initial commit of some preliminary notes

2026-03-06 16:07:22 +01:00 · 2013-08-20 22:27:32 -04:00
commit d3a20b3369
8 changed files with 233 additions and 0 deletions
--- a/scripts/mail.sh
+++ b/scripts/mail.sh
@@ -0,0 +1,55 @@
+# Configures a postfix SMTP server.
+
+sudo DEBIAN_FRONTEND=noninteractive apt-get install -y postfix postgrey
+
+# TLS configuration
+sudo tools/editconf.py /etc/postfix/main.cf \
+	smtpd_tls_auth_only=yes \
+	smtp_tls_security_level=may \
+	smtp_tls_loglevel=2 \
+	smtpd_tls_received_header=yes
+
+# authorization via dovecot
+sudo tools/editconf.py /etc/postfix/main.cf \
+	smtpd_sasl_type=dovecot \
+	smtpd_sasl_path=private/auth \
+	smtpd_sasl_auth_enable=yes \
+	smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
+
+sudo tools/editconf.py /etc/postfix/main.cf mydestination=localhost
+
+# message delivery is directly to dovecot
+sudo tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:unix:private/dovecot-lmtp
+
+# domain and user table is configured in a Sqlite3 database
+sudo tools/editconf.py /etc/postfix/main.cf \
+	virtual_mailbox_domains=sqlite:/etc/postfix/virtual-mailbox-domains.cf \
+	virtual_mailbox_maps=sqlite:/etc/postfix/virtual-mailbox-maps.cf \
+	virtual_alias_maps=sqlite:/etc/postfix/virtual-alias-maps.cf \
+	local_recipient_maps=\$virtual_mailbox_maps
+
+db_path=/home/ubuntu/storage/mail.sqlite
+	
+sudo su root -c "cat > /etc/postfix/virtual-mailbox-domains.cf" << EOF;
+dbpath=$db_path
+query = SELECT 1 FROM users WHERE email LIKE '@%s'
+EOF
+
+sudo su root -c "cat > /etc/postfix/virtual-mailbox-maps.cf" << EOF;
+dbpath=$db_path
+query = SELECT 1 FROM users WHERE email='%s'
+EOF
+
+sudo su root -c "cat > /etc/postfix/virtual-alias-maps.cf" << EOF;
+dbpath=$db_path
+query = SELECT destination FROM aliases WHERE source='%s'
+EOF
+
+# re-start postfix
+sudo service postfix restart
+
+# allow ports in the firewall
+sudo ufw allow smtpd
+sudo ufw allow submission
+
+
--- a/scripts/new_volume.sh
+++ b/scripts/new_volume.sh
@@ -0,0 +1,6 @@
+mkdir storage
+
+# mount volume
+
+echo "CREATE TABLE users (email text, password text);" | sqlite3 /home/ubuntu/storage/mail.sqlite;
+
--- a/scripts/system.sh
+++ b/scripts/system.sh
@@ -0,0 +1,27 @@
+# Base system configuration.
+
+sudo apt-get update
+sudo apt-get -y upgrade
+
+# Basic packages.
+
+sudo apt-get -y install sqlite3
+
+# Turn on basic services:
+#
+#   ntp: keeps the system time correct
+#
+#   fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
+#
+# These services don't need further configuration and are started immediately after installation.
+
+sudo apt-get install -y ntp fail2ban
+
+# Turn on the firewall. First allow incoming SSH, then turn on the firewall. Additional open
+# ports will be set up in the scripts that set up those services.
+sudo ufw allow ssh
+sudo ufw allow domain
+sudo ufw allow http
+sudo ufw allow https
+sudo ufw --force enable
+