update for Ubuntu 14.04

This commit is contained in:
Joshua Tauberer 2014-04-17 20:17:24 -04:00
parent 48bbdd9999
commit 304bf3d360
8 changed files with 30 additions and 24 deletions

View file

@ -12,14 +12,14 @@ On March 13, 2014 I submitted Mail-in-a-Box to the [Knight News Challenge](https
The Box
-------
Mail-in-a-Box provides a single shell script that turns a fresh Ubuntu 13.04 64-bit machine into a working mail server, including:
Mail-in-a-Box provides a single shell script that turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server, including:
* An SMTP server for sending/receiving mail, with STARTTLS required for authentication, and greylisting to cut down on spam (postfix, postgrey).
* An IMAP server for checking your mail, with SSL required (dovecot).
* A webmail client over SSL so you can check your email from a web browser (roundcube, nginx).
* Spam filtering with spam automatically going to your Spam folder (spamassassin).
* DKIM signing on outgoing messages (opendkim).
* The machine acts as its own DNS server and is automatically configured for SPF and DKIM (nsd3).
* The machine acts as its own DNS server and is automatically configured for SPF and DKIM (nsd).
* Configuration of mailboxes and mail aliases is done using a command-line tool.
* Basic system services like a firewall, intrusion protection, and setting the system clock are automatically configured (ufw, fail2ban, ntp).

View file

@ -9,9 +9,9 @@ Before You Begin
Get a Server
------------
* Get a server. I've been a long-time customer of Rimuhosting.com which provides cheap VPS machines at several locations around the world. You could also go with Linode.com or any other cloud or VPS (virtual server) provider. (If you want to test on Amazon EC2, I've got instructions for you in ec2/README.md.) In a cloud environment like EC2 where your server's IP address is dynamic, this is a good time to assign a static IP (like a EC2 Elastic IP).
* Get a server. I've been a long-time customer of Rimuhosting.com which provides cheap VPS machines at several locations around the world. You could also go with Linode.com or any other cloud or VPS (virtual server) provider that provides a static IP address. Don't use Amazon Web Services though: Many of their IP addresses have a bad reputation because they've been used to send spam.
* Choose Ubuntu 13.04 amd64 as your operating system (aka a Linux distribution). You won't need much memory or disk space. 768 MB of memory (RAM) and 4G of disk space should be plenty.
* Choose Ubuntu 14.04 amd64 as your operating system (aka a Linux distribution). You won't need much memory or disk space. 768 MB of memory (RAM) and 4G of disk space should be plenty.
* Once the machine is running, set up Reverse DNS. Each ISP handles that differently. You'll have to figure out from your ISP how to do that. Set the reverse DNS to the hostname you chose above (in my case `box.occams.info`).

View file

@ -7,13 +7,13 @@
#
# This script will turn on DNS for $PUBLIC_HOSTNAME.
# Install nsd3, our DNS server software.
# Install nsd, our DNS server software.
apt-get -qq -y install nsd3
apt-get -qq -y install nsd
# Prepare nsd3's configuration.
# Prepare nsd's configuration.
sudo mkdir -p /var/run/nsd3
sudo mkdir -p /var/run/nsd
mkdir -p "$STORAGE_ROOT/dns";
# Create the default zone if it doesn't exist.

View file

@ -20,7 +20,7 @@ done
# Create the top of nsd.conf.
cat > /etc/nsd3/nsd.conf << EOF;
cat > /etc/nsd/nsd.conf << EOF;
server:
hide-version: yes
@ -28,7 +28,7 @@ server:
identity: ""
# The directory for zonefile: files.
zonesdir: "/etc/nsd3/zones"
zonesdir: "/etc/nsd/zones"
# ZONES
EOF
@ -37,7 +37,7 @@ EOF
# file and mention it in nsd.conf. And add information to the
# OpenDKIM signing tables.
mkdir -p /etc/nsd3/zones;
mkdir -p /etc/nsd/zones;
truncate --size 0 /etc/opendkim/KeyTable
truncate --size 0 /etc/opendkim/SigningTable
@ -54,15 +54,15 @@ for fn in $STORAGE_ROOT/dns/*.txt; do
# If the zone file exists, get the existing zone serial number so we can increment it.
# TODO: This needs to be done better so that the existing serial number is persisted in the storage area.
serial=`date +"%Y%m%d00"`
if [ -f /etc/nsd3/zones/$fn2 ]; then
existing_serial=`grep "serial number" /etc/nsd3/zones/$fn2 | sed "s/; serial number//"`
if [ -f /etc/nsd/zones/$fn2 ]; then
existing_serial=`grep "serial number" /etc/nsd/zones/$fn2 | sed "s/; serial number//"`
if [ ! -z "$existing_serial" ]; then
serial=`echo $existing_serial + 1 | bc`
fi
fi
# Create the zone file.
cat > /etc/nsd3/zones/$fn2 << EOF;
cat > /etc/nsd/zones/$fn2 << EOF;
\$ORIGIN $zone. ; default zone domain
\$TTL 86400 ; default time to live
@ -86,7 +86,7 @@ EOF
# In PUBLIC_HOSTNAME, also define ns1 and ns2.
if [ "$zone" = $PUBLIC_HOSTNAME ]; then
cat >> /etc/nsd3/zones/$fn2 << EOF;
cat >> /etc/nsd/zones/$fn2 << EOF;
ns1 IN A $PUBLIC_IP
ns2 IN A $PUBLIC_IP
EOF
@ -94,11 +94,11 @@ EOF
# If OpenDKIM is set up, append the suggested TXT record to the zone.
if [ -f "$STORAGE_ROOT/mail/dkim/mail.txt" ]; then
cat "$STORAGE_ROOT/mail/dkim/mail.txt" >> /etc/nsd3/zones/$fn2;
cat "$STORAGE_ROOT/mail/dkim/mail.txt" >> /etc/nsd/zones/$fn2;
fi
# Add this zone file to the main nsd configuration file.
cat >> /etc/nsd3/nsd.conf << EOF;
cat >> /etc/nsd/nsd.conf << EOF;
zone:
name: $zone
zonefile: $fn2
@ -120,8 +120,8 @@ EOF
done
# Kick nsd.
service nsd3 rebuild
service nsd3 restart # ensure it is running
service nsd rebuild
service nsd restart # ensure it is running
# Kick opendkim.
service opendkim restart

View file

@ -121,11 +121,13 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
first_valid_uid=0
# Require that passwords are sent over SSL only, and allow the usual IMAP authentication mechanisms.
# The LOGIN mechanism is supposedly for Microsoft products like Outlook to do SMTP login (I guess
# since we're using Dovecot to handle SMTP authentication?).
tools/editconf.py /etc/dovecot/conf.d/10-auth.conf \
disable_plaintext_auth=yes \
"auth_mechanisms=plain login"
# Query out Sqlite3 database, and not system users, for authentication.
# Query our Sqlite3 database, and not system users, for authentication.
sed -i "s/\(\!include auth-system.conf.ext\)/#\1/" /etc/dovecot/conf.d/10-auth.conf
sed -i "s/#\(\!include auth-sql.conf.ext\)/\1/" /etc/dovecot/conf.d/10-auth.conf
@ -148,6 +150,7 @@ connect = $db_path
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM users WHERE email='%u';
EOF
chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions
# Disable in-the-clear IMAP and POP because we're paranoid (we haven't even
# enabled POP).

View file

@ -3,8 +3,8 @@
# Check system setup.
if [ "`lsb_release -d | sed 's/.*:\s*//'`" != "Ubuntu 13.04" ]; then
echo "Mail-in-a-Box only supports being installed on Ubuntu 13.04, sorry. You are running:"
if [ "`lsb_release -d | sed 's/.*:\s*//'`" != "Ubuntu 14.04 LTS" ]; then
echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:"
echo
lsb_release -d | sed 's/.*:\s*//'
echo
@ -20,7 +20,7 @@ if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
echo "check that you can log in without a password, set the option"
echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
echo "restart the machine."
echo "restart the machine."
exit
fi

View file

@ -51,3 +51,6 @@ cat - > /etc/roundcube/debian-db.php <<EOF;
EOF
chown -R www-data.www-data $STORAGE_ROOT/mail/roundcube
# Enable PHP modules.
php5enmod mcrypt
service php-fastcgi restart

View file

@ -35,7 +35,7 @@ for line in open(filename):
# comment-out the existing line
buf += "#" + line
# if this option oddly appears more than once, don't add the settingg again
# if this option oddly appears more than once, don't add the setting again
if i in found:
break