dh.pem in /etc/dovecot/

Generate dh.pem for dovecot
SpamAssasin also needs a directory created
2023-04-07 17:59:31 +02:00 · 2023-04-07 17:29:45 +02:00 · 2023-04-07 17:22:54 +02:00 · 2023-04-07 17:11:58 +02:00 · 2023-04-07 17:03:06 +02:00 · 2023-04-07 16:46:28 +02:00
1 changed files with 43 additions and 28 deletions
--- a/emailwiz.sh
+++ b/emailwiz.sh
@ -17,9 +17,22 @@

 umask 0022

-apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban
-domain="$(cat /etc/mailname)"
-subdom=${MAIL_SUBDOM:-mail}
+#A apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban
+pacman -Syu postfix postfix-pcre dovecot pigeonhole opendkim spamassassin net-tools fail2ban cronie
+
+mkdir -p /etc/dovecot
+cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
+cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
+
+mkdir -p /var/lib/dovecot/sieve
+
+mkdir -p /etc/mail/spamassassin/sa-update-keys
+chown spamd:spamd /etc/mail/spamassassin/sa-update-keys
+chmod 700 /etc/mail/spamassassin/sa-update-keys
+
+#A domain="$(cat /etc/mailname)"
+domain="0124816.xyz"
+subdom="mail"
 maildomain="$subdom.$domain"
 certdir="/etc/letsencrypt/live/$maildomain"

@ -36,15 +49,15 @@ done
 	certdir="/etc/letsencrypt/live/$maildomain" &&
 	case "$(netstat -tulpn | grep ":80\s")" in
 	*nginx*)
-		apt install -y python3-certbot-nginx
+		pacman -S certbot-nginx
 		certbot -d "$maildomain" certonly --nginx --register-unsafely-without-email --agree-tos
 		;;
 	*apache*)
-		apt install -y python3-certbot-apache
+		pacman -S certbot-apache
 		certbot -d "$maildomain" certonly --apache --register-unsafely-without-email --agree-tos
 		;;
 	*)
-		apt install -y python3-certbot
+		pacman -S certbot
 		certbot -d "$maildomain" certonly --standalone --register-unsafely-without-email --agree-tos
 		;;
 esac
@ -95,7 +108,7 @@ postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authentica
 # command, is necessary as it distinguishes a maildir (which is the actual
 # directories that what we want) from a spoolfile (which is what old unix
 # boomers want and no one else).
-postconf -e 'home_mailbox = Mail/Inbox/'
+postconf -e 'home_mailbox = mail/inbox/'

 # Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses
 postconf -e "header_checks = regexp:/etc/postfix/header_checks"
@ -137,6 +150,8 @@ mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf

 echo "Creating Dovecot config..."

+[ -f "/etc/dovecot/dh.pem" ] || openssl dhparam -out /etc/dovecot/dh.pem 4096
+
 echo "# Dovecot config
 # Note that in the dovecot conf, you can use:
 # %u for username
@ -150,7 +165,7 @@ ssl_key = <$certdir/privkey.pem
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = "'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED'"
 ssl_prefer_server_ciphers = yes
-ssl_dh = </usr/share/dovecot/dh.pem
+ssl_dh = </etc/dovecot/dh.pem
 auth_mechanisms = plain login
 auth_username_format = %n

@ -165,28 +180,28 @@ passdb {
 	driver = pam
 }

-# Our mail for each user will be in ~/Mail, and the inbox will be ~/Mail/Inbox
+# Our mail for each user will be in ~/mail, and the inbox will be ~/mail/inbox
 # The LAYOUT option is also important because otherwise, the boxes will be \`.Sent\` instead of \`Sent\`.
-mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
+mail_location = maildir:~/mail:INBOX=~/mail/inbox:LAYOUT=fs
 namespace inbox {
 	inbox = yes
-	mailbox Drafts {
+	mailbox drafts {
 	special_use = \\Drafts
 	auto = subscribe
 }
-	mailbox Junk {
+	mailbox junk {
 	special_use = \\Junk
 	auto = subscribe
-	autoexpunge = 30d
+	autoexpunge = 60d
 }
-	mailbox Sent {
+	mailbox sent {
 	special_use = \\Sent
 	auto = subscribe
 }
-	mailbox Trash {
+	mailbox trash {
 	special_use = \\Trash
 }
-	mailbox Archive {
+	mailbox archive {
 	special_use = \\Archive
 }
 }
@ -227,7 +242,7 @@ mkdir /var/lib/dovecot/sieve/
 echo "require [\"fileinto\", \"mailbox\"];
 if header :contains \"X-Spam-Flag\" \"YES\"
 	{
-		fileinto \"Junk\";
+		fileinto \"junk\";
 	}" > /var/lib/dovecot/sieve/default.sieve

 grep -q '^vmail:' /etc/passwd || useradd vmail
@ -269,15 +284,15 @@ grep -q '127.0.0.1' /etc/postfix/dkim/trustedhosts 2>/dev/null ||
 10.1.0.0/16' >> /etc/postfix/dkim/trustedhosts

 # ...and source it from opendkim.conf
-grep -q '^KeyTable' /etc/opendkim.conf 2>/dev/null || echo 'KeyTable file:/etc/postfix/dkim/keytable
+grep -q '^KeyTable' /etc/opendkim/opendkim.conf 2>/dev/null || echo 'KeyTable file:/etc/postfix/dkim/keytable
 SigningTable refile:/etc/postfix/dkim/signingtable
-InternalHosts refile:/etc/postfix/dkim/trustedhosts' >> /etc/opendkim.conf
+InternalHosts refile:/etc/postfix/dkim/trustedhosts' >> /etc/opendkim/opendkim.conf

-sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf
-sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf
+sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim/opendkim.conf
+sed -i '/^#Canonicalization/s/^#//' /etc/opendkim/opendkim.conf

-sed -i '/Socket/s/^#*/#/' /etc/opendkim.conf
-grep -q '^Socket\s*inet:12301@localhost' /etc/opendkim.conf || echo 'Socket inet:12301@localhost' >> /etc/opendkim.conf
+sed -i '/Socket/s/^#*/#/' /etc/opendkim/opendkim.conf
+grep -q '^Socket\s*inet:12301@localhost' /etc/opendkim/opendkim.conf || echo 'Socket inet:12301@localhost' >> /etc/opendkim/opendkim.conf

 # OpenDKIM daemon settings, removing previously activated socket.
 sed -i '/^SOCKET/d' /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim
@ -294,8 +309,8 @@ postconf -e 'non_smtpd_milters = inet:localhost:12301'
 postconf -e 'mailbox_command = /usr/lib/dovecot/deliver'

 # A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442
-/lib/opendkim/opendkim.service.generate
-systemctl daemon-reload
+# /lib/opendkim/opendkim.service.generate
+# systemctl daemon-reload

 # Enable fail2ban security for dovecot and postfix.
 [ ! -f /etc/fail2ban/jail.d/emailwiz.local ] && echo "[postfix]
@ -308,11 +323,11 @@ enabled = true
 enabled = true" > /etc/fail2ban/jail.d/emailwiz.local

 # Enable SpamAssassin update cronjob.
-sed -i "s|^CRON=0|CRON=1|" /etc/default/spamassassin
+sed -i "s|^CRON=0|CRON=1|" /etc/spamassassin

 for x in spamassassin opendkim dovecot postfix fail2ban; do
 	printf "Restarting %s..." "$x"
-	service "$x" restart && printf " ...done\\n"
+	systemctl restart "$x" && printf " ...done\\n"
 	systemctl enable "$x"
 done

@ -335,7 +350,7 @@ chmod 755 /etc/cron.weekly/dmarc-clean

 grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini ||
 	echo "
-deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini
+deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && systemctl reload postfix && systemctl reload dovecot" >> /etc/letsencrypt/cli.ini

 echo "NOTE: Elements in the entries might appear in a different order in your registrar's DNS settings.
 $dkimentry
Author	SHA1	Message	Date
juvilius	24b3e2f5b9	dh.pem in /etc/dovecot/	2023-04-07 17:59:31 +02:00
juvilius	98d45df08e	Generate dh.pem for dovecot	2023-04-07 17:29:45 +02:00
juvilius	7044cbcc5f	SpamAssasin also needs a directory created	2023-04-07 17:22:54 +02:00
juvilius	39d9b9adb2	special_use wants capital letters; file location changes	2023-04-07 17:11:58 +02:00
juvilius	3358b0123a	2nd try: mkdir of config directories	2023-04-07 17:03:06 +02:00
juvilius	aa0f635a2e	Change obvious stuff (1st read) before trying it out	2023-04-07 16:46:28 +02:00