Initial commit

mailserver.cf

@@ -31,6 +31,7 @@ vars:
 		"ssl":false,
 		"opendkim":false,
 		"myhostname":"$(sys.host)",
+		"mynetworks":"",
 		"myorigin":"$myhostname",
 		"mydestination":"$myhostname, localhost",
 		"mail_location" : "mbox:~/mail:LAYOUT=maildir++:INBOX=/var/mail/%u:INDEX=~/mail/index:CONTROL=~/mail/control"
@@ -43,6 +44,7 @@ vars:
 
 		"roundcube_db_pass":"roundcube-secret",
 		"roundcube_version":"1.6.4",
+		"roundcube_password_recovery":false,
 
                 "vimb_rememberme_salt":"Xa])o3GwVe-$8>-vz}y<uR/@Nr*tMwA!^O,D~Npj/JBq8:kM=mLLF(UlFhPntV.(",
                 "vimb_password_salt":"1M;C&Mn{4}){:f=VH*99S%dp)lnKdaQ8#;g>~+&D\C!2Ni+_AeocxD^ZhGQz-H/8",
@@ -55,11 +57,20 @@ vars:
 		"vmail_dir":"/var/vmail",
 
                 "vimb_src_tgz":"$(sys.workdir)/data/public/vimbadmin-3.4.1.tar.gz",
-		"php_handler":"$(apache.default_php_handler)"
+		"php_handler":"$(apache.default_php_handler)",
+		"postmaster_mail":"postmaster@$(sys.host)",
+		"webmaster_mail":"webmaster@$(sys.host)"
+		
 	}';
 
+	
+
 	"cfg" data => mergedata(@(default_cfg),@(param_cfg));	
 
+	"roundcube_plugins" string => ifelse(strcmp("$(cfg[roundcube_password_recovery])","true"),
+		"['acl', 'archive', 'attachment_reminder', 'emoticons', 'enigma', 'hide_blockquote', 'identicon', 'jqueryui', 'managesieve', 'markasjunk', 'newmail_notifier', 'password', 'password_recovery', 'vcard_attachments', 'zipdownload']",
+		"['acl', 'archive', 'attachment_reminder', 'emoticons', 'enigma', 'hide_blockquote', 'identicon', 'jqueryui', 'managesieve', 'markasjunk', 'newmail_notifier', 'password', 'vcard_attachments', 'zipdownload']");
+
         "mysql_cfg" data => '{
 		"settings":{
 			"mysqld":{
@@ -84,7 +95,7 @@ vars:
         "vimb_site" data => '{
                 "domain":"$(cfg[vimb_domain])",
                 "aliases":[ ],
-                "email":"7u83@mail.ru",
+                "email":"$(cfg[webmaster_mail])",
                 "disable":false,
 		"doc_root":"$(apache.www_dir)/$(cfg[vimb_domain])/public",
 		"php_handler":"$(cfg[php_handler])",
@@ -119,10 +130,10 @@ Alias /vimbadmin $(apache.www_dir)/$(cfg[vimb_domain])/public
         "roundcube_site" data => '{
                 "domain":"$(cfg[webmail_domain])",
                 "aliases":[ ],
-                "email":"7u83@mail.ru",
+                "email":"$(cfg[webmaster_mail])",
                 "disable":false,
 		"php_handler":"$(cfg[php_handler])",
-		"doc_root":"$(apache.www_dir)/$(cfg[webmail_domain])/public",
+		"doc_root":"$(apache.www_dir)/$(cfg[webmail_domain])/public/",
                 "ssl":true,
                 "raw":"
 		"
@@ -142,16 +153,28 @@ Alias /vimbadmin $(apache.www_dir)/$(cfg[vimb_domain])/public
 		"backup_dir":"$(cfg[backup_dir])/roundcube",
 		"settings":{
 			"imap_host":"\'tls://$(cfg[imap_domain]):143\'",
-			"smtp_host":"\'tls://$(cfg[smtp_domain]):587\'"	
+			"smtp_host":"\'tls://$(cfg[smtp_domain]):587\'",
-		}
+			"plugins":"$(roundcube_plugins)"
-
+		},
+		"keep_installer":true
         }';
 
+	"roundcube_password_recover_cfg" data => '{
+                "db_host":"$(vimb_cfg[db_host])",
+		"db_user":"$(vimb_cfg[db_user])",
+		"db_pass":"$(vimb_cfg[db_pass])",
+		"db_name":"$(vimb_cfg[db_name])",
+		"settings":{
+			"pr_admin_email":"\'$(cfg[postmaster_mail])\'",
+			"pr_replyto_email":"\'$(cfg[postmaster_mail])\'"
+		}	
+	}';
+
 
         "rspamd_site" data => '{
                 "domain" : "$(cfg[rspamd_domain])",
                 "aliases" : [ ],
-                "email": "7u83@mail.ru",
+                "email": "$(cfg[webmaster_mail])",
                 "disable": false,
                 "ssl": true,
                 "doc_root":"$(apache.www_dir)/$(cfg[rspamd_domain])",
@@ -384,13 +407,14 @@ managesieve_max_line_length = 65536
 		]
 		,
 		"main_raw":"
-#debug_peer_level=4
+debug_peer_level=4
-#debug_peer_list= 5.9.7.163
+debug_peer_list=128.140.41.19
 #compatibility_level = 3.8
 myhostname=$(cfg[myhostname])
 mydestination=$(cfg[mydestination])
 alias_maps=$(cfg[alias_maps])
 myorigin=$(cfg[myorigin])
+mynetworks=$(cfg[mynetworks])
 local_recipient_maps = unix:passwd.byname $alias_maps
 
 virtual_transport =  lmtp:unix:private/dovecot-lmtp     
@@ -445,6 +469,8 @@ methods:
 		depends_on => {"aia_roundcube_installed"};
 
 	"any" usebundle => configure_roundcube_password_plugin(@(vimb_cfg));
+	
+	"any" usebundle => roundcube_install_password_recovery_plugin(@(roundcube_password_recover_cfg));
 
 
 	"any" usebundle => install_postfix_pkgs;
@@ -503,7 +529,7 @@ vars:
                 "aliases":[
 			"$(aia_mailserver.cfg[smtp_domain])" 
 		],
-                "email":"7u83@mail.ru",
+                "email":"$(aia_mailserver.cfg[webmaster_mail])",
                 "disable":false,
         }';
 

roundcube.cf

@@ -8,6 +8,7 @@ bundle agent roundcube(cfg)
 
 classes:
 	"dlbyversion" expression => not (isvariable ("cfg[src_tgz]"));
+	"keep_installer" expression => isvariable("cfg[keep_installer]");
 
 
 	"roundcube_untar" expression => not(fileexists("$(install_sub_dir)/index.php"));
@@ -83,7 +84,8 @@ methods:
 	"any" usebundle => mysql_table_exists(@(cfg),"users");
 	
 	config_exists|roundcube_config_repaired::
-		"any" usebundle => rm_rf ("$(install_sub_dir)/installer");
+		"any" usebundle => rm_rf ("$(install_sub_dir)/installer"),
+		if => not(keep_installer);
 
 commands:
 	roundcube_untar|roundcube_tgz_file_repaired::
@@ -200,14 +202,18 @@ vars:
 vars:
 	"exx" string => "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!33).*$";
 
+	"thev" string => "$($(v)[$(i)])";
+
 replace_patterns:
-	"^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$($(v)[$(i)]);$).*"
+#	"^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$($(v)[$(i)]);$).*"
+	"^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$(ev[$(i)]);$).*"
            comment => "Correct the value '$(i)'",
       #replace_with => value("$config['$(i)']=$($(v)[$(i)])"),
       replace_with => value("$config['$(i)']=$($(v)[$(i)]);"),
            classes => results("bundle", "replace_attempted_$(i)");
 
 reports:
+	"THE V: $(thev)";
 
   insert_lines:
       # If the line doesn't exist, or there is more than one occurrence
@@ -239,7 +245,7 @@ vars:
 
 	"settings[db_dsnw]" string => "'mysql://$(cfg[db_user]):$(cfg[db_pass])@$(cfg[db_host])/$(cfg[db_name])'";
 	"settings[language]" string => "'us_EN'";
-
+	"settings[plugins]" string => "['acl', 'archive', 'attachment_reminder', 'emoticons', 'enigma', 'hide_blockquote', 'identicon', 'jqueryui', 'managesieve', 'markasjunk', 'newmail_notifier', 'password', 'vcard_attachments', 'zipdownload']";
 
 	"idx" slist  => getindices(@(cfg[settings]));
 	"settings[$(idx)]" string => "$(cfg[settings][$(idx)])";
@@ -294,6 +300,65 @@ files:
 	edit_line => rc_line_based("$(this.bundle).settings"),
 	handle => "roundcube_password_config_edited",
 	depends_on => {"roundcube_password_config_created"};
-
-
 }
+
+
+bundle agent roundcube_install_password_recovery_plugin(param_cfg)
+{
+classes:
+	"run_git" expression => not(fileexists("$(roundcube.install_sub_dir)/plugins/password_recovery"));
+
+vars:
+	"config_file" string => "$(roundcube.install_sub_dir)/plugins/password_recovery/config.inc.php";
+
+	"default_cfg" data => '{
+		"password_recovery_git_url":"https://srcsrv.wikimedia.de/WMDE/roundcube-password_recovery.git -b wmde",
+	}';
+
+
+
+	"cfg" data => mergedata(@(default_cfg),@(param_cfg));	
+
+	"settings[pr_db_dsn]" string => "'mysql://$(cfg[db_user]):$(cfg[db_pass])@$(cfg[db_host])/$(cfg[db_name])'";
+	"settings[pr_fields]" string => "[ 'altemail' =>  'alt_email']";
+	"settings[pr_default_smtp_server]" string => "'localhost:25'";
+
+	"idx" slist  => getindices(@(cfg[settings]));
+	"settings[$(idx)]" string => "$(cfg[settings][$(idx)])";
+
+methods:
+	"any" usebundle => install_wget, handle=>"roundcube_wget_installed";
+
+commands:
+	run_git::
+	"git clone --depth 1 $(cfg[password_recovery_git_url]) $(roundcube.install_sub_dir)/plugins/password_recovery && chown -R $(apache.www_user):$(apache.www_group) $(roundcube.install_sub_dir)/plugins/password_recovery"
+
+	contain => wmde_cmd_useshell,
+	handle => "roundcube_password_recovery_git_cloned",
+	depends_on => {"roundcube_wget_installed"};
+
+	!run_git::
+	"/usr/bin/true"
+	inform => "false",	
+	handle => "roundcube_password_recovery_git_cloned";
+
+files:
+	"$(config_file)"
+	perms => m("644"),
+	copy_from => seed_cp("$(def.wmde_lib)/templates/roundcube-password_recovery-config.inc.php.mustache"),
+	depends_on => {"roundcube_password_recovery_git_cloned"},
+	handle => "roundcube_password_recover_config_created";
+
+	"$(config_file)"
+	edit_line => rc_line_based("$(this.bundle).settings"),
+	handle => "roundcube_password_recover_config_edited",
+	depends_on => {"roundcube_password_recover_config_created"};
+
+reports:
+	run_git::
+	"Run git";		
+	!run_git::
+	"Dont run git";
+}
+
+

templates/postfix-main.cf.mustache

@@ -109,6 +109,7 @@ mail_owner = {{vars.postfix.mail_owner}}
 # parameters.
 #
 #mydomain = domain.tld
+mynetworks_style = host
 
 #
 # CFengine Raw
@@ -286,7 +287,7 @@ unknown_local_recipient_reject_code = 550
 # 
 #mynetworks_style = class
 #mynetworks_style = subnet
-mynetworks_style = host
+#mynetworks_style = host
 
 # Alternatively, you can specify the mynetworks list by hand, in
 # which case Postfix ignores the mynetworks_style setting.

templates/roundcube-password_recovery-config.inc.php.mustache

@@ -0,0 +1,71 @@
+<?php
+
+// Database connection string and table name with user passwords
+$config['pr_db_dsn']      = 'mysql://vimbadmin:vimbdb-secret@localhost/vimbadmin';
+$config['pr_users_table'] = 'mailbox';
+
+// Array with names for ext_fields in 'pr_users_table': [name_for_plugin => name_in_db]
+// When using the postfix database 'mailbox' table, you must add two columns to this table: 'question' and 'answer'
+// If the plugin does not find the columns it needs in the database, they will be created automatically
+$config['pr_fields'] = [ 'altemail' => 'alt_email' ];
+#    'phone'    => 'phone', 'question' => 'question', 'answer'   => 'answer',
+
+// Admin email (this account will receive alerts when an user does not have an alternative email and phone)
+$config['pr_admin_email'] = 'postmaster@your.domain.com';
+
+// Address to be indicated as reply-to in mail notifications
+$config['pr_replyto_email'] = 'postmaster@your.domain.com';
+
+// Use secret question/answer to confirmation password recovery
+$config['pr_use_question'] = false;
+
+// Use message with code to confirmation password recovery
+$config['pr_use_confirm_code'] = true;
+
+// Confirmation code length
+$config['pr_confirm_code_length'] = 6;
+
+// Maximum number of attempts to send confirmation code
+$config['pr_confirm_code_count_max'] = 3;
+
+// Confirmation code duration (in minutes)
+$config['pr_confirm_code_validity_time'] = 30;
+
+// Use the Password plugin to save a new password
+$config['pr_use_password_plugin'] = true;
+
+// Minimum length of new password 
+// !!! Note: needed if not used Password plugin)
+$config['pr_password_minimum_length'] = 8;
+
+// Require the new password to have at least the specified strength score.
+// Password strength is scored from 1 (weak) to 5 (strong).
+// !!! Note: needed if not used Password plugin)
+$config['pr_password_minimum_score'] = 1;
+
+
+// SMTP settings
+// $config['pr_default_smtp_server'] = 'tls://your.domain.com';
+// $config['pr_default_smtp_user']   = 'no-reply@your.domain.com';
+// $config['pr_default_smtp_pass']   = 'YOUR_SMTP_USER_PASSWORD';
+$config['pr_default_smtp_server'] = 'localhost:25';
+$config['pr_default_smtp_user']   = '';
+$config['pr_default_smtp_pass']   = '';
+
+
+// Full path to SMS send function
+// This function must accept 2 parameters: phone number and message,
+// and return true on success or false on failure
+//
+// Example of send SMS function using Clickatell HTTP API - see /lib/send.php
+//
+$config['pr_sms_send_function'] = dirname(__FILE__) . '/bin/sendsms.sh';
+
+
+// Enables logging of password changes into /logs/password.log
+$config['pr_password_log'] = true;
+
+// Set to TRUE if you need write debug messages into /log/console.log
+$config['pr_debug'] = false;
+
+?>