Work_Archive/VPS-scripts_Ubuntu-Mail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
23b2d471c5bef899260c3bb860ce0e3043dea535
VPS-scripts_Ubuntu-Mail/installer.sh
b.waal 18f40739c9 Cleanup 
Added Certbot PPA to the beginning of the script.
Installing Certbot and all of it's plugins at the start.

Added $OUTPUT variables where necessary.

Cleaned up the section "Services".

Added whiptail messagebox at the end of the script to display the url, admin login and password.

Removed all deprecated "apt install -y" sections.

Corrected a few lines for the UI menu.
2019-09-19 02:51:33 +02:00

544 lines
28 KiB
Bash
Raw Blame History

#!/bin/bash
##----------##
# Menu #
##----------##
sed -i -e 's/magenta/blue/g' /etc/newt/palette
if [ "$1" != "-l" ]; then
echo "Normal mode"
PKGM="debconf-apt-progress -- apt"
OUTPUT='/dev/null'
IMODE=n
fi
if [ "$1" = "-l" ]; then
echo "Legacy mode";
PKGM="apt"
OUTPUT='/dev/tty'
IMODE=l
fi
PKGA="add-apt-repository"
PKGI="${PKGM} install -y"
if [ $IMODE = n ]; then
if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno " Do you want to install a mail server?" 8 78)
then
echo "" >/dev/null
else
whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 8 78
clear
exit
fi
echo "" >/dev/null
password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3)
domain=$(whiptail --nocancel --inputbox " Enter the domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3)
email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3)
elif [ $IMODE = l ]; then
echo "" >/dev/null
echo "Ubuntu 18.04 Mailserver installation script."
echo "Domain without www or e-mail:"
read domain
echo "Please enter your password (should contain at least 2 digits and 6 characters:"
read password
echo "Administrator E-mail:"
read email
fi
##-----------------##
# Static-Vars #
##-----------------##
phpver=7.3
domonly=${domain}
domain=mail.${domain}
branch=stable
dhparam=1024
PKGA="add-apt-repository"
PKGI="${PKGM} install -y"
debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
##----------------##
# Pre-Config #
##----------------##
TERM=ansi whiptail --title "Info" --infobox " Pre-Configuring" 8 52
sleep 2
hostnamectl set-hostname $domain > $OUTPUT 2>&1
timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
#mkdir -p /var/run/clamav
#adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
#chown clamav:clamav /var/run/clamav
mkdir -p /etc/nginx
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
#if free | awk '/^Swap:/ {exit !$2}'; then
# echo "swap enabled" >/dev/null
#else
# fallocate -l 3G /swapfile
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile
# echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
#fi
#sed -i 's/#/vm.swappiness=40/g' /etc/sysctl.conf
##----------------------##
# Pre-Requirements #
##----------------------##
TERM=ansi whiptail --title "Info" --infobox " Buzzy like a bee" 8 52
$PKGM update
$PKGI software-properties-common sudo
$PKGA universe -y > $OUTPUT 2>&1
$PKGA ppa:ondrej/php -y > $OUTPUT 2>&1
$PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1
wget -q -t7 -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list > $OUTPUT 2>&1
$PKGM update
$PKGM upgrade -y
##-----------------------------##
# Installing Requirements #
##-----------------------------##
$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban bc python-certbot-nginx
##-------------##
# Debloat #
##-------------##
$PKGM remove --purge lxcfs lxd lxd-client geoip-database snapd -y
$PKGM autoremove -y
##-----------------------##
# HTML Folder Perms #
##-----------------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring HTML permissions" 8 52
sleep 2
chown -R www-data:www-data /var/www/"$domain"/html
##-----------##
# NGINX #
##-----------##
#$PKGI nginx
TERM=ansi whiptail --title "Info" --infobox " Configuring Nginx" 8 52
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
cat <<EOF > /etc/nginx/sites-available/"$domain"
#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
server {
listen 80;
server_name www.$domain;
return 301 http://$domain\$request_uri;
}
server {
listen 80;
listen [::]:80;
root /var/www/$domain/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name $domain;
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
#return 301 https://domein.nl$request_uri; Redirect to other domain
#add_header X-Cache "\$upstream_cache_status";
#netdata here
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_buffers 16 8k;
# location /rspamd {
# proxy_pass http://127.0.0.1:11334/;
# proxy_set_header Host \$host;
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
#}
location / {
#try_files \$uri \$uri/ =404;
try_files \$uri \$uri/ /index.php\$is_args\$args;
#try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ {
expires max;
log_not_found off;
add_header Cache-Control "public, no-transform";
}
location ~ \.php\$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php${phpver}-fpm.sock;
#fastcgi_cache MYAPP;
#fastcgi_cache_valid 200 302 301 1m;
#fastcgi_cache_valid 404 1m;
#fastcgi_cache_bypass \$no_cache;
#fastcgi_no_cache \$no_cache;
#fastcgi_cache_revalidate on;
#fastcgi_cache_background_update on;
#fastcgi_cache_lock on;
#fastcgi_cache_use_stale updating;
#fastcgi_buffer_size 128k;
#fastcgi_buffers 256 16k;
#fastcgi_busy_buffers_size 256k;
#fastcgi_temp_file_write_size 256k;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
index index.php;
}
#Cache everything by default
set \$no_cache 0;
#Don't cache POST requests
if (\$request_method = POST) {
set \$no_cache 1;
}
#Don't cache if the URL contains a query string
if (\$query_string != "") {
set \$no_cache 1;
}
#Don't cache the following URLs
if (\$request_uri ~* "/(administrator/|login.php)") {
set \$no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if (\$http_cookie = "PHPSESSID") {
set \$no_cache 1;
}
location ^~ /rainloop/data {
deny all;
}
location ^~ /data {
deny all;
}
}
EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
##-------------------------------##
# NGINX Single core bug fix #
##-------------------------------##
TERM=ansi whiptail --title "Info" --infobox " Applying Nginx bug-fix" 8 52
sleep 2
mkdir /etc/systemd/system/nginx.service.d
printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
systemctl daemon-reload
##-----------------------##
# MySQL Installation #
##-----------------------##
TERM=ansi whiptail --title "Info" --infobox " Installing MySQL" 8 52
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-MySQL/raw/branch/master/mysql-8.0.sh -O /tmp/mysql-8.0.sh
source /tmp/mysql-8.0.sh
##------------------------------##
# MySQL_Secure_Installation #
##------------------------------##
TERM=ansi whiptail --title "Info" --infobox " Securing MySQL" 8 52
sleep 2
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
##-----------------------------##
# MySQL Database Creation #
##-----------------------------##
TERM=ansi whiptail --title "Info" --infobox " Creating MySQL Databases" 8 52
sleep 2
mysql -u root -p"$password" -e "CREATE DATABASE postfixadmin;" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "CREATE USER '"postfixadmin"'@'localhost' IDENTIFIED BY '"$password"';" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "GRANT ALL ON "postfixadmin".* TO "postfixadmin"@'localhost';" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
##------------------##
# PostfixADMIN #
##------------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring PostfixAdmin" 8 52
sleep 2
mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c
wget -q -t7 https://git.ictmaatwerk.com/downloads/pfa/postfixadmin-3.1-dark.tar.gz -O /tmp/postfixadmin.tar.gz
tar -xf /tmp/postfixadmin.tar.gz -C /var/www/"$domain"/html/postfixadmin --strip-components=1
chmod 755 -R /var/www/"$domain"/html/postfixadmin/templates_c
chown -R www-data: /var/www/"$domain"/html/
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfixadmin/config.local.php -O /var/www/$domain/html/postfixadmin/config.local.php
sed -i -e 's/PASSword/'$password'/' -e 's/dOmaINnamE/'$domonly'/' /var/www/"$domain"/html/postfixadmin/config.local.php
sed -i 's/Welcome to your new account./Welkom bij je nieuwe mailbox!/g' /var/www/"$domain"/html/postfixadmin/config.inc.php
sudo -u www-data php /var/www/"$domain"/html/postfixadmin/upgrade.php > $OUTPUT 2>&1
bash /var/www/"$domain"/html/postfixadmin/scripts/postfixadmin-cli admin add superadmin@"$domonly" --superadmin 1 --active 1 --password "$password" --password2 "$password" > $OUTPUT 2>&1
groupadd -g 5000 vmail > $OUTPUT 2>&1
useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail > $OUTPUT 2>&1
##--------------------##
# Certbot (Auto) #
##--------------------##
#TERM=ansi whiptail --title "Info" --infobox " Configuring Certbot" 8 52
#sleep 2
#certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
#echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
#openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
#chmod 755 -R /etc/ssl/certs/dhparam.pem
##----------------------##
# Certbot (Manual) #
##----------------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Certbot (manual)" 8 52
sleep 2
mkdir -p /etc/letsencrypt/live/$domain/
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/cert.pem -O /etc/letsencrypt/live/$domain/cert.pem
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/chain.pem -O /etc/letsencrypt/live/$domain/chain.pem
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/fullchain.pem -O /etc/letsencrypt/live/$domain/fullchain.pem
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/privkey.pem -O /etc/letsencrypt/live/$domain/privkey.pem
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com
openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1
chmod 755 -R /etc/letsencrypt/ssl-dhparams.pem
chmod 755 -R /etc/ssl/certs/dhparam.pem
chmod 755 -R /etc/letsencrypt/live/$domain/cert.pem
chmod 755 -R /etc/letsencrypt/live/$domain/chain.pem
chmod 755 -R /etc/letsencrypt/live/$domain/fullchain.pem
chmod 755 -R /etc/letsencrypt/live/$domain/privkey.pem
chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com
##---------------------------##
# Postfix Configuration #
##---------------------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Postfix" 8 52
sleep 2
mkdir -p /etc/postfix/sql
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_catchall_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_mailbox_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_maps.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_domains_maps.cf -O /etc/postfix/sql/mysql_virtual_domains_maps.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_mailbox_maps.cf -O /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_domains_maps.cf
sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_alias_maps.cf
sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
sed -i 's/PASSword/'$password'/g' /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
echo "#MySQL Database" >> /etc/postfix/main.cf
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"
echo "#Use Dovecot's LMTP service as the default mail delivery" >> /etc/postfix/main.cf
postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"
echo "#TLS and SSL certificate" >> /etc/postfix/main.cf
postconf -e "smtp_tls_security_level = may"
postconf -e "smtpd_tls_security_level = may"
postconf -e "smtp_tls_note_starttls_offer = yes"
postconf -e "smtpd_tls_loglevel = 1"
postconf -e "smtpd_tls_received_header = yes"
postconf -e "smtpd_tls_cert_file = /etc/letsencrypt/live/"$domain"/fullchain.pem"
postconf -e "smtpd_tls_key_file = /etc/letsencrypt/live/"$domain"/privkey.pem"
echo "#SMTP Settings, hand off authentication to Dovecot" >> /etc/postfix/main.cf
postconf -e "smtpd_sasl_type = dovecot"
postconf -e "smtpd_sasl_path = private/auth"
postconf -e "smtpd_sasl_local_domain ="
postconf -e "smtpd_sasl_security_options = noanonymous"
postconf -e "broken_sasl_auth_clients = yes"
postconf -e "smtpd_sasl_auth_enable = yes"
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination"
sed -i 's/mynetworks = /#mynetworks = /g' /etc/postfix/main.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/postfix/master.cf -O /etc/postfix/master.cf
##---------------------------##
# Dovecot Configuration #
##---------------------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Dovecot" 8 52
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/15-mailboxes.conf -O /etc/dovecot/conf.d/15-mailboxes.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-mail.conf -O /etc/dovecot/conf.d/10-mail.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-auth.conf -O /etc/dovecot/conf.d/10-auth.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-master.conf -O /etc/dovecot/conf.d/10-master.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-ssl.conf -O /etc/dovecot/conf.d/10-ssl.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/20-lmtp.conf -O /etc/dovecot/conf.d/20-lmtp.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/20-imap.conf -O /etc/dovecot/conf.d/20-imap.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/dovecot-dict-sql.conf.ext -O /etc/dovecot/dovecot-dict-sql.conf.ext
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/dovecot-sql.conf.ext -O /etc/dovecot/dovecot-sql.conf.ext
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/quota-warning.sh -O /usr/local/bin/quota-warning.sh
sed -i 's/PASSword/'$password'/g' /etc/dovecot/dovecot-sql.conf.ext
sed -i 's/PASSword/'$password'/g' /etc/dovecot/dovecot-dict-sql.conf.ext
sed -i -e 's/DOMAINname/'$domain'/' -e 's/#ssl_cert = /ssl_cert = /' -e 's/#ssl_key = /ssl_key = /' -e 's/#ssl_dh = /ssl_dh = /' /etc/dovecot/conf.d/10-ssl.conf
chmod +x /usr/local/bin/quota-warning.sh
##--------------------------------------##
# Dovecot move Spam to Spam Folder #
##--------------------------------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Spam Folder" 8 52
sleep 2
mkdir -p /etc/dovecot/sieve/
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/dovecot/15-lda.conf -O /etc/dovecot/conf.d/15-lda.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/90-sieve.conf -O /etc/dovecot/conf.d/90-sieve.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/sieve/default.sieve -O /etc/dovecot/sieve/default.sieve
chown -R vmail:vmail /etc/dovecot/sieve/
chgrp dovecot /etc/dovecot/conf.d/90-sieve.conf
sievec /etc/dovecot/sieve/default.sieve > $OUTPUT 2>&1
chgrp dovecot /etc/dovecot/sieve/default.svbin > $OUTPUT 2>&1
##------------------##
# Spamassassin #
##------------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Spamassassin" 8 52
sleep 2
sed -i -e 's/# report_safe 1/report_safe 0/' -e 's/# required_score 5.0/required_score 5.0/' -e 's/endif # Mail::SpamAssassin::Plugin::Shortcircuit//' /etc/spamassassin/local.cf
echo "" >> /etc/spamassassin/local.cf
echo "skip_rbl_checks 0" >> /etc/spamassassin/local.cf
echo "" >> /etc/spamassassin/local.cf
echo "#pyzor" >> /etc/spamassassin/local.cf
echo "use_pyzor 1" >> /etc/spamassassin/local.cf
echo "pyzor_path /usr/bin/pyzor" >> /etc/spamassassin/local.cf
echo "pyzor_add_header 1" >> /etc/spamassassin/local.cf
echo "" >> /etc/spamassassin/local.cf
echo "#razor" >> /etc/spamassassin/local.cf
echo "use_razor2 1" >> /etc/spamassassin/local.cf
echo "razor_config /etc/razor/razor-agent.conf" >> /etc/spamassassin/local.cf
echo "" >> /etc/spamassassin/local.cf
echo "#bayes" >> /etc/spamassassin/local.cf
echo "use_bayes 1" >> /etc/spamassassin/local.cf
echo "use_bayes_rules 1" >> /etc/spamassassin/local.cf
echo "bayes_auto_learn 1" >> /etc/spamassassin/local.cf
echo "" >> /etc/spamassassin/local.cf
echo "endif # Mail::SpamAssassin::Plugin::Shortcircuit" >> /etc/spamassassin/local.cf
##------------##
# ClamAV #
##------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring ClamAV" 8 52
sleep 2
mkdir -p /var/log/clamav
mkdir -p /var/lib/clamav
chown -R clamav:clamav /var/log/clamav
chown -R clamav:clamav /var/lib/clamav
chmod 775 -R /var/lib/clamav/* /var/lib/clamav
##------------##
# Amavis #
##------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Amavis" 8 52
sleep 2
sed -i -e 's/@bypass/'@bypass'/' -e 's/ / /' /etc/amavis/conf.d/15-content_filter_mode
adduser clamav amavis > $OUTPUT 2>&1
sed -i 's/clamd.conf/'clamd.conf'/g' /etc/clamav/freshclam.conf
echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/main.cf
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'
echo "" >> /etc/postfix/master.cf
echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/master.cf
echo "amavis unix - - - - 2 smtp" >> /etc/postfix/master.cf
echo " -o smtp_data_done_timeout=1200" >> /etc/postfix/master.cf
echo " -o smtp_send_xforward_command=yes" >> /etc/postfix/master.cf
echo "127.0.0.1:10025 inet n - - - - smtpd" >> /etc/postfix/master.cf
echo " -o content_filter=" >> /etc/postfix/master.cf
echo " -o local_recipient_maps=" >> /etc/postfix/master.cf
echo " -o relay_recipient_maps=" >> /etc/postfix/master.cf
echo " -o smtpd_restriction_classes=" >> /etc/postfix/master.cf
echo " -o smtpd_client_restrictions=" >> /etc/postfix/master.cf
echo " -o smtpd_helo_restrictions=" >> /etc/postfix/master.cf
echo " -o smtpd_sender_restrictions=" >> /etc/postfix/master.cf
echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> /etc/postfix/master.cf
echo " -o mynetworks=127.0.0.0/8" >> /etc/postfix/master.cf
echo " -o strict_rfc821_envelopes=yes" >> /etc/postfix/master.cf
echo " -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks" >> /etc/postfix/master.cf
echo " -o smtpd_bind_address=127.0.0.1" >> /etc/postfix/master.cf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/15-content_filter_mode -O /etc/amavis/conf.d/15-content_filter_mode
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/20-debian_defaults -O /etc/amavis/conf.d/20-debian_defaults
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/21-ubuntu_defaults -O /etc/amavis/conf.d/21-ubuntu_defaults
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/50-user -O /etc/amavis/conf.d/50-user
##--------------##
# Rainloop #
##--------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Rainloop" 8 52
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/rainloop.sh -O /tmp/rainloop.sh
source /tmp/rainloop.sh > $OUTPUT 2>&1
ln -s /opt/rainloop /var/www/"$domain"/html/
##--------------##
# Fail2Ban #
##--------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Fail2Ban" 8 52
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/dovecot-pop3imap.conf -O /etc/fail2ban/filter.d/dovecot-pop3imap.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/postfix-sasl.conf -O /etc/fail2ban/filter.d/postfix-sasl.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/rainloop.conf -O /etc/fail2ban/filter.d/rainloop.conf
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/jail.local -O /etc/fail2ban/jail.local
sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf
systemctl restart fail2ban > $OUTPUT 2>&1
##---------------------------------##
# Unattended Security Updates #
##---------------------------------##
TERM=ansi whiptail --title "Info" --infobox " Configuring Unattended Security Updates" 8 52
sleep 2
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/installer.sh -O /tmp/unattended.sh
source /tmp/unattended.sh
##---------------------##
# System services #
##---------------------##
TERM=ansi whiptail --title "Info" --infobox " Setting up system services" 8 52
sleep 2
systemctl enable nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
systemctl disable amavisd-snmp-subagent amavis-mc > $OUTPUT 2>&1
systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
##---------------------------------##
# Updating ClamAV definitions #
##---------------------------------##
{
for ((i = 0 ; i <= 100 ; i+=1)); do sleep 3.0
echo $i
done
} | whiptail --gauge " Please wait while ClamAV is updating definitions..." 6 52 0
##-------------------------##
# Configuring Services #
##-------------------------##
systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
echo "@reboot root systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot && sleep 300 && systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot" >> /etc/crontab
##------------------##
# Final Update #
##------------------##
TERM=ansi whiptail --title "Info" --infobox " Final Update" 8 52
sleep 2
$PKGM update
$PKGM upgrade -y
$PKGM autoremove -y
##----------------------##
# End of installer #
##----------------------##
TERM=ansi whiptail --title "Info" --infobox " Done installing!" 8 52
sleep 3
whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started \n\nYour login is: superadmin@$domonly\nYour password is: $password" 10 108
whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 8 78
clear
Reference in New Issue View Git Blame Copy Permalink