Merge branch 'master' of github.com:LukeSmithxyz/emailwiz
This commit is contained in:
commit
b95fdd9334
12
README.md
12
README.md
@ -10,7 +10,7 @@ sizeable network of people with email servers thanks to this script.
|
||||
I've linked this file on Github to a shorter, more memorable address on my
|
||||
website so you can get it on your machine with this short command:
|
||||
|
||||
```
|
||||
```sh
|
||||
curl -LO lukesmith.xyz/emailwiz.sh
|
||||
```
|
||||
|
||||
@ -21,7 +21,7 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
|
||||
|
||||
- **Postfix** to send and receive mail.
|
||||
- **Dovecot** to get mail to your email client (mutt, Thunderbird, etc.).
|
||||
- Config files that unique the two above securely with native log-ins.
|
||||
- Config files that link the two above securely with native log-ins.
|
||||
- **Spamassassin** to prevent spam and allow you to make custom filters.
|
||||
- **OpenDKIM** to validate you so you can send to Gmail and other big sites.
|
||||
|
||||
@ -128,4 +128,10 @@ support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
|
||||
[this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't
|
||||
worry if you are: sometimes especially new domains are automatically assumed
|
||||
to be spam temporarily. If you are blacklisted by one of these, look into it
|
||||
and it will explain how to remove yourself.
|
||||
and it will explain why and how to remove yourself.
|
||||
- Check your DNS settings using [this site](https://intodns.com/), it'll report
|
||||
any issues with your MX records
|
||||
- Ensure that port 25 is open on your server.
|
||||
[Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
|
||||
blocks this by default, you need to open a support ticket with them to open
|
||||
it. You can't send mail if 25 is blocked
|
||||
|
16
emailwiz.sh
16
emailwiz.sh
@ -38,7 +38,7 @@ apt install postfix dovecot-imapd dovecot-sieve opendkim spamassassin spamc
|
||||
# Check if OpenDKIM is installed and install it if not.
|
||||
which opendkim-genkey >/dev/null 2>&1 || apt install opendkim-tools
|
||||
domain="$(cat /etc/mailname)"
|
||||
subdom="mail"
|
||||
subdom=${MAIL_SUBDOM:-mail}
|
||||
maildomain="$subdom.$domain"
|
||||
certdir="/etc/letsencrypt/live/$maildomain"
|
||||
|
||||
@ -66,6 +66,15 @@ postconf -e "smtpd_use_tls = yes"
|
||||
postconf -e "smtpd_tls_auth_only = yes"
|
||||
postconf -e "smtp_tls_security_level = may"
|
||||
postconf -e "smtp_tls_loglevel = 1"
|
||||
postconf -e "smtp_tls_CAfile=$certdir/cert.pem"
|
||||
postconf -e "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
|
||||
postconf -e "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
|
||||
postconf -e "smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
|
||||
postconf -e "smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
|
||||
postconf -e "tls_preempt_cipherlist = yes"
|
||||
postconf -e "smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
|
||||
DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
|
||||
RSA+AES, eNULL"
|
||||
|
||||
# Here we tell Postfix to look to Dovecot for authenticating users/passwords.
|
||||
# Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth
|
||||
@ -127,6 +136,9 @@ echo "# Dovecot config
|
||||
ssl = required
|
||||
ssl_cert = <$certdir/fullchain.pem
|
||||
ssl_key = <$certdir/privkey.pem
|
||||
ssl_min_protocol = TLSv1.2
|
||||
ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
|
||||
ssl_prefer_server_ciphers = yes
|
||||
ssl_dh = </usr/share/dovecot/dh.pem
|
||||
# Plaintext login. This is safe and easy thanks to SSL.
|
||||
auth_mechanisms = plain login
|
||||
@ -235,7 +247,7 @@ chmod g+r /etc/postfix/dkim/*
|
||||
# Generate the OpenDKIM info:
|
||||
echo "Configuring OpenDKIM..."
|
||||
grep -q "$domain" /etc/postfix/dkim/keytable 2>/dev/null ||
|
||||
echo "$subdom._domainkey.$domain $domain:mail:/etc/postfix/dkim/mail.private" >> /etc/postfix/dkim/keytable
|
||||
echo "$subdom._domainkey.$domain $domain:$subdom:/etc/postfix/dkim/$subdom.private" >> /etc/postfix/dkim/keytable
|
||||
|
||||
grep -q "$domain" /etc/postfix/dkim/signingtable 2>/dev/null ||
|
||||
echo "*@$domain $subdom._domainkey.$domain" >> /etc/postfix/dkim/signingtable
|
||||
|
Loading…
Reference in New Issue
Block a user