Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# the default email address
MY_EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
# When sending mail to riseup.net route to this onion address
RISEUP_EMAIL_ONION='wy6zk3pmcwiyhiao.onion'
# If you want to run a public mailing list specify its name here.
# There should be no spaces in the name
PUBLIC_MAILING_LIST=
# Optional different domain name for the public mailing list
PUBLIC_MAILING_LIST_DOMAIN_NAME=
# Directory where the public mailing list data is stored
PUBLIC_MAILING_LIST_DIRECTORY="/var/spool/mlmmj"
# If you want to run an encrypted mailing list specify its name here.
# There should be no spaces in the name
PRIVATE_MAILING_LIST=
GPG_KEYSERVER="hkp://keys.gnupg.net"
# whether to encrypt all incoming email with your public key
GPG_ENCRYPT_STORED_EMAIL="yes"
# optionally you can provide your exported GPG key pair here
# Note that the private key file will be deleted after use
# If these are unspecified then a new GPG key will be created
MY_GPG_PUBLIC_KEY=
MY_GPG_PRIVATE_KEY=
# optionally specify your public key ID
MY_GPG_PUBLIC_KEY_ID=
# automatic archiving of email
CLEANUP_MAILDIR_REPO="https://code.freedombone.net/bashrc/cleanup-maildir"
CLEANUP_MAILDIR_COMMIT='33241d2e3861f901ba17f5c77ada007e1ec06a86'
# email encryption at rest
GPGIT_COMMIT='583dc76119f19420f8a33f606744faa7c8922738'
# refresh gpg keys every few hours
REFRESH_GPG_KEYS_HOURS=2
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
function email_change_default_domain_name {
new_default_domain_name="$1"
read_config_param ONION_ONLY
read_config_param MY_USERNAME
if [[ "$ONION_ONLY" != 'no' ]]; then
return
fi
sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='${new_default_domain_name};mail.${new_default_domain_name}'|g" /etc/exim4/update-exim4.conf.conf
sed -i "s|ssl_ca =.*|ssl_ca = /etc/ssl/certs/ca-${new_default_domain_name}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
if [ ! -f "/etc/ssl/private/ca-${new_default_domain_name}.key" ]; then
if [[ "$LETSENCRYPT_ENABLED" != "yes" ]]; then
"${PROJECT_NAME}-addcert" -h "$new_default_domain_name" --ca "" --dhkey "$DH_KEYLENGTH"
else
"${PROJECT_NAME}-addcert" -e "$new_default_domain_name" -s "$LETSENCRYPT_SERVER" --ca "" --dhkey "$DH_KEYLENGTH" --email "$MY_EMAIL_ADDRESS"
fi
fi
sed -i "s|certificate =.*|certificate = /etc/ssl/certs/ca-${new_default_domain_name}.crt|g" /etc/ssl/dovecot-ca.cnf
sed -i "s|private_key =.*|private_key = /etc/ssl/private/ca-${new_default_domain_name}.key|g" /etc/ssl/dovecot-ca.cnf
"${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "root@${new_default_domain_name}" -g admin --public no
MY_EMAIL_ADDRESS="${MY_USERNAME}@${new_default_domain_name}"
write_config_param MY_EMAIL_ADDRESS "$MY_EMAIL_ADDRESS"
update-exim4.conf
dpkg-reconfigure --frontend noninteractive exim4-config
systemctl restart saslauthd
email_install_tls "${new_default_domain_name}"
systemctl restart exim4
systemctl restart dovecot
}
exim_socks_installed=$(get_completion_param "exim_socks")
if [[ "$exim_socks_installed" == 'true' ]]; then
return
fi
cd "$INSTALL_DIR/exim4" || exit 34
$INSTALL_PACKAGES build-essential fakeroot devscripts
apt-get source exim4-daemon-heavy
apt-get -qy build-dep exim4-daemon-heavy
cd "${INSTALL_DIR}/exim4/exim4-${exim_version}" || exit 35
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
{ echo 'Description: Socks proxying';
echo ' Support for socks proxying of outgoing mail';
echo ' This is to support onion email addresses, which require support for SOCKS5';
echo ' .';
echo " exim4 (${exim_version}-2+deb9u3) stretch-security; urgency=high";
echo ' .';
echo ' * Non-maintainer upload by the Security Team.';
echo ' * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)';
echo 'Author: Salvatore Bonaccorso <carnil@debian.org>';
echo 'Bug-Debian: https://bugs.debian.org/890000';
echo '';
echo '---';
echo 'The information above should follow the Patch Tagging Guidelines, please';
echo 'checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here';
echo 'are templates for supplementary fields that you might want to add:';
echo '';
echo 'Origin: <vendor|upstream|other>, <url of original patch>';
echo 'Bug: <url in upstream bugtracker>';
echo 'Bug-Debian: https://bugs.debian.org/<bugnumber>';
echo 'Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>';
echo 'Forwarded: <no|not-needed|url proving that it has been forwarded>';
echo 'Reviewed-By: <name and email of someone who approved the patch>';
echo "Last-Update: $(date +%Y-%m-%d)";
echo '';
echo '--- /dev/null';
echo "+++ exim4-${exim_version}/Local/Makefile";
echo '@@ -0,0 +1,32 @@';
echo '+BIN_DIRECTORY=/usr/exim/bin';
echo '+CONFIGURE_FILE=/usr/exim/configure';
echo '+EXIM_USER=';
echo '+SPOOL_DIRECTORY=/var/spool/exim';
echo '+ROUTER_ACCEPT=yes';
echo '+ROUTER_DNSLOOKUP=yes';
echo '+ROUTER_IPLITERAL=yes';
echo '+ROUTER_MANUALROUTE=yes';
echo '+ROUTER_QUERYPROGRAM=yes';
echo '+ROUTER_REDIRECT=yes';
echo '+TRANSPORT_APPENDFILE=yes';
echo '+TRANSPORT_AUTOREPLY=yes';
echo '+TRANSPORT_PIPE=yes';
echo '+TRANSPORT_SMTP=yes';
echo '+LOOKUP_DBM=yes';
echo '+LOOKUP_LSEARCH=yes';
echo '+LOOKUP_DNSDB=yes';
echo '+PCRE_CONFIG=yes';
echo '+EXIM_MONITOR=eximon.bin';
echo '+FIXED_NEVER_USERS=root';
echo '+HEADERS_CHARSET="ISO-8859-1"';
echo '+DLOPEN_LOCAL_SCAN=yes';
echo '+LDFLAGS += -rdynamic';
echo '+CFLAGS += -fvisibility=hidden';
echo '+SYSLOG_LOG_PID=yes';
echo '+EXICYCLOG_MAX=10';
echo '+COMPRESS_COMMAND=/usr/bin/gzip';
echo '+COMPRESS_SUFFIX=gz';
echo '+ZCAT_COMMAND=/usr/bin/zcat';
echo '+SUPPORT_SOCKS=yes';
echo '+SYSTEM_ALIASES_FILE=/etc/aliases';
echo '+EXIM_TMPDIR="/tmp"'; } > debian/patches/SOCKS
cd "$INSTALL_DIR/exim4" || exit 34
mv exim4_${exim_version}-*.deb exim4_${exim_version}_all.deb
if [ ! -f exim4_${exim_version}_all.deb ]; then
echo "exim4_${exim_version}_all.deb not found"
systemctl restart exim4
if [[ $(systemctl is-active exim4) != 'active' ]]; then
$INSTALL_PACKAGES exim4 --reinstall
systemctl restart exim4
fi
rm -rf "$INSTALL_DIR/exim4"
set_completion_param "exim_socks" "true"
function email_create_template {
if [ ! -d /etc/skel/log ]; then
mkdir -m 700 /etc/skel/log
fi
if [ ! -d /etc/skel/Maildir ]; then
mkdir -m 700 /etc/skel/.mutt
mkdir -m 700 /etc/skel/Maildir
mkdir -m 700 /etc/skel/Maildir/new
mkdir -m 700 /etc/skel/Maildir/cur
mkdir -m 700 /etc/skel/Maildir/Sent
mkdir -m 700 /etc/skel/Maildir/Sent/tmp
mkdir -m 700 /etc/skel/Maildir/Sent/cur
mkdir -m 700 /etc/skel/Maildir/Sent/new
mkdir -m 700 /etc/skel/Maildir/.learn-spam
mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur
mkdir -m 700 /etc/skel/Maildir/.learn-spam/new
mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp
mkdir -m 700 /etc/skel/Maildir/.learn-ham
mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur
mkdir -m 700 /etc/skel/Maildir/.learn-ham/new
mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp
ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam
ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
fi
if [ ! -d "/home/$MY_USERNAME/Maildir" ]; then
mkdir -m 700 "/home/$MY_USERNAME/.mutt"
mkdir -m 700 "/home/$MY_USERNAME/Maildir"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/cur"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/tmp"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/new"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/Sent"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/Sent/cur"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/Sent/tmp"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/Sent/new"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-spam"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-spam/cur"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-spam/new"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-spam/tmp"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-ham"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-ham/cur"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-ham/new"
mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-ham/tmp"
ln -s "/home/$MY_USERNAME/Maildir/.learn-spam" "/home/$MY_USERNAME/Maildir/spam"
ln -s "/home/$MY_USERNAME/Maildir/.learn-ham" "/home/$MY_USERNAME/Maildir/ham"
chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Maildir"
function create_email_onion_address {
email_hostname='/var/lib/tor/hidden_service_email/hostname'
if ! grep -q "hidden_service_email" "$ONION_SERVICES_FILE"; then
echo 'HiddenServicePort 25 127.0.0.1:25';
echo 'HiddenServicePort 587 127.0.0.1:587';
echo 'HiddenServicePort 465 127.0.0.1:465';
echo "HiddenServicePort 5222 127.0.0.1:5222";
echo "HiddenServicePort 5269 127.0.0.1:5269";
echo "HiddenServicePort 5281 127.0.0.1:5281";} >> "$ONION_SERVICES_FILE"
function_check onion_update
onion_update
function_check wait_for_onion_service
wait_for_onion_service email
if [ ! -f $email_hostname ]; then
echo $"email onion site hostname not found"
systemctl restart tor
onion_address=$(cat $email_hostname)
set_completion_param "email onion domain" "${onion_address}"
add_email_hostname "$onion_address"
else
onion_address=$(cat $email_hostname)
cp $email_hostname /etc/skel/.email_onion_domain
cp $email_hostname "/home/$MY_USERNAME/.email_onion_domain"
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.email_onion_domain"
function configure_email_onion {
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
if [[ "$SYSTEM_TYPE" == "mesh"* ]]; then
return
fi
create_email_onion_address
# MX record should be:
# _onion-mx._tcp
# 20:$onion_address
# 3600 IN SRV 0 5 25 $onion_address
# To test the system, on receiving server:
# exim -bd -d -oX 25
# On the sensing server:
# exim -d -oX 25 -bt username@$onion_address
{ echo "perl_startup = do '/etc/exim4/perl-routines.pl'";
echo "perl_at_start"; } > /etc/exim4/conf.d/main/00_exim4-config_perl
{ echo "use Net::DNS::Resolver;";
echo "sub onionLookup {";
echo " my \$hostname = shift;";
echo " my \$res = Net::DNS::Resolver->new(nameservers => [qw(127.0.0.1)],);";
echo " \$res->port(5300);";
echo " my \$query = \$res->search(\$hostname);";
echo " foreach my \$rr (\$query->answer) {";
echo " next unless \$rr->type eq \"A\";";
echo " return \$rr->address;";
echo " }";
echo " return 'no_such_host';";
echo "}"; } > /etc/exim4/perl-routines.pl
echo " headers_remove = Received:Message-ID:X-Mailer:User-Agent";
# shellcheck disable=SC2028
echo " headers_add = \"Message-ID: <\${lc:\${sha1:\$message_id}}@\$sender_address_domain>\\n\\";
echo "Jabber-ID: \$sender_address\"";
echo " route_data = \${perl{onionLookup}{$RISEUP_EMAIL_ONION}}"
echo " no_more"; } > /etc/exim4/conf.d/router/905_exim4-config-riseup
if ! grep -q '\*.onion' /etc/exim4/conf.d/router/200_exim4-config_primary; then
sed -i 's|domains = ! +local_domains|domains = ! +local_domains : ! *.onion : ! riseup.net|g' /etc/exim4/conf.d/router/200_exim4-config_primary
fi
echo " headers_remove = Received:Message-ID:X-Mailer:User-Agent";
# shellcheck disable=SC2028
echo " headers_add = \"Message-ID: <\${lc:\${sha1:\$message_id}}@\$sender_address_domain>\\n\\";
echo "Jabber-ID: \$sender_address\"";
echo " route_data = \${perl{onionLookup}{\$domain}}"
echo " no_more"; } > /etc/exim4/conf.d/router/910_exim4-config-onionrelays
echo " helo_data = \"\$address_data \$original_domain\"";
echo " hosts_avoid_tls = *";
echo " socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay
{ echo 'DNSPort 5300';
echo 'DNSListenAddress 127.0.0.1';
echo 'AutomapHostsOnResolve 1'; } > /etc/torrc.d/dns
update-exim4.conf.template -r
dpkg-reconfigure --frontend noninteractive exim4-config
systemctl restart tor
systemctl restart exim4
function check_email_address_exists {
read_config_param ONION_ONLY
read_config_param MY_USERNAME
read_config_param DEFAULT_DOMAIN_NAME
read_config_param MY_EMAIL_ADDRESS
read_config_param DH_KEYLENGTH
echo $'No default domain name for email installation'
fi
my_email="$MY_EMAIL_ADDRESS"
if [ ${#my_email} -lt 3 ]; then
write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS"
fi
if [[ $ONION_ONLY != 'no' ]]; then
my_email=$onion_address
MY_EMAIL_ADDRESS="${MY_USERNAME}@$onion_address"
write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS"
fi
function configure_firewall_for_email {
# docker does its own firewalling
return
fi
firewall_add Email 25 tcp
firewall_add Email 587 tcp
firewall_add Email 465 tcp
firewall_add Imap 993 tcp
# encrypts incoming mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read anything
return
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit "$INSTALL_DIR/gpgit" "gpgit commit" "$GPGIT_COMMIT" "$GPGIT_REPO"
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
if [ ! -f /usr/bin/gpgit.pl ]; then
$INSTALL_PACKAGES git libmail-gnupg-perl
cd "$INSTALL_DIR" || exit 24
cd "$INSTALL_DIR/gpgit" || exit 72
cp gpgit.pl /usr/bin
fi
# add a procmail rule
if ! grep -q "/usr/bin/gpgit.pl" "/home/$MY_USERNAME/.procmailrc"; then
{ echo '';
echo ':0 f';
echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS"; } >> "/home/$MY_USERNAME/.procmailrc"
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.procmailrc"
{ echo '';
echo ':0 f';
echo -n "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten \$USER@";
echo "$DEFAULT_DOMAIN_NAME"; } >> /etc/skel/.procmailrc
# encrypts outgoing mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read sent mail
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
# obtain your public key ID
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
return
fi
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
return
fi
fi
if ! grep -q "pgp_encrypt_only_command" "/home/$MY_USERNAME/.muttrc"; then
{ echo '';
echo $'# Encrypt items in the Sent folder';
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$MY_USERNAME/.muttrc"
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$MY_USERNAME/.muttrc"
if ! grep -q "pgp_encrypt_sign_command" "/home/$MY_USERNAME/.muttrc"; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$MY_USERNAME/.muttrc"
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$MY_USERNAME/.muttrc"
cp "/usr/local/bin/${PROJECT_NAME}-encrypt-mail" /usr/bin/encmaildir
HASH1=$(sha256sum "/usr/local/bin/${PROJECT_NAME}-encrypt-mail" | awk -F ' ' '{print $1}')
HASH2=$(sha256sum /usr/bin/encmaildir | awk -F ' ' '{print $1}')
if [[ "$HASH1" != "$HASH2" ]]; then
cp "/usr/local/bin/${PROJECT_NAME}-encrypt-mail" /usr/bin/encmaildir
HASH1=$(sha256sum "/usr/bin/${PROJECT_NAME}-encrypt-mail" | awk -F ' ' '{print $1}')
HASH2=$(sha256sum /usr/bin/encmaildir | awk -F ' ' '{print $1}')
if [[ "$HASH1" != "$HASH2" ]]; then
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
if [ ! -f "/home/$MY_USERNAME/README" ]; then
touch "/home/$MY_USERNAME/README"
if ! grep -q $"If you have imported legacy email which is not encrypted" "/home/$MY_USERNAME/README"; then
{ echo '';
echo '';
echo $'# Encrypting legacy email';
echo $'If you have imported legacy email which is not encrypted';
echo $'then it can be encrypted with the command:';
echo '';
echo ' encmaildir';
echo '';
echo $'But be warned that depending upon how much email you have';
echo $'this could take a seriously LONG time on the Beaglebone';
echo $'and may be better done on a faster machine.'; } >> "/home/$MY_USERNAME/README"
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/README"
chmod 600 "/home/$MY_USERNAME/README"
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
$INSTALL_PACKAGES lynx abook urlview mutt
if [ ! -f /etc/Muttrc ]; then
echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
exit 49
fi
if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then
mkdir "/home/$MY_USERNAME/.mutt"
echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > "/home/$MY_USERNAME/.mutt/mailcap"
cp "/home/$MY_USERNAME/.mutt/mailcap" /etc/skel/.mutt
chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt"
chown -R root:root /etc/skel/.mutt
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
{ echo 'set mbox_type=Maildir';
echo 'set folder="~/Maildir"';
echo 'set mask="!^\\.[^.]"';
echo 'set mbox="~/Maildir"';
echo 'set record="+Sent"';
echo 'set postponed="+Drafts"';
echo 'set trash="+Trash"';
echo 'set spoolfile="~/Maildir"';
echo 'auto_view text/x-vcard text/html text/enriched';
echo 'set header_cache="+.cache"';
echo 'set markers=no';
echo '';
echo '# ctrl-u to view long URLs';
echo 'macro pager \cu <pipe-entry>"urlview"<enter> "Follow links with urlview"';
echo '';
echo 'macro index S "<tag-prefix><decode-save>=.learn-spam<enter>" "move to learn-spam"';
echo 'macro pager S "<decode-save>=.learn-spam<enter>" "move to learn-spam"';
echo 'macro index H "<tag-prefix><decode-copy>=.learn-ham<enter>" "copy to learn-ham"';
echo 'macro pager H "<decode-copy>=.learn-ham<enter>" "copy to learn-ham"';
echo '';
echo '# set up the sidebar';
echo 'set sidebar_width=22';
echo 'set sidebar_visible=yes';
echo '';
echo 'set rfc2047_parameters';
echo '';
echo '# Show inbox and sent items';
echo 'mailboxes = =admin =Sent =maybe-spam =spam';
echo '';
echo '# Alter these colours as needed for maximum bling';
echo 'color sidebar_new yellow default';
echo 'color normal white default';
echo 'color hdrdefault brightcyan default';
echo 'color signature green default';
echo 'color attachment brightyellow default';
echo 'color quoted green default';
echo 'color quoted1 white default';
echo 'color tilde blue default';
echo '';
echo '# ctrl-n, ctrl-p to select next, prev folder';
echo '# ctrl-o to open selected folder';
echo 'bind index \Cp sidebar-prev';
echo 'bind index \Cn sidebar-next';
echo 'bind index \Co sidebar-open';
echo 'bind pager \Cp sidebar-prev';
echo 'bind pager \Cn sidebar-next';
echo 'bind pager \Co sidebar-open';
echo '';
echo '# ctrl-b toggles sidebar visibility';
echo "macro index,pager \\Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'";
echo '';
echo '# esc-m Mark new messages as read';
echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"';
echo '';
echo '# Collapsing threads';
echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"';
echo 'macro index ] "<collapse-all>" "collapse/uncollapse all threads"';
echo '';
echo '# threads containing new messages';
echo 'uncolor index "~(~N)"';
echo 'color index brightblue default "~(~N)"';
echo '';
echo '# new messages themselves';
echo 'uncolor index "~N"';
echo 'color index brightyellow default "~N"';
echo '';
echo '# GPG/PGP integration';
echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign';
echo 'set pgp_timeout=1800';
echo '';
echo '# automatically sign and encrypt with PGP/MIME';
echo 'set pgp_autosign # autosign all outgoing mails';
echo 'set pgp_autoencrypt # Try to encrypt automatically';
echo 'set pgp_replyencrypt # autocrypt replies to crypted';
echo 'set pgp_replysign # autosign replies to signed';
echo 'set pgp_auto_decode=yes # decode attachments';
echo 'set fcc_clear=no # Keep encrypted copy of sent encrypted mail';
echo 'unset smime_is_default';
echo '';
echo 'set alias_file=~/.mutt-alias';
echo 'source ~/.mutt-alias';
echo 'set query_command= "abook --mutt-query \"%s\""';
echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"'; } > /etc/Muttrc
if [[ "$ONION_ONLY" != 'no' ]]; then
# On onion only systems email is onion router anyway, with its
# own encryption system, so we don't need the additional pgp layer
# except perhaps for some additional confidence
sed -i 's|set pgp_autoencrypt|unset pgp_autoencrypt|g' /etc/Muttrc
sed -i 's|set pgp_autosign|unset pgp_autosign|g' /etc/Muttrc
fi
# shellcheck disable=SC2028
echo 'REGEXP (((http|https|ftp|gopher)|mailto)[.:][^ >"\t]*|www\.[-a-z0-9.]+)[^ .,;\t>">\):]' > "/home/$MY_USERNAME/.urlview"
echo 'COMMAND lynx -dump -width=78 -nolist %s' >> "/home/$MY_USERNAME/.urlview"
cp -f /etc/Muttrc /etc/skel/.muttrc
cp -f "/home/$MY_USERNAME/.urlview" /etc/skel/.urlview
touch "/home/$MY_USERNAME/.mutt-alias"
cp "/home/$MY_USERNAME/.mutt-alias" /etc/skel/.mutt-alias
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.muttrc"
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt-alias"
# default user on generic images
if [ -d "/home/${GENERIC_IMAGE_USERNAME}" ]; then
cp -f /etc/Muttrc "/home/${GENERIC_IMAGE_USERNAME}/.muttrc"
chown "${GENERIC_IMAGE_USERNAME}":"${GENERIC_IMAGE_USERNAME}" "/home/${GENERIC_IMAGE_USERNAME}/.muttrc"
touch "/home/${GENERIC_IMAGE_USERNAME}/.mutt-alias"
chown "${GENERIC_IMAGE_USERNAME}":"${GENERIC_IMAGE_USERNAME}" "/home/${GENERIC_IMAGE_USERNAME}/.mutt-alias"
return
fi
# ensure that the mail archive script is up to date
if [ ! -f /etc/cron.daily/archivemail ]; then
cp "/usr/local/bin/${PROJECT_NAME}-archive-mail" /etc/cron.daily/archivemail
chmod +x /etc/cron.daily/archivemail
else
HASH1=$(sha256sum "/usr/local/bin/${PROJECT_NAME}-archive-mail" | awk -F ' ' '{print $1}')
HASH2=$(sha256sum /etc/cron.daily/archivemail | awk -F ' ' '{print $1}')
if [[ "$HASH1" != "$HASH2" ]]; then
cp "/usr/local/bin/${PROJECT_NAME}-archive-mail" /etc/cron.daily/archivemail
chmod +x /etc/cron.daily/archivemail
fi
fi
if [ ! -f /etc/cron.daily/archivemail ]; then
cp "/usr/bin/${PROJECT_NAME}-archive-mail" /etc/cron.daily/archivemail
chmod +x /etc/cron.daily/archivemail
else
HASH1=$(sha256sum "/usr/local/bin/${PROJECT_NAME}-archive-mail" | awk -F ' ' '{print $1}')
HASH2=$(sha256sum /etc/cron.daily/archivemail | awk -F ' ' '{print $1}')
if [[ "$HASH1" != "$HASH2" ]]; then
cp "/usr/local/bin/${PROJECT_NAME}-archive-mail" /etc/cron.daily/archivemail
chmod +x /etc/cron.daily/archivemail
fi
fi
else
echo "/usr/bin/${PROJECT_NAME}-archive-mail was not found. ${PROJECT_NAME} might not have fully installed."
fi
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit "$INSTALL_DIR/cleanup-maildir" "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" "$CLEANUP_MAILDIR_REPO"
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
cd "$INSTALL_DIR" || exit 25
cd "$INSTALL_DIR/cleanup-maildir" || exit 68
git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT
set_completion_param "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT"
if [ ! -f /usr/bin/cleanup-maildir ]; then
HASH1=$(sha256sum "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" | awk -F ' ' '{print $1}')
HASH2=$(sha256sum /usr/bin/cleanup-maildir | awk -F ' ' '{print $1}')
if [[ "$HASH1" != "$HASH2" ]]; then
}
# Ensure that the from field is correct when sending email from Mutt
function email_from_address {
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
if grep -q "set from=" "/home/$MY_USERNAME/.muttrc"; then
sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" "/home/$MY_USERNAME/.muttrc"
echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> "/home/$MY_USERNAME/.muttrc"
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
# does the mailing list have a separate domain name?
if [ ! "$PUBLIC_MAILING_LIST_DOMAIN_NAME" ]; then
PUBLIC_MAILING_LIST_DOMAIN_NAME="$DEFAULT_DOMAIN_NAME"
fi
PUBLIC_MAILING_LIST_USER="mlmmj"
adduser --system "$PUBLIC_MAILING_LIST_USER"
addgroup "$PUBLIC_MAILING_LIST_USER"
adduser "$PUBLIC_MAILING_LIST_USER" "$PUBLIC_MAILING_LIST_USER"
echo ''
echo $"Creating the $PUBLIC_MAILING_LIST mailing list"
echo ''
# create the list
mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c "$PUBLIC_MAILING_LIST_USER"
{ echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe';
echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER";
echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER"; } > /etc/exim4/conf.d/main/000_localmacros
{ echo 'mlmmj_router:';
echo " debug_print = \"R: mlmmj_router for \$local_part@\$domain\"";
echo ' driver = accept';
echo ' domains = +mlmmj_domains';
echo " #require_files = MLMMJ_HOME/\${lc::\$local_part}";
echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.';
echo ' # Exim will then spawn a new process running under the UID of "mlmmj".';
echo " require_files = mlmmj:MLMMJ_HOME/\${lc::\$local_part}";
echo ' local_part_suffix = +*';
echo ' local_part_suffix_optional';
echo ' headers_remove = Delivered-To';
echo " headers_add = Delivered-To: \$local_part\$local_part_suffix@\$domain";
echo ' transport = mlmmj_transport'; } > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
{ echo 'mlmmj_transport:';
echo " debug_print = \"T: mlmmj_transport for \$local_part@\$domain\"";
echo ' driver = pipe';
echo ' return_path_add';
echo ' user = mlmmj';
echo ' group = mlmmj';
echo ' home_directory = MLMMJ_HOME';
echo ' current_directory = MLMMJ_HOME';
echo " command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/\${lc:\$local_part}"; } > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i "/MLMMJ_HOME/a\\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i "/domainlist mlmmj_domains =/a\\delay_warning_condition = \${if match_domain{\$domain}{+mlmmj_domains}{no}{yes}}" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
fi
update-exim4.conf.template -r
update-exim4.conf
systemctl restart exim4
if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" "/home/$MY_USERNAME/README"; then
{ echo '';
echo '';
echo $"$PUBLIC_MAILING_LIST mailing list";
echo '=================================';
echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a";
echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME"; } >> "/home/$MY_USERNAME/README"
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/README"
chmod 600 "/home/$MY_USERNAME/README"
"${PROJECT_NAME}-addlist" -u "$MY_USERNAME" -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
# split the gpg key into fragments if social key management is enabled
if [ "$IMAGE_PASSWORD_FILE" ]; then
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
"${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -e "$MY_EMAIL_ADDRESS" --fullname "$MY_NAME" --passwordfile "$IMAGE_PASSWORD_FILE"
echo 'Splitting GPG key. You may need to enter your passphrase.'
"${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -e "$MY_EMAIL_ADDRESS" --fullname "$MY_NAME"
if [ ! -d "/home/$MY_USERNAME/.gnupg_fragments" ]; then
echo 'Yhe GPG key could not be split'
return
fi
EMAIL_COMPLETE_MSG=$"
*** ${PROJECT_NAME} mailbox installation is complete ***
Now on your internet router forward ports
25, 587, 465, 993 and 2222 to the ${PROJECT_NAME}
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
function_check install_tripwire
install_tripwire
function_check split_gpg_key_into_fragments
split_gpg_key_into_fragments
clear
echo ''
echo "$EMAIL_COMPLETE_MSG"
if [ -d "$USB_MOUNT" ]; then
umount "$USB_MOUNT"
rm -rf "$USB_MOUNT"
echo $' You can now remove the USB drive'
fi
exit 0
fi
return
fi
function_check install_tripwire
install_tripwire
function_check split_gpg_key_into_fragments
split_gpg_key_into_fragments
# unmount any attached usb drive
clear
echo ''
echo "$EMAIL_COMPLETE_MSG"
echo ''
if [ -d "$USB_MOUNT" ]; then
umount "$USB_MOUNT"
rm -rf "$USB_MOUNT"
echo $' You can now remove the USB drive'
fi
exit 0
fi
function install_email_basic {
$INSTALL_PACKAGES exim4 sasl2-bin swaks libnet-ssleay-perl procmail
if [ ! -d /etc/exim4 ]; then
echo $"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE"
exit 48
fi
# configure for Maildir format
sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs
sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs
if ! grep -q "export MAIL" /etc/profile; then
echo 'export MAIL=~/Maildir' >> /etc/profile
fi
sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login
sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
echo "dc_eximconfig_configtype='internet'" > /etc/exim4/update-exim4.conf.conf
if [[ $ONION_ONLY == 'no' ]]; then
echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};mail.${DEFAULT_DOMAIN_NAME}'" >> /etc/exim4/update-exim4.conf.conf
else