Author | SHA1 | Message | Date |
---|---|---|---|
Luke Smith | 3c17f0dcd3 | close #217 | 1 year ago |
Luke Smith | 347af34f30 | fix #205 | 1 year ago |
Luke Smith | f2d10c4af6 | fix #223 | 1 year ago |
Luke Smith | ab62f85002 | Merge branch 'master' of github.com:LukeSmithxyz/emailwiz | 1 year ago |
Luke Smith | aa6271b438 | close #222 | 1 year ago |
Luke Smith |
e40c0c418f
|
Merge pull request #215 from simo981/patch-1
Typo in my last merge |
1 year ago |
simone |
d449a17de8
|
Typo in my last merge | 2 years ago |
@@ -34,10 +34,10 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`. | |||||
have an offline mirror of my email setup and I recommend the same. There are | have an offline mirror of my email setup and I recommend the same. There are | ||||
other ways of doing it though, like Thunderbird, etc. | other ways of doing it though, like Thunderbird, etc. | ||||
## Requirements | |||||
## Before you run this script you need... | |||||
1. A **Debian or Ubuntu server**. I've tested this on a | 1. A **Debian or Ubuntu server**. I've tested this on a | ||||
[Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running | |||||
[Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running | |||||
Ubuntu and their setup works, but I suspect other VPS hosts will have | Ubuntu and their setup works, but I suspect other VPS hosts will have | ||||
similar/possibly identical default settings which will let you run this on | similar/possibly identical default settings which will let you run this on | ||||
them. Note that the affiliate link there to Vultr gives you a $100 credit | them. Note that the affiliate link there to Vultr gives you a $100 credit | ||||
@@ -65,6 +65,9 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`. | |||||
You may need to request these ports be opened to send mail successfully. | You may need to request these ports be opened to send mail successfully. | ||||
Vultr and most other VPS providers will respond immediately and open the | Vultr and most other VPS providers will respond immediately and open the | ||||
ports for you if you open a support ticket. | ports for you if you open a support ticket. | ||||
7. If you have a firewall, you'll need to open ports on your side as well. For | |||||
example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you | |||||
will need port 80 for Certbot too). | |||||
## Post-install requirement! | ## Post-install requirement! | ||||
@@ -135,3 +138,8 @@ support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). | |||||
[Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance | [Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance | ||||
blocks this by default, you need to open a support ticket with them to open | blocks this by default, you need to open a support ticket with them to open | ||||
it. You can't send mail if 25 is blocked | it. You can't send mail if 25 is blocked | ||||
## TODO | |||||
- Fail2ban for security. | |||||
- Scripts for easier spam prevention. |
@@ -45,13 +45,13 @@ subdom=${MAIL_SUBDOM:-mail} | |||||
maildomain="$subdom.$domain" | maildomain="$subdom.$domain" | ||||
certdir="/etc/letsencrypt/live/$maildomain" | certdir="/etc/letsencrypt/live/$maildomain" | ||||
[ ! -d "$certdir" ] && certdir="$(dirname "$(certbot certificates 2>/dev/null | grep "$maildomain\|*.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)")" | |||||
[ ! -d "$certdir" ] && | |||||
possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && | |||||
certdir="${possiblecert%/*}" | |||||
[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. | [ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. | ||||
Use Let's Encrypt's Certbot to get that and then rerun this script. | |||||
You may need to set up a dummy $maildomain site in nginx or Apache for that to work." && exit 1 | |||||
Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1 | |||||
# NOTE ON POSTCONF COMMANDS | # NOTE ON POSTCONF COMMANDS | ||||
@@ -312,13 +312,17 @@ done | |||||
# If ufw is used, enable the mail ports. | # If ufw is used, enable the mail ports. | ||||
pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;} | pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;} | ||||
pval="$(tr -d '\n' </etc/postfix/dkim/"$subdom".txt | sed 's/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//' | grep -o 'p=.*')" | |||||
pval="$(tr -d '\n' </etc/postfix/dkim/"$subdom".txt | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')" | |||||
dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" | dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" | ||||
dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" | dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" | ||||
spfentry="$domain TXT v=spf1 mx a:$maildomain -all" | spfentry="$domain TXT v=spf1 mx a:$maildomain -all" | ||||
useradd -m -G mail dmarc | useradd -m -G mail dmarc | ||||
grep -q "^deploy-hook = postfix reload" /etc/letsencrypt/cli.ini || | |||||
echo " | |||||
deploy-hook = service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini | |||||
echo "$dkimentry | echo "$dkimentry | ||||
$dmarcentry | $dmarcentry | ||||
$spfentry" > "$HOME/dns_emailwizard" | $spfentry" > "$HOME/dns_emailwizard" | ||||