Skip to content

Instantly share code, notes, and snippets.

@alexted

alexted/01_postfix_installer.md

Forked from MarcelFox/01_postfix_installer.md
Created December 21, 2018 22:32
Show Gist options
  • Save alexted/97a7b1b9a4df25be516988131efe6a37 to your computer and use it in GitHub Desktop.
Save alexted/97a7b1b9a4df25be516988131efe6a37 to your computer and use it in GitHub Desktop.
Download ZIP
Postfix + Dovecot + Postgresql + Postfixadmin + Roundcube + Opendkim
Raw
01_postfix_installer.md

Postfix Installer

Following script may be used for configuring complete and secure email server on fresh install of Debian 9. It will probably work on other distributions using apt-get. After minor changes you'll be able to use it on other Linux distros.

What it does?

02_postfix.sh:

  • Install Postfix and configure it with TLS support.
  • Install Dovecot and configure it's transport on Postfix.
  • Download, extract and correct permissions for Postfixadmin.
  • Download, extract and correct permissions for Roundcube.

03_nginx.sh

This script is optional. It's intended to use only for nginx (I did not review this one from the fork).

04_opendkim.conf:

  • Install opendkim packages.
  • Configure opendkim for the given domain (prompt at the script).
  • Set directories tree and files for the domain key at "/etc/opendkim/".
  • The script can be used more than once, to configure new domains (warns will appear when needed).

What it doesn't?

  • It does not configure automatically postfixadmin, neither virtualhosts on apache.
  • It does not configure automatically roundcube, neither virtualhosts on apache.
  • It does not set anything related to DNS, those must be set manually (but it warns about).
  • It does not configure Apache in no way whatsoever.
  • It does not mess or set anything related with DNS server configuration.

Usage

  1. Run postfix.sh script.
  2. Configure postgres to allow connections.
  3. Configure postfix admin. Remember to set these:
$CONF['configured'] = true;
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'YES';
$CONF['database_type'] = 'pgsql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix_user';
$CONF['database_password'] = 'PASSWORD FROM INSTALLER SCRIPT';
$CONF['database_name'] = 'postfix_db';
  1. Create domain and at least one user.
  2. Configure roundcube. Set imap to port 993, host to: ssl://localhost. Set smtp to port 587, host to tls://localhost.
  3. Ran and configure opendkim.sh to install opendkim and generate new keys for the given domain.

This is just a draft right now, it will be updated.

Raw
02_postfix.sh
#!/bin/bash
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_YELLOW=$ESC_SEQ"33;01m"
if [ "$UID" -ne 0 ]
then echo "Please run as root"
exit
fi
function error_check {
if [ "$?" = "0" ]; then
echo -e "$COL_GREEN OK. $COL_RESET"
else
echo -e "$COL_RED An error has occured. $COL_RESET"
read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key
if [[ $key != "" ]]; then
exit
fi
fi
}
echo "You are about to install and configure Postfix virtual system with imap support (via Dovecot)."
echo "This script was made for Debian 7, but was adapted for Debian 9 [25/07/2017]."
echo "Updating system"
apt-get update
apt-get upgrade
echo "Adding group:"
groupadd -g 5000 vmail
error_check
echo "Adding group:"
useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail
error_check
echo "Installing programs:"
apt-get install postfix dovecot-core dovecot-imapd ca-certificates postgresql postfix-pgsql dovecot-lmtpd dovecot-pgsql php7.0-ldap php7.0-fpm php7.0-imap php7.0-pgsql php7.0-mcrypt php7.0-intl php7.0-mbstring php7.0-xml
error_check
#echo "Preparing database:"
DBPASS=$(date | md5sum | head -c 32)
#CREATEUSER="CREATE USER postfix_user WITH PASSWORD '${DBPASS}';"
#CREATEDB="CREATE DATABASE postfix_db;"
#PERMISSDB="GRANT ALL PRIVILEGES ON DATABASE postfix_db TO postfix_user;"
#sudo -u postgres psql -c "${CREATEUSER}"
#error_check
#sudo -u postgres psql -c "${CREATEDB}"
#error_check
#sudo -u postgres psql -c "${PERMISSDB}"
#error_check
echo
echo "Please inform the main domain of your server, like 'example.com'"
read MAIN_DOMAIN
echo
echo "Please inform the Hostname of your machine like 'hostname.example.com'"
echo "It'll be needed to add an A entry for the hostname on the DNS zone"
echo
read HOST_NAME
echo "Creating postfix config files (/etc/postfix/main.cf):"
echo "myhostname = ${HOST_NAME}
mydomain = ${MAIN_DOMAIN}
mydestination = \$myhostname, localhost.\$mydomain, localhost
relay_domains =
virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = dovecot
local_recipient_maps = \$virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtp_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_sasl_local_domain = \$mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1
html_directory = /usr/share/doc/postfix/html
queue_directory = /var/spool/postfix
message_size_limit = 52428800" > /etc/postfix/main.cf
error_check
echo "Creating postfix config files \(/etc/postfix/master.cf\):"
echo "#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
-o smtpd_milters=inet:127.0.0.1:8891
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about \${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
# To 'virtual' LDA:
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}
#
# To Dovecot LDA:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f \${sender} -d \${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing \"lmtp\" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd=\"lmtpd -a\" listen=\"localhost:lmtp\" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m \${extension} \${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m \${extension} \${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
\${nexthop} \${user}
cleanup unix n - - - 0 cleanup
subcleanup unix n - - - 0 cleanup
-o header_checks=regexp:/etc/postfix/submission_header_checks
" > /etc/postfix/master.cf
error_check
echo "Creating postfix config files (/etc/postfix/submission_header_checks):"
echo "/^Received:/ IGNORE
/^User-Agent:/ IGNORE" > /etc/postfix/submission_header_checks
error_check
echo "Creating postfix config files (/etc/postfix/virtual_alias_maps.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT goto FROM alias WHERE address='%s' AND active = true
" > /etc/postfix/virtual_alias_maps.cf
error_check
echo "Creating postfix config files (/etc/postfix/virtual_mailbox_domains.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
" > /etc/postfix/virtual_mailbox_domains.cf
error_check
echo "Creating postfix config files (/etc/postfix/virtual_mailbox_maps.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
" > /etc/postfix/virtual_mailbox_maps.cf
error_check
echo "Creating dovecot config files (/etc/dovecot/dovecot.conf):"
echo "protocols = imap
auth_mechanisms = plain
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
ssl_cert = </etc/ssl/private/server.crt
ssl_key = </etc/ssl/private/server.key" > /etc/dovecot/dovecot.conf
error_check
echo "Creating dovecot config files (/etc/dovecot/dovecot-sql.conf):"
echo "driver = pgsql
connect = host=localhost dbname=postfix_db user=postfix_user password=${DBPASS}
default_pass_scheme = MD5-CRYPT
user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
" > /etc/dovecot/dovecot-sql.conf
error_check
echo "Creating postmap:"
touch /etc/postfix/transport
postmap /etc/postfix/transport
error_check
read -p "Enter Postfix Admin and Roundcube installation path: " DOWNPATH
if [ ! -d ${DOWNPATH} ]; then
mkdir -p ${DOWNPATH}
fi
echo "Checking if path is correct:"
cd ${DOWNPATH}
error_check
echo "Downloading postfixadmin:"
wget -O postfixadmin.tar.gz http://sourceforge.net/projects/postfixadmin/files/latest/download
error_check
echo "Unpacking postfixadmin:"
tar xvf postfixadmin.tar.gz -C ${DOWNPATH}
error_check
rm -rf postfixadmin.tar.gz
mv postfixadmin-* postfixadmin
mkdir postfixadmin/templates_c
chown debian: postfixadmin/templates_c
echo "Setting permissions:"
chmod -R 755 postfixadmin/templates_c
error_check
echo "Downloading roundcube:"
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.0/roundcubemail-1.3.0-complete.tar.gz
error_check
echo "Unpacking roundcube:"
tar xvf roundcubemail-1.3.0-complete.tar.gz -C ${DOWNPATH}
error_check
rm -rf roundcubemail-1.3.0-complete.tar.gz
mv roundcubemail-* mail
chown -R www-data: *
error_check
echo "Checking if php7.0-fpm is working:"
service php7.0-fpm restart
error_check
echo "Creating SSL certificate:"
cd /etc/ssl/private/
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
chmod 400 server.key
error_check
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
chmod 444 server.crt
error_check
echo "Starting postfix daemon:"
/etc/init.d/postfix restart
error_check
echo "Starting dovecot daemon:"
/etc/init.d/dovecot restart
error_check
echo "Enabling services:"
update-rc.d postfix defaults
update-rc.d dovecot defaults
error_check
echo -e "$COL_GREEN Setup complete. $COL_RESET"
echo
echo "You should configure postfixadmin and roundcube."
echo "Use these settings:"
echo "database type: pgsql"
echo "database host: localhost"
echo "database user: postfix_user"
echo "database pass: ${DBPASS}"
echo "database name: postfix_db"
echo
echo "You must create the following database and user:"
echo
echo "USER: postfix_user"
echo "PASS: ${DBPASS}"
echo "DATABASE: postfix_db"
echo
echo "while in the postgres shell, you can create those with:"
echo "postgres# createuser -P postfix_user"
echo
echo "Past the password when it prompts"
echo
echo "postgres# createdb postfix_db -O postfix_user"
echo
Raw
03_nginx.sh
#!/bin/bash
# I use it on blank Debian installation to setup nginx with php support for simple tasks.
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_YELLOW=$ESC_SEQ"33;01m"
if [ "$UID" -ne 0 ]
then echo "Please run as root"
exit
fi
function error_check {
if [ "$?" = "0" ]; then
echo -e "$COL_GREEN OK. $COL_RESET"
else
echo -e "$COL_RED An error has occured. $COL_RESET"
read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key
if [[ $key != "" ]]; then
exit
fi
fi
}
echo "Updating system"
apt-get update
apt-get upgrade
apt-get install nginx php5-fpm
error_check
useradd -m -G users -s /bin/bash www
error_check
echo "server {
root /home/www;
index index.php index.html index.htm;
location / {
index index.php index.html index.htm;
autoindex on;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}" > /etc/nginx/sites-available/default
error_check
/etc/init.d/nginx start
/etc/init.d/php5-fpm start
Raw
04_opendkim.sh
#!/bin/bash
# ------------------------------------------------------------------
# [Date: 28/07/2017]
# [Author: MarcelFox]
# [email: contato@marcelfox.com]
#
# Title: 'opendkim.sh'
# The script configure the Opendkim for Debian 9 server,
# but with a few modifications you'll be able to ran it
# on every Linux Distro.
#
# Does:
# - Check previous configurations.
# - Save backups of every configuration file before
# change it.
# - Generate directories at '/etc/opendkim'.
# - Generate new key for the given domain.
# - Alerts for DNS and Postfix configurations.
#
# Don't:
# - Does not configure your mail server.
# - Does not check for integrity of the KeyFile,
# SingingTable files. It's important to check those.
#
# Fixes, Contacts and Improvements are encouraged! =)
#
# ------------------------------------------------------------------
##
# Set selector variable as YYYYMMDD:
##
SELECTOR_VAR=$(date +%Y%m%d)
##
# Ask if it'll be needed to Download Opendkim packages:
##
echo
echo "Download and install OpenDKIM packages? (y/n):"
read var
if [ $var == "y" ] || [ $var == "Y" ]; then
apt-get update
apt-get install -y opendkim opendkim-tools
elif [ $var == "n" ] || [ $var == "N" ]; then
echo
echo "Skipping..."
echo
else
echo
echo "Please inform only 'y' or 'n'!"
echo
exit
fi
##
# Check if the keys directory already exists:
##
if [ ! -d /etc/opendkim ]; then
mkdir /etc/opendkim
else
echo
echo "It seems that an Opendkim configuration already exists. Continue? (y/n):"
read var
if [ $var == "y" ] || [ $var == "Y" ]; then
echo "Ok!"
elif [ $var == "n" ] || [ $var == "N" ]; then
echo
echo "Ok, I'm here if you need!"
echo
exit
else
echo
echo "Please inform only 'y' or 'n'!"
echo
exit
fi
fi
if [ -f /etc/opendkim.conf ]; then
cp /etc/opendkim.conf /etc/opendkim.conf.saved.${SELECTOR_VAR}
echo
echo "I've saved the original conf file to '/etc/opendkim.conf.saved.${SELECTOR_VAR}'"
echo
else
echo
echo "There's an issue with your Opendkim installation, check those and come back!"
echo
exit
fi
##
# Read the domain to generate the dkim:
##
echo
echo "Inform the domain, like 'example.com', in which you'll add the DKIM key:"
read DOMAIN_DKIM
##
# Checks the main configuration file:
##
grep -E 'KeyTable|SigningTable|ExternalIgnoreList|InternalHosts' /etc/opendkim.conf > /dev/null
#
# Stores the last command value, then continue:
#
LAST_CMD=$?
if [ $LAST_CMD == 1 ]; then
echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim.conf
echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim.conf
echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
fi
if [ $LAST_CMD == 0 ]; then
echo
echo "I found those non-default settings on '/etc/opendkim.conf':"
grep -E 'KeyTable|SigningTable|ExternalIgnoreList|InternalHosts' /etc/opendkim.conf
echo
echo "Do you want to comment these lines? (y/n):"
read var
if [ $var == "y" ] || [ $var == "Y" ]; then
sed -i.bak '/KeyTable/ s/^/#/g' /etc/opendkim.conf
sed -i.bak '/SigningTable/ s/^/#/g' /etc/opendkim.conf
sed -i.bak '/ExternalIgnoreList/ s/^/#/g' /etc/opendkim.conf
sed -i.bak '/InternalHosts/ s/^/#/g' /etc/opendkim.conf
echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim.conf
echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim.conf
echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
elif [ $var == "n" ] || [ $var == "N" ]; then
echo "Skipping..."
echo "Be sure that your opendkim.conf has the following settings:"
echo
echo "KeyTable /etc/opendkim/KeyTable"
echo "SigningTable /etc/opendkim/SigningTable"
echo "ExternalIgnoreList /etc/opendkim/TrustedHosts"
echo "InternalHosts /etc/opendkim/TrustedHosts"
echo
sleep 1
else
echo
echo "Please inform only 'y' or 'n'!"
echo
exit
fi
fi
##
# Check for SOCKET configurations:
##
cp /etc/default/opendkim /etc/default/opendkim.saved.${SELECTOR_VAR}
grep "SOCKET=inet" /etc/default/opendkim | grep -v "#" > /dev/null
if [ $? == 1 ]; then
echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim
else
echo
echo "I've found non-default SOCKET configuration, check below:"
grep "SOCKET=inet" /etc/default/opendkim | grep -v "#"
echo
echo "The SOCKET section which this script uses is:"
echo "SOCKET=inet:8891@localhost"
echo
echo "Do you want me to comment the line(s) and add my configuration? (y/n)"
read var
if [ $var == "y" ] || [ $var == "Y" ]; then
sed -i.bak '/SOCKET=inet/ s/^/#/g' /etc/default/opendkim
echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim
echo "Ok!"
echo
elif [ $var == "n" ] || [ $var == "N" ]; then
echo "Skipping..."
sleep 1
else
echo
echo "Please inform only 'y' or 'n'!"
echo
exit
fi
fi
##
# Do the Magik!
##
if [ -f /etc/opendkim/TrustedHosts ]; then
cp /etc/opendkim/TrustedHosts /etc/opendkim/TrustedHosts.saved.${SELECTOR_VAR}
fi
echo "127.0.0.1
localhost
x.253.204.64
x.253.204.32/27" > /etc/opendkim/TrustedHosts
if [ ! -d /etc/opendkim/keys/${DOMAIN_DKIM} ]; then
mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
GENERATED=0
else
echo
echo "The key directory for ${DOMAIN_DKIM} exists."
echo "Do you want me to generate a new key? (y/n)"
read var
if [ $var == "y" ] || [ $var == "Y" ]; then
rm -rf /etc/opendkim/keys/${DOMAIN_DKIM}
mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
GENERATED=0
elif [ $var == "n" ] || [ $var == "N" ]; then
echo "Skipping..."
GENERATED=1
sleep 1
else
echo
echo "Please inform only 'y' or 'n'!"
echo
exit
fi
fi
##
# Correct the key permission:
##
if [ $GENERATED == 0 ]; then
chown opendkim:opendkim /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private
if [ -f /etc/opendkim/KeyTable ]; then
cp /etc/opendkim/KeyTable /etc/opendkim/KeyTable.saved.${SELECTOR_VAR}
fi
echo "${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM} ${DOMAIN_DKIM}:${SELECTOR_VAR}:/etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private" >> /etc/opendkim/KeyTable
if [ -f /etc/opendkim/SigningTable ]; then
cp /etc/opendkim/SigningTable /etc/opendkim/SigningTable.saved.${SELECTOR_VAR}
fi
echo "${DOMAIN_DKIM} ${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM}" >> /etc/opendkim/SigningTable
fi
echo
echo "Please, check if the contents of the files KeyTable and SigningTable"
echo "do not have old or duplicate entries. They're located at /etc/opendkim"
echo
if [ $GENERATED == 0 ]; then
echo
echo "The selector for the ${DOMAIN_DKIM} is: ${SELECTOR_VAR}"
echo
echo "You should now add the following into ${DOMAIN_DKIM} DNS zone:"
echo
cat /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.txt
fi
echo
echo "Consider to implement Opendkim in your mailserver
you must do this or all of my effort will be useless"
if [ -d /etc/postfix ]; then
echo
echo "I've found Postfix!"
echo
echo "Check if you main.cf have those configurations:"
echo
echo "milter_default_action = accept"
echo "milter_protocol = 2"
echo "smtpd_milters = inet:localhost:8891"
echo "non_smtpd_milters = inet:localhost:8891"
echo
echo "Check if your master.cf have the following line:"
echo " -o smtpd_milters=inet:127.0.0.1:8891"
echo
echo "below this line:"
echo "smtp inet n - - - - smtpd"
echo
fi
##
# Validate Opendkim configuration and restart the service.
##
systemctl start opendkim
systemctl enable opendkim
echo "Please run manually the following commands:"
echo
echo "/lib/opendkim/opendkim.service.generate"
echo "systemctl daemon-reload"
echo "systemctl restart opendkim && systemctl restart postfix"
echo
echo "Opendkim is configured!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment