|
|
|
@@ -23,6 +23,12 @@ subdom=${MAIL_SUBDOM:-mail} |
|
|
|
maildomain="$subdom.$domain" |
|
|
|
certdir="/etc/letsencrypt/live/$maildomain" |
|
|
|
|
|
|
|
# Preliminary record checks |
|
|
|
ipv4=$(host "$domain" | grep -m1 -Eo '([0-9]+\.){3}[0-9]+') |
|
|
|
[ -z "$ipv4" ] && echo "\033[0;31mPlease point your domain ("$domain") to your server's ipv4 address." |
|
|
|
ipv6=$(host "$domain" | grep "IPv6" | awk '{print $NF}') |
|
|
|
[ -z "$ipv6" ] && echo "\033[0;31mPlease point your domain ("$domain") to your server's ipv6 address." |
|
|
|
|
|
|
|
# Open required mail ports, and 80, for Certbot. |
|
|
|
for port in 80 993 465 25 587; do |
|
|
|
ufw allow "$port" 2>/dev/null |
|
|
|
@@ -347,14 +353,10 @@ for x in opendkim dovecot postfix fail2ban; do |
|
|
|
systemctl enable "$x" |
|
|
|
done |
|
|
|
|
|
|
|
# Generate spf mechanisms |
|
|
|
mailip4=$(host "$domain" | grep -m1 -Eo '([0-9]+\.){3}[0-9]+') |
|
|
|
mailip6=$(host "$domain" | grep "IPv6" | awk '{print $NF}') |
|
|
|
|
|
|
|
pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')" |
|
|
|
dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" |
|
|
|
dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" |
|
|
|
spfentry="$domain TXT v=spf1 mx a:$maildomain ip4:$mailip4 ip6:$mailip6 -all" |
|
|
|
spfentry="$domain TXT v=spf1 mx a:$maildomain ip4:$ipv4 ip6:$ipv6 -all" |
|
|
|
mxentry="$domain MX 10 $maildomain 300" |
|
|
|
|
|
|
|
useradd -m -G mail dmarc |
|
|
|
|
tfasano1
3 months ago
GitHub