From 8bcc2dbbcd66b215a2a0edbfda5d62cb09da5024 Mon Sep 17 00:00:00 2001 From: ale Date: Mon, 6 Apr 2020 17:54:32 +0200 Subject: [PATCH] initial commit --- .env | 2 + .gitignore | 1 + README.md | 20 + docker-compose.yml | 78 ++ entrypoint.sh | 7 + secure/.gitignore | 0 start.sh | 9 + webmail/Dockerfile | 13 + webmail/config/default.toml | 78 ++ webmail/config/development.toml | 28 + webmail/views/account/2fa.hbs | 85 ++ webmail/views/account/autoreply.hbs | 142 ++++ webmail/views/account/create.hbs | 140 ++++ webmail/views/account/filters.hbs | 88 ++ webmail/views/account/filters/create.hbs | 18 + webmail/views/account/filters/edit.hbs | 18 + webmail/views/account/identities.hbs | 131 +++ webmail/views/account/identities/create.hbs | 46 ++ webmail/views/account/identities/edit.hbs | 46 ++ webmail/views/account/index.hbs | 103 +++ webmail/views/account/login.hbs | 68 ++ webmail/views/account/login.hbs.new | 52 ++ webmail/views/account/login.hbs.orig | 68 ++ webmail/views/account/profile.hbs | 98 +++ webmail/views/account/security.hbs | 26 + webmail/views/account/security/2fa.hbs | 131 +++ webmail/views/account/security/asp.hbs | 35 + webmail/views/account/security/asps.hbs | 151 ++++ .../views/account/security/enable-totp.hbs | 34 + webmail/views/account/security/enable-u2f.hbs | 45 ++ webmail/views/account/security/events.hbs | 115 +++ webmail/views/account/security/gpg.hbs | 98 +++ webmail/views/account/security/password.hbs | 67 ++ webmail/views/account/update-password.hbs | 43 + webmail/views/error.hbs | 7 + webmail/views/help.hbs | 160 ++++ webmail/views/index.hbs | 3 + webmail/views/layout-popup.hbs | 50 ++ webmail/views/layout-webmail.hbs | 67 ++ webmail/views/layout.hbs | 30 + webmail/views/partials/accountmenu.hbs | 3 + webmail/views/partials/filter.hbs | 150 ++++ webmail/views/partials/header.hbs | 18 + webmail/views/partials/identity.hbs | 68 ++ webmail/views/partials/mailbox.hbs | 44 + webmail/views/partials/messagerow.hbs | 51 ++ webmail/views/partials/navbar.hbs | 85 ++ webmail/views/partials/scripts.hbs | 71 ++ webmail/views/partials/searchfield.hbs | 8 + webmail/views/partials/securitymenu.hbs | 5 + webmail/views/partials/tos.hbs | 57 ++ webmail/views/tos.hbs | 13 + webmail/views/webmail/audit.hbs | 134 ++++ webmail/views/webmail/create.hbs | 46 ++ webmail/views/webmail/index.hbs | 754 ++++++++++++++++++ webmail/views/webmail/mailbox.hbs | 75 ++ webmail/views/webmail/message.hbs | 630 +++++++++++++++ webmail/views/webmail/send.hbs | 382 +++++++++ wildduck/Dockerfile | 24 + wildduck/haraka/attachments/.gitignore | 0 wildduck/haraka/config/access.domains | 13 + wildduck/haraka/config/access.ini | 6 + wildduck/haraka/config/aliases | 14 + wildduck/haraka/config/attachment.ctype.regex | 2 + .../haraka/config/attachment.filename.regex | 1 + wildduck/haraka/config/auth_flat_file.ini | 5 + wildduck/haraka/config/auth_vpopmaild.ini | 7 + wildduck/haraka/config/avg.ini | 5 + wildduck/haraka/config/bounce.ini | 18 + wildduck/haraka/config/clamd.ini | 5 + wildduck/haraka/config/data.headers.ini | 62 ++ wildduck/haraka/config/data.uribl.excludes | 202 +++++ wildduck/haraka/config/data.uribl.ini | 37 + wildduck/haraka/config/databytes | 1 + wildduck/haraka/config/delay_deny.ini | 7 + wildduck/haraka/config/dhparams.pem | 8 + wildduck/haraka/config/dkim_sign.ini | 5 + wildduck/haraka/config/dnsbl.ini | 23 + wildduck/haraka/config/early_talker.ini | 11 + wildduck/haraka/config/fcrdns.ini | 14 + wildduck/haraka/config/greylist.ini | 43 + wildduck/haraka/config/helo.checks.ini | 57 ++ wildduck/haraka/config/host_list | 2 + wildduck/haraka/config/host_list_regex | 6 + wildduck/haraka/config/http.ini | 7 + wildduck/haraka/config/internalcmd_key | 1 + wildduck/haraka/config/lmtp.ini | 7 + wildduck/haraka/config/log.ini | 11 + wildduck/haraka/config/lookup_rdns.strict.ini | 12 + .../haraka/config/lookup_rdns.strict.timeout | 1 + .../config/lookup_rdns.strict.whitelist | 1 + .../config/lookup_rdns.strict.whitelist_regex | 5 + .../haraka/config/mail_from.is_resolvable.ini | 4 + .../haraka/config/max_unrecognized_commands | 1 + wildduck/haraka/config/me | 1 + wildduck/haraka/config/messagesniffer.ini | 18 + wildduck/haraka/config/mongodb.ini | 30 + .../haraka/config/outbound.bounce_message | 15 + .../config/outbound.bounce_message_html | 36 + .../config/outbound.bounce_message_image | 106 +++ wildduck/haraka/config/outbound.ini | 30 + wildduck/haraka/config/plugins | 76 ++ wildduck/haraka/config/plugins.bak | 6 + wildduck/haraka/config/rabbitmq.ini | 10 + wildduck/haraka/config/rabbitmq_amqplib.ini | 12 + wildduck/haraka/config/rcpt_to.blocklist | 1 + wildduck/haraka/config/rcpt_to.in_host_list | 2 + wildduck/haraka/config/rdns.allow_regexps | 0 wildduck/haraka/config/rdns.deny_regexps | 0 wildduck/haraka/config/relay.ini | 3 + wildduck/haraka/config/relay_dest_domains.ini | 2 + wildduck/haraka/config/rspamd.ini | 30 + wildduck/haraka/config/smtp.ini | 45 ++ wildduck/haraka/config/smtp_bridge.ini | 4 + wildduck/haraka/config/smtp_forward.ini.orig | 23 + wildduck/haraka/config/smtp_proxy.ini | 19 + wildduck/haraka/config/smtpgreeting | 1 + wildduck/haraka/config/spamassassin.ini | 41 + wildduck/haraka/config/spf.ini | 3 + wildduck/haraka/config/tarpit.timeout | 1 + wildduck/haraka/config/tls.ini | 34 + wildduck/haraka/config/watch.ini | 12 + wildduck/haraka/config/wildduck.ini | 14 + wildduck/haraka/config/wildduck.yaml | 77 ++ wildduck/haraka/config/xclient.hosts | 2 + .../wildduck-mta/config/dbs-development.toml | 13 + .../wildduck-mta/config/dbs-production.toml | 1 + wildduck/wildduck-mta/config/dns.toml | 14 + wildduck/wildduck-mta/config/domains.toml | 7 + .../config/interfaces/feeder.toml | 36 + wildduck/wildduck-mta/config/log.toml | 8 + .../wildduck-mta/config/plugins/avast.toml | 5 + .../config/plugins/default-headers.toml | 8 + .../config/plugins/delivery-counters.toml | 3 + .../wildduck-mta/config/plugins/dkim.toml | 31 + .../config/plugins/email-bounce.toml | 16 + .../wildduck-mta/config/plugins/example.toml | 3 + .../config/plugins/image-hashes.toml | 2 + .../config/plugins/loop-breaker.toml | 4 + .../wildduck-mta/config/plugins/wildduck.toml | 31 + .../config/plugins/wildduck.toml.old | 11 + .../config/plugins/zonemta-limiter.toml | 10 + wildduck/wildduck-mta/config/pools.toml | 3 + wildduck/wildduck-mta/config/queue.toml | 15 + .../wildduck-mta/config/wildduck-mta.toml | 44 + wildduck/wildduck-mta/config/zonemta.toml | 1 + .../wildduck-mta/config/zones/bounces.toml | 6 + .../wildduck-mta/config/zones/default.toml | 14 + wildduck/wildduck/config/api.toml | 52 ++ wildduck/wildduck/config/attachments.toml | 9 + wildduck/wildduck/config/dbs.toml | 47 ++ wildduck/wildduck/config/default.toml | 97 +++ wildduck/wildduck/config/dkim.toml | 30 + wildduck/wildduck/config/imap.toml | 83 ++ wildduck/wildduck/config/lmtp.toml | 24 + wildduck/wildduck/config/plugins/example.toml | 10 + wildduck/wildduck/config/pop3.toml | 39 + wildduck/wildduck/config/roles.json | 269 +++++++ wildduck/wildduck/config/sender.toml | 10 + wildduck/wildduck/config/test.toml | 14 + wildduck/wildduck/config/tls.toml | 6 + 161 files changed, 7253 insertions(+) create mode 100644 .env create mode 100644 .gitignore create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100644 entrypoint.sh create mode 100644 secure/.gitignore create mode 100755 start.sh create mode 100644 webmail/Dockerfile create mode 100644 webmail/config/default.toml create mode 100644 webmail/config/development.toml create mode 100644 webmail/views/account/2fa.hbs create mode 100644 webmail/views/account/autoreply.hbs create mode 100644 webmail/views/account/create.hbs create mode 100644 webmail/views/account/filters.hbs create mode 100644 webmail/views/account/filters/create.hbs create mode 100644 webmail/views/account/filters/edit.hbs create mode 100644 webmail/views/account/identities.hbs create mode 100644 webmail/views/account/identities/create.hbs create mode 100644 webmail/views/account/identities/edit.hbs create mode 100644 webmail/views/account/index.hbs create mode 100644 webmail/views/account/login.hbs create mode 100644 webmail/views/account/login.hbs.new create mode 100644 webmail/views/account/login.hbs.orig create mode 100644 webmail/views/account/profile.hbs create mode 100644 webmail/views/account/security.hbs create mode 100644 webmail/views/account/security/2fa.hbs create mode 100644 webmail/views/account/security/asp.hbs create mode 100644 webmail/views/account/security/asps.hbs create mode 100644 webmail/views/account/security/enable-totp.hbs create mode 100644 webmail/views/account/security/enable-u2f.hbs create mode 100644 webmail/views/account/security/events.hbs create mode 100644 webmail/views/account/security/gpg.hbs create mode 100644 webmail/views/account/security/password.hbs create mode 100644 webmail/views/account/update-password.hbs create mode 100644 webmail/views/error.hbs create mode 100644 webmail/views/help.hbs create mode 100644 webmail/views/index.hbs create mode 100644 webmail/views/layout-popup.hbs create mode 100644 webmail/views/layout-webmail.hbs create mode 100644 webmail/views/layout.hbs create mode 100644 webmail/views/partials/accountmenu.hbs create mode 100644 webmail/views/partials/filter.hbs create mode 100644 webmail/views/partials/header.hbs create mode 100644 webmail/views/partials/identity.hbs create mode 100644 webmail/views/partials/mailbox.hbs create mode 100644 webmail/views/partials/messagerow.hbs create mode 100644 webmail/views/partials/navbar.hbs create mode 100644 webmail/views/partials/scripts.hbs create mode 100644 webmail/views/partials/searchfield.hbs create mode 100644 webmail/views/partials/securitymenu.hbs create mode 100644 webmail/views/partials/tos.hbs create mode 100644 webmail/views/tos.hbs create mode 100644 webmail/views/webmail/audit.hbs create mode 100644 webmail/views/webmail/create.hbs create mode 100644 webmail/views/webmail/index.hbs create mode 100644 webmail/views/webmail/mailbox.hbs create mode 100644 webmail/views/webmail/message.hbs create mode 100644 webmail/views/webmail/send.hbs create mode 100644 wildduck/Dockerfile create mode 100644 wildduck/haraka/attachments/.gitignore create mode 100755 wildduck/haraka/config/access.domains create mode 100755 wildduck/haraka/config/access.ini create mode 100755 wildduck/haraka/config/aliases create mode 100755 wildduck/haraka/config/attachment.ctype.regex create mode 100755 wildduck/haraka/config/attachment.filename.regex create mode 100755 wildduck/haraka/config/auth_flat_file.ini create mode 100755 wildduck/haraka/config/auth_vpopmaild.ini create mode 100755 wildduck/haraka/config/avg.ini create mode 100755 wildduck/haraka/config/bounce.ini create mode 100644 wildduck/haraka/config/clamd.ini create mode 100755 wildduck/haraka/config/data.headers.ini create mode 100755 wildduck/haraka/config/data.uribl.excludes create mode 100755 wildduck/haraka/config/data.uribl.ini create mode 100644 wildduck/haraka/config/databytes create mode 100755 wildduck/haraka/config/delay_deny.ini create mode 100644 wildduck/haraka/config/dhparams.pem create mode 100755 wildduck/haraka/config/dkim_sign.ini create mode 100755 wildduck/haraka/config/dnsbl.ini create mode 100755 wildduck/haraka/config/early_talker.ini create mode 100755 wildduck/haraka/config/fcrdns.ini create mode 100755 wildduck/haraka/config/greylist.ini create mode 100755 wildduck/haraka/config/helo.checks.ini create mode 100644 wildduck/haraka/config/host_list create mode 100755 wildduck/haraka/config/host_list_regex create mode 100755 wildduck/haraka/config/http.ini create mode 100644 wildduck/haraka/config/internalcmd_key create mode 100755 wildduck/haraka/config/lmtp.ini create mode 100644 wildduck/haraka/config/log.ini create mode 100755 wildduck/haraka/config/lookup_rdns.strict.ini create mode 100755 wildduck/haraka/config/lookup_rdns.strict.timeout create mode 100755 wildduck/haraka/config/lookup_rdns.strict.whitelist create mode 100755 wildduck/haraka/config/lookup_rdns.strict.whitelist_regex create mode 100755 wildduck/haraka/config/mail_from.is_resolvable.ini create mode 100755 wildduck/haraka/config/max_unrecognized_commands create mode 100644 wildduck/haraka/config/me create mode 100755 wildduck/haraka/config/messagesniffer.ini create mode 100755 wildduck/haraka/config/mongodb.ini create mode 100755 wildduck/haraka/config/outbound.bounce_message create mode 100755 wildduck/haraka/config/outbound.bounce_message_html create mode 100755 wildduck/haraka/config/outbound.bounce_message_image create mode 100755 wildduck/haraka/config/outbound.ini create mode 100644 wildduck/haraka/config/plugins create mode 100644 wildduck/haraka/config/plugins.bak create mode 100755 wildduck/haraka/config/rabbitmq.ini create mode 100755 wildduck/haraka/config/rabbitmq_amqplib.ini create mode 100755 wildduck/haraka/config/rcpt_to.blocklist create mode 100644 wildduck/haraka/config/rcpt_to.in_host_list create mode 100755 wildduck/haraka/config/rdns.allow_regexps create mode 100755 wildduck/haraka/config/rdns.deny_regexps create mode 100755 wildduck/haraka/config/relay.ini create mode 100755 wildduck/haraka/config/relay_dest_domains.ini create mode 100644 wildduck/haraka/config/rspamd.ini create mode 100644 wildduck/haraka/config/smtp.ini create mode 100755 wildduck/haraka/config/smtp_bridge.ini create mode 100755 wildduck/haraka/config/smtp_forward.ini.orig create mode 100755 wildduck/haraka/config/smtp_proxy.ini create mode 100644 wildduck/haraka/config/smtpgreeting create mode 100755 wildduck/haraka/config/spamassassin.ini create mode 100755 wildduck/haraka/config/spf.ini create mode 100755 wildduck/haraka/config/tarpit.timeout create mode 100644 wildduck/haraka/config/tls.ini create mode 100755 wildduck/haraka/config/watch.ini create mode 100755 wildduck/haraka/config/wildduck.ini create mode 100644 wildduck/haraka/config/wildduck.yaml create mode 100755 wildduck/haraka/config/xclient.hosts create mode 100644 wildduck/wildduck-mta/config/dbs-development.toml create mode 100644 wildduck/wildduck-mta/config/dbs-production.toml create mode 100644 wildduck/wildduck-mta/config/dns.toml create mode 100644 wildduck/wildduck-mta/config/domains.toml create mode 100644 wildduck/wildduck-mta/config/interfaces/feeder.toml create mode 100644 wildduck/wildduck-mta/config/log.toml create mode 100644 wildduck/wildduck-mta/config/plugins/avast.toml create mode 100644 wildduck/wildduck-mta/config/plugins/default-headers.toml create mode 100644 wildduck/wildduck-mta/config/plugins/delivery-counters.toml create mode 100644 wildduck/wildduck-mta/config/plugins/dkim.toml create mode 100644 wildduck/wildduck-mta/config/plugins/email-bounce.toml create mode 100644 wildduck/wildduck-mta/config/plugins/example.toml create mode 100644 wildduck/wildduck-mta/config/plugins/image-hashes.toml create mode 100644 wildduck/wildduck-mta/config/plugins/loop-breaker.toml create mode 100644 wildduck/wildduck-mta/config/plugins/wildduck.toml create mode 100644 wildduck/wildduck-mta/config/plugins/wildduck.toml.old create mode 100644 wildduck/wildduck-mta/config/plugins/zonemta-limiter.toml create mode 100644 wildduck/wildduck-mta/config/pools.toml create mode 100644 wildduck/wildduck-mta/config/queue.toml create mode 100644 wildduck/wildduck-mta/config/wildduck-mta.toml create mode 120000 wildduck/wildduck-mta/config/zonemta.toml create mode 100644 wildduck/wildduck-mta/config/zones/bounces.toml create mode 100644 wildduck/wildduck-mta/config/zones/default.toml create mode 100644 wildduck/wildduck/config/api.toml create mode 100644 wildduck/wildduck/config/attachments.toml create mode 100644 wildduck/wildduck/config/dbs.toml create mode 100644 wildduck/wildduck/config/default.toml create mode 100644 wildduck/wildduck/config/dkim.toml create mode 100644 wildduck/wildduck/config/imap.toml create mode 100644 wildduck/wildduck/config/lmtp.toml create mode 100644 wildduck/wildduck/config/plugins/example.toml create mode 100644 wildduck/wildduck/config/pop3.toml create mode 100644 wildduck/wildduck/config/roles.json create mode 100644 wildduck/wildduck/config/sender.toml create mode 100644 wildduck/wildduck/config/test.toml create mode 100644 wildduck/wildduck/config/tls.toml diff --git a/.env b/.env new file mode 100644 index 0000000..9f06e85 --- /dev/null +++ b/.env @@ -0,0 +1,2 @@ +DOMAIN=domain.com +REVERSE_DNS=com.domain diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..38bf3dc --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +secure diff --git a/README.md b/README.md new file mode 100644 index 0000000..7385ef3 --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# Haraka-Wildduck Docker Mail Server + +## Instalar +- Ejecutar: `./start.sh` <dominio> - Configura los certificados en la carpeta ./secure +- Editar `.env` con el valor del dominio + +## Arrancar +- Instalar `docker` y `docker-compose` +- Ejecutar: docker-compose up -d +- Abrir el navegador http://webmail:3000 + +## Persistencia +- Ejecutar: docker cp mongo:/data/db ./mongodb && chown -R 999.999 ./mongodb +- Ejecutar: docker cp redis:/data ./redis && chown -R 999.999 ./redis +- Descomentar las lineas del archivo `docker-compose.yml` +- Ejecutar: docker-compose down && docker-compose up -d + +### Licencia + +- MIT diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..90cf0e7 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,78 @@ +version: '3' +services: + wildduck: + build: + context: ./wildduck + args: + DOMAIN: $DOMAIN + REVERSE_DNS: $REVERSE_DNS + hostname: wildduck + container_name: wildduck + restart: always + entrypoint: + - /bin/bash + - /entrypoint.sh + ports: + - "25:25/tcp" + - "465:465/tcp" + - "993:993/tcp" + expose: + - 80 + - 12080 + volumes: + - ./entrypoint.sh:/entrypoint.sh:ro + - ./secure:/secure:ro + - ./wildduck/haraka/attachments:/home/node/Haraka/attachments + depends_on: + - redis + - mongo + networks: + mailnet: + + redis: + image: redis + hostname: redis + container_name: redis + restart: always +# volumes: +# - ./redis:/data + expose: + - 6379 + networks: + mailnet: + + mongo: + image: mongo + hostname: mongo + container_name: mongo + restart: always +# volumes: +# - ./mongodb:/data/db + expose: + - 27017 + networks: + mailnet: + + webmail: + build: + context: ./webmail + args: + DOMAIN: $DOMAIN + hostname: webmail + container_name: webmail + restart: always + entrypoint: + - node + - server.js + - --config=/webmail/config/default.toml + ports: + - "3000:3000/tcp" + depends_on: + - redis + - mongo + - wildduck + networks: + mailnet: + +networks: + mailnet: diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..fbb6cbf --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash +cd /haraka +node haraka.js & +cd /wildduck +node server.js & +cd /wildduck-mta +npm start --production diff --git a/secure/.gitignore b/secure/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..9cfb4e8 --- /dev/null +++ b/start.sh @@ -0,0 +1,9 @@ +#!/bin/bash +if [[ ! -z $1 ]]; then + sudo apt install -y opendkim-tools openssl + rm -f ./secure/* + openssl req -newkey rsa:2048 -nodes -keyout ./secure/privkey.pem -x509 -days 365 -subj "/CN=$1" -out ./secure/fullchain.pem + opendkim-genkey -b 2048 -h rsa-sha256 -r -s dkim -d "$1" --directory ./secure +else + echo -e "- Necesita indicar un dominio\nEjemplo: ./start.sh domain.com" +fi diff --git a/webmail/Dockerfile b/webmail/Dockerfile new file mode 100644 index 0000000..b68dffa --- /dev/null +++ b/webmail/Dockerfile @@ -0,0 +1,13 @@ +FROM node:8-slim +ARG DOMAIN +RUN apt update && apt -y install git python make +RUN git clone https://github.com/nodemailer/wildduck-webmail /webmail +WORKDIR /webmail +RUN git checkout 5c54625a8b192823184ba7f5da41f3414e76db94 +COPY ./config /webmail/config +COPY ./views /webmail/views +RUN chown node.node -R /webmail +USER node +RUN npm install +RUN npm run bowerdeps +RUN find ./config ./views -type f -exec sed -i "s/{{DOMAIN}}/$DOMAIN/g" {} + diff --git a/webmail/config/default.toml b/webmail/config/default.toml new file mode 100644 index 0000000..8f178c8 --- /dev/null +++ b/webmail/config/default.toml @@ -0,0 +1,78 @@ +name="webmail.{{DOMAIN}}" + +title="Wild Duck Mail" + +[service] + # email domain for new users + domain="{{DOMAIN}}" + # default quotas for new users + quota=1024 + recipients=2000 + forwards=2000 + identities=10 + allowIdentityEdit=true + allowJoin=true + enableSpecial=true # if true the allow creating addresses with special usernames + # allowed domains for new addresses + domains=["{{DOMAIN}}"] + +[api] +# url="http://127.0.0.1:8080" +# accessToken="" + url="http://wildduck" + accessToken="notoken" + +[dbs] + # mongodb connection string for the main database + mongo="mongodb://mongo:27017/wildduck" + + # redis connection string for Express sessions + redis="redis://redis:6379/3" + +[www] + host="webmail" + port=3000 + proxy=true + postsize="5MB" + log="dev" + secret="secret times" + secure=false +# baseurl="https://webmail.{{DOMAIN}}" + listSize=20 + +[recaptcha] + enabled=false + siteKey="" + secretKey="" + +[totp] + # Issuer name for TOTP, defaults to config.name + issuer=false + # once setup do not change as it would invalidate all existing 2fa sessions + secret="a secret cat" + +[u2f] + # set to false if not using HTTPS + enabled=false + # must be https url or use default + #appId="https://127.0.0.1:8080" + appId="https://webmail.{{DOMAIN}}" + +[log] + level="silly" + mail=true + +[setup] + # these values are shown in the configuration help page + [setup.imap] + hostname="imap.{{DOMAIN}}" + secure=true + port=993 + [setup.pop3] + hostname="imap.{{DOMAIN}}" + secure=true + port=993 + [setup.smtp] + hostname="smtp.{{DOMAIN}}" + secure=true + port=465 diff --git a/webmail/config/development.toml b/webmail/config/development.toml new file mode 100644 index 0000000..2d5cb21 --- /dev/null +++ b/webmail/config/development.toml @@ -0,0 +1,28 @@ +name="Wild Duck Mail Temporary" + +[service] + # email domain for new users + domain="local.tahvel.info" + # default quotas for new users + quota=102400 + # allowed domains for new addresses + domains=["local.tahvel.info", "example.com"] + +[www] + proxy=true + baseurl="https://local.tahvel.info" + +[setup] + # these values are shown in the configuration help page + [setup.imap] + hostname="local.tahvel.info" + secure=true + port=993 + [setup.pop3] + hostname="local.tahvel.info" + secure=true + port=995 + [setup.smtp] + hostname="local.tahvel.info" + secure=false + port=587 diff --git a/webmail/views/account/2fa.hbs b/webmail/views/account/2fa.hbs new file mode 100644 index 0000000..6d77461 --- /dev/null +++ b/webmail/views/account/2fa.hbs @@ -0,0 +1,85 @@ + + +
+
+

Two factor authentication

+
+
+ +
+ +
+ +
+ +
+ + + + + +
+ +

+ Initializing... +

+ +
+
+ or use security code +
+ Cancel +
+ +
+ +
+ +
+ +

+ Open your authentication app and enter the code to log in +

+ +
+ + + +
+ +
+
+ +
+ Cancel +
+ +
+ +
+ +
+ +
+ +
+ +
+
+ + + + + + + diff --git a/webmail/views/account/autoreply.hbs b/webmail/views/account/autoreply.hbs new file mode 100644 index 0000000..16f8681 --- /dev/null +++ b/webmail/views/account/autoreply.hbs @@ -0,0 +1,142 @@ +
+
+

Autoreply

+
+
+ +
+
+
+ + + + +
+
+
+

Autoreply settings

+
+
+ +

+ If enabled then an autoreply message is sent to all incoming messages. If a contact sends multiple messages then the autoreply is sent at most once in every four hours. +

+ +
+ +
+ +
+ +
+ +
+ + +
+ +
+ + +
+ +
+ +
+ + +
+
+ +
+ + +
+ +
+ +
+ +
+
+ +
+
+ +
+
+ + diff --git a/webmail/views/account/create.hbs b/webmail/views/account/create.hbs new file mode 100644 index 0000000..df85d3e --- /dev/null +++ b/webmail/views/account/create.hbs @@ -0,0 +1,140 @@ +
+
+

Create new account

+
+
+ +
+
+ +
+ + + +
+
+

Account information

+
+
+ +

+ Enter your account details. Account username is allowed to include latin characters only. Activated accounts can add extra identity addresses that may contain unicode characters as well. +

+ +
+
+ +
+ + + {{#if errors.name}} + {{errors.name}} + {{/if}} +
+ +
+ +
+ + + + +
    + {{#each domains}} +
  • {{this}}
    • + {{/each}} +
+ +
+ + {{#if errors.username}} + {{errors.username}} + {{else}} + Latin letters and numbers only. Dots and dashes are allowed as separators. + {{/if}} +
+ +
+ + + {{#if errors.password}} + {{errors.password}} + {{/if}} +
+ +
+ + +
+ +
+
+ +
+
+ +
+
+ +
+ {{#if recaptcha}} + + {{else}} + + {{/if}} +
+
+
+ +
+ +
+
+ +{{#if recaptcha}} + + + +{{/if}} + + diff --git a/webmail/views/account/filters.hbs b/webmail/views/account/filters.hbs new file mode 100644 index 0000000..7aeeb91 --- /dev/null +++ b/webmail/views/account/filters.hbs @@ -0,0 +1,88 @@ +
+
+

Filters

+
+
+ +
+
+ +
+
+

Mail Filters

+
+

Here you can create and modify filters that apply on all incoming messages.

+
+ + + {{#if filters}} + {{#each filters}} + + + + + {{/each}} + {{else}} + + + + {{/if}} + +
+ {{index}} + +
+ Edit + + +
+
+ Query: {{query}}
Action: {{action}} +
+
+ There are no filters created +
+ +
+
+ Add new filter +
+ +
+
+ +
+
+ + + + + diff --git a/webmail/views/account/filters/create.hbs b/webmail/views/account/filters/create.hbs new file mode 100644 index 0000000..ded7abc --- /dev/null +++ b/webmail/views/account/filters/create.hbs @@ -0,0 +1,18 @@ +
+
+

Create filter

+
+
+ + +
+ + + {{> filter}} + +
+ + Cancel +
+ +
diff --git a/webmail/views/account/filters/edit.hbs b/webmail/views/account/filters/edit.hbs new file mode 100644 index 0000000..c5042fa --- /dev/null +++ b/webmail/views/account/filters/edit.hbs @@ -0,0 +1,18 @@ +
+
+

Updated filter

+
+
+ +
+ + + + {{> filter}} + +
+ + Cancel +
+ +
diff --git a/webmail/views/account/identities.hbs b/webmail/views/account/identities.hbs new file mode 100644 index 0000000..2aad585 --- /dev/null +++ b/webmail/views/account/identities.hbs @@ -0,0 +1,131 @@ +
+
+

Account

+
+
+ +
+
+ + +
    + {{> accountmenu}} +
+ +
+
+ +

 

+ +
+
+

Manage identities

+
+

Here you can add and modify alias addresses for your account. Aliases act just like your main address. You can not send out emails from identities that you do not own.

+
+ + + + + + + + + + {{#each identities}} + + + + + + + + + + + + {{/each}} + +
+   + + Identity name + + Alias Address + + Created + +   +
+ {{index}} + + {{#if name}} + {{name}} + {{else}} + + {{/if}} + + {{#if main}} + {{address}} (default) + {{else}} + {{address}} + {{/if}} + + {{created}} + + {{#if ../canEdit}} + Edit + {{/if}} + +
+ +
+
+ {{#if canCreate}} + Add new address + {{else}} +

+ Maximum amount of identities created +

+ {{/if}} +
+
+
+
+
+
+
+ + + + + diff --git a/webmail/views/account/identities/create.hbs b/webmail/views/account/identities/create.hbs new file mode 100644 index 0000000..7492cf3 --- /dev/null +++ b/webmail/views/account/identities/create.hbs @@ -0,0 +1,46 @@ +
+
+

Account

+
+
+ +
+
+ + +
    + {{> accountmenu}} +
+ +
+
+ +

 

+ +
+ + + +
+
+

Identity information

+
+
+ +
+
+ {{> identity}} +
+
+ +
+ + Cancel +
+
+
+
+
+
+
+
diff --git a/webmail/views/account/identities/edit.hbs b/webmail/views/account/identities/edit.hbs new file mode 100644 index 0000000..44bcdce --- /dev/null +++ b/webmail/views/account/identities/edit.hbs @@ -0,0 +1,46 @@ +
+
+

Account

+
+
+ +
+
+ + +
    + {{> accountmenu}} +
+ +
+
+ +

 

+
+ + + + +
+
+

Identity information

+
+
+ +
+
+ {{> identity}} +
+
+ +
+ + Cancel +
+
+
+
+
+
+
+
diff --git a/webmail/views/account/index.hbs b/webmail/views/account/index.hbs new file mode 100644 index 0000000..6addc7c --- /dev/null +++ b/webmail/views/account/index.hbs @@ -0,0 +1,103 @@ +
+
+

Account

+
+
+ +
+
+ + +
    + {{> accountmenu}} +
+ +
+
+ +

 

+ +
+
+ +
+ +
+

+ {{address}} +

+
+
+ +
+
+ +
+
+ +
+ +
+

+ Used {{storageUsed}} of {{quota}} +

+
+
+ +
+
+ {{storageOverview}}% +
+
+ +
+ +
+

+ Sent {{recipientsSent}} messages, daily allowed quota {{recipients}} messages +

+
+
+ +
+
+ {{recipientsOverview}}% +
+
+ +
+ +
+

+ Forwarded {{forwardsSent}} messages, daily allowed quota {{forwards}} messages +

+
+
+ +
+
+ {{forwardsOverview}}% +
+
+
+
+ +
+
+
+
+ + + diff --git a/webmail/views/account/login.hbs b/webmail/views/account/login.hbs new file mode 100644 index 0000000..6553630 --- /dev/null +++ b/webmail/views/account/login.hbs @@ -0,0 +1,68 @@ +
+
+

Log in

+
+
+ +
+
+ +
+ + + +
+
+

Account information

+
+
+ +
+
+ +
+ + + {{#if errors.username}} + {{errors.username}}{{#if errors.username_action}} – {{errors.username_action.title}}{{/if}} + {{/if}} +
+ +
+ + + {{#if errors.password}} + {{errors.password}} + {{/if}} +
+
+
+ +
+
+ +
+
+ + +
+ +
+
+ +
+
+ +
+
+ + + diff --git a/webmail/views/account/login.hbs.new b/webmail/views/account/login.hbs.new new file mode 100644 index 0000000..ceedeca --- /dev/null +++ b/webmail/views/account/login.hbs.new @@ -0,0 +1,52 @@ +
+
+

Log in (Autoconfig with thunderbird)

+
+
+ +
+
+ +
+ + +
+ +
+ +
+ + @{{serviceDomain}} +
+ {{#if errors.username}} + {{errors.username}}{{#if errors.username_action}} – {{errors.username_action.title}}{{/if}} + {{/if}} +
+ +
+ + + {{#if errors.password}} + {{errors.password}} + {{/if}} +
+ +
+
+ +
+
+ +
+ +
+ +
+ +
+ +
+
+ diff --git a/webmail/views/account/login.hbs.orig b/webmail/views/account/login.hbs.orig new file mode 100644 index 0000000..6553630 --- /dev/null +++ b/webmail/views/account/login.hbs.orig @@ -0,0 +1,68 @@ +
+
+

Log in

+
+
+ +
+
+ +
+ + + +
+
+

Account information

+
+
+ +
+
+ +
+ + + {{#if errors.username}} + {{errors.username}}{{#if errors.username_action}} – {{errors.username_action.title}}{{/if}} + {{/if}} +
+ +
+ + + {{#if errors.password}} + {{errors.password}} + {{/if}} +
+
+
+ +
+
+ +
+
+ + +
+ +
+
+ +
+
+ +
+
+ + + diff --git a/webmail/views/account/profile.hbs b/webmail/views/account/profile.hbs new file mode 100644 index 0000000..6523035 --- /dev/null +++ b/webmail/views/account/profile.hbs @@ -0,0 +1,98 @@ +
+
+

Account

+
+
+ +
+
+ + +
    + {{> accountmenu}} +
+ +
+
+ +

 

+ + +
+ + +
+
+
+

General

+
+
+ +
+ +
+

{{values.username}}

+
+
+ +
+ + + {{#if errors.name}} + {{errors.name}} + {{/if}} +
+ +
+ + + + {{#if errors.spamLevel}} + {{errors.spamLevel}} + {{/if}} +
+ +
+
+ +
+
+

Message forwarding

+
+
+ +

+ Leave the following fields blank if you do not wish to forward all incoming emails +

+ +
+ + + {{#if errors.targets}} + {{errors.targets}} + {{/if}} + Use comma separated list of addresses for multiple recipients +
+
+
+ +
+ +
+ +
+ +
+
+
+
+
diff --git a/webmail/views/account/security.hbs b/webmail/views/account/security.hbs new file mode 100644 index 0000000..8c6914c --- /dev/null +++ b/webmail/views/account/security.hbs @@ -0,0 +1,26 @@ +
+
+

Security

+
+
+ +
+
+ + +
    + {{> securitymenu}} +
+ +
+
+ +

 

+ +

+ Future feature +

+
+
+
+
diff --git a/webmail/views/account/security/2fa.hbs b/webmail/views/account/security/2fa.hbs new file mode 100644 index 0000000..f3bf0ae --- /dev/null +++ b/webmail/views/account/security/2fa.hbs @@ -0,0 +1,131 @@ +
+
+

Security

+
+
+ +
+
+ + +
    + {{> securitymenu}} +
+ +
+
+ +

 

+ +
+
+

Two factor authentication

+
+
+

+ If two-factor authentication is enabled then you will be required to enter a code from an authenticator app when logging in. + TOTP compatible authenticator app like Google Authenticator is needed to use two-factor authentication. +

+ +

+ + + +

+ +

+ External applications can not access IMAP, POP3 ja SMTP using the account password if two-factor authentication is enabled. Application specific passwords must be generated instead for these applications. +

+
+ + + + + + + + {{#if enabled2fa}} + + + + + {{/if}} +
+ {{#if enabled2fa}} + Two factor authentication is Enabled + {{else}} + Two factor authentication is Disabled + {{/if}} + + {{#if enabled2fa}} + + {{else}} +
+ + +
+ {{/if}} +
+ {{#if enabledU2f}} + U2F security key is Enabled + {{else}} + U2F security key is Disabled + {{/if}} + + {{#if enabledU2f}} + + {{else}} +
+ + +
+ {{/if}} +
+
+
+
+
+
+ + + + + diff --git a/webmail/views/account/security/asp.hbs b/webmail/views/account/security/asp.hbs new file mode 100644 index 0000000..3e184b5 --- /dev/null +++ b/webmail/views/account/security/asp.hbs @@ -0,0 +1,35 @@ +
+ + +
+ +
+
+

Application specific password

+
+
+ +

+ Use the generated password in external application for IMAP, POP3 or SMTP +

+ +

+ {{description}} +

+ +

+ {{passwordFormatted}} +

+ +

+ For OSX and iOS you can download configuration profile to auto-configure your email application +

+ +

+

+ OSX / iOS +
+ Go back +

+
+
diff --git a/webmail/views/account/security/asps.hbs b/webmail/views/account/security/asps.hbs new file mode 100644 index 0000000..6c4f9be --- /dev/null +++ b/webmail/views/account/security/asps.hbs @@ -0,0 +1,151 @@ +
+
+

Security

+
+
+ +
+
+ + +
    + {{> securitymenu}} +
+ +
+
+ +

 

+ +
+
+

Application specific passwords

+
+

Here are listed passwords generated for specific applications. If the password is leaked then delete it and generate a new one.

+

+ Application Specific Passwords must be used for external applications if two factor authentication is enabled. +

+
+ + + + + + + + + + + + {{#if asps}} + + {{#each asps}} + + + + + + + + {{/each}} + {{else}} + + + + {{/if}} + +
+ # + + Description + + Created + + Used + +   +
+ {{index}} + + {{description}} + + {{created}} + + {{#if lastUse.time}} + {{lastUse.time}} + {{else}} + never + {{/if}} + +
+ +
+
+ No application specific passwords generated +
+
+ +
+ + +
+
+
+

Create new application specific password

+
+
+ +
+ + + {{#if errors.description}} + {{errors.description}} + {{/if}} +
+ +
+ +
+ +
+
+
+
+
+
+
+
+ + + + + + diff --git a/webmail/views/account/security/enable-totp.hbs b/webmail/views/account/security/enable-totp.hbs new file mode 100644 index 0000000..e02f68a --- /dev/null +++ b/webmail/views/account/security/enable-totp.hbs @@ -0,0 +1,34 @@ +
+ + +
+
+

Two factor authentication

+
+
+ +

+ Scan the code with an authenticator app and enter resulting security code below to verify +

+ +

+ +

+ +
+ + + +
+ +
+
+ +
+ Cancel +
+
+
+
+ + diff --git a/webmail/views/account/security/enable-u2f.hbs b/webmail/views/account/security/enable-u2f.hbs new file mode 100644 index 0000000..08b4fa8 --- /dev/null +++ b/webmail/views/account/security/enable-u2f.hbs @@ -0,0 +1,45 @@ + + + + + + +
+
+

Two factor authentication

+
+
+ +
+ +
+ +
+ + + + + +
+ +

+ Initializing... +

+ +
+ Cancel +
+
+
+ + + + + diff --git a/webmail/views/account/security/events.hbs b/webmail/views/account/security/events.hbs new file mode 100644 index 0000000..3ff2971 --- /dev/null +++ b/webmail/views/account/security/events.hbs @@ -0,0 +1,115 @@ +
+
+

Security

+
+
+ +
+
+ + +
    + {{> securitymenu}} +
+ +
+
+ +

 

+ + + + + + + + + + + + + + {{#if results}} + + {{#each results}} + + + + + + + + + {{/each}} + {{else}} + + + + {{/if}} + +
+ Environment + + Action + + Result + + IP + + Session + + Time +
+ {{protocol}} + + + + {{#if asp}} +
+ {{asp.name}} +
+ {{/if}} + + {{action}} + + ({{events}}) + 		+ {{#if label}} + {{result}} + {{else}} + {{result}} + {{/if}} + + {{ip}} + + {{#if sess}} + {{sessStr}} + {{else}} + – + {{/if}} + + {{created}} +
+ No events found +
+ + + +
+
+
+
diff --git a/webmail/views/account/security/gpg.hbs b/webmail/views/account/security/gpg.hbs new file mode 100644 index 0000000..5323f73 --- /dev/null +++ b/webmail/views/account/security/gpg.hbs @@ -0,0 +1,98 @@ +
+
+

Security

+
+
+ +
+
+ + +
    + {{> securitymenu}} +
+ +
+
+ +

 

+ +
+ + +
+ +
+
+

GPG Encryption

+
+
+ +

+ If encryption is enabled then all cleartext messages that are archived to this + account are encrypted using provided public key. Private key is not known to the + service so if they key is lost then messages can not be recovered. {{serviceName}} + is able to display encrypted messages if Mailvelope browser extension is + installed, otherwise you would have to download the messages and open these in a + GPG-compatible email client. +

+ +
+ + + {{#if errors.encryptMessages}} + {{errors.encryptMessages}} + {{/if}} +
+ + {{#if fingerprint}} +
+ +
+
+ +
+
+ {{fingerprint}} + {{#if keyAddress}}({{keyAddress}}){{/if}} +
+
+
+ {{/if}} + +
+ + + {{#if errors.pubKey}} + {{errors.pubKey}} + {{/if}} + Leave empty if you do not want to replace the current + key +
+ +
+ +
+ +
+
+
+
+
+
+
+
\ No newline at end of file diff --git a/webmail/views/account/security/password.hbs b/webmail/views/account/security/password.hbs new file mode 100644 index 0000000..8aa632b --- /dev/null +++ b/webmail/views/account/security/password.hbs @@ -0,0 +1,67 @@ +
+
+

Security

+
+
+ +
+
+ + +
    + {{> securitymenu}} +
+ +
+
+ +

 

+ +
+ + +
+ +
+
+

Change Password

+
+
+ +

+ Change your account password here +

+ +
+ + + {{#if errors.existingPassword}} + {{errors.existingPassword}} + {{/if}} +
+ +
+ + + {{#if errors.password}} + {{errors.password}} + {{/if}} +
+ +
+ + +
+ +
+ +
+ +
+
+
+
+
+
+
+
diff --git a/webmail/views/account/update-password.hbs b/webmail/views/account/update-password.hbs new file mode 100644 index 0000000..9258a94 --- /dev/null +++ b/webmail/views/account/update-password.hbs @@ -0,0 +1,43 @@ +
+
+

Change Password

+
+
+ +
+ + +

+ Your password needs to be changed. Enter your new account password below +

+ +
+ + + {{#if errors.password}} + {{errors.password}} + {{/if}} +
+ +
+ + + {{#if errors.password2}} + {{errors.password2}} + {{/if}} +
+ +
+
+ +
+ Cancel +
+ +
+ +
+ +
+ +
diff --git a/webmail/views/error.hbs b/webmail/views/error.hbs new file mode 100644 index 0000000..9577352 --- /dev/null +++ b/webmail/views/error.hbs @@ -0,0 +1,7 @@ +

{{error.status}} Error

+ +

{{message}}

+ +{{#if error.stack}} + 
{{error.stack}}
+{{/if}} diff --git a/webmail/views/help.hbs b/webmail/views/help.hbs new file mode 100644 index 0000000..a06de21 --- /dev/null +++ b/webmail/views/help.hbs @@ -0,0 +1,160 @@ +
+
+

Help

+
+
+ +
+
+

Account configuration

+
+

+ Use the following configuration for your desktop email client. +

+
+ + + + + + + + + + + + + + + + + {{#if user}} + + + + + + + {{/if}} + + + + + + + + + + + + + + + + + + + + + {{#if user}} + + + + + {{else}} + + + + {{/if}} + + + + + + + + +
+   + + IMAP + + POP3 + + SMTP +
+ Description + + Access all messages and mailboxes + + Access INBOX + + Send messages +
+ E-mail address + + {{user.username}}@{{serviceDomain}} + + {{user.username}}@{{serviceDomain}} + + {{user.username}}@{{serviceDomain}} +
+ Server + + {{setup.imap.hostname}} + + {{setup.pop3.hostname}} + + {{setup.smtp.hostname}} +
+ Port + + {{setup.imap.port}} + + {{setup.pop3.port}} + + {{setup.smtp.port}} +
+ Security + + {{#if setup.imap.secure}} + TLS/SSL + {{else}} + STARTTLS + {{/if}} + + {{#if setup.pop3.secure}} + TLS/SSL + {{else}} + STARTTLS + {{/if}} + + {{#if setup.smtp.secure}} + TLS/SSL + {{else}} + STARTTLS + {{/if}} +
+ Username + + {{user.username}} + + {{user.username}} + + {{user.username}} + + Your username + + Your username + + Your username +
+ Password + + ******** + + ******** + + ******** +
+
diff --git a/webmail/views/index.hbs b/webmail/views/index.hbs new file mode 100644 index 0000000..634552f --- /dev/null +++ b/webmail/views/index.hbs @@ -0,0 +1,3 @@ + diff --git a/webmail/views/layout-popup.hbs b/webmail/views/layout-popup.hbs new file mode 100644 index 0000000..2028807 --- /dev/null +++ b/webmail/views/layout-popup.hbs @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + {{serviceName}} + {{#if title}} | {{title}}{{/if}} + + + + + + + + + + +
+ {{flash_messages}} +
+ +
+ +
+ {{{body}}} +
+ +
+ + + + + {{> scripts}} + + + diff --git a/webmail/views/layout-webmail.hbs b/webmail/views/layout-webmail.hbs new file mode 100644 index 0000000..ab47edf --- /dev/null +++ b/webmail/views/layout-webmail.hbs @@ -0,0 +1,67 @@ + + + + + {{>header}} + + + + + {{>navbar}} + +
+ {{flash_messages}} +
+ +
+
+
+ + +
+ Compose message +
+ + +
+
+ +
+ {{{body}}} + +
+
+ + + + {{> scripts}} + + + + diff --git a/webmail/views/layout.hbs b/webmail/views/layout.hbs new file mode 100644 index 0000000..9c47371 --- /dev/null +++ b/webmail/views/layout.hbs @@ -0,0 +1,30 @@ + + + + + {{>header}} + + + + + {{>navbar}} +
+ {{flash_messages}} +
+ +
+ + {{{body}}} + +
+ + + + {{> scripts}} + + + diff --git a/webmail/views/partials/accountmenu.hbs b/webmail/views/partials/accountmenu.hbs new file mode 100644 index 0000000..3485173 --- /dev/null +++ b/webmail/views/partials/accountmenu.hbs @@ -0,0 +1,3 @@ + + + diff --git a/webmail/views/partials/filter.hbs b/webmail/views/partials/filter.hbs new file mode 100644 index 0000000..1a3035d --- /dev/null +++ b/webmail/views/partials/filter.hbs @@ -0,0 +1,150 @@ +
+
+ +
+
Search messages by:
+
+ +
+ + + {{#if errors.query_from}} + {{errors.query_from}} + {{/if}} +
+ +
+ + + {{#if errors.query_to}} + {{errors.query_to}} + {{/if}} +
+ +
+ + + {{#if errors.query_subject}} + {{errors.query_subject}} + {{/if}} +
+ +
+ + + {{#if errors.query_text}} + {{errors.query_text}} + {{/if}} +
+ +
+ + + {{#if errors.query_listId}} + {{errors.query_listId}} + {{/if}} +
+ +
+ +
+ + +
+ {{#if errors.query_ha}} + {{errors.query_ha}} + {{/if}} +
+ +
+ +
+
+ Message size is + +
+
+ +
+
+ +
+
+ {{#if errors.query_size}} + {{errors.query_size}} + {{/if}} +
+ +
+
+
+
+
+
When a message arrives that matches this search:
+
+
+ +
+ +
+ +
+ +
+ + + {{#if errors.action_mailbox}} + {{errors.action_mailbox}} + {{/if}} +
+ +
+ + + Somma separated list of email addresses or URLs + {{#if errors.action_targets}} + {{errors.action_targets}} + {{/if}} +
+ +
+ +
+ +
+ +
+ +
+ +
+
+
+
+
diff --git a/webmail/views/partials/header.hbs b/webmail/views/partials/header.hbs new file mode 100644 index 0000000..a7705e4 --- /dev/null +++ b/webmail/views/partials/header.hbs @@ -0,0 +1,18 @@ + + + + + + + + + + + +{{serviceName}} + {{#if title}} | {{title}}{{/if}} + + + + + diff --git a/webmail/views/partials/identity.hbs b/webmail/views/partials/identity.hbs new file mode 100644 index 0000000..9bade86 --- /dev/null +++ b/webmail/views/partials/identity.hbs @@ -0,0 +1,68 @@ +
+ + + {{#if errors.name}} + {{errors.name}} + {{else}} + This name is used as the sender name when using this identity. Keep blank to default to your account name + {{/if}} +
+ +
+ +
+ + + +
    + {{#each domains}} +
  • {{this}}
    • + {{/each}} +
+ +
+ + {{#if errors.address}} + {{errors.address}} + {{else}} + Unicode characters are allowed in alias addresses. + {{/if}} +
+ +{{#unless isMain}} +
+
+ +
+
+{{/unless}} + + diff --git a/webmail/views/partials/mailbox.hbs b/webmail/views/partials/mailbox.hbs new file mode 100644 index 0000000..cac454f --- /dev/null +++ b/webmail/views/partials/mailbox.hbs @@ -0,0 +1,44 @@ +
+
+
+

Mailbox settings

+
+
+ + {{#if isInbox}} + +
+ + + INBOX folder can not be modified +
+ + {{else}} + +
+ + + + {{#if errors.parent}} + {{errors.parent}} + {{/if}} +
+ +
+ + + {{#if errors.name}} + {{errors.name}} + {{/if}} +
+ {{/if}} +
+
+
diff --git a/webmail/views/partials/messagerow.hbs b/webmail/views/partials/messagerow.hbs new file mode 100644 index 0000000..d9a7df9 --- /dev/null +++ b/webmail/views/partials/messagerow.hbs @@ -0,0 +1,51 @@ + + + + + + + + + + + + + + {{{fromHtml}}} + + + + + + + {{#if mailboxName}} + {{mailboxName}} + {{/if}} + + {{subject}}{{#if intro}} – {{intro}}{{/if}} + + + + + + + {{#if encrypted}} + + {{else}} + {{#if attachments}} + + {{/if}} + {{/if}} + + + + + + + {{date}} + + + + + + diff --git a/webmail/views/partials/navbar.hbs b/webmail/views/partials/navbar.hbs new file mode 100644 index 0000000..6e28cf0 --- /dev/null +++ b/webmail/views/partials/navbar.hbs @@ -0,0 +1,85 @@ + diff --git a/webmail/views/partials/scripts.hbs b/webmail/views/partials/scripts.hbs new file mode 100644 index 0000000..b018101 --- /dev/null +++ b/webmail/views/partials/scripts.hbs @@ -0,0 +1,71 @@ + + + + + + + + + + + + + + + + + + + + + + + +{{#if inboxId}} + +{{else}} + +{{/if}} + +{{#if successlog}} + + +{{/if}} + + diff --git a/webmail/views/partials/searchfield.hbs b/webmail/views/partials/searchfield.hbs new file mode 100644 index 0000000..46b1ffc --- /dev/null +++ b/webmail/views/partials/searchfield.hbs @@ -0,0 +1,8 @@ +
+
+ + + + +
+
diff --git a/webmail/views/partials/securitymenu.hbs b/webmail/views/partials/securitymenu.hbs new file mode 100644 index 0000000..abbef6f --- /dev/null +++ b/webmail/views/partials/securitymenu.hbs @@ -0,0 +1,5 @@ + + + + + diff --git a/webmail/views/partials/tos.hbs b/webmail/views/partials/tos.hbs new file mode 100644 index 0000000..d68c041 --- /dev/null +++ b/webmail/views/partials/tos.hbs @@ -0,0 +1,57 @@ +

Last updated: January 24, 2018

+ + +

Please read these Terms and Conditions ("Terms", "Terms and Conditions") carefully before using the http://{{serviceDomain}} website (the "Service") operated by {{serviceName}} ("us", "we", or "our").

+ +

Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Service.

+ +

By accessing or using the Service you agree to be bound by these Terms. If you disagree with any part of the terms then you may not access the Service. Terms and Conditions for {{serviceName}} based on the T&C example from TermsFeed.

+ +

Accounts

+ +

When you create an account with us, you must provide us information that is accurate, complete, and current at all times. Failure to do so constitutes a breach of the Terms, which may result in immediate termination of your account on our Service.

+ +

You are responsible for safeguarding the password that you use to access the Service and for any activities or actions under your password, whether your password is with our Service or a third-party service.

+ +

You agree not to disclose your password to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.

+ + +

Links To Other Web Sites

+ +

Our Service may contain links to third-party web sites or services that are not owned or controlled by {{serviceName}}.

+ +

{{serviceName}} has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that {{serviceName}} shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.

+ +

We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or services that you visit.

+ + +

Termination

+ +

We may terminate or suspend access to our Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

+ +

All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.

+ +

We may terminate or suspend your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

+ +

Upon termination, your right to use the Service will immediately cease. If you wish to terminate your account, you may simply discontinue using the Service.

+ +

All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.

+ + +

Governing Law

+ +

These Terms shall be governed and construed in accordance with the laws of Estonia, without regard to its conflict of law provisions.

+ +

Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service, and supersede and replace any prior agreements we might have between us regarding the Service.

+ + +

Changes

+ +

We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.

+ +

By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Service.

+ + +

Contact Us

+ +

If you have any questions about these Terms, please contact us.

diff --git a/webmail/views/tos.hbs b/webmail/views/tos.hbs new file mode 100644 index 0000000..936d5ba --- /dev/null +++ b/webmail/views/tos.hbs @@ -0,0 +1,13 @@ +
+
+

Terms and Conditions ("Terms")

+
+
+ +
+
+

TOS

+
+ {{>tos}} +
+
diff --git a/webmail/views/webmail/audit.hbs b/webmail/views/webmail/audit.hbs new file mode 100644 index 0000000..ce03056 --- /dev/null +++ b/webmail/views/webmail/audit.hbs @@ -0,0 +1,134 @@ +

+
+ + + + +
+ {{messageData.subject}} +
+
+ +
+ +
+

+ +

+ Below are displayed timeline events related to the selected message. This includes receive info, forwarding and autoreplies +

+ +{{#each events}} +
+ + {{#if actionDescription}} + {{#if action}} +
Action
+
{{actionDescription}}
+ {{/if}} + {{else}} + {{#if action}} +
Action
+
{{action}}
+ {{/if}} + {{/if}} + +
ID
+
{{id}}{{#if seq}}.{{seq}}{{/if}}
+ +
Time
+
{{time}}
+ + {{#if messageId}} +
Message-ID
+
{{messageId}}
+ {{/if}} + + {{#if from}} +
From
+
{{from}}
+ {{/if}} + + {{#if to}} +
To
+
{{to}}
+ {{/if}} + + {{#if targetList}} +
{{#if toTitle}}{{toTitle}}{{else}}Forwarding{{/if}}
+
+ {{#each targetList}} +
{{../id}}.{{seq}}: {{text}} {{value}}
+ {{/each}} +
+ {{/if}} + + {{#if origin}} +
Sending host
+
{{origin}}
+ {{/if}} + + {{#if src}} +
Local address
+
{{src}}
+ {{/if}} + + {{#if mx}} +
Destination
+
{{mx}} + {{#if dst}} + [{{dst}}] + {{/if}} +
+ {{/if}} + + {{#if response}} +
Server response
+
{{response}}
+ {{/if}} + + {{#if error}} +
Error message
+
{{error}}
+ {{/if}} + +
+{{/each}} + +

+   +

+ + diff --git a/webmail/views/webmail/create.hbs b/webmail/views/webmail/create.hbs new file mode 100644 index 0000000..42cdec8 --- /dev/null +++ b/webmail/views/webmail/create.hbs @@ -0,0 +1,46 @@ + +

Create folder

+ +
+ + + {{> mailbox}} + +
+ +
+ +
+ + diff --git a/webmail/views/webmail/index.hbs b/webmail/views/webmail/index.hbs new file mode 100644 index 0000000..d528b78 --- /dev/null +++ b/webmail/views/webmail/index.hbs @@ -0,0 +1,754 @@ + +

+ {{#if mailbox.editable}} +
+ Settings +
+ {{/if}} + {{#if mailbox.icon}} + + {{else}} + + {{/if}} + {{mailbox.name}} +

+ +
+ +
+
+ +
+
+
+ + + + + + + + + +
+ + +
+ +
+
+
+ +
+ {{>searchfield}} +
+ +
+ +
+ +{{#if isTrash}} + +{{/if}} + +{{#if isJunk}} + +{{/if}} + +
+ + + + + + + + + + + + + {{#each messages}} + {{>messagerow}} + {{/each}} + +
+
+ + + + + + + + + + + + + + + + + + diff --git a/webmail/views/webmail/mailbox.hbs b/webmail/views/webmail/mailbox.hbs new file mode 100644 index 0000000..881ecd9 --- /dev/null +++ b/webmail/views/webmail/mailbox.hbs @@ -0,0 +1,75 @@ + +

{{mailbox.name}}

+ +
+ + + {{> mailbox}} + + {{#unless isInbox}} +
+ {{#unless isSpecial}} +
+ +
+ {{/unless}} + +
+ {{/unless}} + +
+ + + + diff --git a/webmail/views/webmail/message.hbs b/webmail/views/webmail/message.hbs new file mode 100644 index 0000000..b55c1bf --- /dev/null +++ b/webmail/views/webmail/message.hbs @@ -0,0 +1,630 @@ + + + + +

+
+ + + + +
+ + + {{message.subject}} +
+
+ +
+
+ + +
+
+

+ +
+
+ +
+
+ + + Reply + + Reply to all + + Forward + + + + + + + + + +
+ + +
+ +
+
+
+ +
+ {{>searchfield}} +
+ +
+ +
+ +{{#each message.info}} +
+ {{key}}: + {{#if icon}} + + {{/if}} + + {{#if isHtml}}{{{value}}}{{else}}{{value}}{{/if}} + + + {{#if @first}} + {{#if ../message.securityInfo}} + + + {{/if}} + {{/if}} + +
+{{/each}} +{{#if expires}} +
+ Message expires: + + {{expires}} + +
+{{/if}} + +
+ +{{#if message.encrypted}} + + + + +
+ + + + +{{else}} + +
+ +{{#if message.attachments}} +
+ {{#each message.attachments}} + {{filename}} + {{/each}} +
+{{/if}} + +

+   +

+ + + + + +{{/if}} + + + + + + + + \ No newline at end of file diff --git a/webmail/views/webmail/send.hbs b/webmail/views/webmail/send.hbs new file mode 100644 index 0000000..9cb041d --- /dev/null +++ b/webmail/views/webmail/send.hbs @@ -0,0 +1,382 @@ + + +
+ + + + + + + + +
+
+
+
+
+ + + + + {{#if values.draft}} + + {{/if}} +
+
+
+
+
+ +
+ +
+ + {{#if errors.from}} + {{errors.from}} + {{/if}} +
+
+ +
+ +
+ + {{#if errors.to}} + {{errors.to}} + {{/if}} +
+
+ +
+ +
+ + {{#if errors.cc}} + {{errors.cc}} + {{/if}} +
+
+ +
+ +
+ + {{#if errors.bcc}} + {{errors.bcc}} + {{/if}} +
+
+ +
+ From + Cc + Bcc +
+ +
+ +
+ + {{#if errors.subject}} + {{errors.subject}} + {{/if}} +
+
+ +
+
+ + {{#if errors.editordata}} + {{errors.editordata}} + {{/if}} +
+
+ +
+
+ + + + + {{#if errors.attachment}} + {{errors.attachment}} + {{/if}} +
+
+ + + + + + +
+ + + + + + + + diff --git a/wildduck/Dockerfile b/wildduck/Dockerfile new file mode 100644 index 0000000..97ce37e --- /dev/null +++ b/wildduck/Dockerfile @@ -0,0 +1,24 @@ +FROM node:10-slim +ARG DOMAIN +ARG REVERSE_DNS +RUN apt update && apt -y install git python make g++ libcap2-bin +RUN git clone https://github.com/nodemailer/wildduck /wildduck +RUN git clone https://github.com/zone-eu/zone-mta-template /wildduck-mta +RUN git clone https://github.com/haraka/Haraka /haraka +COPY ./haraka/config /haraka/config +COPY ./wildduck/config /wildduck/config +COPY ./wildduck-mta/config /wildduck-mta/config +RUN chown node.node -R /wildduck /wildduck-mta /haraka +RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/node +USER node +WORKDIR /wildduck +RUN npm install --production +WORKDIR /wildduck-mta +RUN npm install --production +RUN npm install zonemta-wildduck -S +RUN npm install zonemta-limiter -S +WORKDIR /haraka +RUN npm install +RUN npm install haraka-plugin-wildduck -S +RUN find ../haraka/config ../wildduck/config ../wildduck-mta/config -type f -exec sed -i "s/{{DOMAIN}}/$DOMAIN/g" {} + +RUN find ../haraka/config ../wildduck/config ../wildduck-mta/config -type f -exec sed -i "s/{{REVERSE_DNS}}/$REVERSE_DNS/g" {} + diff --git a/wildduck/haraka/attachments/.gitignore b/wildduck/haraka/attachments/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/wildduck/haraka/config/access.domains b/wildduck/haraka/config/access.domains new file mode 100755 index 0000000..17b50fc --- /dev/null +++ b/wildduck/haraka/config/access.domains @@ -0,0 +1,13 @@ +# Basic whitelist/blacklist mechanism for domains and e-mail addresses +# add a single domain or e-mail per line +# default behavior for entries is to DENY or blacklist +# reverse behavior by prepending an exclamation point ! +# foo.com <-- denied +# !foo.com <-- allowed +# +# More complex/granular behaviors are possible, e.g. +# To block everything claiming to be from aol.com, but still allow a single aol address: +# aol.com +# !friend@aol.com +# +# See full docs for details: http://haraka.github.io/manual/plugins/access.html diff --git a/wildduck/haraka/config/access.ini b/wildduck/haraka/config/access.ini new file mode 100755 index 0000000..2d6a1a9 --- /dev/null +++ b/wildduck/haraka/config/access.ini @@ -0,0 +1,6 @@ +[check] +any=false +conn=true +helo=false +mail=true +rcpt=true diff --git a/wildduck/haraka/config/aliases b/wildduck/haraka/config/aliases new file mode 100755 index 0000000..04c80db --- /dev/null +++ b/wildduck/haraka/config/aliases @@ -0,0 +1,14 @@ +{ + "postmaster@{{DOMAIN}}": { + "action": "alias", "to": ["webmaster@{{DOMAIN}}"] + }, + "info@{{DOMAIN}}": { + "action": "alias", "to": ["webmaster@{{DOMAIN}}"] + }, + "admin@{{DOMAIN}}": { + "action": "alias", "to": ["webmaster@{{DOMAIN}}"] + }, + "root@{{DOMAIN}}": { + "action": "alias", "to": ["webmaster@{{DOMAIN}}"] + } +} diff --git a/wildduck/haraka/config/attachment.ctype.regex b/wildduck/haraka/config/attachment.ctype.regex new file mode 100755 index 0000000..0798108 --- /dev/null +++ b/wildduck/haraka/config/attachment.ctype.regex @@ -0,0 +1,2 @@ +executable +partial diff --git a/wildduck/haraka/config/attachment.filename.regex b/wildduck/haraka/config/attachment.filename.regex new file mode 100755 index 0000000..954d4f5 --- /dev/null +++ b/wildduck/haraka/config/attachment.filename.regex @@ -0,0 +1 @@ +\.(?:ade|adp|bat|chm|cmd|com|cpl|dll|exe|hta|ins|isp|jar|js|jse|lib|lnk|mde|msc|msp|mst|pif|scr|sct|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh)$ diff --git a/wildduck/haraka/config/auth_flat_file.ini b/wildduck/haraka/config/auth_flat_file.ini new file mode 100755 index 0000000..dc6118f --- /dev/null +++ b/wildduck/haraka/config/auth_flat_file.ini @@ -0,0 +1,5 @@ +[core] +methods=CRAM-MD5 + +[users] +; matt=test diff --git a/wildduck/haraka/config/auth_vpopmaild.ini b/wildduck/haraka/config/auth_vpopmaild.ini new file mode 100755 index 0000000..ff15a0d --- /dev/null +++ b/wildduck/haraka/config/auth_vpopmaild.ini @@ -0,0 +1,7 @@ +host=127.0.0.6 +port=89 +;sysadmin=postmaster@example.com:sekret + +[example.com] +host=127.0.0.10 +;sysadmin=postmaster@example.com:sekret diff --git a/wildduck/haraka/config/avg.ini b/wildduck/haraka/config/avg.ini new file mode 100755 index 0000000..a5a4c51 --- /dev/null +++ b/wildduck/haraka/config/avg.ini @@ -0,0 +1,5 @@ +;host= +;port=54322 +;tmpdir=/tmp +;connect_timeout=10 +;session_timeout=30 diff --git a/wildduck/haraka/config/bounce.ini b/wildduck/haraka/config/bounce.ini new file mode 100755 index 0000000..25af276 --- /dev/null +++ b/wildduck/haraka/config/bounce.ini @@ -0,0 +1,18 @@ +; config/bounce_bad_rcpt: addresses that should never get bounces + + +[check] +single_recipient=true +empty_return_path=true +bad_rcpt=true +bounce_spf=true +non_local_msgid=true + +; reject all bounce messages (generally a bad idea) +reject_all=false + +[reject] +single_recipient=true +empty_return_path=true +bounce_spf=false +non_local_msgid=false diff --git a/wildduck/haraka/config/clamd.ini b/wildduck/haraka/config/clamd.ini new file mode 100644 index 0000000..4173089 --- /dev/null +++ b/wildduck/haraka/config/clamd.ini @@ -0,0 +1,5 @@ + +clamd_socket = /run/clamav/clamd.sock +[reject] +virus=true +error=false diff --git a/wildduck/haraka/config/data.headers.ini b/wildduck/haraka/config/data.headers.ini new file mode 100755 index 0000000..893bd0a --- /dev/null +++ b/wildduck/haraka/config/data.headers.ini @@ -0,0 +1,62 @@ +; configuration for data.headers plugin + +; Requiring a date header will cause the loss of valid mail. The JavaMail +; sender used by some banks, photo processing services, health insurance +; companies, bounce senders, and others send messages without a Date header. +; +; If you can afford to reject some valid mail, please do enforce this, and +; encourage mailers toward RFC adherence. Otherwise, do not require Date. + +; Headers that MUST be present (RFC 5322) +; required=From,Date ; <-- RFC 5322 compliant +required=From,Date + +; Received +; If you have no outbound, add 'Received' to the required list for an +; aggressive anti-spam measure. It works because all real mail relays will +; add a `Received` header. It may false positive on some bulk mail that +; uses a custom tool to send, but this appears to be fairly rare. + +; If the date header is present, and future and/or past days are +; defined, it will be validated. 0 = disabled +date_future_days=2 +date_past_days=15 + + +; Headers that MUST be unique if present (RFC 5322) +; singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject (RFC 5322) +singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject + +; enable/disable the various header checks +[check] +; duplicate_singular=true +; missing_required=true +; invalid_return_path=true +; invalid_date=true +; user_agent=true +; direct_to_mx=true +; from_match=true +; mailing_list=true +; delivered_to=true + + +[reject] +; reject switches for each header check +; default are shown. Rejecting based on any of these +; criteria will result in the loss of valid mail. +; +; duplicate_singular=false +; missing_required=false +; invalid_return_path=false +; invalid_date=false + +; arriving messages should not have Delivered-To set to the RCPT TO address. +; delivered_to=true + +; these 4 do not have reject support, and likely shouldn't. +; user_agent=false +; direct_to_mx=false +; from_match=false +; from_match=true +; mailing_list=false + diff --git a/wildduck/haraka/config/data.uribl.excludes b/wildduck/haraka/config/data.uribl.excludes new file mode 100755 index 0000000..432e234 --- /dev/null +++ b/wildduck/haraka/config/data.uribl.excludes @@ -0,0 +1,202 @@ +# List derived from SpamAssassin +126.com +163.com +2o7.net +4at1.com +5iantlavalamp.com +about.com +adelphia.net +adobe.com +agora-inc.com +agoramedia.com +akamai.net +akamaitech.net +alexa.com +amazon.com +ancestry.com +aol.com +apache.org +apple.com +arcamax.com +ask.com +astrology.com +atdmt.com +att.net +baidu.com +bbc.co.uk +bcentral.com +bellsouth.net +bfi0.com +bing.com +bridgetrack.com +cafe24.com +charter.net +citibank.com +citizensbank.com +cjb.net +classmates.com +clickbank.net +cnet.com +cnn.com +comcast.net +com.com +com.ne.kr +corporate-ir.net +cox.net +craigslist.org +cs.com +custhelp.com +daum.net +dd.se +debian.org +dell.com +directnic.com +directtrack.com +div.tk +domain.com +doubleclick.com +dsbl.org +earthlink.net +ebay.com +ebay.co.uk +ebay.de +ebayimg.com +ebaystatic.com +edgesuite.net +ediets.com +egroups.com +emode.com +example.com +example.net +example.org +excite.com +facebook.com +fedex.com +flickr.com +freebsd.org +free.fr +f-secure.com +gentoo.org +geocities.com +gmail.com +gmx.net +go.com +godaddy.com +googleadservices.com +google.co.in +google.com +google.it +grisoft.com +hallmark.com +hinet.net +hotbar.com +hotmail.com +hotpop.com +hp.com +ibm.com +incredimail.com +investorplace.com +ivillage.com +joingevalia.com +juno.com +kernel.org +li.tk +livejournal.com +lycos.com +m7z.net +mac.com +macromedia.com +mail.com +mail.ru +mailscanner.info +marketwatch.com +mcafee.com +mchsi.com +messagelabs.com +microsoft.com +military.com +mindspring.com +mit.edu +monster.com +mozilla.com +msn.com +myspace.com +nate.com +netflix.com +netscape.com +netscape.net +netzero.net +norman.com +nytimes.com +openoffice.org +openxmlformats.org +optonline.net +osdn.com +overstock.com +pacbell.net +pandasoftware.com +passport.com +paypal.com +peoplepc.com +plaxo.com +prodigy.net +p.tk +radaruol.com.br +real.com +redhat.com +rediff.com +regions.com +regionsnet.com +rogers.com +rr.com +sbcglobal.net +sec.gov +sf.net +shaw.ca +shockwave.com +smithbarney.com +sourceforge.net +spamcop.net +speedera.net +sportsline.com +sun.com +suntrust.com +sympatico.ca +tails.nl +telus.net +terra.com.br +ticketmaster.com +tinyurl.com +tiscali.co.uk +tom.com +tone.co.nz +t-online.de +tux.org +twitter.com +uol.com.br +ups.com +usps.com +verizon.net +w3.org +wamu.com +wanadoo.fr +washingtonpost.com +weatherbug.com +web.de +webshots.com +webtv.net +wordpress.com +wsj.com +xmlsoap.org +yahoo.ca +yahoo.co.jp +yahoo.co.kr +yahoo.com +yahoo.com.br +yahoo.co.uk +yahoogroups.com +yimg.com +yopi.de +yoursite.com +youtube.com +zdnet.com diff --git a/wildduck/haraka/config/data.uribl.ini b/wildduck/haraka/config/data.uribl.ini new file mode 100755 index 0000000..473f586 --- /dev/null +++ b/wildduck/haraka/config/data.uribl.ini @@ -0,0 +1,37 @@ +; If DBL not IPv6 compatible set: +; not_ipv6_compatible=1 + +[dbl.spamhaus.org] +validate=^(?!127\.0\.1\.255)127\.|(?!172\.255\.255\.255) +rdns=1 +helo=1 +envfrom=1 +from=1 +msgid=1 +body=1 +no_ip_lookups=1 +custom_msg={uri} listed in {zone}; see http://www.spamhaus.org/query/dbl?domain={uri} + +[multi.uribl.com] +validate=^127 +strip_to_domain=1 +; BLACK list only +bitmask=2 +body=1 +custom_msg={uri} listed in {zone}; see http://lookup.uribl.com/?domain={uri} + +[multi.surbl.org] +validate=^127 +strip_to_domain=1 +body=1 + +;[fresh15.spameatingmonkey.net] +;validate=^127 +;rdns=1 +;helo=1 +;envfrom=1 +;from=1 +;msgid=1 +;body=1 +;no_ip_lookups=1 +;custom_msg={uri} domain registered within the last 15 days; see http://spameatingmonkey.com/lookup/{uri} diff --git a/wildduck/haraka/config/databytes b/wildduck/haraka/config/databytes new file mode 100644 index 0000000..56e1e76 --- /dev/null +++ b/wildduck/haraka/config/databytes @@ -0,0 +1 @@ +26214400 diff --git a/wildduck/haraka/config/delay_deny.ini b/wildduck/haraka/config/delay_deny.ini new file mode 100755 index 0000000..0d63f0e --- /dev/null +++ b/wildduck/haraka/config/delay_deny.ini @@ -0,0 +1,7 @@ + +; excluded plugins: a list of denials that are to be excluded (ie, all the immediate rejection) +; Examples: +; : +; :: +; +;excluded_plugins=spf,lookup_rdns_strict diff --git a/wildduck/haraka/config/dhparams.pem b/wildduck/haraka/config/dhparams.pem new file mode 100644 index 0000000..dc8975b --- /dev/null +++ b/wildduck/haraka/config/dhparams.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAojogVOvUcEffntS6DTp5zIMGWPJrFW8ZxZKIvSYUUlGD/QGWk8/T +CV6irXW7PrfGaOqn3DR+gHjwxoDHvz7tv5mBLvGgWDdEn4/4FNfdYIL3tC2E7Uaw +e2OwUCUgwWYh9Uytssrt0TXyjrAR54MEucU2ObS47m0sVkNNnRT1EfJU/LGC+Qtf +MVSL9FsLBZsexdQHJRXdUaInt/PclKgju0+D1gEzWBagqIPojukmuwl/kPSiV/qe +70By3wWp+fVZw5BXnXDKfQZ6Ox5nirNLPEZa4CaOEOfaTIsFhCBzn7wnLPWEp/Y+ +VfnMbTRnRTP7HfrPw/MMCB7LYtVZU4JEUwIBAg== +-----END DH PARAMETERS----- diff --git a/wildduck/haraka/config/dkim_sign.ini b/wildduck/haraka/config/dkim_sign.ini new file mode 100755 index 0000000..dd6e3c4 --- /dev/null +++ b/wildduck/haraka/config/dkim_sign.ini @@ -0,0 +1,5 @@ +disabled = false +selector = dkim +domain = {{DOMAIN}} +headers_to_sign = From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version +dkim.private.key = /secure/dkim.private diff --git a/wildduck/haraka/config/dnsbl.ini b/wildduck/haraka/config/dnsbl.ini new file mode 100755 index 0000000..717f5ad --- /dev/null +++ b/wildduck/haraka/config/dnsbl.ini @@ -0,0 +1,23 @@ + +; reject: (default: true) +; denies connections from IPs on any active DNSBL +reject=true + +; periodically check each DNSBL, disabling ones that fail checks +periodic_checks = 30 + +; search: Default (first) +; first: consider first DNSBL response conclusive. End processing. +; all: process all DNSBL results +search=first + +; enable_stats (Default: false) +; stores stats in a Redis DB (see plugins/dns_list_base) +;enable_stats=true + +; stats_redis_host (Default: localhost) + + +; zones: a comma separated list of DNSBL zones +; or list DNSBL zones in config/dnsbl.zones +zones=zen.spamhaus.org diff --git a/wildduck/haraka/config/early_talker.ini b/wildduck/haraka/config/early_talker.ini new file mode 100755 index 0000000..481ac00 --- /dev/null +++ b/wildduck/haraka/config/early_talker.ini @@ -0,0 +1,11 @@ + +; delay in seconds +pause=5 + +; terminate the connection? (default: true) +; reject=false + +; Whitelist of client IP ranges to skip delay on +[ip_whitelist] +::1 +127.0.0.1 diff --git a/wildduck/haraka/config/fcrdns.ini b/wildduck/haraka/config/fcrdns.ini new file mode 100755 index 0000000..65ecf4e --- /dev/null +++ b/wildduck/haraka/config/fcrdns.ini @@ -0,0 +1,14 @@ +[reject] +; reject if the IP address has no PTR record +no_rdns=true + +; reject if the FCrDNS test fails +no_fcrdns=true + +; reject if the PTR points to a hostname without a valid TLD +invalid_tld=false + +; reject if the rDNS is generic, examples: +; 1.2.3.4.in.addr.arpa +; c-67-171-0-90.hsd1.wa.comcast.net +generic_rdns=false diff --git a/wildduck/haraka/config/greylist.ini b/wildduck/haraka/config/greylist.ini new file mode 100755 index 0000000..69577fd --- /dev/null +++ b/wildduck/haraka/config/greylist.ini @@ -0,0 +1,43 @@ +; Config for greylisting plugin + +; greylisting action text +text = Greylisted. Please come back later. + +[redis] +host = 127.0.0.1 +; port = 6379 +db = 11 + +[skip] +; skip for DNSWL hosts having high reputation +dnswlorg = true +mailspikewl = true + +[period] +# transition path: first_connect --> black (defer) --> grey(allow) --> white (allow) --> expired + +# 14 minutes +black = 850 +# 25 hours +grey = 90000 +# 35 days +white = 3024000 + +[envelope_whitelist] +# Envelope emails or domains, one per line + + +[ip_whitelist] +# IP or Subnet, one per line + + +[recipient_whitelist] +# Recipient emails or domains, one per line + + +[special_dynamic_domains] +# Put domains that should be always treated as dynamic here. +# Pattern is matched at the end of rdns + +# SiteGround VPS service +sgvps.net diff --git a/wildduck/haraka/config/helo.checks.ini b/wildduck/haraka/config/helo.checks.ini new file mode 100755 index 0000000..e20b18c --- /dev/null +++ b/wildduck/haraka/config/helo.checks.ini @@ -0,0 +1,57 @@ +; disable checks or reject for each test if you are worried about strictness + +;dns_timeout=30 + +[check] +; match_re=true +bare_ip=true +; dynamic=true +; big_company=true +; literal_mismatch: 1 = exact IP match, 2 = IP/24 match, 3 = /24 or RFC1918 +; literal_mismatch=2 +valid_hostname=true +forward_dns=true +rdns_match=true +; host_mismatch: hostname differs between EHLO invocations +host_mismatch=true +; proto_mismatch: host sent EHLO but then tries to sent HELO or vice-versa +proto_mismatch=true + +[reject] +host_mismatch=true +; proto_mismatch=false +proto_mismatch=true +; rdns_match=false +rdns_match=true +; dynamic=false +; bare_ip=false +bare_ip=true +; literal_mismatch=false +; valid_hostname=false +valid_hostname=true +; forward_dns=false +forward_dns=true +; big_company=true + +[skip] +; private_ip=true +; relaying=true +; whitelist=true ; TODO + +[bigco] +msn.com=msn.com +hotmail.com=hotmail.com +yahoo.com=yahoo.com,yahoo.co.jp +yahoo.co.jp=yahoo.com,yahoo.co.jp +yahoo.co.uk=yahoo.co.uk +excite.com=excite.com,excitenetwork.com +mailexcite.com=excite.com,excitenetwork.com +yahoo.co.jp=yahoo.com,yahoo.co.jp +mailexcite.com=excite.com,excitenetwork.com +aol.com=aol.com +compuserve.com=compuserve.com,adelphia.net +nortelnetworks.com=nortelnetworks.com,nortel.com +earthlink.net=earthlink.net +earthling.net=earthling.net +google.com=google.com +gmail.com=google.com,gmail.com diff --git a/wildduck/haraka/config/host_list b/wildduck/haraka/config/host_list new file mode 100644 index 0000000..ffc1f8c --- /dev/null +++ b/wildduck/haraka/config/host_list @@ -0,0 +1,2 @@ +# add hosts in here we want to accept mail for +{{DOMAIN}} diff --git a/wildduck/haraka/config/host_list_regex b/wildduck/haraka/config/host_list_regex new file mode 100755 index 0000000..4b1b7d9 --- /dev/null +++ b/wildduck/haraka/config/host_list_regex @@ -0,0 +1,6 @@ +# Add regexes in here we want to accept mail for. +# Specifies the list of regexes that are local to this server. Note +# all these regexes are anchored with ^regex$. One can not choose not to +# anchor with .* and that there is a good potential for bad regexes being +# over permissive if we don't do this. + diff --git a/wildduck/haraka/config/http.ini b/wildduck/haraka/config/http.ini new file mode 100755 index 0000000..f5feda5 --- /dev/null +++ b/wildduck/haraka/config/http.ini @@ -0,0 +1,7 @@ + +; listen: the HTTP address:port(s) to listen on +; default: [::]:80 (port 80 on all IPv4 and IPv6 addresses) +; listen=[::]:80 + +; docroot: the directory where web content is served from +;docroot=/usr/local/haraka/html diff --git a/wildduck/haraka/config/internalcmd_key b/wildduck/haraka/config/internalcmd_key new file mode 100644 index 0000000..0f4add9 --- /dev/null +++ b/wildduck/haraka/config/internalcmd_key @@ -0,0 +1 @@ +1d1336164e2210ed49371832271103fbc60a4bf6ab38c7ad07b25851290f19af \ No newline at end of file diff --git a/wildduck/haraka/config/lmtp.ini b/wildduck/haraka/config/lmtp.ini new file mode 100755 index 0000000..2e6c73a --- /dev/null +++ b/wildduck/haraka/config/lmtp.ini @@ -0,0 +1,7 @@ +;[main] +host=127.0.0.1 +port=2424 + +; host=127.0.0.1 + +; [example.com] diff --git a/wildduck/haraka/config/log.ini b/wildduck/haraka/config/log.ini new file mode 100644 index 0000000..0187f6a --- /dev/null +++ b/wildduck/haraka/config/log.ini @@ -0,0 +1,11 @@ +[main] + +; level=data, protocol, debug, info, notice, warn, error, crit, alert, emerg +level=info + +; prepend timestamps to log entries? This setting does NOT affect logs emitted +; by logging plugins (like syslog). +timestamps=false + +; format=default, logfmt +format=default diff --git a/wildduck/haraka/config/lookup_rdns.strict.ini b/wildduck/haraka/config/lookup_rdns.strict.ini new file mode 100755 index 0000000..79fec87 --- /dev/null +++ b/wildduck/haraka/config/lookup_rdns.strict.ini @@ -0,0 +1,12 @@ +[general] +nomatch=Please setup matching DNS and rDNS records. +timeout=60 +timeout_msg=DNS check timed out. + +[forward] +nxdomain=Please setup a forward DNS record. +dnserror=Please setup matching DNS and rDNS records. + +[reverse] +nxdomain=Please setup a reverse DNS record. +dnserror=Please setup matching DNS and rDNS records. diff --git a/wildduck/haraka/config/lookup_rdns.strict.timeout b/wildduck/haraka/config/lookup_rdns.strict.timeout new file mode 100755 index 0000000..573541a --- /dev/null +++ b/wildduck/haraka/config/lookup_rdns.strict.timeout @@ -0,0 +1 @@ +0 diff --git a/wildduck/haraka/config/lookup_rdns.strict.whitelist b/wildduck/haraka/config/lookup_rdns.strict.whitelist new file mode 100755 index 0000000..e86947f --- /dev/null +++ b/wildduck/haraka/config/lookup_rdns.strict.whitelist @@ -0,0 +1 @@ +# Hostnames and IPs are matched exactly as written on each line. diff --git a/wildduck/haraka/config/lookup_rdns.strict.whitelist_regex b/wildduck/haraka/config/lookup_rdns.strict.whitelist_regex new file mode 100755 index 0000000..bbfb0bd --- /dev/null +++ b/wildduck/haraka/config/lookup_rdns.strict.whitelist_regex @@ -0,0 +1,5 @@ +# Does the same thing as the whitelist file, but each line is a regex. +# Each line is also anchored for you, meaning '^' + regex + '$' is added for +# you. If you need to get around this restriction, you may use a '.*' at +# either the start or the end of your regex. This should help prevent people +# from writing overly permissive rules on accident. diff --git a/wildduck/haraka/config/mail_from.is_resolvable.ini b/wildduck/haraka/config/mail_from.is_resolvable.ini new file mode 100755 index 0000000..e7724a0 --- /dev/null +++ b/wildduck/haraka/config/mail_from.is_resolvable.ini @@ -0,0 +1,4 @@ +timeout=30 +allow_mx_ip=0 +reject_no_mx=1 +re_bogus_ip=^(?:0\.0\.0\.0|255\.255\.255\.255|127\.) diff --git a/wildduck/haraka/config/max_unrecognized_commands b/wildduck/haraka/config/max_unrecognized_commands new file mode 100755 index 0000000..f599e28 --- /dev/null +++ b/wildduck/haraka/config/max_unrecognized_commands @@ -0,0 +1 @@ +10 diff --git a/wildduck/haraka/config/me b/wildduck/haraka/config/me new file mode 100644 index 0000000..863da08 --- /dev/null +++ b/wildduck/haraka/config/me @@ -0,0 +1 @@ +{{DOMAIN}} diff --git a/wildduck/haraka/config/messagesniffer.ini b/wildduck/haraka/config/messagesniffer.ini new file mode 100755 index 0000000..d1750dd --- /dev/null +++ b/wildduck/haraka/config/messagesniffer.ini @@ -0,0 +1,18 @@ +;port=9001 +;tmpdir=/tmp +;gbudb_report_deny=true +;tag_string=[SPAM] + +;[gbudb] +;white=accept +;caution=allow +;black=allow +;truncate=reject + +;[message] +;white=allow +;local_white=accept +;caution=allow +;black=allow +;truncate=reject +;nonzero=reject diff --git a/wildduck/haraka/config/mongodb.ini b/wildduck/haraka/config/mongodb.ini new file mode 100755 index 0000000..f4cf194 --- /dev/null +++ b/wildduck/haraka/config/mongodb.ini @@ -0,0 +1,30 @@ +; This file must be placed in "config" directory of your Haraka server. + +; +; MongoDB Credentials +; + +[mongodb] +; user +user= +; password +pass= +; host +host=mongo +; port +port=27017 +; database name +db=haraka + +; collection name +[collections] +queue=email_incoming_haraka +delivery=email_delivery_results + +; Absolute path to store attachments +[attachments] +path=/home/node/Haraka/attachments + +[enable] +queue=yes +delivery=yes diff --git a/wildduck/haraka/config/outbound.bounce_message b/wildduck/haraka/config/outbound.bounce_message new file mode 100755 index 0000000..2258211 --- /dev/null +++ b/wildduck/haraka/config/outbound.bounce_message @@ -0,0 +1,15 @@ +Received: (Haraka {pid} invoked for bounce); {date} +Date: {date} +From: MAILER-DAEMON@{me} +To: {from} +Subject: failure notice +Message-Id: {msgid} + +Hi. This is the Haraka Mailer program at {me}. +I'm afraid I wasn't able to deliver your message + "{subject}" +to the following addresses. +This is a permanent error; I've given up. Sorry it didn't work out. + +Intended Recipients: {recipients} +Failure Reason: {reason} diff --git a/wildduck/haraka/config/outbound.bounce_message_html b/wildduck/haraka/config/outbound.bounce_message_html new file mode 100755 index 0000000..6b99270 --- /dev/null +++ b/wildduck/haraka/config/outbound.bounce_message_html @@ -0,0 +1,36 @@ + + + + + + + + + + + + + diff --git a/wildduck/haraka/config/outbound.bounce_message_image b/wildduck/haraka/config/outbound.bounce_message_image new file mode 100755 index 0000000..fb796c9 --- /dev/null +++ b/wildduck/haraka/config/outbound.bounce_message_image @@ -0,0 +1,106 @@ +Content-Type: image/png; name="icon.png" +Content-Disposition: attachment; filename="icon.png" +Content-Transfer-Encoding: base64 +Content-ID: + +iVBORw0KGgoAAAANSUhEUgAAAJAAAACQCAYAAADnRuK4AAAAAXNSR0IArs4c6QAAFi1JREFUeAHt +XUmMHVcVrfo9eYgUWDBsEsAxCQQFFCkSzsQgBQeMQGIBScSwYFoghg0CNoAlhgWjWLBhB0gMYsEO +Z7AgQOwECRRCxBBwOwwLIGwwsdPt7v9/cc6571ZVO2771++q/6uq37N/1Xt3elX3nn9fVfXt6iSJ +LXogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHog +eiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHqgux5Iu3vozRx5dvTo4PRD9909TrIjmOF6zZIm +vx9k6bEDt935g/To0XEzM3fTagRQKW6n7rz19dl49M0ky15eIhfdNP1jspB86KX3PvJgQdzdvQig +EP9Thw/dlWXZd5IsWb4kJNJkI03T9xy8/5EfXlJulzAjgBBogicZZ9/PkmQif0AoSwbpPRFEEzqs +z1+m00duedF4Y/QYwHNllfMEiM4MlhdedeAnJ/9WRa9vsoO+nVCV8+EFM8Dz3arg4RzUkS5sVJmz +b7K7+uRXT9z3AQDh9mmDSt3Vk8feP61+H/QmWvP7cKIXnsPqHXdcOU7P/gV3XM+7kFdpnKb/GWRX +vPSa48fPVNLrifCuzUDjwdNHdwweggAAlK2eAKLqaezKDHT6jbdeNxoOH4ezlqo6bBv5zYXFxRsO +3HviiW34vSXvygw0Ho2+jojWBR6CYynY7C1QtjuxXQeg1TtueTMeGL5pO4dMS6dN2p5Wv6t6uwpA +2Qc/uJQlo682FSza5hxN2W+j3V0FoNXTj38Mt97XNRUI2uYcTdlvo91dcxF96vAtz0/Goz8jyJWe +OFcNGhx6JhksXHvw/pNPVdXtovyuyUBZNv5i0+AhADgH5+oiGKY55l2Rgf76pptvHA7Hv87wI9Bp +nFRVJ02T8eLi4KYXH3v40aq6XZOfiUPn7ZTh5vgbswIPz5Vzcc55n/cs5u89gFbfcPM9WFam/nnX +tEHgnJx7Wv2u6PV6CfvH22/ee/6/4yeQEa6aR0CwlP1j5TmD66760cNr85h/FnP2OgOt/3f8qXmB +h8Hj3DyGWQRyXnP0NgOt3nHb1Vky/FOWZHvn5VzOmybpWposvuya4w/9fZ7H0dTcvc1A43T4lXmD +h0HjMWTp8MtNBXDednuZgU7feevto9HwF/N2bnn+hYXF1xy478Qvy7Q+9HuXgVimOhqNWncLzWPi +sfUBNOVz6N0JWYlpdmP5JNvRz27sY/lrr5aw2spUm0JcD8tfe5WBxsnZz9ZSptoUgFj+ymPsUetN +BmqgTLWpMPeq/LU3GaiBMtWmAMTy1681ZXzWdnsBoKbKVJsKBspfj/Sl/LXzAGq6TLUxEPWk/LXz +AFp98rGP4iffjZWpNgcglL/i2JuyPyu7nb6InlWZalPBgPM7X/7a6Qw0qzLVpgCEzNn58tfOZqBZ +l6k2BaKul792NgPNuky1KQB1vfy1kwA6dfjVd7NktKmgztouz4XnNOt565ivc0vYvMtU63D6xWx0 +tfy1cxlo3mWqFwt+HbSulr92KgM1WaZ68IFHKuHg96+/KVlZXKykcznhLpa/dioDsTS0DWWqBMLZ +zfVkczS8HCYq8btY/toZALFMFT9DekeliDQpjDXnf5vnk426QYRz5Lk2eeh12u4EgNpZporVf4zq +HoBoczSqMyZJl8pfOwGgNpapYrnhr+ygfi1LnsZyVm8m6k75a+sBxDLVJEs/V+tXvA5jeHiTN4Do +7OZGvSDCOevc80na2Wk9gFgCim/581vnPqxghqGAJIJoiOVsXM9yxnPuQvlrqwHEMlWE6cOtA8+W +A/InIQAS/hDU2Y36QMRzNx9smbBVg1YDKJR+tvidgwBNSED6syPCUpac26jtFr/15a+tBVAoU+Uf +fWtl87yz5eAIJmEqTc4NN2p5ToSlrNXlr60EUBfKVC3xAEZpnoIMS0QWrof4eWa4mWyMd/6wsc1v +f20lgLpTpkqgADH86LY+ZCCSwBrjOdEzm5s7vrCGqdaWv7YOQCpTzZJP29e5vVtCRk0dAkn/sePz +ISSmsEmZiXCLv+OHjfCJfBOmbcuudQBKsvEXEItGX8Vbh/NxjGhACTs5WAicQAMdjxn1oFHL2Qgg +2sEtvnwC32jaFm1aBSCWqSIi722RfyY7FESXONKHaxcxJBxhA0CRjj+pmawzE2FZm75l7zUfTW+h +bs1WAahLZar8MYZBxkLCa2ktWx4hoYbLmS1pRNUY4Frbwc/OoN66t7+2BkBdK1PltY5SDXHELBPw +5CCyvZiWgXJgIRONpr+wxqytKn9tBYBYpgovf8l93IW9ZSDkIGUaYMiXLlu7AmhymOGUIEg8sYdl +bB23+FNfE8FX8pmZm+u2FQBaP5N9Ev6/aq6eqDq5JRdp4WGfspBhhKDBuMBLYRk0vyaizjoeNg5H +1a+J6Cv6rDA8v97cAcQy1XScfGJ+LphyZoKGIMFaFRKLMowwAgqXMPbZtA9rG4FDHaqTsYa7s9EU +F9b0GX2nCea4mTuA2lSmWj0OQACRIEBY5vGLawGEQHKjBAwGPg54gjp+doZMNKp4i4/ZWvH217kC +qHVlqh7sSfdEAREhEHFvijlsiC8ShRYOgkBQobL+gbw2HCbDqiBqQfnr3ADUzjJVA8Ak2xwKxIVw +xA1v2gWZkgnQHTiedsC1rkkbBnlNRBBVuyaad/nr3AC0+tC974NnW/g21VLsL9Fl0NWIm4AmwkcJ +xxkceBNKMDC0iMonRPxXSGXJBu7OqoEI5a/ypU80233uh1lOy1LNLD37Z6z/rak0PIcHfOdQDJY3 +LUvmHndS/mMKEPxCeKCsw6xhYKA+v5UGCtCELvLQ3JBkA5bQt28xjUJLuzTZg985WxgsUOuyDcfy +VJpdce01x4+fuaxwzQJzyUBtLFPdv7SS8JO30nLjNF7wEhp6toy+L0NFCiEnLGFiUj6ghjtTNwr6 +HLLZPjBJhyyL9EfZZMsZv4jzKn8NZ2cnMott29+myizEbMRwDgSHMbaFm5R5xLPAi4fMUciUeiUQ +Fngq8WXX4EM0+reZFM7DWVcWl5KF1DkgbN/m8vbXiY5s+2Ouzml7mer+5ZCJmAkEI4Qx4Ich1cqG +0xZkGGTx7DrGQh4AQRkIW9bSwJYnWmX2kg3OYMa5elGTH9mRbpKcn/yaaC7lrzMF0OobXn0Ezmtt +mSpip0YQXbGy7EOLKkeINQHjIGK02Q8sDC38AVWWRQwfUqasA8+0aM8MSJddG0qedjjkr1BPcmFN +39LHbnsW+5kBSGWqWdKZ9yPvX9oTrolCRIWcAB6ByKONfUBRjhVHVc4KNggL8FyTiMz0U1gygrZA +4xKAG22AvYHffh253UsgAyJfo68vIVIra2YA6k6ZauFfLWfLeywpMPCIsYWZnRBwiocuA11uGaMv +Xmnpo2pJqNwXVDCPLYXkmDAhh2IQ3OLjwvoyz4kw43WnnvzdR0pTNNrdevwNTdX1t6nyd73W8OMG ++4k7XEakBM9pBRpYyI2IYPOiNweCwcpv+1PIsvECnYbI5bdYJkOWIziVecCwb7jp+JXWMm/xL3Fh +DemZvf3Vjg8n0GjrSJnqdj64AtdE+xbtFl9wCIFWWD3oUPYAa0kD3TIQpCz+Ms+uDS2vSJ0bdWCd +XUr6Hl2DGYnWbDnb/hYfVvDr4LMpf9Wx+oE1se/L21TpG97es0BeWacUYGYXa0ZkPuKdljILScSF +ZMDBgAuSeNgb6IK2ywRrBCsTFvecQTZoC/0MsssLC9tmIrDHi4uDm1587OFHId5YazwDdalM9XJe +toeNuDsjKCDMwLJp7xvsdZsuMFCOoKE0G8ATLpopnpPJ4oBEAI8f53OYa7MfxAi8S2Ui4pe+p+km +W6MAOnX40F0459ubPIFZ296Hp9V78GGArYWIamChFjACCAw0xSKk23ZX5t7RQX329SHsiiZxB550 +mOFM4pIgUvnrobsKS/X3ysdZq/WuvU216jsSH7n1FcoYlkWYZcx9eegNRSUgcNkqFiz1ICM1bgCM +fJkj+MCzZY508rEBwZdDA5XQJNBtt5xhhr+vPDd92VU/enit1gAHY41loE6WqVb0sAfc1ASFosu1 +B812xrM8ZPQS4grwBFZILtL3ayYJuc1gWMASuPw50bMvrDHn1U2WvzYCoM6WqSpkVTaMuEedey4t +BA0ziBIDNhZhbi3fYCsSBYM6COxaOrLnQKZFGfQEHOwhR7qadMgjWdrbXhOx/PXU4dc0UnPeCICy +ZPgluHCvn2sf9wqkkJCH1ACBkyVZVMWVgDAWM5D6Fm8TcgJoQVzuchH3naaijMtzHqEHNAoHBT1s +vOCn+IrFeOPLbqvOfe0AUplqkjV64VanA6a1pZgxcgwoGq9ZlHV8HHjKGSG4RJZ3hTJFHsrQMdDR +hhnwrQBD+5yKRBpAh5Z4IS2Lpqw+l9WLXVhD+q4m3v5aK4C6XqaK0FRqCrIjAhHWk2qMLbAGFrId +BOIj8HYnJiTYfMGGZShuQYBxWQg8YsTxRiX1SaNgYHBePUIA9WIgaqL8tVYAdb1M1aJZYcuoWrgB +CoYbH1yPKPBgkWsh9h6G1hVH/YAjYsBYQRaEPBsJPaaSS0FM8wQk+ZzMTtvf4tdf/lobgPRG0TT5 +vJ/mrth78BBMe3iIoDILEAriWbhDEoFLSCeL0WegNdQYFO0tCwXvBRscKSuxwwvmQNc8sKM7NdgU +iMgzYzLOTDQuXxMhRnW+/bU2ACXp2c/Aia2pcaavZ9IYLLQ8ZspARrElJQi4EIYKNMdoDHvoCAiC +gWTAY+YhG6AIUugbTRgSVgLkQHZgyn4AFm2fH7IUxG7xFSPESnPWsKkFQCxTxZsnZlZCUMN512OC +AfaEoICFeJPon3CLzYxjpCJDGMmWPAJCoJDBQlQ6VKWwGgUJLn4AHgJKADO7BI/T8kwIkfI1EWNV +19tfawFQ28tUg+fr31ksLUkocLbQWFYJAWeA2YgOgYljfAIgOAJHNnKMhLERMWCjUKkJcLJDYjGH +ZSGSbEnLbUK/BKLayl93DKCulKmWfF9PF5GxxYPAwH9HAfbsFi2MGEnnWaqxMWgWagwdbAEPskl1 +6pHGvnZhSRMPG5qmgNBiGU06oGkqitAYBg4iLGW1lL+GQ7UDq7pl6eTq6ccex6F17u+2X3iu/tsY +ZTrOS8HVNUXOsPzCeKkojHHDP4HJFBhPaWrrKYByOR8DRlY8k+Y3WWwbimddhxd1SCaVkmjoF8dG +sLhNsOyI8r3kNYF6KgVZTAdPXHPgVTek3/rWplGrb3eUgVg6iWPqPHjotvy3MUo+9Oc2+hYTFqXg +qcsgKZbYoKMsoZBZ6Gmq4GPgsSfRDEhacoHNvk2DTCJl2ibVVTgIGYg9ZhlaIRmKYSQ6iZIUk+xg +CGNmomE23nH5a3GmmL9K63qZ6nbnWs5EikmIOkOjwDG6IVhug5ycTCL4zBRyLhmmIBmyt/BFsI00 +8jSFUZhHdtQnHDTKwRKwYfMbgn0CGSWg2PzaiGP2dQEOWyuLC2cWBkvXHrz/5FMSrLjZQQYafx6H +1vq3qVb0x0UyEQNgH209YqAJG/keMfXJjCEt24QwUhf/7aEjrbFZzmCP8c8BUprHliZKWKMms5Pg +xEkxn/Vp3MaaF0PSacqugTCWMvd2tLjFvxKvlpn6+Z1ZseOaeKvb9tHwDziYHQBw4unmIljORBYG +uAqB8gTBQFh9PL/NDIiipOuiENot8jwJOTtstAvBJMeugQhKcbboGsWglavkXgGXAmF+QoldHSv7 +ZAYl8TD2fRBMUJ8/3r+y9/oD9554Ijc7YWcqAOC2/eM4yKl0JzyuuYttvSayEAokiobig2O0UOhg +PfDk533GjtFjUG2vISkKOC2Ybd8Zn0GnPAVtZ91gAwNqaRp2QFYfOpaJjIat7Pi1T3EIZt/18Yxx +cG59/eOSr7jh9JXak0de98Lh5vpfcYKlNxFUMtEpYXtrx7oCzYd5AwRLS42CVnIfusUohwUCC5Ah +cn5NBDVkLpPklmPXU/YhgTTqaY++dzh2tDgNe7+eEZzD0uRGNQeRA3vOd3nOY+bEP7+wnL7k+vt+ +80/RJ9xUziKj4dpbdwt46EMrpN/DyNl1h0cdPH7f7Tt/EW87KhibwFYc2VcqoD45BpSCXFYgFU0G +KA0et0FfY/A0BMvsmb54opkBjv1C2uXL+shCK8ON7C2UrtIqAwgHcajKBH2Q5XLGYnp9ixkfxZ2R +s9gSRNbEsC5JFFT6ICkIs+fZJejl+Yri1KEuoqx5iB6MSbLZuJWgAGEg4Jj/qYMOmkASaNQmuHwp +o2FlIWSrsj6y681SrrCpDCAcTGffKlbBL88SZSYSiBQMsBVgC1YhrMhbnAWEAloKO4GAj2sZKApt +Mi3wjDw+EgANIDQdEoKBYEgcKdE24IC+AclEXZOzKAMFvlQ0BTd2JNhWjm1lAKFc4dmV2zy6XdD2 +Ly0n+/C78t4Ij+B7xdXoIfBkOAgs+kKOZwi3YYpBljChrAc06CnjkEylYJMsZQ/JeiYxvoAErjKO +m6Yumqmb9oX6AFvl2FYGEED+tB3K7tzuA4gIJEVCEQkbBV4bRtYagmtdbNEXAAg6/HMRCXNAIGiP +vqJcyJBFXRejcY4lAdkty1Fuh+CGBpXYAl065X5Jf5BkZ0148m1lAOFIfj65+X5KcikTiHB6nh0s +wgwraCHajB8DWNyyi7sFCIRB3jz4EguRB5sA4WgLICyVgB7gqHmwISBoMwCDpqQHKuniqU8GD6+k +nyS/oHyVVhlAePT9HR5rlUn6KLtXyxl/Q9WDgrOUVyxE7BNIwgTjGkJHIQaU8bdm3lS9TyAKcFAM +5iTPWWxJQo+64HvmUV8TBkAQudK3PVRNlsdAoyI/W39haenb4aAm3lUG0NXHTq7i0eXUj74nPrIO +CO5bxDWR/5ozgpIHBl2G3zMQT4VjirARAAokg6mOVIs+BfCRSaHI5GiB/9yS9jKqjfTzLCV9SOSs +0AkWyCjr49nUF69/4Fd/4fFVaW61ig7OOUtXDx/6Ns793ZUUeyrMdwc9s4G3duD8GG9/UEhYKB/J +y9iA6QG123UjeBD8Fl4PLGXJLcIOujaiTTQSBK5glH0JGGhs2aKgMSxbFXp59iJ/MPjeDT/99bsw +P4UrtcoZiNY50cEHfvUevMf47TiPSk8uKx1dR4T3IhPt5XMiNIXXg8l4eJyNacFHPyQeUulQfbh0 +MWsRdHkkyWMDQToc8oMB4y1VMCVGAXQwEo9yomNPmimSBvsSTf+FWN79yp/95p3TgAcGZZX7qVt2 +9HWLp0+cfy3+puPbcJA34sBegMX/hTji/VMb7agiM9Ea/kqzoh3OAYEJF9UWQNzp4F/Z8eDza2wB +zTmUZuPeNWjLaUSGgGaIsynBVsajjtZPGeWAafEc2P8G6194W95vs6WFH99w2/4H06MP7vzvkuuo +4iZ6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6 +IHogeiB6IHogeiB6IHogeiB6IHogemBaD/wfWl0tzAXA/nAAAAAASUVORK5CYII= diff --git a/wildduck/haraka/config/outbound.ini b/wildduck/haraka/config/outbound.ini new file mode 100755 index 0000000..ce86a4d --- /dev/null +++ b/wildduck/haraka/config/outbound.ini @@ -0,0 +1,30 @@ +; see http://haraka.github.io/manual/Outbound.html +; +; disabled (default: false) +; disabled=true + +; concurrency_max (default: 100) +; concurrency_max=100 + +; uncomment to disable tls for outbound mail +; enable_tls=false + +; maxTempFailures (default: 13) + +; ipv6_enabled (default: false) + +; load_pid_queue +; flush_queue + +; always_split: default: false +; always_split=true + +; received_header (default: "Haraka outbound") +; received_header=Haraka outbound + +; pool_timeout: default : 300 +; pool_timeout=0 + +; pool_concurrency_max: default: 10 +; set to zero to disable pools +; pool_concurrency_max=0 diff --git a/wildduck/haraka/config/plugins b/wildduck/haraka/config/plugins new file mode 100644 index 0000000..abfba6c --- /dev/null +++ b/wildduck/haraka/config/plugins @@ -0,0 +1,76 @@ +# This file lists plugins that Haraka will run +# +# Plugin ordering often matters, run 'haraka -o -c /path/to/haraka/config' +# to see the order plugins (and their hooks) will run in. +# +# To see a list of all plugins, run 'haraka -l' +# +# To see the help docs for a particular plugin, run 'haraka -h plugin.name' + +#process_title +# Log to syslog (see 'haraka -h syslog') +# syslog + +# CONNECT +#toobusy +relay +# control which IPs, rDNS hostnames, HELO hostnames, MAIL FROM addresses, and +# RCPT TO address you accept mail from. See 'haraka -h access'. +access +#p0f +# geoip +# asn +#fcrdns +# block mails from known bad hosts (see config/dnsbl.zones for the DNS zones queried) +#dnsbl + +# HELO +#early_talker +# see config/helo.checks.ini for configuration +helo.checks +# see 'haraka -h tls' for config instructions before enabling! +tls +aliases +# +# AUTH plugins require TLS before AUTH is advertised, see +# https://github.com/haraka/Haraka/wiki/Require-SSL-TLS +# auth/flat_file +# auth/auth_proxy +# auth/auth_ldap + +# MAIL FROM +# Only accept mail where the MAIL FROM domain is resolvable to an MX record +mail_from.is_resolvable +spf + +# RCPT TO +# At least one rcpt_to plugin is REQUIRED for inbound email. The simplest +# plugin is in_host_list, see 'haraka -h rcpt_to.in_host_list' to configure. +rcpt_to.in_host_list +#rcpt_to.qmail_deliverable +#rcpt_to.ldap +#rcpt_to.routes + +# DATA +bounce +# Check mail headers are valid +data.headers +data.uribl +#attachment +#clamd +##spamassassin +dkim_sign +#karma +#limit + +# QUEUE +# queues: discard qmail-queue quarantine smtp_forward smtp_proxy +# Queue mail via smtp - see config/smtp_forward.ini for where your mail goes +queue/lmtp +#queue/smtp_forward + +# Disconnect client if they spew bad SMTP commands at us +max_unrecognized_commands + +#watch +wildduck diff --git a/wildduck/haraka/config/plugins.bak b/wildduck/haraka/config/plugins.bak new file mode 100644 index 0000000..ff68886 --- /dev/null +++ b/wildduck/haraka/config/plugins.bak @@ -0,0 +1,6 @@ +spf +clamd +rspamd +dkim_verify +wildduck +tls diff --git a/wildduck/haraka/config/rabbitmq.ini b/wildduck/haraka/config/rabbitmq.ini new file mode 100755 index 0000000..2a2f6c7 --- /dev/null +++ b/wildduck/haraka/config/rabbitmq.ini @@ -0,0 +1,10 @@ +[rabbitmq] +exchangeName = emailMessages +server_ip = localhost +server_port = 5672 +queueName = email +deliveryMode = 2 +confirm = true +durable = true +autoDelete = false +exchangeType = direct diff --git a/wildduck/haraka/config/rabbitmq_amqplib.ini b/wildduck/haraka/config/rabbitmq_amqplib.ini new file mode 100755 index 0000000..5c08aaa --- /dev/null +++ b/wildduck/haraka/config/rabbitmq_amqplib.ini @@ -0,0 +1,12 @@ +[rabbitmq] +host = localhost +port = 5672 +user = guest +password = guest +exchangeName = email_messages +exchangeType = direct +queueName = emails +deliveryMode = 2 +confirm = true +durable = true +autoDelete = false \ No newline at end of file diff --git a/wildduck/haraka/config/rcpt_to.blocklist b/wildduck/haraka/config/rcpt_to.blocklist new file mode 100755 index 0000000..3b11b87 --- /dev/null +++ b/wildduck/haraka/config/rcpt_to.blocklist @@ -0,0 +1 @@ +# This is a blocklist for the rcpt_to line. One address per line. diff --git a/wildduck/haraka/config/rcpt_to.in_host_list b/wildduck/haraka/config/rcpt_to.in_host_list new file mode 100644 index 0000000..2db330d --- /dev/null +++ b/wildduck/haraka/config/rcpt_to.in_host_list @@ -0,0 +1,2 @@ +;[main] +host_list={{DOMAIN}} diff --git a/wildduck/haraka/config/rdns.allow_regexps b/wildduck/haraka/config/rdns.allow_regexps new file mode 100755 index 0000000..e69de29 diff --git a/wildduck/haraka/config/rdns.deny_regexps b/wildduck/haraka/config/rdns.deny_regexps new file mode 100755 index 0000000..e69de29 diff --git a/wildduck/haraka/config/relay.ini b/wildduck/haraka/config/relay.ini new file mode 100755 index 0000000..1a22421 --- /dev/null +++ b/wildduck/haraka/config/relay.ini @@ -0,0 +1,3 @@ +[relay] +all=false +acl=true diff --git a/wildduck/haraka/config/relay_dest_domains.ini b/wildduck/haraka/config/relay_dest_domains.ini new file mode 100755 index 0000000..a8fc252 --- /dev/null +++ b/wildduck/haraka/config/relay_dest_domains.ini @@ -0,0 +1,2 @@ +[domains] +{{DOMAIN}} = { "action": "continue" } diff --git a/wildduck/haraka/config/rspamd.ini b/wildduck/haraka/config/rspamd.ini new file mode 100644 index 0000000..1673981 --- /dev/null +++ b/wildduck/haraka/config/rspamd.ini @@ -0,0 +1,30 @@ + +host = localhost +port = 11333 +add_headers = always +[dkim] +enabled = true + +[header] +bar = X-Rspamd-Bar +report = X-Rspamd-Report +score = X-Rspamd-Score +spam = X-Rspamd-Spam + +[check] +authenticated = true +private_ip = true + +[reject] +spam = false + +[soft_reject] +enabled = true + +[rmilter_headers] +enabled = true + +[spambar] +positive = + +negative = - +neutral = / diff --git a/wildduck/haraka/config/smtp.ini b/wildduck/haraka/config/smtp.ini new file mode 100644 index 0000000..042d57d --- /dev/null +++ b/wildduck/haraka/config/smtp.ini @@ -0,0 +1,45 @@ +; address to listen on (default: all IPv6 and IPv4 addresses, port 25) +; use "[::0]:25" to listen on IPv6 and IPv4 (not all OSes) +;listen=[::0]:25 + +; Note you can listen on multiple IPs/ports using commas: +;listen=127.0.0.1:2529,127.0.0.2:2529,127.0.0.3:2530 + +; public IP address (default: none) +; If your machine is behind a NAT, some plugins (SPF, GeoIP) gain features +; if they know the servers public IP. If 'stun' is installed, Haraka will +; try to figure it out. If that doesn't work, set it here. +;public_ip=N.N.N.N + +; Time in seconds to let sockets be idle with no activity +;inactivity_timeout=300 + +; Drop privileges to this user/group +;user=smtp +;group=smtp + +; Don't stop Haraka if plugins fail to compile +;ignore_bad_plugins=0 + +; Run using cluster to fork multiple backend processes +;nodes=cpus + +; Daemonize +;daemonize=true +;daemon_log_file=/var/log/haraka.log +;daemon_pid_file=/var/run/haraka.pid + +; Spooling +; Save memory by spooling large messages to disk +;spool_dir=/var/spool/haraka +; Specify -1 to never spool to disk +; Specify 0 to always spool to disk +; Otherwise specify a size in bytes, once reached the +; message will be spooled to disk to save memory. +;spool_after= + +; Force Shutdown Timeout +; - Haraka tries to close down gracefully, but if everything is shut down +; after this time it will hard close. 30s is usually long enough to +; wait for outbound connections to finish. +;force_shutdown_timeout=30 diff --git a/wildduck/haraka/config/smtp_bridge.ini b/wildduck/haraka/config/smtp_bridge.ini new file mode 100755 index 0000000..b9a91a8 --- /dev/null +++ b/wildduck/haraka/config/smtp_bridge.ini @@ -0,0 +1,4 @@ +host=localhost +#port= +#auth_type= +#priority=10 \ No newline at end of file diff --git a/wildduck/haraka/config/smtp_forward.ini.orig b/wildduck/haraka/config/smtp_forward.ini.orig new file mode 100755 index 0000000..1fc05db --- /dev/null +++ b/wildduck/haraka/config/smtp_forward.ini.orig @@ -0,0 +1,23 @@ +; host to connect to +host=localhost +; +; port to connect to +port=2555 +; +; timeout backend connection from pool +;timeout=300 +; +; max connections in pool +;max_connections=1000 +; +; uncomment to enable TLS to the backend SMTP server +;enable_tls=true +; +; for messages that have multiple RCPT, send a separate message for each RCPT +; when forwarding. +;one_message_per_rcpt=true +; +; uncomment to use smtp client authorization +;auth_type=plain +;auth_user= +;auth_pass= diff --git a/wildduck/haraka/config/smtp_proxy.ini b/wildduck/haraka/config/smtp_proxy.ini new file mode 100755 index 0000000..80ff92d --- /dev/null +++ b/wildduck/haraka/config/smtp_proxy.ini @@ -0,0 +1,19 @@ +; host to connect to +host=localhost +; +; port to connect to +port=2555 +; +; timeout backend connection from pool +;timeout=300 +; +; max connections in pool +;max_connections=1000 +; +; uncomment to enable TLS to the backend SMTP server +; enable_tls=1 +; +; uncomment to use smtp client authorization +;auth_type=plain +;auth_user= +;auth_pass= diff --git a/wildduck/haraka/config/smtpgreeting b/wildduck/haraka/config/smtpgreeting new file mode 100644 index 0000000..c380d65 --- /dev/null +++ b/wildduck/haraka/config/smtpgreeting @@ -0,0 +1 @@ +Wildduck Mail MX diff --git a/wildduck/haraka/config/spamassassin.ini b/wildduck/haraka/config/spamassassin.ini new file mode 100755 index 0000000..fba3aa0 --- /dev/null +++ b/wildduck/haraka/config/spamassassin.ini @@ -0,0 +1,41 @@ +; How does Haraka connect to the SpamAssassin spamd daemon? +; TCP/IP: 127.0.0.1:783 +; socket: /var/run/spamd/spamd.sock +spamd_socket=127.0.0.1:783 + +; the username we tell spamd the message is to (default: default) +;spamd_user=first-recipient (see docs) +;spamd_user= + +; messages larger than this are not scored by SA +max_size=500000 + +; Munge the subject of messages with a score higher than.. +; munge_subject_threshold=5 +subject_prefix=*** SPAM *** + +; what to do with incoming messages with X-Spam-* headers +; options are: rename, drop, keep +old_headers_action=rename + +; use the SpamAssassin 3.0+ syntax in X-Spam-Status header +; modern: No, score=0.8 required=8.0 tests=... +; legacy: No, hits=0.8 required=8.0 tests=... +modern_status_syntax=1 + +; Reject all messages with more than this many hits +; reject_threshold=10 + +; when a connection has relay privileges, the rejection limit +; relay_reject_threshold=7 + +; How long should we wait for SpamAssassin to answer the socket +; in seconds (default: 30) +;connect_timeout= + +; How long should we wait for a result from SpamAssassin +; in seconds (default: 300) +;results_timeout= + +; Merge SpamAssassin's headers into the message +;add_headers=true diff --git a/wildduck/haraka/config/spf.ini b/wildduck/haraka/config/spf.ini new file mode 100755 index 0000000..d6f5bae --- /dev/null +++ b/wildduck/haraka/config/spf.ini @@ -0,0 +1,3 @@ +; See 'haraka -h spf' for options +[relay] +context=sender diff --git a/wildduck/haraka/config/tarpit.timeout b/wildduck/haraka/config/tarpit.timeout new file mode 100755 index 0000000..573541a --- /dev/null +++ b/wildduck/haraka/config/tarpit.timeout @@ -0,0 +1 @@ +0 diff --git a/wildduck/haraka/config/tls.ini b/wildduck/haraka/config/tls.ini new file mode 100644 index 0000000..61c0f05 --- /dev/null +++ b/wildduck/haraka/config/tls.ini @@ -0,0 +1,34 @@ +; See 'haraka -h tls' + +key=/secure/privkey.pem +cert=/secure/fullchain.pem +; dhparam=dhparams.pem + +; ciphers: a list of permitted ciphers +; The default cipher list is provided by node.js and is considered secure at +; the time of that versions release. If you have problems with the default cipher +; list, try enabling this "kinda high but more compatible" setting. +ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 + +; honorCipherOrder=false +; rejectUnauthorized=false +; requestCert=true +; requestOCSP=false + + +[redis] +; options in this block require redis to be enabled in config/plugins. + +; remember when a remote fails STARTTLS. The next time they connect, +; don't offer STARTTLS option (so message gets delivered). +; pro: increases mail reliability +; con: reduces security +; default: false +; disable_for_failed_hosts=true + + +; no_tls_hosts - disable TLS for servers with broken TLS. +[no_tls_hosts] +; 127.0.0.1 +; 192.168.1.1 +; 172.16.0.0/16 diff --git a/wildduck/haraka/config/watch.ini b/wildduck/haraka/config/watch.ini new file mode 100755 index 0000000..a5cc306 --- /dev/null +++ b/wildduck/haraka/config/watch.ini @@ -0,0 +1,12 @@ +; watch - a web interface for viewing Haraka activity + +; Sampling:Limit display to 1 connection per second (Default: false) +; sampling=false + +[wss] +; url (Default: same URL as HTTP client used) +; The WebSocket client will attempt to connect via the same URI (changing only +; the scheme) as the initial HTTP connection. WSS is stricter than typical +; HTTP so the scheme and hostname *must* match else it silently fails. +; +; url=wss://mail.example.com/ diff --git a/wildduck/haraka/config/wildduck.ini b/wildduck/haraka/config/wildduck.ini new file mode 100755 index 0000000..b268fd3 --- /dev/null +++ b/wildduck/haraka/config/wildduck.ini @@ -0,0 +1,14 @@ + +# default quota in megabytes (if not set for an user) +maxStorage = 1024 + +[mongo] + +# connection string for messages database +url = mongodb://mongo:27017/wildduck + +# database name for the users db +users = wildduck + +# database name for the attachments db +gridfs = wildduck diff --git a/wildduck/haraka/config/wildduck.yaml b/wildduck/haraka/config/wildduck.yaml new file mode 100644 index 0000000..aae30f2 --- /dev/null +++ b/wildduck/haraka/config/wildduck.yaml @@ -0,0 +1,77 @@ +## Connect to a master instance or Redis +redis: + port: 6379 + host: 'redis' + db: 3 +# password: "" + +## Or alternatively, connect to Redis Sentinel +# redis: +# name: "mymaster" +# password: "" +# db: 3 +# sentinels: +# - host: "1.2.3.4" +# port: 26379 +# - host: "1.2.3.5" +# port: 26379 +# - host: "1.2.3.6" +# port: 26379 + +mongo: + # connection string for main messages database + url: 'mongodb://mongo:27017/wildduck' + + ## database name or connection string for the users db + #users: "users" + + ## database name or connection string for the attachments db + #gridfs: "attachments" + + ## database name or connection string for the outbound queue + sender: 'zone-mta' + +sender: + # Push messages to ZoneMTA queue for delivery + # if `false` then no messages are sent + enabled: true + + # which ZoneMTA queue to use by default. This mostly affects forwarded messages + zone: 'default' + + # Collection name for GridFS storage + gfs: 'mail' + + # Collection name for the queue + # see [dbs].sender option for choosing correct database to use for ZoneMTA queues + # by default the main wildduck database is used + collection: 'zone-queue' + +srs: + # must be shared with ZoneMTA SRS config, otherwise messages sent from ZoneMTA are not recognized by Haraka + secret: 'secret value' + +attachments: + type: 'gridstore' + bucket: 'attachments' + decodeBase64: true + +log: + authlogExpireDays: 30 + +limits: + windowSize: 3600 # 1 hour + rcptIp: 100 # allowed messages for the same recipient from same IP during window size + rcptWindowSize: 60 # 1 minute + rcpt: 60 # allowed messages for the same recipient during window size + +# do not process forwarding addresses for messages with the following spam score +spamScoreForwarding: 10 + +gelf: + enabled: false + component: 'mx' + options: + graylogPort: 12201 + graylogHostname: '127.0.0.1' + connection: 'lan' diff --git a/wildduck/haraka/config/xclient.hosts b/wildduck/haraka/config/xclient.hosts new file mode 100755 index 0000000..f587f7f --- /dev/null +++ b/wildduck/haraka/config/xclient.hosts @@ -0,0 +1,2 @@ +# List of IP addresses that are allowed to use XCLIENT +127.0.0.1 diff --git a/wildduck/wildduck-mta/config/dbs-development.toml b/wildduck/wildduck-mta/config/dbs-development.toml new file mode 100644 index 0000000..e0046e3 --- /dev/null +++ b/wildduck/wildduck-mta/config/dbs-development.toml @@ -0,0 +1,13 @@ +# Database configuration + +# MongoDB connection string +mongo="mongodb://127.0.0.1:27017/wildduck" + +# Database name for ZoneMTA data in MongoDB. In most cases it should be the same as in the connection string +sender="zone-mta" + +# Redis connection information +[redis] +host = "localhost" +port = 6379 +db = 2 diff --git a/wildduck/wildduck-mta/config/dbs-production.toml b/wildduck/wildduck-mta/config/dbs-production.toml new file mode 100644 index 0000000..d8d8716 --- /dev/null +++ b/wildduck/wildduck-mta/config/dbs-production.toml @@ -0,0 +1 @@ +# @include "/wildduck/config/dbs.toml" diff --git a/wildduck/wildduck-mta/config/dns.toml b/wildduck/wildduck-mta/config/dns.toml new file mode 100644 index 0000000..8af3d8c --- /dev/null +++ b/wildduck/wildduck-mta/config/dns.toml @@ -0,0 +1,14 @@ +# If true then caches DNS results to Redis +caching=true +cacheTTL=600 # TTL of cached dns keys in seconds + +# Define nameservers to use (IP addresses only). If using a local DNS cache server, then set caching=false +nameservers=[] + +#caching=false +#nameservers=["127.0.0.1"] + +blockDomains=[] + +# If true then messages to local interfaces are blocked (eg. you can not send to username@localhost) +blockLocalAddresses=false diff --git a/wildduck/wildduck-mta/config/domains.toml b/wildduck/wildduck-mta/config/domains.toml new file mode 100644 index 0000000..be06b4b --- /dev/null +++ b/wildduck/wildduck-mta/config/domains.toml @@ -0,0 +1,7 @@ +# Add domain specific settings here + +[default] +maxConnections=5 + +["gmail.com"] +maxConnections=10 diff --git a/wildduck/wildduck-mta/config/interfaces/feeder.toml b/wildduck/wildduck-mta/config/interfaces/feeder.toml new file mode 100644 index 0000000..e8c0635 --- /dev/null +++ b/wildduck/wildduck-mta/config/interfaces/feeder.toml @@ -0,0 +1,36 @@ +# Default SMTP interface for accepting mail for delivery + +[feeder] +enabled=true + +# How many worker processes to spawn +processes = 2 + +# Maximum allowed message size 30MB +maxSize=31457280 + +# Local IP and port to bind to +host = "0.0.0.0" +port = 465 + +# Set to true to require authentication +# If authentication is enabled then you need to use a plugin with an authentication hook +authentication = true + +# How many recipients to allow per message +maxRecipients=1000 + +# Set to true to enable STARTTLS. Do not forget to change default TLS keys +starttls = false + +# set to true to start in TLS mode if using port 465 +# this probably does not work as TLS support with 465 in ZoneMTA is a bit buggy +secure = true + +# define keys for STARTTLS/TLS. These paths are relative to CWD +#key="./keys/example.com-key.pem" +#cert="./keys/example.com-cert.pem" + +#key="/usr/local/etc/nginx/privkey.pem" +#cert="/usr/local/etc/nginx/fullchain.pem" +# @include "/wildduck/config/tls.toml" diff --git a/wildduck/wildduck-mta/config/log.toml b/wildduck/wildduck-mta/config/log.toml new file mode 100644 index 0000000..9062f27 --- /dev/null +++ b/wildduck/wildduck-mta/config/log.toml @@ -0,0 +1,8 @@ +level="info" # "silly" "info" "error" + +[remote] + # Make sure you have ZMTA Webadmin listening on this port + # See: https://github.com/zone-eu/zmta-webadmin/blob/4aa7a06ac5b64d12a409b67a2f9475d1670445d2/config/default.toml#L27-L32 + protocol="udp4" + host="127.0.0.1" + port=31239 diff --git a/wildduck/wildduck-mta/config/plugins/avast.toml b/wildduck/wildduck-mta/config/plugins/avast.toml new file mode 100644 index 0000000..dd2622e --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/avast.toml @@ -0,0 +1,5 @@ +["modules/zonemta-avast"] +enabled=false # not enabled by default +#enabled=["receiver", "main", "sender"] +interfaces=['*'] +socket="/var/run/avast/scan.sock" diff --git a/wildduck/wildduck-mta/config/plugins/default-headers.toml b/wildduck/wildduck-mta/config/plugins/default-headers.toml new file mode 100644 index 0000000..2879b1b --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/default-headers.toml @@ -0,0 +1,8 @@ +["core/default-headers"] +enabled=["receiver", "main", "sender"] +# Which missing headers to add +addMissing=["message-id", "date"] +# If true then delays messages with future Date: headers until that time has arrived +futureDate=false +# Add X-Originating-IP header +xOriginatingIP=true diff --git a/wildduck/wildduck-mta/config/plugins/delivery-counters.toml b/wildduck/wildduck-mta/config/plugins/delivery-counters.toml new file mode 100644 index 0000000..eaa04d1 --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/delivery-counters.toml @@ -0,0 +1,3 @@ +["modules/zonemta-delivery-counters"] +enabled="main" +prefix="zmta" diff --git a/wildduck/wildduck-mta/config/plugins/dkim.toml b/wildduck/wildduck-mta/config/plugins/dkim.toml new file mode 100644 index 0000000..7ab0148 --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/dkim.toml @@ -0,0 +1,31 @@ +["core/dkim"] +# If enabled then encrypt DKIM keys with the secret password. By default DKIM keys +# are not encrypted and stored as cleartext. Once set up do not change these values, +# otherwise decrypting DKIM keys is going to fail +#cipher="aes192" +#secret="a secret cat" + +# If true then spwans openssl command line executable for generating DKIM keys +# Otherwise forge library is used which is cross-environment but slower +useOpenSSL=true +# Define path to openssl if not in default path +#pathOpenSSL="/usr/local/bin/openssl" + +# If true then also adds a signature for the outbound domain +# Affects WildDuck ZoneMTA plugin only +signTransportDomain=false + +# do not change this +hashAlgo="sha256" + +enabled="sender" + +# Domain name in the dkim signature. Leave blank to use the domain of From: address +domain="{{DOMAIN}}" + +# Selector value in the dkim signature +selector="dkim" + +# Key location. Relative to working directory +path="/secure/dkim.private" + diff --git a/wildduck/wildduck-mta/config/plugins/email-bounce.toml b/wildduck/wildduck-mta/config/plugins/email-bounce.toml new file mode 100644 index 0000000..44046e3 --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/email-bounce.toml @@ -0,0 +1,16 @@ +["core/email-bounce"] +enabled="main" +sendingZone="bounces" + +# email bounces are not generated for messages from the following interfaces +disableInterfaces=["forwarder"] + +["core/email-bounce".mailerDaemon] +# From: header for bounce emails +name="Mail Delivery Subsystem" +address="mailer-daemon@[HOSTNAME]" + +# configure zone specific bounce options for zone "myzone" +["core/email-bounce".zoneConfig.myzone] +disabled=true # if true then skip this block, revert to default +sendingZone="default" # use a specific zone diff --git a/wildduck/wildduck-mta/config/plugins/example.toml b/wildduck/wildduck-mta/config/plugins/example.toml new file mode 100644 index 0000000..07fe566 --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/example.toml @@ -0,0 +1,3 @@ +[example] +enabled=false +#enabled="receiver" diff --git a/wildduck/wildduck-mta/config/plugins/image-hashes.toml b/wildduck/wildduck-mta/config/plugins/image-hashes.toml new file mode 100644 index 0000000..776d65c --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/image-hashes.toml @@ -0,0 +1,2 @@ +["core/image-hashes"] +enabled="receiver" diff --git a/wildduck/wildduck-mta/config/plugins/loop-breaker.toml b/wildduck/wildduck-mta/config/plugins/loop-breaker.toml new file mode 100644 index 0000000..d18a7db --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/loop-breaker.toml @@ -0,0 +1,4 @@ +["modules/zonemta-loop-breaker"] +enabled="sender" +secret = "qgn5IPygjki4-_n8d-8UhZ4fL98Fy9_r" +algo="md5" diff --git a/wildduck/wildduck-mta/config/plugins/wildduck.toml b/wildduck/wildduck-mta/config/plugins/wildduck.toml new file mode 100644 index 0000000..e09834a --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/wildduck.toml @@ -0,0 +1,31 @@ +["modules/zonemta-wildduck"] +enabled=["receiver", "sender"] +interfaces=["feeder"] +hostname="{{DOMAIN}}" +authlogExpireDays=30 +forwardedSRS=false +# Use LMTP instead of SMTP +localLmtp=false +localMxPort=2424 +# SMTP/LMTP server for local delivery +[["modules/zonemta-wildduck".localMx]] + priority=0 + # hostname is for logging only, IP is actually used + exchange="localhost" + A=["127.0.0.1"] + AAAA=[] +# Interface to be used for local delivery +# Make sure that it can connect to the localMX IP +["modules/zonemta-wildduck".localZoneAddress] + address="127.0.0.1" + name="localhost" + +["modules/zonemta-wildduck".gelf] + enabled=false + component="mta" + + ["modules/zonemta-wildduck".gelf.options] + graylogPort=12201 + graylogHostname='127.0.0.1' + connection='lan' + diff --git a/wildduck/wildduck-mta/config/plugins/wildduck.toml.old b/wildduck/wildduck-mta/config/plugins/wildduck.toml.old new file mode 100644 index 0000000..8ee7164 --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/wildduck.toml.old @@ -0,0 +1,11 @@ +[wildduck] +enabled=["receiver", "sender"] +interfaces=["feeder"] +hostname="{{DOMAIN}}" +authlogExpireDays=30 +[wildduck.srs] + enabled=false + # SRS secret value. Must be the same as in the MX side + secret="yJPSba5bcotY9cOhgdCnevS9jaK9fl0N" + rewriteDomain="{{DOMAIN}}" + diff --git a/wildduck/wildduck-mta/config/plugins/zonemta-limiter.toml b/wildduck/wildduck-mta/config/plugins/zonemta-limiter.toml new file mode 100644 index 0000000..cf3b316 --- /dev/null +++ b/wildduck/wildduck-mta/config/plugins/zonemta-limiter.toml @@ -0,0 +1,10 @@ +# plugins/zonemta-limiter.toml +["modules/zonemta-limiter"] +enabled = ["sender"] +prefix = "zl:" + +debug = false # if true, then errors are only logged but messages are not dropped + +# max 250 messages in half an hour +limit = 250 +windowSize = 1800 diff --git a/wildduck/wildduck-mta/config/pools.toml b/wildduck/wildduck-mta/config/pools.toml new file mode 100644 index 0000000..137e7d5 --- /dev/null +++ b/wildduck/wildduck-mta/config/pools.toml @@ -0,0 +1,3 @@ +[[default]] +address="0.0.0.0" +name="{{DOMAIN}}" diff --git a/wildduck/wildduck-mta/config/queue.toml b/wildduck/wildduck-mta/config/queue.toml new file mode 100644 index 0000000..c5c78fd --- /dev/null +++ b/wildduck/wildduck-mta/config/queue.toml @@ -0,0 +1,15 @@ + +# Every instance of ZoneMTA that uses the same database backend +# must have its own unique instance id set. If you never plan to +# run more than a single ZoneMTA instance then you do not need to +# change this value +instanceId="default" + +# Collection name for message queue +collection="zone-queue" + +# Bucket name for the GridStore storage +gfs="mail" + +# Set to true if you do not care about cleaning up the remains of broken transactions +disableGC=false diff --git a/wildduck/wildduck-mta/config/wildduck-mta.toml b/wildduck/wildduck-mta/config/wildduck-mta.toml new file mode 100644 index 0000000..efff11b --- /dev/null +++ b/wildduck/wildduck-mta/config/wildduck-mta.toml @@ -0,0 +1,44 @@ +# This is the main config file + +name="ZoneMTA" + +# Process identifier +ident="wildduck-mta" + +# Run as the following user. Only use this if the application starts up as root +#user="zonemta" +#group="zonemta" + +[log] +# Logging options +# @include "log.toml" + +[dbs] +# MongoDB and Redis connection options +# @include "dbs-{env}.toml" + +[queue] +# @include "queue.toml" + +[dns] +# @include "dns.toml" + +[api] +port=12080 +host='0.0.0.0' + +[smtpInterfaces] +# @include "interfaces/*.toml" + +[plugins] +# @include "plugins/*.toml" + +[pools] +# @include "pools.toml" + +[zones] +# @include "zones/*.toml" + +[domainConfig] +# @include "domains.toml" + diff --git a/wildduck/wildduck-mta/config/zonemta.toml b/wildduck/wildduck-mta/config/zonemta.toml new file mode 120000 index 0000000..ee99585 --- /dev/null +++ b/wildduck/wildduck-mta/config/zonemta.toml @@ -0,0 +1 @@ +wildduck-mta.toml \ No newline at end of file diff --git a/wildduck/wildduck-mta/config/zones/bounces.toml b/wildduck/wildduck-mta/config/zones/bounces.toml new file mode 100644 index 0000000..7c0375d --- /dev/null +++ b/wildduck/wildduck-mta/config/zones/bounces.toml @@ -0,0 +1,6 @@ +[bounces] +preferIPv6=false +ignoreIPv6=true +processes=1 +connections=2 +pool="default" diff --git a/wildduck/wildduck-mta/config/zones/default.toml b/wildduck/wildduck-mta/config/zones/default.toml new file mode 100644 index 0000000..ee75303 --- /dev/null +++ b/wildduck/wildduck-mta/config/zones/default.toml @@ -0,0 +1,14 @@ +[default] +preferIPv6=false +ignoreIPv6=true +processes=1 +connections=5 +pool="default" + +# If you want to send messages for this zone to next MTA instead of actual MX, then +# uncomment following lines and change values +#host = "smtp.ethereal.email" +#port = 587 +#[default.auth] +#user = "gsblpjxjdvhnqkgr@ethereal.email" +#pass = "zDZpDnSsFf11Zfvtv5" diff --git a/wildduck/wildduck/config/api.toml b/wildduck/wildduck/config/api.toml new file mode 100644 index 0000000..3a138d4 --- /dev/null +++ b/wildduck/wildduck/config/api.toml @@ -0,0 +1,52 @@ +enabled = true +port = 80 +# by default bind to localhost only +host = "0.0.0.0" + +# Use `true` (HTTPS) for port 443 and `false` (HTTP) for 80 +secure = false + +# If set requires all API calls to have accessToken query argument with that value +accessToken = "notoken" +# http://localhost:8080/users?accessToken=somesecretvalue +#accessToken="somesecretvalue" + +[accessControl] +# If true then require a valid access token to perform API calls +enabled = false +# Secret for HMAC +# Changing this value invalidates all tokens +#secret = "sAiHB6XcSWJgsMrMl_vJzcfVlhhenJLi" + +[roles] +# @include "roles.json" + +[tls] +# If certificate path is not defined, use global or built-in self-signed certs +#key="/path/to/server/key.pem" +#cert="/path/to/server/cert.pem" + +[mobileconfig] +# plist configuration for OSX/iOS profile files that are generated with Application Specific Passwords +# Use {email} in the description strings to replace it with account email address + +# A reverse-DNS style identifier (com.example.myprofile, for example) that identifies the profile. +# This string is used to determine whether a new profile should replace an existing one or should be added. Username is prepended to this value. +identifier = "{{REVERSE_DNS}}" + +# A human-readable name for the profile. This value is displayed on the Detail screen. It does not have to be unique. +displayName = "Wildduck Mail" + +# A human-readable string containing the name of the organization that provided the profile. +organization = "Unknown" + +# A description of the profile, shown on the Detail screen for the profile. This should be descriptive enough to help the user decide whether to install the profile. +displayDescription = "Install this profile to setup {email}" + +# A user-visible description of the email account, shown in the Mail and Settings applications. +accountDescription = "{email}" + +[mobileconfig.tls] +# If certificate path is not defined, use global or built-in self-signed certs +#key="/path/to/server/key.pem" +#cert="/path/to/server/cert.pem" diff --git a/wildduck/wildduck/config/attachments.toml b/wildduck/wildduck/config/attachments.toml new file mode 100644 index 0000000..b5b046d --- /dev/null +++ b/wildduck/wildduck/config/attachments.toml @@ -0,0 +1,9 @@ +# Attachment storage options + +# For now there's only a single option for attachment storage +type="gridstore" +bucket="attachments" + +# If true then decodes base64 encoded attachments to binary before storing to DB. +# Decoding base64 attachments expects consistent line length and default base64 alphabet +decodeBase64=true diff --git a/wildduck/wildduck/config/dbs.toml b/wildduck/wildduck/config/dbs.toml new file mode 100644 index 0000000..06420da --- /dev/null +++ b/wildduck/wildduck/config/dbs.toml @@ -0,0 +1,47 @@ +# mongodb connection string for the main database +mongo = "mongodb://mongo:27017/wildduck" + +# redis connection string to connect to a single master (see below for Sentinel example) +#redis="redis://127.0.0.1:6379/3" + +# WildDuck allows using different kind of data in different databases +# If you do not provide a database config value, then main database connection +# is used for everything +# You can either use a database name (uses shared connection) or a configutaion +# url (creates a separate connection) for each databases + +# Optional database name or connection url for GridFS if you do not want to +# use the main db for storing attachments. Useful if you want +# to use a different mount folder or storage engine +#gridfs="wildduck" + +# Optional database name or connection url for users collection if you do not want to +# use the main db for storing user/address data. Useful if you want +# to use a different mount folder or storage engine +#users="wildduck" + +# Optional database name or connection url for ZoneMTA queue database. This is +# used to push outbound emails to the sending queue +sender="zone-mta" + +#queued="mail" + +[redis] +host = "redis" +port = 6379 +db = 3 + +## Connect to Redis Sentinel instead of single master +# [redis] +# name="mymaster" +# password="" +# db=3 +# [[redis.sentinels]] +# host="54.36.85.113" +# port=26379 +# [[redis.sentinels]] +# host="54.36.85.114" +# port=26379 +# [[redis.sentinels]] +# host="54.36.85.115" +# port=26379 diff --git a/wildduck/wildduck/config/default.toml b/wildduck/wildduck/config/default.toml new file mode 100644 index 0000000..2ceb2e1 --- /dev/null +++ b/wildduck/wildduck/config/default.toml @@ -0,0 +1,97 @@ +# Uncomment if you start the app as root and want to downgrade +# once all privileged actions are completed +# If you do not use privileged ports then you can start the app already under required user account +#user="wildduck" +#group="wildduck" + +# process title +ident="wildduck" + +# how many processes to start +processes = "2" + +# default quota storage in MB (can be overriden per user) +maxStorage=1024 + +# default smtp recipients for 24h (can be overriden per user) +maxRecipients=2000 +emailDomain = "{{DOMAIN}}" + +# default forwarded messages for 24h (can be overriden per user) +maxForwards=2000 + +# If usernames are not email addresses then use this domain as hostname part +#emailDomain="mydomain.info" + +[dbs] +# @include "dbs.toml" + +[totp] + # If enabled then encrypt TOTP seed tokens with the secret password. By default TOTP seeds + # are not encrypted and stored as cleartext. Once set up do not change these values, + # otherwise decrypting totp seeds is going to fail + #cipher="aes192" + secret="a secret cat" + +cipher = "aes192" +#secret = "E2jYD-p2u68-qUEOJ1KkC3xmzySyTGRY" +[u2f] + # Fully qualified URL of your website (must use HTTPS!) + appId = "http://wildduck" + +[attachments] +# @include "attachments.toml" + +[log] + level="silly" + + skipFetchLog=false # if true, then does not output individual * FETCH responses to log + + # delete authentication log entries after 30 days + # changing this value only affects new entries + # set to false to not log authentication events + # set to 0 to keep the logs infinitely + authlogExpireDays=30 + + [log.gelf] + enabled = false + hostname = "{{DOMAIN}}" # defaults to os.hostname() + component="wildduck" + [log.gelf.options] + graylogPort = 1 + graylogHostname = "" + connection="lan" + +[imap] +# @include "imap.toml" + +[tls] +# @include "tls.toml" + +[lmtp] +# @include "lmtp.toml" + +[pop3] +# @include "pop3.toml" + +[api] +# @include "api.toml" + +[sender] +# @include "sender.toml" + +[dkim] +# @include "dkim.toml" + +[plugins] +# @include "plugins/*.toml" + +[tasks] +# if enabled then process jobs like deleting expired messages etc +enabled=true + +[smtp.setup] +# Public configuration for SMTP MDA, needed for mobileconfig files +hostname = "0.0.0.0" +secure = true +port = 465 diff --git a/wildduck/wildduck/config/dkim.toml b/wildduck/wildduck/config/dkim.toml new file mode 100644 index 0000000..44c54c6 --- /dev/null +++ b/wildduck/wildduck/config/dkim.toml @@ -0,0 +1,30 @@ +# If enabled then encrypt DKIM keys with the secret password. By default DKIM keys +# are not encrypted and stored as cleartext. Once set up do not change these values, +# otherwise decrypting DKIM keys is going to fail +#cipher="aes192" +#secret="a secret cat" + +# If true then spwans openssl command line executable for generating DKIM keys +# Otherwise forge library is used which is cross-environment but slower +useOpenSSL=true +# Define path to openssl if not in default path +#pathOpenSSL="/usr/local/bin/openssl" + +# If true then also adds a signature for the outbound domain +# Affects WildDuck ZoneMTA plugin only +signTransportDomain=true + +# do not change this +hashAlgo="sha256" + +enabled="sender" + +# Domain name in the dkim signature. Leave blank to use the domain of From: address +domain="{{DOMAIN}}" + +# Selector value in the dkim signature +selector="dkim" + +# Key location. Relative to working directory +path="/secure/dkim.private" + diff --git a/wildduck/wildduck/config/imap.toml b/wildduck/wildduck/config/imap.toml new file mode 100644 index 0000000..e363913 --- /dev/null +++ b/wildduck/wildduck/config/imap.toml @@ -0,0 +1,83 @@ +# If enabled then WildDuck exposes an IMAP interface for listing and fetching emails +enabled = true +port = 993 +host = "0.0.0.0" + +# Use `true` for port 993 and `false` for 143. If connection is not secured +# on connection then WildDuck enables STARTTLS extension +secure = true +#secured = true + +# Max size for messages uploaded via APPEND +maxMB=25 + +# delete messages from \Trash and \Junk after retention days +retention = 4 + +# Default max donwload bandwith per day in megabytes +maxDownloadMB=10000 + +# Default max upload bandwith per day in megabytes +maxUploadMB=10000 + +# Default max concurrent connections per service per client +maxConnections=15 + +# if `true` then do not autodelete expired messages +disableRetention=false + +# If true, then disables STARTTLS support +disableSTARTTLS = true + +# If true, then advertises COMPRESS=DEFLATE capability +enableCompression=false + +# If true, then expect HAProxy PROXY header as the first line of data +useProxy=false +# useProxy=true # expect PROXY from all conections +# useProxy=['*'] # expect PROXY from all conections +# useProxy=['1.2.3.4', '1.2.3.5'] # expect PROXY only from connections from listed IP addresses + +# an array of IP addresses to ignore (not logged) +ignoredHosts=[] + +#name="WildDuck IMAP" +#version="1.0.0" +#vendor="WildDuck" + +# Add extra IMAP interfaces +#[[interface]] +#enabled=true +#port=9143 +#host="0.0.0.0" +#secure=false +#ignoreSTARTTLS=true + +# If true then EXPUNGE is called after a message gets a \Deleted flag set +autoExpunge=true +name = "Wildduck Mail IMAP" + +[setup] +# Public configuration for IMAP +hostname = "imap.{{DOMAIN}}" +secure = true +# port defaults to imap.port +# port=9993 + +[tls] +## If certificate path is not defined, use global or built-in self-signed certs +#key="/path/to/server/key.pem" +#cert="/path/to/server/cert.pem" + +## You can also define extra options for specific TLS settings: + +#ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" + +ciphers = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" +secureProtocol = "SSLv23_server_method" +secureOptions = 100663296 +#secureProtocol="SSLv23_server_method" + +## constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1 => 100663296 +#secureOptions=100663296 + diff --git a/wildduck/wildduck/config/lmtp.toml b/wildduck/wildduck/config/lmtp.toml new file mode 100644 index 0000000..8ee1f41 --- /dev/null +++ b/wildduck/wildduck/config/lmtp.toml @@ -0,0 +1,24 @@ +# If enabled then WildDuck exposes a LMTP interface for pushing messages to mail store +# NB! If you are using WildDuck plugin for Haraka then LMTP is not needed +enabled=true +port=2424 + +# by default bind to localhost only +host="127.0.0.1" + +# Max accepted size for messages pushed via LMTP +maxMB=25 + +# If true then disables STARTTLS usage +disableSTARTTLS=true + +# Greeting message for connecting client +banner="Welcome to WildDuck Mail Server" + +# Server hostname. Defaults to os.hostname() if false +name="{{DOMAIN}}" + +[tls] +# If certificate path is not defined, use global or built-in self-signed certs for STARTTLS +#key="/path/to/server/key.pem" +#cert="/path/to/server/cert.pem" diff --git a/wildduck/wildduck/config/plugins/example.toml b/wildduck/wildduck/config/plugins/example.toml new file mode 100644 index 0000000..9da04c6 --- /dev/null +++ b/wildduck/wildduck/config/plugins/example.toml @@ -0,0 +1,10 @@ +[example] + +enabled = false + +# $WD: path of wildduck module root +# $CONFIG: path of config root +path = "$WD/plugins/example.js" + +# Additional config options +value1 = "Example config option" diff --git a/wildduck/wildduck/config/pop3.toml b/wildduck/wildduck/config/pop3.toml new file mode 100644 index 0000000..92b4365 --- /dev/null +++ b/wildduck/wildduck/config/pop3.toml @@ -0,0 +1,39 @@ +# If enabled then WildDuck exposes a limited POP3 interface for listing and fetching emails +enabled = false +port=9995 +# by default bind to localhost only +host="0.0.0.0" + +# Use `true` for port 995 and `false` for 110 +secure=true + +# If true, then do not show server info in CAPA response +disableVersionString=false + +# How many latest messages to list for LIST and UIDL +# POP3 server never lists all messages but only a limited length list +maxMessages=250 + +# Max donwload bandwith per day in megabytes +maxDownloadMB=10000 + +# If true, then expect HAProxy PROXY header as the first line of data +useProxy=false + +# an array of IP addresses to ignore (not logged) +ignoredHosts=[] + +#name="WildDuck POP3" +#version="1.0.0" + +[tls] +# If certificate path is not defined, use global or built-in self-signed certs +#key="/path/to/server/key.pem" +#cert="/path/to/server/cert.pem" + +[setup] +# Public configuration for POP3 +hostname="pop.{{DOMAIN}}" +secure=true +# port defaults to pop3.port +#port=9995 diff --git a/wildduck/wildduck/config/roles.json b/wildduck/wildduck/config/roles.json new file mode 100644 index 0000000..6b342be --- /dev/null +++ b/wildduck/wildduck/config/roles.json @@ -0,0 +1,269 @@ +{ + "root": { + "addresslisting": { + "read:any": ["*"] + }, + + "addresses": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "authentication": { + "create:any": ["*"], + "read:any": ["*"] + }, + + "userlisting": { + "read:any": ["*", "!audit"] + }, + + "users": { + "create:any": ["*", "!audit"], + "read:any": ["*", "!audit"], + "update:any": ["*", "!audit"], + "delete:any": ["*"] + }, + + "asps": { + "create:any": ["*"], + "read:any": ["*"], + "delete:any": ["*"] + }, + + "messages": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "mailboxes": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "autoreplies": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "filters": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "dkim": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "domainaliases": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + } + }, + + "manager": { + "addresslisting": { + "read:any": ["*"] + }, + + "addresses": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "authentication": { + "create:any": ["*"], + "read:any": ["*"] + }, + + "userlisting": { + "read:any": ["*", "!audit"] + }, + + "users": { + "create:any": ["*", "!audit"], + "read:any": ["*", "!audit"], + "update:any": ["*", "!audit"], + "delete:any": ["*"] + }, + + "asps": { + "create:any": ["*"], + "read:any": ["*"], + "delete:any": ["*"] + }, + + "autoreplies": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "filters": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "dkim": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "domainaliases": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + } + }, + + "webmail": { + "addresses": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "authentication": { + "create:any": ["*"], + "read:any": ["*"] + }, + + "users": { + "read:any": ["*", "!audit"], + "update:any": ["*", "!audit"] + }, + + "asps": { + "create:any": ["*"], + "read:any": ["*"], + "delete:any": ["*"] + }, + + "messages": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "mailboxes": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "autoreplies": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + }, + + "filters": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + } + }, + + "user": { + "addresslisting": { + "read:own": ["*"] + }, + + "addresses": { + "create:own": ["*"], + "read:own": ["*"], + "update:own": ["*"], + "delete:own": ["*"] + }, + + "authentication": { + "read:own": ["*"] + }, + + "userlisting": { + "read:own": ["*", "!audit"] + }, + + "users": { + "read:own": ["*", "!audit"], + "update:own": ["*", "!audit"] + }, + + "asps": { + "create:own": ["*"], + "read:own": ["*"], + "delete:own": ["*"] + }, + + "messages": { + "create:own": ["*"], + "read:own": ["*"], + "update:own": ["*"], + "delete:own": ["*"] + }, + + "mailboxes": { + "create:own": ["*"], + "read:own": ["*"], + "update:own": ["*"], + "delete:own": ["*"] + }, + + "autoreplies": { + "create:own": ["*"], + "read:own": ["*"], + "update:own": ["*"], + "delete:own": ["*"] + }, + + "filters": { + "create:own": ["*"], + "read:own": ["*"], + "update:own": ["*"], + "delete:own": ["*"] + } + }, + + "auth": { + "authentication": { + "create:any": ["*"] + } + }, + + "audit": { + "users": { + "create:any": ["*"], + "read:any": ["*"], + "update:any": ["*"], + "delete:any": ["*"] + } + } +} diff --git a/wildduck/wildduck/config/sender.toml b/wildduck/wildduck/config/sender.toml new file mode 100644 index 0000000..64a6cb8 --- /dev/null +++ b/wildduck/wildduck/config/sender.toml @@ -0,0 +1,10 @@ +# which ZoneMTA queue to use by default +zone="wildduck-mta" + +# Collection name for GridFS storage +gfs="mail" + +# Collection name for the queue +# see [dbs].sender option for choosing correct database to use for ZoneMTA queues +# by default the main wildduck database is used +collection="zone-queue" diff --git a/wildduck/wildduck/config/test.toml b/wildduck/wildduck/config/test.toml new file mode 100644 index 0000000..5836c82 --- /dev/null +++ b/wildduck/wildduck/config/test.toml @@ -0,0 +1,14 @@ +[log] + level="error" + +[dbs] + # mongodb connection string for the main database + mongo="mongodb://mongo:27017/wildduck-test" + + # redis connection string + redis="redis://redis:6379/13" + + dbname="wildduck-test" + +[imap] + autoExpunge=false diff --git a/wildduck/wildduck/config/tls.toml b/wildduck/wildduck/config/tls.toml new file mode 100644 index 0000000..4450239 --- /dev/null +++ b/wildduck/wildduck/config/tls.toml @@ -0,0 +1,6 @@ +# Default TLS keys (can be overriden by individual services) +#key="/path/to/server/key.pem" +#ca=["/path/to/server/ca1.pem", "/path/to/server/ca2.pem"] +#cert="/path/to/server/cert.pem" +key = "/secure/privkey.pem" +cert = "/secure/fullchain.pem"