cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-06-16 21:51:04 +02:00
parent 227a868319
commit 6ee63a708d
12 changed files with 139 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
bundles/dovecot/files/dovecot.conf
View file

@ -1,4 +1,4 @@
protocols = imap lmtp protocols = imap lmtp sieve
auth_mechanisms = plain login auth_mechanisms = plain login
mail_privileged_group = mail mail_privileged_group = mail
ssl = required ssl = required
@ -6,11 +6,12 @@ ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')
ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')}/privkey.pem ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')}/privkey.pem
ssl_dh = </etc/dovecot/dhparam.pem ssl_dh = </etc/dovecot/dhparam.pem
ssl_client_ca_dir = /etc/ssl/certs ssl_client_ca_dir = /etc/ssl/certs
mail_location = maildir:~/Maildir mail_location = maildir:~/Maildir
mail_plugins = fts fts_xapian
namespace inbox { namespace inbox {
inbox = yes inbox = yes
separator = . separator = /
mailbox Drafts { mailbox Drafts {
auto = subscribe auto = subscribe
special_use = \Drafts special_use = \Drafts
@ -53,19 +54,42 @@ service lmtp {
} }
} }
service stats { service stats {
unix_listener stats-reader { unix_listener stats-reader {
user = vmail user = vmail
group = vmail group = vmail
mode = 0660 mode = 0660
} }
unix_listener stats-writer { unix_listener stats-writer {
user = vmail user = vmail
group = vmail group = vmail
mode = 0660 mode = 0660
} }
}
service managesieve-login {
inet_listener sieve {
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
service managesieve {
process_limit = 100
} }
mail_plugins = fts fts_xapian protocol imap {
mail_plugins = $mail_plugins imap_sieve
mail_max_userip_connections = 50
imap_idle_notify_interval = 29 mins
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
protocol sieve {
plugin {
sieve = /var/vmail/sieve/%u.sieve
sieve_storage = /var/vmail/sieve/%u/
}
}
# fulltext search # fulltext search
plugin { plugin {
@ -86,3 +110,25 @@ service decode2text {
mode = 0666 mode = 0666
} }
} }
# spam filter
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_dir = /var/vmail/sieve/%u/
sieve = /var/vmail/sieve/%u.sieve
sieve_pipe_bin_dir = /var/vmail/sieve/
sieve_extensions = +vnd.dovecot.pipe
sieve_before = /var/vmail/sieve/global/spam-global.sieve
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
}

7
bundles/dovecot/files/learn-ham.sieve Normal file
View file

@ -0,0 +1,7 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve", "variables"];
if string "${mailbox}" "Trash" {
stop;
}
pipe :copy "rspamd-learn-ham.sh";

3
bundles/dovecot/files/learn-spam.sieve Normal file
View file

@ -0,0 +1,3 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve"];
pipe :copy "rspamd-learn-spam.sh";

6
bundles/dovecot/files/spam-global.sieve Normal file
View file

@ -0,0 +1,6 @@
require ["fileinto", "mailbox"];
if header :contains "X-Spam" "Yes" {
fileinto :create "Junk";
stop;
}

29
bundles/dovecot/items.py
View file

@ -12,6 +12,13 @@ directories = {
'/etc/dovecot': { '/etc/dovecot': {
'purge': True, 'purge': True,
}, },
'/etc/dovecot/conf.d': {
'purge': True,
'needs': [
'pkg_apt:dovecot-sieve',
'pkg_apt:dovecot-managesieved',
]
},
'/etc/dovecot/ssl': {}, '/etc/dovecot/ssl': {},
'/var/vmail': { '/var/vmail': {
'owner': 'vmail', 'owner': 'vmail',
@ -45,6 +52,28 @@ files = {
'/etc/dovecot/dhparam.pem': { '/etc/dovecot/dhparam.pem': {
'content_type': 'any', 'content_type': 'any',
}, },
'/etc/dovecot/dovecot-sql.conf': {
'content_type': 'mako',
'context': node.metadata.get('mailserver/database'),
'needs': {
'pkg_apt:'
},
'triggers': {
'svc_systemd:dovecot:restart',
},
},
'/var/mail/vmail/sieve/global/learn-ham.sieve': {
'owner': 'nobody',
'group': 'nogroup',
},
'/var/mail/vmail/sieve/global/learn-spam.sieve': {
'owner': 'nobody',
'group': 'nogroup',
},
'/var/mail/vmail/sieve/global/spam-global.sieve': {
'owner': 'nobody',
'group': 'nogroup',
},
} }
actions = { actions = {

17
bundles/dovecot/metadata.py
View file

@ -1,15 +1,16 @@
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'packages': {
'dovecot-imapd': {}, 'dovecot-imapd': {},
'dovecot-pgsql': {}, 'dovecot-pgsql': {},
'dovecot-lmtpd': {}, 'dovecot-lmtpd': {},
# 'dovecot-sieve': {}, # spam filtering
# 'dovecot-managesieved': {}, 'dovecot-sieve': {},
'dovecot-managesieved': {},
# fulltext search # fulltext search
'dovecot-fts-xapian': {}, # buster-backports 'dovecot-fts-xapian': {}, # buster-backports
'poppler-utils': {}, # pdftotext 'poppler-utils': {}, # pdftotext
'catdoc': {}, # catdoc, catppt, xls2csv 'catdoc': {}, # catdoc, catppt, xls2csv
}, },
}, },
'letsencrypt': { 'letsencrypt': {

2
bundles/mailserver/items.py
View file

@ -3,6 +3,8 @@ assert node.has_bundle('opendkim')
assert node.has_bundle('dovecot') assert node.has_bundle('dovecot')
assert node.has_bundle('letsencrypt') assert node.has_bundle('letsencrypt')
assert node.has_bundle('roundcube') assert node.has_bundle('roundcube')
assert node.has_bundle('rspamd')
assert node.has_bundle('redis')
from hashlib import md5 from hashlib import md5
from shlex import quote from shlex import quote

10
bundles/postfix/files/main.cf
View file

@ -42,8 +42,12 @@ mua_client_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject mua_sender_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_milters = inet:localhost:8891 inet:127.0.0.1:11332
non_smtpd_milters = inet:localhost:8891 inet:127.0.0.1:11332
# opendkim # opendkim
milter_protocol = 2 milter_protocol = 6
milter_default_action = accept milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891 # rspamd
milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_authen}"

7
bundles/redis/metadata.py Normal file
View file

@ -0,0 +1,7 @@
defaults = {
'apt': {
'packages': {
'redis-server': {},
},
},
}

0
bundles/rspamd/items.py Normal file
View file

7
bundles/rspamd/metadata.py Normal file
View file

@ -0,0 +1,7 @@
defaults = {
'apt': {
'packages': {
'rspamd': {},
},
},
}

2
groups/applications/mailserver.py
View file

@ -7,6 +7,8 @@
'php', 'php',
'postfix', 'postfix',
'postgresql', 'postgresql',
'redis',
'roundcube', 'roundcube',
'rspamd',
], ],
} }