Commit 0f6a56e4 authored by Claudemir Todo Bom's avatar Claudemir Todo Bom
parents 7a6d9b3e f71773e7
Pipeline #261 passed with stage
in 1 minute and 27 seconds
......@@ -81,3 +81,10 @@ SRS_SECRET=SecredoDeEstado
### Disable automatic account expiration after 60 days without login
#WW_DISABLE_ACCOUNT_EXPIRATION=1
### disable forced encrypted conections
#WW_RELAX_TLS=1
### define to disable TLS announce for specific hosts (separated by ";")
#WW_NOTLSADVERTISE_HOSTS="192.0.2.1 ; 2001:db8::1"
......@@ -87,6 +87,10 @@ hostlist localhost = <; 127.0.0.0/8 ; ::1
hostlist submitter_hosts = <; 127.0.0.0/8 ; ::1 ; WW_SUBMITTERS
hostlist relayers = <; 127.0.0.0/8 ; ::1 ; WW_RELAYERS ; WW_SUBMITTERS
.ifdef WW_NOTLSADVERTISE_HOSTS
hostlist notlsadvertisehosts = <; WW_NOTLSADVERTISE_HOSTS
.endif
hostlist auth_relay_hosts = *
hostlist iana_lacnic = 177.0.0.0/8 : 179.0.0.0/8 : 181.0.0.0/8 : 186.0.0.0/8 : 187.0.0.0/8 : 189.0.0.0/8 : 190.0.0.0/8 : 200.0.0.0/8 : 201.0.0.0/8
......@@ -119,7 +123,12 @@ hostlist websites = 127.0.0.1
tls_on_connect_ports = 465
tls_certificate = /etc/exim4/ssl/fullchain.pem
tls_privatekey = /etc/exim4/ssl/privkey.pem
.ifndef WW_NOTLSADVERTISE_HOSTS
tls_advertise_hosts = *
.else
tls_advertise_hosts = ! +notlsadvertisehosts
.endif
# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
......@@ -614,16 +623,16 @@ check_recipient:
### verificacoes de dns reverso
defer message = 4.7.1 defered DNS reverse lookup for $sender_host_address
log_message = DEFERED: [Reverse DNS defer] defered reverse lookup for $sender_host_address
!hosts = +relayers
!hosts = +relayers : +local_network
condition = ${if eq{$host_lookup_deferred}{1} {1}{0}}
deny message = 5.7.1 inconsistent or no DNS reverse entry for $sender_host_address
log_message = REJECTED: [Reverse DNS fail] inconsistent reverse for $sender_host_address
!hosts = +relayers
!hosts = +relayers : +local_network
condition = ${if eq{$host_lookup_failed}{1} {1}{0}}
deny !verify = reverse_host_lookup
!hosts = +relayers
!hosts = +relayers : +local_network
log_message = REJECTED: [Reverse DNS] lookup failure for $sender_host_address
message = 5.7.1 reverse DNS lookup failure for $sender_host_address
......@@ -790,10 +799,12 @@ check_auth:
accept
hosts = +localhost
.ifndef WW_RELAX_TLS
deny
!encrypted = *
condition = ${if eq {$interface_port}{587}}
message = 5.7.1 AUTH encryption is required
.endif
# Deny if AUTH isn't on submission port (autolist enabled)
deny
......@@ -801,10 +812,11 @@ check_auth:
!condition = ${if eq {$interface_port}{465}}
message = 5.7.1 AUTH requires submission port
# Accept if encrypted (should not get here if unencrypted)
# Final accept (should not get here on normal conditions)
accept
.ifndef WW_RELAX_TLS
encrypted = *
.endif
#!!# ACL that is used after the VRFY command
check_vrfy:
......
......@@ -473,6 +473,7 @@ DELIMITER ;
/*!50003 SET sql_mode = 'NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ;
DELIMITER ;;
CREATE DEFINER=`root`@`localhost` FUNCTION `unalias`(`p_address` VARCHAR(255) CHARSET utf8) RETURNS varchar(255) CHARSET utf8
DETERMINISTIC
BEGIN
DECLARE a_address VARCHAR(255);
DECLARE p_localpart VARCHAR(255);
......@@ -525,6 +526,7 @@ DELIMITER ;
/*!50003 SET sql_mode = 'NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ;
DELIMITER ;;
CREATE DEFINER=`root`@`localhost` FUNCTION `__unalias`(`p_address` VARCHAR(255) CHARSET utf8) RETURNS varchar(255) CHARSET utf8
DETERMINISTIC
BEGIN
DECLARE a_address VARCHAR(255);
DECLARE p_localpart VARCHAR(255);
......
......@@ -4,41 +4,60 @@ cat /etc/default/wwmail | sed -e 's/: /=/g' > /tmp/wwmail.$$.tmp
source /tmp/wwmail.$$.tmp
rm /tmp/wwmail.$$.tmp
DRYRUN=1
while [ "$1" ] ; do
if [ $1 == "-u" ] ; then
unset DRYRUN
fi
shift
done
echo "select address,maildir from users" | mysql -N -u ${WW_ISP_USER} -p${WW_ISP_PASS} ${WW_ISP_DB} | while read USER MAILDIR ; do
DOMAIN="$(echo ${USER} | sed -e 's/^.*@//')"
LOCALPART="$(echo ${USER} | sed -e 's/@.*$//')"
DOMAINDIR="/var/spool/maildir/${DOMAIN}"
[ ${DRYRUN} ] && echo VERIFIED
if [ -e "${DOMAINDIR}" ] && ! [ -d "${DOMAINDIR}" ] ; then
echo "${DOMAINDIR} / ${USER} existe e não é um diretório - abort" 1>&2
exit 1
fi
if ! [ -e "${DOMAINDIR}" ] ; then
mkdir -p "${DOMAINDIR}"
chown mail.mail "${DOMAINDIR}"
[ ${DRYRUN} ] || mkdir -p "${DOMAINDIR}"
[ ${DRYRUN} ] || chown mail.mail "${DOMAINDIR}"
fi
ORIG="$(dirname ${MAILDIR})/$(basename ${MAILDIR})"
DEST="/var/spool/maildir/${DOMAIN}/${LOCALPART}"
if ! [ -e "${MAILDIR}" ] ; then
echo "nao existe: ${MAILDIR}" 1>&2
if ! [ -e "${DEST}" ] ; then
echo "alterado" 1>&2
echo "UPDATE users SET maildir='${DEST}/' where address='${USER}';"
continue
fi
if [ "${ORIG}" == "${DEST}" ] ; then
continue
fi
if [ "${ORIG}" == "${DEST}" ] ; then
if ! [ -e "${MAILDIR}" ] ; then
echo "origem nao existe: ${MAILDIR} (${USER})" 1>&2
if [ -e "${DEST}" ] ; then
echo "mas o destino já existe: ${DEST}" 1>&2
[ ${DRYRUN} ] || mv "${DEST}" /var/spool/maildir/backup/
[ ${DRYRUN} ] && echo BACKEDUP
fi
[ ${DRYRUN} ] || echo "UPDATE users SET maildir='${DEST}/' where address='${USER}';"
[ ${DRYRUN} ] && echo UPDATED
continue
fi
if [ -e "${ORIG}" ] ; then
if [ -e "${DEST}" ] ; then
#echo "origem: ${ORIG} -> ${DEST} destino já existe: ${DEST}" 1>&2
mv "${DEST}" /var/spool/maildir/backup/
echo "origem e destinos já existem: ${ORIG} -> ${DEST}" 1>&2
[ ${DRYRUN} ] || mv "${DEST}" /var/spool/maildir/backup/
[ ${DRYRUN} ] && echo BACKEDUP
fi
mv "${ORIG}" "${DEST}"
echo "UPDATE users SET maildir='${DEST}/' where address='${USER}';"
[ ${DRYRUN} ] || mv "${ORIG}" "${DEST}"
[ ${DRYRUN} ] || echo "UPDATE users SET maildir='${DEST}/' where address='${USER}';"
[ ${DRYRUN} ] && echo MOVED
fi
done | mysql -f -N -u ${WW_ISP_USER} -p${WW_ISP_PASS} ${WW_ISP_DB}
done | {
[ ${DRYRUN} ] || mysql -f -N -u ${WW_ISP_USER} -p${WW_ISP_PASS} ${WW_ISP_DB}
[ ${DRYRUN} ] && echo "Execução de teste" && sort | uniq -c && echo -e "\n\n Repita com o parâmetro -u para executar as modificações"
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment