diff --git a/installer.sh b/installer.sh index bdda6b0..b53c516 100644 --- a/installer.sh +++ b/installer.sh @@ -1,8 +1,4 @@ #!/bin/bash -###==========================================### -## Ubuntu 18.04 Mailserver installer ## -###==========================================### - ##----------## # Menu # ##----------## @@ -33,34 +29,30 @@ if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno " Do yo exit fi echo "" >/dev/null -#password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3) -#domain=$(whiptail --nocancel --inputbox " Enter the Domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3) -##email=$(whiptail --nocancel --inputbox " Enter the Administrator E-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3) +password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3) +domain=$(whiptail --nocancel --inputbox " Enter the domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3) +email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3) elif [ $IMODE = l ]; then echo "" >/dev/null -#echo "Ubuntu 18.04 Mailserver installation script." -#echo "Domain without www or mail:" -#read domain -#echo "Please enter your password (should contain at least 2 digits and 6 characters:" -#read password -#echo "Administrator E-mail:" -#read email +echo "Ubuntu 18.04 Mailserver installation script." +echo "Domain without www or e-mail:" +read domain +echo "Please enter your password (should contain at least 2 digits and 6 characters:" +read password +echo "Administrator E-mail:" +read email fi -PKGA="add-apt-repository" -PKGI="${PKGM} install -y" - ##-----------------## # Static-Vars # ##-----------------## -domain=ictdownwerk.com -password=JW9t9ipdgLrWvMqHq7hX -email=admin@ictdagbesteding.nl phpver=7.3 domonly=${domain} domain=mail.${domain} branch=stable dhparam=1024 +PKGA="add-apt-repository" +PKGI="${PKGM} install -y" debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" @@ -71,9 +63,9 @@ TERM=ansi whiptail --title "Info" --infobox " Pre-Configuring" 8 sleep 2 hostnamectl set-hostname $domain > $OUTPUT 2>&1 timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1 -mkdir -p /var/run/clamav -adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav -chown clamav:clamav /var/run/clamav +#mkdir -p /var/run/clamav +#adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav +#chown clamav:clamav /var/run/clamav mkdir -p /etc/nginx mkdir -p /var/www/"$domain"/html chmod -R 755 /var/www @@ -96,7 +88,8 @@ $PKGM update $PKGI software-properties-common sudo $PKGA universe -y > $OUTPUT 2>&1 $PKGA ppa:ondrej/php -y > $OUTPUT 2>&1 -wget -q -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add - +$PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1 +wget -q -t7 -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add - echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list > $OUTPUT 2>&1 $PKGM update $PKGM upgrade -y @@ -104,7 +97,7 @@ $PKGM upgrade -y ##-----------------------------## # Installing Requirements # ##-----------------------------## -$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban +$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban bc python-certbot-nginx ##-------------## # Debloat # @@ -279,9 +272,6 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1 ##------------------## # PostfixADMIN # ##------------------## -#$PKGI postfix postfix-mysql -#$PKGI php${phpver} php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline -#$PKGI libc-client2007e mlock php${phpver}-common php${phpver}-imap TERM=ansi whiptail --title "Info" --infobox " Configuring PostfixAdmin" 8 52 sleep 2 mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c @@ -302,15 +292,13 @@ useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail > $OUT ##--------------------## #TERM=ansi whiptail --title "Info" --infobox " Configuring Certbot" 8 52 #sleep 2 -#add-apt-repository ppa:certbot/certbot -y -#apt install -y python-certbot-nginx #certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos #echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh #sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" #sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" #sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" #openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1 -#chmod 777 -R /etc/ssl/certs/dhparam.pem +#chmod 755 -R /etc/ssl/certs/dhparam.pem ##----------------------## # Certbot (Manual) # @@ -328,21 +316,14 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1 openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1 -chmod 777 -R /etc/letsencrypt/ssl-dhparams.pem -chmod 777 -R /etc/ssl/certs/dhparam.pem -chmod 777 -R /etc/letsencrypt/live/$domain/cert.pem -chmod 777 -R /etc/letsencrypt/live/$domain/chain.pem -chmod 777 -R /etc/letsencrypt/live/$domain/fullchain.pem -chmod 777 -R /etc/letsencrypt/live/$domain/privkey.pem +chmod 755 -R /etc/letsencrypt/ssl-dhparams.pem +chmod 755 -R /etc/ssl/certs/dhparam.pem +chmod 755 -R /etc/letsencrypt/live/$domain/cert.pem +chmod 755 -R /etc/letsencrypt/live/$domain/chain.pem +chmod 755 -R /etc/letsencrypt/live/$domain/fullchain.pem +chmod 755 -R /etc/letsencrypt/live/$domain/privkey.pem chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com -##-----------------------## -# Postfix Installer # -##-----------------------## -debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)" -debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" -#$PKGI postfix postfix-mysql - ##---------------------------## # Postfix Configuration # ##---------------------------## @@ -386,14 +367,6 @@ postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_myn sed -i 's/mynetworks = /#mynetworks = /g' /etc/postfix/main.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/postfix/master.cf -O /etc/postfix/master.cf -##-----------------------## -# Dovecot Installer # -##-----------------------## -#wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add - -#echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list -#$PKGM update -#$PKGI dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql - ##---------------------------## # Dovecot Configuration # ##---------------------------## @@ -419,7 +392,6 @@ chmod +x /usr/local/bin/quota-warning.sh ##--------------------------------------## TERM=ansi whiptail --title "Info" --infobox " Configuring Spam Folder" 8 52 sleep 2 -#$PKGI dovecot-sieve dovecot-managesieved mkdir -p /etc/dovecot/sieve/ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/dovecot/15-lda.conf -O /etc/dovecot/conf.d/15-lda.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/90-sieve.conf -O /etc/dovecot/conf.d/90-sieve.conf @@ -432,7 +404,6 @@ chgrp dovecot /etc/dovecot/sieve/default.svbin > $OUTPUT 2>&1 ##------------------## # Spamassassin # ##------------------## -#$PKGI spamassassin spamc razor pyzor TERM=ansi whiptail --title "Info" --infobox " Configuring Spamassassin" 8 52 sleep 2 sed -i -e 's/# report_safe 1/report_safe 0/' -e 's/# required_score 5.0/required_score 5.0/' -e 's/endif # Mail::SpamAssassin::Plugin::Shortcircuit//' /etc/spamassassin/local.cf @@ -458,7 +429,6 @@ echo "endif # Mail::SpamAssassin::Plugin::Shortcircuit" >> /etc/spamassassin/loc ##------------## # ClamAV # ##------------## -#$PKGI clamav clamav-daemon clamsmtp libclamunrar7 clamdscan TERM=ansi whiptail --title "Info" --infobox " Configuring ClamAV" 8 52 sleep 2 mkdir -p /var/log/clamav @@ -470,12 +440,10 @@ chmod 775 -R /var/lib/clamav/* /var/lib/clamav ##------------## # Amavis # ##------------## -#$PKGI amavisd-new -#$PKGI zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl TERM=ansi whiptail --title "Info" --infobox " Configuring Amavis" 8 52 sleep 2 sed -i -e 's/@bypass/'@bypass'/' -e 's/ / /' /etc/amavis/conf.d/15-content_filter_mode -adduser clamav amavis >/dev/null +adduser clamav amavis > $OUTPUT 2>&1 sed -i 's/clamd.conf/'clamd.conf'/g' /etc/clamav/freshclam.conf echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/main.cf postconf -e 'content_filter = amavis:[127.0.0.1]:10024' @@ -506,7 +474,6 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra ##--------------## # Rainloop # ##--------------## -#$PKGI unzip TERM=ansi whiptail --title "Info" --infobox " Configuring Rainloop" 8 52 sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/rainloop.sh -O /tmp/rainloop.sh @@ -516,7 +483,6 @@ ln -s /opt/rainloop /var/www/"$domain"/html/ ##--------------## # Fail2Ban # ##--------------## -#$PKGI fail2ban TERM=ansi whiptail --title "Info" --infobox " Configuring Fail2Ban" 8 52 sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/dovecot-pop3imap.conf -O /etc/fail2ban/filter.d/dovecot-pop3imap.conf @@ -534,28 +500,14 @@ sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/installer.sh -O /tmp/unattended.sh source /tmp/unattended.sh -##-----------------------## -# Enabling services # -##-----------------------## -TERM=ansi whiptail --title "Info" --infobox " Enabling Services" 8 52 +##---------------------## +# System services # +##---------------------## +TERM=ansi whiptail --title "Info" --infobox " Setting up system services" 8 52 sleep 2 systemctl enable nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1 - -##-----------------------------------------## -# Disabling services autostart on boot # -##-----------------------------------------## -systemctl disable amavisd-snmp-subagent amavis-mc - -##----------------------## -# Stopping services # -##----------------------## -systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot - -##-----------------------## -# Starting services # -##-----------------------## -TERM=ansi whiptail --title "Info" --infobox " Restarting Services" 8 52 -sleep 1 +systemctl disable amavisd-snmp-subagent amavis-mc > $OUTPUT 2>&1 +systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1 systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1 ##---------------------------------## @@ -567,14 +519,10 @@ systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam done } | whiptail --gauge " Please wait while ClamAV is updating definitions..." 6 52 0 -##-------------------------------------------## -# Starting AntiVirus & AntiSpam services # -##-------------------------------------------## -systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot - -##-----------------------------------## -# Letting Amavis wait for ClamAV # -##-----------------------------------## +##-------------------------## +# Configuring Services # +##-------------------------## +systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1 echo "@reboot root systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot && sleep 300 && systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot" >> /etc/crontab ##------------------## @@ -591,6 +539,6 @@ $PKGM autoremove -y ##----------------------## TERM=ansi whiptail --title "Info" --infobox " Done installing!" 8 52 sleep 3 +whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started \n\nYour login is: superadmin@$domonly\nYour password is: $password" 10 108 whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 8 78 -whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started" 8 108 clear \ No newline at end of file