diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-09 18:41:06 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-09 20:25:40 +0100 |
commit | e2ddcfc51f66c2a52a401064eab005e793f148ee (patch) | |
tree | 7c14243b2d53f81e54c9ee77dc526c71559e572a /roles/IMAP/files | |
parent | 7d9380c2c9dd87876ce4d9f9b30c934505fcba51 (diff) |
Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.
Diffstat (limited to 'roles/IMAP/files')
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf | 6 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf | 9 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf | 28 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 8 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf | 4 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf | 53 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf | 20 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf | 7 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf | 10 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf | 165 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext | 3 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext | 3 | ||||
-rwxr-xr-x | roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl | 14 |
13 files changed, 254 insertions, 76 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf index d4f323d..7213fbb 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf @@ -73,7 +73,7 @@ auth_username_format = %Lu # Kerberos keytab to use for the GSSAPI mechanism. Will use the system # default (usually /etc/krb5.keytab) if not specified. You may need to change # the auth service to run as root to be able to read this file. -#auth_krb5_keytab = +#auth_krb5_keytab = # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt> @@ -88,9 +88,9 @@ auth_username_format = %Lu # Require a valid SSL client certificate or the authentication fails. #auth_ssl_require_client_cert = no -# Take the username from client's SSL certificate, using +# Take the username from client's SSL certificate, using # X509_NAME_get_text_by_NID() which returns the subject's DN's -# CommonName. +# CommonName. #auth_ssl_username_from_cert = no # Space separated list of wanted authentication mechanisms: diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf index c611bfc..848fe69 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf @@ -7,9 +7,9 @@ #log_path = syslog # Log file to use for informational messages. Defaults to log_path. -#info_log_path = +#info_log_path = # Log file to use for debug messages. Defaults to info_log_path. -#debug_log_path = +#debug_log_path = # Syslog facility to use if you're logging to syslog. Usually if you don't # want to use "mail", you'll use local0..local7. Also other standard @@ -69,12 +69,13 @@ log_timestamp = "%Y-%m-%d %H:%M:%S " # Login log format. %s contains login_log_format_elements string, %$ contains # the data we want to log. #login_log_format = %$: %s - + # Log prefix for mail processes. See doc/wiki/Variables.txt for list of # possible variables you can use. #mail_log_prefix = "%s(%u): " -# Format to use for logging mail deliveries. You can use variables: +# Format to use for logging mail deliveries. See doc/wiki/Variables.txt for +# list of all variables you can use. Some of the common ones include: # %$ - Delivery status message (e.g. "saved to INBOX") # %m - Message-ID # %s - Subject diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf index 2e68df4..a781402 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf @@ -50,7 +50,7 @@ namespace inbox { # Prefix required to access this namespace. This needs to be different for # all namespaces. For example "Public/". - #prefix = + #prefix = # Physical location of the mailbox. This is in same format as # mail_location, which is also the default for it. @@ -133,10 +133,22 @@ mail_gid = vmail # or ~user/. #mail_full_filesystem_access = no -# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but -# soon intended to be used by METADATA as well. +# Dictionary for key=value mailbox attributes. This is used for example by +# URLAUTH and METADATA extensions. #mail_attribute_dict = +# A comment or note that is associated with the server. This value is +# accessible for authenticated users through the IMAP METADATA server +# entry "/shared/comment". +mail_server_comment = "fripost - demokratisk e-post" + +# Indicates a method for contacting the server administrator. According to +# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that +# is currently not enforced. Use for example mailto:admin@example.com. This +# value is accessible for authenticated users through the IMAP METADATA server +# entry "/shared/admin". +mail_server_admin = mailto:postmaster@fripost.org + ## ## Mail processes ## @@ -188,7 +200,7 @@ first_valid_uid = 1 # WARNING: Never add directories here which local users can modify, that # may lead to root exploit. Usually this should be done only if you don't # allow shell access for users. <doc/wiki/Chrooting.txt> -#valid_chroot_dirs = +#valid_chroot_dirs = # Default chroot directory for mail processes. This can be overridden for # specific users in user database by giving /./ in user's home directory @@ -196,7 +208,7 @@ first_valid_uid = 1 # need to do chrooting, Dovecot doesn't allow users to access files outside # their mail directory anyway. If your home directories are prefixed with # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt> -#mail_chroot = +#mail_chroot = # UNIX socket path to master authentication server to find users. # This is used by imap (for shared users) and lda. @@ -207,7 +219,7 @@ first_valid_uid = 1 # Space separated list of plugins to load for all services. Plugins specific to # IMAP, LDA, etc. are added to this list in their own .conf files. -mail_plugins = stats virtual zlib +mail_plugins = quota stats virtual zlib ## ## Mailbox handling optimizations @@ -224,7 +236,7 @@ mailbox_list_index = yes # When IDLE command is running, mailbox is checked once in a while to see if # there are any new mails or other changes. This setting defines the minimum -# time to wait between those checks. Dovecot can also use dnotify, inotify and +# time to wait between those checks. Dovecot can also use inotify and # kqueue to find out immediately when changes occur. #mailbox_idle_check_interval = 30 secs @@ -313,7 +325,7 @@ mailbox_list_index = yes # fallbacks to re-reading the whole mbox file whenever something in mbox isn't # how it's expected to be. The only real downside to this setting is that if # some other MUA changes message flags, Dovecot doesn't notice it immediately. -# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK +# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK # commands. #mbox_dirty_syncs = yes diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf index dc0b5bf..250eec5 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf @@ -21,7 +21,7 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) -#ssl_ca = +#ssl_ca = # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes @@ -46,7 +46,7 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key ssl_dh_parameters_length = 2048 # SSL protocols to use -ssl_protocols = !SSLv2 !SSLv3 +#ssl_protocols = !SSLv3 # SSL ciphers to use ssl_cipher_list = HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH @@ -56,3 +56,7 @@ ssl_cipher_list = HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = + +# SSL extra options. Currently supported options are: +# no_compression - Disable compression. +ssl_options = no_compression diff --git a/roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf b/roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf index bdf045d..2a7bd27 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf @@ -8,7 +8,7 @@ # Hostname to use in various parts of sent mails (e.g. in Message-Id) and # in LMTP replies. Default is the system's real hostname@domain. -#hostname = +#hostname = # If user is over quota, return with temporary failure instead of # bouncing the mail. @@ -32,7 +32,7 @@ sendmail_path = /usr/sbin/postmulti -i msa -x /usr/sbin/sendmail #recipient_delimiter = + # Header where the original recipient address (SMTP's RCPT TO: address) is taken -# from if not available elsewhere. With dovecot-lda -a parameter overrides this. +# from if not available elsewhere. With dovecot-lda -a parameter overrides this. # A commonly used header for this is X-Original-To. #lda_original_recipient_header = diff --git a/roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf b/roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf index 6aa5c22..9c330be 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf @@ -2,19 +2,48 @@ ## Mailbox definitions ## +# Each mailbox is specified in a separate mailbox section. The section name +# specifies the mailbox name. If it has spaces, you can put the name +# "in quotes". These sections can contain the following mailbox settings: +# +# auto: +# Indicates whether the mailbox with this name is automatically created +# implicitly when it is first accessed. The user can also be automatically +# subscribed to the mailbox after creation. The following values are +# defined for this setting: +# +# no - Never created automatically. +# create - Automatically created, but no automatic subscription. +# subscribe - Automatically created and subscribed. +# +# special_use: +# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the +# mailbox. There are no validity checks, so you could specify anything +# you want in here, but it's not a good idea to use flags other than the +# standard ones specified in the RFC: +# +# \All - This (virtual) mailbox presents all messages in the +# user's message store. +# \Archive - This mailbox is used to archive messages. +# \Drafts - This mailbox is used to hold draft messages. +# \Flagged - This (virtual) mailbox presents all messages in the +# user's message store marked with the IMAP \Flagged flag. +# \Junk - This mailbox is where messages deemed to be junk mail +# are held. +# \Sent - This mailbox is used to hold copies of messages that +# have been sent. +# \Trash - This mailbox is used to hold messages that have been +# deleted. +# +# comment: +# Defines a default comment or note associated with the mailbox. This +# value is accessible through the IMAP METADATA mailbox entries +# "/shared/comment" and "/private/comment". Users with sufficient +# privileges can override the default value for entries with a custom +# value. + # NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. namespace inbox { - - #mailbox name { - # auto=create will automatically create this mailbox. - # auto=subscribe will both create and subscribe to the mailbox. - #auto = no - - # Space separated list of IMAP SPECIAL-USE attributes as specified by - # RFC 6154: \All \Archive \Drafts \Flagged \Junk \Sent \Trash - #special_use = - #} - # These mailboxes are widely used and could perhaps be created automatically: mailbox Trash { auto = create @@ -36,10 +65,12 @@ namespace inbox { # If you have a virtual "All messages" mailbox: mailbox virtual/All { special_use = \All + comment = All messages } # If you have a virtual "Flagged" mailbox: mailbox virtual/Flagged { special_use = \Flagged + comment = All flagged messages } } diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf index b62f6ef..3ddedce 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf @@ -2,6 +2,12 @@ ## IMAP specific settings ## +# If nothing happens for this long while client is IDLEing, move the connection +# to imap-hibernate process and close the old imap process. This saves memory, +# because connections use very little memory in imap-hibernate process. The +# downside is that recreating the imap process back uses some resources. +imap_hibernate_timeout = 15s + # Maximum IMAP command line length. Some clients generate very long command # lines with huge mailboxes, so you may need to raise this if you get # "Too long argument" or "IMAP command line too large" errors often. @@ -10,11 +16,19 @@ # IMAP logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client +# %{fetch_hdr_count} - Number of mails with mail header data sent to client +# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client +# %{fetch_body_count} - Number of mails with mail body data sent to client +# %{fetch_body_bytes} - Number of bytes with mail body data sent to client +# %{deleted} - Number of mails where client added \Deleted flag +# %{expunged} - Number of mails that client expunged +# %{trashed} - Number of mails that client copied/moved to the +# special_use=\Trash mailbox. #imap_logout_format = in=%i out=%o # Override the IMAP CAPABILITY response. If the value begins with '+', # add the given capabilities on top of the defaults (e.g. +XFOO XBAR). -#imap_capability = +#imap_capability = # How long to wait between "OK Still here" notifications when client is # IDLEing. @@ -23,7 +37,7 @@ # ID field names and values to send to clients. Using * as the value makes # Dovecot use the default value. The following fields have default values # currently: name, version, os, os-version, support-url, support-email. -#imap_id_send = +#imap_id_send = # ID fields sent by client to log. * means everything. #imap_id_log = @@ -46,7 +60,7 @@ # greyed out, instead of only later giving "not selectable" popup error. # # The list is space-separated. -#imap_client_workarounds = +#imap_client_workarounds = # Host allowed in URLAUTH URLs sent by client. "*" allows all. #imap_urlauth_host = diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf index cd48ab8..8fc5fa0 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf @@ -13,6 +13,13 @@ # Verify quota before replying to RCPT TO. This adds a small overhead. #lmtp_rcpt_check_quota = no +# Which recipient address to use for Delivered-To: header and Received: +# header. The default is "final", which is the same as the one given to +# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT +# parameter, "none" uses nothing. Note that "none" is currently always used +# when a mail has multiple recipients. +#lmtp_hdr_delivery_address = final + protocol lmtp { postmaster_address = postmaster@fripost.org # Space separated list of plugins to load (default is global mail_plugins). diff --git a/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf b/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf index b6fcd3b..9583b6d 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf @@ -19,13 +19,15 @@ plugin { antispam_spool2dir_spam = /home/mail/spamspool/%u-%%10lu-%%06lu.spam antispam_spool2dir_notspam = /home/mail/spamspool/%u-%%10lu-%%06lu.ham - - zlib_save = gz - zlib_save_level = 6 - + quota_rule = *:storage=0 + quota = count:User quota + quota_vsizes = yes # how often to session statistics stats_refresh = 30 secs # track per-IMAP command statistics stats_track_cmds = yes + + zlib_save = gz + zlib_save_level = 6 } diff --git a/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf b/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf index afee135..c1ff93e 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf @@ -5,39 +5,81 @@ # Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf # by adding it to the respective mail_plugins= settings. +# The Sieve interpreter can retrieve Sieve scripts from several types of +# locations. The default `file' location type is a local filesystem path +# pointing to a Sieve script file or a directory containing multiple Sieve +# script files. More complex setups can use other location types such as +# `ldap' or `dict' to fetch Sieve scripts from remote databases. +# +# All settings that specify the location of one ore more Sieve scripts accept +# the following syntax: +# +# location = [<type>:]path[;<option>[=<value>][;...]] +# +# If the type prefix is omitted, the script location type is 'file' and the +# location is interpreted as a local filesystem path pointing to a Sieve script +# file or directory. Refer to Pigeonhole wiki or INSTALL file for more +# information. + plugin { - # The path to the user's main active script. If ManageSieve is used, this the - # location of the symbolic link controlled by ManageSieve. - sieve = ~/dovecot.sieve - - # The default Sieve script when the user has none. This is a path to a global - # sieve script file, which gets executed ONLY if user's private Sieve script - # doesn't exist. Be sure to pre-compile this script manually using the sievec - # command line tool. - # --> See sieve_before fore executing scripts before the user's personal + # The location of the user's main Sieve script or script storage. The LDA + # Sieve plugin uses this to find the active script for Sieve filtering at + # delivery. The "include" extension uses this location for retrieving + # :personal" scripts. This is also where the ManageSieve service will store + # the user's scripts, if supported. + # + # Currently only the 'file:' location type supports ManageSieve operation. + # Other location types like 'dict:' and 'ldap:' can currently only + # be used as a read-only script source (). + # + # For the 'file:' type: use the ';active=' parameter to specify where the + # active script symlink is located. + # For other types: use the ';name=' parameter to specify the name of the + # default/active script. + sieve = file:~/sieve;active=~/dovecot.sieve + + # The default Sieve script when the user has none. This is the location of a + # global sieve script file, which gets executed ONLY if user's personal Sieve + # script doesn't exist. Be sure to pre-compile this script manually using the + # sievec command line tool if the binary is not stored in a global location. + # --> See sieve_before for executing scripts before the user's personal # script. #sieve_default = /var/lib/dovecot/sieve/default.sieve - # Directory for :personal include scripts for the include extension. This - # is also where the ManageSieve service stores the user's scripts. - sieve_dir = ~/sieve - - # Directory for :global include scripts for the include extension. - #sieve_global_dir = - - # Path to a script file or a directory containing script files that need to be - # executed before the user's script. If the path points to a directory, all - # the Sieve scripts contained therein (with the proper .sieve extension) are - # executed. The order of execution within a directory is determined by the - # file names, using a normal 8bit per-character comparison. Multiple script - # file or directory paths can be specified by appending an increasing number. - #sieve_before = - #sieve_before2 = + # The name by which the default Sieve script (as configured by the + # sieve_default setting) is visible to the user through ManageSieve. + #sieve_default_name = + + # Location for ":global" include scripts as used by the "include" extension. + #sieve_global = + + # The location of a Sieve script that is run for any message that is about to + # be discarded; i.e., it is not delivered anywhere by the normal Sieve + # execution. This only happens when the "implicit keep" is canceled, by e.g. + # the "discard" action, and no actions that deliver the message are executed. + # This "discard script" can prevent discarding the message, by executing + # alternative actions. If the discard script does nothing, the message is + # still discarded as it would be when no discard script is configured. + #sieve_discard = + + # Location Sieve of scripts that need to be executed before the user's + # personal script. If a 'file' location path points to a directory, all the + # Sieve scripts contained therein (with the proper `.sieve' extension) are + # executed. The order of execution within that directory is determined by the + # file names, using a normal 8bit per-character comparison. + # + # Multiple script locations can be specified by appending an increasing number + # to the setting name. The Sieve scripts found from these locations are added + # to the script execution sequence in the specified order. Reading the + # numbered sieve_before settings stops at the first missing setting, so no + # numbers may be skipped. + #sieve_before = /var/lib/dovecot/sieve.d/ + #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain #sieve_before3 = (etc...) # Identical to sieve_before, only the specified scripts are executed after the - # user's script (only when keep is still in effect!). Multiple script file or - # directory paths can be specified by appending an increasing number. + # user's script (only when keep is still in effect!). Multiple script + # locations can be specified by appending an increasing number. #sieve_after = #sieve_after2 = #sieve_after2 = (etc...) @@ -48,7 +90,7 @@ plugin { # to disable certain Sieve extensions or enable those that are not available # by default. This setting can use '+' and '-' to specify differences relative # to the default. For example `sieve_extensions = +imapflags' will enable the - # deprecated imapflags extension in addition to all extensions were already + # deprecated imapflags extension in addition to all extensions were already # enabled by default. sieve_extensions = +editheader @@ -68,7 +110,7 @@ plugin { # setting, the used plugins can be specified. Check the Dovecot wiki # (wiki2.dovecot.org) or the pigeonhole website # (http://pigeonhole.dovecot.org) for available plugins. - # The sieve_extprograms plugin is included in this release. + # The sieve_extprograms plugin is included in this release. #sieve_plugins = # The separator that is expected between the :user and :detail @@ -102,4 +144,71 @@ plugin { # set to 0, no limit on the used amount of disk storage is enforced. # (Currently only relevant for ManageSieve) #sieve_quota_max_storage = 0 + + # The primary e-mail address for the user. This is used as a default when no + # other appropriate address is available for sending messages. If this setting + # is not configured, either the postmaster or null "<>" address is used as a + # sender, depending on the action involved. This setting is important when + # there is no message envelope to extract addresses from, such as when the + # script is executed in IMAP. + #sieve_user_email = + + # The path to the file where the user log is written. If not configured, a + # default location is used. If the main user's personal Sieve (as configured + # with sieve=) is a file, the logfile is set to <filename>.log by default. If + # it is not a file, the default user log file is ~/.dovecot.sieve.log. + #sieve_user_log = + + # Specifies what envelope sender address is used for redirected messages. + # The following values are supported for this setting: + # + # "sender" - The sender address is used (default). + # "recipient" - The final recipient address is used. + # "orig_recipient" - The original recipient is used. + # "user_email" - The user's primary address is used. This is + # configured with the "sieve_user_email" setting. If + # that setting is unconfigured, "user_mail" is equal to + # "recipient". + # "postmaster" - The postmaster_address configured for the LDA. + # "<user@domain>" - Redirected messages are always sent from user@domain. + # The angle brackets are mandatory. The null "<>" address + # is also supported. + # + # This setting is ignored when the envelope sender is "<>". In that case the + # sender of the redirected message is also always "<>". + #sieve_redirect_envelope_from = sender + + ## TRACE DEBUGGING + # Trace debugging provides detailed insight in the operations performed by + # the Sieve script. These settings apply to both the LDA Sieve plugin and the + # IMAPSIEVE plugin. + # + # WARNING: On a busy server, this functionality can quickly fill up the trace + # directory with a lot of trace files. Enable this only temporarily and as + # selective as possible. + + # The directory where trace files are written. Trace debugging is disabled if + # this setting is not configured or if the directory does not exist. If the + # path is relative or it starts with "~/" it is interpreted relative to the + # current user's home directory. + #sieve_trace_dir = + + # The verbosity level of the trace messages. Trace debugging is disabled if + # this setting is not configured. Possible values are: + # + # "actions" - Only print executed action commands, like keep, + # fileinto, reject and redirect. + # "commands" - Print any executed command, excluding test commands. + # "tests" - Print all executed commands and performed tests. + # "matching" - Print all executed commands, performed tests and the + # values matched in those tests. + #sieve_trace_level = + + # Enables highly verbose debugging messages that are usually only useful for + # developers. + #sieve_trace_debug = no + + # Enables showing byte code addresses in the trace output, rather than only + # the source line numbers. + #sieve_trace_addresses = no } diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext index 9917753..8c33c6d 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext @@ -18,9 +18,6 @@ passdb { #userdb { # driver = ldap -# # This should be a different file from the passdb's, in order to perform -# # asynchronous requests. -# # args = /etc/dovecot/dovecot-ldap-userdb.conf.ext # # # Default fields can be used to specify defaults that LDAP may override diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext index 72f4604..1b97a0e 100644 --- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext @@ -31,8 +31,7 @@ uris = ldapi:// #dnpass = # Use SASL binding instead of the simple binding. Note that this changes -# ldap_version automatically to be 3 if it's lower. Also note that SASL binds -# and auth_bind=yes don't work together. +# ldap_version automatically to be 3 if it's lower. #sasl_bind = no # SASL mechanism name to use. #sasl_mech = diff --git a/roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl b/roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl index 399e65f..5b2c74e 100755 --- a/roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl +++ b/roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl @@ -74,15 +74,15 @@ sub server() { next; } # <major-version> <minor-version> <value type> - unless ($1 == 2 and $2 == 0 and $3 == 0) { + unless ($1 == 2 and $2 == 1 and $3 == 0) { warn "Unsupported protocol version $1.$2 (or value type $3)\n"; close $conn or warn "Can't close: $!"; next; } my $cmd = $conn->getline() // ''; - if ($cmd =~ /\AI(\d+)\t(.*)\n\z/) { - iterate($conn, $1, $2); + if ($cmd =~ /\AI(\d+)\t(\d+)\t(.*)\n\z/) { + iterate($conn, $1, $2, $3); } else { fail($conn => "Unknown command line: $cmd"); @@ -98,8 +98,8 @@ sub fail($;$) { } # list all users, even the inactive ones -sub iterate($$$) { - my ($fh, $flags, $prefix) = @_; +sub iterate($$$$) { + my ($fh, $flags, $max_rows, $prefix) = @_; unless ($flags == 0) { fail($fh => "Unsupported iterate flags $flags"); return; @@ -109,17 +109,19 @@ sub iterate($$$) { fail($fh => "opendir: $!"); return; }; + my $count = 0; while (defined (my $d = readdir $dh)) { next if $d eq '.' or $d eq '..'; opendir my $dh, $d or do { fail($fh => "opendir: $!"); return; }; - while (defined (my $l = readdir $dh)) { + while (defined (my $l = readdir $dh) and ($max_rows <= 0 or $count < $max_rows)) { next if $l eq '.' or $l eq '..'; my $user = $l.'@'.$d; next unless $user =~ /\A[a-zA-Z0-9\.\-_@]+\z/; # skip invalid user names $fh->printf("O%s%s\t\n", $prefix, $user); + $count++; } closedir $dh or warn "closedir: $!"; } |