| Age | Commit message (Collapse) | Author |
|---|
|
fix: sanitize domain input to prevent command injection
|
|
- Added input validation for the domain parameter to allow only alphanumeric characters, dots, and dashes.
- This mitigates a command injection vulnerability on line 9 where unsanitized user input could be injected into the sed command.
- The fix improves security for local script execution in multi-user environments or when the script is run with elevated privileges.
|
|
|
|
now it can make self-signed certs, turn some settings into options
|
|
|
|
|
|
feat: turn user "dmarc" into "postmaster" for more generic use cases
|
|
|
|
|
|
|
|
|
|
Open port 110 and 995 for POP3 support
|
|
Short-term workaround to prevent SMTP smuggling
|
|
|
|
Add safeguards to script
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Open port 110 and 995 for POP3 support
|
|
-- the change to the apt-get install part at the beginning forces an uninstall and purge of configs. This means that if you re-run the script it will "reset" the install to default state by deleting packages and configs and re-installing and re-generating the configs.
--I turned some hardcoded settings into options that can be set in the variables at the top of the script (for convenience). The default behavior is the same as before.
allow_suboptimal_ciphers="yes" #yes no
mailbox_format="maildir" # maildir sdbox
allowed_protocols=" imap pop3 " #imap pop3
--added a setting "selfsigned="no" # yes no" to choose between "let's get a cert from letsencrypt" and "create self-signed cert that lasts 100 years", and added the logic to generate the certs and whatnot.
My usecase is for an "isolated" server that collects notifications from devices in the same local network(s) or serves as secure/private messaging system over VPN (wireguard or whatever).
The default is still as before. If creating a self-signed cert is selected, it will show the certificate creation wizard as normal.
--added a few setting variables to auto-generate the certificate with country name, state/province name, organization name and hostname
Again this is not enabled by default.
|
|
Correct grammatical and phrasing errors
|
|
|
|
|
|
|
|
|
|
Make it work with Debian 12: spamassassin -> spamd
|
|
Adding pop3 support
|
|
|
|
This commits checks for /etc/default/spamassassin. If it exists, it's
passed through sed to modify the CRON variable as usual, and
spamassassin.service is enabled and restarted.
If /etc/default/spamassassin does not exist, but /etc/default/spamd
exists, we modify /etc/default/spamd instead, and restart and enable
spamd.service.
This has to be done because Debian 12 introduced this breaking change:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020859
Apologies for my previous commit which introduced a new "README" file
specifically for my fork of the repository. I've modified my patch to
remove it, please accept this version of the patch instead.
Signed-off-by: Andrew Yu <andrew@andrewyu.org>
|
|
fix comment
|
|
|
|
|
|
drunderscore/fix/use-single-quotes-to-prevent-interpolation
Use single-quotes to prevent interpolation when configuring Postfix
|
|
Unless you intend to interpolate, you should never use double-quotes. In
this instance, it was actually impactful -- `$myhostname` and
`$mydomain` were meant to be left as-is, referring to those Postfix
config parameters, but were accidentally interpolated and subsequently
generating nonsense (but not fatal) configuration.
|
|
Relay access denied fix
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reverse DNS does not match SMTP Banner
|
|
|
|
Can -> Can't
|
|
|
|
|
|
|
