vmail-stack/install.sh

237 lines
9.1 KiB
Bash
Raw Normal View History

2021-03-30 15:50:31 -07:00
#!/bin/bash
if [ "${EUID}" -ne 0 ]; then
2021-04-15 12:49:54 -07:00
echo "You must be root to run this installer."
2021-03-30 15:50:31 -07:00
exit
fi
2024-06-14 14:36:22 -07:00
# check for Ubuntu 22.04 (jammy) or Debian 12 (bookworm)
os_codename=`lsb_release -cs`
if [ $os_codename != jammy ] && [ $os_codename != bookworm ]; then
echo "This installer only runs on Ubuntu 22.04 (jammy) or Debian 12 (Bookworm), bailing out."
exit 1
2021-03-30 15:50:31 -07:00
fi
# check if install is already in place
2021-04-20 14:46:05 -07:00
if [ -d "/var/vmail/" ]; then
2021-03-30 15:50:31 -07:00
echo "vmail-stack is already installed, bailing out."
exit
fi
2021-04-02 10:10:13 -07:00
# check for existing mail server software installs
if [ -d "/etc/exim4/" ] || [ -d "/etc/dovecot/" ]; then
echo "WARNING: Exim and/or Dovecot are already installed."
echo "This installer will overwrite existing configurations."
echo -e "You have five seconds to execute ctrl-c to cancel this install.\a"
sleep 5
2021-03-30 15:50:31 -07:00
fi
2021-04-21 11:17:00 -07:00
apt-get update
2021-04-15 12:49:54 -07:00
# install pwgen, used to create random passwords
2022-08-29 15:41:11 -07:00
DEBIAN_FRONTEND=noninteractive apt-get -y install pwgen
2021-03-30 15:50:31 -07:00
# install mariadb (mysql)
if [ ! -d "/etc/mysql/" ]; then
MARIADBPWORD=`pwgen 12 1`
2022-08-29 15:41:11 -07:00
DEBIAN_FRONTEND=noninteractive apt-get -y install mariadb-client mariadb-server
2022-08-29 15:34:13 -07:00
# set unix_socket auth for root
mysql -e "GRANT ALL ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION"
# create nagios user for monitoring server status only
2021-03-30 15:50:31 -07:00
mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';"
mysqladmin flush-privileges
elif ! systemctl is-active --quiet mysql ; then
echo "MySQL config dir exists, but MySQL/MariaDB server is not running."
echo "Check your server config and either make sure MySQL is running"
echo "or purge MySQL/MariaDB and all related packages (e.g. mysql-common)"
echo "from the server and then re-run this installer."
exit 1
2021-03-30 15:50:31 -07:00
fi
# create vmail user & db
mysqladmin create vmail
mysql vmail < vmail.sql
VMAILPASS=`pwgen -1 12`
mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';"
mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';"
mysqladmin flush-privileges
# install mail server software
2022-11-17 14:43:25 -08:00
DEBIAN_FRONTEND=noninteractive apt-get -y install exim4-daemon-heavy spf-tools-perl spamassassin srs libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd mailutils
2021-03-30 15:50:31 -07:00
# configure system users
2022-08-29 15:41:11 -07:00
DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert
2021-03-30 15:50:31 -07:00
usermod -a -G ssl-cert Debian-exim
useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail
2021-03-31 09:59:35 -07:00
# configure vmail user .my.cnf for db access
install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf
echo "[client]" > /var/vmail/.my.cnf
echo "host = localhost" >> /var/vmail/.my.cnf
echo "user = vmail" >> /var/vmail/.my.cnf
echo "password = $VMAILPASS" >> /var/vmail/.my.cnf
echo "socket = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf
2022-12-07 09:47:22 -08:00
echo "[mysql]" >> /var/vmail/.my.cnf
echo "database = vmail" >> /var/vmail/.my.cnf
2021-03-31 09:59:35 -07:00
2021-03-30 15:50:31 -07:00
# configure vmail dirs
chmod 750 /var/vmail/
if [ ! -d "/etc/ssl/dkim" ]; then
mkdir /etc/ssl/dkim
fi
chown Debian-exim:ssl-cert /etc/ssl/dkim
chmod 750 /etc/ssl/dkim
# spamassassin config
sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql
2024-06-14 14:36:22 -07:00
if [ $os_codename = jammy ]; then
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin
sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin
elif [ $os_codename != bookworm ]; then
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamd
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
2021-03-30 15:50:31 -07:00
cp etc/spamassassin/*.cf /etc/spamassassin/
sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf
chown root:root /etc/spamassassin/local.cf
chmod 644 /etc/spamassassin/local.cf
2024-06-14 14:36:22 -07:00
chown Debian-exim:mail /etc/spamassassin/sql.cf
2021-03-30 15:50:31 -07:00
chmod 640 /etc/spamassassin/sql.cf
# create local systemd dir, used by srsd & vmail-cron
if [[ ! -d /usr/local/lib/systemd/system ]]; then
mkdir -p /usr/local/lib/systemd/system
fi
# srsd
2022-08-29 15:34:13 -07:00
# bug fixes for libmail-srs-perl. still needed as of v0.31-6 on Ubuntu 22.04
sed -i 's|/tmp/srsd|/run/srsd/srsd.sock|' /usr/share/perl5/Mail/SRS/Daemon.pm
sed -i '/Until we decide that forward/,+3d' /usr/share/perl5/Mail/SRS/Daemon.pm
cp systemd/srsd.service /usr/local/lib/systemd/system/srsd.service
chmod 644 /usr/local/lib/systemd/system/srsd.service
systemctl daemon-reload
systemctl enable srsd
systemctl start srsd
2021-03-30 15:50:31 -07:00
# exim config
fqdn=`hostname -f`
2021-05-06 13:38:46 -07:00
maildomain=`hostname -d`
2021-03-30 15:50:31 -07:00
sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog
install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains
cp etc/exim4/* /etc/exim4/
2024-06-14 14:36:22 -07:00
if [ $os_codename = jammy ]; then
cp /etc/exim4/exim4-jammy.conf /etc/exim4/exim4.conf
2024-06-14 16:05:30 -07:00
elif [ $os_codename = bookworm ]; then
2024-06-14 14:36:22 -07:00
cp /etc/exim4/exim4-bookworm.conf /etc/exim4/exim4.conf
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
2021-03-30 15:50:31 -07:00
chmod 640 /etc/exim4/exim4.conf
chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter
chmod 640 /etc/exim4/autowhitelist.filter
chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh
chmod 640 /etc/exim4/return-resender.sh
chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts
chmod 640 /etc/exim4/skip_greylisting_hosts
2021-05-06 13:38:46 -07:00
sed -i "s|example.com|$maildomain|g" /etc/exim4/skip_greylisting_hosts
2021-03-30 15:50:31 -07:00
sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf
sed -i "s|fqdn.example.com|$fqdn|g" /etc/exim4/exim_local.conf
2021-05-06 13:38:46 -07:00
sed -i "s|example.com|$maildomain|g" /etc/exim4/exim_local.conf
touch /etc/exim4/srsd.secret
chmod 640 /etc/exim4/srsd.secret
chown Debian-exim:Debian-exim /etc/exim4/srsd.secret
2022-12-07 09:47:45 -08:00
pwgen -N 1 64 > /etc/exim4/srsd.secret
2021-12-30 16:50:59 -08:00
sed -i "s|^QUEUERUNNER.*|QUEUERUNNER='separate'|g" /etc/default/exim4
2021-12-28 13:09:06 -08:00
sed -i "s|^QUEUEINTERVAL.*|QUEUEINTERVAL='15m'|g" /etc/default/exim4
2024-06-14 14:36:22 -07:00
if [[ ! -f /var/log/exim4/rejectlog ]]; then
install --owner=Debian-exim --group=adm --mode=640 /dev/null /var/log/exim4/rejectlog
fi
2021-03-30 15:50:31 -07:00
# dovecot config
mkdir /etc/dovecot/sites.d
cp -a etc/dovecot/* /etc/dovecot/
chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext
chmod 640 /etc/dovecot/dovecot-sql.conf.ext
sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext
2021-04-22 13:16:49 -07:00
if ! [ -d "/usr/local/libexec" ]; then
mkdir /usr/local/libexec
fi
cp libexec/vmail-quota-warning.sh /usr/local/libexec/
chmod 750 /usr/local/libexec/vmail-quota-warning.sh
chown dovecot:mail /usr/local/libexec/vmail-quota-warning.sh
2021-03-31 11:00:02 -07:00
# restart services
2024-06-14 14:36:22 -07:00
if [ $os_codename = jammy ]; then
systemctl enable spamassassin
systemctl restart spamassassin
elif [ $os_codename != bookworm ]; then
systemctl enable spamd
systemctl restart spamd
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
2021-03-31 11:00:02 -07:00
systemctl restart exim4
systemctl restart dovecot
2021-03-30 15:50:31 -07:00
chmod 755 bin/*
cp bin/* /usr/local/bin/
2021-04-20 14:46:05 -07:00
# install & enable vmail systemd cron
cp sbin/vmail-cron.sh /usr/local/sbin/
chmod 755 /usr/local/sbin/vmail-cron.sh
cp systemd/vmail-cron.* /usr/local/lib/systemd/system/
chmod 644 /usr/local/lib/systemd/system/vmail-cron.*
2022-03-28 09:45:38 -07:00
systemctl enable vmail-cron.timer
2021-04-20 14:46:05 -07:00
systemctl start vmail-cron.timer
2022-11-16 16:50:46 -08:00
# enable email ports in firewalld
2022-11-17 14:43:25 -08:00
if [[ -d /etc/firewalld/ ]]; then
2022-11-16 16:50:46 -08:00
firewall-cmd --permanent --zone=public --add-service=smtp
firewall-cmd --permanent --zone=public --add-service=smtp-submission
firewall-cmd --permanent --zone=public --add-service=smtps
firewall-cmd --permanent --zone=public --add-service=imap
firewall-cmd --permanent --zone=public --add-service=imaps
firewall-cmd --permanent --zone=public --add-service=pop3
firewall-cmd --permanent --zone=public --add-service=pop3s
firewall-cmd --zone=public --add-service=smtp
firewall-cmd --zone=public --add-service=smtp-submission
firewall-cmd --zone=public --add-service=smtps
firewall-cmd --zone=public --add-service=imap
firewall-cmd --zone=public --add-service=imaps
firewall-cmd --zone=public --add-service=pop3
firewall-cmd --zone=public --add-service=pop3s
else
echo
echo "firewalld not installed, not opening email ports in firewall."
fi
# fail2ban
if [[ -d /etc/fail2ban/ ]]; then
chmod 644 etc/fail2ban/*/*.conf
cp -a etc/fail2ban/* /etc/fail2ban/
2024-06-14 16:05:30 -07:00
if [ $os_codename = bookworm ]; then
echo "backend = systemd" >> /etc/fail2ban/jail.d/dovecot.conf
elif [ $os_codename = jammy ]; then
echo "backend = auto" >> /etc/fail2ban/jail.d/dovecot.conf
echo "logpath = /var/log/mail.log tail" >> /etc/fail2ban/jail.d/dovecot.conf
fi
2022-11-16 16:50:46 -08:00
else
echo
echo "fail2ban not installed, skipping fail2ban email configs."
fi
2022-11-16 18:02:20 -08:00
2024-06-14 14:36:22 -07:00
sed -i '/^root/d' /etc/aliases
echo "webmaster@$maildomain" > /root/.forward
2024-03-27 13:27:53 -07:00
echo
echo "System emails are all configured to alias to root@$fqdn,"
echo "which in turn forwards to webmaster@$maildomain."
echo "Adjust /etc/aliases & /root/.forward as desired."