mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-25 07:47:05 +00:00
Merge branch 'master' of https://github.com/jvolkenant/mailinabox into ubuntu_bionic_solr_fts
This commit is contained in:
commit
173aece6cd
18
CHANGELOG.md
18
CHANGELOG.md
@ -1,6 +1,24 @@
|
|||||||
CHANGELOG
|
CHANGELOG
|
||||||
=========
|
=========
|
||||||
|
|
||||||
|
v0.41 (February 26, 2019)
|
||||||
|
-------------------------
|
||||||
|
|
||||||
|
System:
|
||||||
|
|
||||||
|
* Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back.
|
||||||
|
* Upgrades would fail if Mail-in-a-Box moved to a different directory in `systemctl link`.
|
||||||
|
|
||||||
|
Mail:
|
||||||
|
|
||||||
|
* Incoming messages addressed to more than one local user were rejected because of a bug in spampd packaged by Ubuntu 18.04. A workaround was added.
|
||||||
|
|
||||||
|
Contacts/Calendar:
|
||||||
|
|
||||||
|
* Upgraded Nextcloud from 13.0.6 to 14.0.6.
|
||||||
|
* Upgraded Contacts from 2.1.5 to 2.1.8.
|
||||||
|
* Upgraded Calendar from 1.6.1 to 1.6.4.
|
||||||
|
|
||||||
v0.40 (January 12, 2019)
|
v0.40 (January 12, 2019)
|
||||||
------------------------
|
------------------------
|
||||||
|
|
||||||
|
@ -58,7 +58,7 @@ by him:
|
|||||||
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
||||||
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
||||||
|
|
||||||
$ git verify-tag v0.40
|
$ git verify-tag v0.41
|
||||||
gpg: Signature made ..... using RSA key ID C10BDD81
|
gpg: Signature made ..... using RSA key ID C10BDD81
|
||||||
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
||||||
gpg: WARNING: This key is not certified with a trusted signature!
|
gpg: WARNING: This key is not certified with a trusted signature!
|
||||||
@ -71,7 +71,7 @@ and on his [personal homepage](https://razor.occams.info/). (Of course, if this
|
|||||||
|
|
||||||
Checkout the tag corresponding to the most recent release:
|
Checkout the tag corresponding to the most recent release:
|
||||||
|
|
||||||
$ git checkout v0.40
|
$ git checkout v0.41
|
||||||
|
|
||||||
Begin the installation.
|
Begin the installation.
|
||||||
|
|
||||||
|
@ -3,5 +3,6 @@
|
|||||||
before = common.conf
|
before = common.conf
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
datepattern = %%Y-%%m-%%d %%H:%%M:%%S
|
||||||
failregex=Login failed: .*Remote IP: '<HOST>[\)']
|
failregex=Login failed: .*Remote IP: '<HOST>[\)']
|
||||||
ignoreregex =
|
ignoreregex =
|
||||||
|
@ -69,13 +69,10 @@ action = iptables-allports[name=recidive]
|
|||||||
# So the notification is ommited. This will prevent message appearing in the mail.log that mail
|
# So the notification is ommited. This will prevent message appearing in the mail.log that mail
|
||||||
# can't be delivered to fail2ban@$HOSTNAME.
|
# can't be delivered to fail2ban@$HOSTNAME.
|
||||||
|
|
||||||
[sasl]
|
[postfix-sasl]
|
||||||
enabled = true
|
enabled = true
|
||||||
|
|
||||||
[ssh]
|
[sshd]
|
||||||
enabled = true
|
enabled = true
|
||||||
maxretry = 7
|
maxretry = 7
|
||||||
bantime = 3600
|
bantime = 3600
|
||||||
|
|
||||||
[ssh-ddos]
|
|
||||||
enabled = true
|
|
||||||
|
@ -51,7 +51,7 @@
|
|||||||
<div class="radio">
|
<div class="radio">
|
||||||
<label>
|
<label>
|
||||||
<input id="addaliasForwardsToNotAdvanced" name="addaliasForwardsToDivToggle" type="radio" checked onclick="$('#addaliasForwardsToDiv').toggle(false)">
|
<input id="addaliasForwardsToNotAdvanced" name="addaliasForwardsToDivToggle" type="radio" checked onclick="$('#addaliasForwardsToDiv').toggle(false)">
|
||||||
Any mail user listed in the Fowards To box can send mail claiming to be from <span class="regularalias">the alias address</span><span class="catchall domainalias">any address on the alias domain</span>.
|
Any mail user listed in the Forwards To box can send mail claiming to be from <span class="regularalias">the alias address</span><span class="catchall domainalias">any address on the alias domain</span>.
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="radio">
|
<div class="radio">
|
||||||
|
@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
|
|||||||
# want to display in status checks.
|
# want to display in status checks.
|
||||||
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
|
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
|
||||||
# This machine is running Ubuntu 18.04.
|
# This machine is running Ubuntu 18.04.
|
||||||
TAG=v0.40
|
TAG=v0.41
|
||||||
|
|
||||||
elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
|
elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
|
||||||
# This machine is running Ubuntu 14.04.
|
# This machine is running Ubuntu 14.04.
|
||||||
|
@ -173,8 +173,11 @@ tools/editconf.py /etc/postfix/main.cf \
|
|||||||
#
|
#
|
||||||
# In a basic setup we would pass mail directly to Dovecot by setting
|
# In a basic setup we would pass mail directly to Dovecot by setting
|
||||||
# virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
|
# virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
|
||||||
#
|
|
||||||
tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
|
tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
|
||||||
|
# Because of a spampd bug, limit the number of recipients in each connection.
|
||||||
|
# See https://github.com/mail-in-a-box/mailinabox/issues/1523.
|
||||||
|
tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
|
||||||
|
|
||||||
|
|
||||||
# Who can send mail to us? Some basic filters.
|
# Who can send mail to us? Some basic filters.
|
||||||
#
|
#
|
||||||
|
@ -93,7 +93,7 @@ source $venv/bin/activate
|
|||||||
exec python `pwd`/management/daemon.py
|
exec python `pwd`/management/daemon.py
|
||||||
EOF
|
EOF
|
||||||
chmod +x $inst_dir/start
|
chmod +x $inst_dir/start
|
||||||
hide_output systemctl link conf/mailinabox.service
|
hide_output systemctl link -f conf/mailinabox.service
|
||||||
hide_output systemctl daemon-reload
|
hide_output systemctl daemon-reload
|
||||||
hide_output systemctl enable mailinabox.service
|
hide_output systemctl enable mailinabox.service
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ mkdir -p /var/lib/munin-node/plugin-state/
|
|||||||
# Create a systemd service for munin.
|
# Create a systemd service for munin.
|
||||||
ln -sf $(pwd)/management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
|
ln -sf $(pwd)/management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
|
||||||
chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
|
chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
|
||||||
hide_output systemctl link conf/munin.service
|
hide_output systemctl link -f conf/munin.service
|
||||||
hide_output systemctl daemon-reload
|
hide_output systemctl daemon-reload
|
||||||
hide_output systemctl unmask munin.service
|
hide_output systemctl unmask munin.service
|
||||||
hide_output systemctl enable munin.service
|
hide_output systemctl enable munin.service
|
||||||
|
@ -39,11 +39,11 @@ InstallNextcloud() {
|
|||||||
# their github repositories.
|
# their github repositories.
|
||||||
mkdir -p /usr/local/lib/owncloud/apps
|
mkdir -p /usr/local/lib/owncloud/apps
|
||||||
|
|
||||||
wget_verify https://github.com/nextcloud/contacts/releases/download/v2.1.5/contacts.tar.gz b7460d15f1b78d492ed502d778c0c458d503ba17 /tmp/contacts.tgz
|
wget_verify https://github.com/nextcloud/contacts/releases/download/v2.1.8/contacts.tar.gz b5d5bbee33f0c32b124b46cb6aaab90c695ac170 /tmp/contacts.tgz
|
||||||
tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
|
tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
|
||||||
rm /tmp/contacts.tgz
|
rm /tmp/contacts.tgz
|
||||||
|
|
||||||
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.6.1/calendar.tar.gz f93a247cbd18bc624f427ba2a967d93ebb941f21 /tmp/calendar.tgz
|
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.6.4/calendar.tar.gz d8a7950dba14803472b6c19625a8ceb23d6fd4ef /tmp/calendar.tgz
|
||||||
tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
|
tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
|
||||||
rm /tmp/calendar.tgz
|
rm /tmp/calendar.tgz
|
||||||
|
|
||||||
@ -72,11 +72,14 @@ InstallNextcloud() {
|
|||||||
sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
|
sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
|
||||||
echo "...which seemed to work."
|
echo "...which seemed to work."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Add missing indices. NextCloud didn't include this in the normal upgrade because it might take some time.
|
||||||
|
sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-indices
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
nextcloud_ver=13.0.6
|
nextcloud_ver=14.0.6
|
||||||
nextcloud_hash=33e41f476f0e2be5dc7cdb9d496673d9647aa3d6
|
nextcloud_hash=4e43a57340f04c2da306c8eea98e30040399ae5a
|
||||||
|
|
||||||
# Check if Nextcloud dir exist, and check if version matches nextcloud_ver (if either doesn't - install/upgrade)
|
# Check if Nextcloud dir exist, and check if version matches nextcloud_ver (if either doesn't - install/upgrade)
|
||||||
if [ ! -d /usr/local/lib/owncloud/ ] \
|
if [ ! -d /usr/local/lib/owncloud/ ] \
|
||||||
@ -93,11 +96,11 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
|
|||||||
echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to directory to $BACKUP_DIRECTORY..."
|
echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to directory to $BACKUP_DIRECTORY..."
|
||||||
cp -r /usr/local/lib/owncloud "$BACKUP_DIRECTORY/owncloud-install"
|
cp -r /usr/local/lib/owncloud "$BACKUP_DIRECTORY/owncloud-install"
|
||||||
fi
|
fi
|
||||||
if [ -e /home/user-data/owncloud/owncloud.db ]; then
|
if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
|
||||||
cp /home/user-data/owncloud/owncloud.db $BACKUP_DIRECTORY
|
cp $STORAGE_ROOT/owncloud/owncloud.db $BACKUP_DIRECTORY
|
||||||
fi
|
fi
|
||||||
if [ -e /home/user-data/owncloud/config.php ]; then
|
if [ -e $STORAGE_ROOT/owncloud/config.php ]; then
|
||||||
cp /home/user-data/owncloud/config.php $BACKUP_DIRECTORY
|
cp $STORAGE_ROOT/owncloud/config.php $BACKUP_DIRECTORY
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If ownCloud or Nextcloud was previously installed....
|
# If ownCloud or Nextcloud was previously installed....
|
||||||
@ -105,19 +108,13 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
|
|||||||
# Database migrations from ownCloud are no longer possible because ownCloud cannot be run under
|
# Database migrations from ownCloud are no longer possible because ownCloud cannot be run under
|
||||||
# PHP 7.
|
# PHP 7.
|
||||||
if grep -q "OC_VersionString = '[89]\." /usr/local/lib/owncloud/version.php; then
|
if grep -q "OC_VersionString = '[89]\." /usr/local/lib/owncloud/version.php; then
|
||||||
echo "Upgrades from Mail-in-a-Box prior to v0.26c (dated February 13, 2018) with Nextcloud < 12.0.5 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.28 first. Setup aborting."
|
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if grep -q "OC_VersionString = '10\." /usr/local/lib/owncloud/version.php; then
|
if grep -q "OC_VersionString = '1[012]\." /usr/local/lib/owncloud/version.php; then
|
||||||
echo "Upgrades from Mail-in-a-Box prior to v0.26c (dated February 13, 2018) with Nextcloud < 12.0.5 (you have ownCloud 10) are not supported. Upgrade to Mail-in-a-Box version v0.28 first. Setup aborting."
|
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If we are upgrading from Nextcloud 11 we should go to Nextcloud 12 first.
|
|
||||||
if grep -q "OC_VersionString = '11\." /usr/local/lib/owncloud/version.php; then
|
|
||||||
echo "We are running Nextcloud 11, upgrading to Nextcloud 12.0.5 first"
|
|
||||||
InstallNextcloud 12.0.5 d25afbac977a4e331f5e38df50aed0844498ca86
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
InstallNextcloud $nextcloud_ver $nextcloud_hash
|
InstallNextcloud $nextcloud_ver $nextcloud_hash
|
||||||
|
@ -339,6 +339,7 @@ systemctl restart systemd-resolved
|
|||||||
|
|
||||||
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc.
|
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc.
|
||||||
rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore
|
rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore
|
||||||
|
rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config
|
||||||
cat conf/fail2ban/jails.conf \
|
cat conf/fail2ban/jails.conf \
|
||||||
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
|
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
|
||||||
| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
|
| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
|
||||||
|
Loading…
Reference in New Issue
Block a user