Merge branch 'miab-config' of supplee.net:mailinabox-quota into miab-config
This commit is contained in:
commit
075bdc7063
11 changed files with 155 additions and 45 deletions
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -1,12 +1,23 @@
|
|||
CHANGELOG
|
||||
=========
|
||||
|
||||
In Development
|
||||
--------------
|
||||
v0.41 (February 26, 2019)
|
||||
-------------------------
|
||||
|
||||
System:
|
||||
|
||||
* Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back.
|
||||
* Upgrades would fail if Mail-in-a-Box moved to a different directory in `systemctl link`.
|
||||
|
||||
Mail:
|
||||
|
||||
* Incoming messages addressed to more than one local user were rejected because of a bug in spampd packaged by Ubuntu 18.04. A workaround was added.
|
||||
|
||||
Contacts/Calendar:
|
||||
|
||||
* Upgraded Nextcloud from 13.0.6 to 14.0.6.
|
||||
* Upgraded Contacts from 2.1.5 to 2.1.8.
|
||||
* Upgraded Calendar from 1.6.1 to 1.6.4.
|
||||
|
||||
v0.40 (January 12, 2019)
|
||||
------------------------
|
||||
|
|
|
@ -58,7 +58,7 @@ by him:
|
|||
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
||||
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
||||
|
||||
$ git verify-tag v0.40
|
||||
$ git verify-tag v0.41
|
||||
gpg: Signature made ..... using RSA key ID C10BDD81
|
||||
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
||||
gpg: WARNING: This key is not certified with a trusted signature!
|
||||
|
@ -71,7 +71,7 @@ and on his [personal homepage](https://razor.occams.info/). (Of course, if this
|
|||
|
||||
Checkout the tag corresponding to the most recent release:
|
||||
|
||||
$ git checkout v0.40
|
||||
$ git checkout v0.41
|
||||
|
||||
Begin the installation.
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@
|
|||
<div class="radio">
|
||||
<label>
|
||||
<input id="addaliasForwardsToNotAdvanced" name="addaliasForwardsToDivToggle" type="radio" checked onclick="$('#addaliasForwardsToDiv').toggle(false)">
|
||||
Any mail user listed in the Fowards To box can send mail claiming to be from <span class="regularalias">the alias address</span><span class="catchall domainalias">any address on the alias domain</span>.
|
||||
Any mail user listed in the Forwards To box can send mail claiming to be from <span class="regularalias">the alias address</span><span class="catchall domainalias">any address on the alias domain</span>.
|
||||
</label>
|
||||
</div>
|
||||
<div class="radio">
|
||||
|
|
|
@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
|
|||
# want to display in status checks.
|
||||
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
|
||||
# This machine is running Ubuntu 18.04.
|
||||
TAG=v0.40
|
||||
TAG=v0.41
|
||||
|
||||
elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
|
||||
# This machine is running Ubuntu 14.04.
|
||||
|
|
|
@ -42,7 +42,8 @@ source /etc/mailinabox.conf # load global vars
|
|||
# * `ca-certificates`: A trust store used to squelch postfix warnings about
|
||||
# untrusted opportunistically-encrypted connections.
|
||||
echo "Installing Postfix (SMTP server)..."
|
||||
apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates
|
||||
apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates \
|
||||
postfix-policyd-spf-python postsrsd
|
||||
|
||||
# ### Basic Settings
|
||||
|
||||
|
@ -97,7 +98,9 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
|
|||
-o cleanup_service_name=authclean" \
|
||||
"authclean=unix n - - - 0 cleanup
|
||||
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters
|
||||
-o nested_header_checks="
|
||||
-o nested_header_checks=" \
|
||||
"policy-spf=unix - n n - - spawn
|
||||
user=nobody argv=/usr/bin/policyd-spf"
|
||||
|
||||
# Install the `outgoing_mail_header_filters` file required by the new 'authclean' service.
|
||||
cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
|
||||
|
@ -173,8 +176,11 @@ tools/editconf.py /etc/postfix/main.cf \
|
|||
#
|
||||
# In a basic setup we would pass mail directly to Dovecot by setting
|
||||
# virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
|
||||
#
|
||||
tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
|
||||
# Because of a spampd bug, limit the number of recipients in each connection.
|
||||
# See https://github.com/mail-in-a-box/mailinabox/issues/1523.
|
||||
tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
|
||||
|
||||
|
||||
# Who can send mail to us? Some basic filters.
|
||||
#
|
||||
|
@ -193,13 +199,19 @@ tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
|
|||
# so these IPs get mail delivered quickly. But when an IP is not listed in the permit_dnswl_client list (i.e. it is not #NODOC
|
||||
# whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC
|
||||
# "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
|
||||
RECIPIENT_RESTRICTIONS=permit_sasl_authenticated,permit_mynetworks,\"reject_rbl_client zen.spamhaus.org\",reject_unlisted_recipient
|
||||
if [ $NO_GREYLISTING != "1" ]; then
|
||||
RECIPIENT_RESTRICTIONS=${RECIPIENT_RESTRICTIONS},\"check_policy_service inet:127.0.0.1:10023\"
|
||||
postconf -e smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org"
|
||||
|
||||
RECIPIENT_RESTRICTIONS="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient"
|
||||
|
||||
if [ $GREYLISTING != 1 ]; then
|
||||
RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:10023"
|
||||
fi
|
||||
tools/editconf.py /etc/postfix/main.cf \
|
||||
smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \
|
||||
smtpd_recipient_restrictions=$RECIPIENT_RESTRICTIONS
|
||||
|
||||
if [ $POLICY_SPF == 1 ]; then
|
||||
RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service unix:private/policy-spf"
|
||||
fi
|
||||
|
||||
postconf -e smtpd_recipient_restrictions="$RECIPIENT_RESTRICTIONS"
|
||||
|
||||
# Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
|
||||
# Postgrey listens on the same interface (and not IPv6, for instance).
|
||||
|
@ -216,6 +228,29 @@ tools/editconf.py /etc/default/postgrey \
|
|||
tools/editconf.py /etc/postfix/main.cf \
|
||||
message_size_limit=134217728
|
||||
|
||||
if [ $POSTSRSD == "1" ]; then
|
||||
# Setup SRS
|
||||
postconf -e \
|
||||
sender_canonical_maps=tcp:localhost:10001 \
|
||||
sender_canonical_classes=envelope_sender \
|
||||
recipient_canonical_maps=tcp:localhost:10002 \
|
||||
recipient_canonical_classes=envelope_recipient,header_recipient
|
||||
|
||||
hide_output systemctl enable postsrsd
|
||||
hide_output systemctl restart postsrsd
|
||||
|
||||
else
|
||||
postconf -e \
|
||||
sender_canonical_maps= \
|
||||
sender_canonical_classes= \
|
||||
recipient_canonical_maps= \
|
||||
recipient_canonical_classes=
|
||||
|
||||
hide_output systemctl disable postsrsd
|
||||
hide_output systemctl stop postsrsd
|
||||
fi
|
||||
|
||||
|
||||
# Allow the two SMTP ports in the firewall.
|
||||
|
||||
ufw_allow smtp
|
||||
|
|
|
@ -93,7 +93,7 @@ source $venv/bin/activate
|
|||
exec python `pwd`/management/daemon.py
|
||||
EOF
|
||||
chmod +x $inst_dir/start
|
||||
hide_output systemctl link conf/mailinabox.service
|
||||
hide_output systemctl link -f conf/mailinabox.service
|
||||
hide_output systemctl daemon-reload
|
||||
hide_output systemctl enable mailinabox.service
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ mkdir -p /var/lib/munin-node/plugin-state/
|
|||
# Create a systemd service for munin.
|
||||
ln -sf $(pwd)/management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
|
||||
chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
|
||||
hide_output systemctl link conf/munin.service
|
||||
hide_output systemctl link -f conf/munin.service
|
||||
hide_output systemctl daemon-reload
|
||||
hide_output systemctl unmask munin.service
|
||||
hide_output systemctl enable munin.service
|
||||
|
|
|
@ -39,11 +39,11 @@ InstallNextcloud() {
|
|||
# their github repositories.
|
||||
mkdir -p /usr/local/lib/owncloud/apps
|
||||
|
||||
wget_verify https://github.com/nextcloud/contacts/releases/download/v2.1.5/contacts.tar.gz b7460d15f1b78d492ed502d778c0c458d503ba17 /tmp/contacts.tgz
|
||||
wget_verify https://github.com/nextcloud/contacts/releases/download/v2.1.8/contacts.tar.gz b5d5bbee33f0c32b124b46cb6aaab90c695ac170 /tmp/contacts.tgz
|
||||
tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
|
||||
rm /tmp/contacts.tgz
|
||||
|
||||
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.6.1/calendar.tar.gz f93a247cbd18bc624f427ba2a967d93ebb941f21 /tmp/calendar.tgz
|
||||
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.6.4/calendar.tar.gz d8a7950dba14803472b6c19625a8ceb23d6fd4ef /tmp/calendar.tgz
|
||||
tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
|
||||
rm /tmp/calendar.tgz
|
||||
|
||||
|
@ -72,11 +72,14 @@ InstallNextcloud() {
|
|||
sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
|
||||
echo "...which seemed to work."
|
||||
fi
|
||||
|
||||
# Add missing indices. NextCloud didn't include this in the normal upgrade because it might take some time.
|
||||
sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-indices
|
||||
fi
|
||||
}
|
||||
|
||||
nextcloud_ver=13.0.6
|
||||
nextcloud_hash=33e41f476f0e2be5dc7cdb9d496673d9647aa3d6
|
||||
nextcloud_ver=14.0.6
|
||||
nextcloud_hash=4e43a57340f04c2da306c8eea98e30040399ae5a
|
||||
|
||||
# Check if Nextcloud dir exist, and check if version matches nextcloud_ver (if either doesn't - install/upgrade)
|
||||
if [ ! -d /usr/local/lib/owncloud/ ] \
|
||||
|
@ -93,11 +96,11 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
|
|||
echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to directory to $BACKUP_DIRECTORY..."
|
||||
cp -r /usr/local/lib/owncloud "$BACKUP_DIRECTORY/owncloud-install"
|
||||
fi
|
||||
if [ -e /home/user-data/owncloud/owncloud.db ]; then
|
||||
cp /home/user-data/owncloud/owncloud.db $BACKUP_DIRECTORY
|
||||
if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
|
||||
cp $STORAGE_ROOT/owncloud/owncloud.db $BACKUP_DIRECTORY
|
||||
fi
|
||||
if [ -e /home/user-data/owncloud/config.php ]; then
|
||||
cp /home/user-data/owncloud/config.php $BACKUP_DIRECTORY
|
||||
if [ -e $STORAGE_ROOT/owncloud/config.php ]; then
|
||||
cp $STORAGE_ROOT/owncloud/config.php $BACKUP_DIRECTORY
|
||||
fi
|
||||
|
||||
# If ownCloud or Nextcloud was previously installed....
|
||||
|
@ -105,19 +108,13 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
|
|||
# Database migrations from ownCloud are no longer possible because ownCloud cannot be run under
|
||||
# PHP 7.
|
||||
if grep -q "OC_VersionString = '[89]\." /usr/local/lib/owncloud/version.php; then
|
||||
echo "Upgrades from Mail-in-a-Box prior to v0.26c (dated February 13, 2018) with Nextcloud < 12.0.5 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.28 first. Setup aborting."
|
||||
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
|
||||
exit 1
|
||||
fi
|
||||
if grep -q "OC_VersionString = '10\." /usr/local/lib/owncloud/version.php; then
|
||||
echo "Upgrades from Mail-in-a-Box prior to v0.26c (dated February 13, 2018) with Nextcloud < 12.0.5 (you have ownCloud 10) are not supported. Upgrade to Mail-in-a-Box version v0.28 first. Setup aborting."
|
||||
if grep -q "OC_VersionString = '1[012]\." /usr/local/lib/owncloud/version.php; then
|
||||
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# If we are upgrading from Nextcloud 11 we should go to Nextcloud 12 first.
|
||||
if grep -q "OC_VersionString = '11\." /usr/local/lib/owncloud/version.php; then
|
||||
echo "We are running Nextcloud 11, upgrading to Nextcloud 12.0.5 first"
|
||||
InstallNextcloud 12.0.5 d25afbac977a4e331f5e38df50aed0844498ca86
|
||||
fi
|
||||
fi
|
||||
|
||||
InstallNextcloud $nextcloud_ver $nextcloud_hash
|
||||
|
|
60
setup/options-dialog.py
Normal file
60
setup/options-dialog.py
Normal file
|
@ -0,0 +1,60 @@
|
|||
#!/usr/bin/env python
|
||||
# encoding: utf-8
|
||||
|
||||
import npyscreen
|
||||
import sys
|
||||
import os
|
||||
|
||||
|
||||
class TestApp(npyscreen.NPSApp):
|
||||
def main(self):
|
||||
# These lines create the form and populate it with widgets.
|
||||
# A fairly complex screen in only 8 or so lines of code - a line for each control.
|
||||
npyscreen.setTheme(npyscreen.Themes.BlackOnWhiteTheme)
|
||||
|
||||
form = npyscreen.Form(name = "Mail-in-a-Box Options",)
|
||||
postgrey_text = form.add(
|
||||
npyscreen.TitleFixedText,
|
||||
name="POSTGREY",
|
||||
value="Should Postgrey be used to greylist messages?",
|
||||
editable=False
|
||||
)
|
||||
form.add(npyscreen.FixedText)
|
||||
|
||||
postgrey_text = form.add(
|
||||
npyscreen.MultiLineEditable,
|
||||
name="POSTSRSD",
|
||||
value="The PostSRSd daemon performs return path rewriting using the SRS protocol.\n"
|
||||
"Not that all messages, including locally delivered mail will have their return\n"
|
||||
"paths rewritten",
|
||||
max_height=4,
|
||||
editable=False
|
||||
)
|
||||
form.add(npyscreen.FixedText)
|
||||
|
||||
options = form.add(
|
||||
npyscreen.TitleMultiSelect,
|
||||
max_height=-2,
|
||||
value = [
|
||||
int(os.getenv('POSTGREY', 1)),
|
||||
int(os.getenv('POSTSRSD', 0)),
|
||||
int(os.getenv('POLICY_SPF', 0))
|
||||
],
|
||||
name="Options",
|
||||
values= ["POSTGREY","POSTSRSD","POLICY_SPF"],
|
||||
scroll_exit=True
|
||||
)
|
||||
|
||||
# This lets the user interact with the Form.
|
||||
form.edit()
|
||||
|
||||
with open('_options.sh', 'w') as output:
|
||||
print('POSTGREY=%i' % (1 if 0 in options.value else 0), file=output)
|
||||
print('POSTSRSD=%i' % (1 if 1 in options.value else 0), file=output)
|
||||
print('POLICY_SPF=%i' % (1 if 2 in options.value else 0), file=output)
|
||||
# print(npyscreen.ThemeManager.default_colors, file=output)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
App = TestApp()
|
||||
App.run()
|
|
@ -16,6 +16,7 @@ if [ -z "${NONINTERACTIVE:-}" ]; then
|
|||
# we install it inside a virtualenv. In this script, we don't have the virtualenv yet
|
||||
# so we install the python package globally.
|
||||
hide_output pip3 install "email_validator>=1.0.0" || exit 1
|
||||
hide_output pip3 install npyscreen || exit 1
|
||||
|
||||
message_box "Mail-in-a-Box Installation" \
|
||||
"Hello and thanks for deploying a Mail-in-a-Box!
|
||||
|
@ -193,6 +194,8 @@ if [ -z "${STORAGE_ROOT:-}" ]; then
|
|||
STORAGE_ROOT=$([[ -z "${DEFAULT_STORAGE_ROOT:-}" ]] && echo "/home/$STORAGE_USER" || echo "$DEFAULT_STORAGE_ROOT")
|
||||
fi
|
||||
|
||||
python3 setup/options-dialog.py
|
||||
|
||||
# Show the configuration, since the user may have not entered it manually.
|
||||
echo
|
||||
echo "Primary Hostname: $PRIMARY_HOSTNAME"
|
||||
|
|
|
@ -42,18 +42,20 @@ else
|
|||
FIRST_TIME_SETUP=1
|
||||
fi
|
||||
|
||||
if [ -z "${DEFAULT_HTTP_SSL_PORT:-}" ]; then
|
||||
HTTP_SSL_PORT=443
|
||||
else
|
||||
HTTP_SSL_PORT=$DEFAULT_HTTP_SSL_PORT
|
||||
if [ -z "${HTTP_SSL_PORT:-}" ]; then
|
||||
HTTP_SSL_PORT=$([[ -z "${DEFAULT_HTTP_SSL_PORT:-}" ]] && echo "443" || echo "$DEFAULT_HTTP_SSL_PORT")
|
||||
fi
|
||||
|
||||
if [ -z "${DEFAULT_NO_GREYLISTING:-}" ]; then
|
||||
NO_GREYLISTING=0
|
||||
elif (($DEFAULT_NO_GREYLISTING > 0)); then
|
||||
NO_GREYLISTING=1
|
||||
else
|
||||
NO_GREYLISTING=0
|
||||
if [ -z "${GREYLISTING:-}" ]; then
|
||||
GREYLISTING=$([[ -z "${DEFAULT_GREYLISTING:-}" ]] && echo "1" || echo "$DEFAULT_GREYLISTING")
|
||||
fi
|
||||
|
||||
if [ -z "${POSTSRSD:-}" ]; then
|
||||
POSTSRSD=$([[ -z "${DEFAULT_POSTSRSD:-}" ]] && echo "0" || echo "$DEFAULT_POSTSRSD")
|
||||
fi
|
||||
|
||||
if [ -z "${POLICY_SPF:-}" ]; then
|
||||
POLICY_SPF=$([[ -z "${DEFAULT_POLICY_SPF:-}" ]] && echo "0" || echo "$DEFAULT_POLICY_SPF")
|
||||
fi
|
||||
|
||||
# Put a start script in a global location. We tell the user to run 'mailinabox'
|
||||
|
@ -108,7 +110,9 @@ PUBLIC_IPV6=$PUBLIC_IPV6
|
|||
PRIVATE_IP=$PRIVATE_IP
|
||||
PRIVATE_IPV6=$PRIVATE_IPV6
|
||||
HTTP_SSL_PORT=$HTTP_SSL_PORT
|
||||
NO_GREYLISTING=$NO_GREYLISTING
|
||||
GREYLISTING=$GREYLISTING
|
||||
POSTSRSD=$POSTSRSD
|
||||
POLICY_SPF=$POLICY_SPF
|
||||
EOF
|
||||
|
||||
# Start service configuration.
|
||||
|
|
Loading…
Reference in a new issue