1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-24 07:37:04 +00:00

Update dovecot, spampd settings for Ubuntu 22.04

* dovecot's ssl_protocols became ssl_min_protocol in 2.3
* spampd fixed a bug so we can remove lmtp_destination_recipient_limit=1 in postfix
This commit is contained in:
Joshua Tauberer 2022-01-09 10:32:36 -05:00
parent 96bab10b53
commit 3599bbbf2e
3 changed files with 28 additions and 15 deletions

View File

@ -84,7 +84,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
ssl=required \ ssl=required \
"ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \ "ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \
"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \ "ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
"ssl_protocols=TLSv1.2" \ "ssl_min_protocol=TLSv1.2" \
"ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \ "ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
"ssl_prefer_server_ciphers=no" \ "ssl_prefer_server_ciphers=no" \
"ssl_dh_parameters_length=2048" "ssl_dh_parameters_length=2048"

View File

@ -13,8 +13,8 @@
# destinations according to aliases, and passses email on to # destinations according to aliases, and passses email on to
# another service for local mail delivery. # another service for local mail delivery.
# #
# The first hop in local mail delivery is to Spamassassin via # The first hop in local mail delivery is to spampd via
# LMTP. Spamassassin then passes mail over to Dovecot for # LMTP. spampd then passes mail over to Dovecot for
# storage in the user's mailbox. # storage in the user's mailbox.
# #
# Postfix also listens on ports 465/587 (SMTPS, SMTP+STARTLS) for # Postfix also listens on ports 465/587 (SMTPS, SMTP+STARTLS) for
@ -193,16 +193,17 @@ tools/editconf.py /etc/postfix/main.cf \
# ### Incoming Mail # ### Incoming Mail
# Pass any incoming mail over to a local delivery agent. Spamassassin # Pass mail to spampd, which acts as the local delivery agent (LDA),
# will act as the LDA agent at first. It is listening on port 10025 # which then passes the mail over to the Dovecot LMTP server after.
# with LMTP. Spamassassin will pass the mail over to Dovecot after. # spampd runs on port 10025 by default.
# #
# In a basic setup we would pass mail directly to Dovecot by setting # In a basic setup we would pass mail directly to Dovecot by setting
# virtual_transport to `lmtp:unix:private/dovecot-lmtp`. # virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
tools/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025" tools/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025"
# Because of a spampd bug, limit the number of recipients in each connection. # Clear the lmtp_destination_recipient_limit setting which in previous
# versions of Mail-in-a-Box was set to 1 because of a spampd bug.
# See https://github.com/mail-in-a-box/mailinabox/issues/1523. # See https://github.com/mail-in-a-box/mailinabox/issues/1523.
tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1 tools/editconf.py /etc/postfix/main.cf -e lmtp_destination_recipient_limit=
# Who can send mail to us? Some basic filters. # Who can send mail to us? Some basic filters.

View File

@ -14,6 +14,10 @@
# #
# NAME VALUE # NAME VALUE
# #
# If the -e option is given and VALUE is empty, the setting is removed
# from the configuration file if it is set (i.e. existing occurrences
# are commented out and no new setting is added).
#
# If the -c option is given, then the supplied character becomes the comment character # If the -c option is given, then the supplied character becomes the comment character
# #
# If the -w option is given, then setting lines continue onto following # If the -w option is given, then setting lines continue onto following
@ -35,6 +39,7 @@ settings = sys.argv[2:]
delimiter = "=" delimiter = "="
delimiter_re = r"\s*=\s*" delimiter_re = r"\s*=\s*"
erase_setting = False
comment_char = "#" comment_char = "#"
folded_lines = False folded_lines = False
testing = False testing = False
@ -44,6 +49,9 @@ while settings[0][0] == "-" and settings[0] != "--":
# Space is the delimiter # Space is the delimiter
delimiter = " " delimiter = " "
delimiter_re = r"\s+" delimiter_re = r"\s+"
elif opt == "-e":
# Erase settings that have empty values.
erase_setting = True
elif opt == "-w": elif opt == "-w":
# Line folding is possible in this file. # Line folding is possible in this file.
folded_lines = True folded_lines = True
@ -81,7 +89,7 @@ while len(input_lines) > 0:
# See if this line is for any settings passed on the command line. # See if this line is for any settings passed on the command line.
for i in range(len(settings)): for i in range(len(settings)):
# Check that this line contain this setting from the command-line arguments. # Check if this line contain this setting from the command-line arguments.
name, val = settings[i].split("=", 1) name, val = settings[i].split("=", 1)
m = re.match( m = re.match(
"(\s*)" "(\s*)"
@ -91,8 +99,10 @@ while len(input_lines) > 0:
if not m: continue if not m: continue
indent, is_comment, existing_val = m.groups() indent, is_comment, existing_val = m.groups()
# If this is already the setting, do nothing. # If this is already the setting, keep it in the file, except:
if is_comment is None and existing_val == val: # * If we've already seen it before, then remove this duplicate line.
# * If val is empty and erase_setting is on, then comment it out.
if is_comment is None and existing_val == val and not (not val and erase_setting):
# It may be that we've already inserted this setting higher # It may be that we've already inserted this setting higher
# in the file so check for that first. # in the file so check for that first.
if i in found: break if i in found: break
@ -107,8 +117,9 @@ while len(input_lines) > 0:
# the line is already commented, pass it through # the line is already commented, pass it through
buf += line buf += line
# if this option oddly appears more than once, don't add the setting again # if this option already is set don't add the setting again,
if i in found: # or if we're clearing the setting with -e, don't add it
if (i in found) or (not val and erase_setting):
break break
# add the new setting # add the new setting
@ -122,9 +133,10 @@ while len(input_lines) > 0:
# If did not match any setting names, pass this line through. # If did not match any setting names, pass this line through.
buf += line buf += line
# Put any settings we didn't see at the end of the file. # Put any settings we didn't see at the end of the file,
# except settings being cleared.
for i in range(len(settings)): for i in range(len(settings)):
if i not in found: if (i not in found) and not (not val and erase_setting):
name, val = settings[i].split("=", 1) name, val = settings[i].split("=", 1)
buf += name + delimiter + val + "\n" buf += name + delimiter + val + "\n"