clean out old dmarc feedback, other cleanup

This commit is contained in:
Luke Smith 2023-02-11 20:10:28 -05:00
parent 0d2b016d6f
commit aa63926c4b
No known key found for this signature in database
GPG Key ID: 4C50B54A911F6252

View File

@ -1,17 +1,5 @@
#!/bin/sh #!/bin/sh
# THE SETUP
# Mail will be stored in non-retarded Maildirs because it's $currentyear. This
# makes it easier for use with isync, which is what I care about so I can have
# an offline repo of mail.
# The mailbox names are: Inbox, Sent, Drafts, Archive, Junk, Trash
# Use the typical unix login system for mail users. Users will log into their
# email with their passnames on the server. No usage of a redundant mySQL
# database to do this.
# BEFORE INSTALLING # BEFORE INSTALLING
# Have a Debian or Ubuntu server with a static IP and DNS records (usually # Have a Debian or Ubuntu server with a static IP and DNS records (usually
@ -29,9 +17,7 @@
umask 0022 umask 0022
apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools fail2ban apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban
# Check if OpenDKIM is installed and install it if not.
which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
domain="$(cat /etc/mailname)" domain="$(cat /etc/mailname)"
subdom=${MAIL_SUBDOM:-mail} subdom=${MAIL_SUBDOM:-mail}
maildomain="$subdom.$domain" maildomain="$subdom.$domain"
@ -97,10 +83,13 @@ postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_type = dovecot' postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_path = private/auth' postconf -e 'smtpd_sasl_path = private/auth'
# Sender, relay and recipient restrictions # helo, sender, relay and recipient restrictions
postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre" postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre"
postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain'
postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination' postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_helo_required = yes'
postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname'
# NOTE: the trailing slash here, or for any directory name in the home_mailbox # NOTE: the trailing slash here, or for any directory name in the home_mailbox
# command, is necessary as it distinguishes a maildir (which is the actual # command, is necessary as it distinguishes a maildir (which is the actual
@ -303,9 +292,6 @@ postconf -e 'milter_protocol = 6'
postconf -e 'smtpd_milters = inet:localhost:12301' postconf -e 'smtpd_milters = inet:localhost:12301'
postconf -e 'non_smtpd_milters = inet:localhost:12301' postconf -e 'non_smtpd_milters = inet:localhost:12301'
postconf -e 'mailbox_command = /usr/lib/dovecot/deliver' postconf -e 'mailbox_command = /usr/lib/dovecot/deliver'
postconf -e 'smtpd_helo_required = yes'
postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname'
postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain'
# A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442 # A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442
/lib/opendkim/opendkim.service.generate /lib/opendkim/opendkim.service.generate
@ -335,6 +321,14 @@ mxentry="$domain MX 10 $maildomain 300"
useradd -m -G mail dmarc useradd -m -G mail dmarc
# Create a cronjob that deletes month-old dmarc feedback:
cat <<EOF > /etc/cron.weekly/dmarc-clean
#!/bin/sh
find /home/dmarc/Mail -type f -mtime +30 -name '*.mail*' -delete
EOF
chmod 755 /etc/cron.weekly/dmarc-clean
grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini || grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini ||
echo " echo "
deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini