Merge branch 'master' of github.com:LukeSmithxyz/emailwiz

This commit is contained in:
Luke Smith 2020-12-07 15:19:33 -05:00
commit b95fdd9334
No known key found for this signature in database
GPG Key ID: 4C50B54A911F6252
2 changed files with 23 additions and 5 deletions

View File

@ -10,7 +10,7 @@ sizeable network of people with email servers thanks to this script.
I've linked this file on Github to a shorter, more memorable address on my I've linked this file on Github to a shorter, more memorable address on my
website so you can get it on your machine with this short command: website so you can get it on your machine with this short command:
``` ```sh
curl -LO lukesmith.xyz/emailwiz.sh curl -LO lukesmith.xyz/emailwiz.sh
``` ```
@ -21,7 +21,7 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
- **Postfix** to send and receive mail. - **Postfix** to send and receive mail.
- **Dovecot** to get mail to your email client (mutt, Thunderbird, etc.). - **Dovecot** to get mail to your email client (mutt, Thunderbird, etc.).
- Config files that unique the two above securely with native log-ins. - Config files that link the two above securely with native log-ins.
- **Spamassassin** to prevent spam and allow you to make custom filters. - **Spamassassin** to prevent spam and allow you to make custom filters.
- **OpenDKIM** to validate you so you can send to Gmail and other big sites. - **OpenDKIM** to validate you so you can send to Gmail and other big sites.
@ -128,4 +128,10 @@ support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
[this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't [this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't
worry if you are: sometimes especially new domains are automatically assumed worry if you are: sometimes especially new domains are automatically assumed
to be spam temporarily. If you are blacklisted by one of these, look into it to be spam temporarily. If you are blacklisted by one of these, look into it
and it will explain how to remove yourself. and it will explain why and how to remove yourself.
- Check your DNS settings using [this site](https://intodns.com/), it'll report
any issues with your MX records
- Ensure that port 25 is open on your server.
[Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
blocks this by default, you need to open a support ticket with them to open
it. You can't send mail if 25 is blocked

View File

@ -38,7 +38,7 @@ apt install postfix dovecot-imapd dovecot-sieve opendkim spamassassin spamc
# Check if OpenDKIM is installed and install it if not. # Check if OpenDKIM is installed and install it if not.
which opendkim-genkey >/dev/null 2>&1 || apt install opendkim-tools which opendkim-genkey >/dev/null 2>&1 || apt install opendkim-tools
domain="$(cat /etc/mailname)" domain="$(cat /etc/mailname)"
subdom="mail" subdom=${MAIL_SUBDOM:-mail}
maildomain="$subdom.$domain" maildomain="$subdom.$domain"
certdir="/etc/letsencrypt/live/$maildomain" certdir="/etc/letsencrypt/live/$maildomain"
@ -66,6 +66,15 @@ postconf -e "smtpd_use_tls = yes"
postconf -e "smtpd_tls_auth_only = yes" postconf -e "smtpd_tls_auth_only = yes"
postconf -e "smtp_tls_security_level = may" postconf -e "smtp_tls_security_level = may"
postconf -e "smtp_tls_loglevel = 1" postconf -e "smtp_tls_loglevel = 1"
postconf -e "smtp_tls_CAfile=$certdir/cert.pem"
postconf -e "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
postconf -e "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
postconf -e "smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
postconf -e "smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
postconf -e "tls_preempt_cipherlist = yes"
postconf -e "smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
RSA+AES, eNULL"
# Here we tell Postfix to look to Dovecot for authenticating users/passwords. # Here we tell Postfix to look to Dovecot for authenticating users/passwords.
# Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth # Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth
@ -127,6 +136,9 @@ echo "# Dovecot config
ssl = required ssl = required
ssl_cert = <$certdir/fullchain.pem ssl_cert = <$certdir/fullchain.pem
ssl_key = <$certdir/privkey.pem ssl_key = <$certdir/privkey.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes
ssl_dh = </usr/share/dovecot/dh.pem ssl_dh = </usr/share/dovecot/dh.pem
# Plaintext login. This is safe and easy thanks to SSL. # Plaintext login. This is safe and easy thanks to SSL.
auth_mechanisms = plain login auth_mechanisms = plain login
@ -235,7 +247,7 @@ chmod g+r /etc/postfix/dkim/*
# Generate the OpenDKIM info: # Generate the OpenDKIM info:
echo "Configuring OpenDKIM..." echo "Configuring OpenDKIM..."
grep -q "$domain" /etc/postfix/dkim/keytable 2>/dev/null || grep -q "$domain" /etc/postfix/dkim/keytable 2>/dev/null ||
echo "$subdom._domainkey.$domain $domain:mail:/etc/postfix/dkim/mail.private" >> /etc/postfix/dkim/keytable echo "$subdom._domainkey.$domain $domain:$subdom:/etc/postfix/dkim/$subdom.private" >> /etc/postfix/dkim/keytable
grep -q "$domain" /etc/postfix/dkim/signingtable 2>/dev/null || grep -q "$domain" /etc/postfix/dkim/signingtable 2>/dev/null ||
echo "*@$domain $subdom._domainkey.$domain" >> /etc/postfix/dkim/signingtable echo "*@$domain $subdom._domainkey.$domain" >> /etc/postfix/dkim/signingtable