[D-community-commits] r191 - in trunk/fai-config-dir: files/etc files/etc/imapd.conf files/etc/postfix files/etc/postfix/ldap-aliases.cf files/etc/postfix/master.cf scripts/MAILSERVER
nd-guest at alioth.debian.org
nd-guest at alioth.debian.org
Mon Jan 7 21:19:10 UTC 2008
Author: nd-guest
Date: 2008-01-07 21:19:10 +0000 (Mon, 07 Jan 2008)
New Revision: 191
Added:
trunk/fai-config-dir/files/etc/imapd.conf/
trunk/fai-config-dir/files/etc/imapd.conf/MAILSERVER
trunk/fai-config-dir/files/etc/postfix/ldap-aliases.cf/
trunk/fai-config-dir/files/etc/postfix/ldap-aliases.cf/MAILSERVER
trunk/fai-config-dir/files/etc/postfix/master.cf/
trunk/fai-config-dir/files/etc/postfix/master.cf/MAILSERVER
trunk/fai-config-dir/scripts/MAILSERVER/50-cyrus
Log:
configure postfix to use ldap as alias db.
start setting up cyrus
Added: trunk/fai-config-dir/files/etc/imapd.conf/MAILSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/imapd.conf/MAILSERVER (rev 0)
+++ trunk/fai-config-dir/files/etc/imapd.conf/MAILSERVER 2008-01-07 21:19:10 UTC (rev 191)
@@ -0,0 +1,327 @@
+# Debian Cyrus imapd.conf
+# $Id: imapd.conf 565 2006-08-14 16:51:28Z sven $
+# See imapd.conf(5) for more information and more options
+
+# Configuration directory
+configdirectory: /var/lib/cyrus
+
+# Which partition to use for default mailboxes
+defaultpartition: default
+partition-default: /var/spool/cyrus/mail
+
+# News setup
+partition-news: /var/spool/cyrus/news
+newsspool: /var/spool/news
+
+# Alternate namespace
+# If enabled, activate the alternate namespace as documented in
+# /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user's
+# subfolders are in the same level as the INBOX
+# See also userprefix and sharedprefix on imapd.conf(5)
+altnamespace: no
+
+# UNIX Hierarchy Convention
+# Set to yes, and cyrus will accept dots in names, and use the forward
+# slash "/" to delimit levels of the hierarchy. This is done by converting
+# internally all dots to "^", and all "/" to dots. So the "rabbit.holes"
+# mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes"
+unixhierarchysep: no
+
+# Rejecting illegal characters in headers
+# Headers of RFC2882 messages must not have characters with the 8th bit
+# set. However, too many badly-written MUAs generate this, including most
+# spamware. Enable this to reject such messages.
+#reject8bit: yes
+
+# Munging illegal characters in headers
+# Headers of RFC2882 messages must not have characters with the 8th bit
+# set. However, too many badly-written MUAs generate this, including most
+# spamware. If you kept reject8bit disabled, you can choose to leave the
+# crappage untouched by disabling this (if you don't care that IMAP SEARCH
+# won't work right anymore.
+#munge8bit: no
+
+# Forcing recipient user to lowercase
+# Cyrus 2.2 is case-sensitive. If all your mail users are in lowercase, it is
+# probably a very good idea to set lmtp_downcase_rcpt to true. This is set by
+# default, per RFC2821. This was not set by default in debian versions up to
+# and including 2.2.12-4.
+lmtp_downcase_rcpt: yes
+
+# Uncomment the following and add the space-separated users who
+# have admin rights for all services.
+#admins: cyrus
+
+# Space-separated list of users that have lmtp "admin" status (i.e. that
+# can deliver email through TCP/IP lmtp). If specified, this parameter
+# overrides the "admins" parameter above
+#lmtp_admins: postman
+
+# Space-separated list of users that have mupdate "admin" status, in
+# addition to those in the admins: entry above. Note that mupdate slaves and
+# backends in a Murder cluster need to autenticate against the mupdate master
+# as admin users.
+#mupdate_admins: mupdateman
+
+# Space-separated list of users that have imapd "admin" status, in
+# addition to those in the admins: entry above
+#imap_admins: cyrus
+
+# Space-separated list of users that have sieve "admin" status, in
+# addition to those in the admins: entry above
+#sieve_admins: cyrus
+
+# List of users and groups that are allowed to proxy for other users,
+# seperated by spaces. Any user listed in this will be allowed to login
+# for any other user. Like "admins:" above, you can have imap_proxyservers
+# and sieve_proxyservers.
+#proxyservers: cyrus
+
+# No anonymous logins
+allowanonymouslogin: no
+
+# Minimum time between POP mail fetches in minutes
+popminpoll: 1
+
+# If nonzero, normal users may create their own IMAP accounts by creating
+# the mailbox INBOX. The user's quota is set to the value if it is positive,
+# otherwise the user has unlimited quota.
+autocreatequota: 90
+
+# umask used by Cyrus programs
+umask: 077
+
+# Sendmail binary location
+# DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3.
+# For now, to work around the bug, set this to a wrapper that calls
+# /usr/sbin/sendmail -dropcr instead if you use Exim 3.
+#sendmail: /usr/sbin/sendmail
+
+# If enabled, cyrdeliver will look for Sieve scripts in user's home
+# directories: ~user/.sieve.
+sieveusehomedir: false
+
+# If sieveusehomedir is false, this directory is searched for Sieve scripts.
+sievedir: /var/spool/sieve
+
+# notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL"
+# notifications are disabled. Valid methods are: null, log, zephyr
+#mailnotifier: zephyr
+
+# notifyd(8) method to use for "SIEVE" notifications. If not set, "SIEVE"
+# notifications are disabled. This method is only used when no method is
+# specified in the script. Valid methods are null, log, zephyr, mailto
+#sievenotifier: zephyr
+
+# DRAC (pop-before-smtp, imap-before-smtp) support
+# Set dracinterval to the time in minutes to call DRAC while a user is
+# connected to the imap/pop services. Set to 0 to disable DRAC (default)
+# Set drachost to the host where the rpc drac service is running
+#dracinterval: 0
+#drachost: localhost
+
+# If enabled, the partitions will also be hashed, in addition to the hashing
+# done on configuration directories. This is recommended if one partition has a
+# very bushy mailbox tree.
+hashimapspool: true
+
+# Allow plaintext logins by default (SASL PLAIN)
+allowplaintext: yes
+
+# Force PLAIN/LOGIN authentication only
+# (you need to uncomment this if you are not using an auxprop-based SASL
+# mechanism. saslauthd users, that means you!). And pay attention to
+# sasl_minimum_layer and allowapop below, too.
+sasl_mech_list: PLAIN
+
+# Allow use of the POP3 APOP authentication command.
+# Note that this command requires that the plaintext passwords are
+# available in a SASL auxprop backend (eg. sasldb), and that the system
+# can provide enough entropy (eg. from /dev/urandom) to create a challenge
+# in the banner.
+#allowapop: no
+
+# The minimum SSF that the server will allow a client to negotiate. A
+# value of 1 requires integrity protection; any higher value requires some
+# amount of encryption.
+#sasl_minimum_layer: 0
+
+# The maximum SSF that the server will allow a client to negotiate. A
+# value of 1 requires integrity protection; any higher value requires some
+# amount of encryption.
+#sasl_maximum_layer: 256
+
+# List of remote realms whose users may log in using cross-realm
+# authentications. Seperate each realm name by a space. A cross-realm
+# identity is considered any identity returned by SASL with an "@" in it.
+# NOTE: To support multiple virtual domains on the same interface/IP,
+# you need to list them all as loginreals. If you don't list them here,
+# (most of) your users probably won't be able to log in.
+#loginrealms: example.com
+
+# Enable virtual domain support. If enabled, the user's domain will
+# be determined by splitting a fully qualified userid at the last '@'
+# or '%' symbol. If the userid is unqualified, and the virtdomains
+# option is set to "on", then the domain will be determined by doing
+# a reverse lookup on the IP address of the incoming network
+# interface, otherwise the user is assumed to be in the default
+# domain (if set).
+#virtdomains: userid
+
+# The default domain for virtual domain support
+# If the domain of a user can't be taken from its login and it can't
+# be determined by doing a reverse lookup on the interface IP, this
+# domain is used.
+#defaultdomain:
+
+#
+# SASL library options (these are handled directly by the SASL libraries,
+# refer to SASL documentation for an up-to-date list of these)
+#
+
+# The mechanism(s) used by the server to verify plaintext passwords. Possible
+# values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue". They
+# are tried in order, you can specify more than one, separated by spaces.
+#
+# Do note that, since sasl will be run as user cyrus, you may have a lot of
+# trouble to set this up right.
+sasl_pwcheck_method: saslauthd
+
+# What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop
+# by default, all plugins are tried (which is probably NOT what you want).
+#sasl_auxprop_plugin: sasldb
+
+# If enabled, the SASL library will automatically create authentication secrets
+# when given a plaintext password. Refer to SASL documentation
+sasl_auto_transition: no
+
+#
+# SSL/TLS Options
+#
+
+# File containing the global certificate used for ALL services (imap, pop3,
+# lmtp, sieve)
+#tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+# File containing the private key belonging to the global server certificate.
+#tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
+
+# File containing the certificate used for imap. If not specified, the global
+# certificate is used. A value of "disabled" will disable SSL/TLS for imap.
+#imap_tls_cert_file: /etc/ssl/certs/cyrus-imap.pem
+
+# File containing the private key belonging to the imap-specific server
+# certificate. If not specified, the global private key is used. A value of
+# "disabled" will disable SSL/TLS for imap.
+#imap_tls_key_file: /etc/ssl/private/cyrus-imap.key
+
+# File containing the certificate used for pop3. If not specified, the global
+# certificate is used. A value of "disabled" will disable SSL/TLS for pop3.
+#pop3_tls_cert_file: /etc/ssl/certs/cyrus-pop3.pem
+
+# File containing the private key belonging to the pop3-specific server
+# certificate. If not specified, the global private key is used. A value of
+# "disabled" will disable SSL/TLS for pop3.
+#pop3_tls_key_file: /etc/ssl/private/cyrus-pop3.key
+
+# File containing the certificate used for lmtp. If not specified, the global
+# certificate is used. A value of "disabled" will disable SSL/TLS for lmtp.
+#lmtp_tls_cert_file: /etc/ssl/certs/cyrus-lmtp.pem
+
+# File containing the private key belonging to the lmtp-specific server
+# certificate. If not specified, the global private key is used. A value of
+# "disabled" will disable SSL/TLS for lmtp.
+#lmtp_tls_key_file: /etc/ssl/private/cyrus-lmtp.key
+
+# File containing the certificate used for sieve. If not specified, the global
+# certificate is used. A value of "disabled" will disable SSL/TLS for sieve.
+#sieve_tls_cert_file: /etc/ssl/certs/cyrus-sieve.pem
+
+# File containing the private key belonging to the sieve-specific server
+# certificate. If not specified, the global private key is used. A value of
+# "disabled" will disable SSL/TLS for sieve.
+#sieve_tls_key_file: /etc/ssl/private/cyrus-sieve.key
+
+# File containing one or more Certificate Authority (CA) certificates.
+#tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem
+
+# Path to directory with certificates of CAs.
+tls_ca_path: /etc/ssl/certs
+
+# The length of time (in minutes) that a TLS session will be cached for later
+# reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will
+# disable session caching.
+tls_session_timeout: 1440
+
+# The list of SSL/TLS ciphers to allow, in decreasing order of precedence.
+# The format of the string is described in ciphers(1). The Debian default
+# selects TLSv1 high-security ciphers only, and removes all anonymous ciphers
+# from the list (because they provide no defense against man-in-the-middle
+# attacks). It also orders the list so that stronger ciphers come first.
+tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
+
+# Require a client certificate for ALL services (imap, pop3, lmtp, sieve).
+#tls_require_cert: false
+
+# Require a client certificate for imap ONLY.
+#imap_tls_require_cert: false
+
+# Require a client certificate for pop3 ONLY.
+#pop3_tls_require_cert: false
+
+# Require a client certificate for lmtp ONLY.
+#lmtp_tls_require_cert: false
+
+# Require a client certificate for sieve ONLY.
+#sieve_tls_require_cert: false
+
+#
+# Cyrus Murder cluster configuration
+#
+# Set the following options to the values needed for this server to
+# autenticate against the mupdate master server:
+# mupdate_server
+# mupdate_port
+# mupdate_username
+# mupdate_authname
+# mupdate_realm
+# mupdate_password
+# mupdate_retry_delay
+
+##
+## KEEP THESE IN SYNC WITH cyrus.conf
+##
+# Unix domain socket that lmtpd listens on.
+lmtpsocket: /var/run/cyrus/socket/lmtp
+
+# The idle backend to use for IDLE command.
+# Options: poll (default), idled, no
+# poll doesn't need the idled daemon and is supposed to be more robust.
+# however it doesn't update as quickly as the idled backend does. "no"
+# turns off IDLE support. If set to "idled", you will also need to enable
+# the "idled" entry in cyrus.conf.
+idlemethod: poll
+
+# Unix domain socket that idled listens on.
+idlesocket: /var/run/cyrus/socket/idle
+
+# Unix domain socket that the new mail notification daemon listens on.
+notifysocket: /var/run/cyrus/socket/notify
+
+# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.)
+syslog_prefix: cyrus
+
+##
+## DEBUGGING
+##
+# Debugging hook. See /usr/share/doc/cyrus-common-2.2/README.Debian.debug
+# Keep the hook disabled when it is not in use
+#
+# gdb Back-traces
+#debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 &
+#
+# system-call traces
+#debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 &
+#
+# library traces
+#debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 &
Added: trunk/fai-config-dir/files/etc/postfix/ldap-aliases.cf/MAILSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/postfix/ldap-aliases.cf/MAILSERVER (rev 0)
+++ trunk/fai-config-dir/files/etc/postfix/ldap-aliases.cf/MAILSERVER 2008-01-07 21:19:10 UTC (rev 191)
@@ -0,0 +1,6 @@
+server_host = localhost
+search_base = ou=People,dc=debian-community,dc=org
+version = 3
+bind = no
+query_filter = (uid=%s)
+result_attribute = mail
Added: trunk/fai-config-dir/files/etc/postfix/master.cf/MAILSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/postfix/master.cf/MAILSERVER (rev 0)
+++ trunk/fai-config-dir/files/etc/postfix/master.cf/MAILSERVER 2008-01-07 21:19:10 UTC (rev 191)
@@ -0,0 +1,76 @@
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+smtp inet n - - - - smtpd
+#submission inet n - - - - smtpd
+# -o smtpd_enforce_tls=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#smtps inet n - - - - smtpd
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#628 inet n - - - - qmqpd
+pickup fifo n - - 60 1 pickup
+cleanup unix n - - - 0 cleanup
+qmgr fifo n - n 300 1 qmgr
+#qmgr fifo n - - 300 1 oqmgr
+tlsmgr unix - - - 1000? 1 tlsmgr
+rewrite unix - - - - - trivial-rewrite
+bounce unix - - - - 0 bounce
+defer unix - - - - 0 bounce
+trace unix - - - - 0 bounce
+verify unix - - - - 1 verify
+flush unix n - - 1000? 0 flush
+proxymap unix - - n - - proxymap
+smtp unix - - - - - smtp
+# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
+relay unix - - - - - smtp
+ -o fallback_relay=
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - - - - showq
+error unix - - - - - error
+discard unix - - - - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - - lmtp
+anvil unix - - - - 1 anvil
+scache unix - - - - 1 scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix - n n - 2 pipe
+ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman unix - n n - - pipe
+ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ ${nexthop} ${user}
+
Added: trunk/fai-config-dir/scripts/MAILSERVER/50-cyrus
===================================================================
--- trunk/fai-config-dir/scripts/MAILSERVER/50-cyrus (rev 0)
+++ trunk/fai-config-dir/scripts/MAILSERVER/50-cyrus 2008-01-07 21:19:10 UTC (rev 191)
@@ -0,0 +1,5 @@
+#! /bin/sh
+
+fcopy -M /etc/imapd.conf
+
+
More information about the D-community-commits
mailing list