From 05d59141d1115cafb663305d680a930f089b4851 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 28 May 2016 13:49:48 +0200 Subject: Roundcube: route IMAP and managesieve traffic through IPSec. --- .../roundcube/plugins/managesieve/config.inc.php.j2 | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'roles/webmail/templates/etc/roundcube/plugins/managesieve') diff --git a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 index 6ad7343..dcaca06 100644 --- a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 +++ b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 @@ -10,7 +10,7 @@ $config['managesieve_port'] = 4190; // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // For example %n = mail.domain.tld, %d = domain.tld -$config['managesieve_host'] = 'sieve.fripost.org'; +$config['managesieve_host'] = '{{ ipsec[imapsvr.inventory_hostname_short] }}'; // authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL // or none. Optional, defaults to best method supported by server. @@ -26,19 +26,19 @@ $config['managesieve_auth_pw'] = null; // use or not TLS for managesieve server connection // Note: tls:// prefix in managesieve_host is also supported -$config['managesieve_usetls'] = true; +$config['managesieve_usetls'] = false; // Connection scket context options // See http://php.net/manual/en/context.ssl.php // The example below enables server certificate validation -$config['managesieve_conn_options'] = array( - 'ssl' => array( - 'verify_peer' => true, - 'disable_compression' => true, - 'ciphers' => 'EECDH+AES!MEDIUM!LOW!EXP!aNULL!eNULL', - 'peer_fingerprint' => array('sha1' => '{{ lookup('pipe', 'openssl x509 -in certs/public/imap.fripost.org.pem -noout -fingerprint -sha1 | sed "s/[^=]*=\s*//" | tr -d :') }}'), - ), - ); +//$config['managesieve_conn_options'] = array( +// 'ssl' => array( +// 'verify_peer' => true, +// 'verify_depth' => 3, +// 'cafile' => '/etc/openssl/certs/ca.crt', +// ), +// ); +$config['managesieve_conn_options'] = null; // default contents of filters script (eg. default spam filter) $config['managesieve_default'] = '/etc/dovecot/sieve/global'; -- cgit v1.2.3