From 7a562e807515506d7dca2f370f63057be7366c34 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 17 May 2016 20:35:37 +0200 Subject: roundube: Pin X.509 certificate for sieve.fripost.org:4190. --- .../roundcube/plugins/managesieve/config.inc.php | 101 --------------------- roles/webmail/tasks/roundcube.yml | 10 +- .../plugins/managesieve/config.inc.php.j2 | 100 ++++++++++++++++++++ 3 files changed, 108 insertions(+), 103 deletions(-) delete mode 100644 roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php create mode 100644 roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 diff --git a/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php b/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php deleted file mode 100644 index 9c9b3fc..0000000 --- a/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php +++ /dev/null @@ -1,101 +0,0 @@ - array( - 'verify_peer' => true, - 'verify_depth' => 3, - 'cafile' => '/etc/stunnel/certs/imap.fripost.org.pem', - 'disable_compression' => true, - 'ciphers' => 'EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL', - ), - ); - -// default contents of filters script (eg. default spam filter) -$config['managesieve_default'] = '/etc/dovecot/sieve/global'; - -// The name of the script which will be used when there's no user script -$config['managesieve_script_name'] = 'managesieve'; - -// Sieve RFC says that we should use UTF-8 endcoding for mailbox names, -// but some implementations does not covert UTF-8 to modified UTF-7. -// Defaults to UTF7-IMAP -$config['managesieve_mbox_encoding'] = 'UTF-8'; - -// I need this because my dovecot (with listescape plugin) uses -// ':' delimiter, but creates folders with dot delimiter -$config['managesieve_replace_delimiter'] = ''; - -// disabled sieve extensions (body, copy, date, editheader, encoded-character, -// envelope, environment, ereject, fileinto, ihave, imap4flags, index, -// mailbox, mboxmetadata, regex, reject, relational, servermetadata, -// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc. -// Note: not all extensions are implemented -$config['managesieve_disabled_extensions'] = array(); - -// Enables debugging of conversation with sieve server. Logs it into /sieve -$config['managesieve_debug'] = false; - -// Enables features described in http://wiki.kolab.org/KEP:14 -$config['managesieve_kolab_master'] = false; - -// Script name extension used for scripts including. Dovecot uses '.sieve', -// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled. -$config['managesieve_filename_extension'] = '.sieve'; - -// List of reserved script names (without extension). -// Scripts listed here will be not presented to the user. -$config['managesieve_filename_exceptions'] = array(); - -// List of domains limiting destination emails in redirect action -// If not empty, user will need to select domain from a list -$config['managesieve_domains'] = array(); - -// Enables separate management interface for vacation responses (out-of-office) -// 0 - no separate section (default), -// 1 - add Vacation section, -// 2 - add Vacation section, but hide Filters section -$config['managesieve_vacation'] = 0; - -// Default vacation interval (in days). -// Note: If server supports vacation-seconds extension it is possible -// to define interval in seconds here (as a string), e.g. "3600s". -$config['managesieve_vacation_interval'] = 0; - -// Some servers require vacation :addresses to be filled with all -// user addresses (aliases). This option enables automatic filling -// of these on initial vacation form creation. -$config['managesieve_vacation_addresses_init'] = false; - -// Supported methods of notify extension. Default: 'mailto' -$config['managesieve_notify_methods'] = array('mailto'); diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml index eb04ba1..e416656 100644 --- a/roles/webmail/tasks/roundcube.yml +++ b/roles/webmail/tasks/roundcube.yml @@ -27,7 +27,6 @@ - roundcube-plugins - php-net-sieve - php-net-ldap3 - - php-mail-mimedecode - name: Copy fripost's logo copy: src=usr/share/roundcube/skins/{{ item }}/images/fripost_logo.png @@ -97,9 +96,16 @@ with_items: - additional_message_headers - jqueryui - - managesieve - password +- name: Configure Roundcube plugins (2) + template: src=etc/roundcube/plugins/{{ item }}/config.inc.php.j2 + dest=/etc/roundcube/plugins/{{ item }}/config.inc.php + owner=root group=root + mode=0644 + with_items: + - managesieve + - name: Start php5-fpm service: name=php5-fpm state=started diff --git a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 new file mode 100644 index 0000000..6ad7343 --- /dev/null +++ b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 @@ -0,0 +1,100 @@ + array( + 'verify_peer' => true, + 'disable_compression' => true, + 'ciphers' => 'EECDH+AES!MEDIUM!LOW!EXP!aNULL!eNULL', + 'peer_fingerprint' => array('sha1' => '{{ lookup('pipe', 'openssl x509 -in certs/public/imap.fripost.org.pem -noout -fingerprint -sha1 | sed "s/[^=]*=\s*//" | tr -d :') }}'), + ), + ); + +// default contents of filters script (eg. default spam filter) +$config['managesieve_default'] = '/etc/dovecot/sieve/global'; + +// The name of the script which will be used when there's no user script +$config['managesieve_script_name'] = 'managesieve'; + +// Sieve RFC says that we should use UTF-8 endcoding for mailbox names, +// but some implementations does not covert UTF-8 to modified UTF-7. +// Defaults to UTF7-IMAP +$config['managesieve_mbox_encoding'] = 'UTF-8'; + +// I need this because my dovecot (with listescape plugin) uses +// ':' delimiter, but creates folders with dot delimiter +$config['managesieve_replace_delimiter'] = ''; + +// disabled sieve extensions (body, copy, date, editheader, encoded-character, +// envelope, environment, ereject, fileinto, ihave, imap4flags, index, +// mailbox, mboxmetadata, regex, reject, relational, servermetadata, +// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc. +// Note: not all extensions are implemented +$config['managesieve_disabled_extensions'] = array(); + +// Enables debugging of conversation with sieve server. Logs it into /sieve +$config['managesieve_debug'] = false; + +// Enables features described in http://wiki.kolab.org/KEP:14 +$config['managesieve_kolab_master'] = false; + +// Script name extension used for scripts including. Dovecot uses '.sieve', +// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled. +$config['managesieve_filename_extension'] = '.sieve'; + +// List of reserved script names (without extension). +// Scripts listed here will be not presented to the user. +$config['managesieve_filename_exceptions'] = array(); + +// List of domains limiting destination emails in redirect action +// If not empty, user will need to select domain from a list +$config['managesieve_domains'] = array(); + +// Enables separate management interface for vacation responses (out-of-office) +// 0 - no separate section (default), +// 1 - add Vacation section, +// 2 - add Vacation section, but hide Filters section +$config['managesieve_vacation'] = 0; + +// Default vacation interval (in days). +// Note: If server supports vacation-seconds extension it is possible +// to define interval in seconds here (as a string), e.g. "3600s". +$config['managesieve_vacation_interval'] = 0; + +// Some servers require vacation :addresses to be filled with all +// user addresses (aliases). This option enables automatic filling +// of these on initial vacation form creation. +$config['managesieve_vacation_addresses_init'] = false; + +// Supported methods of notify extension. Default: 'mailto' +$config['managesieve_notify_methods'] = array('mailto'); -- cgit v1.2.3