Work_Archive/VPS-scripts_Ubuntu-Mail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: Work_Archive:stable
Branches Tags
Work_Archive:beta Work_Archive:stable Work_Archive:omega Work_Archive:dev Work_Archive:alpha
...
pull from: Work_Archive:beta
Branches Tags
Work_Archive:beta Work_Archive:stable Work_Archive:omega Work_Archive:dev Work_Archive:alpha

70 Commits
stable ... beta

Author SHA1 Message Date
b.waal
1ecffac81d Silenced output when enableing the firewall 2019-11-06 13:17:48 +01:00
b.waal
c3150b00f5 Updated MOTD 2019-11-06 11:14:45 +01:00
b.waal
6cdf41a002 Updated vars 2019-11-05 12:15:12 +01:00
b.waal
87a34d0b30 Update 'installer.sh' 2019-10-30 14:46:39 +01:00
b.waal
9c730689d8 Update 'installer.sh' 2019-10-24 12:13:37 +02:00
b.waal
f2e03857c0 Certbot set to offline / testing 2019-10-24 11:14:26 +02:00
b.waal
87c9f79d46 Update 'installer.sh' 2019-10-24 11:11:37 +02:00
b.waal
f9136ac5c2 Update 'installer.sh' 2019-10-24 09:16:51 +02:00
b.waal
32ecf4fb1f Update 'config/manual.sh' 2019-10-24 09:15:23 +02:00
b.waal
e9577e3034 Update 'installer.sh' 2019-10-24 09:14:37 +02:00
b.waal
7821e72231 Updated vars 
Gnegne
 2019-10-23 14:08:05 +02:00
b.waal
08fb01fd70 Update 'config/manual.sh' 2019-10-23 14:07:00 +02:00
b.waal
2ad36d77e1 Update 'installer.sh' 2019-10-23 12:28:03 +02:00
b.waal
06bcefa1a8 Add 'config/manual.sh' 2019-10-23 12:25:20 +02:00
b.waal
7b609be727 Update 'installer.sh' 2019-10-23 12:24:34 +02:00
b.waal
96c5eaf73c Update 'installer.sh' 2019-10-22 13:22:08 +02:00
b.waal
6fb8883964 Fixed typo 2019-10-22 02:51:41 +02:00
b.waal
4125606b4c Delete 'rainloop.sh' 2019-10-18 00:01:00 +02:00
b.waal
b8b4dd8cd2 Edited Rainloop installer.sh location to the config files 2019-10-17 15:27:04 +02:00
b.waal
da5074524c Add 'config/rainloop/rainloop.sh' 2019-10-17 15:25:33 +02:00
b.waal
213dafb3fa Update 'Future-Updates.md' 2019-10-17 15:18:01 +02:00
b.waal
fb8499f2d4 Updated sources list 2019-10-17 13:05:53 +02:00
b.waal
d0c6b56bc2 Update 'README.md' 2019-10-17 12:45:58 +02:00
b.waal
fce127f006 Update 'config/dkim/opendkim.sh' 2019-10-17 12:12:32 +02:00
b.waal
084c7e709c Update 'config/dkim/opendkim.conf' 2019-10-17 12:09:17 +02:00
b.waal
053bc52938 Added service restart for OpenDKIM 2019-10-17 09:55:46 +02:00
b.waal
10f757a97d Added apt install voor OpenDKIM 2019-10-17 09:40:59 +02:00
b.waal
a1fa2c5b07 Added OpenDKIM 2019-10-17 09:20:19 +02:00
b.waal
bc93db7be4 Update 'config/dkim/opendkim.sh' 2019-10-16 14:21:53 +02:00
b.waal
3682a1ac2a Update 'config/dkim/opendkim.sh' 2019-10-16 13:52:41 +02:00
b.waal
55cf172e9b Upload files to 'config/dkim' 2019-10-16 13:51:15 +02:00
b.waal
e96c8c0e24 Created test for unattended OpenDKIM installation 2019-10-16 13:42:38 +02:00
b.waal
e58bd1b174 Enabled certbot 2019-10-16 13:03:14 +02:00
b.waal
3b3c84e7d5 Fixed SED on line 407 2019-10-16 02:25:51 +02:00
b.waal
c2230affa6 Updated Max attachment size, added php7.3-fpm to the restart services list 2019-10-16 01:34:36 +02:00
b.waal
6e549d011d Fixed typo on line 51 2019-10-16 00:53:58 +02:00
b.waal
b57a795c77 Updated Attachment file size Whiptail menu 2019-10-16 00:47:43 +02:00
b.waal
ea21c83c3f Added maximum upload attachment size option 2019-10-15 15:09:35 +02:00
b.waal
56d404a518 Update 'Future-Updates.md' 2019-10-15 12:29:34 +02:00
b.waal
8622baf112 Added incoming check for SPF 2019-10-15 11:57:01 +02:00
b.waal
a39339b7c1 Created incoming SPF config 2019-10-15 11:52:20 +02:00
b.waal
50b39bda6b Enabled default mailboxes 2019-10-15 10:18:57 +02:00
b.waal
8dc4ecef99 Update 'Future-Updates.md' 2019-10-15 09:18:00 +02:00
b.waal
eb34914c83 Update 'Future-Updates.md' 2019-10-08 14:14:07 +02:00
b.waal
ec6e6c086b Added SSH notice 2019-10-08 12:16:08 +02:00
b.waal
faa9a90268 Fixed branch variables & added msg to MOTD and ufw 2019-10-08 11:53:33 +02:00
b.waal
32b54ef871 Added $output quiet 2019-10-08 11:47:10 +02:00
b.waal
c6e6e2169e Added ufw config & ssh port changed 2019-10-08 11:29:44 +02:00
b.waal
2b733413a9 Update 'config/ufw/config.sh' 2019-10-08 11:26:09 +02:00
b.waal
5154362ad1 Add 'config/ufw/config.sh' 2019-10-08 11:20:38 +02:00
b.waal
caea30ae71 Fixed Amavis transport in postfix-master.cf 2019-10-03 15:21:29 +02:00
b.waal
b93d7c936d Update 'installer.sh' 2019-10-03 14:10:18 +02:00
b.waal
fd23efb754 Update 'config/postfix/clear-queue.sh' 2019-10-03 14:06:08 +02:00
b.waal
15638c31cd Add 'config/postfix/clear-queue.sh' 2019-10-03 13:03:24 +02:00
b.waal
764ef33521 Update 'installer.sh' 2019-10-01 14:50:24 +02:00
b.waal
8749d80238 Motd typo fixed 2019-10-01 12:46:27 +02:00
b.waal
cd2bcf53ce Update 'Future-Updates.md' 2019-10-01 09:30:55 +02:00
b.waal
2b2eb7c880 Update 'installer.sh' 2019-09-26 15:57:52 +02:00
b.waal
d316d909b9 Add 'config/motd/01-custom' 2019-09-26 15:56:15 +02:00
b.waal
1bbffc5696 Update 'Future-Updates.md' 2019-09-26 14:55:57 +02:00
b.waal
b1d1b1c0ff Added MySQL random password generation 2019-09-26 14:46:38 +02:00
b.waal
197464ac5e Update 'config/amavis/50-user' 2019-09-26 14:39:46 +02:00
b.waal
60193076a9 Update 'Future-Updates.md' 2019-09-26 12:57:42 +02:00
b.waal
faae957514 Update 'Future-Updates.md' 2019-09-26 12:57:36 +02:00
b.waal
18b4c91102 Update 'installer.sh' 2019-09-22 04:25:14 +02:00
b.waal
ffc10d0ad2 Update 'installer.sh' 2019-09-22 00:26:09 +02:00
b.waal
1bbdb0357d Update 'installer.sh' 2019-09-22 00:25:52 +02:00
b.waal
8ef923c737 Update 'Future-Updates.md' 2019-09-20 03:49:53 +02:00
b.waal
6e154e030a Updated branch 
Branch = beta
 2019-09-20 03:48:48 +02:00
b.waal
6aa7b41b85 Updated branch 
Branch = beta
 2019-09-20 03:48:27 +02:00
13 changed files with 342 additions and 64 deletions
Expand all files Collapse all files

11
Future-Updates.md
View File

@@ -1,7 +1,10 @@
## Future updates:
```
DKIM, Generate random password for MySQL, Update PostfixAdmin to the latest version. Log rotate?
Dovecot/Postfix authentication is plain-text, needs encryption?
Rainloop auto-refresh in background.
Set email quota
Update PostfixAdmin to the latest version.
Set email quota? Postgrey, FuzzyOCR.
Mail.log should rotate every week, this needs to be tested.
Export DKIM key to the home folder.
User manual for purging and clearing the mail queue.
```

14
README.md
View File

@@ -1,14 +1,15 @@
# Ubuntu-Mail
### Notice, SSH Port has been set 4242
**Get Started with the graphical installer**:
```
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/stable/installer.sh -O /tmp/installer.sh
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/beta/installer.sh -O /tmp/installer.sh
bash /tmp/installer.sh
```
**Legacy Installer for developing and debugging**:
```
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/stable/installer.sh -O /tmp/installer.sh
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/beta/installer.sh -O /tmp/installer.sh
bash /tmp/installer.sh -l 2>&1 | tee ~/output.log
```
@@ -16,10 +17,19 @@ bash /tmp/installer.sh -l 2>&1 | tee ~/output.log
```
* VPS-scripts/Unattended-Security-Updates
* VPS-scripts/Ubuntu-MySQL
* VPS-scripts/Ubuntu-Web
```
#### Sources:
```
https://linuxize.com/post/set-up-an-email-server-with-postfixadmin
https://www.howtoforge.com/amavisd_postfix_debian_ubuntu
https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf
https://linuxconfig.org/how-to-change-welcome-message-motd-on-ubuntu-18-04-server
https://phoenixnap.com/kb/automatic-security-updates-ubuntu
https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands
https://www.mail-tester.com
https://www.emailsecuritycheck.net
```

2
config/amavis/50-user
View File

@@ -11,7 +11,7 @@ use strict;
#@lookup_sql_dsn = (
# ['DBI:mysql:database=postfixadmin;host=127.0.0.1;port=3306',
# 'postfixadmin',
# 'JW9t9ipdgLrWvMqHq7hX']);
# 'PASSword']);
# Disable show header recieve from amavisd localhost 127.0.0.1
$allowed_added_header_fields{lc('Received')} = 0;

95
config/dkim/opendkim.conf Normal file
View File

@@ -0,0 +1,95 @@
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 007
# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain example.com
#KeyFile /etc/dkimkeys/dkim.key
#Selector 2007
# Commonly-used options; the commented-out versions show the defaults.
Canonicalization relaxed/simple
Mode sv
SubDomains no
AutoRestart yes
AutoRestartRate 10/1M
Background yes
DNSTimeout 5
SignatureAlgorithm rsa-sha256
# Socket smtp://localhost
#
# ## Socket socketspec
# ##
# ## Names the socket where this filter should listen for milter connections
# ## from the MTA. Required. Should be in one of these forms:
# ##
# ## inet:port@address to listen on a specific interface
# ## inet:port to listen on all interfaces
# ## local:/path/to/socket to listen on a UNIX domain socket
#
#Socket inet:8892@localhost
Socket local:/var/spool/postfix/opendkim/opendkim.sock
## PidFile filename
### default (none)
###
### Name of the file where the filter should write its pid before beginning
### normal operations.
#
PidFile /var/run/opendkim/opendkim.pid
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
## ResolverConfiguration filename
## default (none)
##
## Specifies a configuration file to be passed to the Unbound library that
## performs DNS queries applying the DNSSEC protocol. See the Unbound
## documentation at http://unbound.net for the expected content of this file.
## The results of using this and the TrustAnchorFile setting at the same
## time are undefined.
## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
## unbound package
# ResolverConfiguration /etc/unbound/unbound.conf
## TrustAnchorFile filename
## default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
## at http://unbound.net for the expected format of this file.
TrustAnchorFile /usr/share/dns/root.key
## Userid userid
### default (none)
###
### Change to user "userid" before starting normal operation? May include
### a group ID as well, separated from the userid by a colon.
#
UserID opendkim
# Map domains in From addresses to keys used to sign messages
KeyTable refile:/etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
# Hosts to ignore when verifying signatures
ExternalIgnoreList /etc/opendkim/trusted.hosts
# A set of internal hosts whose mail should be signed
InternalHosts /etc/opendkim/trusted.hosts

37
config/dkim/opendkim.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
##----------------------------##
# OpenDKIM Configuration #
##----------------------------##
gpasswd -a postfix opendkim
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/beta/config/dkim/opendkim.conf -O /etc/opendkim.conf
mkdir -p /etc/opendkim
mkdir -p /etc/opendkim/keys
chown -R opendkim:opendkim /etc/opendkim
chmod go-rw /etc/opendkim/keys
echo "*@$domonly default._domainkey.$domonly" >> /etc/opendkim/signing.table
echo "default._domainkey.$domonly $domonly:default:/etc/opendkim/keys/$domonly/default.private" >> /etc/opendkim/key.table
echo "127.0.0.1" >> /etc/opendkim/trusted.hosts
echo "localhost" >> /etc/opendkim/trusted.hosts
echo "" >> /etc/opendkim/trusted.hosts
echo "*.$domonly" >> /etc/opendkim/trusted.hosts
mkdir -p /etc/opendkim/keys/$domonly
opendkim-genkey -b $dhparam -d $domonly -D /etc/opendkim/keys/$domonly -s default -v
chown opendkim:opendkim /etc/opendkim/keys/$domonly/default.private
##---------------------------##
# Postfix Configuration #
##---------------------------##
mkdir -p /var/spool/postfix/opendkim
chown opendkim:postfix /var/spool/postfix/opendkim
echo "# Milter configuration" >> /etc/postfix/main.cf
echo "milter_default_action = accept" >> /etc/postfix/main.cf
echo "milter_protocol = 6" >> /etc/postfix/main.cf
echo "smtpd_milters = local:/opendkim/opendkim.sock" >> /etc/postfix/main.cf
echo 'non_smtpd_milters = $smtpd_milters' >> /etc/postfix/main.cf

4
config/dovecot/15-mailboxes.conf
View File

@@ -47,6 +47,7 @@ namespace inbox {
# These mailboxes are widely used and could perhaps be created automatically:
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Spam {
special_use = \Junk
@@ -54,15 +55,18 @@ namespace inbox {
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
# For \Sent mailboxes there are two widely used names. We'll mark both of
# them as \Sent. User typically deletes one of them if duplicates are created.
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox "Sent Messages" {
special_use = \Sent

9
config/manual.sh Normal file
View File

@@ -0,0 +1,9 @@
echo "##----------------##"$'\n'"# OpenDKIM key #"$'\n'"##----------------##"$'\n' >> ~/Readme.md
cat /etc/opendkim/keys/$domonly/default.txt >> ~/Readme.md
echo "" >> ~/Readme.md
echo "##----------------------##"$'\n'"# Postfix mail queue #"$'\n'"##----------------------##"$'\n' >> ~/Readme.md
echo "#Show queue"$'\n'"postqueue -p"$'\n'"#Show message"$'\n'"postcat -vq XXXXXXXXXX"$'\n'"#Flushing the queue"$'\n'"postqueue -f"$'\n'"#Removing all queued messages"$'\n'"postsuper -d ALL"$'\n'"#Remove differed messages from the queue (i.e. only the ones the system intends to retry later)"$'\n'"postsuper -d ALL deferred" >> ~/Readme.md
echo "##--------------##"$'\n'"# SPF Record #"$'\n'"##--------------##"$'\n' >> ~/Readme.md
echo "v=spf1 a mx ip4:$wanip ~all"$'\n' >> ~/Readme.md

4
config/motd/01-custom Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
printf "\n"
printf " * System started, please wait for services to enable!\n"
printf " * This takes 5 minutes\n"

13
config/postfix/clear-queue.sh Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
echo "#Purge mail queue every night" >> /etc/crontab
echo "0 0 * * * root /opt/clear-queue.sh" >> /etc/crontab
echo "#!/bin/sh" >> /opt/purge-queue.sh
echo "postfix -f" >> /opt/purge-queue.sh
chmod +x /opt/purge-queue.sh
echo "#Clear mail queue weekly" >> /etc/crontab
echo "@weekly root /opt/clear-queue.sh" >> /etc/crontab
echo "#!/bin/sh" >> /opt/clear-queue.sh
echo "postsuper -d ALL" >> /opt/clear-queue.sh
chmod +x /opt/clear-queue.sh

14
rainloop.sh → config/rainloop/rainloop.sh
View File

@@ -1,14 +1,12 @@
#!/bin/bash
###======================###
## Rainloop installer ##
###======================###
##---------------------------------------------------------------##
###=============================================================###
## Rainloop installer ##
###=============================================================###
# Creates a system wide available rainloop instance #
# to enable this on a domain create a symlink to the webroot #
# Don't forget disable access to the data folder in nginx #
##---------------------------------------------------------------##
apt install php${phpver}-curl php${phpver}-dom unzip gnupg2 curl -y
###=============================================================###
##-----------##
# Install #
@@ -16,13 +14,11 @@ apt install php${phpver}-curl php${phpver}-dom unzip gnupg2 curl -y
mkdir -p /opt/rainloop
wget http://www.rainloop.net/repository/webmail/rainloop-community-latest.zip -O /tmp/rlcl.zip
unzip -q /tmp/rlcl.zip -d /opt/rainloop
rm /tmp/rlcl.zip
php /opt/rainloop/index.php > /dev/null 2>&1
rm -f /opt/rainloop/data/_data_/_default_/domains/*
##-------------------------##
# fetching config files #
# Fetching config files #
##-------------------------##
mkdir -p /opt/rainloop/data/_data_/_default_/domains/
mkdir -p /opt/rainloop/data/_data_/_default_/configs/

6
config/spf/incoming_spf.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
echo "#Check for incoming SPF" >> /etc/postfix/master.cf
echo "policyd-spf unix - n n - 0 spawn" >> /etc/postfix/master.cf
echo " user=policyd-spf argv=/usr/bin/policyd-spf" >> /etc/postfix/master.cf
echo "#Check for incoming SPF" >> /etc/postfix/main.cf
echo "policyd-spf_time_limit = 3600" >> /etc/postfix/main.cf

26
config/ufw/config.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
#ufw config
sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw
ufw default deny incoming > $OUTPUT 2>&1
#Web interface
ufw allow 80/tcp > $OUTPUT 2>&1
ufw allow 443/tcp > $OUTPUT 2>&1
#IMAP/POP3
ufw allow 25/tcp > $OUTPUT 2>&1
ufw allow 110/tcp > $OUTPUT 2>&1
ufw allow 143/tcp > $OUTPUT 2>&1
ufw allow 465/tcp > $OUTPUT 2>&1
ufw allow 587/tcp > $OUTPUT 2>&1
ufw allow 993/tcp > $OUTPUT 2>&1
ufw allow 995/tcp > $OUTPUT 2>&1
#DNS
ufw allow 53/tcp > $OUTPUT 2>&1
#SSH
ufw limit 4242/tcp > $OUTPUT 2>&1
echo "y" | ufw enable > $OUTPUT 2>&1

171
installer.sh
View File

@@ -1,4 +1,10 @@
#!/bin/bash
###############################
# @author: Bram Prieshof #
# @author: Branco van de Waal #
###############################
##----------##
# Menu #
##----------##
@@ -20,18 +26,19 @@ PKGA="add-apt-repository"
PKGI="${PKGM} install -y"
if [ $IMODE = n ]; then
if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno " Do you want to install a mail server?" 8 78)
if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno " Do you want to install a mail server?" 11 78)
then
echo "" >/dev/null
else
whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 8 78
whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 11 78
clear
exit
fi
echo "" >/dev/null
password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3)
domain=$(whiptail --nocancel --inputbox " Enter the domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3)
email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3)
password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 11 82 --title "Config" 3>&1 1>&2 2>&3)
domain=$(whiptail --nocancel --inputbox " Enter the domain without www or mail." 11 82 --title "Config" 3>&1 1>&2 2>&3)
email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 11 82 --title "Config" 3>&1 1>&2 2>&3)
uploadsize=$(whiptail --nocancel --title "Config" --radiolist " Choose the maximum attachment size:" 11 82 4 "10" "MB " on "25" "MB" off "50" "MB" off "100" "MB" off 3>&1 1>&2 2>&3)
elif [ $IMODE = l ]; then
echo "" >/dev/null
echo "Ubuntu 18.04 Mailserver installation script."
@@ -41,6 +48,8 @@ echo "Please enter your password (should contain at least 2 digits and 6 charact
read password
echo "Administrator E-mail:"
read email
echo "Enter the maximum attachment size in MB (without MB)"
read uploadsize
fi
##---------------##
@@ -55,16 +64,19 @@ echo "$1"
fi
}
##-----------------##
# Static-Vars #
##-----------------##
##--------------##
# Variables #
##--------------##
phpver=7.3
domonly=${domain}
domain=mail.${domain}
branch=stable
branch=beta
dhparam=1024
PHPMyadmin=1
PKGA="add-apt-repository"
PKGI="${PKGM} install -y"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
wanip=`ip -o route get 1.1.1.1 | sed -e 's/^.* src \([^ ]*\) .*$/\1/'`
debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
@@ -73,11 +85,10 @@ debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Si
##----------------##
msg " Pre-Configuring"
sleep 2
sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config
hostnamectl set-hostname $domain > $OUTPUT 2>&1
timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
#mkdir -p /var/run/clamav
#adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
#chown clamav:clamav /var/run/clamav
hostname --fqdn > /etc/mailname
mkdir -p /etc/nginx
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
@@ -109,7 +120,7 @@ $PKGM upgrade -y
##-----------------------------##
# Installing Requirements #
##-----------------------------##
$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban bc python-certbot-nginx
$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban bc python-certbot-nginx postfix-policyd-spf-python opendkim opendkim-tools
##-------------##
# Debloat #
@@ -169,10 +180,15 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
msg " Creating MySQL Databases"
sleep 2
mysql -u root -p"$password" -e "CREATE DATABASE postfixadmin;" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "CREATE USER '"postfixadmin"'@'localhost' IDENTIFIED BY '"$password"';" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "CREATE USER '"postfixadmin"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "GRANT ALL ON "postfixadmin".* TO "postfixadmin"@'localhost';" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
##----------------##
# PhpMyAdmin #
##----------------##
ln -s /usr/share/phpmyadmin /var/www/mail.ictdownwerk.com/html/phpmyadmin
##------------------##
# PostfixADMIN #
##------------------##
@@ -184,7 +200,7 @@ tar -xf /tmp/postfixadmin.tar.gz -C /var/www/"$domain"/html/postfixadmin --strip
chmod 755 -R /var/www/"$domain"/html/postfixadmin/templates_c
chown -R www-data: /var/www/"$domain"/html/
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfixadmin/config.local.php -O /var/www/$domain/html/postfixadmin/config.local.php
sed -i -e 's/PASSword/'$password'/' -e 's/dOmaINnamE/'$domonly'/' /var/www/"$domain"/html/postfixadmin/config.local.php
sed -i -e 's/PASSword/'$db_pass'/' -e 's/dOmaINnamE/'$domonly'/' /var/www/"$domain"/html/postfixadmin/config.local.php
sed -i 's/Welcome to your new account./Welkom bij je nieuwe mailbox!/g' /var/www/"$domain"/html/postfixadmin/config.inc.php
sudo -u www-data php /var/www/"$domain"/html/postfixadmin/upgrade.php > $OUTPUT 2>&1
bash /var/www/"$domain"/html/postfixadmin/scripts/postfixadmin-cli admin add superadmin@"$domonly" --superadmin 1 --active 1 --password "$password" --password2 "$password" > $OUTPUT 2>&1
@@ -195,38 +211,38 @@ useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail > $OUT
# Certbot (Auto) #
##--------------------##
msg " Configuring Certbot"
#sleep 2
#certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
#echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
#openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
#chmod 755 -R /etc/ssl/certs/dhparam.pem
sleep 2
certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
chmod 755 -R /etc/ssl/certs/dhparam.pem
##----------------------##
# Certbot (Manual) #
##----------------------##
msg " Configuring Certbot (manual)"
sleep 2
mkdir -p /etc/letsencrypt/live/$domain/
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/cert.pem -O /etc/letsencrypt/live/$domain/cert.pem
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/chain.pem -O /etc/letsencrypt/live/$domain/chain.pem
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/fullchain.pem -O /etc/letsencrypt/live/$domain/fullchain.pem
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/privkey.pem -O /etc/letsencrypt/live/$domain/privkey.pem
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com
openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1
chmod 755 -R /etc/letsencrypt/ssl-dhparams.pem
chmod 755 -R /etc/ssl/certs/dhparam.pem
chmod 755 -R /etc/letsencrypt/live/$domain/cert.pem
chmod 755 -R /etc/letsencrypt/live/$domain/chain.pem
chmod 755 -R /etc/letsencrypt/live/$domain/fullchain.pem
chmod 755 -R /etc/letsencrypt/live/$domain/privkey.pem
chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com
#msg " Configuring Certbot (manual)"
#sleep 2
#mkdir -p /etc/letsencrypt/live/$domain/
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
#wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/cert.pem -O /etc/letsencrypt/live/$domain/cert.pem
#wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/chain.pem -O /etc/letsencrypt/live/$domain/chain.pem
#wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/fullchain.pem -O /etc/letsencrypt/live/$domain/fullchain.pem
#wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/privkey.pem -O /etc/letsencrypt/live/$domain/privkey.pem
#wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com
#openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
#openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1
#chmod 755 -R /etc/letsencrypt/ssl-dhparams.pem
#chmod 755 -R /etc/ssl/certs/dhparam.pem
#chmod 755 -R /etc/letsencrypt/live/$domain/cert.pem
#chmod 755 -R /etc/letsencrypt/live/$domain/chain.pem
#chmod 755 -R /etc/letsencrypt/live/$domain/fullchain.pem
#chmod 755 -R /etc/letsencrypt/live/$domain/privkey.pem
#chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com
##---------------------------##
# Postfix Configuration #
@@ -240,7 +256,7 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_maps.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_domains_maps.cf -O /etc/postfix/sql/mysql_virtual_domains_maps.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_mailbox_maps.cf -O /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_domains_maps.cf /etc/postfix/sql/mysql_virtual_alias_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf /etc/postfix/sql/mysql_virtual_mailbox_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
sed -i 's/PASSword/'$db_pass'/g' /etc/postfix/sql/mysql_virtual_domains_maps.cf /etc/postfix/sql/mysql_virtual_alias_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf /etc/postfix/sql/mysql_virtual_mailbox_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
echo "#MySQL Database" >> /etc/postfix/main.cf
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
@@ -262,7 +278,7 @@ postconf -e "smtpd_sasl_local_domain ="
postconf -e "smtpd_sasl_security_options = noanonymous"
postconf -e "broken_sasl_auth_clients = yes"
postconf -e "smtpd_sasl_auth_enable = yes"
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination"
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policyd-spf"
sed -i 's/mynetworks = /#mynetworks = /g' /etc/postfix/main.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/postfix/master.cf -O /etc/postfix/master.cf
@@ -281,7 +297,7 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/dovecot-dict-sql.conf.ext -O /etc/dovecot/dovecot-dict-sql.conf.ext
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/dovecot-sql.conf.ext -O /etc/dovecot/dovecot-sql.conf.ext
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/quota-warning.sh -O /usr/local/bin/quota-warning.sh
sed -i 's/PASSword/'$password'/g' /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-dict-sql.conf.ext
sed -i 's/PASSword/'$db_pass'/g' /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-dict-sql.conf.ext
sed -i -e 's/DOMAINname/'$domain'/' -e 's/#ssl_cert = /ssl_cert = /' -e 's/#ssl_key = /ssl_key = /' -e 's/#ssl_dh = /ssl_dh = /' /etc/dovecot/conf.d/10-ssl.conf
chmod +x /usr/local/bin/quota-warning.sh
@@ -368,16 +384,43 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/20-debian_defaults -O /etc/amavis/conf.d/20-debian_defaults
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/21-ubuntu_defaults -O /etc/amavis/conf.d/21-ubuntu_defaults
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/50-user -O /etc/amavis/conf.d/50-user
sed -i 's/PASSword/'$db_pass'/g' /etc/amavis/conf.d/50-user
##------------------##
# Incoming SPF #
##------------------##
msg " Configuring incoming SPF"
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/spf/incoming_spf.sh -O /tmp/incoming_spf.sh
source /tmp/incoming_spf.sh > $OUTPUT 2>&1
##--------------##
# Rainloop #
##--------------##
msg " Configuring Rainloop"
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/rainloop.sh -O /tmp/rainloop.sh
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/rainloop/rainloop.sh -O /tmp/rainloop.sh
source /tmp/rainloop.sh > $OUTPUT 2>&1
ln -s /opt/rainloop /var/www/"$domain"/html/
##--------------##
# OpenDKIM #
##--------------##
msg " Configuring OpenDKIM"
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dkim/opendkim.sh -O /tmp/opendkim.sh
source /tmp/opendkim.sh > $OUTPUT 2>&1
##-------------------------##
# Max attachment size #
##-------------------------##
msg " Configuring attachment sizes"
sleep 2
sed -i 's/body_size 8/body_size '$uploadsize'/g' /etc/nginx/nginx.conf
sed -i 's/attachment_size_limit = 25/attachment_size_limit = '$uploadsize'/g' /var/www/$domain/html/rainloop/data/_data_/_default_/configs/application.ini
sed -i 's/max_filesize = 2/max_filesize = '$uploadsize'/g' /etc/php/$phpver/fpm/php.ini /etc/php/$phpver/cli/php.ini
sed -i 's/post_max_size = 8/post_max_size = '$uploadsize'/g' /etc/php/$phpver/fpm/php.ini /etc/php/$phpver/cli/php.ini
##--------------##
# Fail2Ban #
##--------------##
@@ -398,6 +441,32 @@ sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/installer.sh -O /tmp/unattended.sh
source /tmp/unattended.sh
##--------------------------------------##
# Clearing / purging the mail queue #
##--------------------------------------##
msg " Configuring Mail-queue"
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/clear-queue.sh -O /tmp/clear-queue.sh
source /tmp/clear-queue.sh
##----------##
# MOTD #
##----------##
msg " Configuring MOTD"
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/motd/01-custom -O /etc/update-motd.d/01-custom
chmod +x /etc/update-motd.d/01-custom
chmod -x /etc/update-motd.d/80-livepatch
chmod -x /etc/update-motd.d/10-help-text
##---------##
# UFW #
##---------##
msg " Configuring UFW"
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/ufw/config.sh -O /tmp/ufw-config.sh
source /tmp/ufw-config.sh
##---------------------##
# System services #
##---------------------##
@@ -406,7 +475,7 @@ sleep 2
systemctl enable nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
systemctl disable amavis amavisd-snmp-subagent amavis-mc postfix dovecot> $OUTPUT 2>&1
systemctl stop amavis amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
systemctl restart sshd nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin opendkim php7.3-fpm > $OUTPUT 2>&1
##---------------------------------##
# Updating ClamAV definitions #
@@ -432,6 +501,12 @@ $PKGM update
$PKGM upgrade -y
$PKGM autoremove -y
##------------##
# Readme #
##------------##
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/beta/config/manual.sh -O /tmp/manual.sh
source /tmp/manual.sh
##----------------------##
# End of installer #
##----------------------##