|
@@ -16,9 +16,9 @@ |
|
|
# On installation of Postfix, select "Internet Site" and put in TLD (without before it mail.) |
|
|
# On installation of Postfix, select "Internet Site" and put in TLD (without before it mail.) |
|
|
|
|
|
|
|
|
echo "Installing programs..." |
|
|
echo "Installing programs..." |
|
|
apt install postfix dovecot-imapd opendkim spamassassin spamc |
|
|
|
|
|
|
|
|
apt install postfix dovecot-imapd dovecot-sieve opendkim spamassassin spamc |
|
|
# Install another requirement for opendikm only if the above command didn't get it already |
|
|
# Install another requirement for opendikm only if the above command didn't get it already |
|
|
[ -e $(which opendkim-genkey) ] || apt install opendkim-tools |
|
|
|
|
|
|
|
|
[ which opendkim-genkey > /dev/null 2>&1 ] || apt install opendkim-tools |
|
|
domain="$(cat /etc/mailname)" |
|
|
domain="$(cat /etc/mailname)" |
|
|
subdom="mail" |
|
|
subdom="mail" |
|
|
maildomain="$subdom.$domain" |
|
|
maildomain="$subdom.$domain" |
|
@@ -96,7 +96,7 @@ ssl = required |
|
|
ssl_cert = </etc/letsencrypt/live/$maildomain/fullchain.pem |
|
|
ssl_cert = </etc/letsencrypt/live/$maildomain/fullchain.pem |
|
|
ssl_key = </etc/letsencrypt/live/$maildomain/privkey.pem |
|
|
ssl_key = </etc/letsencrypt/live/$maildomain/privkey.pem |
|
|
# Plaintext login. This is safe and easy thanks to SSL. |
|
|
# Plaintext login. This is safe and easy thanks to SSL. |
|
|
auth_mechanisms = plain |
|
|
|
|
|
|
|
|
auth_mechanisms = plain login cram-md5 |
|
|
|
|
|
|
|
|
protocols = \$protocols imap |
|
|
protocols = \$protocols imap |
|
|
|
|
|
|
|
@@ -104,7 +104,12 @@ protocols = \$protocols imap |
|
|
userdb { |
|
|
userdb { |
|
|
driver = passwd |
|
|
driver = passwd |
|
|
} |
|
|
} |
|
|
# Use plain old PAM to find user passwords |
|
|
|
|
|
|
|
|
# Use file with cram-md5 hashed passwords to find user passwords |
|
|
|
|
|
passdb { |
|
|
|
|
|
driver = passwd-file |
|
|
|
|
|
args = scheme=cram-md5 /etc/cram-md5.pwd |
|
|
|
|
|
} |
|
|
|
|
|
#Fallback: Use plain old PAM to find user passwords |
|
|
passdb { |
|
|
passdb { |
|
|
driver = pam |
|
|
driver = pam |
|
|
} |
|
|
} |
|
@@ -170,6 +175,7 @@ if header :contains \"X-Spam-Flag\" \"YES\" |
|
|
fileinto \"Junk\"; |
|
|
fileinto \"Junk\"; |
|
|
}" > /var/lib/dovecot/sieve/default.sieve |
|
|
}" > /var/lib/dovecot/sieve/default.sieve |
|
|
|
|
|
|
|
|
|
|
|
cut -d: -f1 /etc/passwd | grep ^vmail > /dev/null 2&>1 || useradd vmail |
|
|
chown -R vmail:vmail /var/lib/dovecot |
|
|
chown -R vmail:vmail /var/lib/dovecot |
|
|
sievec /var/lib/dovecot/sieve/default.sieve |
|
|
sievec /var/lib/dovecot/sieve/default.sieve |
|
|
|
|
|
|
|
@@ -211,15 +217,24 @@ grep ^KeyTable /etc/opendkim.conf >/dev/null || echo "KeyTable file:/etc/postfix |
|
|
SigningTable refile:/etc/postfix/dkim/signingtable |
|
|
SigningTable refile:/etc/postfix/dkim/signingtable |
|
|
InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf |
|
|
InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf |
|
|
|
|
|
|
|
|
|
|
|
sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf |
|
|
|
|
|
sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf |
|
|
|
|
|
|
|
|
|
|
|
sed -e '/Socket/s/^#*/#/' -i /etc/opendkim.conf |
|
|
|
|
|
sed -i '/\local:\/var\/run\/opendkim\/opendkim.sock/a \Socket\t\t\tinet:12301@localhost' /etc/opendkim.conf |
|
|
|
|
|
|
|
|
# OpenDKIM daemon settings, removing previously activated socket. |
|
|
# OpenDKIM daemon settings, removing previously activated socket. |
|
|
sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:8891@localhost\"" >> /etc/default/opendkim |
|
|
|
|
|
|
|
|
sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim |
|
|
|
|
|
|
|
|
# Here we add to postconf the needed settings for working with OpenDKIM |
|
|
# Here we add to postconf the needed settings for working with OpenDKIM |
|
|
echo "Configuring Postfix with OpenDKIM settings..." |
|
|
echo "Configuring Postfix with OpenDKIM settings..." |
|
|
|
|
|
postconf -e "smtpd_sasl_security_options = noanonymous, noplaintext" |
|
|
|
|
|
postconf -e "smtpd_sasl_tls_security_options = noanonymous" |
|
|
|
|
|
postconf -e "myhostname = $maildomain" |
|
|
postconf -e "milter_default_action = accept" |
|
|
postconf -e "milter_default_action = accept" |
|
|
postconf -e "milter_protocol = 2" |
|
|
|
|
|
postconf -e "smtpd_milters = inet:localhost:8891" |
|
|
|
|
|
postconf -e "non_smtpd_milters = inet:localhost:8891" |
|
|
|
|
|
|
|
|
postconf -e "milter_protocol = 6" |
|
|
|
|
|
postconf -e "smtpd_milters = inet:localhost:12301" |
|
|
|
|
|
postconf -e "non_smtpd_milters = inet:localhost:12301" |
|
|
postconf -e "mailbox_command = /usr/lib/dovecot/deliver" |
|
|
postconf -e "mailbox_command = /usr/lib/dovecot/deliver" |
|
|
|
|
|
|
|
|
echo "Restarting Dovecot..." |
|
|
echo "Restarting Dovecot..." |
|
|