diff options
-rw-r--r-- | manifests/virtual/web/admin.pp | 9 | ||||
-rw-r--r-- | templates/dovecot/dovecot.conf.stretch.erb | 71 | ||||
-rw-r--r-- | templates/virtual/postfixadmin/config.inc.php.erb | 2 |
3 files changed, 82 insertions, 0 deletions
diff --git a/manifests/virtual/web/admin.pp b/manifests/virtual/web/admin.pp index 2629769..b3dfd86 100644 --- a/manifests/virtual/web/admin.pp +++ b/manifests/virtual/web/admin.pp @@ -15,6 +15,15 @@ class mail::virtual::web::admin( mpm => false, } + # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856338 + file { '/usr/share/postfixadmin/templates_c': + ensure => directory, + owner => root, + group => www-data, + mode => '0770', + require => [ Package['postfixadmin'], Apache::Site['postfixadmin'] ], + } + #file { "${apache::sites_folder}/postfixadmin/site/config.inc.php": file { "/etc/postfixadmin/config.inc.php": ensure => present, diff --git a/templates/dovecot/dovecot.conf.stretch.erb b/templates/dovecot/dovecot.conf.stretch.erb new file mode 100644 index 0000000..ff2464d --- /dev/null +++ b/templates/dovecot/dovecot.conf.stretch.erb @@ -0,0 +1,71 @@ +# 2.1.7: /etc/dovecot/dovecot.conf +# OS: Linux 2.6.32-5-vserver-amd64 x86_64 Debian 7.3 ufs + +# See http://help.directadmin.com/item.php?id=348 +listen = * + +auth_mechanisms = plain login +log_timestamp = "%Y-%m-%d %H:%M:%S " +login_log_format_elements = user=<%%u> method=%m %c +mail_location = maildir:/var/mail/virtual/%u +mail_privileged_group = mail +passdb { + args = /etc/dovecot/dovecot-sql.conf + driver = sql +} +plugin { + sieve = ~/.dovecot.sieve + sieve_storage = ~/sieve +} +protocols = imap +service auth { + unix_listener /var/spool/postfix/private/auth { + group = postfix + mode = 0660 + user = postfix + } + unix_listener auth-master { + group = mail + mode = 0600 + user = vmail + } + user = root +} + +# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before +# dropping root privileges, so keep the key file unreadable by anyone but +# root. +ssl_cert = </etc/ssl/certs/cert.crt +ssl_key = </etc/ssl/private/cert.pem + +# SSL ciphers to use +# +# Since Dovecot started using OpenSSL 1.1, we don't have to disable +# SSLv2 anymore as it's already removed from OpenSSL. +# +# See http://www.virtualmin.com/node/25057 +# https://zmap.io/sslv3/servers.html +# https://security.stackexchange.com/questions/71872/disable-sslv3-in-dovecot-tls-handshaking-failed-no-shared-cipher +# https://bbs.archlinux.org/viewtopic.php?id=225535 +ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:SSLv3 +ssl_protocols = !SSLv3 + +userdb { + args = uid=5000 gid=5000 home=/var/mail/virtual/%u allow_all_users=yes + driver = static +} +userdb { + args = /etc/dovecot/dovecot-sql.conf + driver = sql +} +protocol pop3 { + pop3_uidl_format = %08Xu%08Xv +} +protocol lda { + auth_socket_path = /var/run/dovecot/auth-master + mail_plugins = sieve + postmaster_address = postmaster@<%= @fqdn %> +} + +# Should saving a mail to a non-existing mailbox automatically create it? +lda_mailbox_autocreate = yes diff --git a/templates/virtual/postfixadmin/config.inc.php.erb b/templates/virtual/postfixadmin/config.inc.php.erb index b9b6ef8..c5560c6 100644 --- a/templates/virtual/postfixadmin/config.inc.php.erb +++ b/templates/virtual/postfixadmin/config.inc.php.erb @@ -191,6 +191,8 @@ $CONF['maxquota'] = '10'; $CONF['quota'] = 'NO'; // You can either use '1024000' or '1048576' $CONF['quota_multiplier'] = '1024000'; +// If you want to enforce domain-level quotas set this to 'YES'. +$CONF['domain_quota'] = 'YES'; // Transport // If you want to define additional transport options for a domain set this to 'YES'. |