From 69ffc98e224d67ebac91da99babbda4d56852203 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 7 Jan 2017 20:46:42 +0100 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- .etckeeper | 15 +- conf.d/lm_sensors | 11 +- config-archive/etc/conf.d/lm_sensors | 25 + config-archive/etc/conf.d/lm_sensors.dist | 4 + config-archive/etc/courier-imap/imapd | 44 +- config-archive/etc/courier-imap/imapd-ssl | 46 +- config-archive/etc/courier-imap/imapd-ssl.1 | 4 +- .../{imapd-ssl.dist.new => imapd-ssl.2} | 119 +++-- .../etc/courier-imap/imapd-ssl.dist | 132 +++--- config-archive/etc/courier-imap/imapd.1 | 2 +- config-archive/etc/courier-imap/imapd.2 | 429 ++++++++++++++++++ config-archive/etc/courier-imap/imapd.dist | 35 +- .../etc/courier-imap/pop3d-ssl.dist | 119 ++--- .../etc/courier-imap/pop3d-ssl.dist.new | 270 ----------- config-archive/etc/hosts | 5 + config-archive/etc/hosts.1 | 36 ++ .../etc/{hosts.dist.new => hosts.dist} | 6 + config-archive/etc/mdadm.conf | 2 +- config-archive/etc/mdadm.conf.1 | 71 +++ config-archive/etc/mdadm.conf.dist | 4 +- config-archive/etc/postfix/main.cf | 4 +- config-archive/etc/postfix/main.cf.1 | 15 +- config-archive/etc/postfix/main.cf.2 | 7 +- config-archive/etc/postfix/main.cf.3 | 5 +- config-archive/etc/postfix/main.cf.4 | 4 +- config-archive/etc/postfix/main.cf.5 | 29 +- config-archive/etc/postfix/main.cf.6 | 6 +- config-archive/etc/postfix/main.cf.7 | 4 +- config-archive/etc/postfix/main.cf.8 | 4 +- config-archive/etc/postfix/main.cf.9 | 4 +- config-archive/etc/postfix/main.cf.dist | 4 +- ...st.new => postgrey_whitelist_clients.dist} | 25 +- config-archive/etc/rc.conf | 21 +- config-archive/etc/rc.conf.1 | 9 + config-archive/etc/rc.conf.2 | 20 +- config-archive/etc/rc.conf.3 | 10 +- config-archive/etc/rc.conf.4 | 61 ++- config-archive/etc/rc.conf.5 | 2 +- config-archive/etc/rc.conf.6 | 35 +- config-archive/etc/rc.conf.7 | 135 ++++++ config-archive/etc/rc.conf.dist | 45 +- .../etc/{services.dist.new => services.dist} | 12 +- courier-imap/imapd | 35 +- courier-imap/imapd-ssl | 106 ++--- courier-imap/pop3d-ssl | 36 +- hosts | 6 + mdadm.conf | 4 +- portage/package.use | 1 + postfix/main.cf | 4 +- postfix/postgrey_whitelist_clients | 28 +- rc.conf | 45 +- services | 14 +- 52 files changed, 1433 insertions(+), 686 deletions(-) create mode 100644 config-archive/etc/conf.d/lm_sensors create mode 100644 config-archive/etc/conf.d/lm_sensors.dist rename config-archive/etc/courier-imap/{imapd-ssl.dist.new => imapd-ssl.2} (82%) create mode 100644 config-archive/etc/courier-imap/imapd.2 delete mode 100644 config-archive/etc/courier-imap/pop3d-ssl.dist.new create mode 100644 config-archive/etc/hosts.1 rename config-archive/etc/{hosts.dist.new => hosts.dist} (87%) create mode 100644 config-archive/etc/mdadm.conf.1 rename config-archive/etc/postfix/{postgrey_whitelist_clients.dist.new => postgrey_whitelist_clients.dist} (91%) create mode 100644 config-archive/etc/rc.conf.7 rename config-archive/etc/{services.dist.new => services.dist} (98%) diff --git a/.etckeeper b/.etckeeper index 03239eb..40cbf8c 100755 --- a/.etckeeper +++ b/.etckeeper @@ -594,6 +594,8 @@ maybe chmod 0644 'config-archive/etc/conf.d/keymaps' maybe chmod 0644 'config-archive/etc/conf.d/keymaps,v' maybe chmod 0644 'config-archive/etc/conf.d/keymaps.1' maybe chmod 0644 'config-archive/etc/conf.d/keymaps.dist' +maybe chmod 0644 'config-archive/etc/conf.d/lm_sensors' +maybe chmod 0644 'config-archive/etc/conf.d/lm_sensors.dist' maybe chmod 0644 'config-archive/etc/conf.d/modules,v' maybe chmod 0644 'config-archive/etc/conf.d/mysql,v' maybe chmod 0644 'config-archive/etc/conf.d/mysql.dist.new' @@ -624,9 +626,10 @@ maybe chmod 0644 'config-archive/etc/courier-imap/imapd,v' maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl' maybe chmod 0644 'config-archive/etc/courier-imap/imapd-ssl,v' maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.1' +maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.2' maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.dist' -maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.dist.new' maybe chmod 0600 'config-archive/etc/courier-imap/imapd.1' +maybe chmod 0600 'config-archive/etc/courier-imap/imapd.2' maybe chmod 0600 'config-archive/etc/courier-imap/imapd.dist' maybe chmod 0600 'config-archive/etc/courier-imap/pop3d' maybe chmod 0644 'config-archive/etc/courier-imap/pop3d,v' @@ -634,7 +637,6 @@ maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl' maybe chmod 0644 'config-archive/etc/courier-imap/pop3d-ssl,v' maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.1' maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.dist' -maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.dist.new' maybe chmod 0600 'config-archive/etc/courier-imap/pop3d.dist' maybe chmod 0755 'config-archive/etc/courier/authlib' maybe chmod 0660 'config-archive/etc/courier/authlib/authdaemonrc' @@ -689,7 +691,8 @@ maybe chmod 0644 'config-archive/etc/genkernel.conf.3' maybe chmod 0644 'config-archive/etc/genkernel.conf.dist' maybe chmod 0644 'config-archive/etc/hosts' maybe chmod 0644 'config-archive/etc/hosts,v' -maybe chmod 0644 'config-archive/etc/hosts.dist.new' +maybe chmod 0644 'config-archive/etc/hosts.1' +maybe chmod 0644 'config-archive/etc/hosts.dist' maybe chmod 0755 'config-archive/etc/init.d' maybe chmod 0755 'config-archive/etc/init.d/apache2,v' maybe chmod 0755 'config-archive/etc/init.d/atd,v' @@ -753,6 +756,7 @@ maybe chmod 0644 'config-archive/etc/mc/mc.keymap.emacs,v' maybe chmod 0644 'config-archive/etc/mc/mc.menu,v' maybe chmod 0644 'config-archive/etc/mdadm.conf' maybe chmod 0644 'config-archive/etc/mdadm.conf,v' +maybe chmod 0644 'config-archive/etc/mdadm.conf.1' maybe chmod 0644 'config-archive/etc/mdadm.conf.dist' maybe chmod 0644 'config-archive/etc/mke2fs.conf,v' maybe chmod 0644 'config-archive/etc/mlocate-cron.conf,v' @@ -920,7 +924,7 @@ maybe chmod 0644 'config-archive/etc/postfix/master.cf.1' maybe chmod 0644 'config-archive/etc/postfix/master.cf.dist.new' maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients' maybe chmod 0644 'config-archive/etc/postfix/postgrey_whitelist_clients,v' -maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients.dist.new' +maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients.dist' maybe chmod 0644 'config-archive/etc/postfix/saslpass,v' maybe chmod 0644 'config-archive/etc/procmailrc,v' maybe chmod 0644 'config-archive/etc/procmailrc.dist.new' @@ -944,6 +948,7 @@ maybe chmod 0644 'config-archive/etc/rc.conf.3' maybe chmod 0644 'config-archive/etc/rc.conf.4' maybe chmod 0644 'config-archive/etc/rc.conf.5' maybe chmod 0644 'config-archive/etc/rc.conf.6' +maybe chmod 0644 'config-archive/etc/rc.conf.7' maybe chmod 0644 'config-archive/etc/rc.conf.dist' maybe chmod 0755 'config-archive/etc/reoback' maybe chmod 0644 'config-archive/etc/reoback/files.conf' @@ -974,7 +979,7 @@ maybe chmod 0755 'config-archive/etc/security/namespace.init,v' maybe chmod 0644 'config-archive/etc/sensors3.conf,v' maybe chmod 0644 'config-archive/etc/services' maybe chmod 0644 'config-archive/etc/services,v' -maybe chmod 0644 'config-archive/etc/services.dist.new' +maybe chmod 0644 'config-archive/etc/services.dist' maybe chmod 0755 'config-archive/etc/skel' maybe chmod 0644 'config-archive/etc/skel/.bash_logout' maybe chmod 0644 'config-archive/etc/skel/.bash_logout.dist.new' diff --git a/conf.d/lm_sensors b/conf.d/lm_sensors index 5d1353c..721a6de 100644 --- a/conf.d/lm_sensors +++ b/conf.d/lm_sensors @@ -1,10 +1,4 @@ -# Generated by sensors-detect on Tue Jul 24 10:07:08 2012 -# This file is sourced by /etc/init.d/lm_sensors and defines the modules to -# be loaded/unloaded. -# -# The format of this file is a shell script that simply defines variables: -# HWMON_MODULES for hardware monitoring driver modules, and optionally -# BUS_MODULES for any required bus driver module (for example for I2C or SPI). +# /etc/conf.d/lm_sensors # Load modules at startup LOADMODULES=yes @@ -23,3 +17,6 @@ HWMON_MODULES="w83627ehf" # You should use BUS_MODULES and HWMON_MODULES instead if possible. MODULE_0=w83627ehf + +# NOTE: +# For module loading please use /etc/modules-load.d/lm_sensors.conf diff --git a/config-archive/etc/conf.d/lm_sensors b/config-archive/etc/conf.d/lm_sensors new file mode 100644 index 0000000..5d1353c --- /dev/null +++ b/config-archive/etc/conf.d/lm_sensors @@ -0,0 +1,25 @@ +# Generated by sensors-detect on Tue Jul 24 10:07:08 2012 +# This file is sourced by /etc/init.d/lm_sensors and defines the modules to +# be loaded/unloaded. +# +# The format of this file is a shell script that simply defines variables: +# HWMON_MODULES for hardware monitoring driver modules, and optionally +# BUS_MODULES for any required bus driver module (for example for I2C or SPI). + +# Load modules at startup +LOADMODULES=yes + +# Initialize sensors at startup +INITSENSORS=yes + +HWMON_MODULES="w83627ehf" + +# For compatibility reasons, modules are also listed individually as variables +# MODULE_0, MODULE_1, MODULE_2, etc. +# Please note that the numbers in MODULE_X must start at 0 and increase in +# steps of 1. Any number that is missing will make the init script skip the +# rest of the modules. Use MODULE_X_ARGS for arguments. +# +# You should use BUS_MODULES and HWMON_MODULES instead if possible. + +MODULE_0=w83627ehf diff --git a/config-archive/etc/conf.d/lm_sensors.dist b/config-archive/etc/conf.d/lm_sensors.dist new file mode 100644 index 0000000..bae2ea0 --- /dev/null +++ b/config-archive/etc/conf.d/lm_sensors.dist @@ -0,0 +1,4 @@ +# /etc/conf.d/lm_sensors + +# NOTE: +# For module loading please use /etc/modules-load.d/lm_sensors.conf diff --git a/config-archive/etc/courier-imap/imapd b/config-archive/etc/courier-imap/imapd index c0d690d..e817027 100644 --- a/config-archive/etc/courier-imap/imapd +++ b/config-archive/etc/courier-imap/imapd @@ -1,4 +1,4 @@ -##VERSION: $Id: imapd.dist.in,v 1.41 2008/06/21 16:01:23 mrsam Exp $ +##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$ # # imapd created from imapd.dist by sysconftool # @@ -340,6 +340,24 @@ IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 +##NAME: IMAP_LOG_DELETIONS:0 +# +# +# Set IMAP_LOG_DELETIONS to log all message deletions to syslog. +# +# IMAP_LOG_DELETIONS=1 + +##NAME: IMAPDEBUGFILE:0 +# +# IMAPDEBUGFILE="imaplog.dat" +# +# Generate diagnostic logging of IMAP commands. +# +# Set this globally, restart the server. Touch this file in an account's +# maildir directory, and Courier-IMAP will append all IMAP commands received +# for new sessions for this account. NOTE: existing IMAP sessions are not +# affected, only new IMAP logins. + ##NAME: OUTBOX:0 # @@ -388,6 +406,30 @@ SENDMAIL=/usr/sbin/sendmail HEADERFROM=X-IMAP-Sender +##NAME: ID_FIELDS:0 +# +# Have the server be polite, and identify its version to the client. The client +# must be logged in before the server will identify itself. Additionally, +# the client will mutually supply its own software version, and the server will +# log it. +# +# Although the server's banner message identifies itself, in free-form manner, +# this the ID IMAP extension, for clients to log. +# +# IMAP_ID_FIELDS is the sum of the following values: +# +# 1 - identify the version of the IMAP server +# 2 - identify the operating system (if available) +# 4 - identify the operating system release (if available) +# +# A value of 0 identifies the server software only. +# +# Uncomment this setting to enable the IMAP ID extension. One reason you might +# want to enable it is to log the clients' software version. Enabling this +# setting will mutually log the client's software, in the system logs. +# +# IMAP_ID_FIELDS=0 + ##NAME: OUTBOX_MULTIPLE_SEND:0 # # Remove the following comment to allow a COPY of more than one message to diff --git a/config-archive/etc/courier-imap/imapd-ssl b/config-archive/etc/courier-imap/imapd-ssl index 93e9328..9111619 100644 --- a/config-archive/etc/courier-imap/imapd-ssl +++ b/config-archive/etc/courier-imap/imapd-ssl @@ -1,11 +1,11 @@ -##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $ +##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ # # imapd-ssl created from imapd-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for +# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -104,16 +104,27 @@ IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/sbin/couriertls +##NAME: TLS_PRIORITY:0 +# +# GnuTLS setting only +# +# Set TLS protocol priority settings (GnuTLS only) +# +# DEFAULT: NORMAL:-CTYPE-OPENPGP +# +# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" + ##NAME: TLS_PROTOCOL:0 # # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # -# SSL2 - SSLv2 # SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# SSL23 - all protocols (including TLS 1.x protocols) # TLS1 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 # # Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST # setting, below. @@ -131,7 +142,7 @@ COURIERTLS=/usr/sbin/couriertls # DEFAULT VALUES: # # SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) -TLS_PROTOCOL="SSL3" +TLS_PROTOCOL="SSL23" ##NAME: TLS_STARTTLS_PROTOCOL:0 # @@ -149,10 +160,8 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# To enable SSL2, remove the obvious "!SSLv2" part from the above list. -# +# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" # # GnuTLS: # @@ -170,6 +179,9 @@ TLS_STARTTLS_PROTOCOL=TLS1 # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_MIN_DH_BITS:0 # @@ -220,16 +232,6 @@ TLS_CERTS=X509 # This is supposed to be an inactivity timeout, but its not yet implemented. # -##NAME: TLS_DHCERTFILE:0 -# -# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. -# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA -# you must generate a DH pair that will be used. In most situations the -# DH pair is to be treated as confidential, and the file specified by -# TLS_DHCERTFILE must not be world-readable. -# -# TLS_DHCERTFILE= - ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS @@ -264,6 +266,12 @@ TLS_CERTS=X509 TLS_CERTFILE=/etc/courier-imap/imapd.pem +##NAME: TLS_DHPARAMS:0 +# +# TLS_DHPARAMS - DH parameter file. +# +TLS_DHPARAMS=/etc/ssl/dhparams.pem + ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. diff --git a/config-archive/etc/courier-imap/imapd-ssl.1 b/config-archive/etc/courier-imap/imapd-ssl.1 index 92d6619..93e9328 100644 --- a/config-archive/etc/courier-imap/imapd-ssl.1 +++ b/config-archive/etc/courier-imap/imapd-ssl.1 @@ -1,4 +1,4 @@ -##VERSION: $Id: imapd-ssl,v 1.3 2010/10/05 17:35:41 root Exp $ +##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $ # # imapd-ssl created from imapd-ssl.dist by sysconftool # @@ -149,7 +149,7 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH" +# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # To enable SSL2, remove the obvious "!SSLv2" part from the above list. # diff --git a/config-archive/etc/courier-imap/imapd-ssl.dist.new b/config-archive/etc/courier-imap/imapd-ssl.2 similarity index 82% rename from config-archive/etc/courier-imap/imapd-ssl.dist.new rename to config-archive/etc/courier-imap/imapd-ssl.2 index 0811b73..92d6619 100644 --- a/config-archive/etc/courier-imap/imapd-ssl.dist.new +++ b/config-archive/etc/courier-imap/imapd-ssl.2 @@ -1,11 +1,11 @@ -##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ +##VERSION: $Id: imapd-ssl,v 1.3 2010/10/05 17:35:41 root Exp $ # # imapd-ssl created from imapd-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for +# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -104,29 +104,42 @@ IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/sbin/couriertls -##NAME: TLS_PRIORITY:0 -# -# GnuTLS setting only -# -# Set TLS protocol priority settings (GnuTLS only) -# -# DEFAULT: NORMAL:-CTYPE-OPENPGP -# -# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" - ##NAME: TLS_PROTOCOL:0 # # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # +# SSL2 - SSLv2 # SSL3 - SSLv3 -# SSL23 - all protocols (including TLS 1.x protocols) +# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) # TLS1 - TLS1 -# TLSv1.1 - TLS1.1 -# TLSv1.2 - TLS1.2 # -# Leave it unset to use any protocol except SSL 2. +# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST +# setting, below. +# +# GnuTLS: +# +# SSL3 - SSLv3 +# TLS1 - TLS 1.0 +# TLS1_1 - TLS 1.1 +# +# When compiled against GnuTLS, multiple protocols can be selected as follows: +# +# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# +# DEFAULT VALUES: +# +# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) +TLS_PROTOCOL="SSL3" + +##NAME: TLS_STARTTLS_PROTOCOL:0 +# +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS +# extension, as opposed to IMAP over SSL on port 993. +# +# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL +TLS_STARTTLS_PROTOCOL=TLS1 ##NAME: TLS_CIPHER_LIST:0 # @@ -136,7 +149,10 @@ COURIERTLS=/usr/sbin/couriertls # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH" +# +# To enable SSL2, remove the obvious "!SSLv2" part from the above list. +# # # GnuTLS: # @@ -154,46 +170,66 @@ COURIERTLS=/usr/sbin/couriertls # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher -# -# See GnuTLS documentation, gnutls_priority_init(3) for additional -# documentation. -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS -# extension, as opposed to IMAP over SSL on port 993. +##NAME: TLS_MIN_DH_BITS:0 # -# It takes the same values for OpenSSL as TLS_PROTOCOL - -##NAME: TLS_CIPHER_LIST:0 +# TLS_MIN_DH_BITS=n # -# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the -# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST -# undefined +# GnuTLS only: # -# OpenSSL: +# Set the minimum number of acceptable bits for a DH key exchange. # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. + +##NAME: TLS_KX_LIST:0 # +# GnuTLS only: +# +# Allowed key exchange protocols. The default of "ALL" should be sufficient. +# The list of supported key exchange protocols depends on the options GnuTLS +# was compiled against, but may include the following: # +# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT -##NAME: TLS_MIN_DH_BITS:0 +TLS_KX_LIST=ALL + +##NAME: TLS_COMPRESSION:0 # -# TLS_MIN_DH_BITS=n +# GnuTLS only: +# +# Optional compression. "ALL" selects all available compression methods. +# +# Available compression methods: DEFLATE, LZO, NULL + +TLS_COMPRESSION=ALL + +##NAME: TLS_CERTS:0 # # GnuTLS only: # -# Set the minimum number of acceptable bits for a DH key exchange. +# Supported certificate types are X509 and OPENPGP. # -# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server -# have been encountered that offer 512 bit keys. You may have to set -# TLS_MIN_DH_BITS=512 here, if necessary. +# OPENPGP has not been tested + +TLS_CERTS=X509 ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. # This is supposed to be an inactivity timeout, but its not yet implemented. # +##NAME: TLS_DHCERTFILE:0 +# +# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. +# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA +# you must generate a DH pair that will be used. In most situations the +# DH pair is to be treated as confidential, and the file specified by +# TLS_DHCERTFILE must not be world-readable. +# +# TLS_DHCERTFILE= + ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS @@ -228,12 +264,6 @@ COURIERTLS=/usr/sbin/couriertls TLS_CERTFILE=/etc/courier-imap/imapd.pem -##NAME: TLS_DHPARAMS:0 -# -# TLS_DHPARAMS - DH parameter file. -# -TLS_DHPARAMS=/usr/share/dhparams.pem - ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. @@ -262,6 +292,7 @@ TLS_TRUSTCERTS=/etc/ssl/certs # TLS_VERIFYPEER=NONE + ##NAME: TLS_EXTERNAL:0 # # To enable SSL certificate-based authentication: diff --git a/config-archive/etc/courier-imap/imapd-ssl.dist b/config-archive/etc/courier-imap/imapd-ssl.dist index be0fb3f..47ca432 100644 --- a/config-archive/etc/courier-imap/imapd-ssl.dist +++ b/config-archive/etc/courier-imap/imapd-ssl.dist @@ -1,11 +1,11 @@ -##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $ +##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ # # imapd-ssl created from imapd-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for +# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -54,7 +54,7 @@ SSLPIDFILE=/var/run/imapd-ssl.pid ##NAME: SSLLOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # SSLLOGGEROPTS="-name=imapd-ssl" @@ -104,40 +104,48 @@ IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/sbin/couriertls -##NAME: TLS_PROTOCOL:0 -# -# TLS_PROTOCOL sets the protocol version. The possible versions are: +##NAME: TLS_PRIORITY:0 # -# OpenSSL: +# GnuTLS setting only # -# SSL2 - SSLv2 -# SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) -# TLS1 - TLS1 +# Set TLS protocol priority settings (GnuTLS only) # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. +# DEFAULT: NORMAL:-CTYPE-OPENPGP # -# GnuTLS: +# This setting is also used to select the available ciphers. # -# SSL3 - SSLv3 -# TLS1 - TLS 1.0 -# TLS1_1 - TLS 1.1 +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: # -# When compiled against GnuTLS, multiple protocols can be selected as follows: +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL # -# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# Also, the following aliases: # -# DEFAULT VALUES: +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher # -# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS -# extension, as opposed to IMAP over SSL on port 993. +##NAME: TLS_PROTOCOL:0 +# +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL3 - SSLv3 +# SSL23 - all protocols (including TLS 1.x protocols) +# TLSv1 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 +# +# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# higher protocols. # -# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL +# The default value is TLSv1+ ##NAME: TLS_CIPHER_LIST:0 # @@ -147,10 +155,7 @@ COURIERTLS=/usr/sbin/couriertls # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# To enable SSL2, remove the obvious "!SSLv2" part from the above list. -# +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -168,66 +173,46 @@ COURIERTLS=/usr/sbin/couriertls # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher - -##NAME: TLS_MIN_DH_BITS:0 # -# TLS_MIN_DH_BITS=n -# -# GnuTLS only: +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. + +##NAME: TLS_STARTTLS_PROTOCOL:0 # -# Set the minimum number of acceptable bits for a DH key exchange. +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS +# extension, as opposed to IMAP over SSL on port 993. # -# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server -# have been encountered that offer 512 bit keys. You may have to set -# TLS_MIN_DH_BITS=512 here, if necessary. +# It takes the same values for OpenSSL as TLS_PROTOCOL -##NAME: TLS_KX_LIST:0 -# -# GnuTLS only: +##NAME: TLS_CIPHER_LIST:0 # -# Allowed key exchange protocols. The default of "ALL" should be sufficient. -# The list of supported key exchange protocols depends on the options GnuTLS -# was compiled against, but may include the following: +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined # -# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT - -TLS_KX_LIST=ALL - -##NAME: TLS_COMPRESSION:0 +# OpenSSL: # -# GnuTLS only: +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # -# Optional compression. "ALL" selects all available compression methods. # -# Available compression methods: DEFLATE, LZO, NULL -TLS_COMPRESSION=ALL - -##NAME: TLS_CERTS:0 +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n # # GnuTLS only: # -# Supported certificate types are X509 and OPENPGP. +# Set the minimum number of acceptable bits for a DH key exchange. # -# OPENPGP has not been tested - -TLS_CERTS=X509 +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. # This is supposed to be an inactivity timeout, but its not yet implemented. # -##NAME: TLS_DHCERTFILE:0 -# -# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. -# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA -# you must generate a DH pair that will be used. In most situations the -# DH pair is to be treated as confidential, and the file specified by -# TLS_DHCERTFILE must not be world-readable. -# -# TLS_DHCERTFILE= - ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS @@ -262,6 +247,12 @@ TLS_CERTS=X509 TLS_CERTFILE=/etc/courier-imap/imapd.pem +##NAME: TLS_DHPARAMS:0 +# +# TLS_DHPARAMS - DH parameter file. +# +TLS_DHPARAMS=/usr/share/dhparams.pem + ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. @@ -290,7 +281,6 @@ TLS_TRUSTCERTS=/etc/ssl/certs # TLS_VERIFYPEER=NONE - ##NAME: TLS_EXTERNAL:0 # # To enable SSL certificate-based authentication: diff --git a/config-archive/etc/courier-imap/imapd.1 b/config-archive/etc/courier-imap/imapd.1 index 3c6c141..c0d690d 100644 --- a/config-archive/etc/courier-imap/imapd.1 +++ b/config-archive/etc/courier-imap/imapd.1 @@ -1,4 +1,4 @@ -##VERSION: $Id: imapd,v 1.2 2010/10/05 17:24:49 root Exp $ +##VERSION: $Id: imapd.dist.in,v 1.41 2008/06/21 16:01:23 mrsam Exp $ # # imapd created from imapd.dist by sysconftool # diff --git a/config-archive/etc/courier-imap/imapd.2 b/config-archive/etc/courier-imap/imapd.2 new file mode 100644 index 0000000..3c6c141 --- /dev/null +++ b/config-archive/etc/courier-imap/imapd.2 @@ -0,0 +1,429 @@ +##VERSION: $Id: imapd,v 1.2 2010/10/05 17:24:49 root Exp $ +# +# imapd created from imapd.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for +# distribution information. +# +# This configuration file sets various options for the Courier-IMAP server +# when used with the couriertcpd server. +# A lot of the stuff here is documented in the manual page for couriertcpd. +# +# NOTE - do not use \ to split long variable contents on multiple lines. +# This will break the default imapd.rc script, which parses this file. +# +##NAME: ADDRESS:0 +# +# Address to listen on, can be set to a single IP address. +# +# ADDRESS=127.0.0.1 + +ADDRESS=0 + +##NAME: PORT:1 +# +# Port numbers that connections are accepted on. The default is 143, +# the standard IMAP port. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possible to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 +# The previous ADDRESS setting is a default for ports that do not have +# a specified IP address. + +PORT=143 + +##NAME: AUTHSERVICE:0 +# +# It's possible to authenticate using a different 'service' parameter +# depending on the connection's port. This only works with authentication +# modules that use the 'service' parameter, such as PAM. Example: +# +# AUTHSERVICE143=imap +# AUTHSERVICE993=imaps + +##NAME: MAXDAEMONS:0 +# +# Maximum number of IMAP servers started +# + +MAXDAEMONS=40 + +##NAME: MAXPERIP:0 +# +# Maximum number of connections to accept from the same IP address + +MAXPERIP=10 + +##NAME: PIDFILE:0 +# +# File where couriertcpd will save its process ID +# + +PIDFILE=/var/run/imapd.pid + +##NAME: TCPDOPTS:0 +# +# Miscellaneous couriertcpd options that shouldn't be changed. +# + +TCPDOPTS="-nodnslookup -noidentlookup" + +##NAME: LOGGEROPTS:0 +# +# courierlogger(1) options. +# + +LOGGEROPTS="-name=imapd" + +##NAME: DEFDOMAIN:0 +# +# Optional default domain. If the username does not contain the +# first character of DEFDOMAIN, then it is appended to the username. +# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended +# only if the username does not contain any character from DOMAINSEP. +# You can set different default domains based on the the interface IP +# address using the -access and -accesslocal options of couriertcpd(1). + +#DEFDOMAIN="@example.com" + +##NAME: IMAP_CAPABILITY:1 +# +# IMAP_CAPABILITY specifies what most of the response should be to the +# CAPABILITY command. +# +# If you have properly configured Courier to use CRAM-MD5, CRAM-SHA1, or +# CRAM-SHA256 authentication (see INSTALL), set IMAP_CAPABILITY as follows: +# +# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" +# + +IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" + +##NAME: KEYWORDS_CAPABILITY:0 +# +# IMAP_KEYWORDS=1 enables custom IMAP keywords. Set this option to 0 to +# disable custom keywords. +# +# IMAP_KEYWORDS=2 also enables custom IMAP keywords, but uses a slower +# algorithm. Use this setting if keyword-related problems occur when +# multiple IMAP clients are updating keywords on the same message. + +IMAP_KEYWORDS=1 + +##NAME: ACL_CAPABILITY:0 +# +# IMAP_ACL=1 enables IMAP ACL extension. Set this option to 0 to +# disable ACL capabilities announce. + +IMAP_ACL=1 + +##NAME: SMAP1_CAPABILITY:0 +# +# EXPERIMENTAL +# +# To enable the experimental "Simple Mail Access Protocol" extensions, +# uncomment the following setting. +# +# SMAP_CAPABILITY=SMAP1 + +##NAME: IMAP_CAPABILITY_ORIG:2 +# +# For use by webadmin + +IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" + +##NAME: IMAP_PROXY:0 +# +# Enable proxying. See README.proxy + +IMAP_PROXY=0 + +##NAME: PROXY_HOSTNAME:0 +# +# Override value from gethostname() when checking if a proxy connection is +# required. +# +# PROXY_HOSTNAME= + +##NAME: IMAP_PROXY_FOREIGN:0 +# +# Proxying to non-Courier servers. Re-sends the CAPABILITY command after +# logging in to the remote server. May not work with all IMAP clients. + +IMAP_PROXY_FOREIGN=0 + +##NAME: IMAP_IDLE_TIMEOUT:0 +# +# This setting controls how often +# the server polls for changes to the folder, in IDLE mode (in seconds). + +IMAP_IDLE_TIMEOUT=60 + +##NAME: IMAP_MAILBOX_SANITY_CHECK:0 +# +# Sanity check -- make sure home directory and maildir's ownership matches +# the IMAP server's effective uid and gid + +IMAP_MAILBOX_SANITY_CHECK=1 + +##NAME: IMAP_CAPABILITY_TLS:0 +# +# The following setting will advertise SASL PLAIN authentication after +# STARTTLS is established. If you want to allow SASL PLAIN authentication +# with or without TLS then just comment this out, and add AUTH=PLAIN to +# IMAP_CAPABILITY + +IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" + +##NAME: IMAP_TLS_ORIG:0 +# +# For use by webadmin + +IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" + +##NAME: IMAP_DISABLETHREADSORT:0 +# +# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands - +# server side sorting and threading. +# +# Those capabilities will still be advertised, but the server will reject +# them. Set this option if you want to disable all the extra load from +# server-side threading and sorting. Not advertising those capabilities +# will simply result in the clients reading the entire folder, and sorting +# it on the client side. That will still put some load on the server. +# advertising these capabilities, but rejecting the commands, will stop this +# silliness. +# + +IMAP_DISABLETHREADSORT=0 + +##NAME: IMAP_CHECK_ALL_FOLDERS:0 +# +# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new +# mail in every folder. Not all IMAP clients use the IMAP's new mail +# indicator, but some do. Normally new mail is checked only in INBOX, +# because it is a comparatively time consuming operation, and it would be +# a complete waste of time unless mail filters are used to deliver +# mail directly to folders. +# +# When IMAP clients are used which support new mail indication, and when +# mail filters are used to sort incoming mail into folders, setting +# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new +# mail in folders. Note that this will result in slightly more load on the +# server. +# + +IMAP_CHECK_ALL_FOLDERS=0 + +##NAME: IMAP_OBSOLETE_CLIENT:0 +# +# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean +# what \\HasNoChildren really means. + +IMAP_OBSOLETE_CLIENT=0 + +##NAME: IMAP_UMASK:0 +# +# IMAP_UMASK sets the umask of the server process. The value of IMAP_UMASK is +# simply passed to the "umask" command. The default value is 022. +# +# This feature is mostly useful for shared folders, where the file permissions +# of the messages may be important. + +IMAP_UMASK=022 + +##NAME: IMAP_ULIMITD:0 +# +# IMAP_ULIMITD sets the maximum size of the data segment of the server +# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d" +# command (or ulimit -v). The argument to ulimi sets the upper limit on the +# size of the data segment of the server process, in kilobytes. The default +# value of 65536 sets a very generous limit of 64 megabytes, which should +# be more than plenty for anyone. +# +# This feature is used as an additional safety check that should stop +# any potential denial-of-service attacks that exploit any kind of +# a memory leak to exhaust all the available memory on the server. +# It is theoretically possible that obscenely huge folders will also +# result in the server running out of memory when doing server-side +# sorting (by my calculations you have to have at least 100,000 messages +# in a single folder, for that to happen). + +IMAP_ULIMITD=65536 + +##NAME: IMAP_USELOCKS:0 +# +# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent +# multiple access to the same folder. This incurs slight additional +# overhead. Concurrent multiple access will still work without this setting, +# however occasionally a minor race condition may result in an IMAP client +# downloading the same message twice, or a keyword update will fail. +# +# IMAP_USELOCKS=1 is strongly recommended when shared folders are used. + +IMAP_USELOCKS=1 + +##NAME: IMAP_SHAREDINDEXFILE:0 +# +# The index of all accessible folders. Do not change this setting unless +# you know what you're doing. See README.sharedfolders for additional +# information. + +IMAP_SHAREDINDEXFILE=/etc/courier-imap/shared/index + +##NAME: IMAP_ENHANCEDIDLE:0 +# +# If Courier was compiled with the File Alteration Monitor, setting +# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple +# clients may open the same folder concurrently, and receive updates to +# folder contents in realtime. See the imapd(8) man page for additional +# information. +# +# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included +# in the IMAP_CAPABILITY list. +# + +IMAP_ENHANCEDIDLE=0 + +##NAME: IMAP_TRASHFOLDERNAME:0 +# +# The name of the magic trash Folder. For MSOE compatibility, +# you can set IMAP_TRASHFOLDERNAME="Deleted Items". +# +# IMPORTANT: If you change this, you must also change IMAP_EMPTYTRASH + +IMAP_TRASHFOLDERNAME=Trash + +##NAME: IMAP_EMPTYTRASH:0 +# +# The following setting is optional, and causes messages from the given +# folder to be automatically deleted after the given number of days. +# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default +# setting, below, purges 7 day old messages from the Trash folder. +# Another useful setting would be: +# +# IMAP_EMPTYTRASH=Trash:7,Sent:30 +# +# This would also delete messages from the Sent folder (presumably copies +# of sent mail) after 30 days. This is a global setting that is applied to +# every mail account, and is probably useful in a controlled, corporate +# environment. +# +# Important: the purging is controlled by CTIME, not MTIME (the file time +# as shown by ls). It is perfectly ordinary to see stuff in Trash that's +# a year old. That's the file modification time, MTIME, that's displayed. +# This is generally when the message was originally delivered to this +# mailbox. Purging is controlled by a different timestamp, CTIME, which is +# changed when the file is moved to the Trash folder (and at other times too). +# +# You might want to disable this setting in certain situations - it results +# in a stat() of every file in each folder, at login and logout. +# + +IMAP_EMPTYTRASH=Trash:7 + +##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0 +# +# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This +# effectively allows an undo of message deletion by fishing the deleted +# mail from trash. Trash can be manually expunged as usually, and mail +# will get automatically expunged from Trash according to IMAP_EMPTYTRASH. +# +# NOTE: shared folders are still expunged as usual. Shared folders are +# not affected. +# + +IMAP_MOVE_EXPUNGE_TO_TRASH=0 + + +##NAME: OUTBOX:0 +# +# The next set of options deal with the "Outbox" enhancement. +# Uncomment the following setting to create a special folder, named +# INBOX.Outbox +# +# OUTBOX=.Outbox + +##NAME: SENDMAIL:0 +# +# If OUTBOX is defined, mail can be sent via the IMAP connection by copying +# a message to the INBOX.Outbox folder. For all practical matters, +# INBOX.Outbox looks and behaves just like any other IMAP folder. If this +# folder doesn't exist it must be created by the IMAP mail client, just +# like any other IMAP folder. The kicker: any message copied or moved to +# this folder is will be E-mailed by the Courier-IMAP server, by running +# the SENDMAIL program. Therefore, messages copied or moved to this +# folder must be well-formed RFC-2822 messages, with the recipient list +# specified in the To:, Cc:, and Bcc: headers. Courier-IMAP relies on +# SENDMAIL to read the recipient list from these headers (and delete the Bcc: +# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the +# message piped on standard input. $SENDER will be the return address +# of the message, which is set by the authentication module. +# +# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing. +# + +SENDMAIL=/usr/sbin/sendmail + +##NAME: HEADERFROM:0 +# +# For administrative and oversight purposes, the return address, $SENDER +# will also be saved in the X-IMAP-Sender mail header. This header gets +# added to the sent E-mail (but it doesn't get saved in the copy of the +# message that's saved in the folder) +# +# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive +# the magic OUTBOX treatment. Therefore advance LARTing is in order for +# _all_ of your lusers, until every one of them is aware of this. Otherwise if +# OUTBOX is left at its default setting - a folder name that might be used +# accidentally - some people may be in for a rude surprise. You can redefine +# the name of the magic folder by changing OUTBOX, above. You should do that +# and pick a less-obvious name. Perhaps brand it with your organizational +# name ( OUTBOX=.WidgetsAndSonsOutbox ) + +HEADERFROM=X-IMAP-Sender + +##NAME: OUTBOX_MULTIPLE_SEND:0 +# +# Remove the following comment to allow a COPY of more than one message to +# the Outbox, at a time. +# +# OUTBOX_MULTIPLE_SEND=1 + +##NAME: IMAPDSTART:0 +# +# IMAPDSTART is not used directly. Rather, this is a convenient flag to +# be read by your system startup script in /etc/rc.d, like this: +# +# . /etc/courier-imap/imapd +# +# case x$IMAPDSTART in +# x[yY]*) +# /usr/lib64/courier-imap/imapd.rc start +# ;; +# esac +# +# The default setting is going to be NO, so you'll have to manually flip +# it to yes. + +IMAPDSTART=YES + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir +# Put any program for ${PRERUN} here +PRERUN= +# Put any program for ${LOGINRUN} here +# this is for relay-ctrl-allow in 4* +LOGINRUN= diff --git a/config-archive/etc/courier-imap/imapd.dist b/config-archive/etc/courier-imap/imapd.dist index 7c20c45..d58ca75 100644 --- a/config-archive/etc/courier-imap/imapd.dist +++ b/config-archive/etc/courier-imap/imapd.dist @@ -1,11 +1,11 @@ -##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$ +##VERSION: $Id: 106596a150c4585c41d65f60a17e173402125332-20150610064018$ # # imapd created from imapd.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for +# Copyright 1998 - 2015 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -73,16 +73,22 @@ PIDFILE=/var/run/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" +##NAME: ACCESSFILE:0 +# +# IMAP access file. + +IMAPACCESSFILE=/etc/courier-imap/imapaccess + ##NAME: LOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # LOGGEROPTS="-name=imapd" ##NAME: DEFDOMAIN:0 # -# Optional default domain. If the username does not contain the +# Optional default domain. If the username does not contain the # first character of DEFDOMAIN, then it is appended to the username. # If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended # only if the username does not contain any character from DOMAINSEP. @@ -347,6 +353,27 @@ IMAP_MOVE_EXPUNGE_TO_TRASH=0 # # IMAP_LOG_DELETIONS=1 +##NAME: AUTH_MKHOMEDIR_SKEL:0 +# +# Uncomment this setting to automatically create a home directory on first +# login. if the AUTH_MKHOMEDIR_SKEL environment variable is set, and the +# home directory does not exist, the home directory gets created, with its +# initial contents copied from AUTH_MKHOMEDIR_SKEL which must be a directory, +# typically /etc/skel. +# +# Note that this must be a complete home directory structure, including +# the maildir. Typically: +# +# mkdir /etc/skel +# chmod 700 /etc/skel +# maildirmak /etc/skel/Maildir +# +# This directory gets copied as is, preserving each file/subdirectory's +# permissions, with only userid/groupid changed to match the account's. +# +# +# AUTH_MKHOMEDIR_SKEL=/etc/skel + ##NAME: IMAPDEBUGFILE:0 # # IMAPDEBUGFILE="imaplog.dat" diff --git a/config-archive/etc/courier-imap/pop3d-ssl.dist b/config-archive/etc/courier-imap/pop3d-ssl.dist index 472fa52..7f5fc42 100644 --- a/config-archive/etc/courier-imap/pop3d-ssl.dist +++ b/config-archive/etc/courier-imap/pop3d-ssl.dist @@ -1,11 +1,11 @@ -##VERSION: $Id: pop3d-ssl.dist.in,v 1.23 2009/08/12 22:25:49 mrsam Exp $ +##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ # # pop3d-ssl created from pop3d-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000-2008 Double Precision, Inc. See COPYING for +# Copyright 2000-2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -52,7 +52,7 @@ SSLPIDFILE=/var/run/pop3d-ssl.pid ##NAME: SSLLOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # SSLLOGGEROPTS="-name=pop3d-ssl" @@ -89,42 +89,48 @@ POP3_TLS_REQUIRED=0 COURIERTLS=/usr/sbin/couriertls -##NAME: TLS_PROTOCOL:0 -# -# TLS_PROTOCOL sets the protocol version. The possible versions are: +##NAME: TLS_PRIORITY:0 # -# OpenSSL: +# Set TLS protocol priority settings (GnuTLS only) # -# SSL2 - SSLv2 -# SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) -# TLS1 - TLS1 +# DEFAULT: NORMAL:-CTYPE-OPENPGP # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. +# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" # -# GnuTLS: +# This setting is also used to select the available ciphers. # -# SSL3 - SSLv3 -# TLS1 - TLS 1.0 -# TLS1_1 - TLS 1.1 +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: # -# When compiled against GnuTLS, multiple protocols can be selected as follows: +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL # -# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# Also, the following aliases: # -# DEFAULT VALUES: +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher # -# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS -# extension, as opposed to POP3 over SSL on port 995. +##NAME: TLS_PROTOCOL:0 # -# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL - -TLS_STARTTLS_PROTOCOL=TLS1 +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL3 - SSLv3 +# SSL23 - all protocols (including TLS 1.x protocols) +# TLSv11 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 +# +# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# higher protocols. +# +# The default value is TLSv1+ ##NAME: TLS_CIPHER_LIST:0 # @@ -134,10 +140,7 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# To enable SSL2, remove the obvious "!SSLv2" part from the above list. -# +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -155,7 +158,9 @@ TLS_STARTTLS_PROTOCOL=TLS1 # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher - +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_MIN_DH_BITS:0 # @@ -169,53 +174,11 @@ TLS_STARTTLS_PROTOCOL=TLS1 # have been encountered that offer 512 bit keys. You may have to set # TLS_MIN_DH_BITS=512 here, if necessary. -##NAME: TLS_KX_LIST:0 -# -# GnuTLS only: -# -# Allowed key exchange protocols. The default of "ALL" should be sufficient. -# The list of supported key exchange protocols depends on the options GnuTLS -# was compiled against, but may include the following: -# -# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT - -TLS_KX_LIST=ALL - -##NAME: TLS_COMPRESSION:0 -# -# GnuTLS only: -# -# Optional compression. "ALL" selects all available compression methods. -# -# Available compression methods: DEFLATE, LZO, NULL - -TLS_COMPRESSION=ALL - -##NAME: TLS_CERTS:0 -# -# GnuTLS only: -# -# Supported certificate types are X509 and OPENPGP. -# -# OPENPGP has not been tested - -TLS_CERTS=X509 - ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. # This is supposed to be an inactivity timeout, but its not yet implemented. # -##NAME: TLS_DHCERTFILE:0 -# -# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. -# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA -# you must generate a DH pair that will be used. In most situations the -# DH pair is to be treated as confidential, and the file specified by -# TLS_DHCERTFILE must not be world-readable. -# -# TLS_DHCERTFILE= - ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS @@ -250,6 +213,12 @@ TLS_CERTS=X509 TLS_CERTFILE=/etc/courier-imap/pop3d.pem +##NAME: TLS_DHPARAMS:0 +# +# TLS_DHPARAMS - DH parameter file. +# +TLS_DHPARAMS=/usr/share/dhparams.pem + ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. diff --git a/config-archive/etc/courier-imap/pop3d-ssl.dist.new b/config-archive/etc/courier-imap/pop3d-ssl.dist.new deleted file mode 100644 index 8597a05..0000000 --- a/config-archive/etc/courier-imap/pop3d-ssl.dist.new +++ /dev/null @@ -1,270 +0,0 @@ -##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ -# -# pop3d-ssl created from pop3d-ssl.dist by sysconftool -# -# Do not alter lines that begin with ##, they are used when upgrading -# this configuration. -# -# Copyright 2000-2013 Double Precision, Inc. See COPYING for -# distribution information. -# -# This configuration file sets various options for the Courier-IMAP server -# when used to handle SSL POP3 connections. -# -# SSL and non-SSL connections are handled by a dedicated instance of the -# couriertcpd daemon. If you are accepting both SSL and non-SSL POP3 -# connections, you will start two instances of couriertcpd, one on the -# POP3 port 110, and another one on the POP3-SSL port 995. -# -# Download OpenSSL from http://www.openssl.org/ -# -##NAME: SSLPORT:0 -# -# Options in the pop3d-ssl configuration file AUGMENT the options in the -# pop3d configuration file. First the pop3d configuration file is read, -# then the pop3d-ssl configuration file, so we do not have to redefine -# anything. -# -# However, some things do have to be redefined. The port number is -# specified by SSLPORT, instead of PORT. The default port is port 995. -# -# Multiple port numbers can be separated by commas. When multiple port -# numbers are used it is possibly to select a specific IP address for a -# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900" -# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1 -# The SSLADDRESS setting is a default for ports that do not have -# a specified IP address. - -SSLPORT=995 - -##NAME: SSLADDRESS:0 -# -# Address to listen on, can be set to a single IP address. -# -# SSLADDRESS=127.0.0.1 - -SSLADDRESS=0 - -##NAME: SSLPIDFILE:0 -# - -SSLPIDFILE=/var/run/pop3d-ssl.pid - -##NAME: SSLLOGGEROPTS:0 -# -# courierlogger(1) options. -# - -SSLLOGGEROPTS="-name=pop3d-ssl" - -##NAME: POP3DSSLSTART:0 -# -# Whether or not to start POP3 over SSL on spop3 port: - -POP3DSSLSTART=NO - -##NAME: POP3_STARTTLS:0 -# -# Whether or not to implement the POP3 STLS extension: - -POP3_STARTTLS=YES - -##NAME: POP3_TLS_REQUIRED:1 -# -# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. -# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS -# is issued). - -POP3_TLS_REQUIRED=0 - -##NAME: COURIERTLS:0 -# -# The following variables configure POP3 over SSL. If OpenSSL or GnuTLS -# is available during configuration, the couriertls helper gets compiled, and -# upon installation a dummy TLS_CERTFILE gets generated. -# -# WARNING: Peer certificate verification has NOT yet been tested. Proceed -# at your own risk. Only the basic SSL/TLS functionality is known to be -# working. Keep this in mind as you play with the following variables. - -COURIERTLS=/usr/sbin/couriertls - -##NAME: TLS_PRIORITY:0 -# -# Set TLS protocol priority settings (GnuTLS only) -# -# DEFAULT: NORMAL:-CTYPE-OPENPGP -# -# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" - -##NAME: TLS_PROTOCOL:0 -# -# TLS_PROTOCOL sets the protocol version. The possible versions are: -# -# OpenSSL: -# -# SSL3 - SSLv3 -# SSL23 - all protocols (including TLS 1.x protocols) -# TLS1 - TLS1 -# TLSv1.1 - TLS1.1 -# TLSv1.2 - TLS1.2 -# -# Leave it unset to use any protocol except SSL 2. - -##NAME: TLS_CIPHER_LIST:0 -# -# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the -# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST -# undefined -# -# OpenSSL: -# -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# GnuTLS: -# -# TLS_CIPHER_LIST="HIGH:MEDIUM" -# -# The actual list of available ciphers depend on the options GnuTLS was -# compiled against. The possible ciphers are: -# -# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL -# -# Also, the following aliases: -# -# HIGH -- all ciphers that use more than a 128 bit key size -# MEDIUM -- all ciphers that use a 128 bit key size -# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher -# is not included -# ALL -- all ciphers except the NULL cipher -# -# See GnuTLS documentation, gnutls_priority_init(3) for additional -# documentation. - -##NAME: TLS_MIN_DH_BITS:0 -# -# TLS_MIN_DH_BITS=n -# -# GnuTLS only: -# -# Set the minimum number of acceptable bits for a DH key exchange. -# -# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server -# have been encountered that offer 512 bit keys. You may have to set -# TLS_MIN_DH_BITS=512 here, if necessary. - -##NAME: TLS_TIMEOUT:0 -# TLS_TIMEOUT is currently not implemented, and reserved for future use. -# This is supposed to be an inactivity timeout, but its not yet implemented. -# - -##NAME: TLS_CERTFILE:0 -# -# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS -# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually -# treated as confidential, and must not be world-readable. Set TLS_CERTFILE -# instead of TLS_DHCERTFILE if this is a garden-variety certificate -# -# VIRTUAL HOSTS (servers only): -# -# Due to technical limitations in the original SSL/TLS protocol, a dedicated -# IP address is required for each virtual host certificate. If you have -# multiple certificates, install each certificate file as -# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address -# for the certificate's domain name. So, if TLS_CERTFILE is set to -# /etc/certificate.pem, then you'll need to install the actual certificate -# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 -# and so on, for each IP address. -# -# GnuTLS only (servers only): -# -# GnuTLS implements a new TLS extension that eliminates the need to have a -# dedicated IP address for each SSL/TLS domain name. Install each certificate -# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, -# then you'll need to install the actual certificate files as -# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com -# and so on. -# -# Note that this TLS extension also requires a corresponding support in the -# client. Older SSL/TLS clients may not support this feature. -# -# This is an experimental feature. - -TLS_CERTFILE=/etc/courier-imap/pop3d.pem - -##NAME: TLS_DHPARAMS:0 -# -# TLS_DHPARAMS - DH parameter file. -# -TLS_DHPARAMS=/usr/share/dhparams.pem - -##NAME: TLS_TRUSTCERTS:0 -# -# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. -# pathname can be a file or a directory. If a file, the file should -# contain a list of trusted certificates, in PEM format. If a -# directory, the directory should contain the trusted certificates, -# in PEM format, one per file and hashed using OpenSSL's c_rehash -# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying -# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set -# to PEER or REQUIREPEER). -# - -TLS_TRUSTCERTS=/etc/ssl/certs - -##NAME: TLS_VERIFYPEER:0 -# -# TLS_VERIFYPEER - how to verify client certificates. The possible values of -# this setting are: -# -# NONE - do not verify anything -# -# PEER - verify the client certificate, if one's presented -# -# REQUIREPEER - require a client certificate, fail if one's not presented -# -# -TLS_VERIFYPEER=NONE - -##NAME: TLS_EXTERNAL:0 -# -# To enable SSL certificate-based authentication: -# -# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate -# authority's SSL certificate -# -# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings -# requires all SSL clients to present a certificate, and rejects -# SSL/TLS connections without a valid cert). -# -# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. -# Example: -# -# TLS_EXTERNAL=emailaddress -# -# The above example retrieves the login ID from the "emailaddress" subject -# field. The certificate's emailaddress subject must match exactly the login -# ID in the courier-authlib database. - -##NAME: TLS_CACHE:0 -# -# A TLS/SSL session cache may slightly improve response for long-running -# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE -# bytes long, and used as a cache buffer. -# -# This is an experimental feature and should be disabled if it causes -# problems with SSL clients. Disable SSL caching by commenting out the -# following settings: - -TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache -TLS_CACHESIZE=524288 - -##NAME: MAILDIRPATH:0 -# -# MAILDIRPATH - directory name of the maildir directory. -# -MAILDIRPATH=Maildir - -# Hardwire a value for ${MAILDIR} -MAILDIR=.maildir -MAILDIRPATH=.maildir diff --git a/config-archive/etc/hosts b/config-archive/etc/hosts index 43d0c67..d16bd02 100644 --- a/config-archive/etc/hosts +++ b/config-archive/etc/hosts @@ -15,6 +15,11 @@ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df helga.brehm-online.com helga h1763652.stratoserver.net h1763652 2001:6f8:1c00:365::2 home.brehm-online.com +#2a02:8109:9300:488:5604:a6ff:fe38:99f9 bruni bruni.home.brehm-online.com +2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9 bruni bruni.home.brehm-online.com +2a02:8109:ae3f:fa04:fdab:16f0:c83a:d1f7 olga olga.home.brehm-online.com + +#185.48.117.162 fratest.profitbricks.com # # Imaginary network. diff --git a/config-archive/etc/hosts.1 b/config-archive/etc/hosts.1 new file mode 100644 index 0000000..43d0c67 --- /dev/null +++ b/config-archive/etc/hosts.1 @@ -0,0 +1,36 @@ +# /etc/hosts: Local Host Database +# +# This file describes a number of aliases-to-address mappings for the for +# local hosts that share this file. +# +# In the presence of the domain name service or NIS, this file may not be +# consulted at all; see /etc/host.conf for the resolution order. +# + +# IPv4 and IPv6 localhost aliases +127.0.0.1 localhost +::1 localhost + +85.214.134.152 helga.brehm-online.com helga h1763652.stratoserver.net h1763652 +2a01:238:4225:6e00:8f8c:808a:7fb8:88df helga.brehm-online.com helga h1763652.stratoserver.net h1763652 + +2001:6f8:1c00:365::2 home.brehm-online.com + +# +# Imaginary network. +#10.0.0.2 myname +#10.0.0.3 myfriend +# +# According to RFC 1918, you can use the following IP networks for private +# nets which will never be connected to the Internet: +# +# 10.0.0.0 - 10.255.255.255 +# 172.16.0.0 - 172.31.255.255 +# 192.168.0.0 - 192.168.255.255 +# +# In case you want to be able to connect directly to the Internet (i.e. not +# behind a NAT, ADSL router, etc...), you need real official assigned +# numbers. Do not try to invent your own network numbers but instead get one +# from your network provider (if any) or from your regional registry (ARIN, +# APNIC, LACNIC, RIPE NCC, or AfriNIC.) +# diff --git a/config-archive/etc/hosts.dist.new b/config-archive/etc/hosts.dist similarity index 87% rename from config-archive/etc/hosts.dist.new rename to config-archive/etc/hosts.dist index 8a37ca5..b3d3721 100644 --- a/config-archive/etc/hosts.dist.new +++ b/config-archive/etc/hosts.dist @@ -3,6 +3,12 @@ # This file describes a number of aliases-to-address mappings for the for # local hosts that share this file. # +# The format of lines in this file is: +# +# IP_ADDRESS canonical_hostname [aliases...] +# +#The fields can be separated by any number of spaces or tabs. +# # In the presence of the domain name service or NIS, this file may not be # consulted at all; see /etc/host.conf for the resolution order. # diff --git a/config-archive/etc/mdadm.conf b/config-archive/etc/mdadm.conf index 3ec36db..5d95f56 100644 --- a/config-archive/etc/mdadm.conf +++ b/config-archive/etc/mdadm.conf @@ -59,7 +59,7 @@ # When used in --follow (aka --monitor) mode, mdadm needs a # mail address and/or a program. This can be given with "mailaddr" # and "program" lines to that monitoring can be started using -# mdadm --follow --scan & echo $! > /var/run/mdadm +# mdadm --follow --scan & echo $! > /run/mdadm/mon.pid # If the lines are not found, mdadm will exit quietly MAILADDR frank@brehm-online.com #PROGRAM /usr/sbin/handle-mdadm-events diff --git a/config-archive/etc/mdadm.conf.1 b/config-archive/etc/mdadm.conf.1 new file mode 100644 index 0000000..3ec36db --- /dev/null +++ b/config-archive/etc/mdadm.conf.1 @@ -0,0 +1,71 @@ +# mdadm configuration file +# +# mdadm will function properly without the use of a configuration file, +# but this file is useful for keeping track of arrays and member disks. +# In general, a mdadm.conf file is created, and updated, after arrays +# are created. This is the opposite behavior of /etc/raidtab which is +# created prior to array construction. +# +# +# the config file takes two types of lines: +# +# DEVICE lines specify a list of devices of where to look for +# potential member disks +# +# ARRAY lines specify information about how to identify arrays so +# so that they can be activated +# +# You can have more than one device line and use wild cards. The first +# example includes SCSI the first partition of SCSI disks /dev/sdb, +# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second +# line looks for array slices on IDE disks. +# +#DEVICE /dev/sd[bcdjkl]1 +#DEVICE /dev/hda1 /dev/hdb1 +# +# If you mount devfs on /dev, then a suitable way to list all devices is: +#DEVICE /dev/discs/*/* +# +# +# The AUTO line can control which arrays get assembled by auto-assembly, +# meaing either "mdadm -As" when there are no 'ARRAY' lines in this file, +# or "mdadm --incremental" when the array found is not listed in this file. +# By default, all arrays that are found are assembled. +# If you want to ignore all DDF arrays (maybe they are managed by dmraid), +# and only assemble 1.x arrays if which are marked for 'this' homehost, +# but assemble all others, then use +#AUTO -ddf homehost -1.x +all +# +# ARRAY lines specify an array to assemble and a method of identification. +# Arrays can currently be identified by using a UUID, superblock minor number, +# or a listing of devices. +# +# super-minor is usually the minor number of the metadevice +# UUID is the Universally Unique Identifier for the array +# Each can be obtained using +# +# mdadm -D +# +#ARRAY /dev/md0 UUID=3aaa0122:29827cfa:5331ad66:ca767371 +#ARRAY /dev/md1 super-minor=1 +#ARRAY /dev/md2 devices=/dev/hda1,/dev/hdb1 +# +# ARRAY lines can also specify a "spare-group" for each array. mdadm --monitor +# will then move a spare between arrays in a spare-group if one array has a failed +# drive but no spare +#ARRAY /dev/md4 uuid=b23f3c6d:aec43a9f:fd65db85:369432df spare-group=group1 +#ARRAY /dev/md5 uuid=19464854:03f71b1b:e0df2edd:246cc977 spare-group=group1 +# +# When used in --follow (aka --monitor) mode, mdadm needs a +# mail address and/or a program. This can be given with "mailaddr" +# and "program" lines to that monitoring can be started using +# mdadm --follow --scan & echo $! > /var/run/mdadm +# If the lines are not found, mdadm will exit quietly +MAILADDR frank@brehm-online.com +#PROGRAM /usr/sbin/handle-mdadm-events + +ARRAY /dev/md0 UUID=b7a8f9c1:8286d56c:3d186b3c:53958f34 +ARRAY /dev/md1 UUID=b0ec76b7:d7abfcad:8b23e4b1:c398e955 +ARRAY /dev/md2 metadata=1.2 UUID=f4df350f:db2bcbff:6c11726f:a221fad0 name=helga.brehm-online.com:2 +ARRAY /dev/md3 metadata=1.2 UUID=845bd74a:ad0cbe0e:033b20d0:a9bd0ff5 name=helga.brehm-online.com:3 + diff --git a/config-archive/etc/mdadm.conf.dist b/config-archive/etc/mdadm.conf.dist index d9d8d39..35a75d1 100644 --- a/config-archive/etc/mdadm.conf.dist +++ b/config-archive/etc/mdadm.conf.dist @@ -15,9 +15,9 @@ # ARRAY lines specify information about how to identify arrays so # so that they can be activated # -# You can have more than one device line and use wild cards. The first +# You can have more than one device line and use wild cards. The first # example includes SCSI the first partition of SCSI disks /dev/sdb, -# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second +# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second # line looks for array slices on IDE disks. # #DEVICE /dev/sd[bcdjkl]1 diff --git a/config-archive/etc/postfix/main.cf b/config-archive/etc/postfix/main.cf index 4ceb0fd..d74b74a 100644 --- a/config-archive/etc/postfix/main.cf +++ b/config-archive/etc/postfix/main.cf @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.0/html +html_directory = /usr/share/doc/postfix-3.1.0-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.0/readme +readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme #inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.1 b/config-archive/etc/postfix/main.cf.1 index 6b136f4..4ceb0fd 100644 --- a/config-archive/etc/postfix/main.cf.1 +++ b/config-archive/etc/postfix/main.cf.1 @@ -156,8 +156,8 @@ mail_owner = postfix # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.3-r1/html +html_directory = /usr/share/doc/postfix-3.1.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,8 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme - +readme_directory = /usr/share/doc/postfix-3.1.0/readme #inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} @@ -715,6 +714,9 @@ relocated_maps = hash:/etc/postfix/maps/relocated #sender_bcc_maps = mysql:/etc/postfix/mysql-sender_bcc.cf sender_bcc_maps = hash:/etc/postfix/maps/sender_bcc smtp_generic_maps = hash:/etc/postfix/maps/generic +smtp_sasl_password_maps = hash:/etc/postfix/maps/smtp_auth +smtp_sasl_auth_enable = yes +smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/CA-Brehm/cacert.pem smtp_tls_cert_file = /etc/postfix/postfix.pem smtp_tls_enforce_peername = no @@ -737,12 +739,13 @@ smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service unix:private/postgrey, - check_policy_service inet:127.0.0.1:12525, reject_unverified_recipient, permit_mx_backup, reject_unauth_destination, permit +# check_policy_service inet:127.0.0.1:12525, + smtpd_sasl_auth_enable = yes smtpd_tls_CAfile = $smtp_tls_CAfile smtpd_tls_cert_file = $smtp_tls_cert_file diff --git a/config-archive/etc/postfix/main.cf.2 b/config-archive/etc/postfix/main.cf.2 index e551205..6b136f4 100644 --- a/config-archive/etc/postfix/main.cf.2 +++ b/config-archive/etc/postfix/main.cf.2 @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.2/html +html_directory = /usr/share/doc/postfix-3.0.3-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,8 +675,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.2/readme +readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme +#inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ @@ -700,7 +701,7 @@ message_size_limit = 51200000 mydestination = $myhostname, $mydomain, hash:/etc/postfix/maps/mydomains mydomain = brehm-online.com myhostname = helga.brehm-online.com -mynetworks = 127.0.0.0/8 85.214.134.152/32 85.214.109.1/32 [::1]/128 [2a01:238:4225:6e00:8f8c:808a:7fb8:88df]/128 +mynetworks = 127.0.0.0/8 85.214.134.152/32 [::1]/128 [2a01:238:4225:6e00:8f8c:808a:7fb8:88df]/128 138.201.28.135/32 [2a01:4f8:171:3006::2]/128 mynetworks_style = host myorigin = $mydomain #recipient_bcc_maps = mysql:/etc/postfix/mysql-recipient_bcc.cf diff --git a/config-archive/etc/postfix/main.cf.3 b/config-archive/etc/postfix/main.cf.3 index c8dd848..e551205 100644 --- a/config-archive/etc/postfix/main.cf.3 +++ b/config-archive/etc/postfix/main.cf.3 @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.1-r1/html +html_directory = /usr/share/doc/postfix-3.0.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,8 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme +readme_directory = /usr/share/doc/postfix-3.0.2/readme + meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/config-archive/etc/postfix/main.cf.4 b/config-archive/etc/postfix/main.cf.4 index 2a7bdde..c8dd848 100644 --- a/config-archive/etc/postfix/main.cf.4 +++ b/config-archive/etc/postfix/main.cf.4 @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.0/html +html_directory = /usr/share/doc/postfix-3.0.1-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.0/readme +readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/config-archive/etc/postfix/main.cf.5 b/config-archive/etc/postfix/main.cf.5 index a5d06c4..2a7bdde 100644 --- a/config-archive/etc/postfix/main.cf.5 +++ b/config-archive/etc/postfix/main.cf.5 @@ -12,6 +12,26 @@ # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +#compatibility_level = 2 +compatibility_level = 2 + # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for @@ -642,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.11.3/html +html_directory = /usr/share/doc/postfix-3.0.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +675,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.11.3/readme +readme_directory = /usr/share/doc/postfix-3.0.0/readme +meta_directory = /etc/postfix +shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases @@ -739,3 +761,6 @@ virtual_mailbox_limit = 512000000 #virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf virtual_mailbox_maps = hash:/etc/postfix/maps/virtual_mailbox_maps virtual_uid_maps = static:1023 +append_dot_mydomain = yes +# smtputf8_enable = yes +smtputf8_enable = no diff --git a/config-archive/etc/postfix/main.cf.6 b/config-archive/etc/postfix/main.cf.6 index 9408611..a5d06c4 100644 --- a/config-archive/etc/postfix/main.cf.6 +++ b/config-archive/etc/postfix/main.cf.6 @@ -7,7 +7,7 @@ # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/. +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.3/html +html_directory = /usr/share/doc/postfix-2.11.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.3/readme +readme_directory = /usr/share/doc/postfix-2.11.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.7 b/config-archive/etc/postfix/main.cf.7 index 67ed344..9408611 100644 --- a/config-archive/etc/postfix/main.cf.7 +++ b/config-archive/etc/postfix/main.cf.7 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.2/html +html_directory = /usr/share/doc/postfix-2.10.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.2/readme +readme_directory = /usr/share/doc/postfix-2.10.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.8 b/config-archive/etc/postfix/main.cf.8 index 508be66..67ed344 100644 --- a/config-archive/etc/postfix/main.cf.8 +++ b/config-archive/etc/postfix/main.cf.8 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.1/html +html_directory = /usr/share/doc/postfix-2.10.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.1/readme +readme_directory = /usr/share/doc/postfix-2.10.2/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.9 b/config-archive/etc/postfix/main.cf.9 index f1639d8..508be66 100644 --- a/config-archive/etc/postfix/main.cf.9 +++ b/config-archive/etc/postfix/main.cf.9 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.0/html +html_directory = /usr/share/doc/postfix-2.10.1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.0/readme +readme_directory = /usr/share/doc/postfix-2.10.1/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.dist b/config-archive/etc/postfix/main.cf.dist index 4baa94e..00a5e74 100644 --- a/config-archive/etc/postfix/main.cf.dist +++ b/config-archive/etc/postfix/main.cf.dist @@ -659,7 +659,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.0-r1/html +html_directory = /usr/share/doc/postfix-3.1.2-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -672,7 +672,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme +readme_directory = /usr/share/doc/postfix-3.1.2-r1/readme inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/postgrey_whitelist_clients.dist.new b/config-archive/etc/postfix/postgrey_whitelist_clients.dist similarity index 91% rename from config-archive/etc/postfix/postgrey_whitelist_clients.dist.new rename to config-archive/etc/postfix/postgrey_whitelist_clients.dist index 9dbe6bd..cdd8885 100644 --- a/config-archive/etc/postfix/postgrey_whitelist_clients.dist.new +++ b/config-archive/etc/postfix/postgrey_whitelist_clients.dist @@ -3,7 +3,7 @@ # put this file in /etc/postfix or specify its path # with --whitelist-clients=xxx # -# postgrey version: 1.34, build date: 2011-05-04 +# postgrey version: 1.36, build date: 2015-09-01 # greylisting.org: Southwest Airlines (unique sender, no retry) southwest.com @@ -144,14 +144,14 @@ flymonarch.com # ibm.com (big pool, reported by Casey Peel) ibm.com # messagelabs.com (big pool, reported by John Tobin) -/^mail\d+\.messagelabs\.com$/ +messagelabs.com # ptb.de (slow, reported by Joachim Schoenberg) berlin.ptb.de # registrarmail.net (unique sender names, reported by Simon Waters) registrarmail.net # google.com (big pool, reported by Matthias Dyer, Martin Toft) google.com -# orange.fr (big pool, reported by Loïc Le Loarer) +# orange.fr (big pool, reported by Loïc Le Loarer) /^smtp\d+\.orange\.fr$/ # citigroup.com (slow retry, reported by Michael Monnerie) /^smtp\d+.citigroup.com$/ @@ -218,3 +218,22 @@ postini.com /^mx.*\.evanzo-server\.de$/ # 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie) upcmail.net +# 2013-12-18: orange.fr (big pool, reported by fulax) +/^smtp\d+\.smtpout\.orange\.fr$/ +# 2014-01-29: gmx/web.de/1&1 (long retry, reported by Axel Beckert) +mout-xforward.gmx.net +mout-xforward.web.de +mout-xforward.kundenserver.de +mout-xforward.perfora.net +# 2014-02-01: startcom.org (long retry, reported by jweiher) +gateway.startcom.org +# 2014-12-18: mail.ru (retries from fallback*.mail.ru, reported by Andriy Yurchuk) +/^fallback\d+\.mail\.ru$/ +# French tax authority, no retry +dgfip.finances.gouv.fr +# 2015-06-10: magisto.com (requested by postmaster) +/^o\d+\.ntdc\.magisto\.com$/ +# 2015-07-23: outlook.com (github #20) +outlook.com +# 2015-08-19 (the retrying is failing) +mail.alibaba.com diff --git a/config-archive/etc/rc.conf b/config-archive/etc/rc.conf index 8593150..c3d7fea 100644 --- a/config-archive/etc/rc.conf +++ b/config-archive/etc/rc.conf @@ -29,17 +29,20 @@ rc_shell=/sbin/sulogin # come up. #rc_depend_strict="YES" -# rc_hotplug is a list of services that we allow to be hotplugged. -# By default we do not allow hotplugging. +# rc_hotplug controls which services we allow to be hotplugged. # A hotplugged service is one started by a dynamic dev manager when a matching # hardware device is found. -# This service is intrinsically included in the boot runlevel. -# To disable services, prefix with a ! +# Hotplugged services appear in the "hotplugged" runlevel. +# If rc_hotplug is set to any value, we compare the name of this service +# to every pattern in the value, from left to right, and we allow the +# service to be hotplugged if it matches a pattern, or if it matches no +# patterns. Patterns can include shell wildcards. +# To disable services from being hotplugged, prefix patterns with "!". +#If rc_hotplug is not set or is empty, all hotplugging is disabled. # Example - rc_hotplug="net.wlan !net.*" -# This allows net.wlan and any service not matching net.* to be plugged. -# Example - rc_hotplug="*" -# This allows all services to be hotplugged -#rc_hotplug="*" +# This allows net.wlan and any service not matching net.* to be hotplugged. +# Example - rc_hotplug="!net.*" +# This allows services that do not match "net.*" to be hotplugged. # rc_logger launches a logging daemon to log the entire rc process to # /var/log/rc.log @@ -151,9 +154,11 @@ unicode="YES" # This is the subsystem type. Valid options on Linux: # "" - nothing special +# "docker" - Docker container manager # "lxc" - Linux Containers # "openvz" - Linux OpenVZ # "prefix" - Prefix +# "rkt" - CoreOS container management system # "uml" - Usermode Linux # "vserver" - Linux vserver # "systemd-nspawn" - Container created by the systemd-nspawn utility diff --git a/config-archive/etc/rc.conf.1 b/config-archive/etc/rc.conf.1 index e9b3725..8593150 100644 --- a/config-archive/etc/rc.conf.1 +++ b/config-archive/etc/rc.conf.1 @@ -210,12 +210,21 @@ rc_tty_number=12 # Set the devices controller settings for this service. #rc_cgroup_devices="" +# Set the hugetlb controller settings for this service. +#rc_cgroup_hugetlb="" + # Set the memory controller settings for this service. #rc_cgroup_memory="" +# Set the net_cls controller settings for this service. +#rc_cgroup_net_cls="" + # Set the net_prio controller settings for this service. #rc_cgroup_net_prio="" +# Set the pids controller settings for this service. +#rc_cgroup_pids="" + # Set this to YES if yu want all of the processes in a service's cgroup # killed when the service is stopped or restarted. # This should not be set globally because it kills all of the service's diff --git a/config-archive/etc/rc.conf.2 b/config-archive/etc/rc.conf.2 index 118530b..e9b3725 100644 --- a/config-archive/etc/rc.conf.2 +++ b/config-archive/etc/rc.conf.2 @@ -116,6 +116,9 @@ unicode="YES" #SSD_NICELEVEL="-19" # Pass ulimit parameters +# If you are using bash in POSIX mode for your shell, note that the +# ulimit command uses a block size of 512 bytes for the -c and -f +# options #rc_ulimit="-u 30" # It's possible to define extra dependencies for services like so @@ -147,14 +150,15 @@ unicode="YES" # LINUX SPECIFIC OPTIONS # This is the subsystem type. Valid options on Linux: -# "" - nothing special -# "lxc" - Linux Containers -# "openvz" - Linux OpenVZ -# "prefix" - Prefix -# "uml" - Usermode Linux -# "vserver" - Linux vserver -# "xen0" - Xen0 Domain -# "xenU" - XenU Domain +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "systemd-nspawn" - Container created by the systemd-nspawn utility +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain # If this is commented out, automatic detection will be used. # # This should be set to the value representing the environment this file is diff --git a/config-archive/etc/rc.conf.3 b/config-archive/etc/rc.conf.3 index 42b7dfd..118530b 100644 --- a/config-archive/etc/rc.conf.3 +++ b/config-archive/etc/rc.conf.3 @@ -51,6 +51,10 @@ rc_logger="YES" # The default value is: /var/log/rc.log rc_log_path="/var/log/rc.log" +# If you want verbose output for OpenRC, set this to yes. If you want +# verbose output for service foo only, set it to yes in /etc/conf.d/foo. +#rc_verbose=no + # By default we filter the environment for our running scripts. To allow other # variables through, add them here. Use a * to allow all variables through. #rc_env_allow="VAR1 VAR2" @@ -73,6 +77,10 @@ rc_log_path="/var/log/rc.log" #rc_crashed_stop=NO #rc_crashed_start=YES +# Set rc_nocolor to yes if you do not want colors displayed in OpenRC +# output. +#rc_nocolor=NO + ############################################################################## # MISC CONFIGURATION VARIABLES # There variables are shared between many init scripts @@ -86,7 +94,7 @@ unicode="YES" # Below is the default list of network fstypes. # -# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# afs ceph cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs # nfs nfs4 ocfs2 shfs smbfs # # If you would like to add to this list, you can do so by adding your diff --git a/config-archive/etc/rc.conf.4 b/config-archive/etc/rc.conf.4 index b9a9d6d..42b7dfd 100644 --- a/config-archive/etc/rc.conf.4 +++ b/config-archive/etc/rc.conf.4 @@ -80,6 +80,10 @@ rc_log_path="/var/log/rc.log" # Set unicode to YES to turn on unicode support for keyboards and screens. unicode="YES" +# This is how long fuser should wait for a remote server to respond. The +# default is 60 seconds, but it can be adjusted here. +#rc_fuser_timeout=60 + # Below is the default list of network fstypes. # # afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs @@ -101,7 +105,7 @@ unicode="YES" # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. -#export SSD_NICELEVEL="-19" +#SSD_NICELEVEL="-19" # Pass ulimit parameters #rc_ulimit="-u 30" @@ -153,10 +157,59 @@ rc_sys="" # consolefont, numlock, etc ...) rc_tty_number=12 +############################################################################## +# CGROUPS RESOURCE MANAGEMENT + # If you have cgroups turned on in your kernel, this switch controls # whether or not a group for each controller is mounted under # /sys/fs/cgroup. -# Support for process management by cgroups is planned in the future, -# so if you turn this off, be aware that you may not be able to use that -# feature. +# None of the other options in this section work if this is set to "NO". #rc_controller_cgroups="YES" + +# The following settings allow you to set up values for the cgroup +# controllers for your services. +# They can be set in this file;, however, if you do this, the settings +# will apply to all of your services. +# If you want different settings for each service, place the settings in +# /etc/conf.d/foo for service foo. +# The format is to specify the names of the settings followed by their +# values. Each variable can hold multiple settings. +# For example, you would use this to set the cpu.shares setting in the +# cpu controller to 512 for your service. +# rc_cgroup_cpu=" +# cpu.shares 512 +# " +# +#For more information about the adjustments that can be made with +#cgroups, see Documentation/cgroups/* in the linux kernel source tree. + +# Set the blkio controller settings for this service. +#rc_cgroup_blkio="" + +# Set the cpu controller settings for this service. +#rc_cgroup_cpu="" + +# Add this service to the cpuacct controller (any value means yes). +#rc_cgroup_cpuacct="" + +# Set the cpuset controller settings for this service. +#rc_cgroup_cpuset="" + +# Set the devices controller settings for this service. +#rc_cgroup_devices="" + +# Set the memory controller settings for this service. +#rc_cgroup_memory="" + +# Set the net_prio controller settings for this service. +#rc_cgroup_net_prio="" + +# Set this to YES if yu want all of the processes in a service's cgroup +# killed when the service is stopped or restarted. +# This should not be set globally because it kills all of the service's +# child processes, and most of the time this is undesirable. Please set +# it in /etc/conf.d/. +# To perform this cleanup manually for a stopped service, you can +# execute cgroup_cleanup with /etc/init.d/ cgroup_cleanup or +# rc-service cgroup_cleanup. +# rc_cgroup_cleanup="NO" diff --git a/config-archive/etc/rc.conf.5 b/config-archive/etc/rc.conf.5 index ae9e0cf..b9a9d6d 100644 --- a/config-archive/etc/rc.conf.5 +++ b/config-archive/etc/rc.conf.5 @@ -154,7 +154,7 @@ rc_sys="" rc_tty_number=12 # If you have cgroups turned on in your kernel, this switch controls -# whether or not a group for each controler is mounted under +# whether or not a group for each controller is mounted under # /sys/fs/cgroup. # Support for process management by cgroups is planned in the future, # so if you turn this off, be aware that you may not be able to use that diff --git a/config-archive/etc/rc.conf.6 b/config-archive/etc/rc.conf.6 index e0be8cb..ae9e0cf 100644 --- a/config-archive/etc/rc.conf.6 +++ b/config-archive/etc/rc.conf.6 @@ -1,8 +1,18 @@ # Global OpenRC configuration settings +# Set to "YES" if you want the rc system to try and start services +# in parallel for a slight speed improvement. When running in parallel we +# prefix the service output with its name as the output will get +# jumbled up. +# WARNING: whilst we have improved parallel, it can still potentially lock +# the boot process. Don't file bugs about this unless you can supply +# patches that fix it without breaking other things! +#rc_parallel="NO" + # Set rc_interactive to "YES" and you'll be able to press the I key during # boot so you can choose to start specific services. Set to "NO" to disable -# this feature. +# this feature. This feature is automatically disabled if rc_parallel is +# set to YES. #rc_interactive="YES" # If we need to drop to a shell, you can specify it here. @@ -84,6 +94,10 @@ unicode="YES" # These variables are documented here, but should be configured in # /etc/conf.d/foo for service foo and NOT enabled here unless you # really want them to work on a global basis. +# If your service has characters in its name which are not legal in +# shell variable names and you configure the variables for it in this +# file, those characters should be replaced with underscores in the +# variable names as shown below. # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. @@ -106,6 +120,13 @@ unicode="YES" #rc_foo_need="openvpn" #rc_foo_after="clock" +# Below is an example for service foo-bar. Note that the '-' is illegal +# in a shell variable name, so we convert it to an underscore. +# example for service foo-bar. +#rc_foo_bar_config="/etc/foo-bar" +#rc_foo_bar_need="openvpn" +#rc_foo_bar_after="clock" + # You can also remove dependencies. # This is mainly used for saying which servies do NOT provide net. #rc_net_tap0_provide="!net" @@ -122,9 +143,7 @@ unicode="YES" # "vserver" - Linux vserver # "xen0" - Xen0 Domain # "xenU" - XenU Domain -# If this is commented out, automatic detection will be attempted. -# Note that autodetection will not work in a prefix environment or in a -# linux container. +# If this is commented out, automatic detection will be used. # # This should be set to the value representing the environment this file is # PRESENTLY in, not the virtualization the environment is capable of. @@ -133,3 +152,11 @@ rc_sys="" # This is the number of tty's used in most of the rc-scripts (like # consolefont, numlock, etc ...) rc_tty_number=12 + +# If you have cgroups turned on in your kernel, this switch controls +# whether or not a group for each controler is mounted under +# /sys/fs/cgroup. +# Support for process management by cgroups is planned in the future, +# so if you turn this off, be aware that you may not be able to use that +# feature. +#rc_controller_cgroups="YES" diff --git a/config-archive/etc/rc.conf.7 b/config-archive/etc/rc.conf.7 new file mode 100644 index 0000000..e0be8cb --- /dev/null +++ b/config-archive/etc/rc.conf.7 @@ -0,0 +1,135 @@ +# Global OpenRC configuration settings + +# Set rc_interactive to "YES" and you'll be able to press the I key during +# boot so you can choose to start specific services. Set to "NO" to disable +# this feature. +#rc_interactive="YES" + +# If we need to drop to a shell, you can specify it here. +# If not specified we use $SHELL, otherwise the one specified in /etc/passwd, +# otherwise /bin/sh +# Linux users could specify /sbin/sulogin +rc_shell=/sbin/sulogin + +# Do we allow any started service in the runlevel to satisfy the dependency +# or do we want all of them regardless of state? For example, if net.eth0 +# and net.eth1 are in the default runlevel then with rc_depend_strict="NO" +# both will be started, but services that depend on 'net' will work if either +# one comes up. With rc_depend_strict="YES" we would require them both to +# come up. +#rc_depend_strict="YES" + +# rc_hotplug is a list of services that we allow to be hotplugged. +# By default we do not allow hotplugging. +# A hotplugged service is one started by a dynamic dev manager when a matching +# hardware device is found. +# This service is intrinsically included in the boot runlevel. +# To disable services, prefix with a ! +# Example - rc_hotplug="net.wlan !net.*" +# This allows net.wlan and any service not matching net.* to be plugged. +# Example - rc_hotplug="*" +# This allows all services to be hotplugged +#rc_hotplug="*" + +# rc_logger launches a logging daemon to log the entire rc process to +# /var/log/rc.log +# NOTE: Linux systems require the devfs service to be started before +# logging can take place and as such cannot log the sysinit runlevel. +rc_logger="YES" + +# Through rc_log_path you can specify a custom log file. +# The default value is: /var/log/rc.log +rc_log_path="/var/log/rc.log" + +# By default we filter the environment for our running scripts. To allow other +# variables through, add them here. Use a * to allow all variables through. +#rc_env_allow="VAR1 VAR2" + +# By default we assume that all daemons will start correctly. +# However, some do not - a classic example is that they fork and return 0 AND +# then child barfs on a configuration error. Or the daemon has a bug and the +# child crashes. You can set the number of milliseconds start-stop-daemon +# waits to check that the daemon is still running after starting here. +# The default is 0 - no checking. +#rc_start_wait=100 + +# rc_nostop is a list of services which will not stop when changing runlevels. +# This still allows the service itself to be stopped when called directly. +#rc_nostop="" + +# rc will attempt to start crashed services by default. +# However, it will not stop them by default as that could bring down other +# critical services. +#rc_crashed_stop=NO +#rc_crashed_start=YES + +############################################################################## +# MISC CONFIGURATION VARIABLES +# There variables are shared between many init scripts + +# Set unicode to YES to turn on unicode support for keyboards and screens. +unicode="YES" + +# Below is the default list of network fstypes. +# +# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# nfs nfs4 ocfs2 shfs smbfs +# +# If you would like to add to this list, you can do so by adding your +# own fstypes to the following variable. +#extra_net_fs_list="" + +############################################################################## +# SERVICE CONFIGURATION VARIABLES +# These variables are documented here, but should be configured in +# /etc/conf.d/foo for service foo and NOT enabled here unless you +# really want them to work on a global basis. + +# Some daemons are started and stopped via start-stop-daemon. +# We can set some things on a per service basis, like the nicelevel. +#export SSD_NICELEVEL="-19" + +# Pass ulimit parameters +#rc_ulimit="-u 30" + +# It's possible to define extra dependencies for services like so +#rc_config="/etc/foo" +#rc_need="openvpn" +#rc_use="net.eth0" +#rc_after="clock" +#rc_before="local" +#rc_provide="!net" + +# You can also enable the above commands here for each service. Below is an +# example for service foo. +#rc_foo_config="/etc/foo" +#rc_foo_need="openvpn" +#rc_foo_after="clock" + +# You can also remove dependencies. +# This is mainly used for saying which servies do NOT provide net. +#rc_net_tap0_provide="!net" + +############################################################################## +# LINUX SPECIFIC OPTIONS + +# This is the subsystem type. Valid options on Linux: +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain +# If this is commented out, automatic detection will be attempted. +# Note that autodetection will not work in a prefix environment or in a +# linux container. +# +# This should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +rc_sys="" + +# This is the number of tty's used in most of the rc-scripts (like +# consolefont, numlock, etc ...) +rc_tty_number=12 diff --git a/config-archive/etc/rc.conf.dist b/config-archive/etc/rc.conf.dist index 9209bc6..68ab997 100644 --- a/config-archive/etc/rc.conf.dist +++ b/config-archive/etc/rc.conf.dist @@ -117,6 +117,9 @@ unicode="YES" # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. #SSD_NICELEVEL="-19" +# Or the ionice level. The format is class[:data] , just like the +# --ionice start-stop-daemon parameter. +#SSD_IONICELEVEL="2:2" # Pass ulimit parameters # If you are using bash in POSIX mode for your shell, note that the @@ -146,36 +149,42 @@ unicode="YES" #rc_foo_bar_after="clock" # You can also remove dependencies. -# This is mainly used for saying which servies do NOT provide net. +# This is mainly used for saying which services do NOT provide net. #rc_net_tap0_provide="!net" -############################################################################## -# LINUX SPECIFIC OPTIONS - -# This is the subsystem type. Valid options on Linux: +# This is the subsystem type. +# It is used to match against keywords set by the keyword call in the +# depend function of service scripts. +# +# It should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +# If it is commented out, automatic detection will be used. +# +# The list below shows all possible settings as well as the host +# operating systems where they can be used and autodetected. +# # "" - nothing special -# "docker" - Docker container manager +# "docker" - Docker container manager (Linux) +# "jail" - Jail (DragonflyBSD or FreeBSD) # "lxc" - Linux Containers # "openvz" - Linux OpenVZ # "prefix" - Prefix -# "rkt" - CoreOS container management system +# "rkt" - CoreOS container management system (Linux) +# "subhurd" - Hurd subhurds (to be checked) +# "systemd-nspawn" - Container created by systemd-nspawn (Linux) # "uml" - Usermode Linux # "vserver" - Linux vserver -# "systemd-nspawn" - Container created by the systemd-nspawn utility -# "xen0" - Xen0 Domain -# "xenU" - XenU Domain -# If this is commented out, automatic detection will be used. -# -# This should be set to the value representing the environment this file is -# PRESENTLY in, not the virtualization the environment is capable of. +# "xen0" - Xen0 Domain (Linux and NetBSD) +# "xenU" - XenU Domain (Linux and NetBSD) #rc_sys="" -# This is the number of tty's used in most of the rc-scripts (like -# consolefont, numlock, etc ...) +# on Linux and Hurd, this is the number of ttys allocated for logins +# It is used in the consolefont, keymaps, numlock and termencoding +# service scripts. rc_tty_number=12 ############################################################################## -# CGROUPS RESOURCE MANAGEMENT +# LINUX CGROUPS RESOURCE MANAGEMENT # If you have cgroups turned on in your kernel, this switch controls # whether or not a group for each controller is mounted under @@ -230,7 +239,7 @@ rc_tty_number=12 # Set the pids controller settings for this service. #rc_cgroup_pids="" -# Set this to YES if yu want all of the processes in a service's cgroup +# Set this to YES if you want all of the processes in a service's cgroup # killed when the service is stopped or restarted. # This should not be set globally because it kills all of the service's # child processes, and most of the time this is undesirable. Please set diff --git a/config-archive/etc/services.dist.new b/config-archive/etc/services.dist similarity index 98% rename from config-archive/etc/services.dist.new rename to config-archive/etc/services.dist index c16f0cc..d6b2bb4 100644 --- a/config-archive/etc/services.dist.new +++ b/config-archive/etc/services.dist @@ -701,6 +701,8 @@ concurrent-lm 1648/tcp concurrent-lm 1648/udp kermit 1649/tcp kermit 1649/udp +groupwise 1677/tcp +groupwise 1677/udp l2tp 1701/tcp l2tp 1701/udp h323gatedisc 1718/tcp @@ -755,8 +757,8 @@ x25-svc-port 1998/tcp # cisco X.25 service (XOT) x25-svc-port 1998/udp tcp-id-port 1999/tcp # cisco identification port tcp-id-port 1999/udp -cisco-sccp 2000/tcp sieve # Cisco SCCP -cisco-sccp 2000/udp sieve +cisco-sccp 2000/tcp # Cisco SCCP +cisco-sccp 2000/udp nfs 2049/tcp # Network File System nfs 2049/udp radsec 2083/tcp # Secure Radius Service @@ -915,6 +917,8 @@ xgrid 4111/tcp # Mac OS X Server Xgrid xgrid 4111/udp bzr 4155/tcp # Bazaar Version Control System bzr 4155/udp # Bazaar version control system +sieve 4190/tcp # ManageSieve Protocol +sieve 4190/udp rwhois 4321/tcp # Remote Who Is rwhois 4321/udp epmd 4369/tcp # Erlang Port Mapper Daemon @@ -1149,9 +1153,12 @@ support 1529/tcp # GNATS cfinger 2003/tcp lmtp # GNU Finger ninstall 2150/tcp # ninstall service ninstall 2150/udp +gpsd 2947/tcp gpsd # GPS Daemon request/response protocol +gpsd 2947/udp gpsd # GPS Daemon request/response protocol afbackup 2988/tcp # Afbackup system afbackup 2988/udp fax 4557/tcp # FAX transmission service (old) +xmpp-bosh 5280/tcp # Bidirectional-streams Over Synchronous HTTP (BOSH) rplay 5555/tcp # RPlay audio service rplay 5555/udp canna 5680/tcp # Canna (Japanese Input) @@ -1159,6 +1166,7 @@ x11-ssh 6010/tcp x11-ssh-offset x11-ssh 6010/udp x11-ssh-offset ircd 6667/tcp # Internet Relay Chat ircd 6667/udp +ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL jetdirect 9100/tcp # HP JetDirect card jetdirect 9100/udp mandelspawn 9359/udp mandelbrot # network mandelbrot diff --git a/courier-imap/imapd b/courier-imap/imapd index e817027..6642bd5 100644 --- a/courier-imap/imapd +++ b/courier-imap/imapd @@ -1,11 +1,11 @@ -##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$ +##VERSION: $Id: 106596a150c4585c41d65f60a17e173402125332-20150610064018$ # # imapd created from imapd.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for +# Copyright 1998 - 2015 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -73,16 +73,22 @@ PIDFILE=/var/run/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" +##NAME: ACCESSFILE:0 +# +# IMAP access file. + +IMAPACCESSFILE=/etc/courier-imap/imapaccess + ##NAME: LOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # LOGGEROPTS="-name=imapd" ##NAME: DEFDOMAIN:0 # -# Optional default domain. If the username does not contain the +# Optional default domain. If the username does not contain the # first character of DEFDOMAIN, then it is appended to the username. # If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended # only if the username does not contain any character from DOMAINSEP. @@ -347,6 +353,27 @@ IMAP_MOVE_EXPUNGE_TO_TRASH=0 # # IMAP_LOG_DELETIONS=1 +##NAME: AUTH_MKHOMEDIR_SKEL:0 +# +# Uncomment this setting to automatically create a home directory on first +# login. if the AUTH_MKHOMEDIR_SKEL environment variable is set, and the +# home directory does not exist, the home directory gets created, with its +# initial contents copied from AUTH_MKHOMEDIR_SKEL which must be a directory, +# typically /etc/skel. +# +# Note that this must be a complete home directory structure, including +# the maildir. Typically: +# +# mkdir /etc/skel +# chmod 700 /etc/skel +# maildirmak /etc/skel/Maildir +# +# This directory gets copied as is, preserving each file/subdirectory's +# permissions, with only userid/groupid changed to match the account's. +# +# +# AUTH_MKHOMEDIR_SKEL=/etc/skel + ##NAME: IMAPDEBUGFILE:0 # # IMAPDEBUGFILE="imaplog.dat" diff --git a/courier-imap/imapd-ssl b/courier-imap/imapd-ssl index 9111619..47ca432 100644 --- a/courier-imap/imapd-ssl +++ b/courier-imap/imapd-ssl @@ -1,4 +1,4 @@ -##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ +##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ # # imapd-ssl created from imapd-ssl.dist by sysconftool # @@ -54,7 +54,7 @@ SSLPIDFILE=/var/run/imapd-ssl.pid ##NAME: SSLLOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # SSLLOGGEROPTS="-name=imapd-ssl" @@ -112,45 +112,40 @@ COURIERTLS=/usr/sbin/couriertls # # DEFAULT: NORMAL:-CTYPE-OPENPGP # -# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" +# This setting is also used to select the available ciphers. +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_PROTOCOL:0 -# +# # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # # SSL3 - SSLv3 # SSL23 - all protocols (including TLS 1.x protocols) -# TLS1 - TLS1 +# TLSv1 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. -# -# GnuTLS: -# -# SSL3 - SSLv3 -# TLS1 - TLS 1.0 -# TLS1_1 - TLS 1.1 -# -# When compiled against GnuTLS, multiple protocols can be selected as follows: -# -# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" -# -# DEFAULT VALUES: +# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# higher protocols. # -# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) -TLS_PROTOCOL="SSL23" - -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS -# extension, as opposed to IMAP over SSL on port 993. -# -# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL -TLS_STARTTLS_PROTOCOL=TLS1 +# The default value is TLSv1+ ##NAME: TLS_CIPHER_LIST:0 # @@ -160,8 +155,7 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -183,49 +177,36 @@ TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" # See GnuTLS documentation, gnutls_priority_init(3) for additional # documentation. -##NAME: TLS_MIN_DH_BITS:0 -# -# TLS_MIN_DH_BITS=n -# -# GnuTLS only: +##NAME: TLS_STARTTLS_PROTOCOL:0 # -# Set the minimum number of acceptable bits for a DH key exchange. +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS +# extension, as opposed to IMAP over SSL on port 993. # -# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server -# have been encountered that offer 512 bit keys. You may have to set -# TLS_MIN_DH_BITS=512 here, if necessary. +# It takes the same values for OpenSSL as TLS_PROTOCOL -##NAME: TLS_KX_LIST:0 -# -# GnuTLS only: +##NAME: TLS_CIPHER_LIST:0 # -# Allowed key exchange protocols. The default of "ALL" should be sufficient. -# The list of supported key exchange protocols depends on the options GnuTLS -# was compiled against, but may include the following: +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined # -# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT - -TLS_KX_LIST=ALL - -##NAME: TLS_COMPRESSION:0 +# OpenSSL: # -# GnuTLS only: +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # -# Optional compression. "ALL" selects all available compression methods. # -# Available compression methods: DEFLATE, LZO, NULL - -TLS_COMPRESSION=ALL -##NAME: TLS_CERTS:0 +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n # # GnuTLS only: # -# Supported certificate types are X509 and OPENPGP. +# Set the minimum number of acceptable bits for a DH key exchange. # -# OPENPGP has not been tested - -TLS_CERTS=X509 +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. @@ -270,7 +251,7 @@ TLS_CERTFILE=/etc/courier-imap/imapd.pem # # TLS_DHPARAMS - DH parameter file. # -TLS_DHPARAMS=/etc/ssl/dhparams.pem +TLS_DHPARAMS=/usr/share/dhparams.pem ##NAME: TLS_TRUSTCERTS:0 # @@ -300,7 +281,6 @@ TLS_TRUSTCERTS=/etc/ssl/certs # TLS_VERIFYPEER=NONE - ##NAME: TLS_EXTERNAL:0 # # To enable SSL certificate-based authentication: diff --git a/courier-imap/pop3d-ssl b/courier-imap/pop3d-ssl index 21c2625..7f5fc42 100644 --- a/courier-imap/pop3d-ssl +++ b/courier-imap/pop3d-ssl @@ -1,4 +1,4 @@ -##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ +##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ # # pop3d-ssl created from pop3d-ssl.dist by sysconftool # @@ -52,7 +52,7 @@ SSLPIDFILE=/var/run/pop3d-ssl.pid ##NAME: SSLLOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # SSLLOGGEROPTS="-name=pop3d-ssl" @@ -96,20 +96,41 @@ COURIERTLS=/usr/sbin/couriertls # DEFAULT: NORMAL:-CTYPE-OPENPGP # # TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" +# +# This setting is also used to select the available ciphers. +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_PROTOCOL:0 -# +# # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # # SSL3 - SSLv3 # SSL23 - all protocols (including TLS 1.x protocols) -# TLS1 - TLS1 +# TLSv11 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # -# Leave it unset to use any protocol except SSL 2. +# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# higher protocols. +# +# The default value is TLSv1+ ##NAME: TLS_CIPHER_LIST:0 # @@ -119,8 +140,7 @@ COURIERTLS=/usr/sbin/couriertls # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -197,7 +217,7 @@ TLS_CERTFILE=/etc/courier-imap/pop3d.pem # # TLS_DHPARAMS - DH parameter file. # -TLS_DHPARAMS=/etc/ssl/dhparams.pem +TLS_DHPARAMS=/usr/share/dhparams.pem ##NAME: TLS_TRUSTCERTS:0 # diff --git a/hosts b/hosts index d16bd02..8767e6b 100644 --- a/hosts +++ b/hosts @@ -3,6 +3,12 @@ # This file describes a number of aliases-to-address mappings for the for # local hosts that share this file. # +# The format of lines in this file is: +# +# IP_ADDRESS canonical_hostname [aliases...] +# +#The fields can be separated by any number of spaces or tabs. +# # In the presence of the domain name service or NIS, this file may not be # consulted at all; see /etc/host.conf for the resolution order. # diff --git a/mdadm.conf b/mdadm.conf index 5d95f56..def141e 100644 --- a/mdadm.conf +++ b/mdadm.conf @@ -15,9 +15,9 @@ # ARRAY lines specify information about how to identify arrays so # so that they can be activated # -# You can have more than one device line and use wild cards. The first +# You can have more than one device line and use wild cards. The first # example includes SCSI the first partition of SCSI disks /dev/sdb, -# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second +# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second # line looks for array slices on IDE disks. # #DEVICE /dev/sd[bcdjkl]1 diff --git a/portage/package.use b/portage/package.use index aaf15eb..9da934d 100644 --- a/portage/package.use +++ b/portage/package.use @@ -124,6 +124,7 @@ media-libs/fontconfig -doc media-libs/freetype kpathsea utils media-libs/gd fontconfig media-libs/giflib rle +media-libs/libcaca -doc media-libs/lasi -doc media-libs/libtheora encode media-libs/libwmf -expat diff --git a/postfix/main.cf b/postfix/main.cf index d74b74a..4680d05 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.0-r1/html +html_directory = /usr/share/doc/postfix-3.1.2-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme +readme_directory = /usr/share/doc/postfix-3.1.2-r1/readme #inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/postfix/postgrey_whitelist_clients b/postfix/postgrey_whitelist_clients index 480e8e0..cdd8885 100644 --- a/postfix/postgrey_whitelist_clients +++ b/postfix/postgrey_whitelist_clients @@ -3,7 +3,7 @@ # put this file in /etc/postfix or specify its path # with --whitelist-clients=xxx # -# postgrey version: 1.34, build date: 2011-05-04 +# postgrey version: 1.36, build date: 2015-09-01 # greylisting.org: Southwest Airlines (unique sender, no retry) southwest.com @@ -144,14 +144,14 @@ flymonarch.com # ibm.com (big pool, reported by Casey Peel) ibm.com # messagelabs.com (big pool, reported by John Tobin) -/^mail\d+\.messagelabs\.com$/ +messagelabs.com # ptb.de (slow, reported by Joachim Schoenberg) berlin.ptb.de # registrarmail.net (unique sender names, reported by Simon Waters) registrarmail.net # google.com (big pool, reported by Matthias Dyer, Martin Toft) google.com -# orange.fr (big pool, reported by Loïc Le Loarer) +# orange.fr (big pool, reported by Loïc Le Loarer) /^smtp\d+\.orange\.fr$/ # citigroup.com (slow retry, reported by Michael Monnerie) /^smtp\d+.citigroup.com$/ @@ -218,6 +218,22 @@ postini.com /^mx.*\.evanzo-server\.de$/ # 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie) upcmail.net - -mx\.acwain\.net - +# 2013-12-18: orange.fr (big pool, reported by fulax) +/^smtp\d+\.smtpout\.orange\.fr$/ +# 2014-01-29: gmx/web.de/1&1 (long retry, reported by Axel Beckert) +mout-xforward.gmx.net +mout-xforward.web.de +mout-xforward.kundenserver.de +mout-xforward.perfora.net +# 2014-02-01: startcom.org (long retry, reported by jweiher) +gateway.startcom.org +# 2014-12-18: mail.ru (retries from fallback*.mail.ru, reported by Andriy Yurchuk) +/^fallback\d+\.mail\.ru$/ +# French tax authority, no retry +dgfip.finances.gouv.fr +# 2015-06-10: magisto.com (requested by postmaster) +/^o\d+\.ntdc\.magisto\.com$/ +# 2015-07-23: outlook.com (github #20) +outlook.com +# 2015-08-19 (the retrying is failing) +mail.alibaba.com diff --git a/rc.conf b/rc.conf index c3d7fea..58bf2d7 100644 --- a/rc.conf +++ b/rc.conf @@ -117,6 +117,9 @@ unicode="YES" # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. #SSD_NICELEVEL="-19" +# Or the ionice level. The format is class[:data] , just like the +# --ionice start-stop-daemon parameter. +#SSD_IONICELEVEL="2:2" # Pass ulimit parameters # If you are using bash in POSIX mode for your shell, note that the @@ -146,36 +149,42 @@ unicode="YES" #rc_foo_bar_after="clock" # You can also remove dependencies. -# This is mainly used for saying which servies do NOT provide net. +# This is mainly used for saying which services do NOT provide net. #rc_net_tap0_provide="!net" -############################################################################## -# LINUX SPECIFIC OPTIONS - -# This is the subsystem type. Valid options on Linux: +# This is the subsystem type. +# It is used to match against keywords set by the keyword call in the +# depend function of service scripts. +# +# It should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +# If it is commented out, automatic detection will be used. +# +# The list below shows all possible settings as well as the host +# operating systems where they can be used and autodetected. +# # "" - nothing special -# "docker" - Docker container manager +# "docker" - Docker container manager (Linux) +# "jail" - Jail (DragonflyBSD or FreeBSD) # "lxc" - Linux Containers # "openvz" - Linux OpenVZ # "prefix" - Prefix -# "rkt" - CoreOS container management system +# "rkt" - CoreOS container management system (Linux) +# "subhurd" - Hurd subhurds (to be checked) +# "systemd-nspawn" - Container created by systemd-nspawn (Linux) # "uml" - Usermode Linux # "vserver" - Linux vserver -# "systemd-nspawn" - Container created by the systemd-nspawn utility -# "xen0" - Xen0 Domain -# "xenU" - XenU Domain -# If this is commented out, automatic detection will be used. -# -# This should be set to the value representing the environment this file is -# PRESENTLY in, not the virtualization the environment is capable of. +# "xen0" - Xen0 Domain (Linux and NetBSD) +# "xenU" - XenU Domain (Linux and NetBSD) rc_sys="" -# This is the number of tty's used in most of the rc-scripts (like -# consolefont, numlock, etc ...) +# on Linux and Hurd, this is the number of ttys allocated for logins +# It is used in the consolefont, keymaps, numlock and termencoding +# service scripts. rc_tty_number=12 ############################################################################## -# CGROUPS RESOURCE MANAGEMENT +# LINUX CGROUPS RESOURCE MANAGEMENT # If you have cgroups turned on in your kernel, this switch controls # whether or not a group for each controller is mounted under @@ -230,7 +239,7 @@ rc_tty_number=12 # Set the pids controller settings for this service. #rc_cgroup_pids="" -# Set this to YES if yu want all of the processes in a service's cgroup +# Set this to YES if you want all of the processes in a service's cgroup # killed when the service is stopped or restarted. # This should not be set globally because it kills all of the service's # child processes, and most of the time this is undesirable. Please set diff --git a/services b/services index c6d5cb2..d6b2bb4 100644 --- a/services +++ b/services @@ -701,6 +701,8 @@ concurrent-lm 1648/tcp concurrent-lm 1648/udp kermit 1649/tcp kermit 1649/udp +groupwise 1677/tcp +groupwise 1677/udp l2tp 1701/tcp l2tp 1701/udp h323gatedisc 1718/tcp @@ -755,8 +757,8 @@ x25-svc-port 1998/tcp # cisco X.25 service (XOT) x25-svc-port 1998/udp tcp-id-port 1999/tcp # cisco identification port tcp-id-port 1999/udp -cisco-sccp 2000/tcp sieve # Cisco SCCP -cisco-sccp 2000/udp sieve +cisco-sccp 2000/tcp # Cisco SCCP +cisco-sccp 2000/udp nfs 2049/tcp # Network File System nfs 2049/udp radsec 2083/tcp # Secure Radius Service @@ -915,6 +917,8 @@ xgrid 4111/tcp # Mac OS X Server Xgrid xgrid 4111/udp bzr 4155/tcp # Bazaar Version Control System bzr 4155/udp # Bazaar version control system +sieve 4190/tcp # ManageSieve Protocol +sieve 4190/udp rwhois 4321/tcp # Remote Who Is rwhois 4321/udp epmd 4369/tcp # Erlang Port Mapper Daemon @@ -975,8 +979,6 @@ sgi-eventmond 5553/tcp # SGI Eventmond Port sgi-eventmond 5553/udp sgi-esphttp 5554/tcp # SGI ESP HTTP sgi-esphttp 5554/udp -nrpe 5666/tcp # Nagios NRPE -nrpe 5666/udp # Nagios NRPE cvsup 5999/tcp # CVSup cvsup 5999/udp x11 6000/tcp # X Window System @@ -1151,9 +1153,12 @@ support 1529/tcp # GNATS cfinger 2003/tcp lmtp # GNU Finger ninstall 2150/tcp # ninstall service ninstall 2150/udp +gpsd 2947/tcp gpsd # GPS Daemon request/response protocol +gpsd 2947/udp gpsd # GPS Daemon request/response protocol afbackup 2988/tcp # Afbackup system afbackup 2988/udp fax 4557/tcp # FAX transmission service (old) +xmpp-bosh 5280/tcp # Bidirectional-streams Over Synchronous HTTP (BOSH) rplay 5555/tcp # RPlay audio service rplay 5555/udp canna 5680/tcp # Canna (Japanese Input) @@ -1161,6 +1166,7 @@ x11-ssh 6010/tcp x11-ssh-offset x11-ssh 6010/udp x11-ssh-offset ircd 6667/tcp # Internet Relay Chat ircd 6667/udp +ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL jetdirect 9100/tcp # HP JetDirect card jetdirect 9100/udp mandelspawn 9359/udp mandelbrot # network mandelbrot -- 2.39.5