This commit is contained in:
Tube 2023-11-01 16:00:52 +01:00
commit fb7878aa8f
3 changed files with 228 additions and 0 deletions

View File

@ -23,6 +23,7 @@ vars:
"submission_key" string => "$(cfg_dir)/private/submission.key";
"submission_cert" string => "$(cfg_dir)/private/submission.crt";
"sievec_exe" string => "/usr/bin/sievec";
"service_name" string => "dovecot";
@ -50,6 +51,7 @@ vars:
"submission_key" string => "$(cfg_dir)/private/submission.key";
"submission_cert" string => "$(cfg_dir)/private/submission.crt";
"service_name" string => "dovecot";
"sievec_exe" string => "/usr/bin/sievec";
use_ssl::
"service_deps" slist => {
@ -158,3 +160,28 @@ bundle agent install_dovecot_pkgs
methods:
"any" usebundle => wmde_install_packages(@(dovecot.pkgs),"dovecot");
}
bundle agent install_global_sieve_script( filename , content)
{
vars:
"rep_class" string =>"global_sieve_repaired_$(filename)";
files:
"$(filename)"
create => "true",
content => "$(content)",
perms => m("644"),
handle => "global_sieve_$(filename)_created",
classes => if_repaired (sieve_repaired);
commands:
# sieve_repaired::
# "$(dovecot.sievec_exe)"
# args => "$(filename)",
# depends_on => { "global_sieve_$(filename)_created" };
reports:
"FILENAME: $(filename)";
}

190
mailserver.cf Normal file
View File

@ -0,0 +1,190 @@
#
#
#
bundle agent install_mailserver(param_cfg)
{
vars:
"default_cfg" data => '{
"pam_auth":true,
"vimb_auth":false,
"imap":true,
"submission":true,
"smtp":true,
"pop3":false,
"sieve":false,
"ssl":false,
"opendkim":false,
"myhostname":"$(sys.host)",
"myorigin":"$myhostname",
"mydestination":"$myhostname, localhost",
"mail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
"vmail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
}';
"cfg" data => mergedata(@(default_cfg),@(param_cfg));
"dovecot_protos" string => string_mustache (
'"lmtp"{{#cfg.imap}},"imap"{{/cfg.imap}}{{#cfg.pop3}},"pop3"{{/cfg.pop3}}{{#cfg.sieve}},"sieve"{{/cfg.sieve}}',
bundlestate("$(this.bundle)")
);
"imaps_port" string => ifelse(strcmp("$(cfg[ssl])","true"),"993","0");
"pop3s_port" string => ifelse(strcmp("$(cfg[ssl])","true"),"995","0");
"dbs" string => string_mustache('
"userdbs":[
{{#cfg.pam_auth}}
{
"driver":"passwd",
"args":""
},
{{/cfg.pam_auth}}
{{#fg.vimb_auth}}
{
"driver":"sql",
"args":"$(dovecot_vimbadmin_sql.cfg_file)"
},
{{/cfg.vimb_auth}}
],
"passdbs":[
{{#cfg.pam_auth}}
{
"driver":"pam",
"args":"dovecot"
},
{{/cfg.pam_auth}}
{{#cfg.vimb_auth}}
{
"driver":"sql",
"args":"$(dovecot_vimbadmin_sql.cfg_file)"
} ,
{{/cfg.vimb_auth}}
],',
bundlestate("$(this.bundle)"));
"dovecot_cfg" data => '{
"protocols":[$(dovecot_protos)],
"ssl":$(cfg[ssl]),
$(dbs)
"services":{
"imap-login":{
"raw":"
inet_listener imap {
port = 143
}
inet_listener imaps {
port = $(imaps_port)
ssl = yes
}
"
}
,
"pop3-login":{
"raw":"
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = $(pop3s_port)
ssl = yes
}
"
}
,
"auth":{
"raw":"
unix_listener $(postfix.queue_dir)/private/auth {
user = postfix
group = postfix
mode = 0666
}
"
}
,
"lmtp":{
"raw":"
unix_listener $(postfix.queue_dir)/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
"
}
}
}';
"postfix_cfg" data => '{
"non_smtpd_milters":[
"unix:$(postfix.queue_dir)/private/opendkim"
]
,
"services" : [
{
"name":"submission"
"comment": "Submission service"
"enable":$(cfg[submission]),
"type":"inet",
"private":"n",
"unpriv":"-",
"chroot":"n",
"wakeup":"-",
"maxproc":"-",
"command":"smtpd",
"args":[
"{ -o smtpd_sender_restrictions = permit_sasl_authenticated reject }",
],
}
,
{
"name":"smtp",
"comment": "SMTP service",
"enable":$(cfg[smtp]),
"type":"inet",
"private":"n",
"unpriv":"-",
"chroot":"n",
"wakeup":"-",
"maxproc":"-",
"command":"smtpd",
"args":[
"{ -o smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination }"
"{ -o smtpd_client_restrictions = permit_mynetworks reject }",
"{ -o smtpd_relay_restrictions = permit_mynetworks reject }",
"{ -o smtpd_sender_restrictions = permit_mynetworks }"
]
}
]
,
"main_raw":"
myhostname=$(cfg[myhostname])
mydestination=$(cfg[mydestination])
myorigin=$(cfg[myorigin])
"
,
"master_raw":""
}
';
methods:
"any" usebundle => install_postfix_pkgs;
"any" usebundle => install_dovecot_pkgs;
"any" usebundle => dovecot(@(dovecot_cfg));
"any" usebundle => postfix(@(postfix_cfg));
reports:
"DCP: $(dovecot_protos)";
"DBS: $(dbs)";
}

View File

@ -0,0 +1,11 @@
#!/bin/sh
#!/bin/sh
# Check for the presence of the certificate file
if [ ! -f "$1" ]; then
exit 0
fi
# Extract subjectAltName from the certificate
openssl x509 -in "$1" -text -noout | grep -E -o "DNS:[^,]*" | sed 's/DNS://g' | tr -d ' ' | tr ',' ' ' | sort | tr '\n' ' '