├── .github └── ISSUE_TEMPLATE │ └── issue-or-bug-report.md ├── .gitignore ├── ChangeLog ├── Documentations ├── LICENSE ├── README.md ├── conf ├── amavisd ├── clamav ├── core ├── dovecot ├── fail2ban ├── global ├── iredadmin ├── iredapd ├── logwatch ├── memcached ├── mlmmj ├── mysql ├── netdata ├── nginx ├── openldap ├── php ├── postfix ├── postgresql ├── roundcube ├── sogo ├── spamassassin └── web_server ├── dialog ├── config_via_dialog.sh ├── ldap_config.sh ├── mysql_config.sh ├── optional_components.sh ├── pgsql_config.sh ├── virtual_domain_config.sh └── web_applications.sh ├── functions ├── amavisd.sh ├── backend.sh ├── clamav.sh ├── cleanup.sh ├── dovecot.sh ├── fail2ban.sh ├── iredadmin.sh ├── iredapd.sh ├── ldap_server.sh ├── mlmmj.sh ├── mysql.sh ├── netdata.sh ├── nginx.sh ├── openldap.sh ├── optional_components.sh ├── packages.sh ├── packages_freebsd.sh ├── php.sh ├── postfix.sh ├── postgresql.sh ├── roundcubemail.sh ├── sogo.sh ├── spamassassin.sh ├── system_accounts.sh └── web_server.sh ├── iRedMail.sh ├── pkgs ├── get_all.sh ├── pkgs.freebsd.sha256 ├── pkgs.openbsd.sha256 └── pkgs.sha256 ├── samples ├── amavisd │ ├── amavisd.conf │ ├── amavisd.mysql │ ├── amavisd.pgsql │ ├── amavisd.schema │ └── default_spam_policy.sql ├── dovecot │ ├── dovecot-last-login.conf │ ├── dovecot-ldap.conf │ ├── dovecot-share-folder.conf │ ├── dovecot-sql.conf │ ├── dovecot-used-quota.conf │ ├── dovecot.conf │ ├── dovecot.sieve │ ├── dovecot2-quota-warning.sh │ ├── sql │ │ ├── imap_share_folder.mysql │ │ ├── last_login.mysql │ │ └── used_quota.mysql │ └── systemd │ │ └── override.conf ├── fail2ban │ ├── action.d │ │ └── banned_db.conf │ ├── bin │ │ └── fail2ban_banned_db │ ├── fail2ban.local │ ├── filter.d │ │ ├── dovecot.iredmail.conf │ │ ├── postfix-pregreet.iredmail.conf │ │ ├── postfix.iredmail.conf │ │ └── roundcube.iredmail.conf │ ├── jail.d │ │ ├── dovecot.local │ │ ├── nginx-http-auth.local │ │ ├── postfix-pregreet.local │ │ ├── postfix.local │ │ ├── roundcube.local │ │ ├── sogo.local │ │ └── sshd.local │ ├── jail.local │ ├── openbsd │ │ └── rc │ └── sql │ │ ├── fail2ban.mysql │ │ └── fail2ban.pgsql ├── firewall │ ├── firewalld │ │ ├── services │ │ │ └── ssh.xml │ │ └── zones │ │ │ └── iredmail.xml │ ├── iptables │ │ ├── ip6tables.init.debian │ │ ├── ip6tables.rules │ │ ├── iptables.init.debian │ │ └── iptables.rules │ └── nftables.conf ├── freebsd │ ├── newsyslog.conf.d │ │ ├── dovecot.conf │ │ ├── iredapd.conf │ │ ├── mlmmjadmin.conf │ │ ├── php-fpm.conf │ │ └── slapd.conf │ └── syslog.d │ │ ├── dovecot.conf │ │ ├── fail2ban.conf │ │ ├── iredapd.conf │ │ ├── mlmmjadmin.conf │ │ ├── php-fpm.conf │ │ └── slapd.conf ├── iredmail │ ├── iredmail.mysql │ ├── iredmail.pgsql │ └── iredmail.schema ├── logrotate │ ├── dovecot │ ├── iredapd │ ├── mlmmjadmin │ ├── openldap │ └── php-fpm ├── mlmmj │ ├── mlmmj-amime-receive │ └── mlmmjadmin.settings.py ├── mysql │ ├── my.cnf │ └── sql │ │ ├── add_first_domain_and_user.sql │ │ ├── delete_anonymous_user.sql │ │ ├── init_vmail_db.sql │ │ └── remote_grant_permission.sql ├── netdata │ ├── go.d.conf │ ├── go.d │ │ ├── fail2ban.conf │ │ ├── memcached.conf │ │ ├── mysql.conf │ │ ├── nginx.conf │ │ ├── openldap.conf │ │ ├── phpfpm.conf │ │ └── postgres.conf │ ├── health_alarm_notify.conf │ ├── netdata.conf │ ├── python.d.conf │ └── systemd-limits.conf ├── nginx │ ├── conf-available │ │ ├── 0-general.conf │ │ ├── cache.conf │ │ ├── client_max_body_size.conf │ │ ├── default_type.conf │ │ ├── gzip.conf │ │ ├── headers.conf │ │ ├── log.conf │ │ ├── mime_types.conf │ │ ├── php_fpm.conf │ │ ├── sendfile.conf │ │ ├── server_tokens.conf │ │ └── types_hash_max_size.conf │ ├── nginx.conf │ ├── sites-available │ │ ├── 00-default-ssl.conf │ │ └── 00-default.conf │ └── templates │ │ ├── adminer.tmpl │ │ ├── fastcgi_php.tmpl │ │ ├── hsts.tmpl │ │ ├── iredadmin-subdomain.tmpl │ │ ├── iredadmin.tmpl │ │ ├── misc.tmpl │ │ ├── netdata-subdomain.tmpl │ │ ├── netdata.tmpl │ │ ├── php-catchall.tmpl │ │ ├── redirect_to_https.tmpl │ │ ├── roundcube-subdomain.tmpl │ │ ├── roundcube.tmpl │ │ ├── sogo-subdomain.tmpl │ │ ├── sogo.tmpl │ │ ├── ssl.tmpl │ │ └── stub_status.tmpl ├── openbsd │ ├── ldapd.conf │ └── pf.conf ├── openldap │ ├── calentry.schema │ ├── calresource.schema │ ├── ldap.conf │ └── slapd.conf ├── php │ └── fpm │ │ └── pool.d │ │ └── www.conf ├── postfix │ ├── command_filter.pcre │ ├── freebsd │ │ └── mailer.conf │ ├── helo_access.pcre │ ├── ldap │ │ ├── catchall_maps.cf │ │ ├── recipient_bcc_maps_domain.cf │ │ ├── recipient_bcc_maps_user.cf │ │ ├── relay_domains.cf │ │ ├── sender_bcc_maps_domain.cf │ │ ├── sender_bcc_maps_user.cf │ │ ├── sender_dependent_relayhost_maps_domain.cf │ │ ├── sender_dependent_relayhost_maps_user.cf │ │ ├── sender_login_maps.cf │ │ ├── transport_maps_domain.cf │ │ ├── transport_maps_user.cf │ │ ├── virtual_alias_maps.cf │ │ ├── virtual_group_maps.cf │ │ ├── virtual_group_members_maps.cf │ │ ├── virtual_mailbox_domains.cf │ │ └── virtual_mailbox_maps.cf │ ├── main.cf │ ├── main.cf.amavisd │ ├── main.cf.dovecot │ ├── main.cf.ldap │ ├── main.cf.mlmmj │ ├── main.cf.mysql │ ├── main.cf.pgsql │ ├── main.cf.postscreen │ ├── master.cf │ ├── mysql │ │ ├── catchall_maps.cf │ │ ├── domain_alias_catchall_maps.cf │ │ ├── domain_alias_maps.cf │ │ ├── recipient_bcc_maps_domain.cf │ │ ├── recipient_bcc_maps_user.cf │ │ ├── relay_domains.cf │ │ ├── sender_bcc_maps_domain.cf │ │ ├── sender_bcc_maps_user.cf │ │ ├── sender_dependent_relayhost_maps.cf │ │ ├── sender_login_maps.cf │ │ ├── transport_maps_domain.cf │ │ ├── transport_maps_maillist.cf │ │ ├── transport_maps_user.cf │ │ ├── virtual_alias_maps.cf │ │ ├── virtual_mailbox_domains.cf │ │ └── virtual_mailbox_maps.cf │ ├── pgsql │ │ ├── catchall_maps.cf │ │ ├── domain_alias_catchall_maps.cf │ │ ├── domain_alias_maps.cf │ │ ├── recipient_bcc_maps_domain.cf │ │ ├── recipient_bcc_maps_user.cf │ │ ├── relay_domains.cf │ │ ├── sender_bcc_maps_domain.cf │ │ ├── sender_bcc_maps_user.cf │ │ ├── sender_dependent_relayhost_maps.cf │ │ ├── sender_login_maps.cf │ │ ├── transport_maps_domain.cf │ │ ├── transport_maps_maillist.cf │ │ ├── transport_maps_user.cf │ │ ├── virtual_alias_maps.cf │ │ ├── virtual_mailbox_domains.cf │ │ └── virtual_mailbox_maps.cf │ └── postscreen_access.cidr ├── postgresql │ └── sql │ │ ├── add_first_domain_and_user.sql │ │ ├── grant_permissions.sql │ │ └── init_vmail_db.sql ├── roundcubemail │ ├── config.inc.php │ └── global_ldap_address_book.inc.php ├── rsyslog.d │ ├── 1-iredmail-dovecot.conf │ ├── 1-iredmail-fail2ban.conf │ ├── 1-iredmail-iredapd.conf │ ├── 1-iredmail-mlmmjadmin.conf │ ├── 1-iredmail-openldap.conf │ └── 1-iredmail-phpfpm.conf ├── sogo │ ├── sogo.conf │ ├── sogo.cron │ └── sql │ │ └── create_view.pgsql ├── spamassassin │ ├── local.cf │ └── razor.conf ├── systemd │ ├── clamd.service.d │ │ └── override.conf │ ├── mariadb.service.d │ │ └── override.conf │ └── slapd.service.d │ │ └── override.conf └── yum │ ├── CentOS-Linux-AppStream.repo │ ├── CentOS-Linux-PowerTools.repo │ ├── CentOS-Stream-AppStream.repo │ ├── CentOS-Stream-PowerTools.repo │ └── symas-openldap.repo ├── tools ├── add_enabled_service.py ├── backup_mysql.sh ├── backup_openldap.sh ├── backup_pgsql.sh ├── backup_sogo.sh ├── create_mail_user_OpenLDAP.py ├── create_mail_user_OpenLDAP.sh ├── create_mail_user_SQL.sh ├── enable_postscreen.sh ├── fail2ban_unban_ip.sh ├── find_sasl_login_ip.sh ├── find_top_sasl_usernames.sh ├── generate_ssl_keys.sh ├── kill_high_cpu_sogo_process.sh ├── ldap_assign_user_to_groups.py ├── ldap_move_members_to_another_group.py └── migrate_sql_alias_table.py └── update ├── 0.9.8 ├── amavisd.mysql ├── amavisd.pgsql ├── iredmail.mysql └── iredmail.pgsql ├── 0.9.9 ├── iredmail.mysql └── iredmail.pgsql ├── 1.0 ├── iredmail.mysql └── iredmail.pgsql ├── 1.2 └── last_login.mysql ├── 1.4.0 ├── iredmail.mysql └── iredmail.pgsql ├── 1.4.1 ├── iredmail.mysql ├── iredmail.pgsql ├── sogo.mysql ├── sogo.pgsql └── update-ldap.py ├── 1.4.2 ├── iredmail.mysql ├── iredmail.pgsql └── sogo.pgsql ├── 1.6.0 └── sogo_view.pgsql ├── 1.6.3 └── iredmail.mysql ├── 1.7.0 ├── fail2ban.mysql └── fail2ban.pgsql ├── 1.7.1 └── amavisd.mysql ├── 1.7.2 └── vmail.mysql ├── 1.7.3 ├── deleted_mailboxes.mysql ├── iredadmin.mysql ├── vmail.mysql └── vmail.pgsql ├── README.md └── ldap ├── README.md └── update-ldap-dovecot-2.3.py /.github/ISSUE_TEMPLATE/issue-or-bug-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Issue or bug report 3 | about: Issue or bug report 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER: 11 | 12 | - iRedMail version (check /etc/iredmail-release): 13 | - Deployed with iRedMail Easy or the downloadable installer? 14 | - Linux/BSD distribution name and version: 15 | - Store mail accounts in which backend (LDAP/MySQL/PGSQL): 16 | - Web server (Apache or Nginx): 17 | - Manage mail accounts with iRedAdmin-Pro? 18 | - [IMPORTANT] Related original log or error message is required if you're experiencing an issue. 19 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /Documentations: -------------------------------------------------------------------------------- 1 | * iRedMail web site: https://www.iredmail.org/ 2 | * Documentations: https://docs.iredmail.org/ 3 | * Support Forum: https://forum.iredmail.org/ 4 | * iRedMail upgrade tutorials: https://docs.iredmail.org/iredmail.releases.html 5 | * iRedAdmin upgrade tutorials: https://docs.iredmail.org/migrate.or.upgrade.iredadmin.html 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | iRedMail is a full-featured mail server solution: https://www.iredmail.org/ 2 | 3 | > Don't forget to check out our lightweight email archiving software: https://spiderd.io/ 4 | 5 | It supports few mainstream Linux/BSD distributions: 6 | 7 | - CentOS Steam 9, 10. 8 | - Rocky Linux 9 9 | - AlmaLinux 9 10 | - Debian 12 11 | - Ubuntu 22.04, 24.04 (Recommend) 12 | - FreeBSD 14.x 13 | - OpenBSD 7.7 14 | 15 | More info: 16 | 17 | - License: GPL v3 18 | - Authors: Zhang Huangbin (zhb _at_ iredmail.org) 19 | - Check and download the latest stable release from [website](https://www.iredmail.org/download.html) 20 | - Install iRedMail by following our installation guides strictly: 21 | [Installation Guides](https://docs.iredmail.org/#install) 22 | - Community, bug report, feature requests: 23 | [online support forum](https://forum.iredmail.org/) 24 | - We offer [paid support services](https://www.iredmail.org/support.html) 25 | - Source packages patched or modified for RHEL/CentOS can be found 26 | [here](https://dl.iredmail.org/yum/srpms/), other RPM packages are all 27 | installed from official yum repository and 28 | [EPEL](http://fedoraproject.org/wiki/EPEL). 29 | 30 | We recommend to deploy iRedMail server with the [iRedMail Easy platform](https://www.iredmail.org/easy.html), 31 | it offers easy deployment, one-click upgrade, and tech support via the ticket 32 | system. Check our [website](https://www.iredmail.org/easy.html) for more details. 33 | 34 | There's also an all-in-one Docker edition here: [iredmail/dockerized](https://github.com/iredmail/dockerized). 35 | -------------------------------------------------------------------------------- /conf/clamav: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | export SYS_USER_CLAMAV='clamav' 24 | export SYS_GROUP_CLAMAV='clamav' 25 | export CLAMAV_CLAMD_SERVICE_NAME='clamd' 26 | export CLAMAV_FRESHCLAMD_RC_SCRIPT_NAME='freshclamd' 27 | 28 | export CLAMD_LOG_DIR='/var/log/clamav' 29 | export CLAMD_LOGFILE="${CLAMD_LOG_DIR}/clamd.log" 30 | # CLAMD_BIND_HOST is configured in conf/global 31 | export CLAMD_LOCAL_SOCKET='/tmp/clamd.socket' 32 | 33 | export FRESHCLAM_CONF='/etc/freshclam.conf' 34 | export FRESHCLAM_LOGFILE="${CLAMD_LOG_DIR}/freshclam.log" 35 | export FRESHCLAM_PID_FILE='/var/run/clamav/freshclam.pid' 36 | 37 | # Update database immediately 38 | export FRESHCLAM_UPDATE_IMMEDIATELY="${FRESHCLAM_UPDATE_IMMEDIATELY:=YES}" 39 | 40 | # Clamav. 41 | if [ X"${DISTRO}" == X'RHEL' ]; then 42 | export SYS_USER_CLAMAV='amavis' 43 | export SYS_GROUP_CLAMAV='amavis' 44 | 45 | export CLAMD_CONF='/etc/clamd.d/amavisd.conf' 46 | export CLAMD_LOCAL_SOCKET='/var/run/clamd.amavisd/clamd.socket' 47 | 48 | export CLAMAV_CLAMD_SERVICE_NAME='clamd@amavisd' 49 | 50 | elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then 51 | export CLAMAV_CLAMD_SERVICE_NAME='clamav-daemon' 52 | export CLAMAV_FRESHCLAMD_RC_SCRIPT_NAME='clamav-freshclam' 53 | 54 | export CLAMD_CONF='/etc/clamav/clamd.conf' 55 | export FRESHCLAM_CONF='/etc/clamav/freshclam.conf' 56 | 57 | export CLAMD_LOCAL_SOCKET='/var/run/clamav/clamd.ctl' 58 | 59 | elif [ X"${DISTRO}" == X'FREEBSD' ]; then 60 | export CLAMD_CONF='/usr/local/etc/clamd.conf' 61 | export FRESHCLAM_CONF='/usr/local/etc/freshclam.conf' 62 | export CLAMD_LOCAL_SOCKET='/var/run/clamav/clamd.sock' 63 | 64 | elif [ X"${DISTRO}" == X'OPENBSD' ]; then 65 | export CLAMD_CONF='/etc/clamd.conf' 66 | export SYS_USER_CLAMAV='_clamav' 67 | export SYS_GROUP_CLAMAV='_clamav' 68 | export CLAMAV_FRESHCLAMD_RC_SCRIPT_NAME='freshclam' 69 | 70 | export FRESHCLAM_PID_FILE='/var/run/freshclam.pid' 71 | fi 72 | -------------------------------------------------------------------------------- /conf/fail2ban: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # Variables for Fail2ban and related. 24 | 25 | export FAIL2BAN_CONF_ROOT='/etc/fail2ban' 26 | 27 | # Version number in source tarball. Used on OpenBSD. 28 | export FAIL2BAN_VERSION="1.1.0" 29 | 30 | if [ X"${DISTRO}" == X"FREEBSD" ]; then 31 | export FAIL2BAN_CONF_ROOT='/usr/local/etc/fail2ban' 32 | export FAIL2BAN_SOCKET='/var/run/fail2ban.sock' 33 | fi 34 | 35 | export FAIL2BAN_MAIN_CONF="${FAIL2BAN_CONF_ROOT}/fail2ban.local" 36 | export FAIL2BAN_JAIL_CONF="${FAIL2BAN_CONF_ROOT}/jail.conf" 37 | export FAIL2BAN_JAIL_LOCAL_CONF="${FAIL2BAN_CONF_ROOT}/jail.local" 38 | export FAIL2BAN_JAIL_CONF_DIR="${FAIL2BAN_CONF_ROOT}/jail.d" 39 | export FAIL2BAN_FILTER_DIR="${FAIL2BAN_CONF_ROOT}/filter.d" 40 | export FAIL2BAN_ACTION_DIR="${FAIL2BAN_CONF_ROOT}/action.d" 41 | 42 | export FAIL2BAN_FILTER_POSTFIX="postfix.iredmail" 43 | export FAIL2BAN_FILTER_ROUNDCUBE="roundcube.iredmail" 44 | export FAIL2BAN_FILTER_DOVECOT="dovecot.iredmail" 45 | 46 | export FAIL2BAN_DISABLED_SERVICES="${PORT_HTTP},${HTTPS_PORT},25,587,465,110,995,143,993,${MANAGESIEVE_PORT}" 47 | 48 | export FAIL2BAN_LOG_FILE='/var/log/fail2ban.log' 49 | export FAIL2BAN_SYSLOG_FACILITY='daemon' 50 | 51 | # Firewall command (fail2ban/action.d/[NAME].conf) 52 | if [ X"${KERNEL_NAME}" == X'LINUX' ]; then 53 | export FAIL2BAN_ACTION='iptables-multiport' 54 | 55 | if [ X"${USE_NFTABLES}" == X'YES' ]; then 56 | export FAIL2BAN_ACTION='nftables-multiport' 57 | fi 58 | elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then 59 | # Use ipfw by default 60 | export FAIL2BAN_ACTION='ipfw' 61 | 62 | # Use pf if it's loaded. 63 | if grep '^pf_load=.YES' /boot/defaults/loader.conf >/dev/null; then 64 | export FAIL2BAN_ACTION='pf' 65 | fi 66 | elif [ X"${KERNEL_NAME}" == X'OPENBSD' ]; then 67 | export FAIL2BAN_ACTION='pf' 68 | fi 69 | 70 | # SQL db. 71 | export FAIL2BAN_DB_NAME='fail2ban' 72 | export FAIL2BAN_DB_USER='fail2ban' 73 | -------------------------------------------------------------------------------- /conf/iredadmin: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | export IREDADMIN_VERSION='2.6' 24 | export IREDADMIN_TARBALL="iRedAdmin-${IREDADMIN_VERSION}.tar.gz" 25 | export IREDADMIN_HTTPD_ROOT="${HTTPD_SERVERROOT}/iRedAdmin-${IREDADMIN_VERSION}" 26 | export IREDADMIN_HTTPD_ROOT_SYMBOL_LINK="${HTTPD_SERVERROOT}/iredadmin" 27 | 28 | export IREDADMIN_HOME_DIR='/home/iredadmin' 29 | export SYS_USER_IREDADMIN='iredadmin' 30 | export SYS_GROUP_IREDADMIN="${SYS_USER_IREDADMIN}" 31 | 32 | # MySQL database name, username and password. 33 | export IREDADMIN_DB_NAME="${SYS_USER_IREDADMIN}" 34 | export IREDADMIN_DB_USER="${SYS_USER_IREDADMIN}" 35 | 36 | export IREDADMIN_BIND_ADDRESS='127.0.0.1' 37 | export IREDADMIN_LISTEN_PORT='7791' 38 | -------------------------------------------------------------------------------- /conf/iredapd: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | export IREDAPD_VERSION='5.9.1' 24 | export SYS_USER_IREDAPD='iredapd' 25 | export SYS_GROUP_IREDAPD='iredapd' 26 | 27 | export IREDAPD_TARBALL="iRedAPD-${IREDAPD_VERSION}.tar.gz" 28 | export IREDAPD_PARENT_DIR='/opt' 29 | export IREDAPD_ROOT_DIR="${IREDAPD_PARENT_DIR}/iRedAPD-${IREDAPD_VERSION}" 30 | export IREDAPD_ROOT_DIR_SYMBOL_LINK="${IREDAPD_PARENT_DIR}/iredapd" 31 | export IREDAPD_CONF="${IREDAPD_ROOT_DIR_SYMBOL_LINK}/settings.py" 32 | 33 | # IREDAPD_BIND_HOST is configured in conf/global 34 | export IREDAPD_LISTEN_PORT='7777' 35 | export IREDAPD_SRS_FORWARD_PORT='7778' 36 | export IREDAPD_SRS_REVERSE_PORT='7779' 37 | export IREDAPD_SRS_SECRET="$(${RANDOM_STRING})" 38 | 39 | export IREDAPD_PID_FILE='/var/run/iredapd.pid' 40 | export IREDAPD_LOG_DIR='/var/log/iredapd' 41 | export IREDAPD_LOG_FILE="${IREDAPD_LOG_DIR}/iredapd.log" 42 | export IREDAPD_LOGROTATE_FILE="${LOGROTATE_DIR}/iredapd" 43 | 44 | # Database 45 | # IREDAPD_DB_PASSWD is generated in dialog/optional_components.sh. 46 | export IREDAPD_DB_NAME='iredapd' 47 | export IREDAPD_DB_USER='iredapd' 48 | 49 | 50 | if [ X"${DISTRO}" == X'FREEBSD' ]; then 51 | export IREDAPD_LOGROTATE_FILE="${LOGROTATE_DIR}/iredapd.conf" 52 | fi 53 | -------------------------------------------------------------------------------- /conf/logwatch: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # OpenBSD doesn't have logwatch. 24 | if [ X"${KERNEL_NAME}" == X'LINUX' ]; then 25 | export LOGWATCH_SERVICES_DIR='/etc/logwatch/conf/services' 26 | elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then 27 | export LOGWATCH_SERVICES_DIR='/usr/local/etc/logwatch/services' 28 | fi 29 | -------------------------------------------------------------------------------- /conf/memcached: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # Memcached 24 | export MEMCACHED_BIND_ADDRESS="${MEMCACHED_BIND_ADDRESS:=${LOCAL_ADDRESS}}" 25 | 26 | export MEMCACHED_RC_SCRIPT_NAME='memcached' 27 | 28 | if [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then 29 | export MEMCACHED_CONF='/etc/memcached.conf' 30 | elif [ X"${DISTRO}" == X'OPENBSD' ]; then 31 | export MEMCACHED_DAEMIN_USER='_memcached' 32 | fi 33 | -------------------------------------------------------------------------------- /conf/mlmmj: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # mlmmj user/group name 24 | export SYS_USER_MLMMJ='mlmmj' 25 | export SYS_GROUP_MLMMJ='mlmmj' 26 | 27 | # Directory used to store mailing list accounts and archive of in/out mails 28 | export MLMMJ_SPOOL_DIR="${STORAGE_BASE_DIR}/mlmmj" 29 | export MLMMJ_HOME_DIR="${MLMMJ_SPOOL_DIR}" 30 | # Directory used to store archived mailing list accounts and data. 31 | export MLMMJ_ARCHIVE_DIR="${STORAGE_BASE_DIR}/mlmmj-archive" 32 | # Directory which stores skel files (templates in different languages) 33 | export MLMMJ_SKEL_DIR='/usr/share/mlmmj/text.skel' 34 | 35 | export CMD_MLMMJ_RECEIVE='/usr/bin/mlmmj-receive' 36 | export CMD_MLMMJ_MAINTD='/usr/bin/mlmmj-maintd' 37 | export CMD_MLMMJ_AMIME_RECEIVE='/usr/bin/mlmmj-amime-receive' 38 | 39 | export CRON_FILE_MLMMJ="${CRON_SPOOL_DIR}/${SYS_USER_MLMMJ}" 40 | 41 | if [ X"${DISTRO}" == X'FREEBSD' -o X"${DISTRO}" == X'OPENBSD' ]; then 42 | export CMD_MLMMJ_RECEIVE='/usr/local/bin/mlmmj-receive' 43 | export CMD_MLMMJ_MAINTD='/usr/local/bin/mlmmj-maintd' 44 | export CMD_MLMMJ_AMIME_RECEIVE='/usr/local/bin/mlmmj-amime-receive' 45 | export MLMMJ_SKEL_DIR='/usr/local/share/mlmmj/text.skel' 46 | fi 47 | 48 | # 49 | # mlmmjadmin: RESTful API server used to manage mlmmj mailing lists 50 | # 51 | export MLMMJADMIN_RC_SCRIPT_NAME='mlmmjadmin' 52 | export MLMMJADMIN_RC_SCRIPT_PATH="${DIR_RC_SCRIPTS}/${MLMMJADMIN_RC_SCRIPT_NAME}" 53 | 54 | export MLMMJADMIN_LISTEN_PORT='7790' 55 | export MLMMJADMIN_PID_FILE='/var/run/mlmmjadmin/mlmmjadmin.pid' 56 | 57 | export MLMMJADMIN_VERSION='3.4.0' 58 | export MLMMJADMIN_TARBALL="mlmmjadmin-${MLMMJADMIN_VERSION}.tar.gz" 59 | 60 | export MLMMJADMIN_PARENT_DIR='/opt' 61 | export MLMMJADMIN_ROOT_DIR="${MLMMJADMIN_PARENT_DIR}/mlmmjadmin-${MLMMJADMIN_VERSION}" 62 | export MLMMJADMIN_ROOT_DIR_SYMBOL_LINK="${MLMMJADMIN_PARENT_DIR}/mlmmjadmin" 63 | export MLMMJADMIN_CONF="${MLMMJADMIN_ROOT_DIR_SYMBOL_LINK}/settings.py" 64 | 65 | export MLMMJADMIN_LOG_DIR='/var/log/mlmmjadmin' 66 | export MLMMJADMIN_LOG_FILE="${MLMMJADMIN_LOG_DIR}/mlmmjadmin.log" 67 | export MLMMJADMIN_LOGROTATE_FILE="${LOGROTATE_DIR}/mlmmjadmin" 68 | 69 | if [ X"${DISTRO}" == X'FREEBSD' ]; then 70 | export MLMMJADMIN_LOGROTATE_FILE="${LOGROTATE_DIR}/mlmmjadmin.conf" 71 | fi 72 | -------------------------------------------------------------------------------- /conf/netdata: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # 24 | # netdata: https://my-netdata.io 25 | # 26 | export NETDATA_VERSION='2.5.2' 27 | export NETDATA_PKG_NAME="netdata-v${NETDATA_VERSION}.gz.run" 28 | 29 | # iRedMail install netdata with the '.bin' package on Linux, it installs 30 | # netdata application files under '/opt/netdata' by default. 31 | # Directory contains all config files 32 | export NETDATA_CONF_DIR="/opt/netdata/etc/netdata" 33 | 34 | # Log directory 35 | export NETDATA_LOG_DIR="/opt/netdata/var/log/netdata" 36 | 37 | if [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then 38 | export NETDATA_CONF_DIR='/usr/local/etc/netdata' 39 | export NETDATA_LOG_DIR='/var/log/netdata' 40 | fi 41 | 42 | export NETDATA_PORT='19999' 43 | export NETDATA_RC_SCRIPT_NAME='netdata' 44 | 45 | # Main config file. 46 | export NETDATA_CONF="${NETDATA_CONF_DIR}/netdata.conf" 47 | export NETDATA_HEALTH_ALARM_NOTIFY_CONF="${NETDATA_CONF_DIR}/health_alarm_notify.conf" 48 | export NETDATA_PYTHON_D_CONF="${NETDATA_CONF_DIR}/python.d.conf" 49 | export NETDATA_GO_D_CONF="${NETDATA_CONF_DIR}/go.d.conf" 50 | 51 | # web auth file 52 | export NETDATA_HTTPD_AUTH_FILE="${HTTPD_CONF_ROOT}/netdata.users" 53 | 54 | # .my.cnf used to access MySQL db. 55 | export NETDATA_DOT_MY_CNF="${NETDATA_CONF_DIR}/my.cnf" 56 | 57 | # Modular config files. 58 | export NETDATA_CONF_HEALTH_ALARM_NOTIFY="${NETDATA_CONF_DIR}/health_alarm_notify.conf" 59 | 60 | export NETDATA_GO_D_CONF_DIR="${NETDATA_CONF_DIR}/go.d" 61 | export NETDATA_GO_D_CONF_PHPFPM="${NETDATA_GO_D_CONF_DIR}/phpfpm.conf" 62 | export NETDATA_GO_D_CONF_NGINX="${NETDATA_GO_D_CONF_DIR}/nginx.conf" 63 | export NETDATA_GO_D_CONF_MYSQL="${NETDATA_GO_D_CONF_DIR}/mysql.conf" 64 | export NETDATA_GO_D_CONF_OPENLDAP="${NETDATA_GO_D_CONF_DIR}/openldap.conf" 65 | export NETDATA_GO_D_CONF_PGSQL="${NETDATA_GO_D_CONF_DIR}/postgres.conf" 66 | 67 | # Database 68 | # NETDATA_DB_PASSWD is generated in dialog/optional_components.sh. 69 | export NETDATA_DB_USER='netdata' 70 | -------------------------------------------------------------------------------- /conf/nginx: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # RC scripts 24 | export NGINX_RC_SCRIPT_NAME='nginx' 25 | 26 | # Configuration files 27 | export HTTPD_CONF_ROOT='/etc/nginx' 28 | 29 | # Log directory. 30 | export NGINX_LOG_DIR='/var/log/nginx' 31 | 32 | # PID file 33 | export NGINX_PID='/var/run/nginx.pid' 34 | 35 | # Directory for storing temporary files holding client request bodies. 36 | export NGINX_CLIENT_BODY_TEMP_PATH='/var/lib/nginx_tmp_client_body' 37 | 38 | if [ X"${DISTRO}" == X'RHEL' ]; then 39 | # Daemon user. 40 | export HTTPD_USER='nginx' 41 | export HTTPD_GROUP='nginx' 42 | 43 | elif [ X"${DISTRO}" == X'FREEBSD' ]; then 44 | export HTTPD_CONF_ROOT="/usr/local/etc/nginx" 45 | 46 | elif [ X"${DISTRO}" == X'OPENBSD' ]; then 47 | export NGINX_LOG_DIR='/var/www/logs' 48 | 49 | fi 50 | 51 | # Log files. 52 | export NGINX_LOG_ACCESSLOG="${NGINX_LOG_DIR}/access.log" 53 | export NGINX_LOG_ERRORLOG="${NGINX_LOG_DIR}/error.log" 54 | 55 | export HTTPD_CONF_DIR_AVAILABLE_CONF="${HTTPD_CONF_ROOT}/conf-available" 56 | export HTTPD_CONF_DIR_ENABLED_CONF="${HTTPD_CONF_ROOT}/conf-enabled" 57 | 58 | # Directory used to store all sites. Note: not loaded by default. 59 | export HTTPD_CONF_DIR_AVAILABLE_SITES="${HTTPD_CONF_ROOT}/sites-available" 60 | # Directory used to store site config files which will be loaded by default. 61 | # Usually we just create a symbol link to file under ${HTTPD_CONF_DIR_AVAILABLE_SITES} 62 | export HTTPD_CONF_DIR_ENABLED_SITES="${HTTPD_CONF_ROOT}/sites-enabled" 63 | 64 | export NGINX_CONF="${HTTPD_CONF_ROOT}/nginx.conf" 65 | export NGINX_CONF_SITE_DEFAULT="${HTTPD_CONF_DIR_AVAILABLE_SITES}/00-default.conf" 66 | export NGINX_CONF_SITE_DEFAULT_SSL="${HTTPD_CONF_DIR_AVAILABLE_SITES}/00-default-ssl.conf" 67 | export NGINX_CONF_TMPL_DIR="${HTTPD_CONF_ROOT}/templates" 68 | 69 | export NGINX_MIME_TYPES="${HTTPD_CONF_ROOT}/mime.types" 70 | -------------------------------------------------------------------------------- /conf/roundcube: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # --------------------------------------- 24 | # RoundcubeMail. http://roundcube.net 25 | # --------------------------------------- 26 | export RCM_VERSION='1.6.11' 27 | export RCM_TARBALL="roundcubemail-${RCM_VERSION}-complete.tar.gz" 28 | export RCM_USE_SOURCE='YES' 29 | 30 | if [ X"${DISTRO}" == X'FREEBSD' ]; then 31 | # Install via ports tree 32 | export RCM_USE_SOURCE='NO' 33 | fi 34 | 35 | if [ X"${RCM_USE_SOURCE}" == X'YES' ]; then 36 | export RCM_HTTPD_ROOT="${HTTPD_SERVERROOT}/roundcubemail-${RCM_VERSION}" 37 | export RCM_HTTPD_ROOT_SYMBOL_LINK="${HTTPD_SERVERROOT}/roundcubemail" 38 | else 39 | if [ X"${DISTRO}" == X'FREEBSD' ]; then 40 | export RCM_HTTPD_ROOT="${HTTPD_SERVERROOT}/roundcube" 41 | export RCM_HTTPD_ROOT_SYMBOL_LINK="${RCM_HTTPD_ROOT}" 42 | fi 43 | fi 44 | 45 | export RCM_CONF_DIR="${RCM_HTTPD_ROOT}/config" 46 | export RCM_CONF="${RCM_CONF_DIR}/config.inc.php" 47 | 48 | # Syslog log file. 49 | export RCM_LOGFILE="${MAILLOG}" 50 | 51 | # Database setting. 52 | export RCM_DB_NAME="roundcubemail" 53 | export RCM_DB_USER="roundcube" 54 | 55 | # this key is used to encrypt the users imap password which is stored 56 | # in the session record (and the client cookie if remember password is enabled). 57 | # please provide a string of exactly 24 chars. 58 | export tmp_rcm_des_key="$(${RANDOM_STRING} | cut -c-24)" 59 | export RCM_DES_KEY="${tmp_rcm_des_key}" 60 | 61 | # Directory used to store PGP keys generated with Roundcube plugin `enigma` 62 | export RCM_PLUGIN_ENIGMA_PGP_HOMEDIR="${RCM_PLUGIN_ENIGMA_PGP_HOMEDIR:=${STORAGE_BASE_DIR}/pgp-keys}" 63 | -------------------------------------------------------------------------------- /conf/spamassassin: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # For SpamAssassin. 24 | 25 | export SA_CONF_DIR='/etc/mail/spamassassin' 26 | export SA_RULES_DIR='/usr/share/spamassassin' 27 | export BIN_SA_UPDATE='sa-update' 28 | export BIN_SA_COMPILE='sa-compile' 29 | 30 | if [ X"${DISTRO}" == X'FREEBSD' ]; then 31 | export SA_CONF_DIR='/usr/local/etc/mail/spamassassin' 32 | export SA_RULES_DIR='/usr/local/share/spamassassin' 33 | export BIN_SA_UPDATE='/usr/local/bin/sa-update' 34 | export BIN_SA_COMPILE='/usr/local/bin/sa-compile' 35 | fi 36 | 37 | export SA_INIT_PRE="${SA_CONF_DIR}/init.pre" 38 | export SA_LOCAL_CF="${SA_CONF_DIR}/local.cf" 39 | export SA_PLUGIN_RAZOR_CONF="${SA_CONF_DIR}/razor.conf" 40 | -------------------------------------------------------------------------------- /conf/web_server: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # web servers and PHP 24 | export PORT_HTTP="${PORT_HTTP:=80}" 25 | export HTTPS_PORT="${HTTPS_PORT:=443}" 26 | 27 | # store extra web applications 28 | export HTTPD_SERVERROOT='/opt/www' 29 | 30 | if [ X"${DISTRO}" == X'RHEL' ]; then 31 | # Web data. 32 | export HTTPD_DOCUMENTROOT='/var/www/html' 33 | 34 | elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then 35 | # Web data. 36 | export HTTPD_DOCUMENTROOT='/var/www/html' 37 | 38 | # Daemon user. 39 | export HTTPD_USER='www-data' 40 | export HTTPD_GROUP='www-data' 41 | 42 | elif [ X"${DISTRO}" == X'FREEBSD' ]; then 43 | # Daemon user. 44 | export HTTPD_USER='www' 45 | export HTTPD_GROUP='www' 46 | 47 | # Web data. 48 | export HTTPD_SERVERROOT='/usr/local/www' 49 | export HTTPD_DOCUMENTROOT='/usr/local/www/htdocs' 50 | 51 | elif [ X"${DISTRO}" == X'OPENBSD' ]; then 52 | # Daemon user. 53 | export HTTPD_USER='www' 54 | export HTTPD_GROUP='www' 55 | 56 | # Web data. 57 | export HTTPD_DOCUMENTROOT="/var/www/htdocs" 58 | 59 | fi 60 | 61 | export HTTPD_WELL_KNOWN_DIR="${HTTPD_SERVERROOT}/well_known" 62 | 63 | [ X"${WEB_SERVER}" == X'NGINX' ] && . ${CONF_DIR}/nginx 64 | 65 | . ${CONF_DIR}/php 66 | -------------------------------------------------------------------------------- /dialog/ldap_config.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # -------------------------------------------------- 24 | # --------------------- LDAP ----------------------- 25 | # -------------------------------------------------- 26 | 27 | # LDAP suffix. 28 | while : ; do 29 | ${DIALOG} \ 30 | --title "LDAP suffix (root dn)" \ 31 | --inputbox "\ 32 | Please specify your LDAP suffix (root dn): 33 | 34 | EXAMPLE: 35 | 36 | * Domain 'example.com': dc=example,dc=com 37 | * Domain 'test.com.cn': dc=test,dc=com,dc=cn 38 | 39 | Note: Password for LDAP rootdn (cn=Manager,dc=xx,dc=xx) will be 40 | generated randomly. 41 | " 20 76 "dc=example,dc=com" 2>${RUNTIME_DIR}/.ldap_suffix 42 | 43 | LDAP_SUFFIX="$(cat ${RUNTIME_DIR}/.ldap_suffix)" 44 | [ X"${LDAP_SUFFIX}" != X"" ] && break 45 | done 46 | 47 | rm -f ${RUNTIME_DIR}/.ldap_suffix 48 | 49 | export LDAP_SUFFIX="${LDAP_SUFFIX}" 50 | echo "export LDAP_SUFFIX='${LDAP_SUFFIX}'" >> ${IREDMAIL_CONFIG_FILE} 51 | 52 | # LDAP bind dn, passwords. 53 | export LDAP_BINDPW="$(${RANDOM_STRING})" 54 | export LDAP_ADMIN_PW="$(${RANDOM_STRING})" 55 | export LDAP_ROOTPW="$(${RANDOM_STRING})" 56 | echo "export LDAP_BINDPW='${LDAP_BINDPW}'" >> ${IREDMAIL_CONFIG_FILE} 57 | echo "export LDAP_ADMIN_PW='${LDAP_ADMIN_PW}'" >> ${IREDMAIL_CONFIG_FILE} 58 | echo "export LDAP_ROOTPW='${LDAP_ROOTPW}'" >> ${IREDMAIL_CONFIG_FILE} 59 | -------------------------------------------------------------------------------- /dialog/mysql_config.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # -------------------------------------------------- 24 | # --------------------- MySQL ---------------------- 25 | # -------------------------------------------------- 26 | 27 | . ${CONF_DIR}/mysql 28 | 29 | if [ -z "${MYSQL_ROOT_PASSWD}" ]; then 30 | # set a new MySQL root password. 31 | while : ; do 32 | ${DIALOG} \ 33 | --title "Password for MySQL administrator: ${MYSQL_ROOT_USER}" \ 34 | --passwordbox "\ 35 | Please specify password for MySQL administrator ${MYSQL_ROOT_USER} on server 36 | ${MYSQL_SERVER_ADDRESS}. 37 | 38 | WARNING: 39 | 40 | * Do *NOT* use double quote (\") in password. 41 | * EMPTY password is *NOT* permitted. 42 | * Sample password: $(${RANDOM_STRING}) 43 | " 20 76 2>${RUNTIME_DIR}/.mysql_rootpw 44 | 45 | MYSQL_ROOT_PASSWD="$(cat ${RUNTIME_DIR}/.mysql_rootpw)" 46 | 47 | [ X"${MYSQL_ROOT_PASSWD}" != X'' ] && break 48 | done 49 | 50 | export MYSQL_ROOT_PASSWD="${MYSQL_ROOT_PASSWD}" 51 | fi 52 | 53 | echo "export MYSQL_ROOT_PASSWD='${MYSQL_ROOT_PASSWD}'" >>${IREDMAIL_CONFIG_FILE} 54 | rm -f ${RUNTIME_DIR}/.mysql_rootpw &>/dev/null 55 | -------------------------------------------------------------------------------- /dialog/pgsql_config.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # -------------------------------------------------- 24 | # --------------------- MySQL ---------------------- 25 | # -------------------------------------------------- 26 | 27 | . ${CONF_DIR}/postgresql 28 | 29 | # Root password. 30 | while : ; do 31 | ${DIALOG} \ 32 | --title "Password for PostgreSQL administrator: ${PGSQL_ROOT_USER}" \ 33 | --passwordbox "\ 34 | Please specify password for PostgreSQL administrator: ${PGSQL_ROOT_USER} 35 | 36 | WARNING: 37 | 38 | * Do *NOT* use special characters in password right now. e.g. $, #, @, space. 39 | * EMPTY password is *NOT* permitted. 40 | * Sample password: $(${RANDOM_STRING}) 41 | " 20 76 2>${RUNTIME_DIR}/.pgsql_rootpw 42 | 43 | PGSQL_ROOT_PASSWD="$(cat ${RUNTIME_DIR}/.pgsql_rootpw)" 44 | 45 | # Check $, #, space 46 | echo ${PGSQL_ROOT_PASSWD} | grep '[\$\#\ ]' &>/dev/null 47 | [ X"$?" != X'0' -a X"${PGSQL_ROOT_PASSWD}" != X'' ] && break 48 | done 49 | 50 | export PGSQL_ROOT_PASSWD="${PGSQL_ROOT_PASSWD}" 51 | echo "export PGSQL_ROOT_PASSWD='${PGSQL_ROOT_PASSWD}'" >>${IREDMAIL_CONFIG_FILE} 52 | rm -f ${RUNTIME_DIR}/.pgsql_rootpw 53 | -------------------------------------------------------------------------------- /dialog/web_applications.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | # --------------------------------------------------------------- 24 | # Optional web applications 25 | # --------------------------------------------------------------- 26 | if [ X"${DISABLE_WEB_SERVER}" != X'YES' ]; then 27 | export DIALOG_SELECTABLE_ROUNDCUBE='YES' 28 | export DIALOG_SELECTABLE_NETDATA='YES' 29 | export DIALOG_SELECTABLE_SOGO='YES' 30 | 31 | # SOGo team doesn't offer binary packages for arm platform. 32 | if [[ X"${OS_ARCH}" != X'i386' ]] && [[ X"${OS_ARCH}" != X'x86_64' ]]; then 33 | export DIALOG_SELECTABLE_SOGO='NO' 34 | fi 35 | 36 | if [[ X"${DISTRO}" == X'RHEL' ]] && [[ X"${DISTRO_VERSION}" == X'10' ]]; then 37 | # SOGo team doesn't offer binary packages for RHEL 10 yet. 38 | export DIALOG_SELECTABLE_SOGO='NO' 39 | elif [ X"${DISTRO}" == X'OPENBSD' ]; then 40 | # OpenBSD doesn't have 'libuuid' which required by netdata 41 | export DIALOG_SELECTABLE_NETDATA='NO' 42 | fi 43 | fi 44 | 45 | # iRedAdmin 46 | if [ X"${DIALOG_SELECTABLE_IREDADMIN}" == X'YES' ]; then 47 | LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} iRedAdmin Official_web-based_Admin_Panel on" 48 | fi 49 | 50 | # Roundcube 51 | if [ X"${DIALOG_SELECTABLE_ROUNDCUBE}" == X'YES' ]; then 52 | LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} Roundcubemail Fast_and_lightweight_webmail on" 53 | fi 54 | 55 | # SOGo 56 | if [ X"${DIALOG_SELECTABLE_SOGO}" == X'YES' ]; then 57 | LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} SOGo Webmail,_Calendar,_Address_book,_ActiveSync off" 58 | fi 59 | 60 | # netdata 61 | if [ X"${DIALOG_SELECTABLE_NETDATA}" == X'YES' ]; then 62 | LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} netdata Awesome_system_monitor on" 63 | fi 64 | -------------------------------------------------------------------------------- /functions/optional_components.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin 4 | 5 | # ------------------------------------------- 6 | # Install all optional components. 7 | # ------------------------------------------- 8 | optional_components() 9 | { 10 | # iRedAPD. 11 | check_status_before_run iredapd_setup 12 | 13 | # iRedAdmin. 14 | [ X"${USE_IREDADMIN}" == X'YES' ] && \ 15 | check_status_before_run iredadmin_setup 16 | 17 | # Roundcubemail. 18 | [ X"${USE_ROUNDCUBE}" == X'YES' ] && \ 19 | check_status_before_run rcm_setup 20 | 21 | # SOGo 22 | [ X"${USE_SOGO}" == X'YES' ] && \ 23 | check_status_before_run sogo_setup 24 | 25 | # Fail2ban. 26 | [ X"${USE_FAIL2BAN}" == X'YES' -a X"${DISTRO}" != X'FREEBSD' ] && \ 27 | check_status_before_run fail2ban_setup 28 | 29 | # netdata. 30 | [ X"${USE_NETDATA}" == X'YES' ] && \ 31 | check_status_before_run netdata_setup 32 | } 33 | -------------------------------------------------------------------------------- /functions/spamassassin.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin 4 | 5 | # --------------------------------------------------------- 6 | # SpamAssassin. 7 | # --------------------------------------------------------- 8 | sa_config() 9 | { 10 | ECHO_INFO "Configure SpamAssassin (content-based spam filter)." 11 | 12 | backup_file ${SA_LOCAL_CF} 13 | 14 | ECHO_DEBUG "Copy sample SpamAssassin config file: ${SAMPLE_DIR}/spamassassin/local.cf -> ${SA_LOCAL_CF}." 15 | cp -f ${SAMPLE_DIR}/spamassassin/local.cf ${SA_LOCAL_CF} 16 | cp -f ${SAMPLE_DIR}/spamassassin/razor.conf ${SA_PLUGIN_RAZOR_CONF} 17 | 18 | perl -pi -e 's#PH_SA_PLUGIN_RAZOR_CONF#$ENV{SA_PLUGIN_RAZOR_CONF}#g' ${SA_LOCAL_CF} 19 | 20 | ECHO_DEBUG "Enable crontabs for SpamAssassin update." 21 | if [ X"${DISTRO}" == X'RHEL' ]; then 22 | if [ -f ${ETC_SYSCONFIG_DIR}/sa-update ]; then 23 | perl -pi -e 's/^#(SAUPDATE=yes)/${1}/' ${ETC_SYSCONFIG_DIR}/sa-update 24 | fi 25 | 26 | # Enable daily cron job to update rules. 27 | if [[ ! -x /etc/cron.daily/sa-update ]]; then 28 | ln -sf /usr/share/spamassassin/sa-update.cron /etc/cron.daily/sa-update 29 | fi 30 | elif [ X"${DISTRO}" == X'UBUNTU' -o X"${DISTRO}" == X'DEBIAN' ]; then 31 | [[ -f /etc/default/spamassassin ]] && \ 32 | perl -pi -e 's#^(CRON=)0#${1}1#' /etc/default/spamassassin 33 | fi 34 | 35 | if [ X"${DISTRO}" == X'FREEBSD' ]; then 36 | ECHO_DEBUG "Compile SpamAssassin ruleset into native code." 37 | sa-compile >> ${INSTALL_LOG} 2>&1 38 | fi 39 | 40 | cat >> ${TIP_FILE} <> ${STATUS_FILE} 49 | } 50 | -------------------------------------------------------------------------------- /functions/web_server.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | 5 | #--------------------------------------------------------------------- 6 | # This file is part of iRedMail, which is an open source mail server 7 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 8 | # 9 | # iRedMail is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # iRedMail is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with iRedMail. If not, see . 21 | #--------------------------------------------------------------------- 22 | 23 | web_server_extra() 24 | { 25 | # Create robots.txt. 26 | if [ ! -e ${HTTPD_DOCUMENTROOT}/robots.txt ]; then 27 | cat >> ${HTTPD_DOCUMENTROOT}/robots.txt <' > ${HTTPD_DOCUMENTROOT}/index.html 37 | elif [ X"${USE_SOGO}" == X'YES' ]; then 38 | echo '' > ${HTTPD_DOCUMENTROOT}/index.html 39 | fi 40 | fi 41 | 42 | # Add alias for web server daemon user 43 | add_postfix_alias ${HTTPD_USER} ${SYS_USER_ROOT} 44 | 45 | echo 'export status_web_server_extra="DONE"' >> ${STATUS_FILE} 46 | } 47 | 48 | web_server_config() 49 | { 50 | # Create required directories 51 | [[ -d ${HTTPD_SERVERROOT} ]] || mkdir -p ${HTTPD_SERVERROOT} >> ${INSTALL_LOG} 2>&1 52 | [[ -d ${HTTPD_DOCUMENTROOT} ]] || mkdir -p ${HTTPD_DOCUMENTROOT} >> ${INSTALL_LOG} 2>&1 53 | 54 | [[ -d ${HTTPD_WELL_KNOWN_DIR} ]] || mkdir -p ${HTTPD_WELL_KNOWN_DIR} >> ${INSTALL_LOG} 2>&1 55 | chown ${SYS_USER_ROOT}:${SYS_GROUP_ROOT} ${HTTPD_WELL_KNOWN_DIR} 56 | chmod 0755 ${HTTPD_WELL_KNOWN_DIR} 57 | 58 | if [ X"${WEB_SERVER}" == X'NGINX' ]; then 59 | . ${FUNCTIONS_DIR}/nginx.sh 60 | check_status_before_run nginx_config 61 | check_status_before_run web_server_extra 62 | fi 63 | 64 | if [ X"${IREDMAIL_USE_PHP}" == X'YES' ]; then 65 | . ${FUNCTIONS_DIR}/php.sh 66 | check_status_before_run php_config 67 | fi 68 | 69 | echo 'export status_web_server_config="DONE"' >> ${STATUS_FILE} 70 | } 71 | -------------------------------------------------------------------------------- /pkgs/pkgs.freebsd.sha256: -------------------------------------------------------------------------------- 1 | SHA256 (misc/iRedAdmin-2.6.tar.gz) = f3a0e196165c40ff714848bdcd2f90f02a1813f93d9ffcfb8cc0f45f9f07a3e9 2 | SHA256 (misc/mlmmjadmin-3.4.0.tar.gz) = 17aeda92aba7a5ba89464f2ce75e9ed0072219613cfe519d8c2898eefa48c35c 3 | SHA256 (misc/iRedAPD-5.9.1.tar.gz) = 3e4265189e128c4f440f20b41a22b0537cd103590d13ffb45b0073bc869a8934 4 | -------------------------------------------------------------------------------- /pkgs/pkgs.openbsd.sha256: -------------------------------------------------------------------------------- 1 | SHA256 (misc/uwsgi-2.0.28.tar.gz) = 4bb0762c5becb0414352cca664957206df4d6847e9a1c472e87708dc2cdad610 2 | SHA256 (misc/iRedAdmin-2.6.tar.gz) = f3a0e196165c40ff714848bdcd2f90f02a1813f93d9ffcfb8cc0f45f9f07a3e9 3 | SHA256 (misc/mlmmjadmin-3.4.0.tar.gz) = 17aeda92aba7a5ba89464f2ce75e9ed0072219613cfe519d8c2898eefa48c35c 4 | SHA256 (misc/iRedAPD-5.9.1.tar.gz) = 3e4265189e128c4f440f20b41a22b0537cd103590d13ffb45b0073bc869a8934 5 | SHA256 (misc/roundcubemail-1.6.11-complete.tar.gz) = a230e432065555bfa27bea3fcf4ac672f2359ef28ad84f5945ea3ccf702e7466 6 | SHA256 (misc/fail2ban-1.1.0.tar.gz) = 474fcc25afdaf929c74329d1e4d24420caabeea1ef2e041a267ce19269570bae 7 | -------------------------------------------------------------------------------- /pkgs/pkgs.sha256: -------------------------------------------------------------------------------- 1 | f3a0e196165c40ff714848bdcd2f90f02a1813f93d9ffcfb8cc0f45f9f07a3e9 misc/iRedAdmin-2.6.tar.gz 2 | 17aeda92aba7a5ba89464f2ce75e9ed0072219613cfe519d8c2898eefa48c35c misc/mlmmjadmin-3.4.0.tar.gz 3 | 3e4265189e128c4f440f20b41a22b0537cd103590d13ffb45b0073bc869a8934 misc/iRedAPD-5.9.1.tar.gz 4 | 746bdcb9a56d886313e9ffe8fc546ada7a9c588ec22dd9e4317d79d2a1422e96 misc/netdata-v2.5.2.gz.run 5 | a230e432065555bfa27bea3fcf4ac672f2359ef28ad84f5945ea3ccf702e7466 misc/roundcubemail-1.6.11-complete.tar.gz 6 | -------------------------------------------------------------------------------- /samples/amavisd/default_spam_policy.sql: -------------------------------------------------------------------------------- 1 | -- Default server-wide spam policy 2 | -- 3 | -- *) with 'spam_lover=Y' and: 4 | -- 5 | -- - with 'spam_quarantine_to=spam-quarantine', spam will be delivered 6 | -- to mailbox and a copy will be quarantined 7 | -- - with 'spam_quarantine_to=' (empty value), spam will be delivered to 8 | -- mailbox, no copy will be quarantined 9 | -- 10 | -- *) with 'spam_lover=N' and 11 | -- 12 | -- - with 'spam_quarantine_to=spam-quarantine', spam will be quarantined, 13 | -- no copy will be delivered to mailbox. 14 | -- - with 'spam_quarantine_to=' (empty value), spam won't be quarantined, 15 | -- a copy will be delivered to mailbox. 16 | -- 17 | 18 | INSERT INTO policy (policy_name, 19 | spam_lover, 20 | virus_lover, 21 | banned_files_lover, 22 | bad_header_lover, 23 | bypass_spam_checks, 24 | bypass_virus_checks, 25 | bypass_banned_checks, 26 | bypass_header_checks, 27 | spam_quarantine_to, 28 | virus_quarantine_to, 29 | banned_quarantine_to, 30 | bad_header_quarantine_to) 31 | VALUES ('@.', 32 | 'Y', 33 | 'N', 34 | 'N', 35 | 'Y', 36 | 'N', 37 | 'N', 38 | 'N', 39 | 'N', 40 | '', 41 | 'virus-quarantine', 42 | 'banned-quarantine', 43 | ''); 44 | 45 | INSERT INTO users (priority, email) VALUES (0, '@.'); 46 | UPDATE users SET policy_id = (SELECT id FROM policy WHERE policy.policy_name='@.' LIMIT 1); 47 | -------------------------------------------------------------------------------- /samples/dovecot/dovecot-last-login.conf: -------------------------------------------------------------------------------- 1 | connect = host=PH_SQL_SERVER_ADDRESS port=PH_SQL_SERVER_PORT dbname=PH_LAST_LOGIN_DB_NAME user=PH_LAST_LOGIN_DB_USER password=PH_LAST_LOGIN_DB_PASSWORD 2 | 3 | map { 4 | pattern = shared/last-login/imap/$user/$domain 5 | table = last_login 6 | value_field = imap 7 | value_type = uint 8 | 9 | fields { 10 | username = $user 11 | domain = $domain 12 | } 13 | } 14 | 15 | map { 16 | pattern = shared/last-login/pop3/$user/$domain 17 | table = last_login 18 | value_field = pop3 19 | value_type = uint 20 | 21 | fields { 22 | username = $user 23 | domain = $domain 24 | } 25 | } 26 | 27 | map { 28 | pattern = shared/last-login/lda/$user/$domain 29 | table = last_login 30 | value_field = lda 31 | value_type = uint 32 | 33 | fields { 34 | username = $user 35 | domain = $domain 36 | } 37 | } 38 | 39 | # Treat lmtp as lda. 40 | map { 41 | pattern = shared/last-login/lmtp/$user/$domain 42 | table = last_login 43 | value_field = lda 44 | value_type = uint 45 | 46 | fields { 47 | username = $user 48 | domain = $domain 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /samples/dovecot/dovecot-ldap.conf: -------------------------------------------------------------------------------- 1 | hosts = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | ldap_version = PH_LDAP_BIND_VERSION 3 | auth_bind = yes 4 | dn = PH_LDAP_BINDDN 5 | dnpass = PH_LDAP_BINDPW 6 | base = PH_LDAP_BASEDN 7 | scope = subtree 8 | deref = never 9 | debug_level = 0 10 | 11 | # Below two are required by command 'doveadm mailbox ...' 12 | #iterate_attrs = mail=user 13 | #iterate_filter = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)) 14 | 15 | user_filter = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))) 16 | user_attrs = mail=master_user,mail=user,=home=%L{ldap:homeDirectory},=mail=%{ldap:mailboxFormat:maildir}:~/%{ldap:mailboxFolder:Maildir}/,mailQuota=quota_rule=*:bytes=%$ 17 | 18 | # Used for dn lookup 19 | pass_filter = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))) 20 | pass_attrs = mail=user,userPassword=password,allowNets=allow_nets 21 | default_pass_scheme = CRYPT 22 | -------------------------------------------------------------------------------- /samples/dovecot/dovecot-share-folder.conf: -------------------------------------------------------------------------------- 1 | connect = host=PH_SQL_SERVER_ADDRESS port=PH_SQL_SERVER_PORT dbname=PH_DOVECOT_SHARE_FOLDER_DB_NAME user=PH_DOVECOT_SHARE_FOLDER_DB_USER password=PH_DOVECOT_SHARE_FOLDER_DB_PASSWORD 2 | map { 3 | pattern = shared/shared-boxes/user/$to/$from 4 | table = PH_DOVECOT_SHARE_FOLDER_DB_TABLE 5 | value_field = dummy 6 | 7 | fields { 8 | from_user = $from 9 | to_user = $to 10 | } 11 | } 12 | 13 | # To share mailbox to anyone, please uncomment 'acl_anyone = allow' in 14 | # dovecot.conf 15 | map { 16 | pattern = shared/shared-boxes/anyone/$from 17 | table = PH_DOVECOT_SHARE_FOLDER_ANYONE_DB_TABLE 18 | value_field = dummy 19 | fields { 20 | from_user = $from 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /samples/dovecot/dovecot-sql.conf: -------------------------------------------------------------------------------- 1 | driver = PH_SQL_DRIVER 2 | default_pass_scheme = CRYPT 3 | connect = host=PH_SQL_SERVER_ADDRESS port=PH_SQL_SERVER_PORT dbname=PH_VMAIL_DB_NAME user=PH_VMAIL_DB_BIND_USER password=PH_VMAIL_DB_BIND_PASSWD 4 | 5 | # Required by doveadm tools which require to list all mail users. 6 | iterate_query = SELECT username AS user FROM mailbox 7 | 8 | password_query = SELECT mailbox.password, mailbox.allow_nets \ 9 | FROM mailbox,domain \ 10 | WHERE mailbox.username='%u' \ 11 | AND mailbox.enable%Ls%Lc=1 \ 12 | AND mailbox.active=1 \ 13 | AND mailbox.domain=domain.domain \ 14 | AND domain.backupmx=0 \ 15 | AND domain.active=1 16 | 17 | user_query = SELECT \ 18 | LOWER('%u') AS master_user, \ 19 | LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir)) AS home, \ 20 | CONCAT(mailbox.mailboxformat, ':~/', mailbox.mailboxfolder) AS mail, \ 21 | CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule \ 22 | FROM mailbox,domain \ 23 | WHERE mailbox.username='%u' \ 24 | AND mailbox.enable%Ls%Lc=1 \ 25 | AND mailbox.active=1 \ 26 | AND mailbox.domain=domain.domain \ 27 | AND domain.backupmx=0 \ 28 | AND domain.active=1 29 | -------------------------------------------------------------------------------- /samples/dovecot/dovecot-used-quota.conf: -------------------------------------------------------------------------------- 1 | connect = host=PH_SQL_SERVER_ADDRESS port=PH_SQL_SERVER_PORT dbname=PH_REALTIME_QUOTA_DB_NAME user=PH_REALTIME_QUOTA_DB_USER password=PH_REALTIME_QUOTA_DB_PASSWORD 2 | map { 3 | pattern = priv/quota/storage 4 | table = PH_DOVECOT_REALTIME_QUOTA_TABLE 5 | username_field = username 6 | value_field = bytes 7 | } 8 | map { 9 | pattern = priv/quota/messages 10 | table = PH_DOVECOT_REALTIME_QUOTA_TABLE 11 | username_field = username 12 | value_field = messages 13 | } 14 | -------------------------------------------------------------------------------- /samples/dovecot/dovecot.sieve: -------------------------------------------------------------------------------- 1 | require ["fileinto"]; 2 | 3 | # rule:[Move Spam to Junk Folder] 4 | if header :is "X-Spam-Flag" "YES" 5 | { 6 | fileinto "Junk"; 7 | } 8 | -------------------------------------------------------------------------------- /samples/dovecot/dovecot2-quota-warning.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Purpose: Mail to user when his/her quota exceeds specified percentage. 3 | # Reference: http://wiki2.dovecot.org/Quota/Configuration#Quota_warnings 4 | 5 | PERCENT=${1} 6 | USER=${2} 7 | 8 | # Use "plugin/quota=maildir:User quota:noenforcing" for maildir quota. 9 | cat << EOF | PH_DOVECOT_DELIVER_BIN -d ${USER} -o "plugin/quota=dict:User quota::noenforcing:proxy::quotadict" 10 | From: no-reply@$(hostname -f) 11 | Subject: Warning: Your mailbox is now ${PERCENT}% full. 12 | 13 | Your mailbox is now ${PERCENT}% full, please clean up some mails for further incoming mails. 14 | EOF 15 | 16 | # Send a copy to postmaster@ if mailbox is greater than or equal to 95% full. 17 | if [ ${PERCENT} -ge 95 ]; then 18 | DOMAIN="$(echo ${USER} | awk -F'@' '{print $2}')" 19 | cat << EOF | PH_DOVECOT_DELIVER_BIN -d postmaster@${DOMAIN} -o "plugin/quota=dict:User quota::noenforcing:proxy::quotadict" 20 | From: no-reply@$(hostname -f) 21 | Subject: Mailbox Quota Warning: ${PERCENT}% full, ${USER} 22 | 23 | Mailbox (${USER}) is now ${PERCENT}% full, please clean up some mails for 24 | further incoming mails. 25 | EOF 26 | fi 27 | -------------------------------------------------------------------------------- /samples/dovecot/sql/imap_share_folder.mysql: -------------------------------------------------------------------------------- 1 | # 2 | # IMAP shared folders. User 'from_user' shares folders to user 'to_user'. 3 | # WARNING: Works only with Dovecot 1.2+. 4 | # 5 | CREATE TABLE IF NOT EXISTS share_folder ( 6 | from_user VARCHAR(150) NOT NULL, 7 | to_user VARCHAR(150) NOT NULL, 8 | dummy CHAR(1), 9 | PRIMARY KEY (from_user, to_user) 10 | ); 11 | 12 | CREATE TABLE IF NOT EXISTS anyone_shares ( 13 | from_user VARCHAR(255) NOT NULL, 14 | dummy CHAR(1) DEFAULT '1', 15 | PRIMARY KEY (from_user) 16 | ); 17 | -------------------------------------------------------------------------------- /samples/dovecot/sql/last_login.mysql: -------------------------------------------------------------------------------- 1 | CREATE TABLE IF NOT EXISTS `last_login` ( 2 | `username` VARCHAR(255) NOT NULL DEFAULT '', 3 | `domain` VARCHAR(255) NOT NULL DEFAULT '', 4 | `imap` INT(11) DEFAULT NULL, 5 | `pop3` INT(11) DEFAULT NULL, 6 | `lda` INT(11) DEFAULT NULL, 7 | PRIMARY KEY (`username`), 8 | INDEX (`domain`), 9 | INDEX (`imap`), 10 | INDEX (`pop3`), 11 | INDEX (`lda`) 12 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 13 | -------------------------------------------------------------------------------- /samples/dovecot/sql/used_quota.mysql: -------------------------------------------------------------------------------- 1 | -- used_quota 2 | -- Used to store realtime mailbox quota in Dovecot. 3 | -- WARNING: Works only with Dovecot 1.2+. 4 | -- 5 | -- Note: Don't touch this table, it will be updated by Dovecot automatically. 6 | CREATE TABLE IF NOT EXISTS `used_quota` ( 7 | `username` VARCHAR(255) NOT NULL, 8 | `bytes` BIGINT NOT NULL DEFAULT 0, 9 | `messages` BIGINT NOT NULL DEFAULT 0, 10 | `domain` VARCHAR(255) NOT NULL DEFAULT '', 11 | PRIMARY KEY (`username`), 12 | INDEX (domain) 13 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 14 | 15 | -- Trigger `used_quota_before_insert` is used to set `used_quota.domain`. 16 | -- NOTE: `used_quota.domain` is not used by Dovecot, but used in iRedAdmin to 17 | -- get better SQL query performance while calculating per-domain used 18 | -- quota. 19 | DELIMITER // 20 | CREATE TRIGGER `used_quota_before_insert` 21 | BEFORE INSERT ON `used_quota` FOR EACH ROW 22 | BEGIN 23 | SET NEW.domain = SUBSTRING_INDEX(NEW.username, '@', -1); 24 | END; 25 | // 26 | DELIMITER ; 27 | -------------------------------------------------------------------------------- /samples/dovecot/systemd/override.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | ProtectSystem=false 3 | #ProtectHome=false 4 | -------------------------------------------------------------------------------- /samples/fail2ban/action.d/banned_db.conf: -------------------------------------------------------------------------------- 1 | # - Store banned IP in SQL db while it's banned. 2 | # - Remove banned IP from SQL db while it's unbanned. 3 | 4 | [Definition] 5 | actionstart = /usr/local/bin/fail2ban_banned_db start 6 | actioncheck = 7 | actionban = /usr/local/bin/fail2ban_banned_db ban 8 | actionunban = /usr/local/bin/fail2ban_banned_db unban 9 | actionstop = /usr/local/bin/fail2ban_banned_db stop 10 | -------------------------------------------------------------------------------- /samples/fail2ban/fail2ban.local: -------------------------------------------------------------------------------- 1 | [Definition] 2 | 3 | # Option: loglevel. Default is ERROR 4 | # Available options: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG 5 | loglevel = INFO 6 | 7 | # Set the log target 8 | logtarget = SYSLOG 9 | 10 | # Syslog socket. Required on FreeBSD and OpenBSD. 11 | #syslogsocket = PH_SYSLOG_SOCKET 12 | 13 | # Fail2ban socket. Required on FreeBSD. 14 | #socket = /var/run/fail2ban/fail2ban.sock 15 | 16 | # Allows IPv6 interface. 17 | allowipv6 = auto 18 | -------------------------------------------------------------------------------- /samples/fail2ban/filter.d/dovecot.iredmail.conf: -------------------------------------------------------------------------------- 1 | [Definition] 2 | failregex = Authentication failure.* rip= 3 | \(auth failed.* rip= 4 | 5 | ignoreregex = 6 | -------------------------------------------------------------------------------- /samples/fail2ban/filter.d/postfix-pregreet.iredmail.conf: -------------------------------------------------------------------------------- 1 | [Definition] 2 | 3 | # Block clients which cannot pass Postfix postscreen pregreet test. 4 | # FYI: http://www.postfix.org/POSTSCREEN_README.html#pregreet 5 | # 6 | # The SMTP protocol is a classic example of a protocol where the server speaks 7 | # before the client. postscreen(8) detects zombies that are in a hurry and that 8 | # speak before their turn. 9 | failregex = postscreen\[\d+\]: PREGREET .* from \[\]:\d+: 10 | 11 | # while setting up new account, Thunderbird doesn't wait for server connection 12 | # greeting/banner, this causes Thunderbird cannot pass the Postfix pregreet 13 | # test and caught by `failregex` rules listed above (the rule contains 14 | # 'PREGREET' line). 15 | # FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=538809#c41 16 | ignoreregex = postscreen\[\d+\]: PREGREET .* from \[\]:\d+: (EHLO|HELO) we-guess.mozilla.org 17 | -------------------------------------------------------------------------------- /samples/fail2ban/filter.d/postfix.iredmail.conf: -------------------------------------------------------------------------------- 1 | [Definition] 2 | # *) '554 5.7.1' is 'Helo command rejected: ACCESS DENIED' 3 | # 4 | # 'ACCESS DENIED' is string defined in postfix restriction rule `check_helo_access`. 5 | # no all rules contains 'ACCESS DENIED', so we use status code insead. 6 | 7 | failregex = \[\]: SASL (PLAIN|LOGIN) authentication failed 8 | lost connection after AUTH from (.*)\[\] 9 | reject: RCPT from .*\[\]: .*: Relay access denied 10 | reject: RCPT from .*\[\]: .*: Sender address rejected: Domain not found 11 | reject: RCPT from .*\[\]: .*: Helo command rejected: Host not found 12 | reject: RCPT from .*\[\]: .*: Helo command rejected: need fully-qualified hostname 13 | reject: RCPT from .*\[\]: 554 5.7.1 14 | reject: RCPT from .*\[\]:\d+: 550 5.5.1 Protocol error 15 | warning: Illegal address syntax from (.*)\[\] in RCPT command 16 | postfix\/submission\/smtpd.*: too many errors after AUTH from .*\[\] 17 | 18 | ignoreregex = 19 | -------------------------------------------------------------------------------- /samples/fail2ban/filter.d/roundcube.iredmail.conf: -------------------------------------------------------------------------------- 1 | # 'X-Forwarded-For:` appears when Roundcube is running behind HAProxy. 2 | 3 | [Definition] 4 | failregex = roundcube.* Failed login .*\(X-Forwarded-For: \) in session 5 | roundcube.* Failed login for (.*) from \. AUTHENTICATE LOGIN 6 | roundcube.* Failed login for (.*) from in session 7 | roundcube.* Error: Login failed for (.*) from \. (LOGIN: Authentication failed|AUTHENTICATE LOGIN) 8 | 9 | ignoreregex = 10 | -------------------------------------------------------------------------------- /samples/fail2ban/jail.d/dovecot.local: -------------------------------------------------------------------------------- 1 | [dovecot] 2 | backend = polling 3 | journalmatch= 4 | enabled = true 5 | filter = dovecot.iredmail 6 | logpath = PH_DOVECOT_LOG_FILE 7 | action = PH_FAIL2BAN_ACTION[name=dovecot, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 8 | banned_db[name=dovecot, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 9 | -------------------------------------------------------------------------------- /samples/fail2ban/jail.d/nginx-http-auth.local: -------------------------------------------------------------------------------- 1 | [nginx-http-auth] 2 | backend = polling 3 | journalmatch= 4 | enabled = false 5 | filter = nginx-http-auth 6 | logpath = PH_NGINX_LOG_ERRORLOG 7 | action = PH_FAIL2BAN_ACTION[name=nginx, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 8 | banned_db[name=nginx, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 9 | -------------------------------------------------------------------------------- /samples/fail2ban/jail.d/postfix-pregreet.local: -------------------------------------------------------------------------------- 1 | [pregreet] 2 | backend = polling 3 | journalmatch= 4 | enabled = true 5 | maxretry = 1 6 | filter = postfix-pregreet.iredmail 7 | logpath = PH_MAILLOG 8 | action = PH_FAIL2BAN_ACTION[name=pregreet, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 9 | banned_db[name=pregreet, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 10 | -------------------------------------------------------------------------------- /samples/fail2ban/jail.d/postfix.local: -------------------------------------------------------------------------------- 1 | [postfix] 2 | backend = polling 3 | journalmatch= 4 | enabled = true 5 | filter = postfix.iredmail 6 | logpath = PH_MAILLOG 7 | action = PH_FAIL2BAN_ACTION[name=postfix, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 8 | banned_db[name=postfix, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 9 | -------------------------------------------------------------------------------- /samples/fail2ban/jail.d/roundcube.local: -------------------------------------------------------------------------------- 1 | [roundcube] 2 | backend = polling 3 | journalmatch= 4 | enabled = false 5 | findtime = 3600 6 | filter = roundcube.iredmail 7 | logpath = PH_RCM_LOGFILE 8 | action = PH_FAIL2BAN_ACTION[name=roundcube, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 9 | banned_db[name=roundcube, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 10 | -------------------------------------------------------------------------------- /samples/fail2ban/jail.d/sogo.local: -------------------------------------------------------------------------------- 1 | [sogo] 2 | backend = polling 3 | journalmatch= 4 | enabled = false 5 | filter = sogo-auth 6 | logpath = PH_SOGO_LOG_FILE 7 | action = PH_FAIL2BAN_ACTION[name=sogo, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 8 | banned_db[name=sogo, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp] 9 | -------------------------------------------------------------------------------- /samples/fail2ban/jail.d/sshd.local: -------------------------------------------------------------------------------- 1 | [sshd] 2 | backend = polling 3 | journalmatch= 4 | enabled = true 5 | filter = sshd 6 | logpath = PH_SSHD_LOGFILE 7 | action = PH_FAIL2BAN_ACTION[name=sshd, port="PH_SSHD_PORT", protocol=tcp] 8 | banned_db[name=sshd, port="PH_SSHD_PORT", protocol=tcp] 9 | -------------------------------------------------------------------------------- /samples/fail2ban/jail.local: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # time is in seconds. 3600 = 1 hour, 86400 = 24 hours (1 day) 3 | findtime = 3600 4 | bantime = 3600 5 | maxretry = 5 6 | ignoreip = PH_LOCAL_ADDRESS 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 7 | -------------------------------------------------------------------------------- /samples/fail2ban/openbsd/rc: -------------------------------------------------------------------------------- 1 | #!/bin/ksh 2 | 3 | daemon="/usr/local/bin/fail2ban-server" 4 | 5 | . /etc/rc.d/rc.subr 6 | 7 | rc_bg=YES 8 | rc_reload=NO 9 | 10 | rc_pre() { 11 | install -d -o root -m 0700 /var/run/fail2ban 12 | } 13 | 14 | rc_start() { 15 | # FYI https://github.com/fail2ban/fail2ban/issues/3923 16 | nohup ${daemon} -xf start ${daemon_flags} & 17 | } 18 | 19 | rc_check() { 20 | pgrep -q -f "fail2ban-server" 21 | } 22 | 23 | rc_stop() { 24 | ${rcexec} ${daemon} -x stop 25 | } 26 | 27 | rc_cmd $1 28 | -------------------------------------------------------------------------------- /samples/fail2ban/sql/fail2ban.mysql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Used to store both enabled and disabled jails. 3 | -- 4 | CREATE TABLE IF NOT EXISTS `jails` ( 5 | `id` BIGINT(20) UNSIGNED AUTO_INCREMENT, 6 | `name` VARCHAR(255) NOT NULL DEFAULT '', 7 | `enabled` TINYINT(1) DEFAULT 1, 8 | PRIMARY KEY (`id`), 9 | UNIQUE INDEX (`name`), 10 | INDEX (`enabled`) 11 | ) ENGINE=InnoDB; 12 | 13 | -- 14 | -- Used to store banned/unbanned clients 15 | -- 16 | CREATE TABLE IF NOT EXISTS `banned` ( 17 | `id` BIGINT(20) UNSIGNED AUTO_INCREMENT, 18 | -- Banned client IP address 19 | `ip` VARCHAR(46) NOT NULL DEFAULT '', 20 | -- A list of banned network ports, separated by comma 21 | `ports` VARCHAR(255) NOT NULL DEFAULT '', 22 | -- protocol: tcp, udp, ... 23 | `protocol` VARCHAR(10) NOT NULL DEFAULT 'tcp', 24 | -- Fail2ban jail name 25 | `jail` VARCHAR(50) NOT NULL DEFAULT '', 26 | -- The server hostname which the ban/unban happens 27 | `hostname` VARCHAR(255) NOT NULL DEFAULT '', 28 | `country` VARCHAR(50) NOT NULL DEFAULT '', 29 | -- reverse DNS name of banned IP address. 30 | `rdns` VARCHAR(255) NOT NULL DEFAULT '', 31 | -- number of times the failure occurred in the log file. 32 | -- we use Fail2ban action tag `ipjailfailures` here. 33 | `failures` INT(2) NOT NULL DEFAULT 0, 34 | -- matched log lines. 35 | -- we use Fail2ban action tag `ipjailmatches` here. 36 | `loglines` TEXT, 37 | -- When the ban happens 38 | `timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 39 | -- if `remove=1`, `ip` will be removed by cron job. 40 | `remove` TINYINT(1) DEFAULT 0, 41 | PRIMARY KEY (`id`), 42 | UNIQUE INDEX (`ip`, `ports`, `protocol`), 43 | INDEX (`hostname`), 44 | INDEX (`rdns`), 45 | INDEX (`jail`), 46 | INDEX (`country`), 47 | INDEX (`timestamp`), 48 | INDEX (`remove`) 49 | ) ENGINE=InnoDB; 50 | -------------------------------------------------------------------------------- /samples/fail2ban/sql/fail2ban.pgsql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Used to store both enabled and disabled jails. 3 | -- 4 | CREATE TABLE jails ( 5 | id SERIAL PRIMARY KEY, 6 | name VARCHAR(255) NOT NULL DEFAULT '', 7 | enabled INT2 DEFAULT 1 8 | ); 9 | CREATE UNIQUE INDEX idx_jails_name ON jails (name); 10 | CREATE INDEX idx_jails_enabled ON jails (enabled); 11 | 12 | -- 13 | -- Used to store banned/unbanned clients 14 | -- 15 | CREATE TABLE banned ( 16 | id SERIAL PRIMARY KEY, 17 | -- Banned client IP address 18 | ip VARCHAR(46) NOT NULL DEFAULT '', 19 | -- A list of banned network ports, separated by comma 20 | ports VARCHAR(255) NOT NULL DEFAULT '', 21 | -- protocol: tcp, udp, ... 22 | protocol VARCHAR(10) NOT NULL DEFAULT 'tcp', 23 | -- Fail2ban jail name 24 | jail VARCHAR(50) NOT NULL DEFAULT '', 25 | -- The server hostname which the ban/unban happens 26 | hostname VARCHAR(255) NOT NULL DEFAULT '', 27 | country VARCHAR(50) NOT NULL DEFAULT '', 28 | -- reverse DNS name of banned IP address. 29 | rdns VARCHAR(255) NOT NULL DEFAULT '', 30 | -- number of times the failure occurred in the log file. 31 | -- we use Fail2ban action tag `ipjailfailures` here. 32 | failures SMALLINT NOT NULL DEFAULT 0, 33 | -- matched log lines. 34 | -- we use Fail2ban action tag `ipjailmatches` here. 35 | loglines TEXT, 36 | -- When the ban happens 37 | timestamp TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT (CURRENT_TIMESTAMP(0) AT TIME ZONE 'UTC'), 38 | -- if `remove=1`, `ip` will be removed by cron job. 39 | remove INT2 DEFAULT 0 40 | ); 41 | 42 | CREATE UNIQUE INDEX idx_banned_ip_ports_protocol ON banned (ip, ports, protocol); 43 | CREATE INDEX idx_banned_jail ON banned (jail); 44 | CREATE INDEX idx_banned_hostname ON banned (hostname); 45 | CREATE INDEX idx_banned_country ON banned (country); 46 | CREATE INDEX idx_banned_timestamp ON banned (timestamp); 47 | CREATE INDEX idx_banned_remove ON banned (remove); 48 | CREATE INDEX idx_banned_rdns ON banned (rdns); 49 | -------------------------------------------------------------------------------- /samples/firewall/firewalld/services/ssh.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | SSH 4 | Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful. 5 | 6 | 7 | -------------------------------------------------------------------------------- /samples/firewall/firewalld/zones/iredmail.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Mail services 4 | Allow access to mail services from external network. 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /samples/firewall/iptables/ip6tables.rules: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # This file is part of iRedMail, which is an open source mail server 3 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 4 | # 5 | # iRedMail is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # iRedMail is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with iRedMail. If not, see . 17 | #--------------------------------------------------------------------- 18 | 19 | *filter 20 | :INPUT DROP [0:0] 21 | :FORWARD DROP [0:0] 22 | :OUTPUT ACCEPT [0:0] 23 | 24 | # Keep state. 25 | -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 26 | 27 | # Loop device. 28 | -A INPUT -i lo -j ACCEPT 29 | 30 | -A INPUT -p ipv6-icmp -j ACCEPT 31 | 32 | # ssh 33 | -A INPUT -p tcp --dport 22 -j ACCEPT 34 | 35 | # http, https 36 | -A INPUT -p tcp --dport 80 -j ACCEPT 37 | -A INPUT -p tcp --dport 443 -j ACCEPT 38 | 39 | # smtp, submission, smtps 40 | -A INPUT -p tcp --dport 25 -j ACCEPT 41 | -A INPUT -p tcp --dport 587 -j ACCEPT 42 | -A INPUT -p tcp --dport 465 -j ACCEPT 43 | 44 | # pop3, pop3s 45 | -A INPUT -p tcp --dport 110 -j ACCEPT 46 | -A INPUT -p tcp --dport 995 -j ACCEPT 47 | #-A INPUT -p tcp --dport 10110 -j ACCEPT 48 | 49 | # imap, imaps 50 | -A INPUT -p tcp --dport 143 -j ACCEPT 51 | -A INPUT -p tcp --dport 993 -j ACCEPT 52 | 53 | COMMIT 54 | -------------------------------------------------------------------------------- /samples/firewall/iptables/iptables.rules: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # This file is part of iRedMail, which is an open source mail server 3 | # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. 4 | # 5 | # iRedMail is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # iRedMail is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with iRedMail. If not, see . 17 | #--------------------------------------------------------------------- 18 | 19 | *filter 20 | :INPUT DROP [0:0] 21 | :FORWARD DROP [0:0] 22 | :OUTPUT ACCEPT [0:0] 23 | 24 | # Keep state. 25 | -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 26 | 27 | # Loop device. 28 | -A INPUT -i lo -j ACCEPT 29 | 30 | # Allow PING from remote hosts. 31 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT 32 | 33 | # ssh 34 | -A INPUT -p tcp --dport 22 -j ACCEPT 35 | 36 | # http, https 37 | -A INPUT -p tcp --dport 80 -j ACCEPT 38 | -A INPUT -p tcp --dport 443 -j ACCEPT 39 | 40 | # smtp, submission 41 | -A INPUT -p tcp --dport 25 -j ACCEPT 42 | -A INPUT -p tcp --dport 587 -j ACCEPT 43 | -A INPUT -p tcp --dport 465 -j ACCEPT 44 | 45 | # pop3, pop3s 46 | -A INPUT -p tcp --dport 110 -j ACCEPT 47 | -A INPUT -p tcp --dport 995 -j ACCEPT 48 | #-A INPUT -p tcp --dport 10110 -j ACCEPT 49 | 50 | # imap, imaps 51 | -A INPUT -p tcp --dport 143 -j ACCEPT 52 | -A INPUT -p tcp --dport 993 -j ACCEPT 53 | 54 | COMMIT 55 | -------------------------------------------------------------------------------- /samples/firewall/nftables.conf: -------------------------------------------------------------------------------- 1 | #!/usr/sbin/nft -f 2 | 3 | flush ruleset 4 | 5 | # `inet` applies to both IPv4 and IPv6. 6 | table inet filter { 7 | chain input { 8 | type filter hook input priority 0; 9 | 10 | # accept any localhost traffic 11 | iif lo accept 12 | 13 | # no ping floods: 14 | ip protocol icmp icmp type echo-request limit rate over 10/second burst 4 packets drop 15 | ip6 nexthdr icmpv6 icmpv6 type echo-request limit rate over 10/second burst 4 packets drop 16 | 17 | # accept traffic originated from us 18 | ct state established,related accept 19 | 20 | # accept ICMP & IGMP 21 | ip6 nexthdr icmpv6 icmpv6 type { echo-request, destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept 22 | ip protocol icmp icmp type { echo-request, destination-unreachable, router-solicitation, router-advertisement, time-exceeded, parameter-problem } accept 23 | ip protocol igmp accept 24 | 25 | # ssh 26 | tcp dport 22 accept 27 | 28 | # http, https 29 | tcp dport 80 accept 30 | tcp dport 443 accept 31 | 32 | # smtp, submission, smtps 33 | tcp dport 25 accept 34 | tcp dport 587 accept 35 | tcp dport 465 accept 36 | 37 | # pop3, pop3s 38 | tcp dport 110 accept 39 | tcp dport 995 accept 40 | 41 | # imap, imaps 42 | tcp dport 143 accept 43 | tcp dport 993 accept 44 | 45 | # count and drop any other traffic 46 | counter drop 47 | } 48 | 49 | chain output { 50 | type filter hook output priority 0; 51 | policy accept; 52 | } 53 | 54 | chain forward { 55 | type filter hook forward priority 0; 56 | policy drop; 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /samples/freebsd/newsyslog.conf.d/dovecot.conf: -------------------------------------------------------------------------------- 1 | PH_DOVECOT_LOG_FILE PH_SYS_USER_SYSLOG:PH_SYS_GROUP_SYSLOG 600 7 * 24 Z PH_DOVECOT_MASTER_PID 2 | PH_DOVECOT_SIEVE_LOG_FILE PH_SYS_USER_SYSLOG:PH_SYS_GROUP_SYSLOG 600 7 * 24 Z PH_DOVECOT_MASTER_PID 3 | PH_DOVECOT_LMTP_LOG_FILE PH_SYS_USER_SYSLOG:PH_SYS_GROUP_SYSLOG 600 7 * 24 Z PH_DOVECOT_MASTER_PID 4 | -------------------------------------------------------------------------------- /samples/freebsd/newsyslog.conf.d/iredapd.conf: -------------------------------------------------------------------------------- 1 | PH_IREDAPD_LOG_FILE PH_SYS_USER_SYSLOG:PH_SYS_GROUP_SYSLOG 600 7 * 24 Z PH_IREDAPD_PID_FILE 2 | -------------------------------------------------------------------------------- /samples/freebsd/newsyslog.conf.d/mlmmjadmin.conf: -------------------------------------------------------------------------------- 1 | PH_MLMMJADMIN_LOG_FILE PH_SYS_USER_SYSLOG:PH_SYS_GROUP_SYSLOG 600 7 * 24 Z PH_MLMMJADMIN_PID_FILE 2 | -------------------------------------------------------------------------------- /samples/freebsd/newsyslog.conf.d/php-fpm.conf: -------------------------------------------------------------------------------- 1 | PH_PHP_FPM_LOG_MAIN PH_SYS_USER_SYSLOG:PH_SYS_GROUP_SYSLOG 600 7 * 24 Z PH_PHP_FPM_PID_FILE 2 | PH_PHP_FPM_LOG_SLOW PH_SYS_USER_SYSLOG:PH_SYS_GROUP_SYSLOG 600 7 * 24 Z PH_PHP_FPM_PID_FILE 3 | -------------------------------------------------------------------------------- /samples/freebsd/newsyslog.conf.d/slapd.conf: -------------------------------------------------------------------------------- 1 | PH_OPENLDAP_LOG_FILE PH_SYS_USER_SYSLOG:PH_SYS_GROUP_SYSLOG 640 7 * 24 Z 2 | -------------------------------------------------------------------------------- /samples/freebsd/syslog.d/dovecot.conf: -------------------------------------------------------------------------------- 1 | !dovecot 2 | PH_IREDMAIL_SYSLOG_FACILITY.* PH_DOVECOT_LOG_FILE 3 | -------------------------------------------------------------------------------- /samples/freebsd/syslog.d/fail2ban.conf: -------------------------------------------------------------------------------- 1 | !fail2ban 2 | PH_FAIL2BAN_SYSLOG_FACILITY.* PH_FAIL2BAN_LOG_FILE 3 | -------------------------------------------------------------------------------- /samples/freebsd/syslog.d/iredapd.conf: -------------------------------------------------------------------------------- 1 | !iredapd 2 | PH_IREDMAIL_SYSLOG_FACILITY.* PH_IREDAPD_LOG_FILE 3 | -------------------------------------------------------------------------------- /samples/freebsd/syslog.d/mlmmjadmin.conf: -------------------------------------------------------------------------------- 1 | !mlmmjadmin 2 | PH_IREDMAIL_SYSLOG_FACILITY.* PH_MLMMJADMIN_LOG_FILE 3 | -------------------------------------------------------------------------------- /samples/freebsd/syslog.d/php-fpm.conf: -------------------------------------------------------------------------------- 1 | !php-fpm 2 | local5.* PH_PHP_FPM_LOG_MAIN 3 | -------------------------------------------------------------------------------- /samples/freebsd/syslog.d/slapd.conf: -------------------------------------------------------------------------------- 1 | !slapd 2 | *.* PH_OPENLDAP_LOG_FILE 3 | -------------------------------------------------------------------------------- /samples/logrotate/dovecot: -------------------------------------------------------------------------------- 1 | PH_DOVECOT_LOG_DIR/*.log { 2 | weekly 3 | rotate 10 4 | missingok 5 | compress 6 | delaycompress 7 | notifempty 8 | sharedscripts 9 | 10 | postrotate 11 | PH_SYSLOG_POSTROTATE_CMD 12 | endscript 13 | } 14 | -------------------------------------------------------------------------------- /samples/logrotate/iredapd: -------------------------------------------------------------------------------- 1 | PH_IREDAPD_LOG_DIR/*.log { 2 | weekly 3 | rotate 10 4 | missingok 5 | compress 6 | delaycompress 7 | notifempty 8 | sharedscripts 9 | 10 | postrotate 11 | PH_SYSLOG_POSTROTATE_CMD 12 | endscript 13 | } 14 | -------------------------------------------------------------------------------- /samples/logrotate/mlmmjadmin: -------------------------------------------------------------------------------- 1 | PH_MLMMJADMIN_LOG_DIR/*.log { 2 | weekly 3 | rotate 10 4 | missingok 5 | compress 6 | delaycompress 7 | notifempty 8 | sharedscripts 9 | 10 | postrotate 11 | PH_SYSLOG_POSTROTATE_CMD 12 | endscript 13 | } 14 | -------------------------------------------------------------------------------- /samples/logrotate/openldap: -------------------------------------------------------------------------------- 1 | PH_OPENLDAP_LOG_FILE { 2 | compress 3 | weekly 4 | rotate 10 5 | create 0600 PH_SYS_USER_LDAP PH_SYS_GROUP_LDAP 6 | missingok 7 | notifempty 8 | sharedscripts 9 | 10 | # Use bzip2 for compress. 11 | #compresscmd bzip2 12 | #uncompresscmd bunzip2 13 | #compressoptions -9 14 | #compressext .bz2 15 | 16 | postrotate 17 | PH_SYSLOG_POSTROTATE_CMD 18 | endscript 19 | } 20 | -------------------------------------------------------------------------------- /samples/logrotate/php-fpm: -------------------------------------------------------------------------------- 1 | PH_PHP_FPM_LOG_DIR/*.log { 2 | weekly 3 | rotate 10 4 | missingok 5 | compress 6 | delaycompress 7 | notifempty 8 | sharedscripts 9 | 10 | postrotate 11 | PH_SYSLOG_POSTROTATE_CMD 12 | endscript 13 | } 14 | -------------------------------------------------------------------------------- /samples/mlmmj/mlmmj-amime-receive: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # File name: mlmmj-amime-receive 3 | # Purpose: Read mail messages from stdin, pipe it to altermime to add footer 4 | # in MIME-aware way, then pipe modified message to mlmmj-receive for 5 | # final delivery. 6 | # 7 | # Requirements: 8 | # - altermime: http://www.pldaniels.com/altermime/ 9 | # 10 | # Authors: 11 | # - Original wrote by Gerd v. Egidy , MIT License. 12 | # - Updated by Zhang Huangbin . 13 | 14 | export PATH="/usr/bin:/usr/local/bin:/bin:/sbin:/usr/sbin:/usr/local/sbin:$PATH" 15 | 16 | # All `mlmmj-*` programs must be ran with absolute path to the program. 17 | if [[ -x /usr/local/bin/mlmmj-receive ]]; then 18 | export CMD_MLMMJ_RECEIVE='/usr/local/bin/mlmmj-receive' 19 | else 20 | export CMD_MLMMJ_RECEIVE='/usr/bin/mlmmj-receive' 21 | fi 22 | 23 | if [[ -x /usr/local/bin/altermime ]]; then 24 | export CMD_ALTERMIME='/usr/local/bin/altermime' 25 | else 26 | export CMD_ALTERMIME='/usr/bin/altermime' 27 | fi 28 | 29 | # File names used to store footer in different MIME types: 30 | # plain text, html, base64 encoded. 31 | # WARNING: both `footer_text` and `footer_html` must exist. 32 | export FILE_FOOTER_TEXT='footer_text' 33 | export FILE_FOOTER_HTML='footer_html' 34 | 35 | # Make sure command `mlmmj-receive` exist and executable 36 | if [ ! -x ${CMD_MLMMJ_RECEIVE} ]; then 37 | echo "Command ${CMD_MLMMJ_RECEIVE} doesn't exist or not executable, mail delivery aborted" 38 | exit 1 39 | fi 40 | 41 | # Get mailing list directory passed to '-L' argument 42 | ML_DIR='' 43 | _has_L='NO' 44 | for i in $@; do 45 | if [ X"${_has_L}" == X'NO' ]; then 46 | if [ X"$i" == X'-L' ]; then 47 | _has_L='YES' 48 | fi 49 | else 50 | ML_DIR="$i" 51 | break 52 | fi 53 | done 54 | 55 | if [ X"${ML_DIR}" == X'' ]; then 56 | echo "No mailing list directory specified (-L /path/to/listdir), mail delivery aborted" 57 | exit 1 58 | fi 59 | 60 | if [ ! -d "${ML_DIR}" ]; then 61 | echo "Mailing list directory (${ML_DIR}) does not exist or not a directory, mail delivery aborted" 62 | exit 1 63 | fi 64 | 65 | # Mailing list sub-directory: control 66 | ML_SUBDIR_CONTROL="${ML_DIR}/control" 67 | 68 | if [ ! -d "${ML_SUBDIR_CONTROL}" ]; then 69 | echo "Mailing list control directory (${ML_SUBDIR_CONTROL}) does not exist or not a directory, mail delivery aborted" 70 | exit 1 71 | fi 72 | 73 | # Path to footer files 74 | PATH_FOOTER_TEXT="${ML_SUBDIR_CONTROL}/${FILE_FOOTER_TEXT}" 75 | PATH_FOOTER_HTML="${ML_SUBDIR_CONTROL}/${FILE_FOOTER_HTML}" 76 | 77 | # go to a dir where altermime can write it's tmp-files safely 78 | cd ${ML_DIR} 79 | 80 | if [[ -x ${CMD_ALTERMIME} ]] && [[ -f ${PATH_FOOTER_TEXT} ]] && [[ -f ${PATH_FOOTER_HTML} ]]; then 81 | # pipe to altermime for MIME modification, then pipe to mlmmj-receive for final delivery. 82 | ${CMD_ALTERMIME} --input=- \ 83 | --altersigned \ 84 | --log-syslog \ 85 | --disclaimer=${PATH_FOOTER_TEXT} \ 86 | --disclaimer-html=${PATH_FOOTER_HTML} \ 87 | --htmltoo \ 88 | --force-for-bad-html | ${CMD_MLMMJ_RECEIVE} "$@" 89 | else 90 | echo "Mail delivered without modificaiton." 91 | ${CMD_MLMMJ_RECEIVE} "$@" 92 | fi 93 | -------------------------------------------------------------------------------- /samples/mlmmj/mlmmjadmin.settings.py: -------------------------------------------------------------------------------- 1 | ############################################################ 2 | # DO NOT TOUCH THIS LINE. 3 | from libs.default_settings import * 4 | ############################################################ 5 | 6 | # Listen address and port 7 | listen_address = 'PH_MLMMJADMIN_BIND_HOST' 8 | listen_port = PH_MLMMJADMIN_LISTEN_PORT 9 | 10 | # Run as a non-privileged user/group. 11 | run_as_user = 'PH_SYS_USER_MLMMJ' 12 | run_as_group = 'PH_SYS_GROUP_MLMMJ' 13 | 14 | # Pid file 15 | pid_file = 'PH_MLMMJADMIN_PID_FILE' 16 | 17 | # Log level: info, debug. 18 | log_level = 'info' 19 | 20 | # Specify the backend used to query/update meta data stored in SQL/LDAP. 21 | # 22 | # - `backend_api` is used when accessing RESTful API. 23 | # - `backend_cli` is used when you're managing mailing list account with 24 | # command line tool like `tools/maillist_admin.py`. 25 | # 26 | # Different backends may require different parameters in settings.py, please 27 | # read the comment lines in `backends/bk_*.py`. 28 | # 29 | # Available backends: 30 | # 31 | # - bk_iredmail_ldap: for iRedMail with OpenLDAP backend 32 | # - bk_iredmail_sql: for iRedMail with SQL backends (MySQL, MariaDB, PostgreSQL) 33 | # - bk_none: pure mlmmj, no SQL/LDAP database. 34 | # 35 | # WARNING: For iRedMail users, if you don't have iRedAdmin-Pro, please enable 36 | # proper backend below so that mlmmjadmin will store mailing list accounts in 37 | # SQL/LDAP database. 38 | backend_api = 'bk_none' 39 | backend_cli = 'bk_none' 40 | 41 | # A list of API AUTH tokens (secret strings) used for authentication. 42 | # It's strong recommended to use a long string as auth token, program will log 43 | # first 8 characters to help you identity the client. 44 | api_auth_tokens = ['PH_MLMMJADMIN_API_AUTH_TOKEN'] 45 | 46 | MLMMJ_SPOOL_DIR = 'PH_MLMMJ_SPOOL_DIR' 47 | MLMMJ_ARCHIVE_DIR = 'PH_MLMMJ_ARCHIVE_DIR' 48 | MLMMJ_SKEL_DIR = 'PH_MLMMJ_SKEL_DIR' 49 | MLMMJ_DEFAULT_PROFILE_SETTINGS.update({'smtp_port': PH_AMAVISD_MLMMJ_PORT}) 50 | -------------------------------------------------------------------------------- /samples/mysql/sql/add_first_domain_and_user.sql: -------------------------------------------------------------------------------- 1 | USE PH_VMAIL_DB_NAME; 2 | 3 | -- Add your first domain 4 | INSERT INTO domain (domain, transport, settings, created) 5 | VALUES ('PH_FIRST_DOMAIN', 'PH_TRANSPORT', 'default_user_quota:1024;', NOW()); 6 | 7 | -- Add your first normal user 8 | INSERT INTO mailbox (username, 9 | password, 10 | name, 11 | maildir, 12 | quota, 13 | domain, 14 | isadmin, 15 | isglobaladmin, 16 | created) 17 | VALUES ('PH_DOMAIN_ADMIN_EMAIL', 18 | 'PH_DOMAIN_ADMIN_PASSWD_HASH', 19 | 'PH_DOMAIN_ADMIN_NAME', 20 | 'PH_DOMAIN_ADMIN_MAILDIR_HASH_PART', 21 | 1024, 22 | 'PH_FIRST_DOMAIN', 23 | 0, 24 | 1, 25 | NOW()); 26 | 27 | INSERT INTO forwardings (address, forwarding, domain, dest_domain, is_forwarding) 28 | VALUES ('PH_DOMAIN_ADMIN_EMAIL', 'PH_DOMAIN_ADMIN_EMAIL', 'PH_FIRST_DOMAIN', 'PH_FIRST_DOMAIN', 1); 29 | 30 | -- Mark first mail user as global admin 31 | INSERT INTO domain_admins (username, domain, created) 32 | VALUES ('PH_DOMAIN_ADMIN_EMAIL', 'ALL', NOW()); 33 | -------------------------------------------------------------------------------- /samples/mysql/sql/delete_anonymous_user.sql: -------------------------------------------------------------------------------- 1 | -- Delete anonymouse user. 2 | USE mysql; 3 | 4 | DELETE FROM user WHERE User=''; 5 | DELETE FROM db WHERE User=''; 6 | 7 | FLUSH PRIVILEGES; 8 | -------------------------------------------------------------------------------- /samples/mysql/sql/init_vmail_db.sql: -------------------------------------------------------------------------------- 1 | -- Create database for virtual hosts 2 | CREATE DATABASE IF NOT EXISTS PH_VMAIL_DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 3 | 4 | -- Create user. 5 | CREATE USER 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST' 6 | IDENTIFIED BY 'PH_VMAIL_DB_BIND_PASSWD'; 7 | 8 | CREATE USER 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST' 9 | IDENTIFIED BY 'PH_VMAIL_DB_ADMIN_PASSWD'; 10 | 11 | -- Grant Permissions 12 | GRANT SELECT 13 | ON PH_VMAIL_DB_NAME.* 14 | TO 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST'; 15 | 16 | GRANT SELECT,INSERT,DELETE,UPDATE 17 | ON PH_VMAIL_DB_NAME.* 18 | TO 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST'; 19 | 20 | FLUSH PRIVILEGES; 21 | -------------------------------------------------------------------------------- /samples/mysql/sql/remote_grant_permission.sql: -------------------------------------------------------------------------------- 1 | -- Grant access privilege to ${MYSQL_ROOT_USER}@${MYSQL_GRANT_HOST} ...' 2 | 3 | USE mysql; 4 | 5 | -- Allow access from MYSQL_GRANT_HOST with password 6 | GRANT ALL PRIVILEGES ON *.* TO 'PH_MYSQL_ROOT_USER'@'PH_MYSQL_GRANT_HOST' WITH GRANT OPTION; 7 | -- GRANT ALL PRIVILEGES ON *.* TO 'PH_MYSQL_ROOT_USER'@'PH_HOSTNAME' WITH GRANT OPTION; 8 | 9 | FLUSH PRIVILEGES; 10 | -------------------------------------------------------------------------------- /samples/netdata/go.d.conf: -------------------------------------------------------------------------------- 1 | # netdata go.d.plugin configuration 2 | # 3 | # This file is in YaML format. 4 | 5 | # Enable/disable the whole go.d.plugin. 6 | enabled: yes 7 | 8 | # Enable/disable default value for all modules. 9 | default_run: yes 10 | 11 | # Maximum number of used CPUs. Zero means no limit. 12 | max_procs: 0 13 | 14 | # Enable/disable specific g.d.plugin module 15 | modules: 16 | apache: no 17 | lighttpd: no 18 | lighttpd2: no 19 | energid: no 20 | web_log: yes 21 | nginx: yes 22 | phpfpm: yes 23 | mysql: yes 24 | postgres: yes 25 | openldap: yes 26 | memcached: yes 27 | fail2ban: yes 28 | -------------------------------------------------------------------------------- /samples/netdata/go.d/fail2ban.conf: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: local 3 | update_every: 10 4 | -------------------------------------------------------------------------------- /samples/netdata/go.d/memcached.conf: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: local 3 | address: 127.0.0.1:11211 4 | -------------------------------------------------------------------------------- /samples/netdata/go.d/mysql.conf: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: local 3 | dsn: PH_NETDATA_DB_USER:PH_NETDATA_DB_PASSWD@tcp(PH_MYSQL_SERVER_ADDRESS:PH_MYSQL_SERVER_PORT)/ 4 | -------------------------------------------------------------------------------- /samples/netdata/go.d/nginx.conf: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: local 3 | url: https://127.0.0.1/stub_status 4 | tls_skip_verify: yes 5 | -------------------------------------------------------------------------------- /samples/netdata/go.d/openldap.conf: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: local 3 | url: ldap://127.0.0.1:389 4 | username : "PH_LDAP_BINDDN" # The bind user with right to access monitor statistics 5 | password : "PH_LDAP_BINDPW" # The password for the binded user 6 | -------------------------------------------------------------------------------- /samples/netdata/go.d/phpfpm.conf: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: local 3 | url: https://127.0.0.1/status?full&json 4 | tls_skip_verify: yes 5 | -------------------------------------------------------------------------------- /samples/netdata/go.d/postgres.conf: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: local 3 | dsn: 'postgresql://PH_NETDATA_DB_USER:PH_NETDATA_DB_PASSWD@127.0.0.1:5432/postgres' 4 | -------------------------------------------------------------------------------- /samples/netdata/health_alarm_notify.conf: -------------------------------------------------------------------------------- 1 | SEND_EMAIL="NO" 2 | -------------------------------------------------------------------------------- /samples/netdata/netdata.conf: -------------------------------------------------------------------------------- 1 | # Get config from http://127.0.0.1:/netdata.conf 2 | [registry] 3 | # Disable public central registry and become registry locally 4 | enabled = yes 5 | 6 | # Register to internal server instead 7 | registry to announce = http://127.0.0.1:PH_NETDATA_PORT 8 | 9 | [global] 10 | # The number of entries the netdata daemon will by default keep in memory 11 | # for each chart dimension. This setting can also be configured per chart. 12 | history = 172800 13 | 14 | # memory mode 15 | # - `save` is the default mode, data are maintained in memory and saved to 16 | # disk when netdata exits. 17 | # - `ram` data are exclusively on memory and never saved on disk. 18 | # - `map` like swap, files are mapped to memory on demand. 19 | # 20 | # WARNING: We suggest not to use this mode on nodes that run other 21 | # applications. 22 | # 23 | # - `none` no local database (used when data are streamed to a remote netdata). 24 | # - `dbengine`: data are in database files. 25 | # The Database Engine works like a traditional database. 26 | memory mode = dbengine 27 | 28 | # 29 | # dbengine. 30 | # 31 | # determines the amount of RAM in MiB that is dedicated to caching netdata 32 | # metric values themselves. 33 | page cache size = 32 34 | 35 | # determines the amount of disk space in MiB that is dedicated to storing 36 | # netdata metric values and all related metadata describing them. 37 | dbengine disk space = 1024 38 | 39 | # Bind to 127.0.0.1 by default. 40 | bind to = 127.0.0.1 41 | # Bind to all available network interfaces, but allow access from specified 42 | # IP addresses or networks. 43 | #bind to = * 44 | #allow connections from = 45 | 46 | run as user = PH_SYS_USER_NETDATA 47 | default port = PH_NETDATA_PORT 48 | 49 | # The frequency in seconds, for data collection. 50 | update every = 3 51 | 52 | # Log files 53 | # Nginx logs access log, netdata no need to log it again. 54 | access log = none 55 | #error log = syslog 56 | #debug log = syslog 57 | 58 | [plugin:proc] 59 | # Disable IPVS check since iRedMail doesn't use ipvs by default 60 | /proc/net/ip_vs/stats = no 61 | 62 | # inbound packets dropped 63 | /proc/net/dev = no 64 | -------------------------------------------------------------------------------- /samples/netdata/python.d.conf: -------------------------------------------------------------------------------- 1 | # Enable / disable the whole python.d.plugin (all its modules) 2 | enabled: no 3 | -------------------------------------------------------------------------------- /samples/netdata/systemd-limits.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | LimitNOFILE=30000 3 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/0-general.conf: -------------------------------------------------------------------------------- 1 | map_hash_bucket_size 1024; 2 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/cache.conf: -------------------------------------------------------------------------------- 1 | map $sent_http_content_type $expires { 2 | default off; 3 | application/x-javascript 1d; 4 | text/css 1d; 5 | ~image/ 1d; 6 | } 7 | 8 | expires $expires; 9 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/client_max_body_size.conf: -------------------------------------------------------------------------------- 1 | client_max_body_size 12m; 2 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/default_type.conf: -------------------------------------------------------------------------------- 1 | default_type application/octet-stream; 2 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/gzip.conf: -------------------------------------------------------------------------------- 1 | gzip on; 2 | gzip_vary on; 3 | gzip_http_version 1.0; 4 | gzip_comp_level 6; 5 | gzip_buffers 16 8k; 6 | gzip_min_length 10240; 7 | gzip_proxied any; 8 | gzip_disable "MSIE [1-6]\."; 9 | 10 | # text/html is always compressed. 11 | gzip_types 12 | text/plain 13 | text/css 14 | text/xml 15 | text/javascript 16 | text/json 17 | text/vcard 18 | text/cache-manifest 19 | text/vnd.rim.location.xloc 20 | text/vtt 21 | text/x-component 22 | text/x-cross-domain-policy 23 | image/bmp 24 | image/vnd.microsoft.icon 25 | image/x-icon 26 | image/svg+xml 27 | font/truetype 28 | font/opentype 29 | application/atom+xml 30 | application/javascript 31 | application/json 32 | application/ld+json 33 | application/vnd.geo+json 34 | application/manifest+json 35 | application/x-javascript 36 | application/x-font-ttf 37 | application/x-web-app-manifest+json 38 | application/xml 39 | application/xml+rss 40 | application/xhtml+xml 41 | application/vnd.ms-fontobject; 42 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/headers.conf: -------------------------------------------------------------------------------- 1 | add_header X-Frame-Options sameorigin; 2 | add_header X-Content-Type-Options nosniff; 3 | add_header X-XSS-Protection '1; mode=block'; 4 | add_header X-Download-Options noopen; 5 | add_header X-Permitted-Cross-Domain-Policies none; 6 | add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"; 7 | add_header Referrer-Policy strict-origin; 8 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/log.conf: -------------------------------------------------------------------------------- 1 | access_log PH_NGINX_LOG_ACCESSLOG; 2 | error_log PH_NGINX_LOG_ERRORLOG; 3 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/mime_types.conf: -------------------------------------------------------------------------------- 1 | include PH_NGINX_MIME_TYPES; 2 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/php_fpm.conf: -------------------------------------------------------------------------------- 1 | upstream php_workers { 2 | server PH_PHP_FPM_BIND_HOST:PH_PHP_FPM_PORT; 3 | } 4 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/sendfile.conf: -------------------------------------------------------------------------------- 1 | sendfile on; 2 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/server_tokens.conf: -------------------------------------------------------------------------------- 1 | # Hide Nginx version number 2 | server_tokens off; 3 | -------------------------------------------------------------------------------- /samples/nginx/conf-available/types_hash_max_size.conf: -------------------------------------------------------------------------------- 1 | types_hash_max_size 2048; 2 | -------------------------------------------------------------------------------- /samples/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user PH_HTTPD_USER; 2 | worker_processes 1; 3 | pid PH_NGINX_PID; 4 | 5 | events { 6 | worker_connections 1024; 7 | } 8 | 9 | http { 10 | include PH_HTTPD_CONF_DIR_ENABLED_CONF/*.conf; 11 | include PH_HTTPD_CONF_DIR_ENABLED_SITES/*.conf; 12 | } 13 | -------------------------------------------------------------------------------- /samples/nginx/sites-available/00-default-ssl.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Note: This file must be loaded before other virtual host config files, 3 | # 4 | # HTTPS 5 | server { 6 | listen PH_HTTPS_PORT ssl http2; 7 | #listen [::]:PH_HTTPS_PORT ssl http2; 8 | server_name _; 9 | 10 | root PH_HTTPD_DOCUMENTROOT; 11 | index index.php index.html; 12 | 13 | include PH_NGINX_CONF_TMPL_DIR/misc.tmpl; 14 | include PH_NGINX_CONF_TMPL_DIR/ssl.tmpl; 15 | include PH_NGINX_CONF_TMPL_DIR/iredadmin.tmpl; 16 | include PH_NGINX_CONF_TMPL_DIR/roundcube.tmpl; 17 | include PH_NGINX_CONF_TMPL_DIR/sogo.tmpl; 18 | include PH_NGINX_CONF_TMPL_DIR/netdata.tmpl; 19 | include PH_NGINX_CONF_TMPL_DIR/php-catchall.tmpl; 20 | include PH_NGINX_CONF_TMPL_DIR/stub_status.tmpl; 21 | } 22 | -------------------------------------------------------------------------------- /samples/nginx/sites-available/00-default.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Note: This file must be loaded before other virtual host config files, 3 | # 4 | # HTTP 5 | server { 6 | # Listen on ipv4 7 | listen PH_PORT_HTTP; 8 | #listen [::]:PH_PORT_HTTP; 9 | 10 | server_name _; 11 | 12 | # Allow ACME challenge to be served over HTTP (don't redirect to HTTPS). 13 | location ~* ^/.well-known/acme-challenge/ { 14 | root PH_HTTPD_WELL_KNOWN_DIR; 15 | try_files $uri =404; 16 | allow all; 17 | } 18 | 19 | # Redirect all insecure http requests to https. 20 | location / { 21 | return 301 https://$host$request_uri; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /samples/nginx/templates/adminer.tmpl: -------------------------------------------------------------------------------- 1 | # Sample setting for Adminer: http://adminer.org/ 2 | 3 | # ----------------------------------------- 4 | # How to get it working: 5 | # 6 | # mkdir PH_HTTPD_SERVERROOT/adminer 7 | # cd PH_HTTPD_SERVERROOT/adminer 8 | # wget http://www.adminer.org/latest.php 9 | # chmod +x latest.php 10 | # 11 | # Warning: for security concern, it's recommended to change the URL '/adminer' 12 | # to another random string to avoid login attempts from bad guys. 13 | # for example, change the url to '^/HIoWCwogSHukIbGL'. 14 | # 15 | # ----------------------------------------- 16 | # If you cannot login to MySQL server as root user: 17 | # 18 | # New MySQL or MariaDB support plugin authentication, by default, the root 19 | # account has setting `user.plugin=unix_socket` (in `mysql` database). The 20 | # `auth_socket` authentication plugin authenticates clients that connect from 21 | # the local host through the Unix socket file, this prevents access via network 22 | # connection, including Adminer. To make it working, please disable this 23 | # authentication plugin with sql commands below: 24 | # 25 | # sql> USE mysql; 26 | # sql> UPDATE user SET plugin='' WHERE User='root'; 27 | # 28 | # Refer to MySQL document for more details: 29 | # https://dev.mysql.com/doc/refman/5.7/en/socket-authentication-plugin.html 30 | 31 | location ~ ^/adminer$ { 32 | include PH_NGINX_CONF_TMPL_DIR/hsts.tmpl; 33 | include PH_NGINX_CONF_TMPL_DIR/fastcgi_php.tmpl; 34 | 35 | fastcgi_param SCRIPT_FILENAME PH_HTTPD_SERVERROOT/adminer/latest.php; 36 | 37 | # Access control 38 | #allow 127.0.0.1; 39 | #allow 192.168.1.10; 40 | #allow 192.168.1.0/24; 41 | #deny all; 42 | } 43 | 44 | location ~ ^/adminer.css$ { 45 | alias PH_HTTPD_SERVERROOT/adminer/adminer.css; 46 | } 47 | -------------------------------------------------------------------------------- /samples/nginx/templates/fastcgi_php.tmpl: -------------------------------------------------------------------------------- 1 | # 2 | # Template used to handle PHP fastcgi applications 3 | # 4 | # You still need to define `SCRIPT_FILENAME` for your PHP application, and 5 | # probably `fastcgi_index` if your application use different index file. 6 | # 7 | include fastcgi_params; 8 | 9 | # Directory index file 10 | fastcgi_index index.php; 11 | 12 | # Handle PHP files with upstream handler 13 | fastcgi_pass php_workers; 14 | 15 | # Fix the HTTPROXY issue. 16 | # Reference: https://httpoxy.org/ 17 | fastcgi_param HTTP_PROXY ''; 18 | -------------------------------------------------------------------------------- /samples/nginx/templates/hsts.tmpl: -------------------------------------------------------------------------------- 1 | # Use HTTP Strict Transport Security to force client to use secure 2 | # connections only. References: 3 | # 4 | # * RFC Document (6797): HTTP Strict Transport Security (HSTS) 5 | # https://tools.ietf.org/html/rfc6797#section-6.1.2 6 | # 7 | # * Short tutorial from Mozilla: 8 | # https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security 9 | # 10 | # WARNING: According to RFC document, HSTS will fail with self-signed SSL 11 | # certificate. 12 | # https://tools.ietf.org/html/rfc6797#page-27 13 | # 14 | # Syntax: 15 | # 16 | # Strict-Transport-Security: max-age=expireTime [; includeSubDomains] [; preload] 17 | add_header Strict-Transport-Security "max-age=31536000"; 18 | -------------------------------------------------------------------------------- /samples/nginx/templates/iredadmin-subdomain.tmpl: -------------------------------------------------------------------------------- 1 | # 2 | # Run iRedAdmin as a sub-domain virtual host. 3 | # 4 | include PH_NGINX_CONF_TMPL_DIR/hsts.tmpl; 5 | 6 | location / { 7 | root PH_IREDADMIN_HTTPD_ROOT_SYMBOL_LINK; 8 | uwsgi_pass PH_IREDADMIN_BIND_ADDRESS:PH_IREDADMIN_LISTEN_PORT; 9 | uwsgi_param UWSGI_CHDIR PH_IREDADMIN_HTTPD_ROOT_SYMBOL_LINK; 10 | uwsgi_param UWSGI_SCRIPT iredadmin; 11 | include uwsgi_params; 12 | } 13 | 14 | location /static { 15 | alias PH_IREDADMIN_HTTPD_ROOT_SYMBOL_LINK/static; 16 | } 17 | -------------------------------------------------------------------------------- /samples/nginx/templates/iredadmin.tmpl: -------------------------------------------------------------------------------- 1 | # Settings for iRedAdmin. 2 | 3 | # static files under /iredadmin/static 4 | location ~ ^/iredadmin/static/(.*) { 5 | alias PH_IREDADMIN_HTTPD_ROOT_SYMBOL_LINK/static/$1; 6 | } 7 | 8 | # Python scripts 9 | location ~ ^/iredadmin(.*) { 10 | rewrite ^/iredadmin(/.*)$ $1 break; 11 | 12 | include PH_NGINX_CONF_TMPL_DIR/hsts.tmpl; 13 | 14 | include uwsgi_params; 15 | uwsgi_pass PH_IREDADMIN_BIND_ADDRESS:PH_IREDADMIN_LISTEN_PORT; 16 | uwsgi_param UWSGI_CHDIR PH_IREDADMIN_HTTPD_ROOT_SYMBOL_LINK; 17 | uwsgi_param UWSGI_SCRIPT iredadmin; 18 | uwsgi_param SCRIPT_NAME /iredadmin; 19 | 20 | # Access control 21 | #allow 127.0.0.1; 22 | #allow 192.168.1.10; 23 | #allow 192.168.1.0/24; 24 | #deny all; 25 | } 26 | 27 | # iRedAdmin: redirect /iredadmin to /iredadmin/ 28 | location = /iredadmin { 29 | rewrite ^ /iredadmin/; 30 | } 31 | 32 | # Handle newsletter-style subscription/unsubscription supported in iRedAdmin-Pro. 33 | location ~ ^/newsletter/ { 34 | rewrite /newsletter/(.*) /iredadmin/newsletter/$1 last; 35 | } 36 | -------------------------------------------------------------------------------- /samples/nginx/templates/misc.tmpl: -------------------------------------------------------------------------------- 1 | # Allow access to '^/.well-known/' 2 | location ~ ^/.well-known/ { 3 | root PH_HTTPD_WELL_KNOWN_DIR; 4 | allow all; 5 | autoindex off; 6 | } 7 | 8 | # Deny all attempts to access hidden files such as .htaccess. 9 | location ~ /\. { deny all; } 10 | 11 | # Handling noisy messages 12 | location = /favicon.ico { access_log off; log_not_found off; } 13 | location = /robots.txt { access_log off; log_not_found off; } 14 | -------------------------------------------------------------------------------- /samples/nginx/templates/netdata-subdomain.tmpl: -------------------------------------------------------------------------------- 1 | # 2 | # Run netdata as a sub-domain virtual host. 3 | # 4 | # FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx 5 | 6 | location / { 7 | proxy_set_header X-Forwarded-Host $host; 8 | proxy_set_header X-Forwarded-Server $host; 9 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 10 | proxy_pass http://127.0.0.1:PH_NETDATA_PORT; 11 | proxy_http_version 1.1; 12 | proxy_pass_request_headers on; 13 | proxy_set_header Connection "keep-alive"; 14 | proxy_store off; 15 | 16 | gzip on; 17 | gzip_proxied any; 18 | gzip_types *; 19 | 20 | auth_basic "Authentication Required"; 21 | auth_basic_user_file PH_NETDATA_HTTPD_AUTH_FILE; 22 | } 23 | -------------------------------------------------------------------------------- /samples/nginx/templates/netdata.tmpl: -------------------------------------------------------------------------------- 1 | # Running netdata as a subfolder to an existing virtual host 2 | # FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx 3 | 4 | # Skip the splash and cloud login screen. 5 | location ~* /netdata/*$ { 6 | return 301 /netdata/v3; 7 | } 8 | 9 | location ~ /netdata/(?.*) { 10 | proxy_redirect off; 11 | proxy_set_header Host $host; 12 | 13 | proxy_set_header X-Forwarded-Host $host; 14 | proxy_set_header X-Forwarded-Server $host; 15 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 16 | proxy_http_version 1.1; 17 | proxy_pass_request_headers on; 18 | proxy_set_header Connection "keep-alive"; 19 | proxy_store off; 20 | proxy_pass http://127.0.0.1:PH_NETDATA_PORT/$ndpath$is_args$args; 21 | 22 | gzip on; 23 | gzip_proxied any; 24 | gzip_types *; 25 | 26 | auth_basic "Authentication Required"; 27 | auth_basic_user_file PH_NETDATA_HTTPD_AUTH_FILE; 28 | } 29 | -------------------------------------------------------------------------------- /samples/nginx/templates/php-catchall.tmpl: -------------------------------------------------------------------------------- 1 | # Normal PHP scripts 2 | location ~ \.php$ { 3 | include PH_NGINX_CONF_TMPL_DIR/fastcgi_php.tmpl; 4 | 5 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 6 | } 7 | -------------------------------------------------------------------------------- /samples/nginx/templates/redirect_to_https.tmpl: -------------------------------------------------------------------------------- 1 | # Redirect webmail/SOGo/iredadmin to HTTPS 2 | location ~ ^/mail { rewrite ^ https://$host$request_uri?; } 3 | location ~ ^/mail/index.php$ { rewrite ^ https://$host/mail/; } 4 | location ~* ^/sogo { rewrite ^ https://$host/SOGo; } 5 | location ~ ^/iredadmin { rewrite ^ https://$host$request_uri?; } 6 | -------------------------------------------------------------------------------- /samples/nginx/templates/roundcube-subdomain.tmpl: -------------------------------------------------------------------------------- 1 | # 2 | # Run Roundcube as a sub-domain virtual host. 3 | # 4 | # Block access to default directories and files under these directories 5 | location ~ ^/(bin|config|installer|logs|SQL|temp|vendor)/.* { deny all; } 6 | 7 | # Block access to default files under top-directory and files start with same name. 8 | location ~ ^/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)$ { deny all; } 9 | 10 | # Block plugin config files and sample config files. 11 | location ~ ^/plugins/.*/config.inc.php.* { deny all; } 12 | 13 | # Block access to plugin data 14 | location ~ ^/plugins/enigma/home($|/.*) { deny all; } 15 | 16 | location / { 17 | root PH_RCM_HTTPD_ROOT_SYMBOL_LINK; 18 | index index.php index.html; 19 | include PH_NGINX_CONF_TMPL_DIR/hsts.tmpl; 20 | } 21 | 22 | location ~ \.php$ { 23 | root PH_RCM_HTTPD_ROOT_SYMBOL_LINK; 24 | include PH_NGINX_CONF_TMPL_DIR/fastcgi_php.tmpl; 25 | fastcgi_param SCRIPT_FILENAME PH_RCM_HTTPD_ROOT_SYMBOL_LINK$fastcgi_script_name; 26 | } 27 | -------------------------------------------------------------------------------- /samples/nginx/templates/roundcube.tmpl: -------------------------------------------------------------------------------- 1 | # 2 | # Running Roundcube as a subfolder on an existing virtual host 3 | # 4 | # Block access to default directories and files under these directories 5 | location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; } 6 | 7 | # Block access to default files under top-directory and files start with same name. 8 | location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; } 9 | 10 | # Block plugin config files and sample config files. 11 | location ~ ^/mail/plugins/.*/config.inc.php.* { deny all; } 12 | 13 | # Block access to plugin data 14 | location ~ ^/mail/plugins/enigma/home($|/.*) { deny all; } 15 | 16 | # Redirect URI `/mail` to `/mail/`. 17 | location = /mail { 18 | return 301 /mail/; 19 | } 20 | 21 | location ~ ^/mail/(.*\.php)$ { 22 | include PH_NGINX_CONF_TMPL_DIR/hsts.tmpl; 23 | include PH_NGINX_CONF_TMPL_DIR/fastcgi_php.tmpl; 24 | fastcgi_param SCRIPT_FILENAME PH_RCM_HTTPD_ROOT_SYMBOL_LINK/$1; 25 | } 26 | 27 | location ~ ^/mail/(.*) { 28 | alias PH_RCM_HTTPD_ROOT_SYMBOL_LINK/$1; 29 | index index.php; 30 | } 31 | -------------------------------------------------------------------------------- /samples/nginx/templates/sogo-subdomain.tmpl: -------------------------------------------------------------------------------- 1 | # 2 | # Run SOGo as a sub-domain virtual host. 3 | # 4 | 5 | root PH_SOGO_GNUSTEP_DIR/WebServerResources; 6 | 7 | location / { 8 | rewrite ^ https://$host/SOGo; 9 | } 10 | 11 | # For Mac OS X and iOS devices. 12 | rewrite ^/.well-known/caldav /SOGo/dav permanent; 13 | rewrite ^/.well-known/carddav /SOGo/dav permanent; 14 | rewrite ^/principals /SOGo/dav permanent; 15 | 16 | include PH_NGINX_CONF_TMPL_DIR/hsts.tmpl; 17 | 18 | location ^~ /SOGo { 19 | proxy_pass http://PH_SOGO_BIND_ADDRESS:PH_SOGO_BIND_PORT; 20 | 21 | # forward user's IP address 22 | proxy_set_header X-Real-IP $remote_addr; 23 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 24 | proxy_set_header Host $host; 25 | 26 | # always use https 27 | proxy_set_header x-webobjects-server-port $server_port; 28 | proxy_set_header x-webobjects-server-name $host; 29 | proxy_set_header x-webobjects-server-url https://$host; 30 | proxy_set_header x-webobjects-server-protocol HTTP/1.0; 31 | 32 | proxy_busy_buffers_size 64k; 33 | proxy_buffers 8 64k; 34 | proxy_buffer_size 64k; 35 | } 36 | 37 | location ^~ /Microsoft-Server-ActiveSync { 38 | proxy_pass http://PH_SOGO_BIND_ADDRESS:PH_SOGO_BIND_PORT/SOGo/Microsoft-Server-ActiveSync; 39 | 40 | proxy_connect_timeout PH_SOGO_PROXY_TIMEOUT; 41 | proxy_send_timeout PH_SOGO_PROXY_TIMEOUT; 42 | proxy_read_timeout PH_SOGO_PROXY_TIMEOUT; 43 | 44 | proxy_busy_buffers_size 64k; 45 | proxy_buffers 8 64k; 46 | proxy_buffer_size 64k; 47 | } 48 | 49 | location ^~ /SOGo/Microsoft-Server-ActiveSync { 50 | proxy_pass http://PH_SOGO_BIND_ADDRESS:PH_SOGO_BIND_PORT/SOGo/Microsoft-Server-ActiveSync; 51 | 52 | proxy_connect_timeout PH_SOGO_PROXY_TIMEOUT; 53 | proxy_send_timeout PH_SOGO_PROXY_TIMEOUT; 54 | proxy_read_timeout PH_SOGO_PROXY_TIMEOUT; 55 | 56 | proxy_busy_buffers_size 64k; 57 | proxy_buffers 8 64k; 58 | proxy_buffer_size 64k; 59 | } 60 | 61 | location /SOGo.woa/WebServerResources/ { 62 | alias PH_SOGO_GNUSTEP_DIR/WebServerResources/; 63 | expires max; 64 | } 65 | location /SOGo/WebServerResources/ { 66 | alias PH_SOGO_GNUSTEP_DIR/WebServerResources/; 67 | expires max; 68 | } 69 | location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ { 70 | alias PH_SOGO_GNUSTEP_DIR/$1.SOGo/Resources/$2; 71 | expires max; 72 | } 73 | location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) { 74 | alias PH_SOGO_GNUSTEP_DIR/$1.SOGo/Resources/$2; 75 | expires max; 76 | } 77 | -------------------------------------------------------------------------------- /samples/nginx/templates/sogo.tmpl: -------------------------------------------------------------------------------- 1 | # Settings for SOGo Groupware 2 | 3 | location ~ ^/sogo { rewrite ^ https://$host/SOGo/; } 4 | 5 | # Redirect /mail to /SOGo 6 | #location ~ ^/mail { rewrite ^ https://$host/SOGo/; } 7 | 8 | # For Mac OS X and iOS devices. 9 | rewrite ^/.well-known/caldav /SOGo/dav permanent; 10 | rewrite ^/.well-known/carddav /SOGo/dav permanent; 11 | rewrite ^/principals /SOGo/dav permanent; 12 | 13 | # Redirect `/SOGo` to `/SOGo/`. 14 | location = /SOGo { 15 | rewrite ^ /SOGo/; 16 | } 17 | 18 | location ^~ /SOGo/ { 19 | include PH_NGINX_CONF_TMPL_DIR/hsts.tmpl; 20 | 21 | proxy_pass http://PH_SOGO_BIND_ADDRESS:PH_SOGO_BIND_PORT; 22 | 23 | # forward user's IP address 24 | proxy_set_header X-Real-IP $remote_addr; 25 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 26 | proxy_set_header Host $host; 27 | 28 | # always use https 29 | proxy_set_header x-webobjects-server-port $server_port; 30 | proxy_set_header x-webobjects-server-name $host; 31 | proxy_set_header x-webobjects-server-url https://$host; 32 | proxy_set_header x-webobjects-server-protocol HTTP/1.0; 33 | 34 | proxy_busy_buffers_size 64k; 35 | proxy_buffers 8 64k; 36 | proxy_buffer_size 64k; 37 | } 38 | 39 | location ^~ /Microsoft-Server-ActiveSync { 40 | proxy_pass http://PH_SOGO_BIND_ADDRESS:PH_SOGO_BIND_PORT/SOGo/Microsoft-Server-ActiveSync; 41 | 42 | proxy_connect_timeout PH_SOGO_PROXY_TIMEOUT; 43 | proxy_send_timeout PH_SOGO_PROXY_TIMEOUT; 44 | proxy_read_timeout PH_SOGO_PROXY_TIMEOUT; 45 | 46 | proxy_busy_buffers_size 64k; 47 | proxy_buffers 8 64k; 48 | proxy_buffer_size 64k; 49 | } 50 | 51 | location ^~ /SOGo/Microsoft-Server-ActiveSync { 52 | proxy_pass http://PH_SOGO_BIND_ADDRESS:PH_SOGO_BIND_PORT/SOGo/Microsoft-Server-ActiveSync; 53 | 54 | proxy_connect_timeout PH_SOGO_PROXY_TIMEOUT; 55 | proxy_send_timeout PH_SOGO_PROXY_TIMEOUT; 56 | proxy_read_timeout PH_SOGO_PROXY_TIMEOUT; 57 | 58 | proxy_busy_buffers_size 64k; 59 | proxy_buffers 8 64k; 60 | proxy_buffer_size 64k; 61 | } 62 | 63 | location /SOGo.woa/WebServerResources/ { 64 | alias PH_SOGO_GNUSTEP_DIR/WebServerResources/; 65 | expires max; 66 | } 67 | location /SOGo/WebServerResources/ { 68 | alias PH_SOGO_GNUSTEP_DIR/WebServerResources/; 69 | expires max; 70 | } 71 | location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ { 72 | alias PH_SOGO_GNUSTEP_DIR/$1.SOGo/Resources/$2; 73 | expires max; 74 | } 75 | -------------------------------------------------------------------------------- /samples/nginx/templates/ssl.tmpl: -------------------------------------------------------------------------------- 1 | ssl_protocols TLSv1.2 TLSv1.3; 2 | 3 | # Fix 'The Logjam Attack'. 4 | ssl_ciphers PH_SSL_CIPHERS; 5 | ssl_prefer_server_ciphers on; 6 | ssl_dhparam PH_SSL_DH1024_PARAM_FILE; 7 | 8 | # Greatly improve the performance of keep-alive connections over SSL. 9 | # With this enabled, client is not necessary to do a full SSL-handshake for 10 | # every request, thus saving time and cpu-resources. 11 | ssl_session_cache shared:SSL:10m; 12 | 13 | # To use your own ssl cert (e.g. "Let's Encrypt"), please create symbol link to 14 | # ssl cert/key used below, so that we can manage this config file with Ansible. 15 | # 16 | # For example: 17 | # 18 | # rm -f PH_SSL_KEY_FILE 19 | # rm -f PH_SSL_CERT_FILE 20 | # ln -s /etc/letsencrypt/live//privkey.pem PH_SSL_KEY_FILE 21 | # ln -s /etc/letsencrypt/live//fullchain.pem PH_SSL_CERT_FILE 22 | # 23 | # To request free "Let's Encrypt" cert, please check our tutorial: 24 | # https://docs.iredmail.org/letsencrypt.html 25 | ssl_certificate PH_SSL_CERT_FILE; 26 | ssl_certificate_key PH_SSL_KEY_FILE; 27 | -------------------------------------------------------------------------------- /samples/nginx/templates/stub_status.tmpl: -------------------------------------------------------------------------------- 1 | location = /stub_status { 2 | stub_status on; 3 | access_log off; 4 | allow 127.0.0.1; 5 | deny all; 6 | } 7 | 8 | location = /status { 9 | include fastcgi_params; 10 | fastcgi_pass php_workers; 11 | fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; 12 | access_log off; 13 | allow 127.0.0.1; 14 | deny all; 15 | } 16 | -------------------------------------------------------------------------------- /samples/openbsd/ldapd.conf: -------------------------------------------------------------------------------- 1 | schema "/etc/ldap/core.schema" 2 | schema "/etc/ldap/inetorgperson.schema" 3 | schema "/etc/ldap/nis.schema" 4 | schema "/etc/ldap/amavisd.schema" 5 | schema "/etc/ldap/iredmail.schema" 6 | 7 | listen on lo0 secure 8 | #listen on 127.0.0.1 secure 9 | listen on "/var/run/ldapi" 10 | 11 | namespace "PH_LDAP_SUFFIX" { 12 | rootdn "PH_LDAP_ROOTDN" 13 | rootpw "PH_LDAP_ROOTPW" 14 | 15 | index objectClass 16 | index accountStatus 17 | 18 | index sn 19 | index givenName 20 | index cn 21 | index mail 22 | index uid 23 | index shadowLastChange 24 | index userSenderBccAddress 25 | index userRecipientBccAddress 26 | 27 | index domainName 28 | index domainAliasName 29 | index domainPendingAliasName 30 | index domainAdmin 31 | index domainGlobalAdmin 32 | index domainBackupMX 33 | index domainSenderBccAddress 34 | index domainRecipientBccAddress 35 | index domainStatus 36 | 37 | index accessPolicy 38 | index memberOfGroup 39 | index member 40 | index uniqueMember 41 | index mailingListID 42 | 43 | # 44 | # Access policies 45 | # 46 | # Deny by default. 47 | deny read,write access to subtree root by any 48 | 49 | # Allow bind/read/write by self 50 | allow read,write access to subtree root by self 51 | 52 | # Read all mail accounts 53 | allow read access to subtree "PH_LDAP_BASEDN" by "PH_LDAP_BINDDN" 54 | 55 | # Allow to manage (read+write) mail accounts 56 | allow read,write access to subtree "PH_LDAP_BASEDN" by "PH_LDAP_ADMIN_DN" 57 | allow read,write access to subtree "PH_LDAP_ADMIN_BASEDN" by "PH_LDAP_ADMIN_DN" 58 | } 59 | -------------------------------------------------------------------------------- /samples/openbsd/pf.conf: -------------------------------------------------------------------------------- 1 | # Basic PF rules for mail server. 2 | 3 | mail_services="{www, https, smtp, submission, imap, imaps, pop3, pop3s, ssh}" 4 | 5 | #table persist 6 | #table persist file "/etc/mail/nospamd" 7 | #table persist 8 | 9 | # Options 10 | set block-policy drop 11 | set skip on lo 12 | 13 | # Block all 14 | block log all 15 | 16 | # Fail2ban 17 | #block in quick on egress proto tcp from to any 18 | 19 | pass out 20 | 21 | # rules for spamd(8) 22 | #pass in on egress proto tcp from any to any port smtp \ 23 | # divert-to 127.0.0.1 port spamd 24 | #pass in on egress proto tcp from to any port smtp 25 | #pass in log on egress proto tcp from to any port smtp 26 | 27 | # Access to other mail services 28 | pass in on egress proto tcp from any to any port $mail_services 29 | -------------------------------------------------------------------------------- /samples/openldap/ldap.conf: -------------------------------------------------------------------------------- 1 | BASE PH_LDAP_SUFFIX 2 | URI ldap://PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 3 | TLS_CACERT PH_SSL_CERT_FILE 4 | -------------------------------------------------------------------------------- /samples/php/fpm/pool.d/www.conf: -------------------------------------------------------------------------------- 1 | [inet] 2 | user = PH_HTTPD_USER 3 | group = PH_HTTPD_GROUP 4 | 5 | listen = PH_LOCAL_ADDRESS:PH_PHP_FPM_PORT 6 | listen.owner = PH_HTTPD_USER 7 | listen.group = PH_HTTPD_GROUP 8 | listen.mode = 0660 9 | 10 | ; IP addresses must be separated by comma, and no space between comma and ip. 11 | listen.allowed_clients = 127.0.0.1 12 | 13 | pm = dynamic 14 | pm.max_children = PH_PHP_FPM_POOL_MAX_CHILDREN 15 | pm.start_servers = PH_PHP_FPM_POOL_START_SERVERS 16 | pm.min_spare_servers = PH_PHP_FPM_POOL_MIN_SPARE_SERVERS 17 | pm.max_spare_servers = PH_PHP_FPM_POOL_MAX_SPARE_SERVERS 18 | pm.max_requests = PH_PHP_FPM_POOL_MAX_CHILDREN 19 | 20 | pm.status_path = /PH_PHP_FPM_URI_STATUS 21 | ping.path = /PH_PHP_FPM_URI_PING 22 | 23 | request_terminate_timeout = PH_PHP_FPM_POOL_REQUEST_TERMINATE_TIMEOUT 24 | request_slowlog_timeout = PH_PHP_FPM_REQUEST_SLOWLOG_TIMEOUT 25 | 26 | ; 27 | ; Log files 28 | ; 29 | access.log = PH_PHP_FPM_LOG_MAIN 30 | slowlog = PH_PHP_FPM_LOG_SLOW 31 | -------------------------------------------------------------------------------- /samples/postfix/command_filter.pcre: -------------------------------------------------------------------------------- 1 | # Work around clients that send `RCPT TO:<'user@domain'>` (Outlook 2003/2007). 2 | # WARNING: do not lose the parameters that follow the address. 3 | /^(RCPT\s+TO:\s*<)'([^[:space:]]+)'(>.*)/ $1$2$3 4 | -------------------------------------------------------------------------------- /samples/postfix/freebsd/mailer.conf: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/mail/mailer.cf 3 | # 4 | # Execute the Postfix sendmail program, named /usr/local/sbin/sendmail 5 | # 6 | sendmail /usr/local/sbin/sendmail 7 | send-mail /usr/local/sbin/sendmail 8 | mailq /usr/local/sbin/sendmail 9 | newaliases /usr/local/sbin/sendmail 10 | -------------------------------------------------------------------------------- /samples/postfix/ldap/catchall_maps.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = sub 9 | query_filter = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(|(mail=%s)(shadowAddress=%s))) 10 | result_attribute= mailForwardingAddress 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/recipient_bcc_maps_domain.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc)) 10 | result_attribute= domainRecipientBccAddress 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/recipient_bcc_maps_user.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = ou=PH_LDAP_ATTR_GROUP_USERS,domainName=%d,PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(|(mail=%s)(shadowAddress=%s))(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=recipientbcc)) 10 | result_attribute= userRecipientBccAddress 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/relay_domains.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(domainBackupMX=yes)(accountStatus=active)(enabledService=mail)) 10 | result_attribute= domainName 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/sender_bcc_maps_domain.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=senderbcc)) 10 | result_attribute= domainSenderBccAddress 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/sender_bcc_maps_user.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = ou=PH_LDAP_ATTR_GROUP_USERS,domainName=%d,PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(|(mail=%s)(shadowAddress=%s))(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=senderbcc)) 10 | result_attribute= userSenderBccAddress 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/sender_dependent_relayhost_maps_domain.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(objectClass=mailDomain)(accountStatus=active)(enabledService=mail)(|(domainName=%d)(domainAliasName=%d))) 10 | result_attribute= senderRelayHost 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/sender_dependent_relayhost_maps_user.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = ou=PH_LDAP_ATTR_GROUP_USERS,domainName=%d,PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)) 10 | result_attribute= senderRelayHost 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/sender_login_maps.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = sub 9 | query_filter = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=smtp)(|(mail=%s)(shadowAddress=%s))) 10 | result_attribute= mail 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/transport_maps_domain.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(objectClass=mailDomain)(accountStatus=active)(enabledService=mail)(|(domainName=%s)(domainAliasName=%s))) 10 | result_attribute= mtaTransport 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/transport_maps_user.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = domainName=%d,PH_LDAP_BASEDN 8 | scope = sub 9 | query_filter = (&(|(objectClass=mailUser)(&(objectClass=mailList)(enabledService=mlmmj)))(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)) 10 | result_attribute= mtaTransport 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/virtual_alias_maps.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = sub 9 | query_filter = (&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward)))) 10 | result_attribute= mailForwardingAddress 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/virtual_group_maps.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = sub 9 | query_filter = (&(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=deliver)(|(&(|(memberOfGroup=%s)(shadowAddress=%s))(|(objectClass=mailUser)(objectClass=mailExternalUser)))(&(memberOfGroup=%s)(!(shadowAddress=%s))(|(objectClass=mailAlias)(objectClass=mailList)))(&(objectClass=mailList)(enabledService=mlmmj)(|(mail=%s)(shadowAddress=%s))))) 10 | result_attribute= mail 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/virtual_group_members_maps.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = sub 9 | query_filter = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=deliver)(|(mail=%s)(shadowAddress=%s))) 10 | result_attribute= mail 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/virtual_mailbox_domains.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = one 9 | query_filter = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(!(domainBackupMX=yes))(accountStatus=active)(enabledService=mail)) 10 | result_attribute= domainName 11 | debuglevel = 0 12 | -------------------------------------------------------------------------------- /samples/postfix/ldap/virtual_mailbox_maps.cf: -------------------------------------------------------------------------------- 1 | server_host = PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT 2 | version = PH_LDAP_BIND_VERSION 3 | bind = yes 4 | start_tls = no 5 | bind_dn = PH_LDAP_BINDDN 6 | bind_pw = PH_LDAP_BINDPW 7 | search_base = PH_LDAP_BASEDN 8 | scope = sub 9 | query_filter = (&(objectClass=mailUser)(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=deliver)) 10 | result_attribute= homeDirectory 11 | result_format = %s/Maildir/ 12 | debuglevel = 0 13 | -------------------------------------------------------------------------------- /samples/postfix/main.cf.amavisd: -------------------------------------------------------------------------------- 1 | # 2 | # Amavisd + SpamAssassin + ClamAV 3 | # 4 | content_filter = smtp-amavis:[PH_SMTP_SERVER]:10024 5 | 6 | # Concurrency per recipient limit. 7 | smtp-amavis_destination_recipient_limit = 1 8 | -------------------------------------------------------------------------------- /samples/postfix/main.cf.dovecot: -------------------------------------------------------------------------------- 1 | # 2 | # Dovecot SASL support. 3 | # 4 | smtpd_sasl_type = dovecot 5 | smtpd_sasl_path = PH_DOVECOT_SASL_AUTH_SOCKET 6 | virtual_transport = PH_TRANSPORT 7 | dovecot_destination_recipient_limit = 1 8 | 9 | -------------------------------------------------------------------------------- /samples/postfix/main.cf.ldap: -------------------------------------------------------------------------------- 1 | # 2 | # Lookup virtual mail accounts 3 | # 4 | transport_maps = 5 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/transport_maps_user.cf 6 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/transport_maps_domain.cf 7 | 8 | sender_dependent_relayhost_maps = 9 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/sender_dependent_relayhost_maps_user.cf 10 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/sender_dependent_relayhost_maps_domain.cf 11 | 12 | # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses. 13 | smtpd_sender_login_maps = 14 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/sender_login_maps.cf 15 | 16 | virtual_mailbox_domains = 17 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/virtual_mailbox_domains.cf 18 | 19 | relay_domains = 20 | $mydestination 21 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/relay_domains.cf 22 | 23 | virtual_mailbox_maps = 24 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/virtual_mailbox_maps.cf 25 | 26 | virtual_alias_maps = 27 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/virtual_alias_maps.cf 28 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/virtual_group_maps.cf 29 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/virtual_group_members_maps.cf 30 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/catchall_maps.cf 31 | 32 | sender_bcc_maps = 33 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/sender_bcc_maps_user.cf 34 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/sender_bcc_maps_domain.cf 35 | 36 | recipient_bcc_maps = 37 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/recipient_bcc_maps_user.cf 38 | proxy:ldap:PH_POSTFIX_LOOKUP_DIR/recipient_bcc_maps_domain.cf 39 | 40 | -------------------------------------------------------------------------------- /samples/postfix/main.cf.mlmmj: -------------------------------------------------------------------------------- 1 | # 2 | # mlmmj - mailing list manager 3 | # 4 | mlmmj_destination_recipient_limit = 1 5 | 6 | -------------------------------------------------------------------------------- /samples/postfix/main.cf.mysql: -------------------------------------------------------------------------------- 1 | # 2 | # Lookup virtual mail accounts 3 | # 4 | transport_maps = 5 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/transport_maps_user.cf 6 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/transport_maps_maillist.cf 7 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/transport_maps_domain.cf 8 | 9 | sender_dependent_relayhost_maps = 10 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/sender_dependent_relayhost_maps.cf 11 | 12 | # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses. 13 | smtpd_sender_login_maps = 14 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/sender_login_maps.cf 15 | 16 | virtual_mailbox_domains = 17 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/virtual_mailbox_domains.cf 18 | 19 | relay_domains = 20 | $mydestination 21 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/relay_domains.cf 22 | 23 | virtual_mailbox_maps = 24 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/virtual_mailbox_maps.cf 25 | 26 | virtual_alias_maps = 27 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/virtual_alias_maps.cf 28 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/domain_alias_maps.cf 29 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/catchall_maps.cf 30 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/domain_alias_catchall_maps.cf 31 | 32 | sender_bcc_maps = 33 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/sender_bcc_maps_user.cf 34 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/sender_bcc_maps_domain.cf 35 | 36 | recipient_bcc_maps = 37 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/recipient_bcc_maps_user.cf 38 | proxy:mysql:PH_POSTFIX_LOOKUP_DIR/recipient_bcc_maps_domain.cf 39 | 40 | -------------------------------------------------------------------------------- /samples/postfix/main.cf.pgsql: -------------------------------------------------------------------------------- 1 | # 2 | # Lookup virtual mail accounts 3 | # 4 | transport_maps = 5 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/transport_maps_user.cf 6 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/transport_maps_maillist.cf 7 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/transport_maps_domain.cf 8 | 9 | sender_dependent_relayhost_maps = 10 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/sender_dependent_relayhost_maps.cf 11 | 12 | # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses. 13 | smtpd_sender_login_maps = 14 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/sender_login_maps.cf 15 | 16 | virtual_mailbox_domains = 17 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/virtual_mailbox_domains.cf 18 | 19 | relay_domains = 20 | $mydestination 21 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/relay_domains.cf 22 | 23 | virtual_mailbox_maps = 24 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/virtual_mailbox_maps.cf 25 | 26 | virtual_alias_maps = 27 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/virtual_alias_maps.cf 28 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/domain_alias_maps.cf 29 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/catchall_maps.cf 30 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/domain_alias_catchall_maps.cf 31 | 32 | sender_bcc_maps = 33 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/sender_bcc_maps_user.cf 34 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/sender_bcc_maps_domain.cf 35 | 36 | recipient_bcc_maps = 37 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/recipient_bcc_maps_user.cf 38 | proxy:pgsql:PH_POSTFIX_LOOKUP_DIR/recipient_bcc_maps_domain.cf 39 | 40 | -------------------------------------------------------------------------------- /samples/postfix/main.cf.postscreen: -------------------------------------------------------------------------------- 1 | # 2 | # Postscreen 3 | # 4 | postscreen_greet_action = drop 5 | postscreen_blacklist_action = drop 6 | postscreen_dnsbl_action = drop 7 | postscreen_dnsbl_threshold = 2 8 | 9 | # Attention: 10 | # - zen.spamhaus.org free tire has 3 limits 11 | # (https://www.spamhaus.org/organization/dnsblusage/): 12 | # 13 | # 1) Your use of the Spamhaus DNSBLs is non-commercial*, and 14 | # 2) Your email traffic is less than 100,000 SMTP connections per day, and 15 | # 3) Your DNSBL query volume is less than 300,000 queries per day. 16 | # 17 | # - FAQ: "Your DNSBL blocks nothing at all!" 18 | # https://www.spamhaus.org/faq/section/DNSBL%20Usage#261 19 | # 20 | # It's strongly recommended to use a local DNS server for cache. 21 | postscreen_dnsbl_sites = 22 | zen.spamhaus.org=127.0.0.[2..11]*3 23 | b.barracudacentral.org=127.0.0.2*2 24 | 25 | postscreen_dnsbl_reply_map = texthash:PH_POSTSCREEN_FILE_DNSBL_REPLY 26 | postscreen_access_list = permit_mynetworks cidr:PH_POSTSCREEN_FILE_ACCESS_CIDR 27 | 28 | # Require Postfix-2.11+ 29 | #postscreen_dnsbl_whitelist_threshold = -2 30 | 31 | -------------------------------------------------------------------------------- /samples/postfix/mysql/catchall_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address='%d' AND '%u' NOT LIKE '%%+%%' AND forwardings.address=domain.domain AND forwardings.active=1 AND domain.active=1 AND domain.backupmx=0 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/domain_alias_catchall_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND forwardings.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/domain_alias_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND forwardings.address=CONCAT('%u', '@', alias_domain.target_domain) AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1 AND domain.backupmx=0 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/recipient_bcc_maps_domain.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT recipient_bcc_domain.bcc_address FROM recipient_bcc_domain, domain WHERE recipient_bcc_domain.domain='%d' AND recipient_bcc_domain.domain=domain.domain AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/recipient_bcc_maps_user.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT recipient_bcc_user.bcc_address FROM recipient_bcc_user,domain WHERE recipient_bcc_user.username='%s' AND recipient_bcc_user.domain='%d' AND recipient_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND recipient_bcc_user.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/relay_domains.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT domain FROM domain WHERE domain='%s' AND backupmx=1 AND active=1 LIMIT 1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/sender_bcc_maps_domain.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT sender_bcc_domain.bcc_address FROM sender_bcc_domain, domain WHERE sender_bcc_domain.domain='%d' AND sender_bcc_domain.domain=domain.domain AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/sender_bcc_maps_user.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT sender_bcc_user.bcc_address FROM sender_bcc_user,domain WHERE sender_bcc_user.username='%s' AND sender_bcc_user.domain='%d' AND sender_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND sender_bcc_user.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/sender_dependent_relayhost_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | # '%s' will be replaced by the envelope sender address or @domain. 6 | query = SELECT relayhost FROM sender_relayhost WHERE account='%s' LIMIT 1 7 | -------------------------------------------------------------------------------- /samples/postfix/mysql/sender_login_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/transport_maps_domain.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT transport FROM domain WHERE domain='%s' AND active=1 LIMIT 1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/transport_maps_maillist.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT maillists.transport FROM maillists,domain WHERE maillists.address='%s' AND maillists.active=1 AND maillists.domain = domain.domain AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/transport_maps_user.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT mailbox.transport FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.transport<>'' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.backupmx=0 AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/virtual_alias_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address='%s' AND forwardings.domain=domain.domain AND forwardings.active=1 AND domain.backupmx=0 AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/virtual_mailbox_domains.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = (SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 LIMIT 1) UNION (SELECT alias_domain.alias_domain FROM alias_domain,domain WHERE alias_domain.alias_domain='%s' AND alias_domain.active=1 AND alias_domain.target_domain=domain.domain AND domain.active=1 AND domain.backupmx=0 LIMIT 1) 6 | -------------------------------------------------------------------------------- /samples/postfix/mysql/virtual_mailbox_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT CONCAT(mailbox.storagenode, '/', mailbox.maildir, '/Maildir/') FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.domain = mailbox.domain AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/catchall_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address='%d' AND '%u' NOT LIKE '%%+%%' AND forwardings.address=domain.domain AND forwardings.active=1 AND domain.active=1 AND domain.backupmx=0 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/domain_alias_catchall_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND forwardings.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/domain_alias_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND forwardings.address=('%u' || '@' || alias_domain.target_domain) AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1 AND domain.backupmx=0 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/recipient_bcc_maps_domain.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT recipient_bcc_domain.bcc_address FROM recipient_bcc_domain, domain WHERE recipient_bcc_domain.domain='%d' AND recipient_bcc_domain.domain=domain.domain AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/recipient_bcc_maps_user.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT recipient_bcc_user.bcc_address FROM recipient_bcc_user,domain WHERE recipient_bcc_user.username='%s' AND recipient_bcc_user.domain='%d' AND recipient_bcc_user.domain=domain.domain AND recipient_bcc_user.active=1 AND domain.backupmx=0 AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/relay_domains.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT domain FROM domain WHERE domain='%s' AND backupmx=1 AND active=1 LIMIT 1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/sender_bcc_maps_domain.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT sender_bcc_domain.bcc_address FROM sender_bcc_domain, domain WHERE sender_bcc_domain.domain='%d' AND sender_bcc_domain.domain=domain.domain AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/sender_bcc_maps_user.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT sender_bcc_user.bcc_address FROM sender_bcc_user,domain WHERE sender_bcc_user.username='%s' AND sender_bcc_user.domain='%d' AND sender_bcc_user.domain=domain.domain AND sender_bcc_user.active=1 AND domain.backupmx=0 AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/sender_dependent_relayhost_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | # '%s' will be replaced by the envelope sender address or @domain. 6 | query = SELECT relayhost FROM sender_relayhost WHERE account='%s' LIMIT 1 7 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/sender_login_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/transport_maps_domain.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT transport FROM domain WHERE domain='%s' AND active=1 LIMIT 1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/transport_maps_maillist.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT maillists.transport FROM maillists,domain WHERE maillists.address='%s' AND maillists.active=1 AND maillists.domain = domain.domain AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/transport_maps_user.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT mailbox.transport FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.transport<>'' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.backupmx=0 AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/virtual_alias_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address='%s' AND forwardings.domain=domain.domain AND forwardings.active=1 AND domain.backupmx=0 AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/virtual_mailbox_domains.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = (SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 LIMIT 1) UNION (SELECT alias_domain.alias_domain FROM alias_domain,domain WHERE alias_domain.alias_domain='%s' AND alias_domain.active=1 AND alias_domain.target_domain=domain.domain AND domain.active=1 AND domain.backupmx=0 LIMIT 1) 6 | -------------------------------------------------------------------------------- /samples/postfix/pgsql/virtual_mailbox_maps.cf: -------------------------------------------------------------------------------- 1 | hosts = PH_SQL_SERVER_ADDRESS:PH_SQL_SERVER_PORT 2 | user = PH_VMAIL_DB_BIND_USER 3 | password = PH_VMAIL_DB_BIND_PASSWD 4 | dbname = PH_VMAIL_DB_NAME 5 | query = SELECT (mailbox.storagenode || '/' || mailbox.maildir || '/Maildir/') FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.domain = mailbox.domain AND domain.active=1 6 | -------------------------------------------------------------------------------- /samples/postfix/postscreen_access.cidr: -------------------------------------------------------------------------------- 1 | # Rules are evaluated in the order as specified. 2 | #1.2.3.4 permit 3 | #2.3.4.5 reject 4 | 5 | # Permit local clients 6 | 127.0.0.0/8 permit 7 | -------------------------------------------------------------------------------- /samples/postgresql/sql/add_first_domain_and_user.sql: -------------------------------------------------------------------------------- 1 | -- Connect as vmailadmin 2 | -- \c PH_VMAIL_DB_NAME PH_VMAIL_DB_ADMIN_USER; 3 | \c PH_VMAIL_DB_NAME; 4 | 5 | -- Add your first domain 6 | INSERT INTO domain (domain, transport, settings, created) 7 | VALUES ('PH_FIRST_DOMAIN', 'PH_TRANSPORT', 'default_user_quota:1024;', NOW()); 8 | 9 | -- Add your first normal user 10 | INSERT INTO mailbox (username, 11 | password, 12 | name, 13 | maildir, 14 | quota, 15 | domain, 16 | isadmin, 17 | isglobaladmin, 18 | created) 19 | VALUES ('PH_DOMAIN_ADMIN_EMAIL', 20 | 'PH_DOMAIN_ADMIN_PASSWD_HASH', 21 | 'PH_DOMAIN_ADMIN_NAME', 22 | 'PH_DOMAIN_ADMIN_MAILDIR_HASH_PART', 23 | 1024, 24 | 'PH_FIRST_DOMAIN', 25 | 0, 26 | 1, 27 | NOW()); 28 | 29 | INSERT INTO forwardings (address, forwarding, domain, dest_domain, is_forwarding) 30 | VALUES ('PH_DOMAIN_ADMIN_EMAIL', 'PH_DOMAIN_ADMIN_EMAIL', 'PH_FIRST_DOMAIN', 'PH_FIRST_DOMAIN', 1); 31 | 32 | -- Mark first mail user as global admin 33 | INSERT INTO domain_admins (username, domain, created) 34 | VALUES ('PH_DOMAIN_ADMIN_EMAIL', 'ALL', NOW()); 35 | -------------------------------------------------------------------------------- /samples/postgresql/sql/grant_permissions.sql: -------------------------------------------------------------------------------- 1 | \c PH_VMAIL_DB_NAME; 2 | 3 | -- Set correct privilege for ROLE: vmail 4 | GRANT SELECT ON 5 | admin, alias, alias_domain, anyone_shares, 6 | deleted_mailboxes, domain, domain_admins, 7 | forwardings, 8 | mailbox, maillists, maillist_owners, moderators, 9 | recipient_bcc_domain, recipient_bcc_user, 10 | sender_bcc_domain, sender_bcc_user, sender_relayhost, share_folder 11 | TO PH_VMAIL_DB_BIND_USER; 12 | 13 | -- Update per-user real-time mailbox usage 14 | GRANT SELECT, UPDATE, INSERT, DELETE ON used_quota TO PH_VMAIL_DB_BIND_USER; 15 | -------------------------------------------------------------------------------- /samples/postgresql/sql/init_vmail_db.sql: -------------------------------------------------------------------------------- 1 | -- Crete role: vmail, read-only. 2 | CREATE USER PH_VMAIL_DB_BIND_USER 3 | WITH ENCRYPTED PASSWORD 'PH_VMAIL_DB_BIND_PASSWD' 4 | NOSUPERUSER NOCREATEDB NOCREATEROLE; 5 | 6 | -- Create role: vmailadmin, read + write. 7 | CREATE USER PH_VMAIL_DB_ADMIN_USER 8 | WITH ENCRYPTED PASSWORD 'PH_VMAIL_DB_ADMIN_PASSWD' 9 | NOSUPERUSER NOCREATEDB NOCREATEROLE; 10 | 11 | -- Create database to store mail accounts 12 | CREATE DATABASE PH_VMAIL_DB_NAME WITH TEMPLATE template0 ENCODING 'UTF8'; 13 | 14 | -- Grant privilege 15 | ALTER DATABASE PH_VMAIL_DB_NAME OWNER TO PH_VMAIL_DB_ADMIN_USER; 16 | -------------------------------------------------------------------------------- /samples/roundcubemail/config.inc.php: -------------------------------------------------------------------------------- 1 | array( 18 | 'verify_peer' => false, 19 | 'verify_peer_name' => false, 20 | ), 21 | ); 22 | 23 | // SMTP 24 | $config['smtp_host'] = 'tls://PH_SMTP_SERVER:587'; 25 | $config['smtp_user'] = '%u'; 26 | $config['smtp_pass'] = '%p'; 27 | $config['smtp_auth_type'] = 'LOGIN'; 28 | // Required if you're running PHP 5.6 or later 29 | $config['smtp_conn_options'] = array( 30 | 'ssl' => array( 31 | 'verify_peer' => false, 32 | 'verify_peer_name' => false, 33 | ), 34 | ); 35 | 36 | // Use user's identity as envelope sender for 'return receipt' responses, 37 | // otherwise it will be rejected by iRedAPD plugin `reject_null_sender`. 38 | $config['mdn_use_from'] = true; 39 | 40 | // SYSTEM 41 | $config['auto_create_user'] = true; 42 | $config['force_https'] = true; 43 | $config['login_autocomplete'] = 2; 44 | $config['ip_check'] = false; 45 | $config['des_key'] = 'PH_RCM_DES_KEY'; 46 | $config['cipher_method'] = 'AES-256-CBC'; 47 | $config['useragent'] = 'Roundcube Webmail'; // Hide version number 48 | //$config['username_domain'] = 'PH_FIRST_DOMAIN'; 49 | //$config['mime_types'] = '/etc/mime.types'; 50 | $config['max_message_size'] = 'PH_MESSAGE_SIZE_LIMIT_MBM'; 51 | 52 | // USER INTERFACE 53 | $config['create_default_folders'] = true; 54 | $config['quota_zero_as_unlimited'] = true; 55 | $config['spellcheck_engine'] = 'pspell'; 56 | 57 | // USER PREFERENCES 58 | $config['default_charset'] = 'UTF-8'; 59 | //$config['addressbook_sort_col'] = 'name'; 60 | $config['draft_autosave'] = 60; 61 | $config['default_list_mode'] = 'threads'; 62 | $config['autoexpand_threads'] = 2; 63 | $config['check_all_folders'] = true; 64 | $config['default_font_size'] = '12pt'; 65 | $config['message_show_email'] = true; 66 | $config['layout'] = 'widescreen'; // three columns 67 | //$config['skip_deleted'] = true; 68 | 69 | // PLUGINS 70 | $config['plugins'] = array('managesieve', 'password', 'zipdownload'); 71 | 72 | -------------------------------------------------------------------------------- /samples/roundcubemail/global_ldap_address_book.inc.php: -------------------------------------------------------------------------------- 1 | // Global LDAP address book. 2 | $config['ldap_public']["global_ldap_abook"] = array( 3 | 'name' => 'Global LDAP Address Book', 4 | 'hosts' => array('PH_LDAP_SERVER_HOST'), 5 | 'port' => PH_LDAP_SERVER_PORT, 6 | 'use_tls' => false, 7 | 'ldap_version' => '3', 8 | 'network_timeout' => 10, 9 | 'user_specific' => true, 10 | 11 | // Search mail users under same domain. 12 | 'base_dn' => 'domainName=%d,PH_LDAP_BASEDN', 13 | 'bind_dn' => 'mail=%u@%d,ou=Users,domainName=%d,PH_LDAP_BASEDN', 14 | 15 | 'hidden' => false, 16 | 'searchonly' => false, 17 | 'writable' => false, 18 | 19 | 'search_fields' => array('mail', 'cn', 'sn', 'givenName', 'street', 'telephoneNumber', 'mobile', 'stree', 'postalCode'), 20 | 21 | // mapping of contact fields to directory attributes 22 | 'fieldmap' => array( 23 | 'name' => 'cn', 24 | 'surname' => 'sn', 25 | 'firstname' => 'givenName', 26 | 'title' => 'title', 27 | 'email' => 'mail:*', 28 | 'phone:work' => 'telephoneNumber', 29 | 'phone:mobile' => 'mobile', 30 | 'phone:workfax' => 'facsimileTelephoneNumber', 31 | 'street' => 'street', 32 | 'zipcode' => 'postalCode', 33 | 'locality' => 'l', 34 | 'department' => 'departmentNumber', 35 | 'notes' => 'description', 36 | 'photo' => 'jpegPhoto', 37 | ), 38 | 'sort' => 'cn', 39 | 'scope' => 'sub', 40 | 'filter' => '(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))', 41 | 'fuzzy_search' => true, 42 | 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) 43 | 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. 44 | 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. 45 | 'referrals' => false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups 46 | 47 | 'group_filters' => array( 48 | 'departments' => array( 49 | 'name' => 'Mailing Lists', 50 | 'scope' => 'sub', 51 | 'base_dn' => 'domainName=%d,PH_LDAP_BASEDN', 52 | 'filter' => '(&(|(objectclass=mailList)(objectClass=mailAlias))(accountStatus=active)(enabledService=displayedInGlobalAddressBook))', 53 | 'name_attr' => 'cn', 54 | 'email' => 'mail', 55 | ), 56 | ), 57 | ); 58 | $config['autocomplete_addressbooks'] = array('sql', 'global_ldap_abook'); 59 | -------------------------------------------------------------------------------- /samples/rsyslog.d/1-iredmail-dovecot.conf: -------------------------------------------------------------------------------- 1 | # Debug 2 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and ($msg contains ": Debug:") then -PH_DOVECOT_LOG_FILE 3 | & stop 4 | 5 | # sieve and LMTP 6 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and ($msg contains "lmtp(" or $msg contains "lda(") then -PH_DOVECOT_SYSLOG_FILE_LDA 7 | & stop 8 | 9 | # IMAP 10 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and ($msg contains "imap(" or $msg contains "imap-login:") then -PH_DOVECOT_SYSLOG_FILE_IMAP 11 | & stop 12 | 13 | # POP3 14 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and ($msg contains "pop3(" or $msg contains "pop3-login:") then -PH_DOVECOT_SYSLOG_FILE_POP3 15 | & stop 16 | 17 | # managesieve 18 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and ($msg contains "managesieve(" or $msg contains "managesieve-login:") then -PH_DOVECOT_SYSLOG_FILE_SIEVE 19 | & stop 20 | 21 | # All other Dovecot log 22 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and $programname startswith "dovecot" then -PH_DOVECOT_LOG_FILE 23 | & stop 24 | -------------------------------------------------------------------------------- /samples/rsyslog.d/1-iredmail-fail2ban.conf: -------------------------------------------------------------------------------- 1 | if $programname startswith 'fail2ban' or ($programname == 'journal' and $msg startswith 'fail2ban') then -PH_FAIL2BAN_LOG_FILE 2 | & stop 3 | -------------------------------------------------------------------------------- /samples/rsyslog.d/1-iredmail-iredapd.conf: -------------------------------------------------------------------------------- 1 | # Log to /var/log/iredapd/iredapd.log 2 | # 3 | # Notes: 4 | # 5 | # - $syslogfacility-text must be same as value of parameter SYSLOG_FACILITY 6 | # in iredapd config file. Defaults to 'local5' (defined in 7 | # libs/default_settings.py). 8 | # 9 | # - Directory /var/log/iredapd/ must be owned by syslog daemon user/group. 10 | # 11 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and ($syslogtag startswith 'iredapd' or $msg startswith 'iredapd') then -PH_IREDAPD_LOG_FILE 12 | & stop 13 | -------------------------------------------------------------------------------- /samples/rsyslog.d/1-iredmail-mlmmjadmin.conf: -------------------------------------------------------------------------------- 1 | # Log to /var/log/mlmmjadmin/mlmmjadmin.log 2 | # 3 | # Notes: 4 | # 5 | # - $syslogfacility-text must be same as value of parameter SYSLOG_FACILITY 6 | # in mlmmjadmin config file. Defaults to 'local5' (defined in 7 | # libs/default_settings.py). 8 | # 9 | # - Directory /var/log/mlmmjadmin/ must be owned by syslog daemon user/group. 10 | # 11 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and $programname startswith 'mlmmjadmin' then -PH_MLMMJADMIN_LOG_FILE 12 | & stop 13 | -------------------------------------------------------------------------------- /samples/rsyslog.d/1-iredmail-openldap.conf: -------------------------------------------------------------------------------- 1 | if $syslogfacility-text == 'PH_OPENLDAP_SYSLOG_FACILITY' and $programname == 'slapd' then -PH_OPENLDAP_LOG_FILE 2 | & stop 3 | -------------------------------------------------------------------------------- /samples/rsyslog.d/1-iredmail-phpfpm.conf: -------------------------------------------------------------------------------- 1 | # php-fpm 2 | if $syslogfacility-text == 'PH_IREDMAIL_SYSLOG_FACILITY' and $syslogtag startswith 'php-fpm' then -PH_PHP_FPM_LOG_MAIN 3 | & stop 4 | -------------------------------------------------------------------------------- /samples/sogo/sogo.cron: -------------------------------------------------------------------------------- 1 | # SOGo session cleanup and email reminder, should be run every minute. 2 | * * * * * PH_SOGO_CMD_TOOL expire-sessions 30 >/dev/null 2>&1; PH_SOGO_CMD_EALARMS_NOTIFY >/dev/null 2>&1 3 | 4 | # SOGo vacation messages expiration 5 | # The credentials file should contain the sieve admin credentials (username:passwd) 6 | 0 0 * * * PH_SOGO_CMD_TOOL update-autoreply -p PH_SOGO_SIEVE_CREDENTIAL_FILE >/dev/null 2>&1 7 | -------------------------------------------------------------------------------- /samples/sogo/sql/create_view.pgsql: -------------------------------------------------------------------------------- 1 | -- create SQL view in vmail database. 2 | 3 | CREATE VIEW sogo_users AS 4 | SELECT username AS c_uid, 5 | username AS c_name, 6 | password AS c_password, 7 | name AS c_cn, 8 | username AS mail, 9 | domain AS domain, 10 | enablesogowebmail AS c_webmail, 11 | enablesogocalendar AS c_calendar, 12 | enablesogoactivesync AS c_activesync 13 | FROM mailbox 14 | WHERE enablesogo=1 AND active=1; 15 | 16 | -- allow end users to change their own passwords. 17 | GRANT SELECT,UPDATE ON mailbox TO sogo; 18 | 19 | GRANT SELECT,UPDATE ON sogo_users TO sogo; 20 | -------------------------------------------------------------------------------- /samples/spamassassin/razor.conf: -------------------------------------------------------------------------------- 1 | debuglevel = 0 2 | -------------------------------------------------------------------------------- /samples/systemd/clamd.service.d/override.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | TimeoutSec = 600 3 | -------------------------------------------------------------------------------- /samples/systemd/mariadb.service.d/override.conf: -------------------------------------------------------------------------------- 1 | # Reference: https://mariadb.com/kb/en/the-mariadb-library/server-system-variables/#open_files_limit 2 | [Service] 3 | LimitNOFILE=infinity 4 | -------------------------------------------------------------------------------- /samples/systemd/slapd.service.d/override.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | # Clean the ExecStart first 3 | ExecStart= 4 | 5 | # Re-define ExecStart 6 | ExecStart=/usr/sbin/slapd -u PH_SYS_USER_LDAP -h "ldapi:/// ldap://PH_LDAP_SERVER_HOST:PH_LDAP_SERVER_PORT/" -f PH_OPENLDAP_SLAPD_CONF 7 | -------------------------------------------------------------------------------- /samples/yum/CentOS-Linux-AppStream.repo: -------------------------------------------------------------------------------- 1 | [appstream] 2 | name=CentOS-$releasever - AppStream 3 | baseurl=http://mirror.centos.org/$contentdir/$releasever/AppStream/$basearch/os/ 4 | gpgcheck=1 5 | enabled=1 6 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial 7 | -------------------------------------------------------------------------------- /samples/yum/CentOS-Linux-PowerTools.repo: -------------------------------------------------------------------------------- 1 | [powertools] 2 | name=CentOS-$releasever - PowerTools 3 | baseurl=http://mirror.centos.org/$contentdir/$releasever/PowerTools/$basearch/os/ 4 | gpgcheck=1 5 | enabled=1 6 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial 7 | -------------------------------------------------------------------------------- /samples/yum/CentOS-Stream-AppStream.repo: -------------------------------------------------------------------------------- 1 | [appstream] 2 | name=CentOS Stream $releasever - AppStream 3 | mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra 4 | #baseurl=http://mirror.centos.org/$contentdir/$stream/AppStream/$basearch/os/ 5 | gpgcheck=1 6 | enabled=1 7 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial 8 | -------------------------------------------------------------------------------- /samples/yum/CentOS-Stream-PowerTools.repo: -------------------------------------------------------------------------------- 1 | [powertools] 2 | name=CentOS Stream $releasever - PowerTools 3 | mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra 4 | #baseurl=http://mirror.centos.org/$contentdir/$stream/PowerTools/$basearch/os/ 5 | gpgcheck=1 6 | enabled=0 7 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial 8 | -------------------------------------------------------------------------------- /samples/yum/symas-openldap.repo: -------------------------------------------------------------------------------- 1 | [symas-openldap] 2 | name=Symas OpenLDAP for Linux RPM repository 3 | baseurl=https://repo.symas.com/repo/rpm/SOFL/rhel8 4 | gpgkey=https://repo.symas.com/repo/gpg/RPM-GPG-KEY-symas-com-signing-key 5 | gpgcheck=1 6 | enabled=1 7 | -------------------------------------------------------------------------------- /tools/add_enabled_service.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # encoding: utf-8 3 | 4 | # Author: Zhang Huangbin 5 | # Purpose: Add enabledService= for existing mail users. 6 | 7 | import ldap 8 | 9 | # Note: bind_dn must have write privilege on LDAP server. 10 | uri = 'ldap://127.0.0.1:389' 11 | basedn = 'o=domains,dc=example,dc=com' 12 | bind_dn = 'cn=Manager,dc=example,dc=com' 13 | bind_pw = 'passwd' 14 | 15 | print("* Connecting to LDAP server:", uri) 16 | conn = ldap.initialize(uri=uri, trace_level=0) 17 | conn.bind_s(bind_dn, bind_pw) 18 | 19 | print("* Get all mail accounts...") 20 | allUsers = conn.search_s(basedn, 21 | ldap.SCOPE_SUBTREE, 22 | "(objectClass=mailUser)", 23 | ['mail', 'enabledService']) 24 | 25 | total = len(allUsers) 26 | print("* Total %d user(s)." % total) 27 | 28 | # Values of 'enabledService' which need to be added. 29 | services = [b'sogo'] 30 | 31 | # Counter. 32 | count = 1 33 | 34 | for user in allUsers: 35 | (dn, entry) = user 36 | mail = entry['mail'][0] 37 | if 'enabledService' not in entry: 38 | continue 39 | 40 | enabledService = entry['enabledService'] 41 | 42 | # Get missing values. 43 | values = [s.lower() for s in services if s not in enabledService] 44 | 45 | if values: 46 | mod_attrs = [(ldap.MOD_ADD, 'enabledService', values)] 47 | 48 | if len(mod_attrs) > 0: 49 | print("* (%d of %d) Updating user: %s" % (count, total, mail)) 50 | conn.modify_s(dn, mod_attrs) 51 | else: 52 | print("* (%d of %d) [SKIP] No update required: %s" % (count, total, mail)) 53 | 54 | count += 1 55 | 56 | # Unbind connection. 57 | print("* Unbind LDAP server.") 58 | conn.unbind() 59 | 60 | print("* Update completed.") 61 | -------------------------------------------------------------------------------- /tools/fail2ban_unban_ip.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Purpose: Unban specified IP address(es) from all Fail2ban jails. 4 | # Author: Zhang Huangbin 5 | 6 | # Usage: 7 | # 8 | # bash fail2ban_unban_ip.sh 192.168.1.1 [192.168.2.2 ...] 9 | 10 | if [ X"$#" == X'0' ]; then 11 | cat </dev/null 35 | if [ X"$?" == X'0' ]; then 36 | echo "Removed ${ip} from jail '${jail}'" 37 | fi 38 | done 39 | done 40 | -------------------------------------------------------------------------------- /tools/find_sasl_login_ip.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Purpose: Find login IP address of specified username which is used for smtp 3 | # authentication. 4 | 5 | MAIL_LOG="$1" 6 | USER="$2" 7 | 8 | if [ -z ${MAIL_LOG} -o -z ${USER} ]; then 9 | echo "Please run script with a log file and email address: $0 /path/to/maillog mail_address" 10 | exit 255 11 | fi 12 | 13 | tmpfile="/tmp/sasl_username_${RANDOM}" 14 | 15 | # extract 'client=xxx[__IP__]' lines 16 | grep "sasl_username=${USER}" ${MAIL_LOG} | awk '{print $7}' | sort | uniq -c | sort -n > sort > ${tmpfile} 17 | 18 | cat ${tmpfile} 19 | 20 | rm -f ${tmpfile} 21 | -------------------------------------------------------------------------------- /tools/find_top_sasl_usernames.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Author: Zhang Huangbin 3 | # Purpose: Find usernames used for smtp authentication in Postfix log file, 4 | # sorted by login times. 5 | 6 | MAILLOG_FILE="$1" 7 | 8 | # Detect mail log file if not specified on command line. 9 | if [ -z ${MAILLOG_FILE} ]; then 10 | for f in /var/log/maillog /var/log/mail.log; do 11 | if [ -f ${f} ]; then 12 | MAILLOG_FILE="${f}" 13 | break 14 | fi 15 | done 16 | fi 17 | 18 | if [ -z ${MAILLOG_FILE} ]; then 19 | echo "Please specify Postfix log file on command line: $0 /path/to/maillog" 20 | exit 255 21 | fi 22 | 23 | grep 'sasl_username=' ${MAILLOG_FILE} \ 24 | | awk -F'sasl_username=' '{print $2}' \ 25 | | awk '{print $NF}' \ 26 | | sort \ 27 | | uniq -c \ 28 | | sort -nr 29 | -------------------------------------------------------------------------------- /tools/generate_ssl_keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Author: Zhang Huangbin (zhb _at_ iredmail.org) 4 | # Purpose: Create new SSL keys. 5 | # Project: iRedMail (http://www.iredmail.org/) 6 | 7 | # USAGE: 8 | # 1) Edit variables which starts with TLS_ below, then save file. 9 | # 2) Execute shell command: 10 | # 11 | # # bash generate_ssl_keys.sh 12 | # 13 | # It will create two new files under CURRENT directory: 14 | # 15 | # - certs/iRedMail.crt: Used to replace file on iRedMail server: 16 | # + on RHEL/CentOS/Scientific Linux: /etc/pki/tls/certs/iRedMail.crt 17 | # + on Debian/Ubuntu: /etc/ssl/certs/iRedMail.crt 18 | # + on FreeBSD: /etc/ssl/certs/iRedMail.crt 19 | # - private/iRedMail.key: Used to replace file on iRedMail server: 20 | # + on RHEL/CentOS/Scientific Linux: /etc/pki/tls/private/iRedMail.key 21 | # + on Debian/Ubuntu: /etc/ssl/private/iRedMail.key 22 | # + on FreeBSD: /etc/ssl/private/iRedMail.key 23 | # 24 | # 3) Grant read access to all users. e.g. on RHEL/CentOS/Scientific Linux: 25 | # 26 | # # chmod +r /etc/ssl/certs/iRedMail.crt 27 | # # chmod +r /etc/ssl/private/iRedMail.key 28 | # 29 | # If you need more restrict file permission, please use file system ACL instead. 30 | # Refer to command 'setfacl' and 'getfacl' for more detail. 31 | # 32 | # 4) Restart all services which provides SSL secure connection. e.g. http, 33 | # dovecot, postfix, etc. A system reboot should be easier if possible. 34 | # 35 | 36 | export HOSTNAME="$(hostname -f)" 37 | 38 | # SSL key related settings. 39 | # Country. 40 | export TLS_COUNTRY='CN' 41 | 42 | # State. 43 | export TLS_STATE='GuangDong' 44 | 45 | # City. 46 | export TLS_CITY='ShenZhen' 47 | 48 | # Company name here, e.g. Apple Inc. 49 | export TLS_COMPANY="${HOSTNAME}" 50 | 51 | # Department name. 52 | export TLS_DEPARTMENT='IT' 53 | 54 | # Hostname of your mail server. 55 | export TLS_HOSTNAME="${HOSTNAME}" 56 | 57 | # Server admininistrator's email address. 58 | export TLS_ADMIN="root@${HOSTNAME}" 59 | 60 | # Do not edit below lines. 61 | export ROOTDIR="$(pwd)" 62 | export SSL_CERT_FILE="${ROOTDIR}/certs/iRedMail.crt" 63 | export SSL_KEY_FILE="${ROOTDIR}/private/iRedMail.key" 64 | 65 | # Create SSL certs/private files. 66 | generate_ssl_keys() 67 | { 68 | # Create necessary directories. 69 | mkdir -p {certs,private} 2>/dev/null 70 | 71 | openssl req \ 72 | -x509 -nodes -days 3650 -newkey rsa:2048 \ 73 | -subj "/C=${TLS_COUNTRY}/ST=${TLS_STATE}/L=${TLS_CITY}/O=${TLS_COMPANY}/OU=${TLS_DEPARTMENT}/CN=${TLS_HOSTNAME}/emailAddress=${TLS_ADMIN}/" \ 74 | -out ${SSL_CERT_FILE} -keyout ${SSL_KEY_FILE} >/dev/null 2>&1 75 | 76 | # Set correct file permission. 77 | chmod 0444 ${SSL_CERT_FILE} 78 | chmod 0444 ${SSL_KEY_FILE} 79 | } 80 | 81 | generate_ssl_keys && cat < 6 | # Based on Jan-Frode Myklebust's script published on 04 Apr 2013: 7 | # https://www.mail-archive.com/users@sogo.nu/msg14152.html 8 | 9 | # Allow to run for how long (in minutes). e.g. 15, 25. 10 | LONGEST=10 11 | 12 | # Kill a pid. 13 | k() { 14 | # Usage: k 15 | pid="${1}" 16 | 17 | echo "Killing PID $pid" 18 | ps -fp $pid 19 | kill -9 $pid 20 | } 21 | 22 | ps -u sogo -opid,ppid,cputime | grep -v PPID | while read pid ppid time; do 23 | # Don't kill main daemon (ppid=1). 24 | if [[ X"$ppid" != X"1" ]]; then 25 | hours="$(echo $time | cut -d: -f1 | sed 's/^0//')" 26 | minutes="$(echo $time | cut -d: -f2 | sed 's/^0//')" 27 | 28 | if [[ $minutes -gt ${LONGEST} ]] || [[ $hours -gt 0 ]]; then 29 | k ${pid} 30 | fi 31 | fi 32 | done 33 | -------------------------------------------------------------------------------- /update/0.9.8/amavisd.mysql: -------------------------------------------------------------------------------- 1 | -- If subject contains emoji, varchar doesn't work well. 2 | ALTER TABLE msgs MODIFY COLUMN subject VARBINARY(255) DEFAULT ''; 3 | ALTER TABLE msgs MODIFY COLUMN from_addr VARBINARY(255) DEFAULT ''; 4 | 5 | -- mail address without address extension: user+abc@domain.com -> user@domain.com 6 | ALTER TABLE maddr ADD COLUMN email_raw varbinary(255) NOT NULL DEFAULT ''; 7 | 8 | -- index 9 | CREATE INDEX maddr_idx_email_raw ON maddr (email_raw); 10 | 11 | -- Create trigger to save email address withou address extension 12 | -- user+abc@domain.com -> user@domain.com 13 | DELIMITER // 14 | CREATE TRIGGER `maddr_email_raw` 15 | BEFORE INSERT 16 | ON `maddr` 17 | FOR EACH ROW 18 | BEGIN 19 | IF (NEW.email LIKE '%+%') THEN 20 | SET NEW.email_raw = CONCAT(SUBSTRING_INDEX(NEW.email, '+', 1), '@', SUBSTRING_INDEX(new.email, '@', -1)); 21 | ELSE 22 | SET NEW.email_raw = NEW.email; 23 | END IF; 24 | END; 25 | // 26 | DELIMITER ; 27 | 28 | -- Update all existing records. 29 | UPDATE maddr SET email_raw=email WHERE email_raw=''; 30 | -------------------------------------------------------------------------------- /update/0.9.8/amavisd.pgsql: -------------------------------------------------------------------------------- 1 | -- If subject/from_addr contains emoji, varchar doesn't work well. 2 | ALTER TABLE msgs ALTER COLUMN subject DROP DEFAULT; 3 | ALTER TABLE msgs ALTER COLUMN subject TYPE bytea USING subject::bytea; 4 | ALTER TABLE msgs ALTER COLUMN subject SET DEFAULT ''; 5 | 6 | ALTER TABLE msgs ALTER COLUMN from_addr DROP DEFAULT; 7 | ALTER TABLE msgs ALTER COLUMN from_addr TYPE bytea USING subject::bytea; 8 | ALTER TABLE msgs ALTER COLUMN from_addr SET DEFAULT ''; 9 | 10 | -- mail address without address extension: user+abc@domain.com -> user@domain.com 11 | ALTER TABLE maddr ADD COLUMN email_raw VARCHAR(255) NOT NULL DEFAULT ''; 12 | 13 | -- index 14 | CREATE INDEX maddr_idx_email ON maddr (email); 15 | CREATE INDEX maddr_idx_email_raw ON maddr (email_raw); 16 | CREATE INDEX maddr_idx_domain ON maddr (domain); 17 | 18 | -- Create trigger to save email address withou address extension 19 | -- user+abc@domain.com -> user@domain.com 20 | -- CREATE OR REPLACE FUNCTION strip_addr_extension(bytea, varchar, integer) RETURNS TRIGGER AS $$ 21 | CREATE OR REPLACE FUNCTION strip_addr_extension() 22 | RETURNS TRIGGER AS $$ 23 | BEGIN 24 | IF (NEW.email LIKE '%+%') THEN 25 | NEW.email_raw := split_part(convert_from(NEW.email, 'UTF8'), '+', 1) || '@' || split_part(convert_from(NEW.email, 'UTF8'), '@', 2); 26 | ELSE 27 | NEW.email_raw := convert_from(NEW.email, 'UTF8'); 28 | END IF; 29 | RETURN NEW; 30 | END; 31 | $$ LANGUAGE plpgsql; 32 | 33 | CREATE TRIGGER maddr_email_raw 34 | BEFORE INSERT ON maddr 35 | FOR EACH ROW 36 | EXECUTE PROCEDURE strip_addr_extension(); 37 | 38 | -- Update all existing records. 39 | UPDATE maddr SET email_raw=email WHERE email_raw=''; 40 | -------------------------------------------------------------------------------- /update/0.9.8/iredmail.mysql: -------------------------------------------------------------------------------- 1 | -- USE vmail; 2 | 3 | -- DROP column 4 | ALTER TABLE mailbox DROP COLUMN local_part; 5 | 6 | -- New SQL column 7 | ALTER TABLE mailbox ADD COLUMN enableimaptls TINYINT(1) NOT NULL DEFAULT 1; 8 | ALTER TABLE mailbox ADD INDEX (enableimaptls); 9 | ALTER TABLE mailbox ADD COLUMN enablepop3tls TINYINT(1) NOT NULL DEFAULT 1; 10 | ALTER TABLE mailbox ADD INDEX (enablepop3tls); 11 | ALTER TABLE mailbox ADD COLUMN enablesievetls TINYINT(1) NOT NULL DEFAULT 1; 12 | ALTER TABLE mailbox ADD INDEX (enablesievetls); 13 | 14 | -- Rename table 15 | RENAME TABLE alias_moderators TO moderators; 16 | 17 | -- Column used to limit number of mailing lists a domain admin can create 18 | ALTER TABLE domain ADD COLUMN maillists INT(10) NOT NULL DEFAULT 0; 19 | 20 | -- Column used to mark sql record is a mailing list 21 | ALTER TABLE forwardings ADD COLUMN `is_maillist` TINYINT(1) NOT NULL DEFAULT 0; 22 | ALTER TABLE forwardings ADD INDEX (`is_maillist`); 23 | 24 | -- Table used to store mailing list accounts 25 | CREATE TABLE IF NOT EXISTS maillists ( 26 | id BIGINT(20) UNSIGNED AUTO_INCREMENT, 27 | address VARCHAR(255) NOT NULL DEFAULT '', 28 | domain VARCHAR(255) NOT NULL DEFAULT '', 29 | -- Per mailing list transport. for example: 'mlmmj:example.com/listname'. 30 | transport VARCHAR(255) NOT NULL DEFAULT '', 31 | accesspolicy VARCHAR(30) NOT NULL DEFAULT '', 32 | maxmsgsize BIGINT(20) NOT NULL DEFAULT 0, 33 | -- name of the mailing list 34 | name VARCHAR(255) NOT NULL DEFAULT '', 35 | -- short introduction of the mailing list on subscription page 36 | description TEXT, 37 | -- a server-wide unique id (a 36-characters string) for each mailing list 38 | mlid VARCHAR(36) NOT NULL DEFAULT '', 39 | -- control whether newsletter-style subscription from website is enabled 40 | -- 1 -> enabled, 0 -> disabled 41 | is_newsletter TINYINT(1) NOT NULL DEFAULT 0, 42 | settings TEXT, 43 | created DATETIME NOT NULL DEFAULT '1970-01-01 01:01:01', 44 | modified DATETIME NOT NULL DEFAULT '1970-01-01 01:01:01', 45 | expired DATETIME NOT NULL DEFAULT '9999-12-31 00:00:00', 46 | active TINYINT(1) NOT NULL DEFAULT 1, 47 | PRIMARY KEY (id), 48 | UNIQUE INDEX (address), 49 | UNIQUE INDEX (mlid), 50 | INDEX (is_newsletter), 51 | INDEX (domain), 52 | INDEX (active) 53 | ) ENGINE=InnoDB; 54 | -------------------------------------------------------------------------------- /update/0.9.8/iredmail.pgsql: -------------------------------------------------------------------------------- 1 | -- \c vmail; 2 | 3 | -- DROP column 4 | ALTER TABLE mailbox DROP COLUMN local_part; 5 | 6 | -- New SQL column 7 | ALTER TABLE mailbox ADD COLUMN enableimaptls INT2 NOT NULL DEFAULT 1; 8 | CREATE INDEX idx_mailbox_enableimaptls ON mailbox (enableimaptls); 9 | ALTER TABLE mailbox ADD COLUMN enablepop3tls INT2 NOT NULL DEFAULT 1; 10 | CREATE INDEX idx_mailbox_enablepop3tls ON mailbox (enablepop3tls); 11 | ALTER TABLE mailbox ADD COLUMN enablesievetls INT2 NOT NULL DEFAULT 1; 12 | CREATE INDEX idx_mailbox_enablesievetls ON mailbox (enablesievetls); 13 | 14 | -- Rename table 15 | ALTER TABLE alias_moderators RENAME TO moderators; 16 | 17 | -- Column used to limit number of mailing lists a domain admin can create 18 | ALTER TABLE domain ADD COLUMN maillists INT8 NOT NULL DEFAULT 0; 19 | 20 | -- Column used to mark sql record is a mailing list 21 | ALTER TABLE forwardings ADD COLUMN is_maillist INT2 NOT NULL DEFAULT 0; 22 | CREATE INDEX idx_forwardings_is_maillist ON forwardings (is_maillist); 23 | 24 | CREATE TABLE maillists ( 25 | id SERIAL PRIMARY KEY, 26 | address VARCHAR(255) NOT NULL DEFAULT '', 27 | domain VARCHAR(255) NOT NULL DEFAULT '', 28 | -- Per mailing list transport. for example: 'mlmmj:example.com/listname'. 29 | transport VARCHAR(255) NOT NULL DEFAULT '', 30 | accesspolicy VARCHAR(30) NOT NULL DEFAULT '', 31 | maxmsgsize INT8 NOT NULL DEFAULT 0, 32 | -- name of the mailing list 33 | name VARCHAR(255) NOT NULL DEFAULT '', 34 | -- short introduction of the mailing list on subscription page 35 | description TEXT, 36 | -- a server-wide unique id (a 36-characters string) for each mailing list 37 | mlid VARCHAR(36) NOT NULL DEFAULT '', 38 | -- control whether newsletter-style subscription from website is enabled 39 | -- 1 -> enabled, 0 -> disabled 40 | is_newsletter INT2 NOT NULL DEFAULT 0, 41 | settings TEXT, 42 | created TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT '1970-01-01 00:00:00', 43 | modified TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT '1970-01-01 00:00:00', 44 | expired TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT '9999-12-31 00:00:00', 45 | active INT2 NOT NULL DEFAULT 1 46 | ); 47 | CREATE UNIQUE INDEX idx_maillists_address ON maillists (address); 48 | CREATE INDEX idx_maillists_domain ON maillists (domain); 49 | CREATE UNIQUE INDEX idx_maillists_mlid ON maillists (mlid); 50 | CREATE INDEX idx_maillists_is_newsletter ON maillists (is_newsletter); 51 | CREATE INDEX idx_maillists_active ON maillists (active); 52 | 53 | GRANT SELECT ON maillists TO vmail; 54 | GRANT SELECT ON maillists_id_seq TO vmail; 55 | GRANT SELECT ON alias_moderators_id_seq TO vmail; 56 | GRANT SELECT ON forwardings_id_seq TO vmail; 57 | 58 | GRANT ALL ON maillists TO vmailadmin; 59 | GRANT ALL ON maillists_id_seq TO vmailadmin; 60 | GRANT ALL ON alias_moderators_id_seq TO vmailadmin; 61 | GRANT ALL ON forwardings_id_seq TO vmailadmin; 62 | -------------------------------------------------------------------------------- /update/0.9.9/iredmail.mysql: -------------------------------------------------------------------------------- 1 | ALTER TABLE mailbox ADD COLUMN mailboxformat VARCHAR(50) NOT NULL DEFAULT 'maildir'; 2 | ALTER TABLE mailbox ADD COLUMN mailboxfolder VARCHAR(50) NOT NULL DEFAULT 'Maildir'; 3 | -------------------------------------------------------------------------------- /update/0.9.9/iredmail.pgsql: -------------------------------------------------------------------------------- 1 | ALTER TABLE mailbox ADD COLUMN mailboxformat VARCHAR(50) NOT NULL DEFAULT 'maildir'; 2 | ALTER TABLE mailbox ADD COLUMN mailboxfolder VARCHAR(50) NOT NULL DEFAULT 'Maildir'; 3 | -------------------------------------------------------------------------------- /update/1.0/iredmail.mysql: -------------------------------------------------------------------------------- 1 | ALTER TABLE mailbox ADD COLUMN `enablequota-status` TINYINT(1) NOT NULL DEFAULT 1; 2 | CREATE INDEX `enablequota-status` ON mailbox (`enablequota-status`); 3 | -------------------------------------------------------------------------------- /update/1.0/iredmail.pgsql: -------------------------------------------------------------------------------- 1 | ALTER TABLE mailbox ADD COLUMN "enablequota-status" INT2 NOT NULL DEFAULT 1; 2 | CREATE INDEX idx_mailbox_enablequota_status ON mailbox ("enablequota-status"); 3 | -------------------------------------------------------------------------------- /update/1.2/last_login.mysql: -------------------------------------------------------------------------------- 1 | -- For MySQL/MariaDB backends, please update database `vmail`. 2 | -- For OpenLDAP backend, please update database `iredadmin`. 3 | DROP TABLE `last_login`; 4 | 5 | CREATE TABLE `last_login` ( 6 | `username` VARCHAR(255) NOT NULL DEFAULT '', 7 | `domain` VARCHAR(255) NOT NULL DEFAULT '', 8 | `imap` INT(11) DEFAULT NULL, 9 | `pop3` INT(11) DEFAULT NULL, 10 | `lda` INT(11) DEFAULT NULL, 11 | PRIMARY KEY (`username`), 12 | INDEX last_login_domain (`domain`), 13 | INDEX last_login_imap (`imap`), 14 | INDEX last_login_pop3 (`pop3`), 15 | INDEX last_login_lda (`lda`) 16 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 17 | -------------------------------------------------------------------------------- /update/1.4.0/iredmail.mysql: -------------------------------------------------------------------------------- 1 | -- (mlmmj) mailing list owners. 2 | CREATE TABLE IF NOT EXISTS maillist_owners ( 3 | id BIGINT(20) UNSIGNED AUTO_INCREMENT, 4 | -- email address of mailing list 5 | address VARCHAR(255) NOT NULL DEFAULT '', 6 | -- email address of owner 7 | owner VARCHAR(255) NOT NULL DEFAULT '', 8 | domain VARCHAR(255) NOT NULL DEFAULT '', 9 | -- domain part of owner email address 10 | dest_domain VARCHAR(255) NOT NULL DEFAULT '', 11 | PRIMARY KEY (id), 12 | UNIQUE INDEX (address, owner), 13 | INDEX (owner), 14 | INDEX (domain), 15 | INDEX (dest_domain) 16 | ) ENGINE=InnoDB; 17 | 18 | -- Drop unused SQL columns 19 | ALTER TABLE mailbox DROP COLUMN `allowedsenders`; 20 | ALTER TABLE mailbox DROP COLUMN `rejectedsenders`; 21 | ALTER TABLE mailbox DROP COLUMN `allowedrecipients`; 22 | ALTER TABLE mailbox DROP COLUMN `rejectedrecipients`; 23 | -------------------------------------------------------------------------------- /update/1.4.0/iredmail.pgsql: -------------------------------------------------------------------------------- 1 | -- (mlmmj) mailing list owners. 2 | CREATE TABLE maillist_owners ( 3 | id SERIAL PRIMARY KEY, 4 | address VARCHAR(255) NOT NULL DEFAULT '', 5 | owner VARCHAR(255) NOT NULL DEFAULT '', 6 | domain VARCHAR(255) NOT NULL DEFAULT '', 7 | dest_domain VARCHAR(255) NOT NULL DEFAULT '' 8 | ); 9 | CREATE UNIQUE INDEX idx_maillist_owners_address_owner ON maillist_owners (address, owner); 10 | CREATE INDEX idx_maillist_owners_owner ON maillist_owners (owner); 11 | CREATE INDEX idx_maillist_owners_domain ON maillist_owners (domain); 12 | CREATE INDEX idx_maillist_owners_dest_domain ON maillist_owners (dest_domain); 13 | 14 | ALTER TABLE maillist_owners OWNER TO vmailadmin; 15 | 16 | -- Drop unused SQL columns 17 | ALTER TABLE mailbox DROP COLUMN "allowedsenders"; 18 | ALTER TABLE mailbox DROP COLUMN "rejectedsenders"; 19 | ALTER TABLE mailbox DROP COLUMN "allowedrecipients"; 20 | ALTER TABLE mailbox DROP COLUMN "rejectedrecipients"; 21 | -------------------------------------------------------------------------------- /update/1.4.1/iredmail.mysql: -------------------------------------------------------------------------------- 1 | ALTER TABLE mailbox ADD COLUMN `enablesogowebmail` CHAR(1) NOT NULL DEFAULT 'y'; 2 | ALTER TABLE mailbox ADD COLUMN `enablesogocalendar` CHAR(1) NOT NULL DEFAULT 'y'; 3 | ALTER TABLE mailbox ADD COLUMN `enablesogoactivesync` CHAR(1) NOT NULL DEFAULT 'y'; 4 | -------------------------------------------------------------------------------- /update/1.4.1/iredmail.pgsql: -------------------------------------------------------------------------------- 1 | ALTER TABLE mailbox ADD COLUMN "enablesogowebmail" CHAR(1) NOT NULL DEFAULT 'y'; 2 | ALTER TABLE mailbox ADD COLUMN "enablesogocalendar" CHAR(1) NOT NULL DEFAULT 'y'; 3 | ALTER TABLE mailbox ADD COLUMN "enablesogoactivesync" CHAR(1) NOT NULL DEFAULT 'y'; 4 | -------------------------------------------------------------------------------- /update/1.4.1/sogo.mysql: -------------------------------------------------------------------------------- 1 | DROP VIEW users; 2 | 3 | CREATE VIEW users ( 4 | c_uid, c_name, c_password, c_cn, 5 | mail, domain, 6 | c_webmail, c_calendar, c_activesync) 7 | AS SELECT username, username, password, name, 8 | username, domain, 9 | enablesogowebmail, enablesogocalendar, enablesogoactivesync 10 | FROM vmail.mailbox 11 | WHERE enablesogo=1 AND active=1; 12 | -------------------------------------------------------------------------------- /update/1.4.1/sogo.pgsql: -------------------------------------------------------------------------------- 1 | DROP VIEW users; 2 | 3 | CREATE VIEW users AS 4 | SELECT * FROM dblink('host=127.0.0.1 5 | port=5432 6 | dbname=vmail 7 | user=vmail 8 | password=VMAIL_DB_BIND_PASSWD', 9 | 'SELECT username AS c_uid, 10 | username AS c_name, 11 | password AS c_password, 12 | name AS c_cn, 13 | username AS mail, 14 | domain AS domain, 15 | enablesogowebmail AS c_webmail, 16 | enablesogocalendar AS c_calendar, 17 | enablesogoactivesync AS c_activesync 18 | FROM mailbox 19 | WHERE enablesogo=1 AND active=1') 20 | AS users (c_uid VARCHAR(255), 21 | c_name VARCHAR(255), 22 | c_password VARCHAR(255), 23 | c_cn VARCHAR(255), 24 | mail VARCHAR(255), 25 | domain VARCHAR(255), 26 | c_webmail VARCHAR(1), 27 | c_calendar VARCHAR(1), 28 | c_activesync VARCHAR(1)); 29 | 30 | ALTER TABLE users OWNER TO sogo; 31 | -------------------------------------------------------------------------------- /update/1.4.1/update-ldap.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # Author: Zhang Huangbin 3 | # Purpose: Add new attribute/value pairs introduced in iRedMail-1.4.1: 4 | # enabledService=sogowebmail 5 | # enabledService=sogocalendar 6 | # enabledService=sogoactivesync 7 | # Date: Sep 1, 2021. 8 | 9 | import ldap 10 | 11 | # Note: bind_dn must have write privilege on LDAP server. 12 | uri = 'ldap://127.0.0.1:389' 13 | basedn = 'o=domains,dc=example,dc=com' 14 | bind_dn = 'cn=Manager,dc=example,dc=com' 15 | bind_pw = 'password' 16 | 17 | # Initialize LDAP connection. 18 | print("* Connecting to LDAP server: {}".format(uri)) 19 | conn = ldap.initialize(uri=uri, trace_level=0,) 20 | conn.bind_s(bind_dn, bind_pw) 21 | 22 | # Get all mail users. 23 | print("* Get mail accounts ...") 24 | allUsers = conn.search_s( 25 | basedn, 26 | ldap.SCOPE_SUBTREE, 27 | "(objectClass=mailUser)", 28 | ['mail', 'enabledService'], 29 | ) 30 | 31 | total = len(allUsers) 32 | print("* Found {} user(s).".format(total)) 33 | 34 | # Counter. 35 | count = 1 36 | 37 | for (dn, entry) in allUsers: 38 | mail = entry['mail'][0].decode() 39 | if 'enabledService' not in entry: 40 | continue 41 | 42 | enabledService = entry['enabledService'] 43 | 44 | _update = False 45 | for srv in [b"sogowebmail", b"sogocalendar", b"sogoactivesync"]: 46 | if srv not in enabledService: 47 | enabledService.append(srv) 48 | _update = True 49 | 50 | if _update: 51 | print("* ({} of {}) Updating user: {}".format(count, total, mail)) 52 | mod_attr = [(ldap.MOD_REPLACE, 'enabledService', enabledService)] 53 | try: 54 | conn.modify_s(dn, mod_attr) 55 | except Exception as e: 56 | print("Error while updating user {}: {}".format(mail, repr(e))) 57 | else: 58 | print("* [SKIP] No update required for user: {}".format(mail)) 59 | 60 | count += 1 61 | 62 | # Unbind connection. 63 | print("* Unbind LDAP server.") 64 | conn.unbind() 65 | 66 | print("* Update completed.") 67 | -------------------------------------------------------------------------------- /update/1.4.2/iredmail.mysql: -------------------------------------------------------------------------------- 1 | -- Fix incorrect column types. 2 | ALTER TABLE mailbox MODIFY COLUMN `enablesogowebmail` VARCHAR(1) NOT NULL DEFAULT 'y'; 3 | ALTER TABLE mailbox MODIFY COLUMN `enablesogocalendar` VARCHAR(1) NOT NULL DEFAULT 'y'; 4 | ALTER TABLE mailbox MODIFY COLUMN `enablesogoactivesync` VARCHAR(1) NOT NULL DEFAULT 'y'; 5 | 6 | -- Drop unused columns. 7 | ALTER TABLE mailbox DROP COLUMN `lastlogindate`; 8 | ALTER TABLE mailbox DROP COLUMN `lastloginipv4`; 9 | ALTER TABLE mailbox DROP COLUMN `lastloginprotocol`; 10 | -------------------------------------------------------------------------------- /update/1.4.2/iredmail.pgsql: -------------------------------------------------------------------------------- 1 | -- Fix incorrect column types. 2 | ALTER TABLE mailbox ALTER COLUMN "enablesogowebmail" TYPE VARCHAR(1); 3 | ALTER TABLE mailbox ALTER COLUMN "enablesogocalendar" TYPE VARCHAR(1); 4 | ALTER TABLE mailbox ALTER COLUMN "enablesogoactivesync" TYPE VARCHAR(1); 5 | 6 | -- Drop unused columns. 7 | ALTER TABLE mailbox DROP COLUMN "lastlogindate"; 8 | ALTER TABLE mailbox DROP COLUMN "lastloginipv4"; 9 | ALTER TABLE mailbox DROP COLUMN "lastloginprotocol"; 10 | -------------------------------------------------------------------------------- /update/1.4.2/sogo.pgsql: -------------------------------------------------------------------------------- 1 | DROP VIEW users; 2 | 3 | CREATE VIEW users AS 4 | SELECT * FROM dblink('host=127.0.0.1 5 | port=5432 6 | dbname=vmail 7 | user=vmail 8 | password=VMAIL_DB_BIND_PASSWD', 9 | 'SELECT username AS c_uid, 10 | username AS c_name, 11 | password AS c_password, 12 | name AS c_cn, 13 | username AS mail, 14 | domain AS domain, 15 | enablesogowebmail AS c_webmail, 16 | enablesogocalendar AS c_calendar, 17 | enablesogoactivesync AS c_activesync 18 | FROM mailbox 19 | WHERE enablesogo=1 AND active=1') 20 | AS users (c_uid VARCHAR(255), 21 | c_name VARCHAR(255), 22 | c_password VARCHAR(255), 23 | c_cn VARCHAR(255), 24 | mail VARCHAR(255), 25 | domain VARCHAR(255), 26 | c_webmail VARCHAR(1), 27 | c_calendar VARCHAR(1), 28 | c_activesync VARCHAR(1)); 29 | 30 | ALTER TABLE users OWNER TO sogo; 31 | -------------------------------------------------------------------------------- /update/1.6.0/sogo_view.pgsql: -------------------------------------------------------------------------------- 1 | \c vmail; 2 | 3 | -- cannot alter type of a column used by a view or rule 4 | DROP VIEW IF EXISTS sogo_users; 5 | 6 | ALTER TABLE mailbox ALTER COLUMN enablesogowebmail TYPE VARCHAR(1); 7 | ALTER TABLE mailbox ALTER COLUMN enablesogocalendar TYPE VARCHAR(1); 8 | ALTER TABLE mailbox ALTER COLUMN enablesogoactivesync TYPE VARCHAR(1); 9 | 10 | CREATE VIEW sogo_users AS 11 | SELECT username AS c_uid, 12 | username AS c_name, 13 | password AS c_password, 14 | name AS c_cn, 15 | username AS mail, 16 | domain AS domain, 17 | enablesogowebmail AS c_webmail, 18 | enablesogocalendar AS c_calendar, 19 | enablesogoactivesync AS c_activesync 20 | FROM mailbox 21 | WHERE enablesogo=1 AND active=1; 22 | 23 | ALTER TABLE sogo_users OWNER TO vmailadmin; 24 | 25 | -- allow end users to change their own passwords. 26 | GRANT SELECT,UPDATE ON mailbox TO sogo; 27 | GRANT SELECT,UPDATE ON sogo_users TO sogo; 28 | -------------------------------------------------------------------------------- /update/1.6.3/iredmail.mysql: -------------------------------------------------------------------------------- 1 | ALTER TABLE forwardings ADD INDEX IF NOT EXISTS forwarding (forwarding); 2 | -------------------------------------------------------------------------------- /update/1.7.0/fail2ban.mysql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Used to store both enabled and disabled jails. 3 | -- 4 | CREATE TABLE IF NOT EXISTS `jails` ( 5 | `id` BIGINT(20) UNSIGNED AUTO_INCREMENT, 6 | `name` VARCHAR(255) NOT NULL DEFAULT '', 7 | `enabled` TINYINT(1) DEFAULT 1, 8 | PRIMARY KEY (`id`), 9 | UNIQUE INDEX (`name`), 10 | INDEX (`enabled`) 11 | ) ENGINE=InnoDB; 12 | -------------------------------------------------------------------------------- /update/1.7.0/fail2ban.pgsql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Used to store both enabled and disabled jails. 3 | -- 4 | CREATE TABLE jails ( 5 | id SERIAL PRIMARY KEY, 6 | name VARCHAR(255) NOT NULL DEFAULT '', 7 | enabled INT2 DEFAULT 1 8 | ); 9 | CREATE UNIQUE INDEX idx_jails_name ON jails (name); 10 | CREATE INDEX idx_jails_enabled ON jails (enabled); 11 | 12 | ALTER TABLE jails OWNER TO fail2ban; 13 | -------------------------------------------------------------------------------- /update/1.7.1/amavisd.mysql: -------------------------------------------------------------------------------- 1 | ALTER TABLE msgs MODIFY COLUMN subject VARBINARY(1024) DEFAULT ''; 2 | -------------------------------------------------------------------------------- /update/1.7.2/vmail.mysql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Requires MySQL 5.5.3 (released in early 2010) or later releases. 3 | -- 4 | -- Run command to show all columns of a table: 5 | -- SHOW FULL COLUMNS FROM ; 6 | 7 | ALTER DATABASE vmail 8 | DEFAULT CHARACTER SET utf8mb4 9 | DEFAULT COLLATE utf8mb4_general_ci; 10 | 11 | ALTER TABLE admin CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 12 | ALTER TABLE alias CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 13 | ALTER TABLE alias_domain CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 14 | ALTER TABLE anyone_shares CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 15 | ALTER TABLE deleted_mailboxes CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 16 | ALTER TABLE domain CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 17 | ALTER TABLE domain_admins CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 18 | ALTER TABLE forwardings CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 19 | ALTER TABLE last_login CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 20 | ALTER TABLE mailbox CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 21 | ALTER TABLE maillist_owners CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 22 | ALTER TABLE maillists CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 23 | ALTER TABLE moderators CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 24 | ALTER TABLE recipient_bcc_domain CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 25 | ALTER TABLE recipient_bcc_user CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 26 | ALTER TABLE sender_bcc_domain CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 27 | ALTER TABLE sender_bcc_user CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 28 | ALTER TABLE sender_relayhost CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 29 | ALTER TABLE share_folder CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 30 | ALTER TABLE used_quota CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 31 | -------------------------------------------------------------------------------- /update/1.7.3/deleted_mailboxes.mysql: -------------------------------------------------------------------------------- 1 | -- 2 | -- MariaDB 5.5 on CentOS 7 does not support `ADD COLUMN IF EXISTS`, so here is 3 | -- an alternative way to add it without error. 4 | -- 5 | -- Add columns in `vmail.deleted_mailboxes` (MariaDB) or 6 | -- `iredadmin.deleted_mailboxes` (OpenLDAP): 7 | -- 8 | -- - birthday 9 | -- - recovery_email 10 | -- 11 | drop procedure if exists irm173_schema_change; 12 | 13 | delimiter ';;' 14 | create procedure irm173_schema_change() begin 15 | if not exists (select * from information_schema.columns where table_schema = 'vmail' and table_name = 'mailbox' and column_name = 'first_name') then 16 | ALTER TABLE mailbox ADD COLUMN `first_name` VARCHAR(255) NOT NULL DEFAULT ''; 17 | end if; 18 | 19 | if not exists (select * from information_schema.columns where table_schema = 'vmail' and table_name = 'mailbox' and column_name = 'last_name') then 20 | ALTER TABLE mailbox ADD COLUMN `last_name` VARCHAR(255) NOT NULL DEFAULT ''; 21 | end if; 22 | 23 | if not exists (select * from information_schema.columns where table_schema = 'vmail' and table_name = 'mailbox' and column_name = 'mobile') then 24 | ALTER TABLE mailbox ADD COLUMN `mobile` VARCHAR(255) NOT NULL DEFAULT ''; 25 | end if; 26 | 27 | if not exists (select * from information_schema.columns where table_schema = 'vmail' and table_name = 'mailbox' and column_name = 'telephone') then 28 | ALTER TABLE mailbox ADD COLUMN `telephone` VARCHAR(255) NOT NULL DEFAULT ''; 29 | end if; 30 | 31 | if not exists (select * from information_schema.columns where table_schema = 'vmail' and table_name = 'mailbox' and column_name = 'birthday') then 32 | ALTER TABLE mailbox ADD COLUMN `birthday` DATE NOT NULL DEFAULT '0001-01-01'; 33 | end if; 34 | 35 | if not exists (select * from information_schema.columns where table_schema = 'vmail' and table_name = 'mailbox' and column_name = 'recovery_email') then 36 | ALTER TABLE mailbox ADD COLUMN `recovery_email` VARCHAR(255) NOT NULL DEFAULT ''; 37 | end if; 38 | end;; 39 | 40 | delimiter ';' 41 | call irm173_schema_change(); 42 | 43 | drop procedure if exists irm173_schema_change; 44 | -------------------------------------------------------------------------------- /update/1.7.3/iredadmin.mysql: -------------------------------------------------------------------------------- 1 | -- 2 | -- MariaDB 5.5 on CentOS 7 does not support `ADD COLUMN IF EXISTS`, so here is 3 | -- an alternative way to add it without error. 4 | -- 5 | -- Add columns in `iredadmin.deleted_mailboxes` for OpenLDAP backend: 6 | -- 7 | -- - bytes 8 | -- - messages 9 | 10 | drop procedure if exists irm173_schema_change; 11 | 12 | delimiter ';;' 13 | create procedure irm173_schema_change() begin 14 | if not exists (select * from information_schema.columns where table_schema = 'iredadmin' and table_name = 'deleted_mailboxes' and column_name = 'bytes') then 15 | ALTER TABLE deleted_mailboxes ADD COLUMN `bytes` BIGINT NOT NULL DEFAULT 0; 16 | end if; 17 | 18 | if not exists (select * from information_schema.columns where table_schema = 'iredadmin' and table_name = 'deleted_mailboxes' and column_name = 'messages') then 19 | ALTER TABLE deleted_mailboxes ADD COLUMN `messages` BIGINT NOT NULL DEFAULT 0; 20 | end if; 21 | end;; 22 | 23 | delimiter ';' 24 | call irm173_schema_change(); 25 | 26 | drop procedure if exists irm173_schema_change; 27 | -------------------------------------------------------------------------------- /update/1.7.3/vmail.pgsql: -------------------------------------------------------------------------------- 1 | ALTER TABLE mailbox ADD COLUMN IF NOT EXISTS "first_name" VARCHAR(255) NOT NULL DEFAULT ''; 2 | ALTER TABLE mailbox ADD COLUMN IF NOT EXISTS "last_name" VARCHAR(255) NOT NULL DEFAULT ''; 3 | ALTER TABLE mailbox ADD COLUMN IF NOT EXISTS "mobile" VARCHAR(255) NOT NULL DEFAULT ''; 4 | ALTER TABLE mailbox ADD COLUMN IF NOT EXISTS "telephone" VARCHAR(255) NOT NULL DEFAULT ''; 5 | ALTER TABLE mailbox ADD COLUMN IF NOT EXISTS "birthday" DATE NOT NULL DEFAULT '0001-01-01'; 6 | ALTER TABLE mailbox ADD COLUMN IF NOT EXISTS "recovery_email" VARCHAR(255) NOT NULL DEFAULT ''; 7 | 8 | ALTER TABLE deleted_mailboxes ADD COLUMN IF NOT EXISTS "bytes" INT8 NOT NULL DEFAULT 0; 9 | ALTER TABLE deleted_mailboxes ADD COLUMN IF NOT EXISTS "messages" INT8 NOT NULL DEFAULT 0; 10 | -------------------------------------------------------------------------------- /update/README.md: -------------------------------------------------------------------------------- 1 | Please follow [iRedMail upgrade tutorials](https://docs.iredmail.org/iredmail.releases.html) to use SQL/Shell/Python scripts in this directory, do not run any of them blindly. 2 | -------------------------------------------------------------------------------- /update/ldap/README.md: -------------------------------------------------------------------------------- 1 | # Update LDAP data 2 | 3 | [TOC] 4 | 5 | ## Summary 6 | 7 | If you're restoring from an old iRedMail release, you need to add missing LDAP 8 | attribute/values, which are introduced in new iRedMail releases, by running 9 | Python scripts below: . 10 | 11 | For example: 12 | 13 | * If you're restoring iRedMail from `0.9.1` to `0.9.5`, you must run all update 14 | scripts for iRedMail-0.9.1 and newer releases. In this case, only file 15 | `updateLDAPValues_094_to_095.py` listed in above link is required. 16 | 17 | * If you're restoring iRedMail from `0.8.6` to `0.9.5`, you need 3 files: 18 | 19 | * `updateLDAPValues_086_to_087.py` 20 | * `updateLDAPValues_087_to_090.py` 21 | * `updateLDAPValues_094_to_095.py` 22 | 23 | ## How to use those upgrade scripts 24 | 25 | Please open the file you need to run, for example, `updateLDAPValues_094_to_095.py`, 26 | find parameters like below: 27 | 28 | ``` 29 | uri = 'ldap://127.0.0.1:389' 30 | basedn = 'o=domains,dc=example,dc=com' 31 | bind_dn = 'cn=Manager,dc=example,dc=com' 32 | bind_pw = 'passwd' 33 | ``` 34 | 35 | Please update them with the correct LDAP prefix (`dc=xx,dc=xx`) and bind 36 | password, then run it with `python` command: 37 | 38 | ``` 39 | python2 updateLDAPValues_094_to_095.py 40 | ``` 41 | -------------------------------------------------------------------------------- /update/ldap/update-ldap-dovecot-2.3.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # Author: Zhang Huangbin 3 | # Purpose: Add missing attribute/value pairs required by Dovecot-2.3. 4 | # Date: Apr 12, 2018. 5 | 6 | import ldap 7 | 8 | # Note: 9 | # * bind_dn must have write privilege on LDAP server. 10 | uri = 'ldap://127.0.0.1:389' 11 | basedn = 'o=domains,dc=example,dc=com' 12 | bind_dn = 'cn=Manager,dc=example,dc=com' 13 | bind_pw = 'password' 14 | 15 | # Initialize LDAP connection. 16 | print("* Connecting to LDAP server: {}".format(uri)) 17 | conn = ldap.initialize(uri=uri, trace_level=0,) 18 | conn.bind_s(bind_dn, bind_pw) 19 | 20 | # Get all mail users. 21 | print("* Get mail accounts ...") 22 | allUsers = conn.search_s( 23 | basedn, 24 | ldap.SCOPE_SUBTREE, 25 | "(&(objectClass=mailUser)(|(enabledService=imapsecured)(enabledService=pop3secured)(enabledService=smtpsecured)(enabledService=sievesecured)(enabledService=managesievesecured)))", 26 | ['mail', 'enabledService'], 27 | ) 28 | 29 | total = len(allUsers) 30 | print("* Updating {} user(s).".format(total)) 31 | 32 | # Counter. 33 | count = 1 34 | 35 | for (dn, entry) in allUsers: 36 | mail = entry['mail'][0] 37 | if 'enabledService' not in entry: 38 | continue 39 | 40 | enabledService = entry['enabledService'] 41 | 42 | _update = False 43 | 44 | # If old service is disabled for the user, then no need to add the new one. 45 | for old, new in [(b'imapsecured', b'imaptls'), 46 | (b'pop3secured', b'pop3tls'), 47 | (b'smtpsecured', b'smtptls'), 48 | (b'sievesecured', b'sievetls')]: 49 | if (old in enabledService) and (new not in enabledService): 50 | enabledService.append(new) 51 | _update = True 52 | 53 | if _update: 54 | print("* ({} of {}) Updating user: {}".format(count, total, mail)) 55 | mod_attr = [(ldap.MOD_REPLACE, 'enabledService', enabledService)] 56 | try: 57 | conn.modify_s(dn, mod_attr) 58 | except Exception as e: 59 | print("Error while updating user {}: {}".format(mail, repr(e))) 60 | else: 61 | print("* [SKIP] No update required for user: {}".format(mail)) 62 | 63 | count += 1 64 | 65 | # Unbind connection. 66 | print("* Unbind LDAP server.") 67 | conn.unbind() 68 | 69 | print("* Update completed.") 70 | --------------------------------------------------------------------------------