From acd46fde80585764224395a6de93a217a0ff2a30 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Tue, 14 Sep 2021 17:46:06 +0200
Subject: Remove connection limit dovecot

---
 app/email/build/dovecot/Dockerfile                 |  1 -
 app/email/build/dovecot/conf/all_before.sieve      |  5 --
 .../build/dovecot/conf/dovecot-ldap.sample.conf    |  8 --
 app/email/build/dovecot/conf/dovecot.conf          | 85 ---------------------
 app/email/build/dovecot/conf/report-ham.sieve      | 17 -----
 app/email/build/dovecot/conf/report-spam.sieve     |  9 ---
 app/email/build/dovecot/legacy/all_before.sieve    |  5 ++
 .../build/dovecot/legacy/dovecot-ldap.sample.conf  |  8 ++
 app/email/build/dovecot/legacy/report-ham.sieve    | 17 +++++
 app/email/build/dovecot/legacy/report-spam.sieve   |  9 +++
 app/email/config/dovecot/dovecot.conf              | 87 ++++++++++++++++++++++
 app/email/deploy/email.hcl                         |  9 ++-
 12 files changed, 133 insertions(+), 127 deletions(-)
 delete mode 100644 app/email/build/dovecot/conf/all_before.sieve
 delete mode 100644 app/email/build/dovecot/conf/dovecot-ldap.sample.conf
 delete mode 100644 app/email/build/dovecot/conf/dovecot.conf
 delete mode 100644 app/email/build/dovecot/conf/report-ham.sieve
 delete mode 100644 app/email/build/dovecot/conf/report-spam.sieve
 create mode 100644 app/email/build/dovecot/legacy/all_before.sieve
 create mode 100644 app/email/build/dovecot/legacy/dovecot-ldap.sample.conf
 create mode 100644 app/email/build/dovecot/legacy/report-ham.sieve
 create mode 100644 app/email/build/dovecot/legacy/report-spam.sieve
 create mode 100644 app/email/config/dovecot/dovecot.conf

(limited to 'app/email')

diff --git a/app/email/build/dovecot/Dockerfile b/app/email/build/dovecot/Dockerfile
index 8e57c57..cd1fd0d 100644
--- a/app/email/build/dovecot/Dockerfile
+++ b/app/email/build/dovecot/Dockerfile
@@ -11,7 +11,6 @@ RUN apt-get update && \
       dovecot-lmtpd && \
     rm -rf /etc/dovecot/*
 RUN useradd mailstore
-COPY ./conf/* /etc/dovecot/
 COPY entrypoint.sh /usr/local/bin/entrypoint
 
 ENTRYPOINT ["/usr/local/bin/entrypoint"]
diff --git a/app/email/build/dovecot/conf/all_before.sieve b/app/email/build/dovecot/conf/all_before.sieve
deleted file mode 100644
index 7d2e57e..0000000
--- a/app/email/build/dovecot/conf/all_before.sieve
+++ /dev/null
@@ -1,5 +0,0 @@
-require ["fileinto", "mailbox"];
-if header :contains "X-Spam-Flag" "YES" {
-    fileinto :create "Junk";
-}
-
diff --git a/app/email/build/dovecot/conf/dovecot-ldap.sample.conf b/app/email/build/dovecot/conf/dovecot-ldap.sample.conf
deleted file mode 100644
index 472d5e8..0000000
--- a/app/email/build/dovecot/conf/dovecot-ldap.sample.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-hosts = ldap.example.com
-dn = cn=admin,dc=example,dc=com
-dnpass = s3cr3t
-base = dc=example,dc=com
-scope = subtree
-user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com)))
-pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com)))
-user_attrs = mail=/var/mail/%{ldap:mail}
diff --git a/app/email/build/dovecot/conf/dovecot.conf b/app/email/build/dovecot/conf/dovecot.conf
deleted file mode 100644
index b0fffbf..0000000
--- a/app/email/build/dovecot/conf/dovecot.conf
+++ /dev/null
@@ -1,85 +0,0 @@
-auth_mechanisms = plain login
-auth_username_format = %u
-log_timestamp = "%Y-%m-%d %H:%M:%S "
-mail_location = maildir:/var/mail/%u
-mail_privileged_group = mail
-
-log_path = /dev/stderr
-info_log_path = /dev/stdout
-debug_log_path = /dev/stdout
-
-protocols = imap sieve lmtp
-
-ssl_cert = < /etc/ssl/certs/dovecot.crt
-ssl_key = < /etc/ssl/private/dovecot.key
-
-service auth {
- inet_listener {
-   port = 1337
- }
-}
-
-
-
-service lmtp {
-  inet_listener lmtp {
-    address = 0.0.0.0
-    port = 24
-  }
-}
-
-# https://doc.dovecot.org/configuration_manual/authentication/ldap_authentication/
-passdb {
-  args = /etc/dovecot/dovecot-ldap.conf
-  driver = ldap
-}
-userdb {
-  driver = prefetch
-}
-userdb {
-  args = /etc/dovecot/dovecot-ldap.conf
-  driver = ldap
-}
-
-
-service imap-login {
-  inet_listener imap {
-    port = 143
-  }
-  inet_listener imaps {
-    port = 993
-  }
-}
-
-protocol imap {
-  mail_plugins = $mail_plugins imap_sieve
-}
-
-protocol lda {
-  auth_socket_path = /var/run/dovecot/auth-master
-  info_log_path = /var/log/dovecot-deliver.log
-  log_path = /var/log/dovecot-deliver-errors.log
-  postmaster_address = postmaster@deuxfleurs.fr
-  mail_plugins = $mail_plugins sieve
-}
-
-plugin {
-  sieve = file:~/sieve;active=~/dovecot.sieve
-  sieve_before = /etc/dovecot/all_before.sieve
-
-  # antispam learn
-  sieve_plugins = sieve_imapsieve sieve_extprograms
-  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug
-  sieve_pipe_bin_dir = /usr/bin
-
-  imapsieve_mailbox1_name = Junk
-  imapsieve_mailbox1_causes = COPY FLAG APPEND
-  imapsieve_mailbox1_before = file:/etc/dovecot/report-spam.sieve
-
-  imapsieve_mailbox2_name = *
-  imapsieve_mailbox2_from = Spam
-  imapsieve_mailbox2_causes = COPY APPEND
-  imapsieve_mailbox2_before = file:/etc/dovecot/report-ham.sieve
-
-}
-
diff --git a/app/email/build/dovecot/conf/report-ham.sieve b/app/email/build/dovecot/conf/report-ham.sieve
deleted file mode 100644
index c5a994a..0000000
--- a/app/email/build/dovecot/conf/report-ham.sieve
+++ /dev/null
@@ -1,17 +0,0 @@
-require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"];
-
-if environment :matches "imap.mailbox" "*" {
-  set "mailbox" "${1}";
-}
-
-if string "${mailbox}" "Trash" {
-  stop;
-}
-
-if environment :matches "imap.user" "*" {
-  set "username" "${1}";
-}
-
-pipe :copy "sa-learn" [ "--ham", "-u", "debian-spamd" ];
-debug_log "ham reported by ${username}";
-
diff --git a/app/email/build/dovecot/conf/report-spam.sieve b/app/email/build/dovecot/conf/report-spam.sieve
deleted file mode 100644
index 1be7389..0000000
--- a/app/email/build/dovecot/conf/report-spam.sieve
+++ /dev/null
@@ -1,9 +0,0 @@
-require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"];
-
-if environment :matches "imap.user" "*" {
-  set "username" "${1}";
-}
-
-pipe :copy "sa-learn" [ "--spam", "-u", "debian-spamd"];
-debug_log "spam reported by ${username}";
-
diff --git a/app/email/build/dovecot/legacy/all_before.sieve b/app/email/build/dovecot/legacy/all_before.sieve
new file mode 100644
index 0000000..7d2e57e
--- /dev/null
+++ b/app/email/build/dovecot/legacy/all_before.sieve
@@ -0,0 +1,5 @@
+require ["fileinto", "mailbox"];
+if header :contains "X-Spam-Flag" "YES" {
+    fileinto :create "Junk";
+}
+
diff --git a/app/email/build/dovecot/legacy/dovecot-ldap.sample.conf b/app/email/build/dovecot/legacy/dovecot-ldap.sample.conf
new file mode 100644
index 0000000..472d5e8
--- /dev/null
+++ b/app/email/build/dovecot/legacy/dovecot-ldap.sample.conf
@@ -0,0 +1,8 @@
+hosts = ldap.example.com
+dn = cn=admin,dc=example,dc=com
+dnpass = s3cr3t
+base = dc=example,dc=com
+scope = subtree
+user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com)))
+pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com)))
+user_attrs = mail=/var/mail/%{ldap:mail}
diff --git a/app/email/build/dovecot/legacy/report-ham.sieve b/app/email/build/dovecot/legacy/report-ham.sieve
new file mode 100644
index 0000000..c5a994a
--- /dev/null
+++ b/app/email/build/dovecot/legacy/report-ham.sieve
@@ -0,0 +1,17 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"];
+
+if environment :matches "imap.mailbox" "*" {
+  set "mailbox" "${1}";
+}
+
+if string "${mailbox}" "Trash" {
+  stop;
+}
+
+if environment :matches "imap.user" "*" {
+  set "username" "${1}";
+}
+
+pipe :copy "sa-learn" [ "--ham", "-u", "debian-spamd" ];
+debug_log "ham reported by ${username}";
+
diff --git a/app/email/build/dovecot/legacy/report-spam.sieve b/app/email/build/dovecot/legacy/report-spam.sieve
new file mode 100644
index 0000000..1be7389
--- /dev/null
+++ b/app/email/build/dovecot/legacy/report-spam.sieve
@@ -0,0 +1,9 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"];
+
+if environment :matches "imap.user" "*" {
+  set "username" "${1}";
+}
+
+pipe :copy "sa-learn" [ "--spam", "-u", "debian-spamd"];
+debug_log "spam reported by ${username}";
+
diff --git a/app/email/config/dovecot/dovecot.conf b/app/email/config/dovecot/dovecot.conf
new file mode 100644
index 0000000..5f89a07
--- /dev/null
+++ b/app/email/config/dovecot/dovecot.conf
@@ -0,0 +1,87 @@
+auth_mechanisms = plain login
+auth_username_format = %u
+log_timestamp = "%Y-%m-%d %H:%M:%S "
+mail_location = maildir:/var/mail/%u
+mail_privileged_group = mail
+
+log_path = /dev/stderr
+info_log_path = /dev/stdout
+debug_log_path = /dev/stdout
+
+protocols = imap sieve lmtp
+
+ssl_cert = < /etc/ssl/certs/dovecot.crt
+ssl_key = < /etc/ssl/private/dovecot.key
+
+service auth {
+ inet_listener {
+   port = 1337
+ }
+}
+
+
+
+service lmtp {
+  inet_listener lmtp {
+    address = 0.0.0.0
+    port = 24
+  }
+}
+
+# https://doc.dovecot.org/configuration_manual/authentication/ldap_authentication/
+passdb {
+  args = /etc/dovecot/dovecot-ldap.conf
+  driver = ldap
+}
+userdb {
+  driver = prefetch
+}
+userdb {
+  args = /etc/dovecot/dovecot-ldap.conf
+  driver = ldap
+}
+
+
+service imap-login {
+  service_count = 0 # performance mode. set to 1 for secure mode
+  process_min_avail = 1
+  inet_listener imap {
+    port = 143
+  }
+  inet_listener imaps {
+    port = 993
+  }
+}
+
+protocol imap {
+  mail_plugins = $mail_plugins imap_sieve
+}
+
+protocol lda {
+  auth_socket_path = /var/run/dovecot/auth-master
+  info_log_path = /var/log/dovecot-deliver.log
+  log_path = /var/log/dovecot-deliver-errors.log
+  postmaster_address = postmaster@deuxfleurs.fr
+  mail_plugins = $mail_plugins sieve
+}
+
+plugin {
+  sieve = file:~/sieve;active=~/dovecot.sieve
+  sieve_before = /etc/dovecot/all_before.sieve
+
+  # antispam learn
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug
+  sieve_pipe_bin_dir = /usr/bin
+
+  imapsieve_mailbox1_name = Junk
+  imapsieve_mailbox1_causes = COPY FLAG APPEND
+  imapsieve_mailbox1_before = file:/etc/dovecot/report-spam.sieve
+
+  imapsieve_mailbox2_name = *
+  imapsieve_mailbox2_from = Spam
+  imapsieve_mailbox2_causes = COPY APPEND
+  imapsieve_mailbox2_before = file:/etc/dovecot/report-ham.sieve
+
+}
+
diff --git a/app/email/deploy/email.hcl b/app/email/deploy/email.hcl
index c0a651a..84e66b8 100644
--- a/app/email/deploy/email.hcl
+++ b/app/email/deploy/email.hcl
@@ -29,7 +29,7 @@ job "email" {
       driver = "docker"
 
       config {
-        image = "superboum/amd64_dovecot:v5"
+        image = "superboum/amd64_dovecot:v6"
         readonly_rootfs = false
         ports = [ "zauthentication_port", "imaps_port", "imap_port", "lmtp_port" ]
         command = "dovecot"
@@ -37,7 +37,7 @@ job "email" {
         volumes = [
           "secrets/ssl/certs:/etc/ssl/certs",
           "secrets/ssl/private:/etc/ssl/private",
-          "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf",
+          "secrets/conf/:/etc/dovecot/",
           "/mnt/glusterfs/email/mail:/var/mail/",
         ]
       }
@@ -135,6 +135,11 @@ job "email" {
         destination = "secrets/conf/dovecot-ldap.conf"
         perms = "400"
       }
+      template {
+        data = file("../config/dovecot/dovecot.conf")
+        destination = "secrets/conf/dovecot.conf"
+        perms = "400"
+      }
 
       # ----- secrets ------
       template {
-- 
cgit v1.2.3