Merge branch 'master' of github.com:LukeSmithxyz/emailwiz
This commit is contained in:
commit
ae2ee398f6
12
README.md
12
README.md
@ -34,10 +34,10 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
|
||||
have an offline mirror of my email setup and I recommend the same. There are
|
||||
other ways of doing it though, like Thunderbird, etc.
|
||||
|
||||
## Requirements
|
||||
## Before you run this script you need...
|
||||
|
||||
1. A **Debian or Ubuntu server**. I've tested this on a
|
||||
[Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running
|
||||
[Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running
|
||||
Ubuntu and their setup works, but I suspect other VPS hosts will have
|
||||
similar/possibly identical default settings which will let you run this on
|
||||
them. Note that the affiliate link there to Vultr gives you a $100 credit
|
||||
@ -65,6 +65,9 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
|
||||
You may need to request these ports be opened to send mail successfully.
|
||||
Vultr and most other VPS providers will respond immediately and open the
|
||||
ports for you if you open a support ticket.
|
||||
7. If you have a firewall, you'll need to open ports on your side as well. For
|
||||
example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you
|
||||
will need port 80 for Certbot too).
|
||||
|
||||
## Post-install requirement!
|
||||
|
||||
@ -135,3 +138,8 @@ support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
|
||||
[Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
|
||||
blocks this by default, you need to open a support ticket with them to open
|
||||
it. You can't send mail if 25 is blocked
|
||||
|
||||
## TODO
|
||||
|
||||
- Fail2ban for security.
|
||||
- Scripts for easier spam prevention.
|
||||
|
19
emailwiz.sh
19
emailwiz.sh
@ -37,21 +37,21 @@ echo "Setting umask to 0022..."
|
||||
umask 0022
|
||||
|
||||
echo "Installing programs..."
|
||||
apt install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc
|
||||
apt-get install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc
|
||||
# Check if OpenDKIM is installed and install it if not.
|
||||
which opendkim-genkey >/dev/null 2>&1 || apt install opendkim-tools
|
||||
which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
|
||||
domain="$(cat /etc/mailname)"
|
||||
subdom=${MAIL_SUBDOM:-mail}
|
||||
maildomain="$subdom.$domain"
|
||||
certdir="/etc/letsencrypt/live/$maildomain"
|
||||
|
||||
[ ! -d "$certdir" ] && certdir="$(dirname "$(certbot certificates 2>/dev/null | grep "$maildomain\|*.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)")"
|
||||
[ ! -d "$certdir" ] &&
|
||||
possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" &&
|
||||
certdir="${possiblecert%/*}"
|
||||
|
||||
[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain.
|
||||
|
||||
Use Let's Encrypt's Certbot to get that and then rerun this script.
|
||||
|
||||
You may need to set up a dummy $maildomain site in nginx or Apache for that to work." && exit 1
|
||||
Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1
|
||||
|
||||
# NOTE ON POSTCONF COMMANDS
|
||||
|
||||
@ -311,18 +311,23 @@ systemctl daemon-reload
|
||||
for x in spamassassin opendkim dovecot postfix; do
|
||||
printf "Restarting %s..." "$x"
|
||||
service "$x" restart && printf " ...done\\n"
|
||||
systemctl enable "$x"
|
||||
done
|
||||
|
||||
# If ufw is used, enable the mail ports.
|
||||
pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;}
|
||||
|
||||
pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed 's/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//' | grep -o 'p=.*')"
|
||||
pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')"
|
||||
dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval"
|
||||
dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1"
|
||||
spfentry="$domain TXT v=spf1 mx a:$maildomain -all"
|
||||
|
||||
useradd -m -G mail dmarc
|
||||
|
||||
grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini ||
|
||||
echo "
|
||||
deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini
|
||||
|
||||
echo "$dkimentry
|
||||
$dmarcentry
|
||||
$spfentry" > "$HOME/dns_emailwizard"
|
||||
|
Loading…
Reference in New Issue
Block a user