etc/kopano/spamd.cfg Normal file
View File

@@ -0,0 +1,53 @@
##############################################################
# SPAMD SERVICE SETTINGS
# run as specific user
#run_as_user = kopano
# run as specific group
#run_as_group = kopano
# control pid file
#pid_file = /var/run/kopano/spamd.pid
# run server in this path (when not using the -F switch)
#running_path = /var/lib/kopano
##############################################################
# LOG SETTINGS
# Logging method (syslog, file)
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Logfile for log_method = file, use '-' for stderr
#log_file = /var/log/kopano/spamd.log
# Log timestamp - prefix each log line with timestamp in 'file' logging mode
#log_timestamp = 1
###############################################################
# SPAMD Specific settings
# The dir where spam mails are written to which are later picked up
# by the sa-learn program
#spam_dir = /var/lib/kopano/spamd/spam
# Location for the database containing metadata on learned spam
#spam_db = /var/lib/kopano/spamd/spam.db
# Learn ham, when the user moves emails from junk to inbox,
# enabled by default.
#learn_ham = yes
# The dir where ham mails are written to which are later picked up
# by the sa-learn program
#ham_dir = /var/lib/kopano/spamd/ham
# Spamassassin group
#sa_group = amavis
# Header tag for spam emails
#header_tag = X-Spam-Flag

30
etc/kopano/spooler.cfg Normal file
View File

@@ -0,0 +1,30 @@
# See the kopano-spooler.cfg(5) manpage for details and more directives.
# Outgoing mailserver
#smtp_server = localhost
#smtp_port = 25
# Server Unix socket location
#server_socket = default:
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/spooler.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = -
#log_timestamp = yes
# Dump raw messages into specified directory before sending via SMTP.
#log_raw_message_path = /var/lib/kopano
#log_raw_message_stage1 = no
# Maximum number of threads used to send outgoing messages
#max_threads = 5
# spooler Python plugin framework. Disables threading.
#plugin_enabled = no
# Path to the activated spooler plugins.
#plugin_path = /var/lib/kopano/spooler/plugins

8
etc/kopano/statsd.cfg Normal file
View File

@@ -0,0 +1,8 @@
# One address:port specifier for where to listen for HTTP connections.
#statsd_listen = unix:/var/run/kopano/statsd.sock
# Location for keeping RRD files
#statsd_rrd = /var/lib/kopano/rrd
#run_as_user = kopano
#run_as_group = kopano

42
etc/kopano/unix.cfg Normal file
View File

@@ -0,0 +1,42 @@
##############################################################
# UNIX USER PLUGIN SETTINGS
#
# Any of these directives that are required, are only required if the
# userplugin parameter is set to unix.
# Charset used in /etc/passwd for the fullname of a user. Normally this
# is us-ascii, but this can differ according to your setup.
# The charset specified here must be supported by your iconv(1)
# setup. See iconv -l for all charsets.
fullname_charset = iso-8859-15
# Default email domain for constructing new users
# Required, no default
default_domain = kopano.com
# The lowest user id that is considered a regular user
# Optional, default = 1000
min_user_uid = 1000
# The highest user id that is considered a regular user
# Optional, default = 10000
max_user_uid = 10000
# A list of user ids that are not considered to be regular users
# Optional, default = empty
# except_user_uids =
# The lowest group id that is considered a regular group
# Optional, default = 1000
min_group_gid = 1000
# The highest group id that is considered a regular group
# Optional, default = 10000
max_group_gid = 10000
# A list of group ids that are not considered to be regular groups
# Optional, default = empty
# except_group_gids =
# Create a user as non-active when it has this Unix shell
non_login_shell = /sbin/nologin /bin/false

28
etc/kopano/webapp/.htaccess Normal file
View File

@@ -0,0 +1,28 @@
# some apache settings
Options -Indexes
# The maximum POST limit. To upload large files, this value must be larger than upload_max_filesize.
<IfModule mod_php5.c>
php_value post_max_size 31M
php_value upload_max_filesize 30M
</IfModule>
<IfModule mod_php7.c>
php_value post_max_size 31M
php_value upload_max_filesize 30M
</IfModule>
# Deny access to config.php, config.php.dist, debug.php, debug.php.dist, defaults.php
# because they could become a security vulnerability when accessible
# Better safe then sorry
<FilesMatch "^(config|debug|defaults|init)\.php">
<IfVersion < 2.4>
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<RequireAll>
Require all denied
</RequireAll>
</IfVersion>
</FilesMatch>

4
etc/kopano/webapp/config-contactfax.php Normal file
View File

@@ -0,0 +1,4 @@
<?php
define('PLUGIN_CONTACTFAXPLUGIN_USER_DEFAULT_ENABLE', false);
define('PLUGIN_CONTACTFAXPLUGIN_FAX_DOMAIN_NAME', 'officefax.net');
?>

13
etc/kopano/webapp/config-gmaps.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
//by default gmaps plugin is disabled
define('PLUGIN_GMAPS_USER_DEFAULT_ENABLE', false);
define ('PLUGIN_GMAPS_DEFAULT_ADDRESS','Elektronicaweg 18, 2628 XG Delft, The Netherlands');
define ('PLUGIN_GMAPS_SHOW_ROUTES', false);
// This plugin requires a valid Google API key. You can get an API key (and more information) at
// https://developers.google.com/maps/documentation/javascript/get-api-key
// Please note that there are usage limits for a particular API key:
// https://developers.google.com/maps/documentation/javascript/usage
define ('PLUGIN_GMAPS_GOOGLE_API_KEY', 'YOUR GOOGLE API KEY');
?>

17
etc/kopano/webapp/config-intranet.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
define('PLUGIN_INTRANET_USER_DEFAULT_ENABLE', false);
define('PLUGIN_INTRANET_BUTTON_TITLE', 'Kopano.io');
define('PLUGIN_INTRANET_URL', 'https://kopano.io/');
define('PLUGIN_INTRANET_AUTOSTART', false);
define('PLUGIN_INTRANET_ICON', 'resources/icons/icon_default.png');
// More buttons can be added by adding a number as follows
// Note: Numbers must start with 1 and be sequential
define('PLUGIN_INTRANET_BUTTON_TITLE_1', 'Kopano.com');
define('PLUGIN_INTRANET_URL_1', 'https://kopano.com/');
define('PLUGIN_INTRANET_AUTOSTART_1', false);
define('PLUGIN_INTRANET_ICON_1', 'resources/icons/icon_default.png');

9
etc/kopano/webapp/config-mattermost.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
define('PLUGIN_MATTERMOST_USER_DEFAULT_ENABLE', false);
define('PLUGIN_MATTERMOST_URL', '<URL-OF-YOUR-MATTERMOST>');
// This setting can be changed by the user in his settings.
// Here you can define the default behaviour.
define('PLUGIN_MATTERMOST_AUTOSTART', true);

19
etc/kopano/webapp/config-meet.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
/*******************************************************************************
*
* This file is part of the Meet plugin for Kopano WebApp
*
* (c) 2019 Kopano <info@kopano.com>
*
*******************************************************************************/
// This file contains the configuration options of the Meet plugin
// This disables the plugin by default
define('PLUGIN_MEET_USER_DEFAULT_ENABLE', false);
// The URL of the Meet PWA
//define('PLUGIN_MEET_MEET_URL', 'https://<URL_OF_YOUR_MEET_INSTALLATION>');
// The URL of the Meet join flow
//define('PLUGIN_MEET_MEET_JOIN_URL' '/meet/r/join/group/');

4
etc/kopano/webapp/config-pimfolder.php Normal file
View File

@@ -0,0 +1,4 @@
<?php
/** Enable the pimfolder plugin for all users */
define('PLUGIN_PIMFOLDER_USER_DEFAULT_ENABLE', false);
?>

6
etc/kopano/webapp/config-threema4deskapp.php Normal file
View File

@@ -0,0 +1,6 @@
<?php
define('PLUGIN_THREEMA4DESKAPP_USER_DEFAULT_ENABLE', false);
define('PLUGIN_THREEMA4DESKAPP_BUTTON_TITLE', 'Threema');
define('PLUGIN_THREEMA4DESKAPP_URL', 'https://web.threema.ch/');

6
etc/kopano/webapp/config-whatsapp4deskapp.php Normal file
View File

@@ -0,0 +1,6 @@
<?php
define('PLUGIN_WHATSAPP4DESKAPP_USER_DEFAULT_ENABLE', false);
define('PLUGIN_WHATSAPP4DESKAPP_BUTTON_TITLE', 'WhatsApp');
define('PLUGIN_WHATSAPP4DESKAPP_URL', 'https://web.whatsapp.com/');

331
etc/kopano/webapp/config.php Normal file
View File

@@ -0,0 +1,331 @@
<?php
// The config file for the webapp.
// All possible web client settings can be set in this file. Some settings
// (language) can also be set per user or logon.
// Comment next line to disable the config check (or set FALSE to log the config errors)
define("CONFIG_CHECK", TRUE);
// Use these options to optionally disable some PHP configuration checks.
// WARNING: these checks will disable checks regarding the security of the WebApp site configuration,
// only change them if you know the consequences - improper use will lead to an insecure installation!
define("CONFIG_CHECK_COOKIES_HTTP", FALSE);
define("CONFIG_CHECK_COOKIES_SSL", FALSE);
// Depending on your setup, it might be advisable to change the lines below to one defined with your
// default socket location.
// Normally "default:" points to the default setting ("file:///var/run/kopano/server.sock")
// Examples: define("DEFAULT_SERVER", "default:");
// define("DEFAULT_SERVER", "http://localhost:236/kopano");
// define("DEFAULT_SERVER", "https://localhost:237/kopano");
// define("DEFAULT_SERVER", "file:///var/run/kopano/server.sock");
define("DEFAULT_SERVER", "default:");
// When using a Single-Sign-On (SSO) system on your webserver and Kopano Core is on another server
// you can use https to access the Kopano server, and authenticate using an SSL certificate.
define("SSLCERT_FILE", NULL);
define("SSLCERT_PASS", NULL);
// Set to false to disable login with Single Sign-On (SSO) on SSO environments.
define("ENABLE_REMOTE_USER_LOGIN", true);
// OIDC Server Configuration, introduced in Kopano Core 8.7.0
define("OIDC_ISS", "");
define("OIDC_CLIENT_ID", "");
define("OIDC_SCOPE", "openid profile email kopano/gc");
// set to 'true' to strip domain from login name found from Single Sign-On webservers
define("LOGINNAME_STRIP_DOMAIN", false);
// Name of the cookie that is used for the session
define("COOKIE_NAME", "KOPANO_WEBAPP");
// Set to 'false' to disable secure session cookies and to allow log-in without HTTPS.
define("SECURE_COOKIES", true);
// Use DOMPurify to filter HTML
// Caution: disabling DOMPurify is a potential security risk.
define("ENABLE_DOMPURIFY_FILTER", true);
// The timeout (in seconds) for the session. User will be logged out of WebApp
// when he has not actively used the WebApp for this time.
// Set to 0 (or remove) for no timeout during browser session.
define("CLIENT_TIMEOUT", 0);
// Defines the domains from which cross domain authentication requests
// are allowed. E.g. if WebMeetings runs under a different domain than
// the WebApp then add this domain here. Add http(s):// to the domains
// and separate domains with spaces.
// Set to empty string (default) to only allow authentication requests
// from within the same domain.
// Set to "*" to allow authentication requests from any domain. (not
// recommended)
define("CROSS_DOMAIN_AUTHENTICATION_ALLOWED_DOMAINS", "");
// Defines the domains to which redirection after login is allowed.
// Add http(s):// to the domains and separate domains with spaces.
// Note: The domain under which WebApp runs, is always allowed and does
// not need to be added here.
define("REDIRECT_ALLOWED_DOMAINS", "");
// Defines the base url and end with a slash.
$base_url = dirname($_SERVER["PHP_SELF"]);
if(substr($base_url,-1)!="/") $base_url .="/";
define("BASE_URL", $base_url);
// Defines the temp path (absolute). Here uploaded attachments will be saved.
// The web client doesn't work without this directory.
define("TMP_PATH", "/var/lib/kopano-webapp/tmp");
// Define the path to the plugin directory (No slash at the end)
define("PATH_PLUGIN_DIR", "plugins");
// Enable the plugins
define("ENABLE_PLUGINS", true);
// Define list of disabled plugins separated by semicolon
// Plugin directory name should be used in this list.
define("DISABLED_PLUGINS_LIST", "");
// Define a list of plugins that cannot be disabled by users.
// Plugins should be seperated by a semicolon (;). A wildcard (*)
// can be used to identify multiple plugins.
// Plugin directory name should be used in this list.
define("ALWAYS_ENABLED_PLUGINS_LIST", "");
// General WebApp theme. This will be loaded by default for every user
// (if the theme is installed as a plugin)
// Users can override the 'logged-in' theme in the settings.
// The theme directory should be added here, not the display name.
define("THEME", "");
// Enable themes.
define("ENABLE_THEMES", true);
// General WebApp icon set. This will be loaded by default for every user.
// Users can override the iconset in the settings.
define("ICONSET", "breeze");
// Enable iconsets.
define("ENABLE_ICONSETS", true);
// The title that will be shown in the title bar of the browser
define("WEBAPP_TITLE", "Kopano WebApp");
// The base URL where the User Manual for WebApp can be found
define("PLUGIN_WEBAPPMANUAL_URL", "https://documentation.kopano.io/user_manual_webapp/");
// When set to false, GAB does not show any user, unless searched for.
define("ENABLE_FULL_GAB", true);
// Set a maximum number of (search) results for the addressbook
// When more results are found no results will be displayed in the client.
// Set to 0 to disable this feature and show all results.
define("MAX_GAB_RESULTS", 0);
// Set to true to show public contact folders in address-book folder list,
// false will hide public contact folders in address-book folder list.
define("ENABLE_PUBLIC_CONTACT_FOLDERS", false);
// Set true to show public folders in hierarchy, false will disable public folders in hierarchy.
define("ENABLE_PUBLIC_FOLDERS", true);
// Set true to hide shared contact folders in address-book folder list,
// false will show shared contact folders in address-book folder list.
define("ENABLE_SHARED_CONTACT_FOLDERS", false);
// Set to true to give users the option to enable file previewer in their settings
// Set to false to hide the setting and disable file previewer for all users
define("ENABLE_FILE_PREVIEWER", true);
// Set to true to give users the possiblity to edit, create, and delete mail filters on the store
// of other users. The user needs owner permissions on the store of the other user.
define("ENABLE_SHARED_RULES", false);
// Booking method (true = direct booking, false = send meeting request)
define("ENABLE_DIRECT_BOOKING", true);
// Enable GZIP compression for responses
define("ENABLE_RESPONSE_COMPRESSION", true);
// When set to false this disables the welcome screen shown to new users.
define("ENABLE_WELCOME_SCREEN", true);
// Set to false to disable the "What's new dialog" that will be shown to users to introduce new features.
define("ENABLE_WHATS_NEW_DIALOG", true);
// When set to false it will disable showing of advanced settings.
define("ENABLE_ADVANCED_SETTINGS", false);
// Freebusy start offset that will be used to load freebusy data in appointments, number is subtracted from current time
define("FREEBUSY_LOAD_START_OFFSET", 7);
// Freebusy end offset that will be used to load freebusy data in appointments, number is added to current time
define("FREEBUSY_LOAD_END_OFFSET", 90);
// Maximum eml files to be included in a single ZIP archive
define("MAX_EML_FILES_IN_ZIP", 50);
// Set true to default soft delete the shared store items
define("ENABLE_DEFAULT_SOFT_DELETE", false);
// Enable widgets/today context.
define("ENABLE_WIDGETS", true);
// Additional color schemes for the calendars can be added by uncommenting and editing the following define.
// The format is the same as the format of COLOR_SCHEMES which is defined in default.php
// To change the default colors, COLOR_SCHEMES can also be defined here.
// Note: Every color should have a unique name, because it is used to identify the color
// define("ADDITIONAL_COLOR_SCHEMES", json_encode(array(
// array(
// 'name' => 'pink',
// 'displayName' => _('Pink'),
// 'base' => '#ff0099'
// )
// )));
// Additional categories can be added by uncommenting and editing the following define.
// The format is the same as the format of DEFAULT_CATEGORIES which is defined in default.php
// To change the default categories, DEFAULT_CATEGORIES can also be defined here.
// Note: Every category should have a unique name, because it is used to identify the category
// define("ADDITIONAL_CATEGORIES", json_encode(array(
// array(
// 'name' => _('Family'),
// 'color' => '#000000',
// 'quickAccess' => true,
// 'sortIndex' => 10
// )
// )));
// Additional Prefix for the Contact name can be added by uncommenting and editing the following define.
// define("CONTACT_PREFIX", json_encode(array(
// array(_('Er.')),
// array(_('Gr.'))
// )));
// Additional Suffix for the Contact name can be added by uncommenting and editing the following define.
// define("CONTACT_SUFFIX", json_encode(array(
// array(_('A')),
// array(_('B'))
// )));
// Define the polling interval in minutes for unread mail in shared stores.
define("SHARED_STORE_POLLING_INTERVAL", 15);
// Define the amount of emails to load in the background, in batches of 10 emails per request every x seconds
// defined by PREFETCH_EMAIL_INTERVAL until the defined amount of items is loaded. Setting this value to zero
// disables this feature.
define("PREFETCH_EMAIL_COUNT", 10);
// Define the interval between loading of new emails in the background.
define("PREFETCH_EMAIL_INTERVAL", 30);
/**************************************\
* Memory usage and timeouts *
\**************************************/
// This sets the maximum time in seconds that is allowed to run before it is terminated by the parser.
ini_set("max_execution_time", 300); // 5 minutes
// BLOCK_SIZE (in bytes) is used for attachments by mapi_stream_read/mapi_stream_write
define("BLOCK_SIZE", 1048576);
// Time that static files may exist in the client's cache (13 weeks)
define("EXPIRES_TIME", 60*60*24*7*13);
// Time that the state files are allowed to survive (in seconds)
// For filesystems on which relatime is used, this value should be larger then the relatime_interval
// for kernels 2.6.30 and above relatime is enabled by default, and the relatime_interval is set to
// 24 hours.
define("STATE_FILE_MAX_LIFETIME", 28*60*60);
// Time that attachments are allowed to survive (in seconds)
define("UPLOADED_ATTACHMENT_MAX_LIFETIME", 6*60*60);
/**********************************************************************************
* Logging settings
*
* Possible LOG_USER_LEVEL values are:
* LOGLEVEL_OFF - no logging
* LOGLEVEL_FATAL - log only critical errors
* LOGLEVEL_ERROR - logs events which might require corrective actions
* LOGLEVEL_WARN - might lead to an error or require corrective actions in the future
* LOGLEVEL_INFO - usually completed actions
* LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers
*
* The verbosity increases from top to bottom. More verbose levels include less verbose
* ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR,
* LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
*
**************************************************************************************/
define("LOG_USER_LEVEL", LOGLEVEL_OFF);
// To save e.g. user activity data only for selected users, provide the username followed by semicolon.
// The data will be saved into a dedicated file per user in the LOG_FILE_DIR
// Users have to be encapsulated in quotes, several users are semicolon separated, like:
// define('LOG_USERS', 'user1;user2;user3');
define("LOG_USERS", "");
// Location of the log directory
// e.g /var/log/webapp-userslog/users/
// The directory will be created when it does not exist.
// Webserver user should have permissions to write in this folder
define("LOG_FILE_DIR", "");
/**************************************\
* Languages *
\**************************************/
// Location to the translations
define("LANGUAGE_DIR", "server/language/");
// Defines the default interface language. This can be overridden by the user.
if (isset($_ENV['LANG']) && $_ENV['LANG']!="C") {
define('LANG', $_ENV["LANG"]); // This means the server environment language determines the web client language.
} else {
define('LANG', 'en_US.UTF-8'); // default fallback language
}
// List of languages that should be enabled in the logon
// screen's language drop down. Languages should be specified
// using <languagecode>_<regioncode>[.UTF-8], and separated with
// semicolon. A list of available languages can be found in
// the manual or by looking at the list of directories in
// /usr/share/kopano-webapp/server/language .
define("ENABLED_LANGUAGES", "cs_CZ;da_DK;de_DE;en_GB;en_US;es_CA;es_ES;fi_FI;fr_FR;hu_HU;it_IT;ja_JP;nb_NO;nl_NL;pl_PL;pt_BR;ru_RU;sl_SI;tr_TR;zh_CN");
// Defines the default time zone
if (!ini_get('date.timezone')) {
date_default_timezone_set('Europe/Amsterdam');
}
/**************************************\
* Powerpaste *
\**************************************/
// Options for TinyMCE's powerpaste plugin, see https://www.tiny.cloud/docs/plugins/powerpaste/#configurationoptions
// for more details.
define("POWERPASTE_WORD_IMPORT", "merge");
define("POWERPASTE_HTML_IMPORT", "merge");
define("POWERPASTE_ALLOW_LOCAL_IMAGES", true);
/**************************************\
* Debugging *
\**************************************/
// Do not log errors into stdout, since this generates faulty JSON responses.
ini_set("display_errors", false);
ini_set("log_errors", true);
error_reporting(E_ERROR);
// Log successful logins
define("LOG_SUCCESSFUL_LOGINS", false);
if (file_exists('debug.php')) {
include_once('debug.php');
} else {
// define empty dump function in case we still use it somewhere
function dump(){}
}
?>

1
etc/postfix/dynamicmaps.cf Normal file
View File

@@ -0,0 +1 @@
# dict-type so-name (pathname) dict-function mkmap-function

57
etc/postfix/main.cf Normal file
View File

@@ -0,0 +1,57 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# local domains
myhostname = nuc0.fritz.box
mydestination = $myhostname, localhost.fritz.box, localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# virtual domains
virtual_mailbox_domains = zntrl.de
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = lmtp:unix:/var/spool/kopano/dagent.sock
# default domains
default_transport = smtp:[relay.zntrl.de]:465
# SMPTD (inbound) TLS parameters
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_CAfile = /etc/ssl/certs/balusign-signing-ca.pem
smtpd_tls_cert_file = /etc/ssl/nuc0-full-chain.pem
smtpd_tls_key_file = /etc/ssl/private/nuc0.lan.key
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
# SMTP (outbound)
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_key_file = /etc/ssl/private/nuc0.lan.key
smtp_tls_cert_file = /etc/ssl/nuc0-full-chain.pem
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_tls_loglevel = 1
mailbox_size_limit = 0
message_size_limit = 50000000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

684
etc/postfix/main.cf.proto Normal file
View File

@@ -0,0 +1,684 @@
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# COMPATIBILITY
#
# The compatibility_level determines what default settings Postfix
# will use for main.cf and master.cf settings. These defaults will
# change over time.
#
# To avoid breaking things, Postfix will use backwards-compatible
# default settings and log where it uses those old backwards-compatible
# default settings, until the system administrator has determined
# if any backwards-compatible default settings need to be made
# permanent in main.cf or master.cf.
#
# When this review is complete, update the compatibility_level setting
# below as recommended in the RELEASE_NOTES file.
#
# The level below is what should be used with new (not upgrade) installs.
#
compatibility_level = 2
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
#queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/lib/postfix/sbin
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
#mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
# Debian GNU/Linux specific: Specifying a file name will cause the
# first line of that file to be used as the name. The Debian default
# is /etc/mailname.
#
#myorigin = /etc/mailname
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain + localhost. On
# a mail domain gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 127.0.0.0/8
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /usr/bin/procmail
#mailbox_command = /usr/bin/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
#debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen session, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path =
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path =
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path =
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group =
# html_directory: The location of the Postfix HTML documentation.
#
html_directory =
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory =
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory =
# readme_directory: The location of the Postfix README files.
#
readme_directory =
inet_protocols = ipv4

67
etc/postfix/master.cf Normal file
View File

@@ -0,0 +1,67 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
#submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd

127
etc/postfix/master.cf.proto Normal file
View File

@@ -0,0 +1,127 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
#submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

925
etc/postfix/post-install Normal file
View File

@@ -0,0 +1,925 @@
#!/bin/sh
# To view the formatted manual page of this file, type:
# POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man
#++
# NAME
# post-install
# SUMMARY
# Postfix post-installation script
# SYNOPSIS
# postfix post-install [name=value] command ...
# DESCRIPTION
# The post-install script performs the finishing touch of a Postfix
# installation, after the executable programs and configuration
# files are installed. Usage is one of the following:
# .IP o
# While installing Postfix from source code on the local machine, the
# script is run by the postfix-install script to update selected file
# or directory permissions and to update Postfix configuration files.
# .IP o
# While installing Postfix from a pre-built package, the script is run
# by the package management procedure to set all file or directory
# permissions and to update Postfix configuration files.
# .IP o
# The script can be used to change installation parameter settings such
# as mail_owner or setgid_group after Postfix is already installed.
# .IP o
# The script can be used to upgrade configuration files and to upgrade
# file/directory permissions of a secondary Postfix instance.
# .IP o
# At Postfix start-up time, the script is run from "postfix check" to
# create missing queue directories.
# .PP
# The post-install script is controlled by installation parameters.
# Specific parameters are described at the end of this document.
# All installation parameters must be specified ahead of time via
# one of the methods described below.
#
# Arguments
# .IP create-missing
# Create missing queue directories with ownerships and permissions
# according to the contents of $meta_directory/postfix-files
# and optionally in $meta_directory/postfix-files.d/*, using
# the mail_owner and setgid_group parameter settings from the
# command line, process environment or from the installed
# main.cf file.
#
# This is required at Postfix start-up time.
# .IP set-permissions
# Set all file/directory ownerships and permissions according to the
# contents of $meta_directory/postfix-files and optionally
# in $meta_directory/postfix-files.d/*, using the mail_owner
# and setgid_group parameter settings from the command line,
# process environment or from the installed main.cf file.
# Implies create-missing.
#
# This is required when installing Postfix from a pre-built package,
# or when changing the mail_owner or setgid_group installation parameter
# settings after Postfix is already installed.
# .IP upgrade-permissions
# Update ownership and permission of existing files/directories as
# specified in $meta_directory/postfix-files and optionally
# in $meta_directory/postfix-files.d/*, using the mail_owner
# and setgid_group parameter settings from the command line,
# process environment or from the installed main.cf file.
# Implies create-missing.
#
# This is required when upgrading an existing Postfix instance.
# .IP upgrade-configuration
# Edit the installed main.cf and master.cf files, in order to account
# for missing services and to fix deprecated parameter settings.
#
# This is required when upgrading an existing Postfix instance.
# .IP upgrade-source
# Short-hand for: upgrade-permissions upgrade-configuration.
#
# This is recommended when upgrading Postfix from source code.
# .IP upgrade-package
# Short-hand for: set-permissions upgrade-configuration.
#
# This is recommended when upgrading Postfix from a pre-built package.
# .IP first-install-reminder
# Remind the user that they still need to configure main.cf and the
# aliases file, and that newaliases still needs to be run.
#
# This is recommended when Postfix is installed for the first time.
# MULTIPLE POSTFIX INSTANCES
# .ad
# .fi
# Multiple Postfix instances on the same machine can share command and
# daemon program files but must have separate configuration and queue
# directories.
#
# To create a secondary Postfix installation on the same machine,
# copy the configuration files from the primary Postfix instance to
# a secondary configuration directory and execute:
#
# postfix post-install config_directory=secondary-config-directory \e
# .in +4
# queue_directory=secondary-queue-directory \e
# .br
# create-missing
# .PP
# This creates secondary Postfix queue directories, sets their access
# permissions, and saves the specified installation parameters to the
# secondary main.cf file.
#
# Be sure to list the secondary configuration directory in the
# alternate_config_directories parameter in the primary main.cf file.
#
# To upgrade a secondary Postfix installation on the same machine,
# execute:
#
# postfix post-install config_directory=secondary-config-directory \e
# .in +4
# upgrade-permissions upgrade-configuration
# INSTALLATION PARAMETER INPUT METHODS
# .ad
# .fi
# Parameter settings can be specified through a variety of
# mechanisms. In order of decreasing precedence these are:
# .IP "command line"
# Parameter settings can be given as name=value arguments on
# the post-install command line. These have the highest precedence.
# Settings that override the installed main.cf file are saved.
# .IP "process environment"
# Parameter settings can be given as name=value environment
# variables.
# Settings that override the installed main.cf file are saved.
# .IP "installed configuration files"
# If a parameter is not specified via the command line or via the
# process environment, post-install will attempt to extract its
# value from the already installed Postfix main.cf configuration file.
# These settings have the lowest precedence.
# INSTALLATION PARAMETER DESCRIPTION
# .ad
# .fi
# The description of installation parameters is as follows:
# .IP config_directory
# The directory for Postfix configuration files.
# .IP daemon_directory
# The directory for Postfix daemon programs. This directory
# should not be in the command search path of any users.
# .IP command_directory
# The directory for Postfix administrative commands. This
# directory should be in the command search path of adminstrative users.
# .IP queue_directory
# The directory for Postfix queues.
# .IP data_directory
# The directory for Postfix writable data files (caches, etc.).
# .IP sendmail_path
# The full pathname for the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
# .IP newaliases_path
# The full pathname for the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases
# for the Postfix local delivery agent.
# .IP mailq_path
# The full pathname for the Postfix mailq command.
# This is the Sendmail-compatible command to list the mail queue.
# .IP mail_owner
# The owner of the Postfix queue. Its numerical user ID and group ID
# must not be used by any other accounts on the system.
# .IP setgid_group
# The group for mail submission and for queue management commands.
# Its numerical group ID must not be used by any other accounts on the
# system, not even by the mail_owner account.
# .IP html_directory
# The directory for the Postfix HTML files.
# .IP manpage_directory
# The directory for the Postfix on-line manual pages.
# .IP sample_directory
# The directory for the Postfix sample configuration files.
# This feature is obsolete as of Postfix 2.1.
# .IP readme_directory
# The directory for the Postfix README files.
# .IP shlib_directory
# The directory for the Postfix shared-library files, and for
# the Postfix dabatase plugin files with a relative pathname
# in the file dynamicmaps.cf.
# .IP meta_directory
# The directory for non-executable files that are shared
# among multiple Postfix instances, such as postfix-files,
# dynamicmaps.cf, as well as the multi-instance template files
# main.cf.proto and master.cf.proto.
# SEE ALSO
# postfix-install(1) Postfix primary installation script.
# FILES
# $config_directory/main.cf, Postfix installation parameters.
# $meta_directory/postfix-files, installation control file.
# $meta_directory/postfix-files.d/*, optional control files.
# $config_directory/install.cf, obsolete configuration file.
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#--
umask 022
PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
SHELL=/bin/sh
IFS="
"
BACKUP_IFS="$IFS"
debug=:
#debug=echo
MOST_PARAMETERS="command_directory daemon_directory data_directory
html_directory mail_owner mailq_path manpage_directory
newaliases_path queue_directory readme_directory sample_directory
sendmail_path setgid_group shlib_directory meta_directory"
NON_SHARED="config_directory queue_directory data_directory"
USAGE="Usage: $0 [name=value] command
create-missing Create missing queue directories.
upgrade-source When installing or upgrading from source code.
upgrade-package When installing or upgrading from pre-built package.
first-install-reminder Remind of mandatory first-time configuration steps.
name=value Specify an installation parameter".
# Process command-line options and parameter settings. Work around
# brain damaged shells. "IFS=value command" should not make the
# IFS=value setting permanent. But some broken standard allows it.
create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
obsolete=; keep_list=;
for arg
do
case $arg in
*[" "]*) echo $0: "Error: argument contains whitespace: '$arg'"
exit 1;;
*=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
create-missing) create=1;;
set-perm*) create=1; set_perms=1;;
upgrade-perm*) create=1; upgrade_perms=1;;
upgrade-conf*) upgrade_conf=1;;
upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;;
upgrade-package) create=1; upgrade_conf=1; set_perms=1;;
first-install*) first_install_reminder=1;;
*) echo "$0: Error: $USAGE" 1>&2; exit 1;;
esac
shift
done
# Sanity checks.
test -n "$create$upgrade_conf$first_install_reminder" || {
echo "$0: Error: $USAGE" 1>&2
exit 1
}
# Bootstrapping problem.
if [ -n "$command_directory" ]
then
POSTCONF="$command_directory/postconf"
else
POSTCONF="postconf"
fi
$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
echo $0: Error: no $POSTCONF command found. 1>&2
echo Re-run this command as $0 command_directory=/some/where. 1>&2
exit 1
}
# Also used to require license etc. files only in the default instance.
def_config_directory=`$POSTCONF -d -h config_directory` || exit 1
test -n "$config_directory" ||
config_directory="$def_config_directory"
test -d "$config_directory" || {
echo $0: Error: $config_directory is not a directory. 1>&2
exit 1
}
# If this is a secondary instance, don't touch shared files.
# XXX Solaris does not have "test -e".
instances=`test ! -f $def_config_directory/main.cf ||
$POSTCONF -c $def_config_directory -h multi_instance_directories |
sed 's/,/ /'` || exit 1
update_shared_files=1
for name in $instances
do
case "$name" in
"$def_config_directory") ;;
"$config_directory") update_shared_files=; break;;
esac
done
test -f $meta_directory/postfix-files || {
echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2
exit 1
}
# SunOS5 fmt(1) truncates lines > 1000 characters.
fake_fmt() {
sed '
:top
/^\( *\)\([^ ][^ ]*\) */{
s//\1\2\
\1/
P
D
b top
}
' | fmt
}
case `uname -s` in
HP-UX*) FMT=cat;;
SunOS*) FMT=fake_fmt;;
*) FMT=fmt;;
esac
# If a parameter is not set via the command line or environment,
# try to use settings from installed configuration files.
# Extract parameter settings from the obsolete install.cf file, as
# a transitional aid.
grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
test -f $config_directory/install.cf && {
for name in sendmail_path newaliases_path mailq_path setgid manpages
do
eval junk=\$$name
case "$junk" in
"") eval unset $name;;
esac
eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \
|| exit 1
done
: ${setgid_group=$setgid}
: ${manpage_directory=$manpages}
}
}
# Extract parameter settings from the installed main.cf file.
test -f $config_directory/main.cf && {
for name in $MOST_PARAMETERS
do
eval junk=\$$name
case "$junk" in
"") eval unset $name;;
esac
eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1
done
}
# Sanity checks
case $manpage_directory in
no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
esac
case $setgid_group in
no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
esac
for path in "$daemon_directory" "$command_directory" "$queue_directory" \
"$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
"$meta_directory"
do
case "$path" in
/*) ;;
*) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;;
esac
done
for path in "$html_directory" "$readme_directory" "$shlib_directory"
do
case "$path" in
/*) ;;
no) ;;
*) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;;
esac
done
# Find out what parameters were not specified via command line,
# via environment, or via installed configuration files.
missing=
for name in $MOST_PARAMETERS
do
eval test -n \"\$$name\" || missing="$missing $name"
done
# All parameters must be specified at this point.
test -n "$non_interactive" -a -n "$missing" && {
cat <<EOF | ${FMT} 1>&2
$0: Error: some required installation parameters are not defined.
- Either the parameters need to be given in the $config_directory/main.cf
file from a recent Postfix installation,
- Or the parameters need to be specified through the process
environment.
- Or the parameters need to be specified as name=value arguments
on the $0 command line,
The following parameters were missing:
$missing
EOF
exit 1
}
POSTCONF="$command_directory/postconf"
# Save settings, allowing command line/environment override.
# Undo MAIL_VERSION expansion at the end of a parameter value. If
# someone really wants the expanded mail version in main.cf, then
# we're sorry.
# Confine side effects from mail_version unexpansion within a subshell.
(case "$mail_version" in
"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
esac
for name in $MOST_PARAMETERS
do
eval junk=\$$name
case "$junk" in
*"$mail_version"*)
case "$pattern" in
"") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1
esac
val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
eval ${name}='"$val"'
esac
done
# XXX Maybe update main.cf only with first install, upgrade, set
# permissions, and what else? Should there be a warning otherwise?
override=
for name in $MOST_PARAMETERS
do
eval junk=\"\$$name\"
test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || {
override=1
break
}
done
test -n "$override" && {
$POSTCONF -c $config_directory -e \
"daemon_directory = $daemon_directory" \
"command_directory = $command_directory" \
"queue_directory = $queue_directory" \
"data_directory = $data_directory" \
"mail_owner = $mail_owner" \
"setgid_group = $setgid_group" \
"sendmail_path = $sendmail_path" \
"mailq_path = $mailq_path" \
"newaliases_path = $newaliases_path" \
"html_directory = $html_directory" \
"manpage_directory = $manpage_directory" \
"sample_directory = $sample_directory" \
"readme_directory = $readme_directory" \
"shlib_directory = $shlib_directory" \
"meta_directory = $meta_directory" \
|| exit 1
} || exit 0) || exit 1
# Use file/directory status information in $meta_directory/postfix-files.
test -n "$create" && {
postfix_files_d=$meta_directory/postfix-files.d
for postfix_file in $meta_directory/postfix-files \
`test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }`
do
exec <$postfix_file || exit 1
while IFS=: read path type owner group mode flags junk
do
IFS="$BACKUP_IFS"
set_permission=
# Skip comments. Skip shared files, if updating a secondary instance.
case $path in
[$]*) case "$update_shared_files" in
1) $debug keep non-shared or shared $path;;
*) non_shared=
for name in $NON_SHARED
do
case $path in
"\$$name"*) non_shared=1; break;;
esac
done
case "$non_shared" in
1) $debug keep non-shared $path;;
*) $debug skip shared $path; continue;;
esac;;
esac;;
*) continue;;
esac
# Skip hard links and symbolic links.
case $type in
[hl]) continue;;
[df]) ;;
*) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;;
esac
# Expand $name, and canonicalize null fields.
for name in path owner group flags
do
eval junk=\${$name}
case $junk in
[$]*) eval $name=$junk;;
-) eval $name=;;
*) ;;
esac
done
# Skip uninstalled files.
case $path in
no|no/*) continue;;
esac
# Pick up the flags.
case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
case $flags in *c*) create_flag=1;; *) create_flag=;; esac
case $flags in *r*) recursive="-R";; *) recursive=;; esac
case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac
case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \
"$def_config_directory" && continue;; esac
# Flag obsolete objects. XXX Solaris 2..9 does not have "test -e".
if [ -n "$obsolete_flag" ]
then
test -r $path -a "$type" != "d" && obsolete="$obsolete $path"
continue;
else
keep_list="$keep_list $path"
fi
# Create missing directories with proper owner/group/mode settings.
if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
then
mkdir $path || exit 1
set_permission=1
# Update all owner/group/mode settings.
elif [ -n "$set_perms" ]
then
set_permission=1
# Update obsolete owner/group/mode settings.
elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ]
then
set_permission=1
fi
test -n "$set_permission" && {
chown $recursive $owner $path || exit 1
test -z "$group" || chgrp $recursive $group $path || exit 1
# Don't "chmod -R"; queue file status is encoded in mode bits.
if [ "$type" = "d" -a -n "$recursive" ]
then
find $path -type d -exec chmod $mode "{}" ";"
else
chmod $mode $path
fi || exit 1
}
done
IFS="$BACKUP_IFS"
done
}
# Upgrade existing Postfix configuration files if necessary.
test -n "$upgrade_conf" && {
# Postfix 2.0.
# Add missing relay service to master.cf.
grep '^relay' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for relay service
cat >>$config_directory/master.cf <<EOF || exit 1
relay unix - - n - - smtp
EOF
}
# Postfix 1.1.
# Add missing flush service to master.cf.
grep '^flush.*flush' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for flush service
cat >>$config_directory/master.cf <<EOF || exit 1
flush unix - - n 1000? 0 flush
EOF
}
# Postfix 2.1.
# Add missing trace service to master.cf.
grep 'trace.*bounce' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for trace service
cat >>$config_directory/master.cf <<EOF || exit 1
trace unix - - n - 0 bounce
EOF
}
# Postfix 2.1.
# Add missing verify service to master.cf.
grep '^verify.*verify' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for verify service
cat >>$config_directory/master.cf <<EOF || exit 1
verify unix - - n - 1 verify
EOF
}
# Postfix 2.1.
# Fix verify service process limit.
grep '^verify.*[ ]0[ ]*verify' \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, setting verify process limit to 1
ed $config_directory/master.cf <<EOF || exit 1
/^verify.*[ ]0[ ]*verify/
s/\([ ]\)0\([ ]\)/\11\2/
p
w
q
EOF
}
# Postfix 1.1.
# Change privileged pickup service into unprivileged.
grep "^pickup[ ]*fifo[ ]*n[ ]*n" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, making the pickup service unprivileged
ed $config_directory/master.cf <<EOF || exit 1
/^pickup[ ]*fifo[ ]*n[ ]*n/
s/\(n[ ]*\)n/\1-/
p
w
q
EOF
}
# Postfix 1.1.
# Change private cleanup and flush services into public.
for name in cleanup flush
do
grep "^$name[ ]*unix[ ]*[-y]" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, making the $name service public
ed $config_directory/master.cf <<EOF || exit 1
/^$name[ ]*unix[ ]*[-y]/
s/[-y]/n/
p
w
q
EOF
}
done
# Postfix 2.2.
# File systems have improved since Postfix came out, and all we
# require now is that defer and deferred are hashed because those
# can contain lots of files.
found=`$POSTCONF -c $config_directory -h hash_queue_names`
missing=
(echo "$found" | grep defer >/dev/null) || missing="$missing defer"
(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
test -n "$missing" && {
echo fixing main.cf hash_queue_names for missing $missing
$POSTCONF -c $config_directory -e hash_queue_names="$found$missing" ||
exit 1
}
# Turn on safety nets for new features that could bounce mail that
# would be accepted by a previous Postfix version.
# [The "unknown_local_recipient_reject_code = 450" safety net,
# introduced with Postfix 2.0 and deleted after Postfix 2.3.]
# Postfix 2.0.
# Add missing proxymap service to master.cf.
grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for proxymap service
cat >>$config_directory/master.cf <<EOF || exit 1
proxymap unix - - n - - proxymap
EOF
}
# Postfix 2.1.
# Add missing anvil service to master.cf.
grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for anvil service
cat >>$config_directory/master.cf <<EOF || exit 1
anvil unix - - n - 1 anvil
EOF
}
# Postfix 2.2.
# Add missing scache service to master.cf.
grep '^scache.*scache' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for scache service
cat >>$config_directory/master.cf <<EOF || exit 1
scache unix - - n - 1 scache
EOF
}
# Postfix 2.2.
# Add missing discard service to master.cf.
grep '^discard.*discard' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for discard service
cat >>$config_directory/master.cf <<EOF || exit 1
discard unix - - n - - discard
EOF
}
# Postfix 2.2.
# Update the tlsmgr fifo->unix service.
grep "^tlsmgr[ ]*fifo[ ]" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service
ed $config_directory/master.cf <<EOF || exit 1
/^tlsmgr[ ]*fifo[ ]/
s/fifo/unix/
s/[0-9][0-9]*/&?/
p
w
q
EOF
}
# Postfix 2.2.
# Add missing tlsmgr service to master.cf.
grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
cat >>$config_directory/master.cf <<EOF || exit 1
tlsmgr unix - - n 1000? 1 tlsmgr
EOF
}
# Postfix 2.2.
# Add missing retry service to master.cf.
grep '^retry.*error' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for retry service
cat >>$config_directory/master.cf <<EOF || exit 1
retry unix - - n - - error
EOF
}
# Postfix 2.5.
# Add missing proxywrite service to master.cf.
grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for proxywrite service
cat >>$config_directory/master.cf <<EOF || exit 1
proxywrite unix - - n - 1 proxymap
EOF
}
# Postfix 2.5.
# Fix a typo in the default master.cf proxywrite entry.
grep '^proxywrite.*-[ ]*proxymap' $config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
ed $config_directory/master.cf <<EOF || exit 1
/^proxywrite.*-[ ]*proxymap/
s/-\([ ]*proxymap\)/1\1/
p
w
q
EOF
}
# Postfix 2.8.
# Add missing postscreen service to master.cf.
grep '^#*smtp.*postscreen' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service
cat >>$config_directory/master.cf <<EOF || exit 1
#smtp inet n - n - 1 postscreen
EOF
}
# Postfix 2.8.
# Add missing smtpd (unix-domain) service to master.cf.
grep '^#*smtpd.*smtpd' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#smtpd pass - - n - - smtpd
EOF
}
# Postfix 2.8.
# Add temporary dnsblog (unix-domain) service to master.cf.
grep '^#*dnsblog.*dnsblog' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#dnsblog unix - - n - 0 dnsblog
EOF
}
# Postfix 2.8.
# Add tlsproxy (unix-domain) service to master.cf.
grep '^#*tlsproxy.*tlsproxy' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#tlsproxy unix - - n - 0 tlsproxy
EOF
}
# Report (but do not remove) obsolete files.
test -n "$obsolete" && {
cat <<EOF | ${FMT}
Note: the following files or directories still exist but are
no longer part of Postfix:
$obsolete
EOF
}
# Postfix 2.9.
# Safety net for incompatible changes in IPv6 defaults.
# PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
# UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
# BEFORE 2.9.
# This code assumes that the default is "inet_protocols = ipv4"
# when IPv6 support is not compiled in. See util/sys_defs.h.
test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || {
cat <<EOF | ${FMT}
COMPATIBILITY: editing $config_directory/main.cf, setting
inet_protocols=ipv4. Specify inet_protocols explicitly if you
want to enable IPv6.
In a future release IPv6 will be enabled by default.
EOF
$POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
}
# Disabled because unhelpful down-stream maintainers disable the safety net.
# # Postfix 2.10.
# # Safety net for incompatible changes due to the introduction
# # of the smtpd_relay_restrictions feature to separate the
# # mail relay policy from the spam blocking policy.
# # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
# # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
# # POSTFIX BEFORE 2.10.
# test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
# cat <<EOF | ${FMT}
# COMPATIBILITY: editing $config_directory/main.cf, overriding
# smtpd_relay_restrictions to prevent inbound mail from
# unexpectedly bouncing.
# Specify an empty smtpd_relay_restrictions value to keep using
# smtpd_recipient_restrictions as before.
#EOF
# $POSTCONF -c $config_directory "smtpd_relay_restrictions = \
# permit_mynetworks permit_sasl_authenticated \
# defer_unauth_destination" || exit 1
# }
# Postfix 3.4
# Add a postlog service entry.
grep '^postlog' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service
cat >>$config_directory/master.cf <<EOF || exit 1
postlog unix-dgram n - n - 1 postlogd
EOF
}
}
# A reminder if this is the first time Postfix is being installed.
test -n "$first_install_reminder" && {
ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
cat <<EOF | ${FMT}
Warning: you still need to edit myorigin/mydestination/mynetworks
parameter settings in $config_directory/main.cf.
See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
for information about dialup sites or about sites inside a
firewalled network.
BTW: Check your $ALIASES file and be sure to set up aliases
that send mail for root and postmaster to a real person, then
run $NEWALIASES_PATH.
EOF
}
exit 0

223
etc/postfix/postfix-files Normal file
View File

@@ -0,0 +1,223 @@
#
# Do not edit this file.
#
# This file controls the postfix-install script for installation of
# Postfix programs, configuration files and documentation, as well
# as the post-install script for setting permissions and for updating
# Postfix configuration files. See the respective manual pages within
# the script files.
#
# Do not list $command_directory or $shlib_directory in this file,
# or it will be blown away by a future Postfix uninstallation
# procedure. You would not want to lose all files in /usr/sbin or
# /usr/local/lib.
#
# Each record in this file describes one file or directory.
# Fields are separated by ":". Specify a null field as "-".
# Missing fields or separators at the end are OK.
#
# File format:
# name:type:owner:group:permission:flags
# No group means don't change group ownership.
#
# File types:
# d=directory
# f=regular file
# h=hard link (*)
# l=symbolic link (*)
#
# (*) With hard links and symbolic links, the owner field becomes the
# source pathname, while the group and permissions are ignored.
#
# File flags:
# No flag means the flag is not active.
# p=preserve existing file, do not replace (postfix-install).
# u=update owner/group/mode (post-install upgrade-permissions).
# c=create missing directory (post-install create-missing).
# r=apply owner/group recursively (post-install set/upgrade-permissions).
# o=obsolete, no longer part of Postfix
# 1=optional for non-default instance (config_dir != built-in default).
#
# Note: the "u" flag is for upgrading the permissions of existing files
# or directories after changes in Postfix architecture. For robustness
# it is a good idea to "u" all the files that have special ownership or
# permissions, so that running "make install" fixes any glitches.
#
# Note: order matters. Update shared libraries and database plugins
# before daemon/command-line programs.
$config_directory:d:root:-:755:u
$data_directory:d:$mail_owner:-:700:uc
$daemon_directory:d:root:-:755:u
$queue_directory:d:root:-:755:uc
$queue_directory/active:d:$mail_owner:-:700:ucr
$queue_directory/bounce:d:$mail_owner:-:700:ucr
$queue_directory/corrupt:d:$mail_owner:-:700:ucr
$queue_directory/defer:d:$mail_owner:-:700:ucr
$queue_directory/deferred:d:$mail_owner:-:700:ucr
$queue_directory/flush:d:$mail_owner:-:700:ucr
$queue_directory/hold:d:$mail_owner:-:700:ucr
$queue_directory/incoming:d:$mail_owner:-:700:ucr
$queue_directory/private:d:$mail_owner:-:700:uc
$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
$queue_directory/pid:d:root:-:755:uc
$queue_directory/saved:d:$mail_owner:-:700:ucr
$queue_directory/trace:d:$mail_owner:-:700:ucr
# Update shared libraries and plugins before daemon or command-line programs.
$shlib_directory/libpostfix-util.so:f:root:-:755
$shlib_directory/libpostfix-global.so:f:root:-:755
$shlib_directory/libpostfix-dns.so:f:root:-:755
$shlib_directory/libpostfix-tls.so:f:root:-:755
$shlib_directory/libpostfix-master.so:f:root:-:755
$meta_directory/dynamicmaps.cf.d:d:root:-:755
$meta_directory/dynamicmaps.cf:f:root:-:644
$meta_directory/main.cf.proto:f:root:-:644
$meta_directory/makedefs.out:f:root:-:644
$meta_directory/master.cf.proto:f:root:-:644
$meta_directory/postfix-files.d:d:root:-:755
$meta_directory/postfix-files:f:root:-:644
$daemon_directory/anvil:f:root:-:755
$daemon_directory/bounce:f:root:-:755
$daemon_directory/cleanup:f:root:-:755
$daemon_directory/discard:f:root:-:755
$daemon_directory/dnsblog:f:root:-:755
$daemon_directory/error:f:root:-:755
$daemon_directory/flush:f:root:-:755
$daemon_directory/local:f:root:-:755
$daemon_directory/main.cf:f:root:-:644:o
$daemon_directory/master.cf:f:root:-:644:o
$daemon_directory/master:f:root:-:755
$daemon_directory/oqmgr:f:root:-:755
$daemon_directory/pickup:f:root:-:755
$daemon_directory/pipe:f:root:-:755
$daemon_directory/post-install:f:root:-:755
# In case meta_directory == daemon_directory.
#$daemon_directory/postfix-files:f:root:-:644:o
#$daemon_directory/postfix-files.d:d:root:-:755:o
$daemon_directory/postfix-script:f:root:-:755
$daemon_directory/postfix-tls-script:f:root:-:755
$daemon_directory/postfix-wrapper:f:root:-:755
$daemon_directory/postmulti-script:f:root:-:755
$daemon_directory/postlogd:f:root:-:755
$daemon_directory/postscreen:f:root:-:755
$daemon_directory/proxymap:f:root:-:755
$daemon_directory/qmgr:f:root:-:755
$daemon_directory/qmqpd:f:root:-:755
$daemon_directory/scache:f:root:-:755
$daemon_directory/showq:f:root:-:755
$daemon_directory/smtp:f:root:-:755
$daemon_directory/smtpd:f:root:-:755
$daemon_directory/spawn:f:root:-:755
$daemon_directory/tlsproxy:f:root:-:755
$daemon_directory/tlsmgr:f:root:-:755
$daemon_directory/trivial-rewrite:f:root:-:755
$daemon_directory/verify:f:root:-:755
$daemon_directory/virtual:f:root:-:755
$daemon_directory/nqmgr:h:$daemon_directory/qmgr
$daemon_directory/lmtp:h:$daemon_directory/smtp
$command_directory/postalias:f:root:-:755
$command_directory/postcat:f:root:-:755
$command_directory/postconf:f:root:-:755
$command_directory/postfix:f:root:-:755
$command_directory/postkick:f:root:-:755
$command_directory/postlock:f:root:-:755
$command_directory/postlog:f:root:-:755
$command_directory/postmap:f:root:-:755
$command_directory/postmulti:f:root:-:755
$command_directory/postsuper:f:root:-:755
$command_directory/postdrop:f:root:$setgid_group:2755:u
$command_directory/postqueue:f:root:$setgid_group:2755:u
$sendmail_path:f:root:-:755
$newaliases_path:l:$sendmail_path
$mailq_path:l:$sendmail_path
# Empty files not shipped in Debian
#$config_directory/access:f:root:-:644:p1
#$config_directory/aliases:f:root:-:644:p1
#$config_directory/bounce.cf.default:f:root:-:644:1
#$config_directory/canonical:f:root:-:644:p1
#$config_directory/cidr_table:f:root:-:644:o
#$config_directory/generic:f:root:-:644:p1
#$config_directory/generics:f:root:-:644:o
#$config_directory/header_checks:f:root:-:644:p1
#$config_directory/install.cf:f:root:-:644:o
#$config_directory/main.cf.default:f:root:-:644:1
$config_directory/main.cf:f:root:-:644:p
$config_directory/master.cf:f:root:-:644:p
#$config_directory/regexp_table:f:root:-:644:o
#$config_directory/relocated:f:root:-:644:p1
#$config_directory/tcp_table:f:root:-:644:o
#$config_directory/transport:f:root:-:644:p1
#$config_directory/virtual:f:root:-:644:p1
$config_directory/postfix-script:f:root:-:755:o
#$config_directory/postfix-script-sgid:f:root:-:755:o
#$config_directory/postfix-script-nosgid:f:root:-:755:o
$config_directory/post-install:f:root:-:755:o
$manpage_directory/man1/mailq.1.gz:f:root:-:644
$manpage_directory/man1/newaliases.1.gz:f:root:-:644
$manpage_directory/man1/postalias.1.gz:f:root:-:644
$manpage_directory/man1/postcat.1.gz:f:root:-:644
$manpage_directory/man1/postconf.1.gz:f:root:-:644
$manpage_directory/man1/postdrop.1.gz:f:root:-:644
$manpage_directory/man1/postfix.1.gz:f:root:-:644
$manpage_directory/man1/postfix-tls.1.gz:f:root:-:644
$manpage_directory/man1/postkick.1.gz:f:root:-:644
$manpage_directory/man1/postlock.1.gz:f:root:-:644
$manpage_directory/man1/postlog.1.gz:f:root:-:644
$manpage_directory/man1/postmap.1.gz:f:root:-:644
$manpage_directory/man1/postmulti.1.gz:f:root:-:644
$manpage_directory/man1/postqueue.1.gz:f:root:-:644
$manpage_directory/man1/postsuper.1.gz:f:root:-:644
$manpage_directory/man1/sendmail.1.gz:f:root:-:644
$manpage_directory/man5/access.5.gz:f:root:-:644
$manpage_directory/man5/aliases.5.gz:f:root:-:644
$manpage_directory/man5/body_checks.5.gz:f:root:-:644
$manpage_directory/man5/bounce.5.gz:f:root:-:644
$manpage_directory/man5/canonical.5.gz:f:root:-:644
$manpage_directory/man5/cidr_table.5.gz:f:root:-:644
$manpage_directory/man5/generics.5.gz:f:root:-:644:o
$manpage_directory/man5/generic.5.gz:f:root:-:644
$manpage_directory/man5/header_checks.5.gz:f:root:-:644
$manpage_directory/man5/master.5.gz:f:root:-:644
$manpage_directory/man5/memcache_table.5.gz:f:root:-:644
$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
$manpage_directory/man5/nisplus_table.5.gz:f:root:-:644
$manpage_directory/man5/postconf.5.gz:f:root:-:644
$manpage_directory/man5/postfix-wrapper.5.gz:f:root:-:644
$manpage_directory/man5/regexp_table.5.gz:f:root:-:644
$manpage_directory/man5/relocated.5.gz:f:root:-:644
$manpage_directory/man5/tcp_table.5.gz:f:root:-:644
$manpage_directory/man5/transport.5.gz:f:root:-:644
$manpage_directory/man5/virtual.5.gz:f:root:-:644
$manpage_directory/man8/bounce.8postfix.gz:f:root:-:644
$manpage_directory/man8/cleanup.8postfix.gz:f:root:-:644
$manpage_directory/man8/anvil.8postfix.gz:f:root:-:644
$manpage_directory/man8/defer.8postfix.gz:f:root:-:644
$manpage_directory/man8/discard.8postfix.gz:f:root:-:644
$manpage_directory/man8/dnsblog.8postfix.gz:f:root:-:644
$manpage_directory/man8/error.8postfix.gz:f:root:-:644
$manpage_directory/man8/flush.8postfix.gz:f:root:-:644
$manpage_directory/man8/lmtp.8postfix.gz:f:root:-:644
$manpage_directory/man8/local.8postfix.gz:f:root:-:644
$manpage_directory/man8/master.8postfix.gz:f:root:-:644
$manpage_directory/man8/nqmgr.8postfix.gz:f:root:-:644:o
$manpage_directory/man8/oqmgr.8postfix.gz:f:root:-:644:
$manpage_directory/man8/pickup.8postfix.gz:f:root:-:644
$manpage_directory/man8/pipe.8postfix.gz:f:root:-:644
$manpage_directory/man8/postlogd.8postfix.gz:f:root:-:644
$manpage_directory/man8/postfix-add-filter.8.gz:f:root:-:644
$manpage_directory/man8/postfix-add-policy.8.gz:f:root:-:644
$manpage_directory/man8/postscreen.8postfix.gz:f:root:-:644
$manpage_directory/man8/proxymap.8postfix.gz:f:root:-:644
$manpage_directory/man8/qmgr.8postfix.gz:f:root:-:644
$manpage_directory/man8/qmqpd.8postfix.gz:f:root:-:644
$manpage_directory/man8/scache.8postfix.gz:f:root:-:644
$manpage_directory/man8/showq.8postfix.gz:f:root:-:644
$manpage_directory/man8/smtp.8postfix.gz:f:root:-:644
$manpage_directory/man8/smtpd.8postfix.gz:f:root:-:644
$manpage_directory/man8/spawn.8postfix.gz:f:root:-:644
$manpage_directory/man8/tlsproxy.8postfix.gz:f:root:-:644
$manpage_directory/man8/tlsmgr.8postfix.gz:f:root:-:644
$manpage_directory/man8/trace.8postfix.gz:f:root:-:644
$manpage_directory/man8/trivial-rewrite.8postfix.gz:f:root:-:644
$manpage_directory/man8/verify.8postfix.gz:f:root:-:644
$manpage_directory/man8/virtual.8postfix.gz:f:root:-:644

478
etc/postfix/postfix-script Normal file
View File

@@ -0,0 +1,478 @@
#!/bin/sh
#++
# NAME
# postfix-script 1
# SUMMARY
# execute Postfix administrative commands
# SYNOPSIS
# \fBpostfix-script\fR \fIcommand\fR
# DESCRIPTION
# The \fBpostfix-script\fR script executes Postfix administrative
# commands in an environment that is set up by the \fBpostfix\fR(1)
# command.
# SEE ALSO
# master(8) Postfix master program
# postfix(1) Postfix administrative interface
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#--
# Avoid POSIX death due to SIGHUP when some parent process exits.
trap '' 1
case $daemon_directory in
"") echo This script must be run by the postfix command. 1>&2
echo Do not run directly. 1>&2
exit 1
esac
LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script"
INFO="$LOGGER -p info"
WARN="$LOGGER -p warn"
ERROR="$LOGGER -p error"
FATAL="$LOGGER -p fatal"
PANIC="$LOGGER -p panic"
if [ "X${1#quiet-}" != "X${1}" ]; then
INFO=:
x=${1#quiet-}
shift
set -- $x "$@"
fi
umask 022
SHELL=/bin/sh
#
# Can't do much without these in place.
#
cd $command_directory || {
$FATAL no Postfix command directory $command_directory!
exit 1
}
cd $daemon_directory || {
$FATAL no Postfix daemon directory $daemon_directory!
exit 1
}
test -f master || {
$FATAL no Postfix master program $daemon_directory/master!
exit 1
}
cd $config_directory || {
$FATAL no Postfix configuration directory $config_directory!
exit 1
}
case $shlib_directory in
no) ;;
*) cd $shlib_directory || {
$FATAL no Postfix shared-library directory $shlib_directory!
exit 1
}
esac
cd $meta_directory || {
$FATAL no Postfix meta directory $meta_directory!
exit 1
}
cd $queue_directory || {
$FATAL no Postfix queue directory $queue_directory!
exit 1
}
def_config_directory=`$command_directory/postconf -dh config_directory` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
# If this is a secondary instance, don't touch shared files.
instances=`test ! -f $def_config_directory/main.cf ||
$command_directory/postconf -c $def_config_directory \
-h multi_instance_directories | sed 's/,/ /'` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
check_shared_files=1
for name in $instances
do
case "$name" in
"$def_config_directory") ;;
"$config_directory") check_shared_files=; break;;
esac
done
#
# Parse JCL
#
case $1 in
start_msg)
echo "Start postfix"
;;
stop_msg)
echo "Stop postfix"
;;
quick-start)
$daemon_directory/master -t 2>/dev/null || {
$FATAL the Postfix mail system is already running
exit 1
}
$daemon_directory/postfix-script quick-check || {
$FATAL Postfix integrity check failed!
exit 1
}
$INFO starting the Postfix mail system
$daemon_directory/master &
;;
start|start-fg)
$daemon_directory/master -t 2>/dev/null || {
$FATAL the Postfix mail system is already running
exit 1
}
if [ -f $queue_directory/quick-start ]
then
rm -f $queue_directory/quick-start
else
$daemon_directory/postfix-script check-fatal || {
$FATAL Postfix integrity check failed!
exit 1
}
# Foreground this so it can be stopped. All inodes are cached.
$daemon_directory/postfix-script check-warn
fi
$INFO starting the Postfix mail system || exit 1
case $1 in
start)
# NOTE: wait in foreground process to get the initialization status.
$daemon_directory/master -w || {
$FATAL "mail system startup failed"
exit 1
}
;;
start-fg)
# Foreground start-up is incompatible with multi-instance mode.
# Use "exec $daemon_directory/master" only if PID == 1.
# Otherwise, doing so would break process group management,
# and "postfix stop" would kill too many processes.
case $instances in
"") case $$ in
1) exec $daemon_directory/master -i
$FATAL "cannot start-fg the master daemon"
exit 1;;
*) $daemon_directory/master -s;;
esac
;;
*) $FATAL "start-fg does not support multi_instance_directories"
exit 1
;;
esac
;;
esac
;;
drain)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
}
$INFO stopping the Postfix mail system
kill -9 `sed 1q pid/master.pid`
;;
quick-stop)
$daemon_directory/postfix-script stop
touch $queue_directory/quick-start
;;
stop)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 0
}
$INFO stopping the Postfix mail system
kill `sed 1q pid/master.pid`
for i in 5 4 3 2 1
do
$daemon_directory/master -t && exit 0
$INFO waiting for the Postfix mail system to terminate
sleep 1
done
$WARN stopping the Postfix mail system with force
pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` &&
kill -9 -$pid
;;
abort)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 0
}
$INFO aborting the Postfix mail system
kill `sed 1q pid/master.pid`
;;
reload)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
}
$INFO refreshing the Postfix mail system
$command_directory/postsuper active || exit 1
kill -HUP `sed 1q pid/master.pid`
$command_directory/postsuper &
;;
flush)
cd $queue_directory || {
$FATAL no Postfix queue directory $queue_directory!
exit 1
}
$command_directory/postqueue -f
;;
check)
$daemon_directory/postfix-script check-fatal || exit 1
$daemon_directory/postfix-script check-warn
exit 0
;;
status)
$daemon_directory/master -t 2>/dev/null && {
$INFO the Postfix mail system is not running
exit 1
}
$INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid`
exit 0
;;
quick-check)
# This command is NOT part of the public interface.
$SHELL $daemon_directory/post-install create-missing || {
$WARN unable to create missing queue directories
exit 1
}
# Look for incomplete installations.
test -f $config_directory/master.cf || {
$FATAL no $config_directory/master.cf file found
exit 1
}
exit 0
;;
check-fatal)
# This command is NOT part of the public interface.
$daemon_directory/postfix-script quick-check
maillog_file=`$command_directory/postconf -h maillog_file` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
test -n "$maillog_file" && {
$command_directory/postconf -M postlog/unix-dgram 2>/dev/null \
| grep . >/dev/null || {
$FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'"
exit 1
}
}
# See if all queue files are in the right place. This is slow.
# We must scan all queues for mis-named queue files before the
# mail system can run.
$command_directory/postsuper || exit 1
exit 0
;;
check-warn)
# This command is NOT part of the public interface.
# Check Postfix root-owned directory owner/permissions.
find $queue_directory/. $queue_directory/pid \
-prune ! -user root \
-exec $WARN not owned by root: {} \;
find $queue_directory/. $queue_directory/pid \
-prune \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
# Check Postfix root-owned directory tree owner/permissions.
todo="$config_directory/."
test -n "$check_shared_files" && {
todo="$daemon_directory/. $meta_directory/. $todo"
test "$shlib_directory" = "no" ||
todo="$shlib_directory/. $todo"
}
todo=`echo "$todo" | tr ' ' '\12' | sort -u`
find $todo ! -user root \
-exec $WARN not owned by root: {} \;
# Handle symlinks separately
find -L $todo \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
find $todo -type l | while read f; do \
readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \
done; \
# Check Postfix mail_owner-owned directory tree owner/permissions.
find $data_directory/. ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
find $data_directory/. \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
# Check Postfix mail_owner-owned directory tree owner.
find `ls -d $queue_directory/* | \
egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
! \( -type p -o -type s \) ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
# WARNING: this should not descend into the maildrop directory.
# maildrop is the least trusted Postfix directory.
find $queue_directory/maildrop -prune ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;
# Check Postfix setgid_group-owned directory and file group/permissions.
todo="$queue_directory/public $queue_directory/maildrop"
test -n "$check_shared_files" &&
todo="$command_directory/postqueue $command_directory/postdrop $todo"
find $todo \
-prune ! -group $setgid_group \
-exec $WARN not owned by group $setgid_group: {} \;
test -n "$check_shared_files" &&
find $command_directory/postqueue $command_directory/postdrop \
-prune ! -perm -02111 \
-exec $WARN not set-gid or not owner+group+world executable: {} \;
# Check non-Postfix root-owned directory tree owner/content.
for dir in bin etc lib sbin usr
do
test -d $dir && {
find $dir ! -user root \
-exec $WARN not owned by root: $queue_directory/{} \;
find $dir -type f -print | while read path
do
test -f /$path && {
cmp -s $path /$path ||
$WARN $queue_directory/$path and /$path differ
}
done
}
done
find corrupt -type f -exec $WARN damaged message: {} \;
# Check for non-Postfix MTA remnants.
test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \
-f /usr/lib/sendmail && {
cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
$WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
$WARN Replace one by a symbolic link to the other
}
}
exit 0
;;
set-permissions|upgrade-configuration)
$daemon_directory/post-install create-missing "$@"
;;
post-install)
# Currently not part of the public interface.
shift
$daemon_directory/post-install "$@"
;;
tls)
shift
$daemon_directory/postfix-tls-script "$@"
;;
/*)
# Currently not part of the public interface.
"$@"
;;
logrotate)
case $# in
1) ;;
*) $FATAL "usage postfix $1 (no arguments)"; exit 1;;
esac
for name in maillog_file maillog_file_compressor \
maillog_file_rotate_suffix
do
value="`$command_directory/postconf -h $name`"
case "$value" in
"") $FATAL "empty '$name' parameter value - logfile rotation failed"
exit 1;;
esac
eval $name='"$value"';
done
case "$maillog_file" in
/dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;;
esac
errors=`(
suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1
mv "$maillog_file" "$maillog_file.$suffix" || exit 1
$daemon_directory/master -t 2>/dev/null ||
kill -HUP \`sed 1q pid/master.pid\` || exit 1
sleep 1
"$maillog_file_compressor" "$maillog_file.$suffix" || exit 1
) 2>&1` || {
$FATAL "logfile '$maillog_file' rotation failed: $errors"
exit 1
}
;;
*)
$FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration, logrotate)"
exit 1
;;
esac

3
etc/postfix/virtual Normal file
View File

@@ -0,0 +1,3 @@
postmaster@zntrl.de baloan
abuse@zntrl.de baloan

BIN
etc/postfix/virtual.db Normal file
View File

Binary file not shown.

4
etc/postfix/vmailbox Normal file
View File

@@ -0,0 +1,4 @@
baloan@zntrl.de notused
# Comment out the entry below to implement a catch-all.
# @zntrl.de notused

BIN
etc/postfix/vmailbox.db Normal file
View File

Binary file not shown.

18
kopano.dockerfile Normal file
View File

@@ -0,0 +1,18 @@
# FROM ubuntu:20.04
FROM tozd/runit:ubuntu-focal
# declaration section
ARG MAIL_DOMAIN=zntrl.de
EXPOSE 80 2003
# build section
RUN apt update -y
RUN DEBIAN_FRONTEND=noninteractive TZ=Europe/Berlin apt-get install -y tzdata
# kopano
WORKDIR /root
COPY dist/core-11.0.2.50.507cbae-Ubuntu_20.04-amd64.tar.gz .
COPY dist/webapp-6.0.0.57.1049268-Ubuntu_20.04-all.tar.gz .
COPY deploy-kopano.sh .
RUN ./deploy-kopano.sh
# https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#configure-kopano-dagent-for-delivery-via-unix-socket
# create run scripts in etc/service
COPY ./etc etc
# CMD ["/usr/sbin/kopano-server", "-F", "-c", "/etc/kopano/server.cfg"]

8
postfix.dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM ubuntu:20.04
# declaration section
ARG MAIL_DOMAIN=zntrl.de
EXPOSE 25/tcp 465/tcp 587/tcp
# build section
RUN apt update -y
VOLUME ["/var/lib/postfix"]
CMD ["postfix"]