vmail-stack/install.sh

#!/bin/bash

if [ "${EUID}" -ne 0 ]; then
  echo "This script must be run as root"
  exit
fi

# check for Ubuntu 20.04
if ! grep -q "Ubuntu 20.04" /etc/issue; then
  echo "This installer is only tested on Ubuntu 20.04. If you are on a"
  echo "different version of Ubuntu or a Debian/Debian based distro"
  echo "and want to try running this installer open this script and"
  echo "comment out the exit command below this line and re-run."
  exit
fi

# check if install is already in place
if [ -f "/etc/vmail.conf" ] || [ -d "/var/vmail/" ]; then
  echo "vmail-stack is already installed, bailing out."
  exit
fi

# check for existing server software installs
if [ -d "/etc/apache2/" ] || [ -d "/etc/php/" ] || [ -d "/etc/exim4/" ] || [ -d "/etc/spamassassin/" ] || [ -d "/etc/dovecot/" ]; then
  echo "One or more of the required server software packages are already"
  echo "installed. This script expects to be run on a new server install"
  echo "that does not have any mail server software installed yet. If you"
  echo "wish to proceed with the install anyway it is recommend to work"
  echo "through this install script manually running commands one line at"
  echo "a time as needed so as to not overwrite any existing configurations."
  echo ""
  echo "If you want to force the installer to run anyway simply comment out"
  echo "the exit command that appears immediately below this line and re-run."
  exit
fi

# install pwgen, used to create randmo passwords
apt -y install pwgen

# install mariadb (mysql)
if [ ! -d "/etc/mysql/" ]; then

  MARIADBPWORD=`pwgen 12 1`
  apt -y install mariadb-client mariadb-server
  # record the initial root password
  echo "#[client]" > /root/.my.cnf
  echo "#password=$MARIADBPWORD" >> /root/.my.cnf
  echo '!include /etc/mysql/debian.cnf' >> /root/.my.cnf
  chmod 600 /root/.my.cnf
  mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPWORD');"
  sed -i "s|password = |password = $MARIADBPWORD|g" /etc/mysql/debian.cnf
  mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';"
  mysqladmin flush-privileges

fi

# create vmail user & db
mysqladmin create vmail
mysql vmail < vmail.sql
VMAILPASS=`pwgen -1 12`
mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';"
mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';"
mysqladmin flush-privileges

# install apache
if [ ! -d "/etc/apache2/" ]; then
  apt -y install apache2
fi

# install php
apt -y install php-fpm php-cli php-gd php-imagick php-imap php-intl php-mysql php-pspell php-zip

# install mail server software
apt -y install exim4-daemon-heavy spf-tools-perl spamassassin libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd

# configure system users
usermod -a -G ssl-cert Debian-exim
useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail

# configure vmail user .my.cnf for db access
install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf
echo "[client]" > /var/vmail/.my.cnf
echo "host     = localhost" >> /var/vmail/.my.cnf
echo "database = vmail" >> /var/vmail/.my.cnf
echo "user     = vmail" >> /var/vmail/.my.cnf
echo "password = $VMAILPASS" >> /var/vmail/.my.cnf
echo "socket   = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf

# configure vmail dirs
chmod 750 /var/vmail/
if [ ! -d "/etc/ssl/dkim" ]; then
  mkdir /etc/ssl/dkim
fi
chown Debian-exim:ssl-cert /etc/ssl/dkim
chmod 750 /etc/ssl/dkim

# spamassassin config
sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin
sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin
systemctl enable spamassassin.service
cp etc/spamassassin/*.cf /etc/spamassassin/
sed -i "s|user_scores_sql_password         password|user_scores_sql_password         $VMAILPASS|g" /etc/spamassassin/sql.cf
chown root:root /etc/spamassassin/local.cf
chmod 644 /etc/spamassassin/local.cf
chown debian-spamd:mail /etc/spamassassin/sql.cf
chmod 640 /etc/spamassassin/sql.cf
service spamassassin restart

# exim config
sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog
install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains
cp etc/exim4/* /etc/exim4/
chmod 640 /etc/exim4/exim4.conf
chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter
chmod 640 /etc/exim4/autowhitelist.filter
chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh
chmod 640 /etc/exim4/return-resender.sh
chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts
chmod 640 /etc/exim4/skip_greylisting_hosts
sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf
service exim4 restart

# dovecot config
mkdir /etc/dovecot/sites.d
cp -a etc/dovecot/* /etc/dovecot/
chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext
chmod 640 /etc/dovecot/dovecot-sql.conf.ext
sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext
cp -a libexec/vmail-quota-warning.sh /usr/libexec/
chmod 750 /usr/libexec/vmail-quota-warning.sh
chown dovecot:mail /usr/libexec/vmail-quota-warning.sh
service dovecot restart

chmod 755 bin/*
cp bin/* /usr/local/bin/

# download and install roundcubemail
cd /usr/local/src/
wget --continue --quiet https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz
tar zxf roundcubemail-1.4.11-complete.tar.gz
cd roundcubemail-1.4.11
pwd
# config
#   change product_name as desired
#   change support_url
# bin/initdb.sh
#
#
# # set webmail password
# sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/config/config.inc.php
# sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/plugins/sauserprefs/config.inc.php
#
#
#
# notes about firewalls
initial install.sh script 2021-03-30 15:50:31 -07:00			`#!/bin/bash`

			`if [ "${EUID}" -ne 0 ]; then`
			`echo "This script must be run as root"`
			`exit`
			`fi`

			`# check for Ubuntu 20.04`
			`if ! grep -q "Ubuntu 20.04" /etc/issue; then`
			`echo "This installer is only tested on Ubuntu 20.04. If you are on a"`
			`echo "different version of Ubuntu or a Debian/Debian based distro"`
			`echo "and want to try running this installer open this script and"`
			`echo "comment out the exit command below this line and re-run."`
			`exit`
			`fi`

			`# check if install is already in place`
			`if [ -f "/etc/vmail.conf" ] \|\| [ -d "/var/vmail/" ]; then`
			`echo "vmail-stack is already installed, bailing out."`
			`exit`
			`fi`

			`# check for existing server software installs`
			`if [ -d "/etc/apache2/" ] \|\| [ -d "/etc/php/" ] \|\| [ -d "/etc/exim4/" ] \|\| [ -d "/etc/spamassassin/" ] \|\| [ -d "/etc/dovecot/" ]; then`
			`echo "One or more of the required server software packages are already"`
			`echo "installed. This script expects to be run on a new server install"`
			`echo "that does not have any mail server software installed yet. If you"`
			`echo "wish to proceed with the install anyway it is recommend to work"`
			`echo "through this install script manually running commands one line at"`
			`echo "a time as needed so as to not overwrite any existing configurations."`
			`echo ""`
			`echo "If you want to force the installer to run anyway simply comment out"`
			`echo "the exit command that appears immediately below this line and re-run."`
			`exit`
			`fi`

			`# install pwgen, used to create randmo passwords`
			`apt -y install pwgen`

			`# install mariadb (mysql)`
			`if [ ! -d "/etc/mysql/" ]; then`

			MARIADBPWORD=`pwgen 12 1`
			`apt -y install mariadb-client mariadb-server`
			`# record the initial root password`
			`echo "#[client]" > /root/.my.cnf`
			`echo "#password=$MARIADBPWORD" >> /root/.my.cnf`
			`echo '!include /etc/mysql/debian.cnf' >> /root/.my.cnf`
			`chmod 600 /root/.my.cnf`
			`mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPWORD');"`
			`sed -i "s\|password = \|password = $MARIADBPWORD\|g" /etc/mysql/debian.cnf`
			`mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';"`
			`mysqladmin flush-privileges`

			`fi`

			`# create vmail user & db`
			`mysqladmin create vmail`
			`mysql vmail < vmail.sql`
			VMAILPASS=`pwgen -1 12`
			`mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';"`
			`mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';"`
			`mysqladmin flush-privileges`

			`# install apache`
			`if [ ! -d "/etc/apache2/" ]; then`
			`apt -y install apache2`
			`fi`

			`# install php`
			`apt -y install php-fpm php-cli php-gd php-imagick php-imap php-intl php-mysql php-pspell php-zip`

			`# install mail server software`
			`apt -y install exim4-daemon-heavy spf-tools-perl spamassassin libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd`

			`# configure system users`
			`usermod -a -G ssl-cert Debian-exim`
			`useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail`

vmail .my.cnf 2021-03-31 09:59:35 -07:00			`# configure vmail user .my.cnf for db access`
			`install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf`
			`echo "[client]" > /var/vmail/.my.cnf`
			`echo "host = localhost" >> /var/vmail/.my.cnf`
			`echo "database = vmail" >> /var/vmail/.my.cnf`
			`echo "user = vmail" >> /var/vmail/.my.cnf`
			`echo "password = $VMAILPASS" >> /var/vmail/.my.cnf`
			`echo "socket = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf`

initial install.sh script 2021-03-30 15:50:31 -07:00			`# configure vmail dirs`
			`chmod 750 /var/vmail/`
			`if [ ! -d "/etc/ssl/dkim" ]; then`
			`mkdir /etc/ssl/dkim`
			`fi`
			`chown Debian-exim:ssl-cert /etc/ssl/dkim`
			`chmod 750 /etc/ssl/dkim`

			`# spamassassin config`
			`sed -i "s\|userpref\|sa_userpref\|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql`
			`sed -i "s\|username varchar(100)\|username varchar(255)\|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql`
			`sed -i "s\|TYPE=MyISAM\|\|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql`
			`mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql`
			`sed -i 's\|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"\|OPTIONS="-x -q -v -u Debian-exim -m 5"\|g' /etc/default/spamassassin`
			`sed -i 's\|CRON=0\|CRON=1\|g' /etc/default/spamassassin`
			`systemctl enable spamassassin.service`
			`cp etc/spamassassin/*.cf /etc/spamassassin/`
			`sed -i "s\|user_scores_sql_password password\|user_scores_sql_password $VMAILPASS\|g" /etc/spamassassin/sql.cf`
			`chown root:root /etc/spamassassin/local.cf`
			`chmod 644 /etc/spamassassin/local.cf`
			`chown debian-spamd:mail /etc/spamassassin/sql.cf`
			`chmod 640 /etc/spamassassin/sql.cf`
			`service spamassassin restart`

			`# exim config`
			`sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog`
			`install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains`
			`cp etc/exim4/* /etc/exim4/`
			`chmod 640 /etc/exim4/exim4.conf`
			`chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter`
			`chmod 640 /etc/exim4/autowhitelist.filter`
			`chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh`
			`chmod 640 /etc/exim4/return-resender.sh`
			`chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts`
			`chmod 640 /etc/exim4/skip_greylisting_hosts`
			`sed -i "s\|password\|$VMAILPASS\|g" /etc/exim4/exim_local.conf`
			`service exim4 restart`

			`# dovecot config`
			`mkdir /etc/dovecot/sites.d`
			`cp -a etc/dovecot/* /etc/dovecot/`
			`chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext`
			`chmod 640 /etc/dovecot/dovecot-sql.conf.ext`
			`sed -i "s\|password=password\|password=$VMAILPASS\|g" /etc/dovecot/dovecot-sql.conf.ext`
			`cp -a libexec/vmail-quota-warning.sh /usr/libexec/`
			`chmod 750 /usr/libexec/vmail-quota-warning.sh`
			`chown dovecot:mail /usr/libexec/vmail-quota-warning.sh`
			`service dovecot restart`

			`chmod 755 bin/*`
			`cp bin/* /usr/local/bin/`

			`# download and install roundcubemail`
			`cd /usr/local/src/`
			`wget --continue --quiet https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz`
			`tar zxf roundcubemail-1.4.11-complete.tar.gz`
			`cd roundcubemail-1.4.11`
			`pwd`
			`# config`
			`# change product_name as desired`
			`# change support_url`
			`# bin/initdb.sh`
			`#`
			`#`
			`# # set webmail password`
			`# sed -i "s\|vmail:password@localhost\|vmail:$VMAILPASS@localhost\|g" /var/www/html/webmail/config/config.inc.php`
			`# sed -i "s\|vmail:password@localhost\|vmail:$VMAILPASS@localhost\|g" /var/www/html/webmail/plugins/sauserprefs/config.inc.php`
			`#`
			`#`
			`#`
			`# notes about firewalls`