From f3379debcbbb3dbac9121e2db1e71f0bd1a849b0 Mon Sep 17 00:00:00 2001 From: superpuffin <35958013+superpuffin@users.noreply.github.com> Date: Fri, 10 Jul 2020 12:00:57 +0200 Subject: [PATCH 01/10] Update emailwiz.sh --- emailwiz.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/emailwiz.sh b/emailwiz.sh index a4750e4..7565ba1 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -64,7 +64,6 @@ postconf -e "smtpd_use_tls = yes" postconf -e "smtpd_tls_auth_only = yes" postconf -e "smtp_tls_security_level = may" postconf -e "smtp_tls_loglevel = 1" -postconf -e "smtp_tls_CAfile=$certdir/cert.pem" # Here we tell Postfix to look to Dovecot for authenticating users/passwords. # Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth From ab2a2f0d89da5229b71fec573a1f20a8d8e3d44a Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Fri, 10 Jul 2020 14:36:29 -0400 Subject: [PATCH 02/10] little fixes --- README.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index bc219ac..f846e92 100644 --- a/README.md +++ b/README.md @@ -70,8 +70,9 @@ actually works perfectly. ## Post-install requirement! -- After the script runs, you'll have to add two *additional DNS TXT records* - which involves the OpenDKIM key that it generates during the script. +- After the script runs, you'll have to add additional DNS TXT records which + are displayed at the end when the script is complete. They will help ensure + your mail is validated and secure. ## Making new users/mail accounts @@ -89,10 +90,10 @@ Cassie already exists and we want to let her receive mail to. Just run: usermod -a -G mail cassie ``` -A user's mail will appear in `~/.Mail/`. I you want to see your mail while -ssh'd in the server, you could just install mutt, add `set spoolfile="+Inbox"` -to your `~/.muttrc` and use mutt to view and reply to mail. You'll probably -want to log in remotely though: +A user's mail will appear in `~/Mail/`. I you want to see your mail while ssh'd +in the server, you could just install mutt, add `set spoolfile="+Inbox"` to +your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want +to log in remotely though: ## Logging in from Thunderbird or mutt (and others) remotely @@ -124,7 +125,7 @@ to support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). ## Troubleshooting -- Can't send mail? - Always check `journalctl -xe` to see the specific problem. -- Go to [this site](https://appmaildev.com/en/dkim) to text your TXT records. +- Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records. If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records incorrectly. - If everything looks good and you *can* send mail, but it still goes to Gmail From 0560bf087b53e5298e48b641369668d51168fc7b Mon Sep 17 00:00:00 2001 From: Laesp <44760628+Laesp@users.noreply.github.com> Date: Tue, 14 Jul 2020 15:33:45 -0400 Subject: [PATCH 03/10] Minor change for dovecot.conf to work on v2.3 According to the wiki (https://wiki.dovecot.org/SSL/DovecotConfiguration): "From version 2.3, you must specify path to DH parameters file using: ssl_dh= Date: Sat, 5 Sep 2020 02:55:32 +0100 Subject: [PATCH 04/10] Fixed Tiny Grammar Error Literally added one letter --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f846e92..31846d6 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ Cassie already exists and we want to let her receive mail to. Just run: usermod -a -G mail cassie ``` -A user's mail will appear in `~/Mail/`. I you want to see your mail while ssh'd +A user's mail will appear in `~/Mail/`. If you want to see your mail while ssh'd in the server, you could just install mutt, add `set spoolfile="+Inbox"` to your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want to log in remotely though: From 7295f6ae8118ec38153b44256a0dad113bec44c0 Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Fri, 11 Sep 2020 08:35:58 -0400 Subject: [PATCH 05/10] guess proper cert if mail subdomain not available --- emailwiz.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/emailwiz.sh b/emailwiz.sh index 7565ba1..da81ab5 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -42,7 +42,9 @@ subdom="mail" maildomain="$subdom.$domain" certdir="/etc/letsencrypt/live/$maildomain" -[ ! -d "$certdir" ] && echo "Note! You must first have a HTTPS/SSL Certificate for $maildomain. +[ ! -d "$certdir" ] && certdir="$(dirname "$(certbot certificates 2>/dev/null | grep "$maildomain" -A 2 | awk '/Certificate Path/ {print $3}')")" + +[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. Use Let's Encrypt's Certbot to get that and then rerun this script. From 591d356dd200eca3ec6a976c7046cdb181cdb130 Mon Sep 17 00:00:00 2001 From: alpha-tango-kilo Date: Sun, 27 Sep 2020 11:47:39 +0100 Subject: [PATCH 06/10] Add extra troubleshooting, readability changes --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 31846d6..d7deb5f 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ same setup time and time again. I've linked this file on Github to a shorter, more memorable address on my website so you can get it on your machine with this short command: -``` +```sh curl -LO lukesmith.xyz/emailwiz.sh ``` @@ -22,7 +22,7 @@ actually works perfectly. - **Postfix** to send and receive mail. - **Dovecot** to get mail to your email client (mutt, Thunderbird, etc). -- Config files that unique the two above securely with native log-ins. +- Config files that link the two above securely with native log-ins. - **Spamassassin** to prevent spam and allow you to make custom filters. - **OpenDKIM** to validate you so you can send to Gmail and other big sites. @@ -104,7 +104,7 @@ email program. For my domain, the server information will be as follows: - SMTP port: 587 - IMAP server: `mail.lukesmith.xyz` - IMAP port: 993 -- Username `luke` (I.e. *not* `luke@lukesmith.xyz`) +- Username `luke` (i.e. *not* `luke@lukesmith.xyz`) The last point is important. Many email systems use a full email address on login. Since we just simply use local PAM logins, only the user's name is used @@ -115,8 +115,6 @@ login. Since we just simply use local PAM logins, only the user's name is used You're a big boy now if you have your own mail server! -You can tweak Postfix (sending mail - ## Benefited from this? If this script or documentation has saved you some frustration, you can donate @@ -135,3 +133,5 @@ to support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). worry if you are: sometimes especially new domains are automatically assumed to be spam temporaily. If you are blacklisted by one of these, look into it and it will explain why and how to remove yourself. +- Check your DNS settings using [this site](https://intodns.com/), it'll report any issues with your MX records +- Ensure that port 25 is open on your server. [Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance blocks this by default, you need to open a support ticket with them to open it. You can't send mail if 25 is blocked From 983b99e86d9865e6ec82856f192461cbbdde56a5 Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Sun, 11 Oct 2020 14:25:47 -0400 Subject: [PATCH 07/10] fix #72 --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/emailwiz.sh b/emailwiz.sh index 57f68c7..e24c089 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -274,7 +274,7 @@ for x in dovecot postfix opendkim spamassassin; do service "$x" restart && printf " ...done\\n" done -pval="$(tr -d "\n" Date: Sun, 11 Oct 2020 14:46:45 -0400 Subject: [PATCH 08/10] more robust --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/emailwiz.sh b/emailwiz.sh index e24c089..837ea1c 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -253,7 +253,7 @@ sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf sed -e '/Socket/s/^#*/#/' -i /etc/opendkim.conf -sed -i '/\local:\/var\/run\/opendkim\/opendkim.sock/a \Socket\t\t\tinet:12301@localhost' /etc/opendkim.conf +grep -q "^Socket\s*inet:12301@localhost" /etc/opendkim.conf || echo "Socket inet:12301@localhost" >> /etc/opendkim.conf # OpenDKIM daemon settings, removing previously activated socket. sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim From 4b3fc1a5b8cb351cf6caf9c32734138868c5966a Mon Sep 17 00:00:00 2001 From: lesha Date: Sun, 18 Oct 2020 03:22:57 +0000 Subject: [PATCH 09/10] Make README clearer about PTR record --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 31846d6..228430c 100644 --- a/README.md +++ b/README.md @@ -51,9 +51,10 @@ actually works perfectly. **CNAME record** for your `mail.` subdomain. 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an entry for your IPV4 Reverse DNS that goes from your IP address to - `mail.`. If you would like IPV6, you can do the same for - that. This has been tested on Vultr, and all decent VPS hosts will have - a section on their instance settings page to add a reverse DNS PTR entry. + `` (not mail subdomain). If you would like IPV6, you can do + the same for that. This has been tested on Vultr, and all decent VPS hosts + will have a section on their instance settings page to add a reverse DNS PTR + entry. You can use the 'Test Email Server' or ':smtp' tool on [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a reverse DNS correctly. This step is not required for everyone, but some From 1ab9f432df8912e26677935e4d4a26cf278f6a6c Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Sat, 14 Nov 2020 14:18:50 -0500 Subject: [PATCH 10/10] log in with full email addr instead of username documentation changes --- README.md | 42 +++++++++++++++++------------------------- emailwiz.sh | 2 +- 2 files changed, 18 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 228430c..191588a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Email server setup script -I wrote this script during the gruelling process of installing and setting up +I wrote this script during the grueling process of installing and setting up an email server. It perfectly reproduces my successful steps to ensure the same setup time and time again. @@ -14,14 +14,10 @@ curl -LO lukesmith.xyz/emailwiz.sh When prompted by a dialog menu at the beginning, select "Internet Site", then give your full domain without any subdomain, i.e. `lukesmith.xyz`. -Read this readme and peruse the script's comments before running it. Expect it -to fail and you have to do bug testing and you will be very happy when it -actually works perfectly. - ## This script installs - **Postfix** to send and receive mail. -- **Dovecot** to get mail to your email client (mutt, Thunderbird, etc). +- **Dovecot** to get mail to your email client (mutt, Thunderbird, etc.). - Config files that unique the two above securely with native log-ins. - **Spamassassin** to prevent spam and allow you to make custom filters. - **OpenDKIM** to validate you so you can send to Gmail and other big sites. @@ -50,19 +46,19 @@ actually works perfectly. server: (1) an **MX record** pointing to your own main domain/IP and (2) a **CNAME record** for your `mail.` subdomain. 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an - entry for your IPV4 Reverse DNS that goes from your IP address to - `` (not mail subdomain). If you would like IPV6, you can do + entry for your IPv4 Reverse DNS that goes from your IP address to + `` (not mail subdomain). If you would like IPv6, you can do the same for that. This has been tested on Vultr, and all decent VPS hosts - will have a section on their instance settings page to add a reverse DNS PTR + will have a section on their instance settings page to add a reverse DNS PTR entry. You can use the 'Test Email Server' or ':smtp' tool on [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a reverse DNS correctly. This step is not required for everyone, but some - big email services like gmail will stop emails coming from mail servers + big email services like Gmail will stop emails coming from mail servers with no/invalid rDNS lookups. This means your email will fail to even - make it to the receipients spam folder; it will never make it to them. + make it to the recipients spam folder; it will never make it to them. 5. `apt purge` all your previous (failed) attempts to install and configure a - mailserver. Get rid of _all_ your system settings for Postfix, Dovecot, + mail server. Get rid of _all_ your system settings for Postfix, Dovecot, OpenDKIM and everything else. This script builds off of a fresh install. 6. Some VPS providers block port 25 (used to send mail). You may need to request that this port be opened to send mail successfully. Although I have @@ -105,27 +101,23 @@ email program. For my domain, the server information will be as follows: - SMTP port: 587 - IMAP server: `mail.lukesmith.xyz` - IMAP port: 993 -- Username `luke` (I.e. *not* `luke@lukesmith.xyz`) - -The last point is important. Many email systems use a full email address on -login. Since we just simply use local PAM logins, only the user's name is used -(this makes a difference if you're using my -[mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard), etc.). - -## Tweaking things - -You're a big boy now if you have your own mail server! -You can tweak Postfix (sending mail +In previous versions of emailwiz, you also had to log on with *only* your +username (i.e. `luke`) rather than your whole email address (i.e. +`luke@lukesmith.xyz`), which caused some confusion. This is no longer the +case. ## Benefited from this? -If this script or documentation has saved you some frustration, you can donate -to support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). +I am always glad to hear this script is still making life easy for people! If +this script or documentation has saved you some frustration, you can donate to +support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). ## Troubleshooting -- Can't send mail? - Always check `journalctl -xe` to see the specific problem. +- Check with your VPS host and ask them to enable mail ports. Some providers + disable them by default. It shouldn't take any time. - Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records. If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records incorrectly. diff --git a/emailwiz.sh b/emailwiz.sh index 837ea1c..20685ea 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -130,6 +130,7 @@ ssl_key = <$certdir/privkey.pem ssl_dh = "$HOME/dns_emailwizard" echo " - _ _ | \ | | _____ ___ | \| |/ _ \ \ /\ / (_)