From 713c0e5b7eb306e7f0112b93dec90c13c3df9df5 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 6 Aug 2010 18:21:23 -0300 Subject: Dovecot configuration and amavisd-new setup --- files/amavisd/15-content_filter_mode | 23 ++++++++++++++++++++ files/dovecot/dovecot.conf | 39 ++++++++++++++++++++-------------- manifests/amavisd.pp | 24 +++++++++++++++++++++ manifests/init.pp | 1 + manifests/mail.pp | 3 ++- manifests/postfixadmin.pp | 38 +++++++++++++++++---------------- templates/dovecot/dovecot-sql.conf.erb | 5 +++++ 7 files changed, 98 insertions(+), 35 deletions(-) create mode 100644 files/amavisd/15-content_filter_mode create mode 100644 manifests/amavisd.pp diff --git a/files/amavisd/15-content_filter_mode b/files/amavisd/15-content_filter_mode new file mode 100644 index 0000000..8d5f3d1 --- /dev/null +++ b/files/amavisd/15-content_filter_mode @@ -0,0 +1,23 @@ +use strict; + +# You can modify this file to re-enable SPAM checking through spamassassin +# and to re-enable antivirus checking. + +# +# Default antivirus checking mode +# Uncomment the two lines below to enable it back +# + +@bypass_virus_checks_maps = ( + \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); + + +# +# Default SPAM checking mode +# Uncomment the two lines below to enable it back +# + +@bypass_spam_checks_maps = ( + \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); + +1; # ensure a defined return diff --git a/files/dovecot/dovecot.conf b/files/dovecot/dovecot.conf index b63757b..761299a 100644 --- a/files/dovecot/dovecot.conf +++ b/files/dovecot/dovecot.conf @@ -98,6 +98,8 @@ log_timestamp = "%Y-%m-%d %H:%M:%S " # root. #ssl_cert_file = /etc/ssl/certs/dovecot.pem #ssl_key_file = /etc/ssl/private/dovecot.pem +ssl_cert_file = /etc/ssl/certs/cert.crt +ssl_key_file = /etc/ssl/private/cert.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. @@ -181,6 +183,9 @@ log_timestamp = "%Y-%m-%d %H:%M:%S " # string. #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c +# Dont log user IPs +login_log_format_elements = user=<%u> method=%m %c + # Login log format. %$ contains login_log_format_elements string, %s contains # the data we want to log. #login_log_format = %$: %s @@ -216,6 +221,7 @@ log_timestamp = "%Y-%m-%d %H:%M:%S " # # #mail_location = +mail_location = maildir:/var/mail/virtual/%u # If you need to set multiple mailbox locations or want to change default # namespace settings, you can do it by defining namespace sections. @@ -812,7 +818,7 @@ auth default { # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi # NOTE: See also disable_plaintext_auth setting. - mechanisms = plain + mechanisms = plain login # # Password database is used to verify user's password (and nothing more). @@ -919,10 +925,10 @@ auth default { #} # SQL database - #passdb sql { + passdb sql { # Path for SQL configuration file - #args = /etc/dovecot/dovecot-sql.conf - #} + args = /etc/dovecot/dovecot-sql.conf + } # LDAP database #passdb ldap { @@ -980,10 +986,10 @@ auth default { #} # SQL database - #userdb sql { + userdb sql { # Path for SQL configuration file - #args = /etc/dovecot/dovecot-sql.conf - #} + args = /etc/dovecot/dovecot-sql.conf + } # LDAP database #userdb ldap { @@ -1028,7 +1034,7 @@ auth default { #ssl_username_from_cert = no # It's possible to export the authentication interface to other programs: - #socket listen { + socket listen { #master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it @@ -1039,14 +1045,15 @@ auth default { #user = #group = #} - #client { - # The client socket is generally safe to export to everyone. Typical use - # is to export it to your SMTP server so it can do SMTP AUTH lookups - # using it. - #path = /var/run/dovecot/auth-client - #mode = 0660 - #} - #} + client { + # Assuming the default Postfix $queue_directory setting + path = /var/spool/postfix/private/auth + mode = 0660 + # Assuming the default Postfix user and group + user = postfix + group = postfix + } + } ## dovecot-lda specific settings ## diff --git a/manifests/amavisd.pp b/manifests/amavisd.pp new file mode 100644 index 0000000..1047fb0 --- /dev/null +++ b/manifests/amavisd.pp @@ -0,0 +1,24 @@ +class mail::amavisd { + # TODO: master.cf + + service { "amavisd": + ensure => running, + require => Package['amavisd-new'], + } + + service { "freshclam": + ensure => running, + require => Package['clamav-freshclam'], + } + + file { "/etc/amavis/conf.d/15-content_filter_mode": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => "puppet://$server/modules/mail/amavisd/15-content_filter_mode", + notify => Service['amavisd'], + } + + postfix::config { "content_filter": value => 'amavis:[127.0.0.1]:10024' } +} diff --git a/manifests/init.pp b/manifests/init.pp index 29bca6d..f4f98d6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -9,3 +9,4 @@ import "packages.pp" import "postfixadmin" import "sasl.pp" import "tls.pp" +import "amavisd.pp" diff --git a/manifests/mail.pp b/manifests/mail.pp index 0864b7c..7d70823 100644 --- a/manifests/mail.pp +++ b/manifests/mail.pp @@ -21,6 +21,7 @@ class mail { #include mail::dovecot #include mail::postfixadmin #include mail::header_checks + #include mail::amavisd # Postfix configuration postfix::config { @@ -29,9 +30,9 @@ class mail { "mydestination": value => "$postfix_mydestination"; "mynetworks": value => "$postfix_mynetworks"; "relay_domains": value => "$domain"; - "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; # TODO: use postfixadmin config instead "transport_maps": value => "hash:/etc/postfix/transport"; "mailbox_command": value => '/usr/bin/maildrop -d ${USER}'; + "mailbox_command": value => '/var/mail/virtual'; } postfix::hash { "/etc/postfix/virtual": diff --git a/manifests/postfixadmin.pp b/manifests/postfixadmin.pp index f265385..e400eba 100644 --- a/manifests/postfixadmin.pp +++ b/manifests/postfixadmin.pp @@ -43,18 +43,6 @@ class mail::postfixadmin { '/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf' ], } - # Additional for quota support - postfix::config { "virtual_mailbox_limit_maps": - value => 'mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf' - require => File['/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'], - } - - postfix::config { "virtual_create_maildirsize": value => 'yes' } - postfix::config { "virtual_mailbox_extended ": value => 'yes' } - postfix::config { "virtual_mailbox_limit_override": value => 'yes' } - postfix::config { "virtual_maildir_limit_message": value => 'The user's maildir has overdrawn his quota, try again later.' } - postfix::config { "virtual_overquota_bounce": value => 'yes' } - # # Map files # @@ -100,10 +88,24 @@ class mail::postfixadmin { content => template('postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf'), } - file { "/etc/postfix/mysql_virtual_mailbox_limit_maps.cf": - ensure => present, - owner => root, - mode => 0600, - content => template('postfix/sql/mysql_virtual_mailbox_limit_maps.cf'), - } + # + # Additional for quota support + # + #postfix::config { "virtual_mailbox_limit_maps": + # value => 'mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf' + # require => File['/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'], + #} + # + #postfix::config { "virtual_create_maildirsize": value => 'yes' } + #postfix::config { "virtual_mailbox_extended ": value => 'yes' } + #postfix::config { "virtual_mailbox_limit_override": value => 'yes' } + #postfix::config { "virtual_maildir_limit_message": value => 'The user's maildir has overdrawn his quota, try again later.' } + #postfix::config { "virtual_overquota_bounce": value => 'yes' } + # + #file { "/etc/postfix/mysql_virtual_mailbox_limit_maps.cf": + # ensure => present, + # owner => root, + # mode => 0600, + # content => template('postfix/sql/mysql_virtual_mailbox_limit_maps.cf'), + #} } diff --git a/templates/dovecot/dovecot-sql.conf.erb b/templates/dovecot/dovecot-sql.conf.erb index 7661e25..c5c7f87 100644 --- a/templates/dovecot/dovecot-sql.conf.erb +++ b/templates/dovecot/dovecot-sql.conf.erb @@ -26,6 +26,7 @@ # Database driver: mysql, pgsql, sqlite #driver = +driver = mysql # Database connection string. This is driver-specific setting. # @@ -55,6 +56,7 @@ # connect = /etc/dovecot/authdb.sqlite # #connect = dbname=virtual user=virtual +connect = host=<%= postfixadmin_hosts %> dbname=<%= postfixadmin_dbname %> user=<%= postfixadmin_user %> password=<%= postfixadmin_password %> # Default password scheme. # @@ -62,6 +64,7 @@ # http://wiki.dovecot.org/Authentication/PasswordSchemes # #default_pass_scheme = PLAIN-MD5 +default_pass_scheme = MD5-CRYPT # Query to retrieve the password. # @@ -89,6 +92,7 @@ # password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y' # #password_query = SELECT userid as user, password FROM users WHERE userid = '%u' +password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1' # Query to retrieve the user information. # @@ -109,6 +113,7 @@ # user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' # #user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' +user_query = SELECT maildir, 1001 AS uid, 1001 AS gid FROM mailbox WHERE username = '%u' AND active='1' # If you wish to avoid two SQL lookups (passdb + userdb), you can use # userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll -- cgit v1.2.3