dovecot: migrate to dovecot 2.4
This commit is contained in:
+18
-9
@@ -18,7 +18,6 @@ let
|
||||
alicePassword = "testalice";
|
||||
bobPassword = "testbob";
|
||||
carolPassword = "testcarol";
|
||||
frankPassword = "testfrank";
|
||||
malloryPassword = "testmallory";
|
||||
in
|
||||
{
|
||||
@@ -76,7 +75,8 @@ in
|
||||
objectClass: simpleSecurityObject
|
||||
objectClass: top
|
||||
cn: mail
|
||||
userPassword: ${bindPassword}
|
||||
# unsafegibberish
|
||||
userPassword: {SSHA}JNr6l3s/RHo1LKRXqFsJg8sXznyRid8L
|
||||
|
||||
dn: ou=users,dc=example
|
||||
objectClass: organizationalUnit
|
||||
@@ -88,7 +88,8 @@ in
|
||||
uid: alice
|
||||
sn: Foo
|
||||
mail: alice@example.com
|
||||
userPassword: ${alicePassword}
|
||||
# testalice
|
||||
userPassword: {SSHA}gkJq4Dm4jfIKjxviR0WD63wMt0Ti6zMB
|
||||
|
||||
dn: cn=bob,ou=users,dc=example
|
||||
entryUUID: f3b4e8ea-087f-42cc-95f0-cbfd99386092
|
||||
@@ -100,7 +101,8 @@ in
|
||||
sn: Bar
|
||||
mail: bob@example.com
|
||||
homeDirectory: /home/bob
|
||||
userPassword: ${bobPassword}
|
||||
# testbob
|
||||
userPassword: {SSHA}qqUveZGZrDrjYFnREXLDZc//y89RppVN
|
||||
|
||||
dn: cn=carol,ou=users,dc=example
|
||||
entryUUID: 41240499-27e2-4fa2-be4f-4113a77661b1
|
||||
@@ -108,7 +110,8 @@ in
|
||||
uid: carol
|
||||
sn: Baz
|
||||
mail: carol@example.com
|
||||
userPassword: ${carolPassword}
|
||||
# testcarol
|
||||
userPassword: {SSHA}69HOuP+OPWE+3+tDucFZxzXDC7p4e3ML
|
||||
|
||||
dn: cn=frank,ou=users,dc=example
|
||||
entryUUID: ca16f594-f6b2-418f-87d3-0d02d746461f
|
||||
@@ -116,17 +119,23 @@ in
|
||||
uid: frank
|
||||
sn: Moo
|
||||
mail: frank@example.com
|
||||
userPassword: ${frankPassword}
|
||||
# testfrank
|
||||
userPassword: {SSHA}xqtMl8/uJ6HEFWDzLYpAE+Wq7FvKrtkm
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.dovecot.serviceConfig = {
|
||||
CacheDirectory = "dovecot";
|
||||
StateDirectory = "dovecot";
|
||||
};
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.example.com";
|
||||
domains = [ "example.com" ];
|
||||
localDnsResolver = false;
|
||||
storage.path = "/var/lib/dovecot/vmail";
|
||||
indexDir = "/var/lib/dovecot/indices";
|
||||
indexDir = "/var/cache/dovecot/indices";
|
||||
|
||||
aliases = {
|
||||
# Steal frank@example.com from LDAP user frank
|
||||
@@ -215,11 +224,11 @@ in
|
||||
machine.succeed("doveadm user -f gid bob@example.com | grep ${toString nodes.machine.mailserver.storage.uid}")
|
||||
|
||||
machine.succeed("doveadm user -f home bob@example.com | grep ${nodes.machine.mailserver.storage.path}/ldap/f3b4e8ea-087f-42cc-95f0-cbfd99386092")
|
||||
machine.succeed("doveadm user -f mail bob@example.com | grep 'maildir:~/mail:INDEX=${nodes.machine.mailserver.indexDir}/ldap/f3b4e8ea-087f-42cc-95f0-cbfd99386092'")
|
||||
machine.succeed("doveadm user -f mail_path bob@example.com | grep ${nodes.machine.mailserver.storage.path}/ldap/f3b4e8ea-087f-42cc-95f0-cbfd99386092")
|
||||
machine.succeed("doveadm user -f mail_index_path bob@example.com | grep ${nodes.machine.mailserver.indexDir}/ldap/f3b4e8ea-087f-42cc-95f0-cbfd99386092")
|
||||
|
||||
with subtest("Files containing secrets are only readable by root"):
|
||||
machine.succeed("ls -l /run/postfix/*.cf | grep -e '-rw------- 1 root root'")
|
||||
machine.succeed("ls -l /run/dovecot2/dovecot-ldap.conf.ext | grep -e '-rw------- 1 root root'")
|
||||
|
||||
with subtest("Test account/mail address binding via explicit TLS"):
|
||||
machine.fail(" ".join([
|
||||
|
||||
Reference in New Issue
Block a user