iRedMail now supports Ubuntu 20.04 LTS with MariaDB and PostgreSQL ba…

…ckends.
iredmail · May 5, 2020 · db12dfe · db12dfe
1 parent 7455449
commit db12dfe
Show file tree

Hide file tree

Showing 19 changed files with 142 additions and 35 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+iRedMail-1.2.2:
+    * Supports new distribution release:
+        + Ubuntu 20.04
+
 iRedMail-1.2.1:
     * Switch self-signed ssl cert key length to 4096.
     * Swith DKIM key length to 2048.

diff --git a/conf/dovecot b/conf/dovecot
@@ -25,7 +25,7 @@
 # ----------------------------------------
 
 # Major version number of Dovecot package: 2.2, 2.3.
-export DOVECOT_VERSION='2.2'
+export DOVECOT_VERSION='2.3'
 
 # Dovecot user & group.
 export SYS_USER_DOVECOT='dovecot'
@@ -72,20 +72,22 @@ export DOVECOT_SYSLOG_FILE_SIEVE="${DOVECOT_LOG_DIR}/sieve.log"
 # Log rotate config file
 export DOVECOT_LOGROTATE_FILE="${LOGROTATE_DIR}/dovecot"
 
-if [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
+if [ X"${DISTRO}" == X'RHEL' ]; then
+    export DOVECOT_VERSION='2.2'
+elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
     export DOVECOT_DELIVER_BIN='/usr/lib/dovecot/deliver'
 
-    # Debian 10
-    [ X"${DISTRO_CODENAME}" == X'buster' ] && export DOVECOT_VERSION='2.3'
+    # Debian 9, Ubuntu 18.04.
+    if [ X"${DISTRO_CODENAME}" == X'stretch' -o X"${DISTRO_CODENAME}" == X'bionic' ]; then
+        export DOVECOT_VERSION='2.2'
+    fi
 elif [ X"${DISTRO}" == X'FREEBSD' ]; then
-    export DOVECOT_VERSION='2.3'
     export DOVECOT_CONF_DIR='/usr/local/etc/dovecot'
     export DOVECOT_DELIVER_BIN='/usr/local/libexec/dovecot/deliver'
     export DOVECOT_DOVEADM_BIN='/usr/local/bin/doveadm'
     export DOVECOT_CONF_INCLUDE_DIR='/usr/local/etc/dovecot/iredmail'
 
 elif [ X"${DISTRO}" == X'OPENBSD' ]; then
-    export DOVECOT_VERSION='2.3'
     export SYS_USER_DOVECOT='_dovecot'
     export SYS_GROUP_DOVECOT='_dovecot'
     export DOVECOT_DELIVER_BIN='/usr/local/libexec/dovecot/deliver'

diff --git a/conf/fail2ban b/conf/fail2ban
@@ -42,6 +42,9 @@ export FAIL2BAN_FILTER_DOVECOT="dovecot.iredmail"
 
 export FAIL2BAN_DISABLED_SERVICES="${PORT_HTTP},${HTTPS_PORT},25,587,465,110,995,143,993,${MANAGESIEVE_PORT}"
 
+export FAIL2BAN_LOG_FILE='/var/log/fail2ban.log'
+export FAIL2BAN_SYSLOG_FACILITY='daemon'
+
 # Firewall command (fail2ban/action.d/[NAME].conf)
 if [ X"${KERNEL_NAME}" == X'LINUX' ]; then
     export FAIL2BAN_ACTION='iptables-multiport'

diff --git a/conf/global b/conf/global
@@ -22,7 +22,7 @@
 
 export PROG_NAME='iRedMail'
 export PROG_NAME_LOWERCASE='iredmail'
-export PROG_VERSION='1.2.1'
+export PROG_VERSION='1.2.2'
 
 export DATE="$(/bin/date +%Y.%m.%d.%H.%M.%S)"
 

diff --git a/conf/php b/conf/php
@@ -47,9 +47,12 @@ elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
     elif [ X"${DISTRO_CODENAME}" == X'buster' ]; then
         # Debian 10
         export PHP_VERSION='7.3'
-    else
-        # Ubuntu 18.04, 19.04
+    elif [ X"${DISTRO_CODENAME}" == X'bionic' ]; then
+        # Ubuntu 18.04
         export PHP_VERSION='7.2'
+    else
+        # Ubuntu 20.04
+        export PHP_VERSION='7.4'
     fi
 
     export PHP_INI="/etc/php/${PHP_VERSION}/fpm/php.ini"

diff --git a/conf/postgresql b/conf/postgresql
@@ -45,9 +45,12 @@ elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
     elif [ X"${DISTRO_CODENAME}" == X'bionic' ]; then
         # Ubuntu 18.04
         export PGSQL_VERSION='10'
-    else
-        # Debian 10, Ubuntu 19.04
+    elif [ X"${DISTRO_CODENAME}" == X'buster' ]; then
+        # Debian 10
         export PGSQL_VERSION='11'
+    else
+        # Ubuntu 20.04
+        export PGSQL_VERSION='12'
     fi
 
     export PGSQL_USER_HOMEDIR='/var/lib/postgresql'

diff --git a/dialog/web_applications.sh b/dialog/web_applications.sh
@@ -33,8 +33,11 @@ if [ X"${DISABLE_WEB_SERVER}" != X'YES' ]; then
         export DIALOG_SELECTABLE_SOGO='YES'
     fi
 
-    # SOGo team doesn't offer binary packages for CentOS 8 (yet).
-    [ X"${DISTRO}" == X'RHEL' -a X"${DISTRO_VERSION}" == X'8' ] && export DIALOG_SELECTABLE_SOGO='NO'
+    # SOGo team doesn't offer binary packages for CentOS 8 and Ubuntu 20.04 (yet).
+    if [ X"${DISTRO}" == X'RHEL' -a X"${DISTRO_VERSION}" == X'8' ] ||
+        [ X"${DISTRO}" == X'UBUNTU' -a X"${DISTRO_CODENAME}" == X'focal' ]; then
+        export DIALOG_SELECTABLE_SOGO='NO'
+    fi
 
     if [ X"${DISTRO}" == X'OPENBSD' ]; then
         # OpenBSD doesn't have 'libuuid' which required by netdata

diff --git a/functions/fail2ban.sh b/functions/fail2ban.sh
@@ -145,9 +145,43 @@ fail2ban_config() {
     echo 'export status_fail2ban_config="DONE"' >> ${STATUS_FILE}
 }
 
+fail2ban_syslog_setup() {
+    ECHO_DEBUG "Generate modular syslog and log rotate config files for Fail2ban."
+    if [ X"${KERNEL_NAME}" == X'LINUX' ]; then
+        cp ${SAMPLE_DIR}/rsyslog.d/1-iredmail-fail2ban.conf ${SYSLOG_CONF_DIR}
+        perl -pi -e 's#PH_FAIL2BAN_LOG_FILE#$ENV{FAIL2BAN_LOG_FILE}#g' ${SYSLOG_CONF_DIR}/1-iredmail-fail2ban.conf
+
+        touch ${FAIL2BAN_LOG_FILE}
+        chown ${SYS_USER_SYSLOG}:${SYS_GROUP_SYSLOG} ${FAIL2BAN_LOG_FILE}
+        chmod 0640 ${FAIL2BAN_LOG_FILE}
+    elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then
+        cp -f ${SAMPLE_DIR}/freebsd/syslog.d/fail2ban.conf ${SYSLOG_CONF_DIR} >> ${INSTALL_LOG} 2>&1
+        perl -pi -e 's#PH_FAIL2BAN_SYSLOG_FACILITY#$ENV{FAIL2BAN_SYSLOG_FACILITY}#g' ${SYSLOG_CONF_DIR}/fail2ban.conf
+        perl -pi -e 's#PH_FAIL2BAN_LOG_FILE#$ENV{FAIL2BAN_LOG_FILE}#g' ${SYSLOG_CONF_DIR}/fail2ban.conf
+    elif [ X"${KERNEL_NAME}" == X'OPENBSD' ]; then
+        if ! grep "${FAIL2BAN_LOG_FILE}" ${SYSLOG_CONF} &>/dev/null; then
+            # '!!' means abort further evaluation after first match
+            echo '' >> ${SYSLOG_CONF}
+            echo '!!fail2ban' >> ${SYSLOG_CONF}
+            echo "${FAIL2BAN_SYSLOG_FACILITY}.*        ${FAIL2BAN_LOG_FILE}" >> ${SYSLOG_CONF}
+        fi
+
+        if ! grep "${FAIL2BAN_LOG_FILE}" /etc/newsyslog.conf &>/dev/null; then
+            cat >> /etc/newsyslog.conf <<EOF
+${FAIL2BAN_LOG_FILE}    ${SYS_USER_SYSLOG}:${SYS_GROUP_SYSLOG}   640  7     *    24    Z
+EOF
+        fi
+    fi
+
+    echo 'export status_fail2ban_syslog_setup="DONE"' >> ${STATUS_FILE}
+}
+
 fail2ban_setup() {
     ECHO_INFO "Configure Fail2ban (authentication failure monitor)."
 
     check_status_before_run fail2ban_initialize_db
     check_status_before_run fail2ban_config
+    check_status_before_run fail2ban_syslog_setup
+
+    echo 'export status_fail2ban_setup="DONE"' >> ${STATUS_FILE}
 }
diff --git a/functions/iredadmin.sh b/functions/iredadmin.sh
@@ -241,6 +241,11 @@ iredadmin_rc_setup()
         perl -pi -e 's#^(uwsgi-socket).*#${1} = $ENV{IREDADMIN_BIND_ADDRESS}:$ENV{IREDADMIN_LISTEN_PORT}#g' ${IREDADMIN_HTTPD_ROOT}/rc_scripts/uwsgi/rhel.ini
         perl -pi -e 's#^(chdir).*#${1} = $ENV{IREDADMIN_HTTPD_ROOT_SYMBOL_LINK}#g' ${IREDADMIN_HTTPD_ROOT}/rc_scripts/uwsgi/rhel.ini
     elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
+        if [ X"${DISTRO_CODENAME}" == X'focal' ]; then
+            # Fix path to uwsgi.
+            perl -pi -e 's#/usr/bin/uwsgi#/usr/local/bin/uwsgi#g' ${IREDADMIN_HTTPD_ROOT}/rc_scripts/systemd/debian.service
+        fi
+
         cp -f ${IREDADMIN_HTTPD_ROOT}/rc_scripts/systemd/debian.service ${SYSTEMD_SERVICE_DIR}/iredadmin.service
         chmod 0644 ${SYSTEMD_SERVICE_DIR}/iredadmin.service
 

diff --git a/functions/iredapd.sh b/functions/iredapd.sh
@@ -219,7 +219,9 @@ iredapd_config()
     # mlmmjadmin integration.
     perl -pi -e 's#^(mlmmjadmin_api_auth_token).*#${1} = "$ENV{MLMMJADMIN_API_AUTH_TOKEN}"#' ${IREDAPD_CONF}
 
-    if [[ X"${DISTRO}" == X'RHEL' ]] && [[ X"${DISTRO_VERSION}" == X'8' ]]; then
+    # Use pymysql on CentOS 8, Ubuntu 20.04
+    if [ X"${DISTRO}" == X'RHEL' -a X"${DISTRO_VERSION}" == X'8' ] || \
+        [ X"${DISTRO}" == X'UBUNTU' -a X"${DISTRO_CODENAME}" == X'focal' ]; then
         if [[ X"${BACKEND}" == X'OPENLDAP' ]] || [[ X"${BACKEND}" == X'MYSQL' ]]; then
             echo "SQL_DB_DRIVER = 'pymysql'" >> ${IREDAPD_CONF}
         fi

diff --git a/functions/packages.sh b/functions/packages.sh
@@ -65,6 +65,8 @@ install_all()
         if [ X"${DISTRO}" == X'RHEL' ]; then
             ALL_PKGS="${ALL_PKGS} rsyslog firewalld"
             PIP2_MODULES="${PIP2_MODULES} web.py==0.51 pycurl uwsgi netifaces"
+        elif [ X"${DISTRO}" == X'UBUNTU' -a X"${DISTRO_CODENAME}" == X'focal' ]; then
+            PIP2_MODULES="${PIP2_MODULES} web.py==0.51 uwsgi netifaces"
         fi
     fi
 
@@ -118,7 +120,17 @@ install_all()
                 fi
             fi
         elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
-            ALL_PKGS="${ALL_PKGS} postfix-ldap slapd ldap-utils libnet-ldap-perl libdbd-mysql-perl mariadb-server mariadb-client"
+            ALL_PKGS="${ALL_PKGS} slapd ldap-utils libnet-ldap-perl libdbd-mysql-perl mariadb-server mariadb-client"
+
+            if [ X"${DISTRO_CODENAME}" == X'stretch' \
+                -o X"${DISTRO_CODENAME}" == X'buster' \
+                -o X"${DISTRO_CODENAME}" == X'bionic' ]; then
+                # Debian, Ubuntu 18.04
+                ALL_PKGS="${ALL_PKGS} postfix-ldap"
+            else
+                # Ubuntu 20.04+
+                PIP2_MODULES="${PIP2_MODULES} python-ldap==3.2.0"
+            fi
         elif [ X"${DISTRO}" == X'OPENBSD' ]; then
             ALL_PKGS="${ALL_PKGS} openldap-server${OB_PKG_OPENLDAP_SERVER_VER}"
             PKG_SCRIPTS="${PKG_SCRIPTS} ${OPENLDAP_RC_SCRIPT_NAME}"
@@ -367,6 +379,8 @@ EOF
     if [ X"${DISTRO}" == X'RHEL' -a X"${DISTRO_VERSION}" == X'8' ]; then
         ALL_PKGS="${ALL_PKGS} gcc libcurl-devel openssl-devel python2-devel python2-pip"
         [ X"${BACKEND}" == X'OPENLDAP' ] && ALL_PKGS="${ALL_PKGS} openldap-devel"
+    elif [ X"${DISTRO}" == X'UBUNTU' -a X"${DISTRO_CODENAME}" != X'bionic' ]; then
+        ALL_PKGS="${ALL_PKGS} python2-dev curl libcurl4-openssl-dev python-setuptools"
     fi
 
     # iRedAPD.
@@ -393,11 +407,26 @@ EOF
 
     elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
         ALL_PKGS="${ALL_PKGS} python-sqlalchemy python-dnspython"
-        [ X"${BACKEND}" == X'OPENLDAP' ] && ALL_PKGS="${ALL_PKGS} python-ldap python-mysqldb"
-        [ X"${BACKEND}" == X'MYSQL' ] && ALL_PKGS="${ALL_PKGS} python-mysqldb"
-        [ X"${BACKEND}" == X'PGSQL' ] && ALL_PKGS="${ALL_PKGS} python-psycopg2"
 
-        [ X"${DISTRO}" == X'UBUNTU' ] && ALL_PKGS="${ALL_PKGS} python-pymysql"
+        if [ X"${DISTRO}" == X'DEBIAN' ]; then
+            [ X"${BACKEND}" == X'OPENLDAP' ] && ALL_PKGS="${ALL_PKGS} python-ldap python-mysqldb"
+            [ X"${BACKEND}" == X'MYSQL' ] && ALL_PKGS="${ALL_PKGS} python-mysqldb"
+            [ X"${BACKEND}" == X'PGSQL' ] && ALL_PKGS="${ALL_PKGS} python-psycopg2"
+        else
+            if [ X"${DISTRO_CODENAME}" == X'bionic' ]; then
+                # Ubuntu 18.04
+                [ X"${BACKEND}" == X'OPENLDAP' ] && ALL_PKGS="${ALL_PKGS} python-ldap python-mysqldb"
+                [ X"${BACKEND}" == X'MYSQL' ] && ALL_PKGS="${ALL_PKGS} python-mysqldb"
+                [ X"${BACKEND}" == X'PGSQL' ] && ALL_PKGS="${ALL_PKGS} python-psycopg2"
+            else
+                [ X"${BACKEND}" == X'OPENLDAP' ] && PIP2_MODULES="${PIP2_MODULES} python-ldap PyMySQL"
+                [ X"${BACKEND}" == X'MYSQL' ] && PIP2_MODULES="${PIP2_MODULES} PyMySQL"
+                if [ X"${BACKEND}" == X'PGSQL' ]; then
+                    ALL_PKGS="${ALL_PKGS} postgresql-server-dev-12"
+                    PIP2_MODULES="${PIP2_MODULES} psycopg2"
+                fi
+            fi
+        fi
 
     elif [ X"${DISTRO}" == X'OPENBSD' ]; then
         ALL_PKGS="${ALL_PKGS} py-sqlalchemy py-dnspython"
@@ -420,13 +449,17 @@ EOF
 
         [ X"${DISTRO_VERSION}" == X'8' ] && ALL_PKGS="${ALL_PKGS} python2-jinja2 python2-requests"
     elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
-        ALL_PKGS="${ALL_PKGS} python-jinja2 python-netifaces python-pycurl python-requests uwsgi uwsgi-plugin-python"
+        ALL_PKGS="${ALL_PKGS} python-jinja2 python-netifaces python-pycurl"
 
         if [ X"${DISTRO_CODENAME}" == X"bionic" -o X"${DISTRO_CODENAME}" == X"stretch" ]; then
-            ALL_PKGS="${ALL_PKGS} python-webpy"
+            ALL_PKGS="${ALL_PKGS} python-webpy python-requests uwsgi uwsgi-plugin-python"
         else
             # Install webpy with pip
-            ALL_PKGS="${ALL_PKGS} python-pip"
+            if [ X"${DISTRO_CODENAME}" == X"buster" ]; then
+                ALL_PKGS="${ALL_PKGS} python-pip"
+            fi
+
+            PIP2_MODULES="${PIP2_MODULES} requests uwsgi"
         fi
 
         # Ubuntu
@@ -541,6 +574,11 @@ EOF
 
     after_package_installation()
     {
+        pip_args=''
+        if [ X"${PIP_MIRROR_SITE}" != X'' -a X"${PIP_TRUSTED_HOST}" != X'' ]; then
+            pip_args="-i ${PIP_MIRROR_SITE} --trusted-host ${PIP_TRUSTED_HOST}"
+        fi
+
         if [ X"${DISTRO}" == X'OPENBSD' ]; then
             # Create symbol links for php.
             if [ X"${IREDMAIL_USE_PHP}" == X'YES' ]; then
@@ -574,13 +612,18 @@ EOF
             if [ X"${DISTRO_CODENAME}" != X"bionic" -a X"${DISTRO_CODENAME}" != X"stretch" ]; then
                 ${CMD_PIP2} install --no-deps ${PKG_MISC_DIR}/webpy-0.51.tar.gz &> ${RUNTIME_DIR}/uwsgi_install.log
             fi
-        elif [ X"${DISTRO}" == X'RHEL' -a X"${DISTRO_VERSION}" == X'8' ]; then
-            ECHO_INFO "Installing required Python-2 modules with pip."
 
-            pip_args=''
-            if [ X"${PIP_MIRROR_SITE}" != X'' -a X"${PIP_TRUSTED_HOST}" != X'' ]; then
-                pip_args="-i ${PIP_MIRROR_SITE} --trusted-host ${PIP_TRUSTED_HOST}"
+            if [ X"${DISTRO_CODENAME}" == X'focal' ]; then
+                ECHO_INFO "Install pip for Python 2."
+                cd /tmp
+                ${FETCH_CMD} https://bootstrap.pypa.io/get-pip.py
+                python2 get-pip.py ${pip_args}
+                rm -f get-pip.py
+
+                ${CMD_PIP2} install ${pip_args} -U ${PIP2_MODULES}
             fi
+        elif [ X"${DISTRO}" == X'RHEL' -a X"${DISTRO_VERSION}" == X'8' ]; then
+            ECHO_INFO "Installing required Python-2 modules with pip."
 
             # Install py2 modules.
             # pycurl requires specified ssl library.

diff --git a/samples/fail2ban/jail.d/dovecot.local b/samples/fail2ban/jail.d/dovecot.local
@@ -1,4 +1,4 @@
-[dovecot-iredmail]
+[dovecot]
 enabled     = true
 filter      = dovecot.iredmail
 logpath     = PH_DOVECOT_LOG_FILE

diff --git a/samples/fail2ban/jail.d/postfix-pregreet.local b/samples/fail2ban/jail.d/postfix-pregreet.local
@@ -1,7 +1,7 @@
-[postfix-pregreet-iredmail]
+[postfix-pregreet]
 enabled     = true
 maxretry    = 1
 filter      = postfix-pregreet.iredmail
 logpath     = PH_MAILLOG
-action      = PH_FAIL2BAN_ACTION[name=postfix, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp]
-              banned_db[name=postfix, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp]
+action      = PH_FAIL2BAN_ACTION[name=postfix-pregreet, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp]
+              banned_db[name=postfix-pregreet, port="PH_FAIL2BAN_DISABLED_SERVICES", protocol=tcp]
diff --git a/samples/fail2ban/jail.d/postfix.local b/samples/fail2ban/jail.d/postfix.local
@@ -1,4 +1,4 @@
-[postfix-iredmail]
+[postfix]
 enabled     = true
 filter      = postfix.iredmail
 logpath     = PH_MAILLOG

diff --git a/samples/fail2ban/jail.d/roundcube.local b/samples/fail2ban/jail.d/roundcube.local
@@ -1,4 +1,4 @@
-[roundcube-iredmail]
+[roundcube]
 enabled     = false
 findtime    = 3600
 filter      = roundcube.iredmail

diff --git a/samples/fail2ban/jail.d/sogo.local b/samples/fail2ban/jail.d/sogo.local
@@ -1,4 +1,4 @@
-[sogo-iredmail]
+[sogo]
 enabled     = false
 filter      = sogo-auth
 logpath     = PH_SOGO_LOG_FILE

diff --git a/samples/freebsd/syslog.d/fail2ban.conf b/samples/freebsd/syslog.d/fail2ban.conf
@@ -0,0 +1,2 @@
+!fail2ban
+PH_FAIL2BAN_SYSLOG_FACILITY.*                       PH_FAIL2BAN_LOG_FILE
diff --git a/samples/netdata/netdata.conf b/samples/netdata/netdata.conf
@@ -50,7 +50,8 @@
     update every = 3
 
     # Log files
-    #access log = syslog
+    # Nginx logs access log, netdata no need to log it again.
+    access log = none
     #error log = syslog
     #debug log = syslog
 

diff --git a/samples/rsyslog.d/1-iredmail-fail2ban.conf b/samples/rsyslog.d/1-iredmail-fail2ban.conf
@@ -0,0 +1,2 @@
+if $programname startswith 'fail2ban' or ($programname == 'journal' and $msg startswith 'fail2ban') then -PH_FAIL2BAN_LOG_FILE
+& stop