From 6b2e165f0ddbca746944bfc4ad85d39ad3d13e2c Mon Sep 17 00:00:00 2001
From: AiutoPcAmico <98831402+AiutoPcAmico@users.noreply.github.com>
Date: Fri, 29 Dec 2023 09:41:44 +0100
Subject: [PATCH] - Added disable greylist functions - removed bootstrap
 script, I don't need because cloning repository - Changed default
 mail-in-a-box homepage

---
 README.md                |  3 ++-
 conf/fail2ban/jails.conf | 28 ++++++++++++-------------
 conf/www_default.html    | 45 ++++++++++++++++++++++++++++++++--------
 setup/bootstrap.sh       |  0
 setup/functions.sh       | 36 +++++++++++++++++++++++++-------
 setup/mail-postfix.sh    |  9 ++++++++
 setup/questions.sh       | 35 ++++++++++++++++++++++++-------
 setup/start.sh           |  1 +
 8 files changed, 118 insertions(+), 39 deletions(-)
 delete mode 100644 setup/bootstrap.sh

diff --git a/README.md b/README.md
index c46ee6fa..34b7681d 100644
--- a/README.md
+++ b/README.md
@@ -12,8 +12,9 @@ Upstream current implemented version: *v67* (v67-AiutoPcAmico)
 - At the moment, OwnCloud is disabled, because it not supports php8.2
 - Updated php to version 8.2
 - Changed SMTP server sign
+- more restrictive Fail2Ban configuration
+- ask the user if he wants to disable the graylist
 
 ## Future implementation
 
-- ask the user if he wants to disable the graylist
 - Changing the default index page more easily
diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf
index 5ad4c341..73534651 100644
--- a/conf/fail2ban/jails.conf
+++ b/conf/fail2ban/jails.conf
@@ -11,24 +11,24 @@ ignoreip = 127.0.0.1/8 PUBLIC_IP ::1 PUBLIC_IPV6
 enabled = true
 filter  = dovecotimap
 logpath = /var/log/mail.log
-findtime = 30
-maxretry = 20
+findtime = 10
+maxretry = 120
 
 [miab-management]
 enabled = true
 filter = miab-management-daemon
 port = http,https
 logpath = /var/log/syslog
-maxretry = 20
-findtime = 30
+maxretry = 10
+findtime = 120
 
 [miab-munin]
 enabled  = true
 port     = http,https
 filter   = miab-munin
 logpath  = /var/log/nginx/access.log
-maxretry = 20
-findtime = 30
+maxretry = 3
+findtime = 120
 
 #Disabling owncloud, that is not compatible with php 8.2 but I don't need it
 #[miab-owncloud]
@@ -44,28 +44,28 @@ enabled  = true
 port     = 465
 filter   = miab-postfix-submission
 logpath  = /var/log/mail.log
-maxretry = 20
-findtime = 30
+maxretry = 10
+findtime = 120
 
 [miab-postfix587]
 enabled  = true
 port     = 587
 filter   = miab-postfix-submission
 logpath  = /var/log/mail.log
-maxretry = 20
-findtime = 30
+maxretry = 10
+findtime = 120
 
 [miab-roundcube]
 enabled  = true
 port     = http,https
 filter   = miab-roundcube
 logpath  = /var/log/roundcubemail/errors.log
-maxretry = 20
-findtime = 30
+maxretry = 5
+findtime = 120
 
 [recidive]
 enabled  = true
-maxretry = 10
+maxretry = 5
 action   = iptables-allports[name=recidive]
 # In the recidive section of jail.conf the action contains:
 #
@@ -83,5 +83,5 @@ enabled  = true
 
 [sshd]
 enabled = true
-maxretry = 7
+maxretry = 5
 bantime = 3600
diff --git a/conf/www_default.html b/conf/www_default.html
index 68d0366b..c98f45cc 100644
--- a/conf/www_default.html
+++ b/conf/www_default.html
@@ -1,10 +1,37 @@
 <html>
-	<head>
-		<title>this is a mail-in-a-box</title>
-		<meta name="robots" content="noindex">
-	</head>
-	<body>
-		<h1>this is a mail-in-a-box</h1>
-		<p>take control of your email at <a href="https://mailinabox.email/">https://mailinabox.email/</a></p>
-	</body>
-</html>
+
+<head>
+	<title>Welcome!!</title>
+	<meta name="robots" content="noindex">
+</head>
+
+<body>
+	<h1>Questo &egrave il mio dominio personale!</h1>
+	<h2>This is my own domain!</h2>
+	<br>
+	<h2>Italiano &#127470;&#127481;</h2>
+	<p>Questo dominio (<i>domain name here</i>) &egrave ad uso esclusivamente personale. Non vi alcun contenuto fruibile
+		pubblicamente.<br>
+		Se avete raggiunto questa pagina attraverso altri domini,si tratta di un errore.<br><br>
+		Alcuni webmaster distratti hanno impostato voci DNS per risolvere i loro nomi di dominio nel mio indirizzo
+		IP.<br>
+		Questa &egrave una contromisura per impedire che altri nomi di dominio risolvano il mio dominio.<br><br>
+		Vi chiedo dunque di abbandonare <u>immediatamente</u> questa pagina!<br>
+		Grazie!
+	</p>
+	<br>
+	<h2>English &#127482;&#127480;</h2>
+	<p>
+		This domain (<i>domain name here</i>) is for personal use only. There is no publicly available content.<br>
+		If you have reached this page through other domains, this is an error.<br><br>
+
+		Some careless webmasters have set up DNS entries to resolve their domain names to my IP address.<br>
+		This is a countermeasure to prevent other domain names from resolving my domain.<br><br>
+
+		I therefore ask you to leave this page <u>immediately</u>!<br>
+		Thank you!
+	</p>
+
+</body>
+
+</html>
\ No newline at end of file
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
deleted file mode 100644
index e69de29b..00000000
diff --git a/setup/functions.sh b/setup/functions.sh
index e7422c09..0309d6ff 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -4,7 +4,10 @@
 # -o pipefail: don't ignore errors in the non-last command in a pipeline
 set -euo pipefail
 
+# START AiutoPcAmico modification
 PHP_VER=8.2
+greylistDisabled=false
+# END AiutoPcAmico modification
 
 function hide_output {
 	# This function hides the output of a command unless the command fails
@@ -16,7 +19,7 @@ function hide_output {
 	# Execute command, redirecting stderr/stdout to the temporary file. Since we
 	# check the return code ourselves, disable 'set -e' temporarily.
 	set +e
-	"$@" &> $OUTPUT
+	"$@" &>$OUTPUT
 	E=$?
 	set -e
 
@@ -62,9 +65,9 @@ function get_default_hostname {
 	# Guess the machine's hostname. It should be a fully qualified
 	# domain name suitable for DNS. None of these calls may provide
 	# the right value, but it's the best guess we can make.
-	set -- $(hostname --fqdn      2>/dev/null ||
-                 hostname --all-fqdns 2>/dev/null ||
-                 hostname             2>/dev/null)
+	set -- $(hostname --fqdn 2>/dev/null ||
+		hostname --all-fqdns 2>/dev/null ||
+		hostname 2>/dev/null)
 	printf '%s\n' "$1" # return this value
 }
 
@@ -137,14 +140,14 @@ function get_default_privateip {
 function ufw_allow {
 	if [ -z "${DISABLE_FIREWALL:-}" ]; then
 		# ufw has completely unhelpful output
-		ufw allow "$1" > /dev/null;
+		ufw allow "$1" >/dev/null
 	fi
 }
 
 function ufw_limit {
 	if [ -z "${DISABLE_FIREWALL:-}" ]; then
 		# ufw has completely unhelpful output
-		ufw limit "$1" > /dev/null;
+		ufw limit "$1" >/dev/null
 	fi
 }
 
@@ -170,6 +173,20 @@ function input_box {
 	set -e
 }
 
+# START AiutoPcAmico modification
+function input_yesno {
+	# input_yesno "title" "prompt" VARIABLE
+	# Asking to the user a question, when the response can be only true or false
+	# ATTENTION: I am using only result_code, because with --yesno I don't have a response!
+	declare -n result_code=$3_EXITCODE
+	set +e
+	result_temp=$(dialog --stdout --title "$1" --yesno "$2" 0 0)
+	result_code=$?
+	set -e
+}
+
+# END AiutoPcAmico modification
+
 function input_menu {
 	# input_menu "title" "prompt" "tag item tag item" VARIABLE
 	# The user's input will be stored in the variable VARIABLE.
@@ -192,7 +209,7 @@ function wget_verify {
 	CHECKSUM="$HASH  $DEST"
 	rm -f $DEST
 	hide_output wget -O $DEST $URL
-	if ! echo "$CHECKSUM" | sha1sum --check --strict > /dev/null; then
+	if ! echo "$CHECKSUM" | sha1sum --check --strict >/dev/null; then
 		echo "------------------------------------------------------------"
 		echo "Download of $URL did not match expected checksum."
 		echo "Found:"
@@ -218,7 +235,10 @@ function git_clone {
 	TMPPATH=/tmp/git-clone-$$
 	rm -rf $TMPPATH $TARGETPATH
 	git clone -q $REPO $TMPPATH || exit 1
-	(cd $TMPPATH; git checkout -q $TREEISH;) || exit 1
+	(
+		cd $TMPPATH
+		git checkout -q $TREEISH
+	) || exit 1
 	mv $TMPPATH/$SUBDIR $TARGETPATH
 	rm -rf $TMPPATH
 }
diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 8cd15696..c2b9cbd9 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -301,6 +301,15 @@ ufw_allow smtp
 ufw_allow smtps
 ufw_allow submission
 
+# START AiutoPcAmico modification
+if [[ "$greylistDisabled" == "true" ]]; then
+        echo "I'm disabling the greylist"
+        echo "/.*/" > "/etc/postgrey/whitelist_clients.local"
+else
+        echo "I'm leaving the greylist enabled"
+fi
+# END AiutoPcAmico modification
+
 # Restart services
 
 restart_service postfix
diff --git a/setup/questions.sh b/setup/questions.sh
index 7866461c..be9e9760 100644
--- a/setup/questions.sh
+++ b/setup/questions.sh
@@ -9,13 +9,13 @@ if [ -z "${NONINTERACTIVE:-}" ]; then
 	if [ ! -f /usr/bin/dialog ] || [ ! -f /usr/bin/python3 ] || [ ! -f /usr/bin/pip3 ]; then
 		echo Installing packages needed for setup...
 		apt-get -q -q update
-		apt_get_quiet install dialog python3 python3-pip  || exit 1
+		apt_get_quiet install dialog python3 python3-pip || exit 1
 	fi
 
 	echo "install vintual env for python3"
 	hide_output apt install python3-venv
-   	hide_output python3 -m venv mailinabox
-    hide_output source mailinabox/bin/activate
+	hide_output python3 -m venv mailinabox
+	hide_output source mailinabox/bin/activate
 
 	# Installing email_validator is repeated in setup/management.sh, but in setup/management.sh
 	# we install it inside a virtualenv. In this script, we don't have the virtualenv yet
@@ -41,7 +41,7 @@ if [ -z "${PRIMARY_HOSTNAME:-}" ]; then
 		# This is the first run. Ask the user for his email address so we can
 		# provide the best default for the box's hostname.
 		input_box "Your Email Address" \
-"What email address are you setting this box up to manage?
+			"What email address are you setting this box up to manage?
 \n\nThe part after the @-sign must be a domain name or subdomain
 that you control. You can add other email addresses to this
 box later (including email addresses on other domain names
@@ -56,8 +56,7 @@ you really want.
 			# user hit ESC/cancel
 			exit
 		fi
-		while ! python3 management/mailconfig.py validate-email "$EMAIL_ADDR"
-		do
+		while ! python3 management/mailconfig.py validate-email "$EMAIL_ADDR"; do
 			input_box "Your Email Address" \
 				"That's not a valid email address.\n\nWhat email address are you setting this box up to manage?" \
 				$EMAIL_ADDR \
@@ -74,7 +73,7 @@ you really want.
 	fi
 
 	input_box "Hostname" \
-"This box needs a name, called a 'hostname'. The name will form a part of the box's web address.
+		"This box needs a name, called a 'hostname'. The name will form a part of the box's web address.
 \n\nWe recommend that the name be a subdomain of the domain in your email
 address, so we're suggesting $DEFAULT_PRIMARY_HOSTNAME.
 \n\nYou can change it, but we recommend you don't.
@@ -215,3 +214,25 @@ if [ -f /usr/bin/git ] && [ -d .git ]; then
 	echo "Mail-in-a-Box Version: " $(git describe --always)
 fi
 echo
+
+# START AiutoPcAmico modification
+#ask to the user if he wants to disable greylist
+input_yesno "Greylist" \
+	"This box implements the postgrey greylist, in order to protect you against spam.
+\nIs a very useful package, but sometimes you want to disable it (usually you get TOTP after some minutes...).
+\nMore info at https://postgrey.schweikert.ch
+\nDo you want to disable it?" RESPONSE
+
+if [ -z "$RESPONSE" ]; then
+	# user hit ESC/cancel
+	exit
+fi
+
+if [ "$RESPONSE" -eq "0" ]; then
+	echo "After installing postfix, I will disable the greylist function"
+	greylistDisabled=true
+else
+	echo "Ok, I won't disable the greylist function"
+	greylistDisabled=false
+fi
+# END AiutoPcAmico modification
diff --git a/setup/start.sh b/setup/start.sh
index c2956a51..dc820d2b 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -117,6 +117,7 @@ source setup/dkim.sh
 source setup/spamassassin.sh
 source setup/web.sh
 source setup/webmail.sh
+# at the moment not installing nextcloud, because is not compatible with php8.2
 #source setup/nextcloud.sh
 source setup/zpush.sh
 source setup/management.sh