Merge branch 'master' of https://git.oopen.de/install/mailsystem

2019-09-01 03:58:56 +02:00 · 2019-09-01 03:58:56 +02:00 · 23b3a1ed70
commit 23b3a1ed70
parent b06eecc53b 300e75197f
4 changed files with 105 additions and 0 deletions
--- a/install_postfix_advanced.sh
+++ b/install_postfix_advanced.sh
@ -1010,6 +1010,10 @@ echononl "   Creeate new postfix configuration file"
 cat <<EOF > /etc/postfix/main.cf
 # ============ Basic settings ============

+# Disable backwards compatibility
+compatibility_level = 2
+
+
 # Debian specific:  Specifying a file name will cause the first
 # line of that file to be used as the name.  The Debian default
 # is /etc/mailname.
--- a/install_postfix_base.sh
+++ b/install_postfix_base.sh
@ -488,6 +488,10 @@ echononl "   Creeate new postfix configuration file"
 cat <<EOF > /etc/postfix/main.cf
 # ============ Basic settings ============

+# Disable backwards compatibility
+compatibility_level = 2
+
+
 # Debian specific:  Specifying a file name will cause the first
 # line of that file to be used as the name.  The Debian default
 # is /etc/mailname.
@ -838,6 +842,39 @@ smtpd_tls_exclude_ciphers =
 smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache

+
+
+#======= smtpd Restrictions  ============
+
+# smtpd_relay_restrictions
+#
+# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions 
+# parameter must specify at least one of the following restrictions. Otherwise Postfix 
+# will refuse to receive mail:
+#
+#        reject, reject_unauth_destination
+#
+#        defer, defer_if_permit, defer_unauth_destination
+#
+#
+# The upstream default is:
+#
+#    smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} : 
+#       {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
+#
+# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is 
+# set to '0', you MUST specify this value. Otherwise Postfix will refuse to receive mail
+# and you get the following error message:
+#
+#     fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify 
+#     at least one working instance of: reject_unauth_destination, defer_unauth_destination, 
+#     reject, defer, defer_if_permit or check_relay_domains
+#
+#smtpd_relay_restrictions = 
+#   permit_mynetworks, 
+#   permit_sasl_authenticated, 
+#   defer_unauth_destination
+
 EOF
 echo_ok

--- a/install_roundcube.sh
+++ b/install_roundcube.sh
@ -1808,6 +1808,9 @@ cat <<EOF >>$WEBSITE_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.in
 // IMAP (further settings)
 // ----------------------------------

+// Log successful/failed logins to <log_dir>/userlogins or to syslog
+\$config['log_logins'] = true;
+
 // IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use
 // best server supported one)
 \$config['imap_auth_type'] = 'LOGIN';
--- a/install_update_dovecot.sh
+++ b/install_update_dovecot.sh
@ -2587,6 +2587,7 @@ else
   fatal "Adjusting file /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf failed"
 fi

+
 ## - edit /usr/local/dovecot/etc/dovecot/dovecot.conf
 ## - 
 ## - add:
@ -2940,6 +2941,66 @@ EOF
 fi


+## - configure post-login service (10-master.conf)
+## -
+## - see also: https://wiki.dovecot.org/PostLoginScripting
+## -
+echononl "\tAdd script '/usr/local/dovecot-${_version}/bin/post-login.sh'.."
+cat <<EOF > /usr/local/dovecot-${_version}/bin/post-login.sh
+#!/usr/bin/env bash
+
+touch ~/.last_login
+
+exec "\$@"
+EOF
+if [[ $? -gt 0 ]] ; then
+	echo -e "$rc_failed"
+	error "Adding script '/usr/local/dovecot-${_version}/bin/post-login.sh' failed!"
+else
+	echo -e "$rc_done"
+fi
+
+echononl "\tSet Permissions of 'post-login.sh' .."
+chmod 755 "/usr/local/dovecot-${_version}/bin/post-login.sh" > /dev/null 2>&1
+if [[ $? -gt 0 ]] ; then
+	echo -e "$rc_failed"
+	error "Setting permissions to '/usr/local/dovecot-${_version}/bin/post-login.sh' failed!"
+else
+	echo -e "$rc_done"
+fi
+
+_failed=false
+echononl "\tConfigure post-login service (10-master.conf)"
+perl -i -n -p -e "s#^(\s*)(service\s+imap\s+{.*)#\1\2\n\1  \# tell imap to do post-login lookup using a socket called \"imap-postlogin\"\n\1  executable = imap post-login\n#g" \
+   /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf || _failed=true
+perl -i -n -p -e "s#^(\s*)(service\s+pop3\s+{.*)#\1\2\n\1  \# tell imap to do post-login lookup using a socket called \"imap-postlogin\"\n\1  executable = pop3 post-login\n#g" \
+   /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf || _failed=true
+cat <<EOF >> /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf
+
+service post-login {
+  # all post-login scripts are executed via script-login binary
+  executable = script-login /usr/local/dovecot/bin/post-login.sh
+
+  # the script process runs as the user specified here:
+  user = vmail
+
+  # this UNIX socket listener must use the same name as given to imap executable
+  unix_listener post-login {
+  }
+}
+EOF
+if [[ $? -gt 0 ]] ; then
+	_failed=true
+fi
+
+if ! $_failed ; then
+   echo -e "$rc_done"
+else
+   echo -e "$rc_failed"
+   fatal "Configuring 'post-login' service failed!"
+fi
+
+
 ## - edit /usr/local/dovecot/etc/dovecot/conf.d/90-quota.conf
 ## - 
 ## - add to the end of file or in seperate plugin-blocks