include changes from v0.53. Remove some POWER modifications to closer follow original mialinabox

setup/bootstrap.sh

@@ -2,17 +2,43 @@
 #########################################################
 # This script is intended to be run like this:
 #
-#   curl https://dvn.pt/power-miab | sudo bash
+#   curl https://mailinabox.email/setup.sh | sudo bash
 #
 #########################################################
 
 if [ -z "$TAG" ]; then
-	# Make s
-	OS=`lsb_release -d | sed 's/.*:\s*//'`
-	if [ "$OS" == "Debian GNU/Linux 10 (buster)" -o "$(echo $OS | grep -o 'Ubuntu 20.04')" == "Ubuntu 20.04" ]; then
-		TAG=v0.52.POWER.0
+	# If a version to install isn't explicitly given as an environment
+	# variable, then install the latest version. But the latest version
+	# depends on the operating system. Existing Ubuntu 14.04 users need
+	# to be able to upgrade to the latest version supporting Ubuntu 14.04,
+	# in part because an upgrade is required before jumping to Ubuntu 18.04.
+	# New users on Ubuntu 18.04 need to get the latest version number too.
+	#
+	# Also, the system status checks read this script for TAG = (without the
+	# space, but if we put it in a comment it would confuse the status checks!)
+	# to get the latest version, so the first such line must be the one that we
+	# want to display in status checks.
+	if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/20\.04\.[0-9]/20.04/' `" == "Ubuntu 20.04 LTS" ]; then
+		# This machine is running Ubuntu 20.04.
+		TAG=v0.53
+		
+	elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
+		# This machine is running Ubuntu 18.04.
+		TAG=v0.53
+
+	elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
+		# This machine is running Ubuntu 14.04.
+		echo "You are installing the last version of Mail-in-a-Box that will"
+		echo "support Ubuntu 14.04. If this is a new installation of Mail-in-a-Box,"
+		echo "stop now and switch to a machine running Ubuntu 18.04. If you are"
+		echo "upgrading an existing Mail-in-a-Box --- great. After upgrading this"
+		echo "box, please visit https://mailinabox.email for notes on how to upgrade"
+		echo "to Ubuntu 18.04."
+		echo ""
+		TAG=v0.30
+
 	else
-		echo "This script must be run on a system running Debian 10 OR Ubuntu 20.04 LTS."
+		echo "This script must be run on a system running Ubuntu 20.04, 18.04 or 14.04."
 		exit 1
 	fi
 fi

setup/dkim.sh

@@ -62,7 +62,8 @@ chmod go-rwx $STORAGE_ROOT/mail/dkim
 
 tools/editconf.py /etc/opendmarc.conf -s \
 	"Syslog=true" \
-	"Socket=inet:8893@[127.0.0.1]"
+	"Socket=inet:8893@[127.0.0.1]" \
+	"FailureReports=true"
 
 # SPFIgnoreResults causes the filter to ignore any SPF results in the header
 # of the message. This is useful if you want the filter to perfrom SPF checks
@@ -81,6 +82,12 @@ tools/editconf.py /etc/opendmarc.conf -s \
 tools/editconf.py /etc/opendmarc.conf -s \
         "SPFSelfValidate=true"
 
+# Enables generation of failure reports for sending domains that publish a
+# "none" policy.
+
+tools/editconf.py /etc/opendmarc.conf -s \
+        "FailureReportsOnNone=true"
+
 # AlwaysAddARHeader Adds an "Authentication-Results:" header field even to
 # unsigned messages from domains with no "signs all" policy. The reported DKIM
 # result will be  "none" in such cases. Normally unsigned mail from non-strict

setup/geoiptoolssetup.sh

@@ -1,3 +1,4 @@
+#!/bin/bash
 source setup/functions.sh
 
 echo Installing geoip packages...
@@ -8,8 +9,8 @@ echo Installing geoip packages...
 gunzip -c tools/goiplookup.gz > /usr/local/bin/goiplookup
 chmod +x /usr/local/bin/goiplookup
 
-# check that geoipdb is older then 2 months, to not hit the server too often 
-if [[ ! -d /usr/share/GeoIP || ! -f /usr/share/GeoIP/GeoIP.dat || $(find "/usr/share/GeoIP/GeoIP.dat" -mtime +60 -print) ]]; then
+# check that GeoLite2-Country.mmdb is older then 2 months, to not hit the server too often 
+if [[ ! -d /usr/share/GeoIP || ! -f /usr/share/GeoIP/GeoLite2-Country.mmdb || $(find "/usr/share/GeoIP/GeoLite2-Country.mmdb" -mtime +60 -print) ]]; then
   echo updating goiplookup database
   goiplookup db-update
 else
@@ -48,47 +49,56 @@ fi
 
 ## Install geo ip lookup files
 
-# Move old file away if it exists
-if [ -f "/usr/share/GeoIP/GeoIP.dat" ]; then
+# check that GeoIP.dat is older then 2 months, to not hit the server too often 
+if [[ ! -d /usr/share/GeoIP || ! -f /usr/share/GeoIP/GeoIP.dat || $(find "/usr/share/GeoIP/GeoIP.dat" -mtime +60 -print) ]]; then
+  echo updating GeoIP database
+  
+  # Move old file away if it exists
+  if [ -f "/usr/share/GeoIP/GeoIP.dat" ]; then
     mv -f /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat.bak
-fi
+  fi
 
-hide_output wget -P /usr/share/GeoIP/ https://dl.miyuru.lk/geoip/maxmind/country/maxmind.dat.gz
+  hide_output wget -P /usr/share/GeoIP/ https://dl.miyuru.lk/geoip/maxmind/country/maxmind.dat.gz
 
-if [ -f "/usr/share/GeoIP/maxmind.dat.gz" ]; then
+  if [ -f "/usr/share/GeoIP/maxmind.dat.gz" ]; then
     gunzip -c /usr/share/GeoIP/maxmind.dat.gz > /usr/share/GeoIP/GeoIP.dat
-else
+    rm -f /usr/share/GeoIP/maxmind.dat.gz
+  else
     echo Did not correctly download maxmind geoip country database
-fi
+  fi
 
-# If new file is not created, move the old file back
-if [ ! -f "/usr/share/GeoIP/GeoIP.dat" ]; then
+  # If new file is not created, move the old file back
+  if [ ! -f "/usr/share/GeoIP/GeoIP.dat" ]; then
     echo GeoIP.dat was not created
     
     if [ -f "/usr/share/GeoIP/GeoIP.dat.bak" ]; then
         mv /usr/share/GeoIP/GeoIP.dat.bak /usr/share/GeoIP/GeoIP.dat
     fi
-fi
+  fi
 
-# Move old file away if it exists
-if [ -f "/usr/share/GeoIP/GeoIPCity.dat" ]; then
+  # Move old file away if it exists
+  if [ -f "/usr/share/GeoIP/GeoIPCity.dat" ]; then
     mv -f /usr/share/GeoIP/GeoIPCity.dat /usr/share/GeoIP/GeoIPCity.dat.bak
-fi
+  fi
 
-hide_output wget -P /usr/share/GeoIP/ https://dl.miyuru.lk/geoip/maxmind/city/maxmind.dat.gz
+  hide_output wget -P /usr/share/GeoIP/ https://dl.miyuru.lk/geoip/maxmind/city/maxmind.dat.gz
 
-if [ -f "/usr/share/GeoIP/maxmind.dat.gz" ]; then
+  if [ -f "/usr/share/GeoIP/maxmind.dat.gz" ]; then
     gunzip -c /usr/share/GeoIP/maxmind.dat.gz > /usr/share/GeoIP/GeoIPCity.dat
-else
+    rm -f /usr/share/GeoIP/maxmind.dat.gz
+  else
     echo Did not correctly download maxmind geoip city database
-fi
+  fi
 
-# If new file is not created, move the old file back
-if [ ! -f "/usr/share/GeoIP/GeoIPCity.dat" ]; then
+  # If new file is not created, move the old file back
+  if [ ! -f "/usr/share/GeoIP/GeoIPCity.dat" ]; then
     echo GeoIPCity.dat was not created
     
     if [ -f "/usr/share/GeoIP/GeoIPCity.dat.bak" ]; then
         mv /usr/share/GeoIP/GeoIPCity.dat.bak /usr/share/GeoIP/GeoIPCity.dat
     fi
+  fi
+else
+  echo skipping GeoIP database update
 fi
 

setup/mail-postfix.sh

@@ -58,7 +58,7 @@ tools/editconf.py /etc/postfix/main.cf \
 	smtp_bind_address=$PRIVATE_IP \
 	smtp_bind_address6=$PRIVATE_IPV6 \
 	myhostname=$PRIMARY_HOSTNAME\
-	smtpd_banner="\$myhostname ESMTP Hi, I'm a Power Mail-in-a-Box (Debian/Postfix)" \
+	smtpd_banner="\$myhostname ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)" \
 	mydestination=localhost
 
 # Tweak some queue settings:
@@ -100,7 +100,7 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
 # Install the `outgoing_mail_header_filters` file required by the new 'authclean' service.
 cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
 
-# Modify the `outgoing_mail_header_filters` file to use the local machine name and ip
+# Modify the `outgoing_mail_header_filters` file to use the local machine name and ip 
 # on the first received header line.  This may help reduce the spam score of email by
 # removing the 127.0.0.1 reference.
 sed -i "s/PRIMARY_HOSTNAME/$PRIMARY_HOSTNAME/" /etc/postfix/outgoing_mail_header_filters
@@ -260,19 +260,6 @@ chmod +x /etc/cron.daily/mailinabox-postgrey-whitelist
 tools/editconf.py /etc/postfix/main.cf \
 	message_size_limit=134217728
 
-# Store default configurations for SMTP relays:
-tools/editconf.py /etc/postfix/main.cf \
-	smtp_sasl_auth_enable=no \
-	smtp_sasl_password_maps="hash:/etc/postfix/sasl_passwd" \
-	smtp_sasl_security_options=anonymous \
-	smtp_sasl_tls_security_options=anonymous \
-	smtp_tls_security_level=encrypt \
-	header_size_limit=4096000
-
-touch /etc/postfix/sasl_passwd
-chmod 600 /etc/postfix/sasl_passwd
-postmap /etc/postfix/sasl_passwd
-
 # Allow the two SMTP ports in the firewall.
 
 ufw_allow smtp

setup/management.sh

@@ -27,9 +27,10 @@ done
 # provision free TLS certificates.
 apt_install duplicity python3-pip virtualenv certbot
 
+# b2sdk is used for backblaze backups.
 # boto is used for amazon aws backups.
 # Both are installed outside the pipenv, so they can be used by duplicity
-hide_output pip3 install --upgrade boto
+hide_output pip3 install --upgrade b2sdk boto
 
 # Create a virtualenv for the installation of Python 3 packages
 # used by the management daemon.
@@ -50,7 +51,7 @@ hide_output $venv/bin/pip install --upgrade \
 	rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
 	flask dnspython python-dateutil \
   qrcode[pil] pyotp \
-	"idna>=2.0.0" "cryptography==2.2.2" boto psutil postfix-mta-sts-resolver
+	"idna>=2.0.0" "cryptography==2.2.2" boto psutil postfix-mta-sts-resolver b2sdk
 
 # CONFIGURATION
 
@@ -69,32 +70,22 @@ rm -rf $assets_dir
 mkdir -p $assets_dir
 
 # jQuery CDN URL
-jquery_version=3.5.1
+jquery_version=2.1.4
 jquery_url=https://code.jquery.com
 
 # Get jQuery
-wget_verify $jquery_url/jquery-$jquery_version.min.js c8e1c8b386dc5b7a9184c763c88d19a346eb3342 $assets_dir/jquery.min.js
+wget_verify $jquery_url/jquery-$jquery_version.min.js 43dc554608df885a59ddeece1598c6ace434d747 $assets_dir/jquery.min.js
 
 # Bootstrap CDN URL
-bootstrap_version=4.6.0
+bootstrap_version=3.3.7
 bootstrap_url=https://github.com/twbs/bootstrap/releases/download/v$bootstrap_version/bootstrap-$bootstrap_version-dist.zip
 
 # Get Bootstrap
-wget_verify $bootstrap_url a1d385dc33cb415512d2f38215a554c4380dac2d /tmp/bootstrap.zip
+wget_verify $bootstrap_url e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a /tmp/bootstrap.zip
 unzip -q /tmp/bootstrap.zip -d $assets_dir
 mv $assets_dir/bootstrap-$bootstrap_version-dist $assets_dir/bootstrap
 rm -f /tmp/bootstrap.zip
 
-# FontAwesome CDN URL
-fontawesome_version=5.15.2
-fontawesome_url=https://github.com/FortAwesome/Font-Awesome/releases/download/$fontawesome_version/fontawesome-free-$fontawesome_version-web.zip
-
-# Get FontAwesome
-wget_verify $fontawesome_url 2f0b3f88500238fa0be798d628a3e68c5784f165 /tmp/fontawesome.zip
-unzip -q /tmp/fontawesome.zip -d $assets_dir
-mv $assets_dir/fontawesome-free-$fontawesome_version-web $assets_dir/fontawesome
-rm -f /tmp/fontawesome.zip
-
 # Create an init script to start the management daemon and keep it
 # running after a reboot.
 cat > $inst_dir/start <<EOF;
@@ -126,14 +117,3 @@ EOF
 
 # Start the management server.
 restart_service mailinabox
-
-# FOR DEVELOPMENT PURPOSES ONLY:
-# If there is a CA certificate in the folder, install it.
-# MIAB will only accept a manual certificate installation
-# if it is signed by a CA trusted by it.
-if [[ -f mailinabox-ca.crt ]]; then
-    echo "Custom CA certificate detected. Installing..."
-    rm -f /usr/local/share/ca-certificates/mailinabox-ca.crt
-    cp mailinabox-ca.crt /usr/local/share/ca-certificates/
-    update-ca-certificates --fresh
-fi

setup/nextcloud.sh

@@ -31,8 +31,8 @@ InstallNextcloud() {
 	echo "Upgrading to Nextcloud version $version"
 	echo
 
-	# Download and verify
-	wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
+    # Download and verify
+    wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
 
 	# Remove the current owncloud/Nextcloud
 	rm -rf /usr/local/lib/owncloud

setup/questions.sh

@@ -18,10 +18,10 @@ if [ -z "${NONINTERACTIVE:-}" ]; then
 	hide_output pip3 install "email_validator>=1.0.0" || exit 1
 
 	message_box "Mail-in-a-Box Installation" \
-		"Hello and thanks for deploying a (Power) Mail-in-a-Box!
+		"Hello and thanks for deploying a Mail-in-a-Box!
 		\n\nI'm going to ask you a few questions.
 		\n\nTo change your answers later, just run 'sudo mailinabox' from the command line.
-		\n\nNOTE: You should only install this on a brand new Debian/Ubuntu installation 100% dedicated to Mail-in-a-Box. Mail-in-a-Box will, for example, remove apache2."
+		\n\nNOTE: You should only install this on a brand new Ubuntu installation 100% dedicated to Mail-in-a-Box. Mail-in-a-Box will, for example, remove apache2."
 fi
 
 # The box needs a name.
@@ -124,6 +124,7 @@ if [ -z "${ADMIN_HOME_IP:-}" ]; then
         if [ -z "${DEFAULT_ADMIN_HOME_IP:-}" ]; then
                 input_box "Admin Home IP Address" \
 		        "Enter the public IP address of the admin home, as given to you by your ISP.
+                 This will be used to prevent banning of the administrator IP address.
             		\n\nAdmin Home IP address:" \
 	   		"" \
 			ADMIN_HOME_IP

setup/system.sh

@@ -112,7 +112,7 @@ apt_get_quiet autoremove
 # * openssh-client: provides ssh-keygen
 
 echo Installing system packages...
-apt_install python3 python3-dev python3-pip \
+apt_install python3 python3-dev python3-pip python3-setuptools \
 	netcat-openbsd wget curl git sudo coreutils bc \
 	haveged pollinate openssh-client unzip \
 	unattended-upgrades cron ntp fail2ban rsyslog

setup/webmail.sh

@@ -28,10 +28,11 @@ apt_install \
 # Install Roundcube from source if it is not already present or if it is out of date.
 # Combine the Roundcube version number with the commit hash of plugins to track
 # whether we have the latest version of everything.
-VERSION=1.4.10
-HASH=36b2351030e1ebddb8e39190d7b0ba82b1bbec1b
-PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435
-HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
+
+VERSION=1.4.11
+HASH=3877f0e70f29e7d0612155632e48c3db1e626be3
+PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435 # version 5.2.0
+HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+
 CARDDAV_VERSION=4.1.1
 CARDDAV_HASH=87b73661b7799b2079c28324311eddb4241242bb
 

setup/zpush.sh

@@ -22,8 +22,8 @@ apt_install \
 phpenmod -v php imap
 
 # Copy Z-Push into place.
-VERSION=2.6.1
-TARGETHASH=a4415f0dc0ed884acc8ad5c506944fc7e6d68eeb
+VERSION=2.6.2
+TARGETHASH=4b312d64227ef887b24d9cc8f0ae17519586f6e2
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/z-push/version ]; then
 	needs_update=1 #NODOC
@@ -102,7 +102,7 @@ EOF
 
 # Restart service.
 
-restart_service php$(php_version)-fpm
+restart_service php7.2-fpm
 
 # Fix states after upgrade