#!/bin/bash if [ "${EUID}" -ne 0 ]; then echo "This script must be run as root" exit fi # check for Ubuntu 20.04 if ! grep -q "Ubuntu 20.04" /etc/issue; then echo "This installer is only tested on Ubuntu 20.04. If you are on a" echo "different version of Ubuntu or a Debian/Debian based distro" echo "and want to try running this installer open this script and" echo "comment out the exit command below this line and re-run." exit fi # check if install is already in place if [ -f "/etc/vmail.conf" ] || [ -d "/var/vmail/" ]; then echo "vmail-stack is already installed, bailing out." exit fi # check for existing mail server software installs if [ -d "/etc/exim4/" ] || [ -d "/etc/dovecot/" ]; then echo "WARNING: Exim and/or Dovecot are already installed." echo "This installer will overwrite existing configurations." echo -e "You have five seconds to execute ctrl-c to cancel this install.\a" sleep 5 fi # install pwgen, used to create randmo passwords apt -y install pwgen # install mariadb (mysql) if [ ! -d "/etc/mysql/" ]; then MARIADBPWORD=`pwgen 12 1` apt -y install mariadb-client mariadb-server # record the initial root password echo "#[client]" > /root/.my.cnf echo "#password=$MARIADBPWORD" >> /root/.my.cnf echo '!include /etc/mysql/debian.cnf' >> /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPWORD');" sed -i "s|password = |password = $MARIADBPWORD|g" /etc/mysql/debian.cnf mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';" mysqladmin flush-privileges fi # create vmail user & db mysqladmin create vmail mysql vmail < vmail.sql VMAILPASS=`pwgen -1 12` mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';" mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';" mysqladmin flush-privileges # install apache if [ ! -d "/etc/apache2/" ]; then apt -y install apache2 fi cp etc/apache2/conf-available/vmail_macro.conf /etc/apache2/conf-available/vmail_macro.conf chmod 644 /etc/apache2/conf-available/vmail_macro.conf a2enmod macro a2enconf vmail_macro # install php apt -y install php-fpm php-cli php-gd php-imagick php-imap php-intl php-mysql php-pspell php-zip a2enconf php7.4-fpm sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini sed -i "s|pm = dynamic|pm = ondemand|g" /etc/php/7.4/fpm/pool.d/www.conf # install mail server software apt -y install exim4-daemon-heavy spf-tools-perl spamassassin libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd # configure system users usermod -a -G ssl-cert Debian-exim useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail # configure vmail user .my.cnf for db access install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf echo "[client]" > /var/vmail/.my.cnf echo "host = localhost" >> /var/vmail/.my.cnf echo "database = vmail" >> /var/vmail/.my.cnf echo "user = vmail" >> /var/vmail/.my.cnf echo "password = $VMAILPASS" >> /var/vmail/.my.cnf echo "socket = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf # configure vmail dirs chmod 750 /var/vmail/ if [ ! -d "/etc/ssl/dkim" ]; then mkdir /etc/ssl/dkim fi chown Debian-exim:ssl-cert /etc/ssl/dkim chmod 750 /etc/ssl/dkim # spamassassin config sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin cp etc/spamassassin/*.cf /etc/spamassassin/ sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf chown root:root /etc/spamassassin/local.cf chmod 644 /etc/spamassassin/local.cf chown debian-spamd:mail /etc/spamassassin/sql.cf chmod 640 /etc/spamassassin/sql.cf # exim config sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains cp etc/exim4/* /etc/exim4/ chmod 640 /etc/exim4/exim4.conf chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter chmod 640 /etc/exim4/autowhitelist.filter chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh chmod 640 /etc/exim4/return-resender.sh chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts chmod 640 /etc/exim4/skip_greylisting_hosts sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf # dovecot config mkdir /etc/dovecot/sites.d cp -a etc/dovecot/* /etc/dovecot/ chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext chmod 640 /etc/dovecot/dovecot-sql.conf.ext sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext cp -a libexec/vmail-quota-warning.sh /usr/libexec/ chmod 750 /usr/libexec/vmail-quota-warning.sh chown dovecot:mail /usr/libexec/vmail-quota-warning.sh # restart services systemctl enable spamassassin systemctl restart spamassassin systemctl restart exim4 systemctl restart php7.4-fpm systemctl restart apache2 systemctl restart dovecot chmod 755 bin/* cp bin/* /usr/local/bin/ # download and install roundcubemail cd /usr/local/src/ wget --continue --quiet https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz tar zxf roundcubemail-1.4.11-complete.tar.gz cd roundcubemail-1.4.11 pwd # apache_document_root=`apachectl -t -D DUMP_RUN_CFG|grep DocumentRoot|cut -d \" -f 2` # config # change product_name as desired # change support_url # bin/initdb.sh # # # # set webmail password # sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/config/config.inc.php # sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/plugins/sauserprefs/config.inc.php # # # # notes about firewalls