mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-23 07:27:05 +00:00
mail seems to work
This commit is contained in:
parent
d3a20b3369
commit
eb47a1471b
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
*~
|
@ -42,13 +42,14 @@ Then launch a new instance. We're creating a m1.small instance --- it's the smal
|
||||
|
||||
It will wait until the instance is available.
|
||||
|
||||
Log in:
|
||||
Configure the server:
|
||||
|
||||
ssh -i mykey.pem ubuntu@$INSTANCE_IP
|
||||
|
||||
Set up:
|
||||
Somehow download these files.
|
||||
|
||||
|
||||
sh scripts/index.sh
|
||||
...
|
||||
logout
|
||||
|
||||
Terminate your instance with:
|
||||
|
@ -1,18 +1,34 @@
|
||||
export AMI=`curl http://cloud-images.ubuntu.com/locator/ec2/releasesTable | python3 tools/get_ubunut_ami.py us-east-1 13.04 amd64 instance-store`
|
||||
ec2run $AMI -k mykey -t m1.small -z $AWS_AZ | tee instance.info
|
||||
if [ -z "$EC2_KEYPAIR_NAME" ]; then
|
||||
EC2_KEYPAIR_NAME=mykey
|
||||
fi
|
||||
|
||||
UBUNTU_CONFIG="us-east-1 13.04 amd64 instance-store"
|
||||
|
||||
export AMI=`curl -s http://cloud-images.ubuntu.com/locator/ec2/releasesTable | python3 tools/get_ubuntu_ami.py $UBUNTU_CONFIG`
|
||||
|
||||
ec2-create-group -d "mailinabox" "mailinabox"
|
||||
for PORT in 25 587 993; do ec2-authorize mailinabox -P tcp -p $PORT -s 0.0.0.0/0; done
|
||||
|
||||
ec2run $AMI -k $EC2_KEYPAIR_NAME -t m1.small -z $AWS_AZ -g mailinabox > instance.info
|
||||
export INSTANCE=`cat instance.info | grep INSTANCE | awk {'print $2'}`
|
||||
|
||||
echo Started instance $INSTANCE
|
||||
|
||||
sleep 5
|
||||
while [ 1 ]
|
||||
do
|
||||
export INSTANCE_IP=`ec2-describe-instances $INSTANCE | grep INSTANCE | awk {'print $14'}`
|
||||
export INSTANCE_IP=`ec2-describe-instances $INSTANCE | grep INSTANCE | awk {'print $14'}`
|
||||
if [ -z "$INSTANCE_IP" ]
|
||||
then
|
||||
echo "Waiting for $INSTANCE to start..."
|
||||
else
|
||||
exit
|
||||
break
|
||||
fi
|
||||
sleep 6
|
||||
done
|
||||
|
||||
echo New instance started: $INSTANCE_IP
|
||||
# Give SSH time to start.
|
||||
sleep 5
|
||||
|
||||
echo New instance has IP: $INSTANCE_IP
|
||||
|
||||
|
3
scripts/index.sh
Normal file
3
scripts/index.sh
Normal file
@ -0,0 +1,3 @@
|
||||
. scripts/system.sh
|
||||
. scripts/mail.sh
|
||||
|
115
scripts/mail.sh
Normal file → Executable file
115
scripts/mail.sh
Normal file → Executable file
@ -1,13 +1,27 @@
|
||||
# Configures a postfix SMTP server.
|
||||
# Configures a postfix SMTP server and dovecot IMAP server.
|
||||
#
|
||||
# We configure these together because postfix delivers mail
|
||||
# directly to dovecot, so they basically rely on each other.
|
||||
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y postfix postgrey
|
||||
# Install packages.
|
||||
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt-get install -q -y \
|
||||
postfix postgrey dovecot-core dovecot-imapd dovecot-lmtpd dovecot-sqlite
|
||||
|
||||
# POSTFIX
|
||||
|
||||
mkdir -p $STORAGE_ROOT/mail
|
||||
|
||||
# TLS configuration
|
||||
sudo sed -i "s/#submission/submission/" /etc/postfix/master.cf # enable submission port (not in Drew Crawford's instructions)
|
||||
sudo tools/editconf.py /etc/postfix/main.cf \
|
||||
smtpd_use_tls=yes\
|
||||
smtpd_tls_auth_only=yes \
|
||||
smtp_tls_security_level=may \
|
||||
smtp_tls_loglevel=2 \
|
||||
smtpd_tls_received_header=yes
|
||||
|
||||
# note: smtpd_use_tls=yes appears to already be the default, but we can never be too sure
|
||||
|
||||
# authorization via dovecot
|
||||
sudo tools/editconf.py /etc/postfix/main.cf \
|
||||
@ -28,11 +42,11 @@ sudo tools/editconf.py /etc/postfix/main.cf \
|
||||
virtual_alias_maps=sqlite:/etc/postfix/virtual-alias-maps.cf \
|
||||
local_recipient_maps=\$virtual_mailbox_maps
|
||||
|
||||
db_path=/home/ubuntu/storage/mail.sqlite
|
||||
|
||||
db_path=$STORAGE_ROOT/mail/users.sqlite
|
||||
|
||||
sudo su root -c "cat > /etc/postfix/virtual-mailbox-domains.cf" << EOF;
|
||||
dbpath=$db_path
|
||||
query = SELECT 1 FROM users WHERE email LIKE '@%s'
|
||||
query = SELECT 1 FROM users WHERE email LIKE '%%@%s'
|
||||
EOF
|
||||
|
||||
sudo su root -c "cat > /etc/postfix/virtual-mailbox-maps.cf" << EOF;
|
||||
@ -45,11 +59,96 @@ dbpath=$db_path
|
||||
query = SELECT destination FROM aliases WHERE source='%s'
|
||||
EOF
|
||||
|
||||
# re-start postfix
|
||||
# create an empty mail users database if it doesn't yet exist
|
||||
|
||||
if [ ! -f $db_path ]; then
|
||||
echo Creating new user database: $db_path;
|
||||
echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra);" | sqlite3 $db_path;
|
||||
echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL);" | sqlite3 $db_path;
|
||||
fi
|
||||
|
||||
# DOVECOT
|
||||
|
||||
# The dovecot-imapd dovecot-lmtpd packages automatically enable those protocols.
|
||||
|
||||
# mail storage location
|
||||
sudo tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
|
||||
mail_location=maildir:$STORAGE_ROOT/mail/mailboxes/%d/%n \
|
||||
mail_privileged_group=mail \
|
||||
first_valid_uid=0
|
||||
|
||||
# authentication mechanisms
|
||||
sudo tools/editconf.py /etc/dovecot/conf.d/10-auth.conf \
|
||||
disable_plaintext_auth=yes \
|
||||
"auth_mechanisms=plain login"
|
||||
|
||||
# use SQL-based authentication, not the system users
|
||||
sudo sed -i "s/\(\!include auth-system.conf.ext\)/#\1/" /etc/dovecot/conf.d/10-auth.conf
|
||||
sudo sed -i "s/#\(\!include auth-sql.conf.ext\)/\1/" /etc/dovecot/conf.d/10-auth.conf
|
||||
|
||||
# how to access SQL
|
||||
sudo su root -c "cat > /etc/dovecot/conf.d/auth-sql.conf.ext" << EOF;
|
||||
passdb {
|
||||
driver = sql
|
||||
args = /etc/dovecot/dovecot-sql.conf.ext
|
||||
}
|
||||
userdb {
|
||||
driver = static
|
||||
args = uid=mail gid=mail home=$STORAGE_ROOT/mail/mailboxes/%d/%n
|
||||
}
|
||||
EOF
|
||||
sudo su root -c "cat > /etc/dovecot/dovecot-sql.conf.ext" << EOF;
|
||||
driver = sqlite
|
||||
connect = $db_path
|
||||
default_pass_scheme = SHA512-CRYPT
|
||||
password_query = SELECT email as user, password FROM users WHERE email='%u';
|
||||
EOF
|
||||
|
||||
# disable in-the-clear IMAP and POP because we're paranoid (we haven't even
|
||||
# enabled POP).
|
||||
sudo sed -i "s/#port = 143/port = 0/" /etc/dovecot/conf.d/10-master.conf
|
||||
sudo sed -i "s/#port = 110/port = 0/" /etc/dovecot/conf.d/10-master.conf
|
||||
|
||||
# Modify the unix socket for LMTP.
|
||||
sudo sed -i "s/unix_listener lmtp \(.*\)/unix_listener \/var\/spool\/postfix\/private\/dovecot-lmtp \1\n user = postfix\n group = postfix\n/" /etc/dovecot/conf.d/10-master.conf
|
||||
|
||||
# Add an additional auth socket for postfix. Check if it already is
|
||||
# set to make sure this is idempotent.
|
||||
if sudo grep -q "mailinabox-postfix-private-auth" /etc/dovecot/conf.d/10-master.conf; then
|
||||
# already done
|
||||
true;
|
||||
else
|
||||
sudo sed -i "s/\(\s*unix_listener auth-userdb\)/ unix_listener \/var\/spool\/postfix\/private\/auth \{ # mailinabox-postfix-private-auth\n mode = 0666\n user = postfix\n group = postfix\n \}\n\1/" /etc/dovecot/conf.d/10-master.conf
|
||||
fi
|
||||
|
||||
# Drew Crawford sets the auth-worker process to run as the mail user, but we don't care if it runs as root.
|
||||
|
||||
# Enable SSL.
|
||||
sudo tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
|
||||
ssl=required \
|
||||
"ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \
|
||||
"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
|
||||
|
||||
# The Dovecot installation already created a self-signed public/private key pair
|
||||
# in /etc/dovecot/dovecot.pem and /etc/dovecot/private/dovecot.pem, which we'll
|
||||
# use unless certificates already exist.
|
||||
mkdir -p $STORAGE_ROOT/ssl
|
||||
if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then sudo cp /etc/dovecot/dovecot.pem $STORAGE_ROOT/ssl/ssl_certificate.pem; fi
|
||||
if [ ! -f $STORAGE_ROOT/ssl/ssl_private_key.pem ]; then sudo cp /etc/dovecot/private/dovecot.pem $STORAGE_ROOT/ssl/ssl_private_key.pem; fi
|
||||
|
||||
sudo chown -R mail:dovecot /etc/dovecot
|
||||
sudo chmod -R o-rwx /etc/dovecot
|
||||
|
||||
mkdir -p $STORAGE_ROOT/mail/mailboxes
|
||||
sudo chown -R mail.mail $STORAGE_ROOT/mail/mailboxes
|
||||
|
||||
# restart services
|
||||
sudo service postfix restart
|
||||
sudo service dovecot restart
|
||||
|
||||
# allow ports in the firewall
|
||||
sudo ufw allow smtpd
|
||||
# allow mail-related ports in the firewall
|
||||
sudo ufw allow smtp
|
||||
sudo ufw allow submission
|
||||
sudo ufw allow imaps
|
||||
|
||||
|
||||
|
3
scripts/mail_testuser.sh
Normal file
3
scripts/mail_testuser.sh
Normal file
@ -0,0 +1,3 @@
|
||||
# Create a test user: testuser@testdomain.com with password "testpw"
|
||||
echo "INSERT INTO users (email, password) VALUES ('testuser@testdomain.com', '`sudo doveadm pw -s SHA512-CRYPT -p testpw`');" | sqlite3 storage/mail/users.sqlite
|
||||
|
5
scripts/new_volume.sh
Normal file → Executable file
5
scripts/new_volume.sh
Normal file → Executable file
@ -1,6 +1 @@
|
||||
mkdir storage
|
||||
|
||||
# mount volume
|
||||
|
||||
echo "CREATE TABLE users (email text, password text);" | sqlite3 /home/ubuntu/storage/mail.sqlite;
|
||||
|
||||
|
19
scripts/system.sh
Normal file → Executable file
19
scripts/system.sh
Normal file → Executable file
@ -1,11 +1,11 @@
|
||||
# Base system configuration.
|
||||
|
||||
sudo apt-get update
|
||||
sudo apt-get -y upgrade
|
||||
sudo apt-get -q update
|
||||
sudo apt-get -q -y upgrade
|
||||
|
||||
# Basic packages.
|
||||
|
||||
sudo apt-get -y install sqlite3
|
||||
sudo apt-get -q -y install sqlite3
|
||||
|
||||
# Turn on basic services:
|
||||
#
|
||||
@ -15,13 +15,18 @@ sudo apt-get -y install sqlite3
|
||||
#
|
||||
# These services don't need further configuration and are started immediately after installation.
|
||||
|
||||
sudo apt-get install -y ntp fail2ban
|
||||
sudo apt-get install -q -y ntp fail2ban
|
||||
|
||||
# Turn on the firewall. First allow incoming SSH, then turn on the firewall. Additional open
|
||||
# ports will be set up in the scripts that set up those services.
|
||||
sudo ufw allow ssh
|
||||
sudo ufw allow domain
|
||||
sudo ufw allow http
|
||||
sudo ufw allow https
|
||||
#sudo ufw allow domain
|
||||
#sudo ufw allow http
|
||||
#sudo ufw allow https
|
||||
sudo ufw --force enable
|
||||
|
||||
# Mount the storage volume.
|
||||
export STORAGE_ROOT=/home/ubuntu/storage
|
||||
mkdir -p storage
|
||||
|
||||
|
||||
|
13
tests/imap.py
Normal file
13
tests/imap.py
Normal file
@ -0,0 +1,13 @@
|
||||
import imaplib, os
|
||||
|
||||
M = imaplib.IMAP4_SSL(os.environ["INSTANCE_IP"])
|
||||
M.login("testuser@testdomain.com", "testpw")
|
||||
M.select()
|
||||
print("Login successful.")
|
||||
typ, data = M.search(None, 'ALL')
|
||||
for num in data[0].split():
|
||||
typ, data = M.fetch(num, '(RFC822)')
|
||||
print('Message %s\n%s\n' % (num, data[0][1]))
|
||||
M.close()
|
||||
M.logout()
|
||||
|
16
tests/smtp.py
Normal file
16
tests/smtp.py
Normal file
@ -0,0 +1,16 @@
|
||||
import smtplib, sys, os
|
||||
|
||||
fromaddr = "testuser@testdomain.com"
|
||||
|
||||
msg = """From: %s
|
||||
To: %s
|
||||
|
||||
This is a test message.""" % (fromaddr, sys.argv[1])
|
||||
|
||||
server = smtplib.SMTP(os.environ["INSTANCE_IP"], 587)
|
||||
server.set_debuglevel(1)
|
||||
server.starttls()
|
||||
server.login("testuser@testdomain.com", "testpw")
|
||||
server.sendmail(fromaddr, [sys.argv[1]], msg)
|
||||
server.quit()
|
||||
|
@ -17,16 +17,33 @@ buf = ""
|
||||
for line in open(filename):
|
||||
for i in range(len(settings)):
|
||||
name, val = settings[i].split("=", 1)
|
||||
if re.match("\s*" + re.escape(name) + "\s*=", line):
|
||||
m = re.match("\s*" + re.escape(name) + "\s*=\s*(.*?)\s*$", line)
|
||||
if m:
|
||||
# If this is already the setting, do nothing.
|
||||
if m.group(1) == val:
|
||||
buf += line
|
||||
found.add(i)
|
||||
break
|
||||
|
||||
# comment-out the existing line
|
||||
buf += "#" + line
|
||||
if i in found: break # we've already set the directive
|
||||
|
||||
# if this option oddly appears more than once, don't add the settingg again
|
||||
if i in found:
|
||||
break
|
||||
|
||||
# add the new setting
|
||||
buf += name + "=" + val + "\n"
|
||||
|
||||
# note that we've applied this option
|
||||
found.add(i)
|
||||
|
||||
break
|
||||
else:
|
||||
# did not match any setting name
|
||||
# If did not match any setting names, pass this line through.
|
||||
buf += line
|
||||
|
||||
# Put any settings we didn't see at the end of the file.
|
||||
for i in range(len(settings)):
|
||||
if i not in found:
|
||||
buf += settings[i] + "\n"
|
||||
|
Loading…
Reference in New Issue
Block a user