diff options
Diffstat (limited to 'modules/sympa')
32 files changed, 785 insertions, 512 deletions
diff --git a/modules/sympa/files/scenari/open_web_only_notify b/modules/sympa/files/scenari/open_web_only_notify index 9c0b1dbc..621e425c 100644 --- a/modules/sympa/files/scenari/open_web_only_notify +++ b/modules/sympa/files/scenari/open_web_only_notify @@ -3,4 +3,3 @@ title.gettext anyone on the web, notification is sent to list owner # do not notify if it is just an update is_subscriber([listname],[sender]) smtp,smime,md5 -> do_it true() md5 -> do_it,notify - diff --git a/modules/sympa/files/scenari/subscriber_moderated b/modules/sympa/files/scenari/subscriber_moderated deleted file mode 100644 index 9e301213..00000000 --- a/modules/sympa/files/scenari/subscriber_moderated +++ /dev/null @@ -1,6 +0,0 @@ -title.gettext Reserved to subscriber - -is_subscriber([listname],[sender]) smtp,smime,md5 -> do_it -true() smime,md5 -> do_it -true() smtp -> reject(reason='send_subscriber') - diff --git a/modules/sympa/files/topics.conf b/modules/sympa/files/topics.conf index 53824f0d..92e1809c 100644 --- a/modules/sympa/files/topics.conf +++ b/modules/sympa/files/topics.conf @@ -1,3 +1,6 @@ +bugsquad +title Bug triaging + sysadmin title System administration, infrastructure @@ -24,3 +27,6 @@ title Local Community atelier title Atelier (Artwork, Web, Marketing, Communication) + +users +title Users discussions diff --git a/modules/sympa/manifests/announce_list_email.pp b/modules/sympa/manifests/announce_list_email.pp deleted file mode 100644 index bebeea13..00000000 --- a/modules/sympa/manifests/announce_list_email.pp +++ /dev/null @@ -1,18 +0,0 @@ -# list where announce are sent by $email only -# reply_to is set to $reply_to -define sympa::announce_list_email($subject, - $reply_to, - $sender_email, - $subscriber_ldap_group = false, - $language = 'en', - $topics = false) { - list { $name: - subject => $subject, - profile => '', - language => $language, - topics => $topics, - reply_to => $reply_to, - sender_email => $sender_email, - subscriber_ldap_group => $subscriber_ldap_group, - } -} diff --git a/modules/sympa/manifests/announce_list_group.pp b/modules/sympa/manifests/announce_list_group.pp deleted file mode 100644 index ddb3747a..00000000 --- a/modules/sympa/manifests/announce_list_group.pp +++ /dev/null @@ -1,17 +0,0 @@ -# list where announce are sent by member of ldap_group -# reply_to is set to $reply_to -define sympa::announce_list_group($subject, - $reply_to, - $sender_ldap_group, - $language = 'en', - $topics = false) { - # profile + scenario - list { $name: - subject => $subject, - profile => '', - language => $language, - topics => $topics, - reply_to => $reply_to, - sender_ldap_group => $sender_ldap_group, - } -} diff --git a/modules/sympa/manifests/datasource/ldap_group.pp b/modules/sympa/manifests/datasource/ldap_group.pp index 6b34ec92..6060bec4 100644 --- a/modules/sympa/manifests/datasource/ldap_group.pp +++ b/modules/sympa/manifests/datasource/ldap_group.pp @@ -1,5 +1,5 @@ define sympa::datasource::ldap_group { - file { "/etc/sympa/data_sources/$name.incl": + file { "/etc/sympa/data_sources/${name}.incl": content => template('sympa/data_sources/ldap_group.incl') } } diff --git a/modules/sympa/manifests/list.pp b/modules/sympa/manifests/list.pp index 4e265f31..205d2719 100644 --- a/modules/sympa/manifests/list.pp +++ b/modules/sympa/manifests/list.pp @@ -1,38 +1,33 @@ define sympa::list( $subject, - $profile = false, $language = 'en', $topics = false, $reply_to = false, + $sender_subscriber = false, $sender_email = false, $sender_ldap_group = false, $subscriber_ldap_group = false, $public_archive = true, - $subscription_open = false) { + $subscription_open = false, + $critical = false) { include sympa::variable $ldap_password = extlookup('sympa_ldap','x') $custom_subject = $name - $xml_file = "/etc/sympa/lists_xml/$name.xml" - - if $sender_email { - $sender_email_file = regsubst($sender_email,'\@','-at-') - } else { - $sender_email_file = '' - } + $xml_file = "/etc/sympa/lists_xml/${name}.xml" file { $xml_file: content => template('sympa/list.xml'), require => Package[sympa], } - exec { "sympa.pl --create_list --robot=$sympa::variable::vhost --input_file=$xml_file": + exec { "sympa.pl --create_list --robot=${sympa::variable::vhost} --input_file=${xml_file}": require => File[$xml_file], - creates => "/var/lib/sympa/expl/$name", - before => File["/var/lib/sympa/expl/$name/config"], + creates => "/var/lib/sympa/expl/${name}", + before => File["/var/lib/sympa/expl/${name}/config"], } - file { "/var/lib/sympa/expl/$name/config": + file { "/var/lib/sympa/expl/${name}/config": owner => 'sympa', group => 'sympa', mode => '0750', @@ -40,16 +35,10 @@ define sympa::list( $subject, notify => Service['sympa'], } - if $sender_ldap_group { - if ! defined(Sympa::Scenario::Sender_ldap_group[$sender_ldap_group]) { - sympa::scenario::sender_ldap_group { $sender_ldap_group: } - } - } - - if $sender_email { - if ! defined(Sympa::Scenario::Sender_email[$sender_email]) { - sympa::scenario::sender_email { $sender_email: } - } + sympa::scenario::sender_restricted { $name: + ldap_group => $sender_ldap_group, + email => $sender_email, + allow_subscriber => $sender_subscriber, } if $subscriber_ldap_group { @@ -57,6 +46,12 @@ define sympa::list( $subject, sympa::search_filter::ldap { $subscriber_ldap_group: } } } + + if $sender_ldap_group { + if ! defined(Sympa::Search_filter::Ldap[$sender_ldap_group]) { + sympa::search_filter::ldap { $sender_ldap_group: } + } + } } diff --git a/modules/sympa/manifests/list/announce.pp b/modules/sympa/manifests/list/announce.pp new file mode 100644 index 00000000..2dd1c647 --- /dev/null +++ b/modules/sympa/manifests/list/announce.pp @@ -0,0 +1,21 @@ +# list where announce are sent by $email or $ldap_group only +# reply_to is set to $reply_to +define sympa::list::announce($subject, + $reply_to, + $sender_email = false, + $sender_ldap_group = false, + $subscriber_ldap_group = false, + $language = 'en', + $topics = false, + $critical = false) { + list { $name: + subject => $subject, + language => $language, + topics => $topics, + reply_to => $reply_to, + sender_email => $sender_email, + sender_ldap_group => $sender_ldap_group, + subscriber_ldap_group => $subscriber_ldap_group, + critical => $critical + } +} diff --git a/modules/sympa/manifests/list/private.pp b/modules/sympa/manifests/list/private.pp index d58d7ab2..c8d9b38e 100644 --- a/modules/sympa/manifests/list/private.pp +++ b/modules/sympa/manifests/list/private.pp @@ -1,15 +1,16 @@ # list with private archive, restricted to member of $ldap_group define sympa::list::private($subject, $subscriber_ldap_group, + $sender_email = false, $language ='en', $topics = false) { list { $name: subject => $subject, - profile => '', language => $language, topics => $topics, subscriber_ldap_group => $subscriber_ldap_group, sender_ldap_group => $subscriber_ldap_group, + sender_email => $sender_email, public_archive => false, } } diff --git a/modules/sympa/manifests/list/private_email.pp b/modules/sympa/manifests/list/private_email.pp deleted file mode 100644 index 54e70592..00000000 --- a/modules/sympa/manifests/list/private_email.pp +++ /dev/null @@ -1,17 +0,0 @@ -# same as private_list, but post are restricted to $email -# ( scripting ) -define sympa::list::private_email($subject, - $subscriber_ldap_group, - $sender_email, - $language ='en', - $topics = false) { - list { $name: - subject => $subject, - profile => '', - language => $language, - topics => $topics, - subscriber_ldap_group => $subscriber_ldap_group, - sender_email => $sender_email, - public_archive => false, - } -} diff --git a/modules/sympa/manifests/list/private_open.pp b/modules/sympa/manifests/list/private_open.pp deleted file mode 100644 index 7f3f5105..00000000 --- a/modules/sympa/manifests/list/private_open.pp +++ /dev/null @@ -1,18 +0,0 @@ -# list with private archive, restricted to member of $ldap_group -# everybody can post -# used for contact alias -define sympa::list::private_open( $subject, - $subscriber_ldap_group, - $language = 'en', - $topics = false) { - sympa::list { $name: - subject => $subject, - profile => '', - language => $language, - topics => $topics, - subscriber_ldap_group => $subscriber_ldap_group, - public_archive => false, - } -} - - diff --git a/modules/sympa/manifests/list/public.pp b/modules/sympa/manifests/list/public.pp new file mode 100644 index 00000000..7b97534a --- /dev/null +++ b/modules/sympa/manifests/list/public.pp @@ -0,0 +1,16 @@ +# public discussion list +# reply_to is set to the list +define sympa::list::public($subject, + $language = 'en', + $topics = false, + $sender_email = false) { + include sympa::variable + list { $name: + subject => $subject, + language => $language, + topics => $topics, + sender_email => $sender_email, + sender_subscriber => true, + reply_to => "${name}@${sympa::variable::vhost}", + } +} diff --git a/modules/sympa/manifests/public_restricted_list.pp b/modules/sympa/manifests/list/public_restricted.pp index fec079f7..5c316368 100644 --- a/modules/sympa/manifests/public_restricted_list.pp +++ b/modules/sympa/manifests/list/public_restricted.pp @@ -1,17 +1,17 @@ -# list where only people from the ldap_group can post, ad where +# list where only people from the ldap_group can post, and where # they are subscribed by default, but anybody else can subscribe # to read and receive messages -define sympa::public_restricted_list( $subject, +define sympa::list::public_restricted($subject, $subscriber_ldap_group, $language = 'en', $topics = false) { list { $name: subject => $subject, - profile => '', topics => $topics, language => $language, subscriber_ldap_group => $subscriber_ldap_group, sender_ldap_group => $subscriber_ldap_group, subscription_open => true, + reply_to => "${name}@${sympa::variable::vhost}", } } diff --git a/modules/sympa/manifests/list/restricted.pp b/modules/sympa/manifests/list/restricted.pp deleted file mode 100644 index 779cd3fb..00000000 --- a/modules/sympa/manifests/list/restricted.pp +++ /dev/null @@ -1,15 +0,0 @@ -# list where people cannot subscribe, where people from $ldap_group receive -# mail, with public archive -define sympa::list::restricted($subject, - $subscriber_ldap_group, - $language = 'en', - $topics = false) { - list { $name: - subject => $subject, - profile => '', - topics => $topics, - language => $language, - subscriber_ldap_group => $subscriber_ldap_group, - sender_ldap_group => $subscriber_ldap_group, - } -} diff --git a/modules/sympa/manifests/public_list.pp b/modules/sympa/manifests/public_list.pp deleted file mode 100644 index 6b660abf..00000000 --- a/modules/sympa/manifests/public_list.pp +++ /dev/null @@ -1,13 +0,0 @@ -# public discussion list -# reply_to is set to the list -define sympa::public_list($subject, - $language = 'en', - $topics = false) { - include sympa::variable - list { $name: - subject => $subject, - language => $language, - topics => $topics, - reply_to => "$name@$sympa::variable::vhost", - } -} diff --git a/modules/sympa/manifests/restricted_list_open.pp b/modules/sympa/manifests/restricted_list_open.pp deleted file mode 100644 index 1730b970..00000000 --- a/modules/sympa/manifests/restricted_list_open.pp +++ /dev/null @@ -1,14 +0,0 @@ -# same as restricted list, but anybody can post -define sympa::restricted_list_open( $subject, - $subscriber_ldap_group, - $language = 'en', - $topics = false) { - list { $name: - subject => $subject, - profile => '', - language => $language, - topics => $topics, - subscriber_ldap_group => $subscriber_ldap_group, - sender_ldap_group => $subscriber_ldap_group, - } -} diff --git a/modules/sympa/manifests/scenario/sender_email.pp b/modules/sympa/manifests/scenario/sender_email.pp deleted file mode 100644 index 4f811189..00000000 --- a/modules/sympa/manifests/scenario/sender_email.pp +++ /dev/null @@ -1,6 +0,0 @@ -define sympa::scenario::sender_email { - $sender_email_file = regsubst($name,'\@','-at-') - file { "/etc/sympa/scenari/send.restricted_$sender_email_file": - content => template('sympa/scenari/sender.email') - } -} diff --git a/modules/sympa/manifests/scenario/sender_ldap_group.pp b/modules/sympa/manifests/scenario/sender_ldap_group.pp deleted file mode 100644 index 363af4f3..00000000 --- a/modules/sympa/manifests/scenario/sender_ldap_group.pp +++ /dev/null @@ -1,7 +0,0 @@ -define sympa::scenario::sender_ldap_group { - file { "/etc/sympa/scenari/send.restricted_$name": - content => template('sympa/scenari/sender.ldap_group') - } -} - - diff --git a/modules/sympa/manifests/scenario/sender_restricted.pp b/modules/sympa/manifests/scenario/sender_restricted.pp new file mode 100644 index 00000000..c69d3669 --- /dev/null +++ b/modules/sympa/manifests/scenario/sender_restricted.pp @@ -0,0 +1,9 @@ +define sympa::scenario::sender_restricted( + $email = false, + $ldap_group = false, + $allow_subscriber = false +) { + file { "/etc/sympa/scenari/send.restricted_${name}": + content => template('sympa/scenari/sender.restricted') + } +} diff --git a/modules/sympa/manifests/server.pp b/modules/sympa/manifests/server.pp index daed4e07..bcdda789 100644 --- a/modules/sympa/manifests/server.pp +++ b/modules/sympa/manifests/server.pp @@ -10,12 +10,17 @@ class sympa::server( 'perl-CGI-Fast', 'perl-Socket6']: } - # sympa script start 5 differents script, I am not + # sympa script starts 5 different scripts; I am not # sure that puppet will correctly handle this service { 'sympa': subscribe => [ Package['sympa'], File['/etc/sympa/sympa.conf']] } + service { 'sympa-outgoing': + ensure => running, + require => Service['sympa'] + } + $pgsql_password = extlookup('sympa_pgsql','x') $ldap_password = extlookup('sympa_ldap','x') @@ -30,8 +35,8 @@ class sympa::server( $vhost = $sympa::variable::vhost file { '/etc/sympa/sympa.conf': - # should be cleaner to have it root owned, but puppet do not support acl - # and in any case, config will be reset if it change + # should be cleaner to have it root owned, but puppet does not support acls + # and in any case, config will be reset if it changes owner => 'sympa', group => 'apache', mode => '0640', @@ -56,9 +61,9 @@ class sympa::server( content => template('sympa/vhost_ml.conf'), } - subversion::snapshot { '/etc/sympa/web_tt2': - source => 'svn://svn.mageia.org/svn/web/templates/sympa/trunk', - } +# git::snapshot { '/etc/sympa/web_tt2': +# source => "git://git.${::domain}/web/templates/sympa", +# } file { ['/etc/sympa/lists_xml/', '/etc/sympa/scenari/', @@ -75,8 +80,6 @@ class sympa::server( source => 'puppet:///modules/sympa/scenari/open_web_only_notify'; '/etc/sympa/scenari/unsubscribe.open_web_only_notify': source => 'puppet:///modules/sympa/scenari/open_web_only_notify'; - '/etc/sympa/scenari/send.subscriber_moderated': - source => 'puppet:///modules/sympa/scenari/subscriber_moderated'; '/etc/sympa/scenari/create_list.forbidden': source => 'puppet:///modules/sympa/scenari/forbidden'; '/etc/sympa/topics.conf': @@ -96,4 +99,5 @@ class sympa::server( ensure => directory, owner => 'sympa', } + } diff --git a/modules/sympa/manifests/variable.pp b/modules/sympa/manifests/variable.pp index 274c4bb8..26f60294 100644 --- a/modules/sympa/manifests/variable.pp +++ b/modules/sympa/manifests/variable.pp @@ -1,3 +1,3 @@ class sympa::variable { - $vhost = "ml.$::domain" + $vhost = "ml.${::domain}" } diff --git a/modules/sympa/templates/auth.conf b/modules/sympa/templates/auth.conf index af998b68..854fdf9c 100644 --- a/modules/sympa/templates/auth.conf +++ b/modules/sympa/templates/auth.conf @@ -6,8 +6,10 @@ ldap get_dn_by_email_filter (|(mail=[sender])(mailalternateaddress=[sender])) email_attribute mail scope sub - use_ssl 1 + use_tls ldaps + ssl_version tlsv1_2 + ca_verify none bind_dn cn=sympa-<%= hostname %>,ou=System Accounts,<%= dc_suffix %> - bind_password <%= ldap_password %> + bind_password <%= scope.lookupvar("sympa::server::ldap_password") %> authentication_info_url <%= authentication_info_url %> diff --git a/modules/sympa/templates/config b/modules/sympa/templates/config index 36510531..4262f3ca 100644 --- a/modules/sympa/templates/config +++ b/modules/sympa/templates/config @@ -1,10 +1,16 @@ -subject <%= subject %> -status open +archive +period month +mail_access owner +<%- if public_archive and not @critical -%> +web_access public +<%- else -%> +web_access private +<%- end -%> visibility noconceal -lang <%= language %> +digest 1,4 13:26 <% if subscriber_ldap_group and not subscription_open %> # TODO check scenari @@ -17,91 +23,81 @@ subscribe open_web_only_notify unsubscribe open_web_only_notify <% end %> -# TODO reception nomail -# profile normal - -owner -email postmaster@<%= domain %> -gecos Sysadmin team -reception nomail - -owner_include -source mga-sysadmin +editor +email listmaster@<%= domain %> reception nomail -profile normal +gecos Moderator team visibility conceal -editor -email listmaster@<%= domain %> -gecos Moderator team +editor_include reception nomail - -editor_include source mga-ml_moderators -reception nomail visibility conceal +subject <%= subject %> -<% if reply_to %> -# TODO -reply_to_header -value other_email -other_email <%= reply_to %> -apply forced +custom_subject <%= custom_subject %> + +<%- if @critical -%> +info conceal + +subscribe auth owner + +unsubscribe auth_notify + +invite owner <% end %> +lang <%= language %> +owner +gecos Sysadmin team +reception nomail +email postmaster@<%= domain %> +visibility noconceal +profile normal -<% if sender_email %> -#TODO write scenari -send restricted_<%= sender_email_file %> +owner_include +profile normal +visibility conceal +source mga-sysadmin +reception nomail -<% elsif sender_ldap_group %> -#TODO write scenari -send restricted_<%= sender_ldap_group %> -<% else %> -#TODO write scenari -send subscriber_moderated +<%- if @reply_to -%> +reply_to_header +value other_email +other_email <%= reply_to %> +apply forced +<%- end -%> -<% end %> +review owner <% if topics %> topics <%= topics %> <% end %> +send restricted_<%= @name %> + <% if subscriber_ldap_group %> include_ldap_query - host ldap.<%= domain %> - suffix ou=People,<%= dc_suffix %> timeout 10 - filter (memberOf=cn=<%= subscriber_ldap_group %>,ou=Group,<%= dc_suffix %>) - attrs mail - select first scope one - use_ssl yes - user cn=sympa-<%= hostname %>,ou=System Accounts,<%= dc_suffix %> - passwd <%= ldap_password %> - -<% end %> - -<%- if public_archive -%> -web_archive - #TODO check - access public -<%- else -%> -web_archive - #TODO check - access private -<%- end -%> - -archive -access owner -period month + select first + ssl_version tlsv1_2 + ca_verify none + use_tls ldaps + attrs mail + ssl_ciphers ALL + passwd <%= scope.lookupvar("sympa::server::ldap_password") %> + user cn=sympa-<%= hostname %>,ou=System Accounts,<%= dc_suffix %> + suffix ou=People,<%= dc_suffix %> + filter (memberOf=cn=<%= subscriber_ldap_group %>,ou=Group,<%= dc_suffix %>) + host ldap.<%= domain %> -digest 1,4 13:26 +<% end %> -review private +process_archive on -custom_subject <%= custom_subject %> +status open diff --git a/modules/sympa/templates/data_sources/ldap_group.incl b/modules/sympa/templates/data_sources/ldap_group.incl index 4517fe26..609a7e42 100644 --- a/modules/sympa/templates/data_sources/ldap_group.incl +++ b/modules/sympa/templates/data_sources/ldap_group.incl @@ -1,8 +1,10 @@ include_ldap_2level_query host ldap.<%= domain %> - use_ssl yes + use_tls ldaps + ssl_version tlsv1_2 + ca_verify none user cn=sympa-<%= hostname %>,ou=System Accounts,<%= dc_suffix %> - passwd <%= ldap_password %> + passwd <%= scope.lookupvar("sympa::server::ldap_password") %> suffix1 ou=Group,<%= dc_suffix %> scope1 one filter1 (&(objectClass=groupOfNames)(cn=<%= name %>)) @@ -13,4 +15,3 @@ include_ldap_2level_query filter2 (objectClass=inetOrgPerson) attrs2 mail select2 first - diff --git a/modules/sympa/templates/list.xml b/modules/sympa/templates/list.xml index 1d83125e..74e4f07f 100644 --- a/modules/sympa/templates/list.xml +++ b/modules/sympa/templates/list.xml @@ -6,10 +6,11 @@ <description/> <status>open</status> <language><%= language %></language> - <owner_include> - <source>mga-sysadm</source> + <owner_include multiple="1"> + <source>mga-sysadmin</source> </owner_include> - <editor_include> + <editor_include multiple="1"> <source>mga-ml_moderators</source> </editor_include> + <topic><%= topics %></topic> </list> diff --git a/modules/sympa/templates/scenari/sender.email b/modules/sympa/templates/scenari/sender.email deleted file mode 100644 index ee293dfd..00000000 --- a/modules/sympa/templates/scenari/sender.email +++ /dev/null @@ -1,5 +0,0 @@ -title.gettext restricted to email <%= name %> - -equal([sender], '<%= name %>') smtp,md5,smime -> do_it -true() smtp,md5,smime -> reject(reason='send_subscriber') - diff --git a/modules/sympa/templates/scenari/sender.ldap_group b/modules/sympa/templates/scenari/sender.ldap_group deleted file mode 100644 index d1abe66d..00000000 --- a/modules/sympa/templates/scenari/sender.ldap_group +++ /dev/null @@ -1,5 +0,0 @@ -title.gettext restricted to group <%= name %> - -search(<%= name %>.ldap) smtp,md5,smime -> do_it -true() smtp,md5,smime -> reject(reason='send_subscriber') - diff --git a/modules/sympa/templates/scenari/sender.restricted b/modules/sympa/templates/scenari/sender.restricted new file mode 100644 index 00000000..66139e6c --- /dev/null +++ b/modules/sympa/templates/scenari/sender.restricted @@ -0,0 +1,17 @@ +title.gettext restricted list + +<%- if @ldap_group -%> +search(<%= @ldap_group %>.ldap) smtp,md5,smime -> do_it +<%- end -%> +<%- if @email -%> + <%- for e in @email -%> +equal([sender], '<%= e %>') smtp,md5,smime -> do_it + <%- end -%> +<%- end -%> +<%- if allow_subscriber -%> +equal([sender], 'sysadmin@group.mageia.org') smtp,smime,md5 -> do_it +match([sender], /@mageia\.org$/) smtp,smime,md5 -> do_it +is_subscriber([listname],[sender]) smtp,smime,md5 -> do_it +true() smime,md5 -> do_it +<%- end -%> +true() smtp,md5,smime -> reject(reason='send_subscriber') diff --git a/modules/sympa/templates/search_filters/group.ldap b/modules/sympa/templates/search_filters/group.ldap index fd1f28d9..884e0db1 100644 --- a/modules/sympa/templates/search_filters/group.ldap +++ b/modules/sympa/templates/search_filters/group.ldap @@ -1,7 +1,9 @@ host ldap.<%= domain %>:636 bind_dn cn=sympa-<%= hostname %>,ou=System Accounts,<%= dc_suffix %> -bind_password <%= ldap_password %> -use_ssl yes +bind_password <%= scope.lookupvar("sympa::server::ldap_password") %> +use_tls ldaps +ssl_version tlsv1_2 +ca_verify none suffix ou=People,<%= dc_suffix %> filter (&(mail=[sender])(memberOf=cn=<%= name %>,ou=Group,<%= dc_suffix %>)) scope sub diff --git a/modules/sympa/templates/sympa.conf b/modules/sympa/templates/sympa.conf index 83654914..edfaba15 100644 --- a/modules/sympa/templates/sympa.conf +++ b/modules/sympa/templates/sympa.conf @@ -1,297 +1,627 @@ -###\\\\ Directories and file location ////### +###\\\\ Service description ////### -## Directory containing mailing lists subdirectories -home /var/lib/sympa/expl +## Primary mail domain name +domain <%= vhost %> -## Directory for configuration files ; it also contains scenari/ and templates/ directories -etc /etc/sympa +## Email addresses of listmasters +## Email addresses of the listmasters (users authorized to perform global +## server commands). Some error reports may also be sent to these addresses. +## Listmasters can be defined for each virtual host, however, the default +## listmasters will have privileges to manage all virtual hosts. +listmaster listmaster@<%= vhost %> -## File containing Sympa PID while running. -## Sympa also locks this file to ensure that it is not running more than once. Caution : user sympa need to write access without special privilegee. -pidfile /var/run/sympa/sympa.pid +## Default language +## This is the default language used by Sympa. One of supported languages +## should be chosen. +lang en-US -pidfile_distribute /var/run/sympa/sympa-distribute.pid - -pidfile_creation /var/run/sympa/sympa-creation.pid - -pidfile_bulk /var/run/sympa/bulk.pid - -## Umask used for file creation by Sympa -umask 027 - -## Directory containing available NLS catalogues (Message internationalization) -localedir /usr/share/locale - -## The main spool containing various specialized spools -## All spool are created at runtime by sympa.pl -spool /var/spool/sympa - -## Incoming spool -queue /var/spool/sympa/msg - -## Bounce incoming spool -queuebounce /var/spool/sympa/bounce - -## Automatic list creation spool -queueautomatic /var/spool/sympa/automatic - -## -queuedigest /var/spool/sympa/digest - -## -queuemod /var/spool/sympa/moderation - -## -queuetopic /var/spool/sympa/topic - -## -queueauth /var/spool/sympa/auth - -## -queueoutgoing /var/spool/sympa/outgoing - -## -queuetask /var/spool/sympa/task - -## -queuesubscribe /var/spool/sympa/subscribe - -## URL to a virtual host. -http_host http://domain.tld - -## The directory where Sympa stores static contents (CSS, members pictures, documentation) directly delivered by Apache -static_content_path /var/lib/sympa/static_content - -## The URL mapped with the static_content_path directory defined above -static_content_url /static-sympa - -###\\\\ Syslog ////### - -## The syslog facility for sympa -## Do not forget to edit syslog.conf -syslog mail +## Supported languages +## All supported languages for the user interface. Languages proper locale +## information not installed are ignored. +supported_lang en_US + +## Title of service +## The name of your mailing list service. It will appear in the header of web +## interface and subjects of several service messages. +title Mageia Mailing lists service + +## Display name of Sympa +## This parameter is used for display name in the "From:" header field for the +## messages sent by Sympa itself. +gecos SYMPA + +## Support of legacy character set +## If set to "on", enables support of legacy character set according to +## charset.conf(5) configuration file. +## In some language environments, legacy encoding (character set) can be +## preferred for e-mail messages: for example iso-2022-jp in Japanese +## language. +legacy_character_support_feature off + +###\\\\ Database related ////### + +## Type of the database +## Possible types are "MySQL", "PostgreSQL", "Oracle", "Sybase" and "SQLite". +db_type PostgreSQL + +## Hostname of the database server +## With PostgreSQL, you can also use the path to Unix Socket Directory, e.g. +## "/var/run/postgresql" for connection with Unix domain socket. +db_host pg.<%= domain %> + +## Port of the database server +db_port 5432/tcp -## Communication mode with syslogd is either unix (via Unix sockets) or inet (use of UDP) -log_socket_type unix +## Name of the database +## With SQLite, this must be the full path to database file. With Oracle +## Database, this must be Oracle SID. +db_name sympa + +## User for the database connection +db_user sympa + +## Password for the database connection +## What ever you use a password or not, you must protect the SQL server (is it +## not a public internet service ?) +db_passwd <%= scope.lookupvar("sympa::server::pgsql_password") %> + +## Environment variables setting for database +## With Oracle Database, this is useful for defining ORACLE_HOME and NLS_LANG. +# db_env NLS_LANG=American_America.AL32UTF8;ORACLE_HOME=/u01/app/oracle/product/11.2.0/server + +## Database private extension to subscriber table +## Adds more fields to "subscriber_table" table. Sympa recognizes fields +## defined with this parameter. You will then be able to use them from within +## templates and scenarios: +## * for scenarios: [subscriber->field] +## * for templates: [% subscriber.field %] +## These fields will also appear in the list members review page and will be +## editable by the list owner. This parameter is a comma-separated list. +## You need to extend the database format with these fields +# db_additional_subscriber_fields billing_delay,subscription_expiration -## Log intensity -## 0 : normal, 2,3,4 for debug -log_level 0 +## Database private extension to user table +## Adds more fields to "user_table" table. Sympa recognizes fields defined +## with this parameter. You will then be able to use them from within +## templates: [% subscriber.field %] +## This parameter is a comma-separated list. +## You need to extend the database format with these fields +# db_additional_user_fields age,address -log_smtp off +###\\\\ System log ////### -## Number of months that elapse before a log is expired. -logs_expiration_period 3 +## System log facility for Sympa +## Do not forget to configure syslog server. +syslog mail -###\\\\ General definition ////### +## Communication mode with syslog server +log_socket_type unix -## Main robot hostname -domain <%= vhost %> +## Log verbosity +## Sets the verbosity of logs. +## 0: Only main operations are logged +## 3: Almost everything is logged. +log_level 0 -## Listmasters email list comma separated -## Sympa will associate listmaster privileges to these email addresses (mail and web interfaces). Some error reports may also be sent to these addresses. -listmaster listmaster@<%= vhost %> +###\\\\ Receiving ////### -## Local part of sympa email adresse -## Effective address will be \[EMAIL\]@\[HOST\] -email sympa +## Default maximum number of list members +## Default limit for the number of subscribers per list (0 means no limit). +default_max_list_members 0 -## Who is able to create lists -## This parameter is a scenario, check sympa documentation about scenarios if you want to define one -create_list forbidden +## Maximum size of messages +## Incoming messages smaller than this size is allowed distribution by Sympa. +max_size 5242880 -edit_list owner +## Reject mail sent from automated services to list +## Rejects messages that seem to be from automated services, based on a few +## header fields ("Content-Identifier:", "Auto-Submitted:"). +## Sympa also can be configured to reject messages based on the "From:" header +## field value (see "loop_prevention_regex"). +reject_mail_from_automates_feature off -###\\\\ Tuning ////### +## Priority for command messages +## Priority applied to messages sent to Sympa command address. +sympa_priority 1 -## Use of binary version of the list config structure on disk: none | binary_file -## Set this parameter to "binary_file" if you manage a big amount of lists (1000+) ; it should make the web interface startup faster -cache_list_config none +## Priority for messages bound for list owners +## Priority for processing of messages bound for "LIST-request" address, i.e. +## owners of the list +request_priority 0 -## Sympa commands priority -sympa_priority 1 +## Priority for non-VERP bounces +## Priority for processing of messages bound for "LIST-owner" address, i.e. +## non-delivery reports (bounces). +owner_priority 9 ## Default priority for list messages -default_list_priority 5 - -## Default timeout between two scheduled synchronizations of list members with data sources. -default_ttl 3600 - -## Default timeout between two action-triggered synchronizations of list members with data sources. -default_distribution_ttl 300 - -## Default priority for a packet to be sent by bulk. -sympa_packet_priority 5 - -request_priority 0 - -owner_priority 9 - -## The minimum number of packets in database before the bulk forks to increase sending rate -## -bulk_fork_threshold 1 - -## The max number of bulks that will run on the same server. -## -bulk_max_count 3 - -## the number of seconds a slave bulk will remain running without processing a message before it spontaneously dies. -## -bulk_lazytime 600 - -## The number of seconds a master bulk waits between two packets number checks. -## Keep it small if you expect brutal increases in the message sending load. -bulk_wait_to_fork 10 - -## the number of seconds a bulk sleeps between starting a new loop if it didn't find a message to send. +## Priority for processing of messages posted to list addresses. +default_list_priority 5 + +###\\\\ Sending related ////### + +## Header fields to be removed from incoming messages +## Use it, for example, to ensure some privacy for your users in case that +## "anonymous_sender" mode is inappropriate. +## The removal of these header fields is applied before Sympa adds its own +## header fields ("rfc2369_header_fields" and "custom_header"). +# was remove_headers ARRAY(0x4116e50) +remove_headers X-Sympa-To,X-Family-To,Return-Receipt-To,Precedence,X-Sequence,Disposition-Notification-To + +## RFC 2369 header fields +## Specify which RFC 2369 mailing list header fields to be added. +## "List-Id:" header field defined in RFC 2919 is always added. Sympa also +## adds "Archived-At:" header field defined in RFC 5064. +# was rfc2369_header_fields ARRAY(0x4116c88) +rfc2369_header_fields help,subscribe,unsubscribe,post,owner,archive + +## Default priority for a packet +## The default priority set to a packet to be sent by the bulk. +sympa_packet_priority 5 + +## Fork threshold of bulk daemon +## The minimum number of packets before bulk daemon forks the new worker to +## increase sending rate. +bulk_fork_threshold 1 + +## Maximum number of bulk workers +bulk_max_count 3 + +## Idle timeout of bulk workers +## The number of seconds a bulk worker will remain running without processing +## a message before it spontaneously exists. +bulk_lazytime 600 + +## Sleep time of bulk workers +## The number of seconds a bulk worker sleeps between starting a new loop if +## it didn't find a message to send. ## Keep it small if you want your server to be reactive. -bulk_sleep 1 - -## Secret used by Sympa to make MD5 fingerprint in web cookies secure -## Should not be changed ! May invalid all user password -#cookie 123456789 - -## If set to "on", enables support of legacy characters -## -legacy_character_support_feature off - -## The default maximum size (in bytes) for messages (can be re-defined for each list) -max_size 5242880 - -## comma separated list of operations for which blacklist filter is applied -## Setting this parameter to "none" will hide the blacklist feature -use_blacklist send,create_list - -## Specify which rfc2369 mailing list headers to add -rfc2369_header_fields help,subscribe,unsubscribe,post,owner,archive - -## Specify header fields to be removed before message distribution -remove_headers X-Sympa-To,X-Family-To,Return-Receipt-To,Precedence,X-Sequence,Disposition-Notification-To - -bounce_warn_rate 30 +bulk_sleep 1 -bounce_halt_rate 50 - -###\\\\ Internationalization ////### - -## Default lang (ca | cs | de | el | es | et_EE | en_US | fr | fi | hu | it | ja_JP | ko | nl | nb_NO | oc | pl | pt_BR | ru | sv | tr | vi | zh_CN | zh_TW) -## This is the default language used by Sympa -lang en_US - -## Supported languages -## This is the set of language that will be proposed to your users for the Sympa GUI. Don't select a language if you don't have the proper locale packages installed. -#supported_lang ca,cs,de,el,es,et_EE,en_US,fr,fi,hu,it,ja_JP,ko,nl,nb_NO,oc,pl,pt_BR,ru,sv,tr,vi,zh_CN,zh_TW -supported_lang en_US +## Interval between checks of packet numbers +## Number of seconds a master bulk daemon waits between two packets number +## checks. +## Keep it small if you expect brutal increases in the message sending load. +bulk_wait_to_fork 10 + +## Path to sendmail +## Absolute path to sendmail command line utility (e.g.: a binary named +## "sendmail" is distributed with Postfix). +## Sympa expects this binary to be sendmail compatible (exim, Postfix, qmail +## and so on provide it). Sympa also bundles "sympa_smtpc" program which may +## be a replacement to sendmail binary. +sendmail /usr/sbin/sendmail + +## Log invocation of sendmail +## This can be overwritten by "-m" option for sympa.pl. +log_smtp off + +## Maximum number of sendmail processes +## Maximum number of simultaneous child processes spawned by Sympa. This is +## the main load control parameter. +## Proposed value is quite low, but you can rise it up to 100, 200 or even 300 +## with powerful systems. +maxsmtp 40 + +## Maximum number of recipients per call to sendmail +## This grouping factor makes it possible for the sendmail processes to +## optimize the number of SMTP sessions for message distribution. If needed, +## you can limit the number of recipients for a particular domain. Check the +## "nrcpt_by_domain.conf" configuration file. +nrcpt 25 + +## Maximum number of different mail domains per call to sendmail +avg 10 + +###\\\\ Privileges ////### -###\\\\ Errors management ////### +## Who is able to create lists +## Defines who can create lists (or request list creation) by creating new +## lists or by renaming or copying existing lists. +create_list forbidden + +## Use blacklist +## List of operations separated by comma for which blacklist filter is +## applied. Setting this parameter to "none" will hide the blacklist feature. +use_blacklist send,create_list + +## List of required domains for list owner addresses +## Restrict list ownership to addresses in the specified domains. This can be +## used to reserve list ownership to a group of trusted users from a set of +## domains associated with an organization, while allowing editors and +## subscribers from the Internet at large. +# owner_domain domain1.tld domain2.tld + +## Minimum number of list owners that must match owner_domain restriction +## Minimum number of list owners that must satisfy the owner_domain +## restriction. The default of zero (0) means *all* list owners must match. +## Setting to 1 requires only one list owner to match owner_domain; all other +## owners can be from any domain. This setting can be used to ensure that +## there is always at least one known contact point for a mailing list. +owner_domain_min 0 + +###\\\\ Archives ////### + +## Store distributed messages into archive +## If enabled, distributed messages via lists will be archived. Otherwise +## archiving is disabled. +## Note that even if setting this parameter disabled, past archives will not +## be removed and will be accessible according to access settings by each +## list. +process_archive on + +## Path to MHonArc mail-to-HTML converter +## This is required for HTML mail archiving. +mhonarc /usr/bin/mhonarc + +# There is a need to protect Sympa website against spambot +spam_protection javascript + +# The same as spam_protection, but restricted to the web archive. +web_archive_spam_protection cookie + +###\\\\ Bounce management and tracking ////### + +## Default bounce warn rate +## The list owner receives a warning whenever a message is distributed and the +## number (percentage) of bounces exceeds this value. +bounce_warn_rate 30 + +## Default bounce halt rate +## NOT USED YET. If bounce rate reaches the halt_rate, messages for the list +## will be halted, i.e. they are retained for subsequent moderation. +bounce_halt_rate 50 + +## Remove bouncing new subscribers +## If set to unique, the welcome message is sent using a unique return path in +## order to remove the subscriber immediately in the case of a bounce. +welcome_return_path owner + +## Remove subscribers bouncing remind message +## Same as welcome_return_path, but applied to remind messages. +remind_return_path owner + +## Task for expiration of old bounces +## This task resets bouncing information for addresses not bouncing in the +## last 10 days after the latest message distribution. +expire_bounce_task daily + +###\\\\ Automatic lists ////### + +## Definition of automatic list families +## Defines the families the automatic lists are based on. It is a character +## string structured as follows: +## * each family is separated from the other by a semi-column (;) +## * inside a family definition, each field is separated from the other by a +## column (:) +## * each field has the structure: "<field name>=<filed value>" +## Basically, each time Sympa uses the automatic lists families, the values +## defined in this parameter will be available in the family object. +## * for scenarios: [family->name] +## * for templates: [% family.name %] +# automatic_list_families name=family_one:prefix=f1:display=My automatic lists:prefix_separator=+:classes separator=-:family_owners_list=alist@domain.tld;name=family_two:prefix=f2:display=My other automatic lists:prefix_separator=+:classes separator=-:family_owners_list=anotherlist@domain.tld; + +## Parsed files for families +## comma-separated list of files that will be parsed by Sympa when +## instantiating a family (no space allowed in file names) +parsed_family_files message.footer,message.header,message.footer.mime,message.header.mime,info + +###\\\\ Tag based spam filtering ////### + +## Header field to tag spams +## If a spam filter (like spamassassin or j-chkmail) add a header field to tag +## spams, name of this header field (example X-Spam-Status) +antispam_tag_header_name X-Spam-Status + +## Regular expression to check header field to tag spams +## Regular expression applied on this header to verify message is a spam +## (example Yes) +antispam_tag_header_spam_regexp ^\s*Yes + +## Regular expression to determine spam or ham. +## Regular expression applied on this header field to verify message is NOT a +## spam (example No) +antispam_tag_header_ham_regexp ^\s*No + +## Name of header field to inform +## Messages are supposed to be filtered by an spam filter that add one more +## headers to messages. This parameter is used to select a special scenario in +## order to decide the message spam status: ham, spam or unsure. This +## parameter replace antispam_tag_header_name, antispam_tag_header_spam_regexp +## and antispam_tag_header_ham_regexp. +spam_status x-spam-status + +###\\\\ Directories ////### + +## List home +## Base directory of list configurations. +home /var/lib/sympa/expl + +## Directory for configuration files +## Base directory of global configuration (except "sympa.conf"). +etc /etc/sympa + +## Base directory of spools +## Base directory of all spools which are created at runtime. This directory +## must be writable by Sympa user. +spool /var/spool/sympa + +## Directory for message incoming spool +## This spool is used both by "queue" program and "sympa_msg.pl" daemon." +queue /var/spool/sympa/msg + +## Directory for moderation spool +queuemod /var/spool/sympa/moderation + +## Directory for digest spool +queuedigest /var/spool/sympa/digest + +## Directory for held message spool +## This parameter is named such by historical reason. +queueauth /var/spool/sympa/auth + +## Directory for archive spool +## This parameter is named such by historical reason. +queueoutgoing /var/spool/sympa/outgoing + +## Directory for held request spool +## This parameter is named such by historical reason. +queuesubscribe /var/spool/sympa/subscribe + +## Directory for topic spool +queuetopic /var/spool/sympa/topic + +## Directory for bounce incoming spool +## This spool is used both by "bouncequeue" program and "bounced.pl" daemon. +queuebounce /var/spool/sympa/bounce + +## Directory for task spool +queuetask /var/spool/sympa/task + +## Directory for automatic list creation spool +## This spool is used both by "familyqueue" program and "sympa_automatic.pl" +## daemon. +queueautomatic /var/spool/sympa/automatic + +## Directory for message outgoing spool +## This parameter is named such by historical reason. +queuebulk /var/spool/sympa/bulk + +## Directory to cache formatted messages +## Base directory path of directories where HTML view of messages are cached. +viewmail_dir /var/spool/sympa/viewmail + +## Directory for storing bounces +## The directory where bounced.pl daemon will store the last bouncing message +## for each user. A message is stored in the file: <bounce_path>/<list +## name>@<mail domain name>/<email address>, or, if tracking is enabled: +## <bounce_path>/<list name>@<mail domain name>/<email address>_<envelope ID>. +## Users can access to these messages using web interface in the bounce +## management page. +## Don't confuse with "queuebounce" parameter which defines the spool where +## incoming error reports are stored and picked by bounced.pl daemon. +bounce_path /var/lib/sympa/bounce + +## Directory for storing archives +## Where to store HTML archives. This parameter is used by the "archived.pl" +## daemon. It is a good idea to install the archive outside the web document +## hierarchy to ensure accesses passing WWSympa's access control will be +## prevented. +arc_path /var/lib/sympa/arc + +###\\\\ Miscellaneous ////### + +## Local part of Sympa email address +## Local part (the part preceding the "@" sign) of the address by which mail +## interface of Sympa accepts mail commands. +## If you change the default value, you must modify the mail aliases too. +email sympa + +## Custom robot parameter +## Used to define a custom parameter for your server. Do not forget the +## semicolon between the parameter name and the parameter value. +## You will be able to access the custom parameter value in web templates by +## variable "conf.custom_robot_parameter.<param_name>" +# custom_robot_parameter param_name ; param_value + +## Use of binary cache of list configuration +## binary_file: Sympa processes will maintain a binary version of the list +## configuration, "config.bin" file on local disk. If you manage a big amount +## of lists (1000+), it should make the web interface startup faster. +## You can recreate cache by running "sympa.pl --reload_list_config". +cache_list_config none + +## Max age of logs in database +## Number of months that elapse before a log is expired +logs_expiration_period 3 + +## Umask +## Default mask for file creation (see umask(2)). Note that it will be +## interpreted as an octal value. +umask 027 + +## Secret string for generating unique keys +## This allows generated authentication keys to differ from a site to another. +## It is also used for encryption of user passwords stored in the database. +## The presence of this string is one reason why access to "sympa.conf" needs +## to be restricted to the "sympa" user. +## Note that changing this parameter will break all HTTP cookies stored in +## users' browsers, as well as all user passwords and lists X509 private keys. +## To prevent a catastrophe, Sympa refuses to start if this "cookie" parameter +## was changed. +# cookie 123456789 + +###\\\\ Web interface parameters ////### + +## URL prefix of web interface +## This is used to construct URLs of web interface. +wwsympa_url https://<%= vhost %>/l + +## URL prefix of WWSympa behind proxy +#http_host http://domain.tld + +## URL for static contents +## HTTP server have to map it with "static_content_path" directory. +static_content_url /static-sympa +css_url /static-sympa/css +pictures_url /static-sympa/pictures + +## Directory for static contents +static_content_path /var/lib/sympa/static_content +css_path /var/lib/sympa/static_content/css +pictures_path /var/lib/sympa/static_content/pictures + +## System log facility for web interface +## System log facility for WWSympa, archived.pl and bounced.pl. Default is to +## use value of "syslog" parameter. +log_facility LOCAL1 + +###\\\\ Web interface parameters: Appearances ////### + +## Type of main web page +## "lists" for the page of list of lists. "home" for home page. +default_home lists + +## Default index organization of web archive +## thrd: Threaded index. +## mail: Chronological index. +archive_default_index thrd + +## Size of review page +## Default number of lines of the array displaying users in the review page +review_page_size 25 + +## Size of viewlogs page +## Default number of lines of the array displaying the log entries in the logs +## page. +viewlogs_page_size 25 + +###\\\\ Web interface parameters: Miscellaneous ////### + +## HTTP cookies validity domain +## If beginning with a dot ("."), the cookie is available within the specified +## Internet domain. Otherwise, for the specified host. The only reason for +## replacing the default value would be where WWSympa's authentication process +## is shared with an application running on another host. +cookie_domain <%= vhost %> + +## HTTP cookies lifetime +## This is the default value when not set explicitly by users. "0" means the +## cookie may be retained during browser session. +cookie_expire 0 + +## Average interval to refresh HTTP session ID. +cookie_refresh 60 + +## Use HTML editor +## If set to "on", users will be able to post messages in HTML using a +## javascript WYSIWYG editor. +use_html_editor 0 + +## URL of HTML editor +## URL path to the javascript file making the WYSIWYG HTML editor available. +## Relative path under <static_content_url> or absolute path. +## Example is for TinyMCE 4 installed under <static_content_path>/js/tinymce/. +# html_editor_url js/tinymce/tinymce.min.js + +## HTML editor initialization +## Javascript excerpt that enables and configures the WYSIWYG HTML editor. +# html_editor_init tinymce.init({selector:"#body",language:lang.split(/[^a-zA-Z]+/).join("_")}); + +## Count limit of wrong password submission +## If this limit is reached, the account is locked until the user renews their +## password. The default value is chosen in order to block bots trying to log +## in using brute force strategy. This value should never be reached by real +## users that will probably uses the renew password service before they +## performs so many tries. +max_wrong_password 19 + +## Password case +## "insensitive" or "sensitive". +## If set to "insensitive", WWSympa's password check will be insensitive. This +## only concerns passwords stored in the Sympa database, not the ones in LDAP. +## Should not be changed! May invalid all user password. +password_case insensitive + +###\\\\ S/MIME and TLS ////### -## Bouncing email rate for warn list owner -#bounce_warn_rate 20 +## Password used to crypt lists private keys +## If not defined, Sympa assumes that list private keys are not encrypted. +# key_passwd your_password -## Bouncing email rate for halt the list (not implemented) -## Not yet used in current version, Default is 50 -#bounce_halt_rate 50 +## Directory containing user certificates +ssl_cert_dir /var/lib/sympa/X509-user-certs -## Task name for expiration of old bounces -#expire_bounce_task daily +###\\\\ Data sources setup ////### -## Welcome message return-path -## If set to unique, new subcriber is removed if welcome message bounce -#welcome_return_path unique +## Default of SQL fetch timeout +## Default timeout while performing a fetch with include_sql_query. +default_sql_fetch_timeout 300 -###\\\\ MTA related ////### +###\\\\ DKIM ////### -## Path to the MTA (sendmail, postfix, exim or qmail) -## should point to a sendmail-compatible binary (eg: a binary named "sendmail" is distributed with Postfix) -sendmail /usr/sbin/sendmail +## Enable DKIM +## If set to "on", Sympa may verify DKIM signatures of incoming messages and/ +## or insert DKIM signature to outgoing messages. +dkim_feature off -## Maximum number of recipients per call to Sendmail. The nrcpt_by_domain.conf file allows a different tuning per destination domain. -nrcpt 25 +## Which service messages to be signed +## Inserts a DKIM signature to service messages in context of robot, list or +## both +dkim_add_signature_to robot,list -## Max. number of different domains per call to Sendmail -avg 10 +## The "d=" tag as defined in rfc 4871 +## The DKIM "d=" tag, is the domain of the signing entity. Default is virtual +## host domain name +dkim_signer_domain <%= vhost %> -## Max. number of Sendmail processes (launched by Sympa) running simultaneously -## Proposed value is quite low, you can rise it up to 100, 200 or even 300 with powerfull systems. -maxsmtp 40 +## Rewrite header for DKIM signed messages and DMARC rejecting domains +dmarc_protection_mode dkim_signature,dmarc_reject -###\\\\ Plugin ////### +###\\\\ Antivirus plug-in ////### ## Path to the antivirus scanner engine -## supported antivirus : McAfee/uvscan, Fsecure/fsav, Sophos, AVP and Trend Micro/VirusWall -#antivirus_path /usr/local/uvscan/uvscan - -## Antivirus pluggin command argument -#antivirus_args --secure --summary --dat /usr/local/uvscan +## Supported antivirus: Clam AntiVirus/clamscan & clamdscan, McAfee/uvscan, +## Fsecure/fsav, Sophos, AVP and Trend Micro/VirusWall +# antivirus_path /usr/local/bin/clamscan -###\\\\ S/MIME pluggin ////### +## Antivirus plugin command line arguments +# antivirus_args --no-summary --database /usr/local/share/clamav -## Path to OpenSSL -## Sympa knowns S/MIME if openssl is installed -#openssl /usr/bin/ssl +###\\\\ Password validation ////### -## The directory path use by OpenSSL for trusted CA certificates -#capath /etc/sympa/ssl.crt +## Password validation +## The password validation techniques to be used against user passwords that +## are added to mailing lists. Options come from Data::Password +## (https://search.cpan.org/~razinf/Data-Password-1.07/Password.pm#VARIABLES) +# password_validation MINLEN=8,GROUPS=3,DICTIONARY=4,DICTIONARIES=/pentest/dictionaries -## This parameter sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) -#cafile /usr/local/apache/conf/ssl.crt/ca-bundle.crt - -## User CERTs directory -ssl_cert_dir /var/lib/sympa/X509-user-certs - -crl_dir /var/lib/sympa/crl - -## Password used to crypt lists private keys -#key_passwd your_password - -###\\\\ Database ////### - -## Database type (mysql | Pg | Oracle | Sybase | SQLite) -## be carefull to the case -db_type Pg - -## Name of the database -## with SQLite, the name of the DB corresponds to the DB file -db_name sympa - -## The host hosting your sympa database -db_host pgsql.<%= domain %> - -## The database port -db_port 5432/tcp - -## Database user for connexion -db_user sympa - -## Database password (associated to the db_user) -## What ever you use a password or not, you must protect the SQL server (is it a not a public internet service ?) -db_passwd <%= pgsql_password %> - -## Database private extention to user table -## You need to extend the database format with these fields -#db_additional_user_fields age,address - -## Database private extention to subscriber table -## You need to extend the database format with these fields -#db_additional_subscriber_fields billing_delay,subscription_expiration +###\\\\ Authentication with LDAP ////### -###\\\\ Web interface ////### +## Use canonical email address for LDAP authentication +## When using LDAP authentication, if the identifier provided by the user was +## a valid email, if this parameter is set to false, then the provided email +## will be used to authenticate the user. Otherwise, use of the first email +## returned by the LDAP server will be used. +ldap_force_canonical_email 1 -## Sympa's main page URL -wwsympa_url https://<%= vhost %>/l +###\\\\ Obsoleted parameters ////### -## If a spam filter (like spamassassin or j-chkmail) add a smtp headers to tag spams, name of this header (example X-Spam-Status) -antispam_tag_header_name X-Spam-Status +## Default timeout between two scheduled synchronizations of list members with +## data sources. +default_ttl 3600 -## The regexp applied on this header to verify message is a spam (example \s*Yes) -antispam_tag_header_spam_regexp ^\s*Yes +## Default timeout between two action-triggered synchronizations of list +## members with data sources. +default_distribution_ttl 300 -## The regexp applied on this header to verify message is NOT a spam (example \s*No) -antispam_tag_header_ham_regexp ^\s*No +edit_list owner -# Disable alias management, already managed in postfix -sendmail_aliases none +## Enable FastCGI +## Is FastCGI module for HTTP server installed. This module provide much +## faster web interface. +use_fast_cgi 1 -# keep this enabled for bugzilla automatic mail sending -# feature ( which are marked as such in the header ) -reject_mail_from_automates_feature off +# Upgrade from 6.2.40 to 6.2.42 +# 22 May 2019 at 21:22:06 +shared_feature on diff --git a/modules/sympa/templates/vhost_ml.conf b/modules/sympa/templates/vhost_ml.conf index ad6b4400..11aa7ae5 100644 --- a/modules/sympa/templates/vhost_ml.conf +++ b/modules/sympa/templates/vhost_ml.conf @@ -2,13 +2,19 @@ RewriteRule ^/?$ /l/home [R] RewriteRule ^/l$ /l/ RewriteRule ^/l/(.*)$ /wwsympa-wrapper.fcgi/$1 - + DocumentRoot <%= lib_dir + "/sympa/cgi" %> Alias /static-sympa /var/lib/sympa/static_content <Directory /var/lib/sympa/static_content> - Order allow,deny - Allow from all + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all granted + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order allow,deny + Allow from all + </IfModule> </Directory> - diff --git a/modules/sympa/templates/webapp_sympa.conf b/modules/sympa/templates/webapp_sympa.conf index b920a8f1..1a508199 100644 --- a/modules/sympa/templates/webapp_sympa.conf +++ b/modules/sympa/templates/webapp_sympa.conf @@ -1,8 +1,16 @@ <Directory <%= lib_dir + "/sympa/cgi" %> > - Options ExecCGI - AddHandler fastcgi-script .fcgi + SetHandler fcgid-script + Options +ExecCGI + AddHandler cgi-script .fcgi DirectoryIndex wwsympa-wrapper.fcgi - Order allow,deny - Allow from all + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all granted + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order allow,deny + Allow from all + </IfModule> </Directory> |