Last active
March 27, 2024 14:21
-
-
Save ctdurazo/32debecea71ae9fb4d51c1d243651362 to your computer and use it in GitHub Desktop.
Stack script for setting up a mail server with linode.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This block defines the variables that the user of the script needs to input | |
| # when deploying using this script. | |
| # | |
| #<UDF name="hostname" label="The hostname for the new Linode."> | |
| #<UDF name="fqdn" label="The new Linode's Fully Qualified Domain Name"> | |
| #<UDF name="username" label="username"> | |
| #<UDF name="password" label="The password for username"> | |
| # | |
| # This sets the variable $IPADDR to the IP address the new Linode receives. | |
| IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') | |
| # This updates the packages on the system from the distribution repositories. | |
| DEBIAN_FRONTEND=noninteractive apt-get update -y -q && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y -q | |
| # This section sets the hostname. | |
| echo $HOSTNAME > /etc/hostname | |
| hostname -F /etc/hostname | |
| echo $FQDN > /etc/mailname | |
| # This section sets the Fully Qualified Domain Name (FQDN) in the hosts file. | |
| echo $IPADDR $FQDN $HOSTNAME >> /etc/hosts | |
| # add user with password | |
| adduser --quiet --disabled-password --shell /bin/bash --home /home/$USERNAME $USERNAME | |
| echo "$USERNAME:$PASSWORD" | chpasswd | |
| # create ssl cert | |
| openssl req -x509 -nodes -days 365 -subj "/C=US/ST=California/L=Los Angeles/O=./CN=$FQDN" -newkey rsa:2048 -keyout /etc/ssl/private/ssl-mail.key -out /etc/ssl/certs/ssl-mail.pem | |
| # install packages | |
| debconf-set-selections <<< "postfix postfix/mailname string $HOSTNAME" | |
| debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" | |
| apt-get install -y postfix postfix-policyd-spf-python postfix-pcre dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd opendkim opendkim-tools | |
| # get postfix config files | |
| mv /etc/postfix/master.cf /etc/postfix/master.cf.bak | |
| mv /etc/postfix/main.cf /etc/postfix/main.cf.bak | |
| wget https://raw.githubusercontent.com/ctdurazo/LinodeStuff/master/mailServerConfs/postfix/master.cf -O /etc/postfix/master.cf | |
| wget https://raw.githubusercontent.com/ctdurazo/LinodeStuff/master/mailServerConfs/postfix/main.cf -O /etc/postfix/main.cf | |
| sed -i "s/example.com/$FQDN/g" /etc/postfix/main.cf | |
| # get dovecot config files | |
| mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.bak | |
| wget https://raw.githubusercontent.com/ctdurazo/LinodeStuff/master/mailServerConfs/dovecot/dovecot.conf -O /etc/dovecot/dovecot.conf | |
| # get opendkim config files | |
| mv /etc/opendkim.conf /etc/opendkim.conf.bak | |
| mv /etc/default/opendkim /etc/default/opendkim.bak | |
| wget https://raw.githubusercontent.com/ctdurazo/LinodeStuff/master/mailServerConfs/opendkim/opendkim.conf -O /etc/opendkim.conf | |
| wget https://raw.githubusercontent.com/ctdurazo/LinodeStuff/master/mailServerConfs/opendkim/opendkim -O /etc/default/opendkim | |
| touch /var/spool/postfix/opendkim/opendkim.sock | |
| # add aliases to /etc/aliases | |
| echo "mailer-daemon: postmaster" >> /etc/aliases | |
| echo "postmaster: root" >> /etc/aliases | |
| echo "nobody: root" >> /etc/aliases | |
| echo "hostmaster: root" >> /etc/aliases | |
| echo "usenet: root" >> /etc/aliases | |
| echo "news: root" >> /etc/aliases | |
| echo "webmaster: root" >> /etc/aliases | |
| echo "www: root" >> /etc/aliases | |
| echo "ftp: root" >> /etc/aliases | |
| echo "abuse: root" >> /etc/aliases | |
| echo "security: root" >> /etc/aliases | |
| echo "root: $USERNAME" >> /etc/aliases | |
| # set permissions and make directories | |
| chmod u=rw,go=r /etc/opendkim.conf | |
| mkdir /etc/{opendkim,mail} | |
| chown -R opendkim:opendkim /etc/opendkim | |
| mkdir /var/log/dkim-filter | |
| touch /var/log/dkim-filter/dkim-stats | |
| chown opendkim:opendkim /var/log/dkim-filter/ | |
| chown opendkim:opendkim /var/log/dkim-filter/dkim-stats | |
| echo $FQDN $FQDN:mail:/etc/mail/dkim.key >> /etc/opendkim/KeyTable | |
| echo \* $FQDN >> /etc/opendkim/SigningTable | |
| echo 127.0.0.1 >> /etc/opendkim/TrustedHosts | |
| mkdir /var/spool/postfix/opendkim | |
| chown opendkim:postfix /var/spool/postfix/opendkim | |
| # create dkim keys | |
| opendkim-genkey -s mail -d `hostname` | |
| mv mail.private dkim.key | |
| mv * /etc/mail/ | |
| chown opendkim:opendkim /etc/mail/* | |
| chmod 600 /etc/mail/* | |
| # create flush.sh | |
| touch flush.sh | |
| echo "postfix flush" >> flush.sh | |
| echo "/etc/init.d/postfix restart" >> flush.sh | |
| # create mail logs | |
| touch /var/log/mail.log | |
| touch /var/log/mail.err | |
| sudo chmod a+w /var/log/mail* | |
| # create backup dir and crontabs | |
| mkdir /var/backup/ | |
| ( crontab -l ; echo "0 1 * * * /root/flush.sh" ) | crontab -e | |
| # create ssh keys | |
| ssh-keygen -f ~/.ssh/id_rsa -P "" | |
| # update and restart services | |
| adduser postfix opendkim | |
| newaliases | |
| systemctl restart postfix | |
| systemctl restart dovecot | |
| systemctl restart opendkim | |
| sudo reboot |
@jlucus sure thing. it has been a while since i have used this, so any feedback on how well it works is appreciated.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you for this