#!/bin/bash if [ "${EUID}" -ne 0 ]; then echo "You must be root to run this installer." exit fi # check for Ubuntu 20.04 if ! grep -q "Ubuntu 22.04" /etc/issue; then echo "This installer is only tested on Ubuntu 22.04. If you are on a" echo "different version of Ubuntu or a Debian/Debian based distro" echo "and want to try running this installer open this script and" echo "comment out the exit command below this line and re-run." exit fi # check if install is already in place if [ -d "/var/vmail/" ]; then echo "vmail-stack is already installed, bailing out." exit fi # check for existing mail server software installs if [ -d "/etc/exim4/" ] || [ -d "/etc/dovecot/" ]; then echo "WARNING: Exim and/or Dovecot are already installed." echo "This installer will overwrite existing configurations." echo -e "You have five seconds to execute ctrl-c to cancel this install.\a" sleep 5 fi apt-get update # install pwgen, used to create random passwords DEBIAN_FRONTEND=noninteractive apt-get -y install pwgen # install mariadb (mysql) if [ ! -d "/etc/mysql/" ]; then MARIADBPWORD=`pwgen 12 1` DEBIAN_FRONTEND=noninteractive apt-get -y install mariadb-client mariadb-server # set unix_socket auth for root mysql -e "GRANT ALL ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION" # create nagios user for monitoring server status only mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';" mysqladmin flush-privileges fi # create vmail user & db mysqladmin create vmail mysql vmail < vmail.sql VMAILPASS=`pwgen -1 12` mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';" mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';" mysqladmin flush-privileges # install mail server software DEBIAN_FRONTEND=noninteractive apt-get -y install exim4-daemon-heavy spf-tools-perl spamassassin srs libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd # configure system users DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert usermod -a -G ssl-cert Debian-exim useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail # configure vmail user .my.cnf for db access install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf echo "[client]" > /var/vmail/.my.cnf echo "host = localhost" >> /var/vmail/.my.cnf echo "database = vmail" >> /var/vmail/.my.cnf echo "user = vmail" >> /var/vmail/.my.cnf echo "password = $VMAILPASS" >> /var/vmail/.my.cnf echo "socket = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf # configure vmail dirs chmod 750 /var/vmail/ if [ ! -d "/etc/ssl/dkim" ]; then mkdir /etc/ssl/dkim fi chown Debian-exim:ssl-cert /etc/ssl/dkim chmod 750 /etc/ssl/dkim # spamassassin config sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin cp etc/spamassassin/*.cf /etc/spamassassin/ sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf chown root:root /etc/spamassassin/local.cf chmod 644 /etc/spamassassin/local.cf chown debian-spamd:mail /etc/spamassassin/sql.cf chmod 640 /etc/spamassassin/sql.cf # create local systemd dir, used by srsd & vmail-cron if [[ ! -d /usr/local/lib/systemd/system ]]; then mkdir -p /usr/local/lib/systemd/system fi # srsd # bug fixes for libmail-srs-perl. still needed as of v0.31-6 on Ubuntu 22.04 sed -i 's|/tmp/srsd|/run/srsd/srsd.sock|' /usr/share/perl5/Mail/SRS/Daemon.pm sed -i '/Until we decide that forward/,+3d' /usr/share/perl5/Mail/SRS/Daemon.pm cp systemd/srsd.service /usr/local/lib/systemd/system/srsd.service chmod 644 /usr/local/lib/systemd/system/srsd.service systemctl daemon-reload systemctl enable srsd systemctl start srsd # exim config maildomain=`hostname -d` sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains cp etc/exim4/* /etc/exim4/ chmod 640 /etc/exim4/exim4.conf chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter chmod 640 /etc/exim4/autowhitelist.filter chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh chmod 640 /etc/exim4/return-resender.sh chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts chmod 640 /etc/exim4/skip_greylisting_hosts sed -i "s|example.com|$maildomain|g" /etc/exim4/skip_greylisting_hosts sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf sed -i "s|example.com|$maildomain|g" /etc/exim4/exim_local.conf touch /etc/exim4/srsd.secret chmod 640 /etc/exim4/srsd.secret chown Debian-exim:Debian-exim /etc/exim4/srsd.secret pwgen -N 1 -cny 64 > /etc/exim4/srsd.secret sed -i "s|^QUEUERUNNER.*|QUEUERUNNER='separate'|g" /etc/default/exim4 sed -i "s|^QUEUEINTERVAL.*|QUEUEINTERVAL='15m'|g" /etc/default/exim4 # dovecot config mkdir /etc/dovecot/sites.d cp -a etc/dovecot/* /etc/dovecot/ chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext chmod 640 /etc/dovecot/dovecot-sql.conf.ext sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext if ! [ -d "/usr/local/libexec" ]; then mkdir /usr/local/libexec fi cp libexec/vmail-quota-warning.sh /usr/local/libexec/ chmod 750 /usr/local/libexec/vmail-quota-warning.sh chown dovecot:mail /usr/local/libexec/vmail-quota-warning.sh # restart services systemctl enable spamassassin systemctl restart spamassassin systemctl restart exim4 systemctl restart dovecot chmod 755 bin/* cp bin/* /usr/local/bin/ # install & enable vmail systemd cron cp sbin/vmail-cron.sh /usr/local/sbin/ chmod 755 /usr/local/sbin/vmail-cron.sh cp systemd/vmail-cron.* /usr/local/lib/systemd/system/ chmod 644 /usr/local/lib/systemd/system/vmail-cron.* systemctl enable vmail-cron.timer systemctl start vmail-cron.timer # notes about firewalls