diff --git a/README.md b/README.md index 5eeddf16..955a0e10 100644 --- a/README.md +++ b/README.md @@ -1,41 +1,50 @@ ## Quickstart Instructions to try it out * Make sure you have docker and docker-compose available. * Change to the base directory of this repository. * Run 'HOST=kolab.local ADMIN_PASSWORD="simple123" bin/configure.sh config.prod' to configure this deployment. * Run 'env ADMIN_PASSWORD="simple123" bin/deploy.sh' to start the deployment. * Add an /etc/hosts entry "127.0.0.1 kolab.local" * navigate to https://kolab.local * login as "admin@kolab.local" with password "simple123" (or whatever you have set), and create your users. # Customization To customize the installation, copy config.prod and adjust to your liking. You can then install the configuration using 'bin/configure.sh $YOURCONFIG', and afterwards 'bin/deploy.sh' again. Please note that bin/deploy.sh will remove any existing data. +## Alternative configurations + +Everything but config.prod is for development or demo purposes: +* config.dev: Run only dependencies in docker with ports exposed, and expect kolab4 to be run locally. +* config.docker-dev: A development environment with everything running in docker. Includes a cyrus-murder. +* config.demo: A docker environment with demo data included. +* config.prod: A docker environment with just an admin account prepared. A starting point for a production environment. + + # Use the ansible setup The ansible/ directory contains setup scripts to setup a fresh Fedora system with a kolab deployment. Modify the Makefile with the required variables and then execute `make setup`. This will configure the remote system and execute the above steps. ### Update To update the containers without removing the data: * git pull * Run "bin/update.sh" ### Backup / Restore The "bin/backup.sh" script will stop all containers, snapshot the volumes to the backup/ directory, and restart the containers. "bin/restore.sh" will stop all containers, restore the volumes from tarballs in the backup/ directory, and restart the containers. ### Requirements * docker * openssl diff --git a/bin/quickstart.sh b/bin/quickstart.sh index 79acbabf..6c10e861 100755 --- a/bin/quickstart.sh +++ b/bin/quickstart.sh @@ -1,157 +1,165 @@ #!/bin/bash set -e set -x function die() { echo "$1" exit 1 } rpm -qv docker-compose >/dev/null 2>&1 || \ test ! -z "$(which docker-compose 2>/dev/null)" || \ die "Is docker-compose installed?" test ! -z "$(grep 'systemd.unified_cgroup_hierarchy=0' /proc/cmdline)" || \ die "systemd containers only work with cgroupv1 (use 'grubby --update-kernel=ALL --args=\"systemd.unified_cgroup_hierarchy=0\"' and a reboot to fix)" base_dir=$(dirname $(dirname $0)) export DOCKER_BUILDKIT=0 docker-compose down -t 1 --remove-orphans docker volume rm kolab_mariadb || : docker volume rm kolab_imap || : docker volume rm kolab_ldap || : docker volume rm kolab_minio || : # We can't use the following artisan commands because it will just block if redis is unavailable: # src/artisan octane:stop >/dev/null 2>&1 || : # src/artisan horizon:terminate >/dev/null 2>&1 || : # we therefore just kill all artisan processes running. pkill -9 -f artisan || : pkill -9 -f swoole || : bin/regen-certs docker-compose build +# Build the murder setup if configured +if grep -q "imap-frontend" docker-compose.override.yml; then + docker-compose build imap-frontend imap-backend imap-mupdate +fi if grep -q "ldap" docker-compose.override.yml; then docker-compose up -d ldap fi # We grep for something that is unique to the container if grep -q "kolab-init" docker-compose.override.yml; then docker-compose up -d kolab fi if grep -q "imap" docker-compose.override.yml; then docker-compose up -d imap fi if grep -q "postfix" docker-compose.override.yml; then docker-compose up -d postfix fi +if grep -q "imap-frontend" docker-compose.override.yml; then + docker-compose up -d imap-frontend imap-backend imap-mupdate +fi + docker-compose up -d coturn mariadb meet pdns redis roundcube minio # Workaround until we have docker-compose --wait (https://github.com/docker/compose/pull/8777) function wait_for_container { container_id="$1" container_name="$(docker inspect "${container_id}" --format '{{ .Name }}')" echo "Waiting for container: ${container_name} [${container_id}]" waiting_done="false" while [[ "${waiting_done}" != "true" ]]; do container_state="$(docker inspect "${container_id}" --format '{{ .State.Status }}')" if [[ "${container_state}" == "running" ]]; then health_status="$(docker inspect "${container_id}" --format '{{ .State.Health.Status }}')" echo "${container_name}: container_state=${container_state}, health_status=${health_status}" if [[ ${health_status} == "healthy" ]]; then waiting_done="true" fi else echo "${container_name}: container_state=${container_state}" waiting_done="true" fi sleep 1; done; } if [ "$1" == "--nodev" ]; then echo "starting everything in containers" docker-compose -f docker-compose.build.yml build swoole docker-compose build webapp docker-compose up -d webapp wait_for_container 'kolab-webapp' if grep -q "haproxy" docker-compose.override.yml; then docker-compose up --no-deps -d haproxy fi docker-compose up --no-deps -d proxy exit 0 fi echo "Starting the development environment" rpm -qv composer >/dev/null 2>&1 || \ test ! -z "$(which composer 2>/dev/null)" || \ die "Is composer installed?" rpm -qv npm >/dev/null 2>&1 || \ test ! -z "$(which npm 2>/dev/null)" || \ die "Is npm installed?" rpm -qv php >/dev/null 2>&1 || \ test ! -z "$(which php 2>/dev/null)" || \ die "Is php installed?" rpm -qv php-ldap >/dev/null 2>&1 || \ test ! -z "$(php --ini | grep ldap)" || \ die "Is php-ldap installed?" rpm -qv php-mysqlnd >/dev/null 2>&1 || \ test ! -z "$(php --ini | grep mysql)" || \ die "Is php-mysqlnd installed?" test ! -z "$(php --modules | grep swoole)" || \ die "Is swoole installed?" # We grep for something that is unique to the container if grep -q "kolab-init" docker-compose.override.yml; then wait_for_container 'kolab' fi wait_for_container 'kolab-redis' pushd ${base_dir}/src/ rm -rf vendor/ composer.lock php -dmemory_limit=-1 $(which composer) install npm install find bootstrap/cache/ -type f ! -name ".gitignore" -delete ./artisan key:generate ./artisan clear-compiled ./artisan cache:clear ./artisan horizon:install if rpm -qv chromium 2>/dev/null; then chver=$(rpmquery --queryformat="%{VERSION}" chromium | awk -F'.' '{print $1}') ./artisan dusk:chrome-driver ${chver} fi if [ ! -f 'resources/countries.php' ]; then ./artisan data:countries fi npm run dev popd pushd ${base_dir}/src/ rm -rf database/database.sqlite ./artisan db:ping --wait php -dmemory_limit=512M ./artisan migrate:refresh --seed ./artisan data:import || : nohup ./artisan octane:start --host=$(grep OCTANE_HTTP_HOST .env | tail -n1 | sed "s/OCTANE_HTTP_HOST=//") > octane.out & nohup ./artisan horizon > horizon.out & popd if grep -q "haproxy" docker-compose.override.yml; then docker-compose up --no-deps -d haproxy fi docker-compose up --no-deps -d proxy diff --git a/config.docker-dev/docker-compose.override.yml b/config.docker-dev/docker-compose.override.yml new file mode 100644 index 00000000..cf76dd87 --- /dev/null +++ b/config.docker-dev/docker-compose.override.yml @@ -0,0 +1,224 @@ +version: '3' +services: + haproxy: + depends_on: + proxy: + condition: service_healthy + proxy: + depends_on: + kolab: + condition: service_healthy + webapp: + condition: service_healthy + build: + context: ./docker/proxy/ + args: + APP_WEBSITE_DOMAIN: ${APP_WEBSITE_DOMAIN:?err} + SSL_CERTIFICATE: ${PROXY_SSL_CERTIFICATE:?err} + SSL_CERTIFICATE_KEY: ${PROXY_SSL_CERTIFICATE_KEY:?err} + healthcheck: + interval: 10s + test: "kill -0 $$(cat /run/nginx.pid)" + timeout: 5s + retries: 30 + container_name: kolab-proxy + restart: on-failure + hostname: proxy + image: kolab-proxy + extra_hosts: + - "meet:${MEET_LISTENING_HOST}" + networks: + kolab: + ipv4_address: 172.18.0.7 + tmpfs: + - /run + - /tmp + - /var/run + - /var/tmp + tty: true + volumes: + - ./docker/certs/:/etc/certs/:ro + - /etc/letsencrypt/:/etc/letsencrypt/:ro + ports: + # - "80:80" + - "443:443" + - "465:465" + - "587:587" + - "143:143" + - "993:993" + imap-legacy: + build: + context: ./docker/imap-legacy/ + args: + IMAP_ADMIN_LOGIN: ${IMAP_ADMIN_LOGIN} + IMAP_ADMIN_PASSWORD: ${IMAP_ADMIN_PASSWORD} + container_name: imap-legacy + privileged: true + depends_on: + pdns: + condition: service_healthy + # This makes docker's dns, resolve via pdns for this container. + # Please note it does not affect /etc/resolv.conf + dns: 172.18.0.11 + image: imap-legacy + extra_hosts: + - "services.${APP_DOMAIN}:172.18.0.4" + networks: + kolab: + ipv4_address: 172.18.0.19 + ports: + - "9993:993" + - "9143:143" + tmpfs: + - /run + - /tmp + - /var/run + - /var/tmp + tty: true + volumes: + - /etc/letsencrypt/:/etc/letsencrypt/:ro + - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro + - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro + - ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err} + - ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err} + - ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err} + - ./docker/kolab/utils:/root/utils:ro + - /sys/fs/cgroup:/sys/fs/cgroup:ro + imap-backend: + build: + context: ./docker/imap-backend/ + args: + IMAP_ADMIN_LOGIN: ${IMAP_ADMIN_LOGIN} + IMAP_ADMIN_PASSWORD: ${IMAP_ADMIN_PASSWORD} + container_name: imap-backend + privileged: true + depends_on: + pdns: + condition: service_healthy + imap-mupdate: + condition: service_healthy + # This makes docker's dns, resolve via pdns for this container. + # Please note it does not affect /etc/resolv.conf + dns: 172.18.0.11 + healthcheck: + interval: 10s + test: "systemctl status cyrus-imapd || exit 1" + timeout: 5s + retries: 30 + image: imap-backend + extra_hosts: + - "services.${APP_DOMAIN}:172.18.0.4" + networks: + kolab: + ipv4_address: 172.18.0.20 + ports: + - "8993:993" + - "8143:143" + - "8080:80" + - "8443:443" + tmpfs: + - /run + - /tmp + - /var/run + - /var/tmp + tty: true + volumes: + - /etc/letsencrypt/:/etc/letsencrypt/:ro + - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro + - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro + - ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err} + - ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err} + - ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err} + - ./docker/kolab/utils:/root/utils:ro + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /home/mollekopf/src/cyrus-imapd:/root/cyrus-imapd + imap-frontend: + build: + context: ./docker/imap-frontend/ + args: + IMAP_ADMIN_LOGIN: ${IMAP_ADMIN_LOGIN} + IMAP_ADMIN_PASSWORD: ${IMAP_ADMIN_PASSWORD} + container_name: imap-frontend + privileged: true + depends_on: + pdns: + condition: service_healthy + # This makes docker's dns, resolve via pdns for this container. + # Please note it does not affect /etc/resolv.conf + dns: 172.18.0.11 + healthcheck: + interval: 10s + test: "systemctl status cyrus-imapd || exit 1" + timeout: 5s + retries: 30 + image: imap-frontend + extra_hosts: + - "services.${APP_DOMAIN}:172.18.0.4" + # Somehow necessary for caldav because it connects to the backend not via imap-backend but the full hostname imap.backend.${APP_DOMAIN} + - "imap-backend.${APP_DOMAIN}:172.18.0.20" + - "imap-frontend.${APP_DOMAIN}:172.18.0.21" + networks: + kolab: + ipv4_address: 172.18.0.21 + ports: + - "7993:993" + - "7143:143" + - "7080:80" + - "7443:443" + tmpfs: + - /run + - /tmp + - /var/run + - /var/tmp + tty: true + volumes: + - /etc/letsencrypt/:/etc/letsencrypt/:ro + - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro + - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro + - ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err} + - ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err} + - ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err} + - ./docker/kolab/utils:/root/utils:ro + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /home/mollekopf/src/cyrus-imapd:/root/cyrus-imapd + imap-mupdate: + build: + context: ./docker/imap-mupdate/ + args: + IMAP_ADMIN_LOGIN: ${IMAP_ADMIN_LOGIN} + IMAP_ADMIN_PASSWORD: ${IMAP_ADMIN_PASSWORD} + container_name: imap-mupdate + privileged: true + depends_on: + pdns: + condition: service_healthy + # This makes docker's dns, resolve via pdns for this container. + # Please note it does not affect /etc/resolv.conf + dns: 172.18.0.11 + healthcheck: + interval: 10s + test: "systemctl status cyrus-imapd || exit 1" + timeout: 5s + retries: 30 + image: imap-mupdate + extra_hosts: + - "services.${APP_DOMAIN}:172.18.0.4" + networks: + kolab: + ipv4_address: 172.18.0.22 + tmpfs: + - /run + - /tmp + - /var/run + - /var/tmp + tty: true + volumes: + - /etc/letsencrypt/:/etc/letsencrypt/:ro + - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro + - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro + - ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err} + - ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err} + - ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err} + - ./docker/kolab/utils:/root/utils:ro + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /home/mollekopf/src/cyrus-imapd:/root/cyrus-imapd diff --git a/config.docker-dev/docker/imap-backend/Dockerfile b/config.docker-dev/docker/imap-backend/Dockerfile new file mode 100644 index 00000000..18f82b07 --- /dev/null +++ b/config.docker-dev/docker/imap-backend/Dockerfile @@ -0,0 +1,82 @@ +FROM almalinux:8 + +LABEL maintainer="contact@apheleia-it.ch" +LABEL dist=centos8 +LABEL tier=${TIER} + +ENV SYSTEMD_PAGER='' +ENV DISTRO=centos8 +ENV LANG=en_US.utf8 +ENV LC_ALL=en_US.utf8 + +# Add EPEL. +RUN dnf -y install dnf-plugin-config-manager && \ + dnf config-manager --set-enabled powertools && \ + dnf -y install epel-release && \ + dnf -y module enable 389-ds:1.4/default && \ + dnf -y module enable mariadb:10.3 && \ + dnf -y install iputils vim-enhanced bind-utils && \ + dnf clean all +RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 + +# Install kolab +RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \ + rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8.rpm +RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \ + dnf config-manager --enable kolab-16-testing &&\ + dnf -y --setopt tsflags= install patch &&\ + dnf clean all + +RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : + +WORKDIR /root/ + +RUN dnf -y install git +RUN dnf -y group install "Development Tools" +RUN git clone https://github.com/cmollekopf/cyrus-imapd + +RUN dnf -y install autoconf automake bison cyrus-sasl-devel flex gcc gperf jansson-devel libbsd-devel libtool libicu-devel libuuid-devel openssl-devel pkgconfig sqlite-devel brotli-devel libical-devel libxml2-devel libnghttp2-devel shapelib zlib-devel pcre-devel + +RUN dnf -y install perl-devel +RUN dnf -y install cyrus-imapd cyrus-sasl cyrus-sasl-plain +# wslay-devel +#libchardet-devel + # cld2-devel + # +COPY cyrus.conf /etc/cyrus.conf +COPY imapd.conf /etc/imapd.conf +COPY imapd.annotations.conf /etc/imapd.annotations.conf +COPY saslauthd.conf /etc/saslauthd.conf + +ARG IMAP_ADMIN_LOGIN +ARG IMAP_ADMIN_PASSWORD +RUN sed -i -r \ + -e "s|IMAP_ADMIN_LOGIN|$IMAP_ADMIN_LOGIN|g" \ + -e "s|IMAP_ADMIN_PASSWORD|$IMAP_ADMIN_PASSWORD|g" \ + /etc/imapd.conf + +RUN cd cyrus-imapd && \ + git checkout dev/kolab-3.6 && \ + autoreconf -i && \ + ./configure CFLAGS="-W -Wno-unused-parameter -g -O0 -Wall -Wextra -Werror -fPIC" --enable-murder --enable-http --enable-calalarmd --enable-autocreate --enable-idled --with-openssl=yes --enable-replication --prefix=/usr && \ + make -j6 && \ + make install + +COPY cyrus-imapd.service /etc/systemd/system/cyrus-imapd.service + + +# RUN useradd -g mail cyrus + +ADD kolab.hosted.com.cert /etc/pki/tls/certs/kolab.hosted.com.cert +ADD kolab.hosted.com.chain.pem /etc/pki/tls/certs/kolab.hosted.com.chain.pem +ADD kolab.hosted.com.key /etc/pki/tls/certs/kolab.hosted.com.key +RUN mkdir -p /etc/pki/cyrus-imapd/ && cat /etc/pki/tls/certs/kolab.hosted.com.cert /etc/pki/tls/certs/kolab.hosted.com.chain.pem /etc/pki/tls/certs/kolab.hosted.com.key > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem && \ + chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + +RUN sed -i "s/MECH=.*/MECH=httpform/" /etc/sysconfig/saslauthd +RUN systemctl enable cyrus-imapd && systemctl enable saslauthd +RUN echo "csync 2005/tcp" >> /etc/services + +CMD ["/lib/systemd/systemd"] + +EXPOSE 143/tcp 993/tcp 80/tcp 443/tcp diff --git a/config.docker-dev/docker/imap-backend/cyrus-imapd.service b/config.docker-dev/docker/imap-backend/cyrus-imapd.service new file mode 100644 index 00000000..72ae96f1 --- /dev/null +++ b/config.docker-dev/docker/imap-backend/cyrus-imapd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Cyrus-imapd IMAP/POP3 email server +After=local-fs.target network-online.target + +#Requires=cyrus-imapd-init.service +#After=cyrus-imapd-init.service + +[Service] +Type=simple +#EnvironmentFile=/etc/sysconfig/cyrus-imapd +#ExecStart=/usr/libexec/cyrus-imapd/cyrus-master $CYRUSOPTIONS +ExecStart=/usr/libexec/master +PrivateTmp=true + +# Cyrus may spawn many processes in normal operation. These figures are higher +# than the defaults, but may still need to be tuned for your local +# configuration. +TasksMax=2048 +LimitNOFILE=16384 + +[Install] +WantedBy=multi-user.target diff --git a/config.docker-dev/docker/imap-backend/cyrus.conf b/config.docker-dev/docker/imap-backend/cyrus.conf new file mode 100644 index 00000000..36bcad4c --- /dev/null +++ b/config.docker-dev/docker/imap-backend/cyrus.conf @@ -0,0 +1,42 @@ +START { + # do not delete this entry! + recover cmd="ctl_cyrusdb -r" + + mupdatepush cmd="ctl_mboxlist -m" +} + +SERVICES { + + http cmd="httpd" listen="http" proto="tcp" prefork=5 + imap cmd="imapd" listen="imap" proto="tcp" prefork=5 + https cmd="httpd -s" listen="https" proto="tcp" prefork=5 + imaps cmd="imapd -s" listen="imaps" proto="tcp" prefork=1 + sieve cmd="timsieved" listen="sieve" proto="tcp" prefork=0 + lmtp cmd="lmtpd" listen="lmtp" proto="tcp" prefork=1 + lmtpunix cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=1 + syncserver cmd="sync_server" listen="csync" +} + +EVENTS { + # this is required + checkpoint cmd="ctl_cyrusdb -c" period="39" + + # Expire deleted folders older than 28 days. + deleteprune cmd="cyr_expire -E 4 -D 28" at="0400" + + # Expire deleted messages older than 28 days. + expungeprune cmd="cyr_expire -E 4 -X 28" at="0132" + + # this is only necessary if caching TLS sessions + tlsprune cmd="tls_prune" at="0400" + + # this is only necessary if using duplicate delivery suppression + delprune cmd="cyr_expire -E 3" at="0400" + +} + +DAEMON { + # this is only necessary if using idled for IMAP IDLE + idled cmd="idled" + +} diff --git a/config.docker-dev/docker/imap-backend/imapd.annotations.conf b/config.docker-dev/docker/imap-backend/imapd.annotations.conf new file mode 100644 index 00000000..3b03bfad --- /dev/null +++ b/config.docker-dev/docker/imap-backend/imapd.annotations.conf @@ -0,0 +1,11 @@ +/vendor/kolab/activesync,mailbox,string,backend,value.priv,r +/vendor/kolab/color,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/displayname,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-test,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-type,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/incidences-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/pxfb-readable-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/uniqueid,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/h-share-attr-desc,mailbox,string,backend,value.shared value.priv,a +/vendor/horde/share-params,mailbox,string,backend,value.shared value.priv,a +/vendor/x-toltec/test,mailbox,string,backend,value.shared value.priv,a diff --git a/config.docker-dev/docker/imap-backend/imapd.conf b/config.docker-dev/docker/imap-backend/imapd.conf new file mode 100644 index 00000000..9ce698d4 --- /dev/null +++ b/config.docker-dev/docker/imap-backend/imapd.conf @@ -0,0 +1,106 @@ +servername: imap-backend +configdirectory: /var/lib/imap +defaultpartition: default +metapartition_files: annotations cache expunge header index +partition-default: /var/spool/imap/ +sievedir: /var/lib/imap/sieve +annotation_definitions: /etc/imapd.annotations.conf + +autocreate_quota: 5242880 +autocreate_inbox_folders: Drafts | Trash | Sent +autocreate_subscribe_folders: Drafts | Trash | Sent +# Set specialuse flags +xlist-drafts: Drafts +xlist-sent: Sent +xlist-trash: Trash + +idlesocket: /var/lib/imap/socket/idle +disable_shared_namespace: 1 +disable_user_namespace: 1 +duplicate_db_path: /run/cyrus/db/deliver.db +mboxname_lockpath: /run/cyrus/lock +proc_path: /run/cyrus/proc +# Apparently does not work +##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db +statuscache_db_path: /run/cyrus/db/statuscache.db +temp_path: /tmp +tls_sessions_db_path: /run/cyrus/db/tls_sessions.db + +sendmail: /usr/sbin/sendmail +admins: IMAP_ADMIN_LOGIN +sasl_pwcheck_method: saslauthd +sasl_mech_list: PLAIN LOGIN +allowplaintext: yes + +lmtp_over_quota_perm_failure: 1 + +#tls_server_cert: /etc/pki/tls/private/aphy.app.pem +#tls_server_key: /etc/pki/tls/private/aphy.app.pem +#tls_server_ca_file: /etc/pki/tls/certs/zrh1.infra.aphy.app.ca.cert + +tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + +tls_client_certs: off + +tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES + +tls_prefer_server_ciphers: 1 +tls_versions: tls1_3 +maxlogins_per_user: 50 +proxyd_disable_mailbox_referrals: 0 + + +httpmodules: caldav carddav domainkey freebusy ischedule rss webdav + + + +unixhierarchysep: 1 +virtdomains: userid +sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date +allowallsubscribe: 0 +anyoneuseracl: 0 +allowusermoves: 1 +altnamespace: 1 +disconnect_on_vanished_mailbox: 1 +hashimapspool: 1 +anysievefolder: 1 +fulldirhash: 0 +sieve_maxscripts: 150 +sieve_maxscriptsize: 128 +sieveusehomedir: 0 +sieve_allowreferrals: 0 +sieve_utf8fileinto: 1 +lmtp_downcase_rcpt: 1 +lmtp_fuzzy_mailbox_match: 1 +username_tolower: 1 +deletedprefix: DELETED +delete_mode: delayed +expunge_mode: delayed +postuser: shared +tcp_keepalive: 1 + +syslog_prefix: cyrus-imapd + +calendar_default_displayname: test +addressbook_default_displayname: test + +# mupdate is enabled +mupdate_config: standard +mupdate_server: imap-mupdate +mupdate_port: 3905 +mupdate_authname: IMAP_ADMIN_LOGIN +mupdate_username: IMAP_ADMIN_LOGIN +mupdate_password: IMAP_ADMIN_PASSWORD + +# proxy authentication for these users +proxyservers: IMAP_ADMIN_LOGIN + +# sync is enabled +#sync_try_imap: 0 +#sync_log_chain: false +#sync_authname: cyrus +#sync_password: simple123 +#sync_log: 1 +#sync_repeat_interval: 10 +#sync_shutdown_file: /var/lib/imap/sync_shutdown diff --git a/config.docker-dev/docker/imap-backend/kolab.hosted.com.cert b/config.docker-dev/docker/imap-backend/kolab.hosted.com.cert new file mode 100644 index 00000000..8f8a52a2 --- /dev/null +++ b/config.docker-dev/docker/imap-backend/kolab.hosted.com.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw +MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi +Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 +iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF +RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ +ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 +VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M +s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI +5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS +6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c +EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX +iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez +3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp +k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS +ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f +rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B +jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 +8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA +Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO +6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs +kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ +2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 +Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj +RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl +FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd +GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== +-----END CERTIFICATE----- diff --git a/config.docker-dev/docker/imap-backend/kolab.hosted.com.chain.pem b/config.docker-dev/docker/imap-backend/kolab.hosted.com.chain.pem new file mode 100644 index 00000000..13e8193d --- /dev/null +++ b/config.docker-dev/docker/imap-backend/kolab.hosted.com.chain.pem @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw +MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi +Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 +iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF +RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ +ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 +VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M +s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI +5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS +6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c +EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX +iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez +3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp +k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS +ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f +rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B +jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 +8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA +Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO +6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs +kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ +2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 +Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj +RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl +FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd +GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFCzCCAvOgAwIBAgIUEvYwMxnGZGbpNdlgadZ/BTZhQaswDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMDEyMjkxODU0MDdaFw0zMDEy +MjcxODU0MDdaMBUxEzARBgNVBAoMCkV4YW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDHK/c0eG4e1/cAIHmfPKQkt3p+P2+nsXypGEKTNoHj +77vUZzuyafnO+dSW3pHVw1UV1T28a+SWdpC2DCSxD/2JQ0upybilZVRWTuL6AZjC +iIV2yyd662H39/IJz3aQuHMwbgRM4ISzoODqUMWcAUhIYEJcXwG8FYDAhgNbW1sq +DTnnpJmeD87F8mZS4cOz+dZ1bcAkaqGNye4oLjlnkvRmsUMnHeLMhS0I7R0aeca1 +xq/8CnZApnUrHHYiVPhEZqz78/lUlNIb2Gu5U0buhGoQDpeLHpeJmTdFOxtHXic4 +pGczJiEPgpPMECCiPQu6kmerm6/85v10jQNwcQZOvYbpKrow26RRyPV92QfLY5uS +Cnxq51cjefXcRNAs47rBSsJ3ZnLJcTF1BpD69ckPUDobg7vNGwtpMtmi+xyCOxYb +M03v4GyCvEXIQHm6oafcu6yoGPRGH9eR7qrrYA9+laMZFuKhdXxcXPXUgQufL6U6 +cnGIG+31wFYMn2wKufYy+3or73zE45Hzo/lBStI/U6Mkn5jBEsOErNZlAD0zt8Pa +Jw6szEK2r9IXeuv++S4ASxduOZJVQo0NIwjt3AvP/J7TenJ52FawBKM5Qx8UsC/s +cqk0SlLYRCK98dFRc5GEYVXH9WgFeJqVz/Syc73WDzrspF0G0xKIyCst80pQvAlH +wwIDAQABo1MwUTAdBgNVHQ4EFgQUDKT/J+566qUX9mufxvdWiG6o24IwHwYDVR0j +BBgwFoAUDKT/J+566qUX9mufxvdWiG6o24IwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAaJ+oOp8rHoIEt5qCuoNKb/VlR8sX7YpzfqLb+6W0QoKP +KQjHMVi2z+uwMPjCjJSSm0AYVVVAWcWI/kIW7WJ9vaFQVuutWLF00xL/yYgFcG25 +3qML8BBncHanD6EXanRXoPE/aLXnEgOHYNhg/z94hQ2JNn97UpECbzzQBqPHTC8C +CcmZXM6slYYqoylZIOqU28d7Xo6ElJEQ7AxObwMaCUXid5rUceDwZSi+9OG49kmE +Q9MNZ+d4WSnarZLHAEQh/4bdBVUln5h4l2fqQrQLDMUj2oXPwRxXk57AW+zLFtrS +lC552wbWza6IIf8SJZDy8q47/WfKD1YDmy0NfFZxEf+ZG/7zh5fjm1qlKVoAjxI9 +quG+wK27rhMn6Ddo/DDpQ7+VaszZP+TZol5Hifda3cOPoTpoA/n77L/iVynGXtD8 +dhfAfVqRWhR3JgrQWmOyJ2SAc6Z1Ao68qBG+q9HXdIPjKS3Pj/EexMMVL0Qfbtfz +y26ZSlgQPSc9qmKcAYb9babzdf8ioq0f0UheM4QW0g4u5/TNpa+QcSCmdp5GfqMb +eeCXzExsrvcCUp0bPiXwLYCLYTZNgYW2wMsQVJDmlZuTTWikEcPG6QJYgMUPGyCH +UsAua3te00Dj9ikR8bMaXJc9ZEFPZzLyz1IbDyiRfBLVCKX+dH3VXQ7l0BnBmB8= +-----END CERTIFICATE----- diff --git a/config.docker-dev/docker/imap-backend/kolab.hosted.com.key b/config.docker-dev/docker/imap-backend/kolab.hosted.com.key new file mode 100644 index 00000000..3dcac097 --- /dev/null +++ b/config.docker-dev/docker/imap-backend/kolab.hosted.com.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAsS/OOIkDFE1+N2FkPlP3g4HOc9JDCBXz2soZC+VBYJnn2fM8 +IouRMCuyri3dDSuKhSiThUUZKYS1gGLoRHpu4320aq8XCrmXcmOu6RFiJVXv/YWv +UWgGthE/brcq3nRZOTMIELo0AN+3KXikRWUPemBYWbRhh9e8frG3mUH1EOkMKMXX +OGQxY9bUOFgoIUx0pUSCOFShAOj0cgQY1MmC6wo8gVYo4qles2/v+W4h8W+QobQ3 +Hg/oLQFqxkaUB7NlrEh9TLOxW0/EtrF0+W4NQTWWUUq3C5i2g+thjpm8YhtVd6lP +oid9dRcLFFaOsTH7ipnDyOV+QQtmrUHtc1kc38jNO+s/urwbFI4nvbJM/NQmPONT +yoMf+lT3gqRE2L9pGmKnUugEnVVSr/1BVNkwG8FKaaNqw9dID2lR+LYUwzh+vGec +Feck3lkic5+yqo/CCy0OnBD1q9b16lw54q9GxQ4aaa6sDJA8W2djZFSPYCDrGXBC +MryVef/aY03WyljwlKwQ14iQJck8feTPwfVCvYffGYsZ6TnAxmNoDYRolkhgDZV5 +4XyK6a2tN6L9hl5hZ80ns95h+b6r7n0WbxHAZg1v1VHVQA4dm5ulFRwH640q5a50 +iBD0TKZclidFcMhu1FLI6ZPNUNT1P1kppDMqOWp/6cL8V2E4wDpvglYUdZMCAwEA +AQKCAgACxLx0Ja/moU9Xji4Cy00SwPR42tAxUCZ/RKkfhnV/DOiSfzpxT7z1A7nG +/vB1RDjl27xyWKIMBAbR+rmmWENjSpOHFzVE9aFoKCaTfbIK40zcqToUC4wPTDWx +hSsmTqsWObXmjQJDATvbagcnDm0vfFHlFOxxMu2/DQfRXTZ3DS0jdfPm7anX5YNr +XfVCj+9Cpc9jEe9yFDG9llLNAFkLUx2e57m70Omp5BXbz9y36QZZgHdcAOOf0GXa +sz+c3zC3gGp0yFn9E0H/mMY7H30Vh8DRhFlX1QsFBKiBkeVfow2y0PJtljBfo/yI +VNHl8uH7SGvGt89BNOxlyKHtK3dIASx3z2E+hJMHIVrxReJS1ySf+cnhfONkCx6g +R+HcvD9dMyJtpyrTQmFsVaYBXWoJMYoRuEbXtYT7JwA2PWPcSr66J8S3WrkbbrWW +pI8gHofJrz63AJ7l3Da/90hNCrqd6AzlLmaK3q2Ev2Fd0sLrQ6a3fnZDyyLZwUyv +0IHwR1lnzLUHGh4QevMTOmU3aqUYt+dCXSG8uD9U3N0SFTpAE5q/AcQJciqxcdqW +J0kWfwVHA7OQIgGFdCk9ZbL/uOrUQ+3yPBJwbYaHk9GXkEekolEmbg2ZcUJ1fql+ +vX2prJkb7Zy4F5CiI5hBaI/VS5Fb3ysCqT+lExsMJXsbN+BgAQKCAQEA6QnAWhfT +gHMgoaPlDweDMKf3mNxhKXgACEopOo/yfZhCoSF1rwGA3c/1m4afFZzVT94m0XUt +/pJkQVCFmGapBVqfUUQZ15VVA6D0pOTs6LoryIUgkRm3H+wQl/IRWXm4iZU/Jx8z +5WSf6EX2l/DAv8SMGUOC3+HeIrJB5Vlew0JTBjeFTNNVkS7pJHDh3g68RsVn3OhA +k0koDZiZqsDiE3/m9c2CQ9rrSM2o9g2w2zsr5Zbn5JW1xYqdttJFnAdoj8E+SCaK +2uzvQ4JlIbMLT+QZxF/fjfcPZ0BxeAmQ74Y3tCrVjwE1zd/o0p8H6/IfNAPxCrUg +PvtqApI7kslNdwKCAQEAwqU8muRtx0UG0/8wbl9LRaB9sACXqG++rAJ/ySu+usp7 +IZ2q0uSBKlcMnST06LmfjJtyO9GWwYmAKSojtyeujGLjdqA0M3H/YUAocVySPQ3R +om/rqmJV7+LOQja8k+Lj2dHbtJ6HXL7gRZYgtG8dvKfEC44fgwpi04vaHA05Q0J4 +HqRecnIp9yoJYkJsIBMqARsglSsyJ3RXSVO3RpJgvit/fumRq6cXQd2ONSBjfDS5 +qOvWlWJmjXTtCirOexWxzSEMiIOVNXNlwdfXgoelv9ScHRLIzAOM91zK8CIVSDZ6 +8HSm8p2t+HwWUjslbY4+FMODp7OicjWGFg0aBGUvxQKCAQB5EoDmDdTrumSsthru +mQeWwt2HhI/SXK8fn3AWJe1lRTLwxhJ/TvelxkKjf+is8ON+cDuYvRmdVm9R48TU +7hlIV9HIBeqrL8GQdhJEjU9shjTzI/9Mg6C5rAre9nv/EZdHm8vIxpROzN2rbpX0 +ULfDqhjjk0iuiom/Wv+TacArEA1UgIn35SBioo2sSh1/Iga9ehhBFEVggDSYA71q +knWijePvtsrD+DwfggITe/9zlyVyTdnCz+k1bZQNBOf3bX3smgiCscuYfFq+p0Nl +o8Dvy+F7PhhGiKJvEXMiW036s6/DIjH77zQF9xveOZODCTMe8iFMX9gWAMcN+O2M +kJt3AoIBAQCxPPz+ndpIhVY+XDShjCxibk2EokV2nqokvvHVIPw/4nhUl9kgx+nF +wBZAUZKhB8V8p19RkPuRp78HvNNgx8VtF+6/6gkef0NoLp+k+gI/jgHBw9/3+ir+ +kKv4Jxd4IjYP9cP1qBTiIvzc4GNPaY7OZoVhcDzJef+bWdF1kaT+1dvDKzDFTadg +5Oo+ivUiD9FDyIvWyMqWmp2Qq6ZLoKZvA/TIf66hezj2RORlA+UTCH+2jWmMBVoU +nM/rXic+dPa+LsXW2NpZHYcfB4e52ALZtqOg5aXp/6Gw7NHt71spslIn+lC6w1HS +3ksE/c6K/+cPyShs4GmfTZWXJr72GZ1xAoIBAAK7gQb3/WCQpTiPh/v7Qnl6hQZD +y+T8fprWBXskU5A7NbIE44DdltPe4LLsVMHpNlqRpYCz+3bHTmPDHd+IHJHZm9Ik +4gUXjPMzzkF9qQ2lyNWvnH2bHlSeHUg/3ZCXpmc8l0pmAeRxhOxzBaFgjt8N3Z5n +FIc25xJ9ki3stySf6baWmTWFscCFn8eBJrQ8mNLXpBM2iXM1e5D8Bu2VZK6nJGtz +QCChvsHspsTmRsGvemBk27gkvKAG0K8u84T5XBRwog7MWx8XThVqNcns6kejeYQs +CNRvuLj7gEQwMPzW2p/tLbSU82oDKQTICeyPwfS/fMl/6NYRaTdABc6KIME= +-----END RSA PRIVATE KEY----- diff --git a/config.docker-dev/docker/imap-backend/saslauthd.conf b/config.docker-dev/docker/imap-backend/saslauthd.conf new file mode 100644 index 00000000..2bfbc097 --- /dev/null +++ b/config.docker-dev/docker/imap-backend/saslauthd.conf @@ -0,0 +1,4 @@ +httpform_host: services.kolab.local +httpform_port: 8000 +httpform_uri: /api/webhooks/cyrus-sasl/ +httpform_data: %u %r %p diff --git a/config.docker-dev/docker/imap-frontend/Dockerfile b/config.docker-dev/docker/imap-frontend/Dockerfile new file mode 100644 index 00000000..d1af7c7b --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/Dockerfile @@ -0,0 +1,82 @@ +FROM almalinux:8 + +LABEL maintainer="contact@apheleia-it.ch" +LABEL dist=centos8 +LABEL tier=${TIER} + +ENV SYSTEMD_PAGER='' +ENV DISTRO=centos8 +ENV LANG=en_US.utf8 +ENV LC_ALL=en_US.utf8 + +# Add EPEL. +RUN dnf -y install dnf-plugin-config-manager && \ + dnf config-manager --set-enabled powertools && \ + dnf -y install epel-release && \ + dnf -y module enable 389-ds:1.4/default && \ + dnf -y module enable mariadb:10.3 && \ + dnf -y install iputils vim-enhanced bind-utils && \ + dnf clean all +RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 + +# Install kolab +RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \ + rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8.rpm +RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \ + dnf config-manager --enable kolab-16-testing &&\ + dnf -y --setopt tsflags= install patch &&\ + dnf clean all + +RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : + +WORKDIR /root/ + +RUN dnf -y install git +RUN dnf -y group install "Development Tools" +RUN git clone https://github.com/cmollekopf/cyrus-imapd + +RUN dnf -y install autoconf automake bison cyrus-sasl-devel flex gcc gperf jansson-devel libbsd-devel libtool libicu-devel libuuid-devel openssl-devel pkgconfig sqlite-devel brotli-devel libical-devel libxml2-devel libnghttp2-devel shapelib zlib-devel pcre-devel + +RUN dnf -y install perl-devel +RUN dnf -y install cyrus-imapd cyrus-sasl cyrus-sasl-plain +# wslay-devel +#libchardet-devel + # cld2-devel + # +COPY cyrus.conf /etc/cyrus.conf +COPY imapd.conf /etc/imapd.conf +COPY imapd.annotations.conf /etc/imapd.annotations.conf +COPY saslauthd.conf /etc/saslauthd.conf + + +ARG IMAP_ADMIN_LOGIN +ARG IMAP_ADMIN_PASSWORD +RUN sed -i -r \ + -e "s|IMAP_ADMIN_LOGIN|$IMAP_ADMIN_LOGIN|g" \ + -e "s|IMAP_ADMIN_PASSWORD|$IMAP_ADMIN_PASSWORD|g" \ + /etc/imapd.conf + +RUN cd cyrus-imapd && \ + git checkout dev/kolab-3.6 && \ + autoreconf -i && \ + ./configure CFLAGS="-W -Wno-unused-parameter -g -O0 -Wall -Wextra -Werror -fPIC" --enable-murder --enable-http --enable-calalarmd --enable-autocreate --enable-idled --with-openssl=yes --prefix=/usr && \ + make -j6 && \ + make install + +COPY cyrus-imapd.service /etc/systemd/system/cyrus-imapd.service + + +# RUN useradd -g mail cyrus + +ADD kolab.hosted.com.cert /etc/pki/tls/certs/kolab.hosted.com.cert +ADD kolab.hosted.com.chain.pem /etc/pki/tls/certs/kolab.hosted.com.chain.pem +ADD kolab.hosted.com.key /etc/pki/tls/certs/kolab.hosted.com.key +RUN mkdir -p /etc/pki/cyrus-imapd/ && cat /etc/pki/tls/certs/kolab.hosted.com.cert /etc/pki/tls/certs/kolab.hosted.com.chain.pem /etc/pki/tls/certs/kolab.hosted.com.key > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem && \ + chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + +RUN sed -i "s/MECH=.*/MECH=httpform/" /etc/sysconfig/saslauthd +RUN systemctl enable cyrus-imapd && systemctl enable saslauthd + +CMD ["/lib/systemd/systemd"] + +EXPOSE 143/tcp 993/tcp 80/tcp 443/tcp diff --git a/config.docker-dev/docker/imap-frontend/cyrus-imapd-init.service b/config.docker-dev/docker/imap-frontend/cyrus-imapd-init.service new file mode 100644 index 00000000..07909aa7 --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/cyrus-imapd-init.service @@ -0,0 +1,12 @@ +[Unit] +Description=One-time configuration for cyrus-imapd + +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd.pem +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-key.pem +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-ca.pem + +[Service] +Type=oneshot +Group=mail +RemainAfterExit=no +ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem --cert-key-mode=0640 diff --git a/config.docker-dev/docker/imap-frontend/cyrus-imapd.service b/config.docker-dev/docker/imap-frontend/cyrus-imapd.service new file mode 100644 index 00000000..72ae96f1 --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/cyrus-imapd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Cyrus-imapd IMAP/POP3 email server +After=local-fs.target network-online.target + +#Requires=cyrus-imapd-init.service +#After=cyrus-imapd-init.service + +[Service] +Type=simple +#EnvironmentFile=/etc/sysconfig/cyrus-imapd +#ExecStart=/usr/libexec/cyrus-imapd/cyrus-master $CYRUSOPTIONS +ExecStart=/usr/libexec/master +PrivateTmp=true + +# Cyrus may spawn many processes in normal operation. These figures are higher +# than the defaults, but may still need to be tuned for your local +# configuration. +TasksMax=2048 +LimitNOFILE=16384 + +[Install] +WantedBy=multi-user.target diff --git a/config.docker-dev/docker/imap-frontend/cyrus.conf b/config.docker-dev/docker/imap-frontend/cyrus.conf new file mode 100644 index 00000000..16842d35 --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/cyrus.conf @@ -0,0 +1,26 @@ +START { + # do not delete this entry! + recover cmd="ctl_cyrusdb -r" + + +} + +SERVICES { + mupdate cmd="mupdate" listen=3905 prefork=1 + + imap cmd="proxyd" listen="imap" proto="tcp" prefork=1 maxchild=4096 + imaps cmd="proxyd -s" listen="imaps" proto="tcp" prefork=1 maxchild=4096 + http cmd="httpd" listen="http" prefork=0 + https cmd="httpd -s" listen="https" prefork=0 + sieve cmd="timsieved" listen="sieve" proto="tcp" prefork=1 + lmtp cmd="lmtpproxyd -a" listen="lmtp" proto="tcp" prefork=2 +} + +EVENTS { + # this is required + checkpoint cmd="ctl_cyrusdb -c" period="30" + + # this is only necessary if caching TLS sessions + tlsprune cmd="tls_prune" at="0400" + +} diff --git a/config.docker-dev/docker/imap-frontend/imapd.annotations.conf b/config.docker-dev/docker/imap-frontend/imapd.annotations.conf new file mode 100644 index 00000000..3b03bfad --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/imapd.annotations.conf @@ -0,0 +1,11 @@ +/vendor/kolab/activesync,mailbox,string,backend,value.priv,r +/vendor/kolab/color,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/displayname,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-test,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-type,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/incidences-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/pxfb-readable-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/uniqueid,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/h-share-attr-desc,mailbox,string,backend,value.shared value.priv,a +/vendor/horde/share-params,mailbox,string,backend,value.shared value.priv,a +/vendor/x-toltec/test,mailbox,string,backend,value.shared value.priv,a diff --git a/config.docker-dev/docker/imap-frontend/imapd.conf b/config.docker-dev/docker/imap-frontend/imapd.conf new file mode 100644 index 00000000..dfeccd84 --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/imapd.conf @@ -0,0 +1,90 @@ +servername: imap-frontend +configdirectory: /var/lib/imap + +autocreate_quota: 5242880 + +idlesocket: /var/lib/imap/socket/idle +disable_shared_namespace: 1 +disable_user_namespace: 1 +duplicate_db_path: /var/lib/imap/deliver.db +mboxname_lockpath: /var/lib/imap/lock +proc_path: /var/lib/imap/proc +# Apparently does not work +##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db +statuscache_db_path: /var/lib/imap/statuscache.db +temp_path: /tmp +tls_sessions_db_path: /run/cyrus/db/tls_sessions.db +annotation_definitions: /etc/imapd.annotations.conf + +sendmail: /usr/sbin/sendmail +admins: IMAP_ADMIN_LOGIN +sasl_pwcheck_method: saslauthd +sasl_mech_list: PLAIN LOGIN +allowplaintext: yes + +lmtp_over_quota_perm_failure: 1 + +#tls_server_cert: /etc/pki/tls/private/aphy.app.pem +#tls_server_key: /etc/pki/tls/private/aphy.app.pem +#tls_server_ca_file: /etc/pki/tls/certs/zrh1.infra.aphy.app.ca.cert +tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + +tls_client_certs: off + +tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES + +tls_prefer_server_ciphers: 1 +sieve_tls_versions: tls1_0 tls1_1 tls1_2 +tls_versions: tls1_3 +maxlogins_per_user: 50 +# Disable mailbox referrals for all clients, as the referrals will point +# addresses the client cannot reach. +proxyd_disable_mailbox_referrals: 1 + +serverlist: imap-backend + +httpmodules: caldav carddav domainkey freebusy ischedule rss webdav + + + +unixhierarchysep: 1 +virtdomains: userid +sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date +allowallsubscribe: 0 +anyoneuseracl: 0 +allowusermoves: 1 +altnamespace: 1 +disconnect_on_vanished_mailbox: 1 +hashimapspool: 1 +anysievefolder: 1 +fulldirhash: 0 +sieve_maxscripts: 150 +sieve_maxscriptsize: 128 +sieveusehomedir: 0 +sieve_allowreferrals: 0 +sieve_utf8fileinto: 1 +lmtp_downcase_rcpt: 1 +lmtp_fuzzy_mailbox_match: 1 +username_tolower: 1 +deletedprefix: DELETED +delete_mode: delayed +expunge_mode: delayed +postuser: shared +tcp_keepalive: 1 + +syslog_prefix: cyrus-imapd + + + +# mupdate is enabled +#mupdate_config: standard +mupdate_server: imap-mupdate +mupdate_port: 3905 +mupdate_authname: IMAP_ADMIN_LOGIN +mupdate_username: IMAP_ADMIN_LOGIN +mupdate_password: IMAP_ADMIN_PASSWORD + +# proxy authentication against backends +proxy_authname: IMAP_ADMIN_LOGIN +proxy_password: IMAP_ADMIN_PASSWORD diff --git a/config.docker-dev/docker/imap-frontend/kolab.hosted.com.cert b/config.docker-dev/docker/imap-frontend/kolab.hosted.com.cert new file mode 100644 index 00000000..8f8a52a2 --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/kolab.hosted.com.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw +MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi +Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 +iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF +RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ +ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 +VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M +s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI +5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS +6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c +EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX +iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez +3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp +k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS +ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f +rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B +jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 +8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA +Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO +6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs +kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ +2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 +Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj +RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl +FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd +GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== +-----END CERTIFICATE----- diff --git a/config.docker-dev/docker/imap-frontend/kolab.hosted.com.chain.pem b/config.docker-dev/docker/imap-frontend/kolab.hosted.com.chain.pem new file mode 100644 index 00000000..13e8193d --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/kolab.hosted.com.chain.pem @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw +MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi +Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 +iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF +RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ +ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 +VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M +s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI +5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS +6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c +EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX +iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez +3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp +k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS +ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f +rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B +jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 +8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA +Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO +6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs +kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ +2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 +Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj +RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl +FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd +GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFCzCCAvOgAwIBAgIUEvYwMxnGZGbpNdlgadZ/BTZhQaswDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMDEyMjkxODU0MDdaFw0zMDEy +MjcxODU0MDdaMBUxEzARBgNVBAoMCkV4YW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDHK/c0eG4e1/cAIHmfPKQkt3p+P2+nsXypGEKTNoHj +77vUZzuyafnO+dSW3pHVw1UV1T28a+SWdpC2DCSxD/2JQ0upybilZVRWTuL6AZjC +iIV2yyd662H39/IJz3aQuHMwbgRM4ISzoODqUMWcAUhIYEJcXwG8FYDAhgNbW1sq +DTnnpJmeD87F8mZS4cOz+dZ1bcAkaqGNye4oLjlnkvRmsUMnHeLMhS0I7R0aeca1 +xq/8CnZApnUrHHYiVPhEZqz78/lUlNIb2Gu5U0buhGoQDpeLHpeJmTdFOxtHXic4 +pGczJiEPgpPMECCiPQu6kmerm6/85v10jQNwcQZOvYbpKrow26RRyPV92QfLY5uS +Cnxq51cjefXcRNAs47rBSsJ3ZnLJcTF1BpD69ckPUDobg7vNGwtpMtmi+xyCOxYb +M03v4GyCvEXIQHm6oafcu6yoGPRGH9eR7qrrYA9+laMZFuKhdXxcXPXUgQufL6U6 +cnGIG+31wFYMn2wKufYy+3or73zE45Hzo/lBStI/U6Mkn5jBEsOErNZlAD0zt8Pa +Jw6szEK2r9IXeuv++S4ASxduOZJVQo0NIwjt3AvP/J7TenJ52FawBKM5Qx8UsC/s +cqk0SlLYRCK98dFRc5GEYVXH9WgFeJqVz/Syc73WDzrspF0G0xKIyCst80pQvAlH +wwIDAQABo1MwUTAdBgNVHQ4EFgQUDKT/J+566qUX9mufxvdWiG6o24IwHwYDVR0j +BBgwFoAUDKT/J+566qUX9mufxvdWiG6o24IwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAaJ+oOp8rHoIEt5qCuoNKb/VlR8sX7YpzfqLb+6W0QoKP +KQjHMVi2z+uwMPjCjJSSm0AYVVVAWcWI/kIW7WJ9vaFQVuutWLF00xL/yYgFcG25 +3qML8BBncHanD6EXanRXoPE/aLXnEgOHYNhg/z94hQ2JNn97UpECbzzQBqPHTC8C +CcmZXM6slYYqoylZIOqU28d7Xo6ElJEQ7AxObwMaCUXid5rUceDwZSi+9OG49kmE +Q9MNZ+d4WSnarZLHAEQh/4bdBVUln5h4l2fqQrQLDMUj2oXPwRxXk57AW+zLFtrS +lC552wbWza6IIf8SJZDy8q47/WfKD1YDmy0NfFZxEf+ZG/7zh5fjm1qlKVoAjxI9 +quG+wK27rhMn6Ddo/DDpQ7+VaszZP+TZol5Hifda3cOPoTpoA/n77L/iVynGXtD8 +dhfAfVqRWhR3JgrQWmOyJ2SAc6Z1Ao68qBG+q9HXdIPjKS3Pj/EexMMVL0Qfbtfz +y26ZSlgQPSc9qmKcAYb9babzdf8ioq0f0UheM4QW0g4u5/TNpa+QcSCmdp5GfqMb +eeCXzExsrvcCUp0bPiXwLYCLYTZNgYW2wMsQVJDmlZuTTWikEcPG6QJYgMUPGyCH +UsAua3te00Dj9ikR8bMaXJc9ZEFPZzLyz1IbDyiRfBLVCKX+dH3VXQ7l0BnBmB8= +-----END CERTIFICATE----- diff --git a/config.docker-dev/docker/imap-frontend/kolab.hosted.com.key b/config.docker-dev/docker/imap-frontend/kolab.hosted.com.key new file mode 100644 index 00000000..3dcac097 --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/kolab.hosted.com.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAsS/OOIkDFE1+N2FkPlP3g4HOc9JDCBXz2soZC+VBYJnn2fM8 +IouRMCuyri3dDSuKhSiThUUZKYS1gGLoRHpu4320aq8XCrmXcmOu6RFiJVXv/YWv +UWgGthE/brcq3nRZOTMIELo0AN+3KXikRWUPemBYWbRhh9e8frG3mUH1EOkMKMXX +OGQxY9bUOFgoIUx0pUSCOFShAOj0cgQY1MmC6wo8gVYo4qles2/v+W4h8W+QobQ3 +Hg/oLQFqxkaUB7NlrEh9TLOxW0/EtrF0+W4NQTWWUUq3C5i2g+thjpm8YhtVd6lP +oid9dRcLFFaOsTH7ipnDyOV+QQtmrUHtc1kc38jNO+s/urwbFI4nvbJM/NQmPONT +yoMf+lT3gqRE2L9pGmKnUugEnVVSr/1BVNkwG8FKaaNqw9dID2lR+LYUwzh+vGec +Feck3lkic5+yqo/CCy0OnBD1q9b16lw54q9GxQ4aaa6sDJA8W2djZFSPYCDrGXBC +MryVef/aY03WyljwlKwQ14iQJck8feTPwfVCvYffGYsZ6TnAxmNoDYRolkhgDZV5 +4XyK6a2tN6L9hl5hZ80ns95h+b6r7n0WbxHAZg1v1VHVQA4dm5ulFRwH640q5a50 +iBD0TKZclidFcMhu1FLI6ZPNUNT1P1kppDMqOWp/6cL8V2E4wDpvglYUdZMCAwEA +AQKCAgACxLx0Ja/moU9Xji4Cy00SwPR42tAxUCZ/RKkfhnV/DOiSfzpxT7z1A7nG +/vB1RDjl27xyWKIMBAbR+rmmWENjSpOHFzVE9aFoKCaTfbIK40zcqToUC4wPTDWx +hSsmTqsWObXmjQJDATvbagcnDm0vfFHlFOxxMu2/DQfRXTZ3DS0jdfPm7anX5YNr +XfVCj+9Cpc9jEe9yFDG9llLNAFkLUx2e57m70Omp5BXbz9y36QZZgHdcAOOf0GXa +sz+c3zC3gGp0yFn9E0H/mMY7H30Vh8DRhFlX1QsFBKiBkeVfow2y0PJtljBfo/yI +VNHl8uH7SGvGt89BNOxlyKHtK3dIASx3z2E+hJMHIVrxReJS1ySf+cnhfONkCx6g +R+HcvD9dMyJtpyrTQmFsVaYBXWoJMYoRuEbXtYT7JwA2PWPcSr66J8S3WrkbbrWW +pI8gHofJrz63AJ7l3Da/90hNCrqd6AzlLmaK3q2Ev2Fd0sLrQ6a3fnZDyyLZwUyv +0IHwR1lnzLUHGh4QevMTOmU3aqUYt+dCXSG8uD9U3N0SFTpAE5q/AcQJciqxcdqW +J0kWfwVHA7OQIgGFdCk9ZbL/uOrUQ+3yPBJwbYaHk9GXkEekolEmbg2ZcUJ1fql+ +vX2prJkb7Zy4F5CiI5hBaI/VS5Fb3ysCqT+lExsMJXsbN+BgAQKCAQEA6QnAWhfT +gHMgoaPlDweDMKf3mNxhKXgACEopOo/yfZhCoSF1rwGA3c/1m4afFZzVT94m0XUt +/pJkQVCFmGapBVqfUUQZ15VVA6D0pOTs6LoryIUgkRm3H+wQl/IRWXm4iZU/Jx8z +5WSf6EX2l/DAv8SMGUOC3+HeIrJB5Vlew0JTBjeFTNNVkS7pJHDh3g68RsVn3OhA +k0koDZiZqsDiE3/m9c2CQ9rrSM2o9g2w2zsr5Zbn5JW1xYqdttJFnAdoj8E+SCaK +2uzvQ4JlIbMLT+QZxF/fjfcPZ0BxeAmQ74Y3tCrVjwE1zd/o0p8H6/IfNAPxCrUg +PvtqApI7kslNdwKCAQEAwqU8muRtx0UG0/8wbl9LRaB9sACXqG++rAJ/ySu+usp7 +IZ2q0uSBKlcMnST06LmfjJtyO9GWwYmAKSojtyeujGLjdqA0M3H/YUAocVySPQ3R +om/rqmJV7+LOQja8k+Lj2dHbtJ6HXL7gRZYgtG8dvKfEC44fgwpi04vaHA05Q0J4 +HqRecnIp9yoJYkJsIBMqARsglSsyJ3RXSVO3RpJgvit/fumRq6cXQd2ONSBjfDS5 +qOvWlWJmjXTtCirOexWxzSEMiIOVNXNlwdfXgoelv9ScHRLIzAOM91zK8CIVSDZ6 +8HSm8p2t+HwWUjslbY4+FMODp7OicjWGFg0aBGUvxQKCAQB5EoDmDdTrumSsthru +mQeWwt2HhI/SXK8fn3AWJe1lRTLwxhJ/TvelxkKjf+is8ON+cDuYvRmdVm9R48TU +7hlIV9HIBeqrL8GQdhJEjU9shjTzI/9Mg6C5rAre9nv/EZdHm8vIxpROzN2rbpX0 +ULfDqhjjk0iuiom/Wv+TacArEA1UgIn35SBioo2sSh1/Iga9ehhBFEVggDSYA71q +knWijePvtsrD+DwfggITe/9zlyVyTdnCz+k1bZQNBOf3bX3smgiCscuYfFq+p0Nl +o8Dvy+F7PhhGiKJvEXMiW036s6/DIjH77zQF9xveOZODCTMe8iFMX9gWAMcN+O2M +kJt3AoIBAQCxPPz+ndpIhVY+XDShjCxibk2EokV2nqokvvHVIPw/4nhUl9kgx+nF +wBZAUZKhB8V8p19RkPuRp78HvNNgx8VtF+6/6gkef0NoLp+k+gI/jgHBw9/3+ir+ +kKv4Jxd4IjYP9cP1qBTiIvzc4GNPaY7OZoVhcDzJef+bWdF1kaT+1dvDKzDFTadg +5Oo+ivUiD9FDyIvWyMqWmp2Qq6ZLoKZvA/TIf66hezj2RORlA+UTCH+2jWmMBVoU +nM/rXic+dPa+LsXW2NpZHYcfB4e52ALZtqOg5aXp/6Gw7NHt71spslIn+lC6w1HS +3ksE/c6K/+cPyShs4GmfTZWXJr72GZ1xAoIBAAK7gQb3/WCQpTiPh/v7Qnl6hQZD +y+T8fprWBXskU5A7NbIE44DdltPe4LLsVMHpNlqRpYCz+3bHTmPDHd+IHJHZm9Ik +4gUXjPMzzkF9qQ2lyNWvnH2bHlSeHUg/3ZCXpmc8l0pmAeRxhOxzBaFgjt8N3Z5n +FIc25xJ9ki3stySf6baWmTWFscCFn8eBJrQ8mNLXpBM2iXM1e5D8Bu2VZK6nJGtz +QCChvsHspsTmRsGvemBk27gkvKAG0K8u84T5XBRwog7MWx8XThVqNcns6kejeYQs +CNRvuLj7gEQwMPzW2p/tLbSU82oDKQTICeyPwfS/fMl/6NYRaTdABc6KIME= +-----END RSA PRIVATE KEY----- diff --git a/config.docker-dev/docker/imap-frontend/saslauthd.conf b/config.docker-dev/docker/imap-frontend/saslauthd.conf new file mode 100644 index 00000000..2bfbc097 --- /dev/null +++ b/config.docker-dev/docker/imap-frontend/saslauthd.conf @@ -0,0 +1,4 @@ +httpform_host: services.kolab.local +httpform_port: 8000 +httpform_uri: /api/webhooks/cyrus-sasl/ +httpform_data: %u %r %p diff --git a/config.docker-dev/docker/imap-legacy/Dockerfile b/config.docker-dev/docker/imap-legacy/Dockerfile new file mode 100644 index 00000000..389a5095 --- /dev/null +++ b/config.docker-dev/docker/imap-legacy/Dockerfile @@ -0,0 +1,43 @@ +FROM quay.io/centos/centos:7 + +LABEL maintainer="contact@apheleia-it.ch" +LABEL dist=centos7 +LABEL tier=${TIER} + +ENV SYSTEMD_PAGER='' +ENV DISTRO=centos7 +ENV LANG=en_US.utf8 +ENV LC_ALL=en_US.utf8 + +# Add EPEL. +RUN rpm -Uhv https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \ + yum -y install yum-plugin-priorities && \ + rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \ + yum -y install https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el7.rpm && \ + sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \ + yum -y --setopt tsflags= install patch cyrus-imapd cyrus-sasl cyrus-sasl-plain &&\ + yum clean all + +RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : + +WORKDIR /root/ + +COPY cyrus.conf /etc/cyrus.conf +COPY imapd.conf /etc/imapd.conf +COPY imapd.annotations.conf /etc/imapd.annotations.conf +COPY saslauthd.conf /etc/saslauthd.conf + +ADD kolab.hosted.com.cert /etc/pki/tls/certs/kolab.hosted.com.cert +ADD kolab.hosted.com.chain.pem /etc/pki/tls/certs/kolab.hosted.com.chain.pem +ADD kolab.hosted.com.key /etc/pki/tls/certs/kolab.hosted.com.key +RUN mkdir -p /etc/pki/cyrus-imapd/ && cat /etc/pki/tls/certs/kolab.hosted.com.cert /etc/pki/tls/certs/kolab.hosted.com.chain.pem /etc/pki/tls/certs/kolab.hosted.com.key > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem && \ + chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +RUN mkdir /run/cyrus && chmod 777 /run/cyrus + + +RUN sed -i "s/MECH=.*/MECH=httpform/" /etc/sysconfig/saslauthd +RUN systemctl enable cyrus-imapd && systemctl enable saslauthd + +CMD ["/lib/systemd/systemd"] + +EXPOSE 143/tcp 993/tcp 80/tcp 443/tcp diff --git a/config.docker-dev/docker/imap-legacy/cyrus.conf b/config.docker-dev/docker/imap-legacy/cyrus.conf new file mode 100644 index 00000000..f3ea68d4 --- /dev/null +++ b/config.docker-dev/docker/imap-legacy/cyrus.conf @@ -0,0 +1,38 @@ +START { + # do not delete this entry! + recover cmd="ctl_cyrusdb -r" + + #mupdatepush cmd="ctl_mboxlist -m" +} + +SERVICES { + imap cmd="imapd" listen="imap" proto="tcp" prefork=5 + imaps cmd="imapd -s" listen="imaps" proto="tcp" prefork=1 + sieve cmd="timsieved" listen="sieve" proto="tcp" prefork=0 + #lmtp cmd="lmtpd" listen="lmtp" proto="tcp" prefork=1 + #lmtpunix cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=1 +} + +EVENTS { + # this is required + checkpoint cmd="ctl_cyrusdb -c" period="39" + + # Expire deleted folders older than 28 days. + deleteprune cmd="cyr_expire -E 4 -D 28" at="0400" + + # Expire deleted messages older than 28 days. + expungeprune cmd="cyr_expire -E 4 -X 28" at="0132" + + # this is only necessary if caching TLS sessions + tlsprune cmd="tls_prune" at="0400" + + # this is only necessary if using duplicate delivery suppression + delprune cmd="cyr_expire -E 3" at="0400" + +} + +DAEMON { + # this is only necessary if using idled for IMAP IDLE + idled cmd="idled" + +} diff --git a/config.docker-dev/docker/imap-legacy/imapd.annotations.conf b/config.docker-dev/docker/imap-legacy/imapd.annotations.conf new file mode 100644 index 00000000..3b03bfad --- /dev/null +++ b/config.docker-dev/docker/imap-legacy/imapd.annotations.conf @@ -0,0 +1,11 @@ +/vendor/kolab/activesync,mailbox,string,backend,value.priv,r +/vendor/kolab/color,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/displayname,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-test,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-type,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/incidences-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/pxfb-readable-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/uniqueid,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/h-share-attr-desc,mailbox,string,backend,value.shared value.priv,a +/vendor/horde/share-params,mailbox,string,backend,value.shared value.priv,a +/vendor/x-toltec/test,mailbox,string,backend,value.shared value.priv,a diff --git a/config.docker-dev/docker/imap-legacy/imapd.conf b/config.docker-dev/docker/imap-legacy/imapd.conf new file mode 100644 index 00000000..9035df93 --- /dev/null +++ b/config.docker-dev/docker/imap-legacy/imapd.conf @@ -0,0 +1,106 @@ +servername: imap-backend +configdirectory: /var/lib/imap +defaultpartition: default +metapartition_files: annotations cache expunge header index +partition-default: /var/spool/imap/ +sievedir: /var/lib/imap/sieve +annotation_definitions: /etc/imapd.annotations.conf + +autocreate_quota: 5242880 +autocreate_inbox_folders: Drafts | Trash | Sent +autocreate_subscribe_folders: Drafts | Trash | Sent +# Set specialuse flags +xlist-drafts: Drafts +xlist-sent: Sent +xlist-trash: Trash + +idlesocket: /var/lib/imap/socket/idle +disable_shared_namespace: 1 +disable_user_namespace: 1 +duplicate_db_path: /run/cyrus/db/deliver.db +mboxname_lockpath: /run/cyrus/lock +proc_path: /run/cyrus/proc +# Apparently does not work +##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db +statuscache_db_path: /run/cyrus/db/statuscache.db +temp_path: /tmp +tls_sessions_db_path: /run/cyrus/db/tls_sessions.db + +sendmail: /usr/sbin/sendmail +admins: cyrus-admin +sasl_pwcheck_method: saslauthd +sasl_mech_list: PLAIN LOGIN +allowplaintext: yes + +lmtp_over_quota_perm_failure: 1 + +#tls_server_cert: /etc/pki/tls/private/aphy.app.pem +#tls_server_key: /etc/pki/tls/private/aphy.app.pem +#tls_server_ca_file: /etc/pki/tls/certs/zrh1.infra.aphy.app.ca.cert + +tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + +tls_client_certs: off + +tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES + +tls_prefer_server_ciphers: 1 +tls_versions: tls1_3 +maxlogins_per_user: 50 +proxyd_disable_mailbox_referrals: 0 + + +httpmodules: domainkey ischedule rss + + + +unixhierarchysep: 1 +virtdomains: userid +sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date +allowallsubscribe: 0 +anyoneuseracl: 0 +allowusermoves: 1 +altnamespace: 1 +disconnect_on_vanished_mailbox: 1 +hashimapspool: 1 +anysievefolder: 1 +fulldirhash: 0 +sieve_maxscripts: 150 +sieve_maxscriptsize: 128 +sieveusehomedir: 0 +sieve_allowreferrals: 0 +sieve_utf8fileinto: 1 +lmtp_downcase_rcpt: 1 +lmtp_fuzzy_mailbox_match: 1 +username_tolower: 1 +deletedprefix: DELETED +delete_mode: delayed +expunge_mode: delayed +postuser: shared +tcp_keepalive: 1 + +syslog_prefix: cyrus-imapd + +calendar_default_displayname: test +addressbook_default_displayname: test + +# mupdate is enabled +#mupdate_config: standard +#mupdate_server: imap-mupdate +#mupdate_port: 3905 +#mupdate_authname: cyrus-admin +#mupdate_username: cyrus-admin +#mupdate_password: Welcome2KolabSystems + +# proxy authentication for these users +proxyservers: cyrus-admin + +# sync is enabled +#sync_try_imap: 0 +#sync_log_chain: false +#sync_authname: cyrus-admin +#sync_password: simple123 +#sync_log: 1 +#sync_repeat_interval: 10 +#sync_shutdown_file: /var/lib/imap/sync_shutdown diff --git a/config.docker-dev/docker/imap-legacy/kolab.hosted.com.cert b/config.docker-dev/docker/imap-legacy/kolab.hosted.com.cert new file mode 100644 index 00000000..8f8a52a2 --- /dev/null +++ b/config.docker-dev/docker/imap-legacy/kolab.hosted.com.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw +MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi +Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 +iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF +RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ +ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 +VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M +s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI +5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS +6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c +EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX +iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez +3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp +k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS +ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f +rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B +jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 +8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA +Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO +6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs +kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ +2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 +Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj +RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl +FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd +GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== +-----END CERTIFICATE----- diff --git a/config.docker-dev/docker/imap-legacy/kolab.hosted.com.chain.pem b/config.docker-dev/docker/imap-legacy/kolab.hosted.com.chain.pem new file mode 100644 index 00000000..13e8193d --- /dev/null +++ b/config.docker-dev/docker/imap-legacy/kolab.hosted.com.chain.pem @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw +MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi +Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 +iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF +RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ +ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 +VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M +s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI +5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS +6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c +EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX +iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez +3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp +k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS +ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f +rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B +jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 +8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA +Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO +6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs +kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ +2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 +Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj +RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl +FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd +GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFCzCCAvOgAwIBAgIUEvYwMxnGZGbpNdlgadZ/BTZhQaswDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMDEyMjkxODU0MDdaFw0zMDEy +MjcxODU0MDdaMBUxEzARBgNVBAoMCkV4YW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDHK/c0eG4e1/cAIHmfPKQkt3p+P2+nsXypGEKTNoHj +77vUZzuyafnO+dSW3pHVw1UV1T28a+SWdpC2DCSxD/2JQ0upybilZVRWTuL6AZjC +iIV2yyd662H39/IJz3aQuHMwbgRM4ISzoODqUMWcAUhIYEJcXwG8FYDAhgNbW1sq +DTnnpJmeD87F8mZS4cOz+dZ1bcAkaqGNye4oLjlnkvRmsUMnHeLMhS0I7R0aeca1 +xq/8CnZApnUrHHYiVPhEZqz78/lUlNIb2Gu5U0buhGoQDpeLHpeJmTdFOxtHXic4 +pGczJiEPgpPMECCiPQu6kmerm6/85v10jQNwcQZOvYbpKrow26RRyPV92QfLY5uS +Cnxq51cjefXcRNAs47rBSsJ3ZnLJcTF1BpD69ckPUDobg7vNGwtpMtmi+xyCOxYb +M03v4GyCvEXIQHm6oafcu6yoGPRGH9eR7qrrYA9+laMZFuKhdXxcXPXUgQufL6U6 +cnGIG+31wFYMn2wKufYy+3or73zE45Hzo/lBStI/U6Mkn5jBEsOErNZlAD0zt8Pa +Jw6szEK2r9IXeuv++S4ASxduOZJVQo0NIwjt3AvP/J7TenJ52FawBKM5Qx8UsC/s +cqk0SlLYRCK98dFRc5GEYVXH9WgFeJqVz/Syc73WDzrspF0G0xKIyCst80pQvAlH +wwIDAQABo1MwUTAdBgNVHQ4EFgQUDKT/J+566qUX9mufxvdWiG6o24IwHwYDVR0j +BBgwFoAUDKT/J+566qUX9mufxvdWiG6o24IwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAaJ+oOp8rHoIEt5qCuoNKb/VlR8sX7YpzfqLb+6W0QoKP +KQjHMVi2z+uwMPjCjJSSm0AYVVVAWcWI/kIW7WJ9vaFQVuutWLF00xL/yYgFcG25 +3qML8BBncHanD6EXanRXoPE/aLXnEgOHYNhg/z94hQ2JNn97UpECbzzQBqPHTC8C +CcmZXM6slYYqoylZIOqU28d7Xo6ElJEQ7AxObwMaCUXid5rUceDwZSi+9OG49kmE +Q9MNZ+d4WSnarZLHAEQh/4bdBVUln5h4l2fqQrQLDMUj2oXPwRxXk57AW+zLFtrS +lC552wbWza6IIf8SJZDy8q47/WfKD1YDmy0NfFZxEf+ZG/7zh5fjm1qlKVoAjxI9 +quG+wK27rhMn6Ddo/DDpQ7+VaszZP+TZol5Hifda3cOPoTpoA/n77L/iVynGXtD8 +dhfAfVqRWhR3JgrQWmOyJ2SAc6Z1Ao68qBG+q9HXdIPjKS3Pj/EexMMVL0Qfbtfz +y26ZSlgQPSc9qmKcAYb9babzdf8ioq0f0UheM4QW0g4u5/TNpa+QcSCmdp5GfqMb +eeCXzExsrvcCUp0bPiXwLYCLYTZNgYW2wMsQVJDmlZuTTWikEcPG6QJYgMUPGyCH +UsAua3te00Dj9ikR8bMaXJc9ZEFPZzLyz1IbDyiRfBLVCKX+dH3VXQ7l0BnBmB8= +-----END CERTIFICATE----- diff --git a/config.docker-dev/docker/imap-legacy/kolab.hosted.com.key b/config.docker-dev/docker/imap-legacy/kolab.hosted.com.key new file mode 100644 index 00000000..3dcac097 --- /dev/null +++ b/config.docker-dev/docker/imap-legacy/kolab.hosted.com.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAsS/OOIkDFE1+N2FkPlP3g4HOc9JDCBXz2soZC+VBYJnn2fM8 +IouRMCuyri3dDSuKhSiThUUZKYS1gGLoRHpu4320aq8XCrmXcmOu6RFiJVXv/YWv +UWgGthE/brcq3nRZOTMIELo0AN+3KXikRWUPemBYWbRhh9e8frG3mUH1EOkMKMXX +OGQxY9bUOFgoIUx0pUSCOFShAOj0cgQY1MmC6wo8gVYo4qles2/v+W4h8W+QobQ3 +Hg/oLQFqxkaUB7NlrEh9TLOxW0/EtrF0+W4NQTWWUUq3C5i2g+thjpm8YhtVd6lP +oid9dRcLFFaOsTH7ipnDyOV+QQtmrUHtc1kc38jNO+s/urwbFI4nvbJM/NQmPONT +yoMf+lT3gqRE2L9pGmKnUugEnVVSr/1BVNkwG8FKaaNqw9dID2lR+LYUwzh+vGec +Feck3lkic5+yqo/CCy0OnBD1q9b16lw54q9GxQ4aaa6sDJA8W2djZFSPYCDrGXBC +MryVef/aY03WyljwlKwQ14iQJck8feTPwfVCvYffGYsZ6TnAxmNoDYRolkhgDZV5 +4XyK6a2tN6L9hl5hZ80ns95h+b6r7n0WbxHAZg1v1VHVQA4dm5ulFRwH640q5a50 +iBD0TKZclidFcMhu1FLI6ZPNUNT1P1kppDMqOWp/6cL8V2E4wDpvglYUdZMCAwEA +AQKCAgACxLx0Ja/moU9Xji4Cy00SwPR42tAxUCZ/RKkfhnV/DOiSfzpxT7z1A7nG +/vB1RDjl27xyWKIMBAbR+rmmWENjSpOHFzVE9aFoKCaTfbIK40zcqToUC4wPTDWx +hSsmTqsWObXmjQJDATvbagcnDm0vfFHlFOxxMu2/DQfRXTZ3DS0jdfPm7anX5YNr +XfVCj+9Cpc9jEe9yFDG9llLNAFkLUx2e57m70Omp5BXbz9y36QZZgHdcAOOf0GXa +sz+c3zC3gGp0yFn9E0H/mMY7H30Vh8DRhFlX1QsFBKiBkeVfow2y0PJtljBfo/yI +VNHl8uH7SGvGt89BNOxlyKHtK3dIASx3z2E+hJMHIVrxReJS1ySf+cnhfONkCx6g +R+HcvD9dMyJtpyrTQmFsVaYBXWoJMYoRuEbXtYT7JwA2PWPcSr66J8S3WrkbbrWW +pI8gHofJrz63AJ7l3Da/90hNCrqd6AzlLmaK3q2Ev2Fd0sLrQ6a3fnZDyyLZwUyv +0IHwR1lnzLUHGh4QevMTOmU3aqUYt+dCXSG8uD9U3N0SFTpAE5q/AcQJciqxcdqW +J0kWfwVHA7OQIgGFdCk9ZbL/uOrUQ+3yPBJwbYaHk9GXkEekolEmbg2ZcUJ1fql+ +vX2prJkb7Zy4F5CiI5hBaI/VS5Fb3ysCqT+lExsMJXsbN+BgAQKCAQEA6QnAWhfT +gHMgoaPlDweDMKf3mNxhKXgACEopOo/yfZhCoSF1rwGA3c/1m4afFZzVT94m0XUt +/pJkQVCFmGapBVqfUUQZ15VVA6D0pOTs6LoryIUgkRm3H+wQl/IRWXm4iZU/Jx8z +5WSf6EX2l/DAv8SMGUOC3+HeIrJB5Vlew0JTBjeFTNNVkS7pJHDh3g68RsVn3OhA +k0koDZiZqsDiE3/m9c2CQ9rrSM2o9g2w2zsr5Zbn5JW1xYqdttJFnAdoj8E+SCaK +2uzvQ4JlIbMLT+QZxF/fjfcPZ0BxeAmQ74Y3tCrVjwE1zd/o0p8H6/IfNAPxCrUg +PvtqApI7kslNdwKCAQEAwqU8muRtx0UG0/8wbl9LRaB9sACXqG++rAJ/ySu+usp7 +IZ2q0uSBKlcMnST06LmfjJtyO9GWwYmAKSojtyeujGLjdqA0M3H/YUAocVySPQ3R +om/rqmJV7+LOQja8k+Lj2dHbtJ6HXL7gRZYgtG8dvKfEC44fgwpi04vaHA05Q0J4 +HqRecnIp9yoJYkJsIBMqARsglSsyJ3RXSVO3RpJgvit/fumRq6cXQd2ONSBjfDS5 +qOvWlWJmjXTtCirOexWxzSEMiIOVNXNlwdfXgoelv9ScHRLIzAOM91zK8CIVSDZ6 +8HSm8p2t+HwWUjslbY4+FMODp7OicjWGFg0aBGUvxQKCAQB5EoDmDdTrumSsthru +mQeWwt2HhI/SXK8fn3AWJe1lRTLwxhJ/TvelxkKjf+is8ON+cDuYvRmdVm9R48TU +7hlIV9HIBeqrL8GQdhJEjU9shjTzI/9Mg6C5rAre9nv/EZdHm8vIxpROzN2rbpX0 +ULfDqhjjk0iuiom/Wv+TacArEA1UgIn35SBioo2sSh1/Iga9ehhBFEVggDSYA71q +knWijePvtsrD+DwfggITe/9zlyVyTdnCz+k1bZQNBOf3bX3smgiCscuYfFq+p0Nl +o8Dvy+F7PhhGiKJvEXMiW036s6/DIjH77zQF9xveOZODCTMe8iFMX9gWAMcN+O2M +kJt3AoIBAQCxPPz+ndpIhVY+XDShjCxibk2EokV2nqokvvHVIPw/4nhUl9kgx+nF +wBZAUZKhB8V8p19RkPuRp78HvNNgx8VtF+6/6gkef0NoLp+k+gI/jgHBw9/3+ir+ +kKv4Jxd4IjYP9cP1qBTiIvzc4GNPaY7OZoVhcDzJef+bWdF1kaT+1dvDKzDFTadg +5Oo+ivUiD9FDyIvWyMqWmp2Qq6ZLoKZvA/TIf66hezj2RORlA+UTCH+2jWmMBVoU +nM/rXic+dPa+LsXW2NpZHYcfB4e52ALZtqOg5aXp/6Gw7NHt71spslIn+lC6w1HS +3ksE/c6K/+cPyShs4GmfTZWXJr72GZ1xAoIBAAK7gQb3/WCQpTiPh/v7Qnl6hQZD +y+T8fprWBXskU5A7NbIE44DdltPe4LLsVMHpNlqRpYCz+3bHTmPDHd+IHJHZm9Ik +4gUXjPMzzkF9qQ2lyNWvnH2bHlSeHUg/3ZCXpmc8l0pmAeRxhOxzBaFgjt8N3Z5n +FIc25xJ9ki3stySf6baWmTWFscCFn8eBJrQ8mNLXpBM2iXM1e5D8Bu2VZK6nJGtz +QCChvsHspsTmRsGvemBk27gkvKAG0K8u84T5XBRwog7MWx8XThVqNcns6kejeYQs +CNRvuLj7gEQwMPzW2p/tLbSU82oDKQTICeyPwfS/fMl/6NYRaTdABc6KIME= +-----END RSA PRIVATE KEY----- diff --git a/config.docker-dev/docker/imap-legacy/saslauthd.conf b/config.docker-dev/docker/imap-legacy/saslauthd.conf new file mode 100644 index 00000000..2bfbc097 --- /dev/null +++ b/config.docker-dev/docker/imap-legacy/saslauthd.conf @@ -0,0 +1,4 @@ +httpform_host: services.kolab.local +httpform_port: 8000 +httpform_uri: /api/webhooks/cyrus-sasl/ +httpform_data: %u %r %p diff --git a/config.docker-dev/docker/imap-mupdate/Dockerfile b/config.docker-dev/docker/imap-mupdate/Dockerfile new file mode 100644 index 00000000..94b91dd9 --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/Dockerfile @@ -0,0 +1,81 @@ +FROM almalinux:8 + +LABEL maintainer="contact@apheleia-it.ch" +LABEL dist=centos8 +LABEL tier=${TIER} + +ENV SYSTEMD_PAGER='' +ENV DISTRO=centos8 +ENV LANG=en_US.utf8 +ENV LC_ALL=en_US.utf8 + +# Add EPEL. +RUN dnf -y install dnf-plugin-config-manager && \ + dnf config-manager --set-enabled powertools && \ + dnf -y install epel-release && \ + dnf -y module enable 389-ds:1.4/default && \ + dnf -y module enable mariadb:10.3 && \ + dnf -y install iputils vim-enhanced bind-utils && \ + dnf clean all +RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 + +# Install kolab +RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \ + rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8.rpm +RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \ + dnf config-manager --enable kolab-16-testing &&\ + dnf -y --setopt tsflags= install patch &&\ + dnf clean all + +RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : + +WORKDIR /root/ + +RUN dnf -y install git +RUN dnf -y group install "Development Tools" +RUN git clone https://github.com/cmollekopf/cyrus-imapd + +RUN dnf -y install autoconf automake bison cyrus-sasl-devel flex gcc gperf jansson-devel libbsd-devel libtool libicu-devel libuuid-devel openssl-devel pkgconfig sqlite-devel brotli-devel libical-devel libxml2-devel libnghttp2-devel shapelib zlib-devel pcre-devel + +RUN dnf -y install perl-devel +RUN dnf -y install cyrus-imapd cyrus-sasl cyrus-sasl-plain +# wslay-devel +#libchardet-devel + # cld2-devel + # +COPY cyrus.conf /etc/cyrus.conf +COPY imapd.conf /etc/imapd.conf +COPY imapd.annotations.conf /etc/imapd.annotations.conf +COPY saslauthd.conf /etc/saslauthd.conf + +ARG IMAP_ADMIN_LOGIN +ARG IMAP_ADMIN_PASSWORD +RUN sed -i -r \ + -e "s|IMAP_ADMIN_LOGIN|$IMAP_ADMIN_LOGIN|g" \ + -e "s|IMAP_ADMIN_PASSWORD|$IMAP_ADMIN_PASSWORD|g" \ + /etc/imapd.conf + +RUN cd cyrus-imapd && \ + git checkout dev/kolab-3.6 && \ + autoreconf -i && \ + ./configure CFLAGS="-W -Wno-unused-parameter -g -O0 -Wall -Wextra -Werror -fPIC" --enable-murder --enable-http --enable-calalarmd --enable-autocreate --enable-idled --with-openssl=yes --prefix=/usr && \ + make -j6 && \ + make install + +COPY cyrus-imapd.service /etc/systemd/system/cyrus-imapd.service + + +# RUN useradd -g mail cyrus + +ADD kolab.hosted.com.cert /etc/pki/tls/certs/kolab.hosted.com.cert +ADD kolab.hosted.com.chain.pem /etc/pki/tls/certs/kolab.hosted.com.chain.pem +ADD kolab.hosted.com.key /etc/pki/tls/certs/kolab.hosted.com.key +RUN mkdir -p /etc/pki/cyrus-imapd/ && cat /etc/pki/tls/certs/kolab.hosted.com.cert /etc/pki/tls/certs/kolab.hosted.com.chain.pem /etc/pki/tls/certs/kolab.hosted.com.key > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem && \ + chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + +RUN sed -i "s/MECH=.*/MECH=httpform/" /etc/sysconfig/saslauthd +RUN systemctl enable cyrus-imapd && systemctl enable saslauthd + +CMD ["/lib/systemd/systemd"] + +EXPOSE 143/tcp 993/tcp 80/tcp 443/tcp diff --git a/config.docker-dev/docker/imap-mupdate/cyrus-imapd-init.service b/config.docker-dev/docker/imap-mupdate/cyrus-imapd-init.service new file mode 100644 index 00000000..07909aa7 --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/cyrus-imapd-init.service @@ -0,0 +1,12 @@ +[Unit] +Description=One-time configuration for cyrus-imapd + +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd.pem +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-key.pem +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-ca.pem + +[Service] +Type=oneshot +Group=mail +RemainAfterExit=no +ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem --cert-key-mode=0640 diff --git a/config.docker-dev/docker/imap-mupdate/cyrus-imapd.service b/config.docker-dev/docker/imap-mupdate/cyrus-imapd.service new file mode 100644 index 00000000..72ae96f1 --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/cyrus-imapd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Cyrus-imapd IMAP/POP3 email server +After=local-fs.target network-online.target + +#Requires=cyrus-imapd-init.service +#After=cyrus-imapd-init.service + +[Service] +Type=simple +#EnvironmentFile=/etc/sysconfig/cyrus-imapd +#ExecStart=/usr/libexec/cyrus-imapd/cyrus-master $CYRUSOPTIONS +ExecStart=/usr/libexec/master +PrivateTmp=true + +# Cyrus may spawn many processes in normal operation. These figures are higher +# than the defaults, but may still need to be tuned for your local +# configuration. +TasksMax=2048 +LimitNOFILE=16384 + +[Install] +WantedBy=multi-user.target diff --git a/config.docker-dev/docker/imap-mupdate/cyrus.conf b/config.docker-dev/docker/imap-mupdate/cyrus.conf new file mode 100644 index 00000000..0ba160d3 --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/cyrus.conf @@ -0,0 +1,13 @@ +START { + # do not delete this entry! + recover cmd="ctl_cyrusdb -r" +} + +SERVICES { + mupdate cmd="mupdate -m" listen=3905 prefork=1 +} + +EVENTS { + # this is required + checkpoint cmd="ctl_cyrusdb -c" period="30" +} diff --git a/config.docker-dev/docker/imap-mupdate/imapd.annotations.conf b/config.docker-dev/docker/imap-mupdate/imapd.annotations.conf new file mode 100644 index 00000000..3b03bfad --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/imapd.annotations.conf @@ -0,0 +1,11 @@ +/vendor/kolab/activesync,mailbox,string,backend,value.priv,r +/vendor/kolab/color,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/displayname,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-test,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-type,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/incidences-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/pxfb-readable-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/uniqueid,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/h-share-attr-desc,mailbox,string,backend,value.shared value.priv,a +/vendor/horde/share-params,mailbox,string,backend,value.shared value.priv,a +/vendor/x-toltec/test,mailbox,string,backend,value.shared value.priv,a diff --git a/config.docker-dev/docker/imap-mupdate/imapd.conf b/config.docker-dev/docker/imap-mupdate/imapd.conf new file mode 100644 index 00000000..367d5704 --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/imapd.conf @@ -0,0 +1,64 @@ +servername: imap-mupdate +configdirectory: /var/lib/imap +defaultpartition: default +partition-default: /var/spool/imap/ +annotation_definitions: /etc/imapd.annotations.conf + +autocreate_quota: 5242880 + +idlesocket: /var/lib/imap/socket/idle +disable_shared_namespace: 1 +disable_user_namespace: 1 +duplicate_db_path: /var/lib/imap/deliver.db +mboxname_lockpath: /var/lib/imap/lock +proc_path: /var/lib/imap/proc +# Apparently does not work +##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db +statuscache_db_path: /var/lib/imap/statuscache.db +temp_path: /tmp +tls_sessions_db_path: /run/cyrus/db/tls_sessions.db + +admins: IMAP_ADMIN_LOGIN +sasl_pwcheck_method: saslauthd +sasl_mech_list: PLAIN LOGIN +allowplaintext: yes + +lmtp_over_quota_perm_failure: 1 + +tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + +tls_client_certs: off + +tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES + +tls_prefer_server_ciphers: 1 +sieve_tls_versions: tls1_0 tls1_1 tls1_2 +tls_versions: tls1_3 + +unixhierarchysep: 1 +virtdomains: userid +sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date +allowallsubscribe: 0 +anyoneuseracl: 0 +allowusermoves: 1 +altnamespace: 1 +disconnect_on_vanished_mailbox: 1 +hashimapspool: 1 +anysievefolder: 1 +fulldirhash: 0 +sieve_maxscripts: 150 +sieve_maxscriptsize: 128 +sieveusehomedir: 0 +sieve_allowreferrals: 0 +sieve_utf8fileinto: 1 +lmtp_downcase_rcpt: 1 +lmtp_fuzzy_mailbox_match: 1 +username_tolower: 1 +deletedprefix: DELETED +delete_mode: delayed +expunge_mode: delayed +postuser: shared +tcp_keepalive: 1 + +syslog_prefix: cyrus-imapd diff --git a/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.cert b/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.cert new file mode 100644 index 00000000..8f8a52a2 --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw +MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi +Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 +iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF +RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ +ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 +VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M +s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI +5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS +6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c +EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX +iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez +3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp +k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS +ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f +rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B +jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 +8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA +Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO +6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs +kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ +2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 +Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj +RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl +FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd +GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== +-----END CERTIFICATE----- diff --git a/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.chain.pem b/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.chain.pem new file mode 100644 index 00000000..13e8193d --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.chain.pem @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw +MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi +Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 +iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF +RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ +ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 +VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M +s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI +5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS +6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c +EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX +iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez +3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp +k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS +ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f +rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B +jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 +8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA +Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO +6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs +kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ +2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 +Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj +RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl +FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd +GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFCzCCAvOgAwIBAgIUEvYwMxnGZGbpNdlgadZ/BTZhQaswDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMDEyMjkxODU0MDdaFw0zMDEy +MjcxODU0MDdaMBUxEzARBgNVBAoMCkV4YW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDHK/c0eG4e1/cAIHmfPKQkt3p+P2+nsXypGEKTNoHj +77vUZzuyafnO+dSW3pHVw1UV1T28a+SWdpC2DCSxD/2JQ0upybilZVRWTuL6AZjC +iIV2yyd662H39/IJz3aQuHMwbgRM4ISzoODqUMWcAUhIYEJcXwG8FYDAhgNbW1sq +DTnnpJmeD87F8mZS4cOz+dZ1bcAkaqGNye4oLjlnkvRmsUMnHeLMhS0I7R0aeca1 +xq/8CnZApnUrHHYiVPhEZqz78/lUlNIb2Gu5U0buhGoQDpeLHpeJmTdFOxtHXic4 +pGczJiEPgpPMECCiPQu6kmerm6/85v10jQNwcQZOvYbpKrow26RRyPV92QfLY5uS +Cnxq51cjefXcRNAs47rBSsJ3ZnLJcTF1BpD69ckPUDobg7vNGwtpMtmi+xyCOxYb +M03v4GyCvEXIQHm6oafcu6yoGPRGH9eR7qrrYA9+laMZFuKhdXxcXPXUgQufL6U6 +cnGIG+31wFYMn2wKufYy+3or73zE45Hzo/lBStI/U6Mkn5jBEsOErNZlAD0zt8Pa +Jw6szEK2r9IXeuv++S4ASxduOZJVQo0NIwjt3AvP/J7TenJ52FawBKM5Qx8UsC/s +cqk0SlLYRCK98dFRc5GEYVXH9WgFeJqVz/Syc73WDzrspF0G0xKIyCst80pQvAlH +wwIDAQABo1MwUTAdBgNVHQ4EFgQUDKT/J+566qUX9mufxvdWiG6o24IwHwYDVR0j +BBgwFoAUDKT/J+566qUX9mufxvdWiG6o24IwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAaJ+oOp8rHoIEt5qCuoNKb/VlR8sX7YpzfqLb+6W0QoKP +KQjHMVi2z+uwMPjCjJSSm0AYVVVAWcWI/kIW7WJ9vaFQVuutWLF00xL/yYgFcG25 +3qML8BBncHanD6EXanRXoPE/aLXnEgOHYNhg/z94hQ2JNn97UpECbzzQBqPHTC8C +CcmZXM6slYYqoylZIOqU28d7Xo6ElJEQ7AxObwMaCUXid5rUceDwZSi+9OG49kmE +Q9MNZ+d4WSnarZLHAEQh/4bdBVUln5h4l2fqQrQLDMUj2oXPwRxXk57AW+zLFtrS +lC552wbWza6IIf8SJZDy8q47/WfKD1YDmy0NfFZxEf+ZG/7zh5fjm1qlKVoAjxI9 +quG+wK27rhMn6Ddo/DDpQ7+VaszZP+TZol5Hifda3cOPoTpoA/n77L/iVynGXtD8 +dhfAfVqRWhR3JgrQWmOyJ2SAc6Z1Ao68qBG+q9HXdIPjKS3Pj/EexMMVL0Qfbtfz +y26ZSlgQPSc9qmKcAYb9babzdf8ioq0f0UheM4QW0g4u5/TNpa+QcSCmdp5GfqMb +eeCXzExsrvcCUp0bPiXwLYCLYTZNgYW2wMsQVJDmlZuTTWikEcPG6QJYgMUPGyCH +UsAua3te00Dj9ikR8bMaXJc9ZEFPZzLyz1IbDyiRfBLVCKX+dH3VXQ7l0BnBmB8= +-----END CERTIFICATE----- diff --git a/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.key b/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.key new file mode 100644 index 00000000..3dcac097 --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/kolab.hosted.com.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAsS/OOIkDFE1+N2FkPlP3g4HOc9JDCBXz2soZC+VBYJnn2fM8 +IouRMCuyri3dDSuKhSiThUUZKYS1gGLoRHpu4320aq8XCrmXcmOu6RFiJVXv/YWv +UWgGthE/brcq3nRZOTMIELo0AN+3KXikRWUPemBYWbRhh9e8frG3mUH1EOkMKMXX +OGQxY9bUOFgoIUx0pUSCOFShAOj0cgQY1MmC6wo8gVYo4qles2/v+W4h8W+QobQ3 +Hg/oLQFqxkaUB7NlrEh9TLOxW0/EtrF0+W4NQTWWUUq3C5i2g+thjpm8YhtVd6lP +oid9dRcLFFaOsTH7ipnDyOV+QQtmrUHtc1kc38jNO+s/urwbFI4nvbJM/NQmPONT +yoMf+lT3gqRE2L9pGmKnUugEnVVSr/1BVNkwG8FKaaNqw9dID2lR+LYUwzh+vGec +Feck3lkic5+yqo/CCy0OnBD1q9b16lw54q9GxQ4aaa6sDJA8W2djZFSPYCDrGXBC +MryVef/aY03WyljwlKwQ14iQJck8feTPwfVCvYffGYsZ6TnAxmNoDYRolkhgDZV5 +4XyK6a2tN6L9hl5hZ80ns95h+b6r7n0WbxHAZg1v1VHVQA4dm5ulFRwH640q5a50 +iBD0TKZclidFcMhu1FLI6ZPNUNT1P1kppDMqOWp/6cL8V2E4wDpvglYUdZMCAwEA +AQKCAgACxLx0Ja/moU9Xji4Cy00SwPR42tAxUCZ/RKkfhnV/DOiSfzpxT7z1A7nG +/vB1RDjl27xyWKIMBAbR+rmmWENjSpOHFzVE9aFoKCaTfbIK40zcqToUC4wPTDWx +hSsmTqsWObXmjQJDATvbagcnDm0vfFHlFOxxMu2/DQfRXTZ3DS0jdfPm7anX5YNr +XfVCj+9Cpc9jEe9yFDG9llLNAFkLUx2e57m70Omp5BXbz9y36QZZgHdcAOOf0GXa +sz+c3zC3gGp0yFn9E0H/mMY7H30Vh8DRhFlX1QsFBKiBkeVfow2y0PJtljBfo/yI +VNHl8uH7SGvGt89BNOxlyKHtK3dIASx3z2E+hJMHIVrxReJS1ySf+cnhfONkCx6g +R+HcvD9dMyJtpyrTQmFsVaYBXWoJMYoRuEbXtYT7JwA2PWPcSr66J8S3WrkbbrWW +pI8gHofJrz63AJ7l3Da/90hNCrqd6AzlLmaK3q2Ev2Fd0sLrQ6a3fnZDyyLZwUyv +0IHwR1lnzLUHGh4QevMTOmU3aqUYt+dCXSG8uD9U3N0SFTpAE5q/AcQJciqxcdqW +J0kWfwVHA7OQIgGFdCk9ZbL/uOrUQ+3yPBJwbYaHk9GXkEekolEmbg2ZcUJ1fql+ +vX2prJkb7Zy4F5CiI5hBaI/VS5Fb3ysCqT+lExsMJXsbN+BgAQKCAQEA6QnAWhfT +gHMgoaPlDweDMKf3mNxhKXgACEopOo/yfZhCoSF1rwGA3c/1m4afFZzVT94m0XUt +/pJkQVCFmGapBVqfUUQZ15VVA6D0pOTs6LoryIUgkRm3H+wQl/IRWXm4iZU/Jx8z +5WSf6EX2l/DAv8SMGUOC3+HeIrJB5Vlew0JTBjeFTNNVkS7pJHDh3g68RsVn3OhA +k0koDZiZqsDiE3/m9c2CQ9rrSM2o9g2w2zsr5Zbn5JW1xYqdttJFnAdoj8E+SCaK +2uzvQ4JlIbMLT+QZxF/fjfcPZ0BxeAmQ74Y3tCrVjwE1zd/o0p8H6/IfNAPxCrUg +PvtqApI7kslNdwKCAQEAwqU8muRtx0UG0/8wbl9LRaB9sACXqG++rAJ/ySu+usp7 +IZ2q0uSBKlcMnST06LmfjJtyO9GWwYmAKSojtyeujGLjdqA0M3H/YUAocVySPQ3R +om/rqmJV7+LOQja8k+Lj2dHbtJ6HXL7gRZYgtG8dvKfEC44fgwpi04vaHA05Q0J4 +HqRecnIp9yoJYkJsIBMqARsglSsyJ3RXSVO3RpJgvit/fumRq6cXQd2ONSBjfDS5 +qOvWlWJmjXTtCirOexWxzSEMiIOVNXNlwdfXgoelv9ScHRLIzAOM91zK8CIVSDZ6 +8HSm8p2t+HwWUjslbY4+FMODp7OicjWGFg0aBGUvxQKCAQB5EoDmDdTrumSsthru +mQeWwt2HhI/SXK8fn3AWJe1lRTLwxhJ/TvelxkKjf+is8ON+cDuYvRmdVm9R48TU +7hlIV9HIBeqrL8GQdhJEjU9shjTzI/9Mg6C5rAre9nv/EZdHm8vIxpROzN2rbpX0 +ULfDqhjjk0iuiom/Wv+TacArEA1UgIn35SBioo2sSh1/Iga9ehhBFEVggDSYA71q +knWijePvtsrD+DwfggITe/9zlyVyTdnCz+k1bZQNBOf3bX3smgiCscuYfFq+p0Nl +o8Dvy+F7PhhGiKJvEXMiW036s6/DIjH77zQF9xveOZODCTMe8iFMX9gWAMcN+O2M +kJt3AoIBAQCxPPz+ndpIhVY+XDShjCxibk2EokV2nqokvvHVIPw/4nhUl9kgx+nF +wBZAUZKhB8V8p19RkPuRp78HvNNgx8VtF+6/6gkef0NoLp+k+gI/jgHBw9/3+ir+ +kKv4Jxd4IjYP9cP1qBTiIvzc4GNPaY7OZoVhcDzJef+bWdF1kaT+1dvDKzDFTadg +5Oo+ivUiD9FDyIvWyMqWmp2Qq6ZLoKZvA/TIf66hezj2RORlA+UTCH+2jWmMBVoU +nM/rXic+dPa+LsXW2NpZHYcfB4e52ALZtqOg5aXp/6Gw7NHt71spslIn+lC6w1HS +3ksE/c6K/+cPyShs4GmfTZWXJr72GZ1xAoIBAAK7gQb3/WCQpTiPh/v7Qnl6hQZD +y+T8fprWBXskU5A7NbIE44DdltPe4LLsVMHpNlqRpYCz+3bHTmPDHd+IHJHZm9Ik +4gUXjPMzzkF9qQ2lyNWvnH2bHlSeHUg/3ZCXpmc8l0pmAeRxhOxzBaFgjt8N3Z5n +FIc25xJ9ki3stySf6baWmTWFscCFn8eBJrQ8mNLXpBM2iXM1e5D8Bu2VZK6nJGtz +QCChvsHspsTmRsGvemBk27gkvKAG0K8u84T5XBRwog7MWx8XThVqNcns6kejeYQs +CNRvuLj7gEQwMPzW2p/tLbSU82oDKQTICeyPwfS/fMl/6NYRaTdABc6KIME= +-----END RSA PRIVATE KEY----- diff --git a/config.docker-dev/docker/imap-mupdate/saslauthd.conf b/config.docker-dev/docker/imap-mupdate/saslauthd.conf new file mode 100644 index 00000000..2bfbc097 --- /dev/null +++ b/config.docker-dev/docker/imap-mupdate/saslauthd.conf @@ -0,0 +1,4 @@ +httpform_host: services.kolab.local +httpform_port: 8000 +httpform_uri: /api/webhooks/cyrus-sasl/ +httpform_data: %u %r %p diff --git a/config.docker-dev/src/.env b/config.docker-dev/src/.env new file mode 100644 index 00000000..c5650560 --- /dev/null +++ b/config.docker-dev/src/.env @@ -0,0 +1,174 @@ +APP_NAME=Kolab +APP_ENV=local +APP_KEY= +APP_DEBUG=true +APP_URL=https://{{ host }} +APP_PASSPHRASE=simple123 +APP_PUBLIC_URL=https://{{ host }} +APP_DOMAIN={{ host }} +APP_WEBSITE_DOMAIN={{ host }} +APP_THEME=default +APP_TENANT_ID=5 +APP_LOCALE=en +APP_LOCALES= + +APP_WITH_ADMIN=1 +APP_WITH_RESELLER=1 +APP_WITH_SERVICES=1 +APP_WITH_FILES=1 + +APP_LDAP=1 +APP_IMAP=1 + +APP_HEADER_CSP="connect-src 'self'; child-src 'self'; font-src 'self'; form-action 'self' data:; frame-ancestors 'self'; img-src blob: data: 'self' *; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'self';" +APP_HEADER_XFO=sameorigin + +SIGNUP_LIMIT_EMAIL=0 +SIGNUP_LIMIT_IP=0 + +ASSET_URL=https://{{ host }} + +WEBMAIL_URL=/roundcubemail/ +SUPPORT_URL=/support +SUPPORT_EMAIL=support@example.com + +LOG_CHANNEL=stdout +LOG_SLOW_REQUESTS=5 +LOG_DEPRECATIONS_CHANNEL=null +LOG_LEVEL=debug + +DB_CONNECTION=mysql +DB_DATABASE=kolabdev +DB_HOST=mariadb +DB_PASSWORD=kolab +DB_ROOT_PASSWORD=Welcome2KolabSystems +DB_PORT=3306 +DB_USERNAME=kolabdev + +BROADCAST_DRIVER=redis +CACHE_DRIVER=redis + +QUEUE_CONNECTION=redis + +SESSION_DRIVER=file +SESSION_LIFETIME=120 + +OPENEXCHANGERATES_API_KEY="from openexchangerates.org" + +MFA_DSN=mysql://roundcube:kolab@mariadb/roundcube +MFA_TOTP_DIGITS=6 +MFA_TOTP_INTERVAL=30 +MFA_TOTP_DIGEST=sha1 + +IMAP_URI=ssl://imap-frontend:993 +IMAP_HOST=172.18.0.21 +IMAP_PORT=143 +IMAP_ADMIN_LOGIN=cyrus-admin +IMAP_ADMIN_PASSWORD=Welcome2KolabSystems +IMAP_VERIFY_HOST=false +IMAP_VERIFY_PEER=false + +LDAP_BASE_DN="dc=mgmt,dc=com" +LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com" +LDAP_HOSTS=ldap +LDAP_PORT=389 +LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com" +LDAP_SERVICE_BIND_PW="Welcome2KolabSystems" +LDAP_USE_SSL=false +LDAP_USE_TLS=false + +# Administrative +LDAP_ADMIN_BIND_DN="cn=Directory Manager" +LDAP_ADMIN_BIND_PW="Welcome2KolabSystems" +LDAP_ADMIN_ROOT_DN="dc=mgmt,dc=com" + +# Hosted (public registration) +LDAP_HOSTED_BIND_DN="uid=hosted-kolab-service,ou=Special Users,dc=mgmt,dc=com" +LDAP_HOSTED_BIND_PW="Welcome2KolabSystems" +LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com" + +COTURN_PUBLIC_IP='{{ public_ip }}' +COTURN_STATIC_SECRET="Welcome2KolabSystems" + +MEET_WEBHOOK_TOKEN=Welcome2KolabSystems +MEET_SERVER_TOKEN=Welcome2KolabSystems +MEET_SERVER_URLS=https://{{ host }}/meetmedia/api/ +MEET_SERVER_VERIFY_TLS=false + +MEET_WEBRTC_LISTEN_IP='172.18.0.1' +MEET_PUBLIC_DOMAIN={{ host }} +MEET_TURN_SERVER='turn:172.18.0.1:3478' +MEET_LISTENING_HOST=172.18.0.1 + +PGP_ENABLE=true +PGP_BINARY=/usr/bin/gpg +PGP_AGENT=/usr/bin/gpg-agent +PGP_GPGCONF=/usr/bin/gpgconf +PGP_LENGTH= + +# Set these to IP addresses you serve WOAT with. +# Have the domain owner point _woat. NS RRs refer to ns0{1,2}. +WOAT_NS1=ns01.domain.tld +WOAT_NS2=ns02.domain.tld + +REDIS_HOST=redis +REDIS_PASSWORD=null +REDIS_PORT=6379 + +OCTANE_HTTP_HOST=0.0.0.0 +SWOOLE_PACKAGE_MAX_LENGTH=10485760 + +PAYMENT_PROVIDER= + +MAIL_DRIVER=log +MAIL_MAILER=smtp +MAIL_HOST=smtp.mailtrap.io +MAIL_PORT=2525 +MAIL_USERNAME=null +MAIL_PASSWORD=null +MAIL_ENCRYPTION=null +MAIL_FROM_ADDRESS="noreply@example.com" +MAIL_FROM_NAME="Example.com" +MAIL_REPLYTO_ADDRESS="replyto@example.com" +MAIL_REPLYTO_NAME=null + +DNS_TTL=3600 +DNS_SPF="v=spf1 mx -all" +DNS_STATIC="%s. MX 10 ext-mx01.mykolab.com." +DNS_COPY_FROM=null + +COMPANY_NAME=kolab.org + +VAT_COUNTRIES=CH,LI +VAT_RATE=7.7 + +KB_ACCOUNT_DELETE= +KB_ACCOUNT_SUSPENDED= +KB_PAYMENT_SYSTEM= + +KOLAB_SSL_CERTIFICATE=/etc/pki/tls/certs/kolab.hosted.com.cert +KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/pki/tls/certs/kolab.hosted.com.chain.pem +KOLAB_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/kolab.hosted.com.key + +PROXY_SSL_CERTIFICATE=/etc/certs/imap.hosted.com.cert +PROXY_SSL_CERTIFICATE_KEY=/etc/certs/imap.hosted.com.key + +APP_KEY=base64:FG6ECzyAMSmyX+eYwO/FW3bwnarbKkBhqtO65vlMb1E= +COTURN_STATIC_SECRET=uzYguvIl9tpZFMuQOE78DpOi6Jc7VFSD0UAnvgMsg5n4e74MgIf6vQvbc6LWzZjz + +MOLLIE_KEY="from mollie" +STRIPE_KEY="from stripe" +STRIPE_PUBLIC_KEY="from stripe" +STRIPE_WEBHOOK_SECRET="from stripe" + +OX_API_KEY="from openexchange" +FIREBASE_API_KEY="from firebase" + +#Generated by php artisan passport:client --password, but can be left hardcoded (the seeder will pick it up) +PASSPORT_PROXY_OAUTH_CLIENT_ID=942edef5-3dbd-4a14-8e3e-d5d59b727bee +PASSPORT_PROXY_OAUTH_CLIENT_SECRET=L6L0n56ecvjjK0cJMjeeV1pPAeffUBO0YSSH63wf + +MINIO_USER=minio +MINIO_PASSWORD=W3lcom32@ph3lia +MINIO_BUCKET=kolab +FILESYSTEM_DISK=minio diff --git a/config.docker-dev/src/database b/config.docker-dev/src/database new file mode 120000 index 00000000..0b1f88e7 --- /dev/null +++ b/config.docker-dev/src/database @@ -0,0 +1 @@ +../../config.prod/src/database/ \ No newline at end of file