install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_update_dovecot.sh: relax/defuse systemd-hardening

Browse Source
This commit is contained in:
Christoph
2026-02-04 22:22:31 +01:00
parent 7163b2dccf
commit 71be7f0754
1 changed files with 154 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

252
install_update_dovecot.sh
View File

@@ -184,7 +184,7 @@ else
fi
if [[ -z "$systemd_support" ]] ; then
if $SYSTEMD_EXISTS ; then
if $SYSTEMD_EXISTS ; then
systemd_support=true
else
systemd_support=false
@@ -305,7 +305,7 @@ _version_short="${_version%-*}"
#clean_up 0
# 'expire plugin'was rRemoved in version 2.3.14: This plugin is not needed.
# 'expire plugin'was rRemoved in version 2.3.14: This plugin is not needed.
# Use mailbox { autoexpunge } Mailbox settings instead.
#
if [[ $dovecot_major_version -gt 2 ]] \
@@ -362,12 +362,12 @@ if [[ -n "$_update" ]]; then
echo -e "[1] Update"
echo -e "\033[37m\033[1m[2] New Installation\033[m"
fi
echo ""
echo ""
echononl "Choose a number or press <RETURN> for highlighted value: "
else
echo -e "[1] Update"
echo "[2] New Installation"
echo ""
echo ""
echononl "Choose a Number: "
fi
update=""
@@ -392,13 +392,13 @@ while [[ "$update" != "true" && "$update" != "false" ]] ; do
fi
;;
*) update=""
echo ""
echo ""
if [[ -n "$_IS_RELAY_HOST" ]]; then
echo -e "\tWrong entry! [ 1 = Update ; 2 = New Installation ] or type <RETURN>"
else
echo -e "\tWrong entry! [ 1 = Update ; 2 = New Installation ]"
echo -e "\tWrong entry! [ 1 = Update ; 2 = New Installation ]"
fi
echo ""
echo ""
echononl "Reentry: "
;;
esac
@@ -415,7 +415,7 @@ done
clear;
echo ""
if $update ;then
if $update ;then
echo -e "\tUpdate Dovecot................: $update"
else
echo -e "\tInstall Dovecot first time....: Yes"
@@ -507,7 +507,7 @@ export MAKEFLAGS=-j$(expr `grep "^processor" /proc/cpuinfo | sort -u | wc -l` -
echo ""
if $update ;then
if $update ;then
_new=false;
else
_new=true;
@@ -683,7 +683,7 @@ mkdir -p $_log_dir
## -----------------
## --- Download
## --- Download
cd ${_src_base_dir}
@@ -720,7 +720,7 @@ fi
## - Download Pigeonhole for Dovecot v2.2
## -
if [[ ${dovecot_major_version} -eq 2 ]] && [[ ${dovecot_minor_version} -lt 4 ]] ; then
echononl "\tDownload dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
if [ ! -f "${_src_base_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz" ]; then
wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
@@ -730,7 +730,7 @@ if [[ ${dovecot_major_version} -eq 2 ]] && [[ ${dovecot_minor_version} -lt 4 ]]
echo -e "$rc_failed"
error "Direct download of 'dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz' failed
Download \033[1mdovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz\033[m manually
Download \033[1mdovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz\033[m manually
and proceed instllation."
echononl "\tProceed instllation [yes/no]: "
@@ -1071,7 +1071,7 @@ fi
## - if [ -d $checkdir ]; then
## - PATH=$PATH:$checkdir
## - fi
## -
## -
echononl "\tAdd /usr/local/dovecot/bin to PATH variable.."
if ! grep "checkdir=\"/usr/local/dovecot/bin\"" /etc/profile > /dev/null ; then
perl -i -n -p -e "s#^(\s*)(export\ +PATH)#checkdir=\"/usr/local/dovecot/bin\"\nif [ -d \\\$checkdir ]; then\n PATH=\\\$PATH:\\\$checkdir\nfi\n\n\1\2#" /etc/profile
@@ -1166,9 +1166,9 @@ cp -r /usr/local/dovecot-${_version}/share/doc/dovecot/example-config/* \
## - base_dir =/run/dovecot/
## - state_dir = /run/dovecot
## - shutdown_clients = no
## -
## -
## - dict {
## - expire = $db_driver:/usr/local/dovecot/etc/dovecot/sql-dict.conf.ext
## - expire = $db_driver:/usr/local/dovecot/etc/dovecot/sql-dict.conf.ext
## - }
## -
echononl "\tAdjust file dovecot.conf.."
@@ -1253,7 +1253,7 @@ if $_new ; then
echononl "\tCreate table expires in database ${dbname}.."
if $plugin_expire ; then
cat << EOF | psql -U$dbuser $dbname > ${_log_dir}/error.log 2>&1
CREATE TABLE IF NOT EXISTS expires (
username varchar(100) not null,
mailbox varchar(255) not null,
@@ -1395,7 +1395,7 @@ EOF
echononl "\tCreate table expires in database ${dbname}.."
if $plugin_expire ; then
cat << EOF | mysql -u$dbuser -p$dbpassword $dbname > /dev/null 2>&1
CREATE TABLE IF NOT EXISTS expires (
username varchar(100) not null,
mailbox varchar(255) not null,
@@ -1450,7 +1450,7 @@ connect = host=$dbhost user=$dbuser password=$dbpassword dbname=$dbname
# END IF;
# END;
# \$\$ LANGUAGE plpgsql;
#
#
# CREATE TRIGGER mergeexpires BEFORE INSERT ON expires
# FOR EACH ROW EXECUTE PROCEDURE merge_expires();
@@ -1505,7 +1505,7 @@ EOF
echo -e "$rc_failed"
fatal "Creating file sql-dict.conf.ext failed"
fi
fi
fi
else
echo -e "$rc_skipped"
fi
@@ -1519,15 +1519,15 @@ fi
## - default_vsz_limit = 512M
## -
## - !! Bemerkung !!
## -
## - Das Hochsetzen des default_client_limit Parameters auf einen Wert größer
## - als 1024 geht nur dann wenn auch die Anzahl der zulässigen "open files"
## - (default = 1024) geändert wird.
## -
## - Das Hochsetzen des default_client_limit Parameters auf einen Wert größer
## - als 1024 geht nur dann wenn auch die Anzahl der zulässigen "open files"
## - (default = 1024) geändert wird.
## -
## -
## - Systemd System:
## - ===============
## -
## -
## - In der service datei (z.Bsp. /etc/systemd/system/multi-user.target.wants/dovecot.service)
## - den Wert 'LimitNOFILE' hochsetzen:
## -
@@ -1536,15 +1536,15 @@ fi
## - systemctl daemon-reload
## - systemctl restart dovecot.service
## -
## - Im Falle von LX containern muss zusätzlich auf dem hostsystem
## - in der datei '/etc/systemd/system.conf' der Wert für 'DefaultLimitNOFILE'
## - Im Falle von LX containern muss zusätzlich auf dem hostsystem
## - in der datei '/etc/systemd/system.conf' der Wert für 'DefaultLimitNOFILE'
## - hochgesetzt werden.
## -
## - System V systems:
## - =================
## - Das Hochsetzen des default_client_limit Parameters auf einen Wert größer
## - als 1024 geht nur dann wenn auch die Anzahl der zulässigen "open files"
## - (default = 1024) geändert wird. Z.Bsp. in der Datei /etc/init.d/dovecot
## - Das Hochsetzen des default_client_limit Parameters auf einen Wert größer
## - als 1024 geht nur dann wenn auch die Anzahl der zulässigen "open files"
## - (default = 1024) geändert wird. Z.Bsp. in der Datei /etc/init.d/dovecot
## - durch Einfügen der zeile:
## - ulimit -n 32768
## -
@@ -1596,10 +1596,10 @@ fi
## - address = $imaps_listener_adresses
## - ..
## - }
## -
## -
## - process_min_avail = 16
## - }
## -
## -
## - service pop3-login {
## - inet_listener pop3 {
## - address = $pop_listener_adresses
@@ -1678,7 +1678,7 @@ fi
## - permanently on filesystem. So we have to create such a file
## -
## - openssl dhparam -out /etc/postfix/ssl/dh_4096.pem`
## -
## -
if [[ $dovecot_major_version -ge 3 ]] \
|| ( [[ $dovecot_major_version -eq 2 ]] && [[ $dovecot_minor_version -ge 3 ]] ); then
@@ -1687,7 +1687,7 @@ if [[ $dovecot_major_version -ge 3 ]] \
echo -en "$rc_wait"
if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
openssl dhparam -out "$dh_pem_file" 4096 > /dev/null 2>&1
else
else
openssl dhparam -dsaparam -out "$dh_pem_file" 4096 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]]; then
@@ -1784,7 +1784,7 @@ fi
## - edit /usr/local/dovecot/etc/dovecot/conf.d/10-mail.conf
## -
## -
## - mail_location = maildir:/var/vmail/%d/%n/Maildir
## -
## - mail_uid = vmail
@@ -1794,7 +1794,7 @@ fi
## - last_valid_uid = 5000
## -
## - mail_temp_dir = /var/vmail/tmp
## -
## -
## - first_valid_gid = 5000
## - last_valid_gid = 5000
## -
@@ -1842,7 +1842,7 @@ else
echo -e "$rc_failed"
fatal "Adjusting file '10-mail.conf' failed"
fi
echononl "\tCreate TEMP directory '/var/vmail/tmp' .."
@@ -1937,7 +1937,7 @@ fi
## -
## - Add namespaces type private
## -
## - Add:
## - Add:
## - namespace inbox {
## - type = private
## - separator = /
@@ -1957,7 +1957,7 @@ namespace inbox {
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format.
#separator =
#separator =
separator = /
# Prefix required to access this namespace. This needs to be different for
@@ -2007,12 +2007,12 @@ fi
## - auto = subscribe
## - special_use = \Drafts
## - }
## -
## -
## - mailbox Trash {
## - auto = subscribe
## - special_use = \Trash
## - }
## -
## -
## - mailbox Sent {
## - auto = subscribe
## - special_use = \Sent
@@ -2072,7 +2072,7 @@ fi
## -
## - disable_plaintext_auth = no
## - auth_mechanisms = $auth_mechanisms
## - !include auth-sql.conf.ext # comment all other includes
## - !include auth-sql.conf.ext # comment all other includes
## - auth_username_translation = "%@"
## -
_failed=false
@@ -2101,14 +2101,14 @@ fi
## -
## - passdb {
## - driver = sql
## -
## -
## -
## -
## - # path for sql configuration file, see example-config/dovecot-sql.conf.ext
## - args = /usr/local/dovecot/etc/dovecot/sql-connect.conf.ext
## - }
## -
## -
## - ..
## -
## -
## - userdb {
## - driver = sql
## - args = /usr/local/dovecot/etc/dovecot/sql-connect.conf.ext
@@ -2194,14 +2194,14 @@ fi
## - if running inetd-script:
## -
## - log_path = /var/log/dovecot/dovecot.log
## -
## -
## - or for example
## -
## - log_path = syslog
## - syslog_facility = local1
## - auth_verbose = yes
## - auth_verbose_passwords = plain
## -
## -
## - in conjunction with the the following entries in /etc/rsyslog.conf
## -
## - local1.* -/var/log/dovecot.log
@@ -2310,7 +2310,7 @@ fi
## - hostname = $hostname
## - sendmail_path = /usr/sbin/sendmail
## - lda_mailbox_autocreate = no
## - mail_plugins = $mail_plugins sieve
## - mail_plugins = $mail_plugins sieve
## -
_failed=false
echononl "\tAdjusting file 15-lda.conf"
@@ -2406,7 +2406,7 @@ fi
## - edit /usr/local/dovecot/etc/dovecot/conf.d/90-plugin.conf
## -
## - Note:
## - Setting "autocreate", "autosubscribe" here is depricated. Use mailbox { auto } setting instead.
## - Setting "autocreate", "autosubscribe" here is depricated. Use mailbox { auto } setting instead.
## -
## - expire = Trash
## - expire2 = Trash/*
@@ -2419,7 +2419,7 @@ fi
## - # it's better to enable it only after you've verified that the expire plugin is
## - # working as wanted. (v2.2.16+)
## - expire_cache = yes
## -
## -
_failed=false
echononl "\tAdjusting file 90-plugin.conf"
if $plugin_expire ; then
@@ -2483,7 +2483,7 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
cat <<EOF >> "$_tmp_file"
# Add Setting 'sieve_vacation_send_from_recipient' from (included)
# Add Setting 'sieve_vacation_send_from_recipient' from (included)
#
# Pigeonhole Sieve: Vacation Extension
# ====================================
@@ -2563,7 +2563,7 @@ else
fi
## - NOTICE: if you pre-compile your (global) scripts, you will increase
## - NOTICE: if you pre-compile your (global) scripts, you will increase
## - performance
## -
echononl "\tPrecompile global sieve script"
@@ -2597,12 +2597,14 @@ chown -R vmail:vmail /usr/local/dovecot-${_version}/etc/dovecot/sieve
if $systemd_support; then
_folder_created=false
## - # - At time, we don't use private tmp directory for divecot.
## - # -
## - echononl "\tAdjust Systemd service file, set PrivateTmp=false.."
## - if [[ -f "/etc/systemd/system/dovecot.service" ]] ; then
## -
## - if $(grep -o -E "PrivateTmp\s*=\s*[^[:blank:]]+" /etc/systemd/system/dovecot.service | grep -q true 2> /dev/null ) ; then
## -
## - if $(grep -o -E "PrivateTmp\s*=\s*[^[:blank:]]+" /etc/systemd/system/dovecot.service | grep -q true 2> /dev/null ) ; then
## - perl -i -n -p -e "s/(PrivateTmp\s*=\s*)true/\1false/" /etc/systemd/system/dovecot.service
## - if [[ $? -eq 0 ]]; then
## - echo -e "$rc_done"
@@ -2620,9 +2622,16 @@ if $systemd_support; then
## -
## - here:
## - LimitNOFILE=32768
## -
if [[ -f "/lib/systemd/system/dovecot.service" ]] \
&& $(grep -q -E "^LimitNOFILE=" /lib/systemd/system/dovecot.service) ; then
## -
## - zwei Bemerkungen:
## - - keine runden Klammern notwendig, da die bash '&&' vor '||' auswertet
## - - hier auch keine backslah '\' am ende der zeile notwendig, da statement
## - offensichtlich noch nichzt abgeschlossen ist (die bash erkennt das)
## -
if [[ -f /lib/systemd/system/dovecot.service ]] &&
grep -qE '^[[:space:]]*LimitNOFILE=' /lib/systemd/system/dovecot.service ||
[[ -f /etc/systemd/system/dovecot.service ]] &&
grep -qE '^[[:space:]]*LimitNOFILE=' /etc/systemd/system/dovecot.service ; then
_LimitNOFILE="$(grep -E "^LimitNOFILE=[[:digit:]]+" /lib/systemd/system/dovecot.service | cut -d'=' -f2)"
@@ -2638,6 +2647,7 @@ if $systemd_support; then
mkdir "/etc/systemd/system/dovecot.service.d" > /dev/null 2>&1
if [[ $? -eq 0 ]]; then
echo -e "$rc_done"
_folder_created=true
else
echo -e "$rc_failed"
adjust_limit_nofile=false
@@ -2656,8 +2666,54 @@ LimitNOFILE=$service_limit_nofile
EOF
echo -e "$rc_done"
fi
fi
## - Adjust systemd hardening:
## -
## - Options such as ProtectSystem=full/strict make the service's mount namespace,
## - including /usr (and thus /usr/local/dovecote/..), read-only, even though it is w
## - ritable outside the service.
## -
## - However, we would like to allow dovecot to write to the directory
## - /usr/local/dovecot/etc/dovecot/sieve/.
## -
## - ProtectSystem=off
## -
## - zwei Bemerkungen:
## - - keine runden Klammern notwendig, da die bash '&&' vor '||' auswertet
## - - hier auch keine backslah '\' am ende der zeile notwendig, da statement
## - offensichtlich noch nichzt abgeschlossen ist (die bash erkennt das)
## -
if [[ -f /lib/systemd/system/dovecot.service ]] &&
grep -qE '^[[:space:]]*ProtectSystem=' /lib/systemd/system/dovecot.service ||
[[ -f /etc/systemd/system/dovecot.service ]] &&
grep -qE '^[[:space:]]*ProtectSystem=' /etc/systemd/system/dovecot.service ; then
if ! ${_folder_created} ; then
echononl "\tCreate Directory '/etc/systemd/system/dovecot.service.d'.."
if [[ -d "/etc/systemd/system/dovecot.service.d" ]] ; then
echo -e "$rc_skipped"
else
mkdir "/etc/systemd/system/dovecot.service.d" > /dev/null 2>&1
if [[ $? -eq 0 ]]; then
echo -e "$rc_done"
else
echo -e "$rc_failed"
fi
fi
fi
echononl "\tSet 'ProtectSystem=off' for 'dovecot.service'.."
cat <<EOF > /etc/systemd/system/dovecot.service.d/systemd-hardening.conf
[Service]
ProtectSystem=off
EOF
echo -e "$rc_done"
fi
echononl "\tReload systemd .."
systemctl daemon-reload > /dev/null 2>&1
@@ -2692,7 +2748,7 @@ else
fi
fi
if $_new ; then
@@ -2707,7 +2763,7 @@ if $_new ; then
## - running dovecot service via init-script
## -
cat <<EOF > /etc/init.d/dovecot
#! /bin/sh
#! /bin/sh
### BEGIN INIT INFO
# Provides: dovecot
# Required-Start: \$syslog \$postgresql
@@ -2899,7 +2955,7 @@ EOF
echo -e "$rc_failed"
fatal "Creating init script for dovecot failed"
fi
chmod 755 /etc/init.d/dovecot
else
@@ -2910,7 +2966,7 @@ EOF
fi
## - Add a cronjob to restart dovecot after booting the system.
## -
## -
## - Notice:
## - On normal start, dovecot started its service even if ipv6 is not
## - yet present and dovecot cannot bind to ipv6 listeners.
@@ -2964,10 +3020,10 @@ EOF
## - add/uncomment:
## -
## - smtpd_tls_auth_only
## -
## -
## - smtpd_sasl_type = dovecot
## - smtpd_sasl_path = private/dovecot-auth
## -
## -
## - virtual_transport = dovecot
## - dovecot_destination_recipient_limit = 1
## -
@@ -3172,22 +3228,22 @@ echo -e "\033[1mConfigure quota support for dovecot\033[m"
## - take care quota plugins (quota,imap-quota) will
## - be loaded:
## -
## -
## - there are two quota related plugins:
## -
## -
## - * quota: implements the actual quota handling and includes also all the quota backends.
## - * imap_quota: for reporting quota information via imap.
## -
## - * imap_quota: for reporting quota information via imap.
## -
## - enable them in configuration files, e.g.:
## -
## -
## - conf.d/10-mail.conf:
## -
## -
## - # space separated list of plugins to load for all services. plugins specific to
## - # imap, lda, etc. are added to this list in their own .conf files.
## - mail_plugins = $mail_plugins quota
## -
## -
## - conf.d/20-imap.conf:
## -
## -
## - protocol imap {
## - # space separated list of plugins to load (default is global mail_plugins).
## - mail_plugins = $mail_plugins imap_quota
@@ -3222,7 +3278,7 @@ fi
## - edit /usr/local/dovecot/etc/dovecot/dovecot.conf
## -
## -
## - add:
## -
## - dict {
@@ -3369,7 +3425,7 @@ connect = host=$dbhost user=$dbuser password=$dbpassword dbname=$dbname
# END IF;
# return NEW;
# END IF;
#
#
# LOOP
# UPDATE quota2 SET bytes = bytes + NEW.bytes,
# messages = messages + NEW.messages
@@ -3377,7 +3433,7 @@ connect = host=$dbhost user=$dbuser password=$dbpassword dbname=$dbname
# IF found THEN
# RETURN NULL;
# END IF;
#
#
# BEGIN
# IF NEW.messages = 0 THEN
# INSERT INTO quota2 (bytes, messages, username) VALUES (NEW.bytes, NULL, NEW.username);
@@ -3391,10 +3447,10 @@ connect = host=$dbhost user=$dbuser password=$dbpassword dbname=$dbname
# END LOOP;
# END;
# \$\$;
#
#
#
#
# ALTER FUNCTION public.merge_quota2() OWNER TO postfix;
#
#
# CREATE TRIGGER mergequota2
# BEFORE INSERT ON quota2
# FOR EACH ROW
@@ -3444,7 +3500,7 @@ EOF
# END IF;
# END;
# \$\$ LANGUAGE plpgsql;
#
#
# CREATE TRIGGER mergeexpires BEFORE INSERT ON expires
# FOR EACH ROW EXECUTE PROCEDURE merge_expires();
@@ -3473,7 +3529,7 @@ EOF
fi
## - you also have to update the userdb's query in file
## - "/usr/local/dovecot/etc/dovecot/sql-connect.conf.ext" to
## - "/usr/local/dovecot/etc/dovecot/sql-connect.conf.ext" to
## - support extra variable "quota_rule"
## -
echononl "\tRenew file sql-connect.conf.ext"
@@ -3570,7 +3626,7 @@ EOF
fi
## - you also have to update the userdb's query in file
## - "/usr/local/dovecot/etc/dovecot/sql-connect.conf.ext" to
## - "/usr/local/dovecot/etc/dovecot/sql-connect.conf.ext" to
## - support extra variable "quota_rule"
## -
echononl "\tRenew file sql-connect.conf.ext"
@@ -3697,20 +3753,20 @@ fi
## - edit /usr/local/dovecot/etc/dovecot/conf.d/90-quota.conf
## -
## -
## - add to the end of file or in seperate plugin-blocks
## - as designed in that file:
## - plugin {
## - # sql backend:
## - quota = dict:user quota::proxy::quota
## -
## -
## - quota_rule = *:storage=1g
## - quota_rule2 = trash:storage=+100m
## -
## - quota_warning = storage=80%% quota-warning 80 %u
## - quota_warning2 = storage=95%% quota-warning 95 %u
## - }
## -
## -
## - service quota-warning {
## - executable = script /usr/local/bin/quota-warning.sh
## - user = vmail
@@ -3725,7 +3781,7 @@ cp -a /usr/local/dovecot-${_version}/etc/dovecot/conf.d/90-quota.conf \
/usr/local/dovecot-${_version}/etc/dovecot/conf.d/90-quota.conf.ORIG
cat <<EOF >>/usr/local/dovecot-${_version}/etc/dovecot/conf.d/90-quota.conf
## -
## -
plugin {
# SQL backend:
quota = dict:User quota::proxy::quota
@@ -3832,7 +3888,7 @@ fi
## - edit /usr/local/dovecot/etc/dovecot/conf.d/10-mail.conf
## -
## - Add namespaces type shared to 10-mail.conf
## - Take care to enable ACL plugin also, otherwise all users can access all the shared
## - Take care to enable ACL plugin also, otherwise all users can access all the shared
## - mailboxes, assuming they have permissions on filesystem level to do so.
## - we will do that later..
## - namespace {
@@ -3894,7 +3950,7 @@ else
fi
## - edit /usr/local/dovecot/etc/dovecot/conf.d/10-mail.conf
## -
## -
## - mail_plugins = quota expire acl
## -
_failed=false
@@ -3961,7 +4017,7 @@ fi
## -
## - plugin {
## - ## acl = vfile:/etc/dovecot/global-acls:cache_secs=300
## -
## -
## - # Without global ACLs:
## - acl = vfile
## - ..
@@ -4094,8 +4150,8 @@ connect = host=$dbhost user=$dbuser password=$dbpassword dbname=$dbname
## - NOTE:
## -
## - All changes on database (CREATE TABLE / CREATE TRIGGER / what else..)
## - need to be done as the dbuser (here postfix) under whom dovecot
## - accesses the database. If not, you have to change the permissiond to allow
## - need to be done as the dbuser (here postfix) under whom dovecot
## - accesses the database. If not, you have to change the permissiond to allow
## - dovecot dbuser to access the createt table/trigger/...
## -
@@ -4125,7 +4181,7 @@ connect = host=$dbhost user=$dbuser password=$dbpassword dbname=$dbname
# END IF;
# return NEW;
# END IF;
#
#
# LOOP
# UPDATE quota2 SET bytes = bytes + NEW.bytes,
# messages = messages + NEW.messages
@@ -4133,7 +4189,7 @@ connect = host=$dbhost user=$dbuser password=$dbpassword dbname=$dbname
# IF found THEN
# RETURN NULL;
# END IF;
#
#
# BEGIN
# IF NEW.messages = 0 THEN
# INSERT INTO quota2 (bytes, messages, username) VALUES (NEW.bytes, NULL, NEW.username);
@@ -4147,10 +4203,10 @@ connect = host=$dbhost user=$dbuser password=$dbpassword dbname=$dbname
# END LOOP;
# END;
# \$\$;
#
#
#
#
# ALTER FUNCTION public.merge_quota2() OWNER TO postfix;
#
#
# CREATE TRIGGER mergequota2
# BEFORE INSERT ON quota2
# FOR EACH ROW
@@ -4200,7 +4256,7 @@ EOF
# END IF;
# END;
# \$\$ LANGUAGE plpgsql;
#
#
# CREATE TRIGGER mergeexpires BEFORE INSERT ON expires
# FOR EACH ROW EXECUTE PROCEDURE merge_expires();
@@ -4230,7 +4286,7 @@ EOF
# primary key (from_user, to_user)
# );
# COMMENT ON TABLE user_shares IS 'User from_user shares folders to user to_user.';
#
#
# CREATE TABLE anyone_shares (
# from_user varchar(100) not null,
# dummy char(1) DEFAULT '1', -- always '1' currently
@@ -4336,7 +4392,7 @@ EOF
# dummy char(1) DEFAULT '1', -- always '1' currently
# primary key (from_user, to_user)
# ) COMMENT = 'User from_user shares folders to user to_user.';
#
#
# CREATE TABLE anyone_shares (
# from_user varchar(100) not null,
# dummy char(1) DEFAULT '1', -- always '1' currently
@@ -4576,7 +4632,7 @@ fi
blank_line
echononl "\tSet '_update=true' in file '$(basename "$conf_file")'.."
if grep -q -E "^\s*_update=false" "$conf_file" 2> /dev/null ; then
perl -i -n -p -e "s/^\s*_update=.*/_update=true/" "$conf_file"
perl -i -n -p -e "s/^\s*_update=.*/_update=true/" "$conf_file"
if [ "$?" = 0 ]; then
echo -e "$rc_done"
else