external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-13 17:17:23 +01:00
Code Issues Releases Wiki Activity

Merge branch 'miab-config' into extended

Browse Source
This commit is contained in:
John Supplee
2019-03-09 11:05:41 +02:00
parent adf7a31866 075bdc7063
commit 7a0c5ea910
13 changed files with 218 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
setup/mail-postfix.sh
View File

@@ -42,7 +42,8 @@ source /etc/mailinabox.conf # load global vars
# * `ca-certificates`: A trust store used to squelch postfix warnings about
# untrusted opportunistically-encrypted connections.
echo "Installing Postfix (SMTP server)..."
apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates
apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates \
postfix-policyd-spf-python postsrsd
# ### Basic Settings
@@ -97,7 +98,9 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
-o cleanup_service_name=authclean" \
"authclean=unix n - - - 0 cleanup
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters
-o nested_header_checks="
-o nested_header_checks=" \
"policy-spf=unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf"
# Install the `outgoing_mail_header_filters` file required by the new 'authclean' service.
cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
@@ -196,9 +199,23 @@ tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
# so these IPs get mail delivered quickly. But when an IP is not listed in the permit_dnswl_client list (i.e. it is not #NODOC
# whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC
# "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
tools/editconf.py /etc/postfix/main.cf \
smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient,"check_policy_service inet:127.0.0.1:10023","check_policy_service inet:127.0.0.1:12340"
postconf -e smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org"
RECIPIENT_RESTRICTIONS="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient"
if [ $GREYLISTING != 1 ]; then
RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:10023"
fi
if [ $POLICY_SPF == 1 ]; then
RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service unix:private/policy-spf"
fi
# Add quota check
RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:12340"
postconf -e smtpd_recipient_restrictions="$RECIPIENT_RESTRICTIONS"
# Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
# Postgrey listens on the same interface (and not IPv6, for instance).
@@ -215,6 +232,29 @@ tools/editconf.py /etc/default/postgrey \
tools/editconf.py /etc/postfix/main.cf \
message_size_limit=134217728
if [ $POSTSRSD == "1" ]; then
# Setup SRS
postconf -e \
sender_canonical_maps=tcp:localhost:10001 \
sender_canonical_classes=envelope_sender \
recipient_canonical_maps=tcp:localhost:10002 \
recipient_canonical_classes=envelope_recipient,header_recipient
hide_output systemctl enable postsrsd
hide_output systemctl restart postsrsd
else
postconf -e \
sender_canonical_maps= \
sender_canonical_classes= \
recipient_canonical_maps= \
recipient_canonical_classes=
hide_output systemctl disable postsrsd
hide_output systemctl stop postsrsd
fi
# Allow the two SMTP ports in the firewall.
ufw_allow smtp
@@ -223,4 +263,12 @@ ufw_allow submission
# Restart services
restart_service postfix
restart_service postgrey
if [ $GREYLISTING == 1 ]; then
hide_output systemctl enable postgrey
restart_service postgrey
else
hide_output systemctl disable postgrey
hide_output systemctl stop postgrey
fi

60
setup/options-dialog.py Normal file
View File

@@ -0,0 +1,60 @@
#!/usr/bin/env python
# encoding: utf-8
import npyscreen
import sys
import os
class TestApp(npyscreen.NPSApp):
def main(self):
# These lines create the form and populate it with widgets.
# A fairly complex screen in only 8 or so lines of code - a line for each control.
npyscreen.setTheme(npyscreen.Themes.BlackOnWhiteTheme)
form = npyscreen.Form(name = "Mail-in-a-Box Options",)
postgrey_text = form.add(
npyscreen.TitleFixedText,
name="POSTGREY",
value="Should Postgrey be used to greylist messages?",
editable=False
)
form.add(npyscreen.FixedText)
postgrey_text = form.add(
npyscreen.MultiLineEditable,
name="POSTSRSD",
value="The PostSRSd daemon performs return path rewriting using the SRS protocol.\n"
"Not that all messages, including locally delivered mail will have their return\n"
"paths rewritten",
max_height=4,
editable=False
)
form.add(npyscreen.FixedText)
options = form.add(
npyscreen.TitleMultiSelect,
max_height=-2,
value = [
int(os.getenv('POSTGREY', 1)),
int(os.getenv('POSTSRSD', 0)),
int(os.getenv('POLICY_SPF', 0))
],
name="Options",
values= ["POSTGREY","POSTSRSD","POLICY_SPF"],
scroll_exit=True
)
# This lets the user interact with the Form.
form.edit()
with open('_options.sh', 'w') as output:
print('POSTGREY=%i' % (1 if 0 in options.value else 0), file=output)
print('POSTSRSD=%i' % (1 if 1 in options.value else 0), file=output)
print('POLICY_SPF=%i' % (1 if 2 in options.value else 0), file=output)
# print(npyscreen.ThemeManager.default_colors, file=output)
if __name__ == "__main__":
App = TestApp()
App.run()

3
setup/questions.sh
View File

@@ -16,6 +16,7 @@ if [ -z "${NONINTERACTIVE:-}" ]; then
# we install it inside a virtualenv. In this script, we don't have the virtualenv yet
# so we install the python package globally.
hide_output pip3 install "email_validator>=1.0.0" || exit 1
hide_output pip3 install npyscreen || exit 1
message_box "Mail-in-a-Box Installation" \
"Hello and thanks for deploying a Mail-in-a-Box!
@@ -193,6 +194,8 @@ if [ -z "${STORAGE_ROOT:-}" ]; then
STORAGE_ROOT=$([[ -z "${DEFAULT_STORAGE_ROOT:-}" ]] && echo "/home/$STORAGE_USER" || echo "$DEFAULT_STORAGE_ROOT")
fi
python3 setup/options-dialog.py
# Show the configuration, since the user may have not entered it manually.
echo
echo "Primary Hostname: $PRIMARY_HOSTNAME"

20
setup/start.sh
View File

@@ -42,6 +42,22 @@ else
FIRST_TIME_SETUP=1
fi
if [ -z "${HTTP_SSL_PORT:-}" ]; then
HTTP_SSL_PORT=$([[ -z "${DEFAULT_HTTP_SSL_PORT:-}" ]] && echo "443" || echo "$DEFAULT_HTTP_SSL_PORT")
fi
if [ -z "${GREYLISTING:-}" ]; then
GREYLISTING=$([[ -z "${DEFAULT_GREYLISTING:-}" ]] && echo "1" || echo "$DEFAULT_GREYLISTING")
fi
if [ -z "${POSTSRSD:-}" ]; then
POSTSRSD=$([[ -z "${DEFAULT_POSTSRSD:-}" ]] && echo "0" || echo "$DEFAULT_POSTSRSD")
fi
if [ -z "${POLICY_SPF:-}" ]; then
POLICY_SPF=$([[ -z "${DEFAULT_POLICY_SPF:-}" ]] && echo "0" || echo "$DEFAULT_POLICY_SPF")
fi
# Put a start script in a global location. We tell the user to run 'mailinabox'
# in the first dialog prompt, so we should do this before that starts.
cat > /usr/local/bin/mailinabox << EOF;
@@ -93,6 +109,10 @@ PUBLIC_IP=$PUBLIC_IP
PUBLIC_IPV6=$PUBLIC_IPV6
PRIVATE_IP=$PRIVATE_IP
PRIVATE_IPV6=$PRIVATE_IPV6
HTTP_SSL_PORT=$HTTP_SSL_PORT
GREYLISTING=$GREYLISTING
POSTSRSD=$POSTSRSD
POLICY_SPF=$POLICY_SPF
EOF
# Start service configuration.

9
setup/web.sh
View File

@@ -96,6 +96,9 @@ restart_service nginx
restart_service php7.2-fpm
# Open ports.
ufw_allow http
ufw_allow https
if [ $HTTP_SSL_PORT == 443 ]; then
ufw_allow http
ufw_allow https
else
ufw_allow $HTTP_SSL_PORT
fi