aboutsummaryrefslogtreecommitdiff
path: root/app_config/configuration/email
diff options
context:
space:
mode:
authorQuentin <quentin@deuxfleurs.fr>2020-09-12 20:17:07 +0200
committerQuentin <quentin@deuxfleurs.fr>2020-09-12 20:17:07 +0200
commita23e08ce20887efb4e158a02ffee1f775a0db89f (patch)
tree493a2cef5496aec74e57ad453574fdef6856f92b /app_config/configuration/email
parentfb4ffbc7faa0d123ce9bf817d240a8c670c494e3 (diff)
downloadinfrastructure-a23e08ce20887efb4e158a02ffee1f775a0db89f.tar.gz
infrastructure-a23e08ce20887efb4e158a02ffee1f775a0db89f.zip
Refactor 2
Diffstat (limited to 'app_config/configuration/email')
-rw-r--r--app_config/configuration/email/dkim/keytable1
-rw-r--r--app_config/configuration/email/dkim/signingtable2
-rw-r--r--app_config/configuration/email/dkim/smtp.private.sample0
-rw-r--r--app_config/configuration/email/dkim/smtp.txt.sample0
-rw-r--r--app_config/configuration/email/dkim/trusted4
-rwxr-xr-xapp_config/configuration/email/dovecot/certs.gen13
-rw-r--r--app_config/configuration/email/dovecot/dovecot-ldap.conf.tpl8
-rwxr-xr-xapp_config/configuration/email/postfix/certs.gen13
-rw-r--r--app_config/configuration/email/postfix/dynamicmaps.cf9
-rw-r--r--app_config/configuration/email/postfix/header_checks3
-rw-r--r--app_config/configuration/email/postfix/ldap-account.cf.tpl12
-rw-r--r--app_config/configuration/email/postfix/ldap-alias.cf.tpl9
-rw-r--r--app_config/configuration/email/postfix/ldap-virtual-domains.cf.tpl12
-rw-r--r--app_config/configuration/email/postfix/main.cf104
-rw-r--r--app_config/configuration/email/postfix/master.cf114
-rw-r--r--app_config/configuration/email/postfix/transport5
-rw-r--r--app_config/configuration/email/postfix/transport.dbbin12288 -> 0 bytes
-rw-r--r--app_config/configuration/email/sogo/sogo.conf.tpl68
18 files changed, 0 insertions, 377 deletions
diff --git a/app_config/configuration/email/dkim/keytable b/app_config/configuration/email/dkim/keytable
deleted file mode 100644
index f4ac7cd..0000000
--- a/app_config/configuration/email/dkim/keytable
+++ /dev/null
@@ -1 +0,0 @@
-smtp._domainkey.deuxfleurs.fr deuxfleurs.fr:smtp:/etc/dkim/smtp.private
diff --git a/app_config/configuration/email/dkim/signingtable b/app_config/configuration/email/dkim/signingtable
deleted file mode 100644
index 60d66ff..0000000
--- a/app_config/configuration/email/dkim/signingtable
+++ /dev/null
@@ -1,2 +0,0 @@
-*@deuxfleurs.fr smtp._domainkey.deuxfleurs.fr
-*@dufour.io smtp._domainkey.deuxfleurs.fr
diff --git a/app_config/configuration/email/dkim/smtp.private.sample b/app_config/configuration/email/dkim/smtp.private.sample
deleted file mode 100644
index e69de29..0000000
--- a/app_config/configuration/email/dkim/smtp.private.sample
+++ /dev/null
diff --git a/app_config/configuration/email/dkim/smtp.txt.sample b/app_config/configuration/email/dkim/smtp.txt.sample
deleted file mode 100644
index e69de29..0000000
--- a/app_config/configuration/email/dkim/smtp.txt.sample
+++ /dev/null
diff --git a/app_config/configuration/email/dkim/trusted b/app_config/configuration/email/dkim/trusted
deleted file mode 100644
index a01170d..0000000
--- a/app_config/configuration/email/dkim/trusted
+++ /dev/null
@@ -1,4 +0,0 @@
-127.0.0.1
-localhost
-192.168.1.0/24
-172.16.0.0/12
diff --git a/app_config/configuration/email/dovecot/certs.gen b/app_config/configuration/email/dovecot/certs.gen
deleted file mode 100755
index f26e917..0000000
--- a/app_config/configuration/email/dovecot/certs.gen
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr"
-openssl req \
- -new \
- -newkey rsa:4096 \
- -days 3650 \
- -nodes \
- -x509 \
- -subj ${TLSINFO} \
- -keyout dovecot.key \
- -out dovecot.crt
-
diff --git a/app_config/configuration/email/dovecot/dovecot-ldap.conf.tpl b/app_config/configuration/email/dovecot/dovecot-ldap.conf.tpl
deleted file mode 100644
index 9fb1ea6..0000000
--- a/app_config/configuration/email/dovecot/dovecot-ldap.conf.tpl
+++ /dev/null
@@ -1,8 +0,0 @@
-hosts = bottin2.service.2.cluster.deuxfleurs.fr
-dn = {{ key "secrets/email/dovecot/ldap_binddn" | trimSpace }}
-dnpass = {{ key "secrets/email/dovecot/ldap_bindpwd" | trimSpace }}
-base = dc=deuxfleurs,dc=fr
-scope = subtree
-user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr)))
-pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr)))
-user_attrs = mail=/var/mail/%{ldap:mail}
diff --git a/app_config/configuration/email/postfix/certs.gen b/app_config/configuration/email/postfix/certs.gen
deleted file mode 100755
index f25439b..0000000
--- a/app_config/configuration/email/postfix/certs.gen
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
-openssl req \
- -new \
- -newkey rsa:4096 \
- -days 3650 \
- -nodes \
- -x509 \
- -subj ${TLSINFO} \
- -keyout postfix.key \
- -out postfix.crt
-
diff --git a/app_config/configuration/email/postfix/dynamicmaps.cf b/app_config/configuration/email/postfix/dynamicmaps.cf
deleted file mode 100644
index 32d8f62..0000000
--- a/app_config/configuration/email/postfix/dynamicmaps.cf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Postfix dynamic maps configuration file.
-#
-# The first match found is the one that is used. Wildcards are not supported
-# as of postfix 2.0.2
-#
-#type location of .so file open function (mkmap func)
-#==== ================================ ============= ============
-ldap postfix-ldap.so dict_ldap_open
-sqlite postfix-sqlite.so dict_sqlite_open
diff --git a/app_config/configuration/email/postfix/header_checks b/app_config/configuration/email/postfix/header_checks
deleted file mode 100644
index cad52ec..0000000
--- a/app_config/configuration/email/postfix/header_checks
+++ /dev/null
@@ -1,3 +0,0 @@
-/^Received:/ IGNORE
-/^X-Originating-IP:/ IGNORE
-/^X-Mailer:/ IGNORE
diff --git a/app_config/configuration/email/postfix/ldap-account.cf.tpl b/app_config/configuration/email/postfix/ldap-account.cf.tpl
deleted file mode 100644
index 2575f10..0000000
--- a/app_config/configuration/email/postfix/ldap-account.cf.tpl
+++ /dev/null
@@ -1,12 +0,0 @@
-bind = yes
-bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }}
-bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }}
-version = 3
-timeout = 20
-start_tls = no
-tls_require_cert = no
-server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr
-scope = sub
-search_base = ou=users,dc=deuxfleurs,dc=fr
-query_filter = mail=%s
-result_attribute = mail
diff --git a/app_config/configuration/email/postfix/ldap-alias.cf.tpl b/app_config/configuration/email/postfix/ldap-alias.cf.tpl
deleted file mode 100644
index 775c0ad..0000000
--- a/app_config/configuration/email/postfix/ldap-alias.cf.tpl
+++ /dev/null
@@ -1,9 +0,0 @@
-server_host = bottin2.service.2.cluster.deuxfleurs.fr
-server_port = 389
-search_base = dc=deuxfleurs,dc=fr
-query_filter = (&(objectClass=inetOrgPerson)(memberOf=cn=%s,ou=mailing_lists,ou=groups,dc=deuxfleurs,dc=fr))
-result_attribute = mail
-bind = yes
-bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }}
-bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }}
-version = 3
diff --git a/app_config/configuration/email/postfix/ldap-virtual-domains.cf.tpl b/app_config/configuration/email/postfix/ldap-virtual-domains.cf.tpl
deleted file mode 100644
index e013953..0000000
--- a/app_config/configuration/email/postfix/ldap-virtual-domains.cf.tpl
+++ /dev/null
@@ -1,12 +0,0 @@
-bind = yes
-bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }}
-bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }}
-version = 3
-timeout = 20
-start_tls = no
-tls_require_cert = no
-server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr
-scope = sub
-search_base = ou=domains,ou=groups,dc=deuxfleurs,dc=fr
-query_filter = (&(objectclass=dNSDomain)(domain=%s))
-result_attribute = domain
diff --git a/app_config/configuration/email/postfix/main.cf b/app_config/configuration/email/postfix/main.cf
deleted file mode 100644
index 4204cb4..0000000
--- a/app_config/configuration/email/postfix/main.cf
+++ /dev/null
@@ -1,104 +0,0 @@
-#===
-# Base configuration
-#===
-myhostname = smtp.deuxfleurs.fr
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = smtp.deuxfleurs.fr
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_protocols = all
-inet_interfaces = all
-message_size_limit = 204800000
-smtpd_banner = $myhostname
-biff = no
-append_dot_mydomain = no
-readme_directory = no
-compatibility_level = 2
-
-#===
-# TLS parameters
-#===
-smtpd_tls_cert_file=/etc/ssl/certs/postfix.crt
-smtpd_tls_key_file=/etc/ssl/private/postfix.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
-smtp_tls_security_level = may
-
-#===
-# Remove privacy related content from emails
-#===
-mime_header_checks = regexp:/etc/postfix/header_checks
-header_checks = regexp:/etc/postfix/header_checks
-
-#===
-# Handle user authentication (handled by dovecot)
-#===
-smtpd_sasl_auth_enable = yes
-smtpd_sasl_path = inet:dovecot-auth.service.2.cluster.deuxfleurs.fr:1337
-smtpd_sasl_type = dovecot
-
-#===
-# Restrictions / Checks
-#===
-# -- Inspired by: http://www.postfix.org/SMTPD_ACCESS_README.html#lists
-
-# Require a valid HELO
-smtpd_helo_required = yes
-# As we use the same postfix to send and receive,
-# we can't enforce a valid HELO hostname...
-#smtpd_helo_restrictions =
-# reject_unknown_helo_hostname
-
-# Require that sender email has a valid domain
-smtpd_sender_restrictions =
- reject_unknown_sender_domain
-
-# Delivering email policy
-# MyNetwork is required by sogo
-smtpd_recipient_restrictions =
- permit_sasl_authenticated
- permit_mynetworks
- reject_unauth_destination
- reject_rbl_client zen.spamhaus.org
- reject_rhsbl_reverse_client dbl.spamhaus.org
- reject_rhsbl_helo dbl.spamhaus.org
- reject_rhsbl_sender dbl.spamhaus.org
-
-# Sending email policy
-# MyNetwork is required by sogo
-smtpd_relay_restrictions =
- permit_sasl_authenticated
- permit_mynetworks
- reject_unauth_destination
-
-smtpd_data_restrictions = reject_unauth_pipelining
-
-smtpd_client_connection_rate_limit = 2
-
-#===
-# Rate limiting
-#===
-slow_destination_recipient_limit = 20
-slow_destination_concurrency_limit = 2
-
-#====
-# Transport configuration
-#====
-transport_maps = hash:/etc/postfix/transport
-virtual_mailbox_domains = ldap:/etc/postfix/ldap-virtual-domains.cf
-virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf
-virtual_alias_maps = ldap:/etc/postfix/ldap-alias.cf
-virtual_transport = lmtp:dovecot-lmtp.service.2.cluster.deuxfleurs.fr:24
-
-#===
-# Mail filters
-#===
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:opendkim.service.2.cluster.deuxfleurs.fr:8999
-non_smtpd_milters = inet:opendkim.service.2.cluster.deuxfleurs.fr:8999
diff --git a/app_config/configuration/email/postfix/master.cf b/app_config/configuration/email/postfix/master.cf
deleted file mode 100644
index 53bc601..0000000
--- a/app_config/configuration/email/postfix/master.cf
+++ /dev/null
@@ -1,114 +0,0 @@
-#
-# Postfix master process configuration file. For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master").
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
-# ==========================================================================
-smtp inet n - n - - smtpd
-submission inet n - n - - smtpd
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
-smtps inet n - n - - smtpd
- -o smtpd_tls_wrappermode=yes
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
-slow unix - - n - 5 smtp
- -o syslog_name=postfix-slow
- -o smtp_destination_concurrency_limit=3
- -o slow_destination_rate_delay=1
-
-
-#628 inet n - - - - qmqpd
-pickup fifo n - n 60 1 pickup
-cleanup unix n - n - 0 cleanup
-qmgr fifo n - n 300 1 qmgr
-#qmgr fifo n - - 300 1 oqmgr
-tlsmgr unix - - n 1000? 1 tlsmgr
-rewrite unix - - n - - trivial-rewrite
-bounce unix - - n - 0 bounce
-defer unix - - n - 0 bounce
-trace unix - - n - 0 bounce
-verify unix - - n - 1 verify
-flush unix n - n 1000? 0 flush
-proxymap unix - - n - - proxymap
-proxywrite unix - - n - 1 proxymap
-# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-smtp unix - - n - - smtp
-# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-relay unix - - n - - smtp
- -o smtp_fallback_relay=
-showq unix n - n - - showq
-error unix - - n - - error
-retry unix - - n - - error
-discard unix - - n - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - n - - lmtp
-anvil unix - - n - 1 anvil
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent. See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-scache unix - - n - 1 scache
-maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
diff --git a/app_config/configuration/email/postfix/transport b/app_config/configuration/email/postfix/transport
deleted file mode 100644
index 68f62c5..0000000
--- a/app_config/configuration/email/postfix/transport
+++ /dev/null
@@ -1,5 +0,0 @@
-#wanadoo.com slow:
-#wanadoo.fr slow:
-#orange.com slow:
-#orange.fr slow:
-#smtp.orange.fr slow:
diff --git a/app_config/configuration/email/postfix/transport.db b/app_config/configuration/email/postfix/transport.db
deleted file mode 100644
index 487f394..0000000
--- a/app_config/configuration/email/postfix/transport.db
+++ /dev/null
Binary files differ
diff --git a/app_config/configuration/email/sogo/sogo.conf.tpl b/app_config/configuration/email/sogo/sogo.conf.tpl
deleted file mode 100644
index d4261e5..0000000
--- a/app_config/configuration/email/sogo/sogo.conf.tpl
+++ /dev/null
@@ -1,68 +0,0 @@
-{
- WONoDetach = NO;
- WOWorkersCount = 10;
- WOPort = "127.0.0.1:20000";
- SOGoProfileURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_user_profile";
- OCSFolderInfoURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_folder_info";
- OCSSessionsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_sessions_folder";
- OCSEMailAlarmsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_alarms_folder";
- OCSStoreURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_store";
- OCSAclURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_acl";
- OCSCacheFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_cache_folder";
- SOGoTimeZone = "Europe/Paris";
- SOGoMailDomain = "deuxfleurs.fr";
- SOGoLanguage = French;
- SOGoAppointmentSendEMailNotifications = YES;
- SOGoEnablePublicAccess = YES;
- SOGoMailingMechanism = smtp;
- SOGoSMTPServer = postfix-smtp.service.2.cluster.deuxfleurs.fr;
- SOGoSMTPAuthenticationType = PLAIN;
- SOGoForceExternalLoginWithEmail = YES;
- SOGoIMAPAclConformsToIMAPExt = YES;
- SOGoTimeZone = UTC;
- SOGoSentFolderName = Sent;
- SOGoTrashFolderName = Trash;
- SOGoDraftsFolderName = Drafts;
- SOGoIMAPServer = "imaps://dovecot-imaps.service.2.cluster.deuxfleurs.fr:993/?tlsVerifyMode=none";
- SOGoSieveServer = "sieve://sieve.service.2.cluster.deuxfleurs.fr:4190/?tls=YES";
- SOGoIMAPAclConformsToIMAPExt = YES;
- SOGoVacationEnabled = NO;
- SOGoForwardEnabled = NO;
- SOGoSieveScriptsEnabled = NO;
- SOGoFirstDayOfWeek = 1;
- SOGoRefreshViewCheck = every_5_minutes;
- SOGoMailAuxiliaryUserAccountsEnabled = NO;
- SOGoPasswordChangeEnabled = YES;
- SOGoPageTitle = "deuxfleurs.fr";
- SOGoLoginModule = Mail;
- SOGoMailAddOutgoingAddresses = YES;
- SOGoSelectedAddressBook = autobook;
- SOGoMailAuxiliaryUserAccountsEnabled = YES;
- SOGoCalendarEventsDefaultClassification = PRIVATE;
- SOGoMailReplyPlacement = above;
- SOGoMailSignaturePlacement = above;
- SOGoMailComposeMessageType = html;
-
- SOGoLDAPContactInfoAttribute = "displayname";
-
- SOGoUserSources = (
- {
- type = ldap;
- CNFieldName = displayname;
- IDFieldName = cn;
- UIDFieldName = cn;
- MailFieldNames = (mail, mailForwardingAddress);
- SearchFieldNames = (displayname, cn, sn, mail, telephoneNumber);
- IMAPLoginFieldName = mail;
- baseDN = "ou=users,dc=deuxfleurs,dc=fr";
- bindDN = "{{ key "secrets/email/sogo/ldap_binddn" | trimSpace }}";
- bindPassword = "{{ key "secrets/email/sogo/ldap_bindpw" | trimSpace}}";
- bindFields = (cn, mail);
- canAuthenticate = YES;
- displayName = "Bottin";
- hostname = "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389";
- id = bottin;
- isAddressBook = NO;
- }
- );
-}