Keep emails to the root user in a different folder

This commit is contained in:
Bob Mottram 2016-03-10 09:51:23 +00:00
parent dddb128e0a
commit afa8244dd1
1 changed files with 315 additions and 301 deletions

View File

@ -4932,6 +4932,10 @@ function create_procmail {
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
fi fi
mkdir -p /home/$MY_USERNAME/Maildir/admin/new
mkdir -p /home/$MY_USERNAME/Maildir/admin/cur
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/admin
if [ ! -f /etc/skel/.procmailrc ]; then if [ ! -f /etc/skel/.procmailrc ]; then
cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc
chown root:root /etc/skel/.procmailrc chown root:root /etc/skel/.procmailrc
@ -4940,6 +4944,15 @@ function create_procmail {
echo 'create_procmail' >> $COMPLETION_FILE echo 'create_procmail' >> $COMPLETION_FILE
} }
function handle_admin_emails {
# keep emails for root in a separate folder
if [ -d /home/$MY_USERNAME/Maildir/admin ]; then
return
fi
freedombone-addemail -u $MY_USERNAME -e "root@$DEFAULT_DOMAIN_NAME" -g admin --public no
}
function spam_filtering { function spam_filtering {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return return
@ -5885,338 +5898,338 @@ function create_public_mailing_list {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return return
fi fi
if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then
return return
fi fi
if [ ! $PUBLIC_MAILING_LIST ]; then if [ ! $PUBLIC_MAILING_LIST ]; then
return return
fi fi
# does the mailing list have a separate domain name? # does the mailing list have a separate domain name?
if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then
PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
fi fi
PUBLIC_MAILING_LIST_USER="mlmmj" PUBLIC_MAILING_LIST_USER="mlmmj"
apt-get -y install mlmmj apt-get -y install mlmmj
adduser --system $PUBLIC_MAILING_LIST_USER adduser --system $PUBLIC_MAILING_LIST_USER
addgroup $PUBLIC_MAILING_LIST_USER addgroup $PUBLIC_MAILING_LIST_USER
adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
echo '' echo ''
echo $"Creating the $PUBLIC_MAILING_LIST mailing list" echo $"Creating the $PUBLIC_MAILING_LIST mailing list"
echo '' echo ''
# create the list # create the list
mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER
echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
# router # router
echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
# transport # transport
echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi fi
if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi fi
if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi fi
if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi fi
if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
fi fi
newaliases newaliases
update-exim4.conf.template -r update-exim4.conf.template -r
update-exim4.conf update-exim4.conf
systemctl restart exim4 systemctl restart exim4
if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README
echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README
echo '=================================' >> /home/$MY_USERNAME/README echo '=================================' >> /home/$MY_USERNAME/README
echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README
echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README
fi fi
${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST" ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
echo 'create_public_mailing_list' >> $COMPLETION_FILE echo 'create_public_mailing_list' >> $COMPLETION_FILE
} }
function create_private_mailing_list { function create_private_mailing_list {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return return
fi fi
# This installation doesn't work, results in ruby errors # This installation doesn't work, results in ruby errors
# There is currently no schleuder package for Debian jessie # There is currently no schleuder package for Debian jessie
if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then
return return
fi fi
if [ ! $PRIVATE_MAILING_LIST ]; then if [ ! $PRIVATE_MAILING_LIST ]; then
return return
fi fi
if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then
echo $'The name of the private mailing list should not be the same as your username' echo $'The name of the private mailing list should not be the same as your username'
exit 10 exit 10
fi fi
if [ ! $MY_GPG_PUBLIC_KEY ]; then if [ ! $MY_GPG_PUBLIC_KEY ]; then
echo $'To create a private mailing list you need to specify a file' echo $'To create a private mailing list you need to specify a file'
echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at' echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
echo $'the top of the script' echo $'the top of the script'
exit 11 exit 11
fi fi
apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
gem install schleuder gem install schleuder
schleuder-fix-gem-dependencies schleuder-fix-gem-dependencies
schleuder-init-setup --gem schleuder-init-setup --gem
# NOTE: this is version number sensitive and so might need changing # NOTE: this is version number sensitive and so might need changing
ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST
echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
chown -R schleuder:schleuder /var/lib/schleuder chown -R schleuder:schleuder /var/lib/schleuder
update-exim4.conf.template -r update-exim4.conf.template -r
update-exim4.conf update-exim4.conf
systemctl restart exim4 systemctl restart exim4
useradd -d /var/schleuderlists -s /bin/false schleuder useradd -d /var/schleuderlists -s /bin/false schleuder
adduser Debian-exim schleuder adduser Debian-exim schleuder
usermod -a -G mail schleuder usermod -a -G mail schleuder
#exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
echo 'create_private_mailing_list' >> $COMPLETION_FILE echo 'create_private_mailing_list' >> $COMPLETION_FILE
} }
function split_gpg_key_into_fragments { function split_gpg_key_into_fragments {
# split the gpg key into fragments if social key management is enabled # split the gpg key into fragments if social key management is enabled
if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
echo 'Splitting GPG key. You may need to enter your passphrase.' echo 'Splitting GPG key. You may need to enter your passphrase.'
${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
echo 'Yhe GPG key could not be split' echo 'Yhe GPG key could not be split'
exit 86548 exit 86548
fi fi
fi fi
} }
function import_email { function import_email {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return return
fi fi
EMAIL_COMPLETE_MSG=$" EMAIL_COMPLETE_MSG=$"
*** ${PROJECT_NAME} mailbox installation is complete *** *** ${PROJECT_NAME} mailbox installation is complete ***
Now on your internet router forward ports Now on your internet router forward ports
25, 587, 465, 993 and 2222 to the ${PROJECT_NAME} 25, 587, 465, 993 and 2222 to the ${PROJECT_NAME}
" "
if grep -Fxq "import_email" $COMPLETION_FILE; then if grep -Fxq "import_email" $COMPLETION_FILE; then
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
backup_to_friends_servers backup_to_friends_servers
intrusion_detection intrusion_detection
split_gpg_key_into_fragments split_gpg_key_into_fragments
clear clear
echo '' echo ''
echo "$EMAIL_COMPLETE_MSG" echo "$EMAIL_COMPLETE_MSG"
if [ -d $USB_MOUNT ]; then if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT umount $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
echo $' You can now remove the USB drive' echo $' You can now remove the USB drive'
fi fi
exit 0 exit 0
fi fi
return return
fi fi
if [ $IMPORT_MAILDIR ]; then if [ $IMPORT_MAILDIR ]; then
if [ -d $IMPORT_MAILDIR ]; then if [ -d $IMPORT_MAILDIR ]; then
echo $'Transfering email files' echo $'Transfering email files'
cp -r $IMPORT_MAILDIR /home/$MY_USERNAME cp -r $IMPORT_MAILDIR /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
else else
echo $"Email import directory $IMPORT_MAILDIR not found" echo $"Email import directory $IMPORT_MAILDIR not found"
exit 9 exit 9
fi fi
fi fi
echo 'import_email' >> $COMPLETION_FILE echo 'import_email' >> $COMPLETION_FILE
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
backup_to_friends_servers backup_to_friends_servers
intrusion_detection intrusion_detection
split_gpg_key_into_fragments split_gpg_key_into_fragments
# unmount any attached usb drive # unmount any attached usb drive
clear clear
echo '' echo ''
echo "$EMAIL_COMPLETE_MSG" echo "$EMAIL_COMPLETE_MSG"
echo '' echo ''
if [ -d $USB_MOUNT ]; then if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT umount $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
echo $' You can now remove the USB drive' echo $' You can now remove the USB drive'
fi fi
exit 0 exit 0
fi fi
} }
function install_web_server { function install_web_server {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
return return
fi fi
# update to the next commit # update to the next commit
set_repo_commit $INSTALL_DIR/nginx_ensite "Nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO set_repo_commit $INSTALL_DIR/nginx_ensite "Nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO
if grep -Fxq "install_web_server" $COMPLETION_FILE; then if grep -Fxq "install_web_server" $COMPLETION_FILE; then
return return
fi fi
# remove apache # remove apache
apt-get -y remove --purge apache2 apt-get -y remove --purge apache2
if [ -d /etc/apache2 ]; then if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2 rm -rf /etc/apache2
fi fi
# install nginx # install nginx
apt-get -y install nginx php5-fpm git apt-get -y install nginx php5-fpm git
# limit the number of php processes # limit the number of php processes
sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf
sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf
if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then
echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf
fi fi
if [ ! -d /etc/nginx ]; then if [ ! -d /etc/nginx ]; then
echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE" echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE"
exit 51 exit 51
fi fi
# Nginx settings # Nginx settings
echo 'user www-data;' > /etc/nginx/nginx.conf echo 'user www-data;' > /etc/nginx/nginx.conf
#echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf
echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo 'events {' >> /etc/nginx/nginx.conf echo 'events {' >> /etc/nginx/nginx.conf
echo ' worker_connections 50;' >> /etc/nginx/nginx.conf echo ' worker_connections 50;' >> /etc/nginx/nginx.conf
echo ' # multi_accept on;' >> /etc/nginx/nginx.conf echo ' # multi_accept on;' >> /etc/nginx/nginx.conf
echo '}' >> /etc/nginx/nginx.conf echo '}' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo 'http {' >> /etc/nginx/nginx.conf echo 'http {' >> /etc/nginx/nginx.conf
echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf
echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf
echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf
echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf
echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf
echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Basic Settings' >> /etc/nginx/nginx.conf echo ' # Basic Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' sendfile on;' >> /etc/nginx/nginx.conf echo ' sendfile on;' >> /etc/nginx/nginx.conf
echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf
echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf
echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf
echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf
echo ' server_tokens off;' >> /etc/nginx/nginx.conf echo ' server_tokens off;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf
echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf
echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Logging Settings' >> /etc/nginx/nginx.conf echo ' # Logging Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf
echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' ###' >> /etc/nginx/nginx.conf echo ' ###' >> /etc/nginx/nginx.conf
echo ' # Gzip Settings' >> /etc/nginx/nginx.conf echo ' # Gzip Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf
echo ' gzip on;' >> /etc/nginx/nginx.conf echo ' gzip on;' >> /etc/nginx/nginx.conf
echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf
echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf
echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf
echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf
echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf
echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf
echo '}' >> /etc/nginx/nginx.conf echo '}' >> /etc/nginx/nginx.conf
@ -10700,6 +10713,7 @@ mesh_babel
route_outgoing_traffic_through_tor route_outgoing_traffic_through_tor
configure_email configure_email
create_procmail create_procmail
handle_admin_emails
spam_filtering spam_filtering
configure_imap configure_imap
#configure_imap_client_certs #configure_imap_client_certs