Zhang Huangbin avatar Zhang Huangbin committed 40d35d7

openSUSE-12.3: don't hard-code Postfix setting everytime we restart Postfix service. Stop this terrible over-design.

Comments (0)

Files changed (7)

iRedMail/conf/global

 
 # Specify UID/GID for system accounts: vmail, iredadmin, iredapd.
 # Required by cluster environment. e.g. GlusterFS.
+# Note: UID/GID of vmail will be 303 on openSUSE since package 'postfix-mysql'
+#       will create it automatically.
 export VMAIL_USER_UID='2000'
 export VMAIL_USER_GID='2000'
 export IREDADMIN_USER_UID='2001'
 export _SKIP_FLAG="< SKIP >"
 export _ERROR_FLAG="< ERROR >"
 export _QUESTION_FLAG="< Question >"
-export _BACKUP_FLAG="< Backup >"
-export _DEBUG_FLAG=" < DEBUG >"
+export _BACKUP_FLAG="+ < Backup >"
+export _DEBUG_FLAG="+ < DEBUG >"
 
 export CONF_MSG="#
 # File generated by ${PROG_NAME} (${DATE}):
 
         export ENABLE_BACKEND_PGSQL='YES'
 
+        # Override VMAIL uid/gid
+        export VMAIL_USER_UID='303'
+        export VMAIL_USER_GID='303'
     elif [ -f /etc/lsb-release ]; then
         # Ubuntu
         export DISTRO='UBUNTU'
 
     # Directory used to store SSL/TLS key/cert file.
     export SSL_FILE_DIR="/etc/ssl"
-
 else
     # Not support yet.
     echo "Your distrobution is not supported yet."

iRedMail/dialog/optional_components.sh

 if [ X"${DISTRO}" == X'SUSE' ]; then
     # Apache module mod_auth_pgsql is not available
     [ X"${BACKEND}" == X'PGSQL' ] && export DIALOG_SELECTABLE_AWSTATS='NO'
+
+    # openSUSE-12.3 doesn't have mod_auth_mysql and mod_auth_pgsql.
+    [ X"${DISTRO_CODENAME}" != X'mantis' ] && export DIALOG_SELECTABLE_AWSTATS='NO'
 elif [ X"${DISTRO}" == X'OPENBSD' ]; then
     # Binary/port Awstats is not available in 5.2 and earlier releases
     export DIALOG_SELECTABLE_AWSTATS='NO'

iRedMail/functions/amavisd.sh

     ECHO_DEBUG "Generate DKIM pem files: ${pem_file}." 
     mkdir -p ${AMAVISD_DKIM_DIR} 2>/dev/null && \
     chown ${AMAVISD_SYS_USER}:${AMAVISD_SYS_GROUP} ${AMAVISD_DKIM_DIR}
-    ${AMAVISD_BIN} genrsa ${pem_file} >/dev/null 2>&1
+    ${AMAVISD_BIN} genrsa ${pem_file} &>/dev/null
     chmod +r ${pem_file}
 
     cat >> ${AMAVISD_DKIM_CONF} <<EOF

iRedMail/functions/dovecot1.sh

 #log_timestamp = "%Y-%m-%d %H:%M:%S "
 log_path = ${DOVECOT_LOG_FILE}
 
-#login_processes_count = 3
-#login_max_processes_count = 128
-#login_max_connections = 256
-
-# Maximum number of running mail processes. Default is 512.
-# When this limit is reached, new users aren't allowed to log in.
-#max_mail_processes = 512
-
 # Set max process size in megabytes. Default is 256.
 # Most of the memory goes to mmap()ing files, so it shouldn't harm
 # much even if this limit is set pretty high.

iRedMail/functions/packages.sh

         elif [ X"${DISTRO}" == X"SUSE" ]; then
             ALL_PKGS="${ALL_PKGS} mysql-community-server mysql-community-server-client"
 
-            [ X"${USE_AWSTATS}" == X"YES" ] && ALL_PKGS="${ALL_PKGS} postfix-mysql apache2-mod_auth_mysql"
+            [ X"${USE_AWSTATS}" == X"YES" ] && ALL_PKGS="${ALL_PKGS} postfix-mysql"
 
         elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
             # MySQL server and client.

iRedMail/functions/policy_server.sh

         ECHO_INFO "Configure Policyd (postfix policy server, code name cluebringer)."
         check_status_before_run cluebringer_user
         check_status_before_run cluebringer_config
-        check_status_before_run cluebringer_webui_config
+
+        # openSUSE-12.3 doesn't have Apache module mod_auth_mysql & mod_auth_pgsql.
+        if [ X"${DISTRO}" == X'SUSE' ]; then
+            if [ X"${DISTRO_CODENAME}" == X'mantis' ]; then
+                check_status_before_run cluebringer_webui_config
+            fi
+        else
+            check_status_before_run cluebringer_webui_config
+        fi
     fi
 
     # OpenBSD special

iRedMail/functions/postfix.sh

         perl -pi -e 's/^#(tlsmgr.*)/${1}/' ${POSTFIX_FILE_MASTER_CF}
 
         # Set postfix:myhostname in /etc/sysconfig/postfix.
-        perl -pi -e 's#^(POSTFIX_MYHOSTNAME=).*#${1}"$ENV{'HOSTNAME'}"#' ${POSTFIX_SYSCONFIG_CONF}
+        perl -pi -e 's#^(POSTFIX_MYHOSTNAME=).*#${1}"$ENV{HOSTNAME}"#' ${POSTFIX_SYSCONFIG_CONF}
         #postfix:message_size_limit
-        perl -pi -e 's#^(POSTFIX_ADD_MESSAGE_SIZE_LIMIT=).*#${1}"$ENV{'MESSAGE_SIZE_LIMIT'}"#' ${POSTFIX_SYSCONFIG_CONF}
+        perl -pi -e 's#^(POSTFIX_ADD_MESSAGE_SIZE_LIMIT=).*#${1}"$ENV{MESSAGE_SIZE_LIMIT}"#' ${POSTFIX_SYSCONFIG_CONF}
+        perl -pi -e 's#^(POSTFIX_INET_PROTO=).*#${1}"ipv4"#' ${POSTFIX_SYSCONFIG_CONF}
+        perl -pi -e 's#^(POSTFIX_CHROOT=).*#${1}"yes"#' ${POSTFIX_SYSCONFIG_CONF}
+        perl -pi -e 's#^(POSTFIX_UPDATE_CHROOT_JAIL=).*#${1}"yes"#' ${POSTFIX_SYSCONFIG_CONF}
 
         # Append two lines in /etc/services to avoid below error:
         # '0.0.0.0:smtps: Servname not supported for ai_socktype'
         echo 'smtps            465/tcp    # smtp over ssl' >> /etc/services
 
         # Unset below settings since we don't use them.
-        postconf -e canonical_maps=''
-        postconf -e relocated_maps=''
-        postconf -e sender_canonical_maps=''
+        perl -pi -e 's/^(smtp*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(virtual*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(relay*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(alias*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(canonical*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(sender*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(recipient*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(transport*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(inet_protocols*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(relocated_maps*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+        perl -pi -e 's/^(smtpd_sasl_auth_enable*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
+
+        perl -pi -e 's/^(POSTFIX_UPDATE_MAPS=).*/${1}"no"/' ${POSTFIX_SYSCONFIG_CONF}
+
+        # Don't invoke /usr/sbin/config.postfix to use hard-coded settings
+        perl -pi -e 's,(/usr/sbin/config.postfix),#${1},' /etc/init.d/postfix
+        perl -pi -e 's,(/usr/sbin/config.postfix),#${1},' /etc/postfix/system/config_postfix
     fi
 
     # Use ipv4 only
     postconf -e inet_protocols='ipv4'
 
     # Do not set virtual_alias_domains.
+    perl -pi -e 's/^(virtual_alias_domains*)/#${1}/' ${POSTFIX_FILE_MAIN_CF}
     postconf -e virtual_alias_domains=''
 
     ECHO_DEBUG "Copy: /etc/{hosts,resolv.conf,localtime,services} -> ${POSTFIX_CHROOT_DIR}/etc/"
     postconf -e myorigin="${HOSTNAME}"
 
     # Disable the rewriting of the form "user%domain" to "user@domain".
-    postconf -e allow_percent_hack="no"
+    postconf -e allow_percent_hack='no'
     # Disable the rewriting of "site!user" into "user@site".
-    postconf -e swap_bangpath="no"
+    postconf -e swap_bangpath='no'
 
     # Remove the characters before first dot in myhostname is mydomain.
     echo "${HOSTNAME}" | grep '\..*\.' >/dev/null 2>&1
     fi
 
     postconf -e mydestination="\$myhostname, localhost, localhost.localdomain, localhost.\$myhostname"
-    postconf -e biff="no"   # Do not notify local user.
+    postconf -e biff='no'   # Do not notify local user.
     postconf -e inet_interfaces="all"
     postconf -e mynetworks="127.0.0.0/8"
     postconf -e mynetworks_style="subnet"
     postconf -e smtpd_data_restrictions='reject_unauth_pipelining'
     postconf -e smtpd_reject_unlisted_recipient='yes'   # Default
     postconf -e smtpd_reject_unlisted_sender='yes'
+
+    # Sender restrictions
     postconf -e smtpd_sender_restrictions="permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated"
+
+    #[ X"${DISTRO}" == X'SUSE' ] && \
+    #    perl -pi -e 's#^(POSTFIX_SMTPD_SENDER_RESTRICTIONS=).*#${1}"permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated"#' ${POSTFIX_SYSCONFIG_CONF}
+
     postconf -e delay_warning_time='0h'
     postconf -e maximal_queue_lifetime='4h'
     postconf -e bounce_queue_lifetime='4h'
     # HELO restriction
     postconf -e smtpd_helo_required="yes"
     postconf -e smtpd_helo_restrictions="permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:${POSTFIX_FILE_HELO_ACCESS}"
+    #[ X"${DISTRO}" == X'SUSE' ] && \
+    #    perl -pi -e 's#^(POSTFIX_SMTPD_HELO_RESTRICTIONS=).*#${1}"permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:$ENV{POSTFIX_FILE_HELO_ACCESS}"#' ${POSTFIX_SYSCONFIG_CONF}
 
     backup_file ${POSTFIX_FILE_HELO_ACCESS}
     cp -f ${SAMPLE_DIR}/postfix/helo_access.pcre ${POSTFIX_FILE_HELO_ACCESS}
     postconf -e maximal_backoff_time='1800s'    # default '4000s' in postfix-2.4.
 
     # Avoid duplicate recipient messages. Default is 'yes'.
-    postconf -e enable_original_recipient="no"
+    postconf -e enable_original_recipient='no'
 
     # Disable the SMTP VRFY command. This stops some techniques used to
     # harvest email addresses.
     postconf -e virtual_gid_maps="static:${VMAIL_USER_GID}"
     postconf -e virtual_mailbox_base="${STORAGE_BASE_DIR}"
 
-    # Simple backscatter block method.
-    #postconf -e header_checks="pcre:${POSTFIX_FILE_HEADER_CHECKS}"
-    cat >> ${POSTFIX_FILE_HEADER_CHECKS} <<EOF
-# *******************************************************************
-# Reference:
-#   http://www.postfix.org/header_checks.5.html
-#   http://www.postfix.org/BACKSCATTER_README.html#real
-# *******************************************************************
-
-# Use your real hostname to replace 'porcupine.org'.
-#if /^Received:/
-#/^Received: +from +(porcupine\.org) +/
-#    reject forged client name in Received: header: $1
-#/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
-#    reject forged client name in Received: header: $2
-#/^Received:.* +by +(porcupine\.org)\b/
-#    reject forged mail server name in Received: header: $1
-#endif
-#/^Message-ID:.* <!&!/ DUNNO
-#/^Message-ID:.*@(porcupine\.org)/
-#    reject forged domain name in Message-ID: header: $1
-
-# Replace internal IP address by external IP address or whatever you
-# want. Required 'smtpd_sasl_authenticated_header=yes' in postfix.
-#/(^Received:.*\[).*(\].*Authenticated sender:.*by REPLACED_BY_YOUR_HOSTNAME.*iRedMail.*)/ REPLACE ${1}REPLACED_BY_YOUR_IP_ADDRESS${2}
-EOF
-
     if [ X"${DISTRO}" == X'GENTOO' ]; then
         cat >> ${SYSLOG_CONF} <<EOF
 # Maillog
     postconf -e smtpd_sasl_local_domain=''
     postconf -e broken_sasl_auth_clients="yes"
     postconf -e smtpd_sasl_security_options="noanonymous"
-    [ X"${DISTRO}" == X"SUSE" ] && \
+    if [ X"${DISTRO}" == X"SUSE" ]; then
+        perl -pi -e 's#^(POSTFIX_SMTP_AUTH_SERVER=).*#${1}"yes"#' ${POSTFIX_SYSCONFIG_CONF} && \
+        perl -pi -e 's#^(POSTFIX_SMTP_AUTH=).*#${1}"yes"#' ${POSTFIX_SYSCONFIG_CONF} && \
         perl -pi -e 's#^(POSTFIX_SMTP_AUTH_OPTIONS=).*#${1}"noanonymous"#' ${POSTFIX_SYSCONFIG_CONF}
+    fi
 
     # Report the SASL authenticated user name in Received message header.
     # Default is 'no'.
-    postconf -e smtpd_sasl_authenticated_header="no"
+    postconf -e smtpd_sasl_authenticated_header='no'
 
     POSTCONF_IREDAPD=''
     if [ X"${USE_IREDAPD}" == X"YES" ]; then
     if [ X"${USE_CLUEBRINGER}" == X"YES" ]; then
         postconf -e smtpd_recipient_restrictions="reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, ${POSTCONF_IREDAPD} ${POSTCONF_CLUEBRINGER} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
         postconf -e smtpd_end_of_data_restrictions="check_policy_service inet:${CLUEBRINGER_BIND_HOST}:${CLUEBRINGER_BIND_PORT}"
+
+        #[ X"${DISTRO}" == X'SUSE' ] && \
+        #    perl -pi -e 's#^(POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS=).*#${1}"reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, $ENV{POSTCONF_IREDAPD} $ENV{POSTCONF_CLUEBRINGER} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"#' ${POSTFIX_SYSCONFIG_CONF}
+
     elif [ X"${USE_POLICYD}" == X"YES" ]; then
         postconf -e smtpd_recipient_restrictions="reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, ${POSTCONF_IREDAPD} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:${POLICYD_BIND_HOST}:${POLICYD_BIND_PORT}"
+
+        #[ X"${DISTRO}" == X'SUSE' ] && \
+        #    perl -pi -e 's#^(POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS=).*#${1}"reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, $ENV{POSTCONF_IREDAPD} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:$ENV{POLICYD_BIND_HOST}:$ENV{POLICYD_BIND_PORT}"#' ${POSTFIX_SYSCONFIG_CONF}
     else
         postconf -e smtpd_recipient_restrictions="reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, ${POSTCONF_IREDAPD} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
+
+        #[ X"${DISTRO}" == X'SUSE' ] && \
+        #    perl -pi -e 's#^(POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS=).*#${1}"reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, $ENV{POSTCONF_IREDAPD} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"#' ${POSTFIX_SYSCONFIG_CONF}
     fi
 
     echo 'export status_postfix_config_sasl="DONE"' >> ${STATUS_FILE}
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.