mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-24 07:37:04 +00:00
Merge branch 'spf-srs' of supplee.net:mailinabox-quota into miab-config
This commit is contained in:
commit
36101208fe
@ -1,12 +1,17 @@
|
|||||||
CHANGELOG
|
CHANGELOG
|
||||||
=========
|
=========
|
||||||
|
|
||||||
In Development
|
v0.41 (February 26, 2019)
|
||||||
--------------
|
-------------------------
|
||||||
|
|
||||||
System:
|
System:
|
||||||
|
|
||||||
* Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back.
|
* Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back.
|
||||||
|
* Upgrades would fail if Mail-in-a-Box moved to a different directory in `systemctl link`.
|
||||||
|
|
||||||
|
Mail:
|
||||||
|
|
||||||
|
* Incoming messages addressed to more than one local user were rejected because of a bug in spampd packaged by Ubuntu 18.04. A workaround was added.
|
||||||
|
|
||||||
Contacts/Calendar:
|
Contacts/Calendar:
|
||||||
|
|
||||||
|
@ -58,7 +58,7 @@ by him:
|
|||||||
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
||||||
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
||||||
|
|
||||||
$ git verify-tag v0.40
|
$ git verify-tag v0.41
|
||||||
gpg: Signature made ..... using RSA key ID C10BDD81
|
gpg: Signature made ..... using RSA key ID C10BDD81
|
||||||
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
||||||
gpg: WARNING: This key is not certified with a trusted signature!
|
gpg: WARNING: This key is not certified with a trusted signature!
|
||||||
@ -71,7 +71,7 @@ and on his [personal homepage](https://razor.occams.info/). (Of course, if this
|
|||||||
|
|
||||||
Checkout the tag corresponding to the most recent release:
|
Checkout the tag corresponding to the most recent release:
|
||||||
|
|
||||||
$ git checkout v0.40
|
$ git checkout v0.41
|
||||||
|
|
||||||
Begin the installation.
|
Begin the installation.
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
|
|||||||
# want to display in status checks.
|
# want to display in status checks.
|
||||||
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
|
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
|
||||||
# This machine is running Ubuntu 18.04.
|
# This machine is running Ubuntu 18.04.
|
||||||
TAG=v0.40
|
TAG=v0.41
|
||||||
|
|
||||||
elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
|
elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
|
||||||
# This machine is running Ubuntu 14.04.
|
# This machine is running Ubuntu 14.04.
|
||||||
|
@ -42,7 +42,8 @@ source /etc/mailinabox.conf # load global vars
|
|||||||
# * `ca-certificates`: A trust store used to squelch postfix warnings about
|
# * `ca-certificates`: A trust store used to squelch postfix warnings about
|
||||||
# untrusted opportunistically-encrypted connections.
|
# untrusted opportunistically-encrypted connections.
|
||||||
echo "Installing Postfix (SMTP server)..."
|
echo "Installing Postfix (SMTP server)..."
|
||||||
apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates
|
apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates \
|
||||||
|
postfix-policyd-spf-python postsrsd
|
||||||
|
|
||||||
# ### Basic Settings
|
# ### Basic Settings
|
||||||
|
|
||||||
@ -97,7 +98,9 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
|
|||||||
-o cleanup_service_name=authclean" \
|
-o cleanup_service_name=authclean" \
|
||||||
"authclean=unix n - - - 0 cleanup
|
"authclean=unix n - - - 0 cleanup
|
||||||
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters
|
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters
|
||||||
-o nested_header_checks="
|
-o nested_header_checks=" \
|
||||||
|
"policy-spf=unix - n n - - spawn
|
||||||
|
user=nobody argv=/usr/bin/policyd-spf"
|
||||||
|
|
||||||
# Install the `outgoing_mail_header_filters` file required by the new 'authclean' service.
|
# Install the `outgoing_mail_header_filters` file required by the new 'authclean' service.
|
||||||
cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
|
cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
|
||||||
@ -173,8 +176,11 @@ tools/editconf.py /etc/postfix/main.cf \
|
|||||||
#
|
#
|
||||||
# In a basic setup we would pass mail directly to Dovecot by setting
|
# In a basic setup we would pass mail directly to Dovecot by setting
|
||||||
# virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
|
# virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
|
||||||
#
|
|
||||||
tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
|
tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
|
||||||
|
# Because of a spampd bug, limit the number of recipients in each connection.
|
||||||
|
# See https://github.com/mail-in-a-box/mailinabox/issues/1523.
|
||||||
|
tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
|
||||||
|
|
||||||
|
|
||||||
# Who can send mail to us? Some basic filters.
|
# Who can send mail to us? Some basic filters.
|
||||||
#
|
#
|
||||||
@ -193,13 +199,19 @@ tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
|
|||||||
# so these IPs get mail delivered quickly. But when an IP is not listed in the permit_dnswl_client list (i.e. it is not #NODOC
|
# so these IPs get mail delivered quickly. But when an IP is not listed in the permit_dnswl_client list (i.e. it is not #NODOC
|
||||||
# whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC
|
# whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC
|
||||||
# "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
|
# "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
|
||||||
RECIPIENT_RESTRICTIONS=permit_sasl_authenticated,permit_mynetworks,\"reject_rbl_client zen.spamhaus.org\",reject_unlisted_recipient
|
postconf -e smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org"
|
||||||
if [ $GREYLISTING != "1" ]; then
|
|
||||||
RECIPIENT_RESTRICTIONS=${RECIPIENT_RESTRICTIONS},\"check_policy_service inet:127.0.0.1:10023\"
|
RECIPIENT_RESTRICTIONS="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient"
|
||||||
|
|
||||||
|
if [ $GREYLISTING != 1 ]; then
|
||||||
|
RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:10023"
|
||||||
fi
|
fi
|
||||||
tools/editconf.py /etc/postfix/main.cf \
|
|
||||||
smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \
|
if [ $POLICY_SPF == 1 ]; then
|
||||||
smtpd_recipient_restrictions=$RECIPIENT_RESTRICTIONS
|
RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service unix:private/policy-spf"
|
||||||
|
fi
|
||||||
|
|
||||||
|
postconf -e smtpd_recipient_restrictions="$RECIPIENT_RESTRICTIONS"
|
||||||
|
|
||||||
# Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
|
# Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
|
||||||
# Postgrey listens on the same interface (and not IPv6, for instance).
|
# Postgrey listens on the same interface (and not IPv6, for instance).
|
||||||
@ -216,6 +228,29 @@ tools/editconf.py /etc/default/postgrey \
|
|||||||
tools/editconf.py /etc/postfix/main.cf \
|
tools/editconf.py /etc/postfix/main.cf \
|
||||||
message_size_limit=134217728
|
message_size_limit=134217728
|
||||||
|
|
||||||
|
if [ $POSTSRSD == "1" ]; then
|
||||||
|
# Setup SRS
|
||||||
|
postconf -e \
|
||||||
|
sender_canonical_maps=tcp:localhost:10001 \
|
||||||
|
sender_canonical_classes=envelope_sender \
|
||||||
|
recipient_canonical_maps=tcp:localhost:10002 \
|
||||||
|
recipient_canonical_classes=envelope_recipient,header_recipient
|
||||||
|
|
||||||
|
hide_output systemctl enable postsrsd
|
||||||
|
hide_output systemctl restart postsrsd
|
||||||
|
|
||||||
|
else
|
||||||
|
postconf -e \
|
||||||
|
sender_canonical_maps= \
|
||||||
|
sender_canonical_classes= \
|
||||||
|
recipient_canonical_maps= \
|
||||||
|
recipient_canonical_classes=
|
||||||
|
|
||||||
|
hide_output systemctl disable postsrsd
|
||||||
|
hide_output systemctl stop postsrsd
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Allow the two SMTP ports in the firewall.
|
# Allow the two SMTP ports in the firewall.
|
||||||
|
|
||||||
ufw_allow smtp
|
ufw_allow smtp
|
||||||
|
@ -93,7 +93,7 @@ source $venv/bin/activate
|
|||||||
exec python `pwd`/management/daemon.py
|
exec python `pwd`/management/daemon.py
|
||||||
EOF
|
EOF
|
||||||
chmod +x $inst_dir/start
|
chmod +x $inst_dir/start
|
||||||
hide_output systemctl link conf/mailinabox.service
|
hide_output systemctl link -f conf/mailinabox.service
|
||||||
hide_output systemctl daemon-reload
|
hide_output systemctl daemon-reload
|
||||||
hide_output systemctl enable mailinabox.service
|
hide_output systemctl enable mailinabox.service
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ mkdir -p /var/lib/munin-node/plugin-state/
|
|||||||
# Create a systemd service for munin.
|
# Create a systemd service for munin.
|
||||||
ln -sf $(pwd)/management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
|
ln -sf $(pwd)/management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
|
||||||
chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
|
chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
|
||||||
hide_output systemctl link conf/munin.service
|
hide_output systemctl link -f conf/munin.service
|
||||||
hide_output systemctl daemon-reload
|
hide_output systemctl daemon-reload
|
||||||
hide_output systemctl unmask munin.service
|
hide_output systemctl unmask munin.service
|
||||||
hide_output systemctl enable munin.service
|
hide_output systemctl enable munin.service
|
||||||
|
Loading…
Reference in New Issue
Block a user