Date: Sat, 28 Jun 2003 15:08:02 +0100 (BST) From: Dominic Marks <dominic.marks@btinternet.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/53875: Maintainer Update: mail/dovecot Message-ID: <200306281408.h5SE82wS007986@cus.org.uk> Resent-Message-ID: <200306281410.h5SEACKa081074@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 53875
>Category: ports
>Synopsis: Maintainer Update: mail/dovecot
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Jun 28 07:10:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Dominic Marks
>Release: FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD moo.cus.org.uk 4.7-STABLE FreeBSD 4.7-STABLE #4: Wed Apr 16 15:13:46 BST 2003 root@moo.cus.org.uk:/usr/obj/usr/src/sys/BAA i386
>Description:
mail/dovecot 0.99.10
o Synchronise README.FreeBSD with current reality.
o Improve security a little by adding a 'dovecot-auth'
user and group.
Not really worth a PORTREVISION bump. The pkg-install could
be simplified, the duplication was fast to do but is
inefficient.
>How-To-Repeat:
NA.
>Fix:
Index: pkg-install
===================================================================
RCS file: /vol/cvs/freebsd/ports/mail/dovecot/pkg-install,v
retrieving revision 1.2
diff -u -r1.2 pkg-install
--- pkg-install 3 May 2003 21:50:26 -0000 1.2
+++ pkg-install 28 Jun 2003 13:40:52 -0000
@@ -52,7 +52,7 @@
fi
fi
- if /usr/sbin/pw user show "${USER}" 2>/dev/null; then
+ if /usr/sbin/pw usershow "${USER}" 2>/dev/null; then
echo "You already have a user \"${USER}\", so I will use it."
else
if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
@@ -67,4 +67,34 @@
fi
fi
+ USER=dovecot-auth
+ GROUP=dovecot-auth
+
+ if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
+ echo "You already have a group \"${GROUP}\", so I will use it."
+ else
+ if /usr/sbin/pw groupadd ${GROUP} -h -
+ then
+ echo "Added group \"${GROUP}\"."
+ else
+ echo "Adding group \"${GROUP}\" failed..."
+ echo "Please create it, and try again."
+ exit 1
+ fi
+ fi
+
+ if /usr/sbin/pw usershow "${USER}" 2>/dev/null; then
+ echo "You already have a user \"${USER}\", so I will use it."
+ else
+ if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
+ -s /sbin/nologin \
+ -c "Dovecot Auth"
+ then
+ echo "Added user \"${USER}\"."
+ else
+ echo "Adding user \"${USER}\" failed..."
+ echo "Please create it, and try again."
+ exit 1
+ fi
+ fi
fi
Index: files/README.FreeBSD
===================================================================
RCS file: /vol/cvs/freebsd/ports/mail/dovecot/files/README.FreeBSD,v
retrieving revision 1.1
diff -u -r1.1 README.FreeBSD
--- files/README.FreeBSD 3 May 2003 21:50:26 -0000 1.1
+++ files/README.FreeBSD 28 Jun 2003 13:46:48 -0000
@@ -4,13 +4,38 @@
# $FreeBSD: ports/mail/dovecot/files/README.FreeBSD,v 1.1 2003/05/03 21:50:26 nork Exp $
#
- o Dovecot currently will not allow users with a user or group id of 0
- to login. Because of this you will not be able to open root's
- mailbox, or any of the mailboxes of users in the wheel group. This is
- intended as a security feature, and isn't an issue on Linux because
- the concept of wheel is not enforced by GNU su.
+-> 2003/06/28 (NEW)
- + 2003/04/15
+ o The authentication mechanism is different on FreeBSD 4 and 5.
+ For the default configuration set the following variables in
+ your dovecot.conf according to your version of FreeBSD.
+
+ + FreeBSD 4 (DEFAULT)
+
+ auth_passdb = passwd
+ auth_user = dovecot-auth
+
+ + FreeBSD 5
+
+ auth_passdb = pam *
+ auth_user = root
+
+-> 2003/04/15
+
+ o Dovecot will not allow users with a user or group id of 0 to
+ login. Because of this you will not be able to open root's
+ mailbox, or any of the mailboxes of users in the wheel group.
+
+ + 2003/06/28 (NEW)
+ Dovecot now has four configuration variables which allow you to
+ set the high and low boundaries for acceptable user and group ids.
+ You still can not login to root's mailbox with Dovecot however.
+ The default configuration which comes with the port is now
+ configured to accept connections from users in the wheel group,
+ my patch which added the allow_zero_gid variable below has been
+ removed. Update your configurations to match.
+
+ + 2003/04/15 (DEPRECIATED)
It is now possible to change this behavior to allow wheel users to
check their mailboxes with Dovecot. Add the following line to your
dovecot.conf:
@@ -48,11 +73,14 @@
The variables you will want to set in dovecot.conf to allow a SSL
secured POP3 and IMAP service are:
- + protocols = imap imaps pop3 pop3s
- + ssl_disable = no
+ protocols = imap imaps pop3 pop3s
+ ssl_disable = no
You may wish to also change the following variables to reflect the
location of SSL certificates on your system.
- + ssl_cert_file = /var/dovecot/ssl/certs/imapd.pem
- + ssl_key_file = /var/dovecot/ssl/private/imapd.pem
+ ssl_cert_file = /var/dovecot/ssl/certs/imapd.pem
+ ssl_key_file = /var/dovecot/ssl/private/imapd.pem
+
+Thanks,
+Dominic Marks <dominic.marks@btinternet.com>
Index: files/patch-dovecot-example.conf
===================================================================
RCS file: /vol/cvs/freebsd/ports/mail/dovecot/files/patch-dovecot-example.conf,v
retrieving revision 1.5
diff -u -r1.5 patch-dovecot-example.conf
--- files/patch-dovecot-example.conf 27 Jun 2003 04:32:51 -0000 1.5
+++ files/patch-dovecot-example.conf 28 Jun 2003 13:46:11 -0000
@@ -1,5 +1,5 @@
--- dovecot-example.conf.orig Thu Jun 26 17:11:06 2003
-+++ dovecot-example.conf Thu Jun 26 22:36:08 2003
++++ dovecot-example.conf Sat Jun 28 14:45:41 2003
@@ -7,11 +7,11 @@
# --with-ssldir=/etc/ssl
@@ -71,7 +71,7 @@
# Number of login processes to create. If login_process_per_user is
# yes, this is the number of extra processes waiting for users to log in.
-#login_processes_count = 3
-+login_processes_count = 1
++#login_processes_count = 1
# Maximum number of extra login processes to create. The extra process count
# usually stays at login_processes_count, but when multiple users start logging
@@ -213,7 +213,7 @@
# password databases, nothing else. Only shadow and pam authentication
# requires roots, so use something else if possible.
-auth_user = root
-+auth_user = dovecot
++auth_user = dovecot-auth
# Directory where to chroot the process. Most authentication backends don't
# work if this is set, and there's no point chrooting if auth_user is root.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306281408.h5SE82wS007986>