boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dovecot Systax Problem

main
boksbc 2025-10-24 13:51:45 +02:00
parent 087a0d3706
commit ef806c4889
2 changed files with 55 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
scripts/40-postfix.sh
View File

@ -35,14 +35,15 @@ fi
/usr/sbin/postconf -e "smtp_tls_security_level = may" /usr/sbin/postconf -e "smtp_tls_security_level = may"
/usr/sbin/postconf -e "smtp_tls_loglevel = 1" /usr/sbin/postconf -e "smtp_tls_loglevel = 1"
# ++ HÄRTUNG: DH-Parameter + ECDHE bevorzugen ++ DH_FILE="/etc/ssl/private/dhparam.pem"
DH_FILE="/etc/ssl/private/dhparams.pem"
if [[ ! -s "$DH_FILE" ]]; then if [[ ! -s "$DH_FILE" ]]; then
openssl dhparam -out "$DH_FILE" 4096 log "Generiere 2048-Bit DH-Parameter …"
openssl dhparam -out "$DH_FILE" 2048
chmod 600 "$DH_FILE" chmod 600 "$DH_FILE"
chown root:root "$DH_FILE" chown root:root "$DH_FILE"
fi fi
/usr/sbin/postconf -e "smtpd_tls_dh1024_param_file = ${DH_FILE}" /usr/sbin/postconf -e "smtpd_tls_dh1024_param_file = ${DH_FILE}"
/usr/sbin/postconf -e "smtpd_tls_dh1024_param_file = ${DH_FILE}"
/usr/sbin/postconf -e "smtpd_tls_eecdh_grade = strong" /usr/sbin/postconf -e "smtpd_tls_eecdh_grade = strong"
/usr/sbin/postconf -e "tls_preempt_cipherlist = yes" /usr/sbin/postconf -e "tls_preempt_cipherlist = yes"

62
scripts/50-dovecot.sh
View File

@ -55,7 +55,6 @@ first_valid_uid = ${VMAIL_UID}
last_valid_uid = ${VMAIL_UID} last_valid_uid = ${VMAIL_UID}
CONF CONF
# Standard-Mailboxen automatisch erstellen/abonnieren
cat > /etc/dovecot/conf.d/15-mailboxes.conf <<'CONF' cat > /etc/dovecot/conf.d/15-mailboxes.conf <<'CONF'
namespace inbox { namespace inbox {
inbox = yes inbox = yes
@ -76,8 +75,6 @@ namespace inbox {
special_use = \Sent special_use = \Sent
auto = subscribe auto = subscribe
} }
# optional: Archive
mailbox Archive { mailbox Archive {
special_use = \Archive special_use = \Archive
auto = create auto = create
@ -90,6 +87,9 @@ cat > /etc/dovecot/conf.d/10-auth.conf <<'CONF'
disable_plaintext_auth = yes disable_plaintext_auth = yes
auth_mechanisms = plain login auth_mechanisms = plain login
!include_try auth-sql.conf.ext !include_try auth-sql.conf.ext
auth_cache_size = 10M
auth_cache_ttl = 1 hour
CONF CONF
# SQL-Anbindung (Passwörter aus App-DB) # SQL-Anbindung (Passwörter aus App-DB)
@ -116,7 +116,26 @@ CONF
chown root:dovecot /etc/dovecot/conf.d/auth-sql.conf.ext chown root:dovecot /etc/dovecot/conf.d/auth-sql.conf.ext
chmod 640 /etc/dovecot/conf.d/auth-sql.conf.ext chmod 640 /etc/dovecot/conf.d/auth-sql.conf.ext
# Master-Services (LMTP + AUTH + IMAP/POP3 Listener v) # ──────────────────────────────────────────────────────────────────────────────
# 3) IMAP Optimierung (iOS/IDLE-freundlich)
# ──────────────────────────────────────────────────────────────────────────────
cat > /etc/dovecot/conf.d/20-imap.conf <<'CONF'
# IMAP-spezifische Einstellungen
imap_idle_notify_interval = 2 mins
imap_hibernate_timeout = 0
protocol imap {
mail_max_userip_connections = 20
imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged}
}
CONF
# ──────────────────────────────────────────────────────────────────────────────
# 4) Master Services (LMTP, AUTH, IMAP, POP3, STATS)
# ──────────────────────────────────────────────────────────────────────────────
cat > /etc/dovecot/conf.d/10-master.conf <<'CONF' cat > /etc/dovecot/conf.d/10-master.conf <<'CONF'
service lmtp { service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp {
@ -131,6 +150,12 @@ service auth {
user = postfix user = postfix
group = postfix group = postfix
} }
unix_listener auth-userdb {
mode = 0660
user = vmail
group = mail
}
process_limit = 1
} }
service imap-login { service imap-login {
inet_listener imap { inet_listener imap {
@ -140,6 +165,10 @@ service imap-login {
port = 993 port = 993
ssl = yes ssl = yes
} }
process_limit = 128
process_min_avail = 10
service_count = 0
vsz_limit = 512M
} }
service pop3-login { service pop3-login {
inet_listener pop3 { inet_listener pop3 {
@ -149,6 +178,8 @@ service pop3-login {
port = 995 port = 995
ssl = yes ssl = yes
} }
process_limit = 50
service_count = 0
} }
CONF CONF
@ -176,7 +207,10 @@ service stats {
} }
CONF CONF
# SSL auf stabile Mail-Pfade zeigen # ──────────────────────────────────────────────────────────────────────────────
# 5) SSL-Konfiguration (ohne DH-Param-Erzeugung)
# ──────────────────────────────────────────────────────────────────────────────
DOVECOT_SSL_CONF="/etc/dovecot/conf.d/10-ssl.conf" DOVECOT_SSL_CONF="/etc/dovecot/conf.d/10-ssl.conf"
touch "$DOVECOT_SSL_CONF" touch "$DOVECOT_SSL_CONF"
grep -q '^ssl\s*=' "$DOVECOT_SSL_CONF" 2>/dev/null || echo "ssl = required" >> "$DOVECOT_SSL_CONF" grep -q '^ssl\s*=' "$DOVECOT_SSL_CONF" 2>/dev/null || echo "ssl = required" >> "$DOVECOT_SSL_CONF"
@ -191,17 +225,23 @@ else
echo "ssl_key = <${MAIL_KEY}" >> "$DOVECOT_SSL_CONF" echo "ssl_key = <${MAIL_KEY}" >> "$DOVECOT_SSL_CONF"
fi fi
grep -q '^ssl_min_protocol' "$DOVECOT_SSL_CONF" || echo "ssl_min_protocol = TLSv1.2" >> "$DOVECOT_SSL_CONF" grep -q '^ssl_min_protocol' "$DOVECOT_SSL_CONF" || echo "ssl_min_protocol = TLSv1.2" >> "$DOVECOT_SSL_CONF"
# Starke Cipher + DH-Params für DHE-Fallback
grep -q '^ssl_prefer_server_ciphers' "$DOVECOT_SSL_CONF" || echo "ssl_prefer_server_ciphers = yes" >> "$DOVECOT_SSL_CONF" grep -q '^ssl_prefer_server_ciphers' "$DOVECOT_SSL_CONF" || echo "ssl_prefer_server_ciphers = yes" >> "$DOVECOT_SSL_CONF"
grep -q '^ssl_dh' "$DOVECOT_SSL_CONF" || echo "ssl_dh = </etc/ssl/private/dhparams.pem" >> "$DOVECOT_SSL_CONF"
# Postfix-Socket-Verzeichnis sicherstellen grep -q '^ssl_dh' "$DOVECOT_SSL_CONF" || echo "ssl_dh = </etc/ssl/private/dhparam.pem" >> "$DOVECOT_SSL_CONF"
# ──────────────────────────────────────────────────────────────────────────────
# 6) Verzeichnisse & Rechte prüfen
# ──────────────────────────────────────────────────────────────────────────────
mkdir -p /var/spool/postfix/private mkdir -p /var/spool/postfix/private
chown root:root /var/spool/postfix chown root:root /var/spool/postfix
chmod 0755 /var/spool/postfix chmod 0755 /var/spool/postfix
chown postfix:postfix /var/spool/postfix/private chown postfix:postfix /var/spool/postfix/private
chmod 0755 /var/spool/postfix/private chmod 0755 /var/spool/postfix/private
# Nur aktivieren Start/Reload später
#systemctl enable dovecot >/dev/null 2>&1 || true # ──────────────────────────────────────────────────────────────────────────────
# 7) Abschluss
# ──────────────────────────────────────────────────────────────────────────────
log "Dovecot-Konfiguration abgeschlossen."