| @@ -16,9 +16,9 @@ | |||||
| # On installation of Postfix, select "Internet Site" and put in TLD (without before it mail.) | # On installation of Postfix, select "Internet Site" and put in TLD (without before it mail.) | ||||
| echo "Installing programs..." | echo "Installing programs..." | ||||
| apt install postfix dovecot-imapd opendkim spamassassin spamc | |||||
| apt install postfix dovecot-imapd dovecot-sieve opendkim spamassassin spamc | |||||
| # Install another requirement for opendikm only if the above command didn't get it already | # Install another requirement for opendikm only if the above command didn't get it already | ||||
| [ -e $(which opendkim-genkey) ] || apt install opendkim-tools | |||||
| [ which opendkim-genkey > /dev/null 2>&1 ] || apt install opendkim-tools | |||||
| domain="$(cat /etc/mailname)" | domain="$(cat /etc/mailname)" | ||||
| subdom="mail" | subdom="mail" | ||||
| maildomain="$subdom.$domain" | maildomain="$subdom.$domain" | ||||
| @@ -96,7 +96,7 @@ ssl = required | |||||
| ssl_cert = </etc/letsencrypt/live/$maildomain/fullchain.pem | ssl_cert = </etc/letsencrypt/live/$maildomain/fullchain.pem | ||||
| ssl_key = </etc/letsencrypt/live/$maildomain/privkey.pem | ssl_key = </etc/letsencrypt/live/$maildomain/privkey.pem | ||||
| # Plaintext login. This is safe and easy thanks to SSL. | # Plaintext login. This is safe and easy thanks to SSL. | ||||
| auth_mechanisms = plain | |||||
| auth_mechanisms = plain login cram-md5 | |||||
| protocols = \$protocols imap | protocols = \$protocols imap | ||||
| @@ -104,7 +104,12 @@ protocols = \$protocols imap | |||||
| userdb { | userdb { | ||||
| driver = passwd | driver = passwd | ||||
| } | } | ||||
| # Use plain old PAM to find user passwords | |||||
| # Use file with cram-md5 hashed passwords to find user passwords | |||||
| passdb { | |||||
| driver = passwd-file | |||||
| args = scheme=cram-md5 /etc/cram-md5.pwd | |||||
| } | |||||
| #Fallback: Use plain old PAM to find user passwords | |||||
| passdb { | passdb { | ||||
| driver = pam | driver = pam | ||||
| } | } | ||||
| @@ -170,6 +175,7 @@ if header :contains \"X-Spam-Flag\" \"YES\" | |||||
| fileinto \"Junk\"; | fileinto \"Junk\"; | ||||
| }" > /var/lib/dovecot/sieve/default.sieve | }" > /var/lib/dovecot/sieve/default.sieve | ||||
| cut -d: -f1 /etc/passwd | grep ^vmail > /dev/null 2&>1 || useradd vmail | |||||
| chown -R vmail:vmail /var/lib/dovecot | chown -R vmail:vmail /var/lib/dovecot | ||||
| sievec /var/lib/dovecot/sieve/default.sieve | sievec /var/lib/dovecot/sieve/default.sieve | ||||
| @@ -211,15 +217,24 @@ grep ^KeyTable /etc/opendkim.conf >/dev/null || echo "KeyTable file:/etc/postfix | |||||
| SigningTable refile:/etc/postfix/dkim/signingtable | SigningTable refile:/etc/postfix/dkim/signingtable | ||||
| InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf | InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf | ||||
| sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf | |||||
| sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf | |||||
| sed -e '/Socket/s/^#*/#/' -i /etc/opendkim.conf | |||||
| sed -i '/\local:\/var\/run\/opendkim\/opendkim.sock/a \Socket\t\t\tinet:12301@localhost' /etc/opendkim.conf | |||||
| # OpenDKIM daemon settings, removing previously activated socket. | # OpenDKIM daemon settings, removing previously activated socket. | ||||
| sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:8891@localhost\"" >> /etc/default/opendkim | |||||
| sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim | |||||
| # Here we add to postconf the needed settings for working with OpenDKIM | # Here we add to postconf the needed settings for working with OpenDKIM | ||||
| echo "Configuring Postfix with OpenDKIM settings..." | echo "Configuring Postfix with OpenDKIM settings..." | ||||
| postconf -e "smtpd_sasl_security_options = noanonymous, noplaintext" | |||||
| postconf -e "smtpd_sasl_tls_security_options = noanonymous" | |||||
| postconf -e "myhostname = $maildomain" | |||||
| postconf -e "milter_default_action = accept" | postconf -e "milter_default_action = accept" | ||||
| postconf -e "milter_protocol = 2" | |||||
| postconf -e "smtpd_milters = inet:localhost:8891" | |||||
| postconf -e "non_smtpd_milters = inet:localhost:8891" | |||||
| postconf -e "milter_protocol = 6" | |||||
| postconf -e "smtpd_milters = inet:localhost:12301" | |||||
| postconf -e "non_smtpd_milters = inet:localhost:12301" | |||||
| postconf -e "mailbox_command = /usr/lib/dovecot/deliver" | postconf -e "mailbox_command = /usr/lib/dovecot/deliver" | ||||
| echo "Restarting Dovecot..." | echo "Restarting Dovecot..." | ||||