diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 6051f8b..28eb00c 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -1010,6 +1010,10 @@ echononl " Creeate new postfix configuration file" cat < /etc/postfix/main.cf # ============ Basic settings ============ +# Disable backwards compatibility +compatibility_level = 2 + + # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. diff --git a/install_postfix_base.sh b/install_postfix_base.sh index 41436b8..071d106 100755 --- a/install_postfix_base.sh +++ b/install_postfix_base.sh @@ -488,6 +488,10 @@ echononl " Creeate new postfix configuration file" cat < /etc/postfix/main.cf # ============ Basic settings ============ +# Disable backwards compatibility +compatibility_level = 2 + + # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. @@ -838,6 +842,39 @@ smtpd_tls_exclude_ciphers = smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache + + +#======= smtpd Restrictions ============ + +# smtpd_relay_restrictions +# +# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions +# parameter must specify at least one of the following restrictions. Otherwise Postfix +# will refuse to receive mail: +# +# reject, reject_unauth_destination +# +# defer, defer_if_permit, defer_unauth_destination +# +# +# The upstream default is: +# +# smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} : +# {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}} +# +# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is +# set to '0', you MUST specify this value. Otherwise Postfix will refuse to receive mail +# and you get the following error message: +# +# fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify +# at least one working instance of: reject_unauth_destination, defer_unauth_destination, +# reject, defer, defer_if_permit or check_relay_domains +# +#smtpd_relay_restrictions = +# permit_mynetworks, +# permit_sasl_authenticated, +# defer_unauth_destination + EOF echo_ok diff --git a/install_roundcube.sh b/install_roundcube.sh index 6c418d2..c6558d9 100755 --- a/install_roundcube.sh +++ b/install_roundcube.sh @@ -1808,6 +1808,9 @@ cat <>$WEBSITE_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.in // IMAP (further settings) // ---------------------------------- +// Log successful/failed logins to /userlogins or to syslog +\$config['log_logins'] = true; + // IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use // best server supported one) \$config['imap_auth_type'] = 'LOGIN'; diff --git a/install_update_dovecot.sh b/install_update_dovecot.sh index 687ae91..81db11d 100755 --- a/install_update_dovecot.sh +++ b/install_update_dovecot.sh @@ -2587,6 +2587,7 @@ else fatal "Adjusting file /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf failed" fi + ## - edit /usr/local/dovecot/etc/dovecot/dovecot.conf ## - ## - add: @@ -2940,6 +2941,66 @@ EOF fi +## - configure post-login service (10-master.conf) +## - +## - see also: https://wiki.dovecot.org/PostLoginScripting +## - +echononl "\tAdd script '/usr/local/dovecot-${_version}/bin/post-login.sh'.." +cat < /usr/local/dovecot-${_version}/bin/post-login.sh +#!/usr/bin/env bash + +touch ~/.last_login + +exec "\$@" +EOF +if [[ $? -gt 0 ]] ; then + echo -e "$rc_failed" + error "Adding script '/usr/local/dovecot-${_version}/bin/post-login.sh' failed!" +else + echo -e "$rc_done" +fi + +echononl "\tSet Permissions of 'post-login.sh' .." +chmod 755 "/usr/local/dovecot-${_version}/bin/post-login.sh" > /dev/null 2>&1 +if [[ $? -gt 0 ]] ; then + echo -e "$rc_failed" + error "Setting permissions to '/usr/local/dovecot-${_version}/bin/post-login.sh' failed!" +else + echo -e "$rc_done" +fi + +_failed=false +echononl "\tConfigure post-login service (10-master.conf)" +perl -i -n -p -e "s#^(\s*)(service\s+imap\s+{.*)#\1\2\n\1 \# tell imap to do post-login lookup using a socket called \"imap-postlogin\"\n\1 executable = imap post-login\n#g" \ + /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf || _failed=true +perl -i -n -p -e "s#^(\s*)(service\s+pop3\s+{.*)#\1\2\n\1 \# tell imap to do post-login lookup using a socket called \"imap-postlogin\"\n\1 executable = pop3 post-login\n#g" \ + /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf || _failed=true +cat <> /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf + +service post-login { + # all post-login scripts are executed via script-login binary + executable = script-login /usr/local/dovecot/bin/post-login.sh + + # the script process runs as the user specified here: + user = vmail + + # this UNIX socket listener must use the same name as given to imap executable + unix_listener post-login { + } +} +EOF +if [[ $? -gt 0 ]] ; then + _failed=true +fi + +if ! $_failed ; then + echo -e "$rc_done" +else + echo -e "$rc_failed" + fatal "Configuring 'post-login' service failed!" +fi + + ## - edit /usr/local/dovecot/etc/dovecot/conf.d/90-quota.conf ## - ## - add to the end of file or in seperate plugin-blocks