Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-05-07 03:25:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
usmannasir
2017-10-24 19:16:36 +05:00
commit 11eae3f9fe
2124 changed files with 528735 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
install/__init__.py Normal file
View File

4
install/cyberpanel.repo Normal file
View File

@@ -0,0 +1,4 @@
[cyberpanel]
name=Cyber Panel
baseurl=http://repo.cyberpersons.com
gpgcheck=0

8
install/dns/nsd.conf Normal file
View File

@@ -0,0 +1,8 @@
server:
hide-version: yes
ip4-only: yes
server-count: 2
tcp-count: 50
identity: "CyberCP"
zonesdir: "/usr/local/lsws/conf/zones"

609
install/dns/pdns.conf Normal file
View File

@@ -0,0 +1,609 @@
# Autogenerated configuration file template
#################################
# 8bit-dns Allow 8bit dns queries
#
# 8bit-dns=no
#################################
# allow-axfr-ips Allow zonetransfers only to these subnets
#
# allow-axfr-ips=127.0.0.0/8,::1
#################################
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
#
# allow-dnsupdate-from=127.0.0.0/8,::1
#################################
# allow-notify-from Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.
#
# allow-notify-from=0.0.0.0/0,::/0
#################################
# allow-unsigned-notify Allow unsigned notifications for TSIG secured domains
#
# allow-unsigned-notify=yes
#################################
# allow-unsigned-supermaster Allow supermasters to create zones without TSIG signed NOTIFY
#
# allow-unsigned-supermaster=yes
#################################
# also-notify When notifying a domain, also notify these nameservers
#
# also-notify=
#################################
# any-to-tcp Answer ANY queries with tc=1, shunting to TCP
#
# any-to-tcp=yes
#################################
# api Enable/disable the REST API (including HTTP listener)
#
# api=no
#################################
# api-key Static pre-shared authentication key for access to the REST API
#
# api-key=
#################################
# api-logfile Location of the server logfile (used by the REST API)
#
# api-logfile=/var/log/pdns.log
#################################
# api-readonly Disallow data modification through the REST API when set
#
# api-readonly=no
#################################
# axfr-lower-serial Also AXFR a zone from a master with a lower serial
#
# axfr-lower-serial=no
#################################
# cache-ttl Seconds to store packets in the PacketCache
#
# cache-ttl=20
#################################
# carbon-interval Number of seconds between carbon (graphite) updates
#
# carbon-interval=30
#################################
# carbon-ourname If set, overrides our reported hostname for carbon stats
#
# carbon-ourname=
#################################
# carbon-server If set, send metrics in carbon (graphite) format to this server IP address
#
# carbon-server=
#################################
# chroot If set, chroot to this directory for more security
#
# chroot=
#################################
# config-dir Location of configuration directory (pdns.conf)
#
# config-dir=/etc/pdns
#################################
# config-name Name of this virtual configuration - will rename the binary image
#
# config-name=
#################################
# control-console Debugging switch - don't use
#
# control-console=no
#################################
# daemon Operate as a daemon
#
daemon=no
#################################
# default-ksk-algorithms Default KSK algorithms
#
# default-ksk-algorithms=ecdsa256
#################################
# default-ksk-size Default KSK size (0 means default)
#
# default-ksk-size=0
#################################
# default-soa-edit Default SOA-EDIT value
#
# default-soa-edit=
#################################
# default-soa-edit-signed Default SOA-EDIT value for signed zones
#
# default-soa-edit-signed=
#################################
# default-soa-mail mail address to insert in the SOA record if none set in the backend
#
# default-soa-mail=
#################################
# default-soa-name name to insert in the SOA record if none set in the backend
#
# default-soa-name=a.misconfigured.powerdns.server
#################################
# default-ttl Seconds a result is valid if not set otherwise
#
# default-ttl=3600
#################################
# default-zsk-algorithms Default ZSK algorithms
#
# default-zsk-algorithms=
#################################
# default-zsk-size Default ZSK size (0 means default)
#
# default-zsk-size=0
#################################
# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis
#
# direct-dnskey=no
#################################
# disable-axfr Disable zonetransfers but do allow TCP queries
#
# disable-axfr=no
#################################
# disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing.
#
# disable-axfr-rectify=no
#################################
# disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stdout
#
# disable-syslog=no
#################################
# disable-tcp Do not listen to TCP queries
#
# disable-tcp=no
#################################
# distributor-threads Default number of Distributor (backend) threads to start
#
# distributor-threads=3
#################################
# dname-processing If we should support DNAME records
#
# dname-processing=no
#################################
# dnssec-key-cache-ttl Seconds to cache DNSSEC keys from the database
#
# dnssec-key-cache-ttl=30
#################################
# dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no.
#
# dnsupdate=no
#################################
# do-ipv6-additional-processing Do AAAA additional processing
#
# do-ipv6-additional-processing=yes
#################################
# domain-metadata-cache-ttl Seconds to cache domain metadata from the database
#
# domain-metadata-cache-ttl=60
#################################
# edns-subnet-processing If we should act on EDNS Subnet options
#
# edns-subnet-processing=no
#################################
# entropy-source If set, read entropy from this file
#
# entropy-source=/dev/urandom
#################################
# expand-alias Expand ALIAS records
#
# expand-alias=no
#################################
# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
#
# forward-dnsupdate=yes
#################################
# forward-notify IP addresses to forward received notifications to regardless of master or slave settings
#
# forward-notify=
#################################
# guardian Run within a guardian process
#
guardian=no
#################################
# include-dir Include *.conf files from this directory
#
# include-dir=
#################################
# launch Which backends to launch and order to query them in
#
# launch=
launch=gmysql
gmysql-host=127.0.0.1
gmysql-port=3307
gmysql-user=cyberpanel
gmysql-password=1qaz@9xvps
gmysql-dbname=cyberpanel
#################################
# load-modules Load this module - supply absolute or relative path
#
# load-modules=
#################################
# local-address Local IP addresses to which we bind
#
# local-address=0.0.0.0
#################################
# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server
#
# local-address-nonexist-fail=yes
#################################
# local-ipv6 Local IP address to which we bind
#
# local-ipv6=::
#################################
# local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server
#
# local-ipv6-nonexist-fail=yes
#################################
# local-port The port on which we listen
#
# local-port=53
#################################
# log-dns-details If PDNS should log DNS non-erroneous details
#
# log-dns-details=no
#################################
# log-dns-queries If PDNS should log all incoming DNS queries
#
# log-dns-queries=no
#################################
# logging-facility Log under a specific facility
#
# logging-facility=
#################################
# loglevel Amount of logging. Higher is more. Do not set below 3
#
# loglevel=4
#################################
# lua-axfr-script Script to be used to edit incoming AXFRs
#
# lua-axfr-script=
#################################
# lua-dnsupdate-policy-script Lua script with DNS update policy handler
#
# lua-dnsupdate-policy-script=
#################################
# lua-prequery-script Lua script with prequery handler (DO NOT USE)
#
# lua-prequery-script=
#################################
# master Act as a master
#
# master=no
#################################
# max-cache-entries Maximum number of entries in the query cache
#
# max-cache-entries=1000000
#################################
# max-ent-entries Maximum number of empty non-terminals in a zone
#
# max-ent-entries=100000
#################################
# max-nsec3-iterations Limit the number of NSEC3 hash iterations
#
# max-nsec3-iterations=500
#################################
# max-packet-cache-entries Maximum number of entries in the packet cache
#
# max-packet-cache-entries=1000000
#################################
# max-queue-length Maximum queuelength before considering situation lost
#
# max-queue-length=5000
#################################
# max-signature-cache-entries Maximum number of signatures cache entries
#
# max-signature-cache-entries=
#################################
# max-tcp-connections Maximum number of TCP connections
#
# max-tcp-connections=20
#################################
# max-tcp-connections-per-client Maximum number of simultaneous TCP connections per client
#
# max-tcp-connections-per-client=0
#################################
# module-dir Default directory for modules
#
# module-dir=/usr/lib64/pdns
#################################
# negquery-cache-ttl Seconds to store negative query results in the QueryCache
#
# negquery-cache-ttl=60
#################################
# no-shuffle Set this to prevent random shuffling of answers - for regression testing
#
# no-shuffle=off
#################################
# non-local-bind Enable binding to non-local addresses by using FREEBIND / BINDANY socket options
#
# non-local-bind=no
#################################
# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks
#
# only-notify=0.0.0.0/0,::/0
#################################
# out-of-zone-additional-processing Do out of zone additional processing
#
# out-of-zone-additional-processing=yes
#################################
# outgoing-axfr-expand-alias Expand ALIAS records during outgoing AXFR
#
# outgoing-axfr-expand-alias=no
#################################
# overload-queue-length Maximum queuelength moving to packetcache only
#
# overload-queue-length=0
#################################
# prevent-self-notification Don't send notifications to what we think is ourself
#
# prevent-self-notification=yes
#################################
# query-cache-ttl Seconds to store query results in the QueryCache
#
# query-cache-ttl=20
#################################
# query-local-address Source IP address for sending queries
#
# query-local-address=0.0.0.0
#################################
# query-local-address6 Source IPv6 address for sending queries
#
# query-local-address6=::
#################################
# query-logging Hint backends that queries should be logged
#
# query-logging=no
#################################
# queue-limit Maximum number of milliseconds to queue a query
#
# queue-limit=1500
#################################
# receiver-threads Default number of receiver threads to start
#
# receiver-threads=1
#################################
# resolver Use this resolver for ALIAS and the internal stub resolver
#
# resolver=no
#################################
# retrieval-threads Number of AXFR-retrieval threads for slave operation
#
# retrieval-threads=2
#################################
# reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
#
# reuseport=no
#################################
# security-poll-suffix Domain name from which to query security update notifications
#
# security-poll-suffix=secpoll.powerdns.com.
#################################
# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
#
# server-id=
#################################
# setgid If set, change group id to this gid for more security
#
setgid=pdns
#################################
# setuid If set, change user id to this uid for more security
#
setuid=pdns
#################################
# signing-threads Default number of signer threads to start
#
# signing-threads=3
#################################
# slave Act as a slave
#
# slave=no
#################################
# slave-cycle-interval Schedule slave freshness checks once every .. seconds
#
# slave-cycle-interval=60
#################################
# slave-renotify If we should send out notifications for slaved updates
#
# slave-renotify=no
#################################
# soa-expire-default Default SOA expire
#
# soa-expire-default=604800
#################################
# soa-minimum-ttl Default SOA minimum ttl
#
# soa-minimum-ttl=3600
#################################
# soa-refresh-default Default SOA refresh
#
# soa-refresh-default=10800
#################################
# soa-retry-default Default SOA retry
#
# soa-retry-default=3600
#################################
# socket-dir Where the controlsocket will live, /var/run when unset and not chrooted
#
# socket-dir=
#################################
# tcp-control-address If set, PowerDNS can be controlled over TCP on this address
#
# tcp-control-address=
#################################
# tcp-control-port If set, PowerDNS can be controlled over TCP on this address
#
# tcp-control-port=53000
#################################
# tcp-control-range If set, remote control of PowerDNS is possible over these networks only
#
# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
#################################
# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret
#
# tcp-control-secret=
#################################
# tcp-fast-open Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
#
# tcp-fast-open=0
#################################
# traceback-handler Enable the traceback handler (Linux only)
#
# traceback-handler=yes
#################################
# trusted-notification-proxy IP address of incoming notification proxy
#
# trusted-notification-proxy=
#################################
# udp-truncation-threshold Maximum UDP response size before we truncate
#
# udp-truncation-threshold=1680
#################################
# version-string PowerDNS version in packets - full, anonymous, powerdns or custom
#
# version-string=full
#################################
# webserver Start a webserver for monitoring (api=yes also enables the HTTP listener)
#
# webserver=no
#################################
# webserver-address IP Address of webserver/API to listen on
#
# webserver-address=127.0.0.1
#################################
# webserver-allow-from Webserver/API access is only allowed from these subnets
#
# webserver-allow-from=127.0.0.1,::1
#################################
# webserver-password Password required for accessing the webserver
#
# webserver-password=
#################################
# webserver-port Port of webserver/API to listen on
#
# webserver-port=8081
#################################
# webserver-print-arguments If the webserver should print arguments
#
# webserver-print-arguments=no
#################################
# write-pid Write a PID file
#
# write-pid=yes
#################################
# xfr-max-received-mbytes Maximum number of megabytes received from an incoming XFR
#
# xfr-max-received-mbytes=100

476
install/email-configs/access Normal file
View File

@@ -0,0 +1,476 @@
# ACCESS(5) ACCESS(5)
#
# NAME
# access - Postfix SMTP server access table
#
# SYNOPSIS
# postmap /etc/postfix/access
#
# postmap -q "string" /etc/postfix/access
#
# postmap -q - /etc/postfix/access <inputfile
#
# DESCRIPTION
# This document describes access control on remote SMTP
# client information: host names, network addresses, and
# envelope sender or recipient addresses; it is implemented
# by the Postfix SMTP server. See header_checks(5) or
# body_checks(5) for access control on the content of email
# messages.
#
# Normally, the access(5) table is specified as a text file
# that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/access" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
# those cases, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern action
# When pattern matches a mail address, domain or host
# address, perform the corresponding action.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# EMAIL ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain
# Matches the specified mail address.
#
# domain.tld
# Matches domain.tld as the domain part of an email
# address.
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
# the Postfix parent_domain_matches_subdomains con-
# figuration setting.
#
# .domain.tld
# Matches subdomains of domain.tld, but only when the
# string smtpd_access_maps is not listed in the Post-
# fix parent_domain_matches_subdomains configuration
# setting.
#
# user@ Matches all mail addresses with the specified user
# part.
#
# Note: lookup of the null sender address is not possible
# with some types of lookup table. By default, Postfix uses
# <> as the lookup key for such addresses. The value is
# specified with the smtpd_null_access_lookup_key parameter
# in the Postfix main.cf file.
#
# EMAIL ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, domain, user+foo@,
# and user@.
#
# HOST NAME/ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, the following
# lookup patterns are examined in the order as listed:
#
# domain.tld
# Matches domain.tld.
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
# the Postfix parent_domain_matches_subdomains con-
# figuration setting.
#
# .domain.tld
# Matches subdomains of domain.tld, but only when the
# string smtpd_access_maps is not listed in the Post-
# fix parent_domain_matches_subdomains configuration
# setting.
#
# net.work.addr.ess
#
# net.work.addr
#
# net.work
#
# net Matches the specified IPv4 host address or subnet-
# work. An IPv4 host address is a sequence of four
# decimal octets separated by ".".
#
# Subnetworks are matched by repeatedly truncating
# the last ".octet" from the remote IPv4 host address
# string until a match is found in the access table,
# or until further truncation is not possible.
#
# NOTE 1: The access map lookup key must be in canon-
# ical form: do not specify unnecessary null charac-
# ters, and do not enclose network address informa-
# tion with "[]" characters.
#
# NOTE 2: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# net:work:addr:ess
#
# net:work:addr
#
# net:work
#
# net Matches the specified IPv6 host address or subnet-
# work. An IPv6 host address is a sequence of three
# to eight hexadecimal octet pairs separated by ":".
#
# Subnetworks are matched by repeatedly truncating
# the last ":octetpair" from the remote IPv6 host
# address string until a match is found in the access
# table, or until further truncation is not possible.
#
# NOTE 1: the truncation and comparison are done with
# the string representation of the IPv6 host address.
# Thus, not all the ":" subnetworks will be tried.
#
# NOTE 2: The access map lookup key must be in canon-
# ical form: do not specify unnecessary null charac-
# ters, and do not enclose network address informa-
# tion with "[]" characters.
#
# NOTE 3: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# IPv6 support is available in Postfix 2.2 and later.
#
# ACCEPT ACTIONS
# OK Accept the address etc. that matches the pattern.
#
# all-numerical
# An all-numerical result is treated as OK. This for-
# mat is generated by address-based relay authoriza-
# tion schemes such as pop-before-smtp.
#
# REJECT ACTIONS
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When no code is specified
# at the beginning of the text below, Postfix inserts a
# default enhanced status code of "5.7.1" in the case of
# reject actions, and "4.7.1" in the case of defer actions.
# See "ENHANCED STATUS CODES" below.
#
# 4NN text
#
# 5NN text
# Reject the address etc. that matches the pattern,
# and respond with the numerical three-digit code and
# text. 4NN means "try again later", while 5NN means
# "do not try again".
#
# The following responses have special meaning for
# the Postfix SMTP server:
#
# 421 text (Postfix 2.3 and later)
#
# 521 text (Postfix 2.6 and later)
# After responding with the numerical three-
# digit code and text, disconnect immediately
# from the SMTP client. This frees up SMTP
# server resources so that they can be made
# available to another SMTP client.
#
# Note: The "521" response should be used only
# with botnets and other malware where inter-
# operability is of no concern. The "send 521
# and disconnect" behavior is NOT defined in
# the SMTP standard.
#
# REJECT optional text...
# Reject the address etc. that matches the pattern.
# Reply with "$access_map_reject_code optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# DEFER optional text...
# Reject the address etc. that matches the pattern.
# Reply with "$access_map_defer_code optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# This feature is available in Postfix 2.6 and later.
#
# DEFER_IF_REJECT optional text...
# Defer the request if some later restriction would
# result in a REJECT action. Reply with
# "$access_map_defer_code 4.7.1 optional text..."
# when the optional text is specified, otherwise
# reply with a generic error response message.
#
# Prior to Postfix 2.6, the SMTP reply code is 450.
#
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
# Defer the request if some later restriction would
# result in a an explicit or implicit PERMIT action.
# Reply with "$access_map_defer_code 4.7.1 optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# Prior to Postfix 2.6, the SMTP reply code is 450.
#
# This feature is available in Postfix 2.1 and later.
#
# OTHER ACTIONS
# restriction...
# Apply the named UCE restriction(s) (permit, reject,
# reject_unauth_destination, and so on).
#
# BCC user@domain
# Send one copy of the message to the specified
# recipient.
#
# If multiple BCC actions are specified within the
# same SMTP MAIL transaction, only the last action
# will be used.
#
# This feature is not part of the stable Postfix
# release.
#
# DISCARD optional text...
# Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
# Note: this action currently affects all recipients
# of the message. To discard only one recipient
# without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
# DUNNO Pretend that the lookup key was not found. This
# prevents Postfix from trying substrings of the
# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
# After the message is queued, send the entire mes-
# sage through the specified external content filter.
# The transport name specifies the first field of a
# mail delivery agent definition in master.cf; the
# syntax of the next-hop destination is described in
# the manual page of the corresponding delivery
# agent. More information about external content
# filters is in the Postfix FILTER_README file.
#
# Note 1: do not use $number regular expression sub-
# stitutions for transport or destination unless you
# know that the information has a trusted origin.
#
# Note 2: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of
# the message. In the case that multiple FILTER
# actions fire, only the last one is executed.
#
# Note 3: the purpose of the FILTER command is to
# override message routing. To override the recipi-
# ent's transport but not the next-hop destination,
# specify an empty filter destination (Postfix 2.7
# and later), or specify a transport:destination that
# delivers through a different Postfix instance
# (Postfix 2.6 and earlier). Other options are using
# the recipient-dependent transport_maps or the sen-
# der-dependent sender_dependent_default_transport-
# _maps features.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
# Place the message on the hold queue, where it will
# sit until someone either deletes it or releases it
# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# PREPEND headername: headervalue
# Prepend the specified message header to the mes-
# sage. When more than one PREPEND action executes,
# the first prepended header appears before the sec-
# ond etc. prepended header.
#
# Note: this action must execute before the message
# content is received; it cannot execute in the con-
# text of smtpd_end_of_data_restrictions.
#
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s).
#
# Note: this action overrides the FILTER action, and
# currently affects all recipients of the message.
#
# This feature is available in Postfix 2.1 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to
# modification. The following transformations are needed
# when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
# o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
# o When non-address information matches a REJECT
# action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /etc/postfix/main.cf:
# smtpd_client_restrictions =
# check_client_access hash:/etc/postfix/access
#
# /etc/postfix/access:
# 1.2.3 REJECT
# 1.2.3.4 OK
#
# Execute the command "postmap /etc/postfix/access" after
# editing the file.
#
# BUGS
# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# smtpd(8), SMTP server
# postconf(5), configuration parameters
# transport(5), transport:nexthop syntax
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# ACCESS(5)

278
install/email-configs/canonical Normal file
View File

@@ -0,0 +1,278 @@
# CANONICAL(5) CANONICAL(5)
#
# NAME
# canonical - Postfix canonical table format
#
# SYNOPSIS
# postmap /etc/postfix/canonical
#
# postmap -q "string" /etc/postfix/canonical
#
# postmap -q - /etc/postfix/canonical <inputfile
#
# DESCRIPTION
# The optional canonical(5) table specifies an address map-
# ping for local and non-local addresses. The mapping is
# used by the cleanup(8) daemon, before mail is stored into
# the queue. The address mapping is recursive.
#
# Normally, the canonical(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/canonical" to rebuild an indexed
# file after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
# those cases, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# By default the canonical(5) mapping affects both message
# header addresses (i.e. addresses that appear inside mes-
# sages) and message envelope addresses (for example, the
# addresses that are used in SMTP protocol commands). This
# is controlled with the canonical_classes parameter.
#
# NOTE: Postfix versions 2.2 and later rewrite message head-
# ers from remote SMTP clients only if the client matches
# the local_header_rewrite_clients parameter, or if the
# remote_header_rewrite_domain configuration parameter spec-
# ifies a non-empty value. To get the behavior before Post-
# fix 2.2, specify "local_header_rewrite_clients =
# static:all".
#
# Typically, one would use the canonical(5) table to replace
# login names by Firstname.Lastname, or to clean up
# addresses produced by legacy mail systems.
#
# The canonical(5) mapping is not to be confused with vir-
# tual alias support or with local aliasing. To change the
# destination but not the headers, use the virtual(5) or
# aliases(5) map instead.
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address
# Replace user@domain by address. This form has the
# highest precedence.
#
# This is useful to clean up addresses produced by
# legacy mail systems. It can also be used to pro-
# duce Firstname.Lastname style addresses, but see
# below for a simpler solution.
#
# user address
# Replace user@site by address when site is equal to
# $myorigin, when site is listed in $mydestination,
# or when it is listed in $inet_interfaces or
# $proxy_interfaces.
#
# This form is useful for replacing login names by
# Firstname.Lastname.
#
# @domain address
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
# Note: @domain is a wild-card. When this form is
# applied to recipient addresses, the Postfix SMTP
# server accepts mail for any recipient in domain,
# regardless of whether that recipient exists. This
# may turn your mail system into a backscatter
# source: Postfix first accepts mail for non-existent
# recipients and then tries to return that mail as
# "undeliverable" to the often forged sender address.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# canonical_classes
# What addresses are subject to canonical address
# mapping.
#
# canonical_maps
# List of canonical mapping tables.
#
# recipient_canonical_maps
# Address mapping lookup table for envelope and
# header recipient addresses.
#
# sender_canonical_maps
# Address mapping lookup table for envelope and
# header sender addresses.
#
# propagate_unmatched_extensions
# A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the
# original address to the result. Specify zero or
# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# local_header_rewrite_clients
# Rewrite message header addresses in mail from these
# clients and update incomplete addresses with the
# domain name in $myorigin or $mydomain; either don't
# rewrite message headers from other clients at all,
# or rewrite message headers and update incomplete
# addresses with the domain specified in the
# remote_header_rewrite_domain parameter.
#
# proxy_interfaces
# Other interfaces that this machine receives mail on
# by way of a proxy agent or network address transla-
# tor.
#
# masquerade_classes
# List of address classes subject to masquerading:
# zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient.
#
# masquerade_domains
# List of domains that hide their subdomain struc-
# ture.
#
# masquerade_exceptions
# List of user names that are not subject to address
# masquerading.
#
# mydestination
# List of domains that this mail system considers
# local.
#
# myorigin
# The domain that is appended to locally-posted mail.
#
# owner_request_special
# Give special treatment to owner-xxx and xxx-request
# addresses.
#
# remote_header_rewrite_domain
# Don't rewrite message headers from remote clients
# at all when this parameter is empty; otherwise, re-
# write message headers and append the specified
# domain name to incomplete addresses.
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# virtual(5), virtual aliasing
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# CANONICAL(5)

21
install/email-configs/cert.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIJAIJuX7vycgv0MA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQww
CgYDVQQKDANEaXMxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNzEwMTEw
ODU3MzVaFw0yNzEwMDkwODU3MzVaMFwxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZE
ZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQwwCgYDVQQKDANEaXMxGDAWBgNV
BAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANokcgV4eK3soeeLSuBP2Qi55RO/RSS53TQV7NpxgiKkKRYoMoUz7Hh1Vdc8
nV7LfKYWxECzvBUWbRFrgYE768WI3HUcFGdtxm62Nskg+IL5Ik403dQ5QOZFKykX
X9vEpBmGTgsOaP1fnaeV7qa69w666Wp1HrAul7MPi/uUklBDfjubGiZUD52pYEPD
C/3N/+fH6rd6O7HzZMWpNSd4Yic3XBQjPmFRO33gmJDM5NEAIt026XI4n8AzQYI2
VmgeGRax5vrs8hMPjM8QkAeUrWcmMkwa2hcVPrxKFu/kgvduP9RtoD0/n5M6Bhpc
n1Jma6T1XmiKtbNqK5ToaAebS4MCAwEAAaNQME4wHQYDVR0OBBYEFAMyeCibjAJR
cp3wpZhTwWwXWsnoMB8GA1UdIwQYMBaAFAMyeCibjAJRcp3wpZhTwWwXWsnoMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKE+Dgv4hwhX0HGQ8oi1a5VN
ij0uIn/hDmWPXVH5TxtPSR/GcjWH6csRl1VuSrXAxhppopD2NpvyUgOhvH7ZaY2C
8BUs+KrQ4dB2ipW5MPgl7CfzAGip7/LzCFKdn26YBViNwAn8pwIJd79XcuhmbxzL
N3zUQXv2uDSo6i7jkxlTglnsqP9N9/GdaVaNmcGGblAfXbiZGGa8/uboz3WdDO3c
sIGf9J7RNrn0Q9Xq6K7Xk9qV8QOVVxp/ClwsG1Tq6ZR362wG44YBYc0H7/3AuySu
p73fSvjg7cOzcG1z66Tiafpiqtfu6fWmDkZAVctH8NSf8wCfzwL+jgygo7NSLB8=
-----END CERTIFICATE-----

4
install/email-configs/dovecot-sql.conf.ext Normal file
View File

@@ -0,0 +1,4 @@
driver = mysql
connect = host=127.0.0.1 dbname=cyberpanel user=cyberpanel password=1qaz@9xvps
default_pass_scheme = PLAIN
password_query = SELECT email as user, password FROM e_users WHERE email='%u';

52
install/email-configs/dovecot.conf Normal file
View File

@@ -0,0 +1,52 @@
protocols = imap pop3
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/vmail/%d/%n/Maildir
ssl_cert = </etc/postfix/cert.pem
ssl_key = </etc/postfix/key.pem
namespace {
type = private
separator = .
prefix = INBOX.
inbox = yes
}
service auth {
unix_listener auth-master {
mode = 0600
user = vmail
}
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
user = root
}
service auth-worker {
user = root
}
protocol lda {
log_path = /home/vmail/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster@example.com
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
}

240
install/email-configs/generic Normal file
View File

@@ -0,0 +1,240 @@
# GENERIC(5) GENERIC(5)
#
# NAME
# generic - Postfix generic table format
#
# SYNOPSIS
# postmap /etc/postfix/generic
#
# postmap -q "string" /etc/postfix/generic
#
# postmap -q - /etc/postfix/generic <inputfile
#
# DESCRIPTION
# The optional generic(5) table specifies an address mapping
# that applies when mail is delivered. This is the opposite
# of canonical(5) mapping, which applies when mail is
# received.
#
# Typically, one would use the generic(5) table on a system
# that does not have a valid Internet domain name and that
# uses something like localdomain.local instead. The
# generic(5) table is then used by the smtp(8) client to
# transform local mail addresses into valid Internet mail
# addresses when mail has to be sent across the Internet.
# See the EXAMPLE section at the end of this document.
#
# The generic(5) mapping affects both message header
# addresses (i.e. addresses that appear inside messages) and
# message envelope addresses (for example, the addresses
# that are used in SMTP protocol commands).
#
# Normally, the generic(5) table is specified as a text file
# that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/generic" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address
# Replace user@domain by address. This form has the
# highest precedence.
#
# user address
# Replace user@site by address when site is equal to
# $myorigin, when site is listed in $mydestination,
# or when it is listed in $inet_interfaces or
# $proxy_interfaces.
#
# @domain address
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# EXAMPLE
# The following shows a generic mapping with an indexed
# file. When mail is sent to a remote host via SMTP, this
# replaces his@localdomain.local by his ISP mail address,
# replaces her@localdomain.local by her ISP mail address,
# and replaces other local addresses by his ISP account,
# with an address extension of +local (this example assumes
# that the ISP supports "+" style address extensions).
#
# /etc/postfix/main.cf:
# smtp_generic_maps = hash:/etc/postfix/generic
#
# /etc/postfix/generic:
# his@localdomain.local hisaccount@hisisp.example
# her@localdomain.local heraccount@herisp.example
# @localdomain.local hisaccount+local@hisisp.example
#
# Execute the command "postmap /etc/postfix/generic" when-
# ever the table is changed. Instead of hash, some systems
# use dbm database files. To find out what tables your sys-
# tem supports use the command "postconf -m".
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# smtp_generic_maps
# Address mapping lookup table for envelope and
# header sender and recipient addresses while deliv-
# ering mail via SMTP.
#
# propagate_unmatched_extensions
# A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the
# original address to the result. Specify zero or
# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# proxy_interfaces
# Other interfaces that this machine receives mail on
# by way of a proxy agent or network address transla-
# tor.
#
# mydestination
# List of domains that this mail system considers
# local.
#
# myorigin
# The domain that is appended to locally-posted mail.
#
# owner_request_special
# Give special treatment to owner-xxx and xxx-request
# addresses.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# smtp(8), Postfix SMTP client
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# STANDARD_CONFIGURATION_README, configuration examples
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# HISTORY
# A genericstable feature appears in the Sendmail MTA.
#
# This feature is available in Postfix 2.2 and later.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# GENERIC(5)

496
install/email-configs/header_checks Normal file
View File

@@ -0,0 +1,496 @@
# HEADER_CHECKS(5) HEADER_CHECKS(5)
#
# NAME
# header_checks - Postfix built-in content inspection
#
# SYNOPSIS
# header_checks = pcre:/etc/postfix/header_checks
# mime_header_checks = pcre:/etc/postfix/mime_header_checks
# nested_header_checks = pcre:/etc/postfix/nested_header_checks
# body_checks = pcre:/etc/postfix/body_checks
#
# milter_header_checks = pcre:/etc/postfix/milter_header_checks
#
# smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
# smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks
# smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks
# smtp_body_checks = pcre:/etc/postfix/smtp_body_checks
#
# postmap -q "string" pcre:/etc/postfix/filename
# postmap -q - pcre:/etc/postfix/filename <inputfile
#
# DESCRIPTION
# This document describes access control on the content of
# message headers and message body lines; it is implemented
# by the Postfix cleanup(8) server before mail is queued.
# See access(5) for access control on remote SMTP client
# information.
#
# Each message header or message body line is compared
# against a list of patterns. When a match is found the
# corresponding action is executed, and the matching process
# is repeated for the next message header or message body
# line.
#
# Note: message headers are examined one logical header at a
# time, even when a message header spans multiple lines.
# Body lines are always examined one line at a time.
#
# For examples, see the EXAMPLES section at the end of this
# manual page.
#
# Postfix header or body_checks are designed to stop a flood
# of mail from worms or viruses; they do not decode attach-
# ments, and they do not unzip archives. See the documents
# referenced below in the README FILES section if you need
# more sophisticated content analysis.
#
# FILTERS WHILE RECEIVING MAIL
# Postfix implements the following four built-in content
# inspection classes while receiving mail:
#
# header_checks (default: empty)
# These are applied to initial message headers
# (except for the headers that are processed with
# mime_header_checks).
#
# mime_header_checks (default: $header_checks)
# These are applied to MIME related message headers
# only.
#
# This feature is available in Postfix 2.0 and later.
#
# nested_header_checks (default: $header_checks)
# These are applied to message headers of attached
# email messages (except for the headers that are
# processed with mime_header_checks).
#
# This feature is available in Postfix 2.0 and later.
#
# body_checks
# These are applied to all other content, including
# multi-part message boundaries.
#
# With Postfix versions before 2.0, all content after
# the initial message headers is treated as body con-
# tent.
#
# FILTERS AFTER RECEIVING MAIL
# Postfix supports a subset of the built-in content inspec-
# tion classes after the message is received:
#
# milter_header_checks (default: empty)
# These are applied to headers that are added with
# Milter applications.
#
# This feature is available in Postfix 2.7 and later.
#
# FILTERS WHILE DELIVERING MAIL
# Postfix supports all four content inspection classes while
# delivering mail via SMTP.
#
# smtp_header_checks (default: empty)
#
# smtp_mime_header_checks (default: empty)
#
# smtp_nested_header_checks (default: empty)
#
# smtp_body_checks (default: empty)
# These features are available in Postfix 2.5 and
# later.
#
# COMPATIBILITY
# With Postfix version 2.2 and earlier specify "postmap -fq"
# to query a table that contains case sensitive patterns. By
# default, regexp: and pcre: patterns are case insensitive.
#
# TABLE FORMAT
# This document assumes that header and body_checks rules
# are specified in the form of Postfix regular expression
# lookup tables. Usually the best performance is obtained
# with pcre (Perl Compatible Regular Expression) tables. The
# regexp (POSIX regular expressions) tables are usually
# slower, but more widely available. Use the command "post-
# conf -m" to find out what lookup table types your Postfix
# system supports.
#
# The general format of Postfix regular expression tables is
# given below. For a discussion of specific pattern or
# flags syntax, see pcre_table(5) or regexp_table(5),
# respectively.
#
# /pattern/flags action
# When /pattern/ matches the input string, execute
# the corresponding action. See below for a list of
# possible actions.
#
# !/pattern/flags action
# When /pattern/ does not match the input string,
# execute the corresponding action.
#
# if /pattern/flags
#
# endif Match the input string against the patterns between
# if and endif, if and only if the same input string
# also matches /pattern/. The if..endif can nest.
#
# Note: do not prepend whitespace to patterns inside
# if..endif.
#
# if !/pattern/flags
#
# endif Match the input string against the patterns between
# if and endif, if and only if the same input string
# does not match /pattern/. The if..endif can nest.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A pattern/action line starts with non-whitespace
# text. A line that starts with whitespace continues
# a logical line.
#
# TABLE SEARCH ORDER
# For each line of message input, the patterns are applied
# in the order as specified in the table. When a pattern is
# found that matches the input line, the corresponding
# action is executed and then the next input line is
# inspected.
#
# TEXT SUBSTITUTION
# Substitution of substrings from the matched expression
# into the action string is possible using the conventional
# Perl syntax ($1, $2, etc.). The macros in the result
# string may need to be written as ${n} or $(n) if they
# aren't followed by whitespace.
#
# Note: since negated patterns (those preceded by !) return
# a result when the expression does not match, substitutions
# are not available for negated patterns.
#
# ACTIONS
# Action names are case insensitive. They are shown in upper
# case for consistency with other Postfix documentation.
#
# DISCARD optional text...
# Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
# Note: this action disables further header or
# body_checks inspection of the current message and
# affects all recipients. To discard only one recip-
# ient without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# DUNNO Pretend that the input line did not match any pat-
# tern, and inspect the next input line. This action
# can be used to shorten the table search.
#
# For backwards compatibility reasons, Postfix also
# accepts OK but it is (and always has been) treated
# as DUNNO.
#
# This feature is available in Postfix 2.1 and later.
#
# FILTER transport:destination
# After the message is queued, send the entire mes-
# sage through the specified external content filter.
# The transport name specifies the first field of a
# mail delivery agent definition in master.cf; the
# syntax of the next-hop destination is described in
# the manual page of the corresponding delivery
# agent. More information about external content
# filters is in the Postfix FILTER_README file.
#
# Note 1: do not use $number regular expression sub-
# stitutions for transport or destination unless you
# know that the information has a trusted origin.
#
# Note 2: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of
# the message. In the case that multiple FILTER
# actions fire, only the last one is executed.
#
# Note 3: the purpose of the FILTER command is to
# override message routing. To override the recipi-
# ent's transport but not the next-hop destination,
# specify an empty filter destination (Postfix 2.7
# and later), or specify a transport:destination that
# delivers through a different Postfix instance
# (Postfix 2.6 and earlier). Other options are using
# the recipient-dependent transport_maps or the sen-
# der-dependent sender_dependent_default_transport-
# _maps features.
#
# This feature is available in Postfix 2.0 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# HOLD optional text...
# Arrange for the message to be placed on the hold
# queue, and inspect the next input line. The mes-
# sage remains on hold until someone either deletes
# it or releases it for delivery. Log the optional
# text if specified, otherwise log a generic message.
#
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
# Note: this action affects all recipients of the
# message.
#
# This feature is available in Postfix 2.0 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# IGNORE Delete the current line from the input, and inspect
# the next input line.
#
# INFO optional text...
# Log an "info:" record with the optional text... (or
# log a generic text), and inspect the next input
# line. This action is useful for routine logging or
# for debugging.
#
# This feature is available in Postfix 2.8 and later.
#
# PREPEND text...
# Prepend one line with the specified text, and
# inspect the next input line.
#
# Notes:
#
# o The prepended text is output on a separate
# line, immediately before the input that
# triggered the PREPEND action.
#
# o The prepended text is not considered part of
# the input stream: it is not subject to
# header/body checks or address rewriting, and
# it does not affect the way that Postfix adds
# missing message headers.
#
# o When prepending text before a message header
# line, the prepended text must begin with a
# valid message header label.
#
# o This action cannot be used to prepend multi-
# line text.
#
# This feature is available in Postfix 2.1 and later.
#
# This feature is not supported with mil-
# ter_header_checks.
#
# REDIRECT user@domain
# Write a message redirection request to the queue
# file, and inspect the next input line. After the
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
# Note: this action overrides the FILTER action, and
# affects all recipients of the message. If multiple
# REDIRECT actions fire, only the last one is exe-
# cuted.
#
# This feature is available in Postfix 2.1 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# REPLACE text...
# Replace the current line with the specified text,
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
# The description below applies to Postfix 2.2.2 and
# later.
#
# Notes:
#
# o When replacing a message header line, the
# replacement text must begin with a valid
# header label.
#
# o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND
# action, a replaced message header may be
# subject to address rewriting and may affect
# the way that Postfix adds missing message
# headers.
#
# REJECT optional text...
# Reject the entire message. Reply with optional
# text... when the optional text is specified, other-
# wise reply with a generic error message.
#
# Note: this action disables further header or
# body_checks inspection of the current message and
# affects all recipients.
#
# Postfix version 2.3 and later support enhanced sta-
# tus codes. When no code is specified at the begin-
# ning of optional text..., Postfix inserts a default
# enhanced status code of "5.7.1".
#
# This feature is not supported with smtp header/body
# checks.
#
# WARN optional text...
# Log a "warning:" record with the optional text...
# (or log a generic text), and inspect the next input
# line. This action is useful for debugging and for
# testing a pattern before applying more drastic
# actions.
#
# BUGS
# Empty lines never match, because some map types mis-behave
# when given a zero-length search string. This limitation
# may be removed for regular expression tables in a future
# release.
#
# Many people overlook the main limitations of header and
# body_checks rules.
#
# o These rules operate on one logical message header
# or one body line at a time. A decision made for one
# line is not carried over to the next line.
#
# o If text in the message body is encoded (RFC 2045)
# then the rules need to be specified for the encoded
# form.
#
# o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the
# encoded form.
#
# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:.
#
# Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:.
#
# CONFIGURATION PARAMETERS
# body_checks
# Lookup tables with content filter rules for message
# body lines. These filters see one physical line at
# a time, in chunks of at most $line_length_limit
# bytes.
#
# body_checks_size_limit
# The amount of content per message body segment
# (attachment) that is subjected to $body_checks fil-
# tering.
#
# header_checks
#
# mime_header_checks (default: $header_checks)
#
# nested_header_checks (default: $header_checks)
# Lookup tables with content filter rules for message
# header lines: respectively, these are applied to
# the initial message headers (not including MIME
# headers), to the MIME headers anywhere in the mes-
# sage, and to the initial headers of attached mes-
# sages.
#
# Note: these filters see one logical message header
# at a time, even when a message header spans multi-
# ple lines. Message headers that are longer than
# $header_size_limit characters are truncated.
#
# disable_mime_input_processing
# While receiving mail, give no special treatment to
# MIME related message headers; all text after the
# initial message headers is considered to be part of
# the message body. This means that header_checks is
# applied to all the initial message headers, and
# that body_checks is applied to the remainder of the
# message.
#
# Note: when used in this manner, body_checks will
# process a multi-line message header one line at a
# time.
#
# EXAMPLES
# Header pattern to block attachments with bad file name
# extensions. For convenience, the PCRE /x flag is speci-
# fied, so that there is no need to collapse the pattern
# into a single line of text. The purpose of the
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID
# strings.
#
# /etc/postfix/main.cf:
# header_checks = pcre:/etc/postfix/header_checks.pcre
#
# /etc/postfix/header_checks.pcre:
# /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
# hlp|ht[at]|
# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
# \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
# vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
# REJECT Attachment name "$2" may not end with ".$4"
#
# Body pattern to stop a specific HTML browser vulnerability
# exploit.
#
# /etc/postfix/main.cf:
# body_checks = regexp:/etc/postfix/body_checks
#
# /etc/postfix/body_checks:
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
# REJECT IFRAME vulnerability exploit
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue Postfix message
# pcre_table(5), format of PCRE lookup tables
# regexp_table(5), format of POSIX regular expression tables
# postconf(1), Postfix configuration utility
# postmap(1), Postfix lookup table management
# postsuper(1), Postfix janitor
# postcat(1), show Postfix queue file contents
# RFC 2045, base64 and quoted-printable encoding rules
# RFC 2047, message header encoding for non-ASCII text
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview
# BUILTIN_FILTER_README, Postfix built-in content inspection
# BACKSCATTER_README, blocking returned forged mail
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# HEADER_CHECKS(5)

28
install/email-configs/key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDaJHIFeHit7KHn
i0rgT9kIueUTv0Ukud00FezacYIipCkWKDKFM+x4dVXXPJ1ey3ymFsRAs7wVFm0R
a4GBO+vFiNx1HBRnbcZutjbJIPiC+SJONN3UOUDmRSspF1/bxKQZhk4LDmj9X52n
le6muvcOuulqdR6wLpezD4v7lJJQQ347mxomVA+dqWBDwwv9zf/nx+q3ejux82TF
qTUneGInN1wUIz5hUTt94JiQzOTRACLdNulyOJ/AM0GCNlZoHhkWseb67PITD4zP
EJAHlK1nJjJMGtoXFT68Shbv5IL3bj/UbaA9P5+TOgYaXJ9SZmuk9V5oirWzaiuU
6GgHm0uDAgMBAAECggEBANN6h6u0ClKa2K8vw+xInKCwD1wgjvi207M+Gjv/1Oie
e1KGr8ug9fwlzI14rxwKbBJcefA8DvfmoOBFd+yA2ebL8uX5zfIjYz9LmTtNon7e
5hopeHDY/IkAv4H7rivRrEEuihR/6NrSSnYAjbfIA+Gc5NMXLiQhV2H5jXzdoSb7
LLbsi294f2F91anUspecM/Hk5/W4JOSllY8RtLWKTxqLN22ujnvZKFqMNB/RH3d1
HrFc6jbn8Nb6C5B5VnSBw64RNbpZbCYntbDmb4DCp/+Z2llFNrFM1XxjaJBsrHnJ
ZTGoVIPCo1DClP/YUEUP0RTIoM/LUJwfma2hq9MrQ3ECgYEA+pCyx+MnZPog7yLD
paR4h4Eb37majfhILO1wJRXGnmCzkp63MOLxSEZIc/JvePlS6FYRdy/F1N6NnST2
Z2PO6JaDWxDJOhcc8QSswQsTNkUKjdygbqw4adraltriheCy/9pI131MoMLBYPdg
Rvnw2CrPNGwwdm3Wq64fGnL0m8sCgYEA3t+20ft4QqjMYgdNL/HHPiMpgdEIEdNN
F+wMxhxcHKI2uR/ZMGGq7AauQcxtNfoPZbQkjKwUSnkJEf6lk5Gr6hb9bz1yviu6
NycnxlWvXiqz+Sql2e8xqSdtsw2Vuv+vPBSiUdAz4vRO3MmL8KBfmY8WG+XP78bF
HvXSetqwCCkCgYEA0GAhrgYErv8tAHKizlA3RElkyuvp0oNWUraresvfP7sf26FO
q8Mv8XExs+s8NRjzj/Bz2fDKzzq9/p/MozLn0ZnKZ6NQFZU/JllC6c+yDIHiQxPl
/+QNjkrJWodxtvClLA12Ym77mP4eH+vaD2ywlLUVWH1Y2ESEMIY/q5lKP30CgYEA
kFO/SGvYjRJSiIjB63Je3FZY4sBCwYhcPEmYXBKxc7l4RpnhQ/t7fC03W1TOxE2S
+wGVSaOF4FRRE14cS1viQE1zAT6Bt7UJef3ZPA7w6cItmgWMMX08Y5Ys6+64L8iz
6exS0ThK4YXkLAY4oTK5te97GcXQyi2mKU53ZyeHJ0ECgYAtqdndLIkiirXplJ10
9VkrDKZG/Zsqm7vQjl//ZPIDzWcwo3ehBvyt4U+mnjUt+WQ4+YpmZ8mxIv486ZsI
2GqNZVrtKE+p2llmXYIw87/NofMB+D5AfodYzjJElO+X4YQSkCQIcZOVyL2BDBs5
D5SV7kNMb2fRDwK1/mmYBscfEw==
-----END PRIVATE KEY-----

705
install/email-configs/main.cf Normal file
View File

@@ -0,0 +1,705 @@
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = all
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = localhost, localhost.localdomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
# server using LMTP (Local Mail Transport Protocol), this is prefered
# over the older cyrus deliver program by setting the
# mailbox_transport as below:
#
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
# these settings.
#
# local_destination_recipient_limit = 300
# local_destination_concurrency_limit = 5
#
# Of course you should adjust these settings as appropriate for the
# capacity of the hardware you are using. The recipient limit setting
# can be used to take advantage of the single instance message store
# capability of Cyrus. The concurrency limit can be used to control
# how many simultaneous LMTP sessions will be permitted to the Cyrus
# message store.
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen sesssion, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq.postfix
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix-2.10.1/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
myhostname = server.example.com
mynetworks = 127.0.0.0/8
message_size_limit = 30720000
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
inet_interfaces = all

129
install/email-configs/master.cf Normal file
View File

@@ -0,0 +1,129 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

5
install/email-configs/mysql-virtual_domains.cf Normal file
View File

@@ -0,0 +1,5 @@
user = cyberpanel
password = 1qaz@9xvps
dbname = cyberpanel
query = SELECT domain AS virtual FROM e_domains WHERE domain='%s'
hosts = 127.0.0.1:3307

5
install/email-configs/mysql-virtual_email2email.cf Normal file
View File

@@ -0,0 +1,5 @@
user = cyberpanel
password = 1qaz@9xvps
dbname = cyberpanel
query = SELECT email FROM e_users WHERE email='%s'
hosts = 127.0.0.1:3307

5
install/email-configs/mysql-virtual_forwardings.cf Normal file
View File

@@ -0,0 +1,5 @@
user = cyberpanel
password = 1qaz@9xvps
dbname = cyberpanel
query = SELECT destination FROM e_forwardings WHERE source='%s'
hosts = 127.0.0.1:3307

5
install/email-configs/mysql-virtual_mailboxes.cf Normal file
View File

@@ -0,0 +1,5 @@
user = cyberpanel
password = 1qaz@9xvps
dbname = cyberpanel
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM e_users WHERE email='%s'
hosts = 127.0.0.1:3307

171
install/email-configs/relocated Normal file
View File

@@ -0,0 +1,171 @@
# RELOCATED(5) RELOCATED(5)
#
# NAME
# relocated - Postfix relocated table format
#
# SYNOPSIS
# postmap /etc/postfix/relocated
#
# DESCRIPTION
# The optional relocated(5) table provides the information
# that is used in "user has moved to new_location" bounce
# messages.
#
# Normally, the relocated(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/relocated" to rebuild an indexed
# file after changing the corresponding relocated table.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# Table lookups are case insensitive.
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# o An entry has one of the following form:
#
# pattern new_location
#
# Where new_location specifies contact information
# such as an email address, or perhaps a street
# address or telephone number.
#
# o Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# o A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain
# Matches user@domain. This form has precedence over
# all other forms.
#
# user Matches user@site when site is $myorigin, when site
# is listed in $mydestination, or when site is listed
# in $inet_interfaces or $proxy_interfaces.
#
# @domain
# Matches other addresses in domain. This form has
# the lowest precedence.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions or
# when lookups are directed to a TCP-based server. For a
# description of regular expression lookup table syntax, see
# regexp_table(5) or pcre_table(5). For a description of the
# TCP client/server table lookup protocol, see tcp_table(5).
# This feature is not available up to and including Postfix
# version 2.4.
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# relocated_maps
# List of lookup tables for relocated users or sites.
#
# Other parameters of interest:
#
# inet_interfaces
# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
# List of domains that this mail system considers
# local.
#
# myorigin
# The domain that is appended to locally-posted mail.
#
# proxy_interfaces
# Other interfaces that this machine receives mail on
# by way of a proxy agent or network address transla-
# tor.
#
# SEE ALSO
# trivial-rewrite(8), address resolver
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# RELOCATED(5)

294
install/email-configs/transport Normal file
View File

@@ -0,0 +1,294 @@
# TRANSPORT(5) TRANSPORT(5)
#
# NAME
# transport - Postfix transport table format
#
# SYNOPSIS
# postmap /etc/postfix/transport
#
# postmap -q "string" /etc/postfix/transport
#
# postmap -q - /etc/postfix/transport <inputfile
#
# DESCRIPTION
# The optional transport(5) table specifies a mapping from
# email addresses to message delivery transports and next-
# hop destinations. Message delivery transports such as
# local or smtp are defined in the master.cf file, and next-
# hop destinations are typically hosts or domain names. The
# table is searched by the trivial-rewrite(8) daemon.
#
# This mapping overrides the default transport:nexthop
# selection that is built into Postfix:
#
# local_transport (default: local:$myhostname)
# This is the default for final delivery to domains
# listed with mydestination, and for [ipaddress] des-
# tinations that match $inet_interfaces or
# $proxy_interfaces. The default nexthop destination
# is the MTA hostname.
#
# virtual_transport (default: virtual:)
# This is the default for final delivery to domains
# listed with virtual_mailbox_domains. The default
# nexthop destination is the recipient domain.
#
# relay_transport (default: relay:)
# This is the default for remote delivery to domains
# listed with relay_domains. In order of decreasing
# precedence, the nexthop destination is taken from
# relay_transport, sender_dependent_relayhost_maps,
# relayhost, or from the recipient domain.
#
# default_transport (default: smtp:)
# This is the default for remote delivery to other
# destinations. In order of decreasing precedence,
# the nexthop destination is taken from sender_depen-
# dent_default_transport_maps, default_transport,
# sender_dependent_relayhost_maps, relayhost, or from
# the recipient domain.
#
# Normally, the transport(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/transport" to rebuild an indexed
# file after changing the corresponding transport table.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches the recipient address or
# domain, use the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# The pattern specifies an email address, a domain name, or
# a domain name hierarchy, as described in section "TABLE
# LOOKUP".
#
# The result is of the form transport:nexthop and specifies
# how or where to deliver mail. This is described in section
# "RESULT FORMAT".
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user+extension@domain transport:nexthop
# Deliver mail for user+extension@domain through
# transport to nexthop.
#
# user@domain transport:nexthop
# Deliver mail for user@domain through transport to
# nexthop.
#
# domain transport:nexthop
# Deliver mail for domain through transport to nex-
# thop.
#
# .domain transport:nexthop
# Deliver mail for any subdomain of domain through
# transport to nexthop. This applies only when the
# string transport_maps is not listed in the par-
# ent_domain_matches_subdomains configuration set-
# ting. Otherwise, a domain name matches itself and
# its subdomains.
#
# * transport:nexthop
# The special pattern * represents any address (i.e.
# it functions as the wild-card pattern, and is
# unique to Postfix transport tables).
#
# Note 1: the null recipient address is looked up as
# $empty_address_recipient@$myhostname (default: mailer-dae-
# mon@hostname).
#
# Note 2: user@domain or user+extension@domain lookup is
# available in Postfix 2.0 and later.
#
# RESULT FORMAT
# The lookup result is of the form transport:nexthop. The
# transport field specifies a mail delivery transport such
# as smtp or local. The nexthop field specifies where and
# how to deliver mail.
#
# The transport field specifies the name of a mail delivery
# transport (the first name of a mail delivery service entry
# in the Postfix master.cf file).
#
# The interpretation of the nexthop field is transport
# dependent. In the case of SMTP, specify a service on a
# non-default port as host:service, and disable MX (mail
# exchanger) DNS lookups with [host] or [host]:port. The []
# form is required when you specify an IP address instead of
# a hostname.
#
# A null transport and null nexthop result means "do not
# change": use the delivery transport and nexthop informa-
# tion that would be used when the entire transport table
# did not exist.
#
# A non-null transport field with a null nexthop field
# resets the nexthop information to the recipient domain.
#
# A null transport field with non-null nexthop field does
# not modify the transport information.
#
# EXAMPLES
# In order to deliver internal mail directly, while using a
# mail relay for all other mail, specify a null entry for
# internal destinations (do not change the delivery trans-
# port or the nexthop information) and specify a wildcard
# for all other destinations.
#
# my.domain :
# .my.domain :
# * smtp:outbound-relay.my.domain
#
# In order to send mail for example.com and its subdomains
# via the uucp transport to the UUCP host named example:
#
# example.com uucp:example
# .example.com uucp:example
#
# When no nexthop host name is specified, the destination
# domain name is used instead. For example, the following
# directs mail for user@example.com via the slow transport
# to a mail exchanger for example.com. The slow transport
# could be configured to run at most one delivery process at
# a time:
#
# example.com slow:
#
# When no transport is specified, Postfix uses the transport
# that matches the address domain class (see DESCRIPTION
# above). The following sends all mail for example.com and
# its subdomains to host gateway.example.com:
#
# example.com :[gateway.example.com]
# .example.com :[gateway.example.com]
#
# In the above example, the [] suppress MX lookups. This
# prevents mail routing loops when your machine is primary
# MX host for example.com.
#
# In the case of delivery via SMTP, one may specify host-
# name:service instead of just a host:
#
# example.com smtp:bar.example:2025
#
# This directs mail for user@example.com to host bar.example
# port 2025. Instead of a numerical port a symbolic name may
# be used. Specify [] around the hostname if MX lookups must
# be disabled.
#
# The error mailer can be used to bounce mail:
#
# .example.com error:mail for *.example.com is not deliverable
#
# This causes all mail for user@anything.example.com to be
# bounced.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus,
# some.domain.hierarchy is not looked up via its parent
# domains, nor is user+foo@domain looked up as user@domain.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# The trivial-rewrite(8) server disallows regular expression
# substitution of $1 etc. in regular expression lookup
# tables, because that could open a security hole (Postfix
# version 2.3 and later).
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire recipient address
# once. Thus, some.domain.hierarchy is not looked up via
# its parent domains, nor is user+foo@domain looked up as
# user@domain.
#
# Results are the same as with indexed file lookups.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# empty_address_recipient
# The address that is looked up instead of the null
# sender address.
#
# parent_domain_matches_subdomains
# List of Postfix features that use domain.tld pat-
# terns to match sub.domain.tld (as opposed to
# requiring .domain.tld patterns).
#
# transport_maps
# List of transport lookup tables.
#
# SEE ALSO
# trivial-rewrite(8), rewrite and resolve addresses
# master(5), master.cf file format
# postconf(5), configuration parameters
# postmap(1), Postfix lookup table manager
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# FILTER_README, external content filter
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# TRANSPORT(5)

294
install/email-configs/virtual Normal file
View File

@@ -0,0 +1,294 @@
# VIRTUAL(5) VIRTUAL(5)
#
# NAME
# virtual - Postfix virtual alias table format
#
# SYNOPSIS
# postmap /etc/postfix/virtual
#
# postmap -q "string" /etc/postfix/virtual
#
# postmap -q - /etc/postfix/virtual <inputfile
#
# DESCRIPTION
# The optional virtual(5) alias table rewrites recipient
# addresses for all local, all virtual, and all remote mail
# destinations. This is unlike the aliases(5) table which
# is used only for local(8) delivery. Virtual aliasing is
# recursive, and is implemented by the Postfix cleanup(8)
# daemon before mail is queued.
#
# The main applications of virtual aliasing are:
#
# o To redirect mail for one address to one or more
# addresses.
#
# o To implement virtual alias domains where all
# addresses are aliased to addresses in other
# domains.
#
# Virtual alias domains are not to be confused with
# the virtual mailbox domains that are implemented
# with the Postfix virtual(8) mail delivery agent.
# With virtual mailbox domains, each recipient
# address can have its own mailbox.
#
# Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Use
# canonical(5) mapping to rewrite header and envelope
# addresses in general.
#
# Normally, the virtual(5) alias table is specified as a
# text file that serves as input to the postmap(1) command.
# The result, an indexed file in dbm or db format, is used
# for fast searching by the mail system. Execute the command
# "postmap /etc/postfix/virtual" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address, address, ...
# Redirect mail for user@domain to address. This
# form has the highest precedence.
#
# user address, address, ...
# Redirect mail for user@site to address when site is
# equal to $myorigin, when site is listed in $mydes-
# tination, or when it is listed in $inet_interfaces
# or $proxy_interfaces.
#
# This functionality overlaps with functionality of
# the local aliases(5) database. The difference is
# that virtual(5) mapping can be applied to non-local
# addresses.
#
# @domain address, address, ...
# Redirect mail for other users in domain to address.
# This form has the lowest precedence.
#
# Note: @domain is a wild-card. With this form, the
# Postfix SMTP server accepts mail for any recipient
# in domain, regardless of whether that recipient
# exists. This may turn your mail system into a
# backscatter source: Postfix first accepts mail for
# non-existent recipients and then tries to return
# that mail as "undeliverable" to the often forged
# sender address.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
# domains, each recipient address can have its own mailbox.
#
# With a virtual alias domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames
# are not visible in a virtual alias domain. In particular,
# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
#
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
# Note: some systems use dbm databases instead of hash. See
# the output from "postconf -m" for available database
# types.
#
# /etc/postfix/virtual:
# virtual-alias.domain anything (right-hand content does not matter)
# postmaster@virtual-alias.domain postmaster
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
# with "relay access denied", or bounces with "mail loops
# back to myself".
#
# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
# With a virtual alias domain, the Postfix SMTP server
# accepts mail for known-user@virtual-alias.domain, and
# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
# Instead of specifying the virtual alias domain name via
# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
# List of virtual alias domains. This uses the same
# syntax as the mydestination parameter.
#
# propagate_unmatched_extensions
# A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the
# original address to the result. Specify zero or
# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
# List of domains that this mail system considers
# local.
#
# myorigin
# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
# Give special treatment to owner-xxx and xxx-request
# addresses.
#
# proxy_interfaces
# Other interfaces that this machine receives mail on
# by way of a proxy agent or network address transla-
# tor.
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# canonical(5), canonical address mapping
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# VIRTUAL(5)

72
install/firewallUtilities.py Normal file
View File

@@ -0,0 +1,72 @@
import sys
import subprocess
import shutil
import installLog as logging
import argparse
import os
import shlex
import socket
class FirewallUtilities:
@staticmethod
def addRule(proto,port):
try:
if port == "21":
command = "firewall-cmd --add-service=ftp --permanent"
cmd = shlex.split(command)
res = subprocess.call(cmd)
command = 'firewall-cmd --add-port=' + port +'/' + proto +' --permanent'
cmd = shlex.split(command)
res = subprocess.call(cmd)
command = 'firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd)
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [addRule]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [addRule]")
return 0
return 1
@staticmethod
def deleteRule(proto, port):
try:
if port=="21":
command = "firewall-cmd --remove-service=ftp --permanent"
cmd = shlex.split(command)
res = subprocess.call(cmd)
command = 'firewall-cmd --remove-port=' + port + '/' + proto +' --permanent'
cmd = shlex.split(command)
res = subprocess.call(cmd)
command = 'firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd)
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [deleteRule]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [deleteRule]")
return 0
return 1

1
install/gun-configs/gunicorn.conf Normal file
View File

@@ -0,0 +1 @@
d /run/gunicorn 0755 root root -

19
install/gun-configs/gunicorn.service Normal file
View File

@@ -0,0 +1,19 @@
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target
[Service]
PIDFile=/run/gunicorn/pid
User=root
Group=root
RuntimeDirectory=gunicorn
WorkingDirectory=/usr/local/CyberCP
ExecStart=/usr/bin/gunicorn --pid /run/gunicorn/gucpid \
--bind 127.0.0.1:5003 CyberCP.wsgi
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

8
install/gun-configs/gunicorn.socket Normal file
View File

@@ -0,0 +1,8 @@
[Unit]
Description=gunicorn socket
[Socket]
ListenStream=127.0.0.1:5003
[Install]
WantedBy=sockets.target

1904
install/install.py Normal file
View File

File diff suppressed because it is too large Load Diff

1148
install/installCyberPanel.py Normal file
View File

File diff suppressed because it is too large Load Diff

21
install/installLog.py Normal file
View File

@@ -0,0 +1,21 @@
import subprocess
class InstallLog:
fileName = "installLogs.txt"
@staticmethod
def writeToFile(message):
file = open(InstallLog.fileName,'a')
file.writelines(message + "\n")
file.close()
@staticmethod
def readLastNFiles(numberOfLines):
try:
lastFewLines = subprocess.check_output(["tail", "-n",str(numberOfLines),CyberCPLogFileWriter.fileName])
return lastFewLines
except subprocess.CalledProcessError,msg:
CyberCPLogFileWriter.writeToFile(str(msg) + "[readLastNFiles]")

BIN
install/installLog.pyc Normal file
View File

Binary file not shown.

196
install/litespeed/conf/httpd_config.conf Normal file
View File

@@ -0,0 +1,196 @@
#
# PLAIN TEXT CONFIGURATION FILE
#
serverName lscp
user nobody
group nobody
priority 0
inMemBufSize 60M
swappingDir /tmp/lshttpd/swap
autoFix503 1
gracefulRestartTimeout 300
mime $SERVER_ROOT/conf/mime.properties
showVersionNumber 0
adminEmails root@localhost
adminRoot $SERVER_ROOT/admin/
errorlog $SERVER_ROOT/logs/error.log {
logLevel DEBUG
debugLevel 0
rollingSize 10M
enableStderrLog 1
}
accesslog $SERVER_ROOT/logs/access.log {
rollingSize 10M
keepDays 30
compressArchive 0
}
indexFiles index.html, index.php
expires {
enableExpires 1
expiresByType image/*=A604800, text/css=A604800, application/x-javascript=A604800
}
tuning {
eventDispatcher best
maxConnections 2000
maxSSLConnections 1000
connTimeout 300
maxKeepAliveReq 1000
smartKeepAlive 0
keepAliveTimeout 5
sndBufSize 0
rcvBufSize 0
maxReqURLLen 8192
maxReqHeaderSize 16380
maxReqBodySize 2047M
maxDynRespHeaderSize 8192
maxDynRespSize 2047M
maxCachedFileSize 4096
totalInMemCacheSize 20M
maxMMapFileSize 256K
totalMMapCacheSize 40M
useSendfile 1
fileETag 28
enableGzipCompress 1
enableDynGzipCompress 1
gzipCompressLevel 6
compressibleTypes text/*,application/x-javascript,application/javascript,application/xml, image/svg+xml
gzipAutoUpdateStatic 1
gzipStaticCompressLevel 6
gzipMaxFileSize 1M
gzipMinFileSize 300
SSLCryptoDevice null
}
fileAccessControl {
followSymbolLink 1
checkSymbolLink 0
requiredPermissionMask 000
restrictedPermissionMask 000
}
perClientConnLimit {
staticReqPerSec 0
dynReqPerSec 0
outBandwidth 0
inBandwidth 0
softLimit 10000
hardLimit 10000
gracePeriod 15
banPeriod 300
}
CGIRLimit {
maxCGIInstances 20
minUID 11
minGID 10
priority 0
CPUSoftLimit 10
CPUHardLimit 50
memSoftLimit 460M
memHardLimit 470M
procSoftLimit 400
procHardLimit 450
}
accessDenyDir {
dir /
dir /etc/*
dir /dev/*
dir $SERVER_ROOT/conf/*
dir $SERVER_ROOT/admin/conf/*
}
accessControl {
allow ALL
}
scripthandler {
add lsapi:php70 php
}
railsDefaults {
maxConns 5
env LSAPI_MAX_REQS=1000
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 1
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
module cache {
param <<<END_param
enableCache 0
qsCache 1
reqCookieCache 1
respCookieCache 1
ignoreReqCacheCtrl 1
ignoreRespCacheCtrl 0
enablePrivateCache 0
privateExpireInSeconds 1000
expireInSeconds 1000
storagePath cachedata
checkPrivateCache 1
checkPublicCache 1
END_param
}
listener Default{
address *:80
secure 0
map Example *
}
vhTemplate centralConfigLog {
templateFile $SERVER_ROOT/conf/templates/ccl.conf
listeners Default
}
vhTemplate PHP_SuEXEC {
templateFile $SERVER_ROOT/conf/templates/phpsuexec.conf
listeners Default
}
vhTemplate EasyRailsWithSuEXEC {
templateFile $SERVER_ROOT/conf/templates/rails.conf
listeners Default
}
virtualHost Example{
vhRoot $SERVER_ROOT/Example/
allowSymbolLink 1
enableScript 1
restrained 1
maxKeepAliveReq
smartKeepAlive
setUIDMode 0
chrootMode 0
configFile $SERVER_ROOT/conf/vhosts/Example/vhconf.conf
}
include phpconfigs/php53.conf
include phpconfigs/php54.conf
include phpconfigs/php55.conf
include phpconfigs/php56.conf
include phpconfigs/php70.conf
include phpconfigs/php71.conf

158
install/litespeed/conf/mime.properties Executable file
View File

@@ -0,0 +1,158 @@
default = application/octet-stream
3gp = video/3gpp
3g2 = video/3gpp2
ai, eps = application/postscript
aif, aifc, aiff = audio/x-aiff
asc = text/plain
asf = video/asf
asx = video/x-ms-asf
au = audio/basic
avi = video/x-msvideo
bcpio = application/x-bcpio
bmp = image/bmp
bin = application/octet-stream
bz, bz2 = application/x-bzip
cdf = application/x-netcdf
class = application/java-vm
cpio = application/x-cpio
cpt = application/mac-compactpro
crt = application/x-x509-ca-cert
csh = application/x-csh
css = text/css
dcr,dir, dxr = application/x-director
dms = application/octet-stream
doc = application/msword
dtd = application/xml-dtd
dvi = application/x-dvi
eot = application/vnd.ms-fontobject
etx = text/x-setext
exe = application/x-executable
ez = application/andrew-inset
flv = video/x-flv
gif = image/gif
gtar = application/x-gtar
gz, gzip = application/gzip
hdf = application/x-hdf
hqx = application/mac-binhex40
htc = text/x-component
html, htm = text/html
ice = x-conference/x-cooltalk
ico = image/x-icon
ief = image/ief
iges, igs = model/iges
iso = application/x-cd-image
java = text/plain
jar = application/java-archive
jnlp = application/x-java-jnlp-file
jpeg, jpe, jpg = image/jpeg
js = application/x-javascript
js2 = application/javascript
js3 = text/javascript
json = application/json
jsp = text/plain
kar = audio/midi
latex = application/x-latex
lha, lzh = application/octet-stream
man = application/x-troff-man
mdb = application/vnd.ms-access
me = application/x-troff-me
mesh = model/mesh
mid, midi = audio/midi
mif = application/vnd.mif
movie = video/x-sgi-movie
mov = video/quicktime
mp2, mp3, mpga = audio/mpeg
mpeg, mpe, mpg = video/mpeg
mp4 = video/mp4
mpp = application/vnd.ms-project
ms = application/x-troff-ms
msh = model/mesh
nc = application/x-netcdf
oda = application/oda
odb = application/vnd.oasis.opendocument.database
odc = application/vnd.oasis.opendocument.chart
odf = application/vnd.oasis.opendocument.formula
odg = application/vnd.oasis.opendocument.graphics
odi = application/vnd.oasis.opendocument.image
odp = application/vnd.oasis.opendocument.presentation
ods = application/vnd.oasis.opendocument.spreadsheet
odt = application/vnd.oasis.opendocument.text
ogg = audio/ogg
otf = application/x-font-woff
pbm = image/x-portable-bitmap
pdb = chemical/x-pdb
pdf = application/pdf
pgm = image/x-portable-graymap
pgn = application/x-chess-pgn
pls = audio/x-scpls
png = image/png
pnm = image/x-portable-anymap
ppm = image/x-portable-pixmap
ppt = application/vnd.ms-powerpoint
ps = application/postscript
qt,qtvr = video/quicktime
ra = audio/x-realaudio
ram, rm = audio/x-pn-realaudio
rar = application/x-rar-compressed
ras = image/x-cmu-raster
rgb = image/x-rgb
roff, t, tr = application/x-troff
rss = application/rss+xml
rsd = application/rsd+xml
rtf = application/rtf
rtx = text/richtext
ser = application/java-serialized-object
sgml, sgm = text/sgml
sh = application/x-sh
shar = application/x-shar
shtml = application/x-httpd-shtml
silo = model/mesh
sit = application/x-stuffit
skd, skm, skp, skt = application/x-koan
smi,smil = application/smil
snd = audio/basic
spl = application/x-futuresplash
sql = text/x-sql
src = application/x-wais-source
sv4cpio = application/x-sv4cpio
sv4crc = application/x-sv4crc
svg, svgz = image/svg+xml
swf = application/x-shockwave-flash
tar = application/x-tar
tcl = application/x-tcl
tex = application/x-tex
texi, texinfo = application/x-texinfo
tgz = application/x-gtar
tiff, tif = image/tiff
tsv = text/tab-separated-values
ttf, ttc = application/x-font-ttf
txt = text/plain
ustar = application/x-ustar
vcd = application/x-cdlink
vrml = model/vrml
vxml = application/voicexml+xml
wav = audio/vnd.wave
wax = audio/x-ms-wax
wbmp = image/vnd.wap.wbmp
wma = audio/x-ms-wma
wml = text/vnd.wap.wml
wmlc = application/vnd.wap.wmlc
wmls = text/vnd.wap.wmlscript
wmlsc = application/vnd.wap.wmlscriptc
woff = application/font-woff
woff2 = font/woff2
woff_o1 = application/x-font-woff
wtls-ca-certificate = application/vnd.wap.wtls-ca-certificate
wri = application/vnd.ms-write
wrl = model/vrml
xbm = image/x-xbitmap
xhtml, xht = application/xhtml+xml
xls = application/vnd.ms-excel
xml, xsd, xsl = application/xml
xslt = application/xslt+xml
xpm = image/x-xpixmap
xwd = image/x-xwindowdump
xyz = chemical/x-pdb
zip = application/zip
z = application/compress

86
install/litespeed/conf/templates/ccl.conf Executable file
View File

@@ -0,0 +1,86 @@
allowSymbolLink 1
chrootMode 0
enableScript 1
restrained 1
setUIDMode 0
vhRoot $SERVER_ROOT/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
virtualHostConfig {
enableGzip 1
docRoot $VH_ROOT/html/
hotlinkCtrl {
allowedHosts
enableHotlinkCtrl 0
suffixes gif, jpeg, jpg
allowDirectAccess 1
redirectUri
onlySelf 1
}
general {
enableContextAC 0
}
expires {
expiresDefault
enableExpires 1
}
rewrite {
enable 0
logLevel 0
rules <<<MY_END
RewriteCond %{HTTP_USER_AGENT} ^NameOfBadRobot
RewriteRule ^/nospider/ - [F]
MY_END
}
index {
useServer 0
autoIndex 0
indexFiles index.html
autoIndexURI /_autoindex/default.php
}
accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
useServer 0
keepDays 30
rollingSize 100M
compressArchive 1
logUserAgent 1
logReferer 1
}
errorlog {
useServer 1
}
htAccess {
allowOverride 0
accessFileName .htaccess
}
context /cgi-bin/{
type cgi
location $VH_ROOT/cgi-bin/
allowBrowse 1
}
awstats {
updateMode 0
siteAliases 127.0.0.1 localhost
updateInterval 86400
updateOffset 0
siteDomain localhost
workingDir $VH_ROOT/awstats
awstatsURI /awstats/
}
accessControl {
deny
allow *
}
}

111
install/litespeed/conf/templates/ccl.conf0,v Executable file
View File

@@ -0,0 +1,111 @@
head 1.1;
access;
symbols;
locks
root:1.1; strict;
comment @# @;
1.1
date 2017.08.17.05.47.23; author root; state Exp;
branches;
next ;
desc
@/usr/local/CyberCP/conf/templates/ccl.conf0
@
1.1
log
@Update
@
text
@allowSymbolLink 1
chrootMode 0
enableScript 1
restrained 1
setUIDMode 0
vhRoot $SERVER_ROOT/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
virtualHostConfig {
enableGzip 1
docRoot $VH_ROOT/html/
hotlinkCtrl {
allowedHosts
enableHotlinkCtrl 0
suffixes gif, jpeg, jpg
allowDirectAccess 1
redirectUri
onlySelf 1
}
general {
enableContextAC 0
}
expires {
expiresDefault
enableExpires 1
}
rewrite {
enable 0
logLevel 0
rules <<<MY_END
RewriteCond %{HTTP_USER_AGENT} ^NameOfBadRobot
RewriteRule ^/nospider/ - [F]
MY_END
}
index {
useServer 0
autoIndex 0
indexFiles index.html
autoIndexURI /_autoindex/default.php
}
accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
useServer 0
keepDays 30
rollingSize 100M
compressArchive 1
logUserAgent 1
logReferer 1
}
errorlog {
useServer 1
}
htAccess {
allowOverride 0
accessFileName .htaccess
}
context /cgi-bin/{
type cgi
location $VH_ROOT/cgi-bin/
allowBrowse 1
}
awstats {
updateMode 0
siteAliases 127.0.0.1 localhost
updateInterval 86400
updateOffset 0
siteDomain localhost
workingDir $VH_ROOT/awstats
awstatsURI /awstats/
}
accessControl {
deny
allow *
}
}
@

100
install/litespeed/conf/templates/phpsuexec.conf Executable file
View File

@@ -0,0 +1,100 @@
allowSymbolLink 1
chrootMode 0
enableScript 1
restrained 1
setUIDMode 2
vhRoot $SERVER_ROOT/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
virtualHostConfig {
enableGzip 1
docRoot $VH_ROOT/public_html/
htAccess {
accessFileName .htaccess
allowOverride 31
}
rewrite {
enable 0
logLevel 0
}
awstats {
updateMode 0
workingDir $VH_ROOT/awstats
awstatsURI /awstats/
siteDomain localhost
siteAliases 127.0.0.1 localhost
updateInterval 86400
updateOffset 0
securedConn 0
}
extProcessor $VH_NAME_lsphp{
path $SERVER_ROOT/fcgi-bin/lsphp
backlog 10
instances 5
runOnStartUp 0
respBuffer 0
autoStart 1
extMaxIdleTime 60
priority 0
memSoftLimit 100M
memHardLimit 150M
procSoftLimit 100
procHardLimit 200
type lsapi
address uds://tmp/lshttpd/$VH_NAME_lsphp.sock
maxConns 5
initTimeout 60
retryTimeout 0
persistConn 1
pcKeepAliveTimeout 30
}
index {
useServer 0
autoIndex 0
autoIndexURI /_autoindex/default.php
indexFiles index.html
}
accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
keepDays 30
rollingSize 100M
compressArchive 1
useServer 0
logHeaders 3
}
errorlog {
useServer 1
}
hotlinkCtrl {
enableHotlinkCtrl 0
suffixes gif, jpeg, jpg
allowDirectAccess 1
onlySelf 1
}
accessControl {
allow *
}
scriptHandler {
add lsapi:$VH_NAME_lsphp php
}
expires {
enableExpires 1
}
context /cgi-bin/{
type cgi
location $VH_ROOT/cgi-bin/
accessControl
rewrite
}
}

125
install/litespeed/conf/templates/phpsuexec.conf0,v Executable file
View File

@@ -0,0 +1,125 @@
head 1.1;
access;
symbols;
locks
root:1.1; strict;
comment @# @;
1.1
date 2017.08.17.05.47.23; author root; state Exp;
branches;
next ;
desc
@/usr/local/CyberCP/conf/templates/phpsuexec.conf0
@
1.1
log
@Update
@
text
@allowSymbolLink 1
chrootMode 0
enableScript 1
restrained 1
setUIDMode 2
vhRoot $SERVER_ROOT/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
virtualHostConfig {
enableGzip 1
docRoot $VH_ROOT/public_html/
htAccess {
accessFileName .htaccess
allowOverride 31
}
rewrite {
enable 0
logLevel 0
}
awstats {
updateMode 0
workingDir $VH_ROOT/awstats
awstatsURI /awstats/
siteDomain localhost
siteAliases 127.0.0.1 localhost
updateInterval 86400
updateOffset 0
securedConn 0
}
extProcessor $VH_NAME_lsphp{
path $SERVER_ROOT/fcgi-bin/lsphp
backlog 10
instances 5
runOnStartUp 0
respBuffer 0
autoStart 1
extMaxIdleTime 60
priority 0
memSoftLimit 100M
memHardLimit 150M
procSoftLimit 100
procHardLimit 200
type lsapi
address uds://tmp/lshttpd/$VH_NAME_lsphp.sock
maxConns 5
initTimeout 60
retryTimeout 0
persistConn 1
pcKeepAliveTimeout 30
}
index {
useServer 0
autoIndex 0
autoIndexURI /_autoindex/default.php
indexFiles index.html
}
accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
keepDays 30
rollingSize 100M
compressArchive 1
useServer 0
logHeaders 3
}
errorlog {
useServer 1
}
hotlinkCtrl {
enableHotlinkCtrl 0
suffixes gif, jpeg, jpg
allowDirectAccess 1
onlySelf 1
}
accessControl {
allow *
}
scriptHandler {
add lsapi:$VH_NAME_lsphp php
}
expires {
enableExpires 1
}
context /cgi-bin/{
type cgi
location $VH_ROOT/cgi-bin/
accessControl
rewrite
}
}
@

76
install/litespeed/conf/templates/rails.conf Executable file
View File

@@ -0,0 +1,76 @@
allowSymbolLink 1
chrootMode 0
enableScript 1
restrained 1
setUIDMode 2
vhRoot $SERVER_ROOT/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
virtualHostConfig {
enableGzip 1
docRoot $VH_ROOT/public/
accessControl {
allow *
}
hotlinkCtrl {
suffixes gif, jpeg, jpg
allowDirectAccess 1
onlySelf 1
enableHotlinkCtrl 0
}
rewrite {
enable 0
logLevel 0
}
index {
useServer 0
autoIndex 0
indexFiles index.html
autoIndexURI /_autoindex/default.php
}
accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
logHeaders 3
compressArchive 0
useServer 0
keepDays 30
rollingSize 500M
}
errorlog {
useServer 1
}
context /{
railsEnv 1
maxConns 5
location $VH_ROOT/
type rails
accessControl
addDefaultCharset off
}
htAccess {
allowOverride 0
accessFileName .htaccess
}
expires {
enableExpires 1
}
awstats {
workingDir $VH_ROOT/awstats
awstatsURI /awstats/
siteDomain localhost
siteAliases 127.0.0.1 localhost
updateMode 0
updateInterval 86400
updateOffset 0
securedConn 0
}
}

101
install/litespeed/conf/templates/rails.conf0,v Executable file
View File

@@ -0,0 +1,101 @@
head 1.1;
access;
symbols;
locks
root:1.1; strict;
comment @# @;
1.1
date 2017.08.17.05.47.23; author root; state Exp;
branches;
next ;
desc
@/usr/local/CyberCP/conf/templates/rails.conf0
@
1.1
log
@Update
@
text
@allowSymbolLink 1
chrootMode 0
enableScript 1
restrained 1
setUIDMode 2
vhRoot $SERVER_ROOT/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
virtualHostConfig {
enableGzip 1
docRoot $VH_ROOT/public/
accessControl {
allow *
}
hotlinkCtrl {
suffixes gif, jpeg, jpg
allowDirectAccess 1
onlySelf 1
enableHotlinkCtrl 0
}
rewrite {
enable 0
logLevel 0
}
index {
useServer 0
autoIndex 0
indexFiles index.html
autoIndexURI /_autoindex/default.php
}
accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
logHeaders 3
compressArchive 0
useServer 0
keepDays 30
rollingSize 500M
}
errorlog {
useServer 1
}
context /{
railsEnv 1
maxConns 5
location $VH_ROOT/
type rails
accessControl
addDefaultCharset off
}
htAccess {
allowOverride 0
accessFileName .htaccess
}
expires {
enableExpires 1
}
awstats {
workingDir $VH_ROOT/awstats
awstatsURI /awstats/
siteDomain localhost
siteAliases 127.0.0.1 localhost
updateMode 0
updateInterval 86400
updateOffset 0
securedConn 0
}
}
@

4
install/litespeed/conf/vhosts/Example/htgroup Executable file
View File

@@ -0,0 +1,4 @@
group1: user1,user2, user3
group2:
user: user8, test
group3:

2
install/litespeed/conf/vhosts/Example/htpasswd Executable file
View File

@@ -0,0 +1,2 @@
test:kF2EDBE2Ux8sQ
user1:SQtevcsBBnBPY

119
install/litespeed/conf/vhosts/Example/vhconf.conf Normal file
View File

@@ -0,0 +1,119 @@
docRoot $VH_ROOT/html/
enableGzip 1
context /docs/{
allowBrowse 1
location $SERVER_ROOT/docs/
type NULL
}
context /protected/{
required user test
authName Protected
type NULL
allowBrowse 1
location protected/
realm SampleProtectedArea
accessControl {
deny
allow *
}
}
context /blocked/{
allowBrowse 0
type NULL
}
context /cgi-bin/{
allowBrowse 1
location $VH_ROOT/cgi-bin/
type cgi
}
expires {
enableExpires 1
}
index {
autoIndexURI /_autoindex/default.php
indexFiles index.html
autoIndex 0
useServer 0
}
errorPage 404{
url /error404.html
}
errorlog $VH_ROOT/logs/error.log{
logLevel DEBUG
rollingSize 10M
useServer 1
}
accessLog $VH_ROOT/logs/access.log{
compressArchive 0
logReferer 1
keepDays 30
rollingSize 10M
logUserAgent 1
useServer 0
}
htAccess {
accessFileName .htaccess
allowOverride 0
}
awstats {
updateInterval 86400
workingDir $VH_ROOT/awstats
updateOffset 0
siteDomain localhost
siteAliases 127.0.0.1 localhost
updateMode 0
awstatsURI /awstats/
}
rewrite {
enable 0
logLevel 0
rules <<<END_rules
RewriteCond %{HTTP_USER_AGENT} ^NameOfBadRobot
RewriteRule ^/nospider/ - [F]
END_rules
}
hotlinkCtrl {
suffixes gif, jpeg, jpg
allowedHosts
allowDirectAccess 1
enableHotlinkCtrl 0
onlySelf 1
}
accessControl {
deny
allow *
}
realm SampleProtectedArea {
userDB {
cacheTimeout 60
maxCacheSize 200
location $SERVER_ROOT/conf/vhosts/Example/htpasswd
}
groupDB {
cacheTimeout 60
maxCacheSize 200
location $SERVER_ROOT/conf/vhosts/Example/htgroup
}
}
general {
enableContextAC 0
}

12
install/lscpd/lscpd.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description = LSCPD Daemon
[Service]
Type=forking
ExecStart = /usr/local/lscp/bin/lscpdctrl start
ExecStop = /usr/local/lscp/bin/lscpdctrl stop
Restart= /usr/local/lscp/bin/lscpdctrl restart
Restart=on-abnormal
[Install]
WantedBy=default.target

259
install/lscpd/lscpdctrl Normal file
View File

@@ -0,0 +1,259 @@
#!/bin/sh
# resolve links - $0 may be a softlink
PROG="$0"
PIDFILE=/tmp/lscpd/lscpd.pid
GRACEFUL_PIDFILE=/tmp/lscpd/lscpd.pid
#if [ -d "/usr/local/cpanel" ]; then
# WSWATCH=1
#fi
EXECUTABLE=lscpd
DESC="lscpd"
BASE_DIR=`dirname "$PROG"`
cd "$BASE_DIR"
BASE_DIR=`pwd`
RESTART_LOG="$BASE_DIR/../logs/lsrestart.log"
if [ ! -x "$BASE_DIR"/"$EXECUTABLE" ]; then
echo "[ERROR] Cannot find $BASE_DIR/$EXECUTABLE"
exit 1
fi
SYS_NAME=`uname -s`
if [ "x$SYS_NAME" = "xFreeBSD" ] || [ "x$SYS_NAME" = "xDarwin" ] ; then
PS_CMD="ps -ax"
else
PS_CMD="ps -ef"
fi
test_running()
{
RUNNING=0
if [ -f $PIDFILE ] ; then
FPID=`cat $PIDFILE`
if [ "x$FPID" != "x" ]; then
kill -0 $FPID 2>/dev/null
if [ $? -eq 0 ] ; then
RUNNING=1
PID=$FPID
fi
fi
fi
RESTARTING=0
if [ -f "$BASE_DIR"/"../admin/tmp/.restart" ]; then
RESTARTING=1
fi
}
ret=0
killwatch()
{
WATCH_PROCS=`$PS_CMD | grep wswatch.sh | grep -v grep | wc -l`
if [ $WATCH_PROCS -gt 0 ]; then
killall wswatch.sh
fi
}
start()
{
if [ -f "get_trial_key.sh" ]; then
./get_trial_key.sh
fi
killwatch
if [ -f "$PIDFILE" ]; then
PID=`cat $PIDFILE`
else
PID=""
fi
./$EXECUTABLE
ret=$?
if [ $ret -eq 0 ]; then
NEW_PID=`cat $PIDFILE`
if [ "x$NEW_PID" = "x$PID" ] || [ "x$NEW_PID" = "x" ]; then
sleep 1
NEW_PID=`cat $PIDFILE`
fi
echo "[OK] $DESC: pid=$NEW_PID."
test_running
if [ "x$WSWATCH" = "x1" ]; then
./wswatch.sh &
fi
else
echo "[ERROR] Failed to start $DESC!"
fi
}
stop()
{
killwatch
kill -USR2 $PID
kill $PID
ret=$?
if [ $ret -eq 0 ]; then
# if [ -f $PIDFILE ]; then
# sleep 1
# fi
echo "[OK] $DESC: stopped."
else
echo "[ERROR] can not kill $DESC"
fi
}
do_restart()
{
if [ $RUNNING -eq 1 ]; then
kill -USR1 $PID
ret=$?
if [ $ret -ne 0 ]; then
echo "[ERROR] cannot gracefully restart $DESC"
else
echo "[OK] Send SIGUSR1 to $PID"
fi
else
start
fi
}
log7080()
{
if [ "x$SYS_NAME" = "xLinux" ]; then
echo "checking port 7080 usage with netstat" >> $RESTART_LOG
netstat -anp | grep 7080 >> $RESTART_LOG
echo "checking port 7080 usage with lsof" >> $RESTART_LOG
lsof -i TCP:7080 >> $RESTART_LOG
fi
}
restart()
{
SPID=$PID
TRY=1
if [ $RUNNING -eq 1 ]; then
do_restart
if [ $RESTARTING -eq 1 ]; then
exit 0
fi
sleep 2
test_running
else
if [ $RESTARTING -eq 1 ]; then
if [ -f $GRACEFUL_PIDFILE ]; then
GPID=`cat $GRACEFUL_PIDFILE`
if [ "x$GPID" != 'x' ]; then
if [ $GPID -ne 0 ] && [ $GPID -ne 1 ]; then
killall -9 $EXECUTABLE
fi
fi
fi
fi
start
sleep 2
test_running
fi
while [ $TRY -lt 15 ] && [ "x$PID" = "x$SPID" ]; do
TRY=`expr $TRY + 1`
sleep 1
test_running
done
if [ $RUNNING -eq 0 ]; then
echo "LSWS does not restart properly, check port 7080" >> $RESTART_LOG
#log7080
killall -9 $EXECUTABLE
sleep 1
echo "check port 7080 after kill all $EXECUTABLE processes " >> $RESTART_LOG
#log7080
start
fi
}
reload()
{
restart
# kill -HUP $PID
# ret=$?
# if [ $ret -eq 0 ]; then
# echo "[OK] $DESC: configuration reloaded"
# else
# echo "[ERROR] Can't send SIGHUP to $DESC"
# fi
}
help() {
echo $"Usage: $PROG {start|stop|restart|reload|condrestrt|try-restart|status|help}"
cat <<EOF
start - start web server
stop - stop web server
restart - gracefully restart web server with zero down time
reload - same as restart
condrestart - gracefully restart web server if server is running
try-restart - same as condrestart
status - show service status
help - this screen
EOF
}
test_running
date >> $RESTART_LOG
echo "$1, LSWS running: $RUNNING" >> $RESTART_LOG
case "$1" in
start|restart)
restart
;;
condrestart|try-restart)
if [ $RUNNING -eq 1 ]; then
restart
fi
;;
status)
if [ $RUNNING -eq 1 ]; then
echo "$DESC is running with PID $PID."
else
echo "[ERROR] $DESC is not running."
fi
;;
stop)
if [ $RUNNING -eq 0 ]; then
sleep 1
test_running
fi
if [ $RUNNING -eq 1 ]; then
stop
else
echo "[ERROR] $DESC is not running."
ret=1
fi
;;
stophttpd)
if [ $RUNNING -eq 1 ]; then
kill $PID
fi
;;
reload)
if [ $RUNNING -eq 1 ]; then
reload
else
echo "[ERROR] $DESC is not running."
ret=2
fi
;;
*)
help
ret=3
;;
esac
exit $ret

5
install/mysql/MariaDB.repo Normal file
View File

@@ -0,0 +1,5 @@
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

17
install/mysql/my.cnf Normal file
View File

@@ -0,0 +1,17 @@
[mysqld_multi]
mysqld = /usr/bin/mysqld_safe
[mysqld]
user= mysql
pid-file= /var/lib/mysql/mysql.pid
socket= /var/lib/mysql/mysql.sock
port= 3306
datadir= /var/lib/mysql
[mysqld1]
user= mysql
pid-file= /var/lib/mysql1/mysql.pid
socket= /var/lib/mysql1/mysql.sock
port= 3307
datadir= /var/lib/mysql1

16
install/mysql/mysqld@.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=MySQL Multi Server for instance %i
After=syslog.target
After=network.target
[Service]
User=mysql
Group=mysql
Type=forking
ExecStart=/usr/bin/mysqld_multi start %i
ExecStop=/usr/bin/mysqld_multi stop %i
Restart=always
PrivateTmp=true
[Install]
WantedBy=multi-user.target

141
install/mysqlUtilities.py Normal file
View File

@@ -0,0 +1,141 @@
import pexpect
import installLog as logging
class mysqlUtilities:
@staticmethod
def SendQuery(user, password, dbname, query):
try:
expectation = "Enter password:"
securemysql = pexpect.spawn("mysql -u "+user+" -p")
securemysql.expect(expectation)
securemysql.sendline(password)
expectation = ["Access denied for user", "Welcome to the MariaDB monitor"]
index = securemysql.expect(expectation)
if index == 0:
return "Wrong Password"
else:
securemysql.sendline("USE "+dbname+";")
expectation = "Database changed"
securemysql.expect(expectation)
expectation = "Query OK"
securemysql.sendline(query);
securemysql.expect(expectation)
securemysql.sendline("exit");
securemysql.wait()
return 1
except pexpect.EOF, msg:
logging.InstallLog.writeToFile(str(msg) + " Exception EOF [SendQuery]")
except BaseException, msg:
logging.InstallLog.writeToFile(str(msg) + "[SendQuery]")
@staticmethod
def createDatabase(dbname,dbuser,dbpassword):
try:
passFile = "/etc/cyberpanel/mysqlPassword"
f = open(passFile)
data = f.read()
password = data.split('\n', 1)[0]
expectation = "Enter password:"
securemysql = pexpect.spawn("mysql -u root -p")
securemysql.expect(expectation)
securemysql.sendline(password)
expectation = ["Access denied for user", "Welcome to the MariaDB monitor"]
index = securemysql.expect(expectation)
if index == 0:
return "Wrong root Password"
else:
securemysql.sendline("CREATE DATABASE "+dbname+";")
expectation = ["database exists","Query OK"]
index = securemysql.expect(expectation)
if index == 0:
return "This database already exists, please choose another name."
elif index == 1:
securemysql.sendline("CREATE USER '" +dbuser+ "'@'localhost' IDENTIFIED BY '"+dbpassword+"';")
expectation = ["CREATE USER failed","Query OK"]
index = securemysql.expect(expectation)
if index == 0:
securemysql.sendline("DROP DATABASE IF EXISTS "+dbname+";")
return "This user already exists, please choose another user."
else:
securemysql.sendline("GRANT ALL PRIVILEGES ON " +dbname+ ".* TO '" +dbuser+ "'@'localhost';")
expectation = "Query OK"
securemysql.expect(expectation)
securemysql.sendline("exit")
securemysql.wait()
return 1
except pexpect.EOF, msg:
logging.InstallLog.writeToFile(str(msg) + " Exception EOF [createDatabase]")
except BaseException, msg:
logging.InstallLog.writeToFile(str(msg) + "[createDatabase]")
@staticmethod
def createDatabaseCyberPanel(dbname,dbuser,dbpassword):
try:
passFile = "/etc/cyberpanel/mysqlPassword"
f = open(passFile)
data = f.read()
password = data.split('\n', 1)[0]
expectation = "Enter password:"
securemysql = pexpect.spawn("mysql --host=127.0.0.1 --port=3307 -u root -p")
securemysql.expect(expectation)
securemysql.sendline(password)
expectation = ["Access denied for user", "Welcome to the MariaDB monitor"]
index = securemysql.expect(expectation)
if index == 0:
return "Wrong root Password"
else:
securemysql.sendline("CREATE DATABASE "+dbname+";")
expectation = ["database exists","Query OK"]
index = securemysql.expect(expectation)
if index == 0:
return "This database already exists, please choose another name."
elif index == 1:
securemysql.sendline("CREATE USER '" +dbuser+ "'@'localhost' IDENTIFIED BY '"+dbpassword+"';")
expectation = ["CREATE USER failed","Query OK"]
index = securemysql.expect(expectation)
if index == 0:
securemysql.sendline("DROP DATABASE IF EXISTS "+dbname+";")
return "This user already exists, please choose another user."
else:
securemysql.sendline("GRANT ALL PRIVILEGES ON " +dbname+ ".* TO '" +dbuser+ "'@'localhost';")
expectation = "Query OK"
securemysql.expect(expectation)
securemysql.sendline("exit")
securemysql.wait()
return 1
except pexpect.EOF, msg:
logging.InstallLog.writeToFile(str(msg) + " Exception EOF [createDatabase]")
except BaseException, msg:
logging.InstallLog.writeToFile(str(msg) + "[createDatabase]")

BIN
install/mysqlUtilities.pyc Normal file
View File

Binary file not shown.

BIN
install/openlitespeed-1.4.28.tgz Normal file
View File

Binary file not shown.

1834
install/php-configs/php.ini Normal file
View File

File diff suppressed because it is too large Load Diff

424
install/php-configs/www.conf Normal file
View File

@@ -0,0 +1,424 @@
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or @php_fpm_prefix@) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = nginx
group = nginx
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all IPv4 addresses on a
; specific port;
; '[::]:port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; WARNING: If you switch to a unix socket, you have to grant your webserver user
; access to that socket by setting listen.acl_users to the webserver user.
;
listen = /run/php-fpm/www.sock
; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = root
listen.group = root
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users = apache,nginx
;listen.acl_users = apache
;listen.acl_users = nginx
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 50
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 35
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: @EXPANDED_DATADIR@/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or @prefix@)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/www/html
php_value[soap.wsdl_cache_dir] = /var/lib/php-fpm/wsdlcache

15
install/phpconfigs/php53.conf Normal file
View File

@@ -0,0 +1,15 @@
extprocessor php53 {
type lsapi
address uds://tmp/lshttpd/lsphp53.sock
maxConns 50
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp53/bin/lsphp
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}

18
install/phpconfigs/php54.conf Normal file
View File

@@ -0,0 +1,18 @@
extprocessor php54 {
type lsapi
address uds://tmp/lshttpd/lsphp54.sock
maxConns 50
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp54/bin/lsphp
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}

16
install/phpconfigs/php55.conf Normal file
View File

@@ -0,0 +1,16 @@
extprocessor php55 {
type lsapi
address uds://tmp/lshttpd/lsphp55.sock
maxConns 50
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp55/bin/lsphp
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}

16
install/phpconfigs/php56.conf Normal file
View File

@@ -0,0 +1,16 @@
extprocessor php56 {
type lsapi
address uds://tmp/lshttpd/lsphp56.sock
maxConns 50
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp56/bin/lsphp
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}

16
install/phpconfigs/php70.conf Normal file
View File

@@ -0,0 +1,16 @@
extprocessor php70 {
type lsapi
address uds://tmp/lshttpd/lsphp70.sock
maxConns 50
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp70/bin/lsphp
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}

16
install/phpconfigs/php71.conf Normal file
View File

@@ -0,0 +1,16 @@
extprocessor php71 {
type lsapi
address uds://tmp/lshttpd/lsphp71.sock
maxConns 50
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp71/bin/lsphp
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}

32
install/pure-ftpd/pure-ftpd.conf Normal file
View File

@@ -0,0 +1,32 @@
ChrootEveryone yes
BrokenClientsCompatibility no
MaxClientsNumber 50
Daemonize yes
MaxClientsPerIP 8
VerboseLog no
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous no
SyslogFacility ftp
DontResolve yes
MaxIdleTime 15
MySQLConfigFile /etc/pure-ftpd/pureftpd-mysql.conf
PAMAuthentication yes
LimitRecursion 10000 8
AnonymousCanCreateDirs no
MaxLoad 4
AntiWarez yes
Umask 133:022
MinUID 1000
UseFtpUsers no
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload yes
AltLog clf:/var/log/pureftpd.log
CreateHomeDir yes
MaxDiskUsage 99
CustomerProof yes

88
install/pure-ftpd/pureftpd-ldap.conf Normal file
View File

@@ -0,0 +1,88 @@
#############################################
# #
# Sample Pure-FTPd LDAP configuration file. #
# See README.LDAP for explanations. #
# #
#############################################
# Optional: scheme to connect with to LDAP server. Default: ldap
# Other possible values: ldaps, ldapi, etc.
# Remember to set LDAPPort accordingly.
LDAPScheme ldap
# Optional: name of the LDAP server. Default: localhost
LDAPServer ldap.example.com
# Optional: server port. Default: 389
LDAPPort 389
# Mandatory: the base DN to search accounts from. No default.
LDAPBaseDN cn=Users,dc=c9x,dc=org
# Optional: who we should bind the server as.
# Default: binds anonymously or binds as 'ftp' user
LDAPBindDN cn=Manager,dc=c9x,dc=org
# Password if we don't bind anonymously
# This configuration file should be only readable by root
LDAPBindPW r00tPaSsw0rD
# Optional: default UID, when there's no entry in a user object
# LDAPDefaultUID 500
# Optional: default GID, when there's no entry in a user object
# LDAPDefaultGID 100
# Filter to use to find the object that contains user info
# \L is replaced by the login the user is trying to log in as
# The default filter is (&(objectClass=posixAccount)(uid=\L))
# LDAPFilter (&(objectClass=posixAccount)(uid=\L))
# Attribute to get the home directory
# Default is homeDirectory (the standard attribute from posixAccount)
# LDAPHomeDir homeDirectory
# LDAP protocol version to use
# Version 3 (default) is mandatory with recent releases of OpenLDAP.
# LDAPVersion 3
# Optional: use TLS to connect to the LDAP server
# Note: if ldaps scheme is used, this property has no effect
# LDAPUseTLS True
# Can be PASSWORD or BIND.
# PASSWORD retrieves objects and checks against the userPassword attribute
# BIND tries to bind
LDAPAuthMethod PASSWORD
# Optional: default home directory if there's LDAPHomeDir entry
# LDAPDefaultHomeDirectory /var/shared

11
install/pure-ftpd/pureftpd-mysql.conf Normal file
View File

@@ -0,0 +1,11 @@
MYSQLServer 127.0.0.1
MYSQLPort 3307
MYSQLSocket /var/lib/mysql1/mysql.sock
MYSQLDatabase cyberpanel
MYSQLCrypt md5
MYSQLGetDir SELECT Dir FROM users WHERE User='\L'
MYSQLGetGID SELECT Gid FROM users WHERE User='\L'
MYSQLGetPW SELECT Password FROM users WHERE User='\L'
MYSQLGetUID SELECT Uid FROM users WHERE User='\L'
MYSQLPassword 1qaz@9xvps
MYSQLUser cyberpanel

110
install/pure-ftpd/pureftpd-pgsql.conf Normal file
View File

@@ -0,0 +1,110 @@
###################################################
# #
# Sample Pure-FTPd PostgreSQL configuration file. #
# See README.PGSQL for explanations. #
# #
###################################################
# If PostgreSQL listens to a TCP socket
PGSQLServer localhost
PGSQLPort 5432
# *or* if PostgreSQL can only be reached through a local Unix socket
# PGSQLServer /tmp
# PGSQLPort .s.PGSQL.5432
# Mandatory : user to bind the server as.
PGSQLUser postgres
# Mandatory : user password. You *must* have a password.
PGSQLPassword rootpw
# Mandatory : database to open.
PGSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "scrypt", "crypt", "md5", "sha1" and "any"
PGSQLCrypt scrypt
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
PGSQLGetPW SELECT "Password" FROM users WHERE "User"='\L'
# Query to execute in order to fetch the system user name or uid
PGSQLGetUID SELECT "Uid" FROM users WHERE "User"='\L'
# Optional : default UID - if set this overrides PGSQLGetUID
#PGSQLDefaultUID 1000
# Query to execute in order to fetch the system user group or gid
PGSQLGetGID SELECT "Gid" FROM users WHERE "User"='\L'
# Optional : default GID - if set this overrides PGSQLGetGID
#PGSQLDefaultGID 1000
# Query to execute in order to fetch the home directory
PGSQLGetDir SELECT "Dir" FROM users WHERE "User"='\L'
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
# PGSQLGetQTAFS SELECT "QuotaFiles" FROM users WHERE "User"='\L'
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
# PGSQLGetQTASZ SELECT "QuotaSize" FROM users WHERE "User"='\L'
# Optional : ratios. The server has to be compiled with ratio support.
# PGSQLGetRatioUL SELECT "ULRatio" FROM users WHERE "User"='\L'
# PGSQLGetRatioDL SELECT "DLRatio" FROM users WHERE "User"='\L'
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
# PGSQLGetBandwidthUL SELECT "ULBandwidth" FROM users WHERE "User"='\L'
# PGSQLGetBandwidthDL SELECT "DLBandwidth" FROM users WHERE "User"='\L'

16
install/rainloop/cyberpanel.net.ini Normal file
View File

@@ -0,0 +1,16 @@
imap_host = "localhost"
imap_port = 143
imap_secure = "TLS"
imap_short_login = Off
sieve_use = Off
sieve_allow_raw = Off
sieve_host = ""
sieve_port = 4190
sieve_secure = "None"
smtp_host = "localhost"
smtp_port = 587
smtp_secure = "TLS"
smtp_short_login = Off
smtp_auth = On
smtp_php_mail = Off
white_list = ""

38
install/randomPassword.py Normal file
View File

@@ -0,0 +1,38 @@
from os import urandom
from random import choice
char_set = {'small': 'abcdefghijklmnopqrstuvwxyz',
'nums': '0123456789',
'big': 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
}
def generate_pass(length=14):
"""Function to generate a password"""
password = []
while len(password) < length:
key = choice(char_set.keys())
a_char = urandom(1)
if a_char in char_set[key]:
if check_prev_char(password, char_set[key]):
continue
else:
password.append(a_char)
return ''.join(password)
def check_prev_char(password, current_char_set):
"""Function to ensure that there are no consecutive
UPPERCASE/lowercase/numbers/special-characters."""
index = len(password)
if index == 0:
return False
else:
prev_char = password[index - 1]
if prev_char in current_char_set:
return True
else:
return False

197
install/unInstall.py Normal file
View File

@@ -0,0 +1,197 @@
import sys
import subprocess
import shutil
import installLog as logging
import argparse
import os
import shlex
import socket
class unInstallCyberPanel:
def unInstallCyberPanelRepo(self):
try:
copyPath = "/etc/yum.repos.d/cyberpanel.repo"
os.remove(copyPath)
except OSError,msg:
logging.InstallLog.writeToFile(str(msg)+ " [unInstallCyberPanelRepo]")
def removeGunicorn(self):
try:
os.chdir(self.cwd)
service = "/etc/systemd/system/gunicorn.service"
socket = "/etc/systemd/system/gunicorn.socket"
conf = "/etc/tmpfiles.d/gunicorn.conf"
os.remove(service)
os.remove(socket)
os.remove(conf)
except BaseException, msg:
logging.InstallLog.writeToFile(str(msg) + " [removeGunicorn]")
def removePostfixDovecot(self):
try:
command = 'yum -y remove postfix'
cmd = shlex.split(command)
res = subprocess.call(cmd)
shutil.rmtree("/etc/postfix")
shutil.rmtree("etc/dovecot")
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removePostfixDovecot]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removePostfixDovecot]")
return 0
return 1
def removeMysql(self):
try:
command = 'yum -y remove mariadb mariadb-server'
cmd = shlex.split(command)
res = subprocess.call(cmd)
shutil.rmtree("/var/lib/mysql")
os.remove("/etc/my.cnf")
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removeMysql]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removeMysql]")
return 0
return 1
def removeLiteSpeed(self):
try:
command = 'yum -y remove openlitespeed'
cmd = shlex.split(command)
res = subprocess.call(cmd)
shutil.rmtree("/usr/local/lsws")
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removeLiteSpeed]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removeLiteSpeed]")
return 0
return 1
def removeCyberPanel(self):
try:
shutil.rmtree("/usr/local/CyberCP")
os.remove("/usr/local/CyberCP2.tar.gz")
shutil.rmtree("/etc/cyberpanel")
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removeCyberPanel]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removeCyberPanel]")
return 0
return 1
def removePureFTPD(self):
try:
command = 'yum -y remove pure-ftpd'
cmd = shlex.split(command)
res = subprocess.call(cmd)
shutil.rmtree("/etc/pure-ftpd")
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removePureFTPD]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removePureFTPD]")
return 0
return 1
def removePowerDNS(self):
try:
command = 'yum -y remove pdns'
cmd = shlex.split(command)
res = subprocess.call(cmd)
shutil.rmtree("/etc/pdns")
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removePowerDNS]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removePowerDNS]")
return 0
return 1
def removePHP(self):
try:
command = 'yum -y remove lsphp*'
cmd = shlex.split(command)
res = subprocess.call(cmd)
shutil.rmtree("/etc/pdns")
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removePHP]")
return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [removePHP]")
return 0
return 1
def Main():
remove = unInstallCyberPanel()
remove.removeLiteSpeed()
remove.removeMysql()
remove.removePostfixDovecot()
remove.removePureFTPD()
remove.removeCyberPanel()
remove.removeGunicorn()
remove.unInstallCyberPanelRepo()
remove.removePowerDNS()
remove.removePHP()
print("##########################################")
print(" Successfully Uninstalled ")
print("##########################################")
Main()