From 304bf3d3602785f9ec4a540cdd4219e1368354aa Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Thu, 17 Apr 2014 20:17:24 -0400 Subject: [PATCH] update for Ubuntu 14.04 --- README.md | 4 ++-- docs/index.md | 4 ++-- scripts/dns.sh | 8 ++++---- scripts/dns_update.sh | 22 +++++++++++----------- scripts/mail.sh | 5 ++++- scripts/start.sh | 6 +++--- scripts/webmail.sh | 3 +++ tools/editconf.py | 2 +- 8 files changed, 30 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 9174778b..970aeda4 100644 --- a/README.md +++ b/README.md @@ -12,14 +12,14 @@ On March 13, 2014 I submitted Mail-in-a-Box to the [Knight News Challenge](https The Box ------- -Mail-in-a-Box provides a single shell script that turns a fresh Ubuntu 13.04 64-bit machine into a working mail server, including: +Mail-in-a-Box provides a single shell script that turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server, including: * An SMTP server for sending/receiving mail, with STARTTLS required for authentication, and greylisting to cut down on spam (postfix, postgrey). * An IMAP server for checking your mail, with SSL required (dovecot). * A webmail client over SSL so you can check your email from a web browser (roundcube, nginx). * Spam filtering with spam automatically going to your Spam folder (spamassassin). * DKIM signing on outgoing messages (opendkim). -* The machine acts as its own DNS server and is automatically configured for SPF and DKIM (nsd3). +* The machine acts as its own DNS server and is automatically configured for SPF and DKIM (nsd). * Configuration of mailboxes and mail aliases is done using a command-line tool. * Basic system services like a firewall, intrusion protection, and setting the system clock are automatically configured (ufw, fail2ban, ntp). diff --git a/docs/index.md b/docs/index.md index 09380d97..d36ebe0a 100644 --- a/docs/index.md +++ b/docs/index.md @@ -9,9 +9,9 @@ Before You Begin Get a Server ------------ -* Get a server. I've been a long-time customer of Rimuhosting.com which provides cheap VPS machines at several locations around the world. You could also go with Linode.com or any other cloud or VPS (virtual server) provider. (If you want to test on Amazon EC2, I've got instructions for you in ec2/README.md.) In a cloud environment like EC2 where your server's IP address is dynamic, this is a good time to assign a static IP (like a EC2 Elastic IP). +* Get a server. I've been a long-time customer of Rimuhosting.com which provides cheap VPS machines at several locations around the world. You could also go with Linode.com or any other cloud or VPS (virtual server) provider that provides a static IP address. Don't use Amazon Web Services though: Many of their IP addresses have a bad reputation because they've been used to send spam. -* Choose Ubuntu 13.04 amd64 as your operating system (aka a Linux distribution). You won't need much memory or disk space. 768 MB of memory (RAM) and 4G of disk space should be plenty. +* Choose Ubuntu 14.04 amd64 as your operating system (aka a Linux distribution). You won't need much memory or disk space. 768 MB of memory (RAM) and 4G of disk space should be plenty. * Once the machine is running, set up Reverse DNS. Each ISP handles that differently. You'll have to figure out from your ISP how to do that. Set the reverse DNS to the hostname you chose above (in my case `box.occams.info`). diff --git a/scripts/dns.sh b/scripts/dns.sh index 0b5f0f15..13f9cc98 100644 --- a/scripts/dns.sh +++ b/scripts/dns.sh @@ -7,13 +7,13 @@ # # This script will turn on DNS for $PUBLIC_HOSTNAME. -# Install nsd3, our DNS server software. +# Install nsd, our DNS server software. -apt-get -qq -y install nsd3 +apt-get -qq -y install nsd -# Prepare nsd3's configuration. +# Prepare nsd's configuration. -sudo mkdir -p /var/run/nsd3 +sudo mkdir -p /var/run/nsd mkdir -p "$STORAGE_ROOT/dns"; # Create the default zone if it doesn't exist. diff --git a/scripts/dns_update.sh b/scripts/dns_update.sh index 8bc6f8e3..e7c14844 100755 --- a/scripts/dns_update.sh +++ b/scripts/dns_update.sh @@ -20,7 +20,7 @@ done # Create the top of nsd.conf. -cat > /etc/nsd3/nsd.conf << EOF; +cat > /etc/nsd/nsd.conf << EOF; server: hide-version: yes @@ -28,7 +28,7 @@ server: identity: "" # The directory for zonefile: files. - zonesdir: "/etc/nsd3/zones" + zonesdir: "/etc/nsd/zones" # ZONES EOF @@ -37,7 +37,7 @@ EOF # file and mention it in nsd.conf. And add information to the # OpenDKIM signing tables. -mkdir -p /etc/nsd3/zones; +mkdir -p /etc/nsd/zones; truncate --size 0 /etc/opendkim/KeyTable truncate --size 0 /etc/opendkim/SigningTable @@ -54,15 +54,15 @@ for fn in $STORAGE_ROOT/dns/*.txt; do # If the zone file exists, get the existing zone serial number so we can increment it. # TODO: This needs to be done better so that the existing serial number is persisted in the storage area. serial=`date +"%Y%m%d00"` - if [ -f /etc/nsd3/zones/$fn2 ]; then - existing_serial=`grep "serial number" /etc/nsd3/zones/$fn2 | sed "s/; serial number//"` + if [ -f /etc/nsd/zones/$fn2 ]; then + existing_serial=`grep "serial number" /etc/nsd/zones/$fn2 | sed "s/; serial number//"` if [ ! -z "$existing_serial" ]; then serial=`echo $existing_serial + 1 | bc` fi fi # Create the zone file. - cat > /etc/nsd3/zones/$fn2 << EOF; + cat > /etc/nsd/zones/$fn2 << EOF; \$ORIGIN $zone. ; default zone domain \$TTL 86400 ; default time to live @@ -86,7 +86,7 @@ EOF # In PUBLIC_HOSTNAME, also define ns1 and ns2. if [ "$zone" = $PUBLIC_HOSTNAME ]; then - cat >> /etc/nsd3/zones/$fn2 << EOF; + cat >> /etc/nsd/zones/$fn2 << EOF; ns1 IN A $PUBLIC_IP ns2 IN A $PUBLIC_IP EOF @@ -94,11 +94,11 @@ EOF # If OpenDKIM is set up, append the suggested TXT record to the zone. if [ -f "$STORAGE_ROOT/mail/dkim/mail.txt" ]; then - cat "$STORAGE_ROOT/mail/dkim/mail.txt" >> /etc/nsd3/zones/$fn2; + cat "$STORAGE_ROOT/mail/dkim/mail.txt" >> /etc/nsd/zones/$fn2; fi # Add this zone file to the main nsd configuration file. - cat >> /etc/nsd3/nsd.conf << EOF; + cat >> /etc/nsd/nsd.conf << EOF; zone: name: $zone zonefile: $fn2 @@ -120,8 +120,8 @@ EOF done # Kick nsd. -service nsd3 rebuild -service nsd3 restart # ensure it is running +service nsd rebuild +service nsd restart # ensure it is running # Kick opendkim. service opendkim restart diff --git a/scripts/mail.sh b/scripts/mail.sh index b5283cae..add0efbf 100755 --- a/scripts/mail.sh +++ b/scripts/mail.sh @@ -121,11 +121,13 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \ first_valid_uid=0 # Require that passwords are sent over SSL only, and allow the usual IMAP authentication mechanisms. +# The LOGIN mechanism is supposedly for Microsoft products like Outlook to do SMTP login (I guess +# since we're using Dovecot to handle SMTP authentication?). tools/editconf.py /etc/dovecot/conf.d/10-auth.conf \ disable_plaintext_auth=yes \ "auth_mechanisms=plain login" -# Query out Sqlite3 database, and not system users, for authentication. +# Query our Sqlite3 database, and not system users, for authentication. sed -i "s/\(\!include auth-system.conf.ext\)/#\1/" /etc/dovecot/conf.d/10-auth.conf sed -i "s/#\(\!include auth-sql.conf.ext\)/\1/" /etc/dovecot/conf.d/10-auth.conf @@ -148,6 +150,7 @@ connect = $db_path default_pass_scheme = SHA512-CRYPT password_query = SELECT email as user, password FROM users WHERE email='%u'; EOF +chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions # Disable in-the-clear IMAP and POP because we're paranoid (we haven't even # enabled POP). diff --git a/scripts/start.sh b/scripts/start.sh index bbe9c824..fe19e9ea 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -3,8 +3,8 @@ # Check system setup. -if [ "`lsb_release -d | sed 's/.*:\s*//'`" != "Ubuntu 13.04" ]; then - echo "Mail-in-a-Box only supports being installed on Ubuntu 13.04, sorry. You are running:" +if [ "`lsb_release -d | sed 's/.*:\s*//'`" != "Ubuntu 14.04 LTS" ]; then + echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:" echo lsb_release -d | sed 's/.*:\s*//' echo @@ -20,7 +20,7 @@ if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \ echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check" echo "check that you can log in without a password, set the option" echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then" - echo "restart the machine." + echo "restart the machine." exit fi diff --git a/scripts/webmail.sh b/scripts/webmail.sh index 8b25894d..065686a1 100755 --- a/scripts/webmail.sh +++ b/scripts/webmail.sh @@ -51,3 +51,6 @@ cat - > /etc/roundcube/debian-db.php <