Zhang Huangbin avatar Zhang Huangbin committed d6e44ad

* Disable Awstats and Cluebringer webui on Ubuntu 13.10 due to package missing: libapache2-mod-auth-mysql, libapache2-mod-auth-pgsql.
* Add [DEFAULT] section in Fail2ban config file: /etc/fail2ban/jail.local. Thanks Daniel Black (daniel.subs@) for the help.

Comments (0)

Files changed (18)

iRedMail/conf/apache_php

 #!/usr/bin/env bash
 
-# Author:   Zhang Huangbin (zhb _at_ iredmail.org)
+# Author: Zhang Huangbin (zhb _at_ iredmail.org)
 
 #---------------------------------------------------------------------
 # This file is part of iRedMail, which is an open source mail server

iRedMail/conf/core

         fi
     fi
 }
-disable_service_openbsd()
-{
-    :
-}
-enable_service_freebsd()
-{
-    :
-}
-disable_service_freebsd()
-{
-    :
-}
 
 freebsd_add_make_conf()
 {

iRedMail/conf/fail2ban

 #!/usr/bin/env bash
 
-# Author:   Zhang Huangbin (zhb _at_ iredmail.org)
+# Author: Zhang Huangbin (zhb _at_ iredmail.org)
 
 #---------------------------------------------------------------------
 # This file is part of iRedMail, which is an open source mail server

iRedMail/conf/global

         # Support PGSQL backend on Ubuntu 11.10 and later releases
         export ENABLE_BACKEND_PGSQL='YES'
 
+        # Disable Awstats on Ubuntu 13.10 due to package missing: libapache2-mod-auth-mysql/pgsql
+        if [ X"${DISTRO_CODENAME}" == X'saucy' ]; then
+            export DIALOG_SELECTABLE_AWSTATS='NO'
+        fi
+
         # Unsupported releases.
         #   - 8.04: hardy
         #   - 8.10: intrepid

iRedMail/conf/mysql

 # SQL_SERVER and SQL_SERVER_PORT are defined in dialog/config_via_dialog.sh.
 
 export MYSQL_MY_CNF='/etc/my.cnf'
-export MYSQL_SOCKET='/var/lib/mysql/mysql.sock'
 
 export MYSQL_RC_SCRIPT_NAME='mysql'
 
 if [ X"${DISTRO}" == X"RHEL" ]; then
     export MYSQL_RC_SCRIPT_NAME='mysqld'
 
-elif [ X"${DISTRO}" == X"SUSE" ]; then
-    export MYSQL_SOCKET='/var/run/mysql/mysql.sock'
-
 elif [ X"${DISTRO}" == X"UBUNTU" -o X"${DISTRO}" == X"DEBIAN" ]; then
     export MYSQL_MY_CNF='/etc/mysql/my.cnf'
 
 elif [ X"${DISTRO}" == X"FREEBSD" ]; then
     export MYSQL_RC_SCRIPT_NAME='mysql-server'
-    export MYSQL_SOCKET='/tmp/mysql.sock'
     export MYSQL_MY_CNF="/var/db/mysql/my.cnf"
 
 elif [ X"${DISTRO}" == X'OPENBSD' ]; then
     export MYSQL_RC_SCRIPT_NAME='mysqld'
-    export MYSQL_SOCKET='/var/run/mysql/mysql.sock'
 fi
 
 export MYSQLD_RC_SCRIPT="${DIR_RC_SCRIPTS}/${MYSQL_RC_SCRIPT_NAME}"

iRedMail/conf/phppgadmin

     export PHPPGADMIN_USE_SOURCE='NO'
     export PHPPGADMIN_HTTPD_ROOT="/usr/share/phppgadmin"
     export PHPPGADMIN_HTTPD_ROOT_SYMBOL_LINK="${PHPPGADMIN_HTTPD_ROOT}"
-    export PHPPGADMIN_HTTPD_CONF="${HTTPD_CONF_DIR}/phppgadmin"
+    if [ X"${DISTRO_CODENAME}" == X'wheezy' \
+        -o X"${DISTRO_CODENAME}" == X'precise' \
+        -o X"${DISTRO_CODENAME}" == X'raring' ]; then
+        export PHPPGADMIN_HTTPD_CONF="${HTTPD_CONF_DIR}/phppgadmin"
+    else
+        export PHPPGADMIN_HTTPD_CONF="${HTTPD_CONF_DIR}/phppgadmin.conf"
+    fi
 elif [ X"${DISTRO}" == X"FREEBSD" -o X"${DISTRO}" == X'OPENBSD' ]; then
     export PHPPGADMIN_USE_SOURCE='NO'
     export PHPPGADMIN_HTTPD_ROOT="${HTTPD_SERVERROOT}/phpPgAdmin"

iRedMail/functions/apache_php.sh

         a2enmod deflate >/dev/null 2>&1
 
         [ X"${BACKEND}" == X"OPENLDAP" ] && a2enmod authnz_ldap > /dev/null
-        [ X"${BACKEND}" == X"MYSQL" ] && a2enmod auth_mysql > /dev/null
-        [ X"${BACKEND}" == X"PGSQL" ] && a2enmod 000_auth_pgsql > /dev/null
+        if [ X"${BACKEND}" == X"MYSQL" ]; then
+            if [ X"${DISTRO_CODENAME}" == X'wheezy' \
+                -o X"${DISTRO_CODENAME}" == X'precise' \
+                -o X"${DISTRO_CODENAME}" == X'raring' ]; then
+                a2enmod auth_mysql > /dev/null
+            fi
+        fi
+
+        if [ X"${BACKEND}" == X"PGSQL" ]; then
+            if [ X"${DISTRO_CODENAME}" == X'wheezy' \
+                -o X"${DISTRO_CODENAME}" == X'precise' \
+                -o X"${DISTRO_CODENAME}" == X'raring' ]; then
+                a2enmod 000_auth_pgsql > /dev/null
+            fi
+        fi
 
     elif [ X"${DISTRO}" == X"SUSE" ]; then
         a2enmod authz_core &>/dev/null

iRedMail/functions/awstats.sh

 EOF
 
     if [ X"${DISTRO}" == X"SUSE" ]; then
-        perl -pi -e 's#(</VirtualHost>)#Alias /awstats/icon "$ENV{AWSTATS_ICON_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
-        perl -pi -e 's#(</VirtualHost>)#Alias /awstats/js "$ENV{AWSTATS_JS_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
-        perl -pi -e 's#(</VirtualHost>)#Alias /awstats/css "$ENV{AWSTATS_CSS_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
-
         if [ X"${BACKEND}" == X'PGSQL' ]; then
             # Don't enable Awstats since we don't have Apache module mod_auth_pgsql
             backup_file ${AWSTATS_HTTPD_CONF}
     fi
 
     # Make Awstats can be accessed via HTTPS.
-    perl -pi -e 's#(</VirtualHost>)#Alias /awstats/icon "$ENV{AWSTATS_ICON_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
-    perl -pi -e 's#(</VirtualHost>)#Alias /awstatsicon "$ENV{AWSTATS_ICON_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
-    perl -pi -e 's#(</VirtualHost>)#ScriptAlias /awstats "$ENV{AWSTATS_CGI_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
+    perl -pi -e 's#( *</VirtualHost>)#Alias /awstats/icon "$ENV{AWSTATS_ICON_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
+    perl -pi -e 's#( *</VirtualHost>)#Alias /awstatsicon "$ENV{AWSTATS_ICON_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
+    perl -pi -e 's#( *</VirtualHost>)#ScriptAlias /awstats "$ENV{AWSTATS_CGI_DIR}/"\n${1}#' ${HTTPD_SSL_CONF}
 
     cat >> ${TIP_FILE} <<EOF
 Awstats:

iRedMail/functions/cluebringer.sh

         cp /usr/local/share/policyd2/contrib/httpd/cluebringer-httpd.conf ${CLUEBRINGER_WEBUI_CONF}
 
     # Make Cluebringer accessible via HTTPS.
-    perl -pi -e 's#(</VirtualHost>)#Alias /cluebringer "$ENV{CLUEBRINGER_HTTPD_ROOT}/"\n${1}#' ${HTTPD_SSL_CONF}
+    perl -pi -e 's#( *</VirtualHost>)#Alias /cluebringer "$ENV{CLUEBRINGER_HTTPD_ROOT}/"\n${1}#' ${HTTPD_SSL_CONF}
 
     # Configure webui.
     if [ X"${BACKEND}" == X'OPENLDAP' -o X"${BACKEND}" == X'MYSQL' ]; then

iRedMail/functions/fail2ban.sh

 #!/usr/bin/env bash
 
-# Author: Zhang Huangbin <zhb _at_ iredmail.org>
+# Author: Zhang Huangbin (zhb _at_ iredmail.org)
 
 #---------------------------------------------------------------------
 # This file is part of iRedMail, which is an open source mail server
     cat > ${FAIL2BAN_JAIL_LOCAL_CONF} <<EOF
 ${CONF_MSG}
 
-# Please refer to ${FAIL2BAN_JAIL_CONF} for more examples.
+# Refer to ${FAIL2BAN_JAIL_CONF} for more examples.
+[DEFAULT]
+maxretry    = 5
+# attention: time is in seconds - the value of 3600 means ONE hour
+bantime     = 3600
+ignoreip    = ${LOCAL_ADDRESS} 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
 
 [ssh-iredmail]
 enabled     = true
 action      = iptables[name=ssh, port="ssh", protocol=tcp]
 #               sendmail-whois[name=ssh, dest=root, sender=fail2ban@mail.com]
 logpath     = ${FAIL2BAN_SSHD_LOGFILE}
-maxretry    = 5
-ignoreip    = ${LOCAL_ADDRESS} 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
 
 [roundcube-iredmail]
 enabled     = true
 action      = iptables-multiport[name=roundcube, port="${FAIL2BAN_DISABLED_SERVICES}", protocol=tcp]
 logpath     = ${RCM_LOGFILE}
 findtime    = 3600
-maxretry    = 5
-bantime     = 3600
-ignoreip    = ${LOCAL_ADDRESS} 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
 
 [dovecot-iredmail]
 enabled     = true
 filter      = ${FAIL2BAN_FILTER_DOVECOT}
 action      = iptables-multiport[name=dovecot, port="${FAIL2BAN_DISABLED_SERVICES}", protocol=tcp]
 logpath     = ${DOVECOT_LOG_FILE}
-maxretry    = 5
 findtime    = 300
-bantime     = 3600
-ignoreip    = ${LOCAL_ADDRESS} 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
 
 [postfix-iredmail]
 enabled     = true
 action      = iptables-multiport[name=postfix, port="${FAIL2BAN_DISABLED_SERVICES}", protocol=tcp]
 #           sendmail[name=Postfix, dest=you@mail.com]
 logpath     = ${MAILLOG}
-bantime     = 3600
-maxretry    = 5
-ignoreip    = ${LOCAL_ADDRESS} 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
 EOF
 
     ECHO_DEBUG "Create filter: ${FAIL2BAN_FILTER_DIR}/${FAIL2BAN_FILTER_ROUNDCUBE}.conf."

iRedMail/functions/iredadmin.sh

 
     if [ X"${DISTRO}" == X'OPENBSD' ]; then
         # Create directory alias.
-        perl -pi -e 's#^(</VirtualHost>)#Alias /iredadmin/static "$ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}/static"\n${1}#' ${HTTPD_SSL_CONF}
-        perl -pi -e 's#^(</VirtualHost>)#ScriptAlias /iredadmin "$ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}/iredadmin.py"\n${1}#' ${HTTPD_SSL_CONF}
+        perl -pi -e 's#( *</VirtualHost>)#Alias /iredadmin/static "$ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}/static"\n${1}#' ${HTTPD_SSL_CONF}
+        perl -pi -e 's#( *</VirtualHost>)#ScriptAlias /iredadmin "$ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}/iredadmin.py"\n${1}#' ${HTTPD_SSL_CONF}
 
         # There's no wsgi module for Apache available on OpenBSD, so
         # iRedAdmin runs as CGI program.
 </Directory>
 EOF
     else
-        perl -pi -e 's#^(</VirtualHost>)#Alias /iredadmin/static "$ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}/static/"\n${1}#' ${HTTPD_SSL_CONF}
-        perl -pi -e 's#^(</VirtualHost>)#WSGIScriptAlias /iredadmin "$ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}/iredadmin.py/"\n${1}#' ${HTTPD_SSL_CONF}
+        perl -pi -e 's#( *</VirtualHost>)#Alias /iredadmin/static "$ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}/static/"\n${1}#' ${HTTPD_SSL_CONF}
+        perl -pi -e 's#( *</VirtualHost>)#WSGIScriptAlias /iredadmin "$ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}/iredadmin.py/"\n${1}#' ${HTTPD_SSL_CONF}
 
         # iRedAdmin runs as WSGI application with Apache + mod_wsgi
         cat > ${IREDADMIN_HTTPD_CONF} <<EOF

iRedMail/functions/packages.sh

             if [ X"${USE_LOCAL_MYSQL_SERVER}" == X'YES' ]; then
                 ALL_PKGS="${ALL_PKGS} mysql-server"
             fi
-            ALL_PKGS="${ALL_PKGS} mysql-client postfix-mysql libapache2-mod-auth-mysql"
+            ALL_PKGS="${ALL_PKGS} mysql-client postfix-mysql"
+
+            if [ X"${DISTRO_CODENAME}" == X'wheezy' \
+                -o X"${DISTRO_CODENAME}" == X'precise' \
+                -o X"${DISTRO_CODENAME}" == X'raring' ]; then
+                ALL_PKGS="${ALL_PKGS} libapache2-mod-auth-mysql"
+            fi
 
         elif [ X"${DISTRO}" == X'OPENBSD' ]; then
             if [ X"${USE_LOCAL_MYSQL_SERVER}" == X'YES' ]; then
 
         elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
             # postgresql-contrib provides extension 'dblink' used in Roundcube password plugin.
-            ALL_PKGS="${ALL_PKGS} postgresql postgresql-client postgresql-contrib postfix-pgsql libapache2-mod-auth-pgsql"
+            ALL_PKGS="${ALL_PKGS} postgresql postgresql-client postgresql-contrib postfix-pgsql"
+
+            if [ X"${DISTRO_CODENAME}" == X'wheezy' \
+                -o X"${DISTRO_CODENAME}" == X'precise' \
+                -o X"${DISTRO_CODENAME}" == X'raring' ]; then
+                ALL_PKGS="${ALL_PKGS} libapache2-mod-auth-pgsql"
+            fi
 
         elif [ X"${DISTRO}" == X'OPENBSD' ]; then
             ALL_PKGS="${ALL_PKGS} postgresql-client cyrus-sasl--pgsql postgresql-server postgresql-contrib"
         ALL_PKGS="${ALL_PKGS} cluebringer"
         ENABLED_SERVICES="${ENABLED_SERVICES} ${CLUEBRINGER_RC_SCRIPT_NAME}"
     elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
-        ALL_PKGS="${ALL_PKGS} postfix-cluebringer postfix-cluebringer-webui"
+        ALL_PKGS="${ALL_PKGS} postfix-cluebringer"
         ENABLED_SERVICES="${ENABLED_SERVICES} ${CLUEBRINGER_RC_SCRIPT_NAME}"
 
         if [ X"${BACKEND}" == X"OPENLDAP" -o X"${BACKEND}" == X"MYSQL" ]; then

iRedMail/functions/phpldapadmin.sh

 EOF
 
     # Make phpldapadmin can be accessed via HTTPS only.
-    perl -pi -e 's#^(</VirtualHost>)#Alias /phpldapadmin "$ENV{PLA_HTTPD_ROOT_SYMBOL_LINK}/"\nAlias /ldap "$ENV{PLA_HTTPD_ROOT_SYMBOL_LINK}/"\n${1}#' ${HTTPD_SSL_CONF}
+    perl -pi -e 's#( *</VirtualHost>)#Alias /phpldapadmin "$ENV{PLA_HTTPD_ROOT_SYMBOL_LINK}/"\nAlias /ldap "$ENV{PLA_HTTPD_ROOT_SYMBOL_LINK}/"\n${1}#' ${HTTPD_SSL_CONF}
 
     cat >> ${TIP_FILE} <<EOF
 phpLDAPadmin:

iRedMail/functions/phpmyadmin.sh

     fi
 
     # Make phpMyAdmin can be accessed via HTTPS only.
-    perl -pi -e 's#^(</VirtualHost>)#Alias /phpmyadmin "$ENV{PHPMYADMIN_HTTPD_ROOT_SYMBOL_LINK}/"\n${1}#' ${HTTPD_SSL_CONF}
+    perl -pi -e 's#( *</VirtualHost>)#Alias /phpmyadmin "$ENV{PHPMYADMIN_HTTPD_ROOT_SYMBOL_LINK}/"\n${1}#' ${HTTPD_SSL_CONF}
 
     ECHO_DEBUG "Config phpMyAdmin: ${PHPMYADMIN_CONFIG_FILE}."
     cd ${PHPMYADMIN_HTTPD_ROOT} && cp config.sample.inc.php ${PHPMYADMIN_CONFIG_FILE}

iRedMail/functions/phppgadmin.sh

 EOF
 
     # Make phpPgAdmin can be accessed via HTTPS only.
-    perl -pi -e 's#^(</VirtualHost>)#Alias /phppgadmin "$ENV{PHPPGADMIN_HTTPD_ROOT_SYMBOL_LINK}/"\n${1}#' ${HTTPD_SSL_CONF}
+    perl -pi -e 's#( *</VirtualHost>)#Alias /phppgadmin "$ENV{PHPPGADMIN_HTTPD_ROOT_SYMBOL_LINK}/"\n${1}#' ${HTTPD_SSL_CONF}
 
     ECHO_DEBUG "Config phpPgAdmin: ${PHPPGADMIN_CONFIG_FILE}."
     cd ${PHPPGADMIN_HTTPD_ROOT} && cp config.inc.php-dist ${PHPPGADMIN_CONFIG_FILE} &>/dev/null

iRedMail/functions/policy_server.sh

         check_status_before_run cluebringer_user
         check_status_before_run cluebringer_config
 
-        # openSUSE-12.3 doesn't have Apache module mod_auth_mysql & mod_auth_pgsql.
-        if [ X"${DISTRO}" != X'SUSE' ]; then
+        if [ X"${DISTRO}" == X'SUSE' ]; then
+            # openSUSE-12.3 doesn't have Apache module mod_auth_mysql & mod_auth_pgsql.
+            :
+        elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
+            # Ubuntu 13.10 doesn't ship libapache2-mod-auth-mysql/pgsql
+            if [ X"${DISTRO_CODENAME}" == X'wheezy' \
+                -o X"${DISTRO_CODENAME}" == X'precise' \
+                -o X"${DISTRO_CODENAME}" == X'raring' ]; then
+                check_status_before_run cluebringer_webui_config
+            else
+                :
+            fi
+        else
             check_status_before_run cluebringer_webui_config
         fi
     fi

iRedMail/functions/roundcubemail.sh

             :
         else
             # Enable conf file: conf-available/roundcubemail.conf
-            a2enconf roundcubemail
+            a2enconf roundcubemail &>/dev/null
         fi
     fi
 
     # Make Roundcube can be accessed via HTTPS.
-    perl -pi -e 's#^(</VirtualHost>)#Alias /mail "$ENV{RCM_HTTPD_ROOT_SYMBOL_LINK}/"\n${1}#' ${HTTPD_SSL_CONF}
+    perl -pi -e 's#( *</VirtualHost>)#Alias /mail "$ENV{RCM_HTTPD_ROOT_SYMBOL_LINK}/"\n${1}#' ${HTTPD_SSL_CONF}
 
     # Redirect home page to webmail by default
     backup_file ${HTTPD_DOCUMENTROOT}/index.html

iRedMail/samples/postfix/helo_access.pcre

 # Prepend HELO hostname of sender server
 #/(.*)/ PREPEND X-Original-Helo: $1 (iRedMail: http://www.iredmail.org/)
 
-#*******************************************
-# IP address: (([0-9]){3}-){2}
-#*******************************************
-
 # No one will use these in helo command.
 /^(localhost)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
 /^(localhost.localdomain)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.