adrian
/
emailwiz
mirror of https://github.com/LukeSmithxyz/emailwiz.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
1 Branch
962 KiB
 
Tree: 46c35da496
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '46c35da496'
${ noResults }
emailwiz/emailwiz.sh

241 lines
8.5 KiB
Raw Blame History 

  1. #!/bin/sh

  2. 

  3. # THE SETUP

  4. 

  5. # - Mail will be stored in non-retarded Maildirs because it's $currentyear. This makes it easier for use with isync, which is what I care about so I can have an offline repo of mail.

  6. # - Mail boxes will be sensible: Inbox, Sent, Drafts, Archive, Junk, Trash

  7. # - Use the typical unix login system for mail users. Users will log into their email with their passnames on the server. No usage of a redundant mySQL database to do this.

  8. 

  9. 

  10. # BEFORE YOU RUN THIS

  11. # - Have a Debian system with a static IP and all that. Pretty much any default VPS offered by a company will have all the basic stuff you need. This script might run on Ubuntu as well. Haven't tried it.

  12. # - Have a Let's Encrypt SSL certificate for $maildomain. You might need one for $domain as well, but they're free with Let's Encypt so you should have them anyway.

  13. # - If you've been toying around with your server settings trying to get postfix/dovecot/etc. working before running this, I recommend you `apt purge` everything first because this script is build on top of only the defaults. Clearr out /etc/postfix and /etc/dovecot yourself if needbe.

  14. 

  15. 

  16. # On installation of Postfix, select "Internet Site" and put in TLD (without before it mail.)

  17. 

  18. echo "Installing programs..."

  19. apt install postfix dovecot-imapd opendkim spamassassin spamc

  20. domain="$(cat /etc/mailname)"

  21. subdom="mail"

  22. maildomain="$subdom.$domain"

  23. 

  24. 

  25. # NOTE ON POSTCONF COMMANDS

  26. 

  27. # The `postconf` command literally just adds the line in question to /etc/postfix/main.cf so if you need to debug something, go there.

  28. # It replaces any other line that sets the same setting, otherwise it is appended to the end of the file.

  29. 

  30. echo "Configuring Postfix's main.cf..."

  31. 

  32. # Change the cert/key files to the default locations of the Let's Encrypt cert/key

  33. postconf -e "smtpd_tls_key_file=/etc/letsencrypt/live/$maildomain/privkey.pem"

  34. postconf -e "smtpd_tls_cert_file=/etc/letsencrypt/live/$maildomain/fullchain.pem"

  35. postconf -e "smtpd_use_tls = yes"

  36. postconf -e "smtpd_tls_auth_only = yes"

  37. 

  38. # Here we tell Postfix to look to Dovecot for authenticating users/passwords.

  39. # Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth

  40. postconf -e "smtpd_sasl_auth_enable = yes"

  41. postconf -e "smtpd_sasl_type = dovecot"

  42. postconf -e "smtpd_sasl_path = private/auth"

  43. 

  44. #postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"

  45. 

  46. 

  47. # NOTE: the trailing slash here, or for any directory name in the home_mailbox command, is necessary as it distinguishes a maildir (which is the actual directories that what we want) from a spoolfile (which is what old unix boomers want and no one else).

  48. postconf -e "home_mailbox = Mail/Inbox/"

  49. 

  50. # Research this one:

  51. #postconf -e "mailbox_command ="

  52. 

  53. 

  54. # master.cf

  55. 

  56. echo "Configuring Postfix's master.cf..."

  57. 

  58. sed -i "/^\s*-o/d;/^\s*submission/d;/^\s*smtp/d" /etc/postfix/master.cf

  59. 

  60. echo "smtp unix - - n - - smtp

  61. smtp inet n - y - - smtpd

  62.   -o content_filter=spamassassin

  63. submission inet n       -       y       -       -       smtpd

  64.   -o syslog_name=postfix/submission

  65.   -o smtpd_tls_security_level=encrypt

  66.   -o smtpd_sasl_auth_enable=yes

  67.   -o smtpd_tls_auth_only=yes

  68. smtps     inet  n       -       y       -       -       smtpd

  69.   -o syslog_name=postfix/smtps

  70.   -o smtpd_tls_wrappermode=yes

  71.   -o smtpd_sasl_auth_enable=yes

  72. spamassassin unix -     n       n       -       -       pipe

  73.   user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf

  74. 

  75. 

  76. # By default, dovecot has a bunch of configs in /etc/dovecot/conf.d/

  77. # These files have nice documentation if you want to read it, but it's a huge pain to go through them to organize.

  78. # Instead, we simply overwrite /etc/dovecot/dovecot.conf because it's easier to manage. You can get a backup of the original in /usr/share/dovecot if you want.

  79. 

  80. echo "Creating Dovecot config..."

  81. 

  82. echo "# Dovecot config

  83. # Note that in the dovecot conf, you can use:

  84. # %u for username

  85. # %n for the name in name@domain.tld

  86. # %d for the domain

  87. # %h the user's home directory

  88. 

  89. # If you're not a brainlet, SSL must be set to required.

  90. ssl = required

  91. ssl_cert = </etc/letsencrypt/live/$maildomain/fullchain.pem

  92. ssl_key = </etc/letsencrypt/live/$maildomain/privkey.pem

  93. # Plaintext login. This is safe and easy thanks to SSL.

  94. auth_mechanisms = plain

  95. 

  96. protocols = \$protocols imap

  97. 

  98. # Search for valid users in /etc/passwd

  99. userdb {

  100. 	driver = passwd

  101. }

  102. # Use plain old PAM to find user passwords

  103. passdb {

  104. 	driver = pam

  105. }

  106. 

  107. # Our mail for each user will be in ~/Mail, and the inbox will be ~/Mail/Inbox

  108. # The LAYOUT option is also important because otherwise, the boxes will be \`.Sent\` instead of \`Sent\`.

  109. mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs

  110. namespace inbox {

  111. 	inbox = yes

  112. 	mailbox Drafts {

  113. 	special_use = \\Drafts

  114. 	auto = subscribe

  115. }

  116. 	mailbox Junk {

  117. 	special_use = \\Junk

  118. 	auto = subscribe

  119. 	autoexpunge = 30d

  120. }

  121. 	mailbox Sent {

  122. 	special_use = \\Sent

  123. 	auto = subscribe

  124. }

  125. 	mailbox Trash {

  126. 	special_use = \\Trash

  127. }

  128. 	mailbox Archive {

  129. 	special_use = \\Archive

  130. }

  131. }

  132. 

  133. # Here we let Postfix use Dovecot's authetication system.

  134. 

  135. service auth {

  136.   unix_listener /var/spool/postfix/private/auth {

  137. 	mode = 0660

  138. 	user = postfix

  139. 	group = postfix

  140. }

  141. }

  142. 

  143. protocol lda {

  144.   mail_plugins = \$mail_plugins sieve

  145. }

  146. 

  147. protocol lmtp {

  148.   mail_plugins = \$mail_plugins sieve

  149. }

  150. 

  151. plugin {

  152. 	sieve = ~/.dovecot.sieve

  153. 	sieve_default = /var/lib/dovecot/sieve/default.sieve

  154. 	#sieve_global_path = /var/lib/dovecot/sieve/default.sieve

  155. 	sieve_dir = ~/.sieve

  156. 	sieve_global_dir = /var/lib/dovecot/sieve/

  157. }

  158. " > /etc/dovecot/dovecot.conf

  159. 

  160. mkdir /var/lib/dovecot/sieve/

  161. 

  162. echo "require [\"fileinto\", \"mailbox\"];

  163. if header :contains \"X-Spam-Flag\" \"YES\"

  164. 	{

  165. 		fileinto \"Junk\";

  166. 	}" > /var/lib/dovecot/sieve/default.sieve

  167. 

  168. chown -R vmail:vmail /var/lib/dovecot

  169. sievec /var/lib/dovecot/sieve/default.sieve

  170. 

  171. echo "Preparing user authetication..."

  172. grep nullok /etc/pam.d/dovecot >/dev/null ||

  173. echo "auth    required        pam_unix.so nullok

  174. account required        pam_unix.so" >> /etc/pam.d/dovecot

  175. 

  176. # OpenDKIM

  177. 

  178. # A lot of the big name email services, like Google, will automatically rejectmark as spam unfamiliar and unauthenticated email addresses. As in, the server will flattly reject the email, not even deliverring it to someone's Spam folder.

  179. 

  180. # OpenDKIM is a way to authenticate your email so you can send to such services without a problem.

  181. 

  182. # add opendkim-tools ?

  183. 

  184. # Create an OpenDKIM key and put in in the proper place with proper permissions.

  185. echo "Generating OpenDKIM keys..."

  186. mkdir -p /etc/postfix/dkim

  187. opendkim-genkey -D /etc/postfix/dkim/ -d $ "$domain" -s "$subdom"

  188. chgrp opendkim /etc/postfix/dkim/*

  189. chmod g+r /etc/postfix/dkim/*

  190. 

  191. # Generate the OpenDKIM info:

  192. echo "Configuring OpenDKIM..."

  193. grep "$domain" >/dev/null 2>&1 /etc/postfix/dkim/keytable ||

  194. echo "$subdom._domainkey.$domain $domain:mail:/etc/postfix/dkim/mail.private" >> /etc/postfix/dkim/keytable

  195. 

  196. grep "$domain" >/dev/null 2>&1 /etc/postfix/dkim/signingtable ||

  197. echo "*@$domain $subdom._domainkey.$domain" >> /etc/postfix/dkim/signingtable

  198. 

  199. grep "127.0.0.1" >/dev/null 2>&1 /etc/postfix/dkim/trustedhosts ||

  200. 	echo "127.0.0.1

  201. 10.1.0.0/16

  202. 1.2.3.4/24" >> /etc/postfix/dkim/trustedhosts

  203. 

  204. # ...and source it from opendkim.conf

  205. grep ^KeyTable /etc/opendkim.conf >/dev/null || echo "KeyTable file:/etc/postfix/dkim/keytable

  206. SigningTable refile:/etc/postfix/dkim/signingtable

  207. InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf

  208. 

  209. # OpenDKIM daemon settings, removing previously activated socket.

  210. sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:8891@localhost\"" >> /etc/default/opendkim

  211. 

  212. # Here we add to postconf the needed settings for working with OpenDKIM

  213. echo "Configuring Postfix with OpenDKIM settings..."

  214. postconf -e "milter_default_action = accept"

  215. postconf -e "milter_protocol = 2"

  216. postconf -e "smtpd_milters = inet:localhost:8891"

  217. postconf -e "non_smtpd_milters = inet:localhost:8891"

  218. postconf -e "mailbox_command = /usr/lib/dovecot/deliver"

  219. 

  220. echo "Restarting Dovecot..."

  221. service dovecot restart && echo "Dovecot restarted."

  222. echo "Restarting Postfix..."

  223. service postfix restart && echo "Postfix restarted."

  224. echo "Restarting OpenDKIM..."

  225. service opendkim restart && echo "OpenDKIM restarted."

  226. echo "Restarting Spam Assassin..."

  227. service spamassassin restart && echo "Spamassassin restarted."

  228. 

  229. pval="$(tr -d "\n" </etc/postfix/dkim/mail.txt | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o p=.*)"

  230. echo "Here is your TXT entry:"

  231. echo

  232. echo

  233. echo

  234. printf "Record Name\\tRecord Type\\tText of entry\\n"

  235. printf "%s._domainkey\\tTXT\\t\\tv=DKIM1; k=rsa; %s\\n" "$subdom" "$pval"

  236. echo

  237. echo

  238. echo "$pval"

  239.