close #217

Typo in my last merge

README.md

@@ -34,10 +34,10 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
   have an offline mirror of my email setup and I recommend the same. There are
   other ways of doing it though, like Thunderbird, etc.
 
-## Requirements
+## Before you run this script you need...
 
 1. A **Debian or Ubuntu server**. I've tested this on a
-   [Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running
+   [Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running
    Ubuntu and their setup works, but I suspect other VPS hosts will have
    similar/possibly identical default settings which will let you run this on
    them. Note that the affiliate link there to Vultr gives you a $100 credit
@@ -65,6 +65,9 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
    You may need to request these ports be opened to send mail successfully.
    Vultr and most other VPS providers will respond immediately and open the
    ports for you if you open a support ticket.
+7. If you have a firewall, you'll need to open ports on your side as well. For
+   example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you
+   will need port 80 for Certbot too).
 
 ## Post-install requirement!
 
@@ -135,3 +138,8 @@ support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
   [Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
   blocks this by default, you need to open a support ticket with them to open
   it. You can't send mail if 25 is blocked
+
+## TODO
+
+- Fail2ban for security.
+- Scripts for easier spam prevention.

emailwiz.sh

@@ -45,13 +45,13 @@ subdom=${MAIL_SUBDOM:-mail}
 maildomain="$subdom.$domain"
 certdir="/etc/letsencrypt/live/$maildomain"
 
-[ ! -d "$certdir" ] && certdir="$(dirname "$(certbot certificates 2>/dev/null | grep "$maildomain\|*.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)")"
+[ ! -d "$certdir" ] &&
+	possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" &&
+	certdir="${possiblecert%/*}"
 
 [ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain.
 
-Use Let's Encrypt's Certbot to get that and then rerun this script.
-
-You may need to set up a dummy $maildomain site in nginx or Apache for that to work." && exit 1
+Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1
 
 # NOTE ON POSTCONF COMMANDS
 
@@ -312,13 +312,17 @@ done
 # If ufw is used, enable the mail ports.
 pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;}
 
-pval="$(tr -d '\n' </etc/postfix/dkim/"$subdom".txt | sed 's/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//' | grep -o 'p=.*')"
+pval="$(tr -d '\n' </etc/postfix/dkim/"$subdom".txt | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')"
 dkimentry="$subdom._domainkey.$domain	TXT	v=DKIM1; k=rsa; $pval"
 dmarcentry="_dmarc.$domain	TXT	v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1"
 spfentry="$domain	TXT	v=spf1 mx a:$maildomain -all"
 
 useradd -m -G mail dmarc
 
+grep -q "^deploy-hook = postfix reload" /etc/letsencrypt/cli.ini ||
+	echo "
+deploy-hook = service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini
+
 echo "$dkimentry
 $dmarcentry
 $spfentry" > "$HOME/dns_emailwizard"