diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-01-18 16:46:21 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-01-18 16:46:21 +0100 |
commit | 2c2efdc27684c1382a4949cff8fe06ee36c0f4c0 (patch) | |
tree | c01dd9454deeec6f43ce5ccd94d12138e6f9ea18 /app/config/configuration/email | |
parent | 6c8c861dd50aebf4a12232ecc1fab12c5f83bf03 (diff) | |
parent | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (diff) | |
download | infrastructure-2c2efdc27684c1382a4949cff8fe06ee36c0f4c0.tar.gz infrastructure-2c2efdc27684c1382a4949cff8fe06ee36c0f4c0.zip |
Merge branch 'master' of git.deuxfleurs.fr:Deuxfleurs/infrastructure
Diffstat (limited to 'app/config/configuration/email')
18 files changed, 0 insertions, 378 deletions
diff --git a/app/config/configuration/email/dkim/keytable b/app/config/configuration/email/dkim/keytable deleted file mode 100644 index f4ac7cd..0000000 --- a/app/config/configuration/email/dkim/keytable +++ /dev/null @@ -1 +0,0 @@ -smtp._domainkey.deuxfleurs.fr deuxfleurs.fr:smtp:/etc/dkim/smtp.private diff --git a/app/config/configuration/email/dkim/signingtable b/app/config/configuration/email/dkim/signingtable deleted file mode 100644 index 60d66ff..0000000 --- a/app/config/configuration/email/dkim/signingtable +++ /dev/null @@ -1,2 +0,0 @@ -*@deuxfleurs.fr smtp._domainkey.deuxfleurs.fr -*@dufour.io smtp._domainkey.deuxfleurs.fr diff --git a/app/config/configuration/email/dkim/smtp.private.sample b/app/config/configuration/email/dkim/smtp.private.sample deleted file mode 100644 index e69de29..0000000 --- a/app/config/configuration/email/dkim/smtp.private.sample +++ /dev/null diff --git a/app/config/configuration/email/dkim/smtp.txt.sample b/app/config/configuration/email/dkim/smtp.txt.sample deleted file mode 100644 index e69de29..0000000 --- a/app/config/configuration/email/dkim/smtp.txt.sample +++ /dev/null diff --git a/app/config/configuration/email/dkim/trusted b/app/config/configuration/email/dkim/trusted deleted file mode 100644 index a01170d..0000000 --- a/app/config/configuration/email/dkim/trusted +++ /dev/null @@ -1,4 +0,0 @@ -127.0.0.1 -localhost -192.168.1.0/24 -172.16.0.0/12 diff --git a/app/config/configuration/email/dovecot/certs.gen b/app/config/configuration/email/dovecot/certs.gen deleted file mode 100755 index f26e917..0000000 --- a/app/config/configuration/email/dovecot/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout dovecot.key \ - -out dovecot.crt - diff --git a/app/config/configuration/email/dovecot/dovecot-ldap.conf.tpl b/app/config/configuration/email/dovecot/dovecot-ldap.conf.tpl deleted file mode 100644 index 9fb1ea6..0000000 --- a/app/config/configuration/email/dovecot/dovecot-ldap.conf.tpl +++ /dev/null @@ -1,8 +0,0 @@ -hosts = bottin2.service.2.cluster.deuxfleurs.fr -dn = {{ key "secrets/email/dovecot/ldap_binddn" | trimSpace }} -dnpass = {{ key "secrets/email/dovecot/ldap_bindpwd" | trimSpace }} -base = dc=deuxfleurs,dc=fr -scope = subtree -user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr))) -pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr))) -user_attrs = mail=/var/mail/%{ldap:mail} diff --git a/app/config/configuration/email/postfix/certs.gen b/app/config/configuration/email/postfix/certs.gen deleted file mode 100755 index f25439b..0000000 --- a/app/config/configuration/email/postfix/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout postfix.key \ - -out postfix.crt - diff --git a/app/config/configuration/email/postfix/dynamicmaps.cf b/app/config/configuration/email/postfix/dynamicmaps.cf deleted file mode 100644 index 32d8f62..0000000 --- a/app/config/configuration/email/postfix/dynamicmaps.cf +++ /dev/null @@ -1,9 +0,0 @@ -# Postfix dynamic maps configuration file. -# -# The first match found is the one that is used. Wildcards are not supported -# as of postfix 2.0.2 -# -#type location of .so file open function (mkmap func) -#==== ================================ ============= ============ -ldap postfix-ldap.so dict_ldap_open -sqlite postfix-sqlite.so dict_sqlite_open diff --git a/app/config/configuration/email/postfix/header_checks b/app/config/configuration/email/postfix/header_checks deleted file mode 100644 index cad52ec..0000000 --- a/app/config/configuration/email/postfix/header_checks +++ /dev/null @@ -1,3 +0,0 @@ -/^Received:/ IGNORE -/^X-Originating-IP:/ IGNORE -/^X-Mailer:/ IGNORE diff --git a/app/config/configuration/email/postfix/ldap-account.cf.tpl b/app/config/configuration/email/postfix/ldap-account.cf.tpl deleted file mode 100644 index 2575f10..0000000 --- a/app/config/configuration/email/postfix/ldap-account.cf.tpl +++ /dev/null @@ -1,12 +0,0 @@ -bind = yes -bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} -bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} -version = 3 -timeout = 20 -start_tls = no -tls_require_cert = no -server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr -scope = sub -search_base = ou=users,dc=deuxfleurs,dc=fr -query_filter = mail=%s -result_attribute = mail diff --git a/app/config/configuration/email/postfix/ldap-alias.cf.tpl b/app/config/configuration/email/postfix/ldap-alias.cf.tpl deleted file mode 100644 index 775c0ad..0000000 --- a/app/config/configuration/email/postfix/ldap-alias.cf.tpl +++ /dev/null @@ -1,9 +0,0 @@ -server_host = bottin2.service.2.cluster.deuxfleurs.fr -server_port = 389 -search_base = dc=deuxfleurs,dc=fr -query_filter = (&(objectClass=inetOrgPerson)(memberOf=cn=%s,ou=mailing_lists,ou=groups,dc=deuxfleurs,dc=fr)) -result_attribute = mail -bind = yes -bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} -bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} -version = 3 diff --git a/app/config/configuration/email/postfix/ldap-virtual-domains.cf.tpl b/app/config/configuration/email/postfix/ldap-virtual-domains.cf.tpl deleted file mode 100644 index e013953..0000000 --- a/app/config/configuration/email/postfix/ldap-virtual-domains.cf.tpl +++ /dev/null @@ -1,12 +0,0 @@ -bind = yes -bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} -bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} -version = 3 -timeout = 20 -start_tls = no -tls_require_cert = no -server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr -scope = sub -search_base = ou=domains,ou=groups,dc=deuxfleurs,dc=fr -query_filter = (&(objectclass=dNSDomain)(domain=%s)) -result_attribute = domain diff --git a/app/config/configuration/email/postfix/main.cf b/app/config/configuration/email/postfix/main.cf deleted file mode 100644 index 4204cb4..0000000 --- a/app/config/configuration/email/postfix/main.cf +++ /dev/null @@ -1,104 +0,0 @@ -#=== -# Base configuration -#=== -myhostname = smtp.deuxfleurs.fr -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -myorigin = /etc/mailname -mydestination = smtp.deuxfleurs.fr -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_protocols = all -inet_interfaces = all -message_size_limit = 204800000 -smtpd_banner = $myhostname -biff = no -append_dot_mydomain = no -readme_directory = no -compatibility_level = 2 - -#=== -# TLS parameters -#=== -smtpd_tls_cert_file=/etc/ssl/certs/postfix.crt -smtpd_tls_key_file=/etc/ssl/private/postfix.key -smtpd_use_tls=yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache -#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy -smtp_tls_security_level = may - -#=== -# Remove privacy related content from emails -#=== -mime_header_checks = regexp:/etc/postfix/header_checks -header_checks = regexp:/etc/postfix/header_checks - -#=== -# Handle user authentication (handled by dovecot) -#=== -smtpd_sasl_auth_enable = yes -smtpd_sasl_path = inet:dovecot-auth.service.2.cluster.deuxfleurs.fr:1337 -smtpd_sasl_type = dovecot - -#=== -# Restrictions / Checks -#=== -# -- Inspired by: http://www.postfix.org/SMTPD_ACCESS_README.html#lists - -# Require a valid HELO -smtpd_helo_required = yes -# As we use the same postfix to send and receive, -# we can't enforce a valid HELO hostname... -#smtpd_helo_restrictions = -# reject_unknown_helo_hostname - -# Require that sender email has a valid domain -smtpd_sender_restrictions = - reject_unknown_sender_domain - -# Delivering email policy -# MyNetwork is required by sogo -smtpd_recipient_restrictions = - permit_sasl_authenticated - permit_mynetworks - reject_unauth_destination - reject_rbl_client zen.spamhaus.org - reject_rhsbl_reverse_client dbl.spamhaus.org - reject_rhsbl_helo dbl.spamhaus.org - reject_rhsbl_sender dbl.spamhaus.org - -# Sending email policy -# MyNetwork is required by sogo -smtpd_relay_restrictions = - permit_sasl_authenticated - permit_mynetworks - reject_unauth_destination - -smtpd_data_restrictions = reject_unauth_pipelining - -smtpd_client_connection_rate_limit = 2 - -#=== -# Rate limiting -#=== -slow_destination_recipient_limit = 20 -slow_destination_concurrency_limit = 2 - -#==== -# Transport configuration -#==== -transport_maps = hash:/etc/postfix/transport -virtual_mailbox_domains = ldap:/etc/postfix/ldap-virtual-domains.cf -virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf -virtual_alias_maps = ldap:/etc/postfix/ldap-alias.cf -virtual_transport = lmtp:dovecot-lmtp.service.2.cluster.deuxfleurs.fr:24 - -#=== -# Mail filters -#=== -milter_default_action = accept -milter_protocol = 6 -smtpd_milters = inet:opendkim.service.2.cluster.deuxfleurs.fr:8999 -non_smtpd_milters = inet:opendkim.service.2.cluster.deuxfleurs.fr:8999 diff --git a/app/config/configuration/email/postfix/master.cf b/app/config/configuration/email/postfix/master.cf deleted file mode 100644 index 53bc601..0000000 --- a/app/config/configuration/email/postfix/master.cf +++ /dev/null @@ -1,114 +0,0 @@ -# -# Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master"). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) -# ========================================================================== -smtp inet n - n - - smtpd -submission inet n - n - - smtpd - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING -smtps inet n - n - - smtpd - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING -slow unix - - n - 5 smtp - -o syslog_name=postfix-slow - -o smtp_destination_concurrency_limit=3 - -o slow_destination_rate_delay=1 - - -#628 inet n - - - - qmqpd -pickup fifo n - n 60 1 pickup -cleanup unix n - n - 0 cleanup -qmgr fifo n - n 300 1 qmgr -#qmgr fifo n - - 300 1 oqmgr -tlsmgr unix - - n 1000? 1 tlsmgr -rewrite unix - - n - - trivial-rewrite -bounce unix - - n - 0 bounce -defer unix - - n - 0 bounce -trace unix - - n - 0 bounce -verify unix - - n - 1 verify -flush unix n - n 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -# When relaying mail as backup MX, disable fallback_relay to avoid MX loops -smtp unix - - n - - smtp -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -relay unix - - n - - smtp - -o smtp_fallback_relay= -showq unix n - n - - showq -error unix - - n - - error -retry unix - - n - - error -discard unix - - n - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - n - - lmtp -anvil unix - - n - 1 anvil -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -scache unix - - n - 1 scache -maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# Recent Cyrus versions can use the existing "lmtp" master.cf entry. -# -# Specify in cyrus.conf: -# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 -# -# Specify in main.cf one or more of the following: -# mailbox_transport = lmtp:inet:localhost -# virtual_transport = lmtp:inet:localhost -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# Old example of delivery via Cyrus. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# Other external delivery methods. -# -ifmail unix - n n - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe - flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} -mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py - ${nexthop} ${user} diff --git a/app/config/configuration/email/postfix/transport b/app/config/configuration/email/postfix/transport deleted file mode 100644 index 68f62c5..0000000 --- a/app/config/configuration/email/postfix/transport +++ /dev/null @@ -1,5 +0,0 @@ -#wanadoo.com slow: -#wanadoo.fr slow: -#orange.com slow: -#orange.fr slow: -#smtp.orange.fr slow: diff --git a/app/config/configuration/email/postfix/transport.db b/app/config/configuration/email/postfix/transport.db Binary files differdeleted file mode 100644 index 487f394..0000000 --- a/app/config/configuration/email/postfix/transport.db +++ /dev/null diff --git a/app/config/configuration/email/sogo/sogo.conf.tpl b/app/config/configuration/email/sogo/sogo.conf.tpl deleted file mode 100644 index ab4f8f5..0000000 --- a/app/config/configuration/email/sogo/sogo.conf.tpl +++ /dev/null @@ -1,69 +0,0 @@ -{ - WONoDetach = NO; - WOWorkersCount = 3; - SxVMemLimit = 300; - WOPort = "127.0.0.1:20000"; - SOGoProfileURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_user_profile"; - OCSFolderInfoURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_folder_info"; - OCSSessionsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_sessions_folder"; - OCSEMailAlarmsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_alarms_folder"; - OCSStoreURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_store"; - OCSAclURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_acl"; - OCSCacheFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_cache_folder"; - SOGoTimeZone = "Europe/Paris"; - SOGoMailDomain = "deuxfleurs.fr"; - SOGoLanguage = French; - SOGoAppointmentSendEMailNotifications = YES; - SOGoEnablePublicAccess = YES; - SOGoMailingMechanism = smtp; - SOGoSMTPServer = postfix-smtp.service.2.cluster.deuxfleurs.fr; - SOGoSMTPAuthenticationType = PLAIN; - SOGoForceExternalLoginWithEmail = YES; - SOGoIMAPAclConformsToIMAPExt = YES; - SOGoTimeZone = UTC; - SOGoSentFolderName = Sent; - SOGoTrashFolderName = Trash; - SOGoDraftsFolderName = Drafts; - SOGoIMAPServer = "imaps://dovecot-imaps.service.2.cluster.deuxfleurs.fr:993/?tlsVerifyMode=none"; - SOGoSieveServer = "sieve://sieve.service.2.cluster.deuxfleurs.fr:4190/?tls=YES"; - SOGoIMAPAclConformsToIMAPExt = YES; - SOGoVacationEnabled = NO; - SOGoForwardEnabled = NO; - SOGoSieveScriptsEnabled = NO; - SOGoFirstDayOfWeek = 1; - SOGoRefreshViewCheck = every_5_minutes; - SOGoMailAuxiliaryUserAccountsEnabled = NO; - SOGoPasswordChangeEnabled = YES; - SOGoPageTitle = "deuxfleurs.fr"; - SOGoLoginModule = Mail; - SOGoMailAddOutgoingAddresses = YES; - SOGoSelectedAddressBook = autobook; - SOGoMailAuxiliaryUserAccountsEnabled = YES; - SOGoCalendarEventsDefaultClassification = PRIVATE; - SOGoMailReplyPlacement = above; - SOGoMailSignaturePlacement = above; - SOGoMailComposeMessageType = html; - - SOGoLDAPContactInfoAttribute = "displayname"; - - SOGoUserSources = ( - { - type = ldap; - CNFieldName = displayname; - IDFieldName = cn; - UIDFieldName = cn; - MailFieldNames = (mail, mailForwardingAddress); - SearchFieldNames = (displayname, cn, sn, mail, telephoneNumber); - IMAPLoginFieldName = mail; - baseDN = "ou=users,dc=deuxfleurs,dc=fr"; - bindDN = "{{ key "secrets/email/sogo/ldap_binddn" | trimSpace }}"; - bindPassword = "{{ key "secrets/email/sogo/ldap_bindpw" | trimSpace}}"; - bindFields = (cn, mail); - canAuthenticate = YES; - displayName = "Bottin"; - hostname = "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389"; - id = bottin; - isAddressBook = NO; - } - ); -} |