Add dovecot

2021-01-05 02:07:09 +00:00 · 2021-01-05 02:07:09 +00:00 · 0bad02f9ec
commit 0bad02f9ec
parent 8553d5b176
8 changed files with 246 additions and 0 deletions
--- a/configs/dovecot/APKBUILD
+++ b/configs/dovecot/APKBUILD
@ -0,0 +1,28 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=redxen-config-dovecot
+pkgver=2021.01.05
+pkgrel=2
+pkgdesc="Dovecot configuration"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="dovecot dovecot-lmtpd dovecot-pgsql redxen-secret-letsencrypt-chain redxen-secret-letsencrypt-private"
+install="$pkgname.pre-install"
+source="
+	dovecot.conf
+	pgsql.conf
+	rspamd.sieve
+"
+options="!check"
+
+package() {
+	install -Dm644 dovecot.conf "$pkgdir"/etc/dovecot/redxen/dovecot.conf
+	install -Dm644 pgsql.conf "$pkgdir"/etc/dovecot/redxen/pgsql.conf
+	install -Dm644 rspamd.sieve "$pkgdir"/etc/dovecot/redxen/rspamd.sieve
+	install -d "$pkgdir"/var/mail
+}
+
+sha512sums="a7d43e8dc0f67c5d787dbae7d27aced4b4a06b9c2311f36e5a11b77fcb73a9dc95ea34ce62ea53d2f2d047c31713e8c36a3af41fe7326da5bada329056134bf2  dovecot.conf
+bf8a04b608c993f952fdec9a3ab56ecd075cadd3778854d45e21c39f410135adb4efe2d707fd30ceeb17c0865497db590142de955bf375d1802c6e6fee596a21  pgsql.conf
+e305a5ee8196f09d805278acf27a2b66eae9c9e3c6e3458bca391597b1c720c063f8c92034d1af070c750fd0858da7eaa16e75a3b060064eac6b5bcb7b2452e7  rspamd.sieve"
--- a/configs/dovecot/README.md
+++ b/configs/dovecot/README.md
@ -0,0 +1,30 @@
+# Dovecot setup
+
+First create the database and the users table:
+```
+CREATE USER dovecot PASSWORD '...' WITH LOGIN;
+CREATE DATABASE mail OWNER postgres;
+CREATE TABLE users (
+	userid VARCHAR(128) NOT NULL,
+	password VARCHAR(128),
+	active boolean,
+	PRIMARY KEY (userid)
+);
+GRANT SELECT ON users TO dovecot;
+```
+
+Then hash the password:
+`doveadm pw -s ARGON2I`
+
+Finally, add the user:
+```
+INSERT INTO users (
+	userid,
+	password,
+	active
+) VALUES (
+	'user@domain.org',
+	'...',
+	'1'
+);
+```
--- a/configs/dovecot/dovecot.conf
+++ b/configs/dovecot/dovecot.conf
@ -0,0 +1,109 @@
+## Dovecot configuration file
+
+listen = *, ::
+
+base_dir = /run/dovecot/
+instance_name = redxen-production
+login_greeting = RedXen Mail ready. DO NOT MESS WITH US OR WE WILL CUT YOUR BALLS OFF!
+
+protocols = imap lmtp
+
+ssl = yes
+ssl_cert = </etc/ssl/redxen/letsencrypt/chain.crt
+ssl_key = </etc/ssl/redxen/letsencrypt/private.key
+auth_mechanisms = plain login
+
+protocols = $protocols imap
+disable_plaintext_auth = yes
+auth_username_format = %n
+
+first_valid_uid = 8
+last_valid_uid = 8
+first_valid_gid = 12
+last_valid_gid = 12
+
+lda_mailbox_autocreate = yes
+
+userdb {
+	driver = sql
+	args = /etc/dovecot/redxen/pgsql.conf
+}
+
+passdb {
+	driver = sql
+	args = /etc/dovecot/redxen/pgsql.conf
+}
+
+service imap-login {
+	inet_listener imap {
+		#address = none
+		port = 143
+	}
+	inet_listener imaps {
+		#address = none
+		port = 993
+		ssl = yes
+	}
+}
+
+service auth {
+	unix_listener auth {
+		mode = 0660
+		user = mail
+		group = dovecot
+	}
+	user = root
+}
+
+service lmtp {
+	unix_listener lmtp {
+		mode = 0660
+		group = mail
+		user = dovecot
+	}
+}
+#protocol lmtp {
+#	mail_plugins = $mail_plugins sieve
+#}
+
+mail_location = maildir:/var/mail/%d/%u:INBOX=/var/mail/%d/%u/Inbox:LAYOUT=fs
+namespace inbox {
+	inbox = yes
+	mailbox Drafts {
+		special_use = \Drafts
+		auto = subscribe
+	}
+	mailbox Junk {
+		special_use = \Junk
+		auto = subscribe
+		autoexpunge = 30d
+	}
+	mailbox Sent {
+		special_use = \Sent
+		auto = subscribe
+	}
+	mailbox Trash {
+		special_use = \Trash
+		autoexpunge = 7d
+	}
+	mailbox Archive {
+		special_use = \Archive
+		auto = subscribe
+	}
+}
+
+#plugin {
+#	sieve_plugins = sieve_extprograms
+#	sieve_extensions = +editheader +mboxmetadata +servermetadata +imapflags +notify +spamtest +spamtestplus +virustest
+#
+#	sieve_spamtest_status_type = score
+#	sieve_spamtest_status_header = X-Spamd-Result: .*? \[([[:digit:]]+\.[[:digit:]]+) / [[:digit:]]+\.[[:digit:]]+\];
+#	sieve_spamtest_max_value = 6
+#	sieve_spamtest_max_header = X-Spamd-Result: .*? \[[[:digit:]]+\.[[:digit:]]+ / ([[:digit:]]+\.[[:digit:]]+)\];
+#
+#	sieve_spamtest_status_type = text
+#	sieve_spamtest_status_header = X-Spam
+#	sieve_spamtest_text_value1 = No
+#	sieve_spamtest_text_value10 = Yes
+#	sieve_default = rspamd.sieve
+#}
--- a/configs/dovecot/redxen-config-dovecot.pre-install
+++ b/configs/dovecot/redxen-config-dovecot.pre-install
@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser dovecot rxletsenc
+
+return 0
--- a/configs/dovecot/rspamd.sieve
+++ b/configs/dovecot/rspamd.sieve
@ -0,0 +1,10 @@
+require ["fileinto","mailbox"];
+if anyof(
+	header :contains ["X-Spam-Flag"] "YES",
+	header :contains ["X-Spam-Status"] "spam",
+	header :contains ["X-Spam"] "Yes",
+	header :contains ["Subject"] "*** SPAM ***"
+	)
+{
+	fileinto :create "Junk";
+}
--- a/openrc/dovecot/APKBUILD
+++ b/openrc/dovecot/APKBUILD
@ -0,0 +1,23 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=redxen-openrc-dovecot
+pkgver=2021.01.05
+pkgrel=2
+pkgdesc="Dovecot OpenRC service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc redxen-config-dovecot"
+options="!check"
+source="
+	runfile
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	install -Dm755 runfile "$pkgdir"/etc/init.d/dovecot.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/dovecot.redxen
+}
+sha512sums="04efce688cf54ab643cbf29dafe264c70f3a2c6f2e7fe9030d1e7f3e4d30656c718796fb55d3d9c02422e2298172475efd91b31b4ca6108508a636f2ff242963  runfile
+612aecfe0c233264ab2cdc4e4545dd0e89500672057ffb86f8798141f3a767ed64bae375a55defa202353588d89757b3b3224d63e827a006210a87540888970f  conffile"
--- a/openrc/dovecot/conffile
+++ b/openrc/dovecot/conffile
@ -0,0 +1,2 @@
+cfgfile="/etc/dovecot/redxen/dovecot.conf"
+maildir="/var/mail"
--- a/openrc/dovecot/runfile
+++ b/openrc/dovecot/runfile
@ -0,0 +1,39 @@
+#!/sbin/openrc-run
+
+description="Secure POP3/IMAP server"
+
+cfgfile=${cfgfile:-/etc/dovecot/dovecot.conf}
+pidfile=$(doveconf -c $cfgfile -h base_dir 2>/dev/null)/master.pid
+command=/usr/sbin/dovecot
+command_args="-c $cfgfile"
+required_files="$cfgfile"
+extra_started_commands="reload reopen"
+description_reload="Reload configuration"
+description_reopen="Reopen log files"
+
+depend() {
+	need localmount net
+	before mta
+	after bootmisc firewall ntp-client ntpd postgresql
+	use logger
+}
+
+start_pre() {
+	ebegin "Checking dovecot config"
+	doveconf -c $cfgfile -x >/dev/null
+	eend $?
+	checkpath --directory ${pidfile%/*}
+	checkpath -m740 -o mail:mail -d ${maildir:-/var/mail}
+}
+
+reload() {
+	ebegin "Reloading $RC_SVCNAME configs and restarting auth/login processes"
+	start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
+	eend $?
+}
+
+reopen() {
+	ebegin "Reopening $RC_SVCNAME log files"
+	start-stop-daemon --signal USR1 --pidfile $pidfile
+	eend $?
+}