summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Boddie <paul@boddie.org.uk>2014-08-07 12:24:19 (GMT)
committerPaul Boddie <paul@boddie.org.uk>2014-08-07 12:24:19 (GMT)
commit9702ca705cc7e39a19f363cb7e06a218430f4835 (patch)
tree470d33e14c083c44aac69e0f27e4f95fdb5056f4
parent9bc11d27977624991ef69040ad3d14ced9636d7d (diff)
downloadpykolab-9702ca705cc7e39a19f363cb7e06a218430f4835.tar.gz
Tidied mta setup.
Added debconf support.
-rw-r--r--pykolab/setup/setup_mta.py671
1 files changed, 378 insertions, 293 deletions
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 7cd1919..c72b18a 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -1,5 +1,6 @@
# -*- coding: utf-8 -*-
# Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com)
+# Copyright 2013, 2014 Paul Boddie <paul@boddie.org.uk>
#
# Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen a kolabsys.com>
#
@@ -18,10 +19,10 @@
#
from augeas import Augeas
-from Cheetah.Template import Template
-import os
+from subprocess import call
+from os.path import isdir, isfile, join, exists
+from os import mkdir
import shutil
-import subprocess
import components
@@ -29,6 +30,7 @@ import pykolab
from pykolab import utils
from pykolab.constants import *
+from pykolab.setup.services import *
from pykolab.translate import _
log = pykolab.getLogger('pykolab.setup')
@@ -37,27 +39,370 @@ conf = pykolab.getConf()
def __init__():
components.register('mta', execute, description=description(), after=['ldap'])
+def cli_options():
+ postfix_group = conf.add_cli_parser_option_group(_("Postfix Options"))
+
+ postfix_group.add_option(
+ "--reset-postfix-config",
+ dest = "reset_postfix_config",
+ action = "store_true",
+ default = False,
+ help = _("Reset the Postfix configuration.")
+ )
+
def description():
return _("Setup MTA.")
def execute(*args, **kw):
+ # Signal that interaction may occur. This will involve debconf and similar
+ # system-specific mechanisms if available.
+
+ start_interaction("kolab-conf/title-mta")
+ try:
+ _execute(*args, **kw)
+ finally:
+ stop_interaction()
+
+def _execute(*args, **kw):
+
+ # If Postfix is not actually installed, continue under the assumption that
+ # a remote SMTP service will be used.
+
+ smtp_host = conf.get('smtp', 'host')
+
+ if not have_postfix():
+ if not smtp_host:
+ if conf.check_only:
+ utils.setup_status("mta", _("not installed"))
+ else:
+ log.error(_("Postfix not installed."))
+ else:
+ if conf.check_only:
+ utils.setup_status("mta", _("setup done"))
+ return
+
+ # Track the status of the configuration if only checking.
+
+ matching_config = True
+
+ # Establish the main Postfix configuration if necessary.
+ # This should have occurred during package post-installation activities.
+
+ missing_main_config = not isfile('/etc/postfix/main.cf') and isfile('/usr/share/postfix/main.cf.debian')
+ matching_config = matching_config and not missing_main_config
+
+ if missing_main_config and not conf.check_only:
+ shutil.copy(
+ '/usr/share/postfix/main.cf.debian',
+ '/etc/postfix/main.cf'
+ )
+
+ # Access the Postfix configuration.
+
+ myaugeas = Augeas()
+
+ setting_base = '/files/etc/postfix/main.cf/'
+
+ # Configure Postfix.
+
+ prefix = "/etc/postfix/ldap"
+
group_filter = conf.get('ldap','kolab_group_filter')
- if group_filter == None:
+ if group_filter is None:
group_filter = conf.get('ldap','group_filter')
user_filter = conf.get('ldap','kolab_user_filter')
- if user_filter == None:
+ if user_filter is None:
user_filter = conf.get('ldap','user_filter')
- resource_filter = conf.get('ldap', 'resource_filter')
+ server_host = utils.parse_ldap_uri(conf.get('ldap', 'ldap_uri'))[1]
- sharedfolder_filter = conf.get('ldap', 'sharedfolder_filter')
+ definitions = {
+ "base_dn": conf.get('ldap', 'base_dn'),
+ "domain_base_dn": conf.get('ldap', 'domain_base_dn'),
+ "domain_filter": conf.get('ldap', 'domain_filter').replace('*', '%s'),
+ "domain_name_attribute": conf.get('ldap', 'domain_name_attribute'),
+ "group_base_dn": conf.get('ldap', 'group_base_dn'),
+ "server_host": server_host,
+ "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
+ "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
+ "kolab_user_filter": user_filter,
+ "kolab_group_filter": group_filter,
+ "resource_filter": conf.get('ldap', 'resource_filter'),
+ "sharedfolder_filter": conf.get('ldap', 'sharedfolder_filter'),
+ }
- server_host = utils.parse_ldap_uri(conf.get('ldap', 'ldap_uri'))[1]
+ files = [
+ ("local_recipient_maps.cf", local_recipient_maps),
+ ("mydestination.cf", mydestination),
+ ("mailenabled_distgroups.cf", mailenabled_distgroups),
+ ("mailenabled_dynamic_distgroups.cf", mailenabled_dynamic_distgroups),
+ ("transport_maps.cf", transport_maps),
+ ("virtual_alias_maps.cf", virtual_alias_maps),
+ ("virtual_alias_maps_mailforwarding.cf", virtual_alias_maps_mailforwarding),
+ ("virtual_alias_maps_sharedfolders.cf", virtual_alias_maps_sharedfolders),
+ ]
+
+ if not isdir(prefix):
+ mkdir(prefix, 0770)
+
+ for filename, data in files:
+ pathname = join(prefix, filename)
+ data = data % definitions
+ if conf.check_only:
+ matching_config = matching_config and file_contains_data(pathname, data, exact=True)
+ else:
+ fp = open(pathname, 'w')
+ fp.write(data)
+ fp.close()
+
+ # Check to see if the transport file was already written.
+
+ transport_file = "/etc/postfix/transport"
+ transport_file_content = postfix_transport % {'domain': conf.get('kolab', 'primary_domain')}
+
+ matching_transport = file_contains_data(transport_file, transport_file_content)
+ matching_config = matching_config and matching_transport
+
+ if matching_transport and not conf.reset_postfix_config and not conf.check_only:
+ utils.message(_("Postfix transport file contains Kolab definition. Not updating the transport mapping."))
+ elif not conf.check_only:
+ fp = open(transport_file, 'a')
+ fp.write(transport_file_content)
+ fp.close()
+
+ call(["postmap", transport_file])
+
+ # Initialise certificate.
+
+ current_certificate = myaugeas.get(join(setting_base, 'smtpd_tls_cert_file'))
+ current_key = myaugeas.get(join(setting_base, 'smtpd_tls_key_file'))
+ unset_certificate = not current_certificate or not current_key
+
+ # Ask for details of the certificate, if appropriate.
+
+ if (unset_certificate or conf.reset_postfix_config) and not conf.check_only:
+ default_certificate_name = is_debian() and 'ssl-cert-snakeoil' or 'localhost'
+
+ certificate_name = ask_question("kolab-conf/ssl-certificate-selection",
+ _("""
+ Please indicate the name of the certificate to be used
+ by Postfix. If this is a new certificate, an attempt
+ will be made to create it. Note that this should be only
+ a simple name like "localhost" or "ssl-cert-snakeoil",
+ not a filename or pathname.
+ """),
+ _("Certificate name"),
+ default=default_certificate_name
+ ).strip()
+
+ current_certificate = get_certificate_path(certificate_name)
+ current_key = get_private_key_path(certificate_name)
+
+ # Detect and create a certificate, if appropriate.
+ # Here, we test the certificate and not the key because there can be an
+ # inconsistency between usage of .pem and .key for the keys, but
+ # certificates always seem to use .pem as their suffix.
+
+ missing_certificate = not isfile(current_certificate)
+
+ if missing_certificate and not conf.check_only:
+ make_ssl_certificate(current_key)
+
+ matching_config = matching_config and not unset_certificate and not missing_certificate
+
+ # Acquire the settings from a global defined below, duplicating the global
+ # to be safe.
+
+ postfix_main_settings = {}
+ postfix_main_settings.update(_postfix_main_settings)
+
+ if unset_certificate:
+ postfix_main_settings['smtpd_tls_cert_file'] = current_certificate
+ postfix_main_settings['smtpd_tls_key_file'] = current_key
+
+ # Copy header checks files.
+
+ for hc_file in ['inbound', 'internal', 'submission']:
+ if not isfile("/etc/postfix/header_checks.%s" % hc_file):
+ input_file = get_template_path('header_checks.%s' % hc_file)
+
+ missing_header_check_file = input_file is not None
+ matching_config = matching_config and not missing_header_check_file
+
+ if missing_header_check_file and not conf.check_only:
+ shutil.copy(input_file, "/etc/postfix/header_checks.%s" % hc_file)
+ call(["postmap", "/etc/postfix/header_checks.%s" % hc_file])
+
+ # Update the main Postfix configuration.
+
+ for setting_key, proposed_value in postfix_main_settings.items():
+ setting = join(setting_base, setting_key)
+ current_value = myaugeas.get(setting)
+
+ # When only checking the configuration, exit the loop upon seeing any
+ # difference.
+
+ if conf.check_only:
+ matching_config = matching_config and current_value == proposed_value
+ if not matching_config:
+ break
+ else:
+ continue
+
+ # Handle absent regions of the configuration.
+
+ if current_value is None:
+ try:
+ myaugeas.set(setting, proposed_value)
+ except:
+ insert_paths = myaugeas.match('/files/etc/postfix/main.cf/*')
+ myaugeas.insert(insert_paths[-1], setting_key, False)
+
+ log.debug(_("Setting key %r to %r") % (setting_key, proposed_value), level=8)
+ myaugeas.set(setting, proposed_value)
+
+ if (not matching_config or conf.reset_postfix_config) and not conf.check_only:
+ myaugeas.save()
+
+ # Update the master Postfix configuration.
+
+ postfix_master_settings = {}
+
+ if exists('/usr/lib/postfix/kolab_smtp_access_policy'):
+ postfix_master_settings['kolab_sap_executable_path'] = '/usr/lib/postfix/kolab_smtp_access_policy'
+ else:
+ postfix_master_settings['kolab_sap_executable_path'] = '/usr/libexec/postfix/kolab_smtp_access_policy'
+
+ template_file = get_template_path('master.cf.tpl')
+ output_file = '/etc/postfix/master.cf'
+
+ if template_file is not None:
+ matching_config = instantiate_template(template_file, output_file, [postfix_master_settings], check_only=conf.check_only) and matching_config
+ else:
+ log.error(_("Could not write out Postfix configuration file %s") % output_file)
+ return
+
+ # Configure Amavis.
+
+ amavisd_settings = {
+ 'ldap_server': server_host,
+ 'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'),
+ 'ldap_bind_pw': conf.get('ldap', 'service_bind_pw'),
+ 'primary_domain': conf.get('kolab', 'primary_domain'),
+ 'ldap_filter': "(|(mail=%m)(alias=%m))",
+ 'ldap_base_dn': conf.get('ldap', 'base_dn'),
+ }
+
+ template_file = None
+
+ # On RPM installations, Amavis configuration is contained within a single file.
+
+ if isfile("/etc/amavisd/amavisd.conf"):
+ template_file = get_template_path('amavisd.conf.tpl')
+ output_file = '/etc/amavisd/amavisd.conf'
+
+ if template_file is not None:
+ matching_config = instantiate_template(template_file, output_file, [amavisd_settings], check_only=conf.check_only) and matching_config
+ else:
+ log.error(_("Could not write out Amavis configuration file %s") % output_file)
+ return
+
+ # On APT installations, /etc/amavis/conf.d/ is a directory with many more files.
+ #
+ # Somebody could work on enhancement request #1080 to configure LDAP lookups,
+ # while really it isn't required.
+
+ else:
+ log.info(_("Not writing out any configuration for Amavis."))
+
+ # When only checking, give the status and return.
+
+ if conf.check_only:
+ utils.setup_status("mta", matching_config and _("setup done") or _("needs setup"))
+ return
+
+ # On debian wheezy amavisd-new expects '/etc/mailname' - possibly remediable through
+ # the #1080 enhancement mentioned above, but here's a quick fix.
+
+ f = open('/etc/mailname','w')
+ f.writelines(conf.get('kolab', 'primary_domain'))
+ f.close()
+
+ if isdir('/etc/postfix/sasl/'):
+ fp = open('/etc/postfix/sasl/smtpd.conf', 'w')
+ fp.write("pwcheck_method: saslauthd\n")
+ fp.write("mech_list: plain login\n")
+ fp.close()
+
+ # Update the configuration file. By definition, any local mail transport
+ # agent provides a local SMTP server.
+
+ if not conf.has_section('smtp'):
+ conf.add_section('smtp')
+ conf.command_set('smtp', 'host', 'localhost')
+
+ fp = open(conf.defaults.config_file, "w+")
+ conf.cfg_parser.write(fp)
+ fp.close()
+
+ # Configure and manipulate the services.
+
+ set_service_default('spamassassin', 'ENABLED', '1')
+ set_service_default('wallace', 'START', 'yes')
+
+ amavis = is_debian() and 'amavis' or 'amavisd'
+ clamav = is_debian() and 'clamav-daemon' or 'clamd.amavisd'
- files = {
- "/etc/postfix/ldap/local_recipient_maps.cf": """
+ if not (
+ control_service('postfix', 'restart') and
+ control_service(amavis, 'restart') and
+ control_service(clamav, 'restart') and
+ control_service('wallace', 'restart')
+ ):
+
+ log.error(_("Could not start the postfix, clamav and amavis services."))
+
+ if not (
+ configure_service('postfix', True) and
+ configure_service(amavis, True) and
+ configure_service(clamav, True) and
+ configure_service('wallace', True)
+ ):
+
+ log.error(_("Could not configure to start on boot, the " + \
+ "postfix, clamav and amavis services."))
+
+# Data used by the above code.
+
+_postfix_main_settings = {
+ "inet_interfaces": "all",
+ "recipient_delimiter": "+",
+ "local_recipient_maps": "ldap:/etc/postfix/ldap/local_recipient_maps.cf",
+ "mydestination": "ldap:/etc/postfix/ldap/mydestination.cf",
+ "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport",
+ "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
+ "smtpd_tls_auth_only": "yes",
+ "smtpd_tls_security_level": "may",
+ "smtp_tls_security_level": "may",
+ "smtpd_sasl_auth_enable": "yes",
+ "smtpd_sender_login_maps": "$relay_recipient_maps",
+ "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch",
+ "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
+ "smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
+ "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
+ "submission_sender_restrictions": "reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
+ "submission_data_restrictions": "check_policy_service unix:private/submission_policy",
+ "content_filter": "smtp-amavis:[127.0.0.1]:10024"
+ }
+
+postfix_transport = """
+# Shared Folder Delivery for %(domain)s:
+shared@%(domain)s\t\tlmtp:unix:/var/lib/imap/socket/lmtp
+"""
+
+local_recipient_maps = """\
server_host = %(server_host)s
server_port = 389
version = 3
@@ -71,17 +416,9 @@ bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(|%(kolab_user_filter)s%(kolab_group_filter)s%(resource_filter)s%(sharedfolder_filter)s))
result_attribute = mail
-""" % {
- "base_dn": conf.get('ldap', 'base_dn'),
- "server_host": server_host,
- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
- "kolab_user_filter": user_filter,
- "kolab_group_filter": group_filter,
- "resource_filter": resource_filter,
- "sharedfolder_filter": sharedfolder_filter,
- },
- "/etc/postfix/ldap/mydestination.cf": """
+"""
+
+mydestination = """\
server_host = %(server_host)s
server_port = 389
version = 3
@@ -93,15 +430,9 @@ bind_pw = %(service_bind_pw)s
query_filter = %(domain_filter)s
result_attribute = %(domain_name_attribute)s
-""" % {
- "server_host": server_host,
- "domain_base_dn": conf.get('ldap', 'domain_base_dn'),
- "domain_filter": conf.get('ldap', 'domain_filter').replace('*', '%s'),
- "domain_name_attribute": conf.get('ldap', 'domain_name_attribute'),
- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
- },
- "/etc/postfix/ldap/mailenabled_distgroups.cf": """
+"""
+
+mailenabled_distgroups = """\
server_host = %(server_host)s
server_port = 389
version = 3
@@ -120,13 +451,9 @@ special_result_attribute = uniqueMember
# Only from those DNs, get the mail
result_attribute =
leaf_result_attribute = mail
-""" % {
- "server_host": server_host,
- "group_base_dn": conf.get('ldap', 'group_base_dn'),
- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
- },
- "/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf": """
+"""
+
+mailenabled_dynamic_distgroups = """\
server_host = %(server_host)s
server_port = 389
version = 3
@@ -145,13 +472,9 @@ special_result_attribute = memberURL
# Only from those DNs, get the mail
result_attribute =
leaf_result_attribute = mail
-""" % {
- "server_host": server_host,
- "group_base_dn": conf.get('ldap', 'group_base_dn'),
- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
- },
- "/etc/postfix/ldap/transport_maps.cf": """
+"""
+
+transport_maps = """\
server_host = %(server_host)s
server_port = 389
version = 3
@@ -166,13 +489,9 @@ bind_pw = %(service_bind_pw)s
query_filter = (&(|(mailAlternateAddress=%%s)(alias=%%s)(mail=%%s))(objectclass=kolabinetorgperson))
result_attribute = mail
result_format = lmtp:unix:/var/lib/imap/socket/lmtp
-""" % {
- "base_dn": conf.get('ldap', 'base_dn'),
- "server_host": server_host,
- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
- },
- "/etc/postfix/ldap/virtual_alias_maps.cf": """
+"""
+
+virtual_alias_maps = """\
server_host = %(server_host)s
server_port = 389
version = 3
@@ -186,13 +505,9 @@ bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabinetorgperson))
result_attribute = mail
-""" % {
- "base_dn": conf.get('ldap', 'base_dn'),
- "server_host": server_host,
- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
- },
- "/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf": """
+"""
+
+virtual_alias_maps_mailforwarding = """\
server_host = %(server_host)s
server_port = 389
version = 3
@@ -206,13 +521,9 @@ bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=mailrecipient)(objectclass=inetorgperson)(mailforwardingaddress=*))
result_attribute = mailForwardingAddress
-""" % {
- "base_dn": conf.get('ldap', 'base_dn'),
- "server_host": server_host,
- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
- },
- "/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf": """
+"""
+
+virtual_alias_maps_sharedfolders = """\
server_host = %(server_host)s
server_port = 389
version = 3
@@ -226,231 +537,5 @@ bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabsharedfolder))
result_attribute = kolabtargetfolder
-result_format = shared+%%s
-""" % {
- "base_dn": conf.get('ldap', 'base_dn'),
- "server_host": server_host,
- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
- },
- }
-
- if not os.path.isdir('/etc/postfix/ldap'):
- os.mkdir('/etc/postfix/ldap/', 0770)
-
- for filename in files.keys():
- fp = open(filename, 'w')
- fp.write(files[filename])
- fp.close()
-
- fp = open('/etc/postfix/transport', 'a')
- fp.write("\n# Shared Folder Delivery for %(domain)s:\nshared@%(domain)s\t\tlmtp:unix:/var/lib/imap/socket/lmtp\n" % {'domain': conf.get('kolab', 'primary_domain')})
- fp.close()
-
- subprocess.call(["postmap", "/etc/postfix/transport"])
-
- postfix_main_settings = {
- "inet_interfaces": "all",
- "recipient_delimiter": "+",
- "local_recipient_maps": "ldap:/etc/postfix/ldap/local_recipient_maps.cf",
- "mydestination": "ldap:/etc/postfix/ldap/mydestination.cf",
- "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport",
- "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
- "smtpd_tls_auth_only": "yes",
- "smtpd_tls_security_level": "may",
- "smtp_tls_security_level": "may",
- "smtpd_sasl_auth_enable": "yes",
- "smtpd_sender_login_maps": "$relay_recipient_maps",
- "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch",
- "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
- "smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
- "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
- "submission_sender_restrictions": "reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
- "submission_data_restrictions": "check_policy_service unix:private/submission_policy",
- "content_filter": "smtp-amavis:[127.0.0.1]:10024"
-
- }
-
- if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not os.path.isfile('/etc/pki/tls/private/localhost.pem'):
- subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
-
- if os.path.isfile('/etc/pki/tls/private/localhost.pem'):
- postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
- postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
-
- if not os.path.isfile('/etc/postfix/main.cf'):
- if os.path.isfile('/usr/share/postfix/main.cf.debian'):
- shutil.copy(
- '/usr/share/postfix/main.cf.debian',
- '/etc/postfix/main.cf'
- )
-
- # Copy header checks files
- for hc_file in [ 'inbound', 'internal', 'submission' ]:
- if not os.path.isfile("/etc/postfix/header_checks.%s" % (hc_file)):
- if os.path.isfile('/etc/kolab/templates/header_checks.%s' % (hc_file)):
- input_file = '/etc/kolab/templates/header_checks.%s' % (hc_file)
- elif os.path.isfile('/usr/share/kolab/templates/header_checks.%s' % (hc_file)):
- input_file = '/usr/share/kolab/templates/header_checks.%s' % (hc_file)
- elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file)))):
- input_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file)))
-
- shutil.copy(input_file, "/etc/postfix/header_checks.%s" % (hc_file))
- subprocess.call(["postmap", "/etc/postfix/header_checks.%s" % (hc_file)])
-
- myaugeas = Augeas()
-
- setting_base = '/files/etc/postfix/main.cf/'
-
- for setting_key in postfix_main_settings.keys():
- setting = os.path.join(setting_base,setting_key)
- current_value = myaugeas.get(setting)
-
- if current_value == None:
- try:
- myaugeas.set(setting, postfix_main_settings[setting_key])
- except:
- insert_paths = myaugeas.match('/files/etc/postfix/main.cf/*')
- insert_path = insert_paths[(len(insert_paths)-1)]
- myaugeas.insert(insert_path, setting_key, False)
-
- log.debug(_("Setting key %r to %r") % (setting_key, postfix_main_settings[setting_key]), level=8)
- myaugeas.set(setting, postfix_main_settings[setting_key])
-
- myaugeas.save()
-
- postfix_master_settings = {
- }
-
- if os.path.exists('/usr/lib/postfix/kolab_smtp_access_policy'):
- postfix_master_settings['kolab_sap_executable_path'] = '/usr/lib/postfix/kolab_smtp_access_policy'
- else:
- postfix_master_settings['kolab_sap_executable_path'] = '/usr/libexec/postfix/kolab_smtp_access_policy'
-
- template_file = None
-
- if os.path.isfile('/etc/kolab/templates/master.cf.tpl'):
- template_file = '/etc/kolab/templates/master.cf.tpl'
- elif os.path.isfile('/usr/share/kolab/templates/master.cf.tpl'):
- template_file = '/usr/share/kolab/templates/master.cf.tpl'
- elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'master.cf.tpl'))):
- template_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'master.cf.tpl'))
-
- if not template_file == None:
- fp = open(template_file, 'r')
- template_definition = fp.read()
- fp.close()
-
- t = Template(template_definition, searchList=[postfix_master_settings])
- fp = open('/etc/postfix/master.cf', 'w')
- fp.write(t.__str__())
- fp.close()
-
- else:
- log.error(_("Could not write out Postfix configuration file /etc/postfix/master.cf"))
- return
-
- if os.path.isdir('/etc/postfix/sasl/'):
- fp = open('/etc/postfix/sasl/smtpd.conf', 'w')
- fp.write("pwcheck_method: saslauthd\n")
- fp.write("mech_list: plain login\n")
- fp.close()
-
- amavisd_settings = {
- 'ldap_server': '%(server_host)s',
- 'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'),
- 'ldap_bind_pw': conf.get('ldap', 'service_bind_pw'),
- 'primary_domain': conf.get('kolab', 'primary_domain'),
- 'ldap_filter': "(|(mail=%m)(alias=%m))",
- 'ldap_base_dn': conf.get('ldap', 'base_dn'),
- }
-
- template_file = None
-
- # On RPM installations, Amavis configuration is contained within a single file.
- if os.path.isfile("/etc/amavisd/amavisd.conf"):
- if os.path.isfile('/etc/kolab/templates/amavisd.conf.tpl'):
- template_file = '/etc/kolab/templates/amavisd.conf.tpl'
- elif os.path.isfile('/usr/share/kolab/templates/amavisd.conf.tpl'):
- template_file = '/usr/share/kolab/templates/amavisd.conf.tpl'
- elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'amavisd.conf.tpl'))):
- template_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'amavisd.conf.tpl'))
-
- if not template_file == None:
- fp = open(template_file, 'r')
- template_definition = fp.read()
- fp.close()
-
- t = Template(template_definition, searchList=[amavisd_settings])
-
- fp = None
- if os.path.isdir('/etc/amavisd'):
- fp = open('/etc/amavisd/amavisd.conf', 'w')
- elif os.path.isdir('/etc/amavis'):
- fp = open('/etc/amavis/amavisd.conf', 'w')
-
- if not fp == None:
- fp.write(t.__str__())
- fp.close()
-
- else:
- log.error(_("Could not write out Amavis configuration file amavisd.conf"))
- return
-
- # On APT installations, /etc/amavis/conf.d/ is a directory with many more files.
- #
- # Somebody could work on enhancement request #1080 to configure LDAP lookups,
- # while really it isn't required.
- else:
- log.info(_("Not writing out any configuration for Amavis."))
-
- # On debian wheezy amavisd-new expects '/etc/mailname' - possibly remediable through
- # the #1080 enhancement mentioned above, but here's a quick fix.
- f = open('/etc/mailname','w')
- f.writelines(conf.get('kolab', 'primary_domain'))
- f.close()
-
- if os.path.isfile('/etc/default/spamassassin'):
- myaugeas = Augeas()
- setting = os.path.join('/files/etc/default/spamassassin','ENABLED')
- if not myaugeas.get(setting) == '1':
- myaugeas.set(setting,'1')
- myaugeas.save()
- myaugeas.close()
-
- if os.path.isfile('/bin/systemctl'):
- subprocess.call(['systemctl', 'restart', 'postfix.service'])
- subprocess.call(['systemctl', 'restart', 'amavisd.service'])
- subprocess.call(['systemctl', 'restart', 'clamd.amavisd.service'])
- subprocess.call(['systemctl', 'restart', 'wallace.service'])
- elif os.path.isfile('/sbin/service'):
- subprocess.call(['service', 'postfix', 'restart'])
- subprocess.call(['service', 'amavisd', 'restart'])
- subprocess.call(['service', 'clamd.amavisd', 'restart'])
- subprocess.call(['service', 'wallace', 'restart'])
- elif os.path.isfile('/usr/sbin/service'):
- subprocess.call(['/usr/sbin/service','postfix','restart'])
- subprocess.call(['/usr/sbin/service','amavis','restart'])
- subprocess.call(['/usr/sbin/service','clamav-daemon','restart'])
- subprocess.call(['/usr/sbin/service','wallace','restart'])
- else:
- log.error(_("Could not start the postfix, clamav and amavisd services services."))
-
- if os.path.isfile('/bin/systemctl'):
- subprocess.call(['systemctl', 'enable', 'postfix.service'])
- subprocess.call(['systemctl', 'enable', 'amavisd.service'])
- subprocess.call(['systemctl', 'enable', 'clamd.amavisd.service'])
- subprocess.call(['systemctl', 'enable', 'wallace.service'])
- elif os.path.isfile('/sbin/chkconfig'):
- subprocess.call(['chkconfig', 'postfix', 'on'])
- subprocess.call(['chkconfig', 'amavisd', 'on'])
- subprocess.call(['chkconfig', 'clamd.amavisd', 'on'])
- subprocess.call(['chkconfig', 'wallace', 'on'])
- elif os.path.isfile('/usr/sbin/update-rc.d'):
- subprocess.call(['/usr/sbin/update-rc.d', 'postfix', 'defaults'])
- subprocess.call(['/usr/sbin/update-rc.d', 'amavis', 'defaults'])
- subprocess.call(['/usr/sbin/update-rc.d', 'clamav-daemon', 'defaults'])
- subprocess.call(['/usr/sbin/update-rc.d', 'wallace', 'defaults'])
- else:
- log.error(_("Could not configure to start on boot, the " + \
- "postfix, clamav and amavisd services."))
+result_format = <shared+%%s>
+"""