From ce43d3e9e9f1fef0594a8073956fccd6dba9140f Mon Sep 17 00:00:00 2001 From: andreas Date: Thu, 16 Feb 2023 20:42:47 +0000 Subject: [PATCH] added etc directories --- etc-baloghs/cron.d/.placeholder | 2 + etc-baloghs/cron.d/backup | 4 + etc-baloghs/cron.d/certbot | 2 + etc-baloghs/cron.d/getmail | 3 + etc-baloghs/cron.d/grav | 1 + etc-baloghs/cron.d/mdadm | 12 + etc-baloghs/cron.d/php | 14 + etc-baloghs/cron.d/spamassassin | 1 + etc-baloghs/cron.d/tt-rss | 1 + etc-baloghs/spamassassin/50_scores.cf | 1 + etc-baloghs/spamassassin/65_debian.cf | 34 + etc-baloghs/spamassassin/init.pre | 36 + etc-baloghs/spamassassin/local.cf | 89 ++ etc-baloghs/spamassassin/local.cf.dist | 89 ++ etc-baloghs/spamassassin/sa-compile.pre | 3 + .../spamassassin/sa-update-hooks.d/spampd | 6 + .../spamassassin/sa-update-keys/pubring.gpg | Bin 0 -> 2783 bytes .../sa-update-keys/pubring.gpg~} | 0 .../spamassassin/sa-update-keys/secring.gpg | 0 .../spamassassin/sa-update-keys/trustdb.gpg | Bin 0 -> 1200 bytes etc-baloghs/spamassassin/v310.pre | 78 ++ etc-baloghs/spamassassin/v312.pre | 29 + etc-baloghs/spamassassin/v320.pre | 64 ++ etc-baloghs/spamassassin/v330.pre | 28 + etc-baloghs/spamassassin/v340.pre | 21 + etc-baloghs/spamassassin/v341.pre | 28 + etc-baloghs/spamassassin/v342.pre | 36 + etc-baloghs/spampd.conf | 19 + etc-baloghs/z-push/autodiscover.conf.php | 88 ++ etc-baloghs/z-push/autodiscover.conf.php.dist | 88 ++ etc-baloghs/z-push/gabsync.conf.php | 86 ++ etc-baloghs/z-push/kopano.conf.php | 83 ++ etc-baloghs/z-push/policies.ini | 234 +++++ etc-baloghs/z-push/z-push.conf.php | 373 +++++++ etc-baloghs/z-push/z-push.conf.php.dist | 375 +++++++ etc-baloghs/z-push/z-push.conf.php.dpkg-dist | 418 ++++++++ etc-relay/postfix/aliases | 0 etc-relay/postfix/aliases.db | Bin 0 -> 12288 bytes etc-relay/postfix/dynamicmaps.cf | 1 + etc-relay/postfix/main.cf | 62 ++ etc-relay/postfix/main.cf.proto | 684 +++++++++++++ etc-relay/postfix/makedefs.out | 65 ++ etc-relay/postfix/master.cf | 63 ++ etc-relay/postfix/master.cf.proto | 126 +++ etc-relay/postfix/post-install | 915 +++++++++++++++++ etc-relay/postfix/postfix-files | 221 +++++ etc-relay/postfix/postfix-script | 428 ++++++++ etc-relay/postfix/relay_clientcerts | 2 + etc-relay/postfix/relay_clientcerts.db | Bin 0 -> 12288 bytes etc-relay/postfix/transport | 2 + etc-relay/postfix/transport.db | Bin 0 -> 12288 bytes etc-relay/postfix/virtual | 2 + etc-relay/postfix/virtual.db | Bin 0 -> 12288 bytes etc-zntrl/apache2/apache2.conf | 227 +++++ etc-zntrl/apache2/cipher.conf | 21 + etc-zntrl/apache2/conf-available/charset.conf | 8 + .../conf-available/localized-error-pages.conf | 81 ++ .../other-vhosts-access-log.conf | 4 + .../apache2/conf-available/php7.4-fpm.conf | 23 + .../apache2/conf-available/security.conf | 73 ++ .../apache2/conf-available/serve-cgi-bin.conf | 20 + .../conf-available/z-push-autodiscover.conf | 6 + etc-zntrl/apache2/conf-available/z-push.conf | 23 + etc-zntrl/apache2/conf-enabled/charset.conf | 1 + .../conf-enabled/localized-error-pages.conf | 1 + .../conf-enabled/other-vhosts-access-log.conf | 1 + etc-zntrl/apache2/conf-enabled/security.conf | 1 + .../apache2/conf-enabled/serve-cgi-bin.conf | 1 + etc-zntrl/apache2/envvars | 47 + etc-zntrl/apache2/magic | 935 ++++++++++++++++++ .../apache2/mods-available/access_compat.load | 2 + etc-zntrl/apache2/mods-available/actions.conf | 11 + etc-zntrl/apache2/mods-available/actions.load | 1 + etc-zntrl/apache2/mods-available/alias.conf | 24 + etc-zntrl/apache2/mods-available/alias.load | 1 + .../apache2/mods-available/allowmethods.load | 1 + etc-zntrl/apache2/mods-available/asis.load | 2 + .../apache2/mods-available/auth_basic.load | 2 + .../apache2/mods-available/auth_digest.load | 2 + .../apache2/mods-available/auth_form.load | 2 + .../apache2/mods-available/authn_anon.load | 1 + .../apache2/mods-available/authn_core.load | 1 + .../apache2/mods-available/authn_dbd.load | 2 + .../apache2/mods-available/authn_dbm.load | 1 + .../apache2/mods-available/authn_file.load | 1 + .../apache2/mods-available/authn_socache.load | 1 + .../apache2/mods-available/authnz_fcgi.load | 1 + .../apache2/mods-available/authnz_ldap.load | 2 + .../apache2/mods-available/authz_core.load | 1 + .../apache2/mods-available/authz_dbd.load | 2 + .../apache2/mods-available/authz_dbm.load | 2 + .../mods-available/authz_groupfile.load | 2 + .../apache2/mods-available/authz_host.load | 2 + .../apache2/mods-available/authz_owner.load | 1 + .../apache2/mods-available/authz_user.load | 2 + .../apache2/mods-available/autoindex.conf | 96 ++ .../apache2/mods-available/autoindex.load | 1 + etc-zntrl/apache2/mods-available/brotli.load | 1 + etc-zntrl/apache2/mods-available/buffer.load | 1 + etc-zntrl/apache2/mods-available/cache.load | 1 + .../apache2/mods-available/cache_disk.conf | 27 + .../apache2/mods-available/cache_disk.load | 2 + .../apache2/mods-available/cache_socache.load | 2 + .../apache2/mods-available/cern_meta.load | 1 + etc-zntrl/apache2/mods-available/cgi.load | 1 + etc-zntrl/apache2/mods-available/cgid.conf | 4 + etc-zntrl/apache2/mods-available/cgid.load | 1 + .../apache2/mods-available/charset_lite.load | 1 + etc-zntrl/apache2/mods-available/data.load | 1 + etc-zntrl/apache2/mods-available/dav.load | 1 + etc-zntrl/apache2/mods-available/dav_fs.conf | 3 + etc-zntrl/apache2/mods-available/dav_fs.load | 2 + .../apache2/mods-available/dav_lock.load | 1 + etc-zntrl/apache2/mods-available/dbd.load | 1 + etc-zntrl/apache2/mods-available/deflate.conf | 10 + etc-zntrl/apache2/mods-available/deflate.load | 2 + etc-zntrl/apache2/mods-available/dialup.load | 1 + etc-zntrl/apache2/mods-available/dir.conf | 5 + etc-zntrl/apache2/mods-available/dir.load | 1 + etc-zntrl/apache2/mods-available/dump_io.load | 1 + etc-zntrl/apache2/mods-available/echo.load | 1 + etc-zntrl/apache2/mods-available/env.load | 1 + etc-zntrl/apache2/mods-available/expires.load | 1 + .../apache2/mods-available/ext_filter.load | 1 + .../apache2/mods-available/file_cache.load | 2 + etc-zntrl/apache2/mods-available/filter.load | 1 + etc-zntrl/apache2/mods-available/headers.load | 1 + .../apache2/mods-available/heartbeat.load | 3 + .../apache2/mods-available/heartmonitor.load | 3 + etc-zntrl/apache2/mods-available/http2.conf | 34 + etc-zntrl/apache2/mods-available/http2.load | 1 + etc-zntrl/apache2/mods-available/ident.load | 1 + .../apache2/mods-available/imagemap.load | 1 + etc-zntrl/apache2/mods-available/include.load | 2 + etc-zntrl/apache2/mods-available/info.conf | 15 + etc-zntrl/apache2/mods-available/info.load | 1 + .../mods-available/lbmethod_bybusyness.load | 2 + .../mods-available/lbmethod_byrequests.load | 2 + .../mods-available/lbmethod_bytraffic.load | 2 + .../mods-available/lbmethod_heartbeat.load | 2 + etc-zntrl/apache2/mods-available/ldap.conf | 6 + etc-zntrl/apache2/mods-available/ldap.load | 1 + .../apache2/mods-available/log_debug.load | 1 + .../apache2/mods-available/log_forensic.load | 1 + etc-zntrl/apache2/mods-available/lua.load | 1 + etc-zntrl/apache2/mods-available/macro.load | 1 + etc-zntrl/apache2/mods-available/md.load | 1 + etc-zntrl/apache2/mods-available/mime.conf | 251 +++++ etc-zntrl/apache2/mods-available/mime.load | 1 + .../apache2/mods-available/mime_magic.conf | 5 + .../apache2/mods-available/mime_magic.load | 1 + .../apache2/mods-available/mpm_event.conf | 18 + .../apache2/mods-available/mpm_event.load | 2 + .../apache2/mods-available/mpm_prefork.conf | 16 + .../apache2/mods-available/mpm_prefork.load | 2 + .../apache2/mods-available/mpm_worker.conf | 22 + .../apache2/mods-available/mpm_worker.load | 2 + .../apache2/mods-available/negotiation.conf | 20 + .../apache2/mods-available/negotiation.load | 1 + etc-zntrl/apache2/mods-available/php7.4.conf | 25 + etc-zntrl/apache2/mods-available/php7.4.load | 3 + etc-zntrl/apache2/mods-available/proxy.conf | 27 + etc-zntrl/apache2/mods-available/proxy.load | 1 + .../apache2/mods-available/proxy_ajp.load | 2 + .../mods-available/proxy_balancer.conf | 15 + .../mods-available/proxy_balancer.load | 2 + .../apache2/mods-available/proxy_connect.load | 2 + .../apache2/mods-available/proxy_express.load | 2 + .../apache2/mods-available/proxy_fcgi.load | 2 + .../apache2/mods-available/proxy_fdpass.load | 2 + .../apache2/mods-available/proxy_ftp.conf | 8 + .../apache2/mods-available/proxy_ftp.load | 2 + .../apache2/mods-available/proxy_hcheck.load | 2 + .../apache2/mods-available/proxy_html.conf | 75 ++ .../apache2/mods-available/proxy_html.load | 2 + .../apache2/mods-available/proxy_http.load | 2 + .../apache2/mods-available/proxy_http2.load | 2 + .../apache2/mods-available/proxy_scgi.load | 2 + .../apache2/mods-available/proxy_uwsgi.load | 2 + .../mods-available/proxy_wstunnel.load | 2 + .../apache2/mods-available/ratelimit.load | 2 + .../apache2/mods-available/reflector.load | 1 + .../apache2/mods-available/remoteip.load | 1 + .../apache2/mods-available/reqtimeout.conf | 27 + .../apache2/mods-available/reqtimeout.load | 1 + etc-zntrl/apache2/mods-available/request.load | 1 + etc-zntrl/apache2/mods-available/rewrite.load | 1 + etc-zntrl/apache2/mods-available/sed.load | 1 + etc-zntrl/apache2/mods-available/session.load | 1 + .../mods-available/session_cookie.load | 2 + .../mods-available/session_crypto.load | 2 + .../apache2/mods-available/session_dbd.load | 2 + .../apache2/mods-available/setenvif.conf | 32 + .../apache2/mods-available/setenvif.load | 1 + .../apache2/mods-available/slotmem_plain.load | 1 + .../apache2/mods-available/slotmem_shm.load | 1 + .../apache2/mods-available/socache_dbm.load | 1 + .../mods-available/socache_memcache.load | 1 + .../apache2/mods-available/socache_redis.load | 1 + .../apache2/mods-available/socache_shmcb.load | 1 + etc-zntrl/apache2/mods-available/speling.load | 1 + etc-zntrl/apache2/mods-available/ssl.conf | 85 ++ etc-zntrl/apache2/mods-available/ssl.load | 2 + etc-zntrl/apache2/mods-available/status.conf | 29 + etc-zntrl/apache2/mods-available/status.load | 1 + .../apache2/mods-available/substitute.load | 1 + etc-zntrl/apache2/mods-available/suexec.load | 1 + .../apache2/mods-available/unique_id.load | 1 + etc-zntrl/apache2/mods-available/userdir.conf | 12 + etc-zntrl/apache2/mods-available/userdir.load | 1 + .../apache2/mods-available/usertrack.load | 1 + .../apache2/mods-available/vhost_alias.load | 1 + etc-zntrl/apache2/mods-available/xml2enc.load | 1 + .../apache2/mods-enabled/access_compat.load | 1 + etc-zntrl/apache2/mods-enabled/alias.conf | 1 + etc-zntrl/apache2/mods-enabled/alias.load | 1 + .../apache2/mods-enabled/auth_basic.load | 1 + .../apache2/mods-enabled/authn_core.load | 1 + .../apache2/mods-enabled/authn_file.load | 1 + .../apache2/mods-enabled/authz_core.load | 1 + .../apache2/mods-enabled/authz_host.load | 1 + .../apache2/mods-enabled/authz_user.load | 1 + etc-zntrl/apache2/mods-enabled/autoindex.conf | 1 + etc-zntrl/apache2/mods-enabled/autoindex.load | 1 + etc-zntrl/apache2/mods-enabled/deflate.conf | 1 + etc-zntrl/apache2/mods-enabled/deflate.load | 1 + etc-zntrl/apache2/mods-enabled/dir.conf | 1 + etc-zntrl/apache2/mods-enabled/dir.load | 1 + etc-zntrl/apache2/mods-enabled/env.load | 1 + etc-zntrl/apache2/mods-enabled/expires.load | 1 + etc-zntrl/apache2/mods-enabled/filter.load | 1 + etc-zntrl/apache2/mods-enabled/headers.load | 1 + etc-zntrl/apache2/mods-enabled/mime.conf | 1 + etc-zntrl/apache2/mods-enabled/mime.load | 1 + .../apache2/mods-enabled/mpm_prefork.conf | 1 + .../apache2/mods-enabled/mpm_prefork.load | 1 + .../apache2/mods-enabled/negotiation.conf | 1 + .../apache2/mods-enabled/negotiation.load | 1 + .../apache2/mods-enabled/reqtimeout.conf | 1 + .../apache2/mods-enabled/reqtimeout.load | 1 + etc-zntrl/apache2/mods-enabled/setenvif.conf | 1 + etc-zntrl/apache2/mods-enabled/setenvif.load | 1 + .../apache2/mods-enabled/socache_shmcb.load | 1 + etc-zntrl/apache2/mods-enabled/ssl.conf | 1 + etc-zntrl/apache2/mods-enabled/ssl.load | 1 + etc-zntrl/apache2/mods-enabled/status.conf | 1 + etc-zntrl/apache2/mods-enabled/status.load | 1 + etc-zntrl/apache2/ports.conf | 15 + .../apache2/sites-available/000-default.conf | 31 + .../apache2/sites-available/default-ssl.conf | 134 +++ .../sites-available/kopano-webapp.conf | 84 ++ etc-zntrl/apache2/sites-available/nuc0.conf | 44 + etc-zntrl/apache2/sites-enabled/nuc0.conf | 1 + etc-zntrl/cron.d/.placeholder | 2 + etc-zntrl/cron.d/cloudns | 1 + etc-zntrl/cron.d/e2scrub_all | 2 + etc-zntrl/cron.d/mysql-bkp | 1 + etc-zntrl/cron.d/php | 14 + etc-zntrl/cron.d/popularity-contest | 3 + etc-zntrl/kopano/admin.cfg | 7 + etc-zntrl/kopano/admin.cfg.dpkg-new | 7 + etc-zntrl/kopano/autorespond.cfg | 22 + etc-zntrl/kopano/autorespond.cfg.dpkg-new | 22 + etc-zntrl/kopano/backup.cfg | 31 + etc-zntrl/kopano/backup.cfg.dpkg-new | 31 + etc-zntrl/kopano/dagent.cfg | 92 ++ etc-zntrl/kopano/dagent.cfg.dpkg-new | 91 ++ etc-zntrl/kopano/gateway.cfg | 47 + etc-zntrl/kopano/gateway.cfg.dpkg-new | 47 + etc-zntrl/kopano/grapi.cfg | 38 + etc-zntrl/kopano/ical.cfg | 34 + etc-zntrl/kopano/ical.cfg.dpkg-new | 34 + etc-zntrl/kopano/kapid-pubs-secret.key | 1 + etc-zntrl/kopano/kapid.cfg | 66 ++ .../kopano/konnectd-encryption-secret.key | 1 + .../kopano/konnectd-identifier-scopes.yaml | 14 + .../kopano/konnectd-signing-private-key.pem | 1 + etc-zntrl/kopano/konnectd.cfg | 146 +++ .../konnectkeys/konnect-20210314-0ae1.pem | 52 + etc-zntrl/kopano/kweb/.kweb/.setup-done | 0 etc-zntrl/kopano/kwebd.cfg | 137 +++ etc-zntrl/kopano/ldap.cfg | 36 + etc-zntrl/kopano/ldap.cfg.dpkg-new | 36 + etc-zntrl/kopano/monitor.cfg | 28 + etc-zntrl/kopano/monitor.cfg.dpkg-new | 28 + etc-zntrl/kopano/php-mapi.cfg | 30 + etc-zntrl/kopano/php-mapi.cfg.dpkg-new | 30 + .../kopano/quotamail/companywarning.mail | 11 + .../quotamail/companywarning.mail.dpkg-new | 11 + etc-zntrl/kopano/quotamail/userhard.mail | 17 + .../kopano/quotamail/userhard.mail.dpkg-new | 17 + etc-zntrl/kopano/quotamail/usersoft.mail | 17 + .../kopano/quotamail/usersoft.mail.dpkg-new | 17 + etc-zntrl/kopano/quotamail/userwarning.mail | 17 + .../quotamail/userwarning.mail.dpkg-new | 17 + etc-zntrl/kopano/search.cfg | 40 + etc-zntrl/kopano/search.cfg.dpkg-new | 40 + etc-zntrl/kopano/server.cfg | 120 +++ etc-zntrl/kopano/server.cfg.dpkg-new | 120 +++ etc-zntrl/kopano/spamd.cfg | 53 + etc-zntrl/kopano/spamd.cfg.dpkg-new | 53 + etc-zntrl/kopano/spooler.cfg | 30 + etc-zntrl/kopano/spooler.cfg.dpkg-new | 30 + etc-zntrl/kopano/statsd.cfg | 8 + etc-zntrl/kopano/unix.cfg | 42 + etc-zntrl/kopano/unix.cfg.dpkg-new | 42 + etc-zntrl/kopano/webapp/.htaccess | 28 + etc-zntrl/kopano/webapp/config-contactfax.php | 4 + etc-zntrl/kopano/webapp/config-gmaps.php | 13 + etc-zntrl/kopano/webapp/config-intranet.php | 17 + etc-zntrl/kopano/webapp/config-mattermost.php | 9 + etc-zntrl/kopano/webapp/config-meet.php | 19 + etc-zntrl/kopano/webapp/config-pimfolder.php | 4 + .../kopano/webapp/config-threema4deskapp.php | 6 + .../kopano/webapp/config-whatsapp4deskapp.php | 6 + etc-zntrl/kopano/webapp/config.php | 331 +++++++ etc-zntrl/postfix/dynamicmaps.cf | 1 + etc-zntrl/postfix/main.cf | 57 ++ etc-zntrl/postfix/main.cf.proto | 684 +++++++++++++ etc-zntrl/postfix/makedefs.out | 1 + etc-zntrl/postfix/master.cf | 67 ++ etc-zntrl/postfix/master.cf.proto | 127 +++ etc-zntrl/postfix/post-install | 925 +++++++++++++++++ etc-zntrl/postfix/postfix-files | 223 +++++ etc-zntrl/postfix/postfix-script | 478 +++++++++ etc-zntrl/postfix/virtual | 3 + etc-zntrl/postfix/virtual.db | Bin 0 -> 12288 bytes etc-zntrl/postfix/vmailbox | 4 + etc-zntrl/postfix/vmailbox.db | Bin 0 -> 12288 bytes 329 files changed, 12642 insertions(+) create mode 100644 etc-baloghs/cron.d/.placeholder create mode 100644 etc-baloghs/cron.d/backup create mode 100644 etc-baloghs/cron.d/certbot create mode 100644 etc-baloghs/cron.d/getmail create mode 100644 etc-baloghs/cron.d/grav create mode 100644 etc-baloghs/cron.d/mdadm create mode 100644 etc-baloghs/cron.d/php create mode 100644 etc-baloghs/cron.d/spamassassin create mode 100644 etc-baloghs/cron.d/tt-rss create mode 100644 etc-baloghs/spamassassin/50_scores.cf create mode 100644 etc-baloghs/spamassassin/65_debian.cf create mode 100644 etc-baloghs/spamassassin/init.pre create mode 100644 etc-baloghs/spamassassin/local.cf create mode 100644 etc-baloghs/spamassassin/local.cf.dist create mode 100644 etc-baloghs/spamassassin/sa-compile.pre create mode 100644 etc-baloghs/spamassassin/sa-update-hooks.d/spampd create mode 100644 etc-baloghs/spamassassin/sa-update-keys/pubring.gpg rename etc-baloghs/{docker-compose.yml => spamassassin/sa-update-keys/pubring.gpg~} (100%) rename etc-zntrl/docker-compose.yml => etc-baloghs/spamassassin/sa-update-keys/secring.gpg (100%) create mode 100644 etc-baloghs/spamassassin/sa-update-keys/trustdb.gpg create mode 100644 etc-baloghs/spamassassin/v310.pre create mode 100644 etc-baloghs/spamassassin/v312.pre create mode 100644 etc-baloghs/spamassassin/v320.pre create mode 100644 etc-baloghs/spamassassin/v330.pre create mode 100644 etc-baloghs/spamassassin/v340.pre create mode 100644 etc-baloghs/spamassassin/v341.pre create mode 100644 etc-baloghs/spamassassin/v342.pre create mode 100644 etc-baloghs/spampd.conf create mode 100644 etc-baloghs/z-push/autodiscover.conf.php create mode 100644 etc-baloghs/z-push/autodiscover.conf.php.dist create mode 100644 etc-baloghs/z-push/gabsync.conf.php create mode 100644 etc-baloghs/z-push/kopano.conf.php create mode 100644 etc-baloghs/z-push/policies.ini create mode 100644 etc-baloghs/z-push/z-push.conf.php create mode 100644 etc-baloghs/z-push/z-push.conf.php.dist create mode 100644 etc-baloghs/z-push/z-push.conf.php.dpkg-dist create mode 100644 etc-relay/postfix/aliases create mode 100644 etc-relay/postfix/aliases.db create mode 100644 etc-relay/postfix/dynamicmaps.cf create mode 100644 etc-relay/postfix/main.cf create mode 100644 etc-relay/postfix/main.cf.proto create mode 100644 etc-relay/postfix/makedefs.out create mode 100644 etc-relay/postfix/master.cf create mode 100644 etc-relay/postfix/master.cf.proto create mode 100644 etc-relay/postfix/post-install create mode 100644 etc-relay/postfix/postfix-files create mode 100644 etc-relay/postfix/postfix-script create mode 100644 etc-relay/postfix/relay_clientcerts create mode 100644 etc-relay/postfix/relay_clientcerts.db create mode 100644 etc-relay/postfix/transport create mode 100644 etc-relay/postfix/transport.db create mode 100644 etc-relay/postfix/virtual create mode 100644 etc-relay/postfix/virtual.db create mode 100644 etc-zntrl/apache2/apache2.conf create mode 100644 etc-zntrl/apache2/cipher.conf create mode 100644 etc-zntrl/apache2/conf-available/charset.conf create mode 100644 etc-zntrl/apache2/conf-available/localized-error-pages.conf create mode 100644 etc-zntrl/apache2/conf-available/other-vhosts-access-log.conf create mode 100644 etc-zntrl/apache2/conf-available/php7.4-fpm.conf create mode 100644 etc-zntrl/apache2/conf-available/security.conf create mode 100644 etc-zntrl/apache2/conf-available/serve-cgi-bin.conf create mode 100644 etc-zntrl/apache2/conf-available/z-push-autodiscover.conf create mode 100644 etc-zntrl/apache2/conf-available/z-push.conf create mode 120000 etc-zntrl/apache2/conf-enabled/charset.conf create mode 120000 etc-zntrl/apache2/conf-enabled/localized-error-pages.conf create mode 120000 etc-zntrl/apache2/conf-enabled/other-vhosts-access-log.conf create mode 120000 etc-zntrl/apache2/conf-enabled/security.conf create mode 120000 etc-zntrl/apache2/conf-enabled/serve-cgi-bin.conf create mode 100644 etc-zntrl/apache2/envvars create mode 100644 etc-zntrl/apache2/magic create mode 100644 etc-zntrl/apache2/mods-available/access_compat.load create mode 100644 etc-zntrl/apache2/mods-available/actions.conf create mode 100644 etc-zntrl/apache2/mods-available/actions.load create mode 100644 etc-zntrl/apache2/mods-available/alias.conf create mode 100644 etc-zntrl/apache2/mods-available/alias.load create mode 100644 etc-zntrl/apache2/mods-available/allowmethods.load create mode 100644 etc-zntrl/apache2/mods-available/asis.load create mode 100644 etc-zntrl/apache2/mods-available/auth_basic.load create mode 100644 etc-zntrl/apache2/mods-available/auth_digest.load create mode 100644 etc-zntrl/apache2/mods-available/auth_form.load create mode 100644 etc-zntrl/apache2/mods-available/authn_anon.load create mode 100644 etc-zntrl/apache2/mods-available/authn_core.load create mode 100644 etc-zntrl/apache2/mods-available/authn_dbd.load create mode 100644 etc-zntrl/apache2/mods-available/authn_dbm.load create mode 100644 etc-zntrl/apache2/mods-available/authn_file.load create mode 100644 etc-zntrl/apache2/mods-available/authn_socache.load create mode 100644 etc-zntrl/apache2/mods-available/authnz_fcgi.load create mode 100644 etc-zntrl/apache2/mods-available/authnz_ldap.load create mode 100644 etc-zntrl/apache2/mods-available/authz_core.load create mode 100644 etc-zntrl/apache2/mods-available/authz_dbd.load create mode 100644 etc-zntrl/apache2/mods-available/authz_dbm.load create mode 100644 etc-zntrl/apache2/mods-available/authz_groupfile.load create mode 100644 etc-zntrl/apache2/mods-available/authz_host.load create mode 100644 etc-zntrl/apache2/mods-available/authz_owner.load create mode 100644 etc-zntrl/apache2/mods-available/authz_user.load create mode 100644 etc-zntrl/apache2/mods-available/autoindex.conf create mode 100644 etc-zntrl/apache2/mods-available/autoindex.load create mode 100644 etc-zntrl/apache2/mods-available/brotli.load create mode 100644 etc-zntrl/apache2/mods-available/buffer.load create mode 100644 etc-zntrl/apache2/mods-available/cache.load create mode 100644 etc-zntrl/apache2/mods-available/cache_disk.conf create mode 100644 etc-zntrl/apache2/mods-available/cache_disk.load create mode 100644 etc-zntrl/apache2/mods-available/cache_socache.load create mode 100644 etc-zntrl/apache2/mods-available/cern_meta.load create mode 100644 etc-zntrl/apache2/mods-available/cgi.load create mode 100644 etc-zntrl/apache2/mods-available/cgid.conf create mode 100644 etc-zntrl/apache2/mods-available/cgid.load create mode 100644 etc-zntrl/apache2/mods-available/charset_lite.load create mode 100644 etc-zntrl/apache2/mods-available/data.load create mode 100644 etc-zntrl/apache2/mods-available/dav.load create mode 100644 etc-zntrl/apache2/mods-available/dav_fs.conf create mode 100644 etc-zntrl/apache2/mods-available/dav_fs.load create mode 100644 etc-zntrl/apache2/mods-available/dav_lock.load create mode 100644 etc-zntrl/apache2/mods-available/dbd.load create mode 100644 etc-zntrl/apache2/mods-available/deflate.conf create mode 100644 etc-zntrl/apache2/mods-available/deflate.load create mode 100644 etc-zntrl/apache2/mods-available/dialup.load create mode 100644 etc-zntrl/apache2/mods-available/dir.conf create mode 100644 etc-zntrl/apache2/mods-available/dir.load create mode 100644 etc-zntrl/apache2/mods-available/dump_io.load create mode 100644 etc-zntrl/apache2/mods-available/echo.load create mode 100644 etc-zntrl/apache2/mods-available/env.load create mode 100644 etc-zntrl/apache2/mods-available/expires.load create mode 100644 etc-zntrl/apache2/mods-available/ext_filter.load create mode 100644 etc-zntrl/apache2/mods-available/file_cache.load create mode 100644 etc-zntrl/apache2/mods-available/filter.load create mode 100644 etc-zntrl/apache2/mods-available/headers.load create mode 100644 etc-zntrl/apache2/mods-available/heartbeat.load create mode 100644 etc-zntrl/apache2/mods-available/heartmonitor.load create mode 100644 etc-zntrl/apache2/mods-available/http2.conf create mode 100644 etc-zntrl/apache2/mods-available/http2.load create mode 100644 etc-zntrl/apache2/mods-available/ident.load create mode 100644 etc-zntrl/apache2/mods-available/imagemap.load create mode 100644 etc-zntrl/apache2/mods-available/include.load create mode 100644 etc-zntrl/apache2/mods-available/info.conf create mode 100644 etc-zntrl/apache2/mods-available/info.load create mode 100644 etc-zntrl/apache2/mods-available/lbmethod_bybusyness.load create mode 100644 etc-zntrl/apache2/mods-available/lbmethod_byrequests.load create mode 100644 etc-zntrl/apache2/mods-available/lbmethod_bytraffic.load create mode 100644 etc-zntrl/apache2/mods-available/lbmethod_heartbeat.load create mode 100644 etc-zntrl/apache2/mods-available/ldap.conf create mode 100644 etc-zntrl/apache2/mods-available/ldap.load create mode 100644 etc-zntrl/apache2/mods-available/log_debug.load create mode 100644 etc-zntrl/apache2/mods-available/log_forensic.load create mode 100644 etc-zntrl/apache2/mods-available/lua.load create mode 100644 etc-zntrl/apache2/mods-available/macro.load create mode 100644 etc-zntrl/apache2/mods-available/md.load create mode 100644 etc-zntrl/apache2/mods-available/mime.conf create mode 100644 etc-zntrl/apache2/mods-available/mime.load create mode 100644 etc-zntrl/apache2/mods-available/mime_magic.conf create mode 100644 etc-zntrl/apache2/mods-available/mime_magic.load create mode 100644 etc-zntrl/apache2/mods-available/mpm_event.conf create mode 100644 etc-zntrl/apache2/mods-available/mpm_event.load create mode 100644 etc-zntrl/apache2/mods-available/mpm_prefork.conf create mode 100644 etc-zntrl/apache2/mods-available/mpm_prefork.load create mode 100644 etc-zntrl/apache2/mods-available/mpm_worker.conf create mode 100644 etc-zntrl/apache2/mods-available/mpm_worker.load create mode 100644 etc-zntrl/apache2/mods-available/negotiation.conf create mode 100644 etc-zntrl/apache2/mods-available/negotiation.load create mode 100644 etc-zntrl/apache2/mods-available/php7.4.conf create mode 100644 etc-zntrl/apache2/mods-available/php7.4.load create mode 100644 etc-zntrl/apache2/mods-available/proxy.conf create mode 100644 etc-zntrl/apache2/mods-available/proxy.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_ajp.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_balancer.conf create mode 100644 etc-zntrl/apache2/mods-available/proxy_balancer.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_connect.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_express.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_fcgi.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_fdpass.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_ftp.conf create mode 100644 etc-zntrl/apache2/mods-available/proxy_ftp.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_hcheck.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_html.conf create mode 100644 etc-zntrl/apache2/mods-available/proxy_html.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_http.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_http2.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_scgi.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_uwsgi.load create mode 100644 etc-zntrl/apache2/mods-available/proxy_wstunnel.load create mode 100644 etc-zntrl/apache2/mods-available/ratelimit.load create mode 100644 etc-zntrl/apache2/mods-available/reflector.load create mode 100644 etc-zntrl/apache2/mods-available/remoteip.load create mode 100644 etc-zntrl/apache2/mods-available/reqtimeout.conf create mode 100644 etc-zntrl/apache2/mods-available/reqtimeout.load create mode 100644 etc-zntrl/apache2/mods-available/request.load create mode 100644 etc-zntrl/apache2/mods-available/rewrite.load create mode 100644 etc-zntrl/apache2/mods-available/sed.load create mode 100644 etc-zntrl/apache2/mods-available/session.load create mode 100644 etc-zntrl/apache2/mods-available/session_cookie.load create mode 100644 etc-zntrl/apache2/mods-available/session_crypto.load create mode 100644 etc-zntrl/apache2/mods-available/session_dbd.load create mode 100644 etc-zntrl/apache2/mods-available/setenvif.conf create mode 100644 etc-zntrl/apache2/mods-available/setenvif.load create mode 100644 etc-zntrl/apache2/mods-available/slotmem_plain.load create mode 100644 etc-zntrl/apache2/mods-available/slotmem_shm.load create mode 100644 etc-zntrl/apache2/mods-available/socache_dbm.load create mode 100644 etc-zntrl/apache2/mods-available/socache_memcache.load create mode 100644 etc-zntrl/apache2/mods-available/socache_redis.load create mode 100644 etc-zntrl/apache2/mods-available/socache_shmcb.load create mode 100644 etc-zntrl/apache2/mods-available/speling.load create mode 100644 etc-zntrl/apache2/mods-available/ssl.conf create mode 100644 etc-zntrl/apache2/mods-available/ssl.load create mode 100644 etc-zntrl/apache2/mods-available/status.conf create mode 100644 etc-zntrl/apache2/mods-available/status.load create mode 100644 etc-zntrl/apache2/mods-available/substitute.load create mode 100644 etc-zntrl/apache2/mods-available/suexec.load create mode 100644 etc-zntrl/apache2/mods-available/unique_id.load create mode 100644 etc-zntrl/apache2/mods-available/userdir.conf create mode 100644 etc-zntrl/apache2/mods-available/userdir.load create mode 100644 etc-zntrl/apache2/mods-available/usertrack.load create mode 100644 etc-zntrl/apache2/mods-available/vhost_alias.load create mode 100644 etc-zntrl/apache2/mods-available/xml2enc.load create mode 120000 etc-zntrl/apache2/mods-enabled/access_compat.load create mode 120000 etc-zntrl/apache2/mods-enabled/alias.conf create mode 120000 etc-zntrl/apache2/mods-enabled/alias.load create mode 120000 etc-zntrl/apache2/mods-enabled/auth_basic.load create mode 120000 etc-zntrl/apache2/mods-enabled/authn_core.load create mode 120000 etc-zntrl/apache2/mods-enabled/authn_file.load create mode 120000 etc-zntrl/apache2/mods-enabled/authz_core.load create mode 120000 etc-zntrl/apache2/mods-enabled/authz_host.load create mode 120000 etc-zntrl/apache2/mods-enabled/authz_user.load create mode 120000 etc-zntrl/apache2/mods-enabled/autoindex.conf create mode 120000 etc-zntrl/apache2/mods-enabled/autoindex.load create mode 120000 etc-zntrl/apache2/mods-enabled/deflate.conf create mode 120000 etc-zntrl/apache2/mods-enabled/deflate.load create mode 120000 etc-zntrl/apache2/mods-enabled/dir.conf create mode 120000 etc-zntrl/apache2/mods-enabled/dir.load create mode 120000 etc-zntrl/apache2/mods-enabled/env.load create mode 120000 etc-zntrl/apache2/mods-enabled/expires.load create mode 120000 etc-zntrl/apache2/mods-enabled/filter.load create mode 120000 etc-zntrl/apache2/mods-enabled/headers.load create mode 120000 etc-zntrl/apache2/mods-enabled/mime.conf create mode 120000 etc-zntrl/apache2/mods-enabled/mime.load create mode 120000 etc-zntrl/apache2/mods-enabled/mpm_prefork.conf create mode 120000 etc-zntrl/apache2/mods-enabled/mpm_prefork.load create mode 120000 etc-zntrl/apache2/mods-enabled/negotiation.conf create mode 120000 etc-zntrl/apache2/mods-enabled/negotiation.load create mode 120000 etc-zntrl/apache2/mods-enabled/reqtimeout.conf create mode 120000 etc-zntrl/apache2/mods-enabled/reqtimeout.load create mode 120000 etc-zntrl/apache2/mods-enabled/setenvif.conf create mode 120000 etc-zntrl/apache2/mods-enabled/setenvif.load create mode 120000 etc-zntrl/apache2/mods-enabled/socache_shmcb.load create mode 120000 etc-zntrl/apache2/mods-enabled/ssl.conf create mode 120000 etc-zntrl/apache2/mods-enabled/ssl.load create mode 120000 etc-zntrl/apache2/mods-enabled/status.conf create mode 120000 etc-zntrl/apache2/mods-enabled/status.load create mode 100644 etc-zntrl/apache2/ports.conf create mode 100644 etc-zntrl/apache2/sites-available/000-default.conf create mode 100644 etc-zntrl/apache2/sites-available/default-ssl.conf create mode 100644 etc-zntrl/apache2/sites-available/kopano-webapp.conf create mode 100644 etc-zntrl/apache2/sites-available/nuc0.conf create mode 120000 etc-zntrl/apache2/sites-enabled/nuc0.conf create mode 100644 etc-zntrl/cron.d/.placeholder create mode 100644 etc-zntrl/cron.d/cloudns create mode 100644 etc-zntrl/cron.d/e2scrub_all create mode 100644 etc-zntrl/cron.d/mysql-bkp create mode 100644 etc-zntrl/cron.d/php create mode 100644 etc-zntrl/cron.d/popularity-contest create mode 100644 etc-zntrl/kopano/admin.cfg create mode 100644 etc-zntrl/kopano/admin.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/autorespond.cfg create mode 100644 etc-zntrl/kopano/autorespond.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/backup.cfg create mode 100644 etc-zntrl/kopano/backup.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/dagent.cfg create mode 100644 etc-zntrl/kopano/dagent.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/gateway.cfg create mode 100644 etc-zntrl/kopano/gateway.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/grapi.cfg create mode 100644 etc-zntrl/kopano/ical.cfg create mode 100644 etc-zntrl/kopano/ical.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/kapid-pubs-secret.key create mode 100644 etc-zntrl/kopano/kapid.cfg create mode 100644 etc-zntrl/kopano/konnectd-encryption-secret.key create mode 100644 etc-zntrl/kopano/konnectd-identifier-scopes.yaml create mode 120000 etc-zntrl/kopano/konnectd-signing-private-key.pem create mode 100644 etc-zntrl/kopano/konnectd.cfg create mode 100644 etc-zntrl/kopano/konnectkeys/konnect-20210314-0ae1.pem create mode 100644 etc-zntrl/kopano/kweb/.kweb/.setup-done create mode 100644 etc-zntrl/kopano/kwebd.cfg create mode 100644 etc-zntrl/kopano/ldap.cfg create mode 100644 etc-zntrl/kopano/ldap.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/monitor.cfg create mode 100644 etc-zntrl/kopano/monitor.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/php-mapi.cfg create mode 100644 etc-zntrl/kopano/php-mapi.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/quotamail/companywarning.mail create mode 100644 etc-zntrl/kopano/quotamail/companywarning.mail.dpkg-new create mode 100644 etc-zntrl/kopano/quotamail/userhard.mail create mode 100644 etc-zntrl/kopano/quotamail/userhard.mail.dpkg-new create mode 100644 etc-zntrl/kopano/quotamail/usersoft.mail create mode 100644 etc-zntrl/kopano/quotamail/usersoft.mail.dpkg-new create mode 100644 etc-zntrl/kopano/quotamail/userwarning.mail create mode 100644 etc-zntrl/kopano/quotamail/userwarning.mail.dpkg-new create mode 100644 etc-zntrl/kopano/search.cfg create mode 100644 etc-zntrl/kopano/search.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/server.cfg create mode 100644 etc-zntrl/kopano/server.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/spamd.cfg create mode 100644 etc-zntrl/kopano/spamd.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/spooler.cfg create mode 100644 etc-zntrl/kopano/spooler.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/statsd.cfg create mode 100644 etc-zntrl/kopano/unix.cfg create mode 100644 etc-zntrl/kopano/unix.cfg.dpkg-new create mode 100644 etc-zntrl/kopano/webapp/.htaccess create mode 100644 etc-zntrl/kopano/webapp/config-contactfax.php create mode 100644 etc-zntrl/kopano/webapp/config-gmaps.php create mode 100644 etc-zntrl/kopano/webapp/config-intranet.php create mode 100644 etc-zntrl/kopano/webapp/config-mattermost.php create mode 100644 etc-zntrl/kopano/webapp/config-meet.php create mode 100644 etc-zntrl/kopano/webapp/config-pimfolder.php create mode 100644 etc-zntrl/kopano/webapp/config-threema4deskapp.php create mode 100644 etc-zntrl/kopano/webapp/config-whatsapp4deskapp.php create mode 100644 etc-zntrl/kopano/webapp/config.php create mode 100644 etc-zntrl/postfix/dynamicmaps.cf create mode 100644 etc-zntrl/postfix/main.cf create mode 100644 etc-zntrl/postfix/main.cf.proto create mode 120000 etc-zntrl/postfix/makedefs.out create mode 100644 etc-zntrl/postfix/master.cf create mode 100644 etc-zntrl/postfix/master.cf.proto create mode 100644 etc-zntrl/postfix/post-install create mode 100644 etc-zntrl/postfix/postfix-files create mode 100644 etc-zntrl/postfix/postfix-script create mode 100644 etc-zntrl/postfix/virtual create mode 100644 etc-zntrl/postfix/virtual.db create mode 100644 etc-zntrl/postfix/vmailbox create mode 100644 etc-zntrl/postfix/vmailbox.db diff --git a/etc-baloghs/cron.d/.placeholder b/etc-baloghs/cron.d/.placeholder new file mode 100644 index 0000000..76cb8d0 --- /dev/null +++ b/etc-baloghs/cron.d/.placeholder @@ -0,0 +1,2 @@ +# DO NOT EDIT OR REMOVE +# This file is a simple placeholder to keep dpkg from removing this directory diff --git a/etc-baloghs/cron.d/backup b/etc-baloghs/cron.d/backup new file mode 100644 index 0000000..584468f --- /dev/null +++ b/etc-baloghs/cron.d/backup @@ -0,0 +1,4 @@ +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +30 9 * * * root /root/bin/db-backup.sh >>/var/log/backup.log 2>&1 diff --git a/etc-baloghs/cron.d/certbot b/etc-baloghs/cron.d/certbot new file mode 100644 index 0000000..af2aaa0 --- /dev/null +++ b/etc-baloghs/cron.d/certbot @@ -0,0 +1,2 @@ +30 18 * * mon root /root/bin/renew-certs.sh >>/var/log/renew-certs.log 2>&1 + diff --git a/etc-baloghs/cron.d/getmail b/etc-baloghs/cron.d/getmail new file mode 100644 index 0000000..eb362b4 --- /dev/null +++ b/etc-baloghs/cron.d/getmail @@ -0,0 +1,3 @@ +*/15 * * * * vmail /usr/bin/getmail -g /var/lib/getmail-udmedia -r ud02_276p1 -r ud02_276p2 -r ud02_276p3 +*/15 * * * * spamd /usr/bin/getmail -g /var/lib/getmail-spamd -r not_spam -r missed_spam + diff --git a/etc-baloghs/cron.d/grav b/etc-baloghs/cron.d/grav new file mode 100644 index 0000000..6fd71fb --- /dev/null +++ b/etc-baloghs/cron.d/grav @@ -0,0 +1 @@ +*/5 * * * * www-data cd /var/www-baloghs;/usr/bin/php bin/grav scheduler 1>> /dev/null 2>&1 diff --git a/etc-baloghs/cron.d/mdadm b/etc-baloghs/cron.d/mdadm new file mode 100644 index 0000000..309d180 --- /dev/null +++ b/etc-baloghs/cron.d/mdadm @@ -0,0 +1,12 @@ +# +# cron.d/mdadm -- schedules periodic redundancy checks of MD devices +# +# Copyright © martin f. krafft +# distributed under the terms of the Artistic Licence 2.0 +# + +# By default, run at 00:57 on every Sunday, but do nothing unless the day of +# the month is less than or equal to 7. Thus, only run on the first Sunday of +# each month. crontab(5) sucks, unfortunately, in this regard; therefore this +# hack (see #380425). +57 0 * * 0 root if [ -x /usr/share/mdadm/checkarray ] && [ $(date +\%d) -le 7 ]; then /usr/share/mdadm/checkarray --cron --all --idle --quiet; fi diff --git a/etc-baloghs/cron.d/php b/etc-baloghs/cron.d/php new file mode 100644 index 0000000..84e5d10 --- /dev/null +++ b/etc-baloghs/cron.d/php @@ -0,0 +1,14 @@ +# /etc/cron.d/php@PHP_VERSION@: crontab fragment for PHP +# This purges session files in session.save_path older than X, +# where X is defined in seconds as the largest value of +# session.gc_maxlifetime from all your SAPI php.ini files +# or 24 minutes if not defined. The script triggers only +# when session.save_handler=files. +# +# WARNING: The scripts tries hard to honour all relevant +# session PHP options, but if you do something unusual +# you have to disable this script and take care of your +# sessions yourself. + +# Look for and purge old sessions every 30 minutes +09,39 * * * * root [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi diff --git a/etc-baloghs/cron.d/spamassassin b/etc-baloghs/cron.d/spamassassin new file mode 100644 index 0000000..2b22b98 --- /dev/null +++ b/etc-baloghs/cron.d/spamassassin @@ -0,0 +1 @@ +5 23 * * 5 root /usr/bin/sa-update -D && systemctl restart spampd >>/var/log/sa-update.log 2>&1 diff --git a/etc-baloghs/cron.d/tt-rss b/etc-baloghs/cron.d/tt-rss new file mode 100644 index 0000000..0cf25bc --- /dev/null +++ b/etc-baloghs/cron.d/tt-rss @@ -0,0 +1 @@ +*/5 * * * * www-data /usr/bin/php /var/www/tt-rss/update.php --feeds >>/var/log/tt-rss.log 2>&1 diff --git a/etc-baloghs/spamassassin/50_scores.cf b/etc-baloghs/spamassassin/50_scores.cf new file mode 100644 index 0000000..70e85b1 --- /dev/null +++ b/etc-baloghs/spamassassin/50_scores.cf @@ -0,0 +1 @@ +score RDNS_NONE 5.0 diff --git a/etc-baloghs/spamassassin/65_debian.cf b/etc-baloghs/spamassassin/65_debian.cf new file mode 100644 index 0000000..c92da6f --- /dev/null +++ b/etc-baloghs/spamassassin/65_debian.cf @@ -0,0 +1,34 @@ +# Special SpamAssassin rules for Debian +# Duncan Findlay + +header D_SENT_BY_DEBCONF Subject =~ /^Debconf:/ +score D_SENT_BY_DEBCONF -5.0 +describe D_SENT_BY_DEBCONF Sent by Debconf + +body D_SENT_BY_AFBACKUP /^\[Afbackup\]: Overall exit status:/ +score D_SENT_BY_AFBACKUP -5.0 +describe D_SENT_BY_AFBACKUP Sent by Afbackup + +header D_SENT_BY_APTLC Subject =~ /^apt-listchanges: (changelogs|news) for/ +score D_SENT_BY_APTLC -5.0 +describe D_SENT_BY_APTLC Sent by apt-listchanges + +header __ANACRON_SUBJ Subject =~ /^Anacron job '[a-z0-9_.-]+' on/i +header __ANACRON_FROM From =~ /^Anacron/ +meta D_SENT_BY_ANACRON __ANACRON_SUBJ && __ANACRON_FROM +score D_SENT_BY_ANACRON -5.0 +describe D_SENT_BY_ANACRON Sent by Anacron Daemon + + +header __CRON_FROM From =~ /^Cron Daemon/ +header __CRON_HEADER X-Cron-Env =~ /./ +meta D_SENT_BY_CRON __CRON_FROM && __CRON_HEADER +score D_SENT_BY_CRON -5.0 +describe D_SENT_BY_CRON Sent by Cron Daemon + +# As documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861671, +# the bb.barracudacentral.org blacklist requires users to register, making it +# unsuitable for use in the default configuration. If you've registered your +# use of this blacklist, remove the following line in order to re-activate +# this service: +score RCVD_IN_BRBL_LASTEXT 0 diff --git a/etc-baloghs/spamassassin/init.pre b/etc-baloghs/spamassassin/init.pre new file mode 100644 index 0000000..a330bad --- /dev/null +++ b/etc-baloghs/spamassassin/init.pre @@ -0,0 +1,36 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file contains plugin activation commands for plugins included +# in SpamAssassin 3.0.x releases. It will not be installed if you +# already have a file in place called "init.pre". +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# RelayCountry - add metadata for Bayes learning, marking the countries +# a message was relayed through +# +# Note: This requires the Geo::IP Perl module +# +# loadplugin Mail::SpamAssassin::Plugin::RelayCountry + +# URIDNSBL - look up URLs found in the message against several DNS +# blocklists. +# +loadplugin Mail::SpamAssassin::Plugin::URIDNSBL + +# Hashcash - perform hashcash verification. +# +loadplugin Mail::SpamAssassin::Plugin::Hashcash + +# SPF - perform SPF verification. +# +loadplugin Mail::SpamAssassin::Plugin::SPF + diff --git a/etc-baloghs/spamassassin/local.cf b/etc-baloghs/spamassassin/local.cf new file mode 100644 index 0000000..3c2b493 --- /dev/null +++ b/etc-baloghs/spamassassin/local.cf @@ -0,0 +1,89 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# Only a small subset of options are listed below +# +########################################################################### + +# Add *****SPAM***** to the Subject header of spam e-mails +# +# rewrite_header Subject *****SPAM***** + + +# Save spam messages as a message/rfc822 MIME attachment instead of +# modifying the original message (0: off, 2: use text/plain instead) +# +report_safe 0 + + +# Set which networks or hosts are considered 'trusted' by your mail +# server (i.e. not spammers) +# +# trusted_networks 212.17.35. + + +# Set file-locking method (flock is not safe over NFS, but is faster) +# +# lock_method flock + + +# Set the threshold at which a message is considered spam (default: 5.0) +# +required_score 4.1 + + +# Use Bayesian classifier (default: 1) +# +# use_bayes 1 + + +# Bayesian classifier auto-learning (default: 1) +# +# bayes_auto_learn 1 + + +# Set headers which may provide inappropriate cues to the Bayesian +# classifier +# +# bayes_ignore_header X-Bogosity +# bayes_ignore_header X-Spam-Flag +# bayes_ignore_header X-Spam-Status + + +# Whether to decode non- UTF-8 and non-ASCII textual parts and recode +# them to UTF-8 before the text is given over to rules processing. +# +# normalize_charset 1 + +# Some shortcircuiting, if the plugin is enabled +# +ifplugin Mail::SpamAssassin::Plugin::Shortcircuit +# +# default: strongly-whitelisted mails are *really* whitelisted now, if the +# shortcircuiting plugin is active, causing early exit to save CPU load. +# Uncomment to turn this on +# +# shortcircuit USER_IN_WHITELIST on +# shortcircuit USER_IN_DEF_WHITELIST on +# shortcircuit USER_IN_ALL_SPAM_TO on +# shortcircuit SUBJECT_IN_WHITELIST on + +# the opposite; blacklisted mails can also save CPU +# +# shortcircuit USER_IN_BLACKLIST on +# shortcircuit USER_IN_BLACKLIST_TO on +# shortcircuit SUBJECT_IN_BLACKLIST on + +# if you have taken the time to correctly specify your "trusted_networks", +# this is another good way to save CPU +# +# shortcircuit ALL_TRUSTED on + +# and a well-trained bayes DB can save running rules, too +# +# shortcircuit BAYES_99 spam +# shortcircuit BAYES_00 ham + +endif # Mail::SpamAssassin::Plugin::Shortcircuit diff --git a/etc-baloghs/spamassassin/local.cf.dist b/etc-baloghs/spamassassin/local.cf.dist new file mode 100644 index 0000000..95bc494 --- /dev/null +++ b/etc-baloghs/spamassassin/local.cf.dist @@ -0,0 +1,89 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# Only a small subset of options are listed below +# +########################################################################### + +# Add *****SPAM***** to the Subject header of spam e-mails +# +# rewrite_header Subject *****SPAM***** + + +# Save spam messages as a message/rfc822 MIME attachment instead of +# modifying the original message (0: off, 2: use text/plain instead) +# +# report_safe 1 + + +# Set which networks or hosts are considered 'trusted' by your mail +# server (i.e. not spammers) +# +# trusted_networks 212.17.35. + + +# Set file-locking method (flock is not safe over NFS, but is faster) +# +# lock_method flock + + +# Set the threshold at which a message is considered spam (default: 5.0) +# +# required_score 5.0 + + +# Use Bayesian classifier (default: 1) +# +# use_bayes 1 + + +# Bayesian classifier auto-learning (default: 1) +# +# bayes_auto_learn 1 + + +# Set headers which may provide inappropriate cues to the Bayesian +# classifier +# +# bayes_ignore_header X-Bogosity +# bayes_ignore_header X-Spam-Flag +# bayes_ignore_header X-Spam-Status + + +# Whether to decode non- UTF-8 and non-ASCII textual parts and recode +# them to UTF-8 before the text is given over to rules processing. +# +# normalize_charset 1 + +# Some shortcircuiting, if the plugin is enabled +# +ifplugin Mail::SpamAssassin::Plugin::Shortcircuit +# +# default: strongly-whitelisted mails are *really* whitelisted now, if the +# shortcircuiting plugin is active, causing early exit to save CPU load. +# Uncomment to turn this on +# +# shortcircuit USER_IN_WHITELIST on +# shortcircuit USER_IN_DEF_WHITELIST on +# shortcircuit USER_IN_ALL_SPAM_TO on +# shortcircuit SUBJECT_IN_WHITELIST on + +# the opposite; blacklisted mails can also save CPU +# +# shortcircuit USER_IN_BLACKLIST on +# shortcircuit USER_IN_BLACKLIST_TO on +# shortcircuit SUBJECT_IN_BLACKLIST on + +# if you have taken the time to correctly specify your "trusted_networks", +# this is another good way to save CPU +# +# shortcircuit ALL_TRUSTED on + +# and a well-trained bayes DB can save running rules, too +# +# shortcircuit BAYES_99 spam +# shortcircuit BAYES_00 ham + +endif # Mail::SpamAssassin::Plugin::Shortcircuit diff --git a/etc-baloghs/spamassassin/sa-compile.pre b/etc-baloghs/spamassassin/sa-compile.pre new file mode 100644 index 0000000..e20236a --- /dev/null +++ b/etc-baloghs/spamassassin/sa-compile.pre @@ -0,0 +1,3 @@ +# Rule2XSBody - speedup by compilation of ruleset to native code +# +loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody diff --git a/etc-baloghs/spamassassin/sa-update-hooks.d/spampd b/etc-baloghs/spamassassin/sa-update-hooks.d/spampd new file mode 100644 index 0000000..4ea8b06 --- /dev/null +++ b/etc-baloghs/spamassassin/sa-update-hooks.d/spampd @@ -0,0 +1,6 @@ +#!/bin/sh + +service spampd restart + +exit 0 + diff --git a/etc-baloghs/spamassassin/sa-update-keys/pubring.gpg b/etc-baloghs/spamassassin/sa-update-keys/pubring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..097cb0ef04392e80abc5ecea1883f5a8082d3be6 GIT binary patch literal 2783 zcmV<53Ly2F0t*B~r))F<5CFk_*1m;L92s!`*=8#sdl}>@uM1~_V5kuDwY$@+bHZ$B zWn>a1`O&6EX9lFXSU6XN&`yR=LV#X>d)$YdGy=NASbZBUDc`Npbj7}{^#0bItdm~r zyx^S1_tHjG`G7T39LKP?wYC!($XeByh`-j&~=K}%r| z^Z`YE5E^Lr=(Y|+6nDpYw?4q=?q8rC;*EpzA;oP}onFW&I)Lp+;lco6vKa_{79m`D zF$nT?^0EmY1MN{yrI;{roll!4QnM}Pt|$gp_5`6swtZyn+BFWO9q@yiV9x8kgx*4= zC|Mf%y5`;w8qgj}8Nrd)NFRxQh%maa2Rd6$iiy;kP$jhltIaX3{g)vmJBHsaxmiX! z8E!t)j;-)PU(YU+@+daEWuH75^_qDQ)HN6x8>A|Gr3#c$pRWy(T;e8DH@iwazj$sG zckoVlX%+Wf@>m(Y2zw7U)|CveqCk$XkOh+62_il)WL#v~6nhlM-{Rg*NP(`M;A*yT z5)}sO_pm%;D(jMKGVlY_fXTXZLG7$Q^z&?IKYvsErd0m;a7C06@D|yBzpoJTnHw=_ zM01lpoq~GFallM=a~1UA#2hU-hsE2K#%ak^GDD1C?~#caCXJyQPqm@HmXB@b_xOG9 z=;@=rcbkFjxRn3~DYQRzaAaY0WpgfbaA9p>b8}&Hb7^iaZ*pfKQ)y>zX>MmAOJ#W= zJaT1hWnpt=Kyz?mZDDhBVRLh7ZZ24Gy)p~1`7!Y2Ll2G z6#@tY1Qr4V0RkQY0vCV)3JDNER;C(KMC?Umeh>d_USnPX@Ef#cn6ud!>yFsK-`sld&G=9&u}zj zl#)KZoHbBOmmAgMNvW9W<` zpo$260`+AuNYtIO4~qNTXlCo>X?8Rv<<>R8-K*&(aMA)}7 z+6yP*KH+Msw;@nl$w23jYpxFAElKJTj3!qRzC&oJn<9}i=KSwOYr+&+D+bOAUQh07 zX&?%br$Lctqd(HD)_haHp4OL~5##A1NKnbA)GCa9`kpsYS}Ng8n{@O;yiZb@4QgoB zA;|_d6#r6LJzDE~xfl-jXnrZUW3&e5eMfT*Xf_#p^A431W13JbZH_3ZW3F~nRcW5} z5nav{S&koyXQvlV(S0TA!FrzhuREXMb)DTKn5wLp)ScyEROyeA5i0J~IjD5M+L`jK zI>+$VLJZXTO?M&(5No%c+s6|BSMkCW>@}w=wcWGEz^I=U3NxJkt!}VX$AD=Vq08;R zNG5VN?(vMN&f&Zt6QK2pJ*g7Vf(>6b9M=PZx;E-9^#vY0C zw0fie5-fj?P1uqKE)_JCT{wk@#G{&ev=N~KN9<^ z--8pNhIKx8$!byMF8!$LolwlqfCxl9JwgN=^_FOoQ<5bN4!T+ZZQ4uWJP_G;$uPA# z(3u%paSmLZ0+qcg8&RsYz)x(!6g~D_LHc2J68DaknU$xp79vqdKY-G>uV5%4l>tJm!Z2z2Tj%)ryS^ zP>S2X;d~ybkq^^y-v1&_wR9NmiHB4R+fxIUUR%ZaqU5Hw)U`lZvB&0kh9%YQ2=&@n z6)NIrhC0=<7u;=J(;isk0*%;^=13fh03ejqF%xr4jD3@cYdu!+ZB!vDGLyhlZ3gUb znwv&V!o(u~Qy!Y7tH|VWD@oa!-G&+;JSCA&^0TAmg!rf)e*ZjAlH%;Ewb@V9rXsxO z?x#k|SC4w_w8-5CFB1zu$UnTD6E*2DuFg zPZL9w<$|)utZo4e=QMTDG5+e!n_NS@#~{Z*n`^z$k9yQYqRH+#Isr0qj9oSr%GuV> z3;@pxwP4Si7zdLbq8IyRCdUDCUxAD{+N?Amu??RonG&OFVp4%bE$QuiVwPotRyaaT zQdXO4?B+p^BAzWsON3&28E6C{=Sy;ctrs$ae?9ZUeGbN7wGwr1^D2${tCmgw59~%~ z`%LYrmNe(kYjCZjnCzFn)0qXp2V5m2o*(W!d;ld~mK9`;iQS|&BF?Q}iQVGUvzrC? z17XEvVVAG<(aaOhJhVD{`EZzawl{E+$e=M3FwciP-`v+Z8RGug*!YGv+Cx(+?>K-T zD+cP6tHTgn*HYcK(K`$cQ#wM>Jwn$#Uk3b_4826amviq$oZ4^F!>dS%-eC97moaaM zZr(R0O_yx0^(44kRkx392M1Ok)Lctvjuc;Cx-wc^5^L#XD9DL-{(?iM?_$U#luqsw zH0egkDUw5+3QbP?$lsUX>< version 0.20 or later is installed, this +# renders the DomainKeys plugin redundant. +# +loadplugin Mail::SpamAssassin::Plugin::DKIM + diff --git a/etc-baloghs/spamassassin/v320.pre b/etc-baloghs/spamassassin/v320.pre new file mode 100644 index 0000000..846c73a --- /dev/null +++ b/etc-baloghs/spamassassin/v320.pre @@ -0,0 +1,64 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 3.2.0, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# Check - Provides main check functionality +# +loadplugin Mail::SpamAssassin::Plugin::Check + +# HTTPSMismatch - find URI mismatches between href and anchor text +# +loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch + +# URIDetail - test URIs using detailed URI information +# +loadplugin Mail::SpamAssassin::Plugin::URIDetail + +# Shortcircuit - stop evaluation early if high-accuracy rules fire +# +# loadplugin Mail::SpamAssassin::Plugin::Shortcircuit + +# Plugins which used to be EvalTests.pm +# broken out into separate plugins +loadplugin Mail::SpamAssassin::Plugin::Bayes +loadplugin Mail::SpamAssassin::Plugin::BodyEval +loadplugin Mail::SpamAssassin::Plugin::DNSEval +loadplugin Mail::SpamAssassin::Plugin::HTMLEval +loadplugin Mail::SpamAssassin::Plugin::HeaderEval +loadplugin Mail::SpamAssassin::Plugin::MIMEEval +loadplugin Mail::SpamAssassin::Plugin::RelayEval +loadplugin Mail::SpamAssassin::Plugin::URIEval +loadplugin Mail::SpamAssassin::Plugin::WLBLEval + +# VBounce - anti-bounce-message rules, see rules/20_vbounce.cf +# +loadplugin Mail::SpamAssassin::Plugin::VBounce + +# Rule2XSBody - speedup by compilation of ruleset to native code +# +# loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody + +# ASN - Look up the Autonomous System Number of the connecting IP +# and create a header containing ASN data for bayes tokenization. +# See plugin's POD docs for usage info. +# +# loadplugin Mail::SpamAssassin::Plugin::ASN + +# ImageInfo - rules to match metadata of image attachments +# +loadplugin Mail::SpamAssassin::Plugin::ImageInfo + diff --git a/etc-baloghs/spamassassin/v330.pre b/etc-baloghs/spamassassin/v330.pre new file mode 100644 index 0000000..1e2335a --- /dev/null +++ b/etc-baloghs/spamassassin/v330.pre @@ -0,0 +1,28 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 3.3.0, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# PhishTag - allows sites to rewrite suspect phish-mail URLs +# (Note: this requires configuration, see http://umut.topkara.org/PhishTag) +# +#loadplugin Mail::SpamAssassin::Plugin::PhishTag + +# FreeMail - detect email addresses using free webmail services, +# usable as input for other rules +# +loadplugin Mail::SpamAssassin::Plugin::FreeMail + diff --git a/etc-baloghs/spamassassin/v340.pre b/etc-baloghs/spamassassin/v340.pre new file mode 100644 index 0000000..cf7beb1 --- /dev/null +++ b/etc-baloghs/spamassassin/v340.pre @@ -0,0 +1,21 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 3.4.0, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# AskDNS - forms a DNS query based on 'tags' as supplied by other plugins +# +loadplugin Mail::SpamAssassin::Plugin::AskDNS diff --git a/etc-baloghs/spamassassin/v341.pre b/etc-baloghs/spamassassin/v341.pre new file mode 100644 index 0000000..489dd4c --- /dev/null +++ b/etc-baloghs/spamassassin/v341.pre @@ -0,0 +1,28 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 3.4.1, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# TxRep - Reputation database that replaces AWL +# loadplugin Mail::SpamAssassin::Plugin::TxRep + +# URILocalBL - Provides ISP and Country code based filtering as well as +# quick IP based blocks without a full RBL implementation - Bug 7060 + +# loadplugin Mail::SpamAssassin::Plugin::URILocalBL + +# PDFInfo - Use several methods to detect a PDF file's ham/spam traits +# loadplugin Mail::SpamAssassin::Plugin::PDFInfo diff --git a/etc-baloghs/spamassassin/v342.pre b/etc-baloghs/spamassassin/v342.pre new file mode 100644 index 0000000..4ab7736 --- /dev/null +++ b/etc-baloghs/spamassassin/v342.pre @@ -0,0 +1,36 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 3.4.1, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# HashBL - Use EBL email blocklist +# loadplugin Mail::SpamAssassin::Plugin::HashBL + +# ResourceLimits - assure your spamd child processes +# do not exceed specified CPU or memory limit +# loadplugin Mail::SpamAssassin::Plugin::ResourceLimits + + +# FromNameSpoof - help stop spam that tries to spoof other domains using +# the from name +# loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof + +# Phishing - finds uris used in phishing campaigns detected by +# OpenPhish or PhishTank feeds. +# loadplugin Mail::SpamAssassin::Plugin::Phishing + +# allow URI rules to look at DKIM headers if they exist +parse_dkim_uris 1 diff --git a/etc-baloghs/spampd.conf b/etc-baloghs/spampd.conf new file mode 100644 index 0000000..69a6aa6 --- /dev/null +++ b/etc-baloghs/spampd.conf @@ -0,0 +1,19 @@ +# +# NOTE: This config isn't used by default! +# You need to enable its use in /etc/default/spampd +# + +# Use this to set options for SpamAssassin you only want to have set +# when actually running SpamAssassin from spampd. Below are a few examples +# you might want to use. Remove the hashmark (#) in front of them to enable +# them and edit them to meet your needs. Note that you might need to fix +# path permissions to match your system. + +#use_bayes 1 +#bayes_path /var/cache/spampd/bayes +#auto_whitelist_path /var/cache/spampd/awl + +# +# NOTE: This config isn't used by default! +# You need to enable its use in /etc/default/spampd +# diff --git a/etc-baloghs/z-push/autodiscover.conf.php b/etc-baloghs/z-push/autodiscover.conf.php new file mode 100644 index 0000000..232fd86 --- /dev/null +++ b/etc-baloghs/z-push/autodiscover.conf.php @@ -0,0 +1,88 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +/********************************************************************************** + * Default settings + */ + + // Replace zpush.example.com with your z-push's host name and uncomment the line below. + define('ZPUSH_HOST', 'baloghs.de'); + + // Defines the default time zone, change e.g. to "Europe/London" if necessary + define('TIMEZONE', ''); + + // Defines the base path on the server + define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/'); + + /* + * Whether to use the complete email address as a login name + * (e.g. user@company.com) or the username only (user). + * Possible values: + * false - use the username only (default). + * true - use the complete email address. + */ + define('USE_FULLEMAIL_FOR_LOGIN', false); + +/********************************************************************************** + * Logging settings + * Possible LOGLEVEL and LOGUSERLEVEL values are: + * LOGLEVEL_OFF - no logging + * LOGLEVEL_FATAL - log only critical errors + * LOGLEVEL_ERROR - logs events which might require corrective actions + * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future + * LOGLEVEL_INFO - usually completed actions + * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers + * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device + * LOGLEVEL_DEVICEID - also prints the device id for every log entry + * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack + * + * The verbosity increases from top to bottom. More verbose levels include less verbose + * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR, + * LOGLEVEL_WARN and LOGLEVEL_INFO level entries. + */ + + define('LOGBACKEND', 'filelog'); + + define('LOGFILEDIR', '/var/log/z-push/'); + define('LOGFILE', LOGFILEDIR . 'autodiscover.log'); + define('LOGERRORFILE', LOGFILEDIR . 'autodiscover-error.log'); + define('LOGLEVEL', LOGLEVEL_WBXML); + define('LOGUSERLEVEL', LOGLEVEL); + $specialLogUsers = array(); + + // Syslog settings + // false will log to local syslog, otherwise put the remote syslog IP here + define('LOG_SYSLOG_HOST', false); + // Syslog port + define('LOG_SYSLOG_PORT', 514); + // Program showed in the syslog. Useful if you have more than one instance login to the same syslog + define('LOG_SYSLOG_PROGRAM', 'z-push-autodiscover'); + // Syslog facility - use LOG_USER when running on Windows + define('LOG_SYSLOG_FACILITY', LOG_LOCAL0); +/********************************************************************************** + * Backend settings + */ + // the backend data provider + define('BACKEND_PROVIDER', ''); diff --git a/etc-baloghs/z-push/autodiscover.conf.php.dist b/etc-baloghs/z-push/autodiscover.conf.php.dist new file mode 100644 index 0000000..4075594 --- /dev/null +++ b/etc-baloghs/z-push/autodiscover.conf.php.dist @@ -0,0 +1,88 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +/********************************************************************************** + * Default settings + */ + + // Replace zpush.example.com with your z-push's host name and uncomment the line below. + // define('ZPUSH_HOST', 'zpush.example.com'); + + // Defines the default time zone, change e.g. to "Europe/London" if necessary + define('TIMEZONE', ''); + + // Defines the base path on the server + define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/'); + + /* + * Whether to use the complete email address as a login name + * (e.g. user@company.com) or the username only (user). + * Possible values: + * false - use the username only (default). + * true - use the complete email address. + */ + define('USE_FULLEMAIL_FOR_LOGIN', false); + +/********************************************************************************** + * Logging settings + * Possible LOGLEVEL and LOGUSERLEVEL values are: + * LOGLEVEL_OFF - no logging + * LOGLEVEL_FATAL - log only critical errors + * LOGLEVEL_ERROR - logs events which might require corrective actions + * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future + * LOGLEVEL_INFO - usually completed actions + * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers + * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device + * LOGLEVEL_DEVICEID - also prints the device id for every log entry + * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack + * + * The verbosity increases from top to bottom. More verbose levels include less verbose + * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR, + * LOGLEVEL_WARN and LOGLEVEL_INFO level entries. + */ + + define('LOGBACKEND', 'filelog'); + + define('LOGFILEDIR', '/var/log/z-push/'); + define('LOGFILE', LOGFILEDIR . 'autodiscover.log'); + define('LOGERRORFILE', LOGFILEDIR . 'autodiscover-error.log'); + define('LOGLEVEL', LOGLEVEL_INFO); + define('LOGUSERLEVEL', LOGLEVEL); + $specialLogUsers = array(); + + // Syslog settings + // false will log to local syslog, otherwise put the remote syslog IP here + define('LOG_SYSLOG_HOST', false); + // Syslog port + define('LOG_SYSLOG_PORT', 514); + // Program showed in the syslog. Useful if you have more than one instance login to the same syslog + define('LOG_SYSLOG_PROGRAM', 'z-push-autodiscover'); + // Syslog facility - use LOG_USER when running on Windows + define('LOG_SYSLOG_FACILITY', LOG_LOCAL0); +/********************************************************************************** + * Backend settings + */ + // the backend data provider + define('BACKEND_PROVIDER', ''); diff --git a/etc-baloghs/z-push/gabsync.conf.php b/etc-baloghs/z-push/gabsync.conf.php new file mode 100644 index 0000000..d9c34c1 --- /dev/null +++ b/etc-baloghs/z-push/gabsync.conf.php @@ -0,0 +1,86 @@ +. +* +* Consult LICENSE file for details +* ************************************************/ + +// The field to be hashed that is unique and never changes +// in the entire lifetime of the GAB entry. +define('HASHFIELD', 'account'); +define('AMOUNT_OF_CHUNKS', 10); + +// SyncWorker implementation to be used +define('SYNCWORKER', 'Kopano'); + +// Unique id to find a contact from the GAB (value to be supplied by -u on the command line) +// Zarafa supports: 'account' and 'smtpAddress' (email) +define('UNIQUEID', 'account'); + +// Server connection settings +// Depending on your setup, it might be advisable to change the lines below to one defined with your +// default socket location. +// Normally "default:" points to the default setting ("file:///var/run/kopano/server.sock") +// Examples: define("SERVER", "default:"); +// define("SERVER", "http://localhost:236/kopano"); +// define("SERVER", "https://localhost:237/kopano"); +// define("SERVER", "file:///var/run/kopano/server.sock"); +// If you are using ZCP >= 7.2.0, set it to the zarafa location, e.g. +// define("SERVER", "http://localhost:236/zarafa"); +// define("SERVER", "https://localhost:237/zarafa"); +// define("SERVER", "file:///var/run/zarafad/server.sock"); +// For ZCP versions prior to 7.2.0 the socket location is different (http(s) sockets are the same): +// define("SERVER", "file:///var/run/zarafa"); + +define('SERVER', 'default:'); + +define('USERNAME', 'SYSTEM'); +define('PASSWORD', ''); +define('CERTIFICATE', null); +define('CERTIFICATE_PASSWORD', null); + +// Store where the hidden folder is located. +// For the public folder, use SYSTEM +// to use another store, use the same as USERNAME +// or another store where USERNAME has full access to. +define('HIDDEN_FOLDERSTORE', 'SYSTEM'); + +/// Do not change (unless you know exactly what you do) +define('HIDDEN_FOLDERNAME', 'Z-Push-KOE-GAB'); + +// Types of the objects to sync to GAB. +define('GAB_SYNC_USER', 1); +define('GAB_SYNC_CONTACT', 2); +define('GAB_SYNC_GROUP', 4); +define('GAB_SYNC_ROOM', 8); +define('GAB_SYNC_EQUIPMENT', 16); + +define('GAB_SYNC_ALL', GAB_SYNC_USER | GAB_SYNC_CONTACT | GAB_SYNC_GROUP | GAB_SYNC_ROOM | GAB_SYNC_EQUIPMENT); + +// Set which items from GAB should be synced. +// Default value is GAB_SYNC_ALL which syncs all items. +// In order to sync only some specific types combine them with "|", e.g. +// to sync only users and groups use: +// define('GAB_SYNC_TYPES', GAB_SYNC_USER | GAB_SYNC_CONTACT); +// In order to exclude specific types combine "& ~TYPE", e.g. +// to sync all types except rooms and equipments use: +// define('GAB_SYNC_TYPES', GAB_SYNC_ALL & ~GAB_SYNC_ROOM & ~GAB_SYNC_EQUIPMENT); +define('GAB_SYNC_TYPES', GAB_SYNC_ALL); diff --git a/etc-baloghs/z-push/kopano.conf.php b/etc-baloghs/z-push/kopano.conf.php new file mode 100644 index 0000000..25cb1ff --- /dev/null +++ b/etc-baloghs/z-push/kopano.conf.php @@ -0,0 +1,83 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// ************************ +// BackendKopano settings +// ************************ + +// Defines the server to which we want to connect. +// +// Depending on your setup, it might be advisable to change the lines below to one defined with your +// default socket location. +// Normally "default:" points to the default setting ("file:///var/run/kopano/server.sock") +// Examples: define("MAPI_SERVER", "default:"); +// define("MAPI_SERVER", "http://localhost:236/kopano"); +// define("MAPI_SERVER", "https://localhost:237/kopano"); +// define("MAPI_SERVER", "file:///var/run/kopano/server.sock"); +// If you are using ZCP >= 7.2.0, set it to the zarafa location, e.g. +// define("MAPI_SERVER", "http://localhost:236/zarafa"); +// define("MAPI_SERVER", "https://localhost:237/zarafa"); +// define("MAPI_SERVER", "file:///var/run/zarafad/server.sock"); +// For ZCP versions prior to 7.2.0 the socket location is different (http(s) sockets are the same): +// define("MAPI_SERVER", "file:///var/run/zarafa"); + +define('MAPI_SERVER', 'default:'); + +// Read-Only shared folders +// When trying to write a change on a read-only folder this data is dropped and replaced on the device of the user. +// Enabling the option below, sends an email to the user notifying that this happened (default enabled). +// If this is disabled, the data will be dropped silently and will be lost. +// The template of the email sent can be customized here. The placeholders can also be used in the subject. +define('READ_ONLY_NOTIFY_LOST_DATA', true); +// String to mark the data changed by the user (that he is trying to save) +define('READ_ONLY_NOTIFY_YOURDATA', 'Your data'); +// Email template to be sent to the user +define('READ_ONLY_NOTIFY_SUBJECT', "Z-Push: Writing operation not permitted - data reset"); +define('READ_ONLY_NOTIFY_BODY', <<0 - Store the minimum number of previously used passwords. +devpwhistory = 0 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Policies for ActiveSync version 12.1 and higher +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; The device allows to use a storage card. +; 0 - SD card not allowed. +; 1 - SD card allowed. +allowstoragecard = 1 + +; The device allows to use the built-in camera. +; 0 - Usage of the built-in camera not allowed. +; 1 - Usage of built-in the camera allowed. +allowcam = 1 + +; Specifies if the client uses encryption. +; 0 - Encryption not required. +; 1 - Encryption required. +reqdevenc = 0 + +; Specifies if the device allows unsigned applications to execute. +; 0 - Unsigned applications not allowed to execute. +; 1 - Unsigned applications allowed to execute. +allowunsignedapps = 1 + +; The required complexity level of the device password. +; Valid values for mindevcomplexchars are between 1 and 4. The value specifies +; the number of character groups to be contained in the password. +; The character groups are: +; - Lower case alphabetical characters +; - Upper case alphabetical characters +; - Numbers +; - Non-alphanumeric characters +; For example, if the value of mindevcomplexchars is 2, a password may contain +; lower case and upper case characters. A password with numbers and non-alphanumeric +; characters would be also valid. +mindevcomplexchars = 3 + +; The device allows the use of Wi-Fi connections. +; 0 - The use of Wi-Fi connections not allowed. +; 1 - The use of Wi-Fi connections allowed. +allowwifi = 1 + +; The device allows the use of SMS or text messaging. +; 0 - SMS or text messaging not allowed. +; 1 - SMS or text messaging allowed. +allowtextmessaging = 1 + +; The device allows access to POP or IMAP email. +; 0 - POP or IMAP email access not allowed. +; 1 - POP or IMAP email access allowed. +allowpopimapemail = 1 + +; The use of Bluetooth on the device. +; 0 - Disable Bluetooth. +; 1 - Disable Bluetooth, but allow the configuration of hands-free profiles. +; 2 - Allow Bluetooth. +allowbluetooth = 2 + +; The device allows the use of IrDA (infrared) connections. +; 0 - Disable IrDA. +; 1 - Allow IrDA. +allowirda = 1 + +; The device requires manual synchronization when the device is roaming. +; 0 - Do not require manual sync; allow direct push when roaming. +; 1 - Require manual sync when roaming. +reqmansyncroam = 0 + +; The maximum number of calendar days that can be synchronized. +; 0 - All days +; 4 - 2 weeks +; 5 - 1 month +; 6 - 3 months +; 7 - 6 months +maxcalagefilter = 0 + +; Specifies if the client uses HTML-formatted email. +; 0 - HTML-formatted email not allowed. +; 1 - HTML-formatted email allowed. +allowhtmlemail = 1 + +; The email age limit for synchronization. +; 0 - Sync all +; 1 - 1 day +; 2 - 3 days +; 3 - 1 week +; 4 - 2 weeks +; 5 - 1 month +maxemailagefilter = 0 + +; The maximum truncation size for plain text–formatted email. +; -1 - No truncation. +; 0 - Truncate only the header. +; >0 - Truncate the email body to the specified size. +maxemailbodytruncsize = -1 + +; The maximum truncation size for HTML-formatted email. +; -1 - No truncation. +; 0 - Truncate only the header. +; >0 - Truncate the email body to the specified size. +maxemailhtmlbodytruncsize = -1 + +; Specifies if the client sends signed S/MIME messages. +; 0 - Signed S/MIME messages not required. +; 1 - Signed S/MIME messages required. +reqsignedsmimemessages = 0 + +; Specifies if the client sends encrypted email messages. +; 0 - Encrypted email messages not required. +; 1 - Email messages required to be encrypted. +reqencsmimemessages = 0 + +; The algorithm used to sign S/MIME messages. +; 0 - Use SHA1. +; 1 - Use MD5. +reqsignedsmimealgorithm = 0 + +; The algorithm used to encrypt S/MIME messages. +; 0 - TripleDES algorithm +; 1 - DES algorithm +; 2 - RC2128bit +; 3 - RC264bit +; 4 - RC240bit +reqencsmimealgorithm = 0 + +; Controls negotiation of the encryption algorithm. +; 0 - Do not negotiate. +; 1 - Negotiate a strong algorithm. +; 2 - Negotiate any algorithm. +allowsmimeencalgneg = 2 + +; Specifies if the client can use soft certificates to sign outgoing messages. +; 0 - Soft certificates are not allowed. +; 1 - Soft certificates are allowed. +allowsmimesoftcerts = 1 + +; Specifies if the device allows the use of a web browser. +; 0 - Do not allow the use of a web browser. +; 1 - Allow the use of a web browser. +allowbrowser = 1 + +; Specifies if the device allows the user to configure a personal email account. +; 0 - Do not allow the user to configure a personal email account. +; 1 - Allow the user to configure a personal email account. +allowconsumeremail = 1 + +; Specifies if the device allows the use of Internet Sharing. +; 0 - Do not allow the use of Internet Sharing. +; 1 - Allow the use of Internet Sharing. +allowinternetsharing = 1 \ No newline at end of file diff --git a/etc-baloghs/z-push/z-push.conf.php b/etc-baloghs/z-push/z-push.conf.php new file mode 100644 index 0000000..49e1540 --- /dev/null +++ b/etc-baloghs/z-push/z-push.conf.php @@ -0,0 +1,373 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +/********************************************************************************** + * Default settings + */ + // Defines the default time zone, change e.g. to "Europe/London" if necessary + define('TIMEZONE', ''); + + // Defines the base path on the server + define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/'); + + // Try to set unlimited timeout + define('SCRIPT_TIMEOUT', 0); + + // When accessing through a proxy, the "X-Forwarded-For" header contains the original remote IP + define('USE_CUSTOM_REMOTE_IP_HEADER', false); + + // When using client certificates, we can check if the login sent matches the owner of the certificate. + // This setting specifies the owner parameter in the certificate to look at. + define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN"); + + /* + * Whether to use the complete email address as a login name + * (e.g. user@company.com) or the username only (user). + * This is required for Z-Push to work properly after autodiscover. + * Possible values: + * false - use the username only. + * true - string the mobile sends as username, e.g. full email address (default). + */ + define('USE_FULLEMAIL_FOR_LOGIN', false); + +/********************************************************************************** + * StateMachine setting + * + * These StateMachines can be used: + * FILE - FileStateMachine (default). Needs STATE_DIR set as well. + * SQL - SqlStateMachine has own configuration file. STATE_DIR is ignored. + * State migration script is available, more informations: https://wiki.z-hub.io/x/xIAa + */ + define('STATE_MACHINE', 'FILE'); + define('STATE_DIR', '/var/lib/z-push/'); + +/********************************************************************************** + * IPC - InterProcessCommunication + * + * Is either provided by using shared memory on a single host or + * using the memcache provider for multi-host environments. + * When another implementation should be used, the class can be set here explicitly. + * If empty Z-Push will try to use available providers. + */ + define('IPC_PROVIDER', ''); + +/********************************************************************************** + * Logging settings + * + * The LOGBACKEND specifies where the logs are sent to. + * Either to file ("filelog") or to a "syslog" server or a custom log class in core/log/logclass. + * filelog and syslog have several options that can be set below. + * For more information about the syslog configuration, see https://wiki.z-hub.io/x/HIAT + + * Possible LOGLEVEL and LOGUSERLEVEL values are: + * LOGLEVEL_OFF - no logging + * LOGLEVEL_FATAL - log only critical errors + * LOGLEVEL_ERROR - logs events which might require corrective actions + * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future + * LOGLEVEL_INFO - usually completed actions + * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers + * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device + * LOGLEVEL_DEVICEID - also prints the device id for every log entry + * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack + * + * The verbosity increases from top to bottom. More verbose levels include less verbose + * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR, + * LOGLEVEL_WARN and LOGLEVEL_INFO level entries. + * + * LOGAUTHFAIL is logged to the LOGBACKEND. + */ + define('LOGBACKEND', 'filelog'); + define('LOGLEVEL', LOGLEVEL_INFO); + define('LOGAUTHFAIL', false); + + // To save e.g. WBXML data only for selected users, add the usernames to the array + // The data will be saved into a dedicated file per user in the LOGFILEDIR + // Users have to be encapusulated in quotes, several users are comma separated, like: + // $specialLogUsers = array('info@domain.com', 'myusername'); + define('LOGUSERLEVEL', LOGLEVEL_DEVICEID); + $specialLogUsers = array('andreas',); + + // Filelog settings + define('LOGFILEDIR', '/var/log/z-push/'); + define('LOGFILE', LOGFILEDIR . 'z-push.log'); + define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log'); + + // Syslog settings + // false will log to local syslog, otherwise put the remote syslog IP here + define('LOG_SYSLOG_HOST', false); + // Syslog port + define('LOG_SYSLOG_PORT', 514); + // Program showed in the syslog. Useful if you have more than one instance login to the same syslog + define('LOG_SYSLOG_PROGRAM', 'z-push'); + // Syslog facility - use LOG_USER when running on Windows + define('LOG_SYSLOG_FACILITY', LOG_LOCAL0); + + // Location of the trusted CA, e.g. '/etc/ssl/certs/EmailCA.pem' + // Uncomment and modify the following line if the validation of the certificates fails. + // define('CAINFO', '/etc/ssl/certs/EmailCA.pem'); + +/********************************************************************************** + * Mobile settings + */ + // Device Provisioning + define('PROVISIONING', true); + + // This option allows the 'loose enforcement' of the provisioning policies for older + // devices which don't support provisioning (like WM 5 and HTC Android Mail) - dw2412 contribution + // false (default) - Enforce provisioning for all devices + // true - allow older devices, but enforce policies on devices which support it + define('LOOSE_PROVISIONING', false); + + // The file containing the policies' settings. + // Set a full path or relative to the z-push main directory + define('PROVISIONING_POLICYFILE', 'policies.ini'); + + // Default conflict preference + // Some devices allow to set if the server or PIM (mobile) + // should win in case of a synchronization conflict + // SYNC_CONFLICT_OVERWRITE_SERVER - Server is overwritten, PIM wins + // SYNC_CONFLICT_OVERWRITE_PIM - PIM is overwritten, Server wins (default) + define('SYNC_CONFLICT_DEFAULT', SYNC_CONFLICT_OVERWRITE_PIM); + + // Global limitation of items to be synchronized + // The mobile can define a sync back period for calendar and email items + // For large stores with many items the time period could be limited to a max value + // If the mobile transmits a wider time period, the defined max value is used + // Applicable values: + // SYNC_FILTERTYPE_ALL (default, no limitation) + // SYNC_FILTERTYPE_1DAY, SYNC_FILTERTYPE_3DAYS, SYNC_FILTERTYPE_1WEEK, SYNC_FILTERTYPE_2WEEKS, + // SYNC_FILTERTYPE_1MONTH, SYNC_FILTERTYPE_3MONTHS, SYNC_FILTERTYPE_6MONTHS + define('SYNC_FILTERTIME_MAX', SYNC_FILTERTYPE_ALL); + + // Interval in seconds before checking if there are changes on the server when in Ping. + // It means the highest time span before a change is pushed to a mobile. Set it to + // a higher value if you have a high load on the server. + define('PING_INTERVAL', 30); + + // Set the fileas (save as) order for contacts in the webaccess/webapp/outlook. + // It will only affect new/modified contacts on the mobile which then are synced to the server. + // Possible values are: + // SYNC_FILEAS_FIRSTLAST - fileas will be "Firstname Middlename Lastname" + // SYNC_FILEAS_LASTFIRST - fileas will be "Lastname, Firstname Middlename" + // SYNC_FILEAS_COMPANYONLY - fileas will be "Company" + // SYNC_FILEAS_COMPANYLAST - fileas will be "Company (Lastname, Firstname Middlename)" + // SYNC_FILEAS_COMPANYFIRST - fileas will be "Company (Firstname Middlename Lastname)" + // SYNC_FILEAS_LASTCOMPANY - fileas will be "Lastname, Firstname Middlename (Company)" + // SYNC_FILEAS_FIRSTCOMPANY - fileas will be "Firstname Middlename Lastname (Company)" + // The company-fileas will only be set if a contact has a company set. If one of + // company-fileas is selected and a contact doesn't have a company set, it will default + // to SYNC_FILEAS_FIRSTLAST or SYNC_FILEAS_LASTFIRST (depending on if last or first + // option is selected for company). + // If SYNC_FILEAS_COMPANYONLY is selected and company of the contact is not set + // SYNC_FILEAS_LASTFIRST will be used + define('FILEAS_ORDER', SYNC_FILEAS_LASTCOMPANY); + + // Maximum amount of items to be synchronized per request. + // Normally this value is requested by the mobile. Common values are 5, 25, 50 or 100. + // Exporting too much items can cause mobile timeout on busy systems. + // Z-Push will use the lowest provided value, either set here or by the mobile. + // MS Outlook 2013+ request up to 512 items to accelerate the sync process. + // If you detect high load (also on subsystems) you could try a lower setting. + // max: 512 - value used if mobile does not limit amount of items + define('SYNC_MAX_ITEMS', 512); + + // The devices usually send a list of supported properties for calendar and contact + // items. If a device does not includes such a supported property in Sync request, + // it means the property's value will be deleted on the server. + // However some devices do not send a list of supported properties. It is then impossible + // to tell if a property was deleted or it was not set at all if it does not appear in Sync. + // This parameter defines Z-Push behaviour during Sync if a device does not issue a list with + // supported properties. + // See also https://jira.z-hub.io/browse/ZP-302. + // Possible values: + // false - do not unset properties which are not sent during Sync (default) + // true - unset properties which are not sent during Sync + define('UNSET_UNDEFINED_PROPERTIES', false); + + // ActiveSync specifies that a contact photo may not exceed 48 KB. This value is checked + // in the semantic sanity checks and contacts with larger photos are not synchronized. + // This limitation is not being followed by the ActiveSync clients which set much bigger + // contact photos. You can override the default value of the max photo size. + // default: 5242880 - 5 MB default max photo size in bytes + define('SYNC_CONTACTS_MAXPICTURESIZE', 5242880); + + // Over the WebserviceUsers command it is possible to retrieve a list of all + // known devices and users on this Z-Push system. The authenticated user needs to have + // admin rights and a public folder must exist. + // In multicompany environments this enable an admin user of any company to retrieve + // this full list, so this feature is disabled by default. Enable with care. + define('ALLOW_WEBSERVICE_USERS_ACCESS', false); + + // Users with many folders can use the 'partial foldersync' feature, where the server + // actively stops processing the folder list if it takes too long. Other requests are + // then redirected to the FolderSync to synchronize the remaining items. + // Device compatibility for this procedure is not fully understood. + // NOTE: THIS IS AN EXPERIMENTAL FEATURE WHICH COULD PREVENT YOUR MOBILES FROM SYNCHRONIZING. + define('USE_PARTIAL_FOLDERSYNC', false); + + // The minimum accepted time in second that a ping command should last. + // It is strongly advised to keep this config to false. Some device + // might not be able to send a higher value than the one specificied here and thus + // unable to start a push connection. + // If set to false, there will be no lower bound to the ping lifetime. + // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). + define('PING_LOWER_BOUND_LIFETIME', false); + + // The maximum accepted time in second that a ping command should last. + // If set to false, there will be no higher bound to the ping lifetime. + // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). + define('PING_HIGHER_BOUND_LIFETIME', false); + + // Maximum response time + // Mobiles implement different timeouts to their TCP/IP connections. Android devices for example + // have a hard timeout of 30 seconds. If the server is not able to answer a request within this timeframe, + // the answer will not be recieved and the device will send a new one overloading the server. + // There are three categories + // - Short timeout - server has up within 30 seconds - is automatically applied for not categorized types + // - Medium timeout - server has up to 90 seconds to respond + // - Long timeout - server has up to 4 minutes to respond + // If a timeout is almost reached the server will break and sent the results it has until this + // point. You can add DeviceType strings to the categories. + // In general longer timeouts are better, because more data can be streamed at once. + define('SYNC_TIMEOUT_MEDIUM_DEVICETYPES', "SAMSUNGGTI"); + define('SYNC_TIMEOUT_LONG_DEVICETYPES', "iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail"); + + // Time in seconds the device should wait whenever the service is unavailable, + // e.g. when a backend service is unavailable. + // Z-Push sends a "Retry-After" header in the response with the here defined value. + // It is up to the device to respect or not this directive so even if this option is set, + // the device might not wait requested time frame. + // Number of seconds before retry, to disable set to: false + define('RETRY_AFTER_DELAY', 300); + +/********************************************************************************** + * Backend settings + */ + // the backend data provider + define('BACKEND_PROVIDER', ''); + +/********************************************************************************** + * Search provider settings + * + * Alternative backend to perform SEARCH requests (GAL search) + * By default the main Backend defines the preferred search functionality. + * If set, the Search Provider will always be preferred. + * Use 'BackendSearchLDAP' to search in a LDAP directory (see backend/searchldap/config.php) + */ + define('SEARCH_PROVIDER', ''); + // Time in seconds for the server search. Setting it too high might result in timeout. + // Setting it too low might not return all results. Default is 10. + define('SEARCH_WAIT', 10); + // The maximum number of results to send to the client. Setting it too high + // might result in timeout. Default is 10. + define('SEARCH_MAXRESULTS', 10); + +/********************************************************************************** + * Kopano Outlook Extension - Settings + * + * The Kopano Outlook Extension (KOE) provides MS Outlook 2013 and newer with + * functionality not provided by ActiveSync or not implemented by Outlook. + * For more information, see: https://wiki.z-hub.io/x/z4Aa + */ + // Global Address Book functionality + define('KOE_CAPABILITY_GAB', true); + // Synchronize mail flags from the server to Outlook/KOE + define('KOE_CAPABILITY_RECEIVEFLAGS', true); + // Encode flags when sending from Outlook/KOE + define('KOE_CAPABILITY_SENDFLAGS', true); + // Out-of-office support + define('KOE_CAPABILITY_OOF', true); + // Out-of-office support with start & end times (superseeds KOE_CAPABILITY_OOF) + define('KOE_CAPABILITY_OOFTIMES', true); + // Notes support + define('KOE_CAPABILITY_NOTES', true); + // Shared folder support + define('KOE_CAPABILITY_SHAREDFOLDER', true); + // Send-As support for Outlook/KOE and mobiles + define('KOE_CAPABILITY_SENDAS', true); + // Secondary Contact folders (own and shared) + define('KOE_CAPABILITY_SECONDARYCONTACTS', true); + // Copy WebApp signature into KOE + define('KOE_CAPABILITY_SIGNATURES', true); + + // To synchronize the GAB KOE, the GAB store and folderid need to be specified. + // Use the gab-sync script to generate this data. The name needs to + // match the config of the gab-sync script. + // More information here: https://wiki.z-hub.io/x/z4Aa (GAB Sync Script) + define('KOE_GAB_STORE', 'SYSTEM'); + define('KOE_GAB_FOLDERID', ''); + define('KOE_GAB_NAME', 'Z-Push-KOE-GAB'); + +/********************************************************************************** + * Synchronize additional folders to all mobiles + * + * With this feature, special folders can be synchronized to all mobiles. + * This is useful for e.g. global company contacts. + * + * This feature is supported only by certain devices, like iPhones. + * Check the compatibility list for supported devices: + * http://z-push.org/compatibility + * + * To synchronize a folder, add a section setting all parameters as below: + * store: the ressource where the folder is located. + * Kopano users use 'SYSTEM' for the 'Public Folder' + * folderid: folder id of the folder to be synchronized + * name: name to be displayed on the mobile device + * type: supported types are: + * SYNC_FOLDER_TYPE_USER_CONTACT + * SYNC_FOLDER_TYPE_USER_APPOINTMENT + * SYNC_FOLDER_TYPE_USER_TASK + * SYNC_FOLDER_TYPE_USER_MAIL + * SYNC_FOLDER_TYPE_USER_NOTE + * + * Additional notes: + * - on Kopano systems use backend/kopano/listfolders.php script to get a list + * of available folders + * + * - all Z-Push users must have at least reading permissions so the configured + * folders can be synchronized to the mobile. Else they are ignored. + * + * - this feature is only partly suitable for multi-tenancy environments, + * as ALL users from ALL tenents need access to the configured store & folder. + * When configuring a public folder, this will cause problems, as each user has + * a different public folder in his tenant, so the folder are not available. + + * - changing this configuration could cause HIGH LOAD on the system, as all + * connected devices will be updated and load the data contained in the + * added/modified folders. + */ + + $additionalFolders = array( + // demo entry for the synchronization of contacts from the public folder. + // uncomment (remove '/*' '*/') and fill in the folderid +/* + array( + 'store' => "SYSTEM", + 'folderid' => "", + 'name' => "Public Contacts", + 'type' => SYNC_FOLDER_TYPE_USER_CONTACT, + ), +*/ + ); diff --git a/etc-baloghs/z-push/z-push.conf.php.dist b/etc-baloghs/z-push/z-push.conf.php.dist new file mode 100644 index 0000000..08bd52b --- /dev/null +++ b/etc-baloghs/z-push/z-push.conf.php.dist @@ -0,0 +1,375 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +/********************************************************************************** + * Default settings + */ + // Defines the default time zone, change e.g. to "Europe/London" if necessary + define('TIMEZONE', ''); + + // Defines the base path on the server + define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/'); + + // Try to set unlimited timeout + define('SCRIPT_TIMEOUT', 0); + + // When accessing through a proxy, the "X-Forwarded-For" header contains the original remote IP + define('USE_X_FORWARDED_FOR_HEADER', false); + + // When using client certificates, we can check if the login sent matches the owner of the certificate. + // This setting specifies the owner parameter in the certificate to look at. + define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN"); + + /* + * Whether to use the complete email address as a login name + * (e.g. user@company.com) or the username only (user). + * This is required for Z-Push to work properly after autodiscover. + * Possible values: + * false - use the username only. + * true - string the mobile sends as username, e.g. full email address (default). + */ + define('USE_FULLEMAIL_FOR_LOGIN', true); + +/********************************************************************************** + * StateMachine setting + * + * These StateMachines can be used: + * FILE - FileStateMachine (default). Needs STATE_DIR set as well. + * SQL - SqlStateMachine has own configuration file. STATE_DIR is ignored. + * State migration script is available, more informations: https://wiki.z-hub.io/x/xIAa + */ + define('STATE_MACHINE', 'FILE'); + define('STATE_DIR', '/var/lib/z-push/'); + +/********************************************************************************** + * IPC - InterProcessCommunication + * + * Is either provided by using shared memory on a single host or + * using the memcache provider for multi-host environments. + * When another implementation should be used, the class can be set here explicitly. + * If empty Z-Push will try to use available providers. + */ + define('IPC_PROVIDER', ''); + +/********************************************************************************** + * Logging settings + * + * The LOGBACKEND specifies where the logs are sent to. + * Either to file ("filelog") or to a "syslog" server or a custom log class in core/log/logclass. + * filelog and syslog have several options that can be set below. + * For more information about the syslog configuration, see https://wiki.z-hub.io/x/HIAT + + * Possible LOGLEVEL and LOGUSERLEVEL values are: + * LOGLEVEL_OFF - no logging + * LOGLEVEL_FATAL - log only critical errors + * LOGLEVEL_ERROR - logs events which might require corrective actions + * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future + * LOGLEVEL_INFO - usually completed actions + * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers + * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device + * LOGLEVEL_DEVICEID - also prints the device id for every log entry + * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack + * + * The verbosity increases from top to bottom. More verbose levels include less verbose + * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR, + * LOGLEVEL_WARN and LOGLEVEL_INFO level entries. + * + * LOGAUTHFAIL is logged to the LOGBACKEND. + */ + define('LOGBACKEND', 'filelog'); + define('LOGLEVEL', LOGLEVEL_INFO); + define('LOGAUTHFAIL', false); + + // To save e.g. WBXML data only for selected users, add the usernames to the array + // The data will be saved into a dedicated file per user in the LOGFILEDIR + // Users have to be encapusulated in quotes, several users are comma separated, like: + // $specialLogUsers = array('info@domain.com', 'myusername'); + define('LOGUSERLEVEL', LOGLEVEL_DEVICEID); + $specialLogUsers = array(); + + // Filelog settings + define('LOGFILEDIR', '/var/log/z-push/'); + define('LOGFILE', LOGFILEDIR . 'z-push.log'); + define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log'); + + // Syslog settings + // false will log to local syslog, otherwise put the remote syslog IP here + define('LOG_SYSLOG_HOST', false); + // Syslog port + define('LOG_SYSLOG_PORT', 514); + // Program showed in the syslog. Useful if you have more than one instance login to the same syslog + define('LOG_SYSLOG_PROGRAM', 'z-push'); + // Syslog facility - use LOG_USER when running on Windows + define('LOG_SYSLOG_FACILITY', LOG_LOCAL0); + + // Location of the trusted CA, e.g. '/etc/ssl/certs/EmailCA.pem' + // Uncomment and modify the following line if the validation of the certificates fails. + // define('CAINFO', '/etc/ssl/certs/EmailCA.pem'); + +/********************************************************************************** + * Mobile settings + */ + // Device Provisioning + define('PROVISIONING', true); + + // This option allows the 'loose enforcement' of the provisioning policies for older + // devices which don't support provisioning (like WM 5 and HTC Android Mail) - dw2412 contribution + // false (default) - Enforce provisioning for all devices + // true - allow older devices, but enforce policies on devices which support it + define('LOOSE_PROVISIONING', false); + + // The file containing the policies' settings. + // Set a full path or relative to the z-push main directory + define('PROVISIONING_POLICYFILE', 'policies.ini'); + + // Default conflict preference + // Some devices allow to set if the server or PIM (mobile) + // should win in case of a synchronization conflict + // SYNC_CONFLICT_OVERWRITE_SERVER - Server is overwritten, PIM wins + // SYNC_CONFLICT_OVERWRITE_PIM - PIM is overwritten, Server wins (default) + define('SYNC_CONFLICT_DEFAULT', SYNC_CONFLICT_OVERWRITE_PIM); + + // Global limitation of items to be synchronized + // The mobile can define a sync back period for calendar and email items + // For large stores with many items the time period could be limited to a max value + // If the mobile transmits a wider time period, the defined max value is used + // Applicable values: + // SYNC_FILTERTYPE_ALL (default, no limitation) + // SYNC_FILTERTYPE_1DAY, SYNC_FILTERTYPE_3DAYS, SYNC_FILTERTYPE_1WEEK, SYNC_FILTERTYPE_2WEEKS, + // SYNC_FILTERTYPE_1MONTH, SYNC_FILTERTYPE_3MONTHS, SYNC_FILTERTYPE_6MONTHS + define('SYNC_FILTERTIME_MAX', SYNC_FILTERTYPE_ALL); + + // Interval in seconds before checking if there are changes on the server when in Ping. + // It means the highest time span before a change is pushed to a mobile. Set it to + // a higher value if you have a high load on the server. + define('PING_INTERVAL', 30); + + // Set the fileas (save as) order for contacts in the webaccess/webapp/outlook. + // It will only affect new/modified contacts on the mobile which then are synced to the server. + // Possible values are: + // SYNC_FILEAS_FIRSTLAST - fileas will be "Firstname Middlename Lastname" + // SYNC_FILEAS_LASTFIRST - fileas will be "Lastname, Firstname Middlename" + // SYNC_FILEAS_COMPANYONLY - fileas will be "Company" + // SYNC_FILEAS_COMPANYLAST - fileas will be "Company (Lastname, Firstname Middlename)" + // SYNC_FILEAS_COMPANYFIRST - fileas will be "Company (Firstname Middlename Lastname)" + // SYNC_FILEAS_LASTCOMPANY - fileas will be "Lastname, Firstname Middlename (Company)" + // SYNC_FILEAS_FIRSTCOMPANY - fileas will be "Firstname Middlename Lastname (Company)" + // The company-fileas will only be set if a contact has a company set. If one of + // company-fileas is selected and a contact doesn't have a company set, it will default + // to SYNC_FILEAS_FIRSTLAST or SYNC_FILEAS_LASTFIRST (depending on if last or first + // option is selected for company). + // If SYNC_FILEAS_COMPANYONLY is selected and company of the contact is not set + // SYNC_FILEAS_LASTFIRST will be used + define('FILEAS_ORDER', SYNC_FILEAS_LASTFIRST); + + // Maximum amount of items to be synchronized per request. + // Normally this value is requested by the mobile. Common values are 5, 25, 50 or 100. + // Exporting too much items can cause mobile timeout on busy systems. + // Z-Push will use the lowest provided value, either set here or by the mobile. + // MS Outlook 2013+ request up to 512 items to accelerate the sync process. + // If you detect high load (also on subsystems) you could try a lower setting. + // max: 512 - value used if mobile does not limit amount of items + define('SYNC_MAX_ITEMS', 512); + + // The devices usually send a list of supported properties for calendar and contact + // items. If a device does not includes such a supported property in Sync request, + // it means the property's value will be deleted on the server. + // However some devices do not send a list of supported properties. It is then impossible + // to tell if a property was deleted or it was not set at all if it does not appear in Sync. + // This parameter defines Z-Push behaviour during Sync if a device does not issue a list with + // supported properties. + // See also https://jira.z-hub.io/browse/ZP-302. + // Possible values: + // false - do not unset properties which are not sent during Sync (default) + // true - unset properties which are not sent during Sync + define('UNSET_UNDEFINED_PROPERTIES', false); + + // ActiveSync specifies that a contact photo may not exceed 48 KB. This value is checked + // in the semantic sanity checks and contacts with larger photos are not synchronized. + // This limitation is not being followed by the ActiveSync clients which set much bigger + // contact photos. You can override the default value of the max photo size. + // default: 5242880 - 5 MB default max photo size in bytes + define('SYNC_CONTACTS_MAXPICTURESIZE', 5242880); + + // Over the WebserviceUsers command it is possible to retrieve a list of all + // known devices and users on this Z-Push system. The authenticated user needs to have + // admin rights and a public folder must exist. + // In multicompany environments this enable an admin user of any company to retrieve + // this full list, so this feature is disabled by default. Enable with care. + define('ALLOW_WEBSERVICE_USERS_ACCESS', false); + + // Users with many folders can use the 'partial foldersync' feature, where the server + // actively stops processing the folder list if it takes too long. Other requests are + // then redirected to the FolderSync to synchronize the remaining items. + // Device compatibility for this procedure is not fully understood. + // NOTE: THIS IS AN EXPERIMENTAL FEATURE WHICH COULD PREVENT YOUR MOBILES FROM SYNCHRONIZING. + define('USE_PARTIAL_FOLDERSYNC', false); + + // The minimum accepted time in second that a ping command should last. + // It is strongly advised to keep this config to false. Some device + // might not be able to send a higher value than the one specificied here and thus + // unable to start a push connection. + // If set to false, there will be no lower bound to the ping lifetime. + // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). + define('PING_LOWER_BOUND_LIFETIME', false); + + // The maximum accepted time in second that a ping command should last. + // If set to false, there will be no higher bound to the ping lifetime. + // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). + define('PING_HIGHER_BOUND_LIFETIME', false); + + // Maximum response time + // Mobiles implement different timeouts to their TCP/IP connections. Android devices for example + // have a hard timeout of 30 seconds. If the server is not able to answer a request within this timeframe, + // the answer will not be recieved and the device will send a new one overloading the server. + // There are three categories + // - Short timeout - server has up within 30 seconds - is automatically applied for not categorized types + // - Medium timeout - server has up to 90 seconds to respond + // - Long timeout - server has up to 4 minutes to respond + // If a timeout is almost reached the server will break and sent the results it has until this + // point. You can add DeviceType strings to the categories. + // In general longer timeouts are better, because more data can be streamed at once. + define('SYNC_TIMEOUT_MEDIUM_DEVICETYPES', "SAMSUNGGTI"); + define('SYNC_TIMEOUT_LONG_DEVICETYPES', "iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail"); + + // Time in seconds the device should wait whenever the service is unavailable, + // e.g. when a backend service is unavailable. + // Z-Push sends a "Retry-After" header in the response with the here defined value. + // It is up to the device to respect or not this directive so even if this option is set, + // the device might not wait requested time frame. + // Number of seconds before retry, to disable set to: false + define('RETRY_AFTER_DELAY', 300); + +/********************************************************************************** + * Backend settings + */ + // the backend data provider + define('BACKEND_PROVIDER', ''); + +/********************************************************************************** + * Search provider settings + * + * Alternative backend to perform SEARCH requests (GAL search) + * By default the main Backend defines the preferred search functionality. + * If set, the Search Provider will always be preferred. + * Use 'BackendSearchLDAP' to search in a LDAP directory (see backend/searchldap/config.php) + */ + define('SEARCH_PROVIDER', ''); + // Time in seconds for the server search. Setting it too high might result in timeout. + // Setting it too low might not return all results. Default is 10. + define('SEARCH_WAIT', 10); + // The maximum number of results to send to the client. Setting it too high + // might result in timeout. Default is 10. + define('SEARCH_MAXRESULTS', 10); + +/********************************************************************************** + * Kopano Outlook Extension - Settings + * + * The Kopano Outlook Extension (KOE) provides MS Outlook 2013 and newer with + * functionality not provided by ActiveSync or not implemented by Outlook. + * For more information, see: https://wiki.z-hub.io/x/z4Aa + */ + // Global Address Book functionality + define('KOE_CAPABILITY_GAB', true); + // Synchronize mail flags from the server to Outlook/KOE + define('KOE_CAPABILITY_RECEIVEFLAGS', true); + // Encode flags when sending from Outlook/KOE + define('KOE_CAPABILITY_SENDFLAGS', true); + // Out-of-office support + define('KOE_CAPABILITY_OOF', true); + // Out-of-office support with start & end times (superseeds KOE_CAPABILITY_OOF) + define('KOE_CAPABILITY_OOFTIMES', true); + // Notes support + define('KOE_CAPABILITY_NOTES', true); + // Shared folder support + define('KOE_CAPABILITY_SHAREDFOLDER', true); + // Send-As support for Outlook/KOE and mobiles + define('KOE_CAPABILITY_SENDAS', true); + // Secondary Contact folders (own and shared) + define('KOE_CAPABILITY_SECONDARYCONTACTS', true); + // Copy WebApp signature into KOE + define('KOE_CAPABILITY_SIGNATURES', true); + // Delivery receipt requests + define('KOE_CAPABILITY_RECEIPTS', true); + + // To synchronize the GAB KOE, the GAB store and folderid need to be specified. + // Use the gab-sync script to generate this data. The name needs to + // match the config of the gab-sync script. + // More information here: https://wiki.z-hub.io/x/z4Aa (GAB Sync Script) + define('KOE_GAB_STORE', 'SYSTEM'); + define('KOE_GAB_FOLDERID', ''); + define('KOE_GAB_NAME', 'Z-Push-KOE-GAB'); + +/********************************************************************************** + * Synchronize additional folders to all mobiles + * + * With this feature, special folders can be synchronized to all mobiles. + * This is useful for e.g. global company contacts. + * + * This feature is supported only by certain devices, like iPhones. + * Check the compatibility list for supported devices: + * http://z-push.org/compatibility + * + * To synchronize a folder, add a section setting all parameters as below: + * store: the ressource where the folder is located. + * Kopano users use 'SYSTEM' for the 'Public Folder' + * folderid: folder id of the folder to be synchronized + * name: name to be displayed on the mobile device + * type: supported types are: + * SYNC_FOLDER_TYPE_USER_CONTACT + * SYNC_FOLDER_TYPE_USER_APPOINTMENT + * SYNC_FOLDER_TYPE_USER_TASK + * SYNC_FOLDER_TYPE_USER_MAIL + * SYNC_FOLDER_TYPE_USER_NOTE + * + * Additional notes: + * - on Kopano systems use backend/kopano/listfolders.php script to get a list + * of available folders + * + * - all Z-Push users must have at least reading permissions so the configured + * folders can be synchronized to the mobile. Else they are ignored. + * + * - this feature is only partly suitable for multi-tenancy environments, + * as ALL users from ALL tenents need access to the configured store & folder. + * When configuring a public folder, this will cause problems, as each user has + * a different public folder in his tenant, so the folder are not available. + + * - changing this configuration could cause HIGH LOAD on the system, as all + * connected devices will be updated and load the data contained in the + * added/modified folders. + */ + + $additionalFolders = array( + // demo entry for the synchronization of contacts from the public folder. + // uncomment (remove '/*' '*/') and fill in the folderid +/* + array( + 'store' => "SYSTEM", + 'folderid' => "", + 'name' => "Public Contacts", + 'type' => SYNC_FOLDER_TYPE_USER_CONTACT, + ), +*/ + ); diff --git a/etc-baloghs/z-push/z-push.conf.php.dpkg-dist b/etc-baloghs/z-push/z-push.conf.php.dpkg-dist new file mode 100644 index 0000000..7fe9cbb --- /dev/null +++ b/etc-baloghs/z-push/z-push.conf.php.dpkg-dist @@ -0,0 +1,418 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +/********************************************************************************** + * Default settings + */ + // Defines the default time zone, change e.g. to "Europe/London" if necessary + define('TIMEZONE', ''); + + // Defines the base path on the server + define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/'); + + // Try to set unlimited timeout + define('SCRIPT_TIMEOUT', 0); + + // This should be solved on THE webserver level if there are proxies + // between mobile client and Z-Push. + // IMPORTANT: This setting will be deprecated in Z-Push 2.7.0. + // Use a custom header to determinate the remote IP of a client. + // By default, the server provided REMOTE_ADDR is used. If the header here set + // is available, the provided value will be used, else REMOTE_ADDR is maintained. + // set to false to disable this behaviour. + // common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored) + define('USE_CUSTOM_REMOTE_IP_HEADER', false); + + // When using client certificates, we can check if the login sent matches the owner of the certificate. + // This setting specifies the owner parameter in the certificate to look at. + define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN"); + + /* + * Whether to use the complete email address as a login name + * (e.g. user@company.com) or the username only (user). + * This is required for Z-Push to work properly after autodiscover. + * Possible values: + * false - use the username only. + * true - string the mobile sends as username, e.g. full email address (default). + */ + define('USE_FULLEMAIL_FOR_LOGIN', true); + +/********************************************************************************** + * StateMachine setting + * + * These StateMachines can be used: + * FILE - FileStateMachine (default). Needs STATE_DIR set as well. + * SQL - SqlStateMachine has own configuration file. STATE_DIR is ignored. + * State migration script is available, more informations: https://wiki.z-hub.io/x/xIAa + */ + define('STATE_MACHINE', 'FILE'); + define('STATE_DIR', '/var/lib/z-push/'); + +/********************************************************************************** + * IPC - InterProcessCommunication + * + * Is either provided by using shared memory on a single host or + * using the memcache provider for multi-host environments. + * When another implementation should be used, the class can be set here explicitly. + * If empty Z-Push will try to use available providers. + + * Possible values: + * IpcSharedMemoryProvider - default. Requires z-push-ipc-sharedmemory package. + * IpcMemcachedProvider - requires z-push-ipc-memcached package. It is necessary to set up + * memcached server before (it won't be installed by z-push-ipc-memcached). + * IpcWincacheProvider - for windows systems. + */ + define('IPC_PROVIDER', ''); + +/********************************************************************************** + * Logging settings + * + * The LOGBACKEND specifies where the logs are sent to. + * Either to file ("filelog") or to a "syslog" server or a custom log class in core/log/logclass. + * filelog and syslog have several options that can be set below. + * For more information about the syslog configuration, see https://wiki.z-hub.io/x/HIAT + + * Possible LOGLEVEL and LOGUSERLEVEL values are: + * LOGLEVEL_OFF - no logging + * LOGLEVEL_FATAL - log only critical errors + * LOGLEVEL_ERROR - logs events which might require corrective actions + * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future + * LOGLEVEL_INFO - usually completed actions + * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers + * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device + * LOGLEVEL_DEVICEID - also prints the device id for every log entry + * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack + * + * The verbosity increases from top to bottom. More verbose levels include less verbose + * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR, + * LOGLEVEL_WARN and LOGLEVEL_INFO level entries. + * + * LOGAUTHFAIL is logged to the LOGBACKEND. + */ + define('LOGBACKEND', 'filelog'); + define('LOGLEVEL', LOGLEVEL_INFO); + define('LOGAUTHFAIL', false); + + // To save e.g. WBXML data only for selected users, add the usernames to the array + // The data will be saved into a dedicated file per user in the LOGFILEDIR + // Users have to be encapusulated in quotes, several users are comma separated, like: + // $specialLogUsers = array('info@domain.com', 'myusername'); + define('LOGUSERLEVEL', LOGLEVEL_DEVICEID); + $specialLogUsers = array(); + + // Filelog settings + define('LOGFILEDIR', '/var/log/z-push/'); + define('LOGFILE', LOGFILEDIR . 'z-push.log'); + define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log'); + + // Syslog settings + // false will log to local syslog, otherwise put the remote syslog IP here + define('LOG_SYSLOG_HOST', false); + // Syslog port + define('LOG_SYSLOG_PORT', 514); + // Program showed in the syslog. Useful if you have more than one instance login to the same syslog + define('LOG_SYSLOG_PROGRAM', 'z-push'); + // Syslog facility - use LOG_USER when running on Windows + define('LOG_SYSLOG_FACILITY', LOG_LOCAL0); + + // Location of the trusted CA, e.g. '/etc/ssl/certs/EmailCA.pem' + // Uncomment and modify the following line if the validation of the certificates fails. + // define('CAINFO', '/etc/ssl/certs/EmailCA.pem'); + +/********************************************************************************** + * Mobile settings + */ + // Device Provisioning + define('PROVISIONING', true); + + // This option allows the 'loose enforcement' of the provisioning policies for older + // devices which don't support provisioning (like WM 5 and HTC Android Mail) - dw2412 contribution + // false (default) - Enforce provisioning for all devices + // true - allow older devices, but enforce policies on devices which support it + define('LOOSE_PROVISIONING', false); + + // The file containing the policies' settings. + // Set a full path or relative to the z-push main directory + define('PROVISIONING_POLICYFILE', 'policies.ini'); + + // Default conflict preference + // Some devices allow to set if the server or PIM (mobile) + // should win in case of a synchronization conflict + // SYNC_CONFLICT_OVERWRITE_SERVER - Server is overwritten, PIM wins + // SYNC_CONFLICT_OVERWRITE_PIM - PIM is overwritten, Server wins (default) + define('SYNC_CONFLICT_DEFAULT', SYNC_CONFLICT_OVERWRITE_PIM); + + // Global limitation of items to be synchronized + // The mobile can define a sync back period for calendar and email items + // For large stores with many items the time period could be limited to a max value + // If the mobile transmits a wider time period, the defined max value is used + // Applicable values: + // SYNC_FILTERTYPE_ALL (default, no limitation) + // SYNC_FILTERTYPE_1DAY, SYNC_FILTERTYPE_3DAYS, SYNC_FILTERTYPE_1WEEK, SYNC_FILTERTYPE_2WEEKS, + // SYNC_FILTERTYPE_1MONTH, SYNC_FILTERTYPE_3MONTHS, SYNC_FILTERTYPE_6MONTHS + define('SYNC_FILTERTIME_MAX', SYNC_FILTERTYPE_ALL); + + // Interval in seconds before checking if there are changes on the server when in Ping. + // It means the highest time span before a change is pushed to a mobile. Set it to + // a higher value if you have a high load on the server. + define('PING_INTERVAL', 30); + + // Set the fileas (save as) order for contacts in the webaccess/webapp/outlook. + // It will only affect new/modified contacts on the mobile which then are synced to the server. + // Possible values are: + // SYNC_FILEAS_FIRSTLAST - fileas will be "Firstname Middlename Lastname" + // SYNC_FILEAS_LASTFIRST - fileas will be "Lastname, Firstname Middlename" + // SYNC_FILEAS_COMPANYONLY - fileas will be "Company" + // SYNC_FILEAS_COMPANYLAST - fileas will be "Company (Lastname, Firstname Middlename)" + // SYNC_FILEAS_COMPANYFIRST - fileas will be "Company (Firstname Middlename Lastname)" + // SYNC_FILEAS_LASTCOMPANY - fileas will be "Lastname, Firstname Middlename (Company)" + // SYNC_FILEAS_FIRSTCOMPANY - fileas will be "Firstname Middlename Lastname (Company)" + // The company-fileas will only be set if a contact has a company set. If one of + // company-fileas is selected and a contact doesn't have a company set, it will default + // to SYNC_FILEAS_FIRSTLAST or SYNC_FILEAS_LASTFIRST (depending on if last or first + // option is selected for company). + // If SYNC_FILEAS_COMPANYONLY is selected and company of the contact is not set + // SYNC_FILEAS_LASTFIRST will be used + define('FILEAS_ORDER', SYNC_FILEAS_LASTFIRST); + + // Maximum amount of items to be synchronized per request. + // Normally this value is requested by the mobile. Common values are 5, 25, 50 or 100. + // Exporting too much items can cause mobile timeout on busy systems. + // Z-Push will use the lowest provided value, either set here or by the mobile. + // MS Outlook 2013+ request up to 512 items to accelerate the sync process. + // If you detect high load (also on subsystems) you could try a lower setting. + // max: 512 - value used if mobile does not limit amount of items + define('SYNC_MAX_ITEMS', 512); + + // The devices usually send a list of supported properties for calendar and contact + // items. If a device does not includes such a supported property in Sync request, + // it means the property's value will be deleted on the server. + // However some devices do not send a list of supported properties. It is then impossible + // to tell if a property was deleted or it was not set at all if it does not appear in Sync. + // This parameter defines Z-Push behaviour during Sync if a device does not issue a list with + // supported properties. + // See also https://jira.z-hub.io/browse/ZP-302. + // Possible values: + // false - do not unset properties which are not sent during Sync (default) + // true - unset properties which are not sent during Sync + define('UNSET_UNDEFINED_PROPERTIES', false); + + // ActiveSync specifies that a contact photo may not exceed 48 KB. This value is checked + // in the semantic sanity checks and contacts with larger photos are not synchronized. + // This limitation is not being followed by the ActiveSync clients which set much bigger + // contact photos. You can override the default value of the max photo size. + // default: 5242880 - 5 MB default max photo size in bytes + define('SYNC_CONTACTS_MAXPICTURESIZE', 5242880); + + // Over the WebserviceUsers command it is possible to retrieve a list of all + // known devices and users on this Z-Push system. The authenticated user needs to have + // admin rights and a public folder must exist. + // In multicompany environments this enable an admin user of any company to retrieve + // this full list, so this feature is disabled by default. Enable with care. + define('ALLOW_WEBSERVICE_USERS_ACCESS', false); + + // Users with many folders can use the 'partial foldersync' feature, where the server + // actively stops processing the folder list if it takes too long. Other requests are + // then redirected to the FolderSync to synchronize the remaining items. + // Device compatibility for this procedure is not fully understood. + // NOTE: THIS IS AN EXPERIMENTAL FEATURE WHICH COULD PREVENT YOUR MOBILES FROM SYNCHRONIZING. + define('USE_PARTIAL_FOLDERSYNC', false); + + // The minimum accepted time in second that a ping command should last. + // It is strongly advised to keep this config to false. Some device + // might not be able to send a higher value than the one specificied here and thus + // unable to start a push connection. + // If set to false, there will be no lower bound to the ping lifetime. + // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). + define('PING_LOWER_BOUND_LIFETIME', false); + + // The maximum accepted time in second that a ping command should last. + // If set to false, there will be no higher bound to the ping lifetime. + // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). + define('PING_HIGHER_BOUND_LIFETIME', false); + + // Maximum response time + // Mobiles implement different timeouts to their TCP/IP connections. Android devices for example + // have a hard timeout of 30 seconds. If the server is not able to answer a request within this timeframe, + // the answer will not be recieved and the device will send a new one overloading the server. + // There are three categories + // - Short timeout - server has up within 30 seconds - is automatically applied for not categorized types + // - Medium timeout - server has up to 90 seconds to respond + // - Long timeout - server has up to 4 minutes to respond + // If a timeout is almost reached the server will break and sent the results it has until this + // point. You can add DeviceType strings to the categories. + // In general longer timeouts are better, because more data can be streamed at once. + define('SYNC_TIMEOUT_MEDIUM_DEVICETYPES', "SAMSUNGGTI"); + define('SYNC_TIMEOUT_LONG_DEVICETYPES', "iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail"); + + // Time in seconds the device should wait whenever the service is unavailable, + // e.g. when a backend service is unavailable. + // Z-Push sends a "Retry-After" header in the response with the here defined value. + // It is up to the device to respect or not this directive so even if this option is set, + // the device might not wait requested time frame. + // Number of seconds before retry, to disable set to: false + define('RETRY_AFTER_DELAY', 300); + +/********************************************************************************** + * Backend settings + */ + // The backend data provider. + // Leave this value empty and Z-Push will autoload a backend. The sequence of autoload is: + // BackendKopano, BackendCombined, BackendIMAP, BackendVCardDir, BackendMaildir. + // If BackendKopano is not installed, Z-Push will load BackendCombined. If BackendCombined + // also is not installed, Z-Push will load BackendIMAP and so on. + // If you prefer explicitly configure a backend provider, currently possible values are: + // BackendKopano - to use with the Kopano groupware. Syncs emails, calendar items, + // contacts, tasks and notes or any combination of the listed items. + // BackendCombined - combine multiple backends for different items, e.g. + // BackendIMAP for emails, BackendCalDAV for calendar items, + // BackendCardDAV for contacts etc. You can configure what backend + // syncs which items in /etc/combined.conf.php. + // BackendIMAP - to sync emails with an IMAP server. + // BackendCalDAV - to sync calendar items and / or tasks with a CalDAV server. + // BackendCardDAV - to sync contacts with a CardDAV server. + // BackendMaildir - to sync emails from a Maildir. + // BackendStickyNote - to sync notes with a Postgres server. + // BackendVCardDir - to sync contacts with vcard folder. + define('BACKEND_PROVIDER', ''); + +/********************************************************************************** + * Search provider settings + * + * Alternative backend to perform SEARCH requests (GAL search) + * By default the main Backend defines the preferred search functionality. + * If set, the Search Provider will always be preferred. + * Use 'BackendSearchLDAP' to search in a LDAP directory (see backend/searchldap/config.php) + */ + define('SEARCH_PROVIDER', ''); + // Time in seconds for the server search. Setting it too high might result in timeout. + // Setting it too low might not return all results. Default is 10. + define('SEARCH_WAIT', 10); + // The maximum number of results to send to the client. Setting it too high + // might result in timeout. Default is 10. + define('SEARCH_MAXRESULTS', 10); + +/********************************************************************************** + * Kopano Outlook Extension - Settings + * + * The Kopano Outlook Extension (KOE) provides MS Outlook 2013 and newer with + * functionality not provided by ActiveSync or not implemented by Outlook. + * For more information, see: https://wiki.z-hub.io/x/z4Aa + */ + // Global Address Book functionality + define('KOE_CAPABILITY_GAB', true); + // Synchronize mail flags from the server to Outlook/KOE + define('KOE_CAPABILITY_RECEIVEFLAGS', true); + // Encode flags when sending from Outlook/KOE + define('KOE_CAPABILITY_SENDFLAGS', true); + // Out-of-office support + define('KOE_CAPABILITY_OOF', true); + // Out-of-office support with start & end times (superseeds KOE_CAPABILITY_OOF) + define('KOE_CAPABILITY_OOFTIMES', true); + // Notes support + define('KOE_CAPABILITY_NOTES', true); + // Shared folder support + define('KOE_CAPABILITY_SHAREDFOLDER', true); + // Send-As support for Outlook/KOE and mobiles + define('KOE_CAPABILITY_SENDAS', true); + // Secondary Contact folders (own and shared) + define('KOE_CAPABILITY_SECONDARYCONTACTS', true); + // Copy WebApp signature into KOE + define('KOE_CAPABILITY_SIGNATURES', true); + // Delivery receipt requests + define('KOE_CAPABILITY_RECEIPTS', true); + // Impersonate other users + define('KOE_CAPABILITY_IMPERSONATE', true); + + // To synchronize the GAB KOE, the GAB store and folderid need to be specified. + // Use the gab-sync script to generate this data. The name needs to + // match the config of the gab-sync script. + // More information here: https://wiki.z-hub.io/x/z4Aa (GAB Sync Script) + define('KOE_GAB_STORE', 'SYSTEM'); + define('KOE_GAB_FOLDERID', ''); + define('KOE_GAB_NAME', 'Z-Push-KOE-GAB'); + +/********************************************************************************** + * Synchronize additional folders to all mobiles + * + * With this feature, special folders can be synchronized to all mobiles. + * This is useful for e.g. global company contacts. + * + * This feature is supported only by certain devices, like iPhones. + * Check the compatibility list for supported devices: + * http://z-push.org/compatibility + * + * To synchronize a folder, add a section setting all parameters as below: + * store: the ressource where the folder is located. + * Kopano users use 'SYSTEM' for the 'Public Folder' + * folderid: folder id of the folder to be synchronized + * name: name to be displayed on the mobile device + * type: supported types are: + * SYNC_FOLDER_TYPE_USER_CONTACT + * SYNC_FOLDER_TYPE_USER_APPOINTMENT + * SYNC_FOLDER_TYPE_USER_TASK + * SYNC_FOLDER_TYPE_USER_MAIL + * SYNC_FOLDER_TYPE_USER_NOTE + * flags: sets additional options on the shared folder. Supported are: + * DeviceManager::FLD_FLAGS_NONE + * No flags configured, default flag to be set + * DeviceManager::FLD_FLAGS_SENDASOWNER + * When replying in this folder, automatically do Send-As + * DeviceManager::FLD_FLAGS_CALENDARREMINDERS + * If set, Outlook shows reminders for these shares with KOE + * DeviceManager::FLD_FLAGS_NOREADONLYNOTIFY + * If set, Z-Push won't send notification emails for changes + * if the folder is read-only + * + * Additional notes: + * - on Kopano systems use backend/kopano/listfolders.php script to get a list + * of available folders + * + * - all Z-Push users must have at least reading permissions so the configured + * folders can be synchronized to the mobile. Else they are ignored. + * + * - this feature is only partly suitable for multi-tenancy environments, + * as ALL users from ALL tenents need access to the configured store & folder. + * When configuring a public folder, this will cause problems, as each user has + * a different public folder in his tenant, so the folder are not available. + + * - changing this configuration could cause HIGH LOAD on the system, as all + * connected devices will be updated and load the data contained in the + * added/modified folders. + */ + + $additionalFolders = array( + // demo entry for the synchronization of contacts from the public folder. + // uncomment (remove '/*' '*/') and fill in the folderid +/* + array( + 'store' => "SYSTEM", + 'folderid' => "", + 'name' => "Public Contacts", + 'type' => SYNC_FOLDER_TYPE_USER_CONTACT, + 'flags' => DeviceManager::FLD_FLAGS_NONE, + ), +*/ + ); diff --git a/etc-relay/postfix/aliases b/etc-relay/postfix/aliases new file mode 100644 index 0000000..e69de29 diff --git a/etc-relay/postfix/aliases.db b/etc-relay/postfix/aliases.db new file mode 100644 index 0000000000000000000000000000000000000000..49faafe7cb52dc5594e63ce2b1551d2b017ca7b3 GIT binary patch literal 12288 zcmeI%Jqp4=5C+hRLNJJsCT$w8;aLPb8;@e=sqDN_cCuI`w!!Kx?B5K0#cL-bqA5Gq zZD^y*M_=|K9}&BHEzU>R#=i6~@7M7>)>dYGbLL9P_&o2|pZX%nhX4Tr1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oTsxAZPTeIe#Cgn!c*fMf3lyFirstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = dbm:/etc/mail/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_user. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /usr/bin/procmail +#mailbox_command = /usr/bin/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:/etc/postfix/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) +smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) + + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +#debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen session, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = + +# readme_directory: The location of the Postfix README files. +# +readme_directory = +inet_protocols = ipv4 diff --git a/etc-relay/postfix/makedefs.out b/etc-relay/postfix/makedefs.out new file mode 100644 index 0000000..3f05f2c --- /dev/null +++ b/etc-relay/postfix/makedefs.out @@ -0,0 +1,65 @@ +# Do not edit -- this file documents how Postfix was built for your machine. +#---------------------------------------------------------------- +# Start of summary of user-configurable 'make makefiles' options. +# CCARGS=-DDEBIAN -DHAS_PCRE -DHAS_LDAP -DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql -DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS +# AUXLIBS=-lssl -lcrypto -lsasl2 -lpthread -L/build/postfix-vedmgF/postfix-3.3.0/debian +# AUXLIBS_CDB=-lcdb -L../../lib -L. -lpostfix-util +# AUXLIBS_LMDB=-llmdb -L../../lib -L. -lpostfix-util +# AUXLIBS_MYSQL=-lmysqlclient -L../../lib -L. -lpostfix-util -lpostfix-global +# AUXLIBS_LDAP=-lldap -llber -L../../lib -L. -lpostfix-util -lpostfix-global +# AUXLIBS_PCRE=-lpcre -L../../lib -L. -lpostfix-util +# AUXLIBS_SQLITE=-lsqlite3 -L../../lib -L. -lpostfix-util -lpostfix-global -lpthread +# AUXLIBS_PGSQL=-lpq -L../../lib -L. -lpostfix-util -lpostfix-global +# shared=yes +# dynamicmaps=yes +# pie=yes +# daemon_directory=/usr/lib/postfix/sbin +# html_directory=/usr/share/doc/postfix/html +# manpage_directory=/usr/share/man +# readme_directory=/usr/share/doc/postfix +# End of summary of user-configurable 'make makefiles' options. +#-------------------------------------------------------------- +# System-dependent settings and compiler/linker overrides. +SYSTYPE = LINUX4 +_AR = ar +ARFL = rv +_RANLIB = ranlib +SYSLIBS = -pie -z relro -z now -lssl -lcrypto -lsasl2 -lpthread -L/build/postfix-vedmgF/postfix-3.3.0/debian -ldb -lnsl -lresolv -ldl -L/usr/lib/x86_64-linux-gnu -licui18n -licuuc -licudata +AUXLIBS_CDB = -lcdb -L../../lib -L. -lpostfix-util +AUXLIBS_LDAP = -lldap -llber -L../../lib -L. -lpostfix-util -lpostfix-global +AUXLIBS_LMDB = -llmdb -L../../lib -L. -lpostfix-util +AUXLIBS_MYSQL = -lmysqlclient -L../../lib -L. -lpostfix-util -lpostfix-global +AUXLIBS_PCRE = -lpcre -L../../lib -L. -lpostfix-util +AUXLIBS_PGSQL = -lpq -L../../lib -L. -lpostfix-util -lpostfix-global +AUXLIBS_SQLITE = -lsqlite3 -L../../lib -L. -lpostfix-util -lpostfix-global -lpthread +CC = gcc -fPIC -I. -I../../include -DDEBIAN -DHAS_PCRE -DHAS_LDAP -DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql -DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS -I/usr/include -DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\" -DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\" -DDEF_MANPAGE_DIR=\"/usr/share/man\" -DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS -DUSE_DYNAMIC_MAPS $(WARN) +OPT = -O2 +DEBUG = +AWK = awk +STRCASE = +EXPORT = CCARGS='-I. -I../../include -DDEBIAN -DHAS_PCRE -DHAS_LDAP -DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql -DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS -I/usr/include -DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\" -DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\" -DDEF_MANPAGE_DIR=\"/usr/share/man\" -DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS -DUSE_DYNAMIC_MAPS' OPT='-O2' DEBUG='' +WARN = -Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ + -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ + -Wunused -Wno-missing-braces +DEFINED_MAP_TYPES = pcre ldap sqlite cdb lmdb mysql pgsql ssl dev_urandom +MAKE_FIX = +# Switch between Postfix static and dynamically-linked libraries. +AR = : +RANLIB = : +LIB_PREFIX = postfix- +LIB_SUFFIX = .so +SHLIB_CFLAGS = -fPIC +SHLIB_DIR = /usr/lib/postfix +SHLIB_ENV = LD_LIBRARY_PATH=/build/postfix-vedmgF/postfix-3.3.0/lib +SHLIB_LD = gcc -shared -Wl,-soname,${LIB} +SHLIB_SYSLIBS = -lssl -lcrypto -lsasl2 -lpthread -L/build/postfix-vedmgF/postfix-3.3.0/debian -ldb -lnsl -lresolv -ldl -L/usr/lib/x86_64-linux-gnu -licui18n -licuuc -licudata +SHLIB_RPATH = -Wl,--enable-new-dtags -Wl,-rpath,${SHLIB_DIR} +# Switch between dynamicmaps.cf plugins and hard-linked databases. +NON_PLUGIN_MAP_OBJ = +PLUGIN_MAP_OBJ = $(MAP_OBJ) +PLUGIN_MAP_OBJ_UPDATE = plugin_map_obj_update +PLUGIN_MAP_SO_MAKE = plugin_map_so_make +PLUGIN_MAP_SO_UPDATE = plugin_map_so_update +PLUGIN_LD = gcc -shared +POSTFIX_INSTALL_OPTS = +# Application-specific rules. diff --git a/etc-relay/postfix/master.cf b/etc-relay/postfix/master.cf new file mode 100644 index 0000000..c858e8d --- /dev/null +++ b/etc-relay/postfix/master.cf @@ -0,0 +1,63 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - n - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +smtps inet n - n - - smtpd + -o syslog_name=postfix/smtps + -o smtpd_tls_wrappermode=yes + -o smtp_tls_security_level=encrypt + -o smtpd_tls_req_ccert=yes + -o relay_clientcerts=hash:/etc/postfix/relay_clientcerts + -o smtpd_relay_restrictions=permit_mynetworks,permit_tls_clientcerts,reject_unauth_destination +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - y - - smtp + -o syslog_name=postfix/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +# postlog unix-dgram n - n - 1 postlogd diff --git a/etc-relay/postfix/master.cf.proto b/etc-relay/postfix/master.cf.proto new file mode 100644 index 0000000..ed711ac --- /dev/null +++ b/etc-relay/postfix/master.cf.proto @@ -0,0 +1,126 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - y - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#smtps inet n - y - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp + -o syslog_name=postfix/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/etc-relay/postfix/post-install b/etc-relay/postfix/post-install new file mode 100644 index 0000000..25ef7e6 --- /dev/null +++ b/etc-relay/postfix/post-install @@ -0,0 +1,915 @@ +#!/bin/sh + +# To view the formatted manual page of this file, type: +# POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man + +#++ +# NAME +# post-install +# SUMMARY +# Postfix post-installation script +# SYNOPSIS +# postfix post-install [name=value] command ... +# DESCRIPTION +# The post-install script performs the finishing touch of a Postfix +# installation, after the executable programs and configuration +# files are installed. Usage is one of the following: +# .IP o +# While installing Postfix from source code on the local machine, the +# script is run by the postfix-install script to update selected file +# or directory permissions and to update Postfix configuration files. +# .IP o +# While installing Postfix from a pre-built package, the script is run +# by the package management procedure to set all file or directory +# permissions and to update Postfix configuration files. +# .IP o +# The script can be used to change installation parameter settings such +# as mail_owner or setgid_group after Postfix is already installed. +# .IP o +# The script can be used to upgrade configuration files and to upgrade +# file/directory permissions of a secondary Postfix instance. +# .IP o +# At Postfix start-up time, the script is run from "postfix check" to +# create missing queue directories. +# .PP +# The post-install script is controlled by installation parameters. +# Specific parameters are described at the end of this document. +# All installation parameters must be specified ahead of time via +# one of the methods described below. +# +# Arguments +# .IP create-missing +# Create missing queue directories with ownerships and permissions +# according to the contents of $meta_directory/postfix-files +# and optionally in $meta_directory/postfix-files.d/*, using +# the mail_owner and setgid_group parameter settings from the +# command line, process environment or from the installed +# main.cf file. +# +# This is required at Postfix start-up time. +# .IP set-permissions +# Set all file/directory ownerships and permissions according to the +# contents of $meta_directory/postfix-files and optionally +# in $meta_directory/postfix-files.d/*, using the mail_owner +# and setgid_group parameter settings from the command line, +# process environment or from the installed main.cf file. +# Implies create-missing. +# +# This is required when installing Postfix from a pre-built package, +# or when changing the mail_owner or setgid_group installation parameter +# settings after Postfix is already installed. +# .IP upgrade-permissions +# Update ownership and permission of existing files/directories as +# specified in $meta_directory/postfix-files and optionally +# in $meta_directory/postfix-files.d/*, using the mail_owner +# and setgid_group parameter settings from the command line, +# process environment or from the installed main.cf file. +# Implies create-missing. +# +# This is required when upgrading an existing Postfix instance. +# .IP upgrade-configuration +# Edit the installed main.cf and master.cf files, in order to account +# for missing services and to fix deprecated parameter settings. +# +# This is required when upgrading an existing Postfix instance. +# .IP upgrade-source +# Short-hand for: upgrade-permissions upgrade-configuration. +# +# This is recommended when upgrading Postfix from source code. +# .IP upgrade-package +# Short-hand for: set-permissions upgrade-configuration. +# +# This is recommended when upgrading Postfix from a pre-built package. +# .IP first-install-reminder +# Remind the user that they still need to configure main.cf and the +# aliases file, and that newaliases still needs to be run. +# +# This is recommended when Postfix is installed for the first time. +# MULTIPLE POSTFIX INSTANCES +# .ad +# .fi +# Multiple Postfix instances on the same machine can share command and +# daemon program files but must have separate configuration and queue +# directories. +# +# To create a secondary Postfix installation on the same machine, +# copy the configuration files from the primary Postfix instance to +# a secondary configuration directory and execute: +# +# postfix post-install config_directory=secondary-config-directory \e +# .in +4 +# queue_directory=secondary-queue-directory \e +# .br +# create-missing +# .PP +# This creates secondary Postfix queue directories, sets their access +# permissions, and saves the specified installation parameters to the +# secondary main.cf file. +# +# Be sure to list the secondary configuration directory in the +# alternate_config_directories parameter in the primary main.cf file. +# +# To upgrade a secondary Postfix installation on the same machine, +# execute: +# +# postfix post-install config_directory=secondary-config-directory \e +# .in +4 +# upgrade-permissions upgrade-configuration +# INSTALLATION PARAMETER INPUT METHODS +# .ad +# .fi +# Parameter settings can be specified through a variety of +# mechanisms. In order of decreasing precedence these are: +# .IP "command line" +# Parameter settings can be given as name=value arguments on +# the post-install command line. These have the highest precedence. +# Settings that override the installed main.cf file are saved. +# .IP "process environment" +# Parameter settings can be given as name=value environment +# variables. +# Settings that override the installed main.cf file are saved. +# .IP "installed configuration files" +# If a parameter is not specified via the command line or via the +# process environment, post-install will attempt to extract its +# value from the already installed Postfix main.cf configuration file. +# These settings have the lowest precedence. +# INSTALLATION PARAMETER DESCRIPTION +# .ad +# .fi +# The description of installation parameters is as follows: +# .IP config_directory +# The directory for Postfix configuration files. +# .IP daemon_directory +# The directory for Postfix daemon programs. This directory +# should not be in the command search path of any users. +# .IP command_directory +# The directory for Postfix administrative commands. This +# directory should be in the command search path of adminstrative users. +# .IP queue_directory +# The directory for Postfix queues. +# .IP data_directory +# The directory for Postfix writable data files (caches, etc.). +# .IP sendmail_path +# The full pathname for the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# .IP newaliases_path +# The full pathname for the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases +# for the Postfix local delivery agent. +# .IP mailq_path +# The full pathname for the Postfix mailq command. +# This is the Sendmail-compatible command to list the mail queue. +# .IP mail_owner +# The owner of the Postfix queue. Its numerical user ID and group ID +# must not be used by any other accounts on the system. +# .IP setgid_group +# The group for mail submission and for queue management commands. +# Its numerical group ID must not be used by any other accounts on the +# system, not even by the mail_owner account. +# .IP html_directory +# The directory for the Postfix HTML files. +# .IP manpage_directory +# The directory for the Postfix on-line manual pages. +# .IP sample_directory +# The directory for the Postfix sample configuration files. +# This feature is obsolete as of Postfix 2.1. +# .IP readme_directory +# The directory for the Postfix README files. +# .IP shlib_directory +# The directory for the Postfix shared-library files, and for +# the Postfix dabatase plugin files with a relative pathname +# in the file dynamicmaps.cf. +# .IP meta_directory +# The directory for non-executable files that are shared +# among multiple Postfix instances, such as postfix-files, +# dynamicmaps.cf, as well as the multi-instance template files +# main.cf.proto and master.cf.proto. +# SEE ALSO +# postfix-install(1) Postfix primary installation script. +# FILES +# $config_directory/main.cf, Postfix installation parameters. +# $meta_directory/postfix-files, installation control file. +# $meta_directory/postfix-files.d/*, optional control files. +# $config_directory/install.cf, obsolete configuration file. +# LICENSE +# .ad +# .fi +# The Secure Mailer license must be distributed with this software. +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +#-- + +umask 022 + +PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd +SHELL=/bin/sh +IFS=" +" +BACKUP_IFS="$IFS" +debug=: +#debug=echo +MOST_PARAMETERS="command_directory daemon_directory data_directory + html_directory mail_owner mailq_path manpage_directory + newaliases_path queue_directory readme_directory sample_directory + sendmail_path setgid_group shlib_directory meta_directory" +NON_SHARED="config_directory queue_directory data_directory" + +USAGE="Usage: $0 [name=value] command + create-missing Create missing queue directories. + upgrade-source When installing or upgrading from source code. + upgrade-package When installing or upgrading from pre-built package. + first-install-reminder Remind of mandatory first-time configuration steps. + name=value Specify an installation parameter". + +# Process command-line options and parameter settings. Work around +# brain damaged shells. "IFS=value command" should not make the +# IFS=value setting permanent. But some broken standard allows it. + +create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder= +obsolete=; keep_list=; + +for arg +do + case $arg in + *[" "]*) echo $0: "Error: argument contains whitespace: '$arg'" + exit 1;; + *=*) IFS= eval $arg; IFS="$BACKUP_IFS";; + create-missing) create=1;; + set-perm*) create=1; set_perms=1;; + upgrade-perm*) create=1; upgrade_perms=1;; + upgrade-conf*) upgrade_conf=1;; + upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;; + upgrade-package) create=1; upgrade_conf=1; set_perms=1;; + first-install*) first_install_reminder=1;; + *) echo "$0: Error: $USAGE" 1>&2; exit 1;; + esac + shift +done + +# Sanity checks. + +test -n "$create$upgrade_conf$first_install_reminder" || { + echo "$0: Error: $USAGE" 1>&2 + exit 1 +} + +# Bootstrapping problem. + +if [ -n "$command_directory" ] +then + POSTCONF="$command_directory/postconf" +else + POSTCONF="postconf" +fi + +$POSTCONF -d mail_version >/dev/null 2>/dev/null || { + echo $0: Error: no $POSTCONF command found. 1>&2 + echo Re-run this command as $0 command_directory=/some/where. 1>&2 + exit 1 +} + +# Also used to require license etc. files only in the default instance. + +def_config_directory=`$POSTCONF -d -h config_directory` || exit 1 +test -n "$config_directory" || + config_directory="$def_config_directory" + +test -d "$config_directory" || { + echo $0: Error: $config_directory is not a directory. 1>&2 + exit 1 +} + +# If this is a secondary instance, don't touch shared files. +# XXX Solaris does not have "test -e". + +instances=`test ! -f $def_config_directory/main.cf || + $POSTCONF -c $def_config_directory -h multi_instance_directories | + sed 's/,/ /'` || exit 1 + +update_shared_files=1 +for name in $instances +do + case "$name" in + "$def_config_directory") ;; + "$config_directory") update_shared_files=; break;; + esac +done + +test -f $meta_directory/postfix-files || { + echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2 + exit 1 +} + +# SunOS5 fmt(1) truncates lines > 1000 characters. + +fake_fmt() { + sed ' + :top + /^\( *\)\([^ ][^ ]*\) */{ + s//\1\2\ +\1/ + P + D + b top + } + ' | fmt +} + +case `uname -s` in +HP-UX*) FMT=cat;; +SunOS*) FMT=fake_fmt;; + *) FMT=fmt;; +esac + +# If a parameter is not set via the command line or environment, +# try to use settings from installed configuration files. + +# Extract parameter settings from the obsolete install.cf file, as +# a transitional aid. + +grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || { + test -f $config_directory/install.cf && { + for name in sendmail_path newaliases_path mailq_path setgid manpages + do + eval junk=\$$name + case "$junk" in + "") eval unset $name;; + esac + eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \ + || exit 1 + done + : ${setgid_group=$setgid} + : ${manpage_directory=$manpages} + } +} + +# Extract parameter settings from the installed main.cf file. + +test -f $config_directory/main.cf && { + for name in $MOST_PARAMETERS + do + eval junk=\$$name + case "$junk" in + "") eval unset $name;; + esac + eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1 + done +} + +# Sanity checks + +case $manpage_directory in + no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2 + echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;; +esac + +case $setgid_group in + no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2 + echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;; +esac + +for path in "$daemon_directory" "$command_directory" "$queue_directory" \ + "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \ + "$meta_directory" +do + case "$path" in + /*) ;; + *) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;; + esac +done + +for path in "$html_directory" "$readme_directory" "$shlib_directory" +do + case "$path" in + /*) ;; + no) ;; + *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;; + esac +done + +# Find out what parameters were not specified via command line, +# via environment, or via installed configuration files. + +missing= +for name in $MOST_PARAMETERS +do + eval test -n \"\$$name\" || missing="$missing $name" +done + +# All parameters must be specified at this point. + +test -n "$non_interactive" -a -n "$missing" && { + cat <&2 +$0: Error: some required installation parameters are not defined. + +- Either the parameters need to be given in the $config_directory/main.cf +file from a recent Postfix installation, + +- Or the parameters need to be specified through the process +environment. + +- Or the parameters need to be specified as name=value arguments +on the $0 command line, + +The following parameters were missing: + + $missing + +EOF + exit 1 +} + +POSTCONF="$command_directory/postconf" + +# Save settings, allowing command line/environment override. + +# Undo MAIL_VERSION expansion at the end of a parameter value. If +# someone really wants the expanded mail version in main.cf, then +# we're sorry. + +# Confine side effects from mail_version unexpansion within a subshell. + +(case "$mail_version" in +"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1 +esac + +for name in $MOST_PARAMETERS +do + eval junk=\$$name + case "$junk" in + *"$mail_version"*) + case "$pattern" in + "") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1 + esac + val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1 + eval ${name}='"$val"' + esac +done + +# XXX Maybe update main.cf only with first install, upgrade, set +# permissions, and what else? Should there be a warning otherwise? + +override= +for name in $MOST_PARAMETERS +do + eval junk=\"\$$name\" + test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || { + override=1 + break + } +done + +test -n "$override" && { + $POSTCONF -c $config_directory -e \ + "daemon_directory = $daemon_directory" \ + "command_directory = $command_directory" \ + "queue_directory = $queue_directory" \ + "data_directory = $data_directory" \ + "mail_owner = $mail_owner" \ + "setgid_group = $setgid_group" \ + "sendmail_path = $sendmail_path" \ + "mailq_path = $mailq_path" \ + "newaliases_path = $newaliases_path" \ + "html_directory = $html_directory" \ + "manpage_directory = $manpage_directory" \ + "sample_directory = $sample_directory" \ + "readme_directory = $readme_directory" \ + "shlib_directory = $shlib_directory" \ + "meta_directory = $meta_directory" \ + || exit 1 +} || exit 0) || exit 1 + +# Use file/directory status information in $meta_directory/postfix-files. + +test -n "$create" && { + postfix_files_d=$meta_directory/postfix-files.d + for postfix_file in $meta_directory/postfix-files \ + `test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }` + do + exec <$postfix_file || exit 1 + while IFS=: read path type owner group mode flags junk + do + IFS="$BACKUP_IFS" + set_permission= + # Skip comments. Skip shared files, if updating a secondary instance. + case $path in + [$]*) case "$update_shared_files" in + 1) $debug keep non-shared or shared $path;; + *) non_shared= + for name in $NON_SHARED + do + case $path in + "\$$name"*) non_shared=1; break;; + esac + done + case "$non_shared" in + 1) $debug keep non-shared $path;; + *) $debug skip shared $path; continue;; + esac;; + esac;; + *) continue;; + esac + # Skip hard links and symbolic links. + case $type in + [hl]) continue;; + [df]) ;; + *) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;; + esac + # Expand $name, and canonicalize null fields. + for name in path owner group flags + do + eval junk=\${$name} + case $junk in + [$]*) eval $name=$junk;; + -) eval $name=;; + *) ;; + esac + done + # Skip uninstalled files. + case $path in + no|no/*) continue;; + esac + # Pick up the flags. + case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac + case $flags in *c*) create_flag=1;; *) create_flag=;; esac + case $flags in *r*) recursive="-R";; *) recursive=;; esac + case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac + case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \ + "$def_config_directory" && continue;; esac + # Flag obsolete objects. XXX Solaris 2..9 does not have "test -e". + if [ -n "$obsolete_flag" ] + then + test -r $path -a "$type" != "d" && obsolete="$obsolete $path" + continue; + else + keep_list="$keep_list $path" + fi + # Create missing directories with proper owner/group/mode settings. + if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ] + then + mkdir $path || exit 1 + set_permission=1 + # Update all owner/group/mode settings. + elif [ -n "$set_perms" ] + then + set_permission=1 + # Update obsolete owner/group/mode settings. + elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ] + then + set_permission=1 + fi + test -n "$set_permission" && { + chown $recursive $owner $path || exit 1 + test -z "$group" || chgrp $recursive $group $path || exit 1 + # Don't "chmod -R"; queue file status is encoded in mode bits. + if [ "$type" = "d" -a -n "$recursive" ] + then + find $path -type d -exec chmod $mode "{}" ";" + else + chmod $mode $path + fi || exit 1 + } + done + IFS="$BACKUP_IFS" + done +} + +# Upgrade existing Postfix configuration files if necessary. + +test -n "$upgrade_conf" && { + + # Postfix 2.0. + # Add missing relay service to master.cf. + + grep '^relay' $config_directory/master.cf >/dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for relay service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for flush service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for trace service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for verify service + cat >>$config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, setting verify process limit to 1 + ed $config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, making the pickup service unprivileged + ed $config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, making the $name service public + ed $config_directory/master.cf </dev/null) || missing="$missing defer" + (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred" + test -n "$missing" && { + echo fixing main.cf hash_queue_names for missing $missing + $POSTCONF -c $config_directory -e hash_queue_names="$found$missing" || + exit 1 + } + + # Turn on safety nets for new features that could bounce mail that + # would be accepted by a previous Postfix version. + + # [The "unknown_local_recipient_reject_code = 450" safety net, + # introduced with Postfix 2.0 and deleted after Postfix 2.3.] + + # Postfix 2.0. + # Add missing proxymap service to master.cf. + + grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for proxymap service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for anvil service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for scache service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for discard service + cat >>$config_directory/master.cf <unix service. + + grep "^tlsmgr[ ]*fifo[ ]" \ + $config_directory/master.cf >/dev/null && { + echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service + ed $config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for retry service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for proxywrite service + cat >>$config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, setting proxywrite process limit to 1 + ed $config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service + cat >>$config_directory/master.cf <&2 + echo Do not run directly. 1>&2 + exit 1 +esac + +LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script" +INFO="$LOGGER -p info" +WARN="$LOGGER -p warn" +ERROR="$LOGGER -p error" +FATAL="$LOGGER -p fatal" +PANIC="$LOGGER -p panic" + +if [ "X${1#quiet-}" != "X${1}" ]; then + INFO=: + x=${1#quiet-} + shift + set -- $x "$@" +fi + +umask 022 +SHELL=/bin/sh + +# +# Can't do much without these in place. +# +cd $command_directory || { + $FATAL no Postfix command directory $command_directory! + exit 1 +} +cd $daemon_directory || { + $FATAL no Postfix daemon directory $daemon_directory! + exit 1 +} +test -f master || { + $FATAL no Postfix master program $daemon_directory/master! + exit 1 +} +cd $config_directory || { + $FATAL no Postfix configuration directory $config_directory! + exit 1 +} +case $shlib_directory in +no) ;; + *) cd $shlib_directory || { + $FATAL no Postfix shared-library directory $shlib_directory! + exit 1 + } +esac +cd $meta_directory || { + $FATAL no Postfix meta directory $meta_directory! + exit 1 +} +cd $queue_directory || { + $FATAL no Postfix queue directory $queue_directory! + exit 1 +} +def_config_directory=`$command_directory/postconf -dh config_directory` || { + $FATAL cannot execute $command_directory/postconf! + exit 1 +} + +# If this is a secondary instance, don't touch shared files. + +instances=`test ! -f $def_config_directory/main.cf || + $command_directory/postconf -c $def_config_directory \ + -h multi_instance_directories | sed 's/,/ /'` || { + $FATAL cannot execute $command_directory/postconf! + exit 1 +} + +check_shared_files=1 +for name in $instances +do + case "$name" in + "$def_config_directory") ;; + "$config_directory") check_shared_files=; break;; + esac +done + +# +# Parse JCL +# +case $1 in + +start_msg) + + echo "Start postfix" + ;; + +stop_msg) + + echo "Stop postfix" + ;; + +quick-start) + + $daemon_directory/master -t 2>/dev/null || { + $FATAL the Postfix mail system is already running + exit 1 + } + $daemon_directory/postfix-script quick-check || { + $FATAL Postfix integrity check failed! + exit 1 + } + $INFO starting the Postfix mail system + $daemon_directory/master & + ;; + +start|start-fg) + + $daemon_directory/master -t 2>/dev/null || { + $FATAL the Postfix mail system is already running + exit 1 + } + if [ -f $queue_directory/quick-start ] + then + rm -f $queue_directory/quick-start + else + $daemon_directory/postfix-script check-fatal || { + $FATAL Postfix integrity check failed! + exit 1 + } + # Foreground this so it can be stopped. All inodes are cached. + $daemon_directory/postfix-script check-warn + fi + $INFO starting the Postfix mail system + case $1 in + start) + # NOTE: wait in foreground process to get the initialization status. + $daemon_directory/master -w || { + $FATAL "mail system startup failed" + exit 1 + } + ;; + start-fg) + # Foreground start-up is incompatible with multi-instance mode. + # We can't use "exec $daemon_directory/master" here: that would + # break process group management, and "postfix stop" would kill + # too many processes. + case $instances in + "") $daemon_directory/master + ;; + *) $FATAL "start-fg does not support multi_instance_directories" + exit 1 + ;; + esac + ;; + esac + ;; + +drain) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO stopping the Postfix mail system + kill -9 `sed 1q pid/master.pid` + ;; + +quick-stop) + + $daemon_directory/postfix-script stop + touch $queue_directory/quick-start + ;; + +stop) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 0 + } + $INFO stopping the Postfix mail system + kill `sed 1q pid/master.pid` + for i in 5 4 3 2 1 + do + $daemon_directory/master -t && exit 0 + $INFO waiting for the Postfix mail system to terminate + sleep 1 + done + $WARN stopping the Postfix mail system with force + pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` && + kill -9 -$pid + ;; + +abort) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 0 + } + $INFO aborting the Postfix mail system + kill `sed 1q pid/master.pid` + ;; + +reload) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO refreshing the Postfix mail system + $command_directory/postsuper active || exit 1 + kill -HUP `sed 1q pid/master.pid` + $command_directory/postsuper & + ;; + +flush) + + cd $queue_directory || { + $FATAL no Postfix queue directory $queue_directory! + exit 1 + } + $command_directory/postqueue -f + ;; + +check) + + $daemon_directory/postfix-script check-fatal || exit 1 + $daemon_directory/postfix-script check-warn + exit 0 + ;; + +status) + + $daemon_directory/master -t 2>/dev/null && { + $INFO the Postfix mail system is not running + exit 1 + } + $INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid` + exit 0 + ;; + +quick-check) + # This command is NOT part of the public interface. + + $SHELL $daemon_directory/post-install create-missing || { + $WARN unable to create missing queue directories + exit 1 + } + + # Look for incomplete installations. + + test -f $config_directory/master.cf || { + $FATAL no $config_directory/master.cf file found + exit 1 + } + exit 0 + ;; + +check-fatal) + # This command is NOT part of the public interface. + + $daemon_directory/postfix-script quick-check + + # See if all queue files are in the right place. This is slow. + # We must scan all queues for mis-named queue files before the + # mail system can run. + + $command_directory/postsuper || exit 1 + exit 0 + ;; + +check-warn) + # This command is NOT part of the public interface. + + # Check Postfix root-owned directory owner/permissions. + + find $queue_directory/. $queue_directory/pid \ + -prune ! -user root \ + -exec $WARN not owned by root: {} \; + + find $queue_directory/. $queue_directory/pid \ + -prune \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + # Check Postfix root-owned directory tree owner/permissions. + + todo="$config_directory/." + test -n "$check_shared_files" && { + todo="$daemon_directory/. $meta_directory/. $todo" + test "$shlib_directory" = "no" || + todo="$shlib_directory/. $todo" + } + todo=`echo "$todo" | tr ' ' '\12' | sort -u` + + find $todo ! -user root \ + -exec $WARN not owned by root: {} \; + + # Handle symlinks separately + find -L $todo \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + find $todo -type l | while read f; do \ + readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \ + done; \ + + # Check Postfix mail_owner-owned directory tree owner/permissions. + + find $data_directory/. ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: {} \; + + find $data_directory/. \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + # Check Postfix mail_owner-owned directory tree owner. + + find `ls -d $queue_directory/* | \ + egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \ + ! \( -type p -o -type s \) ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: {} \; + + # WARNING: this should not descend into the maildrop directory. + # maildrop is the least trusted Postfix directory. + + find $queue_directory/maildrop -prune ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \; + + # Check Postfix setgid_group-owned directory and file group/permissions. + + todo="$queue_directory/public $queue_directory/maildrop" + test -n "$check_shared_files" && + todo="$command_directory/postqueue $command_directory/postdrop $todo" + + find $todo \ + -prune ! -group $setgid_group \ + -exec $WARN not owned by group $setgid_group: {} \; + + test -n "$check_shared_files" && + find $command_directory/postqueue $command_directory/postdrop \ + -prune ! -perm -02111 \ + -exec $WARN not set-gid or not owner+group+world executable: {} \; + + # Check non-Postfix root-owned directory tree owner/content. + + for dir in bin etc lib sbin usr + do + test -d $dir && { + find $dir ! -user root \ + -exec $WARN not owned by root: $queue_directory/{} \; + + find $dir -type f -print | while read path + do + test -f /$path && { + cmp -s $path /$path || + $WARN $queue_directory/$path and /$path differ + } + done + } + done + + find corrupt -type f -exec $WARN damaged message: {} \; + + # Check for non-Postfix MTA remnants. + + test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \ + -f /usr/lib/sendmail && { + cmp -s /usr/sbin/sendmail /usr/lib/sendmail || { + $WARN /usr/lib/sendmail and /usr/sbin/sendmail differ + $WARN Replace one by a symbolic link to the other + } + } + exit 0 + ;; + +set-permissions|upgrade-configuration) + $daemon_directory/post-install create-missing "$@" + ;; + +post-install) + # Currently not part of the public interface. + shift + $daemon_directory/post-install "$@" + ;; + +tls) + shift + $daemon_directory/postfix-tls-script "$@" + ;; + +/*) + # Currently not part of the public interface. + "$@" + ;; + +*) + $FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration)" + exit 1 + ;; + +esac diff --git a/etc-relay/postfix/relay_clientcerts b/etc-relay/postfix/relay_clientcerts new file mode 100644 index 0000000..a49279d --- /dev/null +++ b/etc-relay/postfix/relay_clientcerts @@ -0,0 +1,2 @@ +3d:af:48:78:52:a0:12:8b:e7:d7:96:31:3e:1a:5b:af nuc0.fritz.box + diff --git a/etc-relay/postfix/relay_clientcerts.db b/etc-relay/postfix/relay_clientcerts.db new file mode 100644 index 0000000000000000000000000000000000000000..531ded488afb7327b5c28e5c47edd6754e0c600f GIT binary patch literal 12288 zcmeI&Jqp4w6u|M<3Pp!v7q21Ks;%z=-a=^oKphlBQ9OZ*v!h4x2;%HzObiZoa?<4= z$ZL2B5Axf>tB8narX6`BkeXdYW>)P&#CM;Mxbp+4nEl1$ay$>*maXxwV>6zqaX-z5 z<-9vhL;wK<5I_I{1Q0*~0R#|00D)f%l;7ySTLxM}KmY**5I_I{1Q0*~0R#|0 z;Qs>Nayx1@r|bFV&@5Ja@shFTQ|)A$X4-9Q-qN_OS)r3u$Eo&vn#7t+G|shKn3Jy? v*!O>_&mT$XE?3IGlHc_I?LP$c|D7Qb0R#|0009ILKmY**5I_Kde+xVT%uFEJ literal 0 HcmV?d00001 diff --git a/etc-relay/postfix/transport b/etc-relay/postfix/transport new file mode 100644 index 0000000..6f45f2b --- /dev/null +++ b/etc-relay/postfix/transport @@ -0,0 +1,2 @@ +baloghs.de smtp:[baloghs.de]:25 +zntrl.de smtp:[baloghs.de]:8025 diff --git a/etc-relay/postfix/transport.db b/etc-relay/postfix/transport.db new file mode 100644 index 0000000000000000000000000000000000000000..5e6548c5c416eb8e4a085f952cf1afbe184ce679 GIT binary patch literal 12288 zcmeI&I|{-;5P;!Hlwb;38xLV45)dS{w-AMhV#Gwnr1B2l$V&)zf~OE{-7$!dGzymg z!fqxrn<>6_A|m40tt)DJ;%m^byQYDNTRh&*h3`ql)`R}Fb($9??eXZN8Q1nW?Bda9 zzPQba00IagfB*srAb=zbbnp z^@};1qp?wGeKY^pe+ZcWm*_|!fB*srAbukYYihw$hKqJ9rDP;3=HkJ%CqmGih)zE>7z3 z4w?ZrZ$-_oU9cChy); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + + +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/etc-zntrl/apache2/cipher.conf b/etc-zntrl/apache2/cipher.conf new file mode 100644 index 0000000..595948d --- /dev/null +++ b/etc-zntrl/apache2/cipher.conf @@ -0,0 +1,21 @@ +SSLEngine on +SSLCACertificatePath /etc/ssl/certs + +# intermediate configuration +SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384@SECLEVEL=0 +SSLHonorCipherOrder off +SSLSessionTickets off + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 +# MSIE 7 and newer should be able to use keepalive +BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown diff --git a/etc-zntrl/apache2/conf-available/charset.conf b/etc-zntrl/apache2/conf-available/charset.conf new file mode 100644 index 0000000..8b0f415 --- /dev/null +++ b/etc-zntrl/apache2/conf-available/charset.conf @@ -0,0 +1,8 @@ +# Read the documentation before enabling AddDefaultCharset. +# In general, it is only a good idea if you know that all your files +# have this encoding. It will override any encoding given in the files +# in meta http-equiv or xml encoding tags. + +#AddDefaultCharset UTF-8 + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/etc-zntrl/apache2/conf-available/localized-error-pages.conf b/etc-zntrl/apache2/conf-available/localized-error-pages.conf new file mode 100644 index 0000000..f188d80 --- /dev/null +++ b/etc-zntrl/apache2/conf-available/localized-error-pages.conf @@ -0,0 +1,81 @@ +# Customizable error responses come in three flavors: +# 1) plain text +# 2) local redirects +# 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +#Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. If you include the Alias in the global server +# context, is has to come _before_ the 'Alias /error/ ...' line. +# +# The default include files will display your Apache version number and your +# ServerAdmin email address regardless of the setting of ServerSignature. +# +# WARNING: The configuration below will NOT work out of the box if you have a +# SetHandler directive in a context somewhere. Adding +# the following three lines AFTER the context should +# make it work in most cases: +# +# SetHandler none +# +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 37 lines. + +# +# +# +# +# Alias /error/ "/usr/share/apache2/error/" +# +# +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it nl sv pt-br ro +# ForceLanguagePriority Prefer Fallback +# +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +# +# +# + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/etc-zntrl/apache2/conf-available/other-vhosts-access-log.conf b/etc-zntrl/apache2/conf-available/other-vhosts-access-log.conf new file mode 100644 index 0000000..5e9f5e9 --- /dev/null +++ b/etc-zntrl/apache2/conf-available/other-vhosts-access-log.conf @@ -0,0 +1,4 @@ +# Define an access log for VirtualHosts that don't define their own logfile +CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/etc-zntrl/apache2/conf-available/php7.4-fpm.conf b/etc-zntrl/apache2/conf-available/php7.4-fpm.conf new file mode 100644 index 0000000..5e3d28f --- /dev/null +++ b/etc-zntrl/apache2/conf-available/php7.4-fpm.conf @@ -0,0 +1,23 @@ +# Redirect to local php-fpm if mod_php is not available + + + # Enable http authorization headers + + SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 + + + + SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost" + + + # Deny access to raw php sources by default + # To re-enable it's recommended to enable access to the files + # only in specific virtual host or directory + Require all denied + + # Deny access to files without filename (e.g. '.php') + + Require all denied + + + diff --git a/etc-zntrl/apache2/conf-available/security.conf b/etc-zntrl/apache2/conf-available/security.conf new file mode 100644 index 0000000..f9f69d4 --- /dev/null +++ b/etc-zntrl/apache2/conf-available/security.conf @@ -0,0 +1,73 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. +# +# +# AllowOverride None +# Require all denied +# + + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +#ServerTokens Minimal +ServerTokens OS +#ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +#ServerSignature Off +ServerSignature On + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +TraceEnable Off +#TraceEnable On + +# +# Forbid access to version control directories +# +# If you use version control systems in your document root, you should +# probably deny access to their directories. For example, for subversion: +# +# +# Require all denied +# + +# +# Setting this header will prevent MSIE from interpreting files as something +# else than declared by the content type in the HTTP headers. +# Requires mod_headers to be enabled. +# +#Header set X-Content-Type-Options: "nosniff" + +# +# Setting this header will prevent other sites from embedding pages from this +# site as frames. This defends against clickjacking attacks. +# Requires mod_headers to be enabled. +# +#Header set X-Frame-Options: "sameorigin" + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/etc-zntrl/apache2/conf-available/serve-cgi-bin.conf b/etc-zntrl/apache2/conf-available/serve-cgi-bin.conf new file mode 100644 index 0000000..b02782d --- /dev/null +++ b/etc-zntrl/apache2/conf-available/serve-cgi-bin.conf @@ -0,0 +1,20 @@ + + + Define ENABLE_USR_LIB_CGI_BIN + + + + Define ENABLE_USR_LIB_CGI_BIN + + + + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Require all granted + + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/etc-zntrl/apache2/conf-available/z-push-autodiscover.conf b/etc-zntrl/apache2/conf-available/z-push-autodiscover.conf new file mode 100644 index 0000000..c472432 --- /dev/null +++ b/etc-zntrl/apache2/conf-available/z-push-autodiscover.conf @@ -0,0 +1,6 @@ +# Z-Push AutoDiscover - ActiveSync over-the-air - default Apache configuration + + Alias /AutoDiscover/AutoDiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php" + Alias /Autodiscover/Autodiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php" + Alias /autodiscover/autodiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php" + diff --git a/etc-zntrl/apache2/conf-available/z-push.conf b/etc-zntrl/apache2/conf-available/z-push.conf new file mode 100644 index 0000000..e16660d --- /dev/null +++ b/etc-zntrl/apache2/conf-available/z-push.conf @@ -0,0 +1,23 @@ +# Z-Push - ActiveSync over-the-air - default Apache configuration + + Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php + + + + # Don't list a directory index, follow symlinks (maybe state dir is somewhere linked) + DirectoryIndex index.php + Options -Indexes +FollowSymLinks + + # Security + # Don't allow .htaccess Overrides, disallow access to files + AllowOverride none + + Require all granted + + + + + Require all denied + + + diff --git a/etc-zntrl/apache2/conf-enabled/charset.conf b/etc-zntrl/apache2/conf-enabled/charset.conf new file mode 120000 index 0000000..4a6ca08 --- /dev/null +++ b/etc-zntrl/apache2/conf-enabled/charset.conf @@ -0,0 +1 @@ +../conf-available/charset.conf \ No newline at end of file diff --git a/etc-zntrl/apache2/conf-enabled/localized-error-pages.conf b/etc-zntrl/apache2/conf-enabled/localized-error-pages.conf new file mode 120000 index 0000000..6e5ddaf --- /dev/null +++ b/etc-zntrl/apache2/conf-enabled/localized-error-pages.conf @@ -0,0 +1 @@ +../conf-available/localized-error-pages.conf \ No newline at end of file diff --git a/etc-zntrl/apache2/conf-enabled/other-vhosts-access-log.conf b/etc-zntrl/apache2/conf-enabled/other-vhosts-access-log.conf new file mode 120000 index 0000000..8af91e5 --- /dev/null +++ b/etc-zntrl/apache2/conf-enabled/other-vhosts-access-log.conf @@ -0,0 +1 @@ +../conf-available/other-vhosts-access-log.conf \ No newline at end of file diff --git a/etc-zntrl/apache2/conf-enabled/security.conf b/etc-zntrl/apache2/conf-enabled/security.conf new file mode 120000 index 0000000..036c97f --- /dev/null +++ b/etc-zntrl/apache2/conf-enabled/security.conf @@ -0,0 +1 @@ +../conf-available/security.conf \ No newline at end of file diff --git a/etc-zntrl/apache2/conf-enabled/serve-cgi-bin.conf b/etc-zntrl/apache2/conf-enabled/serve-cgi-bin.conf new file mode 120000 index 0000000..d917f68 --- /dev/null +++ b/etc-zntrl/apache2/conf-enabled/serve-cgi-bin.conf @@ -0,0 +1 @@ +../conf-available/serve-cgi-bin.conf \ No newline at end of file diff --git a/etc-zntrl/apache2/envvars b/etc-zntrl/apache2/envvars new file mode 100644 index 0000000..708d170 --- /dev/null +++ b/etc-zntrl/apache2/envvars @@ -0,0 +1,47 @@ +# envvars - default environment variables for apache2ctl + +# this won't be correct after changing uid +unset HOME + +# for supporting multiple apache2 instances +if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then + SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}" +else + SUFFIX= +fi + +# Since there is no sane way to get the parsed apache2 config in scripts, some +# settings are defined via environment variables and then used in apache2ctl, +# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. +export APACHE_RUN_USER=www-data +export APACHE_RUN_GROUP=www-data +# temporary state file location. This might be changed to /run in Wheezy+1 +export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid +export APACHE_RUN_DIR=/var/run/apache2$SUFFIX +export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX +# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. +export APACHE_LOG_DIR=/var/log/apache2$SUFFIX + +## The locale used by some modules like mod_dav +export LANG=C +## Uncomment the following line to use the system default locale instead: +#. /etc/default/locale + +export LANG + +## The command to get the status for 'apache2ctl status'. +## Some packages providing 'www-browser' need '--dump' instead of '-dump'. +#export APACHE_LYNX='www-browser -dump' + +## If you need a higher file descriptor limit, uncomment and adjust the +## following line (default is 8192): +#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536' + +## If you would like to pass arguments to the web server, add them below +## to the APACHE_ARGUMENTS environment. +#export APACHE_ARGUMENTS='' + +## Enable the debug mode for maintainer scripts. +## This will produce a verbose output on package installations of web server modules and web application +## installations which interact with Apache +#export APACHE2_MAINTSCRIPT_DEBUG=1 diff --git a/etc-zntrl/apache2/magic b/etc-zntrl/apache2/magic new file mode 100644 index 0000000..cdf9ac5 --- /dev/null +++ b/etc-zntrl/apache2/magic @@ -0,0 +1,935 @@ +# Magic data for mod_mime_magic (originally for file(1) command) +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +# Real Audio (Magic .ra\0375) +0 belong 0x2e7261fd audio/x-pn-realaudio +0 string .RMF application/vnd.rn-realmedia + +#video/x-pn-realvideo +#video/vnd.rn-realvideo +#application/vnd.rn-realmedia +# sigh, there are many mimes for that but the above are the most common. + +# Taken from magic, converted to magic.mime +# mime types according to http://www.geocities.com/nevilo/mod.htm: +# audio/it .it +# audio/x-zipped-it .itz +# audio/xm fasttracker modules +# audio/x-s3m screamtracker modules +# audio/s3m screamtracker modules +# audio/x-zipped-mod mdz +# audio/mod mod +# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z) + +# Taken from loader code from mikmod version 2.14 +# by Steve McIntyre (stevem@chiark.greenend.org.uk) +# added title printing on 2003-06-24 +0 string MAS_UTrack_V00 +>14 string >/0 audio/x-mod +#audio/x-tracker-module + +#0 string UN05 MikMod UNI format module sound data + +0 string Extended\ Module: audio/x-mod +#audio/x-tracker-module +##>17 string >\0 Title: "%s" + +21 string/c \!SCREAM! audio/x-mod +#audio/x-screamtracker-module +21 string BMOD2STM audio/x-mod +#audio/x-screamtracker-module +1080 string M.K. audio/x-mod +#audio/x-protracker-module +#>0 string >\0 Title: "%s" +1080 string M!K! audio/x-mod +#audio/x-protracker-module +#>0 string >\0 Title: "%s" +1080 string FLT4 audio/x-mod +#audio/x-startracker-module +#>0 string >\0 Title: "%s" +1080 string FLT8 audio/x-mod +#audio/x-startracker-module +#>0 string >\0 Title: "%s" +1080 string 4CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string 6CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string 8CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string CD81 audio/x-mod +#audio/x-oktalyzer-tracker-module +#>0 string >\0 Title: "%s" +1080 string OKTA audio/x-mod +#audio/x-oktalyzer-tracker-module +#>0 string >\0 Title: "%s" +# Not good enough. +#1082 string CH +#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data +1080 string 16CN audio/x-mod +#audio/x-taketracker-module +#>0 string >\0 Title: "%s" +1080 string 32CN audio/x-mod +#audio/x-taketracker-module +#>0 string >\0 Title: "%s" + +# Impuse tracker module (it) +0 string IMPM audio/x-mod +#>4 string >\0 "%s" +#>40 leshort !0 compatible w/ITv%x +#>42 leshort !0 created w/ITv%x + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +# xml based formats! + +# svg + +0 string \38 string \<\!DOCTYPE\040svg image/svg+xml + + +# xml +0 string \2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + + + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF +# - WAVE format +>8 string WAVE audio/x-wav +>8 string/B AVI video/x-msvideo +# +>8 string CDRA image/x-coreldraw + +# AAC (aka MPEG-2 NBC) +0 beshort&0xfff6 0xfff0 audio/X-HX-AAC-ADTS +0 string ADIF audio/X-HX-AAC-ADIF +0 beshort&0xffe0 0x56e0 audio/MP4A-LATM +0 beshort 0x4De1 audio/MP4A-LATM + +# MPEG Layer 3 sound files +0 beshort&0xfffe =0xfffa audio/mpeg +#MP3 with ID3 tag +0 string ID3 audio/mpeg +# Ogg/Vorbis +0 string OggS application/ogg + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xpmi 7bit + +# 3DS (3d Studio files) +#16 beshort 0x3d3d image/x-3ds + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +#0 string /* text/x-c +# C++ program text +#0 string // text/x-c++ + +#------------------------------------------------------------------------------ +# commands: file(1) magic for various shells and interpreters +# +#0 string :\ shell archive or commands for antique kernel text +0 string #!/bin/sh application/x-shellscript +0 string #!\ /bin/sh application/x-shellscript +0 string #!/bin/csh application/x-shellscript +0 string #!\ /bin/csh application/x-shellscript +# korn shell magic, sent by George Wu, gwu@clyde.att.com +0 string #!/bin/ksh application/x-shellscript +0 string #!\ /bin/ksh application/x-shellscript +0 string #!/bin/tcsh application/x-shellscript +0 string #!\ /bin/tcsh application/x-shellscript +0 string #!/usr/local/tcsh application/x-shellscript +0 string #!\ /usr/local/tcsh application/x-shellscript +0 string #!/usr/local/bin/tcsh application/x-shellscript +0 string #!\ /usr/local/bin/tcsh application/x-shellscript +# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de) +0 string #!/bin/bash application/x-shellscript +0 string #!\ /bin/bash application/x-shellscript +0 string #!/usr/local/bin/bash application/x-shellscript +0 string #!\ /usr/local/bin/bash application/x-shellscript + +# +# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson) +0 string #!/bin/zsh application/x-shellscript +0 string #!/usr/bin/zsh application/x-shellscript +0 string #!/usr/local/bin/zsh application/x-shellscript +0 string #!\ /usr/local/bin/zsh application/x-shellscript +0 string #!/usr/local/bin/ash application/x-shellscript +0 string #!\ /usr/local/bin/ash application/x-shellscript +#0 string #!/usr/local/bin/ae Neil Brown's ae +#0 string #!\ /usr/local/bin/ae Neil Brown's ae +0 string #!/bin/nawk application/x-nawk +0 string #!\ /bin/nawk application/x-nawk +0 string #!/usr/bin/nawk application/x-nawk +0 string #!\ /usr/bin/nawk application/x-nawk +0 string #!/usr/local/bin/nawk application/x-nawk +0 string #!\ /usr/local/bin/nawk application/x-nawk +0 string #!/bin/gawk application/x-gawk +0 string #!\ /bin/gawk application/x-gawk +0 string #!/usr/bin/gawk application/x-gawk +0 string #!\ /usr/bin/gawk application/x-gawk +0 string #!/usr/local/bin/gawk application/x-gawk +0 string #!\ /usr/local/bin/gawk application/x-gawk +# +0 string #!/bin/awk application/x-awk +0 string #!\ /bin/awk application/x-awk +0 string #!/usr/bin/awk application/x-awk +0 string #!\ /usr/bin/awk application/x-awk +# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de +#0 regex BEGIN[[:space:]]*[{] application/x-awk + +# For Larry Wall's perl language. The ``eval'' line recognizes an +# outrageously clever hack for USG systems. +# Keith Waclena +0 string #!/bin/perl application/x-perl +0 string #!\ /bin/perl application/x-perl +0 string eval\ "exec\ /bin/perl application/x-perl +0 string #!/usr/bin/perl application/x-perl +0 string #!\ /usr/bin/perl application/x-perl +0 string eval\ "exec\ /usr/bin/perl application/x-perl +0 string #!/usr/local/bin/perl application/x-perl +0 string #!\ /usr/local/bin/perl application/x-perl +0 string eval\ "exec\ /usr/local/bin/perl application/x-perl + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +#0 string \037\235 application/x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +#0 string \037\213 application/x-gzip + +0 string PK\003\004 application/x-zip + +# RAR archiver (Greg Roelofs, newt@uchicago.edu) +0 string Rar! application/x-rar + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +257 string ustar\0 application/x-tar posix +257 string ustar\040\040\0 application/x-tar gnu + +0 short 070707 application/x-cpio +0 short 0143561 application/x-cpio swapped + +0 string = application/x-archive +0 string \! application/x-archive +>8 string debian application/x-debian-package + +#------------------------------------------------------------------------------ +# +# RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com) +# +0 beshort 0xedab +>2 beshort 0xeedb application/x-rpm + +0 lelong&0x8080ffff 0x0000081a application/x-arc lzw +0 lelong&0x8080ffff 0x0000091a application/x-arc squashed +0 lelong&0x8080ffff 0x0000021a application/x-arc uncompressed +0 lelong&0x8080ffff 0x0000031a application/x-arc packed +0 lelong&0x8080ffff 0x0000041a application/x-arc squeezed +0 lelong&0x8080ffff 0x0000061a application/x-arc crunched + +0 leshort 0xea60 application/x-arj + +# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu) +2 string -lh0- application/x-lharc lh0 +2 string -lh1- application/x-lharc lh1 +2 string -lz4- application/x-lharc lz4 +2 string -lz5- application/x-lharc lz5 +# [never seen any but the last; -lh4- reported in comp.compression:] +2 string -lzs- application/x-lha lzs +2 string -lh\ - application/x-lha lh +2 string -lhd- application/x-lha lhd +2 string -lh2- application/x-lha lh2 +2 string -lh3- application/x-lha lh3 +2 string -lh4- application/x-lha lh4 +2 string -lh5- application/x-lha lh5 +2 string -lh6- application/x-lha lh6 +2 string -lh7- application/x-lha lh7 +# Shell archives +10 string #\ This\ is\ a\ shell\ archive application/octet-stream x-shell + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# +0 string/cB \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +# CDROM Filesystems +32769 string CD001 application/x-iso9660 + +# Newer StuffIt archives (grant@netbsd.org) +0 string StuffIt application/x-stuffit +#>162 string >0 : %s + +# BinHex is the Macintosh ASCII-encoded file format (see also "apple") +# Daniel Quinlan, quinlan@yggdrasil.com +11 string must\ be\ converted\ with\ BinHex\ 4 application/mac-binhex40 +##>41 string x \b, version %.3s + + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Received: message/rfc822 +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \320\317\021\340\241\261 application/msword +0 string \333\245-\0\0\0 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +2 string \000\021 application/x-tex-tfm +2 string \000\022 application/x-tex-tfm +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string \\input\ texinfo text/x-texinfo +0 string This\ is\ Info\ file text/x-info + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf text/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +# MPEG sequences +0 belong 0x000001BA +>4 byte &0x40 video/mp2p +>4 byte ^0x40 video/mpeg +0 belong 0x000001BB video/mpeg +0 belong 0x000001B0 video/mp4v-es +0 belong 0x000001B5 video/mp4v-es +0 belong 0x000001B3 video/mpv +0 belong&0xFF5FFF1F 0x47400010 video/mp2t +0 belong 0x00000001 +>4 byte&0x1F 0x07 video/h264 + +# FLI animation format +0 leshort 0xAF11 video/fli +# FLC animation format +0 leshort 0xAF12 video/flc +# +# SGI and Apple formats +# Added ISO mimes +0 string MOVI video/sgi +4 string moov video/quicktime +4 string mdat video/quicktime +4 string wide video/quicktime +4 string skip video/quicktime +4 string free video/quicktime +4 string idsc image/x-quicktime +4 string idat image/x-quicktime +4 string pckg application/x-quicktime +4 string/B jP image/jp2 +4 string ftyp +>8 string isom video/mp4 +>8 string mp41 video/mp4 +>8 string mp42 video/mp4 +>8 string/B jp2 image/jp2 +>8 string 3gp video/3gpp +>8 string avc1 video/3gpp +>8 string mmp4 video/mp4 +>8 string/B M4A audio/mp4 +>8 string/B qt video/quicktime +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# +# Databases +# +# GDBM magic numbers +# Will be maintained as part of the GDBM distribution in the future. +# +0 belong 0x13579ace application/x-gdbm +0 lelong 0x13579ace application/x-gdbm +0 string GDBM application/x-gdbm +# +0 belong 0x061561 application/x-dbm +# +# Executables +# +0 string \177ELF +>16 leshort 0 application/octet-stream +>16 leshort 1 application/x-object +>16 leshort 2 application/x-executable +>16 leshort 3 application/x-sharedlib +>16 leshort 4 application/x-coredump +>16 beshort 0 application/octet-stream +>16 beshort 1 application/x-object +>16 beshort 2 application/x-executable +>16 beshort 3 application/x-sharedlib +>16 beshort 4 application/x-coredump +# +# DOS +0 string MZ application/x-dosexec +# +# KDE +0 string [KDE\ Desktop\ Entry] application/x-kdelnk +0 string \#\ KDE\ Config\ File application/x-kdelnk +# xmcd database file for kscd +0 string \#\ xmcd text/xmcd + +#------------------------------------------------------------------------------ +# pkgadd: file(1) magic for SysV R4 PKG Datastreams +# +0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package + +#PNG Image Format +0 string \x89PNG image/png + +# MNG Video Format, +0 string \x8aMNG video/x-mng +0 string \x8aJNG video/x-jng + +#------------------------------------------------------------------------------ +# Hierarchical Data Format, used to facilitate scientific data exchange +# specifications at http://hdf.ncsa.uiuc.edu/ +#Hierarchical Data Format (version 4) data +0 belong 0x0e031301 application/x-hdf +#Hierarchical Data Format (version 5) data +0 string \211HDF\r\n\032 application/x-hdf + +# Adobe Photoshop +0 string 8BPS image/x-photoshop + +# Felix von Leitner +0 string d8:announce application/x-bittorrent + + +# lotus 1-2-3 document +0 belong 0x00001a00 application/x-123 +0 belong 0x00000200 application/x-123 + +# MS Access database +4 string Standard\ Jet\ DB application/msaccess + +## magic for XBase files +#0 byte 0x02 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x03 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x04 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x05 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x30 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x43 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x7b +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x83 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x8b +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x8e +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0xb3 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0xf5 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 leshort 0x0006 application/x-dbt + +# Debian has entries for the old PGP formats: +# pgp: file(1) magic for Pretty Good Privacy +# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html +#text/PGP key public ring +0 beshort 0x9900 application/pgp +#text/PGP key security ring +0 beshort 0x9501 application/pgp +#text/PGP key security ring +0 beshort 0x9500 application/pgp +#text/PGP encrypted data +0 beshort 0xa600 application/pgp-encrypted +#text/PGP armored data +##public key block +2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- application/pgp-keys +0 string -----BEGIN\040PGP\40MESSAGE- application/pgp +0 string -----BEGIN\040PGP\40SIGNATURE- application/pgp-signature +# +# GnuPG Magic: +# +# +#text/GnuPG key public ring +0 beshort 0x9901 application/pgp +#text/OpenPGP data +0 beshort 0x8501 application/pgp-encrypted + +# flash: file(1) magic for Macromedia Flash file format +# +# See +# +# http://www.macromedia.com/software/flash/open/ +# +0 string FWS +>3 byte x application/x-shockwave-flash + +# The following paramaters are created for Namazu. +# +# +# 1999/08/13 +#0 string \