mmv

mmv (5573B)

---

 #!/bin/sh
 
 domain=$1
 maildom="mail.$domain"
 failed="false"
 
 replace() { \
 sed "s/<domain>/$domain/g;s/<maildom>/$maildom/g" $1
 }
 
 success() { \
     echo "\033[1;32m========================================================================"
     echo "$@"
     echo "========================================================================\033[0m"
 }
 
 failure() { \
     echo "\033[1;31m========================================================================"
     echo "$@"
     echo "========================================================================\033[0m"
     failed="true"
 }
 
 # first use?
 if [ ! -f /etc/mail/maindom ]; then
 
 #
 # register domain
 #
 
 echo "$domain" > /etc/mail/maindom &&
 echo "$domain" >> /etc/mail/domains &&
 success "Setting up email for the first time"
 
 #
 # install required software
 #
 
 pkg_add -u &&
 pkg_add -I opensmtpd-extras opensmtpd-filter-rspamd dovecot \
     dovecot-pigeonhole rspamd-- redis tor &&
 
 success "Installed required software" ||
 failure "Failed to install required software"
 
 #
 # certs
 #
 
 replace files/acme-client.conf >> /etc/acme-client.conf &&
 
 replace files/httpd.conf >> /etc/httpd.conf &&
 
 rcctl enable httpd &&
 rcctl start httpd &&
 
 acme-client -v $maildom &&
 
 replace files/daily.local >> /etc/daily.local &&
 
 success "Created and signed tls certificates (letsencrypt)" ||
 failure "Failed to sign tls certificates (letsencrypt)"
 
 #
 # vmail user & authentication
 #
 
 touch /etc/mail/credentials &&
 chmod 0440 /etc/mail/credentials &&
 chown _smtpd:_dovecot /etc/mail/credentials &&
 useradd -c "Virtual Mail Account" -d /var/vmail -s /sbin/nologin \
     -u 2000 -g =uid -L staff vmail &&
 mkdir -p /var/vmail &&
 chown vmail:vmail /var/vmail &&
 
 replace files/virtuals >> /etc/mail/virtuals &&
 
 success "Created vmail user & authentication file" ||
 failure "Failed to createvmail user & authentication file"
 
 #
 # smtpd
 #
 
 replace files/smtpd.conf > /etc/mail/smtpd.conf &&
 
 cp files/madduser /usr/local/bin/ &&
 cp files/mdeluser /usr/local/bin/ &&
 cp files/mpasswd /usr/local/bin/ &&
 
 rcctl restart smtpd &&
 
 success "Configured OpenSMTPD" ||
 failure "Failed to configure OpenSMTPD"
 
 #
 # dovecot
 #
 
 echo "dovecot:\\
         :openfiles-cur=1024:\\
         :openfiles-max=2048:\\
         :tc=daemon:
 " >> /etc/login.conf &&
 
 replace files/local.conf > /etc/dovecot/local.conf &&
 
 sed "s/^ssl_cert/#ssl_cert/;s/^ssl_key/#ssl_key/" \
 	/etc/dovecot/conf.d/10-ssl.conf > tempfile &&
 mv tempfile /etc/dovecot/conf.d/10-ssl.conf &&
 
 # setup training rspamd from email moving in and out of the Junk folder
 
 mkdir -p /usr/local/lib/dovecot/sieve &&
 cp files/report-ham.sieve /usr/local/lib/dovecot/sieve &&
 cp files/report-spam.sieve /usr/local/lib/dovecot/sieve &&
 sievec /usr/local/lib/dovecot/sieve/report-ham.sieve &&
 sievec /usr/local/lib/dovecot/sieve/report-spam.sieve &&
 
 cp files/sa-learn-ham.sh /usr/local/lib/dovecot/sieve/ &&
 cp files/sa-learn-spam.sh /usr/local/lib/dovecot/sieve/ &&
 chmod 0755 /usr/local/lib/dovecot/sieve/sa-learn-ham.sh &&
 chmod 0755 /usr/local/lib/dovecot/sieve/sa-learn-spam.sh &&
 
 rcctl enable dovecot &&
 rcctl start dovecot &&
 
 success "Configured Dovecot" ||
 failure "Failed to configure Dovecot"
 
 #
 # rspamd
 #
 
 mkdir -p /etc/mail/dkim &&
 openssl genrsa -out /etc/mail/dkim/$domain.key 1024 &&
 openssl rsa -in /etc/mail/dkim/$domain.key \
 	    -pubout -out /etc/mail/dkim/public.key &&
 chmod 0440 /etc/mail/dkim/$domain.key &&
 chown root:_rspamd /etc/mail/dkim/$domain.key &&
 
 replace files/dkim_signing.conf > /etc/rspamd/local.d/dkim_signing.conf &&
 
 rcctl enable redis rspamd &&
 rcctl start redis rspamd &&
 rcctl restart smtpd &&
 
 success "Configured rspamd" ||
 failure "Failed to configure rspamd"
 
 #
 # tor hidden service
 #
 
 patch /etc/tor/torrc files/torrc.diff &&
 
 rcctl enable tor &&
 rcctl start tor &&
 
 success "Configured tor, see address from /etc/mail/hidden-service/hostname" ||
 failure "Failed to configure tor"
 
 #
 # dns
 #
 
 pub_key=$(grep -v -e "---" /etc/mail/dkim/public.key | tr -d '\n' ) &&
 mkdir -p /etc/mail/dns/$domain &&
 echo "mail._domainkey.$domain. IN TXT \"v=DKIM1;k=rsa;p=$pub_key\"" > /etc/mail/dns/$domain/dkim &&
 echo "$domain. IN TXT \"v=spf1 mx -all\"" > /etc/mail/dns/$domain/spf &&
 echo "_dmarc.$domain. IN TXT \"v=DMARC1;p=quarantine;pct=100;ruf=mailto:postmaster@$domain\"" > /etc/mail/dns/$domain/dmarc &&
 echo "$domain. IN MX 0 $maildom." > /etc/mail/dns/$domain/mx &&
 success "Wrote relevant dns records in /etc/mail/dns/$domain/" ||
 failure "Failed to write relevant dns records in /etc/mail/dns/$domain/"
 
 #
 # setup admin account
 #
 
 # TODO: does .forward work with virtual users?
 
 success \
 "The creation of an admin account is required for this setup! Email to
 it can be forwarded to an email address written in:
 /var/vmail/$domain/admin/.forward
 Choose a password for the \"admin\" user." &&
 
 madduser admin@$domain
 
 else
 
 #
 # register domain
 #
 
 echo "$domain" >> /etc/mail/domains
 success "Adding domain $domain to existing setup"
 
 #
 # dns
 #
 
 maindom="$(cat /etc/mail/maindom)"
 
 mkdir /etc/mail/dns/$domain
 echo "$domain. IN MX 0 mail.$maindom." > /etc/mail/dns/$domain/mx &&
 echo "$domain. IN TXT \"v=spf1 mx -all\"" > /etc/mail/dns/$domain/spf &&
 echo "_dmarc.$domain. IN TXT \"v=DMARC1;p=quarantine;pct=100;ruf=mailto:postmaster@$maindom\"" > /etc/mail/dns/$domain/dmarc &&
 success "Wrote relevant dns records in /etc/mail/dns/$domain/" ||
 failure "Failed to write relevant dns records in /etc/mail/dns/$domain/"
 
 fi
 
 #
 # final status
 #
 
 [ $failed = "false" ] &&
 success "Done!" ||
 failure "Installation incomplete, check the errors and correct them!"