systemctl stop postfix opendkim


##-------------##
#    Postfix    #
##-------------##

sed -i "/^inet_interfaces =/c\inet_interfaces = loopback-only" /etc/postfix/main.cf
sed -i "/recipient_delimiter =/c\recipient_delimiter = +" /etc/postfix/main.cf
sed -i "/^mydestination =/c\mydestination = \"$hostname\", localhost.\"$hostname\", \"$hostname\"" /etc/postfix/main.cf
echo "$hostname" > /etc/mailname
if [ "$(echo "$hostname" | grep -o "\." | wc -l)" -eq 1 ]; then
  echo "bounce_notice_recipient = admin@$hostname" >> /etc/postfix/main.cf
else
 echo "bounce_notice_recipient = admin@$(sed 's/.*\.\(.*\..*\)/\1/' <<< $hostname)" >> /etc/postfix/main.cf
fi
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster:    root
root:          $email
EOF
newaliases

cat <<EOF >> /etc/postfix/main.cf

#openDKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
EOF


##--------------##
#    OpenDKIM    #
##--------------##

usermod -aG opendkim postfix
rm -rf /etc/opendkim.d
mkdir -p /etc/opendkim.d/keys
chown opendkim:opendkim /etc/opendkim.d/keys -R
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/config/opendkim.conf -o /etc/opendkim.conf
touch /etc/opendkim.d/SigningTable
cat <<EOF > /etc/opendkim.d/TrustedHosts
127.0.0.1
::1
localhost
$(curl -s -4 icanhazip.com)
$(curl -s -6 icanhazip.com)
${hostname}
EOF


if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
    mkdir -p /var/spool/postfix/var/run/opendkim
    sudo chown opendkim:postfix /var/spool/postfix/var/run/opendkim
    sed -i "/^RUNDIR=/c\RUNDIR=/var/spool/postfix/var/run/opendkim" /etc/default/opendkim
    echo "TrustAnchorFile       /usr/share/dns/root.key" >> /etc/opendkim.conf
    bash /lib/opendkim/opendkim.service.generate
    systemctl daemon-reload
fi

odkhsec=$(sed 's/\..*$//'  <<< $hostname)
sudo --user opendkim mkdir /etc/opendkim.d/keys/"$hostname"
sudo --user opendkim opendkim-genkey -r -D /etc/opendkim.d/keys/"$hostname" -d "$hostname" -s $odkhsec
echo ""$odkhsec"._domainkey."$hostname" "$hostname":"$odkhsec":/etc/opendkim.d/keys/"$hostname"/"$odkhsec".private" >> /etc/opendkim.d/KeyTable
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/opendkim-init.sh -o ~/OpenDKIMInit-host.sh
sed -i -e 's/DOMAINname/'$hostname'/g' -e 's/SITEName/'host'/g' -e 's/ODKSec/'$odkhsec'/g' ~/OpenDKIMInit-host.sh
unset odkhsec


cat << EOF > /etc/update-motd.d/51-generalspf
#!/bin/sh
red='\e[1;31m%s\e[0m\n'
printf "\n"
printf \$red "To enable mail for this server add \"ip4:\$(curl -s -4 icanhazip.com) ip6:\$(curl -s -6 icanhazip.com)\" to $hostname SPF"
printf \$red "to enable DKKIM for the hostname run bash ~/OpenDKIMInit-host.sh"
printf \$red "remove notice this by running \"rm /etc/update-motd.d/51-generalspf\""
printf "\n"
EOF
chmod +x /etc/update-motd.d/51-generalspf

systemctl start postfix opendkim 
systemctl enable postfix opendkim

#if using Append module run for existing cms/sites
if [  "$itype" = "AddMod" ]; then
   for file in /etc/ICTM/sites/*; do
        sitename="${file##*/}"
        domain=${sitename//_/.}
        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/CMSHook-preconf.sh)
        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/CMSHook-conf.sh)
    done
fi