From: frank Date: Mon, 16 Jan 2012 13:43:15 +0000 (+0100) Subject: committing changes in /etc after emerge run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=1f3c211b20482fbd29a8c475fb82dd6aaa05139c;p=config%2Fbruni%2Fetc.git committing changes in /etc after emerge run Package changes: +net-mail/courier-imap-4.5.0 --- diff --git a/.etckeeper b/.etckeeper index 79276400..faefd43a 100755 --- a/.etckeeper +++ b/.etckeeper @@ -2,6 +2,8 @@ mkdir -p './ConsoleKit/run-seat.d' mkdir -p './ca-certificates/update.d' +mkdir -p './courier-imap/shared' +mkdir -p './courier-imap/shared.tmp' mkdir -p './polkit-1/localauthority/10-vendor.d' mkdir -p './polkit-1/localauthority/20-org.d' mkdir -p './polkit-1/localauthority/30-site.d' @@ -180,6 +182,16 @@ maybe chmod 0600 './config-archive/etc/ulogd.conf.dist.new' maybe chown mail './courier' maybe chgrp mail './courier' maybe chmod 0755 './courier' +maybe chmod 0755 './courier-imap' +maybe chmod 0600 './courier-imap/imapd' +maybe chmod 0600 './courier-imap/imapd-ssl' +maybe chmod 0600 './courier-imap/imapd.cnf' +maybe chmod 0600 './courier-imap/pop3d' +maybe chmod 0600 './courier-imap/pop3d-ssl' +maybe chmod 0600 './courier-imap/pop3d.cnf' +maybe chmod 0444 './courier-imap/quotawarnmsg.example' +maybe chmod 0755 './courier-imap/shared' +maybe chmod 0755 './courier-imap/shared.tmp' maybe chown mail './courier/authlib' maybe chgrp mail './courier/authlib' maybe chmod 0755 './courier/authlib' @@ -472,6 +484,10 @@ maybe chmod 0755 './init.d/bootmisc' maybe chmod 0755 './init.d/consolefont' maybe chmod 0755 './init.d/consolekit' maybe chmod 0755 './init.d/courier-authlib' +maybe chmod 0755 './init.d/courier-imapd' +maybe chmod 0755 './init.d/courier-imapd-ssl' +maybe chmod 0755 './init.d/courier-pop3d' +maybe chmod 0755 './init.d/courier-pop3d-ssl' maybe chmod 0755 './init.d/crypto-loop' maybe chmod 0755 './init.d/cupsd' maybe chmod 0755 './init.d/dbus' diff --git a/courier-imap/imapd b/courier-imap/imapd new file mode 100644 index 00000000..8f8a010d --- /dev/null +++ b/courier-imap/imapd @@ -0,0 +1,429 @@ +##VERSION: $Id: imapd.dist.in,v 1.41 2008/06/21 16:01:23 mrsam Exp $ +# +# imapd created from imapd.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for +# distribution information. +# +# This configuration file sets various options for the Courier-IMAP server +# when used with the couriertcpd server. +# A lot of the stuff here is documented in the manual page for couriertcpd. +# +# NOTE - do not use \ to split long variable contents on multiple lines. +# This will break the default imapd.rc script, which parses this file. +# +##NAME: ADDRESS:0 +# +# Address to listen on, can be set to a single IP address. +# +# ADDRESS=127.0.0.1 + +ADDRESS=0 + +##NAME: PORT:1 +# +# Port numbers that connections are accepted on. The default is 143, +# the standard IMAP port. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possible to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 +# The previous ADDRESS setting is a default for ports that do not have +# a specified IP address. + +PORT=143 + +##NAME: AUTHSERVICE:0 +# +# It's possible to authenticate using a different 'service' parameter +# depending on the connection's port. This only works with authentication +# modules that use the 'service' parameter, such as PAM. Example: +# +# AUTHSERVICE143=imap +# AUTHSERVICE993=imaps + +##NAME: MAXDAEMONS:0 +# +# Maximum number of IMAP servers started +# + +MAXDAEMONS=40 + +##NAME: MAXPERIP:0 +# +# Maximum number of connections to accept from the same IP address + +MAXPERIP=4 + +##NAME: PIDFILE:0 +# +# File where couriertcpd will save its process ID +# + +PIDFILE=/var/run/imapd.pid + +##NAME: TCPDOPTS:0 +# +# Miscellaneous couriertcpd options that shouldn't be changed. +# + +TCPDOPTS="-nodnslookup -noidentlookup" + +##NAME: LOGGEROPTS:0 +# +# courierlogger(1) options. +# + +LOGGEROPTS="-name=imapd" + +##NAME: DEFDOMAIN:0 +# +# Optional default domain. If the username does not contain the +# first character of DEFDOMAIN, then it is appended to the username. +# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended +# only if the username does not contain any character from DOMAINSEP. +# You can set different default domains based on the the interface IP +# address using the -access and -accesslocal options of couriertcpd(1). + +#DEFDOMAIN="@example.com" + +##NAME: IMAP_CAPABILITY:1 +# +# IMAP_CAPABILITY specifies what most of the response should be to the +# CAPABILITY command. +# +# If you have properly configured Courier to use CRAM-MD5, CRAM-SHA1, or +# CRAM-SHA256 authentication (see INSTALL), set IMAP_CAPABILITY as follows: +# +# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" +# + +IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" + +##NAME: KEYWORDS_CAPABILITY:0 +# +# IMAP_KEYWORDS=1 enables custom IMAP keywords. Set this option to 0 to +# disable custom keywords. +# +# IMAP_KEYWORDS=2 also enables custom IMAP keywords, but uses a slower +# algorithm. Use this setting if keyword-related problems occur when +# multiple IMAP clients are updating keywords on the same message. + +IMAP_KEYWORDS=1 + +##NAME: ACL_CAPABILITY:0 +# +# IMAP_ACL=1 enables IMAP ACL extension. Set this option to 0 to +# disable ACL capabilities announce. + +IMAP_ACL=1 + +##NAME: SMAP1_CAPABILITY:0 +# +# EXPERIMENTAL +# +# To enable the experimental "Simple Mail Access Protocol" extensions, +# uncomment the following setting. +# +# SMAP_CAPABILITY=SMAP1 + +##NAME: IMAP_CAPABILITY_ORIG:2 +# +# For use by webadmin + +IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" + +##NAME: IMAP_PROXY:0 +# +# Enable proxying. See README.proxy + +IMAP_PROXY=0 + +##NAME: PROXY_HOSTNAME:0 +# +# Override value from gethostname() when checking if a proxy connection is +# required. +# +# PROXY_HOSTNAME= + +##NAME: IMAP_PROXY_FOREIGN:0 +# +# Proxying to non-Courier servers. Re-sends the CAPABILITY command after +# logging in to the remote server. May not work with all IMAP clients. + +IMAP_PROXY_FOREIGN=0 + +##NAME: IMAP_IDLE_TIMEOUT:0 +# +# This setting controls how often +# the server polls for changes to the folder, in IDLE mode (in seconds). + +IMAP_IDLE_TIMEOUT=60 + +##NAME: IMAP_MAILBOX_SANITY_CHECK:0 +# +# Sanity check -- make sure home directory and maildir's ownership matches +# the IMAP server's effective uid and gid + +IMAP_MAILBOX_SANITY_CHECK=1 + +##NAME: IMAP_CAPABILITY_TLS:0 +# +# The following setting will advertise SASL PLAIN authentication after +# STARTTLS is established. If you want to allow SASL PLAIN authentication +# with or without TLS then just comment this out, and add AUTH=PLAIN to +# IMAP_CAPABILITY + +IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" + +##NAME: IMAP_TLS_ORIG:0 +# +# For use by webadmin + +IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" + +##NAME: IMAP_DISABLETHREADSORT:0 +# +# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands - +# server side sorting and threading. +# +# Those capabilities will still be advertised, but the server will reject +# them. Set this option if you want to disable all the extra load from +# server-side threading and sorting. Not advertising those capabilities +# will simply result in the clients reading the entire folder, and sorting +# it on the client side. That will still put some load on the server. +# advertising these capabilities, but rejecting the commands, will stop this +# silliness. +# + +IMAP_DISABLETHREADSORT=0 + +##NAME: IMAP_CHECK_ALL_FOLDERS:0 +# +# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new +# mail in every folder. Not all IMAP clients use the IMAP's new mail +# indicator, but some do. Normally new mail is checked only in INBOX, +# because it is a comparatively time consuming operation, and it would be +# a complete waste of time unless mail filters are used to deliver +# mail directly to folders. +# +# When IMAP clients are used which support new mail indication, and when +# mail filters are used to sort incoming mail into folders, setting +# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new +# mail in folders. Note that this will result in slightly more load on the +# server. +# + +IMAP_CHECK_ALL_FOLDERS=0 + +##NAME: IMAP_OBSOLETE_CLIENT:0 +# +# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean +# what \\HasNoChildren really means. + +IMAP_OBSOLETE_CLIENT=0 + +##NAME: IMAP_UMASK:0 +# +# IMAP_UMASK sets the umask of the server process. The value of IMAP_UMASK is +# simply passed to the "umask" command. The default value is 022. +# +# This feature is mostly useful for shared folders, where the file permissions +# of the messages may be important. + +IMAP_UMASK=022 + +##NAME: IMAP_ULIMITD:0 +# +# IMAP_ULIMITD sets the maximum size of the data segment of the server +# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d" +# command (or ulimit -v). The argument to ulimi sets the upper limit on the +# size of the data segment of the server process, in kilobytes. The default +# value of 65536 sets a very generous limit of 64 megabytes, which should +# be more than plenty for anyone. +# +# This feature is used as an additional safety check that should stop +# any potential denial-of-service attacks that exploit any kind of +# a memory leak to exhaust all the available memory on the server. +# It is theoretically possible that obscenely huge folders will also +# result in the server running out of memory when doing server-side +# sorting (by my calculations you have to have at least 100,000 messages +# in a single folder, for that to happen). + +IMAP_ULIMITD=65536 + +##NAME: IMAP_USELOCKS:0 +# +# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent +# multiple access to the same folder. This incurs slight additional +# overhead. Concurrent multiple access will still work without this setting, +# however occasionally a minor race condition may result in an IMAP client +# downloading the same message twice, or a keyword update will fail. +# +# IMAP_USELOCKS=1 is strongly recommended when shared folders are used. + +IMAP_USELOCKS=1 + +##NAME: IMAP_SHAREDINDEXFILE:0 +# +# The index of all accessible folders. Do not change this setting unless +# you know what you're doing. See README.sharedfolders for additional +# information. + +IMAP_SHAREDINDEXFILE=/etc/courier-imap/shared/index + +##NAME: IMAP_ENHANCEDIDLE:0 +# +# If Courier was compiled with the File Alteration Monitor, setting +# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple +# clients may open the same folder concurrently, and receive updates to +# folder contents in realtime. See the imapd(8) man page for additional +# information. +# +# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included +# in the IMAP_CAPABILITY list. +# + +IMAP_ENHANCEDIDLE=0 + +##NAME: IMAP_TRASHFOLDERNAME:0 +# +# The name of the magic trash Folder. For MSOE compatibility, +# you can set IMAP_TRASHFOLDERNAME="Deleted Items". +# +# IMPORTANT: If you change this, you must also change IMAP_EMPTYTRASH + +IMAP_TRASHFOLDERNAME=Trash + +##NAME: IMAP_EMPTYTRASH:0 +# +# The following setting is optional, and causes messages from the given +# folder to be automatically deleted after the given number of days. +# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default +# setting, below, purges 7 day old messages from the Trash folder. +# Another useful setting would be: +# +# IMAP_EMPTYTRASH=Trash:7,Sent:30 +# +# This would also delete messages from the Sent folder (presumably copies +# of sent mail) after 30 days. This is a global setting that is applied to +# every mail account, and is probably useful in a controlled, corporate +# environment. +# +# Important: the purging is controlled by CTIME, not MTIME (the file time +# as shown by ls). It is perfectly ordinary to see stuff in Trash that's +# a year old. That's the file modification time, MTIME, that's displayed. +# This is generally when the message was originally delivered to this +# mailbox. Purging is controlled by a different timestamp, CTIME, which is +# changed when the file is moved to the Trash folder (and at other times too). +# +# You might want to disable this setting in certain situations - it results +# in a stat() of every file in each folder, at login and logout. +# + +IMAP_EMPTYTRASH=Trash:7 + +##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0 +# +# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This +# effectively allows an undo of message deletion by fishing the deleted +# mail from trash. Trash can be manually expunged as usually, and mail +# will get automatically expunged from Trash according to IMAP_EMPTYTRASH. +# +# NOTE: shared folders are still expunged as usual. Shared folders are +# not affected. +# + +IMAP_MOVE_EXPUNGE_TO_TRASH=0 + + +##NAME: OUTBOX:0 +# +# The next set of options deal with the "Outbox" enhancement. +# Uncomment the following setting to create a special folder, named +# INBOX.Outbox +# +# OUTBOX=.Outbox + +##NAME: SENDMAIL:0 +# +# If OUTBOX is defined, mail can be sent via the IMAP connection by copying +# a message to the INBOX.Outbox folder. For all practical matters, +# INBOX.Outbox looks and behaves just like any other IMAP folder. If this +# folder doesn't exist it must be created by the IMAP mail client, just +# like any other IMAP folder. The kicker: any message copied or moved to +# this folder is will be E-mailed by the Courier-IMAP server, by running +# the SENDMAIL program. Therefore, messages copied or moved to this +# folder must be well-formed RFC-2822 messages, with the recipient list +# specified in the To:, Cc:, and Bcc: headers. Courier-IMAP relies on +# SENDMAIL to read the recipient list from these headers (and delete the Bcc: +# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the +# message piped on standard input. $SENDER will be the return address +# of the message, which is set by the authentication module. +# +# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing. +# + +SENDMAIL=/usr/sbin/sendmail + +##NAME: HEADERFROM:0 +# +# For administrative and oversight purposes, the return address, $SENDER +# will also be saved in the X-IMAP-Sender mail header. This header gets +# added to the sent E-mail (but it doesn't get saved in the copy of the +# message that's saved in the folder) +# +# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive +# the magic OUTBOX treatment. Therefore advance LARTing is in order for +# _all_ of your lusers, until every one of them is aware of this. Otherwise if +# OUTBOX is left at its default setting - a folder name that might be used +# accidentally - some people may be in for a rude surprise. You can redefine +# the name of the magic folder by changing OUTBOX, above. You should do that +# and pick a less-obvious name. Perhaps brand it with your organizational +# name ( OUTBOX=.WidgetsAndSonsOutbox ) + +HEADERFROM=X-IMAP-Sender + +##NAME: OUTBOX_MULTIPLE_SEND:0 +# +# Remove the following comment to allow a COPY of more than one message to +# the Outbox, at a time. +# +# OUTBOX_MULTIPLE_SEND=1 + +##NAME: IMAPDSTART:0 +# +# IMAPDSTART is not used directly. Rather, this is a convenient flag to +# be read by your system startup script in /etc/rc.d, like this: +# +# . /etc/courier-imap/imapd +# +# case x$IMAPDSTART in +# x[yY]*) +# /usr/lib64/courier-imap/imapd.rc start +# ;; +# esac +# +# The default setting is going to be NO, so you'll have to manually flip +# it to yes. + +IMAPDSTART=NO + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir +# Put any program for ${PRERUN} here +PRERUN= +# Put any program for ${LOGINRUN} here +# this is for relay-ctrl-allow in 4* +LOGINRUN= diff --git a/courier-imap/imapd-ssl b/courier-imap/imapd-ssl new file mode 100644 index 00000000..ee723aca --- /dev/null +++ b/courier-imap/imapd-ssl @@ -0,0 +1,336 @@ +##VERSION: $Id: imapd-ssl.dist.in,v 1.21 2008/07/12 20:17:24 mrsam Exp $ +# +# imapd-ssl created from imapd-ssl.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for +# distribution information. +# +# This configuration file sets various options for the Courier-IMAP server +# when used to handle SSL IMAP connections. +# +# SSL and non-SSL connections are handled by a dedicated instance of the +# couriertcpd daemon. If you are accepting both SSL and non-SSL IMAP +# connections, you will start two instances of couriertcpd, one on the +# IMAP port 143, and another one on the IMAP-SSL port 993. +# +# Download OpenSSL from http://www.openssl.org/ +# +##NAME: SSLPORT:1 +# +# Options in the imapd-ssl configuration file AUGMENT the options in the +# imapd configuration file. First the imapd configuration file is read, +# then the imapd-ssl configuration file, so we do not have to redefine +# anything. +# +# However, some things do have to be redefined. The port number is +# specified by SSLPORT, instead of PORT. The default port is port 993. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possibly to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1 +# The SSLADDRESS setting is a default for ports that do not have +# a specified IP address. + +SSLPORT=993 + +##NAME: SSLADDRESS:0 +# +# Address to listen on, can be set to a single IP address. +# +# SSLADDRESS=127.0.0.1 + +SSLADDRESS=0 + +##NAME: SSLPIDFILE:0 +# +# That's the SSL IMAP port we'll listen on. +# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP. + +SSLPIDFILE=/var/run/imapd-ssl.pid + +##NAME: SSLLOGGEROPTS:0 +# +# courierlogger(1) options. +# + +SSLLOGGEROPTS="-name=imapd-ssl" + +##NAME: IMAPDSSLSTART:0 +# +# Different pid files, so that both instances of couriertcpd can coexist +# happily. +# +# You can also redefine IMAP_CAPABILITY, although I can't +# think of why you'd want to do that. +# +# +# Ok, the following settings are new to imapd-ssl: +# +# Whether or not to start IMAP over SSL on simap port: + +IMAPDSSLSTART=NO + +##NAME: IMAPDSTARTTLS:0 +# +# Whether or not to implement IMAP STARTTLS extension instead: + +IMAPDSTARTTLS=YES + +##NAME: IMAP_TLS_REQUIRED:1 +# +# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. +# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS +# is issued). + +IMAP_TLS_REQUIRED=0 + + +######################################################################### +# +# The following variables configure IMAP over SSL. If OpenSSL or GnuTLS +# is available during configuration, the couriertls helper gets compiled, and +# upon installation a dummy TLS_CERTFILE gets generated. +# +# WARNING: Peer certificate verification has NOT yet been tested. Proceed +# at your own risk. Only the basic SSL/TLS functionality is known to be +# working. Keep this in mind as you play with the following variables. +# +##NAME: COURIERTLS:0 +# + +COURIERTLS=/usr/sbin/couriertls + +##NAME: TLS_PROTOCOL:0 +# +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL2 - SSLv2 +# SSL3 - SSLv3 +# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# TLS1 - TLS1 +# +# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST +# setting, below. +# +# GnuTLS: +# +# SSL3 - SSLv3 +# TLS1 - TLS 1.0 +# TLS1_1 - TLS 1.1 +# +# When compiled against GnuTLS, multiple protocols can be selected as follows: +# +# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# +# DEFAULT VALUES: +# +# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) + +##NAME: TLS_STARTTLS_PROTOCOL:0 +# +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS +# extension, as opposed to IMAP over SSL on port 993. +# +# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL + +##NAME: TLS_CIPHER_LIST:0 +# +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined +# +# OpenSSL: +# +# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH" +# +# To enable SSL2, remove the obvious "!SSLv2" part from the above list. +# +# +# GnuTLS: +# +# TLS_CIPHER_LIST="HIGH:MEDIUM" +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher + +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n +# +# GnuTLS only: +# +# Set the minimum number of acceptable bits for a DH key exchange. +# +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. + +##NAME: TLS_KX_LIST:0 +# +# GnuTLS only: +# +# Allowed key exchange protocols. The default of "ALL" should be sufficient. +# The list of supported key exchange protocols depends on the options GnuTLS +# was compiled against, but may include the following: +# +# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT + +TLS_KX_LIST=ALL + +##NAME: TLS_COMPRESSION:0 +# +# GnuTLS only: +# +# Optional compression. "ALL" selects all available compression methods. +# +# Available compression methods: DEFLATE, LZO, NULL + +TLS_COMPRESSION=ALL + +##NAME: TLS_CERTS:0 +# +# GnuTLS only: +# +# Supported certificate types are X509 and OPENPGP. +# +# OPENPGP has not been tested + +TLS_CERTS=X509 + +##NAME: TLS_TIMEOUT:0 +# TLS_TIMEOUT is currently not implemented, and reserved for future use. +# This is supposed to be an inactivity timeout, but its not yet implemented. +# + +##NAME: TLS_DHCERTFILE:0 +# +# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. +# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA +# you must generate a DH pair that will be used. In most situations the +# DH pair is to be treated as confidential, and the file specified by +# TLS_DHCERTFILE must not be world-readable. +# +# TLS_DHCERTFILE= + +##NAME: TLS_CERTFILE:0 +# +# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS +# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually +# treated as confidential, and must not be world-readable. Set TLS_CERTFILE +# instead of TLS_DHCERTFILE if this is a garden-variety certificate +# +# VIRTUAL HOSTS (servers only): +# +# Due to technical limitations in the original SSL/TLS protocol, a dedicated +# IP address is required for each virtual host certificate. If you have +# multiple certificates, install each certificate file as +# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address +# for the certificate's domain name. So, if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 +# and so on, for each IP address. +# +# GnuTLS only (servers only): +# +# GnuTLS implements a new TLS extension that eliminates the need to have a +# dedicated IP address for each SSL/TLS domain name. Install each certificate +# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, +# then you'll need to install the actual certificate files as +# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com +# and so on. +# +# Note that this TLS extension also requires a corresponding support in the +# client. Older SSL/TLS clients may not support this feature. +# +# This is an experimental feature. + +TLS_CERTFILE=/etc/courier-imap/imapd.pem + +##NAME: TLS_TRUSTCERTS:0 +# +# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. +# pathname can be a file or a directory. If a file, the file should +# contain a list of trusted certificates, in PEM format. If a +# directory, the directory should contain the trusted certificates, +# in PEM format, one per file and hashed using OpenSSL's c_rehash +# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying +# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set +# to PEER or REQUIREPEER). +# + +TLS_TRUSTCERTS=/etc/ssl/certs + +##NAME: TLS_VERIFYPEER:0 +# +# TLS_VERIFYPEER - how to verify client certificates. The possible values of +# this setting are: +# +# NONE - do not verify anything +# +# PEER - verify the client certificate, if one's presented +# +# REQUIREPEER - require a client certificate, fail if one's not presented +# +# +TLS_VERIFYPEER=NONE + + +##NAME: TLS_EXTERNAL:0 +# +# To enable SSL certificate-based authentication: +# +# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate +# authority's SSL certificate +# +# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings +# requires all SSL clients to present a certificate, and rejects +# SSL/TLS connections without a valid cert). +# +# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. +# Example: +# +# TLS_EXTERNAL=emailaddress +# +# The above example retrieves the login ID from the "emailaddress" subject +# field. The certificate's emailaddress subject must match exactly the login +# ID in the courier-authlib database. + +##NAME: TLS_CACHE:0 +# +# A TLS/SSL session cache may slightly improve response for IMAP clients +# that open multiple SSL sessions to the server. TLS_CACHEFILE will be +# automatically created, TLS_CACHESIZE bytes long, and used as a cache +# buffer. +# +# This is an experimental feature and should be disabled if it causes +# problems with SSL clients. Disable SSL caching by commenting out the +# following settings: + +TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache +TLS_CACHESIZE=524288 + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir diff --git a/courier-imap/imapd.cnf b/courier-imap/imapd.cnf new file mode 100644 index 00000000..1078baf3 --- /dev/null +++ b/courier-imap/imapd.cnf @@ -0,0 +1,9 @@ +organization = "Courier Mail Server" +unit = "Automatically-generated IMAP SSL key" +locality = "New York" +state = "NY" +country = US +cn = "localhost" +serial = 001 +expiration_days = 365 +email = "postmaster@example.com" diff --git a/courier-imap/pop3d b/courier-imap/pop3d new file mode 100644 index 00000000..8dd8bd1f --- /dev/null +++ b/courier-imap/pop3d @@ -0,0 +1,155 @@ +##VERSION: $Id: pop3d.dist.in,v 1.16 2005/07/05 12:42:51 mrsam Exp $ +# +# pop3d created from pop3d.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 1998 - 2004 Double Precision, Inc. See COPYING for +# distribution information. +# +# Courier POP3 daemon configuration +# +##NAME: PIDFILE:0 +# + +PIDFILE=/var/run/pop3d.pid + +##NAME: MAXDAEMONS:0 +# +# Maximum number of POP3 servers started +# + +MAXDAEMONS=40 + +##NAME: MAXPERIP:4 +# +# Maximum number of connections to accept from the same IP address + +MAXPERIP=4 + +##NAME: POP3AUTH:1 +# +# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH +# variable: +# +# POP3AUTH="LOGIN" +# +# If you have configured the CRAM-MD5, CRAM-SHA1 or CRAM-SHA256, set POP3AUTH +# to something like this: +# +# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1" + +POP3AUTH="" + +##NAME: POP3AUTH_ORIG:1 +# +# For use by webadmin + +POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" + +##NAME: POP3AUTH_TLS:1 +# +# To also advertise SASL PLAIN if SSL is enabled, uncomment the +# POP3AUTH_TLS environment variable: +# +# POP3AUTH_TLS="LOGIN PLAIN" + +POP3AUTH_TLS="" + +##NAME: POP3AUTH_TLS_ORIG:0 +# +# For use by webadmin + +POP3AUTH_TLS_ORIG="LOGIN PLAIN" + +##NAME: POP3_PROXY:0 +# +# Enable proxying. See README.proxy + +POP3_PROXY=0 + +##NAME: PROXY_HOSTNAME:0 +# +# Override value from gethostname() when checking if a proxy connection is +# required. + +# PROXY_HOSTNAME= + +##NAME: PORT:1 +# +# Port to listen on for connections. The default is port 110. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possibly to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 +# The ADDRESS setting is a default for ports that do not have a specified +# IP address. + +PORT=110 + +##NAME: ADDRESS:0 +# +# IP address to listen on. 0 means all IP addresses. + +ADDRESS=0 + +##NAME: TCPDOPTS:0 +# +# Other couriertcpd(1) options. The following defaults should be fine. +# + +TCPDOPTS="-nodnslookup -noidentlookup" + +##NAME: LOGGEROPTS:0 +# +# courierlogger(1) options. +# + +LOGGEROPTS="-name=pop3d" + +##NAME: DEFDOMAIN:0 +# +# Optional default domain. If the username does not contain the +# first character of DEFDOMAIN, then it is appended to the username. +# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended +# only if the username does not contain any character from DOMAINSEP. +# You can set different default domains based on the the interface IP +# address using the -access and -accesslocal options of couriertcpd(1). + +#DEFDOMAIN="@example.com" + +##NAME: POP3DSTART:0 +# +# POP3DSTART is not referenced anywhere in the standard Courier programs +# or scripts. Rather, this is a convenient flag to be read by your system +# startup script in /etc/rc.d, like this: +# +# . /etc/courier-imap/pop3d +# case x$POP3DSTART in +# x[yY]*) +# /usr/lib64/courier-imap/pop3d.rc start +# ;; +# esac +# +# The default setting is going to be NO, until Courier is shipped by default +# with enough platforms so that people get annoyed with having to flip it to +# YES every time. + +POP3DSTART=NO + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir +# Put any program for ${PRERUN} here +PRERUN= +# Put any program for ${LOGINRUN} here +# this is for relay-ctrl-allow in 4* +LOGINRUN= diff --git a/courier-imap/pop3d-ssl b/courier-imap/pop3d-ssl new file mode 100644 index 00000000..56f55d22 --- /dev/null +++ b/courier-imap/pop3d-ssl @@ -0,0 +1,322 @@ +##VERSION: $Id: pop3d-ssl.dist.in,v 1.22 2008/07/12 20:17:25 mrsam Exp $ +# +# pop3d-ssl created from pop3d-ssl.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 2000-2008 Double Precision, Inc. See COPYING for +# distribution information. +# +# This configuration file sets various options for the Courier-IMAP server +# when used to handle SSL POP3 connections. +# +# SSL and non-SSL connections are handled by a dedicated instance of the +# couriertcpd daemon. If you are accepting both SSL and non-SSL POP3 +# connections, you will start two instances of couriertcpd, one on the +# POP3 port 110, and another one on the POP3-SSL port 995. +# +# Download OpenSSL from http://www.openssl.org/ +# +##NAME: SSLPORT:0 +# +# Options in the pop3d-ssl configuration file AUGMENT the options in the +# pop3d configuration file. First the pop3d configuration file is read, +# then the pop3d-ssl configuration file, so we do not have to redefine +# anything. +# +# However, some things do have to be redefined. The port number is +# specified by SSLPORT, instead of PORT. The default port is port 995. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possibly to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1 +# The SSLADDRESS setting is a default for ports that do not have +# a specified IP address. + +SSLPORT=995 + +##NAME: SSLADDRESS:0 +# +# Address to listen on, can be set to a single IP address. +# +# SSLADDRESS=127.0.0.1 + +SSLADDRESS=0 + +##NAME: SSLPIDFILE:0 +# + +SSLPIDFILE=/var/run/pop3d-ssl.pid + +##NAME: SSLLOGGEROPTS:0 +# +# courierlogger(1) options. +# + +SSLLOGGEROPTS="-name=pop3d-ssl" + +##NAME: POP3DSSLSTART:0 +# +# Whether or not to start POP3 over SSL on spop3 port: + +POP3DSSLSTART=NO + +##NAME: POP3_STARTTLS:0 +# +# Whether or not to implement the POP3 STLS extension: + +POP3_STARTTLS=YES + +##NAME: POP3_TLS_REQUIRED:1 +# +# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. +# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS +# is issued). + +POP3_TLS_REQUIRED=0 + +##NAME: COURIERTLS:0 +# +# The following variables configure POP3 over SSL. If OpenSSL or GnuTLS +# is available during configuration, the couriertls helper gets compiled, and +# upon installation a dummy TLS_CERTFILE gets generated. +# +# WARNING: Peer certificate verification has NOT yet been tested. Proceed +# at your own risk. Only the basic SSL/TLS functionality is known to be +# working. Keep this in mind as you play with the following variables. + +COURIERTLS=/usr/sbin/couriertls + +##NAME: TLS_PROTOCOL:0 +# +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL2 - SSLv2 +# SSL3 - SSLv3 +# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# TLS1 - TLS1 +# +# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST +# setting, below. +# +# GnuTLS: +# +# SSL3 - SSLv3 +# TLS1 - TLS 1.0 +# TLS1_1 - TLS 1.1 +# +# When compiled against GnuTLS, multiple protocols can be selected as follows: +# +# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# +# DEFAULT VALUES: +# +# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) + +##NAME: TLS_STARTTLS_PROTOCOL:0 +# +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS +# extension, as opposed to POP3 over SSL on port 995. +# +# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL + +TLS_STARTTLS_PROTOCOL=TLS1 + +##NAME: TLS_CIPHER_LIST:0 +# +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined +# +# OpenSSL: +# +# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH" +# +# To enable SSL2, remove the obvious "!SSLv2" part from the above list. +# +# +# GnuTLS: +# +# TLS_CIPHER_LIST="HIGH:MEDIUM" +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher + + +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n +# +# GnuTLS only: +# +# Set the minimum number of acceptable bits for a DH key exchange. +# +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. + +##NAME: TLS_KX_LIST:0 +# +# GnuTLS only: +# +# Allowed key exchange protocols. The default of "ALL" should be sufficient. +# The list of supported key exchange protocols depends on the options GnuTLS +# was compiled against, but may include the following: +# +# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT + +TLS_KX_LIST=ALL + +##NAME: TLS_COMPRESSION:0 +# +# GnuTLS only: +# +# Optional compression. "ALL" selects all available compression methods. +# +# Available compression methods: DEFLATE, LZO, NULL + +TLS_COMPRESSION=ALL + +##NAME: TLS_CERTS:0 +# +# GnuTLS only: +# +# Supported certificate types are X509 and OPENPGP. +# +# OPENPGP has not been tested + +TLS_CERTS=X509 + +##NAME: TLS_TIMEOUT:0 +# TLS_TIMEOUT is currently not implemented, and reserved for future use. +# This is supposed to be an inactivity timeout, but its not yet implemented. +# + +##NAME: TLS_DHCERTFILE:0 +# +# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. +# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA +# you must generate a DH pair that will be used. In most situations the +# DH pair is to be treated as confidential, and the file specified by +# TLS_DHCERTFILE must not be world-readable. +# +# TLS_DHCERTFILE= + +##NAME: TLS_CERTFILE:0 +# +# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS +# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually +# treated as confidential, and must not be world-readable. Set TLS_CERTFILE +# instead of TLS_DHCERTFILE if this is a garden-variety certificate +# +# VIRTUAL HOSTS (servers only): +# +# Due to technical limitations in the original SSL/TLS protocol, a dedicated +# IP address is required for each virtual host certificate. If you have +# multiple certificates, install each certificate file as +# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address +# for the certificate's domain name. So, if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 +# and so on, for each IP address. +# +# GnuTLS only (servers only): +# +# GnuTLS implements a new TLS extension that eliminates the need to have a +# dedicated IP address for each SSL/TLS domain name. Install each certificate +# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, +# then you'll need to install the actual certificate files as +# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com +# and so on. +# +# Note that this TLS extension also requires a corresponding support in the +# client. Older SSL/TLS clients may not support this feature. +# +# This is an experimental feature. + +TLS_CERTFILE=/etc/courier-imap/pop3d.pem + +##NAME: TLS_TRUSTCERTS:0 +# +# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. +# pathname can be a file or a directory. If a file, the file should +# contain a list of trusted certificates, in PEM format. If a +# directory, the directory should contain the trusted certificates, +# in PEM format, one per file and hashed using OpenSSL's c_rehash +# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying +# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set +# to PEER or REQUIREPEER). +# + +TLS_TRUSTCERTS=/etc/ssl/certs + +##NAME: TLS_VERIFYPEER:0 +# +# TLS_VERIFYPEER - how to verify client certificates. The possible values of +# this setting are: +# +# NONE - do not verify anything +# +# PEER - verify the client certificate, if one's presented +# +# REQUIREPEER - require a client certificate, fail if one's not presented +# +# +TLS_VERIFYPEER=NONE + +##NAME: TLS_EXTERNAL:0 +# +# To enable SSL certificate-based authentication: +# +# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate +# authority's SSL certificate +# +# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings +# requires all SSL clients to present a certificate, and rejects +# SSL/TLS connections without a valid cert). +# +# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. +# Example: +# +# TLS_EXTERNAL=emailaddress +# +# The above example retrieves the login ID from the "emailaddress" subject +# field. The certificate's emailaddress subject must match exactly the login +# ID in the courier-authlib database. + +##NAME: TLS_CACHE:0 +# +# A TLS/SSL session cache may slightly improve response for long-running +# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE +# bytes long, and used as a cache buffer. +# +# This is an experimental feature and should be disabled if it causes +# problems with SSL clients. Disable SSL caching by commenting out the +# following settings: + +TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache +TLS_CACHESIZE=524288 + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir diff --git a/courier-imap/pop3d.cnf b/courier-imap/pop3d.cnf new file mode 100644 index 00000000..a8a4466e --- /dev/null +++ b/courier-imap/pop3d.cnf @@ -0,0 +1,9 @@ +organization = "Courier Mail Server" +unit = "Automatically-generated POP3 SSL key" +locality = "New York" +state = "NY" +country = US +cn = "localhost" +serial = 001 +expiration_days = 365 +email = "postmaster@example.com" diff --git a/courier-imap/quotawarnmsg.example b/courier-imap/quotawarnmsg.example new file mode 100644 index 00000000..54fad320 --- /dev/null +++ b/courier-imap/quotawarnmsg.example @@ -0,0 +1,13 @@ +X-Comment: Rename/Copy this file to quotawarnmsg, and make appropriate changes +X-Comment: See deliverquota man page for more information +From: Mail Delivery System +Reply-To: support@example.com +To: Valued Customer:; +Subject: Mail quota warning +Mime-Version: 1.0 +Content-Type: text/plain; charset=iso-8859-1 +Content-Transfer-Encoding: 7bit + +Your mailbox on the server is now more than 90% full. So that you can continue +to receive mail you need to remove some messages from your mailbox. + diff --git a/init.d/courier-imapd b/init.d/courier-imapd new file mode 100755 index 00000000..424961b6 --- /dev/null +++ b/init.d/courier-imapd @@ -0,0 +1,36 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $ + +depend() { + need net courier-authlib + use famd +} + +source /etc/courier-imap/imapd + +checkconfig() { + if [[ ! -e /etc/courier-imap/imapd ]] ; then + eerror "You need an /etc/courier-imap/imapd file to run courier-imapd" + return 1 + fi + source /etc/courier-imap/imapd || { + eerror "There are syntax errors in /etc/courier-imap/imapd" + eerror "Please correct them before trying to start courier-imapd" + return 2 + } +} + +start() { + checkconfig || return 1 + ebegin "Starting courier-imapd" + /usr/bin/env - /usr/lib64/courier-imap/gentoo-imapd.rc --pid=${PIDFILE} + eend $? +} + +stop() { + ebegin "Stopping courier-imapd" + start-stop-daemon --quiet --stop --pid=${PIDFILE} + eend $? +} diff --git a/init.d/courier-imapd-ssl b/init.d/courier-imapd-ssl new file mode 100755 index 00000000..94554638 --- /dev/null +++ b/init.d/courier-imapd-ssl @@ -0,0 +1,41 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd-ssl.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $ + +depend() { + need net courier-authlib + use famd +} + +source /etc/courier-imap/imapd-ssl + +checkconfig() { + if [[ ! -e /etc/courier-imap/imapd-ssl ]] ; then + eerror "You need an /etc/courier-imap/imapd-ssl file to run courier-imapd-ssl" + return 1 + fi + source /etc/courier-imap/imapd-ssl || { + eerror "There are syntax errors in /etc/courier-imap/imapd-ssl" + eerror "Please correct them before trying to start courier-imapd-ssl" + return 3 + } + if [[ ! -e "${TLS_CERTFILE}" ]] ; then + eerror "You need to create a SSL certificate to use IMAP over SSL" + eerror "Edit /etc/courier-imap/imapd.cnf, then run: mkimapdcert" + return 2 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting courier-imapd over SSL" + /usr/bin/env - /usr/lib64/courier-imap/gentoo-imapd-ssl.rc --pid=${SSLPIDFILE} + eend $? +} + +stop() { + ebegin "Stopping courier-imapd over SSL" + start-stop-daemon --quiet --stop --pid=${SSLPIDFILE} + eend $? +} diff --git a/init.d/courier-pop3d b/init.d/courier-pop3d new file mode 100755 index 00000000..821f4a5f --- /dev/null +++ b/init.d/courier-pop3d @@ -0,0 +1,36 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $ + +depend() { + need net courier-authlib + use famd +} + +source /etc/courier-imap/pop3d + +checkconfig() { + if [[ ! -e /etc/courier-imap/pop3d ]] ; then + eerror "You need an /etc/courier-imap/pop3d file to run courier-pop3d" + return 1 + fi + source /etc/courier-imap/pop3d || { + eerror "There are syntax errors in /etc/courier-imap/pop3d" + eerror "Please correct them before trying to start courier-pop3d" + return 2 + } +} + +start() { + checkconfig || return 1 + ebegin "Starting courier-pop3d" + /usr/bin/env - /usr/lib64/courier-imap/gentoo-pop3d.rc --pidfile ${PIDFILE} + eend $? +} + +stop() { + ebegin "Stopping courier-pop3d" + start-stop-daemon --quiet --stop --pidfile ${PIDFILE} + eend $? +} diff --git a/init.d/courier-pop3d-ssl b/init.d/courier-pop3d-ssl new file mode 100755 index 00000000..53703afe --- /dev/null +++ b/init.d/courier-pop3d-ssl @@ -0,0 +1,41 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d-ssl.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $ + +depend() { + need net courier-authlib + use famd +} + +source /etc/courier-imap/pop3d-ssl + +checkconfig() { + if [[ ! -e /etc/courier-imap/pop3d-ssl ]] ; then + eerror "You need an /etc/courier-imap/pop3d-ssl file to run courier-pop3d-ssl" + return 1 + fi + source /etc/courier-imap/pop3d-ssl || { + eerror "There are syntax errors in /etc/courier-imap/pop3d-ssl" + eerror "Please correct them before trying to start courier-pop3d-ssl" + return 3 + } + if [[ ! -e "${TLS_CERTFILE}" ]] ; then + eerror "You need to create a SSL certificate to use POP3 over SSL" + eerror "Edit /etc/courier-imap/pop3d.cnf, then run: mkpop3dcert" + return 2 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting courier-pop3d over SSL" + /usr/bin/env - /usr/lib64/courier-imap/gentoo-pop3d-ssl.rc --pidfile ${SSLPIDFILE} + eend $? +} + +stop() { + ebegin "Stopping courier-pop3d over SSL" + start-stop-daemon --quiet --stop --pidfile ${SSLPIDFILE} + eend $? +}