Add own changes

setup/additionals.sh

@@ -0,0 +1,20 @@
+source /etc/mailinabox.conf
+source setup/functions.sh
+
+# Cleanup old spam and trash email
+cp -f conf/cron/local_clean_mail /etc/cron.weekly/
+chmod +x /etc/cron.weekly/local_clean_mail
+
+# Reduce logs by not logging mail output in syslog
+sed -i "s/\*\.\*;auth,authpriv.none.*\-\/var\/log\/syslog/\*\.\*;mail,auth,authpriv.none    \-\/var\/log\/syslog/g" /etc/rsyslog.d/50-default.conf
+
+# Reduce logs by only logging ufw in ufw.log
+sed -i "s/#\& stop/\& stop/g" /etc/rsyslog.d/20-ufw.conf
+
+restart_service rsyslog
+
+# decrease time journal is stored
+tools/editconf.py /etc/systemd/journald.conf MaxRetentionSec=2month
+tools/editconf.py /etc/systemd/journald.conf MaxFileSec=1week
+
+hide_output systemctl restart systemd-journald.service

setup/bootstrap.sh

@@ -35,7 +35,7 @@ if [ ! -d $HOME/mailinabox ]; then
 	echo Downloading Mail-in-a-Box $TAG. . .
 	git clone \
 		-b $TAG --depth 1 \
-		https://github.com/ddavness/power-mailinabox \
+		https://github.com/mail-in-a-box/mailinabox \
 		$HOME/mailinabox \
 		< /dev/null 2> /dev/null
 

setup/munin.sh

@@ -23,14 +23,15 @@ includedir /etc/munin/munin-conf.d
 # path dynazoom uses for requests
 cgiurl_graph /admin/munin/cgi-graph
 
+# send alerts to the following address
+contact.admin.command mail -s "Munin notification \${var:host}" administrator@$PRIMARY_HOSTNAME
+contact.admin.always_send warning critical
+
 # a simple host tree
 [$PRIMARY_HOSTNAME]
 address 127.0.0.1
 
-# send alerts to the following address
 contacts admin
-contact.admin.command mail -s "Munin notification \${var:host}" administrator@$PRIMARY_HOSTNAME
-contact.admin.always_send warning critical
 EOF
 
 # The Debian installer touches these files and chowns them to www-data:adm for use with spawn-fcgi
@@ -70,6 +71,11 @@ hide_output systemctl daemon-reload
 hide_output systemctl unmask munin.service
 hide_output systemctl enable munin.service
 
+# Some more munin plugins
+ln -fs /usr/share/munin/plugins/postfix_mailstats /etc/munin/plugins/
+ln -fs /usr/share/munin/plugins/spamstats /etc/munin/plugins
+ln -fs /usr/share/munin/plugins/df_abs /etc/munin/plugins
+
 # Restart services.
 restart_service munin
 restart_service munin-node

setup/nextcloud.sh

@@ -42,6 +42,9 @@ InstallNextcloud() {
 	mv /usr/local/lib/nextcloud /usr/local/lib/owncloud
 	rm -f /tmp/nextcloud.zip
 
+	# Empty the skeleton dir to save some space for each new user
+	rm -f /usr/local/lib/owncloud/core/skeleton/*
+
 	# The two apps we actually want are not in Nextcloud core. Download the releases from
 	# their github repositories.
 	mkdir -p /usr/local/lib/owncloud/apps

setup/questions.sh

@@ -119,6 +119,23 @@ if [ -z "${PUBLIC_IP:-}" ]; then
 	fi
 fi
 
+
+if [ -z "${ADMIN_HOME_IP:-}" ]; then
+        if [ -z "${DEFAULT_ADMIN_HOME_IP:-}" ]; then
+                input_box "Admin Home IP Address" \
+		        "Enter the public IP address of the admin home, as given to you by your ISP.
+            		\n\nAdmin Home IP address:" \
+	   		"" \
+			ADMIN_HOME_IP
+	else
+		ADMIN_HOME_IP=$DEFAULT_ADMIN_HOME_IP
+        fi
+fi
+
+if [ -z "${ADMIN_HOME_IP:-}" ]; then
+	ADMIN_HOME_IP=""
+fi
+
 # Same for IPv6. But it's optional. Also, if it looks like the system
 # doesn't have an IPv6, don't ask for one.
 if [ -z "${PUBLIC_IPV6:-}" ]; then
@@ -206,6 +223,9 @@ fi
 if [ "$PRIVATE_IPV6" != "$PUBLIC_IPV6" ]; then
 	echo "Private IPv6 Address: $PRIVATE_IPV6"
 fi
+if [ -n "$ADMIN_HOME_IP" ]; then
+    echo "Admin Home IP Address: $ADMIN_HOME_IP"
+fi
 if [ -f /usr/bin/git ] && [ -d .git ]; then
 	echo "Mail-in-a-Box Version: " $(git describe --tags)
 fi

setup/spamassassin.sh

@@ -195,3 +195,4 @@ chmod 770 $STORAGE_ROOT/mail/spamassassin
 restart_service spampd
 restart_service dovecot
 
+systemctl enable spamassassin.service

setup/start.sh

@@ -100,6 +100,7 @@ PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
 MTA_STS_MODE=${MTA_STS_MODE-}
+ADMIN_HOME_IP=$ADMIN_HOME_IP
 EOF
 
 # Start service configuration.
@@ -114,9 +115,10 @@ source setup/spamassassin.sh
 source setup/web.sh
 source setup/webmail.sh
 source setup/nextcloud.sh
-source setup/zpush.sh
+#source setup/zpush.sh
 source setup/management.sh
 source setup/munin.sh
+source setup/additionals.sh
 
 # Wait for the management daemon to start...
 until nc -z -w 4 127.0.0.1 10222

setup/system.sh

@@ -339,9 +339,14 @@ rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore
 rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config
 cat conf/fail2ban/jails.conf \
 	| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
+	| sed "s/ADMIN_HOME_IP/$ADMIN_HOME_IP/g" \
 	| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
-	> /etc/fail2ban/jail.d/mailinabox.conf
+	> /etc/fail2ban/jail.d/00-mailinabox.conf
 cp -f conf/fail2ban/filter.d/* /etc/fail2ban/filter.d/
+cp -f conf/fail2ban/jail.d/* /etc/fail2ban/jail.d/
+
+# fail2ban should be able to look back far enough because we increased findtime of recidive jail
+tools/editconf.py /etc/fail2ban/fail2ban.conf dbpurgeage=7d
 
 # On first installation, the log files that the jails look at don't all exist.
 # e.g., The roundcube error log isn't normally created until someone logs into

setup/webmail.sh

@@ -32,8 +32,8 @@ VERSION=1.4.10
 HASH=36b2351030e1ebddb8e39190d7b0ba82b1bbec1b
 PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435
 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
-CARDDAV_VERSION=3.0.3
-CARDDAV_HASH=d1e3b0d851ffa2c6bd42bf0c04f70d0e1d0d78f8
+CARDDAV_VERSION=4.1.1
+CARDDAV_HASH=87b73661b7799b2079c28324311eddb4241242bb
 
 UPDATE_KEY=$VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION
 
@@ -76,7 +76,7 @@ if [ $needs_update == 1 ]; then
 
 	# download and verify the full release of the carddav plugin
 	wget_verify \
-		https://github.com/blind-coder/rcmcarddav/releases/download/v${CARDDAV_VERSION}/carddav-${CARDDAV_VERSION}.zip \
+		https://github.com/mstilkerich/rcmcarddav/releases/download/v${CARDDAV_VERSION}/carddav-${CARDDAV_VERSION}.zip \
 		$CARDDAV_HASH \
 		/tmp/carddav.zip
 
@@ -144,7 +144,7 @@ cat > ${RCM_PLUGIN_DIR}/carddav/config.inc.php <<EOF;
 	 'name'         =>  'ownCloud',
 	 'username'     =>  '%u', // login username
 	 'password'     =>  '%p', // login password
-	 'url'          =>  'https://${PRIMARY_HOSTNAME}/cloud/remote.php/carddav/addressbooks/%u/contacts',
+	 'url'          =>  'https://${PRIMARY_HOSTNAME}/cloud/remote.php/dav/addressbooks/users/%u/contacts',
 	 'active'       =>  true,
 	 'readonly'     =>  false,
 	 'refresh_time' => '02:00:00',