remove extra features from master branch

setup/mail-postfix.sh

@@ -42,8 +42,7 @@ source /etc/mailinabox.conf # load global vars
 # * `ca-certificates`: A trust store used to squelch postfix warnings about
 #   untrusted opportunistically-encrypted connections.
 echo "Installing Postfix (SMTP server)..."
-apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates \
-	postfix-policyd-spf-python postsrsd
+apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates
 
 # ### Basic Settings
 
@@ -98,9 +97,7 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
 	  -o cleanup_service_name=authclean" \
 	"authclean=unix  n       -       -       -       0       cleanup
 	  -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters
-	  -o nested_header_checks=" \
-	"policy-spf=unix  -       n       n       -       -       spawn
-	  user=nobody argv=/usr/bin/policyd-spf"
+	  -o nested_header_checks="
 
 # Install the `outgoing_mail_header_filters` file required by the new 'authclean' service.
 cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
@@ -199,23 +196,9 @@ tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
 # so these IPs get mail delivered quickly. But when an IP is not listed in the permit_dnswl_client list (i.e. it is not #NODOC
 # whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC
 # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
-
-postconf -e smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org"
-
-RECIPIENT_RESTRICTIONS="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient"
-
-if [ $POSTGREY == 1 ]; then
-    RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:10023"
-fi
-
-if [ $POLICY_SPF == 1 ]; then
-    RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service unix:private/policy-spf"
-fi
-
-# Add quota check
-RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:12340"
-
-postconf -e smtpd_recipient_restrictions="$RECIPIENT_RESTRICTIONS"
+tools/editconf.py /etc/postfix/main.cf \
+	smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \
+	smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient,"check_policy_service inet:127.0.0.1:10023","check_policy_service inet:127.0.0.1:12340"
 
 # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
 # Postgrey listens on the same interface (and not IPv6, for instance).
@@ -259,29 +242,6 @@ chmod +x /etc/cron.daily/mailinabox-postgrey-whitelist
 tools/editconf.py /etc/postfix/main.cf \
 	message_size_limit=134217728
 
-if [ $POSTSRSD == 1 ]; then
-    # Setup SRS
-    postconf -e \
-        sender_canonical_maps=tcp:localhost:10001 \
-        sender_canonical_classes=envelope_sender \
-        recipient_canonical_maps=tcp:localhost:10002 \
-        recipient_canonical_classes=envelope_recipient,header_recipient
-
-    hide_output systemctl enable postsrsd
-    hide_output systemctl restart postsrsd
-
-else
-    postconf -e \
-        sender_canonical_maps= \
-        sender_canonical_classes= \
-        recipient_canonical_maps= \
-        recipient_canonical_classes=
-
-    hide_output systemctl disable postsrsd
-    hide_output systemctl stop postsrsd
-fi
-
-
 # Allow the two SMTP ports in the firewall.
 
 ufw_allow smtp
@@ -290,11 +250,4 @@ ufw_allow submission
 # Restart services
 
 restart_service postfix
-
-if [ $POSTGREY == 1 ]; then
-    hide_output systemctl enable postgrey
-    hide_output systemctl restart postgrey
-else
-    hide_output systemctl disable postgrey
-    hide_output systemctl stop postgrey
-fi
+restart_service postgrey

setup/options-dialog.py

@@ -1,93 +0,0 @@
-#!/usr/bin/env python
-# encoding: utf-8
-
-import npyscreen
-import sys
-import os
-
-
-class OptionsApp(npyscreen.NPSApp):
-    def main(self):
-        # These lines create the form and populate it with widgets.
-        # A fairly complex screen in only 8 or so lines of code - a line for each control.
-        npyscreen.setTheme(npyscreen.Themes.BlackOnWhiteTheme)
-
-        form  = npyscreen.Form(name = "Mail-in-a-Box Options",)
-        form.add(
-            npyscreen.TitleFixedText,
-            name="POSTGREY",
-            value="",
-            editable=False
-        )
-        form.add(
-            npyscreen.MultiLineEdit,
-            value="The Postgrey service greylists incoming messages from unknown senders.\n"
-                  "It can be useful for fighting spam but often causes message delivery\n"
-                  "delays of several minutes.",
-            max_height=4,
-            editable=False
-        )
-
-        form.add(
-            npyscreen.TitleFixedText,
-            name="POSTSRSD",
-            value="",
-            editable=False
-        )
-        form.add(
-            npyscreen.MultiLineEdit,
-            value="The PostSRSd daemon performs return path rewriting using the SRS protocol.\n"
-                  "Not that all messages, including locally delivered mail will have their return\n"
-                  "paths rewritten",
-            max_height=4,
-            editable=False
-        )
-
-        form.add(
-            npyscreen.TitleFixedText,
-            name="POLICY_SPF",
-            value="",
-            editable=False
-        )
-        form.add(
-            npyscreen.MultiLineEdit,
-            value=""
-                  "The policy SPF service checks the SPF of incoming mails and rejects those\n"
-                  "that do not qualify.  This helps to prevent spoofing, but if valid mail does\n"
-                  "not have SPF configured properly it will be rejected.",
-            max_height=4,
-            editable=False
-        )
-
-        init_values = []
-        if int(os.getenv('POSTGREY', 1)) == 1:
-            init_values.append(0)
-
-        if int(os.getenv('POSTSRSD', 0)) == 1:
-            init_values.append(1)
-
-        if int(os.getenv('POLICY_SPF', 0)) == 1:
-            init_values.append(2)
-
-        options = form.add(
-            npyscreen.TitleMultiSelect,
-            max_height=-2,
-            value=init_values,
-            name="Options",
-            values= ["POSTGREY","POSTSRSD","POLICY_SPF"],
-            scroll_exit=True
-        )
-
-        # This lets the user interact with the Form.
-        form.edit()
-
-        with open('_options.sh', 'w') as output:
-            print('POSTGREY=%i' % (1 if 0 in options.value else 0), file=output)
-            print('POSTSRSD=%i' % (1 if 1 in options.value else 0), file=output)
-            print('POLICY_SPF=%i' % (1 if 2 in options.value else 0), file=output)
-            # print(npyscreen.ThemeManager.default_colors, file=output)
-
-
-if __name__ == "__main__":
-    App = OptionsApp()
-    App.run()

setup/questions.sh

@@ -16,7 +16,6 @@ if [ -z "${NONINTERACTIVE:-}" ]; then
 	# we install it inside a virtualenv. In this script, we don't have the virtualenv yet
 	# so we install the python package globally.
 	hide_output pip3 install "email_validator>=1.0.0" || exit 1
-	hide_output pip3 install npyscreen || exit 1
 
 	message_box "Mail-in-a-Box Installation" \
 		"Hello and thanks for deploying a Mail-in-a-Box!
@@ -194,16 +193,6 @@ if [ -z "${STORAGE_ROOT:-}" ]; then
 	STORAGE_ROOT=$([[ -z "${DEFAULT_STORAGE_ROOT:-}" ]] && echo "/home/$STORAGE_USER" || echo "$DEFAULT_STORAGE_ROOT")
 fi
 
-# export options variables so they are visible to the options program
-export POSTGREY
-export POSTSRSD
-export POLICY_SPF
-
-python3 setup/options-dialog.py
-source ./_options.sh
-rm _options.sh
-
-
 # Show the configuration, since the user may have not entered it manually.
 echo
 echo "Primary Hostname: $PRIMARY_HOSTNAME"

setup/solr.sh

@@ -1,85 +0,0 @@
-#!/bin/bash
-#
-# Inspired by the solr.sh from jkaberg (https://github.com/jkaberg/mailinabox-sogo)
-# with some modifications
-#
-# IMAP search with lucene via solr
-# --------------------------------
-#
-# By default dovecot uses its own Squat search index that has awful performance
-# on large mailboxes. Dovecot 2.1+ has support for using Lucene internally but
-# this didn't make it into the Ubuntu packages, so we use Solr instead to run
-# Lucene for us.
-#
-# Solr runs as a tomcat process. The dovecot solr plugin talks to solr via its
-# HTTP interface, causing mail to be indexed when searches occur, and getting
-# results back.
-
-source setup/functions.sh # load our functions
-source /etc/mailinabox.conf # load global vars
-
-# Install packages and basic configuation
-# ---------------------------------------
-
-echo "Installing Solr..."
-
-# Install packages
-apt_install solr-tomcat dovecot-solr
-
-# Solr requires a schema to tell it how to index data, this is provided by dovecot
-cp /usr/share/dovecot/solr-schema.xml /etc/solr/conf/schema.xml
-
-# Update the dovecot plugin configuration
-#
-# Break-imap-search makes search work the way users expect, rather than the way
-# the IMAP specification expects
-tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
-        mail_plugins="fts fts_solr"
-
-cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
-plugin {
-  fts = solr
-  fts_autoindex = yes
-  fts_solr = break-imap-search url=http://127.0.0.1:8080/solr/
-}
-EOF
-
-# Bump memory allocation for Solr.
-# Not needed? I'll let it sit here for a while.
-#echo 'export JAVA_OPTS=-Xms512M -Xmx1024M' > /usr/share/tomcat7/bin/setenv.sh
-
-# Install cronjobs to keep FTS up to date
-hide_output install -m 755 conf/cronjob/dovecot /etc/cron.daily/
-hide_output install -m 644 conf/cronjob/solr /etc/cron.d/
-
-# PERMISSIONS
-
-# Ensure configuration files are owned by dovecot and not world readable.
-chown -R mail:dovecot /etc/dovecot
-chmod -R o-rwx /etc/dovecot
-
-mkdir -p /etc/systemd/system/tomcat9.service.d
-cat > /etc/systemd/system/tomcat9.service.d/solr-permissions.conf << EOF
-[Service]
-ReadWritePaths=/var/lib/solr/
-ReadWritePaths=/var/lib/solr/data/
-EOF
-
-# Restart services to reload solr schema & dovecot plugins
-restart_service tomcat9
-restart_service dovecot
-
-
-# Kickoff building the index
-
-# Per doveadm-fts manpage: Scan what mails exist in the full text search index
-# and compare those to what actually exist in mailboxes.
-# This removes mails from the index that have already been expunged  and  makes
-# sure that the next doveadm index will index all the missing mails (if any).
-doveadm fts rescan -A
-
-# Adds unindexed files to the fts database
-# * `-q`: Queues the indexing to be run by indexer process. (will background the indexing)
-# * `-A`: All users
-# * `'*'`: All folders
-doveadm index -q -A '*'

setup/start.sh

@@ -42,22 +42,6 @@ else
 	FIRST_TIME_SETUP=1
 fi
 
-if [ -z "${HTTP_SSL_PORT:-}" ]; then
-	HTTP_SSL_PORT=$([[ -z "${DEFAULT_HTTP_SSL_PORT:-}" ]] && echo "443" || echo "$DEFAULT_HTTP_SSL_PORT")
-fi
-
-if [ -z "${POSTGREY:-}" ]; then
-	POSTGREY=$([[ -z "${DEFAULT_POSTGREY:-}" ]] && echo "1" || echo "$DEFAULT_POSTGREY")
-fi
-
-if [ -z "${POSTSRSD:-}" ]; then
-	POSTSRSD=$([[ -z "${DEFAULT_POSTSRSD:-}" ]] && echo "0" || echo "$DEFAULT_POSTSRSD")
-fi
-
-if [ -z "${POLICY_SPF:-}" ]; then
-	POLICY_SPF=$([[ -z "${DEFAULT_POLICY_SPF:-}" ]] && echo "0" || echo "$DEFAULT_POLICY_SPF")
-fi
-
 # Put a start script in a global location. We tell the user to run 'mailinabox'
 # in the first dialog prompt, so we should do this before that starts.
 cat > /usr/local/bin/mailinabox << EOF;
@@ -109,10 +93,6 @@ PUBLIC_IP=$PUBLIC_IP
 PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
-HTTP_SSL_PORT=$HTTP_SSL_PORT
-POSTGREY=$POSTGREY
-POSTSRSD=$POSTSRSD
-POLICY_SPF=$POLICY_SPF
 EOF
 
 # Start service configuration.
@@ -122,7 +102,6 @@ source setup/dns.sh
 source setup/mail-postfix.sh
 source setup/mail-dovecot.sh
 source setup/mail-users.sh
-source setup/solr.sh
 source setup/dkim.sh
 source setup/spamassassin.sh
 source setup/web.sh

setup/web.sh

@@ -19,7 +19,7 @@ fi
 
 echo "Installing Nginx (web server)..."
 
-apt_install nginx php-cli php-fpm fcgiwrap mailgraph
+apt_install nginx php-cli php-fpm
 
 rm -f /etc/nginx/sites-enabled/default
 
@@ -48,12 +48,6 @@ tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \
 tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \
         default_charset="UTF-8"
 
-# Set higher timeout since searches with Roundcube and Solr may take longer
-# than the default 60 seconds. We will also match Roundcube's timeout to the
-# same value
-tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \
-        default_socket_timeout=180
-
 # Switch from the dynamic process manager to the ondemand manager see #1216
 tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \
 	pm=ondemand
@@ -102,9 +96,6 @@ restart_service nginx
 restart_service php7.2-fpm
 
 # Open ports.
-if [ $HTTP_SSL_PORT == 443 ]; then
-    ufw_allow http
-    ufw_allow https
-else
-    ufw_allow $HTTP_SSL_PORT
-fi
+ufw_allow http
+ufw_allow https
+

setup/webmail.sh

@@ -108,7 +108,7 @@ cat > $RCM_CONFIG <<EOF;
      'verify_peer_name'  => false,
    ),
  );
-\$config['imap_timeout'] = 180;
+\$config['imap_timeout'] = 15;
 \$config['smtp_server'] = 'tls://127.0.0.1';
 \$config['smtp_port'] = 587;
 \$config['smtp_user'] = '%u';