webbuilder_pel7x64builder0
6 years ago
14 changed files with 2247 additions and 0 deletions
@ -0,0 +1,11 @@
@@ -0,0 +1,11 @@
|
||||
--- dovecot-1.0.beta2/doc/mkcert.sh.configfile 2006-01-16 21:14:54.000000000 +0100 |
||||
+++ dovecot-1.0.beta2/doc/mkcert.sh 2006-01-26 14:28:38.000000000 +0100 |
||||
@@ -29,6 +29,7 @@ |
||||
fi |
||||
|
||||
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 |
||||
-chmod 0600 $KEYFILE |
||||
+chown root:root $CERTFILE $KEYFILE |
||||
+chmod 0600 $CERTFILE $KEYFILE |
||||
echo |
||||
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2 |
@ -0,0 +1,14 @@
@@ -0,0 +1,14 @@
|
||||
diff -up dovecot-2.2.27/doc/mkcert.sh.mkcert-paths dovecot-2.2.27/doc/mkcert.sh |
||||
--- dovecot-2.2.27/doc/mkcert.sh.mkcert-paths 2016-12-05 10:26:07.913515286 +0100 |
||||
+++ dovecot-2.2.27/doc/mkcert.sh 2016-12-05 10:28:25.439634417 +0100 |
||||
@@ -5,8 +5,8 @@ |
||||
|
||||
umask 077 |
||||
OPENSSL=${OPENSSL-openssl} |
||||
-SSLDIR=${SSLDIR-/etc/ssl} |
||||
-OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} |
||||
+SSLDIR=${SSLDIR-/etc/pki/dovecot} |
||||
+OPENSSLCONFIG=${OPENSSLCONFIG-/etc/pki/dovecot/dovecot-openssl.cnf} |
||||
|
||||
CERTDIR=$SSLDIR/certs |
||||
KEYDIR=$SSLDIR/private |
@ -0,0 +1,34 @@
@@ -0,0 +1,34 @@
|
||||
diff -up dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf |
||||
--- dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf.default-settings 2013-04-23 12:33:55.000000000 +0200 |
||||
+++ dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf 2016-06-17 17:56:17.353210369 +0200 |
||||
@@ -165,7 +165,7 @@ namespace inbox { |
||||
# to make sure that users can't log in as daemons or other system users. |
||||
# Note that denying root logins is hardcoded to dovecot binary and can't |
||||
# be done even if first_valid_uid is set to 0. |
||||
-#first_valid_uid = 500 |
||||
+first_valid_uid = 1000 |
||||
#last_valid_uid = 0 |
||||
|
||||
# Valid GID range for users, defaults to non-root/wheel. Users having |
||||
@@ -286,6 +286,7 @@ namespace inbox { |
||||
# them simultaneously. |
||||
#mbox_read_locks = fcntl |
||||
#mbox_write_locks = dotlock fcntl |
||||
+mbox_write_locks = fcntl |
||||
|
||||
# Maximum time to wait for lock (all of them) before aborting. |
||||
#mbox_lock_timeout = 5 mins |
||||
diff -up dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf |
||||
--- dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf.default-settings 2013-11-19 21:36:30.000000000 +0100 |
||||
+++ dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf 2016-06-17 17:54:18.749626750 +0200 |
||||
@@ -3,7 +3,9 @@ |
||||
## |
||||
|
||||
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> |
||||
-#ssl = yes |
||||
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps |
||||
+# plain imap and pop3 are still allowed for local connections |
||||
+ssl = required |
||||
|
||||
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before |
||||
# dropping root privileges, so keep the key file unreadable by anyone but |
@ -0,0 +1,11 @@
@@ -0,0 +1,11 @@
|
||||
diff -up dovecot-2.1.10/dovecot.service.in.privatetmp dovecot-2.1.10/dovecot.service.in |
||||
--- dovecot-2.1.10/dovecot.service.in.privatetmp 2012-11-02 10:27:38.000000000 +0100 |
||||
+++ dovecot-2.1.10/dovecot.service.in 2012-11-02 10:28:04.079320857 +0100 |
||||
@@ -6,6 +6,7 @@ After=local-fs.target network.target |
||||
Type=simple |
||||
ExecStart=@sbindir@/dovecot -F |
||||
ExecReload=/bin/kill -HUP $MAINPID |
||||
+PrivateTmp=true |
||||
NonBlocking=yes |
||||
|
||||
[Install] |
@ -0,0 +1,16 @@
@@ -0,0 +1,16 @@
|
||||
diff -up dovecot-2.2.36/dovecot.service.in.waitonline dovecot-2.2.36/dovecot.service.in |
||||
--- dovecot-2.2.36/dovecot.service.in.waitonline 2018-04-30 15:52:05.000000000 +0200 |
||||
+++ dovecot-2.2.36/dovecot.service.in 2018-06-12 15:34:22.459995078 +0200 |
||||
@@ -8,10 +8,11 @@ |
||||
Description=Dovecot IMAP/POP3 email server |
||||
Documentation=man:dovecot(1) |
||||
Documentation=http://wiki2.dovecot.org/ |
||||
-After=local-fs.target network.target |
||||
+After=local-fs.target network.target network-online.target |
||||
|
||||
[Service] |
||||
Type=forking |
||||
+ExecStartPre=/usr/libexec/dovecot/prestartscript |
||||
ExecStart=@sbindir@/dovecot |
||||
PIDFile=@rundir@/master.pid |
||||
ExecReload=@bindir@/doveadm reload |
@ -0,0 +1,59 @@
@@ -0,0 +1,59 @@
|
||||
From ca5b3ec5331545b46ec1f1c4ecfa1302ddb10653 Mon Sep 17 00:00:00 2001 |
||||
From: Timo Sirainen <timo.sirainen@dovecot.fi> |
||||
Date: Wed, 29 Jun 2016 00:56:56 +0300 |
||||
Subject: [PATCH] auth: userdb passwd iteration now skips users not in |
||||
first/last_valid_gid range |
||||
|
||||
Patch by Michal Hlavinka / Red Hat |
||||
--- |
||||
src/auth/auth-settings.c | 4 ++++ |
||||
src/auth/auth-settings.h | 2 ++ |
||||
src/auth/userdb-passwd.c | 4 ++++ |
||||
3 files changed, 10 insertions(+) |
||||
|
||||
diff -up dovecot-2.2.36/src/auth/auth-settings.c.gidcheck dovecot-2.2.36/src/auth/auth-settings.c |
||||
--- dovecot-2.2.36/src/auth/auth-settings.c.gidcheck 2018-04-30 15:52:05.000000000 +0200 |
||||
+++ dovecot-2.2.36/src/auth/auth-settings.c 2018-09-17 12:17:13.132032699 +0200 |
||||
@@ -272,6 +272,8 @@ static const struct setting_define auth_ |
||||
DEF_NOPREFIX(SET_BOOL, verbose_proctitle), |
||||
DEF_NOPREFIX(SET_UINT, first_valid_uid), |
||||
DEF_NOPREFIX(SET_UINT, last_valid_uid), |
||||
+ DEF_NOPREFIX(SET_UINT, first_valid_gid), |
||||
+ DEF_NOPREFIX(SET_UINT, last_valid_gid), |
||||
|
||||
DEF_NOPREFIX(SET_STR, ssl_client_ca_dir), |
||||
DEF_NOPREFIX(SET_STR, ssl_client_ca_file), |
||||
@@ -331,6 +333,8 @@ static const struct auth_settings auth_d |
||||
.verbose_proctitle = FALSE, |
||||
.first_valid_uid = 500, |
||||
.last_valid_uid = 0, |
||||
+ .first_valid_gid = 1, |
||||
+ .last_valid_gid = 0, |
||||
}; |
||||
|
||||
const struct setting_parser_info auth_setting_parser_info = { |
||||
diff -up dovecot-2.2.36/src/auth/auth-settings.h.gidcheck dovecot-2.2.36/src/auth/auth-settings.h |
||||
--- dovecot-2.2.36/src/auth/auth-settings.h.gidcheck 2018-04-30 15:52:05.000000000 +0200 |
||||
+++ dovecot-2.2.36/src/auth/auth-settings.h 2018-09-17 12:13:30.540159133 +0200 |
||||
@@ -88,6 +88,8 @@ struct auth_settings { |
||||
bool verbose_proctitle; |
||||
unsigned int first_valid_uid; |
||||
unsigned int last_valid_uid; |
||||
+ unsigned int first_valid_gid; |
||||
+ unsigned int last_valid_gid; |
||||
|
||||
/* generated: */ |
||||
char username_chars_map[256]; |
||||
diff -up dovecot-2.2.36/src/auth/userdb-passwd.c.gidcheck dovecot-2.2.36/src/auth/userdb-passwd.c |
||||
--- dovecot-2.2.36/src/auth/userdb-passwd.c.gidcheck 2018-04-30 15:52:05.000000000 +0200 |
||||
+++ dovecot-2.2.36/src/auth/userdb-passwd.c 2018-09-17 12:13:30.540159133 +0200 |
||||
@@ -145,6 +145,10 @@ passwd_iterate_want_pw(struct passwd *pw |
||||
return FALSE; |
||||
if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0) |
||||
return FALSE; |
||||
+ if (pw->pw_gid < (gid_t)set->first_valid_gid) |
||||
+ return FALSE; |
||||
+ if (pw->pw_gid > (gid_t)set->last_valid_gid && set->last_valid_gid != 0) |
||||
+ return FALSE; |
||||
return TRUE; |
||||
} |
@ -0,0 +1,13 @@
@@ -0,0 +1,13 @@
|
||||
diff -up dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c |
||||
--- dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix 2018-09-18 15:00:08.778823903 +0200 |
||||
+++ dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c 2018-09-18 15:00:08.814823737 +0200 |
||||
@@ -161,8 +161,7 @@ acl_backend_vfile_object_init(struct acl |
||||
T_BEGIN { |
||||
if (*name == '\0' || |
||||
mailbox_list_is_valid_name(_backend->list, name, &error)) { |
||||
- vname = *name == '\0' ? "" : |
||||
- mailbox_list_get_vname(_backend->list, name); |
||||
+ vname = mailbox_list_get_vname(_backend->list, name); |
||||
|
||||
dir = acl_backend_vfile_get_local_dir(_backend, name, vname); |
||||
aclobj->local_path = dir == NULL ? NULL : |
@ -0,0 +1,41 @@
@@ -0,0 +1,41 @@
|
||||
diff -up dovecot-2.2.9/src/lib-master/master-service.c.fixit dovecot-2.2.9/src/lib-master/master-service.c |
||||
--- dovecot-2.2.9/src/lib-master/master-service.c.fixit 2013-11-24 14:37:39.000000000 +0100 |
||||
+++ dovecot-2.2.9/src/lib-master/master-service.c 2013-11-27 17:52:48.802843395 +0100 |
||||
@@ -559,6 +559,11 @@ const char *master_service_get_name(stru |
||||
return service->name; |
||||
} |
||||
|
||||
+const enum master_service_flags master_service_get_flags(struct master_service *service) |
||||
+{ |
||||
+ return service->flags; |
||||
+} |
||||
+ |
||||
void master_service_run(struct master_service *service, |
||||
master_service_connection_callback_t *callback) |
||||
{ |
||||
diff -up dovecot-2.2.9/src/lib-master/master-service.h.fixit dovecot-2.2.9/src/lib-master/master-service.h |
||||
--- dovecot-2.2.9/src/lib-master/master-service.h.fixit 2013-11-24 14:37:39.000000000 +0100 |
||||
+++ dovecot-2.2.9/src/lib-master/master-service.h 2013-11-27 17:53:05.329705614 +0100 |
||||
@@ -134,6 +134,8 @@ const char *master_service_get_version_s |
||||
/* Returns name of the service, as given in name parameter to _init(). */ |
||||
const char *master_service_get_name(struct master_service *service); |
||||
|
||||
+const enum master_service_flags master_service_get_flags(struct master_service *service); |
||||
+ |
||||
/* Start the service. Blocks until finished */ |
||||
void master_service_run(struct master_service *service, |
||||
master_service_connection_callback_t *callback) |
||||
diff -up dovecot-2.2.9/src/ssl-params/main.c.fixit dovecot-2.2.9/src/ssl-params/main.c |
||||
--- dovecot-2.2.9/src/ssl-params/main.c.fixit 2013-11-24 14:37:39.000000000 +0100 |
||||
+++ dovecot-2.2.9/src/ssl-params/main.c 2013-11-27 17:51:06.664694558 +0100 |
||||
@@ -103,7 +103,10 @@ static void sig_chld(const siginfo_t *si |
||||
if (waitpid(-1, &status, WNOHANG) < 0) |
||||
i_error("waitpid() failed: %m"); |
||||
else if (status != 0) |
||||
+ { |
||||
i_error("child process failed with status %d", status); |
||||
+ if(master_service_get_flags(master_service) & MASTER_SERVICE_FLAG_STANDALONE) exit(1); |
||||
+ } |
||||
else { |
||||
/* params should have been created now. try refreshing. */ |
||||
ssl_params_refresh(param); |
@ -0,0 +1,19 @@
@@ -0,0 +1,19 @@
|
||||
.TH DOVECOT.CONF 5 2010/06/27 "dovecot" "File Formats and Conventions" |
||||
.SH NAME |
||||
\fBdovecot.conf\fP \- The configuration file for dovecot imap and pop3 server |
||||
|
||||
.SH FULL PATH |
||||
.B /etc/dovecot.conf |
||||
|
||||
.SH DESCRIPTION |
||||
The dovecot.conf file is a configuration file for the |
||||
.BR dovecot (1) |
||||
imap and pop3 server. The dovecot.conf configuration file contains description to all available options. Some of these options are described also in offline wiki documentation placed in /usr/share/doc/dovecot*/wiki/. |
||||
|
||||
For backup purposes unmodified version of dovecot.conf can be found in /usr/share/doc/dovecot-<version>/example-config/dovecot.conf.default |
||||
|
||||
.SH "SEE ALSO" |
||||
.BR doveadm (1), |
||||
.BR dovecot (1), |
||||
.I /usr/share/doc/dovecot*/wiki/ |
||||
.I /usr/share/doc/dovecot*/dovecot.conf.default |
@ -0,0 +1,107 @@
@@ -0,0 +1,107 @@
|
||||
#!/bin/bash |
||||
# |
||||
# /etc/rc.d/init.d/dovecot |
||||
# |
||||
# Starts the dovecot daemon |
||||
# |
||||
# chkconfig: - 65 35 |
||||
# description: Dovecot Imap Server |
||||
# processname: dovecot |
||||
# config: /etc/dovecot.conf |
||||
# config: /etc/sysconfig/dovecot |
||||
# pidfile: /var/run/dovecot/master.pid |
||||
|
||||
### BEGIN INIT INFO |
||||
# Provides: dovecot |
||||
# Required-Start: $local_fs $network |
||||
# Required-Stop: $local_fs $network |
||||
# Should-Start: $remote_fs |
||||
# Should-Stop: $remote_fs |
||||
# Default-Start: |
||||
# Default-Stop: 0 1 2 3 4 5 6 |
||||
# Short-Description: start and stop Dovecot Imap server |
||||
# Description: Dovecot is an IMAP server for Linux/UNIX-like systems, |
||||
# written with security primarily in mind. It also contains |
||||
# a small POP3 server. |
||||
### END INIT INFO |
||||
|
||||
# Source function library. |
||||
. /etc/init.d/functions |
||||
|
||||
if [ -f /etc/sysconfig/dovecot -a $UID -eq 0 ]; then |
||||
. /etc/sysconfig/dovecot |
||||
fi |
||||
|
||||
RETVAL=0 |
||||
prog="Dovecot Imap" |
||||
exec="/usr/sbin/dovecot" |
||||
config="/etc/dovecot/dovecot.conf" |
||||
pidfile="/var/run/dovecot/master.pid" |
||||
lockfile="/var/lock/subsys/dovecot" |
||||
|
||||
start() { |
||||
[ $UID -eq 0 ] || exit 4 |
||||
[ -x $exec ] || exit 5 |
||||
[ -f $config ] || exit 6 |
||||
|
||||
echo -n $"Starting $prog: " |
||||
daemon --pidfile $pidfile $exec $OPTIONS |
||||
RETVAL=$? |
||||
[ $RETVAL -eq 0 ] && touch $lockfile |
||||
echo |
||||
} |
||||
|
||||
stop() { |
||||
[ $UID -eq 0 ] || exit 4 |
||||
echo -n $"Stopping $prog: " |
||||
killproc -p $pidfile $exec |
||||
RETVAL=$? |
||||
[ $RETVAL -eq 0 ] && rm -f $lockfile |
||||
echo |
||||
} |
||||
|
||||
reload() { |
||||
[ $UID -eq 0 ] || exit 4 |
||||
echo -n $"Reloading $prog: " |
||||
killproc -p $pidfile $exec -HUP |
||||
RETVAL=$? |
||||
echo |
||||
} |
||||
|
||||
# |
||||
# See how we were called. |
||||
# |
||||
case "$1" in |
||||
start) |
||||
start |
||||
;; |
||||
stop) |
||||
stop |
||||
;; |
||||
reload) |
||||
reload |
||||
;; |
||||
force-reload|restart) |
||||
stop |
||||
sleep 1 |
||||
start |
||||
RETVAL=$? |
||||
;; |
||||
condrestart|try-restart) |
||||
if [ -f $lockfile ]; then |
||||
stop |
||||
sleep 3 |
||||
start |
||||
fi |
||||
;; |
||||
status) |
||||
status -p $pidfile $exec |
||||
RETVAL=$? |
||||
;; |
||||
*) |
||||
echo $"Usage: $0 {condrestart|try-restart|start|stop|restart|reload|force-reload|status}" |
||||
RETVAL=2 |
||||
[ "$1" = 'usage' ] && RETVAL=0 |
||||
esac |
||||
|
||||
exit $RETVAL |
@ -0,0 +1,5 @@
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0 |
||||
auth required pam_nologin.so |
||||
auth include password-auth |
||||
account include password-auth |
||||
session include password-auth |
@ -0,0 +1,3 @@
@@ -0,0 +1,3 @@
|
||||
# Here you can specify your dovecot command line options. |
||||
# |
||||
#OPTIONS="" |
@ -0,0 +1 @@
@@ -0,0 +1 @@
|
||||
d /var/run/dovecot 0755 root dovecot - |
Loading…
Reference in new issue