Luke Smith
1 year ago
No known key found for this signature in database
GPG Key ID: 4C50B54A911F6252
1 changed files with 13 additions and 19 deletions
Unified View
Diff Options
-
+13 -19emailwiz.sh
+ 13
- 19
emailwiz.sh
View File
| @@ -1,17 +1,5 @@ | |||||
| #!/bin/sh | #!/bin/sh | ||||
| # THE SETUP | |||||
| # Mail will be stored in non-retarded Maildirs because it's $currentyear. This | |||||
| # makes it easier for use with isync, which is what I care about so I can have | |||||
| # an offline repo of mail. | |||||
| # The mailbox names are: Inbox, Sent, Drafts, Archive, Junk, Trash | |||||
| # Use the typical unix login system for mail users. Users will log into their | |||||
| # email with their passnames on the server. No usage of a redundant mySQL | |||||
| # database to do this. | |||||
| # BEFORE INSTALLING | # BEFORE INSTALLING | ||||
| # Have a Debian or Ubuntu server with a static IP and DNS records (usually | # Have a Debian or Ubuntu server with a static IP and DNS records (usually | ||||
| @@ -29,9 +17,7 @@ | |||||
| umask 0022 | umask 0022 | ||||
| apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools fail2ban | |||||
| # Check if OpenDKIM is installed and install it if not. | |||||
| which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools | |||||
| apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban | |||||
| domain="$(cat /etc/mailname)" | domain="$(cat /etc/mailname)" | ||||
| subdom=${MAIL_SUBDOM:-mail} | subdom=${MAIL_SUBDOM:-mail} | ||||
| maildomain="$subdom.$domain" | maildomain="$subdom.$domain" | ||||
| @@ -97,10 +83,13 @@ postconf -e 'smtpd_sasl_auth_enable = yes' | |||||
| postconf -e 'smtpd_sasl_type = dovecot' | postconf -e 'smtpd_sasl_type = dovecot' | ||||
| postconf -e 'smtpd_sasl_path = private/auth' | postconf -e 'smtpd_sasl_path = private/auth' | ||||
| # Sender, relay and recipient restrictions | |||||
| # helo, sender, relay and recipient restrictions | |||||
| postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre" | postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre" | ||||
| postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain' | |||||
| postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain' | postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain' | ||||
| postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination' | postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination' | ||||
| postconf -e 'smtpd_helo_required = yes' | |||||
| postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname' | |||||
| # NOTE: the trailing slash here, or for any directory name in the home_mailbox | # NOTE: the trailing slash here, or for any directory name in the home_mailbox | ||||
| # command, is necessary as it distinguishes a maildir (which is the actual | # command, is necessary as it distinguishes a maildir (which is the actual | ||||
| @@ -303,9 +292,6 @@ postconf -e 'milter_protocol = 6' | |||||
| postconf -e 'smtpd_milters = inet:localhost:12301' | postconf -e 'smtpd_milters = inet:localhost:12301' | ||||
| postconf -e 'non_smtpd_milters = inet:localhost:12301' | postconf -e 'non_smtpd_milters = inet:localhost:12301' | ||||
| postconf -e 'mailbox_command = /usr/lib/dovecot/deliver' | postconf -e 'mailbox_command = /usr/lib/dovecot/deliver' | ||||
| postconf -e 'smtpd_helo_required = yes' | |||||
| postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname' | |||||
| postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain' | |||||
| # A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442 | # A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442 | ||||
| /lib/opendkim/opendkim.service.generate | /lib/opendkim/opendkim.service.generate | ||||
| @@ -335,6 +321,14 @@ mxentry="$domain MX 10 $maildomain 300" | |||||
| useradd -m -G mail dmarc | useradd -m -G mail dmarc | ||||
| # Create a cronjob that deletes month-old dmarc feedback: | |||||
| cat <<EOF > /etc/cron.weekly/dmarc-clean | |||||
| #!/bin/sh | |||||
| find /home/dmarc/Mail -type f -mtime +30 -name '*.mail*' -delete | |||||
| EOF | |||||
| chmod 755 /etc/cron.weekly/dmarc-clean | |||||
| grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini || | grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini || | ||||
| echo " | echo " | ||||
| deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini | deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini | ||||