msb/vmail-stack
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ee02317ed5
vmail-stack/install.sh
Matthew Saunders Brown bccea8d987 simplify srsd.secret characters
2022-12-07 09:47:45 -08:00

203 lines
7.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
if [ "${EUID}" -ne 0 ]; then
echo "You must be root to run this installer."
exit
fi
# check for Ubuntu 20.04
if ! grep -q "Ubuntu 22.04" /etc/issue; then
echo "This installer is only tested on Ubuntu 22.04. If you are on a"
echo "different version of Ubuntu or a Debian/Debian based distro"
echo "and want to try running this installer open this script and"
echo "comment out the exit command below this line and re-run."
exit
fi
# check if install is already in place
if [ -d "/var/vmail/" ]; then
echo "vmail-stack is already installed, bailing out."
exit
fi
# check for existing mail server software installs
if [ -d "/etc/exim4/" ] || [ -d "/etc/dovecot/" ]; then
echo "WARNING: Exim and/or Dovecot are already installed."
echo "This installer will overwrite existing configurations."
echo -e "You have five seconds to execute ctrl-c to cancel this install.\a"
sleep 5
fi
apt-get update
# install pwgen, used to create random passwords
DEBIAN_FRONTEND=noninteractive apt-get -y install pwgen
# install mariadb (mysql)
if [ ! -d "/etc/mysql/" ]; then
MARIADBPWORD=`pwgen 12 1`
DEBIAN_FRONTEND=noninteractive apt-get -y install mariadb-client mariadb-server
# set unix_socket auth for root
mysql -e "GRANT ALL ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION"
# create nagios user for monitoring server status only
mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';"
mysqladmin flush-privileges
fi
# create vmail user & db
mysqladmin create vmail
mysql vmail < vmail.sql
VMAILPASS=`pwgen -1 12`
mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';"
mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';"
mysqladmin flush-privileges
# install mail server software
DEBIAN_FRONTEND=noninteractive apt-get -y install exim4-daemon-heavy spf-tools-perl spamassassin srs libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd mailutils
# configure system users
DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert
usermod -a -G ssl-cert Debian-exim
useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail
# configure vmail user .my.cnf for db access
install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf
echo "[client]" > /var/vmail/.my.cnf
echo "host = localhost" >> /var/vmail/.my.cnf
echo "user = vmail" >> /var/vmail/.my.cnf
echo "password = $VMAILPASS" >> /var/vmail/.my.cnf
echo "socket = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf
echo "[mysql]" >> /var/vmail/.my.cnf
echo "database = vmail" >> /var/vmail/.my.cnf
# configure vmail dirs
chmod 750 /var/vmail/
if [ ! -d "/etc/ssl/dkim" ]; then
mkdir /etc/ssl/dkim
fi
chown Debian-exim:ssl-cert /etc/ssl/dkim
chmod 750 /etc/ssl/dkim
# spamassassin config
sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin
sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin
cp etc/spamassassin/*.cf /etc/spamassassin/
sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf
chown root:root /etc/spamassassin/local.cf
chmod 644 /etc/spamassassin/local.cf
chown debian-spamd:mail /etc/spamassassin/sql.cf
chmod 640 /etc/spamassassin/sql.cf
# create local systemd dir, used by srsd & vmail-cron
if [[ ! -d /usr/local/lib/systemd/system ]]; then
mkdir -p /usr/local/lib/systemd/system
fi
# srsd
# bug fixes for libmail-srs-perl. still needed as of v0.31-6 on Ubuntu 22.04
sed -i 's|/tmp/srsd|/run/srsd/srsd.sock|' /usr/share/perl5/Mail/SRS/Daemon.pm
sed -i '/Until we decide that forward/,+3d' /usr/share/perl5/Mail/SRS/Daemon.pm
cp systemd/srsd.service /usr/local/lib/systemd/system/srsd.service
chmod 644 /usr/local/lib/systemd/system/srsd.service
systemctl daemon-reload
systemctl enable srsd
systemctl start srsd
# exim config
maildomain=`hostname -d`
sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog
install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains
cp etc/exim4/* /etc/exim4/
chmod 640 /etc/exim4/exim4.conf
chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter
chmod 640 /etc/exim4/autowhitelist.filter
chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh
chmod 640 /etc/exim4/return-resender.sh
chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts
chmod 640 /etc/exim4/skip_greylisting_hosts
sed -i "s|example.com|$maildomain|g" /etc/exim4/skip_greylisting_hosts
sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf
sed -i "s|example.com|$maildomain|g" /etc/exim4/exim_local.conf
touch /etc/exim4/srsd.secret
chmod 640 /etc/exim4/srsd.secret
chown Debian-exim:Debian-exim /etc/exim4/srsd.secret
pwgen -N 1 64 > /etc/exim4/srsd.secret
sed -i "s|^QUEUERUNNER.*|QUEUERUNNER='separate'|g" /etc/default/exim4
sed -i "s|^QUEUEINTERVAL.*|QUEUEINTERVAL='15m'|g" /etc/default/exim4
# dovecot config
mkdir /etc/dovecot/sites.d
cp -a etc/dovecot/* /etc/dovecot/
chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext
chmod 640 /etc/dovecot/dovecot-sql.conf.ext
sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext
if ! [ -d "/usr/local/libexec" ]; then
mkdir /usr/local/libexec
fi
cp libexec/vmail-quota-warning.sh /usr/local/libexec/
chmod 750 /usr/local/libexec/vmail-quota-warning.sh
chown dovecot:mail /usr/local/libexec/vmail-quota-warning.sh
# restart services
systemctl enable spamassassin
systemctl restart spamassassin
systemctl restart exim4
systemctl restart dovecot
chmod 755 bin/*
cp bin/* /usr/local/bin/
# install & enable vmail systemd cron
cp sbin/vmail-cron.sh /usr/local/sbin/
chmod 755 /usr/local/sbin/vmail-cron.sh
cp systemd/vmail-cron.* /usr/local/lib/systemd/system/
chmod 644 /usr/local/lib/systemd/system/vmail-cron.*
systemctl enable vmail-cron.timer
systemctl start vmail-cron.timer
# enable email ports in firewalld
if [[ -d /etc/firewalld/ ]]; then
firewall-cmd --permanent --zone=public --add-service=smtp
firewall-cmd --permanent --zone=public --add-service=smtp-submission
firewall-cmd --permanent --zone=public --add-service=smtps
firewall-cmd --permanent --zone=public --add-service=imap
firewall-cmd --permanent --zone=public --add-service=imaps
firewall-cmd --permanent --zone=public --add-service=pop3
firewall-cmd --permanent --zone=public --add-service=pop3s
firewall-cmd --zone=public --add-service=smtp
firewall-cmd --zone=public --add-service=smtp-submission
firewall-cmd --zone=public --add-service=smtps
firewall-cmd --zone=public --add-service=imap
firewall-cmd --zone=public --add-service=imaps
firewall-cmd --zone=public --add-service=pop3
firewall-cmd --zone=public --add-service=pop3s
else
echo
echo "firewalld not installed, not opening email ports in firewall."
fi
# fail2ban
if [[ -d /etc/fail2ban/ ]]; then
chmod 644 etc/fail2ban/*/*.conf
cp -a etc/fail2ban/* /etc/fail2ban/
sed -i "s|postmaster|postmaster@$maildomain|g" /etc/fail2ban/action.d/mail-ratelimit.conf
echo
echo "Fail2ban rate limit will email postmaster@$maildomain."
echo "Change postmaster@$maildomain in /etc/fail2ban/action.d/mail-ratelimit.conf to suit your needs."
else
echo
echo "fail2ban not installed, skipping fail2ban email configs."
fi
echo "root: webmaster@$maildomain" >> /etc/aliases
echo
echo "Email for root user notifications are configured to go to webmaster@$maildomain."
echo "Update /etc/aliases to suit your needs."
Reference in New Issue View Git Blame Copy Permalink