andreas/kopano-docker
1
0
Fork 0
Code Issues 8 Pull Requests Packages Projects 1 Releases Wiki Activity

added etc directories

Browse Source
This commit is contained in:
andreas
2023-02-16 20:42:47 +00:00
parent 49f6dcc3fb
commit ce43d3e9e9
329 changed files with 12642 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
etc-zntrl/kopano/admin.cfg Normal file
View File

@@ -0,0 +1,7 @@
# The language for folders in newly-created stores, specified as a
# locale identifier ("en_US", "de_DE", etc.)
#default_store_locale =
#server_socket = default:
#sslkey_file = some.pem
#sslkey_pass = magic

7
etc-zntrl/kopano/admin.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,7 @@
# The language for folders in newly-created stores, specified as a
# locale identifier ("en_US", "de_DE", etc.)
#default_store_locale =
#server_socket = default:
#sslkey_file = some.pem
#sslkey_pass = magic

22
etc-zntrl/kopano/autorespond.cfg Normal file
View File

@@ -0,0 +1,22 @@
##############################################################
# AUTORESPOND SETTINGS
# Autorespond if the recipient is in the Cc field
#autorespond_cc = no
# Autorespond if the recipient is in the Bcc field
#autorespond_bcc = no
# Autorespond if the recipient is not in any of To, Cc or Bcc
# (i.e. received the message through a distribution list)
#autorespond_norecip = no
# Only send reply to same e-mail address once per 24 hours
#timelimit = 86400
# File which contains when vacation message was sent
#senddb = /var/lib/kopano/autorespond.db
# Copy to sentmail - whether responses should be saved in the
# users sentmail folder or not
#copy_to_sentmail = yes

22
etc-zntrl/kopano/autorespond.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,22 @@
##############################################################
# AUTORESPOND SETTINGS
# Autorespond if the recipient is in the Cc field
#autorespond_cc = no
# Autorespond if the recipient is in the Bcc field
#autorespond_bcc = no
# Autorespond if the recipient is not in any of To, Cc or Bcc
# (i.e. received the message through a distribution list)
#autorespond_norecip = no
# Only send reply to same e-mail address once per 24 hours
#timelimit = 86400
# File which contains when vacation message was sent
#senddb = /var/lib/kopano/autorespond.db
# Copy to sentmail - whether responses should be saved in the
# users sentmail folder or not
#copy_to_sentmail = yes

31
etc-zntrl/kopano/backup.cfg Normal file
View File

@@ -0,0 +1,31 @@
##############################################################
# SERVER SETTINGS
# Socket to find the connection to the storage server.
# Use https to reach servers over the network
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/search.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
##############################################################
# LOG SETTINGS
# Logging method (syslog, file)
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Logfile for log_method = file, use '-' for stderr
# Default: -
#log_file = /var/log/kopano/backup.log
##############################################################
# BACKUP SETTINGS
# maximum number of stores to backup in parallel
#worker_processes = 1

31
etc-zntrl/kopano/backup.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,31 @@
##############################################################
# SERVER SETTINGS
# Socket to find the connection to the storage server.
# Use https to reach servers over the network
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/search.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
##############################################################
# LOG SETTINGS
# Logging method (syslog, file)
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Logfile for log_method = file, use '-' for stderr
# Default: -
#log_file = /var/log/kopano/backup.log
##############################################################
# BACKUP SETTINGS
# maximum number of stores to backup in parallel
#worker_processes = 1

92
etc-zntrl/kopano/dagent.cfg Normal file
View File

@@ -0,0 +1,92 @@
# See the kopano-dagent.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for LMTP connections.
#
# "unix:/var/spool/kopano/dagent.sock" — local socket
# "*:236" — port 2003, all protocols
# "[::]:236" — port 2003 on IPv6 only
# "[2001:db8::1]:236" — port 2003 on specific address only
#
#lmtp_listen = *%lo:2003
lmtp_listen = unix:/var/spool/kopano/dagent.sock
# connection to the storage server
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/dagent.pem
# The password of the SSL Key
#sslkey_pass = replace-with-dagent-cert-password
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_file = /var/log/kopano/dagent.log
log_timestamp = yes
# Log raw message to a file. Can be "no", "all", or a list of usernames
# for which messages should be saved.
#log_raw_message = no
#log_raw_message_path = /var/lib/kopano
# Maximum LMTP threads that can be running simultaneously
# This is also limited by your SMTP server. (20 is the postfix default concurrency limit)
#lmtp_max_threads = 20
# The following e-mail header will mark the mail as spam, so the mail
# is placed in the Junk Mail folder, and not the Inbox.
# The name is case insensitive.
# set to empty to not use this detection scheme.
#spam_header_name = X-Spam-Status
# If the above header is found, and contains the following value
# the mail will be considered as spam.
# Notes:
# - The value is case insensitive.
# - Leading and trailing spaces are stripped.
# - The word 'bayes' also contains the word 'yes'.
#spam_header_value = Yes,
# Enable archive_on_delivery to automatically archive all incoming
# messages on delivery.
# This will do nothing if no archive is attached to the target mailbox.
#archive_on_delivery = no
# Enable the dagent Python plugin framework. Disables threading.
#plugin_enabled = yes
# Path to the activated dagent plugins.
# This folder contains symlinks to the kopano plugins and custom scripts. The plugins are
# installed in '/usr/share/kopano-dagent/python/plugins/'. To activate a plugin create a symbolic
# link in the 'plugin_path' directory.
#
# Example:
# $ ln -s /usr/share/kopano-dagent/python/plugins/BMP2PNG.py /var/lib/kopano/dagent/plugins/BMP2PNG.py
#plugin_path = /var/lib/kopano/dagent/plugins
##############################################################
# DAGENT RULE SETTINGS
# Enable the addition of X-Kopano-Rule-Action headers on messages
# that have been forwarded or replied by a rule.
#set_rule_headers = yes
# Enable this option to prevent rules from potentially causing a loop. An
# e-mail can only be forwarded once when this option is enabled. Requires the
# set_rule_headers option to also be enabled.
#no_double_forward = yes
# Domain list to which forwarding is allowed. (Cuts off after 1000 characters,
# and knows no escape chars, so use the _file variants if needed.)
#forward_whitelist_domains = *
#forward_whitelist_domains_file =
#forward_whitelist_domain_subject = REJECT: %subject not forwarded (administratively blocked)
#forward_whitelist_domain_message = The Kopano mail system has rejected your request to forward your e-mail with subject %subject (via mail filters) to %sender: the operation is not permitted.\n\nRemove the rule or contact your administrator about the forward_whitelist_domains setting.
#forward_whitelist_domain_message_file =
# When multiple HTML MIME parts are found, they can be joined to form a
# continuous e-mail. (If not, they will become attachments.) Joining them
# however can compromise the document integrity, as stylesheets and JavaScripts
# affect the entire joined document.
#
#insecure_html_join = no

91
etc-zntrl/kopano/dagent.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,91 @@
# See the kopano-dagent.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for LMTP connections.
#
# "unix:/var/spool/kopano/dagent.sock" — local socket
# "*:236" — port 2003, all protocols
# "[::]:236" — port 2003 on IPv6 only
# "[2001:db8::1]:236" — port 2003 on specific address only
#
#lmtp_listen = *%lo:2003
# connection to the storage server
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/dagent.pem
# The password of the SSL Key
#sslkey_pass = replace-with-dagent-cert-password
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = -
#log_timestamp = yes
# Log raw message to a file. Can be "no", "all", or a list of usernames
# for which messages should be saved.
#log_raw_message = no
#log_raw_message_path = /var/lib/kopano
# Maximum LMTP threads that can be running simultaneously
# This is also limited by your SMTP server. (20 is the postfix default concurrency limit)
#lmtp_max_threads = 20
# The following e-mail header will mark the mail as spam, so the mail
# is placed in the Junk Mail folder, and not the Inbox.
# The name is case insensitive.
# set to empty to not use this detection scheme.
#spam_header_name = X-Spam-Status
# If the above header is found, and contains the following value
# the mail will be considered as spam.
# Notes:
# - The value is case insensitive.
# - Leading and trailing spaces are stripped.
# - The word 'bayes' also contains the word 'yes'.
#spam_header_value = Yes,
# Enable archive_on_delivery to automatically archive all incoming
# messages on delivery.
# This will do nothing if no archive is attached to the target mailbox.
#archive_on_delivery = no
# Enable the dagent Python plugin framework. Disables threading.
#plugin_enabled = yes
# Path to the activated dagent plugins.
# This folder contains symlinks to the kopano plugins and custom scripts. The plugins are
# installed in '/usr/share/kopano-dagent/python/plugins/'. To activate a plugin create a symbolic
# link in the 'plugin_path' directory.
#
# Example:
# $ ln -s /usr/share/kopano-dagent/python/plugins/BMP2PNG.py /var/lib/kopano/dagent/plugins/BMP2PNG.py
#plugin_path = /var/lib/kopano/dagent/plugins
##############################################################
# DAGENT RULE SETTINGS
# Enable the addition of X-Kopano-Rule-Action headers on messages
# that have been forwarded or replied by a rule.
#set_rule_headers = yes
# Enable this option to prevent rules from potentially causing a loop. An
# e-mail can only be forwarded once when this option is enabled. Requires the
# set_rule_headers option to also be enabled.
#no_double_forward = yes
# Domain list to which forwarding is allowed. (Cuts off after 1000 characters,
# and knows no escape chars, so use the _file variants if needed.)
#forward_whitelist_domains = *
#forward_whitelist_domains_file =
#forward_whitelist_domain_subject = REJECT: %subject not forwarded (administratively blocked)
#forward_whitelist_domain_message = The Kopano mail system has rejected your request to forward your e-mail with subject %subject (via mail filters) to %sender: the operation is not permitted.\n\nRemove the rule or contact your administrator about the forward_whitelist_domains setting.
#forward_whitelist_domain_message_file =
# When multiple HTML MIME parts are found, they can be joined to form a
# continuous e-mail. (If not, they will become attachments.) Joining them
# however can compromise the document integrity, as stylesheets and JavaScripts
# affect the entire joined document.
#
#insecure_html_join = no

47
etc-zntrl/kopano/gateway.cfg Normal file
View File

@@ -0,0 +1,47 @@
# See the kopano-gateway.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
# imaps is normally on 993, pop3s on 995.
#
#pop3_listen = *%lo:110
#pop3s_listen =
#imap_listen = *%lo:143
#imaps_listen =
# File with RSA key for SSL
#ssl_private_key_file = /etc/kopano/gateway/privkey.pem
#File with certificate for SSL
#ssl_certificate_file = /etc/kopano/gateway/cert.pem
# Disable all plaintext authentications unless SSL/TLS is used
#disable_plaintext_auth = no
# Verify client certificate
#ssl_verify_client = no
# Client verify file and/or path
#ssl_verify_file =
#ssl_verify_path =
#tls_min_proto = tls1.2
# Connection to the storage server.
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
#server_socket = http://localhost:236/
# Bypass authentification when connecting as an administrator to the UNIX socket.
#bypass_auth = no
# Whether to show the hostname in the logon greeting to clients.
#server_hostname_greeting = no
# Override own DNS name for presentation in the protocol greeting line.
#server_hostname =
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_file = /var/log/kopano/gateway.log
#log_timestamp = yes
# Only mail folder for IMAP or all subfolders (calendar, contacts, tasks, etc. too)
#imap_only_mailfolders = yes
# Show Public folders for IMAP
#imap_public_folders = yes
# The maximum size of an email that can be uploaded to the gateway
#imap_max_messagesize = 128M

47
etc-zntrl/kopano/gateway.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,47 @@
# See the kopano-gateway.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
# imaps is normally on 993, pop3s on 995.
#
#pop3_listen = *%lo:110
#pop3s_listen =
#imap_listen = *%lo:143
#imaps_listen =
# File with RSA key for SSL
#ssl_private_key_file = /etc/kopano/gateway/privkey.pem
#File with certificate for SSL
#ssl_certificate_file = /etc/kopano/gateway/cert.pem
# Disable all plaintext authentications unless SSL/TLS is used
#disable_plaintext_auth = no
# Verify client certificate
#ssl_verify_client = no
# Client verify file and/or path
#ssl_verify_file =
#ssl_verify_path =
#tls_min_proto = tls1.2
# Connection to the storage server.
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
#server_socket = http://localhost:236/
# Bypass authentification when connecting as an administrator to the UNIX socket.
#bypass_auth = no
# Whether to show the hostname in the logon greeting to clients.
#server_hostname_greeting = no
# Override own DNS name for presentation in the protocol greeting line.
#server_hostname =
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = -
#log_timestamp = yes
# Only mail folder for IMAP or all subfolders (calendar, contacts, tasks, etc. too)
#imap_only_mailfolders = yes
# Show Public folders for IMAP
#imap_public_folders = yes
# The maximum size of an email that can be uploaded to the gateway
#imap_max_messagesize = 128M

38
etc-zntrl/kopano/grapi.cfg Normal file
View File

@@ -0,0 +1,38 @@
##############################################################
# Groupware REST API SETTINGS
# Number of worker processes.
num_workers = 2
# Disable TLS validation for all client request.
# When set to yes, TLS certificate validation is turned off. This is insecure
# and should not be used in production setups.
#insecure = no
# Path where to create the gc-rest sockets.
#socket_path = /var/run/kopano-grapi
# Socket to find the connection to the storage server.
# Use https to reach servers over the network.
#server_socket = file:///var/run/kopano/server.sock
# Path where to store persistent runtime data.
#persistency_path = /var/lib/kopano-grapi
# Path where to find translation catalogs.
#translations_path = /usr/share/kopano-grapi/i18n
# The API includes experimental endpoints which are not yet recommended to run
# in production setups and are thus disabled by default. When set to yes, all
# endpoints marked experimental are made available. Defaults to no.
#enable_experimental_endpoints = yes
###############################################################
# Log settings
# Log level controls the verbosity of the output log. It can be one of
# `critical`, `error`, `warning`, `info` or `debug`. Defaults to `info`.
log_level = info
log_method = file
log_file = /var/log/kopano/server.log

34
etc-zntrl/kopano/ical.cfg Normal file
View File

@@ -0,0 +1,34 @@
# See the kopano-ical.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
# ical has often been placed on 8080 and icals on 8443.
#
#ical_listen = *%lo:8080
#icals_listen =
#tls_min_proto = tls1.2
# File with RSA key for SSL
#ssl_private_key_file = /etc/kopano/ical/privkey.pem
# File with certificate for SSL
#ssl_certificate_file = /etc/kopano/ical/cert.pem
# Verify client certificate
#ssl_verify_client = no
# Client verify file and/or path
#ssl_verify_file =
#ssl_verify_path =
# default connection to the storage server
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
#server_socket = http://localhost:236/
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = /var/log/kopano/ical.log
#log_timestamp = yes
# The timezone of the system clock
#server_timezone = Europe/Amsterdam
# Enable the iCalendar GET method for downloading calendars
#enable_ical_get = yes

34
etc-zntrl/kopano/ical.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,34 @@
# See the kopano-ical.cfg(5) manpage for details and more directives.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
# ical has often been placed on 8080 and icals on 8443.
#
#ical_listen = *%lo:8080
#icals_listen =
#tls_min_proto = tls1.2
# File with RSA key for SSL
#ssl_private_key_file = /etc/kopano/ical/privkey.pem
# File with certificate for SSL
#ssl_certificate_file = /etc/kopano/ical/cert.pem
# Verify client certificate
#ssl_verify_client = no
# Client verify file and/or path
#ssl_verify_file =
#ssl_verify_path =
# default connection to the storage server
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
#server_socket = http://localhost:236/
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = /var/log/kopano/ical.log
#log_timestamp = yes
# The timezone of the system clock
#server_timezone = Europe/Amsterdam
# Enable the iCalendar GET method for downloading calendars
#enable_ical_get = yes

1
etc-zntrl/kopano/kapid-pubs-secret.key Normal file
View File

@@ -0,0 +1 @@
3be77a9c8294eb60dadf05399576a9048582bb77f8fc86af40660f931d743b65

66
etc-zntrl/kopano/kapid.cfg Normal file
View File

@@ -0,0 +1,66 @@
##############################################################
# Kopano API SETTINGS
# OpenID Connect Issuer Identifier.
#oidc_issuer_identifier=
# Address:port specifier for where kapid should listen for
# incoming connections.
#listen = 127.0.0.1:8039
# Disable TLS validation for all client request.
# When set to yes, TLS certificate validation is turned off. This is insecure
# and should not be used in production setups.
#insecure = no
# Comman separated list of plugin names which should be loaded.
# If this is not set or the value is empty, kapid scans the plugins_path
# on startup and loads all plugins found.
#plugins =
# Path to the location of kapi plugins.
#plugins_path = /usr/lib/kopano/kapi-plugins
###############################################################
# Log settings
# Log level controls the verbosity of the output log. It can be one of
# `panic`, `fatal`, `error`, `warn`, `info` or `debug`. Defaults to `info`.
#log_level = info
###############################################################
# Groupware REST API (grapi) Plugin settings
# Path where to find Kopano Groupware REST (grapi) sockets.
#plugin_grapi_socket_path = /var/run/kopano-grapi
###############################################################
# Pubs API (pubs) Plugin settings
# Path to a key file to be used as secret for Pubs HMAC tokens.
# If no secret_key file is set, a random value will be generated on
# startup (not suitable for production use, since it changes on
# restart). A suitable key file can be generated with
# `openssl rand -out /etc/kopano/kapid-pubs-secret.key -hex 64`.
#plugin_pubs_secret_key = /etc/kopano/kapid-pubs-secret.key
###############################################################
# Key value store API (kvs) Plugin settings
# Database backend to use for persistent storage of kvs data. A supported
# backend must be set (sqlite3, mysql). Defaults to `sqlite3` if not set.
#plugin_kvs_db_drivername = sqlite3
# Database backend data source name. This setting depends on the storage
# backend (plugin_kvs_db_drivername). A DNS is required to use the kvs plugin.
# - For `sqlite3` the value should be the full path to the database file.
# - For `mysql`, us a MySQL DSN in the following format:
# [username[:password]@][protocol[(address)]]/dbname[?param1=value1&...&paramN=valueN]
# See https://github.com/go-sql-driver/mysql#dsn-data-source-name for a
# full list of supported MySQL DSN params with examples.
# If not set and plugin_kvs_db_drivername is also not set a default value will
# be used which uses SQLite3.
#plugin_kvs_db_datasource = /var/lib/kopano/kapi-kvs/kvs.db
# Path where to find the database migration scripts.
#plugin_kvs_db_migrations = /usr/lib/kopano/kapi-kvs/db/migrations

1
etc-zntrl/kopano/konnectd-encryption-secret.key Normal file
View File

@@ -0,0 +1 @@
<EFBFBD>r<EFBFBD><EFBFBD>L<EFBFBD>(<28>k<EFBFBD><6B><10>"u$ԟ+o<>F<1D><02>3

14
etc-zntrl/kopano/konnectd-identifier-scopes.yaml Normal file
View File

@@ -0,0 +1,14 @@
# This file contains additional scopes for Konnect. All of the scopes listed
# here are made available to clients upon request if not limited by other means.
---
scopes:
kopano/kwm:
description: "Access Kopano Meet"
kopano/kvs:
description: "Access Kopano Key Value Store"
kopano/pubs:
description: "Access Kopano Pub/Sub"

1
etc-zntrl/kopano/konnectd-signing-private-key.pem Symbolic link
View File

@@ -0,0 +1 @@
/etc/kopano/konnectkeys/konnect-20210314-0ae1.pem

146
etc-zntrl/kopano/konnectd.cfg Normal file
View File

@@ -0,0 +1,146 @@
##############################################################
# Kopano Konnect SETTINGS
# OpenID Connect Issuer Identifier.
# This setting defines the OpenID Connect Issuer Identifier to be provided by
# this Konnect server. Setting this is mandatory and the setting must be a
# https URL which can be accessed by all applications and users which are to
# use this Konnect for sign-in or validation. Defaults to "https://localhost" to
# allow unconfigured startup.
#oidc_issuer_identifier=https://localhost
# Address:port specifier for where konnectd should listen for
# incoming connections. Defaults to `127.0.0.1:8777`.
#listen = 127.0.0.1:8777
# Disable TLS validation for all client request.
# When set to yes, TLS certificate validation is turned off. This is insecure
# and should not be used in production setups. Defaults to `no`.
#insecure = no
# Identity manager which provides the user backend Konnect should use. This is
# one of `kc` or `ldap`. Defaults to `kc`, which means Konnect will use a
# Kopano Groupware Storage server as backend.
#identity_manager = kc
# Full file path to a PEM encoded PKCS#1 or PKCS#5 private key which is used to
# sign tokens. This file must exist and be valid to be able to start the
# service. A suitable key can be generated with:
# `openssl genpkey -algorithm RSA \
# -out konnectd-signing-private-key.pem.pem \
# -pkeyopt rsa_keygen_bits:4096`
# If this is not set, Konnect will try to load
# /etc/kopano/konnectd-signing-private-key.pem
# and if not found, fall back to a random key on every startup. Not set by
# default. If set, the file must be there.
#signing_private_key = /etc/kopano/konnectd-signing-private-key.pem
# Key ID to use in created JWT. This setting is useful once private keys need
# to be changed because they expire. It should be a unique value identiying
# the signing_private_key. Example: `k20180912-1`. Not set by default, which
# means that Konnect uses the file name of the key file (dereferencing symlinks)
# without extension.
#signing_kid =
# JWT signing method. This must match the private key type as defined in
# signing_private_key and defaults to `PS256`.
#signing_method = PS256
# Full path to a directory containing pem encoded keys for validation. Konnect
# loads all `*.pem` files in that directory and adds the public key parts (if
# found) to the validator for received tokens using the file name without
# extension as key ID.
#validation_keys_path =
# Full file path to a encryption secret key file containing random bytes. This
# file must exist to be able to start the service. A suitable file can be
# generated with:
# `openssl rand -out konnectd-encryption-secret.key 32`
# If this is not set, Konnect will try to load
# /etc/kopano/konnectd-encryption-secret.key
# and if not found, fall back to a random key on every startup. Not set by
# default. If set, the file must be there.
#encryption_secret_key = /etc/kopano/konnectd-encryption-secret.key
# Full file path to the identifier registration configuration file. This file
# must exist to be able to start the service. An example file is shipped with
# the documentation / sources. If not set, Konnect will try to load
# /etc/kopano/konnectd-identifier-registration.yaml
# without failing when the file is not there. If set, the file must be there.
#identifier_registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
# Full file path to the identifier scopes configuration file. An example file is
# shipped with the documentation / sources. If not set, Konnect will try to
# load /etc/kopano/konnectd-identifier-scopes.yaml without failing if the file
# is not there. If set, the file must be there.
#identifier_scopes_conf = /etc/kopano/konnectd-identifier-scopes.yaml
# Path to the location of konnectd web resources. This is a mandatory setting
# since Konnect needs to find its web resources to start.
#web_resources_path = /usr/share/kopano-konnect
# Custom base path for URI endpoints for Konnect API and the identifier web
# application. This needs to be changed when Konnect is served from a path
# instead of the root of the domain.
#uri_base_path = /
# Space separated list of scopes to be accepted by this Konnect server. By
# default this is not set, which means that all scopes which are known by the
# Konnect server and its configured identifier backend are allowed.
#allowed_scopes =
# Space separated list of IP address or CIDR network ranges of remote addresses
# which are to be trusted. This is used to allow special behavior if Konnect
# runs behind a trusted proxy which injects authentication credentials into
# HTTP requests. Not set by default.
#trusted_proxies =
# Flag to enable client controlled guest support. When set to `yes`, a registered
# client can send authorize guests, by sending signed requests. Defaults to `no`.
#allow_client_guests = no
# Flag to enable dynamic client registration API. When set to `yes`, clients
# can register themselves and make authorized calls to the token endpoint.
# Defaults to `no`.
#allow_dynamic_client_registration = no
# Additional arguments to be passed to the identity manager.
#identity_manager_args =
###############################################################
# Log settings
# Log level controls the verbosity of the output log. It can be one of
# `panic`, `fatal`, `error`, `warn`, `info` or `debug`. Defaults to `info`.
#log_level = info
###############################################################
# Kopano Groupware Storage Server Identity Manager (kc)
# URI for connecting to the Kopano Groupware Storage server. This can either be
# a http(s):// URL for remote systems or a file:// URI to a socket for local
# connection. Defaults to `file:///run/kopano/server.sock` and is only used
# when the identity_manager is `kc`.
#kc_server_uri = file:///run/kopano/server.sock
# Session timeout for sessions of the Kopano Groupware Storage server in
# seconds. Access token valid duration is limited to this value and Konnect
# will expire sessions if they are inactive for the timeout duration. This value
# needs to be lower or same as the corresponding value used in the Kopano
# Groupware Storage server's configuration to avoid constant session expiration
# and recreation.
#kc_session_timeout = 300
###############################################################
# LDAP Identity Manager (ldap)
# Below are the settings for the LDAP identity manager. They are only used when
# the identity_manager is `ldap`.
#ldap_uri =
#ldap_binddn =
#ldap_bindpw =
#ldap_basedn =
#ldap_scope = sub
#ldap_login_attribute = uid
#ldap_uuid_attribute = uidNumber
#ldap_filter = (objectClass=inetOrgPerson)

52
etc-zntrl/kopano/konnectkeys/konnect-20210314-0ae1.pem Normal file
View File

@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDKeeORq+iJ/Rzp
Q9Jhqldvx0jEprZkTz30DWQrxgzr3lgpowY4sPT9P4uu73Y+czMv8CvMX9gacBv8
ctbhPL2unmYpRX1Vpgw25E768CyX4etn+LCkZy4KvevuPB8Z6Hx1BseM3tu/nWYP
Uf9TczHN48vjLKrsu6zeEXy3TsUpmEqgIQN9DxdMCVlzh9wl7+gx/9JrpM24slFA
4S/ieeaOtlzv8nIWWUB+qeWM35b5ZEtejsiqDaBGHhNhj2z6igUfRrmEkL3V0lkd
nwaMIWYg0mhiZrX1fQy2wsEpWwDjhy6GQp15IIySv9NgjN5P/PqnCjhPQAxwznt8
KwZucCAh52g/rwykPoMW14SlfVe97zxjEw1MfFmjwi/7jFHh8AGTNl+BVIbZZ/O/
YgxLurKbNEeNcyl/aaZFlNL11RYRa5QOwrc65+ChRhO4rbvsenstpQbky/vvbZ8v
9BbvcuC/I0TTWJxFBpGHuK2iTFiViAE9bLfKAxsXuZofw74pwltTXU2wyTm/weih
HVTs4DlUtUefsltZRFHVBDDTcUc9WwVtKjvCNKUbE5ZXHRkiZuWxLgjci/4UvrRj
WstQVzbGfGWgi710ZovvKqn1gRJoakJTrdYk9YQMnKuLWuq9DNby4N/jdlbAs7NM
8jEe9TTnJW8z7HX6NQPT/ugoqfnPFQIDAQABAoICAFVU8VefP62IAvs8HhoTFC6D
qmNWb1/vFYkZa7IXEbMGTdmeXyzdRyLD+TaMrSS8oEH/0jWb3xOlU+Yc7/qVAsvo
7d1O7/d8t4Eazz5qoiCQkgmLgcaHxZu5VwlcRS9CD9GyPb9c3PfweebTA+xDjCXd
bzwawx5qKfydGhaXF/jjue+qejHmfkcJWa2bAGjspssLqb68Agdo/118ihXEkipr
KNfnMbXBf7DiIWAxiwsn/auoOWGRxI5IdpqTO7aLHIWF5QG9joPi1rPpJXVBTi1e
/6cY6m6/ePA9O/MV61X4zt6+jGdUFGp0db0nITpMv8ZORFUCBTw1iU1XRKqejqt6
/dYb1BTSy5vSUUkjV5isrvXsZd4ZEXzC8xvdu4PyXfIUXDJrCR4N/bLCup6C0r82
7goPw1Lxlr1nPN5A8rzABFrRgcWiiQNs0s82qbE+bf/ZLDXkjK62dDg9ziKE5mQ6
sXQOBZYIYrdAXLs7SRHcPXyWgCZKlps02jA1w0jWRJPXooeq34ce7N0BlkS6oSde
nH/m+EiYf3EFJtgIRcp+Wp3uXc2Se87fSs6GFK6FkHt496yZLY8UuFdXky1XQQJB
FsrPNJr9vuYz38AwACm7mylw7G1zn9WvIbBP83lA/TmlO/dhQiX/zgcILhA4lYod
ackLcmQlJCY1Oa9tVUIBAoIBAQDx5oJ/99xq0PC9zNBew9NTMqsDhLjNwEq6xdIe
RcXRlXubZVA7yTnQ6xRQsEyRU2538hq8ErVCngNMOrgS3iTiADIWhRLr0VBEe4rj
IGJGIXbrXNUE3tZvnn/OljNz08grzqsCRJSk2OYvCk/9W7v5gXNIkTXIpUO4TXys
s78BSGkg5k4AWv8i16PUrVblOTJgjCD2EkYrBWD4BazjlkbKNwGnbpEAjfgjuKmT
DyK4fJ+vHc1pjR+2QZyEy94CyVsSi+n9al90ydTzf6kzIPBaYTjbp8edp8Z3dZKL
fyUaQoZ1a+bEBxBQp0qVsFeOCUhMSq65cwt4je2W4TLLmyOhAoIBAQDWRx0nkmIa
zQpsyr7ebpUJ7i973gw4qynnMrWQYlRq7TgGNoYBKmPe/3d+PBBjTsTWT7q8AdFD
KAENEaWM+FzGErR3bu3sR1Flo1aF02mA6p4BEcSVX25PDsBdzBEg5CwVn+pHf1u4
4GpXlmLhd3HiSzXOUPKrRRhzJHm3GKqoCRIW00eFllPI4vr/4kpgh8V/l4JpKZow
/Sx882EjtxeGC14xKm9y9MF56oajxrPqxu574tBlfTn4eXyTiW4BsTcLcuf+s/lz
R39Ky/FTY9P42QNHIlSX1tlXTe1gRc2qE3QlQYXcc2+P+yasiXNeEiAQFo63TH4I
pWYKmaiTxPb1AoIBAQChr76YhHbK2t+fLbA1N1UgLiTKlELmG9qXXrRkUaS4wt68
7oojfAvuDcMlb8Gt/YNAHw4pmaOYZH+1yyXQTrV+bj0MemQ8RUsOizk5OSMW1zVi
eklUGRJhxyKMVi8MA4mvZlM9j9N/IA8zcAQpR9CsJA+HeK/nbjeGkBx+XyKTW/AQ
8n8+k5QnmNVDyZzkWEfI6sD5WRuXk9/NyBVYhdDJRt0PKcM4CKzMS5jk1+AQShR9
+0CahZ6lttNEm/PIDwiVq/l5zkkBigqRu0nACAs/je5wO4QcZ9ErdeW+4fxNwhuX
jsjPTB1mm3sp9JWBNckiXWTORgxrxwoAqIPIPekhAoIBAQCt5TSR4shfO7uUIs3X
siKd1oEOo1uDudTd3lde/43G4REwaZtC4uX+GZEeDxy1mz0/N6Ex5r+vIo4HzyRt
TTntPUzcCFhqAk7ajz4uiS38A2uLLqI9Hx9kZXJULMJR0Rq9yfPVZlRHq0hiIJfK
pqbzoVnfP+5QdFitSRLGNux4RjQ59ej7Ts5cH2jXtQvrXwQ20fxx3+NUkoJCPTm+
RF6A2ETu3aNoxZ0mleAClcV5aUwtmhrJ4mDjd6RUD5oJIYqsbeo82E4+8e0qBGyq
4j8qmuOAHSpNt3zWz1UvZjbMKdF+UriR+dS2Inp2V24bD9aZd9UGiLtXxPMU8zLO
CXDpAoIBAEycsfTcArULdH9q8mDEM+PiTr49kNL9X7UYDLziNTuU363jcYQ/iXDp
gAdL21caMhcV3C+iAjSb70HwXu6NKEO7Lb703OtgTWHZE9kFssRlA91VSw3X5fCT
I88MqRzFDsdrE9tUlDbQ2S3GP18PuMhLFJdPuZ4whdqiQMfnQxD25rG/Gi8eypz9
J/t/LhciIJxaaBaT5YU/t0KGEAlsSrpuPN3sSq7iQYrrUKQY2Mghy4wKP1qwLhLX
DEr1HZ3gfTZcdvk5ftkGvy4QP6rNRMNo/74l1yp+vAUf/4uA1Wu9QWOJfFOVvfV3
bPlsxOijJGo9JSDH/en3wE654P52ygY=
-----END PRIVATE KEY-----

0
etc-zntrl/kopano/kweb/.kweb/.setup-done Normal file
View File

137
etc-zntrl/kopano/kwebd.cfg Normal file
View File

@@ -0,0 +1,137 @@
##############################################################
# Kopano Web SETTINGS
# Site's host name.
# Full qualified host name. If set, kweb provides HTTP/HTTPS for this host
# including automatic ACME CA TLS and Content Security Policy generation. If not
# set (the default), kweb is available under all names and does not try to
# obtain a certificate via ACME.
#hostname=
# ACME CA email.
# To allow automatic TLS via ACME, the CA needs an email address. Provide your
# email address here to enable automatic TLS via ACME. If tls_acme_email and
# hostname are set, kweb will automatically manage TLS certificates unless
# explictly disabled by other settings.
#tls_acme_email =
# ACME CA subscriber agreement.
# Set to `yes` to accept the CA's subscriber agreement. If this is `no` or
# not set and kweb is otherwise configured to use ACME, kweb will log the link
# to the CA's subscriber agreement and then exit. You have to change this
# setting to `yes` to use automatic TLS via ACME.
#tls_acme_agree = no
# ACME CA server directory.
# URL to the certificate authority's ACME server directory. Default is to use
# Let's Encrypt (https://acme-v02.api.letsencrypt.org/directory).
#tls_acme_ca = https://acme-v02.api.letsencrypt.org/directory
# HTTP Strict Transport Security.
# Value for HTTP Strict Transport Security response header. Default to
# `max-age=31536000;` and is only used if hostname is set. Set explicitly to
# empty to disable.
#hsts=max-age=31536000;
# Bind address to bind the listeners.
# This setting defines where to bind kweb http listeners. By default kweb binds
# to all interfaces/ips since it needs to be available from external.
#bind=0.0.0.0
# Web root folder.
# Full path to the web root. All files below that folder are served by kweb and
# the path is used as base for otherwise relative paths.
# Default: `/usr/share/kopano-kweb/www`
#web_root = /usr/share/kopano-kweb/www
# Port for HTTPS listener.
# When TLS is enabled, kweb will serve the TLS listener on this port. Defaults
# to 9443 if `hostname` is not set and `443` otherwise.
https_port = 7443
# Port for HTTP listener.
# When TLS is disabled, kweb will serve the listener on this port. Defaults to
# 9080 if `hostname` is not set and `80` otherwise.
http_port = 7080
# HTTP/2 support.
# Set to `yes` to enable HTTP/2 support on all TLS listeners. HTTP/2 is enabled
# by default. Set to `no` to disable.
#http2 = yes
# QUIC support.
# Experimental support for QUIC. Set to `true` to enable. Default is `no`.
#quic = no
###############################################################
# Log settings
# HTTP request log file (access log in combined format).
# Full path to log file where to log HTTP requests. Not set by default which
# means requests are not logged.
#request_log_file = /var/log/kopano-kweb/access.log
###############################################################
# TLS settings
# TLS support.
# Support encrypted listeners and automatic TLS certificate creation when set
# to `yes`. Set to `no` to disable all TLS and listen on plain HTTP.
#tls = yes
# TLS certificate bundle.
# Path to a TLS certificate bundle (concatenation of the server's certificate
# followed by the CA's certificate chain). If set, the TLS listener will use
# that certificate instead of trying automatic TLS.
#tls_cert =
# TLS private key.
# Path to the server's private key file which matches the certificate bundle. It
# must match the certificate in tls_cert.
#tls_key =
# TLS protocols.
# Minimal and maximal TLS protocol versions to be offered. Defaults to TLS 1.2
# and TLS 1.3 (`tls1.2 tls1.3`).
#tls_protocols = tls1.2 tls1.3
# TLS self sign.
# By default kweb creates self signed TLS certificates on startup on if ACME is
# not possible due to missing settings. If set to `yes`, ACME is disabled and a
# self signed certificate will always be created. Default: `no`.
#tls_always_self_sign = no
# TLS must stable.
# Enables must stable for certificates managed by kweb. If this is set to `yes`
# and kweb requests certificates via ACME, those certificates will require that
# the OSCP information is stapled with the response. Defaults to `no`.
#tls_must_staple = no
###############################################################
# App settings
# Default top level redirect.
# When set, top level requests `/` will redirect to the configured value.
# Not set by default.
#default_redirect =
# Legacy support.
# To make integration into existing environments easier kwebd can act as a
# reverse proxy to allow serving requests Kopano WebApp and Z-Push running e.g.
# in Apache or Nginx. Set the address to the legacy web server here. Not set by
# default.
#legacy_reverse_proxy = 127.0.0.1:8000
###############################################################
# Limiting settings
# Rate limit tate.
# Limits Excessive access to services. Requests will be terminated with an error
# 429 (Too Many Requests) and X-RateLimit-RetryAfter is added.
# Format "rate burst unit", Defaults to "100 200 minute".
#ratelimit_rate = "100 200 minute"
# Rate limit whitelist.
# Your trusted IPs (comma separated). Defines the CIDR IP range you don't want
# to perform rate limit. Defaults to `127.0.0.1/8`.
#ratelimit_whitelist = 127.0.0.1/8

36
etc-zntrl/kopano/ldap.cfg Normal file
View File

@@ -0,0 +1,36 @@
# See the kopano-ldap.cfg(5) manpage for details and more directives
# Select implementation.
# If you have any reason to override settings from /usr/share/kopano/*.cfg,
# do so at the end of this (/etc-resident) config file.
#
!include /usr/share/kopano/ldap.openldap.cfg
#!include /usr/share/kopano/ldap.active-directory.cfg
# List of URIs of LDAP servers to use. Make sure that etc/ldap/ldap.conf is
# /configured correctly with TLS_CACERT when using "ldaps".
ldap_uri =
#ldap_starttls = no
# The DN of the user to bind as for normal operations.
# When empty, uses anonymous binding.
ldap_bind_user =
ldap_bind_passwd =
# Top level search base, every object should be available under this tree
ldap_search_base =
# The timeout for network operations in seconds
#ldap_network_timeout = 30
# ldap_page_size limits the number of results from a query that will be downloaded at a time.
# Default ADS MaxPageSize is 1000.
#ldap_page_size = 1000
#ldap_membership_cache_size = 256k
#ldap_membership_cache_lifetime = 5
# Use custom defined LDAP property mappings
# This is not a requirement for most environments but allows custom mappings of
# special LDAP properties to custom MAPI attributes
#!propmap /etc/kopano/ldap.propmap.cfg

36
etc-zntrl/kopano/ldap.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,36 @@
# See the kopano-ldap.cfg(5) manpage for details and more directives
# Select implementation.
# If you have any reason to override settings from /usr/share/kopano/*.cfg,
# do so at the end of this (/etc-resident) config file.
#
!include /usr/share/kopano/ldap.openldap.cfg
#!include /usr/share/kopano/ldap.active-directory.cfg
# List of URIs of LDAP servers to use. Make sure that etc/ldap/ldap.conf is
# /configured correctly with TLS_CACERT when using "ldaps".
ldap_uri =
#ldap_starttls = no
# The DN of the user to bind as for normal operations.
# When empty, uses anonymous binding.
ldap_bind_user =
ldap_bind_passwd =
# Top level search base, every object should be available under this tree
ldap_search_base =
# The timeout for network operations in seconds
#ldap_network_timeout = 30
# ldap_page_size limits the number of results from a query that will be downloaded at a time.
# Default ADS MaxPageSize is 1000.
#ldap_page_size = 1000
#ldap_membership_cache_size = 256k
#ldap_membership_cache_lifetime = 5
# Use custom defined LDAP property mappings
# This is not a requirement for most environments but allows custom mappings of
# special LDAP properties to custom MAPI attributes
#!propmap /etc/kopano/ldap.propmap.cfg

28
etc-zntrl/kopano/monitor.cfg Normal file
View File

@@ -0,0 +1,28 @@
# See the kopano-monitor.cfg(5) manpage for details and more directives.
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/monitor.pem
# The password of the SSL Key
#sslkey_pass = replace-with-monitor-cert-password
# in a multi-server environment, which servers to monitor (default all)
#servers =
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = -
#log_timestamp = yes
# Quota check interval (in minutes)
#quota_check_interval = 15
# Quota mail interval in days
#mailquota_resend_interval = 1
# Template to be used for quota emails which are sent to the user
# when the various user quota levels have been exceeded.
#userquota_warning_template = /etc/kopano/quotamail/userwarning.mail
# Templates to be used for quota emails which are sent to the company administrators
# when the company quota level has been exceeded.
#companyquota_warning_template = /etc/kopano/quotamail/companywarning.mail

28
etc-zntrl/kopano/monitor.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,28 @@
# See the kopano-monitor.cfg(5) manpage for details and more directives.
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/monitor.pem
# The password of the SSL Key
#sslkey_pass = replace-with-monitor-cert-password
# in a multi-server environment, which servers to monitor (default all)
#servers =
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = -
#log_timestamp = yes
# Quota check interval (in minutes)
#quota_check_interval = 15
# Quota mail interval in days
#mailquota_resend_interval = 1
# Template to be used for quota emails which are sent to the user
# when the various user quota levels have been exceeded.
#userquota_warning_template = /etc/kopano/quotamail/userwarning.mail
# Templates to be used for quota emails which are sent to the company administrators
# when the company quota level has been exceeded.
#companyquota_warning_template = /etc/kopano/quotamail/companywarning.mail

30
etc-zntrl/kopano/php-mapi.cfg Normal file
View File

@@ -0,0 +1,30 @@
##############################################################
# LOG SETTINGS
# Logging method (syslog, file), syslog facility is 'mail'
#log_method = syslog
# Logfile (for log_method = file, '-' for stderr)
#log_file = /var/log/kopano/php-mapi.log
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Log timestamp - prefix each log line with timestamp in 'file'
# logging mode
#log_timestamp = yes
# Buffer logging in what sized blocks. 0 for line-buffered (syslog-style).
#log_buffer_size = 0
# This setting will make php-mapi trace how long each MAPI-call
# took into the selected logfile.
# Make sure that the file exists and/or can be written to by the
# apache user.
# php_mapi_performance_trace_file = /var/log/kopano/php-mapi-perf-trace.log
# Enable debug output for the mapi extension
# Bitmask:
# 1 = Log start of a function
# 2 = Log end of a function
#php_mapi_debug = 0

30
etc-zntrl/kopano/php-mapi.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,30 @@
##############################################################
# LOG SETTINGS
# Logging method (syslog, file), syslog facility is 'mail'
#log_method = syslog
# Logfile (for log_method = file, '-' for stderr)
#log_file = /var/log/kopano/php-mapi.log
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Log timestamp - prefix each log line with timestamp in 'file'
# logging mode
#log_timestamp = yes
# Buffer logging in what sized blocks. 0 for line-buffered (syslog-style).
#log_buffer_size = 0
# This setting will make php-mapi trace how long each MAPI-call
# took into the selected logfile.
# Make sure that the file exists and/or can be written to by the
# apache user.
# php_mapi_performance_trace_file = /var/log/kopano/php-mapi-perf-trace.log
# Enable debug output for the mapi extension
# Bitmask:
# 1 = Log start of a function
# 2 = Log end of a function
#php_mapi_debug = 0

11
etc-zntrl/kopano/quotamail/companywarning.mail Normal file
View File

@@ -0,0 +1,11 @@
Subject: Quota of company ${KOPANO_QUOTA_COMPANY} has been exceeded
The size of the public store for company ${KOPANO_QUOTA_COMPANY} has exceeded
the size limits set by the administrator.
The public store size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limit:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded this warning message will be sent
See client Help for more information.

11
etc-zntrl/kopano/quotamail/companywarning.mail.dpkg-new Normal file
View File

@@ -0,0 +1,11 @@
Subject: Quota of company ${KOPANO_QUOTA_COMPANY} has been exceeded
The size of the public store for company ${KOPANO_QUOTA_COMPANY} has exceeded
the size limits set by the administrator.
The public store size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limit:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded this warning message will be sent
See client Help for more information.

17
etc-zntrl/kopano/quotamail/userhard.mail Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

17
etc-zntrl/kopano/quotamail/userhard.mail.dpkg-new Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

17
etc-zntrl/kopano/quotamail/usersoft.mail Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

17
etc-zntrl/kopano/quotamail/usersoft.mail.dpkg-new Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

17
etc-zntrl/kopano/quotamail/userwarning.mail Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

17
etc-zntrl/kopano/quotamail/userwarning.mail.dpkg-new Normal file
View File

@@ -0,0 +1,17 @@
Subject: Quota of user ${KOPANO_QUOTA_NAME} has been exceeded
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is ${KOPANO_QUOTA_STORE_SIZE}.
Mailbox size limits:
* Warninglevel (${KOPANO_QUOTA_WARN_SIZE})
- When this limit is exceeded a warning message will be sent
* Softlevel (${KOPANO_QUOTA_SOFT_SIZE})
- When this limit is exceeded you will not be able to send new email
* Hardlevel (${KOPANO_QUOTA_HARD_SIZE})
- When this limit is exceeded you will not be able to send and receive new email
To make more space available, delete any items that you are no longer using or use Kopano Archiver to move old items to an archive server.
Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit.
You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.

40
etc-zntrl/kopano/search.cfg Normal file
View File

@@ -0,0 +1,40 @@
# See kopano-search.cfg(5) for more details and directives.
# Location of the index files
#index_path = /var/lib/kopano/search/
# Limit the number of results returned (0 = no limit)
#limit_results = 1000
# Socket to the storage server.
# Use https to reach servers over the network
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/search.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
# To setup for multi-server, use: http://0.0.0.0:port or https://0.0.0.0:port
#server_bind_name = file:///var/run/kopano/search.sock
# File with certificate for SSL, used when server_bind_name uses https://...
#ssl_certificate_file = /etc/kopano/search/cert.pem
# File with RSA key for SSL, used when server_bind_name uses https://...
#ssl_private_key_file = /etc/kopano/search/privkey.pem
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_file = /var/log/kopano/search.log
#log_timestamp = yes
# Number of indexing processes used during initial indexing
#index_processes = 1
#index_drafts = yes
#index_junk = yes
# Prepare search suggestions ("did-you-mean?") during indexing
# This takes up a large percentage of the used disk space
#suggestions = yes
# Should attachments be indexed
#index_attachments = no
# Maximum file size for attachments
#index_attachment_max_size = 5M

40
etc-zntrl/kopano/search.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,40 @@
# See kopano-search.cfg(5) for more details and directives.
# Location of the index files
#index_path = /var/lib/kopano/search/
# Limit the number of results returned (0 = no limit)
#limit_results = 1000
# Socket to the storage server.
# Use https to reach servers over the network
#server_socket = file:///var/run/kopano/server.sock
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/search.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
# To setup for multi-server, use: http://0.0.0.0:port or https://0.0.0.0:port
#server_bind_name = file:///var/run/kopano/search.sock
# File with certificate for SSL, used when server_bind_name uses https://...
#ssl_certificate_file = /etc/kopano/search/cert.pem
# File with RSA key for SSL, used when server_bind_name uses https://...
#ssl_private_key_file = /etc/kopano/search/privkey.pem
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = /var/log/kopano/search.log
#log_timestamp = yes
# Number of indexing processes used during initial indexing
#index_processes = 1
#index_drafts = yes
#index_junk = yes
# Prepare search suggestions ("did-you-mean?") during indexing
# This takes up a large percentage of the used disk space
#suggestions = yes
# Should attachments be indexed
#index_attachments = no
# Maximum file size for attachments
#index_attachment_max_size = 5M

120
etc-zntrl/kopano/server.cfg Normal file
View File

@@ -0,0 +1,120 @@
# See the kopano-server.cfg(5) manpage for details and more directives.
# If a directive is not used (i.e. commented out), the built-in server default
# is used, so to disable certain features, the empty string value must explicitly be
# set on them.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
server_listen = 0.0.0.0:236
#server_listen_tls =
#server_ssl_key_file = /etc/kopano/ssl/server.pem
#server_ssl_key_pass =
#server_ssl_ca_file = /etc/kopano/ssl/cacert.pem
#server_ssl_ca_path =
#server_tls_min_proto = tls1.2
# Path of SSL Public keys of clients
#sslkeys_path = /etc/kopano/sslkeys
# Name for identifying the server in a multi-server environment. Need
# not be a DNS name, but this name needs to be present on a LDAP
# kopano-server object's cn value.
server_name = mail.zntrl.de
# Multi-server
#enable_distributed_kopano = false
database_engine = mysql
mysql_host = localhost
mysql_port = 3306
mysql_user = kopano
mysql_password = zAKt(85&
mysql_database = kopano
# Allow connections from normal users through the Unix socket
#allow_local_users = yes
# Space-separated list of users that are considered Kopano admins.
local_admin_users = root kopano
log_method = file
log_file = /var/log/kopano/server.log
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_timestamp = yes
# Attachment backend driver type: "database", "files", "files_v2", "s3"
#attachment_storage = files
#attachment_path = /var/lib/kopano/attachments
#attachment_s3_hostname = s3-eu-west-1.amazonaws.com
# The region where the bucket is located, e.g. "eu-west-1"
#attachment_s3_region =
# The protocol that should be used to connect to S3, 'http' or 'https' (preferred)
#attachment_s3_protocol =
# The URL style of the bucket, "virtualhost" or "path"
#attachment_s3_uristyle =
# The access key id of your S3 account
#attachment_s3_accesskeyid =
# The secret access key of your S3 account
#attachment_s3_secretaccesskey =
# The bucket name in which the files will be stored
#attachment_s3_bucketname =
# User backend driver type: "db", "unix", "ldap"
#user_plugin = db
#user_plugin_config = /etc/kopano/ldap.cfg
#enable_sso = false
# Hostname override for Kerberos SSO
#server_hostname =
# OpenID Connect Issuer Identifier. When set, the server attempts OIDC discovery
# and initialization on startup, using the configured issuer identifier.
#kcoidc_issuer_identifier =
#kcoidc_initialize_timeout = 60
# Skip creation/deletion of users for testing purposes, instead log it.
#user_safe_mode = no
# Multi-tenancy
#enable_hosted_kopano = false
# Display format of store name
# Allowed variables:
# %u Username
# %f Full name
# %c Tenant's name
#storename_format = %f
# Loginname format for multi-tenancy installations
# When the user does not login through a system-wide unique
# username (like the email address) a unique name is created
# by combining the username and the tenantname.
# With this configuration option you can set how the
# loginname should be built up.
#
# Note: Do not use the = character in the format.
#
# Allowed variables:
# %u Username
# %c Teantname
#
#loginname_format = %u
#enable_gab = yes
# Whether to hide/show the special GAB "Everyone" group that contains
# every user and group for non-admins.
#hide_everyone = no
# Whether to hide/show the special GAB "SYSTEM" user for non-admins.
#hide_system = yes
# Synchronize GAB users on every open of the GAB (otherwise, only on
# kopano-admin --sync)
#sync_gab_realtime = yes
# Use indexing service for faster searching.
# Enabling this option requires kopano-indexd or kopano-search to be active.
#search_enabled = yes
#search_socket = file:///var/run/kopano/search.sock
#search_timeout = 10
# Disable features for users. This list is space separated.
# Currently valid values: imap pop3 mobile outlook webapp
disabled_features = pop3

120
etc-zntrl/kopano/server.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,120 @@
# See the kopano-server.cfg(5) manpage for details and more directives.
# If a directive is not used (i.e. commented out), the built-in server default
# is used, so to disable certain features, the empty string value must explicitly be
# set on them.
# Space-separated list of address:port specifiers with optional %interface
# infix for where the server should listen for connections.
server_listen = *%lo:236
#server_listen_tls =
#server_ssl_key_file = /etc/kopano/ssl/server.pem
#server_ssl_key_pass =
#server_ssl_ca_file = /etc/kopano/ssl/cacert.pem
#server_ssl_ca_path =
#server_tls_min_proto = tls1.2
# Path of SSL Public keys of clients
#sslkeys_path = /etc/kopano/sslkeys
# Name for identifying the server in a multi-server environment. Need
# not be a DNS name, but this name needs to be present on a LDAP
# kopano-server object's cn value.
#server_name =
# Multi-server
#enable_distributed_kopano = false
#database_engine = mysql
#mysql_host = localhost
#mysql_port = 3306
#mysql_user = root
#mysql_password =
#mysql_database = kopano
# Allow connections from normal users through the Unix socket
#allow_local_users = yes
# Space-separated list of users that are considered Kopano admins.
local_admin_users = root kopano
#log_method = auto
#log_file = -
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_timestamp = yes
# Attachment backend driver type: "database", "files", "files_v2", "s3"
#attachment_storage = files
#attachment_path = /var/lib/kopano/attachments
#attachment_s3_hostname = s3-eu-west-1.amazonaws.com
# The region where the bucket is located, e.g. "eu-west-1"
#attachment_s3_region =
# The protocol that should be used to connect to S3, 'http' or 'https' (preferred)
#attachment_s3_protocol =
# The URL style of the bucket, "virtualhost" or "path"
#attachment_s3_uristyle =
# The access key id of your S3 account
#attachment_s3_accesskeyid =
# The secret access key of your S3 account
#attachment_s3_secretaccesskey =
# The bucket name in which the files will be stored
#attachment_s3_bucketname =
# User backend driver type: "db", "unix", "ldap"
#user_plugin = db
#user_plugin_config = /etc/kopano/ldap.cfg
#enable_sso = false
# Hostname override for Kerberos SSO
#server_hostname =
# OpenID Connect Issuer Identifier. When set, the server attempts OIDC discovery
# and initialization on startup, using the configured issuer identifier.
#kcoidc_issuer_identifier =
#kcoidc_initialize_timeout = 60
# Skip creation/deletion of users for testing purposes, instead log it.
#user_safe_mode = no
# Multi-tenancy
#enable_hosted_kopano = false
# Display format of store name
# Allowed variables:
# %u Username
# %f Full name
# %c Tenant's name
#storename_format = %f
# Loginname format for multi-tenancy installations
# When the user does not login through a system-wide unique
# username (like the email address) a unique name is created
# by combining the username and the tenantname.
# With this configuration option you can set how the
# loginname should be built up.
#
# Note: Do not use the = character in the format.
#
# Allowed variables:
# %u Username
# %c Teantname
#
#loginname_format = %u
#enable_gab = yes
# Whether to hide/show the special GAB "Everyone" group that contains
# every user and group for non-admins.
#hide_everyone = no
# Whether to hide/show the special GAB "SYSTEM" user for non-admins.
#hide_system = yes
# Synchronize GAB users on every open of the GAB (otherwise, only on
# kopano-admin --sync)
#sync_gab_realtime = yes
# Use indexing service for faster searching.
# Enabling this option requires kopano-indexd or kopano-search to be active.
#search_enabled = yes
#search_socket = file:///var/run/kopano/search.sock
#search_timeout = 10
# Disable features for users. This list is space separated.
# Currently valid values: imap pop3 mobile outlook webapp
#disabled_features = imap pop3

53
etc-zntrl/kopano/spamd.cfg Normal file
View File

@@ -0,0 +1,53 @@
##############################################################
# SPAMD SERVICE SETTINGS
# run as specific user
#run_as_user = kopano
# run as specific group
#run_as_group = kopano
# control pid file
#pid_file = /var/run/kopano/spamd.pid
# run server in this path (when not using the -F switch)
#running_path = /var/lib/kopano
##############################################################
# LOG SETTINGS
# Logging method (syslog, file)
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Logfile for log_method = file, use '-' for stderr
#log_file = /var/log/kopano/spamd.log
# Log timestamp - prefix each log line with timestamp in 'file' logging mode
#log_timestamp = 1
###############################################################
# SPAMD Specific settings
# The dir where spam mails are written to which are later picked up
# by the sa-learn program
#spam_dir = /var/lib/kopano/spamd/spam
# Location for the database containing metadata on learned spam
#spam_db = /var/lib/kopano/spamd/spam.db
# Learn ham, when the user moves emails from junk to inbox,
# enabled by default.
#learn_ham = yes
# The dir where ham mails are written to which are later picked up
# by the sa-learn program
#ham_dir = /var/lib/kopano/spamd/ham
# Spamassassin group
#sa_group = amavis
# Header tag for spam emails
#header_tag = X-Spam-Flag

53
etc-zntrl/kopano/spamd.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,53 @@
##############################################################
# SPAMD SERVICE SETTINGS
# run as specific user
#run_as_user = kopano
# run as specific group
#run_as_group = kopano
# control pid file
#pid_file = /var/run/kopano/spamd.pid
# run server in this path (when not using the -F switch)
#running_path = /var/lib/kopano
##############################################################
# LOG SETTINGS
# Logging method (syslog, file)
#log_method = file
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
# Logfile for log_method = file, use '-' for stderr
#log_file = /var/log/kopano/spamd.log
# Log timestamp - prefix each log line with timestamp in 'file' logging mode
#log_timestamp = 1
###############################################################
# SPAMD Specific settings
# The dir where spam mails are written to which are later picked up
# by the sa-learn program
#spam_dir = /var/lib/kopano/spamd/spam
# Location for the database containing metadata on learned spam
#spam_db = /var/lib/kopano/spamd/spam.db
# Learn ham, when the user moves emails from junk to inbox,
# enabled by default.
#learn_ham = yes
# The dir where ham mails are written to which are later picked up
# by the sa-learn program
#ham_dir = /var/lib/kopano/spamd/ham
# Spamassassin group
#sa_group = amavis
# Header tag for spam emails
#header_tag = X-Spam-Flag

30
etc-zntrl/kopano/spooler.cfg Normal file
View File

@@ -0,0 +1,30 @@
# See the kopano-spooler.cfg(5) manpage for details and more directives.
# Outgoing mailserver
#smtp_server = localhost
#smtp_port = 25
# Server Unix socket location
#server_socket = default:
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/spooler.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = -
#log_timestamp = yes
# Dump raw messages into specified directory before sending via SMTP.
#log_raw_message_path = /var/lib/kopano
#log_raw_message_stage1 = no
# Maximum number of threads used to send outgoing messages
#max_threads = 5
# spooler Python plugin framework. Disables threading.
#plugin_enabled = no
# Path to the activated spooler plugins.
#plugin_path = /var/lib/kopano/spooler/plugins

30
etc-zntrl/kopano/spooler.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,30 @@
# See the kopano-spooler.cfg(5) manpage for details and more directives.
# Outgoing mailserver
#smtp_server = localhost
#smtp_port = 25
# Server Unix socket location
#server_socket = default:
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/spooler.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
#log_level = 3
#log_file = -
#log_timestamp = yes
# Dump raw messages into specified directory before sending via SMTP.
#log_raw_message_path = /var/lib/kopano
#log_raw_message_stage1 = no
# Maximum number of threads used to send outgoing messages
#max_threads = 5
# spooler Python plugin framework. Disables threading.
#plugin_enabled = no
# Path to the activated spooler plugins.
#plugin_path = /var/lib/kopano/spooler/plugins

8
etc-zntrl/kopano/statsd.cfg Normal file
View File

@@ -0,0 +1,8 @@
# One address:port specifier for where to listen for HTTP connections.
#statsd_listen = unix:/var/run/kopano/statsd.sock
# Location for keeping RRD files
#statsd_rrd = /var/lib/kopano/rrd
#run_as_user = kopano
#run_as_group = kopano

42
etc-zntrl/kopano/unix.cfg Normal file
View File

@@ -0,0 +1,42 @@
##############################################################
# UNIX USER PLUGIN SETTINGS
#
# Any of these directives that are required, are only required if the
# userplugin parameter is set to unix.
# Charset used in /etc/passwd for the fullname of a user. Normally this
# is us-ascii, but this can differ according to your setup.
# The charset specified here must be supported by your iconv(1)
# setup. See iconv -l for all charsets.
fullname_charset = iso-8859-15
# Default email domain for constructing new users
# Required, no default
default_domain = kopano.com
# The lowest user id that is considered a regular user
# Optional, default = 1000
min_user_uid = 1000
# The highest user id that is considered a regular user
# Optional, default = 10000
max_user_uid = 10000
# A list of user ids that are not considered to be regular users
# Optional, default = empty
# except_user_uids =
# The lowest group id that is considered a regular group
# Optional, default = 1000
min_group_gid = 1000
# The highest group id that is considered a regular group
# Optional, default = 10000
max_group_gid = 10000
# A list of group ids that are not considered to be regular groups
# Optional, default = empty
# except_group_gids =
# Create a user as non-active when it has this Unix shell
non_login_shell = /sbin/nologin /bin/false

42
etc-zntrl/kopano/unix.cfg.dpkg-new Normal file
View File

@@ -0,0 +1,42 @@
##############################################################
# UNIX USER PLUGIN SETTINGS
#
# Any of these directives that are required, are only required if the
# userplugin parameter is set to unix.
# Charset used in /etc/passwd for the fullname of a user. Normally this
# is us-ascii, but this can differ according to your setup.
# The charset specified here must be supported by your iconv(1)
# setup. See iconv -l for all charsets.
fullname_charset = iso-8859-15
# Default email domain for constructing new users
# Required, no default
default_domain = kopano.com
# The lowest user id that is considered a regular user
# Optional, default = 1000
min_user_uid = 1000
# The highest user id that is considered a regular user
# Optional, default = 10000
max_user_uid = 10000
# A list of user ids that are not considered to be regular users
# Optional, default = empty
# except_user_uids =
# The lowest group id that is considered a regular group
# Optional, default = 1000
min_group_gid = 1000
# The highest group id that is considered a regular group
# Optional, default = 10000
max_group_gid = 10000
# A list of group ids that are not considered to be regular groups
# Optional, default = empty
# except_group_gids =
# Create a user as non-active when it has this Unix shell
non_login_shell = /sbin/nologin /bin/false

28
etc-zntrl/kopano/webapp/.htaccess Normal file
View File

@@ -0,0 +1,28 @@
# some apache settings
Options -Indexes
# The maximum POST limit. To upload large files, this value must be larger than upload_max_filesize.
<IfModule mod_php5.c>
php_value post_max_size 31M
php_value upload_max_filesize 30M
</IfModule>
<IfModule mod_php7.c>
php_value post_max_size 31M
php_value upload_max_filesize 30M
</IfModule>
# Deny access to config.php, config.php.dist, debug.php, debug.php.dist, defaults.php
# because they could become a security vulnerability when accessible
# Better safe then sorry
<FilesMatch "^(config|debug|defaults|init)\.php">
<IfVersion < 2.4>
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<RequireAll>
Require all denied
</RequireAll>
</IfVersion>
</FilesMatch>

4
etc-zntrl/kopano/webapp/config-contactfax.php Normal file
View File

@@ -0,0 +1,4 @@
<?php
define('PLUGIN_CONTACTFAXPLUGIN_USER_DEFAULT_ENABLE', false);
define('PLUGIN_CONTACTFAXPLUGIN_FAX_DOMAIN_NAME', 'officefax.net');
?>

13
etc-zntrl/kopano/webapp/config-gmaps.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
//by default gmaps plugin is disabled
define('PLUGIN_GMAPS_USER_DEFAULT_ENABLE', false);
define ('PLUGIN_GMAPS_DEFAULT_ADDRESS','Elektronicaweg 18, 2628 XG Delft, The Netherlands');
define ('PLUGIN_GMAPS_SHOW_ROUTES', false);
// This plugin requires a valid Google API key. You can get an API key (and more information) at
// https://developers.google.com/maps/documentation/javascript/get-api-key
// Please note that there are usage limits for a particular API key:
// https://developers.google.com/maps/documentation/javascript/usage
define ('PLUGIN_GMAPS_GOOGLE_API_KEY', 'YOUR GOOGLE API KEY');
?>

17
etc-zntrl/kopano/webapp/config-intranet.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
define('PLUGIN_INTRANET_USER_DEFAULT_ENABLE', false);
define('PLUGIN_INTRANET_BUTTON_TITLE', 'Kopano.io');
define('PLUGIN_INTRANET_URL', 'https://kopano.io/');
define('PLUGIN_INTRANET_AUTOSTART', false);
define('PLUGIN_INTRANET_ICON', 'resources/icons/icon_default.png');
// More buttons can be added by adding a number as follows
// Note: Numbers must start with 1 and be sequential
define('PLUGIN_INTRANET_BUTTON_TITLE_1', 'Kopano.com');
define('PLUGIN_INTRANET_URL_1', 'https://kopano.com/');
define('PLUGIN_INTRANET_AUTOSTART_1', false);
define('PLUGIN_INTRANET_ICON_1', 'resources/icons/icon_default.png');

9
etc-zntrl/kopano/webapp/config-mattermost.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
define('PLUGIN_MATTERMOST_USER_DEFAULT_ENABLE', false);
define('PLUGIN_MATTERMOST_URL', '<URL-OF-YOUR-MATTERMOST>');
// This setting can be changed by the user in his settings.
// Here you can define the default behaviour.
define('PLUGIN_MATTERMOST_AUTOSTART', true);

19
etc-zntrl/kopano/webapp/config-meet.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
/*******************************************************************************
*
* This file is part of the Meet plugin for Kopano WebApp
*
* (c) 2019 Kopano <info@kopano.com>
*
*******************************************************************************/
// This file contains the configuration options of the Meet plugin
// This disables the plugin by default
define('PLUGIN_MEET_USER_DEFAULT_ENABLE', false);
// The URL of the Meet PWA
//define('PLUGIN_MEET_MEET_URL', 'https://<URL_OF_YOUR_MEET_INSTALLATION>');
// The URL of the Meet join flow
//define('PLUGIN_MEET_MEET_JOIN_URL' '/meet/r/join/group/');

4
etc-zntrl/kopano/webapp/config-pimfolder.php Normal file
View File

@@ -0,0 +1,4 @@
<?php
/** Enable the pimfolder plugin for all users */
define('PLUGIN_PIMFOLDER_USER_DEFAULT_ENABLE', false);
?>

6
etc-zntrl/kopano/webapp/config-threema4deskapp.php Normal file
View File

@@ -0,0 +1,6 @@
<?php
define('PLUGIN_THREEMA4DESKAPP_USER_DEFAULT_ENABLE', false);
define('PLUGIN_THREEMA4DESKAPP_BUTTON_TITLE', 'Threema');
define('PLUGIN_THREEMA4DESKAPP_URL', 'https://web.threema.ch/');

6
etc-zntrl/kopano/webapp/config-whatsapp4deskapp.php Normal file
View File

@@ -0,0 +1,6 @@
<?php
define('PLUGIN_WHATSAPP4DESKAPP_USER_DEFAULT_ENABLE', false);
define('PLUGIN_WHATSAPP4DESKAPP_BUTTON_TITLE', 'WhatsApp');
define('PLUGIN_WHATSAPP4DESKAPP_URL', 'https://web.whatsapp.com/');

331
etc-zntrl/kopano/webapp/config.php Normal file
View File

@@ -0,0 +1,331 @@
<?php
// The config file for the webapp.
// All possible web client settings can be set in this file. Some settings
// (language) can also be set per user or logon.
// Comment next line to disable the config check (or set FALSE to log the config errors)
define("CONFIG_CHECK", TRUE);
// Use these options to optionally disable some PHP configuration checks.
// WARNING: these checks will disable checks regarding the security of the WebApp site configuration,
// only change them if you know the consequences - improper use will lead to an insecure installation!
define("CONFIG_CHECK_COOKIES_HTTP", FALSE);
define("CONFIG_CHECK_COOKIES_SSL", FALSE);
// Depending on your setup, it might be advisable to change the lines below to one defined with your
// default socket location.
// Normally "default:" points to the default setting ("file:///var/run/kopano/server.sock")
// Examples: define("DEFAULT_SERVER", "default:");
// define("DEFAULT_SERVER", "http://localhost:236/kopano");
// define("DEFAULT_SERVER", "https://localhost:237/kopano");
// define("DEFAULT_SERVER", "file:///var/run/kopano/server.sock");
define("DEFAULT_SERVER", "default:");
// When using a Single-Sign-On (SSO) system on your webserver and Kopano Core is on another server
// you can use https to access the Kopano server, and authenticate using an SSL certificate.
define("SSLCERT_FILE", NULL);
define("SSLCERT_PASS", NULL);
// Set to false to disable login with Single Sign-On (SSO) on SSO environments.
define("ENABLE_REMOTE_USER_LOGIN", true);
// OIDC Server Configuration, introduced in Kopano Core 8.7.0
define("OIDC_ISS", "");
define("OIDC_CLIENT_ID", "");
define("OIDC_SCOPE", "openid profile email kopano/gc");
// set to 'true' to strip domain from login name found from Single Sign-On webservers
define("LOGINNAME_STRIP_DOMAIN", false);
// Name of the cookie that is used for the session
define("COOKIE_NAME", "KOPANO_WEBAPP");
// Set to 'false' to disable secure session cookies and to allow log-in without HTTPS.
define("SECURE_COOKIES", true);
// Use DOMPurify to filter HTML
// Caution: disabling DOMPurify is a potential security risk.
define("ENABLE_DOMPURIFY_FILTER", true);
// The timeout (in seconds) for the session. User will be logged out of WebApp
// when he has not actively used the WebApp for this time.
// Set to 0 (or remove) for no timeout during browser session.
define("CLIENT_TIMEOUT", 0);
// Defines the domains from which cross domain authentication requests
// are allowed. E.g. if WebMeetings runs under a different domain than
// the WebApp then add this domain here. Add http(s):// to the domains
// and separate domains with spaces.
// Set to empty string (default) to only allow authentication requests
// from within the same domain.
// Set to "*" to allow authentication requests from any domain. (not
// recommended)
define("CROSS_DOMAIN_AUTHENTICATION_ALLOWED_DOMAINS", "");
// Defines the domains to which redirection after login is allowed.
// Add http(s):// to the domains and separate domains with spaces.
// Note: The domain under which WebApp runs, is always allowed and does
// not need to be added here.
define("REDIRECT_ALLOWED_DOMAINS", "");
// Defines the base url and end with a slash.
$base_url = dirname($_SERVER["PHP_SELF"]);
if(substr($base_url,-1)!="/") $base_url .="/";
define("BASE_URL", $base_url);
// Defines the temp path (absolute). Here uploaded attachments will be saved.
// The web client doesn't work without this directory.
define("TMP_PATH", "/var/lib/kopano-webapp/tmp");
// Define the path to the plugin directory (No slash at the end)
define("PATH_PLUGIN_DIR", "plugins");
// Enable the plugins
define("ENABLE_PLUGINS", true);
// Define list of disabled plugins separated by semicolon
// Plugin directory name should be used in this list.
define("DISABLED_PLUGINS_LIST", "");
// Define a list of plugins that cannot be disabled by users.
// Plugins should be seperated by a semicolon (;). A wildcard (*)
// can be used to identify multiple plugins.
// Plugin directory name should be used in this list.
define("ALWAYS_ENABLED_PLUGINS_LIST", "");
// General WebApp theme. This will be loaded by default for every user
// (if the theme is installed as a plugin)
// Users can override the 'logged-in' theme in the settings.
// The theme directory should be added here, not the display name.
define("THEME", "");
// Enable themes.
define("ENABLE_THEMES", true);
// General WebApp icon set. This will be loaded by default for every user.
// Users can override the iconset in the settings.
define("ICONSET", "breeze");
// Enable iconsets.
define("ENABLE_ICONSETS", true);
// The title that will be shown in the title bar of the browser
define("WEBAPP_TITLE", "Kopano WebApp");
// The base URL where the User Manual for WebApp can be found
define("PLUGIN_WEBAPPMANUAL_URL", "https://documentation.kopano.io/user_manual_webapp/");
// When set to false, GAB does not show any user, unless searched for.
define("ENABLE_FULL_GAB", true);
// Set a maximum number of (search) results for the addressbook
// When more results are found no results will be displayed in the client.
// Set to 0 to disable this feature and show all results.
define("MAX_GAB_RESULTS", 0);
// Set to true to show public contact folders in address-book folder list,
// false will hide public contact folders in address-book folder list.
define("ENABLE_PUBLIC_CONTACT_FOLDERS", false);
// Set true to show public folders in hierarchy, false will disable public folders in hierarchy.
define("ENABLE_PUBLIC_FOLDERS", true);
// Set true to hide shared contact folders in address-book folder list,
// false will show shared contact folders in address-book folder list.
define("ENABLE_SHARED_CONTACT_FOLDERS", false);
// Set to true to give users the option to enable file previewer in their settings
// Set to false to hide the setting and disable file previewer for all users
define("ENABLE_FILE_PREVIEWER", true);
// Set to true to give users the possiblity to edit, create, and delete mail filters on the store
// of other users. The user needs owner permissions on the store of the other user.
define("ENABLE_SHARED_RULES", false);
// Booking method (true = direct booking, false = send meeting request)
define("ENABLE_DIRECT_BOOKING", true);
// Enable GZIP compression for responses
define("ENABLE_RESPONSE_COMPRESSION", true);
// When set to false this disables the welcome screen shown to new users.
define("ENABLE_WELCOME_SCREEN", true);
// Set to false to disable the "What's new dialog" that will be shown to users to introduce new features.
define("ENABLE_WHATS_NEW_DIALOG", true);
// When set to false it will disable showing of advanced settings.
define("ENABLE_ADVANCED_SETTINGS", false);
// Freebusy start offset that will be used to load freebusy data in appointments, number is subtracted from current time
define("FREEBUSY_LOAD_START_OFFSET", 7);
// Freebusy end offset that will be used to load freebusy data in appointments, number is added to current time
define("FREEBUSY_LOAD_END_OFFSET", 90);
// Maximum eml files to be included in a single ZIP archive
define("MAX_EML_FILES_IN_ZIP", 50);
// Set true to default soft delete the shared store items
define("ENABLE_DEFAULT_SOFT_DELETE", false);
// Enable widgets/today context.
define("ENABLE_WIDGETS", true);
// Additional color schemes for the calendars can be added by uncommenting and editing the following define.
// The format is the same as the format of COLOR_SCHEMES which is defined in default.php
// To change the default colors, COLOR_SCHEMES can also be defined here.
// Note: Every color should have a unique name, because it is used to identify the color
// define("ADDITIONAL_COLOR_SCHEMES", json_encode(array(
// array(
// 'name' => 'pink',
// 'displayName' => _('Pink'),
// 'base' => '#ff0099'
// )
// )));
// Additional categories can be added by uncommenting and editing the following define.
// The format is the same as the format of DEFAULT_CATEGORIES which is defined in default.php
// To change the default categories, DEFAULT_CATEGORIES can also be defined here.
// Note: Every category should have a unique name, because it is used to identify the category
// define("ADDITIONAL_CATEGORIES", json_encode(array(
// array(
// 'name' => _('Family'),
// 'color' => '#000000',
// 'quickAccess' => true,
// 'sortIndex' => 10
// )
// )));
// Additional Prefix for the Contact name can be added by uncommenting and editing the following define.
// define("CONTACT_PREFIX", json_encode(array(
// array(_('Er.')),
// array(_('Gr.'))
// )));
// Additional Suffix for the Contact name can be added by uncommenting and editing the following define.
// define("CONTACT_SUFFIX", json_encode(array(
// array(_('A')),
// array(_('B'))
// )));
// Define the polling interval in minutes for unread mail in shared stores.
define("SHARED_STORE_POLLING_INTERVAL", 15);
// Define the amount of emails to load in the background, in batches of 10 emails per request every x seconds
// defined by PREFETCH_EMAIL_INTERVAL until the defined amount of items is loaded. Setting this value to zero
// disables this feature.
define("PREFETCH_EMAIL_COUNT", 10);
// Define the interval between loading of new emails in the background.
define("PREFETCH_EMAIL_INTERVAL", 30);
/**************************************\
* Memory usage and timeouts *
\**************************************/
// This sets the maximum time in seconds that is allowed to run before it is terminated by the parser.
ini_set("max_execution_time", 300); // 5 minutes
// BLOCK_SIZE (in bytes) is used for attachments by mapi_stream_read/mapi_stream_write
define("BLOCK_SIZE", 1048576);
// Time that static files may exist in the client's cache (13 weeks)
define("EXPIRES_TIME", 60*60*24*7*13);
// Time that the state files are allowed to survive (in seconds)
// For filesystems on which relatime is used, this value should be larger then the relatime_interval
// for kernels 2.6.30 and above relatime is enabled by default, and the relatime_interval is set to
// 24 hours.
define("STATE_FILE_MAX_LIFETIME", 28*60*60);
// Time that attachments are allowed to survive (in seconds)
define("UPLOADED_ATTACHMENT_MAX_LIFETIME", 6*60*60);
/**********************************************************************************
* Logging settings
*
* Possible LOG_USER_LEVEL values are:
* LOGLEVEL_OFF - no logging
* LOGLEVEL_FATAL - log only critical errors
* LOGLEVEL_ERROR - logs events which might require corrective actions
* LOGLEVEL_WARN - might lead to an error or require corrective actions in the future
* LOGLEVEL_INFO - usually completed actions
* LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers
*
* The verbosity increases from top to bottom. More verbose levels include less verbose
* ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR,
* LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
*
**************************************************************************************/
define("LOG_USER_LEVEL", LOGLEVEL_OFF);
// To save e.g. user activity data only for selected users, provide the username followed by semicolon.
// The data will be saved into a dedicated file per user in the LOG_FILE_DIR
// Users have to be encapsulated in quotes, several users are semicolon separated, like:
// define('LOG_USERS', 'user1;user2;user3');
define("LOG_USERS", "");
// Location of the log directory
// e.g /var/log/webapp-userslog/users/
// The directory will be created when it does not exist.
// Webserver user should have permissions to write in this folder
define("LOG_FILE_DIR", "");
/**************************************\
* Languages *
\**************************************/
// Location to the translations
define("LANGUAGE_DIR", "server/language/");
// Defines the default interface language. This can be overridden by the user.
if (isset($_ENV['LANG']) && $_ENV['LANG']!="C") {
define('LANG', $_ENV["LANG"]); // This means the server environment language determines the web client language.
} else {
define('LANG', 'en_US.UTF-8'); // default fallback language
}
// List of languages that should be enabled in the logon
// screen's language drop down. Languages should be specified
// using <languagecode>_<regioncode>[.UTF-8], and separated with
// semicolon. A list of available languages can be found in
// the manual or by looking at the list of directories in
// /usr/share/kopano-webapp/server/language .
define("ENABLED_LANGUAGES", "cs_CZ;da_DK;de_DE;en_GB;en_US;es_CA;es_ES;fi_FI;fr_FR;hu_HU;it_IT;ja_JP;nb_NO;nl_NL;pl_PL;pt_BR;ru_RU;sl_SI;tr_TR;zh_CN");
// Defines the default time zone
if (!ini_get('date.timezone')) {
date_default_timezone_set('Europe/Amsterdam');
}
/**************************************\
* Powerpaste *
\**************************************/
// Options for TinyMCE's powerpaste plugin, see https://www.tiny.cloud/docs/plugins/powerpaste/#configurationoptions
// for more details.
define("POWERPASTE_WORD_IMPORT", "merge");
define("POWERPASTE_HTML_IMPORT", "merge");
define("POWERPASTE_ALLOW_LOCAL_IMAGES", true);
/**************************************\
* Debugging *
\**************************************/
// Do not log errors into stdout, since this generates faulty JSON responses.
ini_set("display_errors", false);
ini_set("log_errors", true);
error_reporting(E_ERROR);
// Log successful logins
define("LOG_SUCCESSFUL_LOGINS", false);
if (file_exists('debug.php')) {
include_once('debug.php');
} else {
// define empty dump function in case we still use it somewhere
function dump(){}
}
?>