#!/bin/bash if [ "${EUID}" -ne 0 ]; then echo "This script must be run as root" exit fi # check for Ubuntu 20.04 if ! grep -q "Ubuntu 20.04" /etc/issue; then echo "This installer is only tested on Ubuntu 20.04. If you are on a" echo "different version of Ubuntu or a Debian/Debian based distro" echo "and want to try running this installer open this script and" echo "comment out the exit command below this line and re-run." exit fi # check if install is already in place if [ -f "/etc/vmail.conf" ] || [ -d "/var/vmail/" ]; then echo "vmail-stack is already installed, bailing out." exit fi # check for existing server software installs if [ -d "/etc/apache2/" ] || [ -d "/etc/php/" ] || [ -d "/etc/exim4/" ] || [ -d "/etc/spamassassin/" ] || [ -d "/etc/dovecot/" ]; then echo "One or more of the required server software packages are already" echo "installed. This script expects to be run on a new server install" echo "that does not have any mail server software installed yet. If you" echo "wish to proceed with the install anyway it is recommend to work" echo "through this install script manually running commands one line at" echo "a time as needed so as to not overwrite any existing configurations." echo "" echo "If you want to force the installer to run anyway simply comment out" echo "the exit command that appears immediately below this line and re-run." exit fi # install pwgen, used to create randmo passwords apt -y install pwgen # install mariadb (mysql) if [ ! -d "/etc/mysql/" ]; then MARIADBPWORD=`pwgen 12 1` apt -y install mariadb-client mariadb-server # record the initial root password echo "#[client]" > /root/.my.cnf echo "#password=$MARIADBPWORD" >> /root/.my.cnf echo '!include /etc/mysql/debian.cnf' >> /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPWORD');" sed -i "s|password = |password = $MARIADBPWORD|g" /etc/mysql/debian.cnf mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';" mysqladmin flush-privileges fi # create vmail user & db mysqladmin create vmail mysql vmail < vmail.sql VMAILPASS=`pwgen -1 12` mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';" mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';" mysqladmin flush-privileges # install apache if [ ! -d "/etc/apache2/" ]; then apt -y install apache2 fi # install php apt -y install php-fpm php-cli php-gd php-imagick php-imap php-intl php-mysql php-pspell php-zip # install mail server software apt -y install exim4-daemon-heavy spf-tools-perl spamassassin libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd # configure system users usermod -a -G ssl-cert Debian-exim useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail # configure vmail user .my.cnf for db access install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf echo "[client]" > /var/vmail/.my.cnf echo "host = localhost" >> /var/vmail/.my.cnf echo "database = vmail" >> /var/vmail/.my.cnf echo "user = vmail" >> /var/vmail/.my.cnf echo "password = $VMAILPASS" >> /var/vmail/.my.cnf echo "socket = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf # configure vmail dirs chmod 750 /var/vmail/ if [ ! -d "/etc/ssl/dkim" ]; then mkdir /etc/ssl/dkim fi chown Debian-exim:ssl-cert /etc/ssl/dkim chmod 750 /etc/ssl/dkim # spamassassin config sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin systemctl enable spamassassin.service cp etc/spamassassin/*.cf /etc/spamassassin/ sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf chown root:root /etc/spamassassin/local.cf chmod 644 /etc/spamassassin/local.cf chown debian-spamd:mail /etc/spamassassin/sql.cf chmod 640 /etc/spamassassin/sql.cf service spamassassin restart # exim config sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains cp etc/exim4/* /etc/exim4/ chmod 640 /etc/exim4/exim4.conf chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter chmod 640 /etc/exim4/autowhitelist.filter chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh chmod 640 /etc/exim4/return-resender.sh chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts chmod 640 /etc/exim4/skip_greylisting_hosts sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf service exim4 restart # dovecot config mkdir /etc/dovecot/sites.d cp -a etc/dovecot/* /etc/dovecot/ chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext chmod 640 /etc/dovecot/dovecot-sql.conf.ext sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext cp -a libexec/vmail-quota-warning.sh /usr/libexec/ chmod 750 /usr/libexec/vmail-quota-warning.sh chown dovecot:mail /usr/libexec/vmail-quota-warning.sh service dovecot restart chmod 755 bin/* cp bin/* /usr/local/bin/ # download and install roundcubemail cd /usr/local/src/ wget --continue --quiet https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz tar zxf roundcubemail-1.4.11-complete.tar.gz cd roundcubemail-1.4.11 pwd # config # change product_name as desired # change support_url # bin/initdb.sh # # # # set webmail password # sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/config/config.inc.php # sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/plugins/sauserprefs/config.inc.php # # # # notes about firewalls