diff --git a/Configs/RainLoop-Domain-localhost.ini b/Configs/SnappyMail-Domain-localhost.ini similarity index 100% rename from Configs/RainLoop-Domain-localhost.ini rename to Configs/SnappyMail-Domain-localhost.ini diff --git a/Configs/RainLoop-application.ini b/Configs/SnappyMail-application.ini similarity index 71% rename from Configs/RainLoop-application.ini rename to Configs/SnappyMail-application.ini index aba5671..ec65386 100644 --- a/Configs/RainLoop-application.ini +++ b/Configs/SnappyMail-application.ini @@ -1,4 +1,4 @@ -; RainLoop Webmail configuration file +; SnappyMail configuration file ; Please don't add custom parameters here, those will be overwritten [webmail] @@ -8,6 +8,7 @@ title = "BackupWebmail" ; Text displayed on startup loading_description = "Backupmail" favicon_url = "" +app_path = "" ; Theme used by default theme = "Blurred" @@ -27,63 +28,55 @@ allow_languages_on_settings = On allow_additional_accounts = On allow_additional_identities = On -; Number of messages displayed on page by default +; Number of messages displayed on page by default messages_per_page = 20 +; Mark message read after N seconds +message_read_delay = 5 + ; File size limit (MB) for file upload on compose screen ; 0 for unlimited. -attachment_size_limit = 25 +attachment_size_limit = 2 [interface] show_attachment_thumbnail = On -use_native_scrollbars = Off new_move_to_folder_button = On -[branding] -login_logo = "" -login_background = "" -login_desc = "" -login_css = "" -user_css = "" -user_logo = "" -user_logo_title = "" -user_logo_message = "" -user_iframe_message = "" -welcome_page_url = "" -welcome_page_display = "none" - [contacts] ; Enable contacts enable = Off allow_sync = Off sync_interval = 20 type = "sqlite" -pdo_dsn = "mysql:host=127.0.0.1;port=3306;dbname=rainloop" +pdo_dsn = "host=127.0.0.1;port=3306;dbname=snappymail" pdo_user = "root" pdo_password = "" suggestions_limit = 30 [security] ; Enable CSRF protection (http://en.wikipedia.org/wiki/Cross-site_request_forgery) -csrf_protection = On -custom_server_signature = "RainLoop" -x_frame_options_header = "" -x_xss_protection_header = "1; mode=block" +csrf_protection = Off +custom_server_signature = "SnappyMail" +x_frame_options_header = "ALLOW" +x_xss_protection_header = "SAMEORIGIN" openpgp = Off ; Login and password for web admin panel admin_login = "admin" -admin_password = "12345" +admin_password = "" +admin_totp = "" ; Access settings -allow_admin_panel = On -allow_two_factor_auth = Off -force_two_factor_auth = Off -hide_x_mailer_header = Off +allow_admin_panel = Off +hide_x_mailer_header = On admin_panel_host = "" admin_panel_key = "admin" content_security_policy = "" -core_install_access_domain = "" +csp_report = Off +encrypt_cipher = "aes-256-cbc-hmac-sha1" + +[admin_panel] +allow_update = Off [ssl] ; Require verification of SSL certificate used. @@ -92,6 +85,9 @@ verify_certificate = Off ; Allow self-signed certificates. Requires verify_certificate. allow_self_signed = On +; https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html +security_level = 0 + ; Location of Certificate Authority file on local filesystem (/etc/ssl/certs/ca-certificates.crt) cafile = "" @@ -102,20 +98,11 @@ capath = "" client_cert = "" [capa] -folders = On -composer = On -contacts = On -settings = On quota = On -help = On -reload = On search = On search_adv = On -filters = On -x-templates = Off dangerous_actions = On message_actions = On -messagelist_actions = On attachments_actions = On [login] @@ -125,10 +112,6 @@ default_domain = "" allow_languages_on_login = On determine_user_language = On determine_user_domain = Off -welcome_page = Off -hide_submit_button = On -forgot_password_link_url = "" -registration_link_url = "" login_lowercase = On ; This option allows webmail to remember the logged in user @@ -148,13 +131,14 @@ enable = Off enabled_list = "" [defaults] -; Editor mode used by default (Plain, Html, HtmlForced or PlainForced) +; Editor mode used by default (Plain, Html) view_editor_type = "Html" ; layout: 0 - no preview, 1 - side preview, 2 - bottom preview view_layout = 1 view_use_checkboxes = On autologout = 30 +view_html = On show_images = Off contacts_autosave = On mail_use_threads = Off @@ -165,7 +149,18 @@ mail_reply_same_folder = Off ; Enable logging enable = Off -; Logs entire request only if error occured (php requred) +; Log messages of set RFC 5424 section 6.2.1 Severity level and higher (0 = highest, 7 = lowest). +; 0 = Emergency +; 1 = Alert +; 2 = Critical +; 3 = Error +; 4 = Warning +; 5 = Notice +; 6 = Informational +; 7 = Debug +level = 4 + +; Logs entire request only if error occured (php required) write_on_error_only = Off ; Logs entire request only if php error occured @@ -177,9 +172,8 @@ write_on_timeout_only = 0 ; Required for development purposes only. ; Disabling this option is not recommended. hide_passwords = On -time_offset = "0" +time_zone = "UTC" session_filter = "" -sentry_dsn = "" ; Log filename. ; For security reasons, some characters are removed from filename. @@ -207,6 +201,7 @@ sentry_dsn = "" ; filename = "log-{date:Y-m-d}.txt" ; filename = "{date:Y-m-d}/{user:domain}/{user:email}_{user:uid}.log" ; filename = "{user:email}-{date:Y-m-d}.txt" +; filename = "syslog" filename = "log-{date:Y-m-d}.txt" ; Enable auth logging in a separate file (for fail2ban) @@ -214,35 +209,13 @@ auth_logging = Off auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt" auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}" +; Enable auth logging to syslog for fail2ban +auth_syslog = Off + [debug] ; Special option required for development purposes enable = Off -[social] -; Google -google_enable = Off -google_enable_auth = Off -google_enable_auth_gmail = Off -google_enable_drive = Off -google_enable_preview = Off -google_client_id = "" -google_client_secret = "" -google_api_key = "" - -; Facebook -fb_enable = Off -fb_app_id = "" -fb_app_secret = "" - -; Twitter -twitter_enable = Off -twitter_consumer_key = "" -twitter_consumer_secret = "" - -; Dropbox -dropbox_enable = Off -dropbox_api_key = "" - [cache] ; The section controls caching of the entire application. ; @@ -252,7 +225,7 @@ enable = On ; Additional caching key. If changed, cache is purged index = "v1" -; Can be: files, APC, memcache, redis (beta) +; Can be: files, APCU, memcache, redis (beta) fast_cache_driver = "files" ; Additional caching key. If changed, fast cache is purged @@ -268,38 +241,23 @@ http_expires = 3600 server_uids = On [labs] -; Experimental settings. Handle with care. -; -allow_mobile_version = On -ignore_folders_subscription = Off -check_new_password_strength = On -update_channel = "stable" -allow_gravatar = Off -allow_prefetch = On -allow_smart_html_links = On cache_system_data = On date_from_headers = On -autocreate_system_folders = On +autocreate_system_folders = Off allow_message_append = Off -disable_iconv_if_mbstring_supported = Off login_fault_delay = 1 log_ajax_response_write_limit = 300 -allow_html_editor_source_button = Off allow_html_editor_biti_buttons = Off allow_ctrl_enter_on_compose = On try_to_detect_hidden_images = Off -hide_dangerous_actions = Off use_app_debug_js = Off use_mobile_version_for_tablets = Off use_app_debug_css = Off use_imap_sort = On use_imap_force_selection = Off -use_imap_list_subscribe = On use_imap_thread = On use_imap_move = Off use_imap_expunge_all_on_delete = Off -imap_forwarded_flag = "$Forwarded" -imap_read_receipt_flag = "$ReadReceipt" imap_body_text_limit = 555000 imap_message_list_fast_simple_search = On imap_message_list_count_limit_trigger = 0 @@ -309,25 +267,20 @@ imap_message_all_headers = Off imap_large_thread_limit = 50 imap_folder_list_limit = 200 imap_show_login_alert = On -imap_use_auth_plain = On -imap_use_auth_cram_md5 = Off +imap_use_list_status = On +imap_timeout = 300 +imap_disable_metadata = Off smtp_show_server_errors = Off -smtp_use_auth_plain = On -smtp_use_auth_cram_md5 = Off -sieve_allow_raw_script = Off -sieve_utf8_folder_name = On +smtp_timeout = 60 sieve_auth_plain_initial = On sieve_allow_fileinto_inbox = Off -imap_timeout = 300 -smtp_timeout = 60 sieve_timeout = 10 -domain_list_limit = 99 +sasl_allow_plain = On +sasl_allow_scram_sha = Off +sasl_allow_cram_md5 = Off mail_func_clear_headers = On mail_func_additional_parameters = Off -favicon_status = On folders_spec_limit = 50 -owncloud_save_folder = "Attachments" -owncloud_suggestions = On curl_proxy = "" curl_proxy_auth = "" in_iframe = Off @@ -335,25 +288,21 @@ force_https = Off custom_login_link = "" custom_logout_link = "" allow_external_login = Off -allow_external_sso = Off -external_sso_key = "" http_client_ip_check_proxy = Off fast_cache_memcache_host = "127.0.0.1" fast_cache_memcache_port = 11211 fast_cache_redis_host = "127.0.0.1" fast_cache_redis_port = 6379 -use_local_proxy_for_external_images = Off -detect_image_exif_orientation = On +use_local_proxy_for_external_images = On +image_exif_auto_rotate = Off cookie_default_path = "" cookie_default_secure = Off check_new_messages = On replace_env_in_configuration = "" -startup_url = "" -strict_html_parser = Off -allow_cmd = Off +boundary_prefix = "" dev_email = "" dev_password = "" [version] -current = "1.14.0" -saved = "Mon, 03 Aug 2020 23:43:20 +0000" \ No newline at end of file +current = "2.17.4" +saved = "Tue, 06 Sep 2022 20:20:34 +0000" \ No newline at end of file diff --git a/Configs/dovecot.conf b/Configs/dovecot.conf index 72cb42c..2b2f45b 100644 --- a/Configs/dovecot.conf +++ b/Configs/dovecot.conf @@ -2,8 +2,6 @@ auth_mechanisms = plain login disable_plaintext_auth = no mail_location = maildir:/mail/%u:INBOX=/mail/%u/.INBOX mail_privileged_group = mail -managesieve_notify_capability = mailto -managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = diff --git a/Configs/nginx.conf b/Configs/nginx.conf index 1ae0901..cf708ba 100644 --- a/Configs/nginx.conf +++ b/Configs/nginx.conf @@ -24,7 +24,7 @@ http { default_type application/octet-stream; access_log off; error_log /var/log/nginx/error.log; - #Server config for RainLoop + #Server config for Webmail server { listen 80 default_server; listen [::]:80 default_server; @@ -36,8 +36,8 @@ server { location / { try_files $uri $uri/ =404; } - location ^~ /rainloop { - alias /opt/rainloop; + location ^~ /webmail { + alias /opt/webmail; location ~ \.php$ { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; @@ -45,7 +45,7 @@ server { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $path_info; - fastcgi_param HTTPS on; + fastcgi_param HTTPS off; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass unix:/run/php-fpm8/php-fpm.sock; @@ -53,7 +53,7 @@ server { fastcgi_request_buffering off; } } - location ^~ /rainloop/data { + location ^~ /webmail/data { deny all; } } diff --git a/Configs/php.conf b/Configs/php.conf index 70be9f5..f2fa748 100644 --- a/Configs/php.conf +++ b/Configs/php.conf @@ -1,4 +1,4 @@ -[rainloop] +[webmail] user = nginx group = nginx listen = /run/php-fpm8/php-fpm.sock @@ -11,7 +11,7 @@ php_admin_value[error_log] = /var/log/php-fpm.error.log php_admin_value[cgi.fix_pathinfo] = 0 php_admin_value[allow_url_fopen] = Off php_admin_value[file_uploads] = on -php_admin_value[open_basedir] = /opt/rainloop:/run/php-fpm8/php-fpm.sock +php_admin_value[open_basedir] = /opt/webmail:/run/php-fpm8/php-fpm.sock php_admin_value[session.use_strict_mode] = 1 php_admin_value[session.cookie_httponly] = 1 diff --git a/Resources/Custom-index.html b/Resources/Custom-index.html index 3ec7c01..9ad3317 100644 --- a/Resources/Custom-index.html +++ b/Resources/Custom-index.html @@ -65,7 +65,7 @@ if you are missing folders please check your client if it is subscibed to them

Using inbuild webmail

As username user the internalname and add @localhost
if you are missing folders click the cog icon in the botom right > click folders > click the eye icon on the foler(s) > back
-GotoLocalWebmail +GotoLocalWebmail

diff --git a/Resources/UpdateOfflineImap3.sh b/Resources/UpdateOfflineImap3.sh index cc35ff6..0ade7bb 100644 --- a/Resources/UpdateOfflineImap3.sh +++ b/Resources/UpdateOfflineImap3.sh @@ -1,7 +1,7 @@ #!/bin/ash ##Script for updating OfflineIMAP3 -NewOfflineIMAPVer=$(curl -s https://api.github.com/repos/OfflineIMAP/offlineimap3/tags | grep 'name.*' |head -n 1 | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " ") +NewOfflineIMAPVer=$(curl -s https://api.github.com/repos/OfflineIMAP/offlineimap3/tags | grep 'name.*' |head -n 1 | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " " | tr -d : ) printf "OfflineIMAP: checking for upgrades... " diff --git a/Resources/UpdateRainLoop.sh b/Resources/UpdateRainLoop.sh deleted file mode 100644 index bda6e9e..0000000 --- a/Resources/UpdateRainLoop.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/ash -##Script for updating RainLoop -NewRainLoopVer=$(curl -s https://api.github.com/repos/RainLoop/rainloop-webmail/releases/latest | grep 'tag_name.*' | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " ") - -printf "RainLoop: checking for upgrades... " - -if [ "$NewRainLoopVer" != "$(cat /opt/rainloop-installed)" ]; -then - echo "update found" - #Backup Config - mv /opt/rainloop/data/_data_ /tmp/_data_ - rm -rf /opt/rainloop - curl http://www.rainloop.net/repository/webmail/rainloop-community-latest.zip -o /tmp/rlcl.zip - unzip -q /tmp/rlcl.zip -d /opt/rainloop - chown -R nginx:nginx /opt/rainloop - find /opt/rainloop/ -type d -exec chmod 755 {} \; - find /opt/rainloop/ -type f -exec chmod 644 {} \; - echo $NewRainLoopVer > /opt/rainloop-installed - #Restore config - mv /tmp/_data_ /opt/rainloop/data/_data_ - echo "upgrade complete" -else - echo "update not found" -fi \ No newline at end of file diff --git a/Resources/UpdateSnappyMail.sh b/Resources/UpdateSnappyMail.sh new file mode 100644 index 0000000..90a2f66 --- /dev/null +++ b/Resources/UpdateSnappyMail.sh @@ -0,0 +1,24 @@ +#!/bin/ash +##Script for updating SnappyMailVer +NewSnappyMailVer=$(curl -s https://api.github.com/repos/the-djmaze/snappymail/releases/latest | grep 'tag_name.*' | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " ") + +printf "SnappyMail: checking for upgrades... " + +if [ "$NewSnappyMailVer" != "$(cat /opt/SnappyMail-installed)" ]; +then + echo "update found" + #Backup Config + mv /opt/webmail/data/_data_ /tmp/_data_ + rm -rf /opt/webmail + curl -L https://github.com/the-djmaze/snappymail/releases/download/$NewSnappyMailVer/snappymail-${NewSnappyMailVer//v}.tar.gz -o /tmp/smc.tar.gz || exit 1 + tar -C /opt/webmail -xzf /tmp/smc.tar.gz + chown -R nginx:nginx /opt/webmail + find /opt/webmail/ -type d -exec chmod 755 {} \; + find /opt/webmail/ -type f -exec chmod 644 {} \; + echo $NewSnappyMailVer > /opt/webmail-installed + #Restore config + mv /tmp/_data_ /opt/webmail/data/_data_ + echo "upgrade complete" +else + echo "update not found" +fi \ No newline at end of file diff --git a/install.sh b/install.sh index 57064b4..bcc3824 100644 --- a/install.sh +++ b/install.sh @@ -7,23 +7,23 @@ cd "$( dirname "$0" )" if [ -z ${DistoBuilderINT+x} ]; then ResourceFolder=/tmp #Install required software - apk add dovecot php8-xml php8-fpm php8-curl php8-dom php8-iconv py3-pip sudo curl openssl - + apk add dovecot php8-xml php8-fpm php8-curl php8-dom php8-zip php8-mbstring php-openssl py3-pip sudo curl openssl #Install Nginx and Nginx Repo wget https://nginx.org/keys/nginx_signing.rsa.pub -O /etc/apk/keys/nginx_signing.rsa.pub echo "@nginx http://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories curl -L https://nginx.org/keys/nginx_signing.rsa.pub -o /etc/apk/keys/nginx_signing.rsa.pub apk add nginx@nginx - - #Download ExtraResource - OfflineIMAPVer=$(curl -s https://api.github.com/repos/OfflineIMAP/offlineimap3/tags | grep 'name.*' |head -n 1 | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " ") - echo "$(curl -s https://api.github.com/repos/RainLoop/rainloop-webmail/releases/latest | grep 'tag_name.*' | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " ")" > /tmp/rainloop-installed - echo "$OfflineIMAPVer" > /tmp/OfflineIMAP3-installed - curl http://www.rainloop.net/repository/webmail/rainloop-community-latest.zip -o /tmp/rlcl.zip - curl -L https://github.com/OfflineIMAP/offlineimap3/archive/refs/tags/$OfflineIMAPVer.tar.gz -o /tmp/olim3.tar.gz - fi +#Download Resources +OfflineIMAPVer=$(curl -s https://api.github.com/repos/OfflineIMAP/offlineimap3/tags | grep 'name.*' |head -n 1 | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " ") +SnappyMailVer=$(curl -s https://api.github.com/repos/the-djmaze/snappymail/releases/latest | grep 'tag_name.*' | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " ") +echo "$OfflineIMAPVer" > /opt/OfflineIMAP3-installed +echo "$SnappyMailVer" > /opt/SnappyMail-installed +https://github.com/the-djmaze/snappymail/releases/download/v2.17.4/snappymail-2.17.4.tar.gz +curl -L https://github.com/the-djmaze/snappymail/releases/download/$SnappyMailVer/snappymail-${SnappyMailVer//v}.tar.gz -o /tmp/smc.tar.gz || exit 1 +curl -L https://github.com/OfflineIMAP/offlineimap3/archive/refs/tags/$OfflineIMAPVer.tar.gz -o /tmp/olim3.tar.gz || exit 1 + #Configure Nginx rm -rf /etc/nginx/conf.d/* mv Configs/nginx.conf /etc/nginx/nginx.conf @@ -40,25 +40,21 @@ chmod 777 /mail rm /etc/php8/php-fpm.d/* mv Configs/php.conf /etc/php8/php-fpm.d/railoop.conf -#Install RainLoop -curl http://www.rainloop.net/repository/webmail/rainloop-community-latest.zip -o /tmp/rlcl.zip -unzip -q $ResourceFolder/rlcl.zip -d /opt/rainloop -mv $ResourceFolder/rainloop-installed /opt/rainloop-installed +#Install Webmail +tar -C /opt/webmail -xzf /tmp/smc.tar.gz -#Configure Rainloop -mkdir -p /opt/rainloop/data/_data_/_default_/configs /opt/rainloop/data/_data_/_default_/domains -touch /opt/rainloop/data/_data_/_default_/domains/disabled -mv Configs/RainLoop-application.ini /opt/rainloop/data/_data_/_default_/configs/application.ini -mv Configs/RainLoop-Domain-localhost.ini /opt/rainloop/data/_data_/_default_/domains/localhost.ini -chown -R nginx:nginx /opt/rainloop -find /opt/rainloop -type d -exec chmod 755 {} \; -find /opt/rainloop -type f -exec chmod 644 {} \; +#Configure Webmail +mkdir -p /opt/webmail/data/_data_/_default_/configs /opt/webmail/data/_data_/_default_/domains +touch /opt/webmail/data/_data_/_default_/domains/disabled +mv Configs/SnappyMail-application.ini /opt/webmail/data/_data_/_default_/configs/application.ini +mv Configs/SnappyMail-Domain-localhost.ini /opt/webmail/data/_data_/_default_/domains/localhost.ini +chown -R nginx:nginx /opt/webmail +find /opt/webmail -type d -exec chmod 755 {} \; +find /opt/webmail -type f -exec chmod 644 {} \; #Install OfflineIMAP3 -OfflineIMAPVer=$(curl -s https://api.github.com/repos/OfflineIMAP/offlineimap3/tags | grep 'name.*' |head -n 1 | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " ") -mv $ResourceFolder/OfflineIMAP3-installed /opt/OfflineIMAP3-installed mkdir /opt/OfflineIMAP3 -tar -C /opt/OfflineIMAP3 -xzf $ResourceFolder/olim3.tar.gz --strip 1 +tar -C /opt/OfflineIMAP3 -xzf /tmp/olim3.tar.gz --strip 1 sed -i '/kerberos/c\' /opt/OfflineIMAP3/requirements.txt sed -i '/cygwin/c\' /opt/OfflineIMAP3/requirements.txt pip3 install -r /opt/OfflineIMAP3/requirements.txt @@ -70,11 +66,11 @@ touch /opt/mailsync.sh echo '30 2 * * 4 ash /opt/mailsync.sh > /dev/null' >> /etc/crontabs/root #Add tool update scripts -mv Resources/UpdateRainLoop.sh /opt/UpdateRainLoop.sh +mv Resources/UpdateSnappyMail.sh /opt/UpdateSnappyMail.sh mv Resources/UpdateOfflineImap3.sh /opt/UpdateOfflineImap3.sh mv Resources/AddMailBox.sh /opt/AddMailBox.sh #Cleanup -rm -f /tmp/olim3.tar.gz /tmp/rlcl.zip +rm -f /tmp/olim3.tar.gz /tmp/smc.tar.gz #Start and enable service rc-update add dovecot rc-update add nginx