external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-03 00:07:05 +00:00
Code Issues Releases Wiki Activity

- Added disable greylist functions

Browse Source 
- removed bootstrap script, I don't need because cloning repository
- Changed default mail-in-a-box homepage
This commit is contained in:
AiutoPcAmico 2023-12-29 09:41:44 +01:00
parent e541686dcb
commit 6b2e165f0d
8 changed files with 118 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -12,8 +12,9 @@ Upstream current implemented version: *v67* (v67-AiutoPcAmico)
- At the moment, OwnCloud is disabled, because it not supports php8.2 - At the moment, OwnCloud is disabled, because it not supports php8.2
- Updated php to version 8.2 - Updated php to version 8.2
- Changed SMTP server sign - Changed SMTP server sign
- more restrictive Fail2Ban configuration
- ask the user if he wants to disable the graylist
## Future implementation ## Future implementation
- ask the user if he wants to disable the graylist
- Changing the default index page more easily - Changing the default index page more easily

28
conf/fail2ban/jails.conf
View File

@ -11,24 +11,24 @@ ignoreip = 127.0.0.1/8 PUBLIC_IP ::1 PUBLIC_IPV6
enabled = true enabled = true
filter = dovecotimap filter = dovecotimap
logpath = /var/log/mail.log logpath = /var/log/mail.log
findtime = 30 findtime = 10
maxretry = 20 maxretry = 120
[miab-management] [miab-management]
enabled = true enabled = true
filter = miab-management-daemon filter = miab-management-daemon
port = http,https port = http,https
logpath = /var/log/syslog logpath = /var/log/syslog
maxretry = 20 maxretry = 10
findtime = 30 findtime = 120
[miab-munin] [miab-munin]
enabled = true enabled = true
port = http,https port = http,https
filter = miab-munin filter = miab-munin
logpath = /var/log/nginx/access.log logpath = /var/log/nginx/access.log
maxretry = 20 maxretry = 3
findtime = 30 findtime = 120
#Disabling owncloud, that is not compatible with php 8.2 but I don't need it #Disabling owncloud, that is not compatible with php 8.2 but I don't need it
#[miab-owncloud] #[miab-owncloud]
@ -44,28 +44,28 @@ enabled = true
port = 465 port = 465
filter = miab-postfix-submission filter = miab-postfix-submission
logpath = /var/log/mail.log logpath = /var/log/mail.log
maxretry = 20 maxretry = 10
findtime = 30 findtime = 120
[miab-postfix587] [miab-postfix587]
enabled = true enabled = true
port = 587 port = 587
filter = miab-postfix-submission filter = miab-postfix-submission
logpath = /var/log/mail.log logpath = /var/log/mail.log
maxretry = 20 maxretry = 10
findtime = 30 findtime = 120
[miab-roundcube] [miab-roundcube]
enabled = true enabled = true
port = http,https port = http,https
filter = miab-roundcube filter = miab-roundcube
logpath = /var/log/roundcubemail/errors.log logpath = /var/log/roundcubemail/errors.log
maxretry = 20 maxretry = 5
findtime = 30 findtime = 120
[recidive] [recidive]
enabled = true enabled = true
maxretry = 10 maxretry = 5
action = iptables-allports[name=recidive] action = iptables-allports[name=recidive]
# In the recidive section of jail.conf the action contains: # In the recidive section of jail.conf the action contains:
# #
@ -83,5 +83,5 @@ enabled = true
[sshd] [sshd]
enabled = true enabled = true
maxretry = 7 maxretry = 5
bantime = 3600 bantime = 3600

45
conf/www_default.html
View File

@ -1,10 +1,37 @@
<html> <html>
<head>
<title>this is a mail-in-a-box</title> <head>
<meta name="robots" content="noindex"> <title>Welcome!!</title>
</head> <meta name="robots" content="noindex">
<body> </head>
<h1>this is a mail-in-a-box</h1>
<p>take control of your email at <a href="https://mailinabox.email/">https://mailinabox.email/</a></p> <body>
</body> <h1>Questo &egrave il mio dominio personale!</h1>
</html> <h2>This is my own domain!</h2>
<br>
<h2>Italiano &#127470;&#127481;</h2>
<p>Questo dominio (<i>domain name here</i>) &egrave ad uso esclusivamente personale. Non vi alcun contenuto fruibile
pubblicamente.<br>
Se avete raggiunto questa pagina attraverso altri domini,si tratta di un errore.<br><br>
Alcuni webmaster distratti hanno impostato voci DNS per risolvere i loro nomi di dominio nel mio indirizzo
IP.<br>
Questa &egrave una contromisura per impedire che altri nomi di dominio risolvano il mio dominio.<br><br>
Vi chiedo dunque di abbandonare <u>immediatamente</u> questa pagina!<br>
Grazie!
</p>
<br>
<h2>English &#127482;&#127480;</h2>
<p>
This domain (<i>domain name here</i>) is for personal use only. There is no publicly available content.<br>
If you have reached this page through other domains, this is an error.<br><br>
Some careless webmasters have set up DNS entries to resolve their domain names to my IP address.<br>
This is a countermeasure to prevent other domain names from resolving my domain.<br><br>
I therefore ask you to leave this page <u>immediately</u>!<br>
Thank you!
</p>
</body>
</html>

0
setup/bootstrap.sh
View File

36
setup/functions.sh
View File

@ -4,7 +4,10 @@
# -o pipefail: don't ignore errors in the non-last command in a pipeline # -o pipefail: don't ignore errors in the non-last command in a pipeline
set -euo pipefail set -euo pipefail
# START AiutoPcAmico modification
PHP_VER=8.2 PHP_VER=8.2
greylistDisabled=false
# END AiutoPcAmico modification
function hide_output { function hide_output {
# This function hides the output of a command unless the command fails # This function hides the output of a command unless the command fails
@ -16,7 +19,7 @@ function hide_output {
# Execute command, redirecting stderr/stdout to the temporary file. Since we # Execute command, redirecting stderr/stdout to the temporary file. Since we
# check the return code ourselves, disable 'set -e' temporarily. # check the return code ourselves, disable 'set -e' temporarily.
set +e set +e
"$@" &> $OUTPUT "$@" &>$OUTPUT
E=$? E=$?
set -e set -e
@ -62,9 +65,9 @@ function get_default_hostname {
# Guess the machine's hostname. It should be a fully qualified # Guess the machine's hostname. It should be a fully qualified
# domain name suitable for DNS. None of these calls may provide # domain name suitable for DNS. None of these calls may provide
# the right value, but it's the best guess we can make. # the right value, but it's the best guess we can make.
set -- $(hostname --fqdn 2>/dev/null || set -- $(hostname --fqdn 2>/dev/null ||
hostname --all-fqdns 2>/dev/null || hostname --all-fqdns 2>/dev/null ||
hostname 2>/dev/null) hostname 2>/dev/null)
printf '%s\n' "$1" # return this value printf '%s\n' "$1" # return this value
} }
@ -137,14 +140,14 @@ function get_default_privateip {
function ufw_allow { function ufw_allow {
if [ -z "${DISABLE_FIREWALL:-}" ]; then if [ -z "${DISABLE_FIREWALL:-}" ]; then
# ufw has completely unhelpful output # ufw has completely unhelpful output
ufw allow "$1" > /dev/null; ufw allow "$1" >/dev/null
fi fi
} }
function ufw_limit { function ufw_limit {
if [ -z "${DISABLE_FIREWALL:-}" ]; then if [ -z "${DISABLE_FIREWALL:-}" ]; then
# ufw has completely unhelpful output # ufw has completely unhelpful output
ufw limit "$1" > /dev/null; ufw limit "$1" >/dev/null
fi fi
} }
@ -170,6 +173,20 @@ function input_box {
set -e set -e
} }
# START AiutoPcAmico modification
function input_yesno {
# input_yesno "title" "prompt" VARIABLE
# Asking to the user a question, when the response can be only true or false
# ATTENTION: I am using only result_code, because with --yesno I don't have a response!
declare -n result_code=$3_EXITCODE
set +e
result_temp=$(dialog --stdout --title "$1" --yesno "$2" 0 0)
result_code=$?
set -e
}
# END AiutoPcAmico modification
function input_menu { function input_menu {
# input_menu "title" "prompt" "tag item tag item" VARIABLE # input_menu "title" "prompt" "tag item tag item" VARIABLE
# The user's input will be stored in the variable VARIABLE. # The user's input will be stored in the variable VARIABLE.
@ -192,7 +209,7 @@ function wget_verify {
CHECKSUM="$HASH $DEST" CHECKSUM="$HASH $DEST"
rm -f $DEST rm -f $DEST
hide_output wget -O $DEST $URL hide_output wget -O $DEST $URL
if ! echo "$CHECKSUM" | sha1sum --check --strict > /dev/null; then if ! echo "$CHECKSUM" | sha1sum --check --strict >/dev/null; then
echo "------------------------------------------------------------" echo "------------------------------------------------------------"
echo "Download of $URL did not match expected checksum." echo "Download of $URL did not match expected checksum."
echo "Found:" echo "Found:"
@ -218,7 +235,10 @@ function git_clone {
TMPPATH=/tmp/git-clone-$$ TMPPATH=/tmp/git-clone-$$
rm -rf $TMPPATH $TARGETPATH rm -rf $TMPPATH $TARGETPATH
git clone -q $REPO $TMPPATH || exit 1 git clone -q $REPO $TMPPATH || exit 1
(cd $TMPPATH; git checkout -q $TREEISH;) || exit 1 (
cd $TMPPATH
git checkout -q $TREEISH
) || exit 1
mv $TMPPATH/$SUBDIR $TARGETPATH mv $TMPPATH/$SUBDIR $TARGETPATH
rm -rf $TMPPATH rm -rf $TMPPATH
} }

9
setup/mail-postfix.sh
View File

@ -301,6 +301,15 @@ ufw_allow smtp
ufw_allow smtps ufw_allow smtps
ufw_allow submission ufw_allow submission
# START AiutoPcAmico modification
if [[ "$greylistDisabled" == "true" ]]; then
echo "I'm disabling the greylist"
echo "/.*/" > "/etc/postgrey/whitelist_clients.local"
else
echo "I'm leaving the greylist enabled"
fi
# END AiutoPcAmico modification
# Restart services # Restart services
restart_service postfix restart_service postfix

35
setup/questions.sh
View File

@ -9,13 +9,13 @@ if [ -z "${NONINTERACTIVE:-}" ]; then
if [ ! -f /usr/bin/dialog ] || [ ! -f /usr/bin/python3 ] || [ ! -f /usr/bin/pip3 ]; then if [ ! -f /usr/bin/dialog ] || [ ! -f /usr/bin/python3 ] || [ ! -f /usr/bin/pip3 ]; then
echo Installing packages needed for setup... echo Installing packages needed for setup...
apt-get -q -q update apt-get -q -q update
apt_get_quiet install dialog python3 python3-pip || exit 1 apt_get_quiet install dialog python3 python3-pip || exit 1
fi fi
echo "install vintual env for python3" echo "install vintual env for python3"
hide_output apt install python3-venv hide_output apt install python3-venv
hide_output python3 -m venv mailinabox hide_output python3 -m venv mailinabox
hide_output source mailinabox/bin/activate hide_output source mailinabox/bin/activate
# Installing email_validator is repeated in setup/management.sh, but in setup/management.sh # Installing email_validator is repeated in setup/management.sh, but in setup/management.sh
# we install it inside a virtualenv. In this script, we don't have the virtualenv yet # we install it inside a virtualenv. In this script, we don't have the virtualenv yet
@ -41,7 +41,7 @@ if [ -z "${PRIMARY_HOSTNAME:-}" ]; then
# This is the first run. Ask the user for his email address so we can # This is the first run. Ask the user for his email address so we can
# provide the best default for the box's hostname. # provide the best default for the box's hostname.
input_box "Your Email Address" \ input_box "Your Email Address" \
"What email address are you setting this box up to manage? "What email address are you setting this box up to manage?
\n\nThe part after the @-sign must be a domain name or subdomain \n\nThe part after the @-sign must be a domain name or subdomain
that you control. You can add other email addresses to this that you control. You can add other email addresses to this
box later (including email addresses on other domain names box later (including email addresses on other domain names
@ -56,8 +56,7 @@ you really want.
# user hit ESC/cancel # user hit ESC/cancel
exit exit
fi fi
while ! python3 management/mailconfig.py validate-email "$EMAIL_ADDR" while ! python3 management/mailconfig.py validate-email "$EMAIL_ADDR"; do
do
input_box "Your Email Address" \ input_box "Your Email Address" \
"That's not a valid email address.\n\nWhat email address are you setting this box up to manage?" \ "That's not a valid email address.\n\nWhat email address are you setting this box up to manage?" \
$EMAIL_ADDR \ $EMAIL_ADDR \
@ -74,7 +73,7 @@ you really want.
fi fi
input_box "Hostname" \ input_box "Hostname" \
"This box needs a name, called a 'hostname'. The name will form a part of the box's web address. "This box needs a name, called a 'hostname'. The name will form a part of the box's web address.
\n\nWe recommend that the name be a subdomain of the domain in your email \n\nWe recommend that the name be a subdomain of the domain in your email
address, so we're suggesting $DEFAULT_PRIMARY_HOSTNAME. address, so we're suggesting $DEFAULT_PRIMARY_HOSTNAME.
\n\nYou can change it, but we recommend you don't. \n\nYou can change it, but we recommend you don't.
@ -215,3 +214,25 @@ if [ -f /usr/bin/git ] && [ -d .git ]; then
echo "Mail-in-a-Box Version: " $(git describe --always) echo "Mail-in-a-Box Version: " $(git describe --always)
fi fi
echo echo
# START AiutoPcAmico modification
#ask to the user if he wants to disable greylist
input_yesno "Greylist" \
"This box implements the postgrey greylist, in order to protect you against spam.
\nIs a very useful package, but sometimes you want to disable it (usually you get TOTP after some minutes...).
\nMore info at https://postgrey.schweikert.ch
\nDo you want to disable it?" RESPONSE
if [ -z "$RESPONSE" ]; then
# user hit ESC/cancel
exit
fi
if [ "$RESPONSE" -eq "0" ]; then
echo "After installing postfix, I will disable the greylist function"
greylistDisabled=true
else
echo "Ok, I won't disable the greylist function"
greylistDisabled=false
fi
# END AiutoPcAmico modification

1
setup/start.sh
View File

@ -117,6 +117,7 @@ source setup/dkim.sh
source setup/spamassassin.sh source setup/spamassassin.sh
source setup/web.sh source setup/web.sh
source setup/webmail.sh source setup/webmail.sh
# at the moment not installing nextcloud, because is not compatible with php8.2
#source setup/nextcloud.sh #source setup/nextcloud.sh
source setup/zpush.sh source setup/zpush.sh
source setup/management.sh source setup/management.sh