diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh index 26d32895..394ede8b 100755 --- a/setup/mail-dovecot.sh +++ b/setup/mail-dovecot.sh @@ -84,7 +84,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \ ssl=required \ "ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \ "ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \ - "ssl_protocols=TLSv1.2" \ + "ssl_min_protocol=TLSv1.2" \ "ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \ "ssl_prefer_server_ciphers=no" \ "ssl_dh_parameters_length=2048" diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh index dc1fff85..196d371d 100755 --- a/setup/mail-postfix.sh +++ b/setup/mail-postfix.sh @@ -13,8 +13,8 @@ # destinations according to aliases, and passses email on to # another service for local mail delivery. # -# The first hop in local mail delivery is to Spamassassin via -# LMTP. Spamassassin then passes mail over to Dovecot for +# The first hop in local mail delivery is to spampd via +# LMTP. spampd then passes mail over to Dovecot for # storage in the user's mailbox. # # Postfix also listens on ports 465/587 (SMTPS, SMTP+STARTLS) for @@ -193,16 +193,17 @@ tools/editconf.py /etc/postfix/main.cf \ # ### Incoming Mail -# Pass any incoming mail over to a local delivery agent. Spamassassin -# will act as the LDA agent at first. It is listening on port 10025 -# with LMTP. Spamassassin will pass the mail over to Dovecot after. +# Pass mail to spampd, which acts as the local delivery agent (LDA), +# which then passes the mail over to the Dovecot LMTP server after. +# spampd runs on port 10025 by default. # # In a basic setup we would pass mail directly to Dovecot by setting # virtual_transport to `lmtp:unix:private/dovecot-lmtp`. tools/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025" -# Because of a spampd bug, limit the number of recipients in each connection. +# Clear the lmtp_destination_recipient_limit setting which in previous +# versions of Mail-in-a-Box was set to 1 because of a spampd bug. # See https://github.com/mail-in-a-box/mailinabox/issues/1523. -tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1 +tools/editconf.py /etc/postfix/main.cf -e lmtp_destination_recipient_limit= # Who can send mail to us? Some basic filters. diff --git a/tools/editconf.py b/tools/editconf.py index d665f861..e80742e4 100755 --- a/tools/editconf.py +++ b/tools/editconf.py @@ -14,6 +14,10 @@ # # NAME VALUE # +# If the -e option is given and VALUE is empty, the setting is removed +# from the configuration file if it is set (i.e. existing occurrences +# are commented out and no new setting is added). +# # If the -c option is given, then the supplied character becomes the comment character # # If the -w option is given, then setting lines continue onto following @@ -35,6 +39,7 @@ settings = sys.argv[2:] delimiter = "=" delimiter_re = r"\s*=\s*" +erase_setting = False comment_char = "#" folded_lines = False testing = False @@ -44,6 +49,9 @@ while settings[0][0] == "-" and settings[0] != "--": # Space is the delimiter delimiter = " " delimiter_re = r"\s+" + elif opt == "-e": + # Erase settings that have empty values. + erase_setting = True elif opt == "-w": # Line folding is possible in this file. folded_lines = True @@ -81,7 +89,7 @@ while len(input_lines) > 0: # See if this line is for any settings passed on the command line. for i in range(len(settings)): - # Check that this line contain this setting from the command-line arguments. + # Check if this line contain this setting from the command-line arguments. name, val = settings[i].split("=", 1) m = re.match( "(\s*)" @@ -91,8 +99,10 @@ while len(input_lines) > 0: if not m: continue indent, is_comment, existing_val = m.groups() - # If this is already the setting, do nothing. - if is_comment is None and existing_val == val: + # If this is already the setting, keep it in the file, except: + # * If we've already seen it before, then remove this duplicate line. + # * If val is empty and erase_setting is on, then comment it out. + if is_comment is None and existing_val == val and not (not val and erase_setting): # It may be that we've already inserted this setting higher # in the file so check for that first. if i in found: break @@ -107,8 +117,9 @@ while len(input_lines) > 0: # the line is already commented, pass it through buf += line - # if this option oddly appears more than once, don't add the setting again - if i in found: + # if this option already is set don't add the setting again, + # or if we're clearing the setting with -e, don't add it + if (i in found) or (not val and erase_setting): break # add the new setting @@ -122,9 +133,10 @@ while len(input_lines) > 0: # If did not match any setting names, pass this line through. buf += line -# Put any settings we didn't see at the end of the file. +# Put any settings we didn't see at the end of the file, +# except settings being cleared. for i in range(len(settings)): - if i not in found: + if (i not in found) and not (not val and erase_setting): name, val = settings[i].split("=", 1) buf += name + delimiter + val + "\n"