From 53cd6d2c79d206273fbe9b924156b440894a4776 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 7 Dec 2018 22:33:54 +0100 Subject: Upgrade 'lists' role to Debian Stretch. --- roles/lists/files/etc/sympa/sympa/sympa.conf | 401 +++++++++++++++++++++++++++ 1 file changed, 401 insertions(+) create mode 100644 roles/lists/files/etc/sympa/sympa/sympa.conf (limited to 'roles/lists/files/etc/sympa/sympa/sympa.conf') diff --git a/roles/lists/files/etc/sympa/sympa/sympa.conf b/roles/lists/files/etc/sympa/sympa/sympa.conf new file mode 100644 index 0000000..0e88baf --- /dev/null +++ b/roles/lists/files/etc/sympa/sympa/sympa.conf @@ -0,0 +1,401 @@ +###\\\\ Site customization ////### + +## Main robot hostname +domain lists.fripost.org + +## Local part of sympa email address +## Effective address will be [EMAIL]@[HOST] +email sympa + +## Listmasters email list comma separated +## Sympa will associate listmaster privileges to these email addresses (mail and web interfaces). Some error reports may also be sent to these addresses. +listmaster listmaster@fripost.org + +## URL of main Web page +wwsympa_url http://lists.fripost.org/sympa + +max_wrong_password 19 + +## Directory for storing static contents (CSS, members pictures, documentation) directly delivered by Apache +static_content_path /var/lib/sympa/static_content + +## URL mapped with the static_content_path directory defined above +static_content_url /static-sympa + +css_url /static-sympa/css + +## Secret used by Sympa to make MD5 fingerprint in web cookies secure +## Should not be changed ! May invalid all user password +cookie `head -n1 /etc/sympa/cookie` + +## Who is able to create lists +## This parameter is a scenario, check sympa documentation about scenarios if you want to define one +create_list intranet + +###\\\\ Directories ////### + +## Directory containing mailing lists subdirectories +home /var/lib/sympa/list_data + +## Directory for configuration files; it also contains scenari/ and templates/ directories +etc /etc/sympa + +###\\\\ System related ////### + +## Syslog facility for sympa +## Do not forget to edit syslog.conf +syslog `cat /etc/sympa/facility` + +## Log verbosity +## 0: normal, 2,3,4: for debug +log_level 0 + +## Communication mode with syslogd (unix | inet) +log_socket_type unix + +## Umask used for file creation by Sympa +umask 027 + +###\\\\ Sending related ////### + +## Path to the MTA (sendmail, postfix, exim or qmail) +## should point to a sendmail-compatible binary (eg: a binary named "sendmail" is distributed with Postfix) +sendmail /usr/sbin/sendmail +sendmail_aliases none + +distribution_mode fork + +## Max. number of Sendmail processes (launched by Sympa) running simultaneously +## Proposed value is quite low, you can rise it up to 100, 200 or even 300 with powerfull systems. +maxsmtp 128 + +log_smtp off + +## comma separated list of operations for which blacklist filter is applied +## Setting this parameter to "none" will hide the blacklist feature +use_blacklist send,create_list + +## Default maximum size (in bytes) for messages (can be re-defined for each list) +max_size 5242880 + +## Maximum number of recipients per call to Sendmail. The nrcpt_by_domain.conf file allows a different tuning per destination domain. +nrcpt 25 + +## Max. number of different domains per call to Sendmail +avg 10 + +## Specify which rfc2369 mailing list headers to add +rfc2369_header_fields help,subscribe,unsubscribe,post,owner,archive + +## Specify header fields to be removed before message distribution +remove_headers X-Sympa-To,X-Family-To,Return-Receipt-To,Precedence,X-Sequence,Disposition-Notification-To + +## Reject mail from automates (crontab, etc) sent to a list? +reject_mail_from_automates_feature on + +alias_manager /bin/true + +###\\\\ Bulk mailer ////### + +## Default priority for a packet to be sent by bulk. +sympa_packet_priority 5 + +## Minimum number of packets in database before the bulk forks to increase sending rate +## +bulk_fork_threshold 1 + +## Max number of bulks that will run on the same server +## +bulk_max_count 3 + +## The number of seconds a slave bulk will remain running without processing a message before it spontaneously dies. +## +bulk_lazytime 600 + +## The number of seconds a bulk sleeps between starting a new loop if it didn't find a message to send. +## Keep it small if you want your server to be reactive. +bulk_sleep 1 + +## Number of seconds a master bulk waits between two packets number checks. +## Keep it small if you expect brutal increases in the message sending load. +bulk_wait_to_fork 10 + +###\\\\ Quotas ////### + +###\\\\ Spool related ////### + +## Directory containing various specialized spools +## All spool are created at runtime by sympa.pl +spool /var/spool/sympa + +## Directory for incoming spool +queue /var/spool/sympa/msg + +queuedistribute /var/spool/sympa/distribute + +## Directory for moderation spool +queuemod /var/spool/sympa/moderation + +## Directory for digest spool +queuedigest /var/spool/sympa/digest + +## Directory for authentication spool +queueauth /var/spool/sympa/auth + +## Directory for outgoing spool +queueoutgoing /var/spool/sympa/outgoing + +## Directory for subscription spool +queuesubscribe /var/spool/sympa/subscribe + +## Directory for topic spool +queuetopic /var/spool/sympa/topic + +## Directory for bounce incoming spool +queuebounce /var/spool/sympa/bounce + +## Directory for task spool +queuetask /var/spool/sympa/task + +## Directory for automatic list creation spool +queueautomatic /var/spool/sympa/automatic + +###\\\\ Internationalization related ////### + +## Supported languages +## This is the set of language that will be proposed to your users for the Sympa GUI. Don't select a language if you don't have the proper locale packages installed. +supported_lang sv,en_US + +## Default language (one of supported languages) +## This is the default language used by Sympa +lang sv + +## If set to "on", enables support of legacy character set +## In some language environments, legacy encoding (character set) is preferred for e-mail messages: for example iso-2022-jp in Japanese language. +legacy_character_support_feature off + +###\\\\ Bounce related ////### + +verp_rate 100% +#tracking_delivery_status_notification on +#tracking_message_disposition_notification on + +## Welcome message return-path ( unique | owner ) +## If set to unique, new subcriber is removed if welcome message bounce +welcome_return_path unique + +## Remind message return-path ( unique | owner ) +## If set to unique, subcriber is removed if remind message bounce, use with care +remind_return_path owner + +## Task name for expiration of old bounces +expire_bounce_task daily + +## Bouncing email rate for warn list owner +bounce_warn_rate 30 + +## Bouncing email rate for halt the list (not implemented) +## Not yet used in current version, Default is 50 +bounce_halt_rate 50 + +###\\\\ Tuning ////### + +## Use of binary version of the list config structure on disk (none | binary_file) +## Set this parameter to "binary_file" if you manage a big amount of lists (1000+); it should make the web interface startup faster +cache_list_config none + +## Sympa commands priority +sympa_priority 1 + +request_priority 0 + +owner_priority 9 + +## Default priority for list messages +default_list_priority 5 + +## comma-separated list of files that will be parsed by Sympa when instantiating a family (no space allowed in file names) +parsed_family_files message.footer,message.header,message.footer.mime,message.header.mime,info + +###\\\\ Database related ////### + +## Type of the database (mysql|ODBC|Oracle|Pg|SQLite|Sybase) +## Be careful to the case +db_type mysql + +## Name of the database +## With SQLite, the name of the DB corresponds to the DB file +db_name sympa + +## Hostname of the database server +db_host localhost + +## User for the database connection +db_user sympa + +## Password for the database connection +## What ever you use a password or not, you must protect the SQL server (is it not a public internet service ?) +#db_passwd your_passwd + +## Database private extention to subscriber table +## You need to extend the database format with these fields +#db_additional_subscriber_fields billing_delay,subscription_expiration + +## Database private extention to user table +## You need to extend the database format with these fields +#db_additional_user_fields age,address + +## Number of months that elapse before a log is expired +logs_expiration_period 3 + +## Default timeout between two scheduled synchronizations of list members with data sources. +default_ttl 3600 + +## Default timeout between two action-triggered synchronizations of list members with data sources. +default_distribution_ttl 300 + +## Default timeout while performing a fetch for an include_sql_query sync +default_sql_fetch_timeout 300 + +###\\\\ Loop prevention ////### + +###\\\\ S/MIME configuration ////### + +## Path to OpenSSL +## Sympa recognizes S/MIME if OpenSSL is installed +openssl /usr/bin/openssl + +## Directory containing trusted CA certificates +#capath /etc/sympa/ssl.crt + +## File containing bundled trusted CA certificates +#cafile /usr/local/apache/conf/ssl.crt/ca-bundle.crt + +crl_dir /var/lib/sympa/list_data/crl + +## Directory containing user certificates +ssl_cert_dir /var/lib/sympa/list_data/X509-user-certs + +## Password used to crypt lists private keys +#key_passwd your_password + +###\\\\ DKIM ////### + +dkim_feature off + +## Insert a DKIM signature to message from the robot, from the list or both +dkim_add_signature_to robot,list + +## Type of message that is added a DKIM signature before distribution to subscribers. Possible values are "none", "any" or a list of the following keywords: "md5_authenticated_messages", "smime_authenticated_messages", "dkim_authenticated_messages", "editor_validated_messages". +dkim_signature_apply_on md5_authenticated_messages,smime_authenticated_messages,dkim_authenticated_messages,editor_validated_messages + +## DMARC protection +## https://sympa-community.github.io/manual/customize/dmarc-protection.html +dmarc_protection_mode dmarc_reject + +###\\\\ Antivirus plug-in ////### + +## Path to the antivirus scanner engine +## Supported antivirus: McAfee/uvscan, Fsecure/fsav, Sophos, AVP and Trend Micro/VirusWall +#antivirus_path /usr/local/uvscan/uvscan + +## Antivirus plugin command argument +#antivirus_args --secure --summary --dat /usr/local/uvscan + +###\\\\ Tag based spam filtering ////### + +## If a spam filter (like spamassassin or j-chkmail) add a smtp headers to tag spams, name of this header (example X-Spam-Status) +antispam_tag_header_name X-Spam-Status + +## Regexp applied on this header to verify message is a spam (example \s*Yes) +antispam_tag_header_spam_regexp ^\s*Yes + +## Regexp applied on this header to verify message is NOT a spam (example \s*No) +antispam_tag_header_ham_regexp ^\s*No + +## Messages are supposed to be filtered by an antispam that add one more headers to messages. This parameter is used to select a special scenario in order to decide the message spam status: ham, spam or unsure. This parameter replace antispam_tag_header_name, antispam_tag_header_spam_regexp and antispam_tag_header_ham_regexp. +spam_status x-spam-status + +###\\\\ Web interface parameters ////### + +edit_list owner + +## URL of a virtual host +#http_host https://fripost.org + +## The password validation techniques to be used against user passwords that are added to mailing lists. Options come from Data::Password (http://search.cpan.org/~razinf/Data-Password-1.07/Password.pm#VARIABLES) +#password_validation MINLEN=8,GROUPS=3,DICTIONARY=4,DICTIONARIES=/pentest/dictionaries + +## Directory for storing HTML archives +## Better if not in a critical partition +arc_path /var/lib/sympa/wwsarchive + +## Default index organization when entering the web archive: either threaded +## or in chronological order +archive_default_index thrd + +## Directory for storing bounces +## Better if not in a critical partition +bounce_path /var/spool/sympa/wwsbounce + +## HTTP cookies validity domain +cookie_domain lists.fripost.org + +## HTTP cookies lifetime +cookie_expire 0 + +## Average interval to refresh HTTP session ID. +cookie_refresh 60 + +## Activates a custom archiver to use instead of MHonArc. The value of this +## parameter is the absolute path on the file system to the script of the +## custom archiver. +#custom_archiver + +## Type of main Web page ( lists | home ) +default_home home + +## Javascript excerpt that enables and configures the WYSIWYG HTML editor. +#html_editor_init + +#htmlarea_url + +## When using LDAP authentication, if the identifier provided by the user was +## a valid email, if this parameter is set to false, then the provided email +## will be used to authenticate the user. Otherwise, use of the first email +## returned by the LDAP server will be used. +ldap_force_canonical_email 1 + +#log_condition + +## Syslog facility for wwsympa, archived and bounced +## Default is to use previously defined sympa log facility. +log_facility `cat /etc/sympa/facility` + +#log_module + +## Path to MHonArc mail2html plugin +## This is required for HTML mail archiving +mhonarc /usr/bin/mhonarc + +## Password case (insensitive | sensitive) +## Should not be changed ! May invalid all user password +password_case insensitive + +## Default number of lines of the array displaying users in the review page +review_page_size 25 + +## Title of main Web page +title Mailing lists service + +## If set to "on", users will be able to post messages in HTML using a +## javascript WYSIWYG editor. +use_html_editor 0 + +## Is fast_cgi module for Apache (or Roxen) installed (0 | 1) +## This module provide much faster web interface +use_fast_cgi 1 + +## Default number of lines of the array displaying the log entries in the logs +## page +viewlogs_page_size 25 -- cgit v1.2.3