install_update_dovecot-2.4.sh: add parameter 'maildir_broken_filename_sizes = yes' and 'auth_allow_weak_schemes = yes'.

2025-08-21 23:38:55 +02:00
parent 06914fcade
commit f4c7453675
1 changed files with 53 additions and 0 deletions
--- a/install_update_dovecot-2.4.sh
+++ b/install_update_dovecot-2.4.sh
@ -5150,6 +5150,8 @@ if [[ $dovecot_major_version -gt 2 ]] \
   #
   #     mailbox_list_index
   #
+   #     maildir_broken_filename_sizes = 
+   #
   echononl "   Adjusting base configurations ($(basename "${_conf_file}")).."
   :> "${log_file}"

@ -5366,6 +5368,31 @@ EOF
 mailbox_list_index = yes
 EOF

+   fi
+
+
+   if grep -qE '^\s*maildir_broken_filename_sizes\s*=' "${_conf_file}" ; then
+      replace_variable \
+         "maildir_broken_filename_sizes" \
+         "yes" \
+         "${_conf_file}"  >> "${log_file}" 2>&1
+
+      if [[ $? -gt 0 ]] ; then
+         _failed=true
+      fi
+
+   else
+      cat <<EOF >> "${_conf_file}" || _failed=true
+
+# maildir_broken_filename_sizes
+#
+# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
+# getting the mail's physical size, except when recalculating Maildir++ quota.
+# This can be useful in systems where a lot of the Maildir filenames have a
+# broken size. The performance hit for enabling this is very small.
+#maildir_broken_filename_sizes = no
+maildir_broken_filename_sizes = yes
+EOF

   fi

@ -6169,6 +6196,7 @@ if [[ $dovecot_major_version -gt 2 ]] \
   #  edit /usr/local/dovecot/etc/dovecot/conf.d/10-auth.conf
   #
   #     auth_allow_cleartext = no
+   #     auth_allow_weak_schemes = ys
   #     auth_username_translation = "%@"
   #     auth_mechanisms = $auth_mechanisms
   #     !include auth-sql.conf.ext          # !! comment all other includes
@ -6189,6 +6217,31 @@ auth_allow_cleartext = no
 EOF
   fi

+   if grep -qE "^\s*auth_allow_weak_schemes\s*=" "${_conf_file}"; then
+
+      replace_variable "auth_allow_weak_schemes" "yes" "${_conf_file}" || _failed=true
+
+   else
+      cat <<'EOF' >> "${_conf_file}" || _failed=true
+
+# auth_allow_weak_schemes
+#
+#     Default  no
+#     Value    boolean
+#     Changes  Added: 2.4.0
+#
+# Controls whether password schemes marked as weak are allowed to be used. See
+# Password Schemes for disabled by default schemes.
+#
+# If enabled, will emit warning to logs. If a disabled scheme is used, an error
+# is logged.
+#
+# Notably, any explicitly cleartext schemes (such as PLAIN), CRAM-MD5, and
+# DIGEST-MD5 are not affected by this setting.
+auth_allow_weak_schemes = yes
+EOF
+   fi
+
   if grep -qE "^\s*auth_username_translation\s*=" "${_conf_file}"; then

      replace_variable "auth_username_translation" "%@" "${_conf_file}" || _failed=true