mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-24 02:37:05 +00:00
mail seems to work
This commit is contained in:
parent
d3a20b3369
commit
eb47a1471b
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
*~
|
@ -42,13 +42,14 @@ Then launch a new instance. We're creating a m1.small instance --- it's the smal
|
|||||||
|
|
||||||
It will wait until the instance is available.
|
It will wait until the instance is available.
|
||||||
|
|
||||||
Log in:
|
Configure the server:
|
||||||
|
|
||||||
ssh -i mykey.pem ubuntu@$INSTANCE_IP
|
ssh -i mykey.pem ubuntu@$INSTANCE_IP
|
||||||
|
|
||||||
Set up:
|
Somehow download these files.
|
||||||
|
|
||||||
|
|
||||||
|
sh scripts/index.sh
|
||||||
|
...
|
||||||
logout
|
logout
|
||||||
|
|
||||||
Terminate your instance with:
|
Terminate your instance with:
|
||||||
|
@ -1,6 +1,19 @@
|
|||||||
export AMI=`curl http://cloud-images.ubuntu.com/locator/ec2/releasesTable | python3 tools/get_ubunut_ami.py us-east-1 13.04 amd64 instance-store`
|
if [ -z "$EC2_KEYPAIR_NAME" ]; then
|
||||||
ec2run $AMI -k mykey -t m1.small -z $AWS_AZ | tee instance.info
|
EC2_KEYPAIR_NAME=mykey
|
||||||
|
fi
|
||||||
|
|
||||||
|
UBUNTU_CONFIG="us-east-1 13.04 amd64 instance-store"
|
||||||
|
|
||||||
|
export AMI=`curl -s http://cloud-images.ubuntu.com/locator/ec2/releasesTable | python3 tools/get_ubuntu_ami.py $UBUNTU_CONFIG`
|
||||||
|
|
||||||
|
ec2-create-group -d "mailinabox" "mailinabox"
|
||||||
|
for PORT in 25 587 993; do ec2-authorize mailinabox -P tcp -p $PORT -s 0.0.0.0/0; done
|
||||||
|
|
||||||
|
ec2run $AMI -k $EC2_KEYPAIR_NAME -t m1.small -z $AWS_AZ -g mailinabox > instance.info
|
||||||
export INSTANCE=`cat instance.info | grep INSTANCE | awk {'print $2'}`
|
export INSTANCE=`cat instance.info | grep INSTANCE | awk {'print $2'}`
|
||||||
|
|
||||||
|
echo Started instance $INSTANCE
|
||||||
|
|
||||||
sleep 5
|
sleep 5
|
||||||
while [ 1 ]
|
while [ 1 ]
|
||||||
do
|
do
|
||||||
@ -9,10 +22,13 @@ do
|
|||||||
then
|
then
|
||||||
echo "Waiting for $INSTANCE to start..."
|
echo "Waiting for $INSTANCE to start..."
|
||||||
else
|
else
|
||||||
exit
|
break
|
||||||
fi
|
fi
|
||||||
sleep 6
|
sleep 6
|
||||||
done
|
done
|
||||||
|
|
||||||
echo New instance started: $INSTANCE_IP
|
# Give SSH time to start.
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
echo New instance has IP: $INSTANCE_IP
|
||||||
|
|
||||||
|
3
scripts/index.sh
Normal file
3
scripts/index.sh
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
. scripts/system.sh
|
||||||
|
. scripts/mail.sh
|
||||||
|
|
113
scripts/mail.sh
Normal file → Executable file
113
scripts/mail.sh
Normal file → Executable file
@ -1,14 +1,28 @@
|
|||||||
# Configures a postfix SMTP server.
|
# Configures a postfix SMTP server and dovecot IMAP server.
|
||||||
|
#
|
||||||
|
# We configure these together because postfix delivers mail
|
||||||
|
# directly to dovecot, so they basically rely on each other.
|
||||||
|
|
||||||
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y postfix postgrey
|
# Install packages.
|
||||||
|
|
||||||
|
sudo DEBIAN_FRONTEND=noninteractive apt-get install -q -y \
|
||||||
|
postfix postgrey dovecot-core dovecot-imapd dovecot-lmtpd dovecot-sqlite
|
||||||
|
|
||||||
|
# POSTFIX
|
||||||
|
|
||||||
|
mkdir -p $STORAGE_ROOT/mail
|
||||||
|
|
||||||
# TLS configuration
|
# TLS configuration
|
||||||
|
sudo sed -i "s/#submission/submission/" /etc/postfix/master.cf # enable submission port (not in Drew Crawford's instructions)
|
||||||
sudo tools/editconf.py /etc/postfix/main.cf \
|
sudo tools/editconf.py /etc/postfix/main.cf \
|
||||||
|
smtpd_use_tls=yes\
|
||||||
smtpd_tls_auth_only=yes \
|
smtpd_tls_auth_only=yes \
|
||||||
smtp_tls_security_level=may \
|
smtp_tls_security_level=may \
|
||||||
smtp_tls_loglevel=2 \
|
smtp_tls_loglevel=2 \
|
||||||
smtpd_tls_received_header=yes
|
smtpd_tls_received_header=yes
|
||||||
|
|
||||||
|
# note: smtpd_use_tls=yes appears to already be the default, but we can never be too sure
|
||||||
|
|
||||||
# authorization via dovecot
|
# authorization via dovecot
|
||||||
sudo tools/editconf.py /etc/postfix/main.cf \
|
sudo tools/editconf.py /etc/postfix/main.cf \
|
||||||
smtpd_sasl_type=dovecot \
|
smtpd_sasl_type=dovecot \
|
||||||
@ -28,11 +42,11 @@ sudo tools/editconf.py /etc/postfix/main.cf \
|
|||||||
virtual_alias_maps=sqlite:/etc/postfix/virtual-alias-maps.cf \
|
virtual_alias_maps=sqlite:/etc/postfix/virtual-alias-maps.cf \
|
||||||
local_recipient_maps=\$virtual_mailbox_maps
|
local_recipient_maps=\$virtual_mailbox_maps
|
||||||
|
|
||||||
db_path=/home/ubuntu/storage/mail.sqlite
|
db_path=$STORAGE_ROOT/mail/users.sqlite
|
||||||
|
|
||||||
sudo su root -c "cat > /etc/postfix/virtual-mailbox-domains.cf" << EOF;
|
sudo su root -c "cat > /etc/postfix/virtual-mailbox-domains.cf" << EOF;
|
||||||
dbpath=$db_path
|
dbpath=$db_path
|
||||||
query = SELECT 1 FROM users WHERE email LIKE '@%s'
|
query = SELECT 1 FROM users WHERE email LIKE '%%@%s'
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
sudo su root -c "cat > /etc/postfix/virtual-mailbox-maps.cf" << EOF;
|
sudo su root -c "cat > /etc/postfix/virtual-mailbox-maps.cf" << EOF;
|
||||||
@ -45,11 +59,96 @@ dbpath=$db_path
|
|||||||
query = SELECT destination FROM aliases WHERE source='%s'
|
query = SELECT destination FROM aliases WHERE source='%s'
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# re-start postfix
|
# create an empty mail users database if it doesn't yet exist
|
||||||
|
|
||||||
|
if [ ! -f $db_path ]; then
|
||||||
|
echo Creating new user database: $db_path;
|
||||||
|
echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra);" | sqlite3 $db_path;
|
||||||
|
echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL);" | sqlite3 $db_path;
|
||||||
|
fi
|
||||||
|
|
||||||
|
# DOVECOT
|
||||||
|
|
||||||
|
# The dovecot-imapd dovecot-lmtpd packages automatically enable those protocols.
|
||||||
|
|
||||||
|
# mail storage location
|
||||||
|
sudo tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
|
||||||
|
mail_location=maildir:$STORAGE_ROOT/mail/mailboxes/%d/%n \
|
||||||
|
mail_privileged_group=mail \
|
||||||
|
first_valid_uid=0
|
||||||
|
|
||||||
|
# authentication mechanisms
|
||||||
|
sudo tools/editconf.py /etc/dovecot/conf.d/10-auth.conf \
|
||||||
|
disable_plaintext_auth=yes \
|
||||||
|
"auth_mechanisms=plain login"
|
||||||
|
|
||||||
|
# use SQL-based authentication, not the system users
|
||||||
|
sudo sed -i "s/\(\!include auth-system.conf.ext\)/#\1/" /etc/dovecot/conf.d/10-auth.conf
|
||||||
|
sudo sed -i "s/#\(\!include auth-sql.conf.ext\)/\1/" /etc/dovecot/conf.d/10-auth.conf
|
||||||
|
|
||||||
|
# how to access SQL
|
||||||
|
sudo su root -c "cat > /etc/dovecot/conf.d/auth-sql.conf.ext" << EOF;
|
||||||
|
passdb {
|
||||||
|
driver = sql
|
||||||
|
args = /etc/dovecot/dovecot-sql.conf.ext
|
||||||
|
}
|
||||||
|
userdb {
|
||||||
|
driver = static
|
||||||
|
args = uid=mail gid=mail home=$STORAGE_ROOT/mail/mailboxes/%d/%n
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
sudo su root -c "cat > /etc/dovecot/dovecot-sql.conf.ext" << EOF;
|
||||||
|
driver = sqlite
|
||||||
|
connect = $db_path
|
||||||
|
default_pass_scheme = SHA512-CRYPT
|
||||||
|
password_query = SELECT email as user, password FROM users WHERE email='%u';
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# disable in-the-clear IMAP and POP because we're paranoid (we haven't even
|
||||||
|
# enabled POP).
|
||||||
|
sudo sed -i "s/#port = 143/port = 0/" /etc/dovecot/conf.d/10-master.conf
|
||||||
|
sudo sed -i "s/#port = 110/port = 0/" /etc/dovecot/conf.d/10-master.conf
|
||||||
|
|
||||||
|
# Modify the unix socket for LMTP.
|
||||||
|
sudo sed -i "s/unix_listener lmtp \(.*\)/unix_listener \/var\/spool\/postfix\/private\/dovecot-lmtp \1\n user = postfix\n group = postfix\n/" /etc/dovecot/conf.d/10-master.conf
|
||||||
|
|
||||||
|
# Add an additional auth socket for postfix. Check if it already is
|
||||||
|
# set to make sure this is idempotent.
|
||||||
|
if sudo grep -q "mailinabox-postfix-private-auth" /etc/dovecot/conf.d/10-master.conf; then
|
||||||
|
# already done
|
||||||
|
true;
|
||||||
|
else
|
||||||
|
sudo sed -i "s/\(\s*unix_listener auth-userdb\)/ unix_listener \/var\/spool\/postfix\/private\/auth \{ # mailinabox-postfix-private-auth\n mode = 0666\n user = postfix\n group = postfix\n \}\n\1/" /etc/dovecot/conf.d/10-master.conf
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Drew Crawford sets the auth-worker process to run as the mail user, but we don't care if it runs as root.
|
||||||
|
|
||||||
|
# Enable SSL.
|
||||||
|
sudo tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
|
||||||
|
ssl=required \
|
||||||
|
"ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \
|
||||||
|
"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
|
||||||
|
|
||||||
|
# The Dovecot installation already created a self-signed public/private key pair
|
||||||
|
# in /etc/dovecot/dovecot.pem and /etc/dovecot/private/dovecot.pem, which we'll
|
||||||
|
# use unless certificates already exist.
|
||||||
|
mkdir -p $STORAGE_ROOT/ssl
|
||||||
|
if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then sudo cp /etc/dovecot/dovecot.pem $STORAGE_ROOT/ssl/ssl_certificate.pem; fi
|
||||||
|
if [ ! -f $STORAGE_ROOT/ssl/ssl_private_key.pem ]; then sudo cp /etc/dovecot/private/dovecot.pem $STORAGE_ROOT/ssl/ssl_private_key.pem; fi
|
||||||
|
|
||||||
|
sudo chown -R mail:dovecot /etc/dovecot
|
||||||
|
sudo chmod -R o-rwx /etc/dovecot
|
||||||
|
|
||||||
|
mkdir -p $STORAGE_ROOT/mail/mailboxes
|
||||||
|
sudo chown -R mail.mail $STORAGE_ROOT/mail/mailboxes
|
||||||
|
|
||||||
|
# restart services
|
||||||
sudo service postfix restart
|
sudo service postfix restart
|
||||||
|
sudo service dovecot restart
|
||||||
|
|
||||||
# allow ports in the firewall
|
# allow mail-related ports in the firewall
|
||||||
sudo ufw allow smtpd
|
sudo ufw allow smtp
|
||||||
sudo ufw allow submission
|
sudo ufw allow submission
|
||||||
|
sudo ufw allow imaps
|
||||||
|
|
||||||
|
|
||||||
|
3
scripts/mail_testuser.sh
Normal file
3
scripts/mail_testuser.sh
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# Create a test user: testuser@testdomain.com with password "testpw"
|
||||||
|
echo "INSERT INTO users (email, password) VALUES ('testuser@testdomain.com', '`sudo doveadm pw -s SHA512-CRYPT -p testpw`');" | sqlite3 storage/mail/users.sqlite
|
||||||
|
|
5
scripts/new_volume.sh
Normal file → Executable file
5
scripts/new_volume.sh
Normal file → Executable file
@ -1,6 +1 @@
|
|||||||
mkdir storage
|
|
||||||
|
|
||||||
# mount volume
|
|
||||||
|
|
||||||
echo "CREATE TABLE users (email text, password text);" | sqlite3 /home/ubuntu/storage/mail.sqlite;
|
|
||||||
|
|
||||||
|
19
scripts/system.sh
Normal file → Executable file
19
scripts/system.sh
Normal file → Executable file
@ -1,11 +1,11 @@
|
|||||||
# Base system configuration.
|
# Base system configuration.
|
||||||
|
|
||||||
sudo apt-get update
|
sudo apt-get -q update
|
||||||
sudo apt-get -y upgrade
|
sudo apt-get -q -y upgrade
|
||||||
|
|
||||||
# Basic packages.
|
# Basic packages.
|
||||||
|
|
||||||
sudo apt-get -y install sqlite3
|
sudo apt-get -q -y install sqlite3
|
||||||
|
|
||||||
# Turn on basic services:
|
# Turn on basic services:
|
||||||
#
|
#
|
||||||
@ -15,13 +15,18 @@ sudo apt-get -y install sqlite3
|
|||||||
#
|
#
|
||||||
# These services don't need further configuration and are started immediately after installation.
|
# These services don't need further configuration and are started immediately after installation.
|
||||||
|
|
||||||
sudo apt-get install -y ntp fail2ban
|
sudo apt-get install -q -y ntp fail2ban
|
||||||
|
|
||||||
# Turn on the firewall. First allow incoming SSH, then turn on the firewall. Additional open
|
# Turn on the firewall. First allow incoming SSH, then turn on the firewall. Additional open
|
||||||
# ports will be set up in the scripts that set up those services.
|
# ports will be set up in the scripts that set up those services.
|
||||||
sudo ufw allow ssh
|
sudo ufw allow ssh
|
||||||
sudo ufw allow domain
|
#sudo ufw allow domain
|
||||||
sudo ufw allow http
|
#sudo ufw allow http
|
||||||
sudo ufw allow https
|
#sudo ufw allow https
|
||||||
sudo ufw --force enable
|
sudo ufw --force enable
|
||||||
|
|
||||||
|
# Mount the storage volume.
|
||||||
|
export STORAGE_ROOT=/home/ubuntu/storage
|
||||||
|
mkdir -p storage
|
||||||
|
|
||||||
|
|
||||||
|
13
tests/imap.py
Normal file
13
tests/imap.py
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
import imaplib, os
|
||||||
|
|
||||||
|
M = imaplib.IMAP4_SSL(os.environ["INSTANCE_IP"])
|
||||||
|
M.login("testuser@testdomain.com", "testpw")
|
||||||
|
M.select()
|
||||||
|
print("Login successful.")
|
||||||
|
typ, data = M.search(None, 'ALL')
|
||||||
|
for num in data[0].split():
|
||||||
|
typ, data = M.fetch(num, '(RFC822)')
|
||||||
|
print('Message %s\n%s\n' % (num, data[0][1]))
|
||||||
|
M.close()
|
||||||
|
M.logout()
|
||||||
|
|
16
tests/smtp.py
Normal file
16
tests/smtp.py
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
import smtplib, sys, os
|
||||||
|
|
||||||
|
fromaddr = "testuser@testdomain.com"
|
||||||
|
|
||||||
|
msg = """From: %s
|
||||||
|
To: %s
|
||||||
|
|
||||||
|
This is a test message.""" % (fromaddr, sys.argv[1])
|
||||||
|
|
||||||
|
server = smtplib.SMTP(os.environ["INSTANCE_IP"], 587)
|
||||||
|
server.set_debuglevel(1)
|
||||||
|
server.starttls()
|
||||||
|
server.login("testuser@testdomain.com", "testpw")
|
||||||
|
server.sendmail(fromaddr, [sys.argv[1]], msg)
|
||||||
|
server.quit()
|
||||||
|
|
@ -17,16 +17,33 @@ buf = ""
|
|||||||
for line in open(filename):
|
for line in open(filename):
|
||||||
for i in range(len(settings)):
|
for i in range(len(settings)):
|
||||||
name, val = settings[i].split("=", 1)
|
name, val = settings[i].split("=", 1)
|
||||||
if re.match("\s*" + re.escape(name) + "\s*=", line):
|
m = re.match("\s*" + re.escape(name) + "\s*=\s*(.*?)\s*$", line)
|
||||||
buf += "#" + line
|
if m:
|
||||||
if i in found: break # we've already set the directive
|
# If this is already the setting, do nothing.
|
||||||
buf += name + "=" + val + "\n"
|
if m.group(1) == val:
|
||||||
|
buf += line
|
||||||
found.add(i)
|
found.add(i)
|
||||||
break
|
break
|
||||||
|
|
||||||
|
# comment-out the existing line
|
||||||
|
buf += "#" + line
|
||||||
|
|
||||||
|
# if this option oddly appears more than once, don't add the settingg again
|
||||||
|
if i in found:
|
||||||
|
break
|
||||||
|
|
||||||
|
# add the new setting
|
||||||
|
buf += name + "=" + val + "\n"
|
||||||
|
|
||||||
|
# note that we've applied this option
|
||||||
|
found.add(i)
|
||||||
|
|
||||||
|
break
|
||||||
else:
|
else:
|
||||||
# did not match any setting name
|
# If did not match any setting names, pass this line through.
|
||||||
buf += line
|
buf += line
|
||||||
|
|
||||||
|
# Put any settings we didn't see at the end of the file.
|
||||||
for i in range(len(settings)):
|
for i in range(len(settings)):
|
||||||
if i not in found:
|
if i not in found:
|
||||||
buf += settings[i] + "\n"
|
buf += settings[i] + "\n"
|
||||||
|
Loading…
Reference in New Issue
Block a user