Merge pull request #15 from Schueni1/master

Added relaxed option for DKIM.
2019-12-26 18:41:27 -05:00 · 2019-12-26 18:41:27 -05:00 · eb15bba5f3
commit eb15bba5f3
parent 7788391d60 e7914356a7
1 changed files with 23 additions and 8 deletions
--- a/emailwiz.sh
+++ b/emailwiz.sh
@ -16,9 +16,9 @@
 # On installation of Postfix, select "Internet Site" and put in TLD (without before it mail.)

 echo "Installing programs..."
-apt install postfix dovecot-imapd opendkim spamassassin spamc
+apt install postfix dovecot-imapd dovecot-sieve opendkim spamassassin spamc
 # Install another requirement for opendikm only if the above command didn't get it already
-[ -e $(which opendkim-genkey) ] || apt install opendkim-tools
+[ which opendkim-genkey > /dev/null 2>&1 ] || apt install opendkim-tools
 domain="$(cat /etc/mailname)"
 subdom="mail"
 maildomain="$subdom.$domain"
@ -96,7 +96,7 @@ ssl = required
 ssl_cert = </etc/letsencrypt/live/$maildomain/fullchain.pem
 ssl_key = </etc/letsencrypt/live/$maildomain/privkey.pem
 # Plaintext login. This is safe and easy thanks to SSL.
-auth_mechanisms = plain
+auth_mechanisms = plain login cram-md5

 protocols = \$protocols imap

@ -104,7 +104,12 @@ protocols = \$protocols imap
 userdb {
 	driver = passwd
 }
-# Use plain old PAM to find user passwords
+# Use file with cram-md5 hashed passwords to find user passwords
+passdb {
+	driver = passwd-file
+	args = scheme=cram-md5 /etc/cram-md5.pwd
+}
+#Fallback: Use plain old PAM to find user passwords
 passdb {
 	driver = pam
 }
@ -170,6 +175,7 @@ if header :contains \"X-Spam-Flag\" \"YES\"
 		fileinto \"Junk\";
 	}" > /var/lib/dovecot/sieve/default.sieve

+cut -d: -f1 /etc/passwd | grep ^vmail > /dev/null 2&>1 || useradd vmail
 chown -R vmail:vmail /var/lib/dovecot
 sievec /var/lib/dovecot/sieve/default.sieve

@ -211,15 +217,24 @@ grep ^KeyTable /etc/opendkim.conf >/dev/null || echo "KeyTable file:/etc/postfix
 SigningTable refile:/etc/postfix/dkim/signingtable
 InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf

+sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf
+sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf
+
+sed -e '/Socket/s/^#*/#/' -i /etc/opendkim.conf
+sed -i '/\local:\/var\/run\/opendkim\/opendkim.sock/a \Socket\t\t\tinet:12301@localhost' /etc/opendkim.conf
+
 # OpenDKIM daemon settings, removing previously activated socket.
-sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:8891@localhost\"" >> /etc/default/opendkim
+sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim

 # Here we add to postconf the needed settings for working with OpenDKIM
 echo "Configuring Postfix with OpenDKIM settings..."
+postconf -e "smtpd_sasl_security_options = noanonymous, noplaintext"
+postconf -e "smtpd_sasl_tls_security_options = noanonymous"
+postconf -e "myhostname = $maildomain"
 postconf -e "milter_default_action = accept"
-postconf -e "milter_protocol = 2"
-postconf -e "smtpd_milters = inet:localhost:8891"
-postconf -e "non_smtpd_milters = inet:localhost:8891"
+postconf -e "milter_protocol = 6"
+postconf -e "smtpd_milters = inet:localhost:12301"
+postconf -e "non_smtpd_milters = inet:localhost:12301"
 postconf -e "mailbox_command = /usr/lib/dovecot/deliver"

 echo "Restarting Dovecot..."