Luke Smith
2 years ago
2 changed files with 22 additions and 9 deletions
Split View
Diff Options
-
+10 -2README.md
-
+12 -7emailwiz.sh
+ 10
- 2
README.md
View File
| @@ -34,10 +34,10 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`. | |||
| have an offline mirror of my email setup and I recommend the same. There are | |||
| other ways of doing it though, like Thunderbird, etc. | |||
| ## Requirements | |||
| ## Before you run this script you need... | |||
| 1. A **Debian or Ubuntu server**. I've tested this on a | |||
| [Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running | |||
| [Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running | |||
| Ubuntu and their setup works, but I suspect other VPS hosts will have | |||
| similar/possibly identical default settings which will let you run this on | |||
| them. Note that the affiliate link there to Vultr gives you a $100 credit | |||
| @@ -65,6 +65,9 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`. | |||
| You may need to request these ports be opened to send mail successfully. | |||
| Vultr and most other VPS providers will respond immediately and open the | |||
| ports for you if you open a support ticket. | |||
| 7. If you have a firewall, you'll need to open ports on your side as well. For | |||
| example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you | |||
| will need port 80 for Certbot too). | |||
| ## Post-install requirement! | |||
| @@ -135,3 +138,8 @@ support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). | |||
| [Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance | |||
| blocks this by default, you need to open a support ticket with them to open | |||
| it. You can't send mail if 25 is blocked | |||
| ## TODO | |||
| - Fail2ban for security. | |||
| - Scripts for easier spam prevention. | |||
+ 12
- 7
emailwiz.sh
View File
| @@ -37,21 +37,21 @@ echo "Setting umask to 0022..." | |||
| umask 0022 | |||
| echo "Installing programs..." | |||
| apt install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc | |||
| apt-get install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc | |||
| # Check if OpenDKIM is installed and install it if not. | |||
| which opendkim-genkey >/dev/null 2>&1 || apt install opendkim-tools | |||
| which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools | |||
| domain="$(cat /etc/mailname)" | |||
| subdom=${MAIL_SUBDOM:-mail} | |||
| maildomain="$subdom.$domain" | |||
| certdir="/etc/letsencrypt/live/$maildomain" | |||
| [ ! -d "$certdir" ] && certdir="$(dirname "$(certbot certificates 2>/dev/null | grep "$maildomain\|*.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)")" | |||
| [ ! -d "$certdir" ] && | |||
| possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && | |||
| certdir="${possiblecert%/*}" | |||
| [ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. | |||
| Use Let's Encrypt's Certbot to get that and then rerun this script. | |||
| You may need to set up a dummy $maildomain site in nginx or Apache for that to work." && exit 1 | |||
| Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1 | |||
| # NOTE ON POSTCONF COMMANDS | |||
| @@ -311,18 +311,23 @@ systemctl daemon-reload | |||
| for x in spamassassin opendkim dovecot postfix; do | |||
| printf "Restarting %s..." "$x" | |||
| service "$x" restart && printf " ...done\\n" | |||
| systemctl enable "$x" | |||
| done | |||
| # If ufw is used, enable the mail ports. | |||
| pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;} | |||
| pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed 's/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//' | grep -o 'p=.*')" | |||
| pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')" | |||
| dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" | |||
| dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" | |||
| spfentry="$domain TXT v=spf1 mx a:$maildomain -all" | |||
| useradd -m -G mail dmarc | |||
| grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini || | |||
| echo " | |||
| deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini | |||
| echo "$dkimentry | |||
| $dmarcentry | |||
| $spfentry" > "$HOME/dns_emailwizard" | |||