From afa8244dd1ebdc2a307c5241d5cea851a8ed871b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 10 Mar 2016 09:51:23 +0000 Subject: [PATCH] Keep emails to the root user in a different folder --- src/freedombone | 616 +++++++++++++++++++++++++----------------------- 1 file changed, 315 insertions(+), 301 deletions(-) diff --git a/src/freedombone b/src/freedombone index b25b1b26..656694b2 100755 --- a/src/freedombone +++ b/src/freedombone @@ -4932,6 +4932,10 @@ function create_procmail { chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc fi + mkdir -p /home/$MY_USERNAME/Maildir/admin/new + mkdir -p /home/$MY_USERNAME/Maildir/admin/cur + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/admin + if [ ! -f /etc/skel/.procmailrc ]; then cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc chown root:root /etc/skel/.procmailrc @@ -4940,6 +4944,15 @@ function create_procmail { echo 'create_procmail' >> $COMPLETION_FILE } +function handle_admin_emails { + # keep emails for root in a separate folder + if [ -d /home/$MY_USERNAME/Maildir/admin ]; then + return + fi + + freedombone-addemail -u $MY_USERNAME -e "root@$DEFAULT_DOMAIN_NAME" -g admin --public no +} + function spam_filtering { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return @@ -5885,338 +5898,338 @@ function create_public_mailing_list { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi - if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then - return - fi - if [ ! $PUBLIC_MAILING_LIST ]; then - return - fi - # does the mailing list have a separate domain name? - if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then - PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME - fi + if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then + return + fi + if [ ! $PUBLIC_MAILING_LIST ]; then + return + fi + # does the mailing list have a separate domain name? + if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then + PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME + fi - PUBLIC_MAILING_LIST_USER="mlmmj" + PUBLIC_MAILING_LIST_USER="mlmmj" - apt-get -y install mlmmj - adduser --system $PUBLIC_MAILING_LIST_USER - addgroup $PUBLIC_MAILING_LIST_USER - adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER + apt-get -y install mlmmj + adduser --system $PUBLIC_MAILING_LIST_USER + addgroup $PUBLIC_MAILING_LIST_USER + adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER - echo '' - echo $"Creating the $PUBLIC_MAILING_LIST mailing list" - echo '' + echo '' + echo $"Creating the $PUBLIC_MAILING_LIST mailing list" + echo '' - # create the list - mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER + # create the list + mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER - echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros - echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros - echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros + echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros + echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros + echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros - # router - echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + # router + echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - # transport - echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + # transport + echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then - sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs - fi - if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then - sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs - fi + if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi + if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi - if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then - sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs - fi - if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then - sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs - fi + if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi + if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi - if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then - sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary - fi - newaliases - update-exim4.conf.template -r - update-exim4.conf - systemctl restart exim4 + if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then + sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary + fi + newaliases + update-exim4.conf.template -r + update-exim4.conf + systemctl restart exim4 - if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README - echo '=================================' >> /home/$MY_USERNAME/README - echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README - echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README + echo '=================================' >> /home/$MY_USERNAME/README + echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README + echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi - ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST" + ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST" - echo 'create_public_mailing_list' >> $COMPLETION_FILE -} + echo 'create_public_mailing_list' >> $COMPLETION_FILE + } -function create_private_mailing_list { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - # This installation doesn't work, results in ruby errors - # There is currently no schleuder package for Debian jessie - if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then - return - fi - if [ ! $PRIVATE_MAILING_LIST ]; then - return - fi - if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then - echo $'The name of the private mailing list should not be the same as your username' - exit 10 - fi - if [ ! $MY_GPG_PUBLIC_KEY ]; then - echo $'To create a private mailing list you need to specify a file' - echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at' - echo $'the top of the script' - exit 11 - fi - apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev - gem install schleuder - schleuder-fix-gem-dependencies - schleuder-init-setup --gem - # NOTE: this is version number sensitive and so might need changing - ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder - sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf - sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf - schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive - ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST + function create_private_mailing_list { + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + # This installation doesn't work, results in ruby errors + # There is currently no schleuder package for Debian jessie + if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then + return + fi + if [ ! $PRIVATE_MAILING_LIST ]; then + return + fi + if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then + echo $'The name of the private mailing list should not be the same as your username' + exit 10 + fi + if [ ! $MY_GPG_PUBLIC_KEY ]; then + echo $'To create a private mailing list you need to specify a file' + echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at' + echo $'the top of the script' + exit 11 + fi + apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev + gem install schleuder + schleuder-fix-gem-dependencies + schleuder-init-setup --gem + # NOTE: this is version number sensitive and so might need changing + ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder + sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf + sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf + schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive + ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST - echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder - echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder - echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder - echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder - echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder - chown -R schleuder:schleuder /var/lib/schleuder - update-exim4.conf.template -r - update-exim4.conf - systemctl restart exim4 - useradd -d /var/schleuderlists -s /bin/false schleuder - adduser Debian-exim schleuder - usermod -a -G mail schleuder - #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME - echo 'create_private_mailing_list' >> $COMPLETION_FILE -} + echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + chown -R schleuder:schleuder /var/lib/schleuder + update-exim4.conf.template -r + update-exim4.conf + systemctl restart exim4 + useradd -d /var/schleuderlists -s /bin/false schleuder + adduser Debian-exim schleuder + usermod -a -G mail schleuder + #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME + echo 'create_private_mailing_list' >> $COMPLETION_FILE + } -function split_gpg_key_into_fragments { - # split the gpg key into fragments if social key management is enabled - if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then - echo 'Splitting GPG key. You may need to enter your passphrase.' - ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" - if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then - echo 'Yhe GPG key could not be split' - exit 86548 - fi - fi -} + function split_gpg_key_into_fragments { + # split the gpg key into fragments if social key management is enabled + if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then + echo 'Splitting GPG key. You may need to enter your passphrase.' + ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" + if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then + echo 'Yhe GPG key could not be split' + exit 86548 + fi + fi + } -function import_email { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - EMAIL_COMPLETE_MSG=$" + function import_email { + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + EMAIL_COMPLETE_MSG=$" *** ${PROJECT_NAME} mailbox installation is complete *** Now on your internet router forward ports 25, 587, 465, 993 and 2222 to the ${PROJECT_NAME} " - if grep -Fxq "import_email" $COMPLETION_FILE; then - if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then - backup_to_friends_servers - intrusion_detection - split_gpg_key_into_fragments - clear - echo '' - echo "$EMAIL_COMPLETE_MSG" - if [ -d $USB_MOUNT ]; then - umount $USB_MOUNT - rm -rf $USB_MOUNT - echo $' You can now remove the USB drive' - fi - exit 0 - fi - return - fi - if [ $IMPORT_MAILDIR ]; then - if [ -d $IMPORT_MAILDIR ]; then - echo $'Transfering email files' - cp -r $IMPORT_MAILDIR /home/$MY_USERNAME - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir - else - echo $"Email import directory $IMPORT_MAILDIR not found" - exit 9 - fi - fi - echo 'import_email' >> $COMPLETION_FILE - if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then - backup_to_friends_servers - intrusion_detection - split_gpg_key_into_fragments - # unmount any attached usb drive - clear - echo '' - echo "$EMAIL_COMPLETE_MSG" - echo '' - if [ -d $USB_MOUNT ]; then - umount $USB_MOUNT - rm -rf $USB_MOUNT - echo $' You can now remove the USB drive' - fi - exit 0 - fi -} + if grep -Fxq "import_email" $COMPLETION_FILE; then + if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then + backup_to_friends_servers + intrusion_detection + split_gpg_key_into_fragments + clear + echo '' + echo "$EMAIL_COMPLETE_MSG" + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + echo $' You can now remove the USB drive' + fi + exit 0 + fi + return + fi + if [ $IMPORT_MAILDIR ]; then + if [ -d $IMPORT_MAILDIR ]; then + echo $'Transfering email files' + cp -r $IMPORT_MAILDIR /home/$MY_USERNAME + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir + else + echo $"Email import directory $IMPORT_MAILDIR not found" + exit 9 + fi + fi + echo 'import_email' >> $COMPLETION_FILE + if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then + backup_to_friends_servers + intrusion_detection + split_gpg_key_into_fragments + # unmount any attached usb drive + clear + echo '' + echo "$EMAIL_COMPLETE_MSG" + echo '' + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + echo $' You can now remove the USB drive' + fi + exit 0 + fi + } -function install_web_server { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then - return - fi + function install_web_server { + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then + return + fi - # update to the next commit - set_repo_commit $INSTALL_DIR/nginx_ensite "Nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO + # update to the next commit + set_repo_commit $INSTALL_DIR/nginx_ensite "Nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO - if grep -Fxq "install_web_server" $COMPLETION_FILE; then - return - fi - # remove apache - apt-get -y remove --purge apache2 - if [ -d /etc/apache2 ]; then - rm -rf /etc/apache2 - fi - # install nginx - apt-get -y install nginx php5-fpm git + if grep -Fxq "install_web_server" $COMPLETION_FILE; then + return + fi + # remove apache + apt-get -y remove --purge apache2 + if [ -d /etc/apache2 ]; then + rm -rf /etc/apache2 + fi + # install nginx + apt-get -y install nginx php5-fpm git - # limit the number of php processes - sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf - sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf + # limit the number of php processes + sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf + sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf - if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then - echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf - echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf - echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf - echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf - echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf - fi + if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then + echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf + fi - if [ ! -d /etc/nginx ]; then - echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE" - exit 51 - fi + if [ ! -d /etc/nginx ]; then + echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE" + exit 51 + fi - # Nginx settings - echo 'user www-data;' > /etc/nginx/nginx.conf - #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf - echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo 'events {' >> /etc/nginx/nginx.conf - echo ' worker_connections 50;' >> /etc/nginx/nginx.conf - echo ' # multi_accept on;' >> /etc/nginx/nginx.conf - echo '}' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo 'http {' >> /etc/nginx/nginx.conf - echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf - echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf - echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf - echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf - echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf - echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf - echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf - echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf - echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo ' # Basic Settings' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' sendfile on;' >> /etc/nginx/nginx.conf - echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf - echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf - echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf - echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf - echo ' server_tokens off;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf - echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf - echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo ' # Logging Settings' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf - echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' ###' >> /etc/nginx/nginx.conf - echo ' # Gzip Settings' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo ' gzip on;' >> /etc/nginx/nginx.conf - echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf - echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf - echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf - echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf - echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf - echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf + # Nginx settings + echo 'user www-data;' > /etc/nginx/nginx.conf + #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf + echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo 'events {' >> /etc/nginx/nginx.conf + echo ' worker_connections 50;' >> /etc/nginx/nginx.conf + echo ' # multi_accept on;' >> /etc/nginx/nginx.conf + echo '}' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo 'http {' >> /etc/nginx/nginx.conf + echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf + echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf + echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf + echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf + echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf + echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Basic Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' sendfile on;' >> /etc/nginx/nginx.conf + echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf + echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf + echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf + echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf + echo ' server_tokens off;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf + echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf + echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Logging Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf + echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ###' >> /etc/nginx/nginx.conf + echo ' # Gzip Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' gzip on;' >> /etc/nginx/nginx.conf + echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf + echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf + echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf + echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf + echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf + echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf echo '}' >> /etc/nginx/nginx.conf @@ -10700,6 +10713,7 @@ mesh_babel route_outgoing_traffic_through_tor configure_email create_procmail +handle_admin_emails spam_filtering configure_imap #configure_imap_client_certs