diff --git a/bundles/dovecot/files/sudors b/bundles/dovecot/files/sudors
deleted file mode 100644
index e48cf33..0000000
--- a/bundles/dovecot/files/sudors
+++ /dev/null
@@ -1 +0,0 @@
-www-data ALL=(ALL) NOPASSWD: /usr/bin/doveadm pw -s ARGON2ID
diff --git a/bundles/letsencrypt/files/hook.sh b/bundles/letsencrypt/files/hook.sh
index 4275eb0..f08509d 100644
--- a/bundles/letsencrypt/files/hook.sh
+++ b/bundles/letsencrypt/files/hook.sh
@@ -9,8 +9,6 @@ deploy_challenge() {
update add $1.${zone}. 60 IN TXT \"$3\"
send
" | tee | nsupdate -y hmac-sha512:${acme_key_name}:${acme_key}
-
- sleep 10
}
clean_challenge() {
diff --git a/bundles/letsencrypt/metadata.py b/bundles/letsencrypt/metadata.py
index c7caa85..64e7ebb 100644
--- a/bundles/letsencrypt/metadata.py
+++ b/bundles/letsencrypt/metadata.py
@@ -1,5 +1,3 @@
-from ipaddress import ip_interface
-
defaults = {
'apt': {
'packages': {
diff --git a/bundles/mailserver-autoconfig/README.md b/bundles/mailserver-autoconfig/README.md
new file mode 100644
index 0000000..38bf776
--- /dev/null
+++ b/bundles/mailserver-autoconfig/README.md
@@ -0,0 +1,3 @@
+test autodiscover.php:
+
+`curl -X POST https://autoconfig.mail.example.com/Autodiscover/Autodiscover.xml -d 'test@example.com'`
diff --git a/bundles/mailserver-autoconfig/files/autodiscover.php b/bundles/mailserver-autoconfig/files/autodiscover.php
new file mode 100644
index 0000000..1134fac
--- /dev/null
+++ b/bundles/mailserver-autoconfig/files/autodiscover.php
@@ -0,0 +1,83 @@
+(.*?)\<\/EMailAddress\>/", $request, $email );
+
+// check for invalid mail, to prevent XSS
+if (filter_var($email[1], FILTER_VALIDATE_EMAIL) === false) {
+ throw new Exception('Invalid E-Mail provided');
+}
+
+// get domain from email address
+$domain = substr( strrchr( $email[1], "@" ), 1 );
+
+/**************************************
+ * Port and server settings below *
+ **************************************/
+
+// IMAP settings
+$imapServer = 'imap.' . $domain; // imap.example.com
+$imapPort = 993;
+$imapSSL = true;
+
+// SMTP settings
+$smtpServer = 'smtp.' . $domain; // smtp.example.com
+$smtpPort = 587;
+$smtpSSL = true;
+
+//set Content-Type
+header( 'Content-Type: application/xml' );
+?>
+'; ?>
+
+
+
+ email
+ settings
+
+
+ IMAP
+
+
+ off
+
+ off
+
+ on
+
+
+ SMTP
+
+
+ off
+
+ off
+
+ on
+ on
+ on
+
+
+
+
diff --git a/bundles/mailserver-autoconfig/files/config-v1.1.xml b/bundles/mailserver-autoconfig/files/config-v1.1.xml
new file mode 100644
index 0000000..a044635
--- /dev/null
+++ b/bundles/mailserver-autoconfig/files/config-v1.1.xml
@@ -0,0 +1,57 @@
+
+
+
+
+
+
+
+ ${mailserver}
+ ${mailserver}
+ ${mailserver}
+
+
+
+
+ ${mailserver}
+ 993
+ SSL
+ password-cleartext
+ %EMAILADDRESS%
+
+
+
+ ${mailserver}
+ 143
+ STARTTLS
+ password-cleartext
+ %EMAILADDRESS%
+
+
+
+
+
+ ${mailserver}
+ 465
+ SSL
+ password-cleartext
+ %EMAILADDRESS%
+
+
+
+ ${mailserver}
+ 587
+ STARTTLS
+ password-cleartext
+ %EMAILADDRESS%
+
+
+
+
+
+ Configure Thunderbird 2.0 for IMAP
+ Thunderbird 2.0 mit IMAP konfigurieren
+
+
+
+
+
diff --git a/bundles/mailserver-autoconfig/items.py b/bundles/mailserver-autoconfig/items.py
new file mode 100644
index 0000000..8dd667c
--- /dev/null
+++ b/bundles/mailserver-autoconfig/items.py
@@ -0,0 +1,16 @@
+autoconfig_hostname = node.metadata.get('mailserver/autoconfig_hostname')
+
+files = {
+ f'/var/www/{autoconfig_hostname}/mail/config-v1.1.xml': {
+ 'content_type': 'mako',
+ 'context': {
+ 'mailserver': node.metadata.get('mailserver/hostname'),
+ 'autoconfig': autoconfig_hostname,
+ },
+ 'owner': 'www-data',
+ },
+ f'/var/www/{autoconfig_hostname}/autodiscover/autodiscover.php': {
+ 'content_type': 'mako',
+ 'owner': 'www-data',
+ },
+}
diff --git a/bundles/mailserver-autoconfig/metadata.py b/bundles/mailserver-autoconfig/metadata.py
new file mode 100644
index 0000000..b943c74
--- /dev/null
+++ b/bundles/mailserver-autoconfig/metadata.py
@@ -0,0 +1,78 @@
+defaults = {}
+
+
+@metadata_reactor.provides(
+ 'mailserver/autoconfig_hostname',
+)
+def hostname(metadata):
+ return {
+ 'mailserver': {
+ 'autoconfig_hostname': f"autoconfig.{metadata.get('mailserver/hostname')}",
+ },
+ }
+
+
+@metadata_reactor.provides(
+ 'nginx/vhosts',
+)
+def nginx(metadata):
+ return {
+ 'nginx': {
+ 'vhosts': {
+ metadata.get('mailserver/autoconfig_hostname'): {
+ 'content': 'mailserver-autodiscover/vhost.conf',
+ 'context': {
+ 'root': f"/var/www/{metadata.get('mailserver/autoconfig_hostname')}",
+ },
+ },
+ },
+ },
+ }
+
+
+@metadata_reactor.provides(
+ 'letsencrypt/domains',
+)
+def letsencrypt(metadata):
+ return {
+ 'letsencrypt': {
+ 'domains': {
+ metadata.get('mailserver/autoconfig_hostname'): {
+ 'aliases': {
+ *{
+ f'autoconfig.{domain}'
+ for domain in metadata.get('mailserver/domains')
+ },
+ *{
+ f'autodiscover.{domain}'
+ for domain in metadata.get('mailserver/domains')
+ },
+ },
+ },
+ },
+ },
+ }
+
+
+@metadata_reactor.provides(
+ 'dns',
+)
+def autoconfig(metadata):
+ dns = {}
+
+ for domain in metadata.get('mailserver/domains'):
+ dns.update({
+ f'autoconfig.{domain}': {
+ 'CNAME': {f"{metadata.get('mailserver/autoconfig_hostname')}."},
+ },
+ f'_autodiscover._tcp.{domain}': {
+ 'SRV': {f"10 10 443 {metadata.get('mailserver/autoconfig_hostname')}."},
+ },
+ f'autodiscover.{domain}': {
+ 'CNAME': {f"{metadata.get('mailserver/autoconfig_hostname')}."},
+ },
+ })
+
+ return {
+ 'dns': dns,
+ }
diff --git a/bundles/postfix/files/master.cf b/bundles/postfix/files/master.cf
index f9d8b21..5ed0bbb 100644
--- a/bundles/postfix/files/master.cf
+++ b/bundles/postfix/files/master.cf
@@ -42,14 +42,25 @@ mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
submission inet n - y - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_tls_auth_only=yes
- -o smtpd_reject_unlisted_recipient=no
- -o smtpd_client_restrictions=$mua_client_restrictions
- -o smtpd_helo_restrictions=$mua_helo_restrictions
- -o smtpd_sender_restrictions=$mua_sender_restrictions
- -o smtpd_recipient_restrictions=
- -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
+ -o syslog_name=postfix/submission
+ -o smtpd_tls_security_level=encrypt
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_tls_auth_only=yes
+ -o smtpd_reject_unlisted_recipient=no
+ -o smtpd_client_restrictions=$mua_client_restrictions
+ -o smtpd_helo_restrictions=$mua_helo_restrictions
+ -o smtpd_sender_restrictions=$mua_sender_restrictions
+ -o smtpd_recipient_restrictions=
+ -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+ -o milter_macro_daemon_name=ORIGINATING
+smtps inet n - y - - smtpd
+ -o syslog_name=postfix/smtps
+ -o smtpd_tls_wrappermode=yes
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_reject_unlisted_recipient=no
+ -o smtpd_client_restrictions=$mua_client_restrictions
+ -o smtpd_helo_restrictions=$mua_helo_restrictions
+ -o smtpd_sender_restrictions=$mua_sender_restrictions
+ -o smtpd_recipient_restrictions=
+ -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+ -o milter_macro_daemon_name=ORIGINATING
diff --git a/data/dkim/wiegand.tel.privkey.enc b/data/dkim/wiegand.tel.privkey.enc
new file mode 100644
index 0000000..174ecdb
--- /dev/null
+++ b/data/dkim/wiegand.tel.privkey.enc
@@ -0,0 +1 @@
+encrypt$gAAAAABhlq_D2jvj7dxi_FGdRARCtVD03iEUWDY3dyX-wzZmc1MlyW4c2hOv-K1FzXzH3Ki9kdniBVtu3V8eewizG7p1eZAwO-hn4mD2WJOV30pHo2_ZLiS8UDCtxDTvAYhNILiCVefZVb_-8RWBpojIhI3MEB7GHbHWuTb6vNFMuS4pGGTMqXRH5HFQOsVxp6ID7vTKL_sRc3hM_wNncGd0Nh02BPMC9JzuGLuVJPBWEfzslPfkmTy_6qN-D-cppFkXcR7aLOWtfOQxPnZy5vZ_3vT5LDSG9B1xjVuFcUXsb8_f0K6gu3pkrjJOsi5_CuJhterC9mYXp0A3vo7AVRFAuZHL0Y7cSb_kmbWGmqCi2-wqHSjnl5jkdLjvT8qWoftdpYt0cIDNkiAOaU9JSf4J6GCK2Ph5ZYZAoSu7jjYrysqjuW3EzfrYFYNGrvWzP3ZLGggMb8aCmwOqDRmeOF859nO2O4_dUpeBSEwvihv8cO5WCgZKm2-niGf_UprmGWtqKOxZ-Oix0DQ4npaf2u65X1xXahXsxJH-UCkymrW7p7qzrLOCH0E0B90HhhL2U4IGMxUtYV0egX2vHg45b1YSnLRg3lQmCk6SUitcrNCWmwTRMilsY-RRcYOQFu3-Z9Pbz3QTLGGOTeFAhi1jqdhP3CObtKRbkhRc8FXABiErrNkAcWYM-SW3lqWAZbVhDewfD0m_uQuEJLDpHFNnqW_xCJiFpC-1RIXBwcGDCCoki0Gto8S1EdsIk-c7taq6F1cR__eXc6E3phIh9C7GignOUnlwlz1qvJ6zKZ5BXeUxI_MlSxZy18KTVjUhxrk4X-p8x4CSVrPR7yi5k9Pr31KdqjUSileb5byZIORkiyh6UCx40ODf98zLJVFF3NxiFRrAGRDFyKQ-bWX2JTGZ0M62CSkFdqM7rA6IenZ0WpVWY4jNu8u8ir-IMgLNP_iQzJGSSXsJn-hMI580fza_dJD8L-A05u0ZcAMcEXAQ7Vs9X3ilCcqQd-vZJIPlIc6lUch_evNBwreRSZ32I5GabVYWLbXKO1wJUi6fIzHmLY_vYNPpF15mDqcMbHcIxyDgua-zFGeK51PI9vHlbgfnDbHdqvXm8hGVI8R5fVFr_CTTqHBXAXkzYTtRd1YgNf4ibbdWyx6Bx0l_Zper21-FHnbjgDLKG9yeKz-5SLIL0F_uY_K4WdEn9UVlC5BP7OS2etk-pFXOgKdJry91jlZ-7NdEwki7mwYYndO_rNCMcjPvmQ1V050dh4kZNOYBHo18roFgojgiJSDYv3CSziXXHUAEiELXnfhssarF7OZ3blM9K6RNSz2vKx4blVifTYhA3zcyLa5vPJyn2zySLHU9u4-E_UDe9lYa7esCJhBhWi1PtqMC8nIJmU-DW3vcb_Jkc7MuKUBIcPLlSiJu5Y7lV469-rztRbj6BaNJQCtXgYii8dZgeA5GsUSc6ofwWKgmA7aCdL5xcQWYlQ7nho0HNapSjqe7uh3fwLxud2BExfJRd9T2HWScoZ77qbRuHn4zp5fdZQD26fbmMgMVpP7PjB1pBXOnmVIyJBXqN2KhemRYul9RL7YjeuydFgM-Ek8II0WdZf0S0dbzjRmLNHz8hoVwHV18V7yTXazx6vYTIzrhQlcY8Q91VyuYuA8EV-AbdM5WxFKCUr4NDSOrJzCXray0HjD2YY_MdqRbD3-IdQGqm5LM9yHq9YqVskGc1HU0eA_jt-Sst7YclyfZl01LvG_tvg-rz1eCAO8rzGt5M_x7FJZdxKrQW8L_fyONtPhgdzYg6aYToKZhsN8iR-mFbsfJ8097H3KVtfmXPijrdiJRCrhkp-0MGhS8WHUplbhlxXyxgzzaXkTdTWp4pEc4ei6YpZ_f6IVBKKRlFVlsua-0J9PbZVFAX2D_tUMFI5NlwLoKHUm7WNFBypRULdp6xiW8fDboZi6daZ8kCQRNbhqgZRxZQs1Wy5OH6yZxBJC1J6sY38n36Y6UP_xLYUnAlaHITu2dyIShvpRgZQCDYxeWv8oaJxodFiGpJaMOBukozz4sVL_-dBIQxK9_oGTyE-5wPo_5ad-fuhd2lnCYDtWhDhSNaKrk0yMRhFgRNAQzMFBKPibUvpLX5NGek8VcP5KRO3dbLB8Q3QacjWe2CI3Y16Ix1HqPCAZ1j79A-LmowoYq7qhTUHoVYJ4zf2Jd2zeuaMjdpZ4Bej0Be6dJNpZBsolXQl-QJPlw08ZUf1HbP-XhT0URcVQt9reAHU-G77rJVSo30OrrsDRjNxvh0LVnzrvaeFdtEl6rKh_Qtli6vNDBOCk1hNre6cKDgjCy-O-rOKdOwmBueXI5tEJMNaFLOoX29elGTHE=
\ No newline at end of file
diff --git a/data/dkim/wiegand.tel.pubkey b/data/dkim/wiegand.tel.pubkey
new file mode 100644
index 0000000..956733e
--- /dev/null
+++ b/data/dkim/wiegand.tel.pubkey
@@ -0,0 +1 @@
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvB69VOHK0vJ0yumq5TR9/29N0PQiZj4HQJ1hMdQGuwt3zozDR7vvgINJ5lJo8NXcZEJtbRbkIEJLJFvMiGfALNYU/Lcgpfc0bfCgWgwsvFe2P8JrcxSDf0M0eEV/k78agXVn75b5eWDCPPSm16XqjK8RlNz3LJo7ENkVAZshPg4mRm039ejAFmKKCirfzw3l4uZak9czSQxlLmOd503uiu0ljlguwHoNRX2FLSi77mdDYQl16BtHgu96fJL0ruiokfyuBi0Ves1LX2Fc4KQIzk1cgEt/dSZvQBkvYH/idR48rVgOT+lGyT30y2VbyFK0rCSft8tcC7HDoqYi2zJQQIDAQAB
\ No newline at end of file
diff --git a/data/mailserver-autodiscover/vhost.conf b/data/mailserver-autodiscover/vhost.conf
new file mode 100644
index 0000000..12f36a9
--- /dev/null
+++ b/data/mailserver-autodiscover/vhost.conf
@@ -0,0 +1,16 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name ${server_name};
+
+ ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
+ ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
+
+ root ${root};
+
+ location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml {
+ try_files /autodiscover/autodiscover.php =404;
+ fastcgi_pass php-handler;
+ include fastcgi.conf;
+ }
+}
diff --git a/groups/applications/mailserver.py b/groups/applications/mailserver.py
index 8025893..f37cfbc 100644
--- a/groups/applications/mailserver.py
+++ b/groups/applications/mailserver.py
@@ -4,6 +4,7 @@
'dovecot',
'letsencrypt',
'mailserver',
+ 'mailserver-autoconfig',
'nginx',
'php',
'postfix',
diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py
index 4506b3c..e4c289f 100644
--- a/nodes/netcup.mails.py
+++ b/nodes/netcup.mails.py
@@ -38,13 +38,13 @@
'freibrief.net',
'nadenau.net',
'naeder.net',
- 'rolfwerner.eu',
'wettengl.net',
'wingl.de',
'woodpipe.de',
'ckn.li',
'islamicstate.eu',
'hausamsilberberg.de',
+ 'wiegand.tel',
},
},
'dns': {
@@ -80,10 +80,8 @@
'freibrief.net',
'nadenau.net',
'naeder.net',
- 'rolfwerner.eu',
'wettengl.net',
- 'wingl.de',
- 'woodpipe.de',
+ 'wiegand.tel',
},
},
'rspamd': {