528 lines
27 KiB
Bash
528 lines
27 KiB
Bash
#!/bin/bash
|
|
|
|
###############################
|
|
# @author: Bram Prieshof #
|
|
# @author: Branco van de Waal #
|
|
###############################
|
|
|
|
##----------##
|
|
# Menu #
|
|
##----------##
|
|
sed -i -e 's/magenta/blue/g' /etc/newt/palette
|
|
if [ "$1" != "-l" ]; then
|
|
echo "Normal mode"
|
|
PKGM="debconf-apt-progress -- apt"
|
|
OUTPUT='/dev/null'
|
|
IMODE=n
|
|
fi
|
|
|
|
if [ "$1" = "-l" ]; then
|
|
echo "Legacy mode";
|
|
PKGM="apt"
|
|
OUTPUT='/dev/tty'
|
|
IMODE=l
|
|
fi
|
|
PKGA="add-apt-repository"
|
|
PKGI="${PKGM} install -y"
|
|
|
|
if [ $IMODE = n ]; then
|
|
if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno " Do you want to install a mail server?" 11 78)
|
|
then
|
|
echo "" >/dev/null
|
|
else
|
|
whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 11 78
|
|
clear
|
|
exit
|
|
fi
|
|
echo "" >/dev/null
|
|
password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 11 82 --title "Config" 3>&1 1>&2 2>&3)
|
|
domain=$(whiptail --nocancel --inputbox " Enter the domain without www or mail." 11 82 --title "Config" 3>&1 1>&2 2>&3)
|
|
email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 11 82 --title "Config" 3>&1 1>&2 2>&3)
|
|
uploadsize=$(whiptail --nocancel --title "Config" --radiolist " Choose the maximum attachment size:" 11 82 4 "10" "MB " on "25" "MB" off "50" "MB" off "100" "MB" off 3>&1 1>&2 2>&3)
|
|
elif [ $IMODE = l ]; then
|
|
echo "" >/dev/null
|
|
echo "Ubuntu 18.04 Mailserver installation script."
|
|
echo "Domain without www or e-mail:"
|
|
read domain
|
|
echo "Please enter your password (should contain at least 2 digits and 6 characters:"
|
|
read password
|
|
echo "Administrator E-mail:"
|
|
read email
|
|
echo "Enter the maximum attachment size in MB (without MB)"
|
|
read uploadsize
|
|
fi
|
|
|
|
##---------------##
|
|
# Functions #
|
|
##---------------##
|
|
msg () {
|
|
if [ $IMODE = n ]; then
|
|
TERM=ansi whiptail --title "Info" --infobox "$1" 8 52
|
|
fi
|
|
if [ $IMODE = l ]; then
|
|
echo "$1"
|
|
fi
|
|
}
|
|
|
|
##-------------------------------##
|
|
# CONFIG OPTIONS FUCKA YOUAH #
|
|
##-------------------------------##
|
|
phpver=7.3
|
|
domonly=${domain}
|
|
domain=mail.${domain}
|
|
branch=beta
|
|
dhparam=1024
|
|
PHPMyadmin=1
|
|
PKGA="add-apt-repository"
|
|
PKGI="${PKGM} install -y"
|
|
db_pass=$(date +%s|sha256sum|base64|head -c 32)
|
|
wanip=`ip -o route get 1.1.1.1 | sed -e 's/^.* src \([^ ]*\) .*$/\1/'`
|
|
debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
|
|
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
|
|
|
|
##----------------##
|
|
# Pre-Config #
|
|
##----------------##
|
|
msg " Pre-Configuring"
|
|
sleep 2
|
|
sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config
|
|
hostnamectl set-hostname $domain > $OUTPUT 2>&1
|
|
timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
|
|
hostname --fqdn > /etc/mailname
|
|
mkdir -p /etc/nginx
|
|
mkdir -p /var/www/"$domain"/html
|
|
chmod -R 755 /var/www
|
|
#if free | awk '/^Swap:/ {exit !$2}'; then
|
|
# echo "swap enabled" >/dev/null
|
|
#else
|
|
# fallocate -l 3G /swapfile
|
|
# chmod 600 /swapfile
|
|
# mkswap /swapfile
|
|
# swapon /swapfile
|
|
# echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
|
|
#fi
|
|
#sed -i 's/#/vm.swappiness=40/g' /etc/sysctl.conf
|
|
|
|
##----------------------##
|
|
# Pre-Requirements #
|
|
##----------------------##
|
|
msg " Buzzy like a bee"
|
|
$PKGM update
|
|
$PKGI software-properties-common sudo
|
|
$PKGA universe -y > $OUTPUT 2>&1
|
|
$PKGA ppa:ondrej/php -y > $OUTPUT 2>&1
|
|
$PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1
|
|
wget -q -t7 -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
|
|
echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list > $OUTPUT 2>&1
|
|
$PKGM update
|
|
$PKGM upgrade -y
|
|
|
|
##-----------------------------##
|
|
# Installing Requirements #
|
|
##-----------------------------##
|
|
$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban bc python-certbot-nginx postfix-policyd-spf-python opendkim opendkim-tools
|
|
|
|
##-------------##
|
|
# Debloat #
|
|
##-------------##
|
|
$PKGM remove --purge lxcfs lxd lxd-client geoip-database snapd -y
|
|
$PKGM autoremove -y
|
|
|
|
##-----------------------##
|
|
# HTML Folder Perms #
|
|
##-----------------------##
|
|
msg " Configuring HTML permissions"
|
|
sleep 2
|
|
chown -R www-data:www-data /var/www/"$domain"/html
|
|
|
|
##-----------##
|
|
# NGINX #
|
|
##-----------##
|
|
#$PKGI nginx
|
|
msg " Configuring Nginx"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/stable/config/nginx/PostfixAdmin-site-unconfigured -O /etc/nginx/sites-available/"$domain"
|
|
sed -i -e 's/DOMAINname/'$domain'/' -e 's/PHPver/'$phpver'/' /etc/nginx/sites-available/"$domain"
|
|
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
|
|
|
|
##-------------------------------##
|
|
# NGINX Single core bug fix #
|
|
##-------------------------------##
|
|
msg " Applying Nginx bug-fix"
|
|
sleep 2
|
|
mkdir /etc/systemd/system/nginx.service.d
|
|
printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
|
|
systemctl daemon-reload
|
|
|
|
##-----------------------##
|
|
# MySQL Installation #
|
|
##-----------------------##
|
|
msg " Installing MySQL"
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-MySQL/raw/branch/master/mysql-8.0.sh -O /tmp/mysql-8.0.sh
|
|
source /tmp/mysql-8.0.sh
|
|
|
|
##------------------------------##
|
|
# MySQL_Secure_Installation #
|
|
##------------------------------##
|
|
msg " Securing MySQL"
|
|
sleep 2
|
|
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" > $OUTPUT 2>&1
|
|
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" > $OUTPUT 2>&1
|
|
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" > $OUTPUT 2>&1
|
|
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" > $OUTPUT 2>&1
|
|
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';" > $OUTPUT 2>&1
|
|
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
|
|
|
|
##-----------------------------##
|
|
# MySQL Database Creation #
|
|
##-----------------------------##
|
|
msg " Creating MySQL Databases"
|
|
sleep 2
|
|
mysql -u root -p"$password" -e "CREATE DATABASE postfixadmin;" > $OUTPUT 2>&1
|
|
mysql -u root -p"$password" -e "CREATE USER '"postfixadmin"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
|
|
mysql -u root -p"$password" -e "GRANT ALL ON "postfixadmin".* TO "postfixadmin"@'localhost';" > $OUTPUT 2>&1
|
|
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
|
|
|
|
##----------------##
|
|
# PhpMyAdmin #
|
|
##----------------##
|
|
ln -s /usr/share/phpmyadmin /var/www/mail.ictdownwerk.com/html/phpmyadmin
|
|
|
|
##------------------##
|
|
# PostfixADMIN #
|
|
##------------------##
|
|
msg " Configuring PostfixAdmin"
|
|
sleep 2
|
|
mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c
|
|
wget -q -t7 https://git.ictmaatwerk.com/downloads/pfa/postfixadmin-3.1-dark.tar.gz -O /tmp/postfixadmin.tar.gz
|
|
tar -xf /tmp/postfixadmin.tar.gz -C /var/www/"$domain"/html/postfixadmin --strip-components=1
|
|
chmod 755 -R /var/www/"$domain"/html/postfixadmin/templates_c
|
|
chown -R www-data: /var/www/"$domain"/html/
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfixadmin/config.local.php -O /var/www/$domain/html/postfixadmin/config.local.php
|
|
sed -i -e 's/PASSword/'$db_pass'/' -e 's/dOmaINnamE/'$domonly'/' /var/www/"$domain"/html/postfixadmin/config.local.php
|
|
sed -i 's/Welcome to your new account./Welkom bij je nieuwe mailbox!/g' /var/www/"$domain"/html/postfixadmin/config.inc.php
|
|
sudo -u www-data php /var/www/"$domain"/html/postfixadmin/upgrade.php > $OUTPUT 2>&1
|
|
bash /var/www/"$domain"/html/postfixadmin/scripts/postfixadmin-cli admin add superadmin@"$domonly" --superadmin 1 --active 1 --password "$password" --password2 "$password" > $OUTPUT 2>&1
|
|
groupadd -g 5000 vmail > $OUTPUT 2>&1
|
|
useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail > $OUTPUT 2>&1
|
|
|
|
##--------------------##
|
|
# Certbot (Auto) #
|
|
##--------------------##
|
|
#msg " Configuring Certbot"
|
|
#sleep 2
|
|
#certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
|
#echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
|
|
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
|
|
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
|
|
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
|
|
#openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
|
|
#chmod 755 -R /etc/ssl/certs/dhparam.pem
|
|
|
|
##----------------------##
|
|
# Certbot (Manual) #
|
|
##----------------------##
|
|
msg " Configuring Certbot (manual)"
|
|
sleep 2
|
|
mkdir -p /etc/letsencrypt/live/$domain/
|
|
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
|
|
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
|
|
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/cert.pem -O /etc/letsencrypt/live/$domain/cert.pem
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/chain.pem -O /etc/letsencrypt/live/$domain/chain.pem
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/fullchain.pem -O /etc/letsencrypt/live/$domain/fullchain.pem
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/lets-encrypt/privkey.pem -O /etc/letsencrypt/live/$domain/privkey.pem
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com
|
|
openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
|
|
openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1
|
|
chmod 755 -R /etc/letsencrypt/ssl-dhparams.pem
|
|
chmod 755 -R /etc/ssl/certs/dhparam.pem
|
|
chmod 755 -R /etc/letsencrypt/live/$domain/cert.pem
|
|
chmod 755 -R /etc/letsencrypt/live/$domain/chain.pem
|
|
chmod 755 -R /etc/letsencrypt/live/$domain/fullchain.pem
|
|
chmod 755 -R /etc/letsencrypt/live/$domain/privkey.pem
|
|
chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com
|
|
|
|
##---------------------------##
|
|
# Postfix Configuration #
|
|
##---------------------------##
|
|
msg " Configuring Postfix"
|
|
sleep 2
|
|
mkdir -p /etc/postfix/sql
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_catchall_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_mailbox_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_domain_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_alias_maps.cf -O /etc/postfix/sql/mysql_virtual_alias_maps.cf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_domains_maps.cf -O /etc/postfix/sql/mysql_virtual_domains_maps.cf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/mysql_virtual_mailbox_maps.cf -O /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
|
|
sed -i 's/PASSword/'$db_pass'/g' /etc/postfix/sql/mysql_virtual_domains_maps.cf /etc/postfix/sql/mysql_virtual_alias_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf /etc/postfix/sql/mysql_virtual_mailbox_maps.cf /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
|
|
echo "#MySQL Database" >> /etc/postfix/main.cf
|
|
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
|
|
postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
|
|
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"
|
|
echo "#Use Dovecot's LMTP service as the default mail delivery" >> /etc/postfix/main.cf
|
|
postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"
|
|
echo "#TLS and SSL certificate" >> /etc/postfix/main.cf
|
|
postconf -e "smtp_tls_security_level = may"
|
|
postconf -e "smtpd_tls_security_level = may"
|
|
postconf -e "smtp_tls_note_starttls_offer = yes"
|
|
postconf -e "smtpd_tls_loglevel = 1"
|
|
postconf -e "smtpd_tls_received_header = yes"
|
|
postconf -e "smtpd_tls_cert_file = /etc/letsencrypt/live/"$domain"/fullchain.pem"
|
|
postconf -e "smtpd_tls_key_file = /etc/letsencrypt/live/"$domain"/privkey.pem"
|
|
echo "#SMTP Settings, hand off authentication to Dovecot" >> /etc/postfix/main.cf
|
|
postconf -e "smtpd_sasl_type = dovecot"
|
|
postconf -e "smtpd_sasl_path = private/auth"
|
|
postconf -e "smtpd_sasl_local_domain ="
|
|
postconf -e "smtpd_sasl_security_options = noanonymous"
|
|
postconf -e "broken_sasl_auth_clients = yes"
|
|
postconf -e "smtpd_sasl_auth_enable = yes"
|
|
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policyd-spf"
|
|
sed -i 's/mynetworks = /#mynetworks = /g' /etc/postfix/main.cf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/postfix/master.cf -O /etc/postfix/master.cf
|
|
|
|
##---------------------------##
|
|
# Dovecot Configuration #
|
|
##---------------------------##
|
|
msg " Configuring Dovecot"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/15-mailboxes.conf -O /etc/dovecot/conf.d/15-mailboxes.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-mail.conf -O /etc/dovecot/conf.d/10-mail.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-auth.conf -O /etc/dovecot/conf.d/10-auth.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-master.conf -O /etc/dovecot/conf.d/10-master.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/10-ssl.conf -O /etc/dovecot/conf.d/10-ssl.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/20-lmtp.conf -O /etc/dovecot/conf.d/20-lmtp.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/20-imap.conf -O /etc/dovecot/conf.d/20-imap.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/dovecot-dict-sql.conf.ext -O /etc/dovecot/dovecot-dict-sql.conf.ext
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/dovecot-sql.conf.ext -O /etc/dovecot/dovecot-sql.conf.ext
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/quota-warning.sh -O /usr/local/bin/quota-warning.sh
|
|
sed -i 's/PASSword/'$db_pass'/g' /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-dict-sql.conf.ext
|
|
sed -i -e 's/DOMAINname/'$domain'/' -e 's/#ssl_cert = /ssl_cert = /' -e 's/#ssl_key = /ssl_key = /' -e 's/#ssl_dh = /ssl_dh = /' /etc/dovecot/conf.d/10-ssl.conf
|
|
chmod +x /usr/local/bin/quota-warning.sh
|
|
|
|
##--------------------------------------##
|
|
# Dovecot move Spam to Spam Folder #
|
|
##--------------------------------------##
|
|
msg " Configuring Spam Folder"
|
|
sleep 2
|
|
mkdir -p /etc/dovecot/sieve/
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/dovecot/15-lda.conf -O /etc/dovecot/conf.d/15-lda.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/90-sieve.conf -O /etc/dovecot/conf.d/90-sieve.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/sieve/default.sieve -O /etc/dovecot/sieve/default.sieve
|
|
chown -R vmail:vmail /etc/dovecot/sieve/
|
|
chgrp dovecot /etc/dovecot/conf.d/90-sieve.conf
|
|
sievec /etc/dovecot/sieve/default.sieve > $OUTPUT 2>&1
|
|
chgrp dovecot /etc/dovecot/sieve/default.svbin > $OUTPUT 2>&1
|
|
|
|
##------------------##
|
|
# Spamassassin #
|
|
##------------------##
|
|
msg " Configuring Spamassassin"
|
|
sleep 2
|
|
sed -i -e 's/# report_safe 1/report_safe 0/' -e 's/# required_score 5.0/required_score 5.0/' -e 's/endif # Mail::SpamAssassin::Plugin::Shortcircuit//' /etc/spamassassin/local.cf
|
|
echo "" >> /etc/spamassassin/local.cf
|
|
echo "skip_rbl_checks 0" >> /etc/spamassassin/local.cf
|
|
echo "" >> /etc/spamassassin/local.cf
|
|
echo "#pyzor" >> /etc/spamassassin/local.cf
|
|
echo "use_pyzor 1" >> /etc/spamassassin/local.cf
|
|
echo "pyzor_path /usr/bin/pyzor" >> /etc/spamassassin/local.cf
|
|
echo "pyzor_add_header 1" >> /etc/spamassassin/local.cf
|
|
echo "" >> /etc/spamassassin/local.cf
|
|
echo "#razor" >> /etc/spamassassin/local.cf
|
|
echo "use_razor2 1" >> /etc/spamassassin/local.cf
|
|
echo "razor_config /etc/razor/razor-agent.conf" >> /etc/spamassassin/local.cf
|
|
echo "" >> /etc/spamassassin/local.cf
|
|
echo "#bayes" >> /etc/spamassassin/local.cf
|
|
echo "use_bayes 1" >> /etc/spamassassin/local.cf
|
|
echo "use_bayes_rules 1" >> /etc/spamassassin/local.cf
|
|
echo "bayes_auto_learn 1" >> /etc/spamassassin/local.cf
|
|
echo "" >> /etc/spamassassin/local.cf
|
|
echo "endif # Mail::SpamAssassin::Plugin::Shortcircuit" >> /etc/spamassassin/local.cf
|
|
|
|
##------------##
|
|
# ClamAV #
|
|
##------------##
|
|
msg " Configuring ClamAV"
|
|
sleep 2
|
|
mkdir -p /var/log/clamav
|
|
mkdir -p /var/lib/clamav
|
|
chown -R clamav:clamav /var/log/clamav
|
|
chown -R clamav:clamav /var/lib/clamav
|
|
chmod 775 -R /var/lib/clamav/* /var/lib/clamav
|
|
|
|
##------------##
|
|
# Amavis #
|
|
##------------##
|
|
msg " Configuring Amavis"
|
|
sleep 2
|
|
sed -i -e 's/@bypass/'@bypass'/' -e 's/ / /' /etc/amavis/conf.d/15-content_filter_mode
|
|
adduser clamav amavis > $OUTPUT 2>&1
|
|
sed -i 's/clamd.conf/'clamd.conf'/g' /etc/clamav/freshclam.conf
|
|
echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/main.cf
|
|
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
|
|
postconf -e 'receive_override_options = no_address_mappings'
|
|
echo "" >> /etc/postfix/master.cf
|
|
echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/master.cf
|
|
echo "amavis unix - - - - 2 smtp" >> /etc/postfix/master.cf
|
|
echo " -o smtp_data_done_timeout=1200" >> /etc/postfix/master.cf
|
|
echo " -o smtp_send_xforward_command=yes" >> /etc/postfix/master.cf
|
|
echo "127.0.0.1:10025 inet n - - - - smtpd" >> /etc/postfix/master.cf
|
|
echo " -o content_filter=" >> /etc/postfix/master.cf
|
|
echo " -o local_recipient_maps=" >> /etc/postfix/master.cf
|
|
echo " -o relay_recipient_maps=" >> /etc/postfix/master.cf
|
|
echo " -o smtpd_restriction_classes=" >> /etc/postfix/master.cf
|
|
echo " -o smtpd_client_restrictions=" >> /etc/postfix/master.cf
|
|
echo " -o smtpd_helo_restrictions=" >> /etc/postfix/master.cf
|
|
echo " -o smtpd_sender_restrictions=" >> /etc/postfix/master.cf
|
|
echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> /etc/postfix/master.cf
|
|
echo " -o mynetworks=127.0.0.0/8" >> /etc/postfix/master.cf
|
|
echo " -o strict_rfc821_envelopes=yes" >> /etc/postfix/master.cf
|
|
echo " -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks" >> /etc/postfix/master.cf
|
|
echo " -o smtpd_bind_address=127.0.0.1" >> /etc/postfix/master.cf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/15-content_filter_mode -O /etc/amavis/conf.d/15-content_filter_mode
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/20-debian_defaults -O /etc/amavis/conf.d/20-debian_defaults
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/21-ubuntu_defaults -O /etc/amavis/conf.d/21-ubuntu_defaults
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/amavis/50-user -O /etc/amavis/conf.d/50-user
|
|
sed -i 's/PASSword/'$db_pass'/g' /etc/amavis/conf.d/50-user
|
|
|
|
##------------------##
|
|
# Incoming SPF #
|
|
##------------------##
|
|
msg " Configuring incoming SPF"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/spf/incoming_spf.sh -O /tmp/incoming_spf.sh
|
|
source /tmp/incoming_spf.sh > $OUTPUT 2>&1
|
|
|
|
##--------------##
|
|
# Rainloop #
|
|
##--------------##
|
|
msg " Configuring Rainloop"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/rainloop/rainloop.sh -O /tmp/rainloop.sh
|
|
source /tmp/rainloop.sh > $OUTPUT 2>&1
|
|
ln -s /opt/rainloop /var/www/"$domain"/html/
|
|
|
|
##--------------##
|
|
# OpenDKIM #
|
|
##--------------##
|
|
msg " Configuring OpenDKIM"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dkim/opendkim.sh -O /tmp/opendkim.sh
|
|
source /tmp/opendkim.sh > $OUTPUT 2>&1
|
|
|
|
##-------------------------##
|
|
# Max attachment size #
|
|
##-------------------------##
|
|
msg " Configuring attachment sizes"
|
|
sleep 2
|
|
sed -i 's/body_size 8/body_size '$uploadsize'/g' /etc/nginx/nginx.conf
|
|
sed -i 's/attachment_size_limit = 25/attachment_size_limit = '$uploadsize'/g' /var/www/$domain/html/rainloop/data/_data_/_default_/configs/application.ini
|
|
sed -i 's/max_filesize = 2/max_filesize = '$uploadsize'/g' /etc/php/$phpver/fpm/php.ini /etc/php/$phpver/cli/php.ini
|
|
sed -i 's/post_max_size = 8/post_max_size = '$uploadsize'/g' /etc/php/$phpver/fpm/php.ini /etc/php/$phpver/cli/php.ini
|
|
|
|
##--------------##
|
|
# Fail2Ban #
|
|
##--------------##
|
|
msg " Configuring Fail2Ban"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/dovecot-pop3imap.conf -O /etc/fail2ban/filter.d/dovecot-pop3imap.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/postfix-sasl.conf -O /etc/fail2ban/filter.d/postfix-sasl.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/rainloop.conf -O /etc/fail2ban/filter.d/rainloop.conf
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/jail.local -O /etc/fail2ban/jail.local
|
|
sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf
|
|
systemctl restart fail2ban > $OUTPUT 2>&1
|
|
|
|
##---------------------------------##
|
|
# Unattended Security Updates #
|
|
##---------------------------------##
|
|
msg " Configuring Unattended Security Updates"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/installer.sh -O /tmp/unattended.sh
|
|
source /tmp/unattended.sh
|
|
|
|
##--------------------------------------##
|
|
# Clearing / purging the mail queue #
|
|
##--------------------------------------##
|
|
msg " Configuring Mail-queue"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/postfix/clear-queue.sh -O /tmp/clear-queue.sh
|
|
source /tmp/clear-queue.sh
|
|
|
|
##----------##
|
|
# MOTD #
|
|
##----------##
|
|
msg " Configuring MOTD"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/motd/01-custom -O /etc/update-motd.d/01-custom
|
|
chmod +x /etc/update-motd.d/01-custom
|
|
|
|
##---------##
|
|
# UFW #
|
|
##---------##
|
|
msg " Configuring UFW"
|
|
sleep 2
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/ufw/config.sh -O /tmp/ufw-config.sh
|
|
source /tmp/ufw-config.sh
|
|
|
|
##---------------------##
|
|
# System services #
|
|
##---------------------##
|
|
msg " Setting up system services"
|
|
sleep 2
|
|
systemctl enable nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
|
|
systemctl disable amavis amavisd-snmp-subagent amavis-mc postfix dovecot> $OUTPUT 2>&1
|
|
systemctl stop amavis amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
|
|
systemctl restart sshd nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin opendkim php7.3-fpm > $OUTPUT 2>&1
|
|
|
|
##---------------------------------##
|
|
# Updating ClamAV definitions #
|
|
##---------------------------------##
|
|
{
|
|
for ((i = 0 ; i <= 100 ; i+=1)); do sleep 3.0
|
|
echo $i
|
|
done
|
|
} | whiptail --gauge " Please wait while ClamAV is updating definitions..." 6 52 0
|
|
|
|
##-------------------------##
|
|
# Configuring Services #
|
|
##-------------------------##
|
|
systemctl start amavis amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
|
|
echo "@reboot root sleep 300 && systemctl start amavis amavisd-snmp-subagent amavis-mc postfix dovecot" >> /etc/crontab
|
|
|
|
##------------------##
|
|
# Final Update #
|
|
##------------------##
|
|
msg " Final Update"
|
|
sleep 2
|
|
$PKGM update
|
|
$PKGM upgrade -y
|
|
$PKGM autoremove -y
|
|
|
|
##------------##
|
|
# Readme #
|
|
##------------##
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/beta/config/manual.sh -O /tmp/manual.sh
|
|
source /tmp/manual.sh
|
|
|
|
##----------------------##
|
|
# End of installer #
|
|
##----------------------##
|
|
msg " Done installing!"
|
|
sleep 3
|
|
|
|
if [ $IMODE = n ]; then
|
|
whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started \n\nYour login is: superadmin@$domonly\nYour password is: $password" 10 108
|
|
whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 8 78
|
|
clear
|
|
fi
|
|
if [ $IMODE = l ]; then
|
|
clear
|
|
echo "Point your browser to https://$domain/postfixadmin to get started"
|
|
echo ""
|
|
echo "Your login is: superadmin@$domonly"
|
|
echo "Your password is: $password"
|
|
echo ""
|
|
read -p "Press enter to continue"
|
|
clear
|
|
fi |