added multi-domain and s6

etc-baloghs/kopano/admin.cfg

@@ -0,0 +1,7 @@
+# The language for folders in newly-created stores, specified as a
+# locale identifier ("en_US", "de_DE", etc.)
+#default_store_locale =
+
+#server_socket = default:
+#sslkey_file = some.pem
+#sslkey_pass = magic

etc-baloghs/kopano/autorespond.cfg

@@ -0,0 +1,22 @@
+##############################################################
+# AUTORESPOND SETTINGS
+
+# Autorespond if the recipient is in the Cc field
+#autorespond_cc = no
+
+# Autorespond if the recipient is in the Bcc field
+#autorespond_bcc = no
+
+# Autorespond if the recipient is not in any of To, Cc or Bcc
+# (i.e. received the message through a distribution list)
+#autorespond_norecip = no
+
+# Only send reply to same e-mail address once per 24 hours
+#timelimit = 86400
+
+# File which contains when vacation message was sent
+#senddb = /var/lib/kopano/autorespond.db
+
+# Copy to sentmail - whether responses should be saved in the
+# users sentmail folder or not
+#copy_to_sentmail = yes

etc-baloghs/kopano/backup.cfg

@@ -0,0 +1,31 @@
+##############################################################
+# SERVER SETTINGS
+
+# Socket to find the connection to the storage server.
+# Use https to reach servers over the network
+#server_socket   =   file:///var/run/kopano/server.sock
+
+# Login to the storage server using this SSL Key
+#sslkey_file         = /etc/kopano/ssl/search.pem
+
+# The password of the SSL Key
+#sslkey_pass         = replace-with-server-cert-password
+
+##############################################################
+# LOG SETTINGS
+
+# Logging method (syslog, file)
+#log_method          =   file
+
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+#log_level           =   3
+
+# Logfile for log_method = file, use '-' for stderr
+# Default: -
+#log_file = /var/log/kopano/backup.log
+
+##############################################################
+# BACKUP SETTINGS
+
+# maximum number of stores to backup in parallel
+#worker_processes   =   1

etc-baloghs/kopano/dagent.cfg

@@ -0,0 +1,92 @@
+# See the kopano-dagent.cfg(5) manpage for details and more directives.
+
+# Space-separated list of address:port specifiers with optional %interface
+# infix for where the server should listen for LMTP connections.
+#
+#    "unix:/var/spool/kopano/dagent.sock" — local socket
+#    "*:236" — port 2003, all protocols
+#    "[::]:236" — port 2003 on IPv6 only
+#    "[2001:db8::1]:236" — port 2003 on specific address only
+#
+#lmtp_listen = *%lo:2003
+lmtp_listen = unix:/var/spool/kopano/dagent.sock
+
+# connection to the storage server
+#server_socket = file:///var/run/kopano/server.sock
+# Login to the storage server using this SSL Key
+#sslkey_file = /etc/kopano/ssl/dagent.pem
+# The password of the SSL Key
+#sslkey_pass = replace-with-dagent-cert-password
+
+#log_method = auto
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+log_level = 5
+log_file = /var/log/kopano/dagent.log
+log_timestamp = yes
+
+# Log raw message to a file. Can be "no", "all", or a list of usernames
+# for which messages should be saved.
+#log_raw_message = no
+#log_raw_message_path = /var/lib/kopano
+
+# Maximum LMTP threads that can be running simultaneously
+# This is also limited by your SMTP server. (20 is the postfix default concurrency limit)
+#lmtp_max_threads = 20
+
+# The following e-mail header will mark the mail as spam, so the mail
+# is placed in the Junk Mail folder, and not the Inbox.
+# The name is case insensitive.
+# set to empty to not use this detection scheme.
+#spam_header_name = X-Spam-Status
+
+# If the above header is found, and contains the following value
+# the mail will be considered as spam.
+# Notes:
+#  - The value is case insensitive.
+#  - Leading and trailing spaces are stripped.
+#  - The word 'bayes' also contains the word 'yes'.
+#spam_header_value = Yes,
+
+# Enable archive_on_delivery to automatically archive all incoming
+# messages on delivery.
+# This will do nothing if no archive is attached to the target mailbox.
+#archive_on_delivery = no
+
+# Enable the dagent Python plugin framework. Disables threading.
+#plugin_enabled = yes
+
+# Path to the activated dagent plugins.
+#   This folder contains symlinks to the kopano plugins and custom scripts. The plugins are
+#   installed in '/usr/share/kopano-dagent/python/plugins/'. To activate a plugin create a symbolic
+#   link in the 'plugin_path' directory.
+#
+# Example:
+#  $ ln -s /usr/share/kopano-dagent/python/plugins/BMP2PNG.py /var/lib/kopano/dagent/plugins/BMP2PNG.py
+#plugin_path = /var/lib/kopano/dagent/plugins
+
+##############################################################
+# DAGENT RULE SETTINGS
+
+# Enable the addition of X-Kopano-Rule-Action headers on messages
+# that have been forwarded or replied by a rule.
+#set_rule_headers = yes
+
+# Enable this option to prevent rules from potentially causing a loop. An
+# e-mail can only be forwarded once when this option is enabled. Requires the
+# set_rule_headers option to also be enabled.
+#no_double_forward = yes
+
+# Domain list to which forwarding is allowed. (Cuts off after 1000 characters,
+# and knows no escape chars, so use the _file variants if needed.)
+#forward_whitelist_domains = *
+#forward_whitelist_domains_file =
+#forward_whitelist_domain_subject = REJECT: %subject not forwarded (administratively blocked)
+#forward_whitelist_domain_message = The Kopano mail system has rejected your request to forward your e-mail with subject %subject (via mail filters) to %sender: the operation is not permitted.\n\nRemove the rule or contact your administrator about the forward_whitelist_domains setting.
+#forward_whitelist_domain_message_file =
+
+# When multiple HTML MIME parts are found, they can be joined to form a
+# continuous e-mail. (If not, they will become attachments.) Joining them
+# however can compromise the document integrity, as stylesheets and JavaScripts
+# affect the entire joined document.
+#
+#insecure_html_join = no

etc-baloghs/kopano/gateway.cfg

@@ -0,0 +1,47 @@
+# See the kopano-gateway.cfg(5) manpage for details and more directives.
+
+# Space-separated list of address:port specifiers with optional %interface
+# infix for where the server should listen for connections.
+# imaps is normally on 993, pop3s on 995.
+#
+#pop3_listen = *%lo:110
+#pop3s_listen =
+#imap_listen = *%lo:143
+#imaps_listen =
+# File with RSA key for SSL
+#ssl_private_key_file = /etc/kopano/gateway/privkey.pem
+#File with certificate for SSL
+#ssl_certificate_file = /etc/kopano/gateway/cert.pem
+
+# Disable all plaintext authentications unless SSL/TLS is used
+#disable_plaintext_auth = no
+# Verify client certificate
+#ssl_verify_client = no
+# Client verify file and/or path
+#ssl_verify_file =
+#ssl_verify_path =
+#tls_min_proto = tls1.2
+
+# Connection to the storage server.
+# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
+#server_socket = http://localhost:236/
+# Bypass authentification when connecting as an administrator to the UNIX socket.
+#bypass_auth = no
+
+# Whether to show the hostname in the logon greeting to clients.
+#server_hostname_greeting = no
+# Override own DNS name for presentation in the protocol greeting line.
+#server_hostname =
+
+#log_method = auto
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+log_level = 5
+log_file = /var/log/kopano/gateway.log
+#log_timestamp = yes
+
+# Only mail folder for IMAP or all subfolders (calendar, contacts, tasks, etc. too)
+#imap_only_mailfolders = yes
+# Show Public folders for IMAP
+#imap_public_folders = yes
+# The maximum size of an email that can be uploaded to the gateway
+#imap_max_messagesize = 128M

etc-baloghs/kopano/grapi.cfg

@@ -0,0 +1,38 @@
+##############################################################
+# Groupware REST API SETTINGS
+
+# Number of worker processes.
+num_workers = 2
+
+# Disable TLS validation for all client request.
+# When set to yes, TLS certificate validation is turned off. This is insecure
+# and should not be used in production setups.
+#insecure = no
+
+# Path where to create the gc-rest sockets.
+#socket_path = /var/run/kopano-grapi
+
+# Socket to find the connection to the storage server.
+# Use https to reach servers over the network.
+#server_socket = file:///var/run/kopano/server.sock
+
+# Path where to store persistent runtime data.
+#persistency_path = /var/lib/kopano-grapi
+
+# Path where to find translation catalogs.
+#translations_path = /usr/share/kopano-grapi/i18n
+
+# The API includes experimental endpoints which are not yet recommended to run
+# in production setups and are thus disabled by default. When set to yes, all
+# endpoints marked experimental are made available. Defaults to no.
+#enable_experimental_endpoints = yes
+
+###############################################################
+# Log settings
+
+# Log level controls the verbosity of the output log. It can be one of
+# `critical`, `error`, `warning`, `info` or `debug`. Defaults to `info`.
+log_level = info
+log_method = file
+log_file = /var/log/kopano/server.log
+

etc-baloghs/kopano/ical.cfg

@@ -0,0 +1,34 @@
+# See the kopano-ical.cfg(5) manpage for details and more directives.
+
+# Space-separated list of address:port specifiers with optional %interface
+# infix for where the server should listen for connections.
+# ical has often been placed on 8080 and icals on 8443.
+#
+#ical_listen = *%lo:8080
+#icals_listen =
+#tls_min_proto = tls1.2
+# File with RSA key for SSL
+#ssl_private_key_file = /etc/kopano/ical/privkey.pem
+# File with certificate for SSL
+#ssl_certificate_file = /etc/kopano/ical/cert.pem
+
+# Verify client certificate
+#ssl_verify_client = no
+# Client verify file and/or path
+#ssl_verify_file =
+#ssl_verify_path =
+
+# default connection to the storage server
+# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
+#server_socket = http://localhost:236/
+
+#log_method = auto
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+#log_level = 3
+#log_file = /var/log/kopano/ical.log
+#log_timestamp = yes
+
+# The timezone of the system clock
+#server_timezone = Europe/Amsterdam
+# Enable the iCalendar GET method for downloading calendars
+#enable_ical_get = yes

etc-baloghs/kopano/kapid-pubs-secret.key

@@ -0,0 +1 @@
+3be77a9c8294eb60dadf05399576a9048582bb77f8fc86af40660f931d743b65

etc-baloghs/kopano/kapid.cfg

@@ -0,0 +1,66 @@
+##############################################################
+# Kopano API SETTINGS
+
+# OpenID Connect Issuer Identifier.
+#oidc_issuer_identifier=
+
+# Address:port specifier for where kapid should listen for
+# incoming connections.
+#listen = 127.0.0.1:8039
+
+# Disable TLS validation for all client request.
+# When set to yes, TLS certificate validation is turned off. This is insecure
+# and should not be used in production setups.
+#insecure = no
+
+# Comman separated list of plugin names which should be loaded.
+# If this is not set or the value is empty, kapid scans the plugins_path
+# on startup and loads all plugins found.
+#plugins =
+
+# Path to the location of kapi plugins.
+#plugins_path = /usr/lib/kopano/kapi-plugins
+
+###############################################################
+# Log settings
+
+# Log level controls the verbosity of the output log. It can be one of
+# `panic`, `fatal`, `error`, `warn`, `info` or `debug`. Defaults to `info`.
+#log_level = info
+
+###############################################################
+# Groupware REST API (grapi) Plugin settings
+
+# Path where to find Kopano Groupware REST (grapi) sockets.
+#plugin_grapi_socket_path = /var/run/kopano-grapi
+
+###############################################################
+# Pubs API (pubs) Plugin settings
+
+# Path to a key file to be used as secret for Pubs HMAC tokens.
+# If no secret_key file is set, a random value will be generated on
+# startup (not suitable for production use, since it changes on
+# restart). A suitable key file can be generated with
+# `openssl rand -out /etc/kopano/kapid-pubs-secret.key -hex 64`.
+#plugin_pubs_secret_key = /etc/kopano/kapid-pubs-secret.key
+
+###############################################################
+# Key value store API (kvs) Plugin settings
+
+# Database backend to use for persistent storage of kvs data. A supported
+# backend must be set (sqlite3, mysql). Defaults to `sqlite3` if not set.
+#plugin_kvs_db_drivername = sqlite3
+
+# Database backend data source name. This setting depends on the storage
+# backend (plugin_kvs_db_drivername). A DNS is required to use the kvs plugin.
+# - For `sqlite3` the value should be the full path to the database file.
+# - For `mysql`, us a MySQL DSN in the following format:
+#   [username[:password]@][protocol[(address)]]/dbname[?param1=value1&...&paramN=valueN]
+#   See https://github.com/go-sql-driver/mysql#dsn-data-source-name for a
+#   full list of supported MySQL DSN params with examples.
+# If not set and plugin_kvs_db_drivername is also not set a default value will
+# be used which uses SQLite3.
+#plugin_kvs_db_datasource = /var/lib/kopano/kapi-kvs/kvs.db
+
+# Path where to find the database migration scripts.
+#plugin_kvs_db_migrations = /usr/lib/kopano/kapi-kvs/db/migrations

etc-baloghs/kopano/konnectd-encryption-secret.key

@@ -0,0 +1 @@
+<EFBFBD>r<EFBFBD><EFBFBD>L<EFBFBD>(<28>k<EFBFBD><6B><10>"u$ԟ+o<>F<1D><02>3

etc-baloghs/kopano/konnectd-identifier-scopes.yaml

@@ -0,0 +1,14 @@
+# This file contains additional scopes for Konnect. All of the scopes listed
+# here are made available to clients upon request if not limited by other means.
+
+---
+scopes:
+  kopano/kwm:
+    description: "Access Kopano Meet"
+
+  kopano/kvs:
+    description: "Access Kopano Key Value Store"
+
+  kopano/pubs:
+    description: "Access Kopano Pub/Sub"
+

etc-baloghs/kopano/konnectd-signing-private-key.pem

@@ -0,0 +1 @@
+konnectkeys/konnect-20210314-0ae1.pem

etc-baloghs/kopano/konnectd.cfg

@@ -0,0 +1,146 @@
+##############################################################
+# Kopano Konnect SETTINGS
+
+# OpenID Connect Issuer Identifier.
+# This setting defines the OpenID Connect Issuer Identifier to be provided by
+# this Konnect server. Setting this is mandatory and the setting must be a
+# https URL which can be accessed by all applications and users which are to
+# use this Konnect for sign-in or validation. Defaults to "https://localhost" to
+# allow unconfigured startup.
+#oidc_issuer_identifier=https://localhost
+
+# Address:port specifier for where konnectd should listen for
+# incoming connections. Defaults to `127.0.0.1:8777`.
+#listen = 127.0.0.1:8777
+
+# Disable TLS validation for all client request.
+# When set to yes, TLS certificate validation is turned off. This is insecure
+# and should not be used in production setups. Defaults to `no`.
+#insecure = no
+
+# Identity manager which provides the user backend Konnect should use. This is
+# one of `kc` or `ldap`. Defaults to `kc`, which means Konnect will use a
+# Kopano Groupware Storage server as backend.
+#identity_manager = kc
+
+# Full file path to a PEM encoded PKCS#1 or PKCS#5 private key which is used to
+# sign tokens. This file must exist and be valid to be able to start the
+# service. A suitable key can be generated with:
+#   `openssl genpkey -algorithm RSA \
+#     -out konnectd-signing-private-key.pem.pem \
+#     -pkeyopt rsa_keygen_bits:4096`
+# If this is not set, Konnect will try to load
+#   /etc/kopano/konnectd-signing-private-key.pem
+# and if not found, fall back to a random key on every startup. Not set by
+# default. If set, the file must be there.
+#signing_private_key = /etc/kopano/konnectd-signing-private-key.pem
+
+# Key ID to use in created JWT. This setting is useful once private keys need
+# to be changed because they expire. It should be a unique value identiying
+# the signing_private_key. Example: `k20180912-1`. Not set by default, which
+# means that Konnect uses the file name of the key file (dereferencing symlinks)
+# without extension.
+#signing_kid =
+
+# JWT signing method. This must match the private key type as defined in
+# signing_private_key and defaults to `PS256`.
+#signing_method = PS256
+
+# Full path to a directory containing pem encoded keys for validation. Konnect
+# loads all `*.pem` files in that directory and adds the public key parts (if
+# found) to the validator for received tokens using the file name without
+# extension as key ID.
+#validation_keys_path =
+
+# Full file path to a encryption secret key file containing random bytes. This
+# file must exist to be able to start the service. A suitable file can be
+# generated with:
+#   `openssl rand -out konnectd-encryption-secret.key 32`
+# If this is not set, Konnect will try to load
+#   /etc/kopano/konnectd-encryption-secret.key
+# and if not found, fall back to a random key on every startup. Not set by
+# default. If set, the file must be there.
+#encryption_secret_key = /etc/kopano/konnectd-encryption-secret.key
+
+# Full file path to the identifier registration configuration file. This file
+# must exist to be able to start the service. An example file is shipped with
+# the documentation / sources. If not set, Konnect will try to load
+#   /etc/kopano/konnectd-identifier-registration.yaml
+# without failing when the file is not there. If set, the file must be there.
+#identifier_registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
+
+# Full file path to the identifier scopes configuration file. An example file is
+# shipped with the documentation / sources. If not set, Konnect will try to
+# load /etc/kopano/konnectd-identifier-scopes.yaml without failing if the file
+# is not there. If set, the file must be there.
+#identifier_scopes_conf = /etc/kopano/konnectd-identifier-scopes.yaml
+
+# Path to the location of konnectd web resources. This is a mandatory setting
+# since Konnect needs to find its web resources to start.
+#web_resources_path = /usr/share/kopano-konnect
+
+# Custom base path for URI endpoints for Konnect API and the identifier web
+# application. This needs to be changed when Konnect is served from a path
+# instead of the root of the domain.
+#uri_base_path = /
+
+# Space separated list of scopes to be accepted by this Konnect server. By
+# default this is not set, which means that all scopes which are known by the
+# Konnect server and its configured identifier backend are allowed.
+#allowed_scopes =
+
+# Space separated list of IP address or CIDR network ranges of remote addresses
+# which are to be trusted. This is used to allow special behavior if Konnect
+# runs behind a trusted proxy which injects authentication credentials into
+# HTTP requests. Not set by default.
+#trusted_proxies =
+
+# Flag to enable client controlled guest support. When set to `yes`, a registered
+# client can send authorize guests, by sending signed requests. Defaults to `no`.
+#allow_client_guests = no
+
+# Flag to enable dynamic client registration API. When set to `yes`, clients
+# can register themselves and make authorized calls to the token endpoint.
+# Defaults to `no`.
+#allow_dynamic_client_registration = no
+
+# Additional arguments to be passed to the identity manager.
+#identity_manager_args =
+
+###############################################################
+# Log settings
+
+# Log level controls the verbosity of the output log. It can be one of
+# `panic`, `fatal`, `error`, `warn`, `info` or `debug`. Defaults to `info`.
+#log_level = info
+
+###############################################################
+# Kopano Groupware Storage Server Identity Manager (kc)
+
+# URI for connecting to the Kopano Groupware Storage server. This can either be
+# a http(s):// URL for remote systems or a file:// URI to a socket for local
+# connection. Defaults to `file:///run/kopano/server.sock` and is only used
+# when the identity_manager is `kc`.
+#kc_server_uri = file:///run/kopano/server.sock
+
+# Session timeout for sessions of the Kopano Groupware Storage server in
+# seconds. Access token valid duration is limited to this value and Konnect
+# will expire sessions if they are inactive for the timeout duration. This value
+# needs to be lower or same as the corresponding value used in the Kopano
+# Groupware Storage server's configuration to avoid constant session expiration
+# and recreation.
+#kc_session_timeout = 300
+
+###############################################################
+# LDAP Identity Manager (ldap)
+
+# Below are the settings for the LDAP identity manager. They are only used when
+# the identity_manager is `ldap`.
+#ldap_uri =
+#ldap_binddn =
+#ldap_bindpw =
+#ldap_basedn =
+#ldap_scope = sub
+#ldap_login_attribute = uid
+#ldap_uuid_attribute = uidNumber
+#ldap_filter = (objectClass=inetOrgPerson)

etc-baloghs/kopano/konnectkeys/konnect-20210314-0ae1.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDKeeORq+iJ/Rzp
+Q9Jhqldvx0jEprZkTz30DWQrxgzr3lgpowY4sPT9P4uu73Y+czMv8CvMX9gacBv8
+ctbhPL2unmYpRX1Vpgw25E768CyX4etn+LCkZy4KvevuPB8Z6Hx1BseM3tu/nWYP
+Uf9TczHN48vjLKrsu6zeEXy3TsUpmEqgIQN9DxdMCVlzh9wl7+gx/9JrpM24slFA
+4S/ieeaOtlzv8nIWWUB+qeWM35b5ZEtejsiqDaBGHhNhj2z6igUfRrmEkL3V0lkd
+nwaMIWYg0mhiZrX1fQy2wsEpWwDjhy6GQp15IIySv9NgjN5P/PqnCjhPQAxwznt8
+KwZucCAh52g/rwykPoMW14SlfVe97zxjEw1MfFmjwi/7jFHh8AGTNl+BVIbZZ/O/
+YgxLurKbNEeNcyl/aaZFlNL11RYRa5QOwrc65+ChRhO4rbvsenstpQbky/vvbZ8v
+9BbvcuC/I0TTWJxFBpGHuK2iTFiViAE9bLfKAxsXuZofw74pwltTXU2wyTm/weih
+HVTs4DlUtUefsltZRFHVBDDTcUc9WwVtKjvCNKUbE5ZXHRkiZuWxLgjci/4UvrRj
+WstQVzbGfGWgi710ZovvKqn1gRJoakJTrdYk9YQMnKuLWuq9DNby4N/jdlbAs7NM
+8jEe9TTnJW8z7HX6NQPT/ugoqfnPFQIDAQABAoICAFVU8VefP62IAvs8HhoTFC6D
+qmNWb1/vFYkZa7IXEbMGTdmeXyzdRyLD+TaMrSS8oEH/0jWb3xOlU+Yc7/qVAsvo
+7d1O7/d8t4Eazz5qoiCQkgmLgcaHxZu5VwlcRS9CD9GyPb9c3PfweebTA+xDjCXd
+bzwawx5qKfydGhaXF/jjue+qejHmfkcJWa2bAGjspssLqb68Agdo/118ihXEkipr
+KNfnMbXBf7DiIWAxiwsn/auoOWGRxI5IdpqTO7aLHIWF5QG9joPi1rPpJXVBTi1e
+/6cY6m6/ePA9O/MV61X4zt6+jGdUFGp0db0nITpMv8ZORFUCBTw1iU1XRKqejqt6
+/dYb1BTSy5vSUUkjV5isrvXsZd4ZEXzC8xvdu4PyXfIUXDJrCR4N/bLCup6C0r82
+7goPw1Lxlr1nPN5A8rzABFrRgcWiiQNs0s82qbE+bf/ZLDXkjK62dDg9ziKE5mQ6
+sXQOBZYIYrdAXLs7SRHcPXyWgCZKlps02jA1w0jWRJPXooeq34ce7N0BlkS6oSde
+nH/m+EiYf3EFJtgIRcp+Wp3uXc2Se87fSs6GFK6FkHt496yZLY8UuFdXky1XQQJB
+FsrPNJr9vuYz38AwACm7mylw7G1zn9WvIbBP83lA/TmlO/dhQiX/zgcILhA4lYod
+ackLcmQlJCY1Oa9tVUIBAoIBAQDx5oJ/99xq0PC9zNBew9NTMqsDhLjNwEq6xdIe
+RcXRlXubZVA7yTnQ6xRQsEyRU2538hq8ErVCngNMOrgS3iTiADIWhRLr0VBEe4rj
+IGJGIXbrXNUE3tZvnn/OljNz08grzqsCRJSk2OYvCk/9W7v5gXNIkTXIpUO4TXys
+s78BSGkg5k4AWv8i16PUrVblOTJgjCD2EkYrBWD4BazjlkbKNwGnbpEAjfgjuKmT
+DyK4fJ+vHc1pjR+2QZyEy94CyVsSi+n9al90ydTzf6kzIPBaYTjbp8edp8Z3dZKL
+fyUaQoZ1a+bEBxBQp0qVsFeOCUhMSq65cwt4je2W4TLLmyOhAoIBAQDWRx0nkmIa
+zQpsyr7ebpUJ7i973gw4qynnMrWQYlRq7TgGNoYBKmPe/3d+PBBjTsTWT7q8AdFD
+KAENEaWM+FzGErR3bu3sR1Flo1aF02mA6p4BEcSVX25PDsBdzBEg5CwVn+pHf1u4
+4GpXlmLhd3HiSzXOUPKrRRhzJHm3GKqoCRIW00eFllPI4vr/4kpgh8V/l4JpKZow
+/Sx882EjtxeGC14xKm9y9MF56oajxrPqxu574tBlfTn4eXyTiW4BsTcLcuf+s/lz
+R39Ky/FTY9P42QNHIlSX1tlXTe1gRc2qE3QlQYXcc2+P+yasiXNeEiAQFo63TH4I
+pWYKmaiTxPb1AoIBAQChr76YhHbK2t+fLbA1N1UgLiTKlELmG9qXXrRkUaS4wt68
+7oojfAvuDcMlb8Gt/YNAHw4pmaOYZH+1yyXQTrV+bj0MemQ8RUsOizk5OSMW1zVi
+eklUGRJhxyKMVi8MA4mvZlM9j9N/IA8zcAQpR9CsJA+HeK/nbjeGkBx+XyKTW/AQ
+8n8+k5QnmNVDyZzkWEfI6sD5WRuXk9/NyBVYhdDJRt0PKcM4CKzMS5jk1+AQShR9
++0CahZ6lttNEm/PIDwiVq/l5zkkBigqRu0nACAs/je5wO4QcZ9ErdeW+4fxNwhuX
+jsjPTB1mm3sp9JWBNckiXWTORgxrxwoAqIPIPekhAoIBAQCt5TSR4shfO7uUIs3X
+siKd1oEOo1uDudTd3lde/43G4REwaZtC4uX+GZEeDxy1mz0/N6Ex5r+vIo4HzyRt
+TTntPUzcCFhqAk7ajz4uiS38A2uLLqI9Hx9kZXJULMJR0Rq9yfPVZlRHq0hiIJfK
+pqbzoVnfP+5QdFitSRLGNux4RjQ59ej7Ts5cH2jXtQvrXwQ20fxx3+NUkoJCPTm+
+RF6A2ETu3aNoxZ0mleAClcV5aUwtmhrJ4mDjd6RUD5oJIYqsbeo82E4+8e0qBGyq
+4j8qmuOAHSpNt3zWz1UvZjbMKdF+UriR+dS2Inp2V24bD9aZd9UGiLtXxPMU8zLO
+CXDpAoIBAEycsfTcArULdH9q8mDEM+PiTr49kNL9X7UYDLziNTuU363jcYQ/iXDp
+gAdL21caMhcV3C+iAjSb70HwXu6NKEO7Lb703OtgTWHZE9kFssRlA91VSw3X5fCT
+I88MqRzFDsdrE9tUlDbQ2S3GP18PuMhLFJdPuZ4whdqiQMfnQxD25rG/Gi8eypz9
+J/t/LhciIJxaaBaT5YU/t0KGEAlsSrpuPN3sSq7iQYrrUKQY2Mghy4wKP1qwLhLX
+DEr1HZ3gfTZcdvk5ftkGvy4QP6rNRMNo/74l1yp+vAUf/4uA1Wu9QWOJfFOVvfV3
+bPlsxOijJGo9JSDH/en3wE654P52ygY=
+-----END PRIVATE KEY-----

etc-baloghs/kopano/kwebd.cfg

@@ -0,0 +1,137 @@
+##############################################################
+# Kopano Web SETTINGS
+
+# Site's host name.
+# Full qualified host name. If set, kweb provides HTTP/HTTPS for this host
+# including automatic ACME CA TLS and Content Security Policy generation. If not
+# set (the default), kweb is available under all names and does not try to
+# obtain a certificate via ACME.
+#hostname=
+
+# ACME CA email.
+# To allow automatic TLS via ACME, the CA needs an email address. Provide your
+# email address here to enable automatic TLS via ACME. If tls_acme_email and
+# hostname are set, kweb will automatically manage TLS certificates unless
+# explictly disabled by other settings.
+#tls_acme_email =
+
+# ACME CA subscriber agreement.
+# Set to `yes` to accept the CA's subscriber agreement. If this is `no` or
+# not set and kweb is otherwise configured to use ACME, kweb will log the link
+# to the CA's subscriber agreement and then exit. You have to change this
+# setting to `yes` to use automatic TLS via ACME.
+#tls_acme_agree = no
+
+# ACME CA server directory.
+# URL to the certificate authority's ACME server directory. Default is to use
+# Let's Encrypt (https://acme-v02.api.letsencrypt.org/directory).
+#tls_acme_ca = https://acme-v02.api.letsencrypt.org/directory
+
+# HTTP Strict Transport Security.
+# Value for HTTP Strict Transport Security response header. Default to
+# `max-age=31536000;` and is only used if hostname is set. Set explicitly to
+# empty to disable.
+#hsts=max-age=31536000;
+
+# Bind address to bind the listeners.
+# This setting defines where to bind kweb http listeners. By default kweb binds
+# to all interfaces/ips since it needs to be available from external.
+#bind=0.0.0.0
+
+# Web root folder.
+# Full path to the web root. All files below that folder are served by kweb and
+# the path is used as base for otherwise relative paths.
+# Default: `/usr/share/kopano-kweb/www`
+#web_root = /usr/share/kopano-kweb/www
+
+# Port for HTTPS listener.
+# When TLS is enabled, kweb will serve the TLS listener on this port. Defaults
+# to 9443 if `hostname` is not set and `443` otherwise.
+#https_port = 443
+
+# Port for HTTP listener.
+# When TLS is disabled, kweb will serve the listener on this port. Defaults to
+# 9080 if `hostname` is not set and `80` otherwise.
+#http_port = 80
+
+# HTTP/2 support.
+# Set to `yes` to enable HTTP/2 support on all TLS listeners. HTTP/2 is enabled
+# by default. Set to `no` to disable.
+#http2 = yes
+
+# QUIC support.
+# Experimental support for QUIC. Set to `true` to enable. Default is `no`.
+#quic = no
+
+###############################################################
+# Log settings
+
+# HTTP request log file (access log in combined format).
+# Full path to log file where to log HTTP requests. Not set by default which
+# means requests are not logged.
+#request_log_file = /var/log/kopano-kweb/access.log
+
+###############################################################
+# TLS settings
+
+# TLS support.
+# Support encrypted listeners and automatic TLS certificate creation when set
+# to `yes`. Set to `no` to disable all TLS and listen on plain HTTP.
+#tls = yes
+
+# TLS certificate bundle.
+# Path to a TLS certificate bundle (concatenation of the server's  certificate
+# followed by the CA's certificate chain). If set, the TLS listener will use
+# that certificate instead of trying automatic TLS.
+#tls_cert =
+
+# TLS private key.
+# Path to the server's private key file which matches the certificate bundle. It
+# must match the certificate in tls_cert.
+#tls_key =
+
+# TLS protocols.
+# Minimal and maximal TLS protocol versions to be offered. Defaults to TLS 1.2
+# and TLS 1.3 (`tls1.2 tls1.3`).
+#tls_protocols = tls1.2 tls1.3
+
+# TLS self sign.
+# By default kweb creates self signed TLS certificates on startup on if ACME is
+# not possible due to missing settings. If set to `yes`, ACME is disabled and a
+# self signed certificate will always be created. Default: `no`.
+#tls_always_self_sign = no
+
+# TLS must stable.
+# Enables must stable for certificates managed by kweb. If this is set to `yes`
+# and kweb requests certificates via ACME, those certificates will require that
+# the OSCP information is stapled with the response. Defaults to `no`.
+#tls_must_staple = no
+
+###############################################################
+# App settings
+
+# Default top level redirect.
+# When set, top level requests `/` will redirect to the configured value.
+# Not set by default.
+#default_redirect =
+
+# Legacy support.
+# To make integration into existing environments easier kwebd can act as a
+# reverse proxy to allow serving requests Kopano WebApp and Z-Push running e.g.
+# in Apache or Nginx. Set the address to the legacy web server here. Not set by
+# default.
+#legacy_reverse_proxy = 127.0.0.1:8000
+
+###############################################################
+# Limiting settings
+
+# Rate limit tate.
+# Limits Excessive access to services. Requests will be terminated with an error
+# 429 (Too Many Requests) and X-RateLimit-RetryAfter is added.
+# Format "rate burst unit", Defaults to "100 200 minute".
+#ratelimit_rate = "100 200 minute"
+
+# Rate limit whitelist.
+# Your trusted IPs (comma separated). Defines the CIDR IP range you don't want
+# to  perform rate limit. Defaults to `127.0.0.1/8`.
+#ratelimit_whitelist = 127.0.0.1/8

etc-baloghs/kopano/ldap.cfg

@@ -0,0 +1,36 @@
+# See the kopano-ldap.cfg(5) manpage for details and more directives
+
+# Select implementation.
+# If you have any reason to override settings from /usr/share/kopano/*.cfg,
+# do so at the end of this (/etc-resident) config file.
+#
+!include /usr/share/kopano/ldap.openldap.cfg
+#!include /usr/share/kopano/ldap.active-directory.cfg
+
+# List of URIs of LDAP servers to use. Make sure that etc/ldap/ldap.conf is
+# /configured correctly with TLS_CACERT when using "ldaps".
+ldap_uri =
+#ldap_starttls = no
+
+# The DN of the user to bind as for normal operations.
+# When empty, uses anonymous binding.
+ldap_bind_user =
+ldap_bind_passwd =
+
+# Top level search base, every object should be available under this tree
+ldap_search_base =
+
+# The timeout for network operations in seconds
+#ldap_network_timeout = 30
+
+# ldap_page_size limits the number of results from a query that will be downloaded at a time.
+# Default ADS MaxPageSize is 1000.
+#ldap_page_size = 1000
+
+#ldap_membership_cache_size = 256k
+#ldap_membership_cache_lifetime = 5
+
+# Use custom defined LDAP property mappings
+# This is not a requirement for most environments but allows custom mappings of
+# special LDAP properties to custom MAPI attributes
+#!propmap /etc/kopano/ldap.propmap.cfg

etc-baloghs/kopano/monitor.cfg

@@ -0,0 +1,28 @@
+# See the kopano-monitor.cfg(5) manpage for details and more directives.
+
+#server_socket = file:///var/run/kopano/server.sock
+# Login to the storage server using this SSL Key
+#sslkey_file = /etc/kopano/ssl/monitor.pem
+# The password of the SSL Key
+#sslkey_pass = replace-with-monitor-cert-password
+# in a multi-server environment, which servers to monitor (default all)
+#servers =
+
+#log_method = auto
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+#log_level = 3
+#log_file = -
+#log_timestamp = yes
+
+# Quota check interval (in minutes)
+#quota_check_interval = 15
+# Quota mail interval in days
+#mailquota_resend_interval = 1
+
+# Template to be used for quota emails which are sent to the user
+# when the various user quota levels have been exceeded.
+#userquota_warning_template = /etc/kopano/quotamail/userwarning.mail
+
+# Templates to be used for quota emails which are sent to the company administrators
+# when the company quota level has been exceeded.
+#companyquota_warning_template = /etc/kopano/quotamail/companywarning.mail

etc-baloghs/kopano/php-mapi.cfg

@@ -0,0 +1,30 @@
+##############################################################
+# LOG SETTINGS
+
+# Logging method (syslog, file), syslog facility is 'mail'
+#log_method = syslog
+
+# Logfile (for log_method = file, '-' for stderr)
+#log_file = /var/log/kopano/php-mapi.log
+
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+#log_level = 3
+
+# Log timestamp - prefix each log line with timestamp in 'file'
+# logging mode
+#log_timestamp = yes
+
+# Buffer logging in what sized blocks. 0 for line-buffered (syslog-style).
+#log_buffer_size = 0
+
+# This setting will make php-mapi trace how long each MAPI-call
+# took into the selected logfile.
+# Make sure that the file exists and/or can be written to by the
+# apache user.
+# php_mapi_performance_trace_file = /var/log/kopano/php-mapi-perf-trace.log
+
+# Enable debug output for the mapi extension
+# Bitmask:
+# 1 = Log start of a function
+# 2 = Log end of a function
+#php_mapi_debug = 0

etc-baloghs/kopano/quotamail/companywarning.mail

@@ -0,0 +1,11 @@
+Subject: Quota of company ${KOPANO_QUOTA_COMPANY} has been exceeded
+
+The size of the public store for company ${KOPANO_QUOTA_COMPANY} has exceeded
+the size limits set by the administrator.
+The public store size is ${KOPANO_QUOTA_STORE_SIZE}.
+
+Mailbox size limit:
+	* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
+		- When this limit is exceeded this warning message will be sent
+
+See client Help for more information.

etc-baloghs/kopano/quotamail/userhard.mail

@@ -0,0 +1,17 @@
+Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
+
+Your mailbox has exceeded one or more size limits set by your administrator.
+Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
+
+Mailbox size limits:
+	* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
+		- When this limit is exceeded a warning message will be sent
+	* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
+		- When this limit is exceeded you will not be able to send new email
+	* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
+		- When this limit is exceeded you will not be able to send and receive new email
+
+To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
+Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
+You must empty the Deleted Items folder after deleting items or the space will not be freed.
+See client Help for more information.

etc-baloghs/kopano/quotamail/usersoft.mail

@@ -0,0 +1,17 @@
+Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
+
+Your mailbox has exceeded one or more size limits set by your administrator.
+Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
+
+Mailbox size limits:
+	* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
+		- When this limit is exceeded a warning message will be sent
+	* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
+		- When this limit is exceeded you will not be able to send new email
+	* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
+		- When this limit is exceeded you will not be able to send and receive new email
+
+To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
+Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
+You must empty the Deleted Items folder after deleting items or the space will not be freed.
+See client Help for more information.

etc-baloghs/kopano/quotamail/userwarning.mail

@@ -0,0 +1,17 @@
+Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
+
+Your mailbox has exceeded one or more size limits set by your administrator.
+Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
+
+Mailbox size limits:
+	* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
+		- When this limit is exceeded a warning message will be sent
+	* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
+		- When this limit is exceeded you will not be able to send new email
+	* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
+		- When this limit is exceeded you will not be able to send and receive new email
+
+To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
+Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
+You must empty the Deleted Items folder after deleting items or the space will not be freed.
+See client Help for more information.

etc-baloghs/kopano/search.cfg

@@ -0,0 +1,40 @@
+# See kopano-search.cfg(5) for more details and directives.
+
+# Location of the index files
+#index_path = /var/lib/kopano/search/
+# Limit the number of results returned (0 = no limit)
+#limit_results = 1000
+
+# Socket to the storage server.
+# Use https to reach servers over the network
+#server_socket = file:///var/run/kopano/server.sock
+# Login to the storage server using this SSL Key
+#sslkey_file = /etc/kopano/ssl/search.pem
+# The password of the SSL Key
+#sslkey_pass = replace-with-server-cert-password
+
+# To setup for multi-server, use: http://0.0.0.0:port or https://0.0.0.0:port
+#server_bind_name = file:///var/run/kopano/search.sock
+# File with certificate for SSL, used when server_bind_name uses https://...
+#ssl_certificate_file = /etc/kopano/search/cert.pem
+# File with RSA key for SSL, used when server_bind_name uses https://...
+#ssl_private_key_file = /etc/kopano/search/privkey.pem
+
+#log_method = file
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+log_level = 5
+log_file = /var/log/kopano/search.log
+#log_timestamp = yes
+
+# Number of indexing processes used during initial indexing
+#index_processes = 1
+#index_drafts = yes
+#index_junk = yes
+# Prepare search suggestions ("did-you-mean?") during indexing
+# This takes up a large percentage of the used disk space
+#suggestions = yes
+
+# Should attachments be indexed
+#index_attachments = no
+# Maximum file size for attachments
+#index_attachment_max_size = 5M

etc-baloghs/kopano/server.cfg

@@ -0,0 +1,120 @@
+# See the kopano-server.cfg(5) manpage for details and more directives.
+
+# If a directive is not used (i.e. commented out), the built-in server default
+# is used, so to disable certain features, the empty string value must explicitly be
+# set on them.
+
+# Space-separated list of address:port specifiers with optional %interface
+# infix for where the server should listen for connections.
+server_listen = 0.0.0.0:236
+#server_listen_tls =
+#server_ssl_key_file = /etc/kopano/ssl/server.pem
+#server_ssl_key_pass =
+#server_ssl_ca_file = /etc/kopano/ssl/cacert.pem
+#server_ssl_ca_path =
+#server_tls_min_proto = tls1.2
+# Path of SSL Public keys of clients
+#sslkeys_path = /etc/kopano/sslkeys
+
+# Name for identifying the server in a multi-server environment. Need
+# not be a DNS name, but this name needs to be present on a LDAP
+# kopano-server object's cn value.
+server_name = mail.zntrl.de
+# Multi-server
+#enable_distributed_kopano = false
+
+database_engine = mysql
+mysql_host = localhost
+mysql_port = 3306
+mysql_user = kopano
+mysql_password = zAKt(85&
+mysql_database = kopano
+
+# Allow connections from normal users through the Unix socket
+#allow_local_users = yes
+
+# Space-separated list of users that are considered Kopano admins.
+local_admin_users = root kopano
+
+log_method = file
+log_file = /var/log/kopano/server.log
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+log_level = 5
+log_timestamp = yes
+
+# Attachment backend driver type: "database", "files", "files_v2", "s3"
+#attachment_storage = files
+#attachment_path = /var/lib/kopano/attachments
+
+#attachment_s3_hostname = s3-eu-west-1.amazonaws.com
+# The region where the bucket is located, e.g. "eu-west-1"
+#attachment_s3_region =
+# The protocol that should be used to connect to S3, 'http' or 'https' (preferred)
+#attachment_s3_protocol =
+# The URL style of the bucket, "virtualhost" or "path"
+#attachment_s3_uristyle =
+# The access key id of your S3 account
+#attachment_s3_accesskeyid =
+# The secret access key of your S3 account
+#attachment_s3_secretaccesskey =
+# The bucket name in which the files will be stored
+#attachment_s3_bucketname =
+
+# User backend driver type: "db", "unix", "ldap"
+#user_plugin = db
+#user_plugin_config = /etc/kopano/ldap.cfg
+#enable_sso = false
+# Hostname override for Kerberos SSO
+#server_hostname =
+
+# OpenID Connect Issuer Identifier. When set, the server attempts OIDC discovery
+# and initialization on startup, using the configured issuer identifier.
+#kcoidc_issuer_identifier =
+#kcoidc_initialize_timeout = 60
+
+# Skip creation/deletion of users for testing purposes, instead log it.
+#user_safe_mode = no
+
+# Multi-tenancy
+#enable_hosted_kopano = false
+# Display format of store name
+# Allowed variables:
+#  %u Username
+#  %f Full name
+#  %c Tenant's name
+#storename_format = %f
+
+# Loginname format for multi-tenancy installations
+# When the user does not login through a system-wide unique
+# username (like the email address) a unique name is created
+# by combining the username and the tenantname.
+# With this configuration option you can set how the
+# loginname should be built up.
+#
+# Note: Do not use the = character in the format.
+#
+# Allowed variables:
+#  %u Username
+#  %c Teantname
+#
+#loginname_format = %u
+
+#enable_gab = yes
+# Whether to hide/show the special GAB "Everyone" group that contains
+# every user and group for non-admins.
+#hide_everyone = no
+# Whether to hide/show the special GAB "SYSTEM" user for non-admins.
+#hide_system = yes
+# Synchronize GAB users on every open of the GAB (otherwise, only on
+# kopano-admin --sync)
+#sync_gab_realtime = yes
+
+# Use indexing service for faster searching.
+# Enabling this option requires kopano-indexd or kopano-search to be active.
+#search_enabled = yes
+#search_socket = file:///var/run/kopano/search.sock
+#search_timeout = 10
+
+# Disable features for users. This list is space separated.
+# Currently valid values: imap pop3 mobile outlook webapp
+disabled_features = pop3

etc-baloghs/kopano/spamd.cfg

@@ -0,0 +1,53 @@
+##############################################################
+# SPAMD SERVICE SETTINGS
+
+# run as specific user
+#run_as_user         = kopano
+
+# run as specific group
+#run_as_group        = kopano
+
+# control pid file
+#pid_file            =   /var/run/kopano/spamd.pid
+
+# run server in this path (when not using the -F switch)
+#running_path = /var/lib/kopano
+
+##############################################################
+# LOG SETTINGS
+
+# Logging method (syslog, file)
+#log_method          =   file
+
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+#log_level           =   3
+
+# Logfile for log_method = file, use '-' for stderr
+#log_file            =   /var/log/kopano/spamd.log
+
+# Log timestamp - prefix each log line with timestamp in 'file' logging mode
+#log_timestamp       =   1
+
+###############################################################
+# SPAMD Specific settings
+
+# The dir where spam mails are written to which are later picked up
+# by the sa-learn program
+#spam_dir = /var/lib/kopano/spamd/spam
+
+# Location for the database containing metadata on learned spam
+#spam_db = /var/lib/kopano/spamd/spam.db
+
+# Learn ham, when the user moves emails from junk to inbox,
+# enabled by default.
+#learn_ham = yes
+
+# The dir where ham mails are written to which are later picked up
+# by the sa-learn program
+#ham_dir = /var/lib/kopano/spamd/ham
+
+# Spamassassin group
+#sa_group = amavis
+
+# Header tag for spam emails
+#header_tag = X-Spam-Flag

etc-baloghs/kopano/spooler.cfg

@@ -0,0 +1,30 @@
+# See the kopano-spooler.cfg(5) manpage for details and more directives.
+
+# Outgoing mailserver
+#smtp_server = localhost
+#smtp_port = 25
+
+# Server Unix socket location
+#server_socket = default:
+# Login to the storage server using this SSL Key
+#sslkey_file = /etc/kopano/ssl/spooler.pem
+# The password of the SSL Key
+#sslkey_pass = replace-with-server-cert-password
+
+#log_method = auto
+# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
+#log_level = 3
+#log_file = -
+#log_timestamp = yes
+
+# Dump raw messages into specified directory before sending via SMTP.
+#log_raw_message_path = /var/lib/kopano
+#log_raw_message_stage1 = no
+
+# Maximum number of threads used to send outgoing messages
+#max_threads = 5
+
+# spooler Python plugin framework. Disables threading.
+#plugin_enabled = no
+# Path to the activated spooler plugins.
+#plugin_path = /var/lib/kopano/spooler/plugins

etc-baloghs/kopano/statsd.cfg

@@ -0,0 +1,8 @@
+# One address:port specifier for where to listen for HTTP connections.
+#statsd_listen = unix:/var/run/kopano/statsd.sock
+
+# Location for keeping RRD files
+#statsd_rrd = /var/lib/kopano/rrd
+
+#run_as_user = kopano
+#run_as_group = kopano

etc-baloghs/kopano/unix.cfg

@@ -0,0 +1,42 @@
+##############################################################
+#  UNIX USER PLUGIN SETTINGS
+#
+# Any of these directives that are required, are only required if the
+# userplugin parameter is set to unix.
+
+# Charset used in /etc/passwd for the fullname of a user. Normally this
+# is us-ascii, but this can differ according to your setup.
+# The charset specified here must be supported by your iconv(1)
+# setup. See iconv -l for all charsets.
+fullname_charset = iso-8859-15
+
+# Default email domain for constructing new users
+# Required, no default
+default_domain = kopano.com
+
+# The lowest user id that is considered a regular user
+# Optional, default = 1000
+min_user_uid = 1000
+
+# The highest user id that is considered a regular user
+# Optional, default = 10000
+max_user_uid = 10000
+
+# A list of user ids that are not considered to be regular users
+# Optional, default = empty
+# except_user_uids =
+
+# The lowest group id that is considered a regular group
+# Optional, default = 1000
+min_group_gid = 1000
+
+# The highest group id that is considered a regular group
+# Optional, default = 10000
+max_group_gid = 10000
+
+# A list of group ids that are not considered to be regular groups
+# Optional, default = empty
+# except_group_gids =
+
+# Create a user as non-active when it has this Unix shell
+non_login_shell = /sbin/nologin /bin/false

etc-baloghs/kopano/webapp/.htaccess

@@ -0,0 +1,28 @@
+# some apache settings
+Options -Indexes
+
+# The maximum POST limit. To upload large files, this value must be larger than upload_max_filesize.
+<IfModule mod_php5.c>
+	php_value post_max_size 31M
+	php_value upload_max_filesize 30M
+</IfModule>
+
+<IfModule mod_php7.c>
+	php_value post_max_size 31M
+	php_value upload_max_filesize 30M
+</IfModule>
+
+# Deny access to config.php, config.php.dist, debug.php, debug.php.dist, defaults.php
+# because they could become a security vulnerability when accessible
+# Better safe then sorry
+<FilesMatch "^(config|debug|defaults|init)\.php">
+	<IfVersion < 2.4>
+		    Deny from all
+	</IfVersion>
+
+	<IfVersion >= 2.4>
+		   <RequireAll>
+		       Require all denied
+		   </RequireAll>
+	</IfVersion>
+</FilesMatch>

etc-baloghs/kopano/webapp/config-contactfax.php

@@ -0,0 +1,4 @@
+<?php
+define('PLUGIN_CONTACTFAXPLUGIN_USER_DEFAULT_ENABLE', false);
+define('PLUGIN_CONTACTFAXPLUGIN_FAX_DOMAIN_NAME', 'officefax.net');
+?>

etc-baloghs/kopano/webapp/config-gmaps.php

@@ -0,0 +1,13 @@
+<?php
+//by default gmaps plugin is disabled
+define('PLUGIN_GMAPS_USER_DEFAULT_ENABLE', false);
+define ('PLUGIN_GMAPS_DEFAULT_ADDRESS','Elektronicaweg 18, 2628 XG Delft, The Netherlands');
+define ('PLUGIN_GMAPS_SHOW_ROUTES', false);
+
+// This plugin requires a valid Google API key. You can get an API key (and more information) at
+// https://developers.google.com/maps/documentation/javascript/get-api-key
+// Please note that there are usage limits for a particular API key:
+// https://developers.google.com/maps/documentation/javascript/usage
+define ('PLUGIN_GMAPS_GOOGLE_API_KEY', 'YOUR GOOGLE API KEY');
+
+?>

etc-baloghs/kopano/webapp/config-intranet.php

@@ -0,0 +1,17 @@
+<?php
+
+define('PLUGIN_INTRANET_USER_DEFAULT_ENABLE', false);
+
+define('PLUGIN_INTRANET_BUTTON_TITLE', 'Kopano.io');
+define('PLUGIN_INTRANET_URL', 'https://kopano.io/');
+define('PLUGIN_INTRANET_AUTOSTART', false);
+define('PLUGIN_INTRANET_ICON', 'resources/icons/icon_default.png');
+
+
+// More buttons can be added by adding a number as follows
+// Note: Numbers must start with 1 and be sequential
+define('PLUGIN_INTRANET_BUTTON_TITLE_1', 'Kopano.com');
+define('PLUGIN_INTRANET_URL_1', 'https://kopano.com/');
+define('PLUGIN_INTRANET_AUTOSTART_1', false);
+define('PLUGIN_INTRANET_ICON_1', 'resources/icons/icon_default.png');
+

etc-baloghs/kopano/webapp/config-mattermost.php

@@ -0,0 +1,9 @@
+<?php
+
+define('PLUGIN_MATTERMOST_USER_DEFAULT_ENABLE', false);
+
+define('PLUGIN_MATTERMOST_URL', '<URL-OF-YOUR-MATTERMOST>');
+
+// This setting can be changed by the user in his settings.
+// Here you can define the default behaviour.
+define('PLUGIN_MATTERMOST_AUTOSTART', true);

etc-baloghs/kopano/webapp/config-meet.php

@@ -0,0 +1,19 @@
+<?php
+/*******************************************************************************
+ *
+ * This file is part of the Meet plugin for Kopano WebApp
+ *
+ * (c) 2019 Kopano <info@kopano.com>
+ *
+ *******************************************************************************/
+
+// This file contains the configuration options of the Meet plugin
+
+// This disables the plugin by default
+define('PLUGIN_MEET_USER_DEFAULT_ENABLE', false);
+
+// The URL of the Meet PWA
+//define('PLUGIN_MEET_MEET_URL', 'https://<URL_OF_YOUR_MEET_INSTALLATION>');
+
+// The URL of the Meet join flow
+//define('PLUGIN_MEET_MEET_JOIN_URL' '/meet/r/join/group/');

etc-baloghs/kopano/webapp/config-pimfolder.php

@@ -0,0 +1,4 @@
+<?php
+/** Enable the pimfolder plugin for all users */
+define('PLUGIN_PIMFOLDER_USER_DEFAULT_ENABLE', false);
+?>

etc-baloghs/kopano/webapp/config-threema4deskapp.php

@@ -0,0 +1,6 @@
+<?php
+
+define('PLUGIN_THREEMA4DESKAPP_USER_DEFAULT_ENABLE', false);
+
+define('PLUGIN_THREEMA4DESKAPP_BUTTON_TITLE', 'Threema');
+define('PLUGIN_THREEMA4DESKAPP_URL', 'https://web.threema.ch/');

etc-baloghs/kopano/webapp/config-whatsapp4deskapp.php

@@ -0,0 +1,6 @@
+<?php
+
+define('PLUGIN_WHATSAPP4DESKAPP_USER_DEFAULT_ENABLE', false);
+
+define('PLUGIN_WHATSAPP4DESKAPP_BUTTON_TITLE', 'WhatsApp');
+define('PLUGIN_WHATSAPP4DESKAPP_URL', 'https://web.whatsapp.com/');

etc-baloghs/kopano/webapp/config.php

@@ -0,0 +1,331 @@
+<?php
+	// The config file for the webapp.
+	// All possible web client settings can be set in this file. Some settings
+	// (language) can also be set per user or logon.
+
+	// Comment next line to disable the config check (or set FALSE to log the config errors)
+	define("CONFIG_CHECK", TRUE);
+
+	// Use these options to optionally disable some PHP configuration checks.
+	// WARNING: these checks will disable checks regarding the security of the WebApp site configuration,
+	// only change them if you know the consequences - improper use will lead to an insecure installation!
+	define("CONFIG_CHECK_COOKIES_HTTP", FALSE);
+	define("CONFIG_CHECK_COOKIES_SSL", FALSE);
+
+	// Depending on your setup, it might be advisable to change the lines below to one defined with your
+	// default socket location.
+	// Normally "default:" points to the default setting ("file:///var/run/kopano/server.sock")
+	// Examples: define("DEFAULT_SERVER", "default:");
+	//           define("DEFAULT_SERVER", "http://localhost:236/kopano");
+	//           define("DEFAULT_SERVER", "https://localhost:237/kopano");
+	//           define("DEFAULT_SERVER", "file:///var/run/kopano/server.sock");
+	define("DEFAULT_SERVER", "default:");
+
+	// When using a Single-Sign-On (SSO) system on your webserver and Kopano Core is on another server
+	// you can use https to access the Kopano server, and authenticate using an SSL certificate.
+	define("SSLCERT_FILE", NULL);
+	define("SSLCERT_PASS", NULL);
+
+	// Set to false to disable login with Single Sign-On (SSO) on SSO environments.
+	define("ENABLE_REMOTE_USER_LOGIN", true);
+
+	// OIDC Server Configuration, introduced in Kopano Core 8.7.0
+	define("OIDC_ISS", "");
+	define("OIDC_CLIENT_ID", "");
+	define("OIDC_SCOPE", "openid profile email kopano/gc");
+
+	// set to 'true' to strip domain from login name found from Single Sign-On webservers
+	define("LOGINNAME_STRIP_DOMAIN", false);
+
+	// Name of the cookie that is used for the session
+	define("COOKIE_NAME", "KOPANO_WEBAPP");
+
+	// Set to 'false' to disable secure session cookies and to allow log-in without HTTPS.
+	define("SECURE_COOKIES", true);
+
+	// Use DOMPurify to filter HTML
+	// Caution: disabling DOMPurify is a potential security risk.
+	define("ENABLE_DOMPURIFY_FILTER", true);
+
+	// The timeout (in seconds) for the session. User will be logged out of WebApp
+	// when he has not actively used the WebApp for this time.
+	// Set to 0 (or remove) for no timeout during browser session.
+	define("CLIENT_TIMEOUT", 0);
+
+	// Defines the domains from which cross domain authentication requests
+	// are allowed. E.g. if WebMeetings runs under a different domain than
+	// the WebApp then add this domain here. Add http(s):// to the domains
+	// and separate domains with spaces.
+	// Set to empty string (default) to only allow authentication requests
+	// from within the same domain.
+	// Set to "*" to allow authentication requests from any domain. (not
+	// recommended)
+	define("CROSS_DOMAIN_AUTHENTICATION_ALLOWED_DOMAINS", "");
+
+	// Defines the domains to which redirection after login is allowed.
+	// Add http(s):// to the domains and separate domains with spaces.
+	// Note: The domain under which WebApp runs, is always allowed and does
+	// not need to be added here.
+	define("REDIRECT_ALLOWED_DOMAINS", "");
+
+	// Defines the base url and end with a slash.
+	$base_url = dirname($_SERVER["PHP_SELF"]);
+	if(substr($base_url,-1)!="/") $base_url .="/";
+	define("BASE_URL", $base_url);
+
+	// Defines the temp path (absolute). Here uploaded attachments will be saved.
+	// The web client doesn't work without this directory.
+	define("TMP_PATH", "/var/lib/kopano-webapp/tmp");
+
+	// Define the path to the plugin directory (No slash at the end)
+	define("PATH_PLUGIN_DIR", "plugins");
+
+	// Enable the plugins
+	define("ENABLE_PLUGINS", true);
+
+	// Define list of disabled plugins separated by semicolon
+	// Plugin directory name should be used in this list.
+	define("DISABLED_PLUGINS_LIST", "");
+
+	// Define a list of plugins that cannot be disabled by users.
+	// Plugins should be seperated by a semicolon (;). A wildcard (*)
+	// can be used to identify multiple plugins.
+	// Plugin directory name should be used in this list.
+	define("ALWAYS_ENABLED_PLUGINS_LIST", "");
+
+	// General WebApp theme. This will be loaded by default for every user
+	// (if the theme is installed as a plugin)
+	// Users can override the 'logged-in' theme in the settings.
+    // The theme directory should be added here, not the display name.
+	define("THEME", "");
+
+	// Enable themes.
+	define("ENABLE_THEMES", true);
+
+	// General WebApp icon set. This will be loaded by default for every user.
+	// Users can override the iconset in the settings.
+	define("ICONSET", "breeze");
+
+	// Enable iconsets.
+	define("ENABLE_ICONSETS", true);
+
+	// The title that will be shown in the title bar of the browser
+	define("WEBAPP_TITLE", "Kopano WebApp");
+
+	// The base URL where the User Manual for WebApp can be found
+	define("PLUGIN_WEBAPPMANUAL_URL", "https://documentation.kopano.io/user_manual_webapp/");
+
+	// When set to false, GAB does not show any user, unless searched for.
+	define("ENABLE_FULL_GAB", true);
+
+	// Set a maximum number of (search) results for the addressbook
+	// When more results are found no results will be displayed in the client.
+	// Set to 0 to disable this feature and show all results.
+	define("MAX_GAB_RESULTS", 0);
+
+	// Set to true to show public contact folders in address-book folder list,
+	// false will hide public contact folders in address-book folder list.
+	define("ENABLE_PUBLIC_CONTACT_FOLDERS", false);
+
+	// Set true to show public folders in hierarchy, false will disable public folders in hierarchy.
+	define("ENABLE_PUBLIC_FOLDERS", true);
+
+	// Set true to hide shared contact folders in address-book folder list,
+	// false will show shared contact folders in address-book folder list.
+	define("ENABLE_SHARED_CONTACT_FOLDERS", false);
+
+	// Set to true to give users the option to enable file previewer in their settings
+	// Set to false to hide the setting and disable file previewer for all users
+	define("ENABLE_FILE_PREVIEWER", true);
+
+	// Set to true to give users the possiblity to edit, create, and delete mail filters on the store
+	// of other users. The user needs owner permissions on the store of the other user.
+	define("ENABLE_SHARED_RULES", false);
+
+	// Booking method (true = direct booking, false = send meeting request)
+	define("ENABLE_DIRECT_BOOKING", true);
+
+	// Enable GZIP compression for responses
+	define("ENABLE_RESPONSE_COMPRESSION", true);
+
+	// When set to false this disables the welcome screen shown to new users.
+	define("ENABLE_WELCOME_SCREEN", true);
+
+	// Set to false to disable the "What's new dialog" that will be shown to users to introduce new features.
+	define("ENABLE_WHATS_NEW_DIALOG", true);
+
+	// When set to false it will disable showing of advanced settings.
+	define("ENABLE_ADVANCED_SETTINGS", false);
+
+	// Freebusy start offset that will be used to load freebusy data in appointments, number is subtracted from current time
+	define("FREEBUSY_LOAD_START_OFFSET", 7);
+
+	// Freebusy end offset that will be used to load freebusy data in appointments, number is added to current time
+	define("FREEBUSY_LOAD_END_OFFSET", 90);
+
+	// Maximum eml files to be included in a single ZIP archive
+	define("MAX_EML_FILES_IN_ZIP", 50);
+
+	// Set true to default soft delete the shared store items
+	define("ENABLE_DEFAULT_SOFT_DELETE", false);
+
+ 	// Enable widgets/today context.
+	define("ENABLE_WIDGETS", true);
+
+	// Additional color schemes for the calendars can be added by uncommenting and editing the following define.
+	// The format is the same as the format of COLOR_SCHEMES which is defined in default.php
+	// To change the default colors, COLOR_SCHEMES can also be defined here.
+	// Note: Every color should have a unique name, because it is used to identify the color
+	// define("ADDITIONAL_COLOR_SCHEMES", json_encode(array(
+	// 		array(
+	//			'name' => 'pink',
+	//			'displayName' => _('Pink'),
+	//			'base' => '#ff0099'
+	//		)
+	// )));
+
+	// Additional categories can be added by uncommenting and editing the following define.
+	// The format is the same as the format of DEFAULT_CATEGORIES which is defined in default.php
+	// To change the default categories, DEFAULT_CATEGORIES can also be defined here.
+	// Note: Every category should have a unique name, because it is used to identify the category
+	// define("ADDITIONAL_CATEGORIES", json_encode(array(
+	// 		array(
+	//			'name' => _('Family'),
+	//			'color' => '#000000',
+	//			'quickAccess' => true,
+	//			'sortIndex' => 10
+	//		)
+	// )));
+
+	// Additional Prefix for the Contact name can be added by uncommenting and editing the following define.
+	// define("CONTACT_PREFIX", json_encode(array(
+	//  	array(_('Er.')),
+	//  	array(_('Gr.'))
+	// )));
+
+	// Additional Suffix for the Contact name can be added by uncommenting and editing the following define.
+	// define("CONTACT_SUFFIX", json_encode(array(
+	//  	array(_('A')),
+	//  	array(_('B'))
+	// )));
+
+	// Define the polling interval in minutes for unread mail in shared stores.
+	define("SHARED_STORE_POLLING_INTERVAL", 15);
+
+	// Define the amount of emails to load in the background, in batches of 10 emails per request every x seconds
+	// defined by PREFETCH_EMAIL_INTERVAL until the defined amount of items is loaded. Setting this value to zero
+	// disables this feature.
+	define("PREFETCH_EMAIL_COUNT", 10);
+
+	// Define the interval between loading of new emails in the background.
+	define("PREFETCH_EMAIL_INTERVAL", 30);
+
+	/**************************************\
+	* Memory usage and timeouts            *
+	\**************************************/
+
+	// This sets the maximum time in seconds that is allowed to run before it is terminated by the parser.
+	ini_set("max_execution_time", 300); // 5 minutes
+
+	// BLOCK_SIZE (in bytes) is used for attachments by mapi_stream_read/mapi_stream_write
+	define("BLOCK_SIZE", 1048576);
+
+	// Time that static files may exist in the client's cache (13 weeks)
+	define("EXPIRES_TIME", 60*60*24*7*13);
+
+	// Time that the state files are allowed to survive (in seconds)
+	// For filesystems on which relatime is used, this value should be larger then the relatime_interval
+	// for kernels 2.6.30 and above relatime is enabled by default, and the relatime_interval is set to
+	// 24 hours.
+	define("STATE_FILE_MAX_LIFETIME", 28*60*60);
+
+	// Time that attachments are allowed to survive (in seconds)
+	define("UPLOADED_ATTACHMENT_MAX_LIFETIME", 6*60*60);
+
+	/**********************************************************************************
+	 *  Logging settings
+	 *
+	 *  Possible LOG_USER_LEVEL values are:
+	 *  LOGLEVEL_OFF            - no logging
+	 *  LOGLEVEL_FATAL          - log only critical errors
+	 *  LOGLEVEL_ERROR          - logs events which might require corrective actions
+	 *  LOGLEVEL_WARN           - might lead to an error or require corrective actions in the future
+	 *  LOGLEVEL_INFO           - usually completed actions
+	 *  LOGLEVEL_DEBUG          - debugging information, typically only meaningful to developers
+	 *
+	 *  The verbosity increases from top to bottom. More verbose levels include less verbose
+	 *  ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR,
+	 *  LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
+	 *
+	 **************************************************************************************/
+	define("LOG_USER_LEVEL", LOGLEVEL_OFF);
+
+	// To save e.g. user activity data only for selected users, provide the username followed by semicolon.
+	// The data will be saved into a dedicated file per user in the LOG_FILE_DIR
+	// Users have to be encapsulated in quotes, several users are semicolon separated, like:
+	// define('LOG_USERS', 'user1;user2;user3');
+	define("LOG_USERS", "");
+
+	// Location of the log directory
+	// e.g /var/log/webapp-userslog/users/
+	// The directory will be created when it does not exist.
+	// Webserver user should have permissions to write in this folder
+	define("LOG_FILE_DIR", "");
+
+	/**************************************\
+	* Languages                            *
+	\**************************************/
+
+	// Location to the translations
+	define("LANGUAGE_DIR", "server/language/");
+
+	// Defines the default interface language. This can be overridden by the user.
+	if (isset($_ENV['LANG']) && $_ENV['LANG']!="C") {
+		define('LANG', $_ENV["LANG"]); // This means the server environment language determines the web client language.
+	} else {
+		define('LANG', 'en_US.UTF-8'); // default fallback language
+	}
+
+	// List of languages that should be enabled in the logon
+	// screen's language drop down.  Languages should be specified
+	// using <languagecode>_<regioncode>[.UTF-8], and separated with
+	// semicolon.  A list of available languages can be found in
+	// the manual or by looking at the list of directories in
+	// /usr/share/kopano-webapp/server/language .
+	define("ENABLED_LANGUAGES", "cs_CZ;da_DK;de_DE;en_GB;en_US;es_CA;es_ES;fi_FI;fr_FR;hu_HU;it_IT;ja_JP;nb_NO;nl_NL;pl_PL;pt_BR;ru_RU;sl_SI;tr_TR;zh_CN");
+
+	// Defines the default time zone
+	if (!ini_get('date.timezone')) {
+		date_default_timezone_set('Europe/Amsterdam');
+	}
+
+	/**************************************\
+	* Powerpaste                           *
+	\**************************************/
+
+	// Options for TinyMCE's powerpaste plugin, see https://www.tiny.cloud/docs/plugins/powerpaste/#configurationoptions
+	// for more details.
+	define("POWERPASTE_WORD_IMPORT", "merge");
+	define("POWERPASTE_HTML_IMPORT", "merge");
+	define("POWERPASTE_ALLOW_LOCAL_IMAGES", true);
+
+	/**************************************\
+	* Debugging                            *
+	\**************************************/
+
+	// Do not log errors into stdout, since this generates faulty JSON responses.
+	ini_set("display_errors", false);
+
+	ini_set("log_errors", true);
+	error_reporting(E_ERROR);
+
+	// Log successful logins
+	define("LOG_SUCCESSFUL_LOGINS", false);
+
+	if (file_exists('debug.php')) {
+		include_once('debug.php');
+	} else {
+		// define empty dump function in case we still use it somewhere
+		function dump(){}
+	}
+?>