Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
M
mailinabox
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
mailinabox
Commits
5cef1bb6
Commit
5cef1bb6
authored
Aug 21, 2013
by
Joshua Tauberer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
DNS, SPF, and DKIM
parent
e06b4f5c
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
179 additions
and
4 deletions
+179
-4
README.md
README.md
+2
-0
start_instance.sh
ec2/start_instance.sh
+2
-1
dkim.sh
scripts/dkim.sh
+45
-0
dns.sh
scripts/dns.sh
+36
-0
dns_update.sh
scripts/dns_update.sh
+89
-0
index.sh
scripts/index.sh
+3
-0
system.sh
scripts/system.sh
+0
-1
smtp.py
tests/smtp.py
+2
-2
No files found.
README.md
View file @
5cef1bb6
...
...
@@ -42,6 +42,8 @@ Then launch a new instance. We're creating a m1.small instance --- it's the smal
It will wait until the instance is available.
You'll probably want to associate it with an Elastic IP. If you do, you'll need to update the INSTANCE_IP variable.
Configure the server:
ssh -i mykey.pem ubuntu@$INSTANCE_IP
...
...
ec2/start_instance.sh
View file @
5cef1bb6
...
...
@@ -7,7 +7,8 @@ UBUNTU_CONFIG="us-east-1 13.04 amd64 instance-store"
export
AMI
=
`
curl
-s
http://cloud-images.ubuntu.com/locator/ec2/releasesTable | python3 tools/get_ubuntu_ami.py
$UBUNTU_CONFIG
`
ec2-create-group
-d
"mailinabox"
"mailinabox"
for
PORT
in
25 587 993
;
do
ec2-authorize mailinabox
-P
tcp
-p
$PORT
-s
0.0.0.0/0
;
done
for
PORT
in
25 53 587 993
;
do
ec2-authorize mailinabox
-P
tcp
-p
$PORT
-s
0.0.0.0/0
;
done
for
PORT
in
53
;
do
ec2-authorize mailinabox
-P
udp
-p
$PORT
-s
0.0.0.0/0
;
done
ec2run
$AMI
-k
$EC2_KEYPAIR_NAME
-t
m1.small
-z
$AWS_AZ
-g
mailinabox
>
instance.info
export
INSTANCE
=
`
cat
instance.info |
grep
INSTANCE |
awk
{
'print $2'
}
`
...
...
scripts/dkim.sh
0 → 100644
View file @
5cef1bb6
# Install OpenDKIM.
#
# After this, you'll still need to run dns_update to get the DKIM
# signature in the DNS zones.
apt-get
install
-q
-y
opendkim opendkim-tools
mkdir
-p
/etc/opendkim
;
mkdir
-p
$STORAGE_ROOT
/mail/dkim
echo
"127.0.0.1"
>
/etc/opendkim/TrustedHosts
if
grep
-q
"ExternalIgnoreList"
/etc/opendkim.conf
;
then
true
;
# already done
else
cat
>>
/etc/opendkim.conf
<<
EOF
;
MinimumKeyBits 1024
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:8891@localhost
RequireSafeKeys false
EOF
fi
# Create a new DKIM key if we don't have one already.
if
[
!
-z
"
$STORAGE_ROOT
/mail/dkim/mail.private"
]
;
then
# Should we specify -h rsa-sha256?
opendkim-genkey
-r
-s
mail
-D
$STORAGE_ROOT
/mail/dkim
fi
chown
-R
opendkim:opendkim
$STORAGE_ROOT
/mail/dkim
chmod
go-rwx
$STORAGE_ROOT
/mail/dkim
# add OpenDKIM as a milter to postfix. Be careful. If we add other milters
# later, it needs to be concatenated on the smtpd_milters line.
tools/editconf.py /etc/postfix/main.cf
\
smtpd_milters
=
inet:127.0.0.1:8891
\
non_smtpd_milters
=
\$
smtpd_milters
\
milter_default_action
=
accept
service opendkim restart
service postfix restart
scripts/dns.sh
0 → 100644
View file @
5cef1bb6
# Configures a DNS server using nsd.
#
# After running this script, you also must run scripts/dns_update.sh,
# and any time a zone file is added/changed/removed. It should be
# run after DKIM is configured, however.
apt-get
-qq
-y
install
nsd3
if
[
-z
"
$PUBLIC_HOSTNAME
"
]
;
then
PUBLIC_HOSTNAME
=
example.org
fi
if
[
-z
"
$PUBLIC_IP
"
]
;
then
# works on EC2 only...
PUBLIC_IP
=
`
wget
-q
-O-
http://instance-data/latest/meta-data/public-ipv4
`
fi
sudo mkdir
-p
/var/run/nsd3
mkdir
-p
"
$STORAGE_ROOT
/dns"
;
# Store our desired IP address (to put in the zone files) for later.
echo
$PUBLIC_IP
>
$STORAGE_ROOT
/dns/our_ip
# Create the default zone if it doesn't exist.
if
[
!
-f
"
$STORAGE_ROOT
/dns/
$PUBLIC_HOSTNAME
.txt"
]
;
then
# can be an empty file, defaults are applied elsewhere
cat
>
"
$STORAGE_ROOT
/dns/
$PUBLIC_HOSTNAME
.txt"
<<
EOF
;
EOF
fi
chown
-R
ubuntu.ubuntu
$STORAGE_ROOT
/dns
ufw allow domain
scripts/dns_update.sh
0 → 100644
View file @
5cef1bb6
# Create nsd.conf and zone files, and updates the OpenDKIM signing tables.
PUBLIC_IP
=
`
cat
$STORAGE_ROOT
/dns/our_ip
`
# Create the top of nsd.conf.
cat
>
/etc/nsd3/nsd.conf
<<
EOF
;
server:
hide-version: yes
# identify the server (CH TXT ID.SERVER entry).
identity: ""
# The directory for zonefile: files.
zonesdir: "/etc/nsd3/zones"
# ZONES
EOF
# For every zone file in our dns directory, build a proper zone
# file and mention it in nsd.conf. And add information to the
# OpenDKIM signing tables.
mkdir
-p
/etc/nsd3/zones
;
truncate
--size
0 /etc/opendkim/KeyTable
truncate
--size
0 /etc/opendkim/SigningTable
for
fn
in
$STORAGE_ROOT
/dns/
*
.txt
;
do
fn2
=
`
basename
$fn
`
zone
=
`
echo
$fn2
|
sed
"s/.txt
\$
//"
`
# If the zone file exists, increment the serial number.
# TODO: This needs to be done better so that the existing serial number is
# persisted in the storage area.
serial
=
`
date
+
"%Y%m%d00"
`
if
[
-f
/etc/nsd3/zones/
$fn2
]
;
then
existing_serial
=
`
grep
"serial number"
/etc/nsd3/zones/
$fn2
|
sed
"s/; serial number//"
`
if
[
!
-z
"
$existing_serial
"
]
;
then
serial
=
`
echo
$existing_serial
+ 1 | bc
`
fi
fi
cat
>
/etc/nsd3/zones/
$fn2
<<
EOF
;
\$
ORIGIN
$zone
. ; default zone domain
\$
TTL 86400 ; default time to live
@ IN SOA ns1.
$zone
. domain_contact.
$zone
. (
$serial
; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.
$zone
.
IN A
$PUBLIC_IP
MX 10 mail.
$zone
.
300 TXT "v=spf1 mx -all"
mail IN A
$PUBLIC_IP
EOF
# If OpenDKIM is set up, append that information to the zone.
if
[
-f
"
$STORAGE_ROOT
/mail/dkim/mail.txt"
]
;
then
cat
"
$STORAGE_ROOT
/mail/dkim/mail.txt"
>>
/etc/nsd3/zones/
$fn2
;
fi
cat
>>
/etc/nsd3/nsd.conf
<<
EOF
;
zone:
name:
$zone
zonefile:
$fn2
EOF
# OpenDKIM
echo
"
$zone
$zone
:mail:
$STORAGE_ROOT
/mail/dkim/mail.private"
>>
/etc/opendkim/KeyTable
echo
"*@
$zone
$zone
"
>>
/etc/opendkim/SigningTable
done
# Kick nsd.
service nsd3 rebuild
service nsd3 restart
# ensure it is running
# Kick opendkim.
service opendkim restart
scripts/index.sh
View file @
5cef1bb6
.
scripts/system.sh
.
scripts/dns.sh
.
scripts/mail.sh
.
scripts/dkim.sh
.
scripts/dns_update.sh
scripts/system.sh
View file @
5cef1bb6
...
...
@@ -20,7 +20,6 @@ apt-get install -q -y ntp fail2ban
# Turn on the firewall. First allow incoming SSH, then turn on the firewall. Additional open
# ports will be set up in the scripts that set up those services.
ufw allow ssh
#ufw allow domain
#ufw allow http
#ufw allow https
ufw
--force
enable
...
...
tests/smtp.py
View file @
5cef1bb6
import
smtplib
,
sys
,
os
fromaddr
=
"testuser@
testdomain.com"
fromaddr
=
"testuser@
"
+
os
.
environ
.
get
(
"DOMAIN"
,
"testdomain.com"
)
msg
=
"""From:
%
s
To:
%
s
...
...
@@ -10,7 +10,7 @@ This is a test message.""" % (fromaddr, sys.argv[1])
server
=
smtplib
.
SMTP
(
os
.
environ
[
"INSTANCE_IP"
],
587
)
server
.
set_debuglevel
(
1
)
server
.
starttls
()
server
.
login
(
"testuser@testdomain.com"
,
"testpw"
)
server
.
login
(
fromaddr
,
"testpw"
)
server
.
sendmail
(
fromaddr
,
[
sys
.
argv
[
1
]],
msg
)
server
.
quit
()
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment