diff --git a/.env b/.env
new file mode 100644
index 0000000000000000000000000000000000000000..b4403fcb94ae30524373c78128b7b5cedc1bf2f8
--- /dev/null
+++ b/.env
@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=nextcloud
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..23796b52625068807a771bcd515d96cc3905ef3e
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,46 @@
+---
+image: adarnimrod/ci-images:docker
+
+stages:
+ - test
+ - build
+ - run
+
+pre-commit:
+ stage: test
+ image: adarnimrod/ci-images:pre-commit
+ variables:
+ XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
+ # Disabled until https://github.com/pre-commit/pre-commit/issues/1387 is
+ # resolved.
+ SKIP: "hadolint,docker-compose"
+ script:
+ - pre-commit run --all-files
+ cache:
+ paths:
+ - .cache/
+
+build:
+ stage: build
+ tags: ["host01.shore.co.il"]
+ variables:
+ COMPOSE_DOCKER_CLI_BUILD: "1"
+ DOCKER_BUILDKIT: "1"
+ script:
+ - docker-compose build --no-cache --pull
+ - docker-compose pull --quiet
+
+run:
+ stage: run
+ tags: ["host01.shore.co.il"]
+ when: manual
+ script:
+ - docker-compose up --detach --remove-orphans
+ # yamllint disable rule:line-length
+ - |
+ for i in $(seq 12)
+ do
+ docker container inspect --format '{{ .State.Health.Status }}' $(docker-compose ps -q) | grep -v '^healthy$' || break
+ sleep 10
+ done
+ ! docker container inspect --format '{{ .State.Health.Status }}' $(docker-compose ps -q) | grep -v '^healthy$'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7e1749c21f327a3687ecfbf2cd47411dbf494f39
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,34 @@
+# vim:ff=unix ts=2 sw=2 ai expandtab
+---
+repos:
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v2.3.0
+ hooks:
+ - id: check-added-large-files
+ - id: check-merge-conflict
+ - id: detect-private-key
+ - id: trailing-whitespace
+ - repo: https://github.com/adrienverge/yamllint
+ rev: v1.17.0
+ hooks:
+ - id: yamllint
+ - repo: https://github.com/amperser/proselint/
+ rev: 0.10.2
+ hooks:
+ - id: proselint
+ types: [plain-text]
+ exclude: LICENSE
+ - repo: https://github.com/Yelp/detect-secrets
+ rev: v0.13.0
+ hooks:
+ - id: detect-secrets
+ - repo: https://git.shore.co.il/nimrod/docker-pre-commit.git/
+ rev: v0.3.0
+ hooks:
+ - id: docker-compose
+ - id: hadolint
+ - repo: https://git.shore.co.il/nimrod/shell-pre-commit.git/
+ rev: v0.6.0
+ hooks:
+ - id: shell-lint
+ - id: shellcheck
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000000000000000000000000000000000000..37cee3fd12e0bd031862606e91eff18af10f37c4
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Adar Nimrod
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..bb0c68f938127db0238df41507d518596e55985f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,19 @@
+# Nextcloud Docker setup
+
+> A containerized Nextcloud setup.
+
+## Requirements
+
+- Docker
+- Docker Compose
+
+## License
+
+This software is licensed under the MIT license (see `LICENSE.txt`).
+
+## Author Information
+
+Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my [website](
+https://www.shore.co.il/). Patches are welcome via [`git send-email`](
+http://git-scm.com/book/en/v2/Git-Commands-Email). The repository is located
+at: <https://www.shore.co.il/git/>.
diff --git a/crond/.dockerignore b/crond/.dockerignore
new file mode 100644
index 0000000000000000000000000000000000000000..780ece0ba38bebbc9981d893ff31ffc6cb6815e2
--- /dev/null
+++ b/crond/.dockerignore
@@ -0,0 +1,2 @@
+*
+!crontab
diff --git a/crond/Dockerfile b/crond/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..994fbce7b5c680497c7a0744376b361f2404b2a6
--- /dev/null
+++ b/crond/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker:19.03 as docker
+
+# hadolint ignore=DL3006
+FROM adarnimrod/cron as supersonic
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/
+COPY --chown=root:root crontab /crontab
+# hadolint ignore=DL3002
+USER root
diff --git a/crond/README.md b/crond/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..69e848979b1475253d942789922a67de06979fa6
--- /dev/null
+++ b/crond/README.md
@@ -0,0 +1,18 @@
+# crond
+
+> Cron container image.
+
+## Description
+
+This image runs the background jobs for Nextcloud.
+
+## License
+
+This software is licensed under the MIT license (see `LICENSE.txt`).
+
+## Author Information
+
+Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my [website](
+https://www.shore.co.il/). Patches are welcome via [`git send-email`](
+http://git-scm.com/book/en/v2/Git-Commands-Email). The repository is located
+at: <https://www.shore.co.il/git/>.
diff --git a/crond/crontab b/crond/crontab
new file mode 100644
index 0000000000000000000000000000000000000000..892117b54597d2943f8292f8af48543f2516516c
--- /dev/null
+++ b/crond/crontab
@@ -0,0 +1 @@
+*/5 * * * * docker exec -u www-data nextcloud_nextcloud_1 php /var/www/html/cron.php
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c423eb727f08a53787d1c642874a8ec792a8a769
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,107 @@
+---
+version: '3.5'
+services:
+ nextcloud:
+ depends_on:
+ - mysql
+ - redis
+ - crond
+ environment:
+ MAIL_FROM_ADDRESS: noreply@shore.co.il
+ MAIL_DOMAIN: shore.co.il
+ MYSQL_DATABASE: &mysql_database nextcloud
+ MYSQL_HOST: mysql
+ # yamllint disable-line rule:line-length
+ MYSQL_PASSWORD: &mysql_password ${MYSQL_PASSWORD:-foo} # pragma: allowlist secret
+ MYSQL_USER: &mysql_user nextcloud
+ NEXTCLOUD_ADMIN_USER: admin
+ NEXTCLOUD_ADMIN_PASSWORD: "${NEXTCLOUD_ADMIN_PASSWORD:-baz}"
+ NEXTCLOUD_TRUSTED_DOMAINS: '*.shore.co.il shore.co.il'
+ TRUSTED_PROXIES: '172.16.0.0/12 192.168.0.0/16'
+ OVERWRITEHOST: nextcloud.shore.co.il
+ OVERWRITEPROTOCOL: https
+ REDIS_HOST: redis
+ # yamllint disable-line rule:line-length
+ REDIS_HOST_PASSWORD: &redis_password "${REDIS_PASSWORD:-foo}" # pragma: allowlist secret
+ SMTP_HOST: smtp
+ healthcheck:
+ start_period: 2m
+ test:
+ - CMD-SHELL
+ - >-
+ curl
+ --fail
+ --user "$$NEXTCLOUD_ADMIN_USER:$$NEXTCLOUD_ADMIN_PASSWORD"
+ http://localhost/ocs/v2.php/apps/serverinfo/api/v1/info
+ || exit 1
+ image: nextcloud:20-apache
+ restart: always
+ volumes:
+ - nextcloud:/var/www/html
+ - _run_slapd:/run/slapd
+ - _run_clamav:/run/clamav
+
+ mysql:
+ command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+ environment:
+ MYSQL_DATABASE: *mysql_database
+ MYSQL_PASSWORD: *mysql_password # pragma: allowlist secret
+ # yamllint disable-line rule:line-length
+ MYSQL_ROOT_PASSWORD: &mysql_root_password ${MYSQL_ROOT_PASSWORD:-bar} # pragma: allowlist secret
+ MYSQL_USER: *mysql_user
+ healthcheck:
+ start_period: 1m
+ test:
+ - CMD-SHELL
+ - >-
+ mysql
+ --user "$$MYSQL_USER"
+ "--password=$$MYSQL_PASSWORD"
+ --execute 'SHOW DATABASES;'
+ || exit 1
+ image: mariadb:10
+ restart: always
+ volumes:
+ - mysql:/var/lib/mysql
+
+ redis:
+ command:
+ - redis-server
+ - --requirepass
+ - *redis_password
+ # - --bind=127.0.0.1
+ # - --unixsocket=/run/redis/redis.sock
+ # - --unixsocketperm=777
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - "{ echo PING | redis-cli; } || exit 1"
+ image: redis:6-alpine
+ restart: always
+
+ crond:
+ build:
+ context: crond/
+ restart: always
+ volumes:
+ - /run/docker.sock:/run/docker.sock
+
+ z-push:
+ build:
+ context: z-push
+ restart: always
+
+volumes:
+ mysql:
+ nextcloud:
+ _run_clamav:
+ external: true
+ name: run_clamav
+ _run_slapd:
+ external: true
+ name: run_slapd
+
+networks:
+ default:
+ name: shore
+ external: true
diff --git a/z-push/.dockerignore b/z-push/.dockerignore
new file mode 100644
index 0000000000000000000000000000000000000000..79e1bf2b0178d9fff5c4186b3a581645e6ee23f9
--- /dev/null
+++ b/z-push/.dockerignore
@@ -0,0 +1,3 @@
+*
+!z-push/
+!healthcheck
diff --git a/z-push/Dockerfile b/z-push/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..3e6aa4be36150df5ab3663f7cc8ccdc9c146acf7
--- /dev/null
+++ b/z-push/Dockerfile
@@ -0,0 +1,41 @@
+FROM debian:buster-slim
+# hadolint ignore=DL3008
+RUN apt-get update && \
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ apache2 \
+ ca-certificates \
+ curl \
+ libapache2-mod-php \
+ libcap2-bin \
+ php-cli \
+ wget \
+ z-push-backend-caldav \
+ z-push-backend-carddav \
+ z-push-backend-combined \
+ z-push-backend-imap \
+ && \
+ setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
+ install -d -m 750 -o root -g www-data /var/log/apache2 && \
+ install -d -m 755 -o www-data -g root /run/apache2 && \
+ a2enmod status && \
+ ln -sf /dev/stdout /var/log/apache2/access.log && \
+ ln -sf /dev/stderr /var/log/apache2/error.log && \
+ ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log && \
+ rm -rf /tmp/* /var/tmp/* /var/cache/apt/archives/* /var/lib/apt/lists/*
+RUN ln -sf /dev/stdout /var/log/z-push/autodiscover.log && \
+ ln -sf /dev/stderr /var/log/z-push/autodiscover-error.log && \
+ ln -sf /dev/stdout /var/log/z-push/z-push.log && \
+ ln -sf /dev/stderr /var/log/z-push/z-push-error.log
+RUN rm /var/log/z-push/*.log
+COPY z-push/ /etc/z-push/
+COPY --chown=root:root healthcheck /usr/local/bin/
+ENV APACHE_RUN_DIR=/run/apache2 \
+ APACHE_LOG_DIR=/var/log/apache2 \
+ APACHE_RUN_USER=www-data \
+ APACHE_RUN_GROUP=www-data \
+ APACHE_PID_FILE=/run/apache2/apache2.pid
+EXPOSE 80
+USER "www-data"
+WORKDIR /var/www
+CMD [ "apache2", "-DFOREGROUND" ]
+HEALTHCHECK CMD /usr/local/bin/healthcheck
diff --git a/z-push/README.md b/z-push/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..700a6a7456e94d701b12bf17b5d44e1c423b4730
--- /dev/null
+++ b/z-push/README.md
@@ -0,0 +1,14 @@
+# Z-Push
+
+> Dockerized Z-Push for use with NextCloud.
+
+## License
+
+This software is licensed under the MIT license (see `LICENSE.txt`).
+
+## Author Information
+
+Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my [website](
+https://www.shore.co.il/). Patches are welcome via [`git send-email`](
+http://git-scm.com/book/en/v2/Git-Commands-Email). The repository is located
+at: <https://www.shore.co.il/git/>.
diff --git a/z-push/healthcheck b/z-push/healthcheck
new file mode 100755
index 0000000000000000000000000000000000000000..b0d2607734c04ba2a9c02ae99b7ba0c915d5030b
--- /dev/null
+++ b/z-push/healthcheck
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -eu
+
+code="$(curl --user-agent "Docker Healthcheck" --output /dev/null --silent --write-out '%{http_code}' http://localhost/AutoDiscover/AutoDiscover.xml)"
+[ "$code" -eq '401' ] || exit 1
diff --git a/z-push/z-push/autodiscover.conf.php b/z-push/z-push/autodiscover.conf.php
new file mode 100644
index 0000000000000000000000000000000000000000..8fba2a7b566d19155d9f21a444d325f6669bad4e
--- /dev/null
+++ b/z-push/z-push/autodiscover.conf.php
@@ -0,0 +1,110 @@
+<?php
+/***********************************************
+* File : config.php
+* Project : Z-Push
+* Descr : Autodiscover configuration file
+*
+* Created : 30.07.2014
+*
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License, version 3,
+* as published by the Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
+* Consult LICENSE file for details
+************************************************/
+
+/**********************************************************************************
+ * Default settings
+ */
+
+ // Replace zpush.example.com with your z-push's host name and uncomment the line below.
+ // define('ZPUSH_HOST', 'zpush.example.com');
+
+ // Defines the default time zone, change e.g. to "Europe/London" if necessary
+ define('TIMEZONE', '');
+
+ // Defines the base path on the server
+ define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/');
+
+ /*
+ * Whether to use the complete email address as a login name
+ * (e.g. user@company.com) or the username only (user).
+ * Possible values:
+ * false - use the username only (default).
+ * true - use the complete email address.
+ */
+ define('USE_FULLEMAIL_FOR_LOGIN', false);
+
+ /*
+ * AutoDiscover requires the username to match either the email address
+ * or the local part of the email address.
+ * This is not always possible as the username might have a different
+ * schema than email address. Configure this parameter to match your
+ * username settings.
+ * @see https://wiki.z-hub.io/display/ZP/Configuring+Z-Push+Autodiscover#ConfiguringZ-PushAutodiscover-Configuration
+ * @see https://jira.z-hub.io/browse/ZP-1209
+ *
+ * Possible values:
+ * AUTODISCOVER_LOGIN_EMAIL - uses the email address as provided when setting up the account
+ * AUTODISCOVER_LOGIN_NO_DOT - removes the '.' from email address:
+ * email: first.last@domain.com -> resulting username: firstlast
+ * AUTODISCOVER_LOGIN_F_NO_DOT_LAST - cuts the first part before '.' after the first letter and
+ * removes the '.' from email address:
+ * email: first.last@domain.com -> resulting username: flast
+ * AUTODISCOVER_LOGIN_F_DOT_LAST - cuts the part before '.' after the first letter and
+ * leaves the part after '.' as is:
+ * email: first.last@domain.com -> resulting username: f.last
+ */
+ define('AUTODISCOVER_LOGIN_TYPE', AUTODISCOVER_LOGIN_EMAIL);
+
+/**********************************************************************************
+ * Logging settings
+ * Possible LOGLEVEL and LOGUSERLEVEL values are:
+ * LOGLEVEL_OFF - no logging
+ * LOGLEVEL_FATAL - log only critical errors
+ * LOGLEVEL_ERROR - logs events which might require corrective actions
+ * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future
+ * LOGLEVEL_INFO - usually completed actions
+ * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers
+ * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device
+ * LOGLEVEL_DEVICEID - also prints the device id for every log entry
+ * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack
+ *
+ * The verbosity increases from top to bottom. More verbose levels include less verbose
+ * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR,
+ * LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
+ */
+
+ define('LOGBACKEND', 'filelog');
+
+ define('LOGFILEDIR', '/var/log/z-push/');
+ define('LOGFILE', LOGFILEDIR . 'autodiscover.log');
+ define('LOGERRORFILE', LOGFILEDIR . 'autodiscover-error.log');
+ define('LOGLEVEL', LOGLEVEL_INFO);
+ define('LOGUSERLEVEL', LOGLEVEL);
+ $specialLogUsers = array();
+
+ // Syslog settings
+ // false will log to local syslog, otherwise put the remote syslog IP here
+ define('LOG_SYSLOG_HOST', false);
+ // Syslog port
+ define('LOG_SYSLOG_PORT', 514);
+ // Program showed in the syslog. Useful if you have more than one instance login to the same syslog
+ define('LOG_SYSLOG_PROGRAM', 'z-push-autodiscover');
+ // Syslog facility - use LOG_USER when running on Windows
+ define('LOG_SYSLOG_FACILITY', LOG_LOCAL0);
+/**********************************************************************************
+ * Backend settings
+ */
+ // the backend data provider
+ define('BACKEND_PROVIDER', '');
diff --git a/z-push/z-push/caldav.conf.php b/z-push/z-push/caldav.conf.php
new file mode 100644
index 0000000000000000000000000000000000000000..2f07e694d564a73d991d4286bc10d0e2e8ff0f45
--- /dev/null
+++ b/z-push/z-push/caldav.conf.php
@@ -0,0 +1,56 @@
+<?php
+/***********************************************
+* File : config.php
+* Project : Z-Push
+* Descr : CalDAV backend configuration file
+*
+* Created : 27.11.2012
+*
+* Copyright 2012 - 2014 Jean-Louis Dupond
+*
+* Jean-Louis Dupond released this code as AGPLv3 here: https://github.com/dupondje/PHP-Push-2/issues/93
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License, version 3,
+* as published by the Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
+* Consult LICENSE file for details
+************************************************/
+
+// ************************
+// BackendCalDAV settings
+// ************************
+
+// Server protocol: http or https
+define('CALDAV_PROTOCOL', 'http');
+
+// Server name
+define('CALDAV_SERVER', 'nextcloud');
+
+// Server port
+define('CALDAV_PORT', '80');
+
+// Path
+define('CALDAV_PATH', '/remote.php/dav/calendars/%u/');
+
+// Default CalDAV folder (calendar folder/principal). This will be marked as the default calendar in the mobile
+define('CALDAV_PERSONAL', 'PRINCIPAL');
+
+// If the CalDAV server supports the sync-collection operation
+// DAViCal, SOGo and SabreDav support it
+// SabreDav version must be at least 1.9.0, otherwise set this to false
+// Setting this to false will work with most servers, but it will be slower
+define('CALDAV_SUPPORTS_SYNC', false);
+
+
+// Maximum period to sync.
+// Some servers don't support more than 10 years so you will need to change this
+define('CALDAV_MAX_SYNC_PERIOD', 2147483647);
diff --git a/z-push/z-push/carddav.conf.php b/z-push/z-push/carddav.conf.php
new file mode 100644
index 0000000000000000000000000000000000000000..78e3484a7d85fe68ca7f75600e7c37196168b2cc
--- /dev/null
+++ b/z-push/z-push/carddav.conf.php
@@ -0,0 +1,91 @@
+<?php
+/***********************************************
+* File : config.php
+* Project : Z-Push
+* Descr : CardDAV backend configuration file
+*
+* Created : 16.03.2013
+*
+* Copyright 2013 - 2016 Francisco Miguel Biete
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License, version 3,
+* as published by the Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
+* Consult LICENSE file for details
+************************************************/
+
+// ************************
+// BackendCardDAV settings
+// ************************
+
+// Server protocol: http or https
+define('CARDDAV_PROTOCOL', 'http');
+
+// Server name
+define('CARDDAV_SERVER', 'nextcloud');
+
+// Server port
+define('CARDDAV_PORT', '80');
+
+// Server path to the addressbook, or the principal with the addressbooks
+// If your user has more than 1 addressbook point it to the principal.
+// Example: user test@domain.com will have 2 addressbooks
+// http://localhost/caldav.php/test@domain.com/addresses/personal
+// http://localhost/caldav.php/test@domain.com/addresses/work
+// You set the CARDDAV_PATH to '/caldav.php/%u/addresses/' and personal and work will be autodiscovered
+// %u: replaced with the username
+// %d: replaced with the domain
+// Add the trailing /
+define('CARDDAV_PATH', '/remote.php/dav/addressbooks/users/%u/');
+
+
+// Server path to the default addressbook
+// Mobile device will create new contacts here. It must be under CARDDAV_PATH
+// %u: replaced with the username
+// %d: replaced with the domain
+// Add the trailing /
+define('CARDDAV_DEFAULT_PATH', '/remote.php/dav/addressbooks/users/%u/contacts/');
+
+// Server path to the GAL addressbook. This addressbook is readonly and searchable by the user, but it will NOT be synced.
+// If you don't want GAL, comment it
+// %u: replaced with the username
+// %d: replaced with the domain
+// Add the trailing /
+// define('CARDDAV_GAL_PATH', '/caldav.php/%d/GAL/');
+
+// Minimal length for the search pattern to do the real search.
+// define('CARDDAV_GAL_MIN_LENGTH', 5);
+
+// Addressbook display name, the name showed in the mobile device
+// %u: replaced with the username
+// %d: replaced with the domain
+define('CARDDAV_CONTACTS_FOLDER_NAME', 'All contacts');
+
+
+// If the CardDAV server supports the sync-collection operation
+// DAViCal and SabreDav support it, but Owncloud, SOGo don't
+// SabreDav version must be at least 1.9.0, otherwise set this to false
+// Setting this to false will work with most servers, but it will be slower: 1 petition for the href of vcards, and 1 petition for each vcard
+define('CARDDAV_SUPPORTS_SYNC', false);
+
+
+// If the CardDAV server supports the FN attribute for searches
+// DAViCal supports it, but SabreDav, Owncloud and SOGo don't
+// Setting this to true will search by FN. If false will search by sn, givenName and email
+// It's safe to leave it as false
+define('CARDDAV_SUPPORTS_FN_SEARCH', false);
+
+
+// If your carddav server needs to use file extension to recover a vcard.
+// Davical needs it
+// SOGo official demo online needs it, but some SOGo installation don't need it, so test it
+define('CARDDAV_URL_VCARD_EXTENSION', '.vcf');
diff --git a/z-push/z-push/combined.conf.php b/z-push/z-push/combined.conf.php
new file mode 100644
index 0000000000000000000000000000000000000000..7f7a74f39b67a9d1f326d8f0e80843ea6c201135
--- /dev/null
+++ b/z-push/z-push/combined.conf.php
@@ -0,0 +1,84 @@
+<?php
+/***********************************************
+* File : backend/combined/config.php
+* Project : Z-Push
+* Descr : configuration file for the
+* combined backend.
+*
+* Created : 29.11.2010
+*
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License, version 3,
+* as published by the Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
+* Consult LICENSE file for details
+************************************************/
+
+class BackendCombinedConfig {
+
+ // *************************
+ // BackendCombined settings
+ // *************************
+ /**
+ * Returns the configuration of the combined backend
+ *
+ * @access public
+ * @return array
+ *
+ */
+ public static function GetBackendCombinedConfig() {
+ //use a function for it because php does not allow
+ //assigning variables to the class members (expecting T_STRING)
+ return array(
+ //the order in which the backends are loaded.
+ //login only succeeds if all backend return true on login
+ //sending mail: the mail is sent with first backend that is able to send the mail
+ 'backends' => array(
+ 'i' => array(
+ 'name' => 'BackendIMAP',
+ ),
+// 'd' => array(
+// 'name' => 'BackendCardDAV',
+// ),
+ 'c' => array(
+ 'name' => 'BackendCalDAV',
+ ),
+ ),
+ 'delimiter' => '/',
+ //force one type of folder to one backend
+ //it must match one of the above defined backends
+ 'folderbackend' => array(
+ SYNC_FOLDER_TYPE_INBOX => 'i',
+ SYNC_FOLDER_TYPE_DRAFTS => 'i',
+ SYNC_FOLDER_TYPE_WASTEBASKET => 'i',
+ SYNC_FOLDER_TYPE_SENTMAIL => 'i',
+ SYNC_FOLDER_TYPE_OUTBOX => 'i',
+ SYNC_FOLDER_TYPE_TASK => 'c',
+ SYNC_FOLDER_TYPE_APPOINTMENT => 'c',
+// SYNC_FOLDER_TYPE_CONTACT => 'd',
+ SYNC_FOLDER_TYPE_NOTE => 'c',
+ SYNC_FOLDER_TYPE_JOURNAL => 'c',
+ SYNC_FOLDER_TYPE_OTHER => 'i',
+ SYNC_FOLDER_TYPE_USER_MAIL => 'i',
+ SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c',
+// SYNC_FOLDER_TYPE_USER_CONTACT => 'd',
+ SYNC_FOLDER_TYPE_USER_TASK => 'c',
+ SYNC_FOLDER_TYPE_USER_JOURNAL => 'c',
+ SYNC_FOLDER_TYPE_USER_NOTE => 'c',
+ SYNC_FOLDER_TYPE_UNKNOWN => 'i',
+ ),
+ //creating a new folder in the root folder should create a folder in one backend
+ 'rootcreatefolderbackend' => 'i',
+ );
+ }
+}
diff --git a/z-push/z-push/imap.conf.php b/z-push/z-push/imap.conf.php
new file mode 100644
index 0000000000000000000000000000000000000000..6c9d47da3575cd26eca766e1c46f2eede3848ae0
--- /dev/null
+++ b/z-push/z-push/imap.conf.php
@@ -0,0 +1,225 @@
+<?php
+/***********************************************
+* File : config.php
+* Project : Z-Push
+* Descr : IMAP backend configuration file
+*
+* Created : 27.11.2012
+*
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License, version 3,
+* as published by the Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
+* Consult LICENSE file for details
+************************************************/
+
+// ************************
+// BackendIMAP settings
+// ************************
+
+// Defines the server to which we want to connect
+define('IMAP_SERVER', 'imap.shore.co.il');
+
+// connecting to default port (143)
+define('IMAP_PORT', 993);
+
+// best cross-platform compatibility (see http://php.net/imap_open for options)
+define('IMAP_OPTIONS', '/ssl/norsh');
+
+
+// Mark messages as read when moving to Trash.
+// BE AWARE that you will lose the unread flag, but some mail clients do this so the Trash folder doesn't get boldened
+define('IMAP_AUTOSEEN_ON_DELETE', false);
+
+
+// IMPORTANT: BASIC IMAP FOLDERS [ask your mail admin]
+ // We can have diferent cases (case insensitive):
+ // 1.
+ // inbox
+ // sent
+ // drafts
+ // trash
+ // 2.
+ // inbox
+ // common.sent
+ // common.drafts
+ // common.trash
+ // 3.
+ // common.inbox
+ // common.sent
+ // common.drafts
+ // common.trash
+ // 4.
+ // common
+ // common.sent
+ // common.drafts
+ // common.trash
+ //
+ // gmail is a special case, where the default folders are under the [gmail] prefix and the folders defined by the user are under INBOX.
+ // This configuration seems to work:
+ // define('IMAP_FOLDER_PREFIX', '');
+ // define('IMAP_FOLDER_PREFIX_IN_INBOX', false);
+ // define('IMAP_FOLDER_INBOX', 'INBOX');
+ // define('IMAP_FOLDER_SENT', '[Gmail]/Sent');
+ // define('IMAP_FOLDER_DRAFT', '[Gmail]/Drafts');
+ // define('IMAP_FOLDER_TRASH', '[Gmail]/Trash');
+ // define('IMAP_FOLDER_SPAM', '[Gmail]/Spam');
+ // define('IMAP_FOLDER_ARCHIVE', '[Gmail]/All Mail');
+
+// Since I know you won't configure this, I will raise an error unless you do.
+// When configured set this to true to remove the error
+define('IMAP_FOLDER_CONFIGURED', true);
+
+// Folder prefix is the common part in your names (3, 4)
+define('IMAP_FOLDER_PREFIX', '');
+
+// Inbox will have the preffix preppend (3 & 4 to true)
+define('IMAP_FOLDER_PREFIX_IN_INBOX', false);
+
+// Inbox folder name (case doesn't matter) - (empty in 4)
+define('IMAP_FOLDER_INBOX', 'INBOX');
+
+// Sent folder name (case doesn't matter)
+define('IMAP_FOLDER_SENT', 'SENT');
+
+// Draft folder name (case doesn't matter)
+define('IMAP_FOLDER_DRAFT', 'DRAFTS');
+
+// Trash folder name (case doesn't matter)
+define('IMAP_FOLDER_TRASH', 'TRASH');
+
+// Spam folder name (case doesn't matter). Only showed as special by iOS devices
+define('IMAP_FOLDER_SPAM', 'SPAM');
+
+// Archive folder name (case doesn't matter). Only showed as special by iOS devices
+define('IMAP_FOLDER_ARCHIVE', 'ARCHIVE');
+
+
+
+// forward messages inline (default true - inlined)
+define('IMAP_INLINE_FORWARD', true);
+
+// list of folders we want to exclude from sync. Names, or part of it, separated by |
+// example: dovecot.sieve|archive|spam
+define('IMAP_EXCLUDED_FOLDERS', '');
+
+
+
+// overwrite the "from" header with some value
+// options:
+// '' - do nothing, use the From header
+// 'username' - the username will be set (usefull if your login is equal to your emailaddress)
+// 'domain' - the value of the "domain" field is used
+// 'sql' - the username will be the result of a sql query. REMEMBER TO INSTALL PHP-PDO AND PHP-DATABASE
+// 'ldap' - the username will be the result of a ldap query. REMEMBER TO INSTALL PHP-LDAP!!
+// '@mydomain.com' - the username is used and the given string will be appended
+define('IMAP_DEFAULTFROM', '');
+
+// DSN: formatted PDO connection string
+// mysql:host=xxx;port=xxx;dbname=xxx
+// USER: username to DB
+// PASSWORD: password to DB
+// OPTIONS: array with options needed
+// QUERY: query to execute
+// FIELDS: columns in the query
+// FROM: string that will be the from, replacing the column names with the values
+define('IMAP_FROM_SQL_DSN', '');
+define('IMAP_FROM_SQL_USER', '');
+define('IMAP_FROM_SQL_PASSWORD', '');
+define('IMAP_FROM_SQL_OPTIONS', serialize(array(PDO::ATTR_PERSISTENT => true)));
+define('IMAP_FROM_SQL_QUERY', "select first_name, last_name, mail_address from users where mail_address = '#username@#domain'");
+define('IMAP_FROM_SQL_FIELDS', serialize(array('first_name', 'last_name', 'mail_address')));
+define('IMAP_FROM_SQL_EMAIL', '#mail_address');
+define('IMAP_FROM_SQL_FROM', '#first_name #last_name <#mail_address>');
+define('IMAP_FROM_SQL_FULLNAME', '#first_name #last_name');
+
+// SERVER: ldap server
+// SERVER_PORT: ldap port
+// USER: dn to use for connecting
+// PASSWORD: password
+// QUERY: query to execute
+// FIELDS: columns in the query
+// FROM: string that will be the from, replacing the field names with the values
+define('IMAP_FROM_LDAP_SERVER', 'localhost');
+define('IMAP_FROM_LDAP_SERVER_PORT', '389');
+define('IMAP_FROM_LDAP_USER', 'cn=zpush,ou=servers,dc=zpush,dc=org');
+define('IMAP_FROM_LDAP_PASSWORD', 'password');
+define('IMAP_FROM_LDAP_BASE', 'dc=zpush,dc=org');
+define('IMAP_FROM_LDAP_QUERY', '(mail=#username@#domain)');
+define('IMAP_FROM_LDAP_FIELDS', serialize(array('givenname', 'sn', 'mail')));
+define('IMAP_FROM_LDAP_EMAIL', '#mail');
+define('IMAP_FROM_LDAP_FROM', '#givenname #sn <#mail>');
+define('IMAP_FROM_LDAP_FULLNAME', '#givenname #sn');
+
+
+
+// Method used for sending mail
+// mail => mail() php function
+// sendmail => sendmail executable
+// smtp => direct connection against SMTP
+define('IMAP_SMTP_METHOD', 'mail');
+
+global $imap_smtp_params;
+// SMTP Parameters
+// mail : no params
+$imap_smtp_params = array(
+ 'host' => 'smtp.shore.co.il',
+ 'port' => 587,
+ 'auth' => true,
+ 'username' => 'imap_username',
+ 'password' => 'imap_password',
+ 'localhost' => 'z-push'
+);
+// sendmail
+//$imap_smtp_params = array('sendmail_path' => '/usr/bin/sendmail', 'sendmail_args' => '-i');
+// smtp
+// "host" - The server to connect. Default is localhost.
+// "port" - The port to connect. Default is 25.
+// "auth" - Whether or not to use SMTP authentication. Default is FALSE.
+// "username" - The username to use for SMTP authentication. "imap_username" for using the same username as the imap server
+// "password" - The password to use for SMTP authentication. "imap_password" for using the same password as the imap server
+// "localhost" - The value to give when sending EHLO or HELO. Default is localhost
+// "timeout" - The SMTP connection timeout. Default is NULL (no timeout).
+// "verp" - Whether to use VERP or not. Default is FALSE.
+// "debug" - Whether to enable SMTP debug mode or not. Default is FALSE.
+// "persist" - Indicates whether or not the SMTP connection should persist over multiple calls to the send() method.
+// "pipelining" - Indicates whether or not the SMTP commands pipelining should be used.
+// "verify_peer" - Require verification of SSL certificate used. Default is TRUE.
+// "verify_peer_name" - Require verification of peer name. Default is TRUE.
+// "allow_self_signed" - Allow self-signed certificates. Requires verify_peer. Default is FALSE.
+//$imap_smtp_params = array('host' => 'localhost', 'port' => 25, 'auth' => false);
+// If you want to use SSL with port 25 or port 465 you must preppend "ssl://" before the hostname or IP of your SMTP server
+// IMPORTANT: To use SSL you must use PHP 5.1 or later, install openssl libs and use ssl:// within the host variable
+// IMPORTANT: To use SSL with PHP 5.6 you should set verify_peer, verify_peer_name and allow_self_signed
+//$imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password');
+// If you want to use STARTTLS when the server is supporting it, you just need to enable authentication on a non SSL host variable.
+//$imap_smtp_params = array('host' => 'localhost', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password');
+
+
+// If you are using IMAP_SMTP_METHOD = mail or sendmail and your sent messages are not correctly displayed you can change this to "\n".
+// BUT, it doesn't comply with RFC 2822 and will break if using smtp method
+define('MAIL_MIMEPART_CRLF', "\r\n");
+
+
+// A file containing file mime types->extension mappings.
+// SELINUX users: make sure the file has a security context accesible by your apache/php-fpm process
+define('SYSTEM_MIME_TYPES_MAPPING', '/etc/mime.types');
+
+
+// Use BackendCalDAV for Meetings. You cannot hope to get that functionality working without a caldav backend.
+define('IMAP_MEETING_USE_CALDAV', false);
+
+// If your IMAP server allows authenticating via GSSAPI, php-imap will not fall back properly to other authentication
+// methods and you will be unable to log in. Uncomment the following line to disable that authentication method.
+// Multiple methods can be specified as a comma-separated string.
+// define('IMAP_DISABLE_AUTHENTICATOR', 'GSSAPI');
diff --git a/z-push/z-push/policies.ini b/z-push/z-push/policies.ini
new file mode 100644
index 0000000000000000000000000000000000000000..cbd99f953f238e3efb816f5d21308ccf39cdb7d5
--- /dev/null
+++ b/z-push/z-push/policies.ini
@@ -0,0 +1,234 @@
+;;;;;;;;;;;;;;;;;;;;;;;;
+; About policies.ini ;
+;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Z-Push policies' file holds the configuration to be applied
+; during the provisioning of a mobile device.
+; Check Z-Push wiki page regarding the provisioning policies:
+; https://wiki.z-hub.io/x/eYAa
+; For more information see the ActiveSync documentation at:
+; https://msdn.microsoft.com/en-us/library/dd299443.aspx
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; The default ActiveSync policy. Do not change its name.
+[default]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Policies for ActiveSync version 12.0 and higher
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Specifies if a device requires a password to unlock it.
+; 0 - Password not required.
+; 1 - Password is required.
+devpwenabled = 0
+
+; Specifies if a device requires an alphanumeric password to unlock it.
+; 0 - Alphanumeric password not required.
+; 1 - Alphanumeric password required.
+alphanumpwreq = 0
+
+; Deprecated. Specifies if the device encrypts the content of the storage card.
+; 0 - Storage card encryption not enabled.
+; 1 - Storage card encryption enabled.
+devencenabled = 0
+
+; Specifies if the server supports storing a recovery password which could be
+; sent by the client using the Settings command.
+; This policy is currently not supported by Z-Push.
+; 0 - Password recovery not enabled on the server.
+; 1 - Password recovery enabled on the server.
+; pwrecoveryenabled = 0
+
+; Deprecated.
+docbrowseenabled =
+
+; Specifies if email attachments are enabled for download.
+; 0 - Attachments not allowed for download.
+; 1 - Attachments allowed for download.
+attenabled = 1
+
+; Specifies the minimum client password length to unlock it.
+; The mindevpwlenngth can be empty or have a value between 1 and 16.
+; If the value is empty or 1, there is no minimum length for the device password.
+mindevpwlenngth = 4
+
+; The maximum number of seconds of inactivity before the device locks itself.
+; If this value is greater than or equal to 9999, the client interprets it as unlimited.
+maxinacttimedevlock = 900
+
+; The maximum number of failed password attempts to unlock the device.
+; The client SHOULD perform a local wipe or enter a timed lock out mode if the maximum
+; number of failed password attempts is reached.
+; The maxdevpwfailedattempts can be empty or have a value between 4 and 16.
+; If the value is empty, the client interprets this as no maximum number of
+; failed password attempts has been set by the security policy.
+maxdevpwfailedattempts = 8
+
+; The maximum attachment size in bytes as determined by security policy.
+maxattsize = ''
+
+; Specifies if the device allows simple passwords. A simple password contains
+; repeated ("0000") or sequential ("xyz") characters only.
+allowsimpledevpw = 1
+
+; The maximum number of days until a password expires.
+; Empty or 0 devpwexpiration value indicates that the password will not expire.
+devpwexpiration = 0
+
+; The minimum number of previously used passwords stored to prevent reuse by the device.
+; 0 - Do not store previously used passwords.
+; >0 - Store the minimum number of previously used passwords.
+devpwhistory = 0
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Policies for ActiveSync version 12.1 and higher
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; The device allows to use a storage card.
+; 0 - SD card not allowed.
+; 1 - SD card allowed.
+allowstoragecard = 1
+
+; The device allows to use the built-in camera.
+; 0 - Usage of the built-in camera not allowed.
+; 1 - Usage of built-in the camera allowed.
+allowcam = 1
+
+; Specifies if the client uses encryption.
+; 0 - Encryption not required.
+; 1 - Encryption required.
+reqdevenc = 0
+
+; Specifies if the device allows unsigned applications to execute.
+; 0 - Unsigned applications not allowed to execute.
+; 1 - Unsigned applications allowed to execute.
+allowunsignedapps = 1
+
+; The required complexity level of the device password.
+; Valid values for mindevcomplexchars are between 1 and 4. The value specifies
+; the number of character groups to be contained in the password.
+; The character groups are:
+; - Lower case alphabetical characters
+; - Upper case alphabetical characters
+; - Numbers
+; - Non-alphanumeric characters
+; For example, if the value of mindevcomplexchars is 2, a password may contain
+; lower case and upper case characters. A password with numbers and non-alphanumeric
+; characters would be also valid.
+mindevcomplexchars = 3
+
+; The device allows the use of Wi-Fi connections.
+; 0 - The use of Wi-Fi connections not allowed.
+; 1 - The use of Wi-Fi connections allowed.
+allowwifi = 1
+
+; The device allows the use of SMS or text messaging.
+; 0 - SMS or text messaging not allowed.
+; 1 - SMS or text messaging allowed.
+allowtextmessaging = 1
+
+; The device allows access to POP or IMAP email.
+; 0 - POP or IMAP email access not allowed.
+; 1 - POP or IMAP email access allowed.
+allowpopimapemail = 1
+
+; The use of Bluetooth on the device.
+; 0 - Disable Bluetooth.
+; 1 - Disable Bluetooth, but allow the configuration of hands-free profiles.
+; 2 - Allow Bluetooth.
+allowbluetooth = 2
+
+; The device allows the use of IrDA (infrared) connections.
+; 0 - Disable IrDA.
+; 1 - Allow IrDA.
+allowirda = 1
+
+; The device requires manual synchronization when the device is roaming.
+; 0 - Do not require manual sync; allow direct push when roaming.
+; 1 - Require manual sync when roaming.
+reqmansyncroam = 0
+
+; The maximum number of calendar days that can be synchronized.
+; 0 - All days
+; 4 - 2 weeks
+; 5 - 1 month
+; 6 - 3 months
+; 7 - 6 months
+maxcalagefilter = 0
+
+; Specifies if the client uses HTML-formatted email.
+; 0 - HTML-formatted email not allowed.
+; 1 - HTML-formatted email allowed.
+allowhtmlemail = 1
+
+; The email age limit for synchronization.
+; 0 - Sync all
+; 1 - 1 day
+; 2 - 3 days
+; 3 - 1 week
+; 4 - 2 weeks
+; 5 - 1 month
+maxemailagefilter = 0
+
+; The maximum truncation size for plain text–formatted email.
+; -1 - No truncation.
+; 0 - Truncate only the header.
+; >0 - Truncate the email body to the specified size.
+maxemailbodytruncsize = -1
+
+; The maximum truncation size for HTML-formatted email.
+; -1 - No truncation.
+; 0 - Truncate only the header.
+; >0 - Truncate the email body to the specified size.
+maxemailhtmlbodytruncsize = -1
+
+; Specifies if the client sends signed S/MIME messages.
+; 0 - Signed S/MIME messages not required.
+; 1 - Signed S/MIME messages required.
+reqsignedsmimemessages = 0
+
+; Specifies if the client sends encrypted email messages.
+; 0 - Encrypted email messages not required.
+; 1 - Email messages required to be encrypted.
+reqencsmimemessages = 0
+
+; The algorithm used to sign S/MIME messages.
+; 0 - Use SHA1.
+; 1 - Use MD5.
+reqsignedsmimealgorithm = 0
+
+; The algorithm used to encrypt S/MIME messages.
+; 0 - TripleDES algorithm
+; 1 - DES algorithm
+; 2 - RC2128bit
+; 3 - RC264bit
+; 4 - RC240bit
+reqencsmimealgorithm = 0
+
+; Controls negotiation of the encryption algorithm.
+; 0 - Do not negotiate.
+; 1 - Negotiate a strong algorithm.
+; 2 - Negotiate any algorithm.
+allowsmimeencalgneg = 2
+
+; Specifies if the client can use soft certificates to sign outgoing messages.
+; 0 - Soft certificates are not allowed.
+; 1 - Soft certificates are allowed.
+allowsmimesoftcerts = 1
+
+; Specifies if the device allows the use of a web browser.
+; 0 - Do not allow the use of a web browser.
+; 1 - Allow the use of a web browser.
+allowbrowser = 1
+
+; Specifies if the device allows the user to configure a personal email account.
+; 0 - Do not allow the user to configure a personal email account.
+; 1 - Allow the user to configure a personal email account.
+allowconsumeremail = 1
+
+; Specifies if the device allows the use of Internet Sharing.
+; 0 - Do not allow the use of Internet Sharing.
+; 1 - Allow the use of Internet Sharing.
+allowinternetsharing = 1
\ No newline at end of file
diff --git a/z-push/z-push/z-push.conf.php b/z-push/z-push/z-push.conf.php
new file mode 100644
index 0000000000000000000000000000000000000000..601fd665b501f7c0c7fdbc055d6ed5be5a4d3a5a
--- /dev/null
+++ b/z-push/z-push/z-push.conf.php
@@ -0,0 +1,392 @@
+<?php
+/***********************************************
+* File : config.php
+* Project : Z-Push
+* Descr : Main configuration file
+*
+* Created : 01.10.2007
+*
+* Copyright 2007 - 2016 Zarafa Deutschland GmbH
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License, version 3,
+* as published by the Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
+* Consult LICENSE file for details
+************************************************/
+
+/**********************************************************************************
+ * Default settings
+ */
+ // Defines the default time zone, change e.g. to "Europe/London" if necessary
+ define('TIMEZONE', '');
+
+ // Defines the base path on the server
+ define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/');
+
+ // Try to set unlimited timeout
+ define('SCRIPT_TIMEOUT', 0);
+
+ // Use a custom header to determinate the remote IP of a client.
+ // By default, the server provided REMOTE_ADDR is used. If the header here set
+ // is available, the provided value will be used, else REMOTE_ADDR is maintained.
+ // set to false to disable this behaviour.
+ // common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored)
+ define('USE_CUSTOM_REMOTE_IP_HEADER', false);
+
+ // When using client certificates, we can check if the login sent matches the owner of the certificate.
+ // This setting specifies the owner parameter in the certificate to look at.
+ define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN");
+
+ /*
+ * Whether to use the complete email address as a login name
+ * (e.g. user@company.com) or the username only (user).
+ * This is required for Z-Push to work properly after autodiscover.
+ * Possible values:
+ * false - use the username only.
+ * true - string the mobile sends as username, e.g. full email address (default).
+ */
+ define('USE_FULLEMAIL_FOR_LOGIN', false);
+
+/**********************************************************************************
+ * StateMachine setting
+ *
+ * These StateMachines can be used:
+ * FILE - FileStateMachine (default). Needs STATE_DIR set as well.
+ * SQL - SqlStateMachine has own configuration file. STATE_DIR is ignored.
+ * State migration script is available, more informations: https://wiki.z-hub.io/x/xIAa
+ */
+ define('STATE_MACHINE', 'FILE');
+ define('STATE_DIR', '/var/lib/z-push/');
+
+/**********************************************************************************
+ * IPC - InterProcessCommunication
+ *
+ * Is either provided by using shared memory on a single host or
+ * using the memcache provider for multi-host environments.
+ * When another implementation should be used, the class can be set here explicitly.
+ * If empty Z-Push will try to use available providers.
+ */
+ define('IPC_PROVIDER', '');
+
+/**********************************************************************************
+ * Logging settings
+ *
+ * The LOGBACKEND specifies where the logs are sent to.
+ * Either to file ("filelog") or to a "syslog" server or a custom log class in core/log/logclass.
+ * filelog and syslog have several options that can be set below.
+ * For more information about the syslog configuration, see https://wiki.z-hub.io/x/HIAT
+
+ * Possible LOGLEVEL and LOGUSERLEVEL values are:
+ * LOGLEVEL_OFF - no logging
+ * LOGLEVEL_FATAL - log only critical errors
+ * LOGLEVEL_ERROR - logs events which might require corrective actions
+ * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future
+ * LOGLEVEL_INFO - usually completed actions
+ * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers
+ * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device
+ * LOGLEVEL_DEVICEID - also prints the device id for every log entry
+ * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack
+ *
+ * The verbosity increases from top to bottom. More verbose levels include less verbose
+ * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR,
+ * LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
+ *
+ * LOGAUTHFAIL is logged to the LOGBACKEND.
+ */
+ define('LOGBACKEND', 'filelog');
+ define('LOGLEVEL', LOGLEVEL_INFO);
+ define('LOGAUTHFAIL', false);
+
+ // To save e.g. WBXML data only for selected users, add the usernames to the array
+ // The data will be saved into a dedicated file per user in the LOGFILEDIR
+ // Users have to be encapusulated in quotes, several users are comma separated, like:
+ // $specialLogUsers = array('info@domain.com', 'myusername');
+ define('LOGUSERLEVEL', LOGLEVEL_DEVICEID);
+ $specialLogUsers = array();
+
+ // Filelog settings
+ define('LOGFILEDIR', '/var/log/z-push/');
+ define('LOGFILE', LOGFILEDIR . 'z-push.log');
+ define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log');
+
+ // Syslog settings
+ // false will log to local syslog, otherwise put the remote syslog IP here
+ define('LOG_SYSLOG_HOST', false);
+ // Syslog port
+ define('LOG_SYSLOG_PORT', 514);
+ // Program showed in the syslog. Useful if you have more than one instance login to the same syslog
+ define('LOG_SYSLOG_PROGRAM', 'z-push');
+ // Syslog facility - use LOG_USER when running on Windows
+ define('LOG_SYSLOG_FACILITY', LOG_LOCAL0);
+
+ // Location of the trusted CA, e.g. '/etc/ssl/certs/EmailCA.pem'
+ // Uncomment and modify the following line if the validation of the certificates fails.
+ // define('CAINFO', '/etc/ssl/certs/EmailCA.pem');
+
+/**********************************************************************************
+ * Mobile settings
+ */
+ // Device Provisioning
+ define('PROVISIONING', false);
+
+ // This option allows the 'loose enforcement' of the provisioning policies for older
+ // devices which don't support provisioning (like WM 5 and HTC Android Mail) - dw2412 contribution
+ // false (default) - Enforce provisioning for all devices
+ // true - allow older devices, but enforce policies on devices which support it
+ define('LOOSE_PROVISIONING', false);
+
+ // The file containing the policies' settings.
+ // Set a full path or relative to the z-push main directory
+ define('PROVISIONING_POLICYFILE', 'policies.ini');
+
+ // Default conflict preference
+ // Some devices allow to set if the server or PIM (mobile)
+ // should win in case of a synchronization conflict
+ // SYNC_CONFLICT_OVERWRITE_SERVER - Server is overwritten, PIM wins
+ // SYNC_CONFLICT_OVERWRITE_PIM - PIM is overwritten, Server wins (default)
+ define('SYNC_CONFLICT_DEFAULT', SYNC_CONFLICT_OVERWRITE_PIM);
+
+ // Global limitation of items to be synchronized
+ // The mobile can define a sync back period for calendar and email items
+ // For large stores with many items the time period could be limited to a max value
+ // If the mobile transmits a wider time period, the defined max value is used
+ // Applicable values:
+ // SYNC_FILTERTYPE_ALL (default, no limitation)
+ // SYNC_FILTERTYPE_1DAY, SYNC_FILTERTYPE_3DAYS, SYNC_FILTERTYPE_1WEEK, SYNC_FILTERTYPE_2WEEKS,
+ // SYNC_FILTERTYPE_1MONTH, SYNC_FILTERTYPE_3MONTHS, SYNC_FILTERTYPE_6MONTHS
+ define('SYNC_FILTERTIME_MAX', SYNC_FILTERTYPE_ALL);
+
+ // Interval in seconds before checking if there are changes on the server when in Ping.
+ // It means the highest time span before a change is pushed to a mobile. Set it to
+ // a higher value if you have a high load on the server.
+ define('PING_INTERVAL', 30);
+
+ // Set the fileas (save as) order for contacts in the webaccess/webapp/outlook.
+ // It will only affect new/modified contacts on the mobile which then are synced to the server.
+ // Possible values are:
+ // SYNC_FILEAS_FIRSTLAST - fileas will be "Firstname Middlename Lastname"
+ // SYNC_FILEAS_LASTFIRST - fileas will be "Lastname, Firstname Middlename"
+ // SYNC_FILEAS_COMPANYONLY - fileas will be "Company"
+ // SYNC_FILEAS_COMPANYLAST - fileas will be "Company (Lastname, Firstname Middlename)"
+ // SYNC_FILEAS_COMPANYFIRST - fileas will be "Company (Firstname Middlename Lastname)"
+ // SYNC_FILEAS_LASTCOMPANY - fileas will be "Lastname, Firstname Middlename (Company)"
+ // SYNC_FILEAS_FIRSTCOMPANY - fileas will be "Firstname Middlename Lastname (Company)"
+ // The company-fileas will only be set if a contact has a company set. If one of
+ // company-fileas is selected and a contact doesn't have a company set, it will default
+ // to SYNC_FILEAS_FIRSTLAST or SYNC_FILEAS_LASTFIRST (depending on if last or first
+ // option is selected for company).
+ // If SYNC_FILEAS_COMPANYONLY is selected and company of the contact is not set
+ // SYNC_FILEAS_LASTFIRST will be used
+ define('FILEAS_ORDER', SYNC_FILEAS_LASTFIRST);
+
+ // Maximum amount of items to be synchronized per request.
+ // Normally this value is requested by the mobile. Common values are 5, 25, 50 or 100.
+ // Exporting too much items can cause mobile timeout on busy systems.
+ // Z-Push will use the lowest provided value, either set here or by the mobile.
+ // MS Outlook 2013+ request up to 512 items to accelerate the sync process.
+ // If you detect high load (also on subsystems) you could try a lower setting.
+ // max: 512 - value used if mobile does not limit amount of items
+ define('SYNC_MAX_ITEMS', 50);
+
+ // The devices usually send a list of supported properties for calendar and contact
+ // items. If a device does not includes such a supported property in Sync request,
+ // it means the property's value will be deleted on the server.
+ // However some devices do not send a list of supported properties. It is then impossible
+ // to tell if a property was deleted or it was not set at all if it does not appear in Sync.
+ // This parameter defines Z-Push behaviour during Sync if a device does not issue a list with
+ // supported properties.
+ // See also https://jira.z-hub.io/browse/ZP-302.
+ // Possible values:
+ // false - do not unset properties which are not sent during Sync (default)
+ // true - unset properties which are not sent during Sync
+ define('UNSET_UNDEFINED_PROPERTIES', false);
+
+ // ActiveSync specifies that a contact photo may not exceed 48 KB. This value is checked
+ // in the semantic sanity checks and contacts with larger photos are not synchronized.
+ // This limitation is not being followed by the ActiveSync clients which set much bigger
+ // contact photos. You can override the default value of the max photo size.
+ // default: 5242880 - 5 MB default max photo size in bytes
+ define('SYNC_CONTACTS_MAXPICTURESIZE', 5242880);
+
+ // Over the WebserviceUsers command it is possible to retrieve a list of all
+ // known devices and users on this Z-Push system. The authenticated user needs to have
+ // admin rights and a public folder must exist.
+ // In multicompany environments this enable an admin user of any company to retrieve
+ // this full list, so this feature is disabled by default. Enable with care.
+ define('ALLOW_WEBSERVICE_USERS_ACCESS', false);
+
+ // Users with many folders can use the 'partial foldersync' feature, where the server
+ // actively stops processing the folder list if it takes too long. Other requests are
+ // then redirected to the FolderSync to synchronize the remaining items.
+ // Device compatibility for this procedure is not fully understood.
+ // NOTE: THIS IS AN EXPERIMENTAL FEATURE WHICH COULD PREVENT YOUR MOBILES FROM SYNCHRONIZING.
+ define('USE_PARTIAL_FOLDERSYNC', false);
+
+ // The minimum accepted time in second that a ping command should last.
+ // It is strongly advised to keep this config to false. Some device
+ // might not be able to send a higher value than the one specificied here and thus
+ // unable to start a push connection.
+ // If set to false, there will be no lower bound to the ping lifetime.
+ // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes).
+ define('PING_LOWER_BOUND_LIFETIME', false);
+
+ // The maximum accepted time in second that a ping command should last.
+ // If set to false, there will be no higher bound to the ping lifetime.
+ // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes).
+ define('PING_HIGHER_BOUND_LIFETIME', false);
+
+ // Maximum response time
+ // Mobiles implement different timeouts to their TCP/IP connections. Android devices for example
+ // have a hard timeout of 30 seconds. If the server is not able to answer a request within this timeframe,
+ // the answer will not be recieved and the device will send a new one overloading the server.
+ // There are three categories
+ // - Short timeout - server has up within 30 seconds - is automatically applied for not categorized types
+ // - Medium timeout - server has up to 90 seconds to respond
+ // - Long timeout - server has up to 4 minutes to respond
+ // If a timeout is almost reached the server will break and sent the results it has until this
+ // point. You can add DeviceType strings to the categories.
+ // In general longer timeouts are better, because more data can be streamed at once.
+ define('SYNC_TIMEOUT_MEDIUM_DEVICETYPES', "SAMSUNGGTI");
+ define('SYNC_TIMEOUT_LONG_DEVICETYPES', "iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail");
+
+ // Time in seconds the device should wait whenever the service is unavailable,
+ // e.g. when a backend service is unavailable.
+ // Z-Push sends a "Retry-After" header in the response with the here defined value.
+ // It is up to the device to respect or not this directive so even if this option is set,
+ // the device might not wait requested time frame.
+ // Number of seconds before retry, to disable set to: false
+ define('RETRY_AFTER_DELAY', 300);
+
+/**********************************************************************************
+ * Backend settings
+ */
+ // the backend data provider
+ define('BACKEND_PROVIDER', 'BackendCombined');
+
+/**********************************************************************************
+ * Search provider settings
+ *
+ * Alternative backend to perform SEARCH requests (GAL search)
+ * By default the main Backend defines the preferred search functionality.
+ * If set, the Search Provider will always be preferred.
+ * Use 'BackendSearchLDAP' to search in a LDAP directory (see backend/searchldap/config.php)
+ */
+ define('SEARCH_PROVIDER', '');
+ // Time in seconds for the server search. Setting it too high might result in timeout.
+ // Setting it too low might not return all results. Default is 10.
+ define('SEARCH_WAIT', 10);
+ // The maximum number of results to send to the client. Setting it too high
+ // might result in timeout. Default is 10.
+ define('SEARCH_MAXRESULTS', 10);
+
+/**********************************************************************************
+ * Kopano Outlook Extension - Settings
+ *
+ * The Kopano Outlook Extension (KOE) provides MS Outlook 2013 and newer with
+ * functionality not provided by ActiveSync or not implemented by Outlook.
+ * For more information, see: https://wiki.z-hub.io/x/z4Aa
+ */
+ // Global Address Book functionality
+ define('KOE_CAPABILITY_GAB', true);
+ // Synchronize mail flags from the server to Outlook/KOE
+ define('KOE_CAPABILITY_RECEIVEFLAGS', true);
+ // Encode flags when sending from Outlook/KOE
+ define('KOE_CAPABILITY_SENDFLAGS', true);
+ // Out-of-office support
+ define('KOE_CAPABILITY_OOF', true);
+ // Out-of-office support with start & end times (superseeds KOE_CAPABILITY_OOF)
+ define('KOE_CAPABILITY_OOFTIMES', true);
+ // Notes support
+ define('KOE_CAPABILITY_NOTES', true);
+ // Shared folder support
+ define('KOE_CAPABILITY_SHAREDFOLDER', true);
+ // Send-As support for Outlook/KOE and mobiles
+ define('KOE_CAPABILITY_SENDAS', true);
+ // Secondary Contact folders (own and shared)
+ define('KOE_CAPABILITY_SECONDARYCONTACTS', true);
+ // Copy WebApp signature into KOE
+ define('KOE_CAPABILITY_SIGNATURES', true);
+ // Delivery receipt requests
+ define('KOE_CAPABILITY_RECEIPTS', true);
+ // Impersonate other users
+ define('KOE_CAPABILITY_IMPERSONATE', true);
+
+ // To synchronize the GAB KOE, the GAB store and folderid need to be specified.
+ // Use the gab-sync script to generate this data. The name needs to
+ // match the config of the gab-sync script.
+ // More information here: https://wiki.z-hub.io/x/z4Aa (GAB Sync Script)
+ define('KOE_GAB_STORE', 'SYSTEM');
+ define('KOE_GAB_FOLDERID', '');
+ define('KOE_GAB_NAME', 'Z-Push-KOE-GAB');
+
+/**********************************************************************************
+ * Synchronize additional folders to all mobiles
+ *
+ * With this feature, special folders can be synchronized to all mobiles.
+ * This is useful for e.g. global company contacts.
+ *
+ * This feature is supported only by certain devices, like iPhones.
+ * Check the compatibility list for supported devices:
+ * http://z-push.org/compatibility
+ *
+ * To synchronize a folder, add a section setting all parameters as below:
+ * store: the ressource where the folder is located.
+ * Kopano users use 'SYSTEM' for the 'Public Folder'
+ * folderid: folder id of the folder to be synchronized
+ * name: name to be displayed on the mobile device
+ * type: supported types are:
+ * SYNC_FOLDER_TYPE_USER_CONTACT
+ * SYNC_FOLDER_TYPE_USER_APPOINTMENT
+ * SYNC_FOLDER_TYPE_USER_TASK
+ * SYNC_FOLDER_TYPE_USER_MAIL
+ * SYNC_FOLDER_TYPE_USER_NOTE
+ * flags: sets additional options on the shared folder. Supported are:
+ * DeviceManager::FLD_FLAGS_NONE
+ * No flags configured, default flag to be set
+ * DeviceManager::FLD_FLAGS_SENDASOWNER
+ * When replying in this folder, automatically do Send-As
+ * DeviceManager::FLD_FLAGS_CALENDARREMINDERS
+ * If set, Outlook shows reminders for these shares with KOE
+ * DeviceManager::FLD_FLAGS_NOREADONLYNOTIFY
+ * If set, Z-Push won't send notification emails for changes
+ * if the folder is read-only
+ *
+ * Additional notes:
+ * - on Kopano systems use backend/kopano/listfolders.php script to get a list
+ * of available folders
+ *
+ * - all Z-Push users must have at least reading permissions so the configured
+ * folders can be synchronized to the mobile. Else they are ignored.
+ *
+ * - this feature is only partly suitable for multi-tenancy environments,
+ * as ALL users from ALL tenents need access to the configured store & folder.
+ * When configuring a public folder, this will cause problems, as each user has
+ * a different public folder in his tenant, so the folder are not available.
+
+ * - changing this configuration could cause HIGH LOAD on the system, as all
+ * connected devices will be updated and load the data contained in the
+ * added/modified folders.
+ */
+
+ $additionalFolders = array(
+ // demo entry for the synchronization of contacts from the public folder.
+ // uncomment (remove '/*' '*/') and fill in the folderid
+/*
+ array(
+ 'store' => "SYSTEM",
+ 'folderid' => "",
+ 'name' => "Public Contacts",
+ 'type' => SYNC_FOLDER_TYPE_USER_CONTACT,
+ 'flags' => DeviceManager::FLD_FLAGS_NONE,
+ ),
+*/
+ );