Luke Smith
1 年之前
共有 2 個文件被更改,包括 14 次插入 和 21 次删除
統一視圖
Diff Options
-
+9 -10README.md
-
+5 -11emailwiz.sh
+ 9
- 10
README.md
查看文件
| @@ -48,16 +48,15 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`. | |||||
| **CNAME record** for your `mail.` subdomain. | **CNAME record** for your `mail.` subdomain. | ||||
| 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an | 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an | ||||
| entry for your IPv4 Reverse DNS that goes from your IP address to | entry for your IPv4 Reverse DNS that goes from your IP address to | ||||
| `<yourdomain.com>` (not mail subdomain). If you would like IPv6, you can do | |||||
| the same for that. This has been tested on Vultr, and all decent VPS hosts | |||||
| will have a section on their instance settings page to add a reverse DNS PTR | |||||
| entry. | |||||
| You can use the 'Test Email Server' or ':smtp' tool on | |||||
| [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up | |||||
| a reverse DNS correctly. This step is not required for everyone, but some | |||||
| big email services like Gmail will stop emails coming from mail servers | |||||
| with no/invalid rDNS lookups. This means your email will fail to even | |||||
| make it to the recipients spam folder; it will never make it to them. | |||||
| `<mail.yourdomain.com>`. If you would like IPv6, you can do the same for | |||||
| that. This has been tested on Vultr, and all decent VPS hosts will have a | |||||
| section on their instance settings page to add a reverse DNS PTR entry. You | |||||
| can use the 'Test Email Server' or ':smtp' tool on | |||||
| [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a | |||||
| reverse DNS correctly. This step is not required for everyone, but some big | |||||
| email services like Gmail will stop emails coming from mail servers with | |||||
| no/invalid rDNS lookups. This means your email will fail to even make it to | |||||
| the recipients spam folder; it will never make it to them. | |||||
| 5. `apt purge` all your previous (failed) attempts to install and configure a | 5. `apt purge` all your previous (failed) attempts to install and configure a | ||||
| mail server. Get rid of _all_ your system settings for Postfix, Dovecot, | mail server. Get rid of _all_ your system settings for Postfix, Dovecot, | ||||
| OpenDKIM and everything else. This script builds off of a fresh install. | OpenDKIM and everything else. This script builds off of a fresh install. | ||||
+ 5
- 11
emailwiz.sh
查看文件
| @@ -33,11 +33,9 @@ | |||||
| # On installation of Postfix, select "Internet Site" and put in TLD (without | # On installation of Postfix, select "Internet Site" and put in TLD (without | ||||
| # `mail.` before it). | # `mail.` before it). | ||||
| echo "Setting umask to 0022..." | |||||
| umask 0022 | umask 0022 | ||||
| echo "Installing programs..." | |||||
| apt-get install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc | |||||
| apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools | |||||
| # Check if OpenDKIM is installed and install it if not. | # Check if OpenDKIM is installed and install it if not. | ||||
| which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools | which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools | ||||
| domain="$(cat /etc/mailname)" | domain="$(cat /etc/mailname)" | ||||
| @@ -86,7 +84,6 @@ postconf -e 'smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1' | |||||
| postconf -e 'tls_preempt_cipherlist = yes' | postconf -e 'tls_preempt_cipherlist = yes' | ||||
| postconf -e 'smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL' | postconf -e 'smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL' | ||||
| # Here we tell Postfix to look to Dovecot for authenticating users/passwords. | # Here we tell Postfix to look to Dovecot for authenticating users/passwords. | ||||
| # Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth | # Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth | ||||
| postconf -e 'smtpd_sasl_auth_enable = yes' | postconf -e 'smtpd_sasl_auth_enable = yes' | ||||
| @@ -104,18 +101,17 @@ postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth | |||||
| # boomers want and no one else). | # boomers want and no one else). | ||||
| postconf -e 'home_mailbox = Mail/Inbox/' | postconf -e 'home_mailbox = Mail/Inbox/' | ||||
| # A fix referenced in issue #178 - Postfix configuration leaks ip addresses (https://github.com/LukeSmithxyz/emailwiz/issues/178) | |||||
| # Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses | # Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses | ||||
| postconf -e "header_checks = regexp:/etc/postfix/header_checks" | postconf -e "header_checks = regexp:/etc/postfix/header_checks" | ||||
| # Create a login map file that ensures that if a sender wants to send a mail from a user at our local | |||||
| # domain, they must be authenticated as that user | |||||
| echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" > /etc/postfix/login_maps.pcre | |||||
| # strips "Received From:" in sent emails | # strips "Received From:" in sent emails | ||||
| echo "/^Received:.*/ IGNORE | echo "/^Received:.*/ IGNORE | ||||
| /^X-Originating-IP:/ IGNORE" >> /etc/postfix/header_checks | /^X-Originating-IP:/ IGNORE" >> /etc/postfix/header_checks | ||||
| # Create a login map file that ensures that if a sender wants to send a mail from a user at our local | |||||
| # domain, they must be authenticated as that user | |||||
| echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" > /etc/postfix/login_maps.pcre | |||||
| # master.cf | # master.cf | ||||
| echo "Configuring Postfix's master.cf..." | echo "Configuring Postfix's master.cf..." | ||||
| @@ -136,13 +132,11 @@ smtps inet n - y - - smtpd | |||||
| spamassassin unix - n n - - pipe | spamassassin unix - n n - - pipe | ||||
| user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf | user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf | ||||
| # By default, dovecot has a bunch of configs in /etc/dovecot/conf.d/ These | # By default, dovecot has a bunch of configs in /etc/dovecot/conf.d/ These | ||||
| # files have nice documentation if you want to read it, but it's a huge pain to | # files have nice documentation if you want to read it, but it's a huge pain to | ||||
| # go through them to organize. Instead, we simply overwrite | # go through them to organize. Instead, we simply overwrite | ||||
| # /etc/dovecot/dovecot.conf because it's easier to manage. You can get a backup | # /etc/dovecot/dovecot.conf because it's easier to manage. You can get a backup | ||||
| # of the original in /usr/share/dovecot if you want. | # of the original in /usr/share/dovecot if you want. | ||||
| mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf | mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf | ||||
| echo "Creating Dovecot config..." | echo "Creating Dovecot config..." | ||||