Change obvious stuff (1st read)

before trying it out
This commit is contained in:
juvilius 2023-04-07 16:46:28 +02:00
parent 3f2b10f854
commit aa0f635a2e
Signed by untrusted user who does not match committer: julius
GPG Key ID: 3EAC91A848E1D685

View File

@ -17,9 +17,12 @@
umask 0022
apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban
domain="$(cat /etc/mailname)"
subdom=${MAIL_SUBDOM:-mail}
#A apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban
pacman -Syu postfix postfix-pcre dovecot pigeonhole opendkim spamassassin net-tools fail2ban cronie
#A domain="$(cat /etc/mailname)"
domain="0124816.xyz"
subdom="mail"
maildomain="$subdom.$domain"
certdir="/etc/letsencrypt/live/$maildomain"
@ -36,15 +39,15 @@ done
certdir="/etc/letsencrypt/live/$maildomain" &&
case "$(netstat -tulpn | grep ":80\s")" in
*nginx*)
apt install -y python3-certbot-nginx
pacman -S certbot-nginx
certbot -d "$maildomain" certonly --nginx --register-unsafely-without-email --agree-tos
;;
*apache*)
apt install -y python3-certbot-apache
pacman -S certbot-apache
certbot -d "$maildomain" certonly --apache --register-unsafely-without-email --agree-tos
;;
*)
apt install -y python3-certbot
pacman -S certbot
certbot -d "$maildomain" certonly --standalone --register-unsafely-without-email --agree-tos
;;
esac
@ -95,7 +98,7 @@ postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authentica
# command, is necessary as it distinguishes a maildir (which is the actual
# directories that what we want) from a spoolfile (which is what old unix
# boomers want and no one else).
postconf -e 'home_mailbox = Mail/Inbox/'
postconf -e 'home_mailbox = mail/inbox/'
# Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses
postconf -e "header_checks = regexp:/etc/postfix/header_checks"
@ -165,29 +168,29 @@ passdb {
driver = pam
}
# Our mail for each user will be in ~/Mail, and the inbox will be ~/Mail/Inbox
# Our mail for each user will be in ~/mail, and the inbox will be ~/mail/inbox
# The LAYOUT option is also important because otherwise, the boxes will be \`.Sent\` instead of \`Sent\`.
mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
mail_location = maildir:~/mail:INBOX=~/mail/inbox:LAYOUT=fs
namespace inbox {
inbox = yes
mailbox Drafts {
special_use = \\Drafts
mailbox drafts {
special_use = \\drafts
auto = subscribe
}
mailbox Junk {
special_use = \\Junk
mailbox junk {
special_use = \\junk
auto = subscribe
autoexpunge = 30d
autoexpunge = 60d
}
mailbox Sent {
special_use = \\Sent
mailbox sent {
special_use = \\sent
auto = subscribe
}
mailbox Trash {
special_use = \\Trash
mailbox trash {
special_use = \\trash
}
mailbox Archive {
special_use = \\Archive
mailbox archive {
special_use = \\archive
}
}
@ -227,7 +230,7 @@ mkdir /var/lib/dovecot/sieve/
echo "require [\"fileinto\", \"mailbox\"];
if header :contains \"X-Spam-Flag\" \"YES\"
{
fileinto \"Junk\";
fileinto \"junk\";
}" > /var/lib/dovecot/sieve/default.sieve
grep -q '^vmail:' /etc/passwd || useradd vmail
@ -312,7 +315,7 @@ sed -i "s|^CRON=0|CRON=1|" /etc/default/spamassassin
for x in spamassassin opendkim dovecot postfix fail2ban; do
printf "Restarting %s..." "$x"
service "$x" restart && printf " ...done\\n"
systemctl restart "$x" && printf " ...done\\n"
systemctl enable "$x"
done
@ -335,7 +338,7 @@ chmod 755 /etc/cron.weekly/dmarc-clean
grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini ||
echo "
deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini
deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && systemctl reload postfix && systemctl reload dovecot" >> /etc/letsencrypt/cli.ini
echo "NOTE: Elements in the entries might appear in a different order in your registrar's DNS settings.
$dkimentry