1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-22 07:17:05 +00:00

run network checks during setup and stop if there is a bad condition

* check that the PUBLIC_IP is not listed in zen.spamhaus.org
* check that the PRIMARY_HOSTNAME is not listed in dbl.spamhaus.org
* check that a connection to Google's MTA is working (i.e. we're not on a residential network that blocks outbound port 25)
This commit is contained in:
Joshua Tauberer 2014-07-26 11:26:59 -04:00
parent 3a7221a69a
commit 834a7b9096
2 changed files with 55 additions and 0 deletions

53
setup/network-checks.sh Normal file
View File

@ -0,0 +1,53 @@
# Stop if the PRIMARY_HOSTNAME is listed in the Spamhaus Domain Block List.
# The user might have chosen a name that was previously in use by a spammer
# and will not be able to reliably send mail. Do this after any automatic
# choices made above.
if host $PRIMARY_HOSTNAME.dbl.spamhaus.org > /dev/null; then
echo
echo "The hostname you chose '$PRIMARY_HOSTNAME' is listed in the"
echo "Spamhaus Domain Block List. See http://www.spamhaus.org/dbl/"
echo "and http://www.spamhaus.org/query/domain/$PRIMARY_HOSTNAME."
echo
echo "You will not be able to send mail using this domain name, so"
echo "setup cannot continue."
echo
exit
fi
# Stop if the IPv4 address is listed in the ZEN Spamhouse Block List.
# The user might have ended up on an IP address that was previously in use
# by a spammer, or the user may be deploying on a residential network. We
# will not be able to reliably send mail in these cases.
REVERSED_IPV4=$(echo $PUBLIC_IP | sed "s/\([0-9]*\).\([0-9]*\).\([0-9]*\).\([0-9]*\)/\4.\3.\2.\1/")
if host $REVERSED_IPV4.zen.spamhaus.org > /dev/null; then
echo
echo "The IP address $PUBLIC_IP is listed in the Spamhaus Block List."
echo "See http://www.spamhaus.org/query/ip/$PUBLIC_IP."
echo
echo "You will not be able to send mail using this machine, so setup"
echo "cannot continue."
echo
echo "Associate a different IP address with this machine if possible."
echo "Many residential network IP addresses are listed, so Mail-in-a-Box"
echo "typically cannot be used on a residential Internet connection."
echo
exit
fi
# Stop if we cannot make an outbound connection on port 25. Many residential
# networks block outbound port 25 to prevent their network from sending spam.
# See if we can reach one of Google's MTAs with a 5-second timeout.
if ! nc -z -w5 aspmx.l.google.com 25; then
echo
echo "Outbound mail (port 25) seems to be blocked by your network."
echo
echo "You will not be able to send mail using this machine, so setup"
echo "cannot continue."
echo
echo "Many residential networks block port 25 to prevent hijacked"
echo "machines from being able to send spam. I just tried to connect"
echo "to Google's mail server on port 25 but the connection did not"
echo "succeed."
echo
exit
fi

View File

@ -177,6 +177,8 @@ if [ "$PRIMARY_HOSTNAME" = "auto-easy" ]; then
echo "Primary Hostname: $PRIMARY_HOSTNAME"
fi
# Run some network checks to make sure setup on this machine makes sense.
. setup/network-checks.sh
# Create the user named "user-data" and store all persistent user
# data (mailboxes, etc.) in that user's home directory.