#!/bin/bash if [ "${EUID}" -ne 0 ]; then echo "You must be root to run this installer." exit fi # check for Ubuntu 20.04 if ! grep -q "Ubuntu 20.04" /etc/issue; then echo "This installer is only tested on Ubuntu 20.04. If you are on a" echo "different version of Ubuntu or a Debian/Debian based distro" echo "and want to try running this installer open this script and" echo "comment out the exit command below this line and re-run." exit fi # check if install is already in place if [ -d "/var/vmail/" ]; then echo "vmail-stack is already installed, bailing out." exit fi # check for existing mail server software installs if [ -d "/etc/exim4/" ] || [ -d "/etc/dovecot/" ]; then echo "WARNING: Exim and/or Dovecot are already installed." echo "This installer will overwrite existing configurations." echo -e "You have five seconds to execute ctrl-c to cancel this install.\a" sleep 5 fi apt-get update # install pwgen, used to create random passwords apt -y install pwgen # install mariadb (mysql) if [ ! -d "/etc/mysql/" ]; then MARIADBPWORD=`pwgen 12 1` apt -y install mariadb-client mariadb-server # record the initial root password echo "#[client]" > /root/.my.cnf echo "#password=$MARIADBPWORD" >> /root/.my.cnf echo '!include /etc/mysql/debian.cnf' >> /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPWORD');" sed -i "s|password = |password = $MARIADBPWORD|g" /etc/mysql/debian.cnf mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';" mysqladmin flush-privileges fi # create vmail user & db mysqladmin create vmail mysql vmail < vmail.sql VMAILPASS=`pwgen -1 12` mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';" mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';" mysqladmin flush-privileges # install mail server software apt -y install exim4-daemon-heavy spf-tools-perl spamassassin libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd # configure system users apt -y install ssl-cert usermod -a -G ssl-cert Debian-exim useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail # configure vmail user .my.cnf for db access install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf echo "[client]" > /var/vmail/.my.cnf echo "host = localhost" >> /var/vmail/.my.cnf echo "database = vmail" >> /var/vmail/.my.cnf echo "user = vmail" >> /var/vmail/.my.cnf echo "password = $VMAILPASS" >> /var/vmail/.my.cnf echo "socket = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf # configure vmail dirs chmod 750 /var/vmail/ if [ ! -d "/etc/ssl/dkim" ]; then mkdir /etc/ssl/dkim fi chown Debian-exim:ssl-cert /etc/ssl/dkim chmod 750 /etc/ssl/dkim # spamassassin config sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin cp etc/spamassassin/*.cf /etc/spamassassin/ sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf chown root:root /etc/spamassassin/local.cf chmod 644 /etc/spamassassin/local.cf chown debian-spamd:mail /etc/spamassassin/sql.cf chmod 640 /etc/spamassassin/sql.cf # exim config sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains cp etc/exim4/* /etc/exim4/ chmod 640 /etc/exim4/exim4.conf chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter chmod 640 /etc/exim4/autowhitelist.filter chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh chmod 640 /etc/exim4/return-resender.sh chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts chmod 640 /etc/exim4/skip_greylisting_hosts sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf # dovecot config mkdir /etc/dovecot/sites.d cp -a etc/dovecot/* /etc/dovecot/ chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext chmod 640 /etc/dovecot/dovecot-sql.conf.ext sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext if ! [ -d "/usr/local/libexec" ]; then mkdir /usr/local/libexec fi cp libexec/vmail-quota-warning.sh /usr/local/libexec/ chmod 750 /usr/local/libexec/vmail-quota-warning.sh chown dovecot:mail /usr/local/libexec/vmail-quota-warning.sh # restart services systemctl enable spamassassin systemctl restart spamassassin systemctl restart exim4 systemctl restart dovecot chmod 755 bin/* cp bin/* /usr/local/bin/ # install & enable vmail systemd cron cp sbin/vmail-cron.sh /usr/local/sbin/ chmod 755 /usr/local/sbin/vmail-cron.sh cp systemd/vmail-cron.* /usr/lib/systemd/system/ chmod 644 /usr/lib/systemd/system/vmail-cron.* systemctl daemon-reload systemctl start vmail-cron.timer chmod 755 sbin/* cp sbin/* /usr/local/sbin/ # download and install roundcubemail # cd /usr/local/src/ # wget --continue --quiet https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz # tar zxf roundcubemail-1.4.11-complete.tar.gz # cd roundcubemail-1.4.11 # pwd # apache_document_root=`apachectl -t -D DUMP_RUN_CFG|grep DocumentRoot|cut -d \" -f 2` # config # change product_name as desired # change support_url # bin/initdb.sh # # # # set webmail password # sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/config/config.inc.php # sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/plugins/sauserprefs/config.inc.php # # # # notes about firewalls