msb/vmail-stack
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

drop Ubuntu support, install works for Debian 12 only

Browse Source
This commit is contained in:
Matthew Saunders Brown 2024-12-05 08:33:33 -08:00
parent e794e4d837
commit fe4ccf2c3e
4 changed files with 126 additions and 1289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1239
etc/exim4/exim4-jammy.conf
View File

File diff suppressed because it is too large Load Diff

0
etc/exim4/exim4-bookworm.conf → etc/exim4/exim4.conf
View File

103
install-mm3.sh Executable file
View File

@ -0,0 +1,103 @@
#!/bin/bash
if [ "${EUID}" -ne 0 ]; then
echo "You must be root to run this installer."
exit
fi
# check Debian 12 (bookworm)
os_codename=`lsb_release -cs`
if [[ $os_codename != bookworm ]]; then
echo "This installer only runs on Debian 12 (Bookworm), bailing out."
exit 1
fi
# Check for vmail-stack & vhost-stack installs
if [ ! -f "/usr/local/bin/vhost.sh" ] || [ ! -f "/usr/local/bin/vmail.sh" ]; then
echo "You must install vhost-stack & vmail-stack first."
exit 1
fi
FQDN=`hostname -f`
# install mailman3-full
apt -y install python3-pymysql python3-mysqldb
echo "mailman3 mailman3/database-type select mysql" | debconf-set-selections
echo "mailman3-web mailman3-web/database-type select mysql" | debconf-set-selections
echo "mailman3-web mailman3-web/superuser-mail string webmaster@$FQDN" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get -y install mailman3-full
systemctl stop mailman3.service
systemctl stop mailman3-web.service
# enable apache proxy_uwsgi_module for mailman3
a2enmod proxy_uwsgi
# Enable Mailman3 admin on default server hostname
sed -i "s|#Include /etc/mailman3/apache.conf|Include /etc/mailman3/apache.conf|g" /etc/apache2/sites-available/001-default-ssl.conf
# configure mailman-hyperkitty.cfg
sed -i "s|base_url: http://localhost/mailman3/hyperkitty/|base_url: https://$FQDN/mailman3/hyperkitty/|g" /etc/mailman3/mailman-hyperkitty.cfg
MAILMAN_ARCHIVER_KEY=`grep MAILMAN_ARCHIVER_KEY /etc/mailman3/mailman-web.py | cut -d ' ' -f 3 | xargs`
sed -i "s|SecretArchiverAPIKey|$MAILMAN_ARCHIVER_KEY|g" /etc/mailman3/mailman-hyperkitty.cfg
# configure mailman-web.py
TIMEZONE=`cat /etc/timezone`
IP=`ip route get 1.1.1.1| head -n 1 | cut -d ' ' -f 7`
sed -i "s|root@localhost|webmaster@$FQDN|g" /etc/mailman3/mailman-web.py
sed -i "s|MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')|MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1', '$IP')|g" /etc/mailman3/mailman-web.py
sed -i "s|'django_mailman3.lib.auth.fedora',|#'django_mailman3.lib.auth.fedora',|g" /etc/mailman3/mailman-web.py
sed -i 's|# SECURE_PROXY_SSL_HEADER =|SECURE_PROXY_SSL_HEADER =|g' /etc/mailman3/mailman-web.py
sed -i "s|TIME_ZONE =.*|TIME_ZONE = '$TIMEZONE'|g" /etc/mailman3/mailman-web.py
sed -i "s|localhost.local|$FQDN|g" /etc/mailman3/mailman-web.py
sed -i 's|postorius@{}|webmaster@{}|g' /etc/mailman3/mailman-web.py
sed -i 's|root@{}|webmaster@{}|g' /etc/mailman3/mailman-web.py
echo "" >> /etc/mailman3/mailman-web.py
echo "# fix retry must be larger than timeout error" >> /etc/mailman3/mailman-web.py
echo "Q_CLUSTER = {" >> /etc/mailman3/mailman-web.py
echo " 'timeout': 300," >> /etc/mailman3/mailman-web.py
echo " 'retry': 360," >> /etc/mailman3/mailman-web.py
echo " 'save_limit': 100," >> /etc/mailman3/mailman-web.py
echo " 'orm': 'default'," >> /etc/mailman3/mailman-web.py
echo " 'poll': 5," >> /etc/mailman3/mailman-web.py
echo "}" >> /etc/mailman3/mailman-web.py
echo "" >> /etc/mailman3/mailman-web.py
echo "# Default primary key field type to use, required to avoid mysql errors."
echo "DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'" >> /etc/mailman3/mailman-web.py
echo "" >> /etc/mailman3/mailman-web.py
echo "# Make DISPLAY NAME header based on virtualhost" >> /etc/mailman3/mailman-web.py
echo "SITE_ID = 0" >> /etc/mailman3/mailman-web.py
echo "" >> /etc/mailman3/mailman-web.py
echo "# Only show lists that match domain. Currently seems to only work for HyperKitty (archives)" >> /etc/mailman3/mailman-web.py
echo "FILTER_VHOST = True" >> /etc/mailman3/mailman-web.py
# configure mailman.cfg
sed -i "s|changeme@example.com|webmaster@$FQDN|g" /etc/mailman3/mailman.cfg
sed -i 's|noreply_address: noreply|noreply_address: webmaster|g' /etc/mailman3/mailman.cfg
sed -i 's|#incoming: mailman.mta.exim4.LMTP|incoming: mailman.mta.exim4.LMTP|g' /etc/mailman3/mailman.cfg
sed -i 's|incoming: mailman.mta.postfix.LMTP|#incoming: mailman.mta.postfix.LMTP|g' /etc/mailman3/mailman.cfg
sed -i 's|#configuration: python:mailman.config.exim4|configuration: python:mailman.config.exim4|g' /etc/mailman3/mailman.cfg
sed -i 's|configuration: python:mailman.config.postfix|#configuration: python:mailman.config.postfix|g' /etc/mailman3/mailman.cfg
echo "" >> /etc/mailman3/mailman.cfg
echo "# strip dkim, outgoing will be re-signed" >> /etc/mailman3/mailman.cfg
echo "remove_dkim_headers: yes" >> /etc/mailman3/mailman.cfg
echo "" >> /etc/mailman3/mailman.cfg
echo "[archiver.hyperkitty]" >> /etc/mailman3/mailman.cfg
echo "class: mailman_hyperkitty.Archiver" >> /etc/mailman3/mailman.cfg
echo "enable: yes" >> /etc/mailman3/mailman.cfg
echo "configuration: /etc/mailman3/mailman-hyperkitty.cfg" >> /etc/mailman3/mailman.cfg
# restart mailman3 services
systemctl start mailman3.service
systemctl start mailman3-web.service
systemctl reload apache2.service
echo ""
echo "To finish setting up Mailman3:"
echo "letsencrypt-certonly.sh -d $FQDN"
echo "a2ensite 001-default-ssl.conf"
echo "systemctl reload apache2"
echo "mailman-web createsuperuser"
echo "https://$FQDN/mailman3/admin"
echo " Sites -> change example.com to $FQDN"
echo "sed -i 's|SITE_ID = 1|SITE_ID = 0|g' /etc/mailman3/mailman-web.py"
echo "systemctl restart mailman3-web.service"

73
install.sh
View File

@ -5,10 +5,11 @@ if [ "${EUID}" -ne 0 ]; then
exit
fi
# check for Ubuntu 22.04 (jammy) or Debian 12 (bookworm)
os_codename=`lsb_release -cs`
if [ $os_codename != jammy ] && [ $os_codename != bookworm ]; then
echo "This installer only runs on Ubuntu 22.04 (jammy) or Debian 12 (Bookworm), bailing out."
# check for Debian 12 (bookworm)
os_id=`lsb_release -is`
os_release=`lsb_release -rs`
if [ $os_id != Debian ] || [ $os_release != 12 ]; then
echo "This installer only runs on Debian 12 (Bookworm), bailing out."
exit 1
fi
@ -91,38 +92,19 @@ sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql
sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamd
cp etc/spamassassin/*.cf /etc/spamassassin/
sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf
chown root:root /etc/spamassassin/local.cf
chmod 644 /etc/spamassassin/local.cf
chown Debian-exim:mail /etc/spamassassin/sql.cf
chmod 640 /etc/spamassassin/sql.cf
chown debian-spamd:mail /etc/spamassassin/sql.cf
if [ $os_codename = jammy ]; then
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u debian-spamd -g mail -m 5"|g' /etc/default/spamassassin
sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin
elif [ $os_codename = bookworm ]; then
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u debian-spamd -g mail -m 5"|g' /etc/default/spamd
systemctl enable spamassassin-maintenance.timer
systemctl start spamassassin-maintenance.timer
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
# create local systemd dir, used by srsd & vmail-cron
if [[ ! -d /usr/local/lib/systemd/system ]]; then
mkdir -p /usr/local/lib/systemd/system
fi
# srsd
# bug fixes for libmail-srs-perl. still needed as of v0.31-6 on Ubuntu 22.04
sed -i 's|/tmp/srsd|/run/srsd/srsd.sock|' /usr/share/perl5/Mail/SRS/Daemon.pm
sed -i '/Until we decide that forward/,+3d' /usr/share/perl5/Mail/SRS/Daemon.pm
cp systemd/srsd.service /usr/local/lib/systemd/system/srsd.service
chmod 644 /usr/local/lib/systemd/system/srsd.service
systemctl daemon-reload
systemctl enable srsd
systemctl start srsd
# exim config
fqdn=`hostname -f`
maildomain=`hostname -d`
@ -130,13 +112,6 @@ sed -i 's/nocreate/create 640 Debian-exim adm/g' /etc/logrotate.d/exim4-base
sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog
install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains
cp etc/exim4/* /etc/exim4/
if [ $os_codename = jammy ]; then
cp /etc/exim4/exim4-jammy.conf /etc/exim4/exim4.conf
elif [ $os_codename = bookworm ]; then
cp /etc/exim4/exim4-bookworm.conf /etc/exim4/exim4.conf
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
chmod 640 /etc/exim4/exim4.conf
chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter
chmod 640 /etc/exim4/autowhitelist.filter
@ -154,9 +129,17 @@ chown Debian-exim:Debian-exim /etc/exim4/srsd.secret
pwgen -N 1 64 > /etc/exim4/srsd.secret
sed -i "s|^QUEUERUNNER.*|QUEUERUNNER='separate'|g" /etc/default/exim4
sed -i "s|^QUEUEINTERVAL.*|QUEUEINTERVAL='15m'|g" /etc/default/exim4
if [[ ! -f /var/log/exim4/rejectlog ]]; then
install --owner=Debian-exim --group=adm --mode=640 /dev/null /var/log/exim4/rejectlog
fi
install --owner=Debian-exim --group=adm --mode=640 /dev/null /var/log/exim4/rejectlog
# srsd
# bug fixes for libmail-srs-perl. still needed as of v0.31-9 on Debian 12
sed -i 's|/tmp/srsd|/run/srsd/srsd.sock|' /usr/share/perl5/Mail/SRS/Daemon.pm
sed -i '/Until we decide that forward/,+3d' /usr/share/perl5/Mail/SRS/Daemon.pm
cp systemd/srsd.service /usr/local/lib/systemd/system/srsd.service
chmod 644 /usr/local/lib/systemd/system/srsd.service
systemctl daemon-reload
systemctl enable srsd
systemctl start srsd
# dovecot config
mkdir /etc/dovecot/sites.d
@ -172,15 +155,8 @@ chmod 750 /usr/local/libexec/vmail-quota-warning.sh
chown dovecot:mail /usr/local/libexec/vmail-quota-warning.sh
# restart services
if [ $os_codename = jammy ]; then
systemctl enable spamassassin
systemctl restart spamassassin
elif [ $os_codename = bookworm ]; then
systemctl enable spamd
systemctl restart spamd
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
systemctl enable spamd
systemctl restart spamd
systemctl restart exim4
systemctl restart dovecot
@ -220,12 +196,6 @@ fi
if [[ -d /etc/fail2ban/ ]]; then
chmod 644 etc/fail2ban/*/*.conf
cp -a etc/fail2ban/* /etc/fail2ban/
if [ $os_codename = bookworm ]; then
echo "backend = systemd" >> /etc/fail2ban/jail.d/dovecot.conf
elif [ $os_codename = jammy ]; then
echo "backend = auto" >> /etc/fail2ban/jail.d/dovecot.conf
echo "logpath = /var/log/mail.log tail" >> /etc/fail2ban/jail.d/dovecot.conf
fi
else
echo
echo "fail2ban not installed, skipping fail2ban email configs."
@ -237,3 +207,6 @@ echo
echo "System emails are all configured to alias to root@$fqdn,"
echo "which in turn forwards to webmaster@$maildomain."
echo "Adjust /etc/aliases & /root/.forward as desired."
echo
echo "To install the Mailman3 mailing list software run:"
echo "install-mm3.sh"