From e04f358cc4bc9d4203407e7d44212f257a432102 Mon Sep 17 00:00:00 2001 From: John Supplee Date: Fri, 11 Oct 2019 12:40:50 +0200 Subject: [PATCH] remove extra features from master branch --- conf/cronjob/dovecot | 1 - conf/cronjob/solr | 2 - conf/nginx.conf | 6 +- management/auth.py | 2 +- management/daemon.py | 90 ++++------------------------ management/ssl_certificates.py | 6 +- management/status_checks.py | 2 - management/templates/index.html | 5 -- management/templates/mailgraph.html | 48 --------------- management/web_update.py | 18 ------ requirements.txt | 11 ---- setup/mail-postfix.sh | 59 ++---------------- setup/options-dialog.py | 93 ----------------------------- setup/questions.sh | 11 ---- setup/solr.sh | 85 -------------------------- setup/start.sh | 21 ------- setup/web.sh | 17 ++---- setup/webmail.sh | 2 +- tools/dns-auth.sh | 10 ---- tools/dns-cleanup.sh | 8 --- 20 files changed, 28 insertions(+), 469 deletions(-) delete mode 100644 conf/cronjob/dovecot delete mode 100644 conf/cronjob/solr delete mode 100644 management/templates/mailgraph.html delete mode 100644 requirements.txt delete mode 100644 setup/options-dialog.py delete mode 100644 setup/solr.sh delete mode 100755 tools/dns-auth.sh delete mode 100755 tools/dns-cleanup.sh diff --git a/conf/cronjob/dovecot b/conf/cronjob/dovecot deleted file mode 100644 index 8de53e63..00000000 --- a/conf/cronjob/dovecot +++ /dev/null @@ -1 +0,0 @@ -/usr/bin/doveadm fts rescan -A diff --git a/conf/cronjob/solr b/conf/cronjob/solr deleted file mode 100644 index 217f0191..00000000 --- a/conf/cronjob/solr +++ /dev/null @@ -1,2 +0,0 @@ -*/1 * * * * root /usr/bin/curl http://127.0.0.1:8080/solr/update?commit=true &>/dev/null -30 3 * * * root /usr/bin/curl http://127.0.0.1:8080/solr/update?optimize=true &>/dev/null diff --git a/conf/nginx.conf b/conf/nginx.conf index 25910764..fafd3409 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,5 @@ ## $HOSTNAME -#BEGIN_HTTP # Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate # domain validation challenges) path, which must be served over HTTP per the ACME spec # (due to some Apache vulnerability). @@ -29,12 +28,11 @@ server { alias $STORAGE_ROOT/ssl/lets_encrypt/webroot/.well-known/acme-challenge/; } } -#END_HTTP # The secure HTTPS server. server { - listen $HTTP_SSL_PORT ssl http2; - listen [::]:$HTTP_SSL_PORT ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name $HOSTNAME; diff --git a/management/auth.py b/management/auth.py index 0b082580..55f59664 100644 --- a/management/auth.py +++ b/management/auth.py @@ -59,7 +59,7 @@ class KeyAuthService: credentials = decode(credentials) if ":" not in credentials: - return credentials, None + return None, None username, password = credentials.split(':', maxsplit=1) return username, password diff --git a/management/daemon.py b/management/daemon.py index 5d31a411..9d5f6a36 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -1,7 +1,5 @@ import os, os.path, re, json, time import subprocess -import base64 -import sys from functools import wraps @@ -349,34 +347,6 @@ def dns_get_dump(): from dns_update import build_recommended_dns return json_response(build_recommended_dns(env)) -@app.route('/letsencrypt/dns-auth//', methods=['GET']) -@authorized_personnel_only -def letsencrypt_dns_auth(domain, token): - from dns_update import do_dns_update, set_custom_dns_record - try: - qname = '_acme-challenge.' + domain - if set_custom_dns_record(qname, 'TXT', token, 'add', env): - if not do_dns_update(env): - return ("Error updating DNS", 400) - return "OK" - - except ValueError as e: - return (str(e), 400) - -@app.route('/letsencrypt/dns-cleanup/', methods=['GET']) -@authorized_personnel_only -def letsencrypt_dns_cleanup(domain): - from dns_update import do_dns_update, set_custom_dns_record - try: - qname = '_acme-challenge.' + domain - if set_custom_dns_record(qname, 'TXT', None, 'remove', env): - if not do_dns_update(env): - return ("Error updating DNS", 400) - return "OK" - - except ValueError as e: - return (str(e), 400) - # SSL @app.route('/ssl/status') @@ -573,62 +543,28 @@ def privacy_status_set(): utils.write_settings(config, env) return "OK" - -# Quotas - @app.route('/system/default-quota', methods=["GET"]) @authorized_personnel_only def default_quota_get(): - if request.values.get('text'): - return get_default_quota(env) - else: - return json_response({ - "default-quota": get_default_quota(env), - }) + if request.values.get('text'): + return get_default_quota(env) + else: + return json_response({ + "default-quota": get_default_quota(env), + }) @app.route('/system/default-quota', methods=["POST"]) @authorized_personnel_only def default_quota_set(): - config = utils.load_settings(env) - try: - config["default-quota"] = validate_quota(request.values.get('default_quota')) - utils.write_settings(config, env) + config = utils.load_settings(env) + try: + config["default-quota"] = validate_quota(request.values.get('default_quota')) + utils.write_settings(config, env) - except ValueError as e: - return ("ERROR: %s" % str(e), 400) - - return "OK" - - -# Mailgraph - -@app.route('/mailgraph/image.cgi', methods=['GET']) -@authorized_personnel_only -def mailgraph(): - if request.query_string: - query = request.query_string.decode('utf-8', 'ignore') - if '&' in query: - query = query.split('&')[0] - - print("QUERY_STRING=%s" % query, file=sys.stderr) - - code, bin_out = utils.shell( - "check_output", - ["/usr/share/mailgraph/mailgraph.cgi"], - env={"QUERY_STRING": query}, - return_bytes=True, - trap=True - ) - - if code != 0: - return ('Error generating mailgraph image: %s' % query, 500) - - headers, image_bytes = bin_out.split(b'\n\n', 1) - - return base64.b64encode(image_bytes) - - return ('Mailgraph: no image requested', 500) + except ValueError as e: + return ("ERROR: %s" % str(e), 400) + return "OK" # MUNIN diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py index e2e582a2..76b0f8fa 100755 --- a/management/ssl_certificates.py +++ b/management/ssl_certificates.py @@ -313,7 +313,6 @@ def provision_certificates(env, limit_domains): webroot = os.path.join(account_path, 'webroot') os.makedirs(webroot, exist_ok=True) with tempfile.TemporaryDirectory() as d: - miab_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) cert_file = os.path.join(d, 'cert_and_chain.pem') print("Provisioning TLS certificates for " + ", ".join(domain_list) + ".") certbotret = subprocess.check_output([ @@ -329,10 +328,7 @@ def provision_certificates(env, limit_domains): "--chain-path", os.path.join(d, 'chain'), # we only use the full chain "--fullchain-path", cert_file, - "--manual", - "--preferred-challenge", "dns", - "--manual-auth-hook", os.path.join(miab_dir, "tools/dns-auth.sh"), - "--manual-cleanup-hook", os.path.join(miab_dir, "tools/dns-cleanup.sh"), + "--webroot", "--webroot-path", webroot, "--config-dir", account_path, #"--staging", diff --git a/management/status_checks.py b/management/status_checks.py index 9c1cc6c9..0accebb5 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -26,7 +26,6 @@ def get_services(): { "name": "Dovecot LMTP LDA", "port": 10026, "public": False, }, { "name": "Postgrey", "port": 10023, "public": False, }, { "name": "Spamassassin", "port": 10025, "public": False, }, - { "name": "IMAP Quota", "port": 12340, "public": False }, { "name": "OpenDKIM", "port": 8891, "public": False, }, { "name": "OpenDMARC", "port": 8893, "public": False, }, { "name": "Mail-in-a-Box Management Daemon", "port": 10222, "public": False, }, @@ -39,7 +38,6 @@ def get_services(): { "name": "Mail Filters (Sieve/dovecot)", "port": 4190, "public": True, }, { "name": "HTTP Web (nginx)", "port": 80, "public": True, }, { "name": "HTTPS Web (nginx)", "port": 443, "public": True, }, - { "name": "Solr Full Text Search (tomcat)", "port": 8080, "public": False, }, ] def run_checks(rounded_values, env, output, pool): diff --git a/management/templates/index.html b/management/templates/index.html index 26d25e4a..2c0d5a9a 100644 --- a/management/templates/index.html +++ b/management/templates/index.html @@ -102,7 +102,6 @@
  • Instructions
  • Users
  • Aliases
  • -
  • Mailgraph
  • Contacts/Calendar
  • @@ -152,10 +151,6 @@ {% include "sync-guide.html" %} -
    - {% include "mailgraph.html" %} -
    -
    {% include "web.html" %}
    diff --git a/management/templates/mailgraph.html b/management/templates/mailgraph.html deleted file mode 100644 index 91577512..00000000 --- a/management/templates/mailgraph.html +++ /dev/null @@ -1,48 +0,0 @@ -

    Mail statistics

    - - -

    Last Day

    -

    mailgraph

    -

    mailgraph

    -

    mailgraph

    - -

    Last Week

    -

    mailgraph

    -

    mailgraph

    -

    mailgraph

    - -

    Last Month

    -

    mailgraph

    -

    mailgraph

    -

    mailgraph

    - -

    Last Year

    -

    mailgraph

    -

    mailgraph

    -

    mailgraph

    - -
    - -

    Mailgraph 1.14 by David Schweikert -(built on Tobi Oetiker's RRDtool)

    - - diff --git a/management/web_update.py b/management/web_update.py index 1d8da03f..12959632 100644 --- a/management/web_update.py +++ b/management/web_update.py @@ -100,20 +100,6 @@ def do_web_update(env): # Add default 'www.' redirect. nginx_conf += make_domain_config(domain, [template0, template3], ssl_certificates, env) - if str(env['HTTP_SSL_PORT']) != "443": - in_http = False - new_conf = '' - for line in nginx_conf.split('\n'): - if line.strip() == '#BEGIN_HTTP': - in_http = True - elif line.strip() == '#END_HTTP': - in_http = False - - if not in_http: - new_conf += line + '\n' - - nginx_conf = new_conf - # Did the file change? If not, don't bother writing & restarting nginx. nginx_conf_fn = "/etc/nginx/conf.d/local.conf" if os.path.exists(nginx_conf_fn): @@ -198,12 +184,8 @@ def make_domain_config(domain, templates, ssl_certificates, env): nginx_conf = re.sub("[ \t]*# ADDITIONAL DIRECTIVES HERE *\n", t, nginx_conf) # Replace substitution strings in the template & return. - if int(env['HTTP_SSL_PORT']) != 443: - # disable the regular HTTP server - nginx_conf = re.sub(r'#BEGIN_HTTP.*?#END_HTTP', repl='', string=nginx_conf, flags=re.MULTILINE) nginx_conf = nginx_conf.replace("$STORAGE_ROOT", env['STORAGE_ROOT']) nginx_conf = nginx_conf.replace("$HOSTNAME", domain) - nginx_conf = nginx_conf.replace("$HTTP_SSL_PORT", env['HTTP_SSL_PORT']) nginx_conf = nginx_conf.replace("$ROOT", root) nginx_conf = nginx_conf.replace("$SSL_KEY", tls_cert["private-key"]) nginx_conf = nginx_conf.replace("$SSL_CERTIFICATE", tls_cert["certificate"]) diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 1263c703..00000000 --- a/requirements.txt +++ /dev/null @@ -1,11 +0,0 @@ -rtyaml -email_validator>=1.0.0 -exclusiveprocess -flask -dnspython -python-dateutil -idna>=2.0.0 -cryptography==2.2.2 -boto -psutil -npyscreen diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh index e3ba3422..684aafdd 100755 --- a/setup/mail-postfix.sh +++ b/setup/mail-postfix.sh @@ -42,8 +42,7 @@ source /etc/mailinabox.conf # load global vars # * `ca-certificates`: A trust store used to squelch postfix warnings about # untrusted opportunistically-encrypted connections. echo "Installing Postfix (SMTP server)..." -apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates \ - postfix-policyd-spf-python postsrsd +apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates # ### Basic Settings @@ -98,9 +97,7 @@ tools/editconf.py /etc/postfix/master.cf -s -w \ -o cleanup_service_name=authclean" \ "authclean=unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters - -o nested_header_checks=" \ - "policy-spf=unix - n n - - spawn - user=nobody argv=/usr/bin/policyd-spf" + -o nested_header_checks=" # Install the `outgoing_mail_header_filters` file required by the new 'authclean' service. cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters @@ -199,23 +196,9 @@ tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1 # so these IPs get mail delivered quickly. But when an IP is not listed in the permit_dnswl_client list (i.e. it is not #NODOC # whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC - -postconf -e smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" - -RECIPIENT_RESTRICTIONS="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient" - -if [ $POSTGREY == 1 ]; then - RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:10023" -fi - -if [ $POLICY_SPF == 1 ]; then - RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service unix:private/policy-spf" -fi - -# Add quota check -RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:12340" - -postconf -e smtpd_recipient_restrictions="$RECIPIENT_RESTRICTIONS" +tools/editconf.py /etc/postfix/main.cf \ + smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \ + smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient,"check_policy_service inet:127.0.0.1:10023","check_policy_service inet:127.0.0.1:12340" # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that # Postgrey listens on the same interface (and not IPv6, for instance). @@ -259,29 +242,6 @@ chmod +x /etc/cron.daily/mailinabox-postgrey-whitelist tools/editconf.py /etc/postfix/main.cf \ message_size_limit=134217728 -if [ $POSTSRSD == 1 ]; then - # Setup SRS - postconf -e \ - sender_canonical_maps=tcp:localhost:10001 \ - sender_canonical_classes=envelope_sender \ - recipient_canonical_maps=tcp:localhost:10002 \ - recipient_canonical_classes=envelope_recipient,header_recipient - - hide_output systemctl enable postsrsd - hide_output systemctl restart postsrsd - -else - postconf -e \ - sender_canonical_maps= \ - sender_canonical_classes= \ - recipient_canonical_maps= \ - recipient_canonical_classes= - - hide_output systemctl disable postsrsd - hide_output systemctl stop postsrsd -fi - - # Allow the two SMTP ports in the firewall. ufw_allow smtp @@ -290,11 +250,4 @@ ufw_allow submission # Restart services restart_service postfix - -if [ $POSTGREY == 1 ]; then - hide_output systemctl enable postgrey - hide_output systemctl restart postgrey -else - hide_output systemctl disable postgrey - hide_output systemctl stop postgrey -fi +restart_service postgrey diff --git a/setup/options-dialog.py b/setup/options-dialog.py deleted file mode 100644 index 166ee455..00000000 --- a/setup/options-dialog.py +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/env python -# encoding: utf-8 - -import npyscreen -import sys -import os - - -class OptionsApp(npyscreen.NPSApp): - def main(self): - # These lines create the form and populate it with widgets. - # A fairly complex screen in only 8 or so lines of code - a line for each control. - npyscreen.setTheme(npyscreen.Themes.BlackOnWhiteTheme) - - form = npyscreen.Form(name = "Mail-in-a-Box Options",) - form.add( - npyscreen.TitleFixedText, - name="POSTGREY", - value="", - editable=False - ) - form.add( - npyscreen.MultiLineEdit, - value="The Postgrey service greylists incoming messages from unknown senders.\n" - "It can be useful for fighting spam but often causes message delivery\n" - "delays of several minutes.", - max_height=4, - editable=False - ) - - form.add( - npyscreen.TitleFixedText, - name="POSTSRSD", - value="", - editable=False - ) - form.add( - npyscreen.MultiLineEdit, - value="The PostSRSd daemon performs return path rewriting using the SRS protocol.\n" - "Not that all messages, including locally delivered mail will have their return\n" - "paths rewritten", - max_height=4, - editable=False - ) - - form.add( - npyscreen.TitleFixedText, - name="POLICY_SPF", - value="", - editable=False - ) - form.add( - npyscreen.MultiLineEdit, - value="" - "The policy SPF service checks the SPF of incoming mails and rejects those\n" - "that do not qualify. This helps to prevent spoofing, but if valid mail does\n" - "not have SPF configured properly it will be rejected.", - max_height=4, - editable=False - ) - - init_values = [] - if int(os.getenv('POSTGREY', 1)) == 1: - init_values.append(0) - - if int(os.getenv('POSTSRSD', 0)) == 1: - init_values.append(1) - - if int(os.getenv('POLICY_SPF', 0)) == 1: - init_values.append(2) - - options = form.add( - npyscreen.TitleMultiSelect, - max_height=-2, - value=init_values, - name="Options", - values= ["POSTGREY","POSTSRSD","POLICY_SPF"], - scroll_exit=True - ) - - # This lets the user interact with the Form. - form.edit() - - with open('_options.sh', 'w') as output: - print('POSTGREY=%i' % (1 if 0 in options.value else 0), file=output) - print('POSTSRSD=%i' % (1 if 1 in options.value else 0), file=output) - print('POLICY_SPF=%i' % (1 if 2 in options.value else 0), file=output) - # print(npyscreen.ThemeManager.default_colors, file=output) - - -if __name__ == "__main__": - App = OptionsApp() - App.run() diff --git a/setup/questions.sh b/setup/questions.sh index 61ef19bf..bf382f49 100644 --- a/setup/questions.sh +++ b/setup/questions.sh @@ -16,7 +16,6 @@ if [ -z "${NONINTERACTIVE:-}" ]; then # we install it inside a virtualenv. In this script, we don't have the virtualenv yet # so we install the python package globally. hide_output pip3 install "email_validator>=1.0.0" || exit 1 - hide_output pip3 install npyscreen || exit 1 message_box "Mail-in-a-Box Installation" \ "Hello and thanks for deploying a Mail-in-a-Box! @@ -194,16 +193,6 @@ if [ -z "${STORAGE_ROOT:-}" ]; then STORAGE_ROOT=$([[ -z "${DEFAULT_STORAGE_ROOT:-}" ]] && echo "/home/$STORAGE_USER" || echo "$DEFAULT_STORAGE_ROOT") fi -# export options variables so they are visible to the options program -export POSTGREY -export POSTSRSD -export POLICY_SPF - -python3 setup/options-dialog.py -source ./_options.sh -rm _options.sh - - # Show the configuration, since the user may have not entered it manually. echo echo "Primary Hostname: $PRIMARY_HOSTNAME" diff --git a/setup/solr.sh b/setup/solr.sh deleted file mode 100644 index 05e64433..00000000 --- a/setup/solr.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/bash -# -# Inspired by the solr.sh from jkaberg (https://github.com/jkaberg/mailinabox-sogo) -# with some modifications -# -# IMAP search with lucene via solr -# -------------------------------- -# -# By default dovecot uses its own Squat search index that has awful performance -# on large mailboxes. Dovecot 2.1+ has support for using Lucene internally but -# this didn't make it into the Ubuntu packages, so we use Solr instead to run -# Lucene for us. -# -# Solr runs as a tomcat process. The dovecot solr plugin talks to solr via its -# HTTP interface, causing mail to be indexed when searches occur, and getting -# results back. - -source setup/functions.sh # load our functions -source /etc/mailinabox.conf # load global vars - -# Install packages and basic configuation -# --------------------------------------- - -echo "Installing Solr..." - -# Install packages -apt_install solr-tomcat dovecot-solr - -# Solr requires a schema to tell it how to index data, this is provided by dovecot -cp /usr/share/dovecot/solr-schema.xml /etc/solr/conf/schema.xml - -# Update the dovecot plugin configuration -# -# Break-imap-search makes search work the way users expect, rather than the way -# the IMAP specification expects -tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \ - mail_plugins="fts fts_solr" - -cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF; -plugin { - fts = solr - fts_autoindex = yes - fts_solr = break-imap-search url=http://127.0.0.1:8080/solr/ -} -EOF - -# Bump memory allocation for Solr. -# Not needed? I'll let it sit here for a while. -#echo 'export JAVA_OPTS=-Xms512M -Xmx1024M' > /usr/share/tomcat7/bin/setenv.sh - -# Install cronjobs to keep FTS up to date -hide_output install -m 755 conf/cronjob/dovecot /etc/cron.daily/ -hide_output install -m 644 conf/cronjob/solr /etc/cron.d/ - -# PERMISSIONS - -# Ensure configuration files are owned by dovecot and not world readable. -chown -R mail:dovecot /etc/dovecot -chmod -R o-rwx /etc/dovecot - -mkdir -p /etc/systemd/system/tomcat9.service.d -cat > /etc/systemd/system/tomcat9.service.d/solr-permissions.conf << EOF -[Service] -ReadWritePaths=/var/lib/solr/ -ReadWritePaths=/var/lib/solr/data/ -EOF - -# Restart services to reload solr schema & dovecot plugins -restart_service tomcat9 -restart_service dovecot - - -# Kickoff building the index - -# Per doveadm-fts manpage: Scan what mails exist in the full text search index -# and compare those to what actually exist in mailboxes. -# This removes mails from the index that have already been expunged and makes -# sure that the next doveadm index will index all the missing mails (if any). -doveadm fts rescan -A - -# Adds unindexed files to the fts database -# * `-q`: Queues the indexing to be run by indexer process. (will background the indexing) -# * `-A`: All users -# * `'*'`: All folders -doveadm index -q -A '*' diff --git a/setup/start.sh b/setup/start.sh index 2bdea975..0b145022 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -42,22 +42,6 @@ else FIRST_TIME_SETUP=1 fi -if [ -z "${HTTP_SSL_PORT:-}" ]; then - HTTP_SSL_PORT=$([[ -z "${DEFAULT_HTTP_SSL_PORT:-}" ]] && echo "443" || echo "$DEFAULT_HTTP_SSL_PORT") -fi - -if [ -z "${POSTGREY:-}" ]; then - POSTGREY=$([[ -z "${DEFAULT_POSTGREY:-}" ]] && echo "1" || echo "$DEFAULT_POSTGREY") -fi - -if [ -z "${POSTSRSD:-}" ]; then - POSTSRSD=$([[ -z "${DEFAULT_POSTSRSD:-}" ]] && echo "0" || echo "$DEFAULT_POSTSRSD") -fi - -if [ -z "${POLICY_SPF:-}" ]; then - POLICY_SPF=$([[ -z "${DEFAULT_POLICY_SPF:-}" ]] && echo "0" || echo "$DEFAULT_POLICY_SPF") -fi - # Put a start script in a global location. We tell the user to run 'mailinabox' # in the first dialog prompt, so we should do this before that starts. cat > /usr/local/bin/mailinabox << EOF; @@ -109,10 +93,6 @@ PUBLIC_IP=$PUBLIC_IP PUBLIC_IPV6=$PUBLIC_IPV6 PRIVATE_IP=$PRIVATE_IP PRIVATE_IPV6=$PRIVATE_IPV6 -HTTP_SSL_PORT=$HTTP_SSL_PORT -POSTGREY=$POSTGREY -POSTSRSD=$POSTSRSD -POLICY_SPF=$POLICY_SPF EOF # Start service configuration. @@ -122,7 +102,6 @@ source setup/dns.sh source setup/mail-postfix.sh source setup/mail-dovecot.sh source setup/mail-users.sh -source setup/solr.sh source setup/dkim.sh source setup/spamassassin.sh source setup/web.sh diff --git a/setup/web.sh b/setup/web.sh index 02c3a45c..ed37e5e3 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -19,7 +19,7 @@ fi echo "Installing Nginx (web server)..." -apt_install nginx php-cli php-fpm fcgiwrap mailgraph +apt_install nginx php-cli php-fpm rm -f /etc/nginx/sites-enabled/default @@ -48,12 +48,6 @@ tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ default_charset="UTF-8" -# Set higher timeout since searches with Roundcube and Solr may take longer -# than the default 60 seconds. We will also match Roundcube's timeout to the -# same value -tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ - default_socket_timeout=180 - # Switch from the dynamic process manager to the ondemand manager see #1216 tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ pm=ondemand @@ -102,9 +96,6 @@ restart_service nginx restart_service php7.2-fpm # Open ports. -if [ $HTTP_SSL_PORT == 443 ]; then - ufw_allow http - ufw_allow https -else - ufw_allow $HTTP_SSL_PORT -fi +ufw_allow http +ufw_allow https + diff --git a/setup/webmail.sh b/setup/webmail.sh index 9182228f..5e1c6233 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -108,7 +108,7 @@ cat > $RCM_CONFIG < false, ), ); -\$config['imap_timeout'] = 180; +\$config['imap_timeout'] = 15; \$config['smtp_server'] = 'tls://127.0.0.1'; \$config['smtp_port'] = 587; \$config['smtp_user'] = '%u'; diff --git a/tools/dns-auth.sh b/tools/dns-auth.sh deleted file mode 100755 index e3ee77c8..00000000 --- a/tools/dns-auth.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash - -# TODO: Make work with port other than 443 - -API_KEY=`cat /var/lib/mailinabox/api.key` -HOSTNAME=`hostname` - -curl -s -X PUT -d "$CERTBOT_VALIDATION" --user "$API_KEY:" https://$HOSTNAME/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT - -sleep 15 diff --git a/tools/dns-cleanup.sh b/tools/dns-cleanup.sh deleted file mode 100755 index cefad58f..00000000 --- a/tools/dns-cleanup.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -# TODO: Make work with port other than 443 - -API_KEY=`cat /var/lib/mailinabox/api.key` -HOSTNAME=`hostname` - -curl -s -X DELETE --user "$API_KEY:" https://$HOSTNAME/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT