Commits

Zhang Huangbin committed 46e5b69

Policyd-2 (Cluebringer):
- Enable greylisting on all inbound emails by default.
- Allow only global admins to login to cluebringer webui.

  • Participants
  • Parent commits 9a3159c

Comments (0)

Files changed (3)

iRedMail/conf/cluebringer

 if [ X"${DISTRO}" == X"RHEL" ]; then
     export PKG_CLUEBRINGER='policyd'
     export CLUEBRINGER_CONF='/etc/policyd.conf'
+    export CLUEBRINGER_WEBUI_CONF="/etc/cluebringer/cluebringer-webui.conf"
     export CLUEBRINGER_INIT_SCRIPT="${DIR_RC_SCRIPTS}/policyd"
     export CLUEBRINGER_PID_FILE='/var/run/cluebringer/cbpolicyd.pid'
     export CLUEBRINGER_HTTPD_ROOT=''
 elif [ X"${DISTRO}" == X"SUSE" ]; then
     export PKG_CLUEBRINGER='policyd'
     export CLUEBRINGER_CONF='/etc/cluebringer/cluebringer.conf'
+    export CLUEBRINGER_WEBUI_CONF="/etc/cluebringer/cluebringer-webui.conf"
     export CLUEBRINGER_INIT_SCRIPT="${DIR_RC_SCRIPTS}/policyd"
     export CLUEBRINGER_PID_FILE='var/run/cluebringer/cbpolicyd.pid'
     export CLUEBRINGER_HTTPD_ROOT=''
 elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
     export PKG_CLUEBRINGER='postfix-cluebringer'
     export CLUEBRINGER_CONF='/etc/cluebringer/cluebringer.conf'
+    export CLUEBRINGER_WEBUI_CONF="/etc/cluebringer/cluebringer-webui.conf"
     export CLUEBRINGER_INIT_SCRIPT="${DIR_RC_SCRIPTS}/postfix-policyd"
     export CLUEBRINGER_PID_FILE='var/run/cluebringer/cbpolicyd.pid'
     export CLUEBRINGER_HTTPD_ROOT='/usr/share/postfix-cluebringer-webui/webui'
 elif [ X"${DISTRO}" == X"FREEBSD" ]; then
     export PKG_CLUEBRINGER='postfix-policyd-sf'
     export CLUEBRINGER_CONF='/usr/local/etc/postfix-policyd-sf.conf'
+    export CLUEBRINGER_WEBUI_CONF="/usr/local/etc/cluebringer/cluebringer-webui.conf"
     export CLUEBRINGER_INIT_SCRIPT="${DIR_RC_SCRIPTS}/policyd"
     export CLUEBRINGER_PID_FILE='var/run/cluebringer/cbpolicyd.pid'
     export CLUEBRINGER_HTTPD_ROOT=''

iRedMail/functions/cluebringer.sh

 
     mysql -h${MYSQL_SERVER} -P${MYSQL_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
 $(cat ${tmp_sql})
+
+-- Delete default sample domains.
+-- DELETE FROM policy_group_members WHERE Member IN ('@example.com', '@example.org', '10.0.0.0/8');
+INSERT INTO `greylisting` (`PolicyID`, `Name`, `UseGreylisting`, `GreylistPeriod`, `Track`, `GreylistAuthValidity`, `GreylistUnAuthValidity`, `UseAutoWhitelist`, `AutoWhitelistPeriod`, `AutoWhitelistCount`, `AutoWhitelistPercentage`, `UseAutoBlacklist`, `AutoBlacklistPeriod`, `AutoBlacklistCount`, `AutoBlacklistPercentage`, `Comment`, `Disabled`) VALUES (3, 'Greylist Inbound Email', 1, 240, 'SenderIP:/24', 604800, 86400, 1, 604800, 100, 90, 1, 604800, 100, 20, '', 0);
 EOF
 
     rm -rf ${tmp_sql} 2>/dev/null
 Policyd (cluebringer):
     * Configuration files:
         - ${CLUEBRINGER_CONF}
+        - ${CLUEBRINGER_WEBUI_CONF}
     * RC script:
         - ${CLUEBRINGER_INIT_SCRIPT}
+    * Database:
+        - Database name: ${CLUEBRINGER_DB_NAME}
+        - Database user: ${CLUEBRINGER_DB_USER}
+        - Database password: ${CLUEBRINGER_DB_PASSWD}
 
 EOF
 
 
     backup_file ${CLUEBRINGER_CONF}
 
+    # Make Cluebringer accessible via HTTPS.
+    perl -pi -e 's#(</VirtualHost>)#Alias /cluebringer "$ENV{CLUEBRINGER_HTTPD_ROOT}/"\n${1}#' ${HTTPD_SSL_CONF}
+
+    # Configure webui.
+    perl -pi -e 's#(.DB_DSN=).*#${1}"mysql:host=$ENV{MYSQL_SERVER};dbname=${CLUEBRINGER_DB_NAME}";#' ${CLUEBRINGER_WEBUI_CONF}
+    perl -pi -e 's#(.DB_USER=).*#${1}"$ENV{CLUEBRINGER_DB_USER}";#' ${CLUEBRINGER_WEBUI_CONF}
+    perl -pi -e 's#(.DB_PASS=).*#${1}"$ENV{CLUEBRINGER_DB_PASSWD}";#' ${CLUEBRINGER_WEBUI_CONF}
+
     cat > ${CLUEBRINGER_HTTPD_CONF} <<EOF
 ${CONF_MSG}
 # Note: Please refer to ${HTTPD_SSL_CONF} for SSL/TLS setting.
     AuthBasicProvider ldap
     AuthzLDAPAuthoritative   Off
 
-    AuthLDAPUrl   ldap://${LDAP_SERVER_HOST}:${LDAP_SERVER_PORT}/${LDAP_ADMIN_BASEDN}?${LDAP_ATTR_USER_RDN}?sub?(&(objectclass=${LDAP_OBJECTCLASS_MAILADMIN})(${LDAP_ATTR_ACCOUNT_STATUS}=${LDAP_STATUS_ACTIVE}))
+    AuthLDAPUrl   ldap://${LDAP_SERVER_HOST}:${LDAP_SERVER_PORT}/${LDAP_ADMIN_BASEDN}?${LDAP_ATTR_USER_RDN}?sub?(&(objectclass=${LDAP_OBJECTCLASS_MAILADMIN})(${LDAP_ATTR_ACCOUNT_STATUS}=${LDAP_STATUS_ACTIVE})(${LDAP_ATTR_DOMAIN_GLOBALADMIN}=${LDAP_VALUE_DOMAIN_GLOBALADMIN}))
 
     AuthLDAPBindDN "${LDAP_BINDDN}"
     AuthLDAPBindPassword "${LDAP_BINDPW}"
 EOF
         else
             :
-        fi
+        fi  # DISTRO
+    fi  # BACKEND
 
         # Close <Directory> container.
         cat >> ${CLUEBRINGER_HTTPD_CONF} <<EOF
     Require valid-user
 </Directory>
 EOF
-    fi
 
     echo 'export status_cluebringer_webui_config="DONE"' >> ${STATUS_FILE}
 }

iRedMail/functions/iredadmin.sh

     # Ubuntu 11.10 uses Policyd-2 which is not yet supported in iRedAdmin.
     if [ X"${DISTRO_CODENAME}" == X"oneiric" ]; then
         sed -i.tmp -e "/\[policyd\]/,/\[/ s#\(^enabled =\).*#\1 False#" settings.ini
+    fi
 
     # Section [amavisd].
     ECHO_DEBUG "Configure Amavisd related settings."