Filter-Regeln (sieve) - ingo
Als letzte Applikation installieren wir uns noch die Anwendung Ingo. Mit Hilfe dieser Anwendung können wir die am IMAP-Server hinterlegten Sieve-Regeln anlegen, bearbeiten und auch löschen. Informationen zu Installation und Konfiguration findet amn auch auf der offiziellen Doku-Seite.
Installation
Wie auch schon bei der Grund-Installation des Horde-Frameworks, werden wir hier auf PHP Extension and Application Repository oder kurz PEAR zurück.
Das Programmpaket holen wir und nun erst einmal auf unseren Web-Server.
# pear install -a -B horde/ingo
Starting to download ingo-3.0.2.tgz (1,488,898 bytes) ......................................................................done: 1,488,898 bytes install ok: channel://pear.horde.org/ingo-3.0.2
vorbereitende Konfiguration
Die Konfiguration des Moduls Ingo erfolgt, wie auch bereits bei der Grundkonfiguration des Horde-Frameworks, über die GUI des Horde-Framworks. Bevor wir uns daran machen können, benötigen wir noch eine entsprechende (leere) Backupdatei für die mitgelieferte Vorgabekonfigurationsdatei. Ferner müssen wir dafür sorgen, dass unser Apache-Webserver die Änderungen im Konfigurationsverzeichnis ablegen kann. Zunächst kopieren wir uns die Vorlagedateien, die bei der Hordeinstallation mit kamen.
# cp -a /var/www/horde/ingo/config/hooks.php.dist /var/www/horde/ingo/config/hooks.php
# cp -a /var/www/horde/ingo/config/backends.php /var/www/horde/ingo/config/backends.local.php
Anschließend legen wir noch die besagte Backup-Datei für die Konfiguration an.
# touch /var/www/horde/ingo/config/conf.php.bak
Zum Schluß weisen wir noch die Datei und Besitzrechte für die Konfigurationsdatei- und dessen Verzeichnis zu.
# chown -R root:apache /var/www/horde/ingo/config
# chmod g+w -R /var/www/horde/ingo/config
Konfiguration des Backend-/IMAP-Server
Neben der Konfiguration der Anwendung selbst, müssen wir der Anwendung Ingo auch noch mitteilen, wie es sich zum MDA1) also unserem IMAP-Server verbinden soll.
Die mitgelieferte Konfigurationsdatei backends.php lassen wir unangetastet. Die Konfiguration nehmen wir über die zuvor kopierte Datei backends.local.php vor.
Als erstes deaktivieren wir den ersten Standardeintrag und ergänzen dann den Eintrag für die Anbindung an unseren Dovecot-IMAP-Server.
# vim /var/www/horde/ingo/config/backends.local.php
- /var/www/horde/ingo/config/backends.local.php
<?php /** * Ingo works purely on a preferred mechanism for server selection. There are * a number of properties that you can set for each backend: * * IMPORTANT: DO NOT EDIT THIS FILE! * Local overrides MUST be placed in backends.local.php or backends.d/. * If the 'vhosts' setting has been enabled in Horde's configuration, you can * use backends-servername.php. * * Example configuration file that enables the Sieve backend in favor of the * IMAP backend: * * <code> * <?php * $backends['imap']['disabled'] = true; * $backends['sieve']['disabled'] = false; * </code> * * disabled: (boolean) If true, the config entry is disabled. * * params: (array) An array containing any additional information that the * transport class needs. See examples below for further details. * * preferred: (string) This is the field that is used to choose which server * is used. The value for this field may be a single string or an * array of strings containing the hostnames to use with this * server. * * script: (string) The type of script driver this server uses. Options: * - imap: IMAP client side filtering (POP3 servers NOT supported). * - maildrop: Maildrop scripts. * - procmail: Procmail scripts. * - sieve: Sieve scripts. * * scriptparams: (array) An array containing any additional information that * the script driver needs. See below for further details. * * shares: (boolean) Some drivers support sharing filter rules with other * users. Users can then configure filters for each other if they * give them permissions to do so. If you want to enable this feature, * you need to set this parameter to true. * * transport: (string) The transport driver to use to store the script on the * backend server. Valid options: * - ldap: LDAP server. * - null: No backend server (i.e. for script drivers, such as 'imap', that * does not use scripts). * - timsieved: Timsieved (managesieve) server. * - vfs: Use Horde VFS. * * NOTE: By default, the transport driver will use Horde credentials to * authenticate to the backend. If a different username/password is * needed, use the 'transport_auth' hook (see hooks.php) to define * these values. */ /* IMAP Example */ $backends['imap'] = array( // ENABLED by default // Django : 2013-02-04 // default: 'disabled' => false, 'disabled' => true, 'transport' => 'null', 'params' => array(), 'script' => 'imap', 'scriptparams' => array(), 'shares' => false ); /* Maildrop Example */ $backends['maildrop'] = array( // Disabled by default 'disabled' => true, 'transport' => 'vfs', 'params' => array( // Hostname of the VFS server 'hostspec' => 'localhost', // Name of the maildrop config file to write 'filename' => '.mailfilter', // The path to the .mailfilter filter file, defaults to the filters' // owner's home directory. // You can use the following variables: // %u = name of the filters' owner // %d = domain name of the filters' owner // %U = the transport 'username' // Example: // '/data/maildrop/filters/%d/%u' // This would be translated into: // '/data/maildrop/filters/<filter_owners_domainname>/<filter_owners_username>/.mailfilter' // 'vfs_path' => '/path/to/maildrop', // VFS: FTP example // The VFS driver to use 'vfstype' => 'ftp', // Port of the VFS server 'port' => 21, // Specify permissions for uploaded files if necessary: // 'file_perms' => '0640', // VFS: SSH2 example // The VFS driver to use // 'vfstype' => 'ssh2', // Port of the VFS server // 'port' => 22, ), 'script' => 'maildrop', 'scriptparams' => array( // Any arguments passed to the mailbot command. The -N flag (to not // include the original, quoted message content has been added with // Maildrop 2.5.1/Courier 0.65.1. 'mailbotargs' => '-N', // What path style does the IMAP server use ['mbox'|'maildir']? 'path_style' => 'mbox', // Strip 'INBOX.' from the beginning of folder names in generated // scripts? 'strip_inbox' => false, // An array of variables to append to every generated script. // Use if you need to set up specific environment variables. 'variables' => array( // Example for the $PATH variable // 'PATH' => '/usr/bin' ) ), 'shares' => false ); /* Procmail Example */ $backends['procmail'] = array( // Disabled by default 'disabled' => true, 'transport' => 'vfs', 'params' => array( // Hostname of the VFS server 'hostspec' => 'localhost', // Name of the procmail config file to write 'filename' => '.procmailrc', // The path to the .procmailrc filter file, defaults to the filters' // owner's home directory. // You can use the following variables: // %u = name of the filters' owner // %U = the 'username' from above // Example: // '/data/procmail/filters/%u' // This would be translated into: // '/data/procmail/filters/<filter_owners_username>/.procmailrc' // 'vfs_path' => '/path/to/procmail', // If procmail needs an external command for mail delivery, you // can specify it below. You can also set a prefix for the mailbox name // eg. for /usr/local/sbin/dmail +INBOX // 'delivery_agent' => '/usr/local/sbin/dmail', // 'delivery_mailbox_prefix' => '+', // if the GNU utilities cannot be found in the path // or have different names, you can specify their location below // 'date' => '/opt/csw/bin/gdate', // 'echo' => '/opt/csw/bin/gecho', // 'ls' => '/opt/csw/bin/gls', // VFS: FTP example // The VFS driver to use 'vfstype' => 'ftp', // Port of the VFS server 'port' => 21, // VFS: SSH2 example // The VFS driver to use // 'vfstype' => 'ssh2', // Port of the VFS server // 'port' => 22, ), 'script' => 'procmail', 'scriptparams' => array( // What path style does the IMAP server use ['mbox'|'maildir']? 'path_style' => 'mbox', // An array of variables to append to every generated script. // Use if you need to set up specific environment variables. 'variables' => array( // The $DEFAULT variable. If using Maildir, Ingo will use this // value as the default unless you explicitly configure otherwise. // 'DEFAULT' => '$HOME/Maildir/', // The $DEFAULT variable. If using Maildir, Ingo will use this // value as the default unless you explicitly configure otherwise. // 'MAILDIR' => '$HOME/Maildir', // Example for the $PATH variable // 'PATH' => '/usr/bin', // Example for the $VACATION_DIR variable (used to store vacation files) // 'VACATION_DIR' => '$HOME', ), // If you need procmail to be called from .forward in the user's home // directory, set the file and the content below: // 'forward_file' => '.forward', // 'forward_string' => '"|/usr/local/bin/procmail"', ), 'shares' => false ); /* Sieve Example */ * Django : 2013-02-04 * Konfigurationsbeispiel für die Anbindung an unseren Dovecot-IMAP-Server */ $backends['sieve'] = array( // Disabled by default 'disabled' => false, 'transport' => 'timsieved', 'params' => array( // Hostname of the timsieved server 'hostspec' => 'imap.dmz.nausch.org', // Login type of the server 'logintype' => 'LOGIN', // Enable/disable TLS encryption 'usetls' => true, // Port number of the timsieved server 'port' => 4190, // Name of the sieve script 'scriptname' => 'ingo', // Enable debugging. With Net_Sieve 1.2.0 or later, the sieve protocol // communication is logged with the DEBUG level. Earlier versions // print the log to the screen. 'debug' => true, ), 'script' => 'sieve', 'scriptparams' => array( // If using Dovecot or any other Sieve implementation that requires // folder names to be UTF-8 encoded, set this parameter to true. 'utf8' => true, ), 'shares' => false ); /* sivtest Example */ $backends['sivtest'] = array( // Disabled by default 'disabled' => true, 'transport' => 'sivtest', 'params' => array( // Hostname of the timsieved server 'hostspec' => 'localhost', // Login type of the server 'logintype' => 'GSSAPI', // Enable/disable TLS encryption 'usetls' => true, // Port number of the timsieved server 'port' => 4190, // Name of the sieve script 'scriptname' => 'ingo', // Location of sivtest 'command' => '/usr/bin/sivtest', // name of the socket we're using 'socket' => Horde::getTempDir() . '/sivtest.' . uniqid(mt_rand()) . '.sock', ), 'script' => 'sieve', 'scriptparams' => array(), 'shares' => false, ); /* Sun ONE/JES Example (LDAP/Sieve) */ $backends['ldapsieve'] = array( // Disabled by default 'disabled' => true, 'transport' => 'ldap', 'params' => array( // Hostname of the ldap server 'hostspec' => 'localhost', // Port number of the timsieved server 'port' => 389, // LDAP Protocol Version (default = 2). 3 is required for TLS. 'version' => 3, // Whether or not to use TLS. If using TLS, you MUST configure // OpenLDAP (either /etc/ldap.conf or /etc/ldap/ldap.conf) with the CA // certificate which signed the certificate of the server to which you // are connecting. e.g.: // // TLS_CACERT /usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt // // You MAY have problems if you are using TLS and your server is // configured to make random referrals, since some OpenLDAP libraries // appear to check the certificate against the original domain name, // and not the referred-to domain. This can be worked around by // putting the following directive in the ldap.conf: // // TLS_REQCERT never 'tls' => true, // Bind DN (for bind and script distinguished names, %u is replaced // with username, and %d is replaced with the internet domain // components (e.g. "dc=example, dc=com") if available). 'bind_dn' => 'cn=ingo, ou=applications, dc=example, dc=com', // Bind password. If not provided, user's password is used (useful // when bind_dn contains %u). 'bind_password' => 'secret', // How to find user object. 'script_base' => 'ou=People, dc=example, dc=com', 'script_filter' => '(uid=%u)', // Attribute script is stored in. Will not touch non-Ingo scripts. 'script_attribute' => 'mailSieveRuleSource' ), 'script' => 'sieve', 'scriptparams' => array() );
Da die Authentifizierung mit Username = eMail-Adresse und Passwort gegen die mySQL-Datenbank erfolgt, müssen wir dien Umstand noch über die Datei hooks.php unserer Installation mitgeben.
# vim /var/www/horde/ingo/config/hooks.php
- /var/www/horde/ingo/config/hooks.php
<?php /** * Ingo Hooks configuration file. * * THE HOOKS PROVIDED IN THIS FILE ARE EXAMPLES ONLY. DO NOT ENABLE THEM * BLINDLY IF YOU DO NOT KNOW WHAT YOU ARE DOING. YOU HAVE TO CUSTOMIZE THEM * TO MATCH YOUR SPECIFIC NEEDS AND SYSTEM ENVIRONMENT. * * For more information please see the horde/config/hooks.php.dist file. * * $Id: 1a8dc8d3f15f0e2d28118cd031b88294fcf72058 $ */ class Ingo_Hooks { /** * Returns the username/password needed to connect to the transport * backend. * * @param string $driver The driver name (array key from backends.php). * * @return mixed If non-array, uses Horde authentication credentials (DEFAULT). Otherwise, an array with the following keys * (non-existent keys will use default values): * - euser: (string; SIEVE ONLY) For the sieve driver, the effective * user to use. * - password: (string) Password. * - username: (string) User name. */ public function transport_auth($driver) { switch ($driver) { case 'timsieved': // // Example #1: Use full Horde username for password. // return array( // 'username' => $GLOBALS['registry']->getAuth(null); // ); // // // Example #2: Use IMP password/username. // Django : 2013-02-04 // Eintrag aktiviert für die Authentifizierung mit username und password // gegen unseren mySQL-Datenbankserver $ob = $GLOBALS['registry']->call('mail/imapOb'); return array( 'password' => $ob->getParam('password'), 'username' => $ob->getParam('username') ); } // // // DEFAULT: Use hordeauth (identical to not defining hook at all). // return true; } /** * Set the default addresses used for the vacation module. * * @param string $user The username. * * @return array A list of vacation addresses. */ // public function vacation_addresses($user = null) // { // // Example #1: User has 2 vacation addresses. // return array($user . '@example.com', $user . '@foobar.com'); // } }
Konfiguration über die WEB-GUI
Die Konfiguration der Applikation IMP erfolgt dann über die GUI des Web-Frameworks. Dazu rufen wir unseren angelegten VHOST im Webbrowser auf.
$ firefox https://buero.nausch.org
Mit einem Klick auf das Zahnradsysmbol erreichen wir den Menüpunkt Administration.
Hier wählen wir den Menüpunkt Configuration aus.
Da wir die Anwendung Ingo noch nicht konfiguriert haben und auch die nötigen mySQL-Datenbanktabellen angelegt haben, sind die beiden Fehlermeldungen normal.
Als erstes legen wir die notwendigen Datenbanktabellen an. Hierzu klicken wir auf den Punkt DB schema is out of date. Die Aktion wird uns entsprechend positiv quittiert.
Um zur Konfiguration von IMP zu gelangen, klicken wir nun auf den Punkt Filter (ingo).
Auf den nun zur Verfügung stehenden Reitern, erfolgt die Konfiguration der Horde-Applikation Ingo.
Rules Storage
$conf[storage][driver] SQL
$conf[storage][params][driverconfig] Horde defaults
$conf[storage][maxblacklist] 0
$conf[storage][maxwhitelist] 0
Rules Options
$conf[rules][userheader] [✔]
Spam Filtering
$conf[spam][compare] string $conf[spam][header] X-Spam-Level $conf[spam][char] *
Am Ende unserer Konfigurationsarbeit, sichern wir die Konfiguration mit einem Klick auf die Schaltfläche: Die erfolgreiche Sicherung wird uns entsprechend angezeigt.