Commits

Zhang Huangbin committed 6b5670e

Configure bind hosts of all components in file conf/global.

  • Participants
  • Parent commits cb73abb

Comments (0)

Files changed (19)

iRedMail/conf/clamav

 
 export CLAMD_CONF='/etc/clamd.conf'
 export CLAMD_LOGFILE='/var/log/clamav/clamd.log'
+# CLAMD_BIND_HOST is configured in conf/global
 export CLAMD_LOCAL_SOCKET='/tmp/clamd.socket'   # Used to override default setting.
 
 export FRESHCLAM_CONF='/etc/freshclam.conf'
     export FRESHCLAM_PID_FILE='/var/run/freshclam.pid'
 fi
 
-# Clamd.
-export CLAMD_LISTEN_ADDR='127.0.0.1'            # Used to override default setting.
-
 # Clamd local socket.
 if [ X"${DISTRO}" == X"GENTOO" \
     -o X"${DISTRO}" == X"FREEBSD" \

iRedMail/conf/cluebringer

 # Policyd-2.x (code name: cluebringer).
 # ------------------------------------------------
 
-export CLUEBRINGER_BINDHOST='127.0.0.1'
-export CLUEBRINGER_BINDPORT='10031'
+# CLUEBRINGER_BIND_HOST is configured in conf/global.
+export CLUEBRINGER_BIND_PORT='10031'
 export CLUEBRINGER_RC_SCRIPT_NAME='cluebringer'
 
 # Database.

iRedMail/conf/global

 export ENABLE_BACKEND_MYSQL='YES'
 export ENABLE_BACKEND_PGSQL='NO'
 
-# For distribute deployment.
+# For better distributed deployment
+# IP address of localhost. usually it's 127.0.0.1, but not in FreeBSD Jail.
+export LOCAL_ADDRESS='127.0.0.1'
+# OpenLDAP
+export LDAP_SERVER_HOST="${LOCAL_ADDRESS}"
 # MySQL server
-export MYSQL_SERVER='127.0.0.1'
+export MYSQL_SERVER="${LOCAL_ADDRESS}"
 export MYSQL_SERVER_PORT='3306'
 # PGSQL server
-export PGSQL_SERVER='127.0.0.1'
+export PGSQL_SERVER="${LOCAL_ADDRESS}"
 export PGSQL_SERVER_PORT='5432'
-# POP3/IMAP server (Dovecot)
-export IMAP_SERVER='127.0.0.1'
+# Dovecot: POP3, IMAP, managesieve
+export IMAP_SERVER="${LOCAL_ADDRESS}"
+export MANAGESIEVE_BIND_HOST="${LOCAL_ADDRESS}"
 # SMTP server (Postfix)
-export SMTP_SERVER='127.0.0.1'
+export SMTP_SERVER="${LOCAL_ADDRESS}"
 # Amavisd
-export AMAVISD_SERVER='127.0.0.1'
+export AMAVISD_SERVER="${LOCAL_ADDRESS}"
+# Policyd or Cluebringer
+export POLICYD_BIND_HOST="${LOCAL_ADDRESS}"
+export CLUEBRINGER_BIND_HOST="${LOCAL_ADDRESS}"
+# ClamAV
+export CLAMD_BIND_HOST="${LOCAL_ADDRESS}"
+# iRedAPD
+export IREDAPD_BIND_HOST="${LOCAL_ADDRESS}"
 
 # For managesieve service and software.
 export USE_MANAGESIEVE='YES'    # Use managesieve service.

iRedMail/conf/iredapd

 export IREDAPD_TARBALL="iRedAPD-${IREDAPD_VERSION}.tar.bz2"
 export IREDAPD_ROOT_DIR='/opt'
 
-export IREDAPD_LISTEN_ADDR='127.0.0.1'
+# IREDAPD_BIND_HOST is configured in conf/global
 export IREDAPD_LISTEN_PORT='7777'
 
 export IREDAPD_PID_FILE='/var/run/iredapd.pid'

iRedMail/conf/managesieve

 #---------------------------------------------------------------------
 
 # Variables for managesieve service.
-export MANAGESIEVE_BINDADDR='127.0.0.1'
+# MANAGESIEVE_BIND_HOST is configured in conf/global
 export MANAGESIEVE_PORT='4190'
 
 # Old Linux releases use port 2000.

iRedMail/conf/mysql

 # MYSQL_SERVER and MYSQL_SERVER_PORT are defined in conf/global.
 # SQL_SERVER and SQL_SERVER_PORT are defined in dialog/config_via_dialog.sh.
 
-# Use lowercase variable name for IP address.
-if [ X"${MYSQL_SERVER}" == X"localhost" ]; then
-    export mysql_server='127.0.0.1'
-else
-    export mysql_server="${MYSQL_SERVER}"
-fi
-
 export MYSQL_MY_CNF='/etc/my.cnf'
 export MYSQL_SOCKET='/var/lib/mysql/mysql.sock'
 export MYSQL_ROOT_USER='root'

iRedMail/conf/openldap

 # Variables for OpenLDAP and related. Refer to 'dialog/ldap_config.sh'.
 
 # LDAP service info.
-export LDAP_SERVER_HOST='127.0.0.1'
+# LDAP_SERVER_HOST is configured in conf/global
 export LDAP_SERVER_PORT='389'
 export LDAP_USE_TLS='NO'
 export LDAP_BIND='yes'

iRedMail/conf/policyd

 # Policyd.
 # ------------------------------------------------
 
-export POLICYD_BINDHOST='127.0.0.1' # Default value in policyd.conf.
-export POLICYD_BINDPORT='10031' # Default value in policyd.conf.
+# POLICYD_BIND_HOST is configured in conf/global
+export POLICYD_BIND_PORT='10031' # Default value in policyd.conf.
 
 export POLICYD_RC_SCRIPT_NAME='policyd'
 export POLICYD_DB_PASSWD="$(${RANDOM_STRING})"
 #
 export POLICYD_THROTTLE_PIDFILE='/var/run/policyd_throttle.pid'
 
-export POLICYD_THROTTLE_BINDHOST="${POLICYD_BINDHOST}"
-export POLICYD_THROTTLE_BINDPORT='10032'
+export POLICYD_THROTTLE_BIND_HOST="${POLICYD_BIND_HOST}"
+export POLICYD_THROTTLE_BIND_PORT='10032'
 
 #
 # Syslog setting.

iRedMail/functions/amavisd.sh

   allow_disclaimers => 1,  # enables disclaimer insertion if available
   # notify administrator of locally originating malware
   virus_admin_maps => ["root\@\$mydomain"],
-  spam_admin_maps  => ["root\@$mydomain"],
+  spam_admin_maps  => ["root\@\$mydomain"],
   warnbadhsender   => 0,
   #warnvirussender  => 1,
   #warnspamsender   => 1,
   # forward to a smtpd service providing DKIM signing service
-  #forward_method => 'smtp:[127.0.0.1]:10027',
+  #forward_method => 'smtp:[${AMAVISD_SYS_USER}]:10027',
   # force MTA conversion to 7-bit (e.g. before DKIM signing)
   smtpd_discard_ehlo_keywords => ['8BITMIME'],
   #bypass_banned_checks_maps => [1],  # allow sending any file names and types
     warnbadhsender   => 0,
 
     # forward to a smtpd service providing DKIM signing service
-    #forward_method => 'smtp:[127.0.0.1]:10027',
+    #forward_method => 'smtp:[${AMAVISD_SERVER}]:10027',
 
     # force MTA conversion to 7-bit (e.g. before DKIM signing)
     smtpd_discard_ehlo_keywords => ['8BITMIME'],
 \$interface_policy{'${AMAVISD_QUARANTINE_PORT}'} = 'AM.PDP-INET';
 \$policy_bank{'AM.PDP-INET'} = {
     protocol => 'AM.PDP',       # select Amavis policy delegation protocol
-    inet_acl => [qw( 127.0.0.1 [::1] )],    # restrict access to these IP addresses
+    inet_acl => [qw( ${AMAVISD_SERVER} [::1] )],    # restrict access to these IP addresses
     auth_required_release => 1,    # 0 - don't require secret_id for amavisd-release
     #log_level => 4,
     #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},

iRedMail/functions/awstats.sh

     Options ExecCGI
     Order allow,deny
     allow from all
-    #allow from 127.0.0.1
+    #allow from ${LOCAL_ADDRESS}
 
     AuthName "Authorization Required"
 EOF

iRedMail/functions/clamav.sh

         chown ${CLAMAV_USER}:${CLAMAV_GROUP} /var/log/clamav
     fi
 
-    export CLAMD_LOCAL_SOCKET CLAMD_LISTEN_ADDR
+    export CLAMD_LOCAL_SOCKET CLAMD_BIND_HOST
     ECHO_DEBUG "Configure ClamAV: ${CLAMD_CONF}."
     perl -pi -e 's/^(TCPSocket .*)/#${1}/' ${CLAMD_CONF}
-    perl -pi -e 's#^(TCPAddr ).*#${1} $ENV{CLAMD_LISTEN_ADDR}#' ${CLAMD_CONF}
+    perl -pi -e 's#^(TCPAddr ).*#${1} $ENV{CLAMD_BIND_HOST}#' ${CLAMD_CONF}
 
     # Disable log file
     perl -pi -e 's/^(LogFile.*)/#${1}/' ${CLAMD_CONF}

iRedMail/functions/cluebringer.sh

     perl -pi -e 's/^#(log_file=).*/${1}$ENV{CLUEBRINGER_LOG_FILE}/' ${CLUEBRINGER_CONF}
 
     # IP to listen on, * for all
-    perl -pi -e 's/^(host=).*/${1}$ENV{CLUEBRINGER_BINDHOST}/' ${CLUEBRINGER_CONF}
+    perl -pi -e 's/^(host=).*/${1}$ENV{CLUEBRINGER_BIND_HOST}/' ${CLUEBRINGER_CONF}
     # Port to run on
-    perl -pi -e 's/^#(port=).*/${1}$ENV{CLUEBRINGER_BINDPORT}/' ${CLUEBRINGER_CONF}
+    perl -pi -e 's/^#(port=).*/${1}$ENV{CLUEBRINGER_BIND_PORT}/' ${CLUEBRINGER_CONF}
 
     #
     # Configure '[database]' section.
     DirectoryIndex index.php
     Options ExecCGI
     Order allow,deny
-    allow from 127.0.0.1
+    allow from ${CLUEBRINGER_BIND_HOST}
     #allow from all
 
     AuthType basic

iRedMail/functions/fail2ban.sh

 #               sendmail-whois[name=ssh, dest=root, sender=fail2ban@mail.com]
 logpath     = ${FAIL2BAN_SSHD_LOGFILE}
 maxretry    = 5
-#ignoreip    = 127.0.0.1
+#ignoreip    = ${LOCAL_ADDRESS}
 
 [roundcube-iredmail]
 enabled     = true
 findtime    = 3600
 maxretry    = 5
 bantime     = 3600
-ignoreip    = 127.0.0.1
+ignoreip    = ${LOCAL_ADDRESS}
 
 [dovecot-iredmail]
 enabled     = true
 maxretry    = 5
 findtime    = 300
 bantime     = 3600
-ignoreip    = 127.0.0.1
+ignoreip    = ${LOCAL_ADDRESS}
 
 [postfix-iredmail]
 enabled     = true
 logpath     = ${MAILLOG}
 bantime     = 3600
 maxretry    = 5
-ignoreip    = 127.0.0.1
+ignoreip    = ${LOCAL_ADDRESS}
 EOF
 
     ECHO_DEBUG "Create filter: ${FAIL2BAN_FILTER_DIR}/${FAIL2BAN_FILTER_ROUNDCUBE}.conf."

iRedMail/functions/iredapd.sh

     chmod -R 0500 iredapd.ini
 
     # Config iredapd.
-    perl -pi -e 's#^(listen_addr).*#${1} = $ENV{IREDAPD_LISTEN_ADDR}#' iredapd.ini
+    perl -pi -e 's#^(listen_addr).*#${1} = $ENV{IREDAPD_BIND_HOST}#' iredapd.ini
     perl -pi -e 's#^(listen_port).*#${1} = $ENV{IREDAPD_LISTEN_PORT}#' iredapd.ini
 
     perl -pi -e 's#^(run_as_user).*#${1} = $ENV{IREDAPD_DAEMON_USER}#' iredapd.ini
     cat >> ${TIP_FILE} <<EOF
 iRedAPD - Postfix Policy Daemon:
     * Version: ${IREDAPD_VERSION}
-    * Listen address: ${IREDAPD_LISTEN_ADDR}, port: ${IREDAPD_LISTEN_PORT}
+    * Listen address: ${IREDAPD_BIND_HOST}, port: ${IREDAPD_LISTEN_PORT}
     * Related files:
         - ${IREDAPD_ROOT_DIR}/iRedAPD-${IREDAPD_VERSION}/
         - ${IREDAPD_ROOT_DIR}/iredapd/

iRedMail/functions/managesieve.sh

             cat >> ${DOVECOT_CONF} <<EOF
 protocol managesieve {
     # IP or host address where to listen in for connections.
-    listen = ${MANAGESIEVE_BINDADDR}:${MANAGESIEVE_PORT}
+    listen = ${MANAGESIEVE_BIND_HOST}:${MANAGESIEVE_PORT}
 
     # Specifies the location of the symbolic link pointing to the
     # active script in the sieve storage directory.
 # ManageSieve service. http://wiki.dovecot.org/ManageSieve
 protocol managesieve {
     # IP or host address where to listen in for connections.
-    listen = ${MANAGESIEVE_BINDADDR}:${MANAGESIEVE_PORT}
+    listen = ${MANAGESIEVE_BIND_HOST}:${MANAGESIEVE_PORT}
 
     # Login executable location.
     #login_executable = /usr/local/libexec/dovecot/managesieve-login

iRedMail/functions/openldap.sh

     # FreeBSD: Start openldap when system start up.
     # Warning: Make sure we have 'slapd_enable=YES' before start/stop openldap.
     freebsd_enable_service_in_rc_conf 'slapd_enable' 'YES'
-    freebsd_enable_service_in_rc_conf 'slapd_flags' '-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://127.0.0.1/ ldaps://127.0.0.1/"'
+    freebsd_enable_service_in_rc_conf 'slapd_flags' '-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldaps://0.0.0.0/"'
     freebsd_enable_service_in_rc_conf 'slapd_sockets' '/var/run/openldap/ldapi'
 
     echo 'export status_openldap_config="DONE"' >> ${STATUS_FILE}

iRedMail/functions/policyd.sh

     # Setup postfix for recipient throttle.
     cat >> ${POSTFIX_FILE_MAIN_CF} <<EOF
 # Uncomment below line to enable policyd sender throttle.
-#smtpd_end_of_data_restrictions = check_policy_service inet:${POLICYD_THROTTLE_BINDHOST}:${POLICYD_THROTTLE_BINDPORT}
+#smtpd_end_of_data_restrictions = check_policy_service inet:${POLICYD_THROTTLE_BIND_HOST}:${POLICYD_THROTTLE_BIND_PORT}
 EOF
 
     # -------------------------------------------------------------
     # -------------------------------------------------------------
     # ---- DATABASE CONFIG ----
 
-    # Policyd doesn't work while mysql server is 'localhost', should be
-    # changed to '127.0.0.1'.
-
     perl -pi -e 's#^(MYSQLHOST=)(.*)#${1}"$ENV{MYSQL_SERVER}"#' ${POLICYD_CONF} ${POLICYD_THROTTLE_CONF}
     perl -pi -e 's#^(MYSQLDBASE=)(.*)#${1}"$ENV{POLICYD_DB_NAME}"#' ${POLICYD_CONF} ${POLICYD_THROTTLE_CONF}
     perl -pi -e 's#^(MYSQLUSER=)(.*)#${1}"$ENV{POLICYD_DB_USER}"#' ${POLICYD_CONF} ${POLICYD_THROTTLE_CONF}
     # ---- DAEMON CONFIG ----
     perl -pi -e 's#^(DEBUG=)(.*)#${1}0#' ${POLICYD_CONF}
     perl -pi -e 's#^(DAEMON=)(.*)#${1}1#' ${POLICYD_CONF}
-    perl -pi -e 's#^(BINDHOST=)(.*)#${1}"$ENV{POLICYD_BINDHOST}"#' ${POLICYD_CONF}
-    perl -pi -e 's#^(BINDPORT=)(.*)#${1}"$ENV{POLICYD_BINDPORT}"#' ${POLICYD_CONF}
+    perl -pi -e 's#^(BINDHOST=)(.*)#${1}"$ENV{POLICYD_BIND_HOST}"#' ${POLICYD_CONF}
+    perl -pi -e 's#^(BINDPORT=)(.*)#${1}"$ENV{POLICYD_BIND_PORT}"#' ${POLICYD_CONF}
 
     # ---- CHROOT ----
     export policyd_user_id="$(id -u ${POLICYD_USER})"
     # ---- DAEMON CONFIG ----
     perl -pi -e 's#^(DEBUG=)(.*)#${1}0#' ${POLICYD_THROTTLE_CONF}
     perl -pi -e 's#^(DAEMON=)(.*)#${1}1#' ${POLICYD_THROTTLE_CONF}
-    perl -pi -e 's#^(BINDHOST=)(.*)#${1}"$ENV{POLICYD_THROTTLE_BINDHOST}"#' ${POLICYD_THROTTLE_CONF}
-    perl -pi -e 's#^(BINDPORT=)(.*)#${1}"$ENV{POLICYD_THROTTLE_BINDPORT}"#' ${POLICYD_THROTTLE_CONF}
+    perl -pi -e 's#^(BINDHOST=)(.*)#${1}"$ENV{POLICYD_THROTTLE_BIND_HOST}"#' ${POLICYD_THROTTLE_CONF}
+    perl -pi -e 's#^(BINDPORT=)(.*)#${1}"$ENV{POLICYD_THROTTLE_BIND_PORT}"#' ${POLICYD_THROTTLE_CONF}
     perl -pi -e 's#^(PIDFILE=)(.*)#${1}"$ENV{POLICYD_THROTTLE_PIDFILE}"#' ${POLICYD_THROTTLE_CONF}
 
     # ---- CHROOT ----

iRedMail/functions/postfix.sh

 {
     ECHO_DEBUG "Configure Postfix for MySQL lookup."
 
-    # Postfix doesn't work while mysql server is 'localhost', should be
-    # changed to '127.0.0.1'.
-
     postconf -e transport_maps="proxy:mysql:${mysql_transport_maps_user_cf}, proxy:mysql:${mysql_transport_maps_domain_cf}"
     postconf -e virtual_mailbox_domains="proxy:mysql:${mysql_virtual_mailbox_domains_cf}"
     postconf -e virtual_mailbox_maps="proxy:mysql:${mysql_virtual_mailbox_maps_cf}"
 
     POSTCONF_IREDAPD=''
     if [ X"${USE_IREDAPD}" == X"YES" ]; then
-        POSTCONF_IREDAPD="check_policy_service inet:${IREDAPD_LISTEN_ADDR}:${IREDAPD_LISTEN_PORT},"
+        POSTCONF_IREDAPD="check_policy_service inet:${IREDAPD_BIND_HOST}:${IREDAPD_LISTEN_PORT},"
     fi
 
     POSTCONF_CLUEBRINGER=''
     if [ X"${USE_CLUEBRINGER}" == X"YES" ]; then
-        POSTCONF_CLUEBRINGER="check_policy_service inet:${CLUEBRINGER_BINDHOST}:${CLUEBRINGER_BINDPORT},"
+        POSTCONF_CLUEBRINGER="check_policy_service inet:${CLUEBRINGER_BIND_HOST}:${CLUEBRINGER_BIND_PORT},"
     fi
 
     if [ X"${USE_CLUEBRINGER}" == X"YES" ]; then
         postconf -e smtpd_recipient_restrictions="reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, ${POSTCONF_IREDAPD} ${POSTCONF_CLUEBRINGER} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname"
-        postconf -e smtpd_end_of_data_restrictions="check_policy_service inet:${CLUEBRINGER_BINDHOST}:${CLUEBRINGER_BINDPORT}"
+        postconf -e smtpd_end_of_data_restrictions="check_policy_service inet:${CLUEBRINGER_BIND_HOST}:${CLUEBRINGER_BIND_PORT}"
     elif [ X"${USE_POLICYD}" == X"YES" ]; then
-        postconf -e smtpd_recipient_restrictions="reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, ${POSTCONF_IREDAPD} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:${POLICYD_BINDHOST}:${POLICYD_BINDPORT}"
+        postconf -e smtpd_recipient_restrictions="reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, ${POSTCONF_IREDAPD} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:${POLICYD_BIND_HOST}:${POLICYD_BIND_PORT}"
     else
         postconf -e smtpd_recipient_restrictions="reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, ${POSTCONF_IREDAPD} permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname"
     fi

iRedMail/functions/roundcubemail.sh

     cd ${RCM_HTTPD_ROOT}/config/ && \
     perl -pi -e 's#(.*rcmail_config.*plugins.*=.*array\()(.*)#${1}"managesieve",${2}#' main.inc.php
 
-    export MANAGESIEVE_BINDADDR MANAGESIEVE_PORT RCM_SIEVE_SAMPLE_FILE
+    export MANAGESIEVE_BIND_HOST MANAGESIEVE_PORT RCM_SIEVE_SAMPLE_FILE
     cd ${RCM_HTTPD_ROOT}/plugins/managesieve/ && \
     cp config.inc.php.dist config.inc.php && \
     perl -pi -e 's#(.*managesieve_port.*=).*#${1} $ENV{MANAGESIEVE_PORT};#' config.inc.php
-    perl -pi -e 's#(.*managesieve_host.*=).*#${1} "$ENV{MANAGESIEVE_BINDADDR}";#' config.inc.php
+    perl -pi -e 's#(.*managesieve_host.*=).*#${1} "$ENV{MANAGESIEVE_BIND_HOST}";#' config.inc.php
     perl -pi -e 's#(.*managesieve_usetls.*=).*#${1} false;#' config.inc.php
     perl -pi -e 's#(.*managesieve_default.*=).*#${1} "$ENV{RCM_SIEVE_SAMPLE_FILE}";#' config.inc.php