Commit 66f71229 authored by Paul Cammish's avatar Paul Cammish
Browse files

Merge branch 'kelduum-bullseye-testing-patch-09414' into 'bullseye-testing'

Fixes for Debian Bullseye Release

See merge request !236
parents a1282608 28740047
CHANGELOG
---------
2021-08-18
sympl-core:
* Check htdocs/stats for AWFFull rather than Webalizer
sympl-web
* Update Webalizer references to AWFFull
* Disable default AWFFull cron
sympl-mail
* Further fixes for Exim 4.94 in Debian Bullseye
2021-08-13
sympl-mail:
* use systemd socket activation for sympl-mail-poppassd
2021-04-09
sympl-core
* Update sympl.host to sympl.io
......
sympl-core (11.20210818.0) stable; urgency=medium
* Check htdocs/stats for AWFFull rather than Webalizer
-- Paul Cammish <sympl@kelduum.net> Wed, 18 Aug 2021 12:15:00 +0100
sympl-core (11.20210409.0) stable; urgency=medium
* Updated sympl.host to sympl.io
......
......@@ -86,12 +86,12 @@ function secure_domain_dir()
fi
# Lock down the public/htdocs/stats directory, if it exists and contains webalizer html
# Lock down the public/htdocs/stats directory, if it exists and contains awffull html
# By default this is left unprotected, and includes IP addresses which are classified
# under GDPR as personally identifiable
if [ ! -f "${domain}/public/htdocs/stats/.htaccess" ] && [ -f "${domain}/public/htdocs/stats/index.html" ]; then
if [ $( grep -c 'webalizer' "${domain}/public/htdocs/stats/index.html" ) != 0 ]; then
if [ $( grep -c 'awffull' "${domain}/public/htdocs/stats/index.html" ) != 0 ]; then
echo "# Prevent unauthorized access to stats and enforce HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
......
sympl-mail (11.20210818.0) stable; urgency=medium
* Further fixes for Exim 4.94 in Debian Bullseye
-- Paul Cammish <sympl@kelduum.net> Wed, 18 Aug 2021 12:15:00 +0100
sympl-mail (11.20210813.1) stable; urgency=medium
* ensure sympl-mail-poppassd socket always starts before service
......
......@@ -23,7 +23,7 @@
# starts with 'tag', then the message will be accepted and tagged, else
# we reject the mail.
set acl_m0 = ${if match{${extract{smode}{${stat:VHOST_DIR/${domain_data}/VHOST_CONFIG_DIR/antispam}}}}{\Nr\N}{\
${if match{${readfile{VHOST_DIR/${domain_data}/VHOST_CONFIG_DIR/antispam}}}{^tag}{tag}{reject}}\
set acl_m0 = ${if match{${extract{smode}{${stat:VHOST_DIR/${lookup{$domain} dsearch{VHOST_DIR/}}/VHOST_CONFIG_DIR/antispam}}}}{\Nr\N}{\
${if match{${readfile{VHOST_DIR/${lookup{$domain} dsearch{VHOST_DIR/}}/VHOST_CONFIG_DIR/antispam}}}{^tag}{tag}{reject}}\
}{reject}}
# Test to see if a domain needs virus scanning,
# Test to see if a domain needs virus scanning,
warn domains = +vhost_domains
condition = ${if and{\
{exists{VHOST_DIR/${domain_data}/VHOST_CONFIG_DIR/antivirus}} \
{!eq{$acl_m2}{tag}} \
}}
set acl_m2 = ${if match{${extract{smode}{${stat:VHOST_DIR/${domain_data}/VHOST_CONFIG_DIR/antivirus}}}}{\Nr\N}{\
${if match{${readfile{VHOST_DIR/${domain_data}/VHOST_CONFIG_DIR/antivirus}}}{^tag}{tag}{reject}}\
set acl_m2 = ${if match{${extract{smode}{${stat:VHOST_DIR/${lookup{$domain} dsearch{VHOST_DIR/}}/VHOST_CONFIG_DIR/antivirus}}}}{\Nr\N}{\
${if match{${readfile{VHOST_DIR/${lookup{$domain} dsearch{VHOST_DIR/}}/VHOST_CONFIG_DIR/antivirus}}}{^tag}{tag}{reject}}\
}{reject}}
......@@ -10,7 +10,7 @@ remote_smtp:
#
interface = <, ${extract {1}{:}\
{${filter\
{VHOST_DIR/$sender_address_domain/VHOST_CONFIG_DIR/ip:VHOST_DIR/$sender_address_domain/VHOST_CONFIG_DIR/ips:/etc/sympl/config/ip:/etc/sympl/config/ips}\
{VHOST_DIR/${lookup{$sender_address_domain} dsearch{VHOST_DIR/}}/VHOST_CONFIG_DIR/ip:VHOST_DIR/${lookup{$sender_address_domain} dsearch{VHOST_DIR/}}/VHOST_CONFIG_DIR/ips:/etc/sympl/config/ip:/etc/sympl/config/ips}\
{exists{$item}}\
}}\
{${if !eq{$value}{}{\
......
......@@ -6,7 +6,7 @@
DKIM_SELECTOR_REGEX = (?i)\N\b(([_a-z0-9-]+)(\.[_a-z0-9-]+)*)\b\N
remote_smtp_with_dkim:
debug_print = "T: remote_smtp_with_dkim for $local_part@$domain ($sender_address_domain key)"
debug_print = "T: remote_smtp_with_dkim for $local_part@$domain (${lookup{$sender_address_domain} dsearch{VHOST_DIR/}} key)"
driver = smtp
group = ${extract{gid}{${stat:VHOST_DIR/$sender_address_domain/VHOST_CONFIG_DIR}}}
......@@ -14,13 +14,13 @@ remote_smtp_with_dkim:
#
# Sign using the $sender_address_domain
#
dkim_domain = $sender_address_domain
dkim_domain = ${lookup{$sender_address_domain} dsearch{VHOST_DIR/}}
#
# This reads the dkim selector file in, replaces new lines with colons, and
# picks the first. If it is empty, use the $primary_hostname.
#
dkim_selector = ${if match{ ${readfile{VHOST_DIR/${sender_address_domain}/VHOST_CONFIG_DIR/dkim}} }\
dkim_selector = ${if match{ ${readfile{VHOST_DIR/${lookup{$sender_address_domain} dsearch{VHOST_DIR/}}/VHOST_CONFIG_DIR/dkim}} }\
{DKIM_SELECTOR_REGEX}\
{$1}\
{${if match{$primary_hostname}\
......@@ -30,7 +30,7 @@ remote_smtp_with_dkim:
}}\
}
dkim_private_key = ${readfile{VHOST_DIR/${sender_address_domain}/VHOST_CONFIG_DIR/dkim.key}}
dkim_private_key = ${readfile{VHOST_DIR/${lookup{$sender_address_domain} dsearch{VHOST_DIR/}}/VHOST_CONFIG_DIR/dkim.key}}
#
# If dkim_strict is set to true, exim will defer sending the message if
......@@ -57,7 +57,7 @@ remote_smtp_with_dkim:
#
interface = <, ${extract {1}{:}\
{${filter\
{VHOST_DIR/$sender_address_domain/config/ip:VHOST_DIR/$sender_address_domain/config/ips:/etc/sympl/config/ip:/etc/sympl/config/ips}\
{VHOST_DIR/${lookup{$sender_address_domain} dsearch{VHOST_DIR/}}/config/ip:VHOST_DIR/${lookup{$sender_address_domain} dsearch{VHOST_DIR/}}/config/ips:/etc/sympl/config/ip:/etc/sympl/config/ips}\
{exists{$item}}\
}}\
{${if !eq{$value}{}{\
......
sympl-web (11.20210818.0) stable; urgency=medium
* Update Webalizer references to AWFFull
* Disable default AWFFull cron
-- Paul Cammish <sympl@kelduum.net> Wed, 18 Aug 2021 12:15:00 +0100
sympl-web (11.20210215.0) stable; urgency=medium
* Updated version numbering format
......
......@@ -82,4 +82,11 @@ for i in apache2; do
fi
done
#
# Disable superflous awffull cron job as Sympl runs it itself
#
if [ -f /etc/cron.daily/awffull ]; then
find /etc/cron.daily -type f -name awffull -perm /111 -exec chmod -x {} \;
fi
exit 0
......@@ -12,10 +12,10 @@
#
# OPTIONS
#
# -t, --template <file> Set the webalizer config template file. Defaults to
# -t, --template <file> Set the awffull config template file. Defaults to
# /etc/sympl/apache.d/webalizer.conf.erb.
#
# -f, --force Force regeneration of the webalizer configuration
# -f, --force Force regeneration of the awffull configuration
# snippet for all domains.
#
# -p, --prefix <directory> Prefix directory, defaults to /srv.
......@@ -33,9 +33,10 @@
#
# The script is assumed to be invoked once per day, via /etc/cron.daily/.
#
# AUTHOR
# AUTHORS
#
# Steve Kemp <steve@bytemark.co.uk>
# Paul Cammish <sympl@kelduum.net>
#
......@@ -223,7 +224,7 @@ Symbiosis::Domains.each(prefix) do |domain|
# ssl_access.log for HTTPS accesses.
#
#
# Firstly check when webalizer was last run.
# Firstly check when awffull was last run.
#
last_run = nil
......@@ -261,7 +262,7 @@ Symbiosis::Domains.each(prefix) do |domain|
end
#
# Now stat() it -- webalizer updates this file with each run.
# Now stat() it -- awffull updates this file with each run.
#
if File.exist?(history_file)
last_run = File.stat(history_file).mtime
......@@ -318,12 +319,12 @@ Symbiosis::Domains.each(prefix) do |domain|
# Now process each logfile.
#
process.each do |stinking_log_file|
puts "\tRunning webalizer against #{stinking_log_file}" if $VERBOSELOCAL
puts "\tRunning awffull against #{stinking_log_file}" if $VERBOSELOCAL
#
# Now run it under sudo, as the user ID of the domain.
#
quiet = ($VERBOSELOCAL ? "-d" : "-Q")
system( "cd #{domain.config_dir} && sudo -u '\##{domain.uid}' -- webalizer -c #{webalizer_conf} #{quiet} #{stinking_log_file}" )
system( "cd #{domain.config_dir} && sudo -u '\##{domain.uid}' -- awffull -c #{webalizer_conf} #{quiet} #{stinking_log_file}" )
end
end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment