Commit 97b2105a authored by Joshua Tauberer's avatar Joshua Tauberer


parent 5cef1bb6
......@@ -8,6 +8,8 @@ This draws heavily on Sovereign by Alex Payne (
Deploying to EC2 from the command line
Amazon's EC2 isn't a great place to host a mail server. Do you still need to request permission to send email first? And you don't know if you'll get an IP address with a bad reputation from its previous owner. But it makes deployment easy, so it may at least be useful for testing.
Sign up for Amazon Web Services.
Create an Access Key at Download the key and save the information somewhere secure.
......@@ -54,6 +56,8 @@ Somehow download these files.
You'll also want to set reverse DNS (PTR), which is something your hosting provider will probably have a control panel for.
Terminate your instance with:
ec2-terminate-instances $INSTANCE
......@@ -109,17 +109,22 @@ EOF
sed -i "s/#port = 143/port = 0/" /etc/dovecot/conf.d/10-master.conf
sed -i "s/#port = 110/port = 0/" /etc/dovecot/conf.d/10-master.conf
# Modify the unix socket for LMTP.
sed -i "s/unix_listener lmtp \(.*\)/unix_listener \/var\/spool\/postfix\/private\/dovecot-lmtp \1\n user = postfix\n group = postfix\n/" /etc/dovecot/conf.d/10-master.conf
# Add an additional auth socket for postfix. Check if it already is
# set to make sure this is idempotent.
if grep -q "mailinabox-postfix-private-auth" /etc/dovecot/conf.d/10-master.conf; then
# already done
sed -i "s/\(\s*unix_listener auth-userdb\)/ unix_listener \/var\/spool\/postfix\/private\/auth \{ # mailinabox-postfix-private-auth\n mode = 0666\n user = postfix\n group = postfix\n \}\n\1/" /etc/dovecot/conf.d/10-master.conf
# Create a Unix domain socket specific for postgres to connect via LMTP because
# postgres is already configured to use this location, and create a TCP socket
# for spampd to inject mail on (if it's configured later). dovecot's standard
# lmtp unix socket is also listening.
cat > /etc/dovecot/conf.d/99-local.conf << EOF;
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
user = postfix
group = postfix
inet_listener lmtp {
address =
port = 10026
# Drew Crawford sets the auth-worker process to run as the mail user, but we don't care if it runs as root.
# Spam filtering with spamassassin via spampd.
apt-get -q -y install spampd dovecot-antispam
# Hook into postfix. Replace dovecot with spampd as the mail delivery agent.
tools/ /etc/postfix/ virtual_transport=lmtp:[]:10025
# Hook into dovecot. This is actually the default but we don't want to lose track of it.
tools/ /etc/default/spampd DESTPORT=10026
# Automatically move spam into a folder called Spam. Enable the sieve plugin.
# (Note: Be careful if we want to use multiple plugins later.)
# The sieve scripts are installed by
sudo sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins sieve/" /etc/dovecot/conf.d/20-lmtp.conf
# Enable the antispam plugin to detect when a message moves between folders so we can
# pass it to sa-learn for training. (Be careful if we use multiple plugins later.)
sudo sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins antispam/" /etc/dovecot/conf.d/20-imap.conf
# When mail is moved in or out of the dovecot Spam folder, re-train.
# from
cat > /usr/bin/ << EOF;
cat<&0 >> /tmp/sendmail-msg-\$\$.txt
/usr/bin/sa-learn \$* /tmp/sendmail-msg-\$\$.txt > /dev/null
rm -f /tmp/sendmail-msg-\$\$.txt
exit 0
chmod a+x /usr/bin/
cat > /etc/dovecot/conf.d/99-local-spampd.conf << EOF;
plugin {
antispam_backend = pipe
antispam_spam_pattern_ignorecase = SPAM
antispam_allow_append_to_spam = yes
antispam_pipe_program_spam_arg = /usr/bin/ --spam
antispam_pipe_program_notspam_arg = /usr/bin/ --ham
antispam_pipe_program = /bin/bash
# Initial training?
# sa-learn --ham storage/mail/mailboxes/*/*/cur/
# sa-learn --spam storage/mail/mailboxes/*/*/.Spam/cur/
sudo service spampd restart
sudo service dovecot restart
# Install dovecot sieve scripts to automatically move spam into the Spam folder.
for user in `echo "SELECT email FROM users;" | sqlite3 $db_path`; do
maildir=`echo $user | sed "s/\(.*\)@\(.*\)/\2\/\1/"`
# Write the sieve file to move mail classified as spam into the spam folder.
mkdir -p $STORAGE_ROOT/mail/mailboxes/$maildir; # in case user has not received any mail
cat > $STORAGE_ROOT/mail/mailboxes/$maildir/.dovecot.sieve << EOF;
require ["regex", "fileinto", "imap4flags"];
if allof (header :regex "X-Spam-Status" "^Yes") {
setflag "\\\\Seen";
fileinto "Spam";
import imaplib, os
username = "testuser@" + os.environ.get("DOMAIN", "")
M = imaplib.IMAP4_SSL(os.environ["INSTANCE_IP"])
M.login("", "testpw")
M.login(username, "testpw")
print("Login successful.")
typ, data =, 'ALL')
......@@ -4,20 +4,27 @@ import sys, re
# sanity check
if len(sys.argv) < 3:
print("usage: python3 /etc/file.conf NAME=VAL [NAME=VAL ...]")
print("usage: python3 /etc/file.conf [-s] NAME=VAL [NAME=VAL ...]")
# parse command line arguments
filename = sys.argv[1]
settings = sys.argv[2:]
delimiter = "="
delimiter_re = r"\s*=\s*"
if settings[0] == "-s":
delimiter = " "
delimiter_re = r"\s+"
# create the new config file in memory
found = set()
buf = ""
for line in open(filename):
for i in range(len(settings)):
name, val = settings[i].split("=", 1)
m = re.match("\s*" + re.escape(name) + "\s*=\s*(.*?)\s*$", line)
m = re.match("\s*" + re.escape(name) + delimiter_re + "(.*?)\s*$", line)
if m:
# If this is already the setting, do nothing.
if == val:
......@@ -33,7 +40,7 @@ for line in open(filename):
# add the new setting
buf += name + "=" + val + "\n"
buf += name + delimiter + val + "\n"
# note that we've applied this option
......@@ -46,7 +53,8 @@ for line in open(filename):
# Put any settings we didn't see at the end of the file.
for i in range(len(settings)):
if i not in found:
buf += settings[i] + "\n"
name, val = settings[i].split("=", 1)
buf += name + delimiter + val + "\n"
# Write out the new file.
with open(filename, "w") as f:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment