Compare commits
6 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
24b3e2f5b9 | ||
|
98d45df08e | ||
|
7044cbcc5f | ||
|
39d9b9adb2 | ||
|
3358b0123a | ||
|
aa0f635a2e |
71
emailwiz.sh
71
emailwiz.sh
@ -17,9 +17,22 @@
|
||||
|
||||
umask 0022
|
||||
|
||||
apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban
|
||||
domain="$(cat /etc/mailname)"
|
||||
subdom=${MAIL_SUBDOM:-mail}
|
||||
#A apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban
|
||||
pacman -Syu postfix postfix-pcre dovecot pigeonhole opendkim spamassassin net-tools fail2ban cronie
|
||||
|
||||
mkdir -p /etc/dovecot
|
||||
cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
|
||||
cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
|
||||
|
||||
mkdir -p /var/lib/dovecot/sieve
|
||||
|
||||
mkdir -p /etc/mail/spamassassin/sa-update-keys
|
||||
chown spamd:spamd /etc/mail/spamassassin/sa-update-keys
|
||||
chmod 700 /etc/mail/spamassassin/sa-update-keys
|
||||
|
||||
#A domain="$(cat /etc/mailname)"
|
||||
domain="0124816.xyz"
|
||||
subdom="mail"
|
||||
maildomain="$subdom.$domain"
|
||||
certdir="/etc/letsencrypt/live/$maildomain"
|
||||
|
||||
@ -36,15 +49,15 @@ done
|
||||
certdir="/etc/letsencrypt/live/$maildomain" &&
|
||||
case "$(netstat -tulpn | grep ":80\s")" in
|
||||
*nginx*)
|
||||
apt install -y python3-certbot-nginx
|
||||
pacman -S certbot-nginx
|
||||
certbot -d "$maildomain" certonly --nginx --register-unsafely-without-email --agree-tos
|
||||
;;
|
||||
*apache*)
|
||||
apt install -y python3-certbot-apache
|
||||
pacman -S certbot-apache
|
||||
certbot -d "$maildomain" certonly --apache --register-unsafely-without-email --agree-tos
|
||||
;;
|
||||
*)
|
||||
apt install -y python3-certbot
|
||||
pacman -S certbot
|
||||
certbot -d "$maildomain" certonly --standalone --register-unsafely-without-email --agree-tos
|
||||
;;
|
||||
esac
|
||||
@ -95,7 +108,7 @@ postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authentica
|
||||
# command, is necessary as it distinguishes a maildir (which is the actual
|
||||
# directories that what we want) from a spoolfile (which is what old unix
|
||||
# boomers want and no one else).
|
||||
postconf -e 'home_mailbox = Mail/Inbox/'
|
||||
postconf -e 'home_mailbox = mail/inbox/'
|
||||
|
||||
# Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses
|
||||
postconf -e "header_checks = regexp:/etc/postfix/header_checks"
|
||||
@ -137,6 +150,8 @@ mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf
|
||||
|
||||
echo "Creating Dovecot config..."
|
||||
|
||||
[ -f "/etc/dovecot/dh.pem" ] || openssl dhparam -out /etc/dovecot/dh.pem 4096
|
||||
|
||||
echo "# Dovecot config
|
||||
# Note that in the dovecot conf, you can use:
|
||||
# %u for username
|
||||
@ -150,7 +165,7 @@ ssl_key = <$certdir/privkey.pem
|
||||
ssl_min_protocol = TLSv1.2
|
||||
ssl_cipher_list = "'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED'"
|
||||
ssl_prefer_server_ciphers = yes
|
||||
ssl_dh = </usr/share/dovecot/dh.pem
|
||||
ssl_dh = </etc/dovecot/dh.pem
|
||||
auth_mechanisms = plain login
|
||||
auth_username_format = %n
|
||||
|
||||
@ -165,28 +180,28 @@ passdb {
|
||||
driver = pam
|
||||
}
|
||||
|
||||
# Our mail for each user will be in ~/Mail, and the inbox will be ~/Mail/Inbox
|
||||
# Our mail for each user will be in ~/mail, and the inbox will be ~/mail/inbox
|
||||
# The LAYOUT option is also important because otherwise, the boxes will be \`.Sent\` instead of \`Sent\`.
|
||||
mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
|
||||
mail_location = maildir:~/mail:INBOX=~/mail/inbox:LAYOUT=fs
|
||||
namespace inbox {
|
||||
inbox = yes
|
||||
mailbox Drafts {
|
||||
mailbox drafts {
|
||||
special_use = \\Drafts
|
||||
auto = subscribe
|
||||
}
|
||||
mailbox Junk {
|
||||
mailbox junk {
|
||||
special_use = \\Junk
|
||||
auto = subscribe
|
||||
autoexpunge = 30d
|
||||
autoexpunge = 60d
|
||||
}
|
||||
mailbox Sent {
|
||||
mailbox sent {
|
||||
special_use = \\Sent
|
||||
auto = subscribe
|
||||
}
|
||||
mailbox Trash {
|
||||
mailbox trash {
|
||||
special_use = \\Trash
|
||||
}
|
||||
mailbox Archive {
|
||||
mailbox archive {
|
||||
special_use = \\Archive
|
||||
}
|
||||
}
|
||||
@ -227,7 +242,7 @@ mkdir /var/lib/dovecot/sieve/
|
||||
echo "require [\"fileinto\", \"mailbox\"];
|
||||
if header :contains \"X-Spam-Flag\" \"YES\"
|
||||
{
|
||||
fileinto \"Junk\";
|
||||
fileinto \"junk\";
|
||||
}" > /var/lib/dovecot/sieve/default.sieve
|
||||
|
||||
grep -q '^vmail:' /etc/passwd || useradd vmail
|
||||
@ -269,15 +284,15 @@ grep -q '127.0.0.1' /etc/postfix/dkim/trustedhosts 2>/dev/null ||
|
||||
10.1.0.0/16' >> /etc/postfix/dkim/trustedhosts
|
||||
|
||||
# ...and source it from opendkim.conf
|
||||
grep -q '^KeyTable' /etc/opendkim.conf 2>/dev/null || echo 'KeyTable file:/etc/postfix/dkim/keytable
|
||||
grep -q '^KeyTable' /etc/opendkim/opendkim.conf 2>/dev/null || echo 'KeyTable file:/etc/postfix/dkim/keytable
|
||||
SigningTable refile:/etc/postfix/dkim/signingtable
|
||||
InternalHosts refile:/etc/postfix/dkim/trustedhosts' >> /etc/opendkim.conf
|
||||
InternalHosts refile:/etc/postfix/dkim/trustedhosts' >> /etc/opendkim/opendkim.conf
|
||||
|
||||
sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf
|
||||
sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf
|
||||
sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim/opendkim.conf
|
||||
sed -i '/^#Canonicalization/s/^#//' /etc/opendkim/opendkim.conf
|
||||
|
||||
sed -i '/Socket/s/^#*/#/' /etc/opendkim.conf
|
||||
grep -q '^Socket\s*inet:12301@localhost' /etc/opendkim.conf || echo 'Socket inet:12301@localhost' >> /etc/opendkim.conf
|
||||
sed -i '/Socket/s/^#*/#/' /etc/opendkim/opendkim.conf
|
||||
grep -q '^Socket\s*inet:12301@localhost' /etc/opendkim/opendkim.conf || echo 'Socket inet:12301@localhost' >> /etc/opendkim/opendkim.conf
|
||||
|
||||
# OpenDKIM daemon settings, removing previously activated socket.
|
||||
sed -i '/^SOCKET/d' /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim
|
||||
@ -294,8 +309,8 @@ postconf -e 'non_smtpd_milters = inet:localhost:12301'
|
||||
postconf -e 'mailbox_command = /usr/lib/dovecot/deliver'
|
||||
|
||||
# A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442
|
||||
/lib/opendkim/opendkim.service.generate
|
||||
systemctl daemon-reload
|
||||
# /lib/opendkim/opendkim.service.generate
|
||||
# systemctl daemon-reload
|
||||
|
||||
# Enable fail2ban security for dovecot and postfix.
|
||||
[ ! -f /etc/fail2ban/jail.d/emailwiz.local ] && echo "[postfix]
|
||||
@ -308,11 +323,11 @@ enabled = true
|
||||
enabled = true" > /etc/fail2ban/jail.d/emailwiz.local
|
||||
|
||||
# Enable SpamAssassin update cronjob.
|
||||
sed -i "s|^CRON=0|CRON=1|" /etc/default/spamassassin
|
||||
sed -i "s|^CRON=0|CRON=1|" /etc/spamassassin
|
||||
|
||||
for x in spamassassin opendkim dovecot postfix fail2ban; do
|
||||
printf "Restarting %s..." "$x"
|
||||
service "$x" restart && printf " ...done\\n"
|
||||
systemctl restart "$x" && printf " ...done\\n"
|
||||
systemctl enable "$x"
|
||||
done
|
||||
|
||||
@ -335,7 +350,7 @@ chmod 755 /etc/cron.weekly/dmarc-clean
|
||||
|
||||
grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini ||
|
||||
echo "
|
||||
deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini
|
||||
deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && systemctl reload postfix && systemctl reload dovecot" >> /etc/letsencrypt/cli.ini
|
||||
|
||||
echo "NOTE: Elements in the entries might appear in a different order in your registrar's DNS settings.
|
||||
$dkimentry
|
||||
|
Loading…
Reference in New Issue
Block a user