Luke Smith
3 роки тому
1 змінених файлів з 22 додано та 12 видалено
Об'єднаний перегляд
Параметри порівняння
-
+22 -12emailwiz.sh
+ 22
- 12
emailwiz.sh
Переглянути файл
| @@ -43,20 +43,33 @@ subdom=${MAIL_SUBDOM:-mail} | |||||
| maildomain="$subdom.$domain" | maildomain="$subdom.$domain" | ||||
| certdir="/etc/letsencrypt/live/$maildomain" | certdir="/etc/letsencrypt/live/$maildomain" | ||||
| # Open required mail ports, and 80, for Certbot. | |||||
| for port in 80 993 465 25 587; do | |||||
| ufw allow "$port" 2>/dev/null | |||||
| done | |||||
| [ ! -d "$certdir" ] && | [ ! -d "$certdir" ] && | ||||
| possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && | |||||
| possiblecert="$(certbot certificates 2>/dev/null | grep "Domains:\.* $maildomain\(\s\|$\)" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && | |||||
| certdir="${possiblecert%/*}" | certdir="${possiblecert%/*}" | ||||
| [ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. | |||||
| Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1 | |||||
| [ ! -d "$certdir" ] && case "$(netstat -tulpn | grep ":80\s")" in | |||||
| *nginx*) | |||||
| apt install -y python3-certbot-nginx | |||||
| certbot -d "$maildomain" certonly --nginx --register-unsafely-without-email --agree-tos | |||||
| ;; | |||||
| *apache*) | |||||
| apt install -y python3-certbot-apache | |||||
| certbot -d "$maildomain" certonly --apache --register-unsafely-without-email --agree-tos | |||||
| ;; | |||||
| *) | |||||
| apt install -y python3-certbot | |||||
| certbot -d "$maildomain" certonly --standalone --register-unsafely-without-email --agree-tos | |||||
| ;; | |||||
| esac | |||||
| # NOTE ON POSTCONF COMMANDS | |||||
| [ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. | |||||
| # The `postconf` command literally just adds the line in question to | |||||
| # /etc/postfix/main.cf so if you need to debug something, go there. It replaces | |||||
| # any other line that sets the same setting, otherwise it is appended to the | |||||
| # end of the file. | |||||
| Use Let's Encrypt's Certbot to get that and then rerun this script. It failed to run automatically here." && exit 1 | |||||
| echo "Configuring Postfix's main.cf..." | echo "Configuring Postfix's main.cf..." | ||||
| @@ -314,9 +327,6 @@ for x in spamassassin opendkim dovecot postfix; do | |||||
| systemctl enable "$x" | systemctl enable "$x" | ||||
| done | done | ||||
| # If ufw is used, enable the mail ports. | |||||
| pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;} | |||||
| pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')" | pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')" | ||||
| dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" | dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" | ||||
| dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" | dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" | ||||