From 376250b9b713976ca80ed719ec1728e926062d76 Mon Sep 17 00:00:00 2001 From: Matthew Saunders Brown Date: Tue, 30 Mar 2021 15:50:31 -0700 Subject: [PATCH] initial install.sh script --- install.sh | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100755 install.sh diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..ae023b4 --- /dev/null +++ b/install.sh @@ -0,0 +1,150 @@ +#!/bin/bash + +if [ "${EUID}" -ne 0 ]; then + echo "This script must be run as root" + exit +fi + +# check for Ubuntu 20.04 +if ! grep -q "Ubuntu 20.04" /etc/issue; then + echo "This installer is only tested on Ubuntu 20.04. If you are on a" + echo "different version of Ubuntu or a Debian/Debian based distro" + echo "and want to try running this installer open this script and" + echo "comment out the exit command below this line and re-run." + exit +fi + +# check if install is already in place +if [ -f "/etc/vmail.conf" ] || [ -d "/var/vmail/" ]; then + echo "vmail-stack is already installed, bailing out." + exit +fi + +# check for existing server software installs +if [ -d "/etc/apache2/" ] || [ -d "/etc/php/" ] || [ -d "/etc/exim4/" ] || [ -d "/etc/spamassassin/" ] || [ -d "/etc/dovecot/" ]; then + echo "One or more of the required server software packages are already" + echo "installed. This script expects to be run on a new server install" + echo "that does not have any mail server software installed yet. If you" + echo "wish to proceed with the install anyway it is recommend to work" + echo "through this install script manually running commands one line at" + echo "a time as needed so as to not overwrite any existing configurations." + echo "" + echo "If you want to force the installer to run anyway simply comment out" + echo "the exit command that appears immediately below this line and re-run." + exit +fi + +# install pwgen, used to create randmo passwords +apt -y install pwgen + +# install mariadb (mysql) +if [ ! -d "/etc/mysql/" ]; then + + MARIADBPWORD=`pwgen 12 1` + apt -y install mariadb-client mariadb-server + # record the initial root password + echo "#[client]" > /root/.my.cnf + echo "#password=$MARIADBPWORD" >> /root/.my.cnf + echo '!include /etc/mysql/debian.cnf' >> /root/.my.cnf + chmod 600 /root/.my.cnf + mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPWORD');" + sed -i "s|password = |password = $MARIADBPWORD|g" /etc/mysql/debian.cnf + mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';" + mysqladmin flush-privileges + +fi + +# create vmail user & db +mysqladmin create vmail +mysql vmail < vmail.sql +VMAILPASS=`pwgen -1 12` +mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';" +mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';" +mysqladmin flush-privileges + +# install apache +if [ ! -d "/etc/apache2/" ]; then + apt -y install apache2 +fi + +# install php +apt -y install php-fpm php-cli php-gd php-imagick php-imap php-intl php-mysql php-pspell php-zip + +# install mail server software +apt -y install exim4-daemon-heavy spf-tools-perl spamassassin libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd + +# configure system users +usermod -a -G ssl-cert Debian-exim +useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail + +# configure vmail dirs +chmod 750 /var/vmail/ +if [ ! -d "/etc/ssl/dkim" ]; then + mkdir /etc/ssl/dkim +fi +chown Debian-exim:ssl-cert /etc/ssl/dkim +chmod 750 /etc/ssl/dkim + +# spamassassin config +sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql +sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql +sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql +mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql +sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin +sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin +systemctl enable spamassassin.service +cp etc/spamassassin/*.cf /etc/spamassassin/ +sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf +chown root:root /etc/spamassassin/local.cf +chmod 644 /etc/spamassassin/local.cf +chown debian-spamd:mail /etc/spamassassin/sql.cf +chmod 640 /etc/spamassassin/sql.cf +service spamassassin restart + +# exim config +sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog +install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains +cp etc/exim4/* /etc/exim4/ +chmod 640 /etc/exim4/exim4.conf +chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter +chmod 640 /etc/exim4/autowhitelist.filter +chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh +chmod 640 /etc/exim4/return-resender.sh +chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts +chmod 640 /etc/exim4/skip_greylisting_hosts +sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf +service exim4 restart + +# dovecot config +mkdir /etc/dovecot/sites.d +cp -a etc/dovecot/* /etc/dovecot/ +chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext +chmod 640 /etc/dovecot/dovecot-sql.conf.ext +sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext +cp -a libexec/vmail-quota-warning.sh /usr/libexec/ +chmod 750 /usr/libexec/vmail-quota-warning.sh +chown dovecot:mail /usr/libexec/vmail-quota-warning.sh +service dovecot restart + +chmod 755 bin/* +cp bin/* /usr/local/bin/ + +# download and install roundcubemail +cd /usr/local/src/ +wget --continue --quiet https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz +tar zxf roundcubemail-1.4.11-complete.tar.gz +cd roundcubemail-1.4.11 +pwd +# config +# change product_name as desired +# change support_url +# bin/initdb.sh +# +# +# # set webmail password +# sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/config/config.inc.php +# sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/plugins/sauserprefs/config.inc.php +# +# +# +# notes about firewalls