- Added input validation for the domain parameter to allow only alphanumeric characters, dots, and dashes.
- This mitigates a command injection vulnerability on line 9 where unsanitized user input could be injected into the sed command.
- The fix improves security for local script execution in multi-user environments or when the script is run with elevated privileges.
-- the change to the apt-get install part at the beginning forces an uninstall and purge of configs. This means that if you re-run the script it will "reset" the install to default state by deleting packages and configs and re-installing and re-generating the configs.
--I turned some hardcoded settings into options that can be set in the variables at the top of the script (for convenience). The default behavior is the same as before.
allow_suboptimal_ciphers="yes" #yes no
mailbox_format="maildir" # maildir sdbox
allowed_protocols=" imap pop3 " #imap pop3
--added a setting "selfsigned="no" # yes no" to choose between "let's get a cert from letsencrypt" and "create self-signed cert that lasts 100 years", and added the logic to generate the certs and whatnot.
My usecase is for an "isolated" server that collects notifications from devices in the same local network(s) or serves as secure/private messaging system over VPN (wireguard or whatever).
The default is still as before. If creating a self-signed cert is selected, it will show the certificate creation wizard as normal.
--added a few setting variables to auto-generate the certificate with country name, state/province name, organization name and hostname
Again this is not enabled by default.
This commits checks for /etc/default/spamassassin. If it exists, it's
passed through sed to modify the CRON variable as usual, and
spamassassin.service is enabled and restarted.
If /etc/default/spamassassin does not exist, but /etc/default/spamd
exists, we modify /etc/default/spamd instead, and restart and enable
spamd.service.
This has to be done because Debian 12 introduced this breaking change:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020859
Apologies for my previous commit which introduced a new "README" file
specifically for my fork of the repository. I've modified my patch to
remove it, please accept this version of the patch instead.
Signed-off-by: Andrew Yu <andrew@andrewyu.org>
Unless you intend to interpolate, you should never use double-quotes. In
this instance, it was actually impactful -- `$myhostname` and
`$mydomain` were meant to be left as-is, referring to those Postfix
config parameters, but were accidentally interpolated and subsequently
generating nonsense (but not fatal) configuration.