diff --git a/README.md b/README.md index c46ee6fa..34b7681d 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,9 @@ Upstream current implemented version: *v67* (v67-AiutoPcAmico) - At the moment, OwnCloud is disabled, because it not supports php8.2 - Updated php to version 8.2 - Changed SMTP server sign +- more restrictive Fail2Ban configuration +- ask the user if he wants to disable the graylist ## Future implementation -- ask the user if he wants to disable the graylist - Changing the default index page more easily diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf index 5ad4c341..73534651 100644 --- a/conf/fail2ban/jails.conf +++ b/conf/fail2ban/jails.conf @@ -11,24 +11,24 @@ ignoreip = 127.0.0.1/8 PUBLIC_IP ::1 PUBLIC_IPV6 enabled = true filter = dovecotimap logpath = /var/log/mail.log -findtime = 30 -maxretry = 20 +findtime = 10 +maxretry = 120 [miab-management] enabled = true filter = miab-management-daemon port = http,https logpath = /var/log/syslog -maxretry = 20 -findtime = 30 +maxretry = 10 +findtime = 120 [miab-munin] enabled = true port = http,https filter = miab-munin logpath = /var/log/nginx/access.log -maxretry = 20 -findtime = 30 +maxretry = 3 +findtime = 120 #Disabling owncloud, that is not compatible with php 8.2 but I don't need it #[miab-owncloud] @@ -44,28 +44,28 @@ enabled = true port = 465 filter = miab-postfix-submission logpath = /var/log/mail.log -maxretry = 20 -findtime = 30 +maxretry = 10 +findtime = 120 [miab-postfix587] enabled = true port = 587 filter = miab-postfix-submission logpath = /var/log/mail.log -maxretry = 20 -findtime = 30 +maxretry = 10 +findtime = 120 [miab-roundcube] enabled = true port = http,https filter = miab-roundcube logpath = /var/log/roundcubemail/errors.log -maxretry = 20 -findtime = 30 +maxretry = 5 +findtime = 120 [recidive] enabled = true -maxretry = 10 +maxretry = 5 action = iptables-allports[name=recidive] # In the recidive section of jail.conf the action contains: # @@ -83,5 +83,5 @@ enabled = true [sshd] enabled = true -maxretry = 7 +maxretry = 5 bantime = 3600 diff --git a/conf/www_default.html b/conf/www_default.html index 68d0366b..c98f45cc 100644 --- a/conf/www_default.html +++ b/conf/www_default.html @@ -1,10 +1,37 @@ - - this is a mail-in-a-box - - - -

this is a mail-in-a-box

-

take control of your email at https://mailinabox.email/

- - + + + Welcome!! + + + + +

Questo è il mio dominio personale!

+

This is my own domain!

+
+

Italiano 🇮🇹

+

Questo dominio (domain name here) è ad uso esclusivamente personale. Non vi alcun contenuto fruibile + pubblicamente.
+ Se avete raggiunto questa pagina attraverso altri domini,si tratta di un errore.

+ Alcuni webmaster distratti hanno impostato voci DNS per risolvere i loro nomi di dominio nel mio indirizzo + IP.
+ Questa è una contromisura per impedire che altri nomi di dominio risolvano il mio dominio.

+ Vi chiedo dunque di abbandonare immediatamente questa pagina!
+ Grazie! +

+
+

English 🇺🇸

+

+ This domain (domain name here) is for personal use only. There is no publicly available content.
+ If you have reached this page through other domains, this is an error.

+ + Some careless webmasters have set up DNS entries to resolve their domain names to my IP address.
+ This is a countermeasure to prevent other domain names from resolving my domain.

+ + I therefore ask you to leave this page immediately!
+ Thank you! +

+ + + + \ No newline at end of file diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh deleted file mode 100644 index e69de29b..00000000 diff --git a/setup/functions.sh b/setup/functions.sh index e7422c09..0309d6ff 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -4,7 +4,10 @@ # -o pipefail: don't ignore errors in the non-last command in a pipeline set -euo pipefail +# START AiutoPcAmico modification PHP_VER=8.2 +greylistDisabled=false +# END AiutoPcAmico modification function hide_output { # This function hides the output of a command unless the command fails @@ -16,7 +19,7 @@ function hide_output { # Execute command, redirecting stderr/stdout to the temporary file. Since we # check the return code ourselves, disable 'set -e' temporarily. set +e - "$@" &> $OUTPUT + "$@" &>$OUTPUT E=$? set -e @@ -62,9 +65,9 @@ function get_default_hostname { # Guess the machine's hostname. It should be a fully qualified # domain name suitable for DNS. None of these calls may provide # the right value, but it's the best guess we can make. - set -- $(hostname --fqdn 2>/dev/null || - hostname --all-fqdns 2>/dev/null || - hostname 2>/dev/null) + set -- $(hostname --fqdn 2>/dev/null || + hostname --all-fqdns 2>/dev/null || + hostname 2>/dev/null) printf '%s\n' "$1" # return this value } @@ -137,14 +140,14 @@ function get_default_privateip { function ufw_allow { if [ -z "${DISABLE_FIREWALL:-}" ]; then # ufw has completely unhelpful output - ufw allow "$1" > /dev/null; + ufw allow "$1" >/dev/null fi } function ufw_limit { if [ -z "${DISABLE_FIREWALL:-}" ]; then # ufw has completely unhelpful output - ufw limit "$1" > /dev/null; + ufw limit "$1" >/dev/null fi } @@ -170,6 +173,20 @@ function input_box { set -e } +# START AiutoPcAmico modification +function input_yesno { + # input_yesno "title" "prompt" VARIABLE + # Asking to the user a question, when the response can be only true or false + # ATTENTION: I am using only result_code, because with --yesno I don't have a response! + declare -n result_code=$3_EXITCODE + set +e + result_temp=$(dialog --stdout --title "$1" --yesno "$2" 0 0) + result_code=$? + set -e +} + +# END AiutoPcAmico modification + function input_menu { # input_menu "title" "prompt" "tag item tag item" VARIABLE # The user's input will be stored in the variable VARIABLE. @@ -192,7 +209,7 @@ function wget_verify { CHECKSUM="$HASH $DEST" rm -f $DEST hide_output wget -O $DEST $URL - if ! echo "$CHECKSUM" | sha1sum --check --strict > /dev/null; then + if ! echo "$CHECKSUM" | sha1sum --check --strict >/dev/null; then echo "------------------------------------------------------------" echo "Download of $URL did not match expected checksum." echo "Found:" @@ -218,7 +235,10 @@ function git_clone { TMPPATH=/tmp/git-clone-$$ rm -rf $TMPPATH $TARGETPATH git clone -q $REPO $TMPPATH || exit 1 - (cd $TMPPATH; git checkout -q $TREEISH;) || exit 1 + ( + cd $TMPPATH + git checkout -q $TREEISH + ) || exit 1 mv $TMPPATH/$SUBDIR $TARGETPATH rm -rf $TMPPATH } diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh index 8cd15696..c2b9cbd9 100755 --- a/setup/mail-postfix.sh +++ b/setup/mail-postfix.sh @@ -301,6 +301,15 @@ ufw_allow smtp ufw_allow smtps ufw_allow submission +# START AiutoPcAmico modification +if [[ "$greylistDisabled" == "true" ]]; then + echo "I'm disabling the greylist" + echo "/.*/" > "/etc/postgrey/whitelist_clients.local" +else + echo "I'm leaving the greylist enabled" +fi +# END AiutoPcAmico modification + # Restart services restart_service postfix diff --git a/setup/questions.sh b/setup/questions.sh index 7866461c..be9e9760 100644 --- a/setup/questions.sh +++ b/setup/questions.sh @@ -9,13 +9,13 @@ if [ -z "${NONINTERACTIVE:-}" ]; then if [ ! -f /usr/bin/dialog ] || [ ! -f /usr/bin/python3 ] || [ ! -f /usr/bin/pip3 ]; then echo Installing packages needed for setup... apt-get -q -q update - apt_get_quiet install dialog python3 python3-pip || exit 1 + apt_get_quiet install dialog python3 python3-pip || exit 1 fi echo "install vintual env for python3" hide_output apt install python3-venv - hide_output python3 -m venv mailinabox - hide_output source mailinabox/bin/activate + hide_output python3 -m venv mailinabox + hide_output source mailinabox/bin/activate # Installing email_validator is repeated in setup/management.sh, but in setup/management.sh # we install it inside a virtualenv. In this script, we don't have the virtualenv yet @@ -41,7 +41,7 @@ if [ -z "${PRIMARY_HOSTNAME:-}" ]; then # This is the first run. Ask the user for his email address so we can # provide the best default for the box's hostname. input_box "Your Email Address" \ -"What email address are you setting this box up to manage? + "What email address are you setting this box up to manage? \n\nThe part after the @-sign must be a domain name or subdomain that you control. You can add other email addresses to this box later (including email addresses on other domain names @@ -56,8 +56,7 @@ you really want. # user hit ESC/cancel exit fi - while ! python3 management/mailconfig.py validate-email "$EMAIL_ADDR" - do + while ! python3 management/mailconfig.py validate-email "$EMAIL_ADDR"; do input_box "Your Email Address" \ "That's not a valid email address.\n\nWhat email address are you setting this box up to manage?" \ $EMAIL_ADDR \ @@ -74,7 +73,7 @@ you really want. fi input_box "Hostname" \ -"This box needs a name, called a 'hostname'. The name will form a part of the box's web address. + "This box needs a name, called a 'hostname'. The name will form a part of the box's web address. \n\nWe recommend that the name be a subdomain of the domain in your email address, so we're suggesting $DEFAULT_PRIMARY_HOSTNAME. \n\nYou can change it, but we recommend you don't. @@ -215,3 +214,25 @@ if [ -f /usr/bin/git ] && [ -d .git ]; then echo "Mail-in-a-Box Version: " $(git describe --always) fi echo + +# START AiutoPcAmico modification +#ask to the user if he wants to disable greylist +input_yesno "Greylist" \ + "This box implements the postgrey greylist, in order to protect you against spam. +\nIs a very useful package, but sometimes you want to disable it (usually you get TOTP after some minutes...). +\nMore info at https://postgrey.schweikert.ch +\nDo you want to disable it?" RESPONSE + +if [ -z "$RESPONSE" ]; then + # user hit ESC/cancel + exit +fi + +if [ "$RESPONSE" -eq "0" ]; then + echo "After installing postfix, I will disable the greylist function" + greylistDisabled=true +else + echo "Ok, I won't disable the greylist function" + greylistDisabled=false +fi +# END AiutoPcAmico modification diff --git a/setup/start.sh b/setup/start.sh index c2956a51..dc820d2b 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -117,6 +117,7 @@ source setup/dkim.sh source setup/spamassassin.sh source setup/web.sh source setup/webmail.sh +# at the moment not installing nextcloud, because is not compatible with php8.2 #source setup/nextcloud.sh source setup/zpush.sh source setup/management.sh