###==========================================### ## Ubuntu 18.04 Mailserver installer ## ###==========================================### ##----------## # Menu # ##----------## sed -i -e 's/magenta/blue/g' /etc/newt/palette if [ "$1" != "-l" ]; then echo "Normal mode" PKGM="debconf-apt-progress -- apt" OUTPUT='/dev/null' IMODE=n fi if [ "$1" = "-l" ]; then echo "Legacy mode"; PKGM="apt" OUTPUT='/dev/tty' IMODE=l fi PKGA="add-apt-repository" PKGI="${PKGM} install -y" if [ $IMODE = n ]; then if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno "Do you want to install a mail server?" 8 78) then echo "" >/dev/null else whiptail --title "Credits" --msgbox "Made by: your local Wizard and God" 8 78 clear exit fi echo "" >/dev/null #password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3) #domain=$(whiptail --nocancel --inputbox "Enter the Domain without www or mail." 8 41 --title "Config" 3>&1 1>&2 2>&3) #email=$(whiptail --nocancel --inputbox "Enter the Administrator E-mail" 8 34 --title "Config" 3>&1 1>&2 2>&3) elif [ $IMODE = l ]; then echo "" >/dev/null #echo "Ubuntu 18.04 Mailserver installation script." #echo "Domain without www or mail:" #read domain #echo "Please enter your password (should contain at least 2 digits and 6 characters:" #read password #echo "Administrator E-mail:" #read email fi PKGA="add-apt-repository" PKGI="${PKGM} install -y" ##-----------------## # Static-Vars # ##-----------------## domain=ictdownwerk.com password=JW9t9ipdgLrWvMqHq7hX email=admin@ictdagbesteding.nl phpver=7.3 domonly=${domain} domain=mail.${domain} branch=stable dhparam=1024 debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" ##----------------## # Pre-Config # ##----------------## TERM=ansi whiptail --title "Info" --infobox "Pre-Configuring" 8 20 sleep 2 hostnamectl set-hostname $domain > $OUTPUT 2>&1 timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1 mkdir -p /var/run/clamav adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav chown clamav:clamav /var/run/clamav mkdir -p /etc/nginx mkdir -p /var/www/"$domain"/html chmod -R 755 /var/www #if free | awk '/^Swap:/ {exit !$2}'; then # echo "swap enabled" >/dev/null #else # fallocate -l 3G /swapfile # chmod 600 /swapfile # mkswap /swapfile # swapon /swapfile # echo '/swapfile swap swap defaults 0 0' >> /etc/fstab #fi #sed -i 's/#/vm.swappiness=40/g' /etc/sysctl.conf ##----------------------## # Pre-Requirements # ##----------------------## TERM=ansi whiptail --title "Info" --infobox "Buzzy like a bee" 8 20 $PKGM update $PKGI software-properties-common $PKGA universe -y > $OUTPUT 2>&1 $PKGA ppa:ondrej/php -y > $OUTPUT 2>&1 wget -q -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add - echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list > $OUTPUT 2>&1 $PKGM update $PKGM upgrade -y ##-----------------------------## # Installing Requirements # ##-----------------------------## $PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban ##-------------## # Debloat # ##-------------## $PKGM remove --purge lxcfs lxd lxd-client geoip-database snapd -y $PKGM autoremove -y ##-----------------------## # Html Folder Perms # ##-----------------------## chown -R www-data:www-data /var/www/"$domain"/html ##-----------## # NGINX # ##-----------## #$PKGI nginx wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf cat < /etc/nginx/sites-available/"$domain" #fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; server { listen 80; server_name www.$domain; return 301 http://$domain\$request_uri; } server { listen 80; listen [::]:80; root /var/www/$domain/html; index index.php index.html index.htm index.nginx-debian.html; server_name $domain; #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www #return 301 https://domein.nl$request_uri; Redirect to other domain #add_header X-Cache "\$upstream_cache_status"; #netdata here gzip on; gzip_proxied any; gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon; gzip_comp_level 2; gzip_disable "msie6"; gzip_buffers 16 8k; # location /rspamd { # proxy_pass http://127.0.0.1:11334/; # proxy_set_header Host \$host; # proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; #} location / { #try_files \$uri \$uri/ =404; try_files \$uri \$uri/ /index.php\$is_args\$args; #try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; allow all; } location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ { expires max; log_not_found off; add_header Cache-Control "public, no-transform"; } location ~ \.php\$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php${phpver}-fpm.sock; #fastcgi_cache MYAPP; #fastcgi_cache_valid 200 302 301 1m; #fastcgi_cache_valid 404 1m; #fastcgi_cache_bypass \$no_cache; #fastcgi_no_cache \$no_cache; #fastcgi_cache_revalidate on; #fastcgi_cache_background_update on; #fastcgi_cache_lock on; #fastcgi_cache_use_stale updating; #fastcgi_buffer_size 128k; #fastcgi_buffers 256 16k; #fastcgi_busy_buffers_size 256k; #fastcgi_temp_file_write_size 256k; } location ~ /\.ht { deny all; } location /phpmyadmin { index index.php; } #Cache everything by default set \$no_cache 0; #Don't cache POST requests if (\$request_method = POST) { set \$no_cache 1; } #Don't cache if the URL contains a query string if (\$query_string != "") { set \$no_cache 1; } #Don't cache the following URLs if (\$request_uri ~* "/(administrator/|login.php)") { set \$no_cache 1; } #Don't cache if there is a cookie called PHPSESSID if (\$http_cookie = "PHPSESSID") { set \$no_cache 1; } location ^~ /rainloop/data { deny all; } location ^~ /data { deny all; } } EOF ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/ ##-------------------------------## # NGINX Single core bug fix # ##-------------------------------## mkdir /etc/systemd/system/nginx.service.d printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf systemctl daemon-reload systemctl restart nginx ##-----------------------## # MySQL Installation # ##-----------------------## TERM=ansi whiptail --title "Info" --infobox "Installing MySQL" 8 20 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-MySQL/raw/branch/master/mysql-8.0.sh -O /tmp/mysql-8.0.sh source /tmp/mysql-8.0.sh ##------------------------------## # MySQL_Secure_Installation # ##------------------------------## TERM=ansi whiptail --title "Info" --infobox "Securing MySQL" 8 19 mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1 ##-----------------------------## # MySQL Database Creation # ##-----------------------------## TERM=ansi whiptail --title "Info" --infobox "Creating MySQL Databases" 8 28 mysql -u root -p"$password" -e "CREATE DATABASE postfixadmin;" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "CREATE USER '"postfixadmin"'@'localhost' IDENTIFIED BY '"$password"';" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "GRANT ALL ON "postfixadmin".* TO "postfixadmin"@'localhost';" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1 ##------------------## # PostfixADMIN # ##------------------## $PKGI postfix postfix-mysql #$PKGI php${phpver} php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline #$PKGI libc-client2007e mlock php${phpver}-common php${phpver}-imap TERM=ansi whiptail --title "Info" --infobox "Configuring PostfixAdmin" 8 28 mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c wget -q -t7 https://git.ictmaatwerk.com/downloads/pfa/postfixadmin-3.1.tar.gz -O /tmp/postfixadmin.tar.gz tar -xf /tmp/postfixadmin.tar.gz -C /var/www/"$domain"/html/postfixadmin --strip-components=1 chmod 755 -R /var/www/"$domain"/html/postfixadmin/templates_c chown -R www-data: /var/www/"$domain"/html/ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfixadmin/config.local.php -O /var/www/$domain/html/postfixadmin/config.local.php sed -i -e 's/PASSword/'$password'/' -e 's/dOmaINnamE/'$domonly'/' /var/www/"$domain"/html/postfixadmin/config.local.php sudo -u www-data php /var/www/"$domain"/html/postfixadmin/upgrade.php > $OUTPUT 2>&1 bash /var/www/"$domain"/html/postfixadmin/scripts/postfixadmin-cli admin add superadmin@"$domonly" --superadmin 1 --active 1 --password "$password" --password2 "$password" > $OUTPUT 2>&1 groupadd -g 5000 vmail > $OUTPUT 2>&1 useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail > $OUTPUT 2>&1 ##--------------------## # Certbot (Auto) # ##--------------------## #TERM=ansi whiptail --title "Info" --infobox "Configuring Certbot" 8 23 #add-apt-repository ppa:certbot/certbot -y #apt install -y python-certbot-nginx #certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos #echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh #sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" #sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" #sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" #openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1 #chmod 777 -R /etc/ssl/certs/dhparam.pem ##----------------------## # Certbot (Manual) # ##----------------------## TERM=ansi whiptail --title "Info" --infobox "Configuring Certbot (manual)" 8 32 mkdir -p /etc/letsencrypt/live/$domain/ sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/cert.pem -O /etc/letsencrypt/live/$domain/cert.pem wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/chain.pem -O /etc/letsencrypt/live/$domain/chain.pem wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/fullchain.pem -O /etc/letsencrypt/live/$domain/fullchain.pem wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/privkey.pem -O /etc/letsencrypt/live/$domain/privkey.pem wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1 openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1 chmod 777 -R /etc/letsencrypt/ssl-dhparams.pem chmod 777 -R /etc/ssl/certs/dhparam.pem chmod 777 -R /etc/letsencrypt/live/$domain/cert.pem chmod 777 -R /etc/letsencrypt/live/$domain/chain.pem chmod 777 -R /etc/letsencrypt/live/$domain/fullchain.pem chmod 777 -R /etc/letsencrypt/live/$domain/privkey.pem chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com ##-----------------------## # Postfix Installer # ##-----------------------## debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" #$PKGI postfix postfix-mysql ##---------------------------## # Postfix Configuration # ##---------------------------## TERM=ansi whiptail --title "Info" --infobox "Configuring Postfix" 8 23 mkdir -p /etc/postfix/sql wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_catchall_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_mailbox_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_maps.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_domains_maps.cf -O /etc/postfix/sql/mysql_virtual_domains_maps.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_mailbox_maps.cf -O /etc/postfix/sql/mysql_virtual_mailbox_maps.cf sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_domains_maps.cf sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_alias_maps.cf sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_mailbox_maps.cf sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf echo "#MySQL Database" >> /etc/postfix/main.cf postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf" postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf" postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf" echo "#Use Dovecot's LMTP service as the default mail delivery" >> /etc/postfix/main.cf postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp" echo "#TLS and SSL certificate" >> /etc/postfix/main.cf postconf -e "smtp_tls_security_level = may" postconf -e "smtpd_tls_security_level = may" postconf -e "smtp_tls_note_starttls_offer = yes" postconf -e "smtpd_tls_loglevel = 1" postconf -e "smtpd_tls_received_header = yes" postconf -e "smtpd_tls_cert_file = /etc/letsencrypt/live/"$domain"/fullchain.pem" postconf -e "smtpd_tls_key_file = /etc/letsencrypt/live/"$domain"/privkey.pem" echo "#SMTP Settings, hand off authentication to Dovecot" >> /etc/postfix/main.cf postconf -e "smtpd_sasl_type = dovecot" postconf -e "smtpd_sasl_path = private/auth" postconf -e "smtpd_sasl_local_domain =" postconf -e "smtpd_sasl_security_options = noanonymous" postconf -e "broken_sasl_auth_clients = yes" postconf -e "smtpd_sasl_auth_enable = yes" postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination" sed -i 's/mynetworks = /#mynetworks = /g' /etc/postfix/main.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/postfix/master.cf -O /etc/postfix/master.cf ##-----------------------## # Dovecot Installer # ##-----------------------## #wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add - #echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list #$PKGM update #$PKGI dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql ##---------------------------## # Dovecot Configuration # ##---------------------------## TERM=ansi whiptail --title "Info" --infobox "Configuring Dovecot" 8 23 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/15-mailboxes.conf -O /etc/dovecot/conf.d/15-mailboxes.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-mail.conf -O /etc/dovecot/conf.d/10-mail.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-auth.conf -O /etc/dovecot/conf.d/10-auth.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-master.conf -O /etc/dovecot/conf.d/10-master.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-ssl.conf -O /etc/dovecot/conf.d/10-ssl.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/20-lmtp.conf -O /etc/dovecot/conf.d/20-lmtp.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/20-imap.conf -O /etc/dovecot/conf.d/20-imap.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/dovecot-dict-sql.conf.ext -O /etc/dovecot/dovecot-dict-sql.conf.ext wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/dovecot-sql.conf.ext -O /etc/dovecot/dovecot-sql.conf.ext wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/quota-warning.sh -O /usr/local/bin/quota-warning.sh sed -i 's/PASSword/'$password'/g' /etc/dovecot/dovecot-sql.conf.ext sed -i 's/PASSword/'$password'/g' /etc/dovecot/dovecot-dict-sql.conf.ext sed -i -e 's/DOMAINname/'$domain'/' -e 's/#ssl_cert = /ssl_cert = /' -e 's/#ssl_key = /ssl_key = /' -e 's/#ssl_dh = /ssl_dh = /' /etc/dovecot/conf.d/10-ssl.conf chmod +x /usr/local/bin/quota-warning.sh ##--------------------------------------## # Dovecot move Spam to Spam Folder # ##--------------------------------------## TERM=ansi whiptail --title "Info" --infobox "Configuring Spam Folder" 8 27 sleep 2 #$PKGI dovecot-sieve dovecot-managesieved mkdir -p /etc/dovecot/sieve/ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/dovecot/15-lda.conf -O /etc/dovecot/conf.d/15-lda.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/90-sieve.conf -O /etc/dovecot/conf.d/90-sieve.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/sieve/default.sieve -O /etc/dovecot/sieve/default.sieve chown vmail:vmail /etc/dovecot/sieve/ -R chgrp dovecot /etc/dovecot/conf.d/90-sieve.conf sievec /etc/dovecot/sieve/default.sieve > $OUTPUT 2>&1 chgrp dovecot /etc/dovecot/sieve/default.svbin > $OUTPUT 2>&1 ##------------------## # Spamassassin # ##------------------## #$PKGI spamassassin spamc razor pyzor TERM=ansi whiptail --title "Info" --infobox "Configuring Spamassassin" 8 28 sed -i -e 's/# report_safe 1/report_safe 0/' -e 's/# required_score 5.0/required_score 5.0/' -e 's/endif # Mail::SpamAssassin::Plugin::Shortcircuit//' /etc/spamassassin/local.cf echo "" >> /etc/spamassassin/local.cf echo "skip_rbl_checks 0" >> /etc/spamassassin/local.cf echo "" >> /etc/spamassassin/local.cf echo "#pyzor" >> /etc/spamassassin/local.cf echo "use_pyzor 1" >> /etc/spamassassin/local.cf echo "pyzor_path /usr/bin/pyzor" >> /etc/spamassassin/local.cf echo "pyzor_add_header 1" >> /etc/spamassassin/local.cf echo "" >> /etc/spamassassin/local.cf echo "#razor" >> /etc/spamassassin/local.cf echo "use_razor2 1" >> /etc/spamassassin/local.cf echo "razor_config /etc/razor/razor-agent.conf" >> /etc/spamassassin/local.cf echo "" >> /etc/spamassassin/local.cf echo "#bayes" >> /etc/spamassassin/local.cf echo "use_bayes 1" >> /etc/spamassassin/local.cf echo "use_bayes_rules 1" >> /etc/spamassassin/local.cf echo "bayes_auto_learn 1" >> /etc/spamassassin/local.cf echo "" >> /etc/spamassassin/local.cf echo "endif # Mail::SpamAssassin::Plugin::Shortcircuit" >> /etc/spamassassin/local.cf ##------------## # ClamAV # ##------------## #$PKGI clamav clamav-daemon clamsmtp libclamunrar7 clamdscan TERM=ansi whiptail --title "Info" --infobox "Configuring ClamAV" 8 22 sleep 2 mkdir -p /var/log/clamav mkdir -p /var/lib/clamav chown -R clamav:clamav /var/log/clamav chown -R clamav:clamav /var/lib/clamav chmod 775 -R /var/lib/clamav/* /var/lib/clamav ##------------## # Amavis # ##------------## #$PKGI amavisd-new #$PKGI zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl TERM=ansi whiptail --title "Info" --infobox "Configuring Amavis" 8 22 sed -i -e 's/@bypass/'@bypass'/' -e 's/ / /' /etc/amavis/conf.d/15-content_filter_mode adduser clamav amavis >/dev/null sed -i 's/clamd.conf/'clamd.conf'/g' /etc/clamav/freshclam.conf echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/main.cf postconf -e 'content_filter = amavis:[127.0.0.1]:10024' postconf -e 'receive_override_options = no_address_mappings' echo "" >> /etc/postfix/master.cf echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/master.cf echo "amavis unix - - - - 2 smtp" >> /etc/postfix/master.cf echo " -o smtp_data_done_timeout=1200" >> /etc/postfix/master.cf echo " -o smtp_send_xforward_command=yes" >> /etc/postfix/master.cf echo "127.0.0.1:10025 inet n - - - - smtpd" >> /etc/postfix/master.cf echo " -o content_filter=" >> /etc/postfix/master.cf echo " -o local_recipient_maps=" >> /etc/postfix/master.cf echo " -o relay_recipient_maps=" >> /etc/postfix/master.cf echo " -o smtpd_restriction_classes=" >> /etc/postfix/master.cf echo " -o smtpd_client_restrictions=" >> /etc/postfix/master.cf echo " -o smtpd_helo_restrictions=" >> /etc/postfix/master.cf echo " -o smtpd_sender_restrictions=" >> /etc/postfix/master.cf echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> /etc/postfix/master.cf echo " -o mynetworks=127.0.0.0/8" >> /etc/postfix/master.cf echo " -o strict_rfc821_envelopes=yes" >> /etc/postfix/master.cf echo " -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks" >> /etc/postfix/master.cf echo " -o smtpd_bind_address=127.0.0.1" >> /etc/postfix/master.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/15-content_filter_mode -O /etc/amavis/conf.d/15-content_filter_mode wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/20-debian_defaults -O /etc/amavis/conf.d/20-debian_defaults wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/21-ubuntu_defaults -O /etc/amavis/conf.d/21-ubuntu_defaults wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/50-user -O /etc/amavis/conf.d/50-user ##--------------## # Rainloop # ##--------------## #$PKGI unzip TERM=ansi whiptail --title "Info" --infobox "Configuring Rainloop" 8 24 sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/rainloop.sh -O /tmp/rainloop.sh source /tmp/rainloop.sh > $OUTPUT 2>&1 ln -s /opt/rainloop /var/www/"$domain"/html/ ##--------------## # Fail2Ban # ##--------------## #$PKGI fail2ban TERM=ansi whiptail --title "Info" --infobox "Configuring Fail2Ban" 8 24 sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/dovecot-pop3imap.conf -O /etc/fail2ban/filter.d/dovecot-pop3imap.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/postfix-sasl.conf -O /etc/fail2ban/filter.d/postfix-sasl.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/rainloop.conf -O /etc/fail2ban/filter.d/rainloop.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/jail.local -O /etc/fail2ban/jail.local sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf systemctl restart fail2ban > $OUTPUT 2>&1 ##---------------------------------## # Unattended Security Updates # ##---------------------------------## TERM=ansi whiptail --title "Info" --infobox "Configuring Unattended Security Updates" 8 43 sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/installer.sh -O /tmp/unattended.sh source /tmp/unattended.sh ##-----------------------## # Enabling Services # ##-----------------------## TERM=ansi whiptail --title "Info" --infobox "Enabling Services" 8 21 sleep 2 systemctl enable nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin amavisd-snmp-subagent amavis-mc amavis-snmp-subagent > $OUTPUT 2>&1 ##-----------------------## # Starting Services # ##-----------------------## TERM=ansi whiptail --title "Info" --infobox "Restarting Services" 8 23 sleep 2 systemctl restart nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin amavisd-snmp-subagent amavis-mc amavis-snmp-subagent > $OUTPUT 2>&1 ##------------------## # Final Update # ##------------------## TERM=ansi whiptail --title "Info" --infobox "Final Update" 8 16 sleep 2 $PKGM update $PKGM upgrade -y $PKGM autoremove -y ##----------------------## # End of installer # ##----------------------## TERM=ansi whiptail --title "Info" --infobox "Done installing!" 8 20 sleep 3 whiptail --title "Credits" --msgbox "Made by: your local Wizard and God" 8 38 clear