update for Ubuntu 14.04
This commit is contained in:
parent
48bbdd9999
commit
304bf3d360
8 changed files with 30 additions and 24 deletions
|
@ -12,14 +12,14 @@ On March 13, 2014 I submitted Mail-in-a-Box to the [Knight News Challenge](https
|
|||
The Box
|
||||
-------
|
||||
|
||||
Mail-in-a-Box provides a single shell script that turns a fresh Ubuntu 13.04 64-bit machine into a working mail server, including:
|
||||
Mail-in-a-Box provides a single shell script that turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server, including:
|
||||
|
||||
* An SMTP server for sending/receiving mail, with STARTTLS required for authentication, and greylisting to cut down on spam (postfix, postgrey).
|
||||
* An IMAP server for checking your mail, with SSL required (dovecot).
|
||||
* A webmail client over SSL so you can check your email from a web browser (roundcube, nginx).
|
||||
* Spam filtering with spam automatically going to your Spam folder (spamassassin).
|
||||
* DKIM signing on outgoing messages (opendkim).
|
||||
* The machine acts as its own DNS server and is automatically configured for SPF and DKIM (nsd3).
|
||||
* The machine acts as its own DNS server and is automatically configured for SPF and DKIM (nsd).
|
||||
* Configuration of mailboxes and mail aliases is done using a command-line tool.
|
||||
* Basic system services like a firewall, intrusion protection, and setting the system clock are automatically configured (ufw, fail2ban, ntp).
|
||||
|
||||
|
|
|
@ -9,9 +9,9 @@ Before You Begin
|
|||
Get a Server
|
||||
------------
|
||||
|
||||
* Get a server. I've been a long-time customer of Rimuhosting.com which provides cheap VPS machines at several locations around the world. You could also go with Linode.com or any other cloud or VPS (virtual server) provider. (If you want to test on Amazon EC2, I've got instructions for you in ec2/README.md.) In a cloud environment like EC2 where your server's IP address is dynamic, this is a good time to assign a static IP (like a EC2 Elastic IP).
|
||||
* Get a server. I've been a long-time customer of Rimuhosting.com which provides cheap VPS machines at several locations around the world. You could also go with Linode.com or any other cloud or VPS (virtual server) provider that provides a static IP address. Don't use Amazon Web Services though: Many of their IP addresses have a bad reputation because they've been used to send spam.
|
||||
|
||||
* Choose Ubuntu 13.04 amd64 as your operating system (aka a Linux distribution). You won't need much memory or disk space. 768 MB of memory (RAM) and 4G of disk space should be plenty.
|
||||
* Choose Ubuntu 14.04 amd64 as your operating system (aka a Linux distribution). You won't need much memory or disk space. 768 MB of memory (RAM) and 4G of disk space should be plenty.
|
||||
|
||||
* Once the machine is running, set up Reverse DNS. Each ISP handles that differently. You'll have to figure out from your ISP how to do that. Set the reverse DNS to the hostname you chose above (in my case `box.occams.info`).
|
||||
|
||||
|
|
|
@ -7,13 +7,13 @@
|
|||
#
|
||||
# This script will turn on DNS for $PUBLIC_HOSTNAME.
|
||||
|
||||
# Install nsd3, our DNS server software.
|
||||
# Install nsd, our DNS server software.
|
||||
|
||||
apt-get -qq -y install nsd3
|
||||
apt-get -qq -y install nsd
|
||||
|
||||
# Prepare nsd3's configuration.
|
||||
# Prepare nsd's configuration.
|
||||
|
||||
sudo mkdir -p /var/run/nsd3
|
||||
sudo mkdir -p /var/run/nsd
|
||||
mkdir -p "$STORAGE_ROOT/dns";
|
||||
|
||||
# Create the default zone if it doesn't exist.
|
||||
|
|
|
@ -20,7 +20,7 @@ done
|
|||
|
||||
# Create the top of nsd.conf.
|
||||
|
||||
cat > /etc/nsd3/nsd.conf << EOF;
|
||||
cat > /etc/nsd/nsd.conf << EOF;
|
||||
server:
|
||||
hide-version: yes
|
||||
|
||||
|
@ -28,7 +28,7 @@ server:
|
|||
identity: ""
|
||||
|
||||
# The directory for zonefile: files.
|
||||
zonesdir: "/etc/nsd3/zones"
|
||||
zonesdir: "/etc/nsd/zones"
|
||||
|
||||
# ZONES
|
||||
EOF
|
||||
|
@ -37,7 +37,7 @@ EOF
|
|||
# file and mention it in nsd.conf. And add information to the
|
||||
# OpenDKIM signing tables.
|
||||
|
||||
mkdir -p /etc/nsd3/zones;
|
||||
mkdir -p /etc/nsd/zones;
|
||||
|
||||
truncate --size 0 /etc/opendkim/KeyTable
|
||||
truncate --size 0 /etc/opendkim/SigningTable
|
||||
|
@ -54,15 +54,15 @@ for fn in $STORAGE_ROOT/dns/*.txt; do
|
|||
# If the zone file exists, get the existing zone serial number so we can increment it.
|
||||
# TODO: This needs to be done better so that the existing serial number is persisted in the storage area.
|
||||
serial=`date +"%Y%m%d00"`
|
||||
if [ -f /etc/nsd3/zones/$fn2 ]; then
|
||||
existing_serial=`grep "serial number" /etc/nsd3/zones/$fn2 | sed "s/; serial number//"`
|
||||
if [ -f /etc/nsd/zones/$fn2 ]; then
|
||||
existing_serial=`grep "serial number" /etc/nsd/zones/$fn2 | sed "s/; serial number//"`
|
||||
if [ ! -z "$existing_serial" ]; then
|
||||
serial=`echo $existing_serial + 1 | bc`
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create the zone file.
|
||||
cat > /etc/nsd3/zones/$fn2 << EOF;
|
||||
cat > /etc/nsd/zones/$fn2 << EOF;
|
||||
\$ORIGIN $zone. ; default zone domain
|
||||
\$TTL 86400 ; default time to live
|
||||
|
||||
|
@ -86,7 +86,7 @@ EOF
|
|||
|
||||
# In PUBLIC_HOSTNAME, also define ns1 and ns2.
|
||||
if [ "$zone" = $PUBLIC_HOSTNAME ]; then
|
||||
cat >> /etc/nsd3/zones/$fn2 << EOF;
|
||||
cat >> /etc/nsd/zones/$fn2 << EOF;
|
||||
ns1 IN A $PUBLIC_IP
|
||||
ns2 IN A $PUBLIC_IP
|
||||
EOF
|
||||
|
@ -94,11 +94,11 @@ EOF
|
|||
|
||||
# If OpenDKIM is set up, append the suggested TXT record to the zone.
|
||||
if [ -f "$STORAGE_ROOT/mail/dkim/mail.txt" ]; then
|
||||
cat "$STORAGE_ROOT/mail/dkim/mail.txt" >> /etc/nsd3/zones/$fn2;
|
||||
cat "$STORAGE_ROOT/mail/dkim/mail.txt" >> /etc/nsd/zones/$fn2;
|
||||
fi
|
||||
|
||||
# Add this zone file to the main nsd configuration file.
|
||||
cat >> /etc/nsd3/nsd.conf << EOF;
|
||||
cat >> /etc/nsd/nsd.conf << EOF;
|
||||
zone:
|
||||
name: $zone
|
||||
zonefile: $fn2
|
||||
|
@ -120,8 +120,8 @@ EOF
|
|||
done
|
||||
|
||||
# Kick nsd.
|
||||
service nsd3 rebuild
|
||||
service nsd3 restart # ensure it is running
|
||||
service nsd rebuild
|
||||
service nsd restart # ensure it is running
|
||||
|
||||
# Kick opendkim.
|
||||
service opendkim restart
|
||||
|
|
|
@ -121,11 +121,13 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
|
|||
first_valid_uid=0
|
||||
|
||||
# Require that passwords are sent over SSL only, and allow the usual IMAP authentication mechanisms.
|
||||
# The LOGIN mechanism is supposedly for Microsoft products like Outlook to do SMTP login (I guess
|
||||
# since we're using Dovecot to handle SMTP authentication?).
|
||||
tools/editconf.py /etc/dovecot/conf.d/10-auth.conf \
|
||||
disable_plaintext_auth=yes \
|
||||
"auth_mechanisms=plain login"
|
||||
|
||||
# Query out Sqlite3 database, and not system users, for authentication.
|
||||
# Query our Sqlite3 database, and not system users, for authentication.
|
||||
sed -i "s/\(\!include auth-system.conf.ext\)/#\1/" /etc/dovecot/conf.d/10-auth.conf
|
||||
sed -i "s/#\(\!include auth-sql.conf.ext\)/\1/" /etc/dovecot/conf.d/10-auth.conf
|
||||
|
||||
|
@ -148,6 +150,7 @@ connect = $db_path
|
|||
default_pass_scheme = SHA512-CRYPT
|
||||
password_query = SELECT email as user, password FROM users WHERE email='%u';
|
||||
EOF
|
||||
chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions
|
||||
|
||||
# Disable in-the-clear IMAP and POP because we're paranoid (we haven't even
|
||||
# enabled POP).
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
|
||||
# Check system setup.
|
||||
|
||||
if [ "`lsb_release -d | sed 's/.*:\s*//'`" != "Ubuntu 13.04" ]; then
|
||||
echo "Mail-in-a-Box only supports being installed on Ubuntu 13.04, sorry. You are running:"
|
||||
if [ "`lsb_release -d | sed 's/.*:\s*//'`" != "Ubuntu 14.04 LTS" ]; then
|
||||
echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:"
|
||||
echo
|
||||
lsb_release -d | sed 's/.*:\s*//'
|
||||
echo
|
||||
|
@ -20,7 +20,7 @@ if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
|
|||
echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
|
||||
echo "check that you can log in without a password, set the option"
|
||||
echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
|
||||
echo "restart the machine."
|
||||
echo "restart the machine."
|
||||
exit
|
||||
fi
|
||||
|
||||
|
|
|
@ -51,3 +51,6 @@ cat - > /etc/roundcube/debian-db.php <<EOF;
|
|||
EOF
|
||||
chown -R www-data.www-data $STORAGE_ROOT/mail/roundcube
|
||||
|
||||
# Enable PHP modules.
|
||||
php5enmod mcrypt
|
||||
service php-fastcgi restart
|
||||
|
|
|
@ -35,7 +35,7 @@ for line in open(filename):
|
|||
# comment-out the existing line
|
||||
buf += "#" + line
|
||||
|
||||
# if this option oddly appears more than once, don't add the settingg again
|
||||
# if this option oddly appears more than once, don't add the setting again
|
||||
if i in found:
|
||||
break
|
||||
|
||||
|
|
Loading…
Reference in a new issue