ale/docker-compose-hatthieves
2
Fork 0
Código Incidencias Pull Requests Lanzamientos Wiki Actividad

haraka-wildduck

Explorar el Código
Este commit está contenido en:
Your Name
2020-05-27 17:51:39 +00:00
padre 31d55bf967
commit d44513dbd8
Se han modificado 163 ficheros con 8169 adiciones y 0 borrados
Descargar archivo de parche Descargar archivo de diferencias Expandir todos los archivos Contraer todos los archivos

24
production/haraka-wildduck/wildduck/Dockerfile Archivo normal
Ver fichero

@@ -0,0 +1,24 @@
FROM node:10-slim
RUN npm i -g npm
RUN apt update && apt -y install git python make g++ libcap2-bin wget dirmngr sudo && apt clean
RUN wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
RUN echo "deb [arch=amd64] http://rspamd.com/apt-stable/ stretch main" > /etc/apt/sources.list.d/rspamd.list
RUN echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ stretch main" >> /etc/apt/sources.list.d/rspamd.list
RUN apt update
RUN apt --no-install-recommends install -y rspamd
RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/node
RUN git clone https://github.com/nodemailer/wildduck /wildduck
RUN git clone https://github.com/zone-eu/zone-mta-template /wildduck-mta
RUN git clone https://github.com/haraka/Haraka /haraka
RUN chown -R node.node /wildduck /wildduck-mta /haraka
RUN adduser node sudo
RUN echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/sudo
USER node
WORKDIR /wildduck
RUN npm i --production
WORKDIR /wildduck-mta
RUN npm i --production
RUN npm i -S zonemta-wildduck zonemta-limiter
WORKDIR /haraka
RUN npm i
RUN npm i -S haraka-plugin-wildduck haraka-plugin-rspamd haraka-plugin-limit haraka-plugin-karma haraka-plugin-redis

52
production/haraka-wildduck/wildduck/config/api.toml Archivo normal
Ver fichero

@@ -0,0 +1,52 @@
enabled = true
port = 80
# by default bind to localhost only
host = "0.0.0.0"
# Use `true` (HTTPS) for port 443 and `false` (HTTP) for 80
secure = false
# If set requires all API calls to have accessToken query argument with that value
accessToken = "nohaytoken"
# http://localhost:8080/users?accessToken=somesecretvalue
#accessToken="somesecretvalue"
[accessControl]
# If true then require a valid access token to perform API calls
enabled = false
# Secret for HMAC
# Changing this value invalidates all tokens
#secret = "sAiHB6XcSWJgsMrMl_vJzcfVlhhenJLi"
[roles]
# @include "roles.json"
[tls]
# If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"
[mobileconfig]
# plist configuration for OSX/iOS profile files that are generated with Application Specific Passwords
# Use {email} in the description strings to replace it with account email address
# A reverse-DNS style identifier (com.example.myprofile, for example) that identifies the profile.
# This string is used to determine whether a new profile should replace an existing one or should be added. Username is prepended to this value.
identifier = "es.hatthieves"
# A human-readable name for the profile. This value is displayed on the Detail screen. It does not have to be unique.
displayName = "Wildduck Mail"
# A human-readable string containing the name of the organization that provided the profile.
organization = "Unknown"
# A description of the profile, shown on the Detail screen for the profile. This should be descriptive enough to help the user decide whether to install the profile.
displayDescription = "Install this profile to setup {email}"
# A user-visible description of the email account, shown in the Mail and Settings applications.
accountDescription = "{email}"
[mobileconfig.tls]
# If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"

9
production/haraka-wildduck/wildduck/config/attachments.toml Archivo normal
Ver fichero

@@ -0,0 +1,9 @@
# Attachment storage options
# For now there's only a single option for attachment storage
type="gridstore"
bucket="attachments"
# If true then decodes base64 encoded attachments to binary before storing to DB.
# Decoding base64 attachments expects consistent line length and default base64 alphabet
decodeBase64=true

47
production/haraka-wildduck/wildduck/config/dbs.toml Archivo normal
Ver fichero

@@ -0,0 +1,47 @@
# mongodb connection string for the main database
mongo = "mongodb://172.200.0.103:27017/wildduck"
# redis connection string to connect to a single master (see below for Sentinel example)
#redis="redis://127.0.0.1:6379/3"
# WildDuck allows using different kind of data in different databases
# If you do not provide a database config value, then main database connection
# is used for everything
# You can either use a database name (uses shared connection) or a configutaion
# url (creates a separate connection) for each databases
# Optional database name or connection url for GridFS if you do not want to
# use the main db for storing attachments. Useful if you want
# to use a different mount folder or storage engine
#gridfs="wildduck"
# Optional database name or connection url for users collection if you do not want to
# use the main db for storing user/address data. Useful if you want
# to use a different mount folder or storage engine
#users="wildduck"
# Optional database name or connection url for ZoneMTA queue database. This is
# used to push outbound emails to the sending queue
sender="zone-mta"
#queued="mail"
[redis]
host = "172.200.0.102"
port = 6379
db = 3
## Connect to Redis Sentinel instead of single master
# [redis]
# name="mymaster"
# password=""
# db=3
# [[redis.sentinels]]
# host="54.36.85.113"
# port=26379
# [[redis.sentinels]]
# host="54.36.85.114"
# port=26379
# [[redis.sentinels]]
# host="54.36.85.115"
# port=26379

97
production/haraka-wildduck/wildduck/config/default.toml Archivo normal
Ver fichero

@@ -0,0 +1,97 @@
# Uncomment if you start the app as root and want to downgrade
# once all privileged actions are completed
# If you do not use privileged ports then you can start the app already under required user account
#user="wildduck"
#group="wildduck"
# process title
ident="wildduck"
# how many processes to start
processes = "2"
# default quota storage in MB (can be overriden per user)
maxStorage=1024
# default smtp recipients for 24h (can be overriden per user)
maxRecipients=2000
emailDomain = "hatthieves.es"
# default forwarded messages for 24h (can be overriden per user)
maxForwards=2000
# If usernames are not email addresses then use this domain as hostname part
#emailDomain="mydomain.info"
[dbs]
# @include "dbs.toml"
[totp]
# If enabled then encrypt TOTP seed tokens with the secret password. By default TOTP seeds
# are not encrypted and stored as cleartext. Once set up do not change these values,
# otherwise decrypting totp seeds is going to fail
#cipher="aes192"
secret="a secret cat"
cipher = "aes192"
#secret = "E2jYD-p2u68-qUEOJ1KkC3xmzySyTGRY"
[u2f]
# Fully qualified URL of your website (must use HTTPS!)
appId = "http://172.200.0.101"
[attachments]
# @include "attachments.toml"
[log]
level="silly"
skipFetchLog=false # if true, then does not output individual * FETCH responses to log
# delete authentication log entries after 30 days
# changing this value only affects new entries
# set to false to not log authentication events
# set to 0 to keep the logs infinitely
authlogExpireDays=30
[log.gelf]
enabled = false
hostname = "hatthieves.es" # defaults to os.hostname()
component="wildduck"
[log.gelf.options]
graylogPort = 1
graylogHostname = ""
connection="lan"
[imap]
# @include "imap.toml"
[tls]
# @include "tls.toml"
[lmtp]
# @include "lmtp.toml"
[pop3]
# @include "pop3.toml"
[api]
# @include "api.toml"
[sender]
# @include "sender.toml"
[dkim]
# @include "dkim.toml"
[plugins]
# @include "plugins/*.toml"
[tasks]
# if enabled then process jobs like deleting expired messages etc
enabled=true
[smtp.setup]
# Public configuration for SMTP MDA, needed for mobileconfig files
hostname = "0.0.0.0"
secure = true
port = 587

30
production/haraka-wildduck/wildduck/config/dkim.toml Archivo normal
Ver fichero

@@ -0,0 +1,30 @@
# If enabled then encrypt DKIM keys with the secret password. By default DKIM keys
# are not encrypted and stored as cleartext. Once set up do not change these values,
# otherwise decrypting DKIM keys is going to fail
#cipher="aes192"
#secret="a secret cat"
# If true then spwans openssl command line executable for generating DKIM keys
# Otherwise forge library is used which is cross-environment but slower
useOpenSSL=true
# Define path to openssl if not in default path
#pathOpenSSL="/usr/local/bin/openssl"
# If true then also adds a signature for the outbound domain
# Affects WildDuck ZoneMTA plugin only
signTransportDomain=true
# do not change this
hashAlgo="sha256"
enabled="sender"
# Domain name in the dkim signature. Leave blank to use the domain of From: address
domain="hatthieves.es"
# Selector value in the dkim signature
selector="dkim"
# Key location. Relative to working directory
path="/secure/dkim_private.key"

83
production/haraka-wildduck/wildduck/config/imap.toml Archivo normal
Ver fichero

@@ -0,0 +1,83 @@
# If enabled then WildDuck exposes an IMAP interface for listing and fetching emails
enabled = true
port = 993
host = "0.0.0.0"
# Use `true` for port 993 and `false` for 143. If connection is not secured
# on connection then WildDuck enables STARTTLS extension
secure = true
#secured = true
# Max size for messages uploaded via APPEND
maxMB=25
# delete messages from \Trash and \Junk after retention days
retention = 4
# Default max donwload bandwith per day in megabytes
maxDownloadMB=10000
# Default max upload bandwith per day in megabytes
maxUploadMB=10000
# Default max concurrent connections per service per client
maxConnections=15
# if `true` then do not autodelete expired messages
disableRetention=false
# If true, then disables STARTTLS support
disableSTARTTLS = true
# If true, then advertises COMPRESS=DEFLATE capability
enableCompression=false
# If true, then expect HAProxy PROXY header as the first line of data
useProxy=false
# useProxy=true # expect PROXY from all conections
# useProxy=['*'] # expect PROXY from all conections
# useProxy=['1.2.3.4', '1.2.3.5'] # expect PROXY only from connections from listed IP addresses
# an array of IP addresses to ignore (not logged)
ignoredHosts=[]
#name="WildDuck IMAP"
#version="1.0.0"
#vendor="WildDuck"
# Add extra IMAP interfaces
#[[interface]]
#enabled=true
#port=9143
#host="0.0.0.0"
#secure=false
#ignoreSTARTTLS=true
# If true then EXPUNGE is called after a message gets a \Deleted flag set
autoExpunge=true
name = "Wildduck Mail IMAP"
[setup]
# Public configuration for IMAP
hostname = "imap.hatthieves.es"
secure = true
# port defaults to imap.port
# port=9993
[tls]
## If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"
## You can also define extra options for specific TLS settings:
#ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
ciphers = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
secureProtocol = "SSLv23_server_method"
secureOptions = 100663296
#secureProtocol="SSLv23_server_method"
## constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1 => 100663296
#secureOptions=100663296

24
production/haraka-wildduck/wildduck/config/lmtp.toml Archivo normal
Ver fichero

@@ -0,0 +1,24 @@
# If enabled then WildDuck exposes a LMTP interface for pushing messages to mail store
# NB! If you are using WildDuck plugin for Haraka then LMTP is not needed
enabled=true
port=2424
# by default bind to localhost only
host="127.0.0.1"
# Max accepted size for messages pushed via LMTP
maxMB=25
# If true then disables STARTTLS usage
disableSTARTTLS=true
# Greeting message for connecting client
banner="Welcome to WildDuck Mail Server"
# Server hostname. Defaults to os.hostname() if false
name="hatthieves.es"
[tls]
# If certificate path is not defined, use global or built-in self-signed certs for STARTTLS
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"

10
production/haraka-wildduck/wildduck/config/plugins/example.toml Archivo normal
Ver fichero

@@ -0,0 +1,10 @@
[example]
enabled = false
# $WD: path of wildduck module root
# $CONFIG: path of config root
path = "$WD/plugins/example.js"
# Additional config options
value1 = "Example config option"

39
production/haraka-wildduck/wildduck/config/pop3.toml Archivo normal
Ver fichero

@@ -0,0 +1,39 @@
# If enabled then WildDuck exposes a limited POP3 interface for listing and fetching emails
enabled = false
port=9995
# by default bind to localhost only
host="0.0.0.0"
# Use `true` for port 995 and `false` for 110
secure=true
# If true, then do not show server info in CAPA response
disableVersionString=false
# How many latest messages to list for LIST and UIDL
# POP3 server never lists all messages but only a limited length list
maxMessages=250
# Max donwload bandwith per day in megabytes
maxDownloadMB=10000
# If true, then expect HAProxy PROXY header as the first line of data
useProxy=false
# an array of IP addresses to ignore (not logged)
ignoredHosts=[]
#name="WildDuck POP3"
#version="1.0.0"
[tls]
# If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"
[setup]
# Public configuration for POP3
hostname="pop.hatthieves.es"
secure=true
# port defaults to pop3.port
#port=9995

269
production/haraka-wildduck/wildduck/config/roles.json Archivo normal
Ver fichero

@@ -0,0 +1,269 @@
{
"root": {
"addresslisting": {
"read:any": ["*"]
},
"addresses": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"authentication": {
"create:any": ["*"],
"read:any": ["*"]
},
"userlisting": {
"read:any": ["*", "!audit"]
},
"users": {
"create:any": ["*", "!audit"],
"read:any": ["*", "!audit"],
"update:any": ["*", "!audit"],
"delete:any": ["*"]
},
"asps": {
"create:any": ["*"],
"read:any": ["*"],
"delete:any": ["*"]
},
"messages": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"mailboxes": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"autoreplies": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"filters": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"dkim": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"domainaliases": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
}
},
"manager": {
"addresslisting": {
"read:any": ["*"]
},
"addresses": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"authentication": {
"create:any": ["*"],
"read:any": ["*"]
},
"userlisting": {
"read:any": ["*", "!audit"]
},
"users": {
"create:any": ["*", "!audit"],
"read:any": ["*", "!audit"],
"update:any": ["*", "!audit"],
"delete:any": ["*"]
},
"asps": {
"create:any": ["*"],
"read:any": ["*"],
"delete:any": ["*"]
},
"autoreplies": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"filters": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"dkim": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"domainaliases": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
}
},
"webmail": {
"addresses": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"authentication": {
"create:any": ["*"],
"read:any": ["*"]
},
"users": {
"read:any": ["*", "!audit"],
"update:any": ["*", "!audit"]
},
"asps": {
"create:any": ["*"],
"read:any": ["*"],
"delete:any": ["*"]
},
"messages": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"mailboxes": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"autoreplies": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
},
"filters": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
}
},
"user": {
"addresslisting": {
"read:own": ["*"]
},
"addresses": {
"create:own": ["*"],
"read:own": ["*"],
"update:own": ["*"],
"delete:own": ["*"]
},
"authentication": {
"read:own": ["*"]
},
"userlisting": {
"read:own": ["*", "!audit"]
},
"users": {
"read:own": ["*", "!audit"],
"update:own": ["*", "!audit"]
},
"asps": {
"create:own": ["*"],
"read:own": ["*"],
"delete:own": ["*"]
},
"messages": {
"create:own": ["*"],
"read:own": ["*"],
"update:own": ["*"],
"delete:own": ["*"]
},
"mailboxes": {
"create:own": ["*"],
"read:own": ["*"],
"update:own": ["*"],
"delete:own": ["*"]
},
"autoreplies": {
"create:own": ["*"],
"read:own": ["*"],
"update:own": ["*"],
"delete:own": ["*"]
},
"filters": {
"create:own": ["*"],
"read:own": ["*"],
"update:own": ["*"],
"delete:own": ["*"]
}
},
"auth": {
"authentication": {
"create:any": ["*"]
}
},
"audit": {
"users": {
"create:any": ["*"],
"read:any": ["*"],
"update:any": ["*"],
"delete:any": ["*"]
}
}
}

10
production/haraka-wildduck/wildduck/config/sender.toml Archivo normal
Ver fichero

@@ -0,0 +1,10 @@
# which ZoneMTA queue to use by default
zone="zone-mta"
# Collection name for GridFS storage
gfs="mail"
# Collection name for the queue
# see [dbs].sender option for choosing correct database to use for ZoneMTA queues
# by default the main wildduck database is used
collection="zone-queue"

14
production/haraka-wildduck/wildduck/config/test.toml Archivo normal
Ver fichero

@@ -0,0 +1,14 @@
[log]
level="error"
[dbs]
# # mongodb connection string for the main database
# mongo="mongodb://127.0.0.1:27017/wildduck-test"
#
# # redis connection string
# redis="redis://127.0.0.1:6379/13"
#
# dbname="wildduck-test"
[imap]
autoExpunge=false

6
production/haraka-wildduck/wildduck/config/tls.toml Archivo normal
Ver fichero

@@ -0,0 +1,6 @@
# Default TLS keys (can be overriden by individual services)
#key="/path/to/server/key.pem"
#ca=["/path/to/server/ca1.pem", "/path/to/server/ca2.pem"]
#cert="/path/to/server/cert.pem"
key = "/secure/privkey.pem"
cert = "/secure/fullchain.pem"