Postfix, Dovecot, and nginx all read the key file while they're running
as root — before dropping permissions — so no authorization is needed on
the private key file beyond being root-readable.
Default IP+hostname values were incorrect for my VPS provider. I
improved the detection, which should give correct results results for
almost any provider. Specific issues addressed:
- icanhazip.com detection was only enabled in non-interactive mode
- `hostname` is by convention a short (non-fqdn) name in Ubuntu
- `hostname --fqdn` fails if provider does not pouplate `hosts` file
- `hostname -i` fails if provider does not populate `hosts` file
- `curl` without `--fail` will someday return crazy results
when icanhazip.com returns 500 errors or similar
* for local mail users, also disallows periods at the beginning or end of the local or domain parts
* Dovecot gets confused if the string contains any unusual characters, so local mail users are restricted to a narrow regex
* for mail aliases Postfix is not confused so use a regex based on RFC 2822
* use a public box (the official Ubuntu 14.04 box which contra the description does have VBox Guest Additions installed)
* now that we allow SSH password logins, since Vagrant requires it, dont muck with sshd_config here
* don't put the machine on the public network because that will allow anyone to log into it with Vagrant's default username/password, duh
* adding a Vagrantfile
* in a non-interactive setup like this, create the user's first email account for them
* let the machine auto-detect its IP address using http://icanhazip.com/
* use our own justtesting.email domain to provision a subdomain for users so they can quickly get started
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.
This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
See http://phusion.github.io/baseimage-docker/ for why the stock Ubuntu
image from Docker is not good enough for a complex system.
Thanks to @pjz for updating the base image for Ubuntu 14.04 and starting
the service scripts.
see #16; merges #49
Joshua Tauberer
Michael Kropat