From d449a17de88dd31ba7738ba4af7fce4a905a7494 Mon Sep 17 00:00:00 2001 From: simone Date: Fri, 22 Apr 2022 18:31:03 +0200 Subject: [PATCH 01/11] Typo in my last merge --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/emailwiz.sh b/emailwiz.sh index 0fdd8a4..0141219 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -312,7 +312,7 @@ done # If ufw is used, enable the mail ports. pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;} -pval="$(tr -d '\n' Date: Fri, 1 Jul 2022 18:43:25 -0400 Subject: [PATCH 02/11] close #222 --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 56abdc1..ccd6306 100644 --- a/README.md +++ b/README.md @@ -34,10 +34,10 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`. have an offline mirror of my email setup and I recommend the same. There are other ways of doing it though, like Thunderbird, etc. -## Requirements +## Before you run this script you need... 1. A **Debian or Ubuntu server**. I've tested this on a - [Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running + [Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running Ubuntu and their setup works, but I suspect other VPS hosts will have similar/possibly identical default settings which will let you run this on them. Note that the affiliate link there to Vultr gives you a $100 credit @@ -65,6 +65,9 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`. You may need to request these ports be opened to send mail successfully. Vultr and most other VPS providers will respond immediately and open the ports for you if you open a support ticket. +7. If you have a firewall, you'll need to open ports on your side as well. For + example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you + will need port 80 for Certbot too). ## Post-install requirement! From f2d10c4af65089623da01a0985623cdfd22d6ae3 Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Fri, 1 Jul 2022 19:07:46 -0400 Subject: [PATCH 03/11] fix #223 --- emailwiz.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/emailwiz.sh b/emailwiz.sh index 0141219..f9613c7 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -45,13 +45,13 @@ subdom=${MAIL_SUBDOM:-mail} maildomain="$subdom.$domain" certdir="/etc/letsencrypt/live/$maildomain" -[ ! -d "$certdir" ] && certdir="$(dirname "$(certbot certificates 2>/dev/null | grep "$maildomain\|*.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)")" +[ ! -d "$certdir" ] && + possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && + certdir="${possiblecert%/*}" [ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. -Use Let's Encrypt's Certbot to get that and then rerun this script. - -You may need to set up a dummy $maildomain site in nginx or Apache for that to work." && exit 1 +Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1 # NOTE ON POSTCONF COMMANDS From 347af34f30a8af0c71287ec95c01f08563f04a2d Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Fri, 1 Jul 2022 19:15:26 -0400 Subject: [PATCH 04/11] fix #205 --- emailwiz.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/emailwiz.sh b/emailwiz.sh index f9613c7..5b45f03 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -319,6 +319,10 @@ spfentry="$domain TXT v=spf1 mx a:$maildomain -all" useradd -m -G mail dmarc +grep -q "^deploy-hook = postfix reload" /etc/letsencrypt/cli.ini || + echo " +deploy-hook = service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini + echo "$dkimentry $dmarcentry $spfentry" > "$HOME/dns_emailwizard" From 3c17f0dcd3db66787b6f8ea5793b07e9caae50dc Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Fri, 1 Jul 2022 19:18:45 -0400 Subject: [PATCH 05/11] close #217 --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index ccd6306..5bd6b40 100644 --- a/README.md +++ b/README.md @@ -138,3 +138,8 @@ support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). [Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance blocks this by default, you need to open a support ticket with them to open it. You can't send mail if 25 is blocked + +## TODO + +- Fail2ban for security. +- Scripts for easier spam prevention. From fd41c1d6528bf90b7475a34e976a15f2c658d26d Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Wed, 20 Jul 2022 13:33:10 -0400 Subject: [PATCH 06/11] ensure services enabled, close #228 --- emailwiz.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/emailwiz.sh b/emailwiz.sh index 5b45f03..f7028df 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -307,6 +307,7 @@ systemctl daemon-reload for x in spamassassin opendkim dovecot postfix; do printf "Restarting %s..." "$x" service "$x" restart && printf " ...done\\n" + systemctl enable "$x" done # If ufw is used, enable the mail ports. From 878a08c951693a79d9f11191817275e0dea1538a Mon Sep 17 00:00:00 2001 From: appeasementPolitik <108810900+appeasementPolitik@users.noreply.github.com> Date: Thu, 21 Jul 2022 19:28:25 +0200 Subject: [PATCH 07/11] Improve deploy hook --- emailwiz.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/emailwiz.sh b/emailwiz.sh index f7028df..08685ac 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -320,9 +320,9 @@ spfentry="$domain TXT v=spf1 mx a:$maildomain -all" useradd -m -G mail dmarc -grep -q "^deploy-hook = postfix reload" /etc/letsencrypt/cli.ini || +grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini || echo " -deploy-hook = service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini +deploy-hook = echo "$RENEWED_DOMAINS" | grep -q "$maildomain" && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini echo "$dkimentry $dmarcentry From 1be3a8bfaad737334ebb590547064f6f95c20b4b Mon Sep 17 00:00:00 2001 From: appeasementPolitik <108810900+appeasementPolitik@users.noreply.github.com> Date: Thu, 21 Jul 2022 19:34:46 +0200 Subject: [PATCH 08/11] Escapes --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/emailwiz.sh b/emailwiz.sh index 08685ac..757201b 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -322,7 +322,7 @@ useradd -m -G mail dmarc grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini || echo " -deploy-hook = echo "$RENEWED_DOMAINS" | grep -q "$maildomain" && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini +deploy-hook = echo "\$RENEWED_DOMAINS" | grep -q \"$maildomain\" && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini echo "$dkimentry $dmarcentry From 69a72a7bbab59c828e0fbc3b69ea0790b988943f Mon Sep 17 00:00:00 2001 From: appeasementPolitik <108810900+appeasementPolitik@users.noreply.github.com> Date: Thu, 21 Jul 2022 19:37:10 +0200 Subject: [PATCH 09/11] Missing double quote --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/emailwiz.sh b/emailwiz.sh index 757201b..5238ba1 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -322,7 +322,7 @@ useradd -m -G mail dmarc grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini || echo " -deploy-hook = echo "\$RENEWED_DOMAINS" | grep -q \"$maildomain\" && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini +deploy-hook = echo "\$RENEWED_DOMAINS" | grep -q \"$maildomain\"" && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini echo "$dkimentry $dmarcentry From 5acfa3fd63e75e9bbb474ca394f2b4416ea910da Mon Sep 17 00:00:00 2001 From: appeasementPolitik <108810900+appeasementPolitik@users.noreply.github.com> Date: Thu, 21 Jul 2022 19:42:26 +0200 Subject: [PATCH 10/11] Done --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/emailwiz.sh b/emailwiz.sh index 5238ba1..74b2332 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -322,7 +322,7 @@ useradd -m -G mail dmarc grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini || echo " -deploy-hook = echo "\$RENEWED_DOMAINS" | grep -q \"$maildomain\"" && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini +deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini echo "$dkimentry $dmarcentry From dd889ffeef2c93071c7489cd21b6455fdc5c8b3f Mon Sep 17 00:00:00 2001 From: William Behrens <35979547+WilliamBehrens@users.noreply.github.com> Date: Wed, 3 Aug 2022 19:01:28 -0500 Subject: [PATCH 11/11] use apt-get to install packages This fixes the output "WARNING: apt does not have a stable CLI interface. Use with caution in scripts." --- emailwiz.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/emailwiz.sh b/emailwiz.sh index 74b2332..a85c259 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -37,9 +37,9 @@ echo "Setting umask to 0022..." umask 0022 echo "Installing programs..." -apt install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc +apt-get install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc # Check if OpenDKIM is installed and install it if not. -which opendkim-genkey >/dev/null 2>&1 || apt install opendkim-tools +which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools domain="$(cat /etc/mailname)" subdom=${MAIL_SUBDOM:-mail} maildomain="$subdom.$domain"