clean out old dmarc feedback, other cleanup

1 year ago · aa63926c4b
--- a/emailwiz.sh
+++ b/emailwiz.sh
@@ -1,17 +1,5 @@
 #!/bin/sh

 # THE SETUP

 # Mail will be stored in non-retarded Maildirs because it's $currentyear.  This
 # makes it easier for use with isync, which is what I care about so I can have
 # an offline repo of mail.

 # The mailbox names are: Inbox, Sent, Drafts, Archive, Junk, Trash

 # Use the typical unix login system for mail users. Users will log into their
 # email with their passnames on the server. No usage of a redundant mySQL
 # database to do this.

 # BEFORE INSTALLING

 # Have a Debian or Ubuntu server with a static IP and DNS records (usually
@@ -29,9 +17,7 @@

 umask 0022

 apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools fail2ban
 # Check if OpenDKIM is installed and install it if not.
 which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
 apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban
 domain="$(cat /etc/mailname)"
 subdom=${MAIL_SUBDOM:-mail}
 maildomain="$subdom.$domain"
@@ -97,10 +83,13 @@ postconf -e 'smtpd_sasl_auth_enable = yes'
 postconf -e 'smtpd_sasl_type = dovecot'
 postconf -e 'smtpd_sasl_path = private/auth'

 # Sender, relay and recipient restrictions
 # helo, sender, relay and recipient restrictions
 postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre"
 postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain'
 postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain'
 postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination'
 postconf -e 'smtpd_helo_required = yes'
 postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname'

 # NOTE: the trailing slash here, or for any directory name in the home_mailbox
 # command, is necessary as it distinguishes a maildir (which is the actual
@@ -303,9 +292,6 @@ postconf -e 'milter_protocol = 6'
 postconf -e 'smtpd_milters = inet:localhost:12301'
 postconf -e 'non_smtpd_milters = inet:localhost:12301'
 postconf -e 'mailbox_command = /usr/lib/dovecot/deliver'
 postconf -e 'smtpd_helo_required = yes'
 postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname'
 postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain'

 # A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442
 /lib/opendkim/opendkim.service.generate
@@ -335,6 +321,14 @@ mxentry="$domain	MX	10	$maildomain	300"

 useradd -m -G mail dmarc

 # Create a cronjob that deletes month-old dmarc feedback:
 cat <<EOF > /etc/cron.weekly/dmarc-clean
 #!/bin/sh

 find /home/dmarc/Mail -type f -mtime +30 -name '*.mail*' -delete
 EOF
 chmod 755 /etc/cron.weekly/dmarc-clean

 grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini ||
 	echo "
 deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini