From bfe88e1ca1fb6b812f2e44b9fded31cb4bc41076 Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Mon, 26 Apr 2021 13:24:22 -0400 Subject: [PATCH 1/3] added outgoing mail encryption to mailsrv --- mailsrv/assets/postfix/main.cf.part | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/mailsrv/assets/postfix/main.cf.part b/mailsrv/assets/postfix/main.cf.part index 4e3f23a..b6279b1 100644 --- a/mailsrv/assets/postfix/main.cf.part +++ b/mailsrv/assets/postfix/main.cf.part @@ -28,13 +28,19 @@ local_transport = dovecot # set recipient limit to 1 so X-Original-To header addition will work dovecot_destination_recipient_limit = 1 -### SMTP ### -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +### Outgoing Mail ### +# enable opportunistic TLS for outgoing mail +smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache -# whether to allow or enforce TLS. Acceptable values are 'none', 'may', or 'encrypt'. -smtpd_tls_security_level=may +# log whether connection has completed encryption handshake +smtp_tls_loglevel = 1 + +### Incoming Mail ### +# enable opportunistic TLS for incoming mail +smtpd_tls_security_level = may +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +# prevent sending passwords over unsecured connections +smtpd_tls_auth_only = yes # where to find certs smtpd_tls_cert_file=/vol/ssl/fullchain.pem smtpd_tls_key_file=/vol/ssl/privkey.pem @@ -45,8 +51,6 @@ smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # and the common settings to enable SASL: smtpd_sasl_auth_enable = yes - -### Security ### # these settings apply to BOTH authenticated and unauthenticated mail # for security settings for only authenticated mail, use options in master.cf smtpd_delay_reject = yes @@ -75,4 +79,4 @@ biff = no # fresh installs. compatibility_level = 2 # maximum size allowed for sent messages, in bytes -message_size_limit = 33554432 +message_size_limit = 102400000 From 104cafc3712cc4d19e4acd3949a554d445757c05 Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Thu, 20 May 2021 15:13:24 -0400 Subject: [PATCH 2/3] updated disabled apps for nextcloud --- nextcloud/Systemdfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud/Systemdfile b/nextcloud/Systemdfile index a050a5c..d4372d3 100644 --- a/nextcloud/Systemdfile +++ b/nextcloud/Systemdfile @@ -26,7 +26,7 @@ nc-occ app:install bookmarks nc-occ app:install mail # disable apps we don't want -nc-occ app:disable comments federation files_trashbin files_versions firstrunwizard recommendations support survey_client systemtags +nc-occ app:disable comments dashboard federation files_trashbin firstrunwizard recommendations support survey_client systemtags # configure apps # set calendar to refresh subscriptions once a day (to set to one hour use 'PT1H' instead) From 0513d7acfb3ccdbc962db8cb967169529594ea73 Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Fri, 4 Jun 2021 21:51:34 -0400 Subject: [PATCH 3/3] bugfix --- samba/assets/bin/smbadduser | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samba/assets/bin/smbadduser b/samba/assets/bin/smbadduser index 7a996af..b0adfde 100755 --- a/samba/assets/bin/smbadduser +++ b/samba/assets/bin/smbadduser @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash if [[ -z $(getent passwd "$1") ]]; then adduser "$1" --disabled-password --gecos "" --no-create-home --shell /usr/sbin/nologin usermod -a -G sambashare "$1"