external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity

Merge 9eb7e058be into 8548ede638

Browse Source
This commit is contained in:
Chris Blankenship 2016-04-26 04:47:24 +00:00
commit d66f4e7b87
4 changed files with 39 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
setup/functions.sh
View File

@ -132,6 +132,14 @@ function ufw_allow {
fi fi
} }
# Adds a limit rule allowing 6 in 30 sec
function ufw_limit {
if [ -z "$DISABLE_FIREWALL" ]; then
# ufw has completely unhelpful output
ufw limit $1 > /dev/null;
fi
}
function restart_service { function restart_service {
hide_output service $1 restart hide_output service $1 restart
} }

31
setup/mail-dovecot.sh
View File

@ -38,7 +38,30 @@ apt_install \
# would be 20 users). Set it to 250 times the number of cores this # would be 20 users). Set it to 250 times the number of cores this
# machine has, so on a two-core machine that's 500 processes/100 users). # machine has, so on a two-core machine that's 500 processes/100 users).
tools/editconf.py /etc/dovecot/conf.d/10-master.conf \ tools/editconf.py /etc/dovecot/conf.d/10-master.conf \
default_process_limit=$(echo "`nproc` * 250" | bc) default_process_limit=$(echo "`nproc` * 250" | bc) \
log_path = /var/log/dovecot.log
# Set the log file for dovecot to it's own to avoid loading up
# syslog with excessive log events
tools/editconf.py /etc/dovecot/conf.d/10-master.conf \
log_path = /var/log/dovecot.log
# Add logrotate entry for dovecot
cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
/var/log/dovecot*.log {
missingok
notifempty
delaycompress
sharedscripts
postrotate
doveadm log reopen
endscript
}
EOF
# set ownership and permissions for dovecot log file
chown syslog:adm /var/log/dovecot.log
chmod 640 /var/log/dovecot.log
# The inotify `max_user_instances` default is 128, which constrains # The inotify `max_user_instances` default is 128, which constrains
# the total number of watched (IMAP IDLE push) folders by open connections. # the total number of watched (IMAP IDLE push) folders by open connections.
@ -200,11 +223,11 @@ mkdir -p $STORAGE_ROOT/mail/sieve/global_after
chown -R mail.mail $STORAGE_ROOT/mail/sieve chown -R mail.mail $STORAGE_ROOT/mail/sieve
# Allow the IMAP/POP ports in the firewall. # Allow the IMAP/POP ports in the firewall.
ufw_allow imaps ufw_limit imaps
ufw_allow pop3s ufw_limit pop3s
# Allow the Sieve port in the firewall. # Allow the Sieve port in the firewall.
ufw_allow sieve ufw_limit sieve
# Restart services. # Restart services.
restart_service dovecot restart_service dovecot

4
setup/system.sh
View File

@ -229,7 +229,7 @@ if [ -z "$DISABLE_FIREWALL" ]; then
apt_install ufw apt_install ufw
# Allow incoming connections to SSH. # Allow incoming connections to SSH.
ufw_allow ssh; ufw_limit ssh;
# ssh might be running on an alternate port. Use sshd -T to dump sshd's #NODOC # ssh might be running on an alternate port. Use sshd -T to dump sshd's #NODOC
# settings, find the port it is supposedly running on, and open that port #NODOC # settings, find the port it is supposedly running on, and open that port #NODOC
@ -239,7 +239,7 @@ if [ -z "$DISABLE_FIREWALL" ]; then
if [ "$SSH_PORT" != "22" ]; then if [ "$SSH_PORT" != "22" ]; then
echo Opening alternate SSH port $SSH_PORT. #NODOC echo Opening alternate SSH port $SSH_PORT. #NODOC
ufw_allow $SSH_PORT #NODOC ufw_limit $SSH_PORT #NODOC
fi fi
fi fi

4
setup/web.sh
View File

@ -106,6 +106,6 @@ restart_service nginx
restart_service php5-fpm restart_service php5-fpm
# Open ports. # Open ports.
ufw_allow http ufw_limit http
ufw_allow https ufw_limit https