Update dovecot, spampd settings for Ubuntu 22.04

* dovecot's ssl_protocols became ssl_min_protocol in 2.3
* spampd fixed a bug so we can remove lmtp_destination_recipient_limit=1 in postfix

setup/mail-dovecot.sh

@@ -84,7 +84,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
 	ssl=required \
 	"ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \
 	"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
-	"ssl_protocols=TLSv1.2" \
+	"ssl_min_protocol=TLSv1.2" \
 	"ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
 	"ssl_prefer_server_ciphers=no" \
 	"ssl_dh_parameters_length=2048"

setup/mail-postfix.sh

@@ -13,8 +13,8 @@
 # destinations according to aliases, and passses email on to
 # another service for local mail delivery.
 #
-# The first hop in local mail delivery is to Spamassassin via
+# The first hop in local mail delivery is to spampd via
-# LMTP. Spamassassin then passes mail over to Dovecot for
+# LMTP. spampd then passes mail over to Dovecot for
 # storage in the user's mailbox.
 #
 # Postfix also listens on ports 465/587 (SMTPS, SMTP+STARTLS) for
@@ -193,16 +193,17 @@ tools/editconf.py /etc/postfix/main.cf \
 
 # ### Incoming Mail
 
-# Pass any incoming mail over to a local delivery agent. Spamassassin
+# Pass mail to spampd, which acts as the local delivery agent (LDA),
-# will act as the LDA agent at first. It is listening on port 10025
+# which then passes the mail over to the Dovecot LMTP server after.
-# with LMTP. Spamassassin will pass the mail over to Dovecot after.
+# spampd runs on port 10025 by default.
 #
 # In a basic setup we would pass mail directly to Dovecot by setting
 # virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
 tools/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025"
-# Because of a spampd bug, limit the number of recipients in each connection.
+# Clear the lmtp_destination_recipient_limit setting which in previous
+# versions of Mail-in-a-Box was set to 1 because of a spampd bug.
 # See https://github.com/mail-in-a-box/mailinabox/issues/1523.
-tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
+tools/editconf.py /etc/postfix/main.cf  -e lmtp_destination_recipient_limit=
 
 
 # Who can send mail to us? Some basic filters.

tools/editconf.py

@@ -14,6 +14,10 @@
 #
 # NAME VALUE
 #
+# If the -e option is given and VALUE is empty, the setting is removed
+# from the configuration file if it is set (i.e. existing occurrences
+# are commented out and no new setting is added).
+#
 # If the -c option is given, then the supplied character becomes the comment character
 #
 # If the -w option is given, then setting lines continue onto following
@@ -35,6 +39,7 @@ settings = sys.argv[2:]
 
 delimiter = "="
 delimiter_re = r"\s*=\s*"
+erase_setting = False
 comment_char = "#"
 folded_lines = False
 testing = False
@@ -44,6 +49,9 @@ while settings[0][0] == "-" and settings[0] != "--":
 		# Space is the delimiter
 		delimiter = " "
 		delimiter_re = r"\s+"
+	elif opt == "-e":
+		# Erase settings that have empty values.
+		erase_setting = True
 	elif opt == "-w":
 		# Line folding is possible in this file.
 		folded_lines = True
@@ -81,7 +89,7 @@ while len(input_lines) > 0:
 
 	# See if this line is for any settings passed on the command line.
 	for i in range(len(settings)):
-		# Check that this line contain this setting from the command-line arguments.
+		# Check if this line contain this setting from the command-line arguments.
 		name, val = settings[i].split("=", 1)
 		m = re.match(
 			   "(\s*)"
@@ -91,8 +99,10 @@ while len(input_lines) > 0:
 		if not m: continue
 		indent, is_comment, existing_val = m.groups()
 
-		# If this is already the setting, do nothing.
+		# If this is already the setting, keep it in the file, except:
-		if is_comment is None and existing_val == val:
+		# * If we've already seen it before, then remove this duplicate line.
+		# * If val is empty and erase_setting is on, then comment it out.
+		if is_comment is None and existing_val == val and not (not val and erase_setting):
 			# It may be that we've already inserted this setting higher
 			# in the file so check for that first.
 			if i in found: break
@@ -107,8 +117,9 @@ while len(input_lines) > 0:
 			# the line is already commented, pass it through
 			buf += line
 		
-		# if this option oddly appears more than once, don't add the setting again
+		# if this option already is set don't add the setting again,
-		if i in found:
+		# or if we're clearing the setting with -e, don't add it
+		if (i in found) or (not val and erase_setting):
 			break
 		
 		# add the new setting
@@ -122,9 +133,10 @@ while len(input_lines) > 0:
 		# If did not match any setting names, pass this line through.
 		buf += line
 		
-# Put any settings we didn't see at the end of the file.
+# Put any settings we didn't see at the end of the file,
+# except settings being cleared.
 for i in range(len(settings)):
-	if i not in found:
+	if (i not in found) and not (not val and erase_setting):
 		name, val = settings[i].split("=", 1)
 		buf += name + delimiter + val + "\n"