|
@@ -43,20 +43,33 @@ subdom=${MAIL_SUBDOM:-mail} |
|
|
maildomain="$subdom.$domain" |
|
|
maildomain="$subdom.$domain" |
|
|
certdir="/etc/letsencrypt/live/$maildomain" |
|
|
certdir="/etc/letsencrypt/live/$maildomain" |
|
|
|
|
|
|
|
|
|
|
|
# Open required mail ports, and 80, for Certbot. |
|
|
|
|
|
for port in 80 993 465 25 587; do |
|
|
|
|
|
ufw allow "$port" 2>/dev/null |
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
[ ! -d "$certdir" ] && |
|
|
[ ! -d "$certdir" ] && |
|
|
possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && |
|
|
|
|
|
|
|
|
possiblecert="$(certbot certificates 2>/dev/null | grep "Domains:\.* $maildomain\(\s\|$\)" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && |
|
|
certdir="${possiblecert%/*}" |
|
|
certdir="${possiblecert%/*}" |
|
|
|
|
|
|
|
|
[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. |
|
|
|
|
|
|
|
|
|
|
|
Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1 |
|
|
|
|
|
|
|
|
[ ! -d "$certdir" ] && case "$(netstat -tulpn | grep ":80\s")" in |
|
|
|
|
|
*nginx*) |
|
|
|
|
|
apt install -y python3-certbot-nginx |
|
|
|
|
|
certbot -d "$maildomain" certonly --nginx --register-unsafely-without-email --agree-tos |
|
|
|
|
|
;; |
|
|
|
|
|
*apache*) |
|
|
|
|
|
apt install -y python3-certbot-apache |
|
|
|
|
|
certbot -d "$maildomain" certonly --apache --register-unsafely-without-email --agree-tos |
|
|
|
|
|
;; |
|
|
|
|
|
*) |
|
|
|
|
|
apt install -y python3-certbot |
|
|
|
|
|
certbot -d "$maildomain" certonly --standalone --register-unsafely-without-email --agree-tos |
|
|
|
|
|
;; |
|
|
|
|
|
esac |
|
|
|
|
|
|
|
|
# NOTE ON POSTCONF COMMANDS |
|
|
|
|
|
|
|
|
[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. |
|
|
|
|
|
|
|
|
# The `postconf` command literally just adds the line in question to |
|
|
|
|
|
# /etc/postfix/main.cf so if you need to debug something, go there. It replaces |
|
|
|
|
|
# any other line that sets the same setting, otherwise it is appended to the |
|
|
|
|
|
# end of the file. |
|
|
|
|
|
|
|
|
Use Let's Encrypt's Certbot to get that and then rerun this script. It failed to run automatically here." && exit 1 |
|
|
|
|
|
|
|
|
echo "Configuring Postfix's main.cf..." |
|
|
echo "Configuring Postfix's main.cf..." |
|
|
|
|
|
|
|
@@ -314,9 +327,6 @@ for x in spamassassin opendkim dovecot postfix; do |
|
|
systemctl enable "$x" |
|
|
systemctl enable "$x" |
|
|
done |
|
|
done |
|
|
|
|
|
|
|
|
# If ufw is used, enable the mail ports. |
|
|
|
|
|
pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;} |
|
|
|
|
|
|
|
|
|
|
|
pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')" |
|
|
pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')" |
|
|
dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" |
|
|
dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" |
|
|
dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" |
|
|
dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" |
|
|