Merge b53a10d085 into e224fc6656

2025-04-20 02:52:11 +00:00 · 2020-04-01 06:20:52 -04:00 · 2020-04-01 06:20:52 -04:00 · b4dd1d8c3f
commit b4dd1d8c3f
parent e224fc6656 b53a10d085
8 changed files with 188 additions and 70 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -20,11 +20,13 @@ _If you're seeing an error message about your *IP address being listed in the Sp
 ### Modifying your `hosts` file
-After a while, Mail-in-a-Box will be available at `192.168.50.4` (unless you changed that in your `Vagrantfile`). To be able to use the web-based bits, we recommend to add a hostname to your `hosts` file:
+After a while, Mail-in-a-Box will be available at `192.168.50.4` (unless you changed that in your `Vagrantfile`). To be able to use the web-based bits, we recommend adding a hostname to your `hosts` file:
-    $ echo "192.168.50.4 mailinabox.lan" | sudo tee -a /etc/hosts
+    $ echo -e "192.168.50.4\tmailinabox.lan" | sudo tee -a /etc/hosts
    or
    $ sudo sed -i "s/^127.0.1.1.*/192.168.50.4\tmailinabox.lan/" /etc/hosts
-You should now be able to navigate to https://mailinabox.lan/admin using your browser. There should be an initial admin user with the name `me@mailinabox.lan` and the password `12345678`.
+You should now be able to navigate to https://mailinabox.lan/admin using your browser. There should be an initial admin user with the name `me@mailinabox.lan` and the randomly generated password from the output.
 ### Making changes
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@ -2,7 +2,9 @@
 #########################################################
 # This script is intended to be run like this:
 #
-#   curl https://mailinabox.email/setup.sh | sudo bash
+#   wget https://mailinabox.email/setup.sh -qO - | sudo bash -s
 #   or
 #   curl -s https://mailinabox.email/setup.sh | sudo bash -s
 #
 #########################################################
@ -39,10 +41,27 @@ if [ -z "$TAG" ]; then
 	fi
 fi
 if [[ "$#" -ne 0 ]]; then
 	echo "Usage: \"wget https://mailinabox.email/setup.sh -qO - | sudo bash -s\" or \"curl -s https://mailinabox.email/setup.sh | sudo bash -s\"" >&2
 	exit 1
 fi
 # Are we running as root?
 if [[ $EUID -ne 0 ]]; then
-	echo "This script must be run as root. Did you leave out sudo?"
+	echo "This script must be run as root. Did you leave out sudo?" >&2
-	exit
+	exit 1
 fi
 # Check if on Linux
 if ! echo "$OSTYPE" | grep -iq "linux"; then
 	echo "Error: This script must be run on Linux." >&2
 	exit 1
 fi
 # Check connectivity
 if ! ping -q -c 3 mailinabox.email > /dev/null 2>&1; then
 	echo "Error: Could not reach mailinabox.email, please check your internet connection and run this script again." >&2
 	exit 1
 fi
 # Clone the Mail-in-a-Box repository if it doesn't exist.
--- a/setup/firstuser.sh
+++ b/setup/firstuser.sh
@ -35,9 +35,10 @@ if [ -z "`tools/mail.py user`" ]; then
 		else
 			# Use me@PRIMARY_HOSTNAME
 			EMAIL_ADDR=me@$PRIMARY_HOSTNAME
-			EMAIL_PW=12345678
+			EMAIL_PW=$(openssl rand -base64 8)
 			echo
-			echo "Creating a new administrative mail account for $EMAIL_ADDR with password $EMAIL_PW."
+			echo -e "Creating a new administrative mail account for: $EMAIL_ADDR\n\t\t\t\t with password: $EMAIL_PW"
 			echo "Warning: This is a security risk. Please change the password after your first login."
 			echo
 		fi
 	else
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@ -45,8 +45,8 @@ apt_install \
 # - https://www.dovecot.org/list/dovecot/2012-August/137569.html
 # - https://www.dovecot.org/list/dovecot/2011-December/132455.html
 tools/editconf.py /etc/dovecot/conf.d/10-master.conf \
-	default_process_limit=$(echo "`nproc` * 250" | bc) \
+	default_process_limit="$((CPU_CORES * 250))" \
-	default_vsz_limit=$(echo "`free -tm  | tail -1 | awk '{print $2}'` / 3" | bc)M \
+	default_vsz_limit="$(($(free -tm  | tail -1 | awk '{print $2}') / 3))M" \
 	log_path=/var/log/mail.log
 # The inotify `max_user_instances` default is 128, which constrains
--- a/setup/network-checks.sh
+++ b/setup/network-checks.sh
@ -6,15 +6,15 @@ apt_get_quiet install bind9-host sed netcat-openbsd
 # The user might have chosen a name that was previously in use by a spammer
 # and will not be able to reliably send mail. Do this after any automatic
 # choices made above.
-if host $PRIMARY_HOSTNAME.dbl.spamhaus.org > /dev/null; then
+if host "$PRIMARY_HOSTNAME.dbl.spamhaus.org" > /dev/null; then
-	echo
+	echo >&2
-	echo "The hostname you chose '$PRIMARY_HOSTNAME' is listed in the"
+	echo "The hostname you chose '$PRIMARY_HOSTNAME' is listed in the" >&2
-	echo "Spamhaus Domain Block List. See http://www.spamhaus.org/dbl/"
+	echo "Spamhaus Domain Block List. See http://www.spamhaus.org/dbl/" >&2
-	echo "and http://www.spamhaus.org/query/domain/$PRIMARY_HOSTNAME."
+	echo "and http://www.spamhaus.org/query/domain/$PRIMARY_HOSTNAME." >&2
-	echo
+	echo >&2
-	echo "You will not be able to send mail using this domain name, so"
+	echo "You will not be able to send mail using this domain name, so" >&2
-	echo "setup cannot continue."
+	echo "setup cannot continue." >&2
-	echo
+	echo >&2
 	exit 1
 fi
@ -22,22 +22,52 @@ fi
 # The user might have ended up on an IP address that was previously in use
 # by a spammer, or the user may be deploying on a residential network. We
 # will not be able to reliably send mail in these cases.
-REVERSED_IPV4=$(echo $PUBLIC_IP | sed "s/\([0-9]*\).\([0-9]*\).\([0-9]*\).\([0-9]*\)/\4.\3.\2.\1/")
+# Adapted from: https://github.com/tdulcet/Remote-Servers-Status/blob/master/status.sh
-if host $REVERSED_IPV4.zen.spamhaus.org > /dev/null; then
+REVERSED_IPV4=$(echo "$PUBLIC_IP" | awk -F'.' '{for(i=NF;i>0;i--) printf "%s%s",$i,(i==1?"\n":".")}')
-	echo
+if host "$REVERSED_IPV4.zen.spamhaus.org" > /dev/null; then
-	echo "The IP address $PUBLIC_IP is listed in the Spamhaus Block List."
+	output=$(dig +short txt "$REVERSED_IPV4.zen.spamhaus.org" 2>&1) && [[ -n "$output" ]] && mapfile -t reasons < <(echo "$output" | grep -v '^;')
-	echo "See http://www.spamhaus.org/query/ip/$PUBLIC_IP."
+	echo >&2
-	echo
+	echo "The IP address $PUBLIC_IP is listed in the Spamhaus Block List." >&2
-	echo "You will not be able to send mail using this machine, so setup"
+	if [[ -n "$reasons" ]]; then
-	echo "cannot continue."
+		echo "Reason: ${reasons[*]}" >&2
-	echo
+	fi
-	echo "Associate a different IP address with this machine if possible."
+	echo "See http://www.spamhaus.org/query/ip/$PUBLIC_IP." >&2
-	echo "Many residential network IP addresses are listed, so Mail-in-a-Box"
+	echo >&2
-	echo "typically cannot be used on a residential Internet connection."
+	echo "You will not be able to send mail using this machine, so setup" >&2
-	echo
+	echo "cannot continue." >&2
 	echo >&2
 	echo "Associate a different IP address with this machine if possible." >&2
 	echo "Many residential network IP addresses are listed, so Mail-in-a-Box" >&2
 	echo "typically cannot be used on a residential Internet connection." >&2
 	echo >&2
 	exit 1
 fi
 # Stop if the IPv6 address is listed in the ZEN Spamhouse Block List.
 # Adapted from: https://github.com/tdulcet/Remote-Servers-Status/blob/master/status.sh
 if [ -n "$PUBLIC_IPV6" ]; then
 	# Expand and reverse IPv6 address, adapted from: https://gist.github.com/lsowen/4447d916fd19cbb7fce4
 	REVERSED_IPV6=$(echo "$PUBLIC_IPV6" | awk -F: 'BEGIN{OFS="";}{addCount = 9 - NF; for(i=1;i<=NF;i++) {if(length($i) == 0) {for(j=1;j<=addCount;j++) {$i = ($i "0000");}} else{$i = substr(("0000" $i), length($i)+5-4);}}; print}' | awk -F '' 'BEGIN{OFS=".";}{for(i=NF;i>0;i--) printf "%s%s",$i,(i==1?"\n":".")}')
 	if host "$REVERSED_IPV6.zen.spamhaus.org" > /dev/null; then
 		output=$(dig +short txt "$REVERSED_IPV6.zen.spamhaus.org" 2>&1) && [[ -n "$output" ]] && mapfile -t reasons < <(echo "$output" | grep -v '^;')
 		echo >&2
 		echo "The IP address $PUBLIC_IPV6 is listed in the Spamhaus Block List." >&2
 		if [[ -n "$reasons" ]]; then
 			echo "Reason: ${reasons[*]}" >&2
 		fi
 		echo "See http://www.spamhaus.org/query/ip/$PUBLIC_IPV6." >&2
 		echo >&2
 		echo "You will not be able to send mail using this machine, so setup" >&2
 		echo "cannot continue." >&2
 		echo >&2
 		echo "Associate a different IP address with this machine if possible." >&2
 		echo "Many residential network IP addresses are listed, so Mail-in-a-Box" >&2
 		echo "typically cannot be used on a residential Internet connection." >&2
 		echo >&2
 		exit 1
 	fi
 fi
 # Stop if we cannot make an outbound connection on port 25. Many residential
 # networks block outbound port 25 to prevent their network from sending spam.
 # See if we can reach one of Google's MTAs with a 5-second timeout.
--- a/setup/preflight.sh
+++ b/setup/preflight.sh
@ -7,14 +7,27 @@ if [[ $EUID -ne 0 ]]; then
 	exit
 fi
-# Check that we are running on Ubuntu 18.04 LTS (or 18.04.xx).
+# Check if on Linux
-if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" != "Ubuntu 18.04 LTS" ]; then
+if ! echo "$OSTYPE" | grep -iq "linux"; then
-	echo "Mail-in-a-Box only supports being installed on Ubuntu 18.04, sorry. You are running:"
+	echo "Error: This script must be run on Linux." >&2
-	echo
+	exit 1
-	lsb_release -d | sed 's/.*:\s*//'
+fi
-	echo
+
-	echo "We can't write scripts that run on every possible setup, sorry."
+. /etc/os-release
-	exit
+
 # Check that we are running on Ubuntu 14.04 LTS (or 14.04.xx).
 if ! echo "$ID" | grep -iq "ubuntu" || ! echo "$VERSION_ID" | grep -iq "18.04"; then
 	echo "Mail-in-a-Box only supports being installed on Ubuntu 18.04, sorry. You are running:" >&2
 	echo >&2
 	echo "${PRETTY_NAME:-$ID-$VERSION_ID}" >&2
 	echo >&2
 	echo "We can't write scripts that run on every possible setup, sorry." >&2
 fi
 # Check for the Windows Subsystem for Linux (WSL)
 KERNEL=$(uname -r)
 if echo "$KERNEL" | grep -iq "microsoft"; then
 	echo "Warning: The Windows Subsystem for Linux (WSL) is not yet fully supported by this script."
 fi
 # Check that we have enough memory.
@ -25,21 +38,28 @@ fi
 # We will display a warning if the memory is below 768 MB which is 750000 kibibytes
 #
 # Skip the check if we appear to be running inside of Vagrant, because that's really just for testing.
-TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}')
+TOTAL_PHYSICAL_MEM=$(awk '/^MemTotal:/ {print $2}' /proc/meminfo)
-if [ $TOTAL_PHYSICAL_MEM -lt 490000 ]; then
+TOTAL_SWAP=$(awk '/^SwapTotal:/ {print $2}' /proc/meminfo)
-if [ ! -d /vagrant ]; then
+if [ "$TOTAL_PHYSICAL_MEM" -lt 490000 ]; then
-	TOTAL_PHYSICAL_MEM=$(expr \( \( $TOTAL_PHYSICAL_MEM \* 1024 \) / 1000 \) / 1000)
+	if [ ! -d /vagrant ]; then
-	echo "Your Mail-in-a-Box needs more memory (RAM) to function properly."
+		echo "Your Mail-in-a-Box needs more memory (RAM) to function properly." >&2
-	echo "Please provision a machine with at least 512 MB, 1 GB recommended."
+		echo "Please provision a machine with at least 512 MB, 1 GB (1024 MB) recommended." >&2
-	echo "This machine has $TOTAL_PHYSICAL_MEM MB memory."
+		echo "This machine has $(printf "%'d" $((((TOTAL_PHYSICAL_MEM * 1024) / 1000) / 1000))) MB ($(printf "%'d" $((TOTAL_PHYSICAL_MEM / 1024))) MiB) memory."
-	exit
+		exit 1
 	fi
 fi
 fi
-if [ $TOTAL_PHYSICAL_MEM -lt 750000 ]; then
+if [ "$TOTAL_PHYSICAL_MEM" -lt 750000 ]; then
 	echo "WARNING: Your Mail-in-a-Box has less than 768 MB of memory."
 	echo "         It might run unreliably when under heavy load."
 fi
 # Check connectivity
 if ! ping -q -c 3 mailinabox.email > /dev/null 2>&1; then
 	echo "Error: Could not reach mailinabox.email, please check your internet connection and run this script again." >&2
 	exit 1
 fi
 # Check that tempfs is mounted with exec
 MOUNTED_TMP_AS_NO_EXEC=$(grep "/tmp.*noexec" /proc/mounts || /bin/true)
 if [ -n "$MOUNTED_TMP_AS_NO_EXEC" ]; then
@ -55,12 +75,10 @@ fi
 # Check that we are running on x86_64 or i686 architecture, which are the only
 # ones we support / test.
-ARCHITECTURE=$(uname -m)
+ARCHITECTURE=$(getconf LONG_BIT)
-if [ "$ARCHITECTURE" != "x86_64" ] && [ "$ARCHITECTURE" != "i686" ]; then
+if [ "$HOSTTYPE" != "x86_64" ] && [ "$HOSTTYPE" != "i686" ]; then
-	echo
+	echo "WARNING:" >&2
-	echo "WARNING:"
+	echo "Mail-in-a-Box has only been tested on x86_64 and i686 platform architectures." >&2
-	echo "Mail-in-a-Box has only been tested on x86_64 and i686 platform"
+	echo "Your architecture, $HOSTTYPE ($ARCHITECTURE-bit), may not work." >&2
-	echo "architectures. Your architecture, $ARCHITECTURE, may not work."
+	echo "You are on your own." >&2
 	echo "You are on your own."
 	echo
 fi
--- a/setup/questions.sh
+++ b/setup/questions.sh
@ -77,9 +77,18 @@ address, so we're suggesting $DEFAULT_PRIMARY_HOSTNAME.
 		$DEFAULT_PRIMARY_HOSTNAME \
 		PRIMARY_HOSTNAME
 	# Regular expression to check if the hostname is of the form *.localdomain
 	RE='^.+\.localdomain$'
 	# Regular expressions to check if the hostname is a valid FQDN
 	RE1='^.{4,253}$'
 	RE2='^((xn--)?[[:alnum:]][[:alnum:]\-]{0,61}[[:alnum:]]\.)+(xn--)?[a-zA-Z]{2,63}$'
 	if [ -z "$PRIMARY_HOSTNAME" ]; then
 		# user hit ESC/cancel
-		exit
+		exit 1
 	elif [[ $PRIMARY_HOSTNAME =~ $RE ]]; then
 		echo "Warning: Hostname cannot be *.localdomain."
 	elif ! [[ $PRIMARY_HOSTNAME =~ $RE1 && $PRIMARY_HOSTNAME =~ $RE2 ]]; then
 		echo "Warning: Hostname is not a valid fully qualified domain name (FQDN)."
 	fi
 fi
@ -194,19 +203,53 @@ if [ -z "${STORAGE_ROOT:-}" ]; then
 fi
 # Show the configuration, since the user may have not entered it manually.
-echo
+# Adapted from: https://github.com/tdulcet/Linux-System-Information/blob/master/info.sh
-echo "Primary Hostname: $PRIMARY_HOSTNAME"
+echo -e "\nLinux Distribution:\t\t${PRETTY_NAME:-$ID-$VERSION_ID}"
-echo "Public IP Address: $PUBLIC_IP"
+echo -e "Linux Kernel:\t\t\t$KERNEL"
-if [ ! -z "$PUBLIC_IPV6" ]; then
+mapfile -t CPU < <(sed -n 's/^model name[[:space:]]*: *//p' /proc/cpuinfo | uniq)
-	echo "Public IPv6 Address: $PUBLIC_IPV6"
+if [ -n "$CPU" ]; then
 	echo -e "Processor (CPU):\t\t${CPU[*]}"
 fi
-if [ "$PRIVATE_IP" != "$PUBLIC_IP" ]; then
+CPU_THREADS=$(nproc --all)
-	echo "Private IP Address: $PRIVATE_IP"
+CPU_CORES=$(( CPU_THREADS / $(lscpu | grep -i '^thread(s) per core' | sed -n 's/^.\+:[[:blank:]]*//p') ))
 echo -e "CPU Cores/Threads:\t\t$CPU_CORES/$CPU_THREADS"
 echo -e "Architecture:\t\t\t$HOSTTYPE (${ARCHITECTURE}-bit)"
 echo -e "Total memory (RAM):\t\t$(printf "%'d" $((TOTAL_PHYSICAL_MEM / 1024))) MiB ($(printf "%'d" $((((TOTAL_PHYSICAL_MEM * 1024) / 1000) / 1000))) MB)"
 echo -e "Total swap space:\t\t$(printf "%'d" $((TOTAL_SWAP / 1024))) MiB ($(printf "%'d" $((((TOTAL_SWAP * 1024) / 1000) / 1000))) MB)"
 if command -v lspci >/dev/null; then
 	mapfile -t GPU < <(lspci 2>/dev/null | grep -i 'vga\|3d\|2d' | sed -n 's/^.*: //p')
 fi
-if [ "$PRIVATE_IPV6" != "$PUBLIC_IPV6" ]; then
+if [ -n "$GPU" ]; then
-	echo "Private IPv6 Address: $PRIVATE_IPV6"
+	echo -e "Graphics Processor (GPU):\t${GPU[*]}"
 fi
-if [ -f /usr/bin/git ] && [ -d .git ]; then
+echo -e "Computer name:\t\t\t$HOSTNAME"
-	echo "Mail-in-a-Box Version: " $(git describe)
+echo -e "Primary Hostname:\t\t$PRIMARY_HOSTNAME"
 if [ -n "$PUBLIC_IPV6" ]; then
 	echo -e "Public IPv4 Address:\t\t$PUBLIC_IP"
 	echo -e "Public IPv6 Address:\t\t$PUBLIC_IPV6"
 else
 	echo -e "Public IP Address:\t\t$PUBLIC_IP"
 fi
 if [ -n "$PRIVATE_IPV6" ]; then
 	if [ "$PRIVATE_IP" != "$PUBLIC_IP" ]; then
 		echo -e "Private IPv4 Address:\t\t$PRIVATE_IP"
 	fi
 	if [ "$PRIVATE_IPV6" != "$PUBLIC_IPV6" ]; then
 		echo -e "Private IPv6 Address:\t\t$PRIVATE_IPV6"
 	fi
 else
 	if [ "$PRIVATE_IP" != "$PUBLIC_IP" ]; then
 		echo -e "Private IP Address:\t\t$PRIVATE_IP"
 	fi
 fi
 TIME_ZONE=$(timedatectl 2>/dev/null | grep -i 'time zone:\|timezone:' | sed -n 's/^.*: //p')
 echo -e "Time zone:\t\t\t$TIME_ZONE\n"
 if command -v systemd-detect-virt >/dev/null && CONTAINER=$(systemd-detect-virt -c); then
 	echo -e "Virtualization container:\t$CONTAINER\n"
 fi
 if command -v systemd-detect-virt >/dev/null && VM=$(systemd-detect-virt -v); then
 	echo -e "Virtual Machine (VM) hypervisor:$VM\n"
 fi
 if command -v git >/dev/null && [ -d .git ]; then
 	echo -e "Mail-in-a-Box Version:\t\t$(git describe)\n"
 fi
 echo
--- a/setup/start.sh
+++ b/setup/start.sh
@ -2,6 +2,11 @@
 # This is the entry point for configuring the system.
 #####################################################
 if [[ "$#" -ne 0 ]]; then
 	echo "Usage: sudo $0" >&2
 	exit 1
 fi
 source setup/functions.sh # load our functions
 # Check system setup: Are we running as root on Ubuntu 18.04 on a