From f9c1d4b4e428e8343d6e27bb53e5df93c93e3e64 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 9 Oct 2019 15:47:08 -0600 Subject: [PATCH 01/16] enable imap special-use flags --- install/tpl/debian6_dovecot2.conf.master | 20 ++++++++++++++++++++ install/tpl/fedora_dovecot2.conf.master | 21 +++++++++++++++++++++ install/tpl/opensuse_dovecot2.conf.master | 21 +++++++++++++++++++++ 3 files changed, 62 insertions(+) diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master index 777280f044..58adf1d85c 100644 --- a/install/tpl/debian6_dovecot2.conf.master +++ b/install/tpl/debian6_dovecot2.conf.master @@ -10,6 +10,7 @@ ssl_dh = Date: Wed, 9 Oct 2019 16:07:29 -0600 Subject: [PATCH 02/16] enable quota checking in RCPT stage --- install/tpl/debian6_dovecot2.conf.master | 1 + install/tpl/debian_dovecot2.conf.master | 1 + install/tpl/fedora_dovecot2.conf.master | 1 + install/tpl/opensuse_dovecot2.conf.master | 1 + 4 files changed, 4 insertions(+) diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master index 58adf1d85c..76d168cd7d 100644 --- a/install/tpl/debian6_dovecot2.conf.master +++ b/install/tpl/debian6_dovecot2.conf.master @@ -50,6 +50,7 @@ service lmtp { # process_min_avail = 5 } } +lmtp_rcpt_check_quota = yes service imap-login { client_limit = 1000 process_limit = 512 diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master index e1929b188d..24bf07393f 100644 --- a/install/tpl/debian_dovecot2.conf.master +++ b/install/tpl/debian_dovecot2.conf.master @@ -46,6 +46,7 @@ service lmtp { user = postfix } } +lmtp_rcpt_check_quota = yes service imap-login { client_limit = 1000 process_limit = 512 diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master index 1f6c6eb996..56d304a761 100644 --- a/install/tpl/fedora_dovecot2.conf.master +++ b/install/tpl/fedora_dovecot2.conf.master @@ -43,6 +43,7 @@ service lmtp { user = postfix } } +lmtp_rcpt_check_quota = yes service imap-login { client_limit = 1000 process_limit = 500 diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master index 9e17d4603a..d9f29a41e1 100644 --- a/install/tpl/opensuse_dovecot2.conf.master +++ b/install/tpl/opensuse_dovecot2.conf.master @@ -43,6 +43,7 @@ service lmtp { user = postfix } } +lmtp_rcpt_check_quota = yes service imap-login { client_limit = 1000 process_limit = 500 -- GitLab From cda1d3b20cae212570f1ff79c95abcb8100c23cb Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 9 Oct 2019 16:37:36 -0600 Subject: [PATCH 03/16] implement dovecot quota-status policy daemon (#4649) --- install/sql/incremental/upd_dev_collection.sql | 3 +++ install/sql/ispconfig3.sql | 1 + install/tpl/debian6_dovecot2.conf.master | 15 +++++++++++++++ install/tpl/debian_dovecot2.conf.master | 15 +++++++++++++++ install/tpl/debian_postfix.conf.master | 3 ++- install/tpl/fedora_dovecot2.conf.master | 15 +++++++++++++++ install/tpl/fedora_postfix.conf.master | 3 ++- install/tpl/gentoo_postfix.conf.master | 3 ++- install/tpl/master_cf_amavis10025.master | 1 + install/tpl/master_cf_amavis10027.master | 1 + install/tpl/opensuse_dovecot2.conf.master | 15 +++++++++++++++ install/tpl/opensuse_postfix.conf.master | 3 ++- 12 files changed, 74 insertions(+), 4 deletions(-) diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql index 659708c685..91db879d0c 100644 --- a/install/sql/incremental/upd_dev_collection.sql +++ b/install/sql/incremental/upd_dev_collection.sql @@ -26,3 +26,6 @@ ALTER TABLE `mail_user` -- doveadm should be enabled for all mailboxes UPDATE `mail_user` set `disabledoveadm` = 'n'; + +-- add disablequota-status for quota-status policy daemon +ALTER TABLE `mail_user` ADD `disablequota-status` ENUM('n','y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'n' AFTER `disabledoveadm`; diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index 4965358bc6..cc266ff235 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -1062,6 +1062,7 @@ CREATE TABLE `mail_user` ( `disablelda` enum('n','y') NOT NULL default 'n', `disablelmtp` enum('n','y') NOT NULL default 'n', `disabledoveadm` enum('n','y') NOT NULL default 'n', + `disablequota-status` enum('n','y') NOT NULL default 'n', `last_quota_notification` date NULL default NULL, `backup_interval` VARCHAR( 255 ) NOT NULL default 'none', `backup_copies` INT NOT NULL DEFAULT '1', diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master index 76d168cd7d..1f51f23ad3 100644 --- a/install/tpl/debian6_dovecot2.conf.master +++ b/install/tpl/debian6_dovecot2.conf.master @@ -85,6 +85,21 @@ protocol lmtp { #2.3+ } #2.3+ } +service quota-status { + executable = quota-status -p postfix + inet_listener { + # separate multiple addresses with space: + address = 127.0.0.1 + port = 10060 + } + client_limit = 1 +} +plugin { + quota_status_success = DUNNO + quota_status_nouser = DUNNO + quota_status_overquota = "552 5.2.2 Mailbox is full" +} + imap_capability=+SEPCIAL-USE XLIST namespace inbox { inbox = yes diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master index 24bf07393f..b71ede7534 100644 --- a/install/tpl/debian_dovecot2.conf.master +++ b/install/tpl/debian_dovecot2.conf.master @@ -81,3 +81,18 @@ protocol lmtp { #2.3+ mode = 0660 #2.3+ } #2.3+ } + +service quota-status { + executable = quota-status -p postfix + inet_listener { + # separate multiple addresses with space: + address = 127.0.0.1 + port = 10060 + } + client_limit = 1 +} +plugin { + quota_status_success = DUNNO + quota_status_nouser = DUNNO + quota_status_overquota = "552 5.2.2 Mailbox is full" +} diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index b7dbea6300..4d03dfd005 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -15,7 +15,8 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting} +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service inet:127.0.0.1:10060 +smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060 smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master index 56d304a761..9115404d9f 100644 --- a/install/tpl/fedora_dovecot2.conf.master +++ b/install/tpl/fedora_dovecot2.conf.master @@ -80,6 +80,21 @@ mail_plugins = $mail_plugins quota #2.3+ } #2.3+ } +service quota-status { + executable = quota-status -p postfix + inet_listener { + # separate multiple addresses with space: + address = 127.0.0.1 + port = 10060 + } + client_limit = 1 +} +plugin { + quota_status_success = DUNNO + quota_status_nouser = DUNNO + quota_status_overquota = "552 5.2.2 Mailbox is full" +} + imap_capability=+SEPCIAL-USE XLIST namespace inbox { inbox = yes diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index f06af82288..8bda2b7dcc 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -11,7 +11,8 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting} +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service inet:127.0.0.1:10060 +smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060 smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index dc20e02c13..79a9dcd63d 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -10,7 +10,8 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting} +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service inet:127.0.0.1:10060 +smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060 smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/master_cf_amavis10025.master b/install/tpl/master_cf_amavis10025.master index 43f362d5c0..6dee892264 100644 --- a/install/tpl/master_cf_amavis10025.master +++ b/install/tpl/master_cf_amavis10025.master @@ -8,6 +8,7 @@ -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks diff --git a/install/tpl/master_cf_amavis10027.master b/install/tpl/master_cf_amavis10027.master index f9fdf1cf60..640902d52e 100644 --- a/install/tpl/master_cf_amavis10027.master +++ b/install/tpl/master_cf_amavis10027.master @@ -8,6 +8,7 @@ -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master index d9f29a41e1..7fb51246f9 100644 --- a/install/tpl/opensuse_dovecot2.conf.master +++ b/install/tpl/opensuse_dovecot2.conf.master @@ -79,6 +79,21 @@ mail_plugins = $mail_plugins quota #2.3+ } #2.3+ } +service quota-status { + executable = quota-status -p postfix + inet_listener { + # separate multiple addresses with space: + address = 127.0.0.1 + port = 10060 + } + client_limit = 1 +} +plugin { + quota_status_success = DUNNO + quota_status_nouser = DUNNO + quota_status_overquota = "552 5.2.2 Mailbox is full" +} + imap_capability=+SEPCIAL-USE XLIST namespace inbox { inbox = yes diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index 4192f988b5..6661bffd98 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -13,7 +13,8 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting} +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service inet:127.0.0.1:10060 +smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060 smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert -- GitLab From f60d97f4313b78f7e605ef65a508d1dee4a2dc25 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Thu, 10 Oct 2019 11:20:30 -0600 Subject: [PATCH 04/16] enable managesieve daemon if installed (#3395) --- install/dist/lib/debian60.lib.php | 11 ++++++++++- install/lib/installer_base.lib.php | 11 ++++++++++- install/tpl/debian6_dovecot2.conf.master | 2 ++ install/tpl/debian_dovecot2.conf.master | 2 ++ install/tpl/fedora_dovecot2.conf.master | 2 ++ install/tpl/opensuse_dovecot2.conf.master | 2 ++ 6 files changed, 28 insertions(+), 2 deletions(-) diff --git a/install/dist/lib/debian60.lib.php b/install/dist/lib/debian60.lib.php index cc234f132e..cd3b46e544 100644 --- a/install/dist/lib/debian60.lib.php +++ b/install/dist/lib/debian60.lib.php @@ -138,7 +138,7 @@ class installer extends installer_base { } //remove #2.3+ comment $content = file_get_contents($config_dir.'/'.$configfile); - $content = str_replace('#2.3+','',$content); + $content = str_replace('#2.3+ ','',$content); file_put_contents($config_dir.'/'.$configfile,$content); unset($content); @@ -155,6 +155,15 @@ class installer extends installer_base { } } + //* dovecot-managesieved + if($configure_managesieve = is_file('/usr/lib/dovecot/managesieve')) { + //remove #mangesieve+ comment + $content = file_get_contents($config_dir.'/'.$configfile); + $content = str_replace('#mangesieve+ ','',$content); + file_put_contents($config_dir.'/'.$configfile,$content); + unset($content); + } + //* dovecot-lmtpd if($configure_lmtp) { replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0); diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index e5ac1428d8..73995498d3 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -1347,7 +1347,7 @@ class installer_base { } //remove #2.3+ comment $content = file_get_contents($config_dir.'/'.$configfile); - $content = str_replace('#2.3+','',$content); + $content = str_replace('#2.3+ ','',$content); file_put_contents($config_dir.'/'.$configfile,$content); unset($content); @@ -1358,6 +1358,15 @@ class installer_base { } } + //* dovecot-managesieved + if($configure_managesieve = is_file('/usr/lib/dovecot/managesieve')) { + //remove #mangesieve+ comment + $content = file_get_contents($config_dir.'/'.$configfile); + $content = str_replace('#mangesieve+ ','',$content); + file_put_contents($config_dir.'/'.$configfile,$content); + unset($content); + } + //* dovecot-lmtpd if($configure_lmtp) { replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0); diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master index 1f51f23ad3..c21ab94ad9 100644 --- a/install/tpl/debian6_dovecot2.conf.master +++ b/install/tpl/debian6_dovecot2.conf.master @@ -119,3 +119,5 @@ namespace inbox { special_use = \Trash } } + +#managesieve+ protocols = $protocols sieve diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master index b71ede7534..8a204e7776 100644 --- a/install/tpl/debian_dovecot2.conf.master +++ b/install/tpl/debian_dovecot2.conf.master @@ -96,3 +96,5 @@ plugin { quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full" } + +#managesieve+ protocols = $protocols sieve diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master index 9115404d9f..207983f86e 100644 --- a/install/tpl/fedora_dovecot2.conf.master +++ b/install/tpl/fedora_dovecot2.conf.master @@ -114,3 +114,5 @@ namespace inbox { special_use = \Trash } } + +#managesieve+ protocols = $protocols sieve diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master index 7fb51246f9..42230ed300 100644 --- a/install/tpl/opensuse_dovecot2.conf.master +++ b/install/tpl/opensuse_dovecot2.conf.master @@ -113,3 +113,5 @@ namespace inbox { special_use = \Trash } } + +#managesieve+ protocols = $protocols sieve -- GitLab From 2120766a264199d00580dfcbde98008bfd8e2815 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Mon, 14 Oct 2019 17:53:23 -0600 Subject: [PATCH 05/16] use lmtp by default if detected --- install/dist/lib/debian60.lib.php | 27 ++++++++++++++--------- install/lib/installer_base.lib.php | 27 ++++++++++++++--------- install/tpl/debian6_dovecot2.conf.master | 1 - install/tpl/debian_dovecot2.conf.master | 1 - install/tpl/fedora_dovecot2.conf.master | 1 - install/tpl/opensuse_dovecot2.conf.master | 1 - 6 files changed, 32 insertions(+), 26 deletions(-) diff --git a/install/dist/lib/debian60.lib.php b/install/dist/lib/debian60.lib.php index cd3b46e544..faac52b227 100644 --- a/install/dist/lib/debian60.lib.php +++ b/install/dist/lib/debian60.lib.php @@ -33,11 +33,16 @@ class installer extends installer_base { public function configure_dovecot() { global $conf; - + $virtual_transport = 'dovecot'; $configure_lmtp = false; - + + // use lmtp if installed + if($configure_lmtp = is_file('/usr/lib/dovecot/lmtp')) { + $virtual_transport = 'lmtp:unix:private/dovecot-lmtp'; + } + // check if virtual_transport must be changed if ($this->is_update) { $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']); @@ -155,20 +160,20 @@ class installer extends installer_base { } } - //* dovecot-managesieved - if($configure_managesieve = is_file('/usr/lib/dovecot/managesieve')) { - //remove #mangesieve+ comment - $content = file_get_contents($config_dir.'/'.$configfile); - $content = str_replace('#mangesieve+ ','',$content); - file_put_contents($config_dir.'/'.$configfile,$content); - unset($content); - } + $dovecot_protocols = 'imap pop3'; //* dovecot-lmtpd if($configure_lmtp) { - replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0); + $dovecot_protocols .= ' lmtp' + } + + //* dovecot-managesieved + if(is_file('/usr/lib/dovecot/managesieve')) { + $dovecot_protocols .= ' sieve' } + replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', "protocols = $dovecot_protocols", 1, 0); + //* dovecot-sql.conf $configfile = 'dovecot-sql.conf'; if(is_file($config_dir.'/'.$configfile)){ diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 73995498d3..ee9d1a6d8d 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -1233,11 +1233,16 @@ class installer_base { public function configure_dovecot() { global $conf; - + $virtual_transport = 'dovecot'; $configure_lmtp = false; - + + // use lmtp if installed + if($configure_lmtp = is_file('/usr/lib/dovecot/lmtp')) { + $virtual_transport = 'lmtp:unix:private/dovecot-lmtp'; + } + // check if virtual_transport must be changed if ($this->is_update) { $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']); @@ -1358,20 +1363,20 @@ class installer_base { } } - //* dovecot-managesieved - if($configure_managesieve = is_file('/usr/lib/dovecot/managesieve')) { - //remove #mangesieve+ comment - $content = file_get_contents($config_dir.'/'.$configfile); - $content = str_replace('#mangesieve+ ','',$content); - file_put_contents($config_dir.'/'.$configfile,$content); - unset($content); - } + $dovecot_protocols = 'imap pop3'; //* dovecot-lmtpd if($configure_lmtp) { - replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0); + $dovecot_protocols .= ' lmtp' + } + + //* dovecot-managesieved + if(is_file('/usr/lib/dovecot/managesieve')) { + $dovecot_protocols .= ' sieve' } + replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', "protocols = $dovecot_protocols", 1, 0); + //* dovecot-sql.conf $configfile = 'dovecot-sql.conf'; if(is_file($config_dir.'/'.$configfile)) { diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master index c21ab94ad9..95acb721e0 100644 --- a/install/tpl/debian6_dovecot2.conf.master +++ b/install/tpl/debian6_dovecot2.conf.master @@ -120,4 +120,3 @@ namespace inbox { } } -#managesieve+ protocols = $protocols sieve diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master index 8a204e7776..dbacf872f5 100644 --- a/install/tpl/debian_dovecot2.conf.master +++ b/install/tpl/debian_dovecot2.conf.master @@ -97,4 +97,3 @@ plugin { quota_status_overquota = "552 5.2.2 Mailbox is full" } -#managesieve+ protocols = $protocols sieve diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master index 207983f86e..08ac94a903 100644 --- a/install/tpl/fedora_dovecot2.conf.master +++ b/install/tpl/fedora_dovecot2.conf.master @@ -115,4 +115,3 @@ namespace inbox { } } -#managesieve+ protocols = $protocols sieve diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master index 42230ed300..6e040b9745 100644 --- a/install/tpl/opensuse_dovecot2.conf.master +++ b/install/tpl/opensuse_dovecot2.conf.master @@ -114,4 +114,3 @@ namespace inbox { } } -#managesieve+ protocols = $protocols sieve -- GitLab From f78f7cc60c5ee6598c93ef8a6fcde8fb6036a288 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Mon, 14 Oct 2019 18:24:49 -0600 Subject: [PATCH 06/16] talk to amavis with lmtp if detected: closes #4792 --- install/lib/installer_base.lib.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index ee9d1a6d8d..e0bf16c6aa 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -927,17 +927,26 @@ class installer_base { //* mysql-virtual_uids.cf $this->process_postfix_config('mysql-virtual_uids.cf'); + // test if lmtp if available + $configure_lmtp = $this->get_postfix_service('lmtp','unix'); + //* postfix-dkim $filename='tag_as_originating.re'; $full_file_name=$config_dir.'/'.$filename; if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~'); $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master'); + if($configure_lmtp) { + $content = preg_replace('/amavis:/', 'lmtp:', $content); + } wf($full_file_name, $content); $filename='tag_as_foreign.re'; $full_file_name=$config_dir.'/'.$filename; if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~'); $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master'); + if($configure_lmtp) { + $content = preg_replace('/amavis:/', 'lmtp:', $content); + } wf($full_file_name, $content); //* Changing mode and group of the new created config files. @@ -1423,6 +1432,8 @@ class installer_base { // TODO: chmod and chown on the config file + // test if lmtp if available + $configure_lmtp = $this->get_postfix_service('lmtp','unix'); // Adding the amavisd commands to the postfix configuration // Add array for no error in foreach and maybe future options @@ -1430,7 +1441,8 @@ class installer_base { // Check for amavisd -> pure webserver with postfix for mailing without antispam if ($conf['amavis']['installed']) { - $postconf_commands[] = 'content_filter = amavis:[127.0.0.1]:10024'; + $content_filter_service = ($configure_lmtp) ? 'lmtp' : 'amavis'; + $postconf_commands[] = "content_filter = ${content_filter_service}:[127.0.0.1]:10024"; $postconf_commands[] = 'receive_override_options = no_address_mappings'; } -- GitLab From 5353f1d9d58e3bb651323b0f7f3ccd07df2b8355 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 30 Oct 2019 10:21:26 -0600 Subject: [PATCH 07/16] use unix domain socket for quota-status (#4649) --- install/tpl/debian6_dovecot2.conf.master | 8 ++++---- install/tpl/debian_dovecot2.conf.master | 8 ++++---- install/tpl/debian_postfix.conf.master | 4 ++-- install/tpl/fedora_dovecot2.conf.master | 8 ++++---- install/tpl/fedora_postfix.conf.master | 4 ++-- install/tpl/gentoo_postfix.conf.master | 4 ++-- install/tpl/opensuse_dovecot2.conf.master | 8 ++++---- install/tpl/opensuse_postfix.conf.master | 4 ++-- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master index 95acb721e0..973ada2f99 100644 --- a/install/tpl/debian6_dovecot2.conf.master +++ b/install/tpl/debian6_dovecot2.conf.master @@ -87,10 +87,10 @@ protocol lmtp { service quota-status { executable = quota-status -p postfix - inet_listener { - # separate multiple addresses with space: - address = 127.0.0.1 - port = 10060 + unix_listener /var/spool/postfix/private/quota-status { + group = postfix + mode = 0660 + user = postfix } client_limit = 1 } diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master index dbacf872f5..d4fc7ebd0f 100644 --- a/install/tpl/debian_dovecot2.conf.master +++ b/install/tpl/debian_dovecot2.conf.master @@ -84,10 +84,10 @@ protocol lmtp { service quota-status { executable = quota-status -p postfix - inet_listener { - # separate multiple addresses with space: - address = 127.0.0.1 - port = 10060 + unix_listener /var/spool/postfix/private/quota-status { + group = postfix + mode = 0660 + user = postfix } client_limit = 1 } diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index 4d03dfd005..95603bac39 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -15,8 +15,8 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service inet:127.0.0.1:10060 -smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060 +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status +smtpd_end_of_data_restrictions = check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master index 08ac94a903..dbef641fdf 100644 --- a/install/tpl/fedora_dovecot2.conf.master +++ b/install/tpl/fedora_dovecot2.conf.master @@ -82,10 +82,10 @@ mail_plugins = $mail_plugins quota service quota-status { executable = quota-status -p postfix - inet_listener { - # separate multiple addresses with space: - address = 127.0.0.1 - port = 10060 + unix_listener /var/spool/postfix/private/quota-status { + group = postfix + mode = 0660 + user = postfix } client_limit = 1 } diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index 8bda2b7dcc..f651a02729 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -11,8 +11,8 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service inet:127.0.0.1:10060 -smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060 +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status +smtpd_end_of_data_restrictions = check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index 79a9dcd63d..2d562c74a9 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -10,8 +10,8 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service inet:127.0.0.1:10060 -smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060 +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status +smtpd_end_of_data_restrictions = check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master index 6e040b9745..a1bdfa1f91 100644 --- a/install/tpl/opensuse_dovecot2.conf.master +++ b/install/tpl/opensuse_dovecot2.conf.master @@ -81,10 +81,10 @@ mail_plugins = $mail_plugins quota service quota-status { executable = quota-status -p postfix - inet_listener { - # separate multiple addresses with space: - address = 127.0.0.1 - port = 10060 + unix_listener /var/spool/postfix/private/quota-status { + group = postfix + mode = 0660 + user = postfix } client_limit = 1 } diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index 6661bffd98..7517043e63 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -13,8 +13,8 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service inet:127.0.0.1:10060 -smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060 +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status +smtpd_end_of_data_restrictions = check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert -- GitLab From e9b92aa62f3f8557d4351f649b702fe3c4cfef4d Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Thu, 31 Oct 2019 15:46:25 -0600 Subject: [PATCH 08/16] bugfixes and remove/add master.cf templates to effect changes --- install/dist/lib/debian60.lib.php | 4 +- install/lib/install.lib.php | 25 +++++++--- install/lib/installer_base.lib.php | 79 +++++++++++++++++++++++++++--- 3 files changed, 92 insertions(+), 16 deletions(-) diff --git a/install/dist/lib/debian60.lib.php b/install/dist/lib/debian60.lib.php index faac52b227..a8e90f189b 100644 --- a/install/dist/lib/debian60.lib.php +++ b/install/dist/lib/debian60.lib.php @@ -164,12 +164,12 @@ class installer extends installer_base { //* dovecot-lmtpd if($configure_lmtp) { - $dovecot_protocols .= ' lmtp' + $dovecot_protocols .= ' lmtp'; } //* dovecot-managesieved if(is_file('/usr/lib/dovecot/managesieve')) { - $dovecot_protocols .= ' sieve' + $dovecot_protocols .= ' sieve'; } replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', "protocols = $dovecot_protocols", 1, 0); diff --git a/install/lib/install.lib.php b/install/lib/install.lib.php index 02ebba2850..ea4e563a6a 100644 --- a/install/lib/install.lib.php +++ b/install/lib/install.lib.php @@ -471,29 +471,38 @@ function rf($file){ } function wf($file, $content){ - mkdirs(dirname($file)); + if(!$ret_val = mkdirs(dirname($file))) return false; if(!$fp = fopen($file, 'wb')){ ilog('WARNING: could not open file '.$file); + // implicitly returned false because the following fwrite and fclose both fail, + // but to be explicit: + $ret_val = false; } - fwrite($fp, $content); - fclose($fp); + fwrite($fp, $content) or $ret_val = false; + fclose($fp) or $ret_val = false; + return $ret_val; } function af($file, $content){ - mkdirs(dirname($file)); + if(!$ret_val = mkdirs(dirname($file))) return false; if(!$fp = fopen($file, 'ab')){ ilog('WARNING: could not open file '.$file); + $ret_val = false; } - fwrite($fp, $content); - fclose($fp); + fwrite($fp, $content) or $ret_val = false; + fclose($fp) or $ret_val = false; + return $ret_val; } function aftsl($file, $content){ + $ret_val = true; if(!$fp = fopen($file, 'ab')){ ilog('WARNING: could not open file '.$file); + $ret_val = false; } - fwrite($fp, $content); - fclose($fp); + fwrite($fp, $content) or $ret_val = false; + fclose($fp) or $ret_val = false; + return $ret_val; } function unix_nl($input){ diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index e0bf16c6aa..5ca16cc674 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -864,7 +864,7 @@ class installer_base { exec ("postconf -M $service.$type 2> /dev/null", $out, $ret); } $postfix_service = @($out[0]=='')?false:true; - } else { //* fallback - Postfix < 2.9 + } else { //* fallback - Postfix < 2.9 $content = rf($conf['postfix']['config_dir'].'/master.cf'); $regex = "/^((?!#)".$service.".*".$type.".*)$/m"; $postfix_service = @(preg_match($regex, $content))?true:false; @@ -873,6 +873,68 @@ class installer_base { return $postfix_service; } + public function remove_postfix_service( $service, $type ) { + global $conf; + + // nothing to do if the service isn't even defined. + if (! $this->get_postfix_service( $service, $type ) ) { + return true; + } + + $postfix_version = `postconf -d mail_version 2>/dev/null`; + $postfix_version = preg_replace( '/mail_version\s*=\s*(.*)\s*/', '$1', $postfix_version ); + + if ( version_compare( $postfix_version, '2.11', '>=' ) ) { + + exec("postconf -X -M $service/$type 2> /dev/null", $out, $ret); + + # reduce 3 or more newlines to 2 + $content = rf($conf['postfix']['config_dir'].'/master.cf'); + $content = preg_replace( '/(\r?\n){3,}/', '$1$1', $content ); + wf( $conf['postfix']['config_dir'].'/master.cf', $content ); + + } else { //* fallback - Postfix < 2.11 + + if ( ! $cf = fopen( $conf['postfix']['config_dir'].'/master.cf', 'r' ) ) { + return false; + } + + $out = ""; + $reading_service = false; + + while ( !feof( $cf ) ) { + $line = fgets( $cf ); + + if ( $reading_service ) { + # regex matches a new service or "empty" (whitespace) line + if ( preg_match( '/^([^\s#]+.*|\s*)$/', $line ) && + ! preg_match( '/^'.$service.'\s+'.$type.'/', $line ) ) { + $out .= $line; + $reading_service = false; + } + + # $skipped_lines .= $line; + + # regex matches definition matching service to be removed + } else if ( preg_match( '/^'.$service.'\s+'.$type.'/', $line ) ) { + + $reading_service = true; + # $skipped_lines .= $line; + + } else { + $out .= $line; + } + } + fclose( $cf ); + + $out = preg_replace( '/(\r?\n){3,}/', '$1$1', $out ); # reduce 3 or more newlines to 2 + + return wf( $conf['postfix']['config_dir'].'/master.cf', $out ); + } + + return true; + } + public function configure_postfix($options = '') { global $conf,$autoinstall; $cf = $conf['postfix']; @@ -1376,12 +1438,12 @@ class installer_base { //* dovecot-lmtpd if($configure_lmtp) { - $dovecot_protocols .= ' lmtp' + $dovecot_protocols .= ' lmtp'; } //* dovecot-managesieved if(is_file('/usr/lib/dovecot/managesieve')) { - $dovecot_protocols .= ' sieve' + $dovecot_protocols .= ' sieve'; } replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', "protocols = $dovecot_protocols", 1, 0); @@ -1458,11 +1520,16 @@ class installer_base { $config_dir = $conf['postfix']['config_dir']; // Adding amavis-services to the master.cf file if the service does not already exists - $add_amavis = !$this->get_postfix_service('amavis','unix'); - $add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet'); - $add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet'); +// $add_amavis = !$this->get_postfix_service('amavis','unix'); +// $add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet'); +// $add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet'); //*TODO: check templates against existing postfix-services to make sure we use the template + // Or just remove the old service definitions and add them again? + $add_amavis = $this->remove_postfix_service('amavis','unix'); + $add_amavis_10025 = $this->remove_postfix_service('127.0.0.1:10025','inet'); + $add_amavis_10027 = $this->remove_postfix_service('127.0.0.1:10027','inet'); + if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) { //* backup master.cf if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~'); -- GitLab From fa8183967b38dd5e751db23157c5126fe1e8c178 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Mon, 11 Nov 2019 17:30:17 -0700 Subject: [PATCH 09/16] remove quota-status policy server from smtpd_end_of_data_restrictions: closes #4649 --- install/tpl/debian_postfix.conf.master | 1 - install/tpl/fedora_postfix.conf.master | 1 - install/tpl/gentoo_postfix.conf.master | 1 - install/tpl/opensuse_postfix.conf.master | 1 - 4 files changed, 4 deletions(-) diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index 95603bac39..0df3ae38e8 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -16,7 +16,6 @@ smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status -smtpd_end_of_data_restrictions = check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index f651a02729..3e5646a036 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -12,7 +12,6 @@ smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status -smtpd_end_of_data_restrictions = check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index 2d562c74a9..da482fc561 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -11,7 +11,6 @@ smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status -smtpd_end_of_data_restrictions = check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index 7517043e63..47f582af0c 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -14,7 +14,6 @@ smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status -smtpd_end_of_data_restrictions = check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert -- GitLab From d9a2d35574f20d5403507f50f655ac98b749787e Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 13 Nov 2019 17:20:33 -0700 Subject: [PATCH 10/16] read ISPConfig's sieve script via sieve_after: closes #3395 --- install/tpl/debian6_dovecot.conf.master | 6 +++ install/tpl/debian6_dovecot2.conf.master | 6 +++ install/tpl/debian_dovecot.conf.master | 7 +++- install/tpl/debian_dovecot2.conf.master | 6 +++ install/tpl/fedora_dovecot.conf.master | 9 ++++- install/tpl/fedora_dovecot2.conf.master | 7 ++++ install/tpl/opensuse_dovecot.conf.master | 9 ++++- install/tpl/opensuse_dovecot2.conf.master | 7 ++++ server/conf/sieve_filter.master | 5 ++- server/conf/sieve_filter_1.2.master | 3 ++ .../maildeliver_plugin.inc.php | 37 ++++++++++++------- 11 files changed, 83 insertions(+), 19 deletions(-) diff --git a/install/tpl/debian6_dovecot.conf.master b/install/tpl/debian6_dovecot.conf.master index 4286689cd4..a112712690 100644 --- a/install/tpl/debian6_dovecot.conf.master +++ b/install/tpl/debian6_dovecot.conf.master @@ -57,7 +57,13 @@ plugin { # the maildir quota does not need to be set. # You do not need: quota = maildir + # no longer needed, as 'sieve' is in userdb extra fields: sieve=/var/vmail/%d/%n/.sieve + + sieve_after=/var/vmail/%d/%n/.ispconfig.sieve + sieve_max_script_size = 2M + sieve_max_actions = 100 + sieve_max_redirects = 25 } diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master index 973ada2f99..c82ac59a38 100644 --- a/install/tpl/debian6_dovecot2.conf.master +++ b/install/tpl/debian6_dovecot2.conf.master @@ -24,7 +24,13 @@ userdb { } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage + + # no longer needed, as 'sieve' is in userdb extra fields: sieve=/var/vmail/%d/%n/.sieve + + sieve_after=/var/vmail/%d/%n/.ispconfig.sieve + sieve_max_script_size = 2M + sieve_max_actions = 100 sieve_max_redirects = 25 } service auth { diff --git a/install/tpl/debian_dovecot.conf.master b/install/tpl/debian_dovecot.conf.master index 8d6022502f..f91959a1f5 100644 --- a/install/tpl/debian_dovecot.conf.master +++ b/install/tpl/debian_dovecot.conf.master @@ -682,7 +682,7 @@ protocol managesieve { # the sieve storage directory. This must match the SIEVE setting used by # deliver (refer to http://wiki.dovecot.org/LDA/Sieve#location for more # info). Variable substitution with % is recognized. - sieve=~/.dovecot.sieve + sieve=~/.sieve # This specifies the path to the directory where the uploaded scripts must # be stored. In terms of '%' variable substitution it is identical to @@ -1144,4 +1144,9 @@ plugin { # they're moved to a 3rd namespace. The mails won't be counted in quota, # and they're not deleted automatically (use a cronjob or something). #lazy_expunge = .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/ + + sieve_after=/var/vmail/%d/%n/.ispconfig.sieve + sieve_max_script_size = 2M + sieve_max_actions = 100 + sieve_max_redirects = 25 } diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master index d4fc7ebd0f..25c586118c 100644 --- a/install/tpl/debian_dovecot2.conf.master +++ b/install/tpl/debian_dovecot2.conf.master @@ -23,7 +23,13 @@ userdb { } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage + + # no longer needed, as 'sieve' is in userdb extra fields: sieve=/var/vmail/%d/%n/.sieve + + sieve_after=/var/vmail/%d/%n/.ispconfig.sieve + sieve_max_script_size = 2M + sieve_max_actions = 100 sieve_max_redirects = 25 } service auth { diff --git a/install/tpl/fedora_dovecot.conf.master b/install/tpl/fedora_dovecot.conf.master index cfac856414..e687954986 100644 --- a/install/tpl/fedora_dovecot.conf.master +++ b/install/tpl/fedora_dovecot.conf.master @@ -1300,11 +1300,16 @@ plugin { # # Location of the active script. When ManageSieve is used this is actually # a symlink pointing to the active script in the sieve storage directory. - #sieve=~/.dovecot.sieve - # + sieve=~/.sieve + # The path to the directory where the personal Sieve scripts are stored. For # ManageSieve this is where the uploaded scripts are stored. sieve_dir=~/sieve + + sieve_after=/var/vmail/%d/%n/.ispconfig.sieve + sieve_max_script_size = 2M + sieve_max_actions = 100 + sieve_max_redirects = 25 } # Config files can also be included. deliver doesn't support them currently. diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master index dbef641fdf..9fd5ed92c2 100644 --- a/install/tpl/fedora_dovecot2.conf.master +++ b/install/tpl/fedora_dovecot2.conf.master @@ -21,7 +21,14 @@ userdb { } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage + + # no longer needed, as 'sieve' is in userdb extra fields: sieve=/var/vmail/%d/%n/.sieve + + sieve_after=/var/vmail/%d/%n/.ispconfig.sieve + sieve_max_script_size = 2M + sieve_max_actions = 100 + sieve_max_redirects = 25 } service auth { unix_listener /var/spool/postfix/private/auth { diff --git a/install/tpl/opensuse_dovecot.conf.master b/install/tpl/opensuse_dovecot.conf.master index 9d345fa911..1eacf4c3a3 100644 --- a/install/tpl/opensuse_dovecot.conf.master +++ b/install/tpl/opensuse_dovecot.conf.master @@ -1274,11 +1274,16 @@ plugin { # # Location of the active script. When ManageSieve is used this is actually # a symlink pointing to the active script in the sieve storage directory. - sieve=~/.dovecot.sieve - # + sieve=~/.sieve + # The path to the directory where the personal Sieve scripts are stored. For # ManageSieve this is where the uploaded scripts are stored. sieve_dir=~/sieve + + sieve_after=/var/vmail/%d/%n/.ispconfig.sieve + sieve_max_script_size = 2M + sieve_max_actions = 100 + sieve_max_redirects = 25 } # Config files can also be included. deliver doesn't support them currently. diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master index a1bdfa1f91..94e658aecc 100644 --- a/install/tpl/opensuse_dovecot2.conf.master +++ b/install/tpl/opensuse_dovecot2.conf.master @@ -21,7 +21,14 @@ userdb { } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage + + # no longer needed, as 'sieve' is in userdb extra fields: sieve=/var/vmail/%d/%n/.sieve + + sieve_after=/var/vmail/%d/%n/.ispconfig.sieve + sieve_max_script_size = 2M + sieve_max_actions = 100 + sieve_max_redirects = 25 } service auth { unix_listener /var/spool/postfix/private/auth { diff --git a/server/conf/sieve_filter.master b/server/conf/sieve_filter.master index 13c08dd56b..f72cd11d1f 100644 --- a/server/conf/sieve_filter.master +++ b/server/conf/sieve_filter.master @@ -1,3 +1,6 @@ +# This sieve script is generated by ISPConfig, any changes made will be overwritten. +# You can create and activate a per-user sieve script (manually or via managesieve), +# which will execute before this. require ["fileinto", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"]; @@ -36,4 +39,4 @@ vacation :days 1 # :addresses ["test@test.int", "till@test.int"] ""; - \ No newline at end of file + diff --git a/server/conf/sieve_filter_1.2.master b/server/conf/sieve_filter_1.2.master index 5244693102..edd4060b9f 100644 --- a/server/conf/sieve_filter_1.2.master +++ b/server/conf/sieve_filter_1.2.master @@ -1,3 +1,6 @@ +# This sieve script is generated by ISPConfig, any changes made will be overwritten. +# You can create and activate a per-user sieve script (manually or via managesieve), +# which will execute before this. require ["fileinto", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"]; diff --git a/server/plugins-available/maildeliver_plugin.inc.php b/server/plugins-available/maildeliver_plugin.inc.php index 2c16601f50..9c9939655c 100644 --- a/server/plugins-available/maildeliver_plugin.inc.php +++ b/server/plugins-available/maildeliver_plugin.inc.php @@ -98,9 +98,16 @@ class maildeliver_plugin { $app->log("Mailfilter config has been changed", LOGLEVEL_DEBUG); $sieve_file = $data["new"]["maildir"].'/.sieve'; - $sieve_file_isp = $data["new"]["maildir"].'/sieve/ispconfig.sieve'; - if(is_file($sieve_file)) unlink($sieve_file) or $app->log("Unable to delete file: $sieve_file", LOGLEVEL_WARN); + $sieve_file_svbin = $data["new"]["maildir"].'/.sieve.svbin'; + $old_sieve_file_isp = $data["new"]["maildir"].'/sieve/ispconfig.sieve'; + $sieve_file_isp = $data["new"]["maildir"].'/.ispconfig.sieve'; + $sieve_file_isp_svbin = $data["new"]["maildir"].'/.ispconfig.svbin'; + if(is_file($old_sieve_file_isp)) unlink($old_sieve_file_isp) or $app->log("Unable to delete file: $old_sieve_file_isp", LOGLEVEL_WARN); + // cleanup .sieve file if it is now a broken link + if(is_link($sieve_file) && !file_exists($sieve_file)) unlink($sieve_file) or $app->log("Unable to delete file: $sieve_file", LOGLEVEL_WARN); + if(is_file($sieve_file_svbin)) unlink($sieve_file_svbin) or $app->log("Unable to delete file: $sieve_file_svbin", LOGLEVEL_WARN); if(is_file($sieve_file_isp)) unlink($sieve_file_isp) or $app->log("Unable to delete file: $sieve_file_isp", LOGLEVEL_WARN); + if(is_file($sieve_file_isp_svbin)) unlink($sieve_file_isp_svbin) or $app->log("Unable to delete file: $sieve_file_isp_svbin", LOGLEVEL_WARN); $app->load('tpl'); //* Select sieve filter file for dovecot version @@ -221,16 +228,13 @@ class maildeliver_plugin { if ( is_file($sieve_file_isp) ) { $app->system->chown($sieve_file_isp,$mail_config['mailuser_name'],false); $app->system->chgrp($sieve_file_isp,$mail_config['mailuser_group'],false); + + $app->system->exec_safe("sievec ?", "$sieve_file_isp"); + if ( is_file($sieve_file_isp_svbin) ) { + $app->system->chown($sieve_file_isp_svbin,$mail_config['mailuser_name'],false); + $app->system->chgrp($sieve_file_isp_svbin,$mail_config['mailuser_group'],false); + } } - chdir($data["new"]["maildir"]); - //* create symlink to activate sieve script - symlink("sieve/ispconfig.sieve", ".sieve") or $app->log("Unable to create symlink to active sieve filter", LOGLEVEL_WARN); - if (is_link(".sieve")) { - $app->system->chown(".sieve",$mail_config['mailuser_name'],true); - $app->system->chgrp(".sieve",$mail_config['mailuser_group'],true); - } - $app->system->chown($sieve_file,$mail_config['mailuser_name'],true); - $app->system->chgrp($sieve_file,$mail_config['mailuser_group'],true); unset($tpl); @@ -241,9 +245,16 @@ class maildeliver_plugin { global $app, $conf; $sieve_file = $data["old"]["maildir"].'/.sieve'; - $sieve_file_isp = $data["old"]["maildir"].'/sieve/ispconfig.sieve'; - if(is_file($sieve_file)) unlink($sieve_file) or $app->log("Unable to delete file: $sieve_file", LOGLEVEL_WARN); + $sieve_file_svbin = $data["old"]["maildir"].'/.sieve.svbin'; + $old_sieve_file_isp = $data["old"]["maildir"].'/sieve/ispconfig.sieve'; + $sieve_file_isp = $data["old"]["maildir"].'/.ispconfig.sieve'; + $sieve_file_isp_svbin = $data["old"]["maildir"].'/.ispconfig.svbin'; + if(is_file($old_sieve_file_isp)) unlink($old_sieve_file_isp) or $app->log("Unable to delete file: $old_sieve_file_isp", LOGLEVEL_WARN); + // cleanup .sieve file if it is now a broken link + if(is_link($sieve_file) && !file_exists($sieve_file)) unlink($sieve_file) or $app->log("Unable to delete file: $sieve_file", LOGLEVEL_WARN); + if(is_file($sieve_file_svbin)) unlink($sieve_file_svbin) or $app->log("Unable to delete file: $sieve_file_svbin", LOGLEVEL_WARN); if(is_file($sieve_file_isp)) unlink($sieve_file_isp) or $app->log("Unable to delete file: $sieve_file_isp", LOGLEVEL_WARN); + if(is_file($sieve_file_isp_svbin)) unlink($sieve_file_isp_svbin) or $app->log("Unable to delete file: $sieve_file_isp_svbin", LOGLEVEL_WARN); } -- GitLab From 8735bd886b43ec75e621789f513a663d0ea38ec8 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 13 Nov 2019 17:24:51 -0700 Subject: [PATCH 11/16] update to current setting names --- install/tpl/debian_postfix.conf.master | 2 +- install/tpl/fedora_postfix.conf.master | 2 +- install/tpl/gentoo_postfix.conf.master | 2 +- install/tpl/opensuse_postfix.conf.master | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index 0df3ae38e8..c50d826e01 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -26,7 +26,7 @@ relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes -smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo +smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index 3e5646a036..1c8326de2a 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -22,7 +22,7 @@ relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes -smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo +smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index da482fc561..51f30d914e 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -21,7 +21,7 @@ relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes -smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:{config_dir}/blacklist_helo +smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index 47f582af0c..a1203013ef 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -24,7 +24,7 @@ relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes -smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo +smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 -- GitLab From 75cd4fecbf02ad68deb8554f330189082979c1f2 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 13 Nov 2019 17:33:25 -0700 Subject: [PATCH 12/16] rbl blocking should happen after whitelist lookups for whitelisting to override rbls --- install/tpl/debian_postfix.conf.master | 2 +- install/tpl/fedora_postfix.conf.master | 2 +- install/tpl/gentoo_postfix.conf.master | 2 +- install/tpl/opensuse_postfix.conf.master | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index c50d826e01..1c739a5c7e 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -15,7 +15,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index 1c8326de2a..d504c6ed56 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -11,7 +11,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index 51f30d914e..cad2b97c3c 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -10,7 +10,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index a1203013ef..c59d46fa97 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -13,7 +13,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert -- GitLab From 1bce29fdbf7fe4a72e7258e184058fb8427ddc53 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 13 Nov 2019 17:59:56 -0700 Subject: [PATCH 13/16] older dovecot requires namespace separator --- install/tpl/debian6_dovecot2.conf.master | 1 + install/tpl/fedora_dovecot2.conf.master | 1 + install/tpl/opensuse_dovecot2.conf.master | 1 + 3 files changed, 3 insertions(+) diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master index c82ac59a38..6f32e6d5a2 100644 --- a/install/tpl/debian6_dovecot2.conf.master +++ b/install/tpl/debian6_dovecot2.conf.master @@ -109,6 +109,7 @@ plugin { imap_capability=+SEPCIAL-USE XLIST namespace inbox { inbox = yes + separator = . mailbox Drafts { special_use = \Drafts } diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master index 9fd5ed92c2..ee80f8c0d9 100644 --- a/install/tpl/fedora_dovecot2.conf.master +++ b/install/tpl/fedora_dovecot2.conf.master @@ -105,6 +105,7 @@ plugin { imap_capability=+SEPCIAL-USE XLIST namespace inbox { inbox = yes + separator = . mailbox Drafts { special_use = \Drafts } diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master index 94e658aecc..070590181b 100644 --- a/install/tpl/opensuse_dovecot2.conf.master +++ b/install/tpl/opensuse_dovecot2.conf.master @@ -104,6 +104,7 @@ plugin { imap_capability=+SEPCIAL-USE XLIST namespace inbox { inbox = yes + separator = . mailbox Drafts { special_use = \Drafts } -- GitLab From 1e9c3880bb2908f82ba2b013245f132379ff9977 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Tue, 19 Nov 2019 17:27:49 -0700 Subject: [PATCH 14/16] postfix_server_plugin checks for dovecot lmtp and sieve (#3395 and #4792) --- .../postfix_server_plugin.inc.php | 45 ++++++++++++------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php index ad48e3dee8..80db1c102a 100644 --- a/server/plugins-available/postfix_server_plugin.inc.php +++ b/server/plugins-available/postfix_server_plugin.inc.php @@ -158,24 +158,35 @@ class postfix_server_plugin { } if($app->system->is_installed('dovecot')) { + $virtual_transport = 'dovecot'; + $configure_lmtp = false; + $dovecot_protocols = 'imap pop3'; + + //* dovecot-lmtpd + if( ($configure_lmtp = is_file('/usr/lib/dovecot/lmtp')) || + ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') ) + { + $virtual_transport = 'lmtp:unix:private/dovecot-lmtp'; + $dovecot_protocols .= ' lmtp'; + } + + //* dovecot-managesieved + if(is_file('/usr/lib/dovecot/managesieve')) { + $dovecot_protocols .= ' sieve'; + } + $out = null; exec("postconf -n virtual_transport", $out); - if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') { - // If dovecot switch to lmtp - if($out[0] != "virtual_transport = lmtp:unix:private/dovecot-lmtp") { - exec("postconf -e 'virtual_transport = lmtp:unix:private/dovecot-lmtp'"); - exec('postfix reload'); - $app->system->replaceLine("/etc/dovecot/dovecot.conf", "protocols = imap pop3", "protocols = imap pop3 lmtp"); - exec($conf['init_scripts'] . '/' . 'dovecot restart'); - } - } else { - // If dovecot switch to dovecot - if($out[0] != "virtual_transport = dovecot") { - exec("postconf -e 'virtual_transport = dovecot'"); - exec('postfix reload'); - $app->system->replaceLine("/etc/dovecot/dovecot.conf", "protocols = imap pop3 lmtp", "protocols = imap pop3"); - exec($conf['init_scripts'] . '/' . 'dovecot restart'); - } + if($out[0] != "virtual_transport = $virtual_transport") { + exec("postconf -e 'virtual_transport = $virtual_transport'"); + exec('postfix reload'); + } + + $out = null; + exec("grep '^protocols\s' /etc/dovecot/dovecot.conf", $out); + if($out[0] != "protocols = $dovecot_protocols") { + $app->system->replaceLine("/etc/dovecot/dovecot.conf", 'REGEX:/^protocols\s=/', "protocols = $dovecot_protocols"); + exec($conf['init_scripts'] . '/' . 'dovecot restart'); } } @@ -222,7 +233,7 @@ class postfix_server_plugin { exec("postconf -X 'milter_default_action'"); exec("postconf -e 'receive_override_options = no_address_mappings'"); - exec("postconf -e 'content_filter = amavis:[127.0.0.1]:10024'"); + exec("postconf -e 'content_filter = " . ($configure_lmtp ? "lmtp" : "amavis" ) . ":[127.0.0.1]:10024'"); exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re'"); } -- GitLab From 6adf9d2181b6fdb2ca2362124bcce88222048d4c Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Tue, 2 Jun 2020 14:46:50 -0600 Subject: [PATCH 15/16] update disablelmtp field --- interface/web/mail/mail_user_edit.php | 7 ++++--- interface/web/tools/import_vpopmail.php | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php index 7255c6dbac..c7f36a89e0 100644 --- a/interface/web/mail/mail_user_edit.php +++ b/interface/web/mail/mail_user_edit.php @@ -313,8 +313,9 @@ class page_action extends tform_actions { $disabledeliver = ($this->dataRecord["postfix"] == 'y')?'n':'y'; $disablesmtp = ($this->dataRecord["disablesmtp"])?'y':'n'; - $sql = "UPDATE mail_user SET disableimap = ?, disablesieve = ?, disablepop3 = ?, disablesmtp = ?, disabledeliver = ?, disablelda = ? WHERE mailuser_id = ?"; $app->db->query($sql, $disableimap, $disableimap, $disablepop3, $disablesmtp, $disabledeliver, $disabledeliver, $this->id); + $sql = "UPDATE mail_user SET disableimap = ?, disablesieve = ?, disablepop3 = ?, disablesmtp = ?, disabledeliver = ?, disablelda = ?, disablelmtp = ? WHERE mailuser_id = ?"; + $app->db->query($sql, $disableimap, $disableimap, $disablepop3, $disablesmtp, $disabledeliver, $disabledeliver, $disabledeliver, $this->id); } } @@ -365,8 +366,8 @@ class page_action extends tform_actions { $disabledeliver = ($this->dataRecord["postfix"] == 'y')?'n':'y'; $disablesmtp = (isset($this->dataRecord["disablesmtp"]) && $this->dataRecord["disablesmtp"])?'y':'n'; - $sql = "UPDATE mail_user SET disableimap = ?, disablesieve = ?, `disablesieve-filter` = ?, disablepop3 = ?, disablesmtp = ?, disabledeliver = ?, disablelda = ? WHERE mailuser_id = ?"; - $app->db->query($sql, $disableimap, $disableimap, $disableimap, $disablepop3, $disablesmtp, $disabledeliver, $disabledeliver, $this->id); + $sql = "UPDATE mail_user SET disableimap = ?, disablesieve = ?, `disablesieve-filter` = ?, disablepop3 = ?, disablesmtp = ?, disabledeliver = ?, disablelda = ?, disablelmtp = ? WHERE mailuser_id = ?"; + $app->db->query($sql, $disableimap, $disableimap, $disableimap, $disablepop3, $disablesmtp, $disabledeliver, $disabledeliver, $disabledeliver, $this->id); } //** If the email address has been changed, change it in all aliases too diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php index 3e732d3740..7ae4efb58b 100644 --- a/interface/web/tools/import_vpopmail.php +++ b/interface/web/tools/import_vpopmail.php @@ -242,6 +242,7 @@ function start_import() { "disablesmtp" => 'n', "disablesieve" => 'n', "disablelda" => 'n', + "disablelmtp" => 'n', "disabledoveadm" => 'n' ); $app->db->datalogInsert('mail_user', $sql, 'mailuser_id'); -- GitLab From 64a58f233198456564c8b1e067bb582d901f4034 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Thu, 11 Jun 2020 12:06:46 -0600 Subject: [PATCH 16/16] add mail_user.disableindexer-worker column. fixes #3108 --- install/sql/incremental/upd_dev_collection.sql | 3 +++ install/sql/ispconfig3.sql | 1 + 2 files changed, 4 insertions(+) diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql index 91db879d0c..aebc01dcb8 100644 --- a/install/sql/incremental/upd_dev_collection.sql +++ b/install/sql/incremental/upd_dev_collection.sql @@ -29,3 +29,6 @@ UPDATE `mail_user` set `disabledoveadm` = 'n'; -- add disablequota-status for quota-status policy daemon ALTER TABLE `mail_user` ADD `disablequota-status` ENUM('n','y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'n' AFTER `disabledoveadm`; + +-- add disableindexer-worker for solr search +ALTER TABLE `mail_user` ADD `disableindexer-worker` ENUM('n','y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'n' AFTER `disablequota-status`; diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index cc266ff235..9d2fb74134 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -1063,6 +1063,7 @@ CREATE TABLE `mail_user` ( `disablelmtp` enum('n','y') NOT NULL default 'n', `disabledoveadm` enum('n','y') NOT NULL default 'n', `disablequota-status` enum('n','y') NOT NULL default 'n', + `disableindexer-worker` enum('n','y') NOT NULL default 'n', `last_quota_notification` date NULL default NULL, `backup_interval` VARCHAR( 255 ) NOT NULL default 'none', `backup_copies` INT NOT NULL DEFAULT '1', -- GitLab