Postfix + Dovecot + Postgresql + Postfixadmin + Roundcube + Opendkim

01_postfix_installer.md

Postfix Installer

Following script may be used for configuring complete and secure email server on fresh install of Debian 9. It will probably work on other distributions using apt-get. After minor changes you'll be able to use it on other Linux distros.

What it does?

02_postfix.sh:

• Install Postfix and configure it with TLS support.
• Install Dovecot and configure it's transport on Postfix.
• Download, extract and correct permissions for Postfixadmin.
• Download, extract and correct permissions for Roundcube.

03_nginx.sh

This script is optional. It's intended to use only for nginx (I did not review this one from the fork).

04_opendkim.conf:

• Install opendkim packages.
• Configure opendkim for the given domain (prompt at the script).
• Set directories tree and files for the domain key at "/etc/opendkim/".
• The script can be used more than once, to configure new domains (warns will appear when needed).

What it doesn't?

• It does not configure automatically postfixadmin, neither virtualhosts on apache.
• It does not configure automatically roundcube, neither virtualhosts on apache.
• It does not set anything related to DNS, those must be set manually (but it warns about).
• It does not configure Apache in no way whatsoever.
• It does not mess or set anything related with DNS server configuration.

Usage

1. Run postfix.sh script.
2. Configure postgres to allow connections.
3. Configure postfix admin. Remember to set these:

$CONF['configured'] = true;
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'YES';
$CONF['database_type'] = 'pgsql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix_user';
$CONF['database_password'] = 'PASSWORD FROM INSTALLER SCRIPT';
$CONF['database_name'] = 'postfix_db';

4. Create domain and at least one user.
5. Configure roundcube. Set imap to port 993, host to: ssl://localhost. Set smtp to port 587, host to tls://localhost.
6. Ran and configure opendkim.sh to install opendkim and generate new keys for the given domain.

This is just a draft right now, it will be updated.

02_postfix.sh

#!/bin/bash

ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_YELLOW=$ESC_SEQ"33;01m"

if [ "$UID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

function error_check {
    if [ "$?" = "0" ]; then
        echo -e "$COL_GREEN OK. $COL_RESET"
    else
        echo -e "$COL_RED An error has occured. $COL_RESET"
        read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

        if [[ $key != "" ]]; then
            exit
        fi
    fi
}


echo "You are about to install and configure Postfix virtual system with imap support (via Dovecot)."
echo "This script was made for Debian 7, but was adapted for Debian 9 [25/07/2017]."

echo "Updating system"
apt-get update
apt-get upgrade

echo "Adding group:"
groupadd -g 5000 vmail
error_check

echo "Adding group:"
useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail
error_check

echo "Installing programs:"
apt-get install postfix dovecot-core dovecot-imapd ca-certificates postgresql postfix-pgsql dovecot-lmtpd dovecot-pgsql php7.0-ldap php7.0-fpm php7.0-imap php7.0-pgsql php7.0-mcrypt php7.0-intl php7.0-mbstring php7.0-xml
error_check

#echo "Preparing database:"

DBPASS=$(date | md5sum | head -c 32)
#CREATEUSER="CREATE USER postfix_user WITH PASSWORD '${DBPASS}';"
#CREATEDB="CREATE DATABASE postfix_db;"
#PERMISSDB="GRANT ALL PRIVILEGES ON DATABASE postfix_db TO postfix_user;"

#sudo -u postgres psql -c "${CREATEUSER}"
#error_check
#sudo -u postgres psql -c "${CREATEDB}"
#error_check
#sudo -u postgres psql -c "${PERMISSDB}"
#error_check

echo
echo "Please inform the main domain of your server, like 'example.com'"

read MAIN_DOMAIN

echo
echo "Please inform the Hostname of your machine like 'hostname.example.com'"
echo "It'll be needed to add an A entry for the hostname on the DNS zone"
echo

read HOST_NAME

echo "Creating postfix config files (/etc/postfix/main.cf):"
echo "myhostname = ${HOST_NAME}
mydomain = ${MAIN_DOMAIN}
mydestination = \$myhostname, localhost.\$mydomain, localhost
relay_domains =
virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = dovecot
local_recipient_maps = \$virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891 

smtp_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_sasl_local_domain = \$mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1
html_directory = /usr/share/doc/postfix/html
queue_directory = /var/spool/postfix
message_size_limit = 52428800" > /etc/postfix/main.cf
error_check

echo "Creating postfix config files \(/etc/postfix/master.cf\):"
echo "#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
  -o smtpd_milters=inet:127.0.0.1:8891
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about \${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
# To 'virtual' LDA:
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}
#
# To Dovecot LDA:
dovecot   unix  -       n       n       -       -       pipe                                                                    
   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f \${sender} -d \${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing \"lmtp\" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd=\"lmtpd -a\" listen=\"localhost:lmtp\" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m \${extension} \${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m \${extension} \${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  \${nexthop} \${user}

cleanup   unix  n       -       -       -       0       cleanup
subcleanup unix n       -       -       -       0       cleanup
 -o header_checks=regexp:/etc/postfix/submission_header_checks
" > /etc/postfix/master.cf
error_check

echo "Creating postfix config files (/etc/postfix/submission_header_checks):"
echo "/^Received:/ IGNORE
/^User-Agent:/ IGNORE" > /etc/postfix/submission_header_checks
error_check

echo "Creating postfix config files (/etc/postfix/virtual_alias_maps.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT goto FROM alias WHERE address='%s' AND active = true
" > /etc/postfix/virtual_alias_maps.cf
error_check

echo "Creating postfix config files (/etc/postfix/virtual_mailbox_domains.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
" > /etc/postfix/virtual_mailbox_domains.cf
error_check

echo "Creating postfix config files (/etc/postfix/virtual_mailbox_maps.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
" > /etc/postfix/virtual_mailbox_maps.cf
error_check

echo "Creating dovecot config files (/etc/dovecot/dovecot.conf):"
echo "protocols = imap
auth_mechanisms = plain
passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}
userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}
service auth {
    unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
    }
    user = root
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
ssl_cert = </etc/ssl/private/server.crt
ssl_key = </etc/ssl/private/server.key" > /etc/dovecot/dovecot.conf
error_check

echo "Creating dovecot config files (/etc/dovecot/dovecot-sql.conf):"
echo "driver = pgsql
connect = host=localhost dbname=postfix_db user=postfix_user password=${DBPASS}
default_pass_scheme = MD5-CRYPT
user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=',  quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as  userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
" > /etc/dovecot/dovecot-sql.conf
error_check

echo "Creating postmap:"
touch /etc/postfix/transport
postmap /etc/postfix/transport
error_check

read -p "Enter Postfix Admin and Roundcube installation path: " DOWNPATH

if [ ! -d ${DOWNPATH} ]; then
    mkdir -p ${DOWNPATH}
fi

echo "Checking if path is correct:"
cd ${DOWNPATH}
error_check

echo "Downloading postfixadmin:"
wget -O postfixadmin.tar.gz http://sourceforge.net/projects/postfixadmin/files/latest/download
error_check

echo "Unpacking postfixadmin:"
tar xvf postfixadmin.tar.gz -C ${DOWNPATH}
error_check
rm -rf postfixadmin.tar.gz
mv postfixadmin-* postfixadmin
mkdir postfixadmin/templates_c
chown debian: postfixadmin/templates_c

echo "Setting permissions:"
chmod -R 755 postfixadmin/templates_c
error_check

echo "Downloading roundcube:"
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.0/roundcubemail-1.3.0-complete.tar.gz
error_check

echo "Unpacking roundcube:"
tar xvf roundcubemail-1.3.0-complete.tar.gz -C ${DOWNPATH}
error_check

rm -rf roundcubemail-1.3.0-complete.tar.gz
mv roundcubemail-* mail

chown -R www-data: *
error_check


echo "Checking if php7.0-fpm is working:"
service php7.0-fpm restart
error_check

echo "Creating SSL certificate:"
cd /etc/ssl/private/
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
chmod 400 server.key
error_check

openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
chmod 444 server.crt
error_check

echo "Starting postfix daemon:"
/etc/init.d/postfix restart
error_check

echo "Starting dovecot daemon:"
/etc/init.d/dovecot restart
error_check

echo "Enabling services:"
update-rc.d postfix defaults
update-rc.d dovecot defaults
error_check


echo -e "$COL_GREEN Setup complete. $COL_RESET"
echo
echo "You should configure postfixadmin and roundcube."
echo "Use these settings:"
echo "database type: pgsql"
echo "database host: localhost"
echo "database user: postfix_user"
echo "database pass: ${DBPASS}"
echo "database name: postfix_db"
echo
echo "You must create the following database and user:"
echo
echo "USER: postfix_user"
echo "PASS: ${DBPASS}"
echo "DATABASE: postfix_db"
echo
echo "while in the postgres shell, you can create those with:"
echo "postgres# createuser -P postfix_user"
echo
echo "Past the password when it prompts"
echo
echo "postgres# createdb postfix_db -O postfix_user"
echo

03_nginx.sh

#!/bin/bash
# I use it on blank Debian installation to setup nginx with php support for simple tasks.

ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_YELLOW=$ESC_SEQ"33;01m"

if [ "$UID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

function error_check {
    if [ "$?" = "0" ]; then
        echo -e "$COL_GREEN OK. $COL_RESET"
    else
        echo -e "$COL_RED An error has occured. $COL_RESET"
        read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

        if [[ $key != "" ]]; then
            exit
        fi
    fi
}

echo "Updating system"
apt-get update
apt-get upgrade

apt-get install nginx php5-fpm
error_check

useradd -m -G users -s /bin/bash www
error_check

echo "server {
        root /home/www;
        index index.php index.html index.htm;

        location / {
                index index.php index.html index.htm;
                autoindex on;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }
}" > /etc/nginx/sites-available/default
error_check

/etc/init.d/nginx start
/etc/init.d/php5-fpm start

04_opendkim.sh

#!/bin/bash
# ------------------------------------------------------------------
# [Date: 28/07/2017]
# [Author: MarcelFox] 
# [email: contato@marcelfox.com]
#
#	Title: 'opendkim.sh'
#       The script configure the Opendkim for Debian 9 server,
#	but with a few modifications you'll be able to ran it 
#	on every Linux Distro. 
#
#	Does:
#		- Check previous configurations.
#		- Save backups of every configuration file before
#		  change it.
#		- Generate directories at '/etc/opendkim'.
#		- Generate new key for the given domain.
#		- Alerts for DNS and Postfix configurations.
#	
#	Don't:
#		- Does not configure your mail server.
#		- Does not check for integrity of the KeyFile,
#		  SingingTable files. It's important to check those.
#
#	Fixes, Contacts and Improvements are encouraged! =)
#
# ------------------------------------------------------------------


##
# Set selector variable as YYYYMMDD:
##

SELECTOR_VAR=$(date +%Y%m%d)



##
# Ask if it'll be needed to Download Opendkim packages:
##

echo
echo "Download and install OpenDKIM packages? (y/n):"

read var

if [ $var == "y" ] || [ $var == "Y" ]; then
    apt-get update
    apt-get install -y opendkim opendkim-tools
elif [ $var == "n" ] || [ $var == "N" ]; then
    echo
    echo "Skipping..."
    echo
else
    echo
    echo "Please inform only 'y' or 'n'!"
    echo
    exit
fi



##
# Check if the keys directory already exists:
##

if [ ! -d /etc/opendkim ]; then
    mkdir /etc/opendkim
else
    echo
    echo "It seems that an Opendkim configuration already exists. Continue? (y/n):"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
        echo "Ok!"
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo
	echo "Ok, I'm here if you need!"
	echo
	exit
    else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
    fi
fi


if [ -f /etc/opendkim.conf ]; then
    cp /etc/opendkim.conf /etc/opendkim.conf.saved.${SELECTOR_VAR}
    echo
    echo "I've saved the original conf file to '/etc/opendkim.conf.saved.${SELECTOR_VAR}'"
    echo
else
    echo
    echo "There's an issue with your Opendkim installation, check those and come back!"
    echo
    exit
fi



##
# Read the domain to generate the dkim:
##

echo
echo "Inform the domain, like 'example.com', in which you'll add the DKIM key:"

read DOMAIN_DKIM



##
# Checks the main configuration file:
##

grep -E 'KeyTable|SigningTable|ExternalIgnoreList|InternalHosts' /etc/opendkim.conf > /dev/null
#
# Stores the last command value, then continue:
#
LAST_CMD=$?

if [ $LAST_CMD == 1 ]; then

	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	echo "InternalHosts      /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
fi

if [ $LAST_CMD == 0 ]; then
    echo
    echo "I found those non-default settings on '/etc/opendkim.conf':"
    grep -E 'KeyTable|SigningTable|ExternalIgnoreList|InternalHosts' /etc/opendkim.conf
    echo
    echo "Do you want to comment these lines? (y/n):"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
	sed -i.bak '/KeyTable/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/SigningTable/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/ExternalIgnoreList/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/InternalHosts/ s/^/#/g' /etc/opendkim.conf
	
	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	echo "InternalHosts      /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	
    elif [ $var == "n" ] || [ $var == "N" ]; then	
	echo "Skipping..."
	echo "Be sure that your opendkim.conf has the following settings:"
	echo
	echo "KeyTable           /etc/opendkim/KeyTable"
	echo "SigningTable       /etc/opendkim/SigningTable"
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts"
	echo "InternalHosts      /etc/opendkim/TrustedHosts"
	echo
	
	sleep 1
	
    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
	exit
    fi
fi



##
# Check for SOCKET configurations:
##

cp /etc/default/opendkim /etc/default/opendkim.saved.${SELECTOR_VAR}

grep "SOCKET=inet" /etc/default/opendkim | grep -v "#" > /dev/null

if [ $? == 1 ]; then

    echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim

else
    
    echo
    echo "I've found non-default SOCKET configuration, check below:"

    grep "SOCKET=inet" /etc/default/opendkim | grep -v "#" 

    echo
    echo "The SOCKET section which this script uses is:"
    echo "SOCKET=inet:8891@localhost"
    echo
    echo "Do you want me to comment the line(s) and add my configuration? (y/n)"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
	sed -i.bak '/SOCKET=inet/ s/^/#/g' /etc/default/opendkim
	echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim
	echo "Ok!"
	echo
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo "Skipping..."
        sleep 1
    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
        exit
    fi
fi


##
# Do the Magik!
##

if [ -f /etc/opendkim/TrustedHosts ]; then
    cp /etc/opendkim/TrustedHosts /etc/opendkim/TrustedHosts.saved.${SELECTOR_VAR}
fi

echo "127.0.0.1
localhost
x.253.204.64
x.253.204.32/27" > /etc/opendkim/TrustedHosts



if [ ! -d /etc/opendkim/keys/${DOMAIN_DKIM} ]; then
    mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
    opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
    GENERATED=0
else
    echo
    echo "The key directory for ${DOMAIN_DKIM} exists."
    echo "Do you want me to generate a new key? (y/n)"
	
    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
	rm -rf /etc/opendkim/keys/${DOMAIN_DKIM}
	mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
        opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
	GENERATED=0
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo "Skipping..."
	GENERATED=1
        sleep 1
    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
        exit
    fi
fi


##
# Correct the key permission:
##

if [ $GENERATED == 0 ]; then

    chown opendkim:opendkim /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private

    if [ -f /etc/opendkim/KeyTable ]; then
    	cp /etc/opendkim/KeyTable /etc/opendkim/KeyTable.saved.${SELECTOR_VAR}
    fi

    echo "${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM} ${DOMAIN_DKIM}:${SELECTOR_VAR}:/etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private" >> /etc/opendkim/KeyTable



    if [ -f /etc/opendkim/SigningTable ]; then
        cp /etc/opendkim/SigningTable /etc/opendkim/SigningTable.saved.${SELECTOR_VAR}
    fi

    echo "${DOMAIN_DKIM} ${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM}" >> /etc/opendkim/SigningTable

fi

echo
echo "Please, check if the contents of the files KeyTable and SigningTable"
echo "do not have old or duplicate entries. They're located at /etc/opendkim"
echo


if [  $GENERATED == 0 ]; then

    echo
    echo "The selector for the ${DOMAIN_DKIM} is: ${SELECTOR_VAR}"
    echo
    echo "You should now add the following into ${DOMAIN_DKIM} DNS zone:"
    echo
    
    cat /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.txt
fi

echo
echo "Consider to implement Opendkim in your mailserver
you must do this or all of my effort will be useless"

if [ -d /etc/postfix ]; then
    echo
    echo "I've found Postfix!"
    echo
    
    echo "Check if you main.cf have those configurations:"
    echo
    echo "milter_default_action = accept"
    echo "milter_protocol = 2"
    echo "smtpd_milters = inet:localhost:8891"
    echo "non_smtpd_milters = inet:localhost:8891"

    echo
    echo "Check if your master.cf have the following line:"
    echo "  -o smtpd_milters=inet:127.0.0.1:8891"
    echo
    echo "below this line:"
    echo "smtp      inet  n       -       -       -       -       smtpd"
    echo
fi



##
# Validate Opendkim configuration and restart the service.
##

systemctl start opendkim
systemctl enable opendkim

echo "Please run manually the following commands:"
echo
echo "/lib/opendkim/opendkim.service.generate"
echo "systemctl daemon-reload"
echo "systemctl restart opendkim && systemctl restart postfix"
echo
echo "Opendkim is configured!"

Hi Fox,
I have a suggestion, check at the beginning of the script if the SO is Debian 9, if not, show a error message and exit to avoid mistakes.
Ty!

You're right Renan boy! I'll add this interaction for sure. Only Debian 9 give official support for PHP7 and it's modules (apache and so forth).

Hi Marcel.
I've used your scripts, they helped me a lot, thank you. But I found a couple of minor errors:
In 02_postfix.sh on line 111:
Actual:

html_directory = /usr/share/doc/postfix/html
queue_directory = /var/spool/postfix" > /etc/postfix/main.cf
message_size_limit = 52428800
error_check

Should be:

html_directory = /usr/share/doc/postfix/html
message_size_limit = 52428800
queue_directory = /var/spool/postfix" > /etc/postfix/main.cf
error_check

In 04_opendkim.sh on line 126:
Actual:

LAST_CMD=$?

if [ $LAST_CMD == 1]; then

	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf

Should be:

LAST_CMD=$?

if [ $LAST_CMD == 1 ]; then

	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf

Hi Marcel.
I've used your scripts, they helped me a lot, thank you. But I found a couple of minor errors:
In 02_postfix.sh on line 111:
Actual:

html_directory = /usr/share/doc/postfix/html
queue_directory = /var/spool/postfix" > /etc/postfix/main.cf
message_size_limit = 52428800
error_check

Should be:

html_directory = /usr/share/doc/postfix/html
message_size_limit = 52428800
queue_directory = /var/spool/postfix" > /etc/postfix/main.cf
error_check

In 04_opendkim.sh on line 126:
Actual:

LAST_CMD=$?

if [ $LAST_CMD == 1]; then

	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf

Should be:

LAST_CMD=$?

if [ $LAST_CMD == 1 ]; then

	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf

You're right! Thank you so much to inform about it, at this point I'm trying to improve this one. There's a lot of things there that can be improved, and we have to agree that this one is a hell of script for sure. It must be improved to have more functions isolated for further maintenance. Maybe, it'll be needed to change the whole structure of it! Maybe python? Maybe shell?

WARNING

I've been struggling again with this massive, primal slate script, and I've found some issues with the roundcube login. Some things have changed and dovecot have changed it's way for smtp athentication. I've managed to fix it after the installation process and I've found also this nice and up to date article:
https://www.vultr.com/docs/how-to-install-postfix-dovecot-and-roundcube-on-ubuntu-20-04