mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2026-03-26 19:27:23 +01:00
Merge branch 'mail-in-a-box:main' into spamhaus2spamassassin
This commit is contained in:
Paul
GitHub
@@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
|
||||
# want to display in status checks.
|
||||
if [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' )" == "Ubuntu 18.04 LTS" ]; then
|
||||
# This machine is running Ubuntu 18.04.
|
||||
TAG=v0.54
|
||||
TAG=v55
|
||||
|
||||
elif [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' )" == "Ubuntu 14.04 LTS" ]; then
|
||||
# This machine is running Ubuntu 14.04.
|
||||
|
||||
@@ -62,7 +62,13 @@ for ip in $PRIVATE_IP $PRIVATE_IPV6; do
|
||||
echo " ip-address: $ip" >> /etc/nsd/nsd.conf;
|
||||
done
|
||||
|
||||
echo "include: /etc/nsd/zones.conf" >> /etc/nsd/nsd.conf;
|
||||
# Create a directory for additional configuration directives, including
|
||||
# the zones.conf file written out by our management daemon.
|
||||
echo "include: /etc/nsd/nsd.conf.d/*.conf" >> /etc/nsd/nsd.conf;
|
||||
|
||||
# Remove the old location of zones.conf that we generate. It will
|
||||
# now be stored in /etc/nsd/nsd.conf.d.
|
||||
rm -f /etc/nsd/zones.conf
|
||||
|
||||
# Create DNSSEC signing keys.
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@ if [ ! -f $db_path ]; then
|
||||
echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '');" | sqlite3 $db_path;
|
||||
echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 $db_path;
|
||||
echo "CREATE TABLE mfa (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, type TEXT NOT NULL, secret TEXT NOT NULL, mru_token TEXT, label TEXT, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE);" | sqlite3 $db_path;
|
||||
echo "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 $db_path;
|
||||
fi
|
||||
|
||||
# ### User Authentication
|
||||
@@ -100,8 +101,12 @@ EOF
|
||||
# ### Destination Validation
|
||||
|
||||
# Use a Sqlite3 database to check whether a destination email address exists,
|
||||
# and to perform any email alias rewrites in Postfix.
|
||||
# and to perform any email alias rewrites in Postfix. Additionally, we disable
|
||||
# SMTPUTF8 because Dovecot's LMTP server that delivers mail to inboxes does
|
||||
# not support it, and if a message is received with the SMTPUTF8 flag it will
|
||||
# bounce.
|
||||
tools/editconf.py /etc/postfix/main.cf \
|
||||
smtputf8_enable=no \
|
||||
virtual_mailbox_domains=sqlite:/etc/postfix/virtual-mailbox-domains.cf \
|
||||
virtual_mailbox_maps=sqlite:/etc/postfix/virtual-mailbox-maps.cf \
|
||||
virtual_alias_maps=sqlite:/etc/postfix/virtual-alias-maps.cf \
|
||||
@@ -110,7 +115,7 @@ tools/editconf.py /etc/postfix/main.cf \
|
||||
# SQL statement to check if we handle incoming mail for a domain, either for users or aliases.
|
||||
cat > /etc/postfix/virtual-mailbox-domains.cf << EOF;
|
||||
dbpath=$db_path
|
||||
query = SELECT 1 FROM users WHERE email LIKE '%%@%s' UNION SELECT 1 FROM aliases WHERE source LIKE '%%@%s'
|
||||
query = SELECT 1 FROM users WHERE email LIKE '%%@%s' UNION SELECT 1 FROM aliases WHERE source LIKE '%%@%s' UNION SELECT 1 FROM auto_aliases WHERE source LIKE '%%@%s'
|
||||
EOF
|
||||
|
||||
# SQL statement to check if we handle incoming mail for a user.
|
||||
@@ -145,7 +150,7 @@ EOF
|
||||
# empty destination here so that other lower priority rules might match.
|
||||
cat > /etc/postfix/virtual-alias-maps.cf << EOF;
|
||||
dbpath=$db_path
|
||||
query = SELECT destination from (SELECT destination, 0 as priority FROM aliases WHERE source='%s' AND destination<>'' UNION SELECT email as destination, 1 as priority FROM users WHERE email='%s') ORDER BY priority LIMIT 1;
|
||||
query = SELECT destination from (SELECT destination, 0 as priority FROM aliases WHERE source='%s' AND destination<>'' UNION SELECT email as destination, 1 as priority FROM users WHERE email='%s' UNION SELECT destination, 2 as priority FROM auto_aliases WHERE source='%s' AND destination<>'') ORDER BY priority LIMIT 1;
|
||||
EOF
|
||||
|
||||
# Restart Services
|
||||
|
||||
@@ -25,7 +25,7 @@ done
|
||||
#
|
||||
# certbot installs EFF's certbot which we use to
|
||||
# provision free TLS certificates.
|
||||
apt_install duplicity python-pip virtualenv certbot
|
||||
apt_install duplicity python-pip virtualenv certbot rsync
|
||||
|
||||
# b2sdk is used for backblaze backups.
|
||||
# boto is used for amazon aws backups.
|
||||
@@ -49,8 +49,8 @@ hide_output $venv/bin/pip install --upgrade pip
|
||||
# NOTE: email_validator is repeated in setup/questions.sh, so please keep the versions synced.
|
||||
hide_output $venv/bin/pip install --upgrade \
|
||||
rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
|
||||
flask dnspython python-dateutil \
|
||||
qrcode[pil] pyotp \
|
||||
flask dnspython python-dateutil expiringdict \
|
||||
qrcode[pil] pyotp \
|
||||
"idna>=2.0.0" "cryptography==2.2.2" boto psutil postfix-mta-sts-resolver b2sdk
|
||||
|
||||
# CONFIGURATION
|
||||
|
||||
@@ -186,6 +186,11 @@ def migration_13(env):
|
||||
db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
|
||||
shell("check_call", ["sqlite3", db, "CREATE TABLE mfa (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, type TEXT NOT NULL, secret TEXT NOT NULL, mru_token TEXT, label TEXT, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE);"])
|
||||
|
||||
def migration_14(env):
|
||||
# Add the "auto_aliases" table.
|
||||
db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
|
||||
shell("check_call", ["sqlite3", db, "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);"])
|
||||
|
||||
###########################################################
|
||||
|
||||
def get_current_migration():
|
||||
|
||||
@@ -9,6 +9,39 @@ source /etc/mailinabox.conf # load global vars
|
||||
|
||||
echo "Installing Nextcloud (contacts/calendar)..."
|
||||
|
||||
# Nextcloud core and app (plugin) versions to install.
|
||||
# With each version we store a hash to ensure we install what we expect.
|
||||
|
||||
# Nextcloud core
|
||||
# --------------
|
||||
# * See https://nextcloud.com/changelog for the latest version.
|
||||
# * Check https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html
|
||||
# for whether it supports the version of PHP available on this machine.
|
||||
# * Since Nextcloud only supports upgrades from consecutive major versions,
|
||||
# we automatically install intermediate versions as needed.
|
||||
# * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
|
||||
# copying it from the error message when it doesn't match what is below.
|
||||
nextcloud_ver=20.0.14
|
||||
nextcloud_hash=92cac708915f51ee2afc1787fd845476fd090c81
|
||||
|
||||
# Nextcloud apps
|
||||
# --------------
|
||||
# * Find the most recent tag that is compatible with the Nextcloud version above by
|
||||
# consulting the <dependencies>...<nextcloud> node at:
|
||||
# https://github.com/nextcloud-releases/contacts/blob/maaster/appinfo/info.xml
|
||||
# https://github.com/nextcloud-releases/calendar/blob/master/appinfo/info.xml
|
||||
# https://github.com/nextcloud/user_external/blob/master/appinfo/info.xml
|
||||
# * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
|
||||
# copying it from the error message when it doesn't match what is below.
|
||||
contacts_ver=4.0.7
|
||||
contacts_hash=8ab31d205408e4f12067d8a4daa3595d46b513e3
|
||||
calendar_ver=3.0.4
|
||||
calendar_hash=6fb1e998d307c53245faf1c37a96eb982bbee8ba
|
||||
user_external_ver=1.0.0
|
||||
user_external_hash=3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
|
||||
|
||||
# Clear prior packages and install dependencies from apt.
|
||||
|
||||
apt-get purge -qq -y owncloud* # we used to use the package manager
|
||||
|
||||
apt_install php php-fpm \
|
||||
@@ -46,11 +79,11 @@ InstallNextcloud() {
|
||||
# their github repositories.
|
||||
mkdir -p /usr/local/lib/owncloud/apps
|
||||
|
||||
wget_verify https://github.com/nextcloud/contacts/releases/download/v$version_contacts/contacts.tar.gz $hash_contacts /tmp/contacts.tgz
|
||||
wget_verify https://github.com/nextcloud-releases/contacts/releases/download/v$version_contacts/contacts-v$version_contacts.tar.gz $hash_contacts /tmp/contacts.tgz
|
||||
tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
|
||||
rm /tmp/contacts.tgz
|
||||
|
||||
wget_verify https://github.com/nextcloud/calendar/releases/download/v$version_calendar/calendar.tar.gz $hash_calendar /tmp/calendar.tgz
|
||||
wget_verify https://github.com/nextcloud-releases/calendar/releases/download/v$version_calendar/calendar-v$version_calendar.tar.gz $hash_calendar /tmp/calendar.tgz
|
||||
tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
|
||||
rm /tmp/calendar.tgz
|
||||
|
||||
@@ -96,16 +129,6 @@ InstallNextcloud() {
|
||||
fi
|
||||
}
|
||||
|
||||
# Nextcloud Version to install. Checks are done down below to step through intermediate versions.
|
||||
nextcloud_ver=20.0.8
|
||||
nextcloud_hash=372b0b4bb07c7984c04917aff86b280e68fbe761
|
||||
contacts_ver=3.5.1
|
||||
contacts_hash=d2ffbccd3ed89fa41da20a1dff149504c3b33b93
|
||||
calendar_ver=2.2.0
|
||||
calendar_hash=673ad72ca28adb8d0f209015ff2dca52ffad99af
|
||||
user_external_ver=1.0.0
|
||||
user_external_hash=3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
|
||||
|
||||
# Current Nextcloud Version, #1623
|
||||
# Checking /usr/local/lib/owncloud/version.php shows version of the Nextcloud application, not the DB
|
||||
# $STORAGE_ROOT/owncloud is kept together even during a backup. It is better to rely on config.php than
|
||||
@@ -172,7 +195,8 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc
|
||||
CURRENT_NEXTCLOUD_VER="17.0.6"
|
||||
fi
|
||||
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then
|
||||
echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db
|
||||
# Don't exit the install if this column already exists (see #2076)
|
||||
(echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db 2>/dev/null) || true
|
||||
InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
|
||||
CURRENT_NEXTCLOUD_VER="18.0.10"
|
||||
fi
|
||||
|
||||
@@ -75,6 +75,13 @@ then
|
||||
fi
|
||||
fi
|
||||
|
||||
# ### Set log retention policy.
|
||||
|
||||
# Set the systemd journal log retention from infinite to 10 days,
|
||||
# since over time the logs take up a large amount of space.
|
||||
# (See https://discourse.mailinabox.email/t/journalctl-reclaim-space-on-small-mailinabox/6728/11.)
|
||||
tools/editconf.py /etc/systemd/journald.conf MaxRetentionSec=10day
|
||||
|
||||
# ### Add PPAs.
|
||||
|
||||
# We install some non-standard Ubuntu packages maintained by other
|
||||
|
||||
@@ -28,13 +28,19 @@ apt_install \
|
||||
# Install Roundcube from source if it is not already present or if it is out of date.
|
||||
# Combine the Roundcube version number with the commit hash of plugins to track
|
||||
# whether we have the latest version of everything.
|
||||
|
||||
VERSION=1.4.11
|
||||
HASH=3877f0e70f29e7d0612155632e48c3db1e626be3
|
||||
PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435 # version 5.2.0
|
||||
# For the latest versions, see:
|
||||
# https://github.com/roundcube/roundcubemail/releases
|
||||
# https://github.com/mfreiholz/persistent_login/commits/master
|
||||
# https://github.com/stremlau/html5_notifier/commits/master
|
||||
# https://github.com/mstilkerich/rcmcarddav/releases
|
||||
# The easiest way to get the package hashes is to run this script and get the hash from
|
||||
# the error message.
|
||||
VERSION=1.5.2
|
||||
HASH=208ce4ca0be423cc0f7070ff59bd03588b4439bf
|
||||
PERSISTENT_LOGIN_VERSION=59ca1b0d3a02cff5fa621c1ad581d15f9d642fe8
|
||||
HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+
|
||||
CARDDAV_VERSION=3.0.3
|
||||
CARDDAV_HASH=d1e3b0d851ffa2c6bd42bf0c04f70d0e1d0d78f8
|
||||
CARDDAV_VERSION=4.3.0
|
||||
CARDDAV_HASH=4ad7df8843951062878b1375f77c614f68bc5c61
|
||||
|
||||
UPDATE_KEY=$VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION
|
||||
|
||||
@@ -77,13 +83,13 @@ if [ $needs_update == 1 ]; then
|
||||
|
||||
# download and verify the full release of the carddav plugin
|
||||
wget_verify \
|
||||
https://github.com/blind-coder/rcmcarddav/releases/download/v${CARDDAV_VERSION}/carddav-${CARDDAV_VERSION}.zip \
|
||||
https://github.com/blind-coder/rcmcarddav/releases/download/v${CARDDAV_VERSION}/carddav-v${CARDDAV_VERSION}.tar.gz \
|
||||
$CARDDAV_HASH \
|
||||
/tmp/carddav.zip
|
||||
/tmp/carddav.tar.gz
|
||||
|
||||
# unzip and cleanup
|
||||
unzip -q /tmp/carddav.zip -d ${RCM_PLUGIN_DIR}
|
||||
rm -f /tmp/carddav.zip
|
||||
tar -C ${RCM_PLUGIN_DIR} -zxf /tmp/carddav.tar.gz
|
||||
rm -f /tmp/carddav.tar.gz
|
||||
|
||||
# record the version we've installed
|
||||
echo $UPDATE_KEY > ${RCM_DIR}/version
|
||||
@@ -132,6 +138,7 @@ cat > $RCM_CONFIG <<EOF;
|
||||
\$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'persistent_login', 'carddav');
|
||||
\$config['skin'] = 'elastic';
|
||||
\$config['login_autocomplete'] = 2;
|
||||
\$config['login_username_filter'] = 'email';
|
||||
\$config['password_charset'] = 'UTF-8';
|
||||
\$config['junk_mbox'] = 'Spam';
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user