external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-06-09 19:10:54 +00:00
Code Issues Releases Wiki Activity

Merge 3b4830f05b into 61105b1ec3

Browse Source
This commit is contained in:
jvolkenant 2016-11-30 17:55:21 +00:00 committed by GitHub
commit 226061c60a
3 changed files with 153 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
conf/nginx-alldomains.conf
View File

@ -19,23 +19,22 @@
alias /var/lib/mailinabox/mozilla-autoconfig.xml; alias /var/lib/mailinabox/mozilla-autoconfig.xml;
} }
# Roundcube Webmail configuration. # Rainloop Webmail configuration.
rewrite ^/mail$ /mail/ redirect; rewrite ^/mail$ /mail/ redirect;
rewrite ^/mail/$ /mail/index.php; rewrite ^/mail/$ /mail/index.php;
location /mail/ { location /mail/ {
index index.php; index index.php;
alias /usr/local/lib/roundcubemail/; alias /usr/local/lib/rainloop/;
} }
location ~ /mail/config/.* { location ~ /mail/data/.* {
# A ~-style location is needed to give this precedence over the next block. deny all;
return 403;
} }
location ~ /mail/.*\.php { location ~ /mail/.*\.php {
# note: ~ has precendence over a regular location block # note: ~ has precendence over a regular location block
include fastcgi_params; include fastcgi_params;
fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_split_path_info ^/mail(/.*)()$;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME /usr/local/lib/rainloop/$fastcgi_script_name;
fastcgi_pass php-fpm; fastcgi_pass php-fpm;
# Outgoing mail also goes through this endpoint, so increase the maximum # Outgoing mail also goes through this endpoint, so increase the maximum

225
setup/webmail.sh
View File

@ -1,29 +1,23 @@
#!/bin/bash #!/bin/bash
# Webmail with Roundcube # Webmail with Rainloop
# ---------------------- # ----------------------
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars source /etc/mailinabox.conf # load global vars
# ### Installing Roundcube # ### Installing Rainloop
# We install Roundcube from sources, rather than from Ubuntu, because: # Rainloop's webpage (http://www.rainloop.net/downloads/) does not easily #
# # list versions as the need for VERSION_FILENAME below. #
# 1. Ubuntu's `roundcube-core` package has dependencies on Apache & MySQL, which we don't want.
#
# 2. The Roundcube shipped with Ubuntu is consistently out of date.
#
# 3. It's packaged incorrectly --- it seems to be missing a directory of files.
#
# So we'll use apt-get to manually install the dependencies of roundcube that we know we need,
# and then we'll manually install roundcube from source.
# These dependencies are from `apt-cache showpkg roundcube-core`. #
echo "Installing Roundcube (webmail)..." # Dependancies are from Roundcube, not all may be needed for Rainloop #
echo "Installing Rainloop (webmail)..."
apt_install \ apt_install \
dbconfig-common \ unzip \
php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \ php5 php5-mcrypt php5-cli php5-curl php5-sqlite php-net-sieve php5-common \
tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 crudini
apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3 apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
# We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC # We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
@ -34,135 +28,120 @@ apt-get purge -qq -y roundcube* #NODOC
# Install Roundcube from source if it is not already present or if it is out of date. # Install Roundcube from source if it is not already present or if it is out of date.
# Combine the Roundcube version number with the commit hash of vacation_sieve to track # Combine the Roundcube version number with the commit hash of vacation_sieve to track
# whether we have the latest version. # whether we have the latest version.
VERSION=1.2.1 VERSION=v1.10.2.145
HASH=81fbfba4683522f6e54006d0300a48e6da3f3bbd VERSION_FILENAME="rainloop-community-1.10.2.145-74dc686dd82d9f29b0fef8ceb11c2903.zip"
VACATION_SIEVE_VERSION=91ea6f52216390073d1f5b70b5f6bea0bfaee7e5 HASH=ee1b9cd4c2494aaecf7d291500aee9b455bbee58
PERSISTENT_LOGIN_VERSION=1e9d724476a370ce917a2fcd5b3217b0c306c24e UPDATE_KEY=$VERSION
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
UPDATE_KEY=$VERSION:$VACATION_SIEVE_VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:a
needs_update=0 #NODOC needs_update=0 #NODOC
if [ ! -f /usr/local/lib/roundcubemail/version ]; then first_install=0
if [ ! -f /usr/local/lib/rainloop/version ]; then
# not installed yet #NODOC # not installed yet #NODOC
needs_update=1 #NODOC needs_update=1 #NODOC
elif [[ "$UPDATE_KEY" != `cat /usr/local/lib/roundcubemail/version` ]]; then first_install=1
elif [[ "$UPDATE_KEY" != "$(cat /usr/local/lib/rainloop/version)" ]]; then
# checks if the version is what we want # checks if the version is what we want
needs_update=1 #NODOC needs_update=1 #NODOC
fi fi
if [ $needs_update == 1 ]; then if [ $needs_update == 1 ]; then
# install roundcube # install rainloop
wget_verify \ wget_verify \
https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION.tar.gz \ https://github.com/RainLoop/rainloop-webmail/releases/download/$VERSION/$VERSION_FILENAME \
$HASH \ $HASH \
/tmp/roundcube.tgz /tmp/rainloop.zip
tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz # Per documentation, updates can overwrite existing files
rm -rf /usr/local/lib/roundcubemail unzip -q -o /tmp/rainloop.zip -d /usr/local/lib/rainloop
mv /usr/local/lib/roundcubemail-$VERSION/ /usr/local/lib/roundcubemail rm -f /tmp/rainloop.zip
rm -f /tmp/roundcube.tgz
# install roundcube autoreply/vacation plugin
git_clone https://github.com/arodier/Roundcube-Plugins.git $VACATION_SIEVE_VERSION plugins/vacation_sieve /usr/local/lib/roundcubemail/plugins/vacation_sieve
# install roundcube persistent_login plugin
git_clone https://github.com/mfreiholz/Roundcube-Persistent-Login-Plugin.git $PERSISTENT_LOGIN_VERSION '' /usr/local/lib/roundcubemail/plugins/persistent_login
# install roundcube html5_notifier plugin
git_clone https://github.com/kitist/html5_notifier.git $HTML5_NOTIFIER_VERSION '' /usr/local/lib/roundcubemail/plugins/html5_notifier
# record the version we've installed # record the version we've installed
echo $UPDATE_KEY > /usr/local/lib/roundcubemail/version echo $UPDATE_KEY > /usr/local/lib/rainloop/version
fi fi
# ### Configuring Roundcube # ### Configuring Rainloop
# Generate a safe 24-character secret key of safe characters.
SECRET_KEY=$(dd if=/dev/urandom bs=1 count=18 2>/dev/null | base64 | fold -w 24 | head -n 1)
# Create a configuration file. # Create a configuration file.
# #
# For security, temp and log files are not stored in the default locations
# which are inside the roundcube sources directory. We put them instead # Some application paths are not created until the application is launched
# in normal places. # this should include the internal process it has when upgrading between versions
cat > /usr/local/lib/roundcubemail/config/config.inc.php <<EOF;
<?php # Fix permissions
/* find /usr/local/lib/rainloop -type d -exec chmod 755 {} \;
* Do not edit. Written by Mail-in-a-Box. Regenerated on updates. find /usr/local/lib/rainloop -type f -exec chmod 644 {} \;
*/ chown -R www-data:www-data /usr/local/lib/rainloop
\$config = array();
\$config['log_dir'] = '/var/log/roundcubemail/'; # Fixing permissions needs to happen first or else curl gets
\$config['temp_dir'] = '/tmp/roundcubemail/'; # this error: [105] Missing version directory
\$config['db_dsnw'] = 'sqlite:///$STORAGE_ROOT/mail/roundcube/roundcube.sqlite?mode=0640';
\$config['default_host'] = 'ssl://localhost'; /usr/bin/php /usr/local/lib/rainloop/index.php > /dev/null
\$config['default_port'] = 993;
\$config['imap_timeout'] = 15;
\$config['smtp_server'] = 'tls://127.0.0.1'; if [ $first_install == 1 ]; then
\$config['smtp_port'] = 587;
\$config['smtp_user'] = '%u'; # Set customized configuration
\$config['smtp_pass'] = '%p'; # Rainloop has a default password set, not sure yet how to integrate with userlist
\$config['support_url'] = 'https://mailinabox.email/'; # for now we should change it from the default
\$config['product_name'] = '$PRIMARY_HOSTNAME Webmail'; # Methods for changing password: https://github.com/RainLoop/rainloop-webmail/issues/28
\$config['des_key'] = '$SECRET_KEY'; #
\$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'vacation_sieve', 'persistent_login'); # Using the Rainloop API:
\$config['skin'] = 'classic'; random_admin_pw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
\$config['login_autocomplete'] = 2;
\$config['password_charset'] = 'UTF-8'; echo "<?php
\$config['junk_mbox'] = 'Spam';
?> \$_ENV['RAINLOOP_INCLUDE_AS_API'] = true;
include '/usr/local/lib/rainloop/index.php';
\$oConfig = \RainLoop\Api::Config();
\$oConfig->SetPassword('$random_admin_pw');
echo \$oConfig->Save() ? 'Done' : 'Error';
?>" | /usr/bin/php
crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
contacts enable On
crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
contacts allow_sync On
crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
login determine_user_domain On
crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
login default_domain $PRIMARY_HOSTNAME
# Disable google imap login in Rainloop
echo -n ",gmail.com" >> /usr/local/lib/rainloop/data/_data_/_default_/domains/disabled
# Add localhost imap/smtp
cat > /usr/local/lib/rainloop/data/_data_/_default_/domains/default.ini <<EOF;
imap_host = "127.0.0.1"
imap_port = 993
imap_secure = "SSL"
imap_short_login = Off
sieve_use = On
sieve_allow_raw = Off
sieve_host = "127.0.0.1"
sieve_port = 4190
sieve_secure = "None"
smtp_host = "127.0.0.1"
smtp_port = 587
smtp_secure = "TLS"
smtp_short_login = Off
smtp_auth = On
smtp_php_mail = Off
EOF EOF
# Configure vaction_sieve.
cat > /usr/local/lib/roundcubemail/plugins/vacation_sieve/config.inc.php <<EOF;
<?php
/* Do not edit. Written by Mail-in-a-Box. Regenerated on updates. */
\$rcmail_config['vacation_sieve'] = array(
'date_format' => 'd/m/Y',
'working_hours' => array(8,18),
'msg_format' => 'text',
'logon_transform' => array('#([a-z])[a-z]+(\.|\s)([a-z])#i', '\$1\$3'),
'transfer' => array(
'mode' => 'managesieve',
'ms_activate_script' => true,
'host' => '127.0.0.1',
'port' => '4190',
'usetls' => false,
'path' => 'vacation',
)
);
EOF
# Create writable directories. # Fix permissions after editing configs
mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
# Ensure the log file monitored by fail2ban exists, or else fail2ban can't start. find /usr/local/lib/rainloop -type d -exec chmod 755 {} \;
sudo -u www-data touch /var/log/roundcubemail/errors find /usr/local/lib/rainloop -type f -exec chmod 644 {} \;
chown -R www-data:www-data /usr/local/lib/rainloop
# Password changing plugin settings fi
# The config comes empty by default, so we need the settings
# we're not planning to change in config.inc.dist...
cp /usr/local/lib/roundcubemail/plugins/password/config.inc.php.dist \
/usr/local/lib/roundcubemail/plugins/password/config.inc.php
tools/editconf.py /usr/local/lib/roundcubemail/plugins/password/config.inc.php \
"\$config['password_minimum_length']=6;" \
"\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \
"\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \
"\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \
"\$config['password_dovecotpw_method']='SHA512-CRYPT';" \
"\$config['password_dovecotpw_with_method']=true;"
# so PHP can use doveadm, for the password changing plugin
usermod -a -G dovecot www-data
# set permissions so that PHP can use users.sqlite
# could use dovecot instead of www-data, but not sure it matters
chown root.www-data $STORAGE_ROOT/mail
chmod 775 $STORAGE_ROOT/mail
chown root.www-data $STORAGE_ROOT/mail/users.sqlite
chmod 664 $STORAGE_ROOT/mail/users.sqlite
# Run Roundcube database migration script (database is created if it does not exist)
/usr/local/lib/roundcubemail/bin/updatedb.sh --dir /usr/local/lib/roundcubemail/SQL --package roundcube
# Enable PHP modules. # Enable PHP modules.
php5enmod mcrypt php5enmod mcrypt
restart_service php5-fpm restart_service php5-fpm
# remove Roundcube
rm -rf /usr/local/lib/roundcube

46
tools/rainloop-unlockadmin.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
#
# This allows for resetting the password for
# access to Rainloop's Admin panel:
# https://yourdomain.com/mail/?admin
#
source /etc/mailinabox.conf
echo "Tool for resetting Rainloop Admin Password"
echo
echo "Password must be 8 characters or longer."
echo
echo -n "Please provide a new admin password (ctrl-c to cancel):"
read -s newpassword
echo
if [ -z $newpassword ]
then
echo "Error: Password can not be blank."
exit 1
fi
if [ ${#newpassword} -lt 8 ]
then
echo "Error: Password length must be 8 characters or longer."
exit 1
fi
echo "<?php
\$_ENV['RAINLOOP_INCLUDE_AS_API'] = true;
include '/usr/local/lib/rainloop/index.php';
\$oConfig = \RainLoop\Api::Config();
\$oConfig->SetPassword('$newpassword');
echo \$oConfig->Save() ? 'Done' : 'Error';
?>" | /usr/bin/php
echo ""
echo "Login to Rainloop Admin Panel here using your new password:"
echo "Username: admin"
echo "https://$PRIMARY_HOSTNAME/mail/?admin"