Merge branch 'master' of github.com:LukeSmithxyz/emailwiz
This commit is contained in:
commit
ae2ee398f6
12
README.md
12
README.md
@ -34,10 +34,10 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
|
|||||||
have an offline mirror of my email setup and I recommend the same. There are
|
have an offline mirror of my email setup and I recommend the same. There are
|
||||||
other ways of doing it though, like Thunderbird, etc.
|
other ways of doing it though, like Thunderbird, etc.
|
||||||
|
|
||||||
## Requirements
|
## Before you run this script you need...
|
||||||
|
|
||||||
1. A **Debian or Ubuntu server**. I've tested this on a
|
1. A **Debian or Ubuntu server**. I've tested this on a
|
||||||
[Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running
|
[Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running
|
||||||
Ubuntu and their setup works, but I suspect other VPS hosts will have
|
Ubuntu and their setup works, but I suspect other VPS hosts will have
|
||||||
similar/possibly identical default settings which will let you run this on
|
similar/possibly identical default settings which will let you run this on
|
||||||
them. Note that the affiliate link there to Vultr gives you a $100 credit
|
them. Note that the affiliate link there to Vultr gives you a $100 credit
|
||||||
@ -65,6 +65,9 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
|
|||||||
You may need to request these ports be opened to send mail successfully.
|
You may need to request these ports be opened to send mail successfully.
|
||||||
Vultr and most other VPS providers will respond immediately and open the
|
Vultr and most other VPS providers will respond immediately and open the
|
||||||
ports for you if you open a support ticket.
|
ports for you if you open a support ticket.
|
||||||
|
7. If you have a firewall, you'll need to open ports on your side as well. For
|
||||||
|
example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you
|
||||||
|
will need port 80 for Certbot too).
|
||||||
|
|
||||||
## Post-install requirement!
|
## Post-install requirement!
|
||||||
|
|
||||||
@ -135,3 +138,8 @@ support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
|
|||||||
[Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
|
[Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
|
||||||
blocks this by default, you need to open a support ticket with them to open
|
blocks this by default, you need to open a support ticket with them to open
|
||||||
it. You can't send mail if 25 is blocked
|
it. You can't send mail if 25 is blocked
|
||||||
|
|
||||||
|
## TODO
|
||||||
|
|
||||||
|
- Fail2ban for security.
|
||||||
|
- Scripts for easier spam prevention.
|
||||||
|
19
emailwiz.sh
19
emailwiz.sh
@ -37,21 +37,21 @@ echo "Setting umask to 0022..."
|
|||||||
umask 0022
|
umask 0022
|
||||||
|
|
||||||
echo "Installing programs..."
|
echo "Installing programs..."
|
||||||
apt install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc
|
apt-get install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc
|
||||||
# Check if OpenDKIM is installed and install it if not.
|
# Check if OpenDKIM is installed and install it if not.
|
||||||
which opendkim-genkey >/dev/null 2>&1 || apt install opendkim-tools
|
which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
|
||||||
domain="$(cat /etc/mailname)"
|
domain="$(cat /etc/mailname)"
|
||||||
subdom=${MAIL_SUBDOM:-mail}
|
subdom=${MAIL_SUBDOM:-mail}
|
||||||
maildomain="$subdom.$domain"
|
maildomain="$subdom.$domain"
|
||||||
certdir="/etc/letsencrypt/live/$maildomain"
|
certdir="/etc/letsencrypt/live/$maildomain"
|
||||||
|
|
||||||
[ ! -d "$certdir" ] && certdir="$(dirname "$(certbot certificates 2>/dev/null | grep "$maildomain\|*.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)")"
|
[ ! -d "$certdir" ] &&
|
||||||
|
possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" &&
|
||||||
|
certdir="${possiblecert%/*}"
|
||||||
|
|
||||||
[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain.
|
[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain.
|
||||||
|
|
||||||
Use Let's Encrypt's Certbot to get that and then rerun this script.
|
Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1
|
||||||
|
|
||||||
You may need to set up a dummy $maildomain site in nginx or Apache for that to work." && exit 1
|
|
||||||
|
|
||||||
# NOTE ON POSTCONF COMMANDS
|
# NOTE ON POSTCONF COMMANDS
|
||||||
|
|
||||||
@ -311,18 +311,23 @@ systemctl daemon-reload
|
|||||||
for x in spamassassin opendkim dovecot postfix; do
|
for x in spamassassin opendkim dovecot postfix; do
|
||||||
printf "Restarting %s..." "$x"
|
printf "Restarting %s..." "$x"
|
||||||
service "$x" restart && printf " ...done\\n"
|
service "$x" restart && printf " ...done\\n"
|
||||||
|
systemctl enable "$x"
|
||||||
done
|
done
|
||||||
|
|
||||||
# If ufw is used, enable the mail ports.
|
# If ufw is used, enable the mail ports.
|
||||||
pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;}
|
pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;}
|
||||||
|
|
||||||
pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed 's/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//' | grep -o 'p=.*')"
|
pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')"
|
||||||
dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval"
|
dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval"
|
||||||
dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1"
|
dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1"
|
||||||
spfentry="$domain TXT v=spf1 mx a:$maildomain -all"
|
spfentry="$domain TXT v=spf1 mx a:$maildomain -all"
|
||||||
|
|
||||||
useradd -m -G mail dmarc
|
useradd -m -G mail dmarc
|
||||||
|
|
||||||
|
grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini ||
|
||||||
|
echo "
|
||||||
|
deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini
|
||||||
|
|
||||||
echo "$dkimentry
|
echo "$dkimentry
|
||||||
$dmarcentry
|
$dmarcentry
|
||||||
$spfentry" > "$HOME/dns_emailwizard"
|
$spfentry" > "$HOME/dns_emailwizard"
|
||||||
|
Loading…
Reference in New Issue
Block a user