Merge branch 'master' of github.com:Pamplemousse/mailinabox

README.md

@@ -3,17 +3,15 @@ Mail in a Box
 
 This is a work-in-progress to create a one-click deployment of a personal mail server.
 
-After spinning up a fresh Ubuntu machine, just run `sudo scripts/start.sh` and you get:
+After spinning up a fresh machine, just run `sudo scripts/start.sh` and you get:
 
 * An SMTP server (postfix) for sending/receiving mail, with STARTTLS required for authentication, and greylisting to cut down on spam.
 * An IMAP server (dovecot) for checking your mail, with SSL required.
-* A webmail client (roundcube) so you can check your email from a web browser.
 * Mailboxes and aliases are configured by a command-line tool.
 * Spam filtering (spamassassin) with spam automatically going to your Spam folder, and moving mail in and out of the Spam folder triggers retraining on the message.
 * DKIM signing on outgoing messages.
 * DNS pre-configured for SPF and DKIM (just set your domain name nameservers to be the machine itself).
 
-Other things I'd like to add in the future are personal cloud services (file storage, calendar, etc.), an OpenID provider, a place for putting a simple homepage, support for Ubuntu cloud-init, etc.
 
 The goals of this project are:
 
@@ -32,25 +30,6 @@ Before You Begin
 
 * Decide what **hostname** you'll use for your new Mail in a Box. You may want to buy a domain name from your favorite registrar now. For the most flexibility, assign a subdomain to your box. For instance, my domain name is `occams.info` (my email address is something`@occams.info`), so I've assigned `box.occams.info` as the hostname for my Mail in a Box.
 
-Get a Server
-------------
-
-* Get a server. I've been a long-time customer of Rimuhosting.com which provides cheap VPS machines at several locations around the world. You could also go with Linode.com or any other cloud or VPS (virtual server) provider. (If you want to test on Amazon EC2, I've got instructions for you in ec2/README.md.) In a cloud environment like EC2 where your server's IP address is dynamic, this is a good time to assign a static IP (like a EC2 Elastic IP).
-
-* Choose Ubuntu 13.04 amd64 as your operating system (aka a Linux distribution). You won't need much memory or disk space. 768 MB of memory (RAM) and 4G of disk space should be plenty.
-
-* Once the machine is running, set up Reverse DNS. Each ISP handles that differently. You'll have to figure out from your ISP how to do that. Set the reverse DNS to the hostname you chose above (in my case `box.occams.info`).
-
-* Log in with SSH. Again, your ISP will probably give you some instructions on how to do that. If your personal computer has a command line, you'll be doing something like this:
-
-	ssh -i yourkey.pem user@10.20.30.40
-
-You should see a command prompt roughly similar to:
-
-	root@box:~# (<-- blinking cursor here)
-
-
-All command-line instructions below assume you've logged into your machine with SSH already.
 
 Configuring the Server
 ----------------------
@@ -82,17 +61,3 @@ For instance, in my case, I could tell my domain name registrar that `ns1.box.oc
 
 (In a more complex setup, you may have a different nameserver for your domain. In this case, you'll delegate DNS to your box for the box's own subdomain. In your main DNS, add a record like "box.occams.info. 3600 IN NS ns1.box.occams.info." and a second one for `ns2` (the final period may be important). This sets who is the authoritative server for the hostname. You'll then also need "ns1.box.ocacams.info IN A 10.20.30.40" providing the IP address of the authoritative server (and repeat for `ns2`). Then add an MX record on your main domain pointing to the hostname you chose for your server here so that you delegate mail for the domain to your new server using a record like "occams.info. 3600 IN MX 1 box.occams.info." (again the period at the end may be important). You'll also want to put an SPF record on your main domain like "occams.info IN TXT "v=spf1 a mx -all" ".)
 
-Checking Your Mail
-------------------
-
-You can access your email at https://`hostname`/mail, where `hostname` is again the hostname you chose at the start.
-
-If you want to set up a desktop mail client like Thunderbird, your IMAP and SMTP server is the hostname you chose at the top. For IMAP, you must choose SSL and port 993. For SMTP, you must choose STARTTLS and port 587. Your username is your complete email address. And your password you entered during server setup earlier. You're using a "self-signed certificate" for SSL connections, so you'll get security warnings when you try to read and send mail. It's safe to permanently ignore the warning the first time you see it (but not if you see the same warning later on).
-
-Checking that it Worked
------------------------
-
-...
-
-
-

notes/dspam.sh

@@ -1,62 +0,0 @@
-# Spam filtering with dspam.
-#
-# This mostly works. But dspam crashes. So..... we're not using this.
-
-apt-get -q -y install dspam libdspam7-drv-sqlite3 dovecot-antispam dovecot-sieve
-
-# Let it turn on.
-sed -i "s/START=no/START=yes/" /etc/default/dspam 
-
-# Override some of the basic settings that have default values we don't like.
-# Listen as an SMTP server, and pass messages back directly to dovecot.
-tools/editconf.py /etc/dspam/dspam.conf -s \
-	Home=$STORAGE_ROOT/mail/dspam \
-	ServerMode=standard \
-	ServerHost=127.0.0.1 \
-	ServerParameters=--deliver=innocent \
-	DeliveryProto=LMTP \
-	DeliveryHost=/var/run/dovecot/lmtp \
-	Tokenizer=osb
-
-# Put other settings into a local configuration file.
-cat > /etc/dspam/dspam.d/local.conf << EOF;
-IgnoreHeader X-Spam-Status
-IgnoreHeader X-Spam-Scanned
-IgnoreHeader X-Virus-Scanner-Result
-IgnoreHeader X-Virus-Scanned
-IgnoreHeader X-DKIM
-IgnoreHeader DKIM-Signature
-IgnoreHeader DomainKey-Signature
-IgnoreHeader X-Google-Dkim-Signature
-EOF
-
-# Global preferences.
-tools/editconf.py /etc/dspam/default.prefs \
-	spamAction=deliver \
-	signatureLocation=headers \
-	showFactors=on
-
-# Hook into postfix. Replace dovecot with dspam as the mail delivery agent.
-# dspam is configured above to pass mail on to dovecot next.
-tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:2424
-
-# Hook into dovecot... these aren't tested.
-
-# Automatically move spam into a folder called Spam. Enable the sieve plugin.
-# (Note: Be careful if we want to use multiple plugins later.)
-sudo sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins sieve/" /etc/dovecot/conf.d/20-lmtp.conf
-
-# The sieve scripts are installed by users_update.sh.
-
-# to detect when a message moves between folders so we can
-# pass it to dspam for training. (Be careful if we use multiple plugins later.)
-# This is not finished.
-sudo sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins antispam/" /etc/dovecot/conf.d/20-imap.conf
-	
-# Create storage space.
-mkdir -p $STORAGE_ROOT/mail/dspam
-chown dspam:dspam $STORAGE_ROOT/mail/dspam
-
-service dspam restart
-service postfix restart
-

scripts/dkim.sh

@@ -30,7 +30,7 @@ RequireSafeKeys         false
 EOF
 fi
 
-# Create a new DKIM key if we don't have one already. This creates
+# Create a new DKIM key if we don't have one already. This creates 
 # mail.private and mail.txt in $STORAGE_ROOT/mail/dkim. The former
 # is the actual private key and the latter is the suggested DNS TXT
 # entry which we'll want to include in our DNS setup.

scripts/dns_update.sh

@@ -29,7 +29,7 @@ server:
 
   # The directory for zonefile: files.
   zonesdir: "/etc/nsd3/zones"
-  
+
 # ZONES
 EOF
 
@@ -96,7 +96,7 @@ EOF
 	if [ -f "$STORAGE_ROOT/mail/dkim/mail.txt" ]; then
 		cat "$STORAGE_ROOT/mail/dkim/mail.txt" >> /etc/nsd3/zones/$fn2;
 	fi
-	
+
 	# Add this zone file to the main nsd configuration file.
 	cat >> /etc/nsd3/nsd.conf << EOF;
 zone:

scripts/mail.sh

@@ -201,12 +201,12 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
 # Create a self-signed certifiate.
 mkdir -p $STORAGE_ROOT/ssl
 if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
-	openssl genrsa -des3 -passout pass:x -out /tmp/server.key 2048 # create key, but it has a password...
+	openssl genrsa -des3 -passout pass:x -out /tmp/server.key 4096 # create key, but it has a password...
 	openssl rsa -passin pass:x -in /tmp/server.key -out $STORAGE_ROOT/ssl/ssl_private_key.pem # remove password and save it to the right location
 	rm /tmp/server.key # remove temporary password-laden key
 	openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr \
 	  -subj "/C=/ST=/L=/O=/CN=$PUBLIC_HOSTNAME"
-	openssl x509 -req -days 365 \
+	openssl x509 -req -days 3650 \
 	  -in $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr -signkey $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_certificate.pem
 fi
 
@@ -228,4 +228,3 @@ service dovecot restart
 ufw allow smtp
 ufw allow submission
 ufw allow imaps
-

scripts/start.sh

@@ -41,7 +41,7 @@ PUBLIC_HOSTNAME=$PUBLIC_HOSTNAME
 PUBLIC_IP=$PUBLIC_IP
 EOF
 
-# Start service configuration.
+# Start services configuration.
 . scripts/system.sh
 . scripts/dns.sh
 . scripts/mail.sh

scripts/system.sh

@@ -1,15 +1,6 @@
-# Base system configuration.
-
-apt-get -q -q update
-apt-get -q -y upgrade
-
 # Turn on basic services:
-#
 #   ntp: keeps the system time correct
-#
 #   fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
-#
-# These services don't need further configuration and are started immediately after installation.
 
 apt-get install -q -y ntp fail2ban