jammie/01_postfix_installer.md

## 01_postfix_installer.md

      
    Raw
  

              01_postfix_installer.md
            
          
    Postfix Installer

Following script may be used for configuring complete and secure email server on fresh install of Ubuntu 18.04 LTS. It will probably work on other distributions using apt-get. After minor changes you'll be able to use it on other Linux distros.
What it does?

02_postfix.sh:


Install Postfix and configure it with TLS support.
Install Dovecot and configure it's transport on Postfix.
Download, extract and correct permissions for Postfixadmin.
Download, extract and correct permissions for Roundcube.

03_nginx.sh

This script is optional. It's intended to use only for nginx (I did not review this one from the fork).
04_opendkim.conf:


Install opendkim packages.
Configure opendkim for the given domain (prompt at the script).
Set directories tree and files for the domain key at "/etc/opendkim/".
The script can be used more than once, to configure new domains (warns will appear when needed).

What it doesn't?


It does not configure automatically postfixadmin, neither virtualhosts on apache.
It does not configure automatically roundcube, neither virtualhosts on apache.
It does not set anything related to DNS, those must be set manually (but it warns about).
It does not configure Apache in no way whatsoever.
It does not mess or set anything related with DNS server configuration.

Usage


Run postfix.sh script.
Configure postgres to allow connections.
Configure postfix admin. Remember to set these:

$CONF['configured'] = true;
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'YES';
$CONF['database_type'] = 'pgsql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix_user';
$CONF['database_password'] = 'PASSWORD FROM INSTALLER SCRIPT';
$CONF['database_name'] = 'postfix_db';


Create domain and at least one user.
Configure roundcube. Set imap to port 993, host to: ssl://localhost. Set smtp to port 587, host to tls://localhost.
Ran and configure opendkim.sh to install opendkim and generate new keys for the given domain.

This is just a draft right now, it will be updated.

  
## 02_postfix.sh
#!/bin/bash

ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_YELLOW=$ESC_SEQ"33;01m"

if [ "$UID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

function error_check {
    if [ "$?" = "0" ]; then
        echo -e "$COL_GREEN OK. $COL_RESET"
    else
        echo -e "$COL_RED An error has occured. $COL_RESET"
        read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

        if [[ $key != "" ]]; then
            exit
        fi
    fi
}


echo "You are about to install and configure Postfix virtual system with imap support (via Dovecot)."
echo "This script was made for Debian 7, but was adapted for Ubuntu 18.04 LTS [09/07/2018]."

echo "Updating system"
apt-get update
apt-get upgrade

echo "Adding group:"
groupadd -g 5000 vmail
error_check

echo "Adding group:"
useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail
error_check

echo "Installing programs:"
apt-get install postfix dovecot-core dovecot-imapd postgresql postfix-pgsql dovecot-lmtpd dovecot-pgsql
error_check

#echo "Preparing database:"

DBPASS=$(date | md5sum | head -c 32)
CREATEUSER="CREATE USER postfix_user WITH PASSWORD '${DBPASS}';"
CREATEDB="CREATE DATABASE postfix_db;"
PERMISSDB="GRANT ALL PRIVILEGES ON DATABASE postfix_db TO postfix_user;"

sudo -u postgres psql -c "${CREATEUSER}"
error_check
sudo -u postgres psql -c "${CREATEDB}"
error_check
sudo -u postgres psql -c "${PERMISSDB}"
error_check

echo
echo "Please inform the main domain of your server, like 'example.com'"

read MAIN_DOMAIN

echo
echo "Please inform the Hostname of your machine like 'hostname.example.com'"
echo "It'll be needed to add an A entry for the hostname on the DNS zone"
echo

read HOST_NAME

echo "Creating postfix config files (/etc/postfix/main.cf):"
echo "myhostname = ${HOST_NAME}
mydomain = ${MAIN_DOMAIN}
mydestination = \$myhostname, localhost.\$mydomain, localhost
relay_domains =
virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
# message size is max 15M
message_size_limit = 15728640
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = dovecot
local_recipient_maps = \$virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

smtp_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_sasl_local_domain = \$mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1
html_directory = /usr/share/doc/postfix/html
queue_directory = /var/spool/postfix" > /etc/postfix/main.cf
error_check

echo "Creating postfix config files (/etc/postfix/master.cf):"
echo "#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
  -o smtpd_milters=inet:127.0.0.1:8891
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about \${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
# To 'virtual' LDA:
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}
#
# To Dovecot LDA:
dovecot   unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f \${sender} -d \${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing \"lmtp\" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd=\"lmtpd -a\" listen=\"localhost:lmtp\" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m \${extension} \${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m \${extension} \${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  \${nexthop} \${user}

cleanup   unix  n       -       -       -       0       cleanup
subcleanup unix n       -       -       -       0       cleanup
 -o header_checks=regexp:/etc/postfix/submission_header_checks
" > /etc/postfix/master.cf
error_check

echo "Creating postfix config files (/etc/postfix/submission_header_checks):"
echo "/^Received:/ IGNORE
/^User-Agent:/ IGNORE" > /etc/postfix/submission_header_checks
error_check

echo "Creating postfix config files (/etc/postfix/virtual_alias_maps.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT goto FROM alias WHERE address='%s' AND active = true
" > /etc/postfix/virtual_alias_maps.cf
error_check

echo "Creating postfix config files (/etc/postfix/virtual_mailbox_domains.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
" > /etc/postfix/virtual_mailbox_domains.cf
error_check

echo "Creating postfix config files (/etc/postfix/virtual_mailbox_maps.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
" > /etc/postfix/virtual_mailbox_maps.cf
error_check

echo "Creating dovecot config files (/etc/dovecot/dovecot.conf):"
echo "protocols = imap
auth_mechanisms = plain
passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}
userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}
service auth {
    unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
    }
    user = root
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
ssl_cert = </etc/ssl/private/server.crt
ssl_key = </etc/ssl/private/server.key" > /etc/dovecot/dovecot.conf
error_check

echo "Creating dovecot config files (/etc/dovecot/dovecot-sql.conf):"
echo "driver = pgsql
connect = host=localhost dbname=postfix_db user=postfix_user password=${DBPASS}
default_pass_scheme = MD5-CRYPT
user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=',  quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as  userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
" > /etc/dovecot/dovecot-sql.conf
error_check

echo "Creating postmap:"
touch /etc/postfix/transport
postmap /etc/postfix/transport
error_check

read -p "Enter Postfix Admin and Roundcube installation path: " DOWNPATH

if [ ! -d ${DOWNPATH} ]; then
    mkdir -p ${DOWNPATH}
fi

echo "Checking if path is correct:"
cd ${DOWNPATH}
error_check

echo "Downloading postfixadmin:"
wget -O postfixadmin.tar.gz http://sourceforge.net/projects/postfixadmin/files/latest/download
error_check

echo "Unpacking postfixadmin:"
tar xvf postfixadmin.tar.gz -C ${DOWNPATH}
error_check

echo "Remove package and move extracted files:"
rm -rf postfixadmin.tar.gz
mv postfixadmin-* postfixadmin
error_check

echo "Create dir and setting permissions:"
mkdir postfixadmin/templates_c
chown -R www-data: postfixadmin/templates_c
error_check

echo "Downloading roundcube:"
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6-complete.tar.gz
error_check

echo "Unpacking roundcube:"
tar xvf roundcubemail-1.3.6-complete.tar.gz -C ${DOWNPATH}
error_check

echo "Remove zip and move files to mail dir:"
rm -rf roundcubemail-1.3.6-complete.tar.gz
mv roundcubemail-* mail

echo "chown rights mail dir:"
chown -R www-data: mail/*
chown www-data mail/.htaccess
error_check


echo "Checking if php7.2-fpm is working:"
service php7.2-fpm restart
error_check

echo "Creating SSL certificate:"
cd /etc/ssl/private/
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
chmod 400 server.key
error_check

openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
chmod 444 server.crt
error_check

echo "Starting postfix daemon:"
/etc/init.d/postfix restart
error_check

echo "Starting dovecot daemon:"
/etc/init.d/dovecot restart
error_check

echo "Enabling services:"
update-rc.d postfix defaults
update-rc.d dovecot defaults
error_check


echo -e "$COL_GREEN Setup complete. $COL_RESET"
echo
echo "You should configure postfixadmin and roundcube."
echo "Use these settings:"
echo "database type: pgsql"
echo "database host: localhost"
echo "database user: postfix_user"
echo "database pass: ${DBPASS}"
echo "database name: postfix_db"
echo
echo "You must create the following database and user:"
echo
echo "USER: postfix_user"
echo "PASS: ${DBPASS}"
echo "DATABASE: postfix_db"
echo
echo "while in the postgres shell, you can create those with:"
echo "postgres# createuser -P postfix_user"
echo
echo "Past the password when it prompts"
echo
echo "postgres# createdb postfix_db -O postfix_user"
echo


## 03_nginx.sh
#!/bin/bash
# I use it on blank Ubuntu 18.04 LTS installation to setup nginx with php support for simple tasks.

ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_YELLOW=$ESC_SEQ"33;01m"

if [ "$UID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

function error_check {
    if [ "$?" = "0" ]; then
        echo -e "$COL_GREEN OK. $COL_RESET"
    else
        echo -e "$COL_RED An error has occured. $COL_RESET"
        read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

        if [[ $key != "" ]]; then
            exit
        fi
    fi
}

echo "Updating system"
apt-get update && apt-get upgrade

echo "Installing the packages"
apt-get install nginx php7.2-fpm
error_check

echo "Set timezone"
dpkg-reconfigure tzdata
#sed 's/";date.timezone ="/"date.timezone = "Europe/Vilnius""/' /etc/php/7.2/fpm/php.ini
#sed ;;date.timezone =
error_check

useradd -m -G users -s /bin/bash www
error_check

echo "server {
#       root /home/www;
        root /var/www;
        index index.php index.html index.htm;
        server_name _;

        location / {
                index index.php index.html index.htm;
                autoindex on;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php7.2-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }
}" > /etc/nginx/sites-available/default
error_check

echo "Create postfixadmin file:"
server {
       listen 80;
       root /postfixadmin;

       index index.php index.html;

       location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
                deny all;
       }
       location ~ ^/(bin|SQL)/ {
                deny all;
       }

       # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }

       location ~ \.php$ {
                try_files $uri =404;
                include /nginx/conf/fastcgi_params;
                fastcgi_pass unix:/php/run/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_index index.php;
       }
}" > /etc/nginx/sites-available/postfixadmin
error_check

echo "Create roundcube file:"
server {
       listen 80;
       root /roundcube;
       server_name mail.${MAIN_DOMAIN};
       index index.php index.html;

       location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
                deny all;
       }
       location ~ ^/(bin|SQL)/ {
                deny all;
       }

       # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }

       location ~ \.php$ {
                try_files $uri =404;
                include /nginx/conf/fastcgi_params;
                fastcgi_pass unix:/php/run/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_index index.php;
       }
}" > /etc/nginx/sites-available/roundcube
error_check

#echo "Enabling sites"
#ln -s /etc/nginx/sites-available/roundcube /etc/nginx/sites-enabled/roundcube
#ln -s /etc/nginx/sites-available/postfixadmin /etc/nginx/sites-enabled/postfixadmin
#error_check

/etc/init.d/nginx start
/etc/init.d/php7.2-fpm start

## 04_opendkim.sh
#!/bin/bash
# ------------------------------------------------------------------
# [Date: 28/07/2017]
# [Author: MarcelFox]
# [email: contato@marcelfox.com]
#
#	Title: 'opendkim.sh'
#       The script configure the Opendkim for Debian 9 server,
#	but with a few modifications you'll be able to ran it
#	on every Linux Distro.
#
#	Does:
#		- Check previous configurations.
#		- Save backups of every configuration file before
#		  change it.
#		- Generate directories at '/etc/opendkim'.
#		- Generate new key for the given domain.
#		- Alerts for DNS and Postfix configurations.
#
#	Don't:
#		- Does not configure your mail server.
#		- Does not check for integrity of the KeyFile,
#		  SingingTable files. It's important to check those.
#
#	Fixes, Contacts and Improvements are encouraged! =)
#
# ------------------------------------------------------------------


##
# Set selector variable as YYYYMMDD:
##

SELECTOR_VAR=$(date +%Y%m%d)


##
# Ask if it'll be needed to Download Opendkim packages:
##

echo
echo "Download and install OpenDKIM packages? (y/n):"

read var

if [ $var == "y" ] || [ $var == "Y" ]; then
    apt-get update
    apt-get install -y opendkim opendkim-tools
elif [ $var == "n" ] || [ $var == "N" ]; then
    echo
    echo "Skipping..."
    echo
else
    echo
    echo "Please inform only 'y' or 'n'!"
    echo
    exit
fi


##
# Check if the keys directory already exists:
##

if [ ! -d /etc/opendkim ]; then
    mkdir /etc/opendkim
else
    echo
    echo "It seems that an Opendkim configuration already exists. Continue? (y/n):"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
        echo "Ok!"
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo
	echo "Ok, I'm here if you need!"
	echo
	exit
    else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
    fi
fi


if [ -f /etc/opendkim.conf ]; then
    cp /etc/opendkim.conf /etc/opendkim.conf.saved.${SELECTOR_VAR}
    echo
    echo "I've saved the original conf file to '/etc/opendkim.conf.saved.${SELECTOR_VAR}'"
    echo
else
    echo
    echo "There's an issue with your Opendkim installation, check those and come back!"
    echo
    exit
fi


##
# Read the domain to generate the dkim:
##

echo
echo "Inform the domain, like 'example.com', in which you'll add the DKIM key:"

read DOMAIN_DKIM


##
# Checks the main configuration file:
##

grep -E 'KeyTable|SigningTable|ExternalIgnoreList|InternalHosts' /etc/opendkim.conf > /dev/null
#
# Stores the last command value, then continue:
#
LAST_CMD=$?

if [ $LAST_CMD == 1]; then

	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	echo "InternalHosts      /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
fi

if [ $LAST_CMD == 0 ]; then
    echo
    echo "I found those non-default settings on '/etc/opendkim.conf':"
    grep -E 'KeyTable|SigningTable|ExternalIgnoreList|InternalHosts' /etc/opendkim.conf
    echo
    echo "Do you want to comment these lines? (y/n):"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
	sed -i.bak '/KeyTable/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/SigningTable/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/ExternalIgnoreList/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/InternalHosts/ s/^/#/g' /etc/opendkim.conf

	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	echo "InternalHosts      /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf

    elif [ $var == "n" ] || [ $var == "N" ]; then
	echo "Skipping..."
	echo "Be sure that your opendkim.conf has the following settings:"
	echo
	echo "KeyTable           /etc/opendkim/KeyTable"
	echo "SigningTable       /etc/opendkim/SigningTable"
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts"
	echo "InternalHosts      /etc/opendkim/TrustedHosts"
	echo

	sleep 1

    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
	exit
    fi
fi


##
# Check for SOCKET configurations:
##

cp /etc/default/opendkim /etc/default/opendkim.saved.${SELECTOR_VAR}

grep "SOCKET=inet" /etc/default/opendkim | grep -v "#" > /dev/null

if [ $? == 1 ]; then

    echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim

else

    echo
    echo "I've found non-default SOCKET configuration, check below:"

    grep "SOCKET=inet" /etc/default/opendkim | grep -v "#"

    echo
    echo "The SOCKET section which this script uses is:"
    echo "SOCKET=inet:8891@localhost"
    echo
    echo "Do you want me to comment the line(s) and add my configuration? (y/n)"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
	sed -i.bak '/SOCKET=inet/ s/^/#/g' /etc/default/opendkim
	echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim
	echo "Ok!"
	echo
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo "Skipping..."
        sleep 1
    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
        exit
    fi
fi


##
# Do the Magik!
##

if [ -f /etc/opendkim/TrustedHosts ]; then
    cp /etc/opendkim/TrustedHosts /etc/opendkim/TrustedHosts.saved.${SELECTOR_VAR}
fi

echo "127.0.0.1
localhost
x.253.204.64
x.253.204.32/27" > /etc/opendkim/TrustedHosts


if [ ! -d /etc/opendkim/keys/${DOMAIN_DKIM} ]; then
    mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
    opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
    GENERATED=0
else
    echo
    echo "The key directory for ${DOMAIN_DKIM} exists."
    echo "Do you want me to generate a new key? (y/n)"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
	rm -rf /etc/opendkim/keys/${DOMAIN_DKIM}
	mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
        opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
	GENERATED=0
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo "Skipping..."
	GENERATED=1
        sleep 1
    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
        exit
    fi
fi


##
# Correct the key permission:
##

if [ $GENERATED == 0 ]; then

    chown opendkim:opendkim /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private

    if [ -f /etc/opendkim/KeyTable ]; then
    	cp /etc/opendkim/KeyTable /etc/opendkim/KeyTable.saved.${SELECTOR_VAR}
    fi

    echo "${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM} ${DOMAIN_DKIM}:${SELECTOR_VAR}:/etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private" >> /etc/opendkim/KeyTable


    if [ -f /etc/opendkim/SigningTable ]; then
        cp /etc/opendkim/SigningTable /etc/opendkim/SigningTable.saved.${SELECTOR_VAR}
    fi

    echo "${DOMAIN_DKIM} ${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM}" >> /etc/opendkim/SigningTable

fi

echo
echo "Please, check if the contents of the files KeyTable and SigningTable"
echo "do not have old or duplicate entries. They're located at /etc/opendkim"
echo


if [  $GENERATED == 0 ]; then

    echo
    echo "The selector for the ${DOMAIN_DKIM} is: ${SELECTOR_VAR}"
    echo
    echo "You should now add the following into ${DOMAIN_DKIM} DNS zone:"
    echo

    cat /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.txt
fi

echo
echo "Consider to implement Opendkim in your mailserver
you must do this or all of my effort will be useless"

if [ -d /etc/postfix ]; then
    echo
    echo "I've found Postfix!"
    echo

    echo "Check if you main.cf have those configurations:"
    echo
    echo "milter_default_action = accept"
    echo "milter_protocol = 2"
    echo "smtpd_milters = inet:localhost:8891"
    echo "non_smtpd_milters = inet:localhost:8891"

    echo
    echo "Check if your master.cf have the following line:"
    echo "  -o smtpd_milters=inet:127.0.0.1:8891"
    echo
    echo "below this line:"
    echo "smtp      inet  n       -       -       -       -       smtpd"
    echo
fi


##
# Validate Opendkim configuration and restart the service.
##

systemctl start opendkim
systemctl enable opendkim

echo "Please run manually the following commands:"
echo
echo "/lib/opendkim/opendkim.service.generate"
echo "systemctl daemon-reload"
echo "systemctl restart opendkim && systemctl restart postfix"
echo
echo "Opendkim is configured!"
	#!/bin/bash

	ESC_SEQ="\x1b["
	COL_RESET=$ESC_SEQ"39;49;00m"
	COL_RED=$ESC_SEQ"31;01m"
	COL_GREEN=$ESC_SEQ"32;01m"
	COL_YELLOW=$ESC_SEQ"33;01m"

	if [ "$UID" -ne 0 ]
	then echo "Please run as root"
	exit
	fi

	function error_check {
	if [ "$?" = "0" ]; then
	echo -e "$COL_GREEN OK. $COL_RESET"
	else
	echo -e "$COL_RED An error has occured. $COL_RESET"
	read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

	if [[ $key != "" ]]; then
	exit
	fi
	fi
	}


	echo "You are about to install and configure Postfix virtual system with imap support (via Dovecot)."
	echo "This script was made for Debian 7, but was adapted for Ubuntu 18.04 LTS [09/07/2018]."

	echo "Updating system"
	apt-get update
	apt-get upgrade

	echo "Adding group:"
	groupadd -g 5000 vmail
	error_check

	echo "Adding group:"
	useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail
	error_check

	echo "Installing programs:"
	apt-get install postfix dovecot-core dovecot-imapd postgresql postfix-pgsql dovecot-lmtpd dovecot-pgsql
	error_check

	#echo "Preparing database:"

	DBPASS=$(date \| md5sum \| head -c 32)
	CREATEUSER="CREATE USER postfix_user WITH PASSWORD '${DBPASS}';"
	CREATEDB="CREATE DATABASE postfix_db;"
	PERMISSDB="GRANT ALL PRIVILEGES ON DATABASE postfix_db TO postfix_user;"

	sudo -u postgres psql -c "${CREATEUSER}"
	error_check
	sudo -u postgres psql -c "${CREATEDB}"
	error_check
	sudo -u postgres psql -c "${PERMISSDB}"
	error_check

	echo
	echo "Please inform the main domain of your server, like 'example.com'"

	read MAIN_DOMAIN

	echo
	echo "Please inform the Hostname of your machine like 'hostname.example.com'"
	echo "It'll be needed to add an A entry for the hostname on the DNS zone"
	echo

	read HOST_NAME

	echo "Creating postfix config files (/etc/postfix/main.cf):"
	echo "myhostname = ${HOST_NAME}
	mydomain = ${MAIN_DOMAIN}
	mydestination = \$myhostname, localhost.\$mydomain, localhost
	relay_domains =
	virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
	virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
	virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
	virtual_mailbox_base = /home/vmail
	virtual_mailbox_limit = 512000000
	# message size is max 15M
	message_size_limit = 15728640
	virtual_minimum_uid = 5000
	virtual_transport = dovecot
	virtual_uid_maps = static:5000
	virtual_gid_maps = static:5000
	local_transport = dovecot
	local_recipient_maps = \$virtual_mailbox_maps
	transport_maps = hash:/etc/postfix/transport

	milter_default_action = accept
	milter_protocol = 2
	smtpd_milters = inet:localhost:8891
	non_smtpd_milters = inet:localhost:8891

	smtp_tls_security_level = may
	smtpd_sasl_auth_enable = yes
	smtpd_sasl_type = dovecot
	smtpd_sasl_path = private/auth
	smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
	smtpd_sasl_security_options = noanonymous
	smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
	smtpd_tls_auth_only = yes
	smtpd_tls_cert_file = /etc/ssl/private/server.crt
	smtpd_tls_key_file = /etc/ssl/private/server.key
	smtpd_sasl_local_domain = \$mydomain
	broken_sasl_auth_clients = yes
	smtpd_tls_loglevel = 1
	html_directory = /usr/share/doc/postfix/html
	queue_directory = /var/spool/postfix" > /etc/postfix/main.cf
	error_check

	echo "Creating postfix config files (/etc/postfix/master.cf):"
	echo "#
	# Postfix master process configuration file. For details on the format
	# of the file, see the master(5) manual page (command: "man 5 master").
	#
	# Do not forget to execute "postfix reload" after editing this file.
	#
	# ==========================================================================
	# service type private unpriv chroot wakeup maxproc command + args
	# (yes) (yes) (yes) (never) (100)
	# ==========================================================================
	smtp inet n - - - - smtpd
	-o smtpd_milters=inet:127.0.0.1:8891
	#smtp inet n - - - 1 postscreen
	#smtpd pass - - - - - smtpd
	#dnsblog unix - - - - 0 dnsblog
	#tlsproxy unix - - - - 0 tlsproxy
	submission inet n - - - - smtpd
	# -o syslog_name=postfix/submission
	-o smtpd_tls_security_level=encrypt
	-o smtpd_sasl_auth_enable=yes
	# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	# -o milter_macro_daemon_name=ORIGINATING
	smtps inet n - - - - smtpd
	# -o syslog_name=postfix/smtps
	-o smtpd_tls_wrappermode=yes
	-o smtpd_sasl_auth_enable=yes
	# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	# -o milter_macro_daemon_name=ORIGINATING
	#628 inet n - - - - qmqpd
	pickup fifo n - - 60 1 pickup
	cleanup unix n - - - 0 cleanup
	qmgr fifo n - n 300 1 qmgr
	#qmgr fifo n - n 300 1 oqmgr
	tlsmgr unix - - - 1000? 1 tlsmgr
	rewrite unix - - - - - trivial-rewrite
	bounce unix - - - - 0 bounce
	defer unix - - - - 0 bounce
	trace unix - - - - 0 bounce
	verify unix - - - - 1 verify
	flush unix n - - 1000? 0 flush
	proxymap unix - - n - - proxymap
	proxywrite unix - - n - 1 proxymap
	smtp unix - - - - - smtp
	relay unix - - - - - smtp
	# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
	showq unix n - - - - showq
	error unix - - - - - error
	retry unix - - - - - error
	discard unix - - - - - discard
	local unix - n n - - local
	virtual unix - n n - - virtual
	lmtp unix - - - - - lmtp
	anvil unix - - - - 1 anvil
	scache unix - - - - 1 scache
	#
	# ====================================================================
	# Interfaces to non-Postfix software. Be sure to examine the manual
	# pages of the non-Postfix software to find out what options it wants.
	#
	# Many of the following services use the Postfix pipe(8) delivery
	# agent. See the pipe(8) man page for information about \${recipient}
	# and other message envelope options.
	# ====================================================================
	#
	# maildrop. See the Postfix MAILDROP_README file for details.
	# Also specify in main.cf: maildrop_destination_recipient_limit=1
	#
	# To 'virtual' LDA:
	#maildrop unix - n n - - pipe
	# flags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}
	#
	# To Dovecot LDA:
	dovecot unix - n n - - pipe
	flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f \${sender} -d \${recipient}
	#
	# ====================================================================
	#
	# Recent Cyrus versions can use the existing \"lmtp\" master.cf entry.
	#
	# Specify in cyrus.conf:
	# lmtp cmd=\"lmtpd -a\" listen=\"localhost:lmtp\" proto=tcp4
	#
	# Specify in main.cf one or more of the following:
	# mailbox_transport = lmtp:inet:localhost
	# virtual_transport = lmtp:inet:localhost
	#
	# ====================================================================
	#
	# Cyrus 2.1.5 (Amos Gouaux)
	# Also specify in main.cf: cyrus_destination_recipient_limit=1
	#
	#cyrus unix - n n - - pipe
	# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m \${extension} \${user}
	#
	# ====================================================================
	# Old example of delivery via Cyrus.
	#
	#old-cyrus unix - n n - - pipe
	# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m \${extension} \${user}
	#
	# ====================================================================
	#
	# See the Postfix UUCP_README file for configuration details.
	#
	uucp unix - n n - - pipe
	flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
	#
	# Other external delivery methods.
	#
	ifmail unix - n n - - pipe
	flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
	bsmtp unix - n n - - pipe
	flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient
	scalemail-backend unix - n n - 2 pipe
	flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}
	mailman unix - n n - - pipe
	flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
	\${nexthop} \${user}

	cleanup unix n - - - 0 cleanup
	subcleanup unix n - - - 0 cleanup
	-o header_checks=regexp:/etc/postfix/submission_header_checks
	" > /etc/postfix/master.cf
	error_check

	echo "Creating postfix config files (/etc/postfix/submission_header_checks):"
	echo "/^Received:/ IGNORE
	/^User-Agent:/ IGNORE" > /etc/postfix/submission_header_checks
	error_check

	echo "Creating postfix config files (/etc/postfix/virtual_alias_maps.cf):"
	echo "user = postfix_user
	password = ${DBPASS}
	hosts = localhost
	dbname = postfix_db
	query = SELECT goto FROM alias WHERE address='%s' AND active = true
	" > /etc/postfix/virtual_alias_maps.cf
	error_check

	echo "Creating postfix config files (/etc/postfix/virtual_mailbox_domains.cf):"
	echo "user = postfix_user
	password = ${DBPASS}
	hosts = localhost
	dbname = postfix_db
	query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
	" > /etc/postfix/virtual_mailbox_domains.cf
	error_check

	echo "Creating postfix config files (/etc/postfix/virtual_mailbox_maps.cf):"
	echo "user = postfix_user
	password = ${DBPASS}
	hosts = localhost
	dbname = postfix_db
	query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
	" > /etc/postfix/virtual_mailbox_maps.cf
	error_check

	echo "Creating dovecot config files (/etc/dovecot/dovecot.conf):"
	echo "protocols = imap
	auth_mechanisms = plain
	passdb {
	driver = sql
	args = /etc/dovecot/dovecot-sql.conf
	}
	userdb {
	driver = sql
	args = /etc/dovecot/dovecot-sql.conf
	}
	service auth {
	unix_listener /var/spool/postfix/private/auth {
	group = postfix
	mode = 0660
	user = postfix
	}
	user = root
	}
	mail_home = /home/vmail/%d/%u
	mail_location = maildir:~
	ssl_cert = </etc/ssl/private/server.crt
	ssl_key = </etc/ssl/private/server.key" > /etc/dovecot/dovecot.conf
	error_check

	echo "Creating dovecot config files (/etc/dovecot/dovecot-sql.conf):"
	echo "driver = pgsql
	connect = host=localhost dbname=postfix_db user=postfix_user password=${DBPASS}
	default_pass_scheme = MD5-CRYPT
	user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
	password_query = SELECT username as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
	" > /etc/dovecot/dovecot-sql.conf
	error_check

	echo "Creating postmap:"
	touch /etc/postfix/transport
	postmap /etc/postfix/transport
	error_check

	read -p "Enter Postfix Admin and Roundcube installation path: " DOWNPATH

	if [ ! -d ${DOWNPATH} ]; then
	mkdir -p ${DOWNPATH}
	fi

	echo "Checking if path is correct:"
	cd ${DOWNPATH}
	error_check

	echo "Downloading postfixadmin:"
	wget -O postfixadmin.tar.gz http://sourceforge.net/projects/postfixadmin/files/latest/download
	error_check

	echo "Unpacking postfixadmin:"
	tar xvf postfixadmin.tar.gz -C ${DOWNPATH}
	error_check

	echo "Remove package and move extracted files:"
	rm -rf postfixadmin.tar.gz
	mv postfixadmin-* postfixadmin
	error_check

	echo "Create dir and setting permissions:"
	mkdir postfixadmin/templates_c
	chown -R www-data: postfixadmin/templates_c
	error_check

	echo "Downloading roundcube:"
	wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6-complete.tar.gz
	error_check

	echo "Unpacking roundcube:"
	tar xvf roundcubemail-1.3.6-complete.tar.gz -C ${DOWNPATH}
	error_check

	echo "Remove zip and move files to mail dir:"
	rm -rf roundcubemail-1.3.6-complete.tar.gz
	mv roundcubemail-* mail

	echo "chown rights mail dir:"
	chown -R www-data: mail/*
	chown www-data mail/.htaccess
	error_check


	echo "Checking if php7.2-fpm is working:"
	service php7.2-fpm restart
	error_check

	echo "Creating SSL certificate:"
	cd /etc/ssl/private/
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
	chmod 400 server.key
	error_check

	openssl req -new -key server.key -out server.csr
	openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
	chmod 444 server.crt
	error_check

	echo "Starting postfix daemon:"
	/etc/init.d/postfix restart
	error_check

	echo "Starting dovecot daemon:"
	/etc/init.d/dovecot restart
	error_check

	echo "Enabling services:"
	update-rc.d postfix defaults
	update-rc.d dovecot defaults
	error_check


	echo -e "$COL_GREEN Setup complete. $COL_RESET"
	echo
	echo "You should configure postfixadmin and roundcube."
	echo "Use these settings:"
	echo "database type: pgsql"
	echo "database host: localhost"
	echo "database user: postfix_user"
	echo "database pass: ${DBPASS}"
	echo "database name: postfix_db"
	echo
	echo "You must create the following database and user:"
	echo
	echo "USER: postfix_user"
	echo "PASS: ${DBPASS}"
	echo "DATABASE: postfix_db"
	echo
	echo "while in the postgres shell, you can create those with:"
	echo "postgres# createuser -P postfix_user"
	echo
	echo "Past the password when it prompts"
	echo
	echo "postgres# createdb postfix_db -O postfix_user"
	echo
	#!/bin/bash
	# I use it on blank Ubuntu 18.04 LTS installation to setup nginx with php support for simple tasks.

	ESC_SEQ="\x1b["
	COL_RESET=$ESC_SEQ"39;49;00m"
	COL_RED=$ESC_SEQ"31;01m"
	COL_GREEN=$ESC_SEQ"32;01m"
	COL_YELLOW=$ESC_SEQ"33;01m"

	if [ "$UID" -ne 0 ]
	then echo "Please run as root"
	exit
	fi

	function error_check {
	if [ "$?" = "0" ]; then
	echo -e "$COL_GREEN OK. $COL_RESET"
	else
	echo -e "$COL_RED An error has occured. $COL_RESET"
	read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

	if [[ $key != "" ]]; then
	exit
	fi
	fi
	}

	echo "Updating system"
	apt-get update && apt-get upgrade

	echo "Installing the packages"
	apt-get install nginx php7.2-fpm
	error_check

	echo "Set timezone"
	dpkg-reconfigure tzdata
	#sed 's/";date.timezone ="/"date.timezone = "Europe/Vilnius""/' /etc/php/7.2/fpm/php.ini
	#sed ;;date.timezone =
	error_check

	useradd -m -G users -s /bin/bash www
	error_check

	echo "server {
	# root /home/www;
	root /var/www;
	index index.php index.html index.htm;
	server_name _;

	location / {
	index index.php index.html index.htm;
	autoindex on;
	}

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php7.2-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}
	}" > /etc/nginx/sites-available/default
	error_check

	echo "Create postfixadmin file:"
	server {
	listen 80;
	root /postfixadmin;

	index index.php index.html;

	location ~ ^/(README\|INSTALL\|LICENSE\|CHANGELOG\|UPGRADING)$ {
	deny all;
	}
	location ~ ^/(bin\|SQL)/ {
	deny all;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ \.php$ {
	try_files $uri =404;
	include /nginx/conf/fastcgi_params;
	fastcgi_pass unix:/php/run/php-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}
	}" > /etc/nginx/sites-available/postfixadmin
	error_check

	echo "Create roundcube file:"
	server {
	listen 80;
	root /roundcube;
	server_name mail.${MAIN_DOMAIN};
	index index.php index.html;

	location ~ ^/(README\|INSTALL\|LICENSE\|CHANGELOG\|UPGRADING)$ {
	deny all;
	}
	location ~ ^/(bin\|SQL)/ {
	deny all;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ \.php$ {
	try_files $uri =404;
	include /nginx/conf/fastcgi_params;
	fastcgi_pass unix:/php/run/php-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}
	}" > /etc/nginx/sites-available/roundcube
	error_check

	#echo "Enabling sites"
	#ln -s /etc/nginx/sites-available/roundcube /etc/nginx/sites-enabled/roundcube
	#ln -s /etc/nginx/sites-available/postfixadmin /etc/nginx/sites-enabled/postfixadmin
	#error_check

	/etc/init.d/nginx start
	/etc/init.d/php7.2-fpm start
	#!/bin/bash
	# ------------------------------------------------------------------
	# [Date: 28/07/2017]
	# [Author: MarcelFox]
	# [email: contato@marcelfox.com]
	#
	# Title: 'opendkim.sh'
	# The script configure the Opendkim for Debian 9 server,
	# but with a few modifications you'll be able to ran it
	# on every Linux Distro.
	#
	# Does:
	# - Check previous configurations.
	# - Save backups of every configuration file before
	# change it.
	# - Generate directories at '/etc/opendkim'.
	# - Generate new key for the given domain.
	# - Alerts for DNS and Postfix configurations.
	#
	# Don't:
	# - Does not configure your mail server.
	# - Does not check for integrity of the KeyFile,
	# SingingTable files. It's important to check those.
	#
	# Fixes, Contacts and Improvements are encouraged! =)
	#
	# ------------------------------------------------------------------


	##
	# Set selector variable as YYYYMMDD:
	##

	SELECTOR_VAR=$(date +%Y%m%d)



	##
	# Ask if it'll be needed to Download Opendkim packages:
	##

	echo
	echo "Download and install OpenDKIM packages? (y/n):"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	apt-get update
	apt-get install -y opendkim opendkim-tools
	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo
	echo "Skipping..."
	echo
	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi



	##
	# Check if the keys directory already exists:
	##

	if [ ! -d /etc/opendkim ]; then
	mkdir /etc/opendkim
	else
	echo
	echo "It seems that an Opendkim configuration already exists. Continue? (y/n):"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	echo "Ok!"
	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo
	echo "Ok, I'm here if you need!"
	echo
	exit
	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi
	fi


	if [ -f /etc/opendkim.conf ]; then
	cp /etc/opendkim.conf /etc/opendkim.conf.saved.${SELECTOR_VAR}
	echo
	echo "I've saved the original conf file to '/etc/opendkim.conf.saved.${SELECTOR_VAR}'"
	echo
	else
	echo
	echo "There's an issue with your Opendkim installation, check those and come back!"
	echo
	exit
	fi



	##
	# Read the domain to generate the dkim:
	##

	echo
	echo "Inform the domain, like 'example.com', in which you'll add the DKIM key:"

	read DOMAIN_DKIM



	##
	# Checks the main configuration file:
	##

	grep -E 'KeyTable\|SigningTable\|ExternalIgnoreList\|InternalHosts' /etc/opendkim.conf > /dev/null
	#
	# Stores the last command value, then continue:
	#
	LAST_CMD=$?

	if [ $LAST_CMD == 1]; then

	echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim.conf
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	fi

	if [ $LAST_CMD == 0 ]; then
	echo
	echo "I found those non-default settings on '/etc/opendkim.conf':"
	grep -E 'KeyTable\|SigningTable\|ExternalIgnoreList\|InternalHosts' /etc/opendkim.conf
	echo
	echo "Do you want to comment these lines? (y/n):"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	sed -i.bak '/KeyTable/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/SigningTable/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/ExternalIgnoreList/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/InternalHosts/ s/^/#/g' /etc/opendkim.conf

	echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim.conf
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf

	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo "Skipping..."
	echo "Be sure that your opendkim.conf has the following settings:"
	echo
	echo "KeyTable /etc/opendkim/KeyTable"
	echo "SigningTable /etc/opendkim/SigningTable"
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts"
	echo "InternalHosts /etc/opendkim/TrustedHosts"
	echo

	sleep 1

	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi
	fi



	##
	# Check for SOCKET configurations:
	##

	cp /etc/default/opendkim /etc/default/opendkim.saved.${SELECTOR_VAR}

	grep "SOCKET=inet" /etc/default/opendkim \| grep -v "#" > /dev/null

	if [ $? == 1 ]; then

	echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim

	else

	echo
	echo "I've found non-default SOCKET configuration, check below:"

	grep "SOCKET=inet" /etc/default/opendkim \| grep -v "#"

	echo
	echo "The SOCKET section which this script uses is:"
	echo "SOCKET=inet:8891@localhost"
	echo
	echo "Do you want me to comment the line(s) and add my configuration? (y/n)"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	sed -i.bak '/SOCKET=inet/ s/^/#/g' /etc/default/opendkim
	echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim
	echo "Ok!"
	echo
	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo "Skipping..."
	sleep 1
	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi
	fi


	##
	# Do the Magik!
	##

	if [ -f /etc/opendkim/TrustedHosts ]; then
	cp /etc/opendkim/TrustedHosts /etc/opendkim/TrustedHosts.saved.${SELECTOR_VAR}
	fi

	echo "127.0.0.1
	localhost
	x.253.204.64
	x.253.204.32/27" > /etc/opendkim/TrustedHosts



	if [ ! -d /etc/opendkim/keys/${DOMAIN_DKIM} ]; then
	mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
	opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
	GENERATED=0
	else
	echo
	echo "The key directory for ${DOMAIN_DKIM} exists."
	echo "Do you want me to generate a new key? (y/n)"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	rm -rf /etc/opendkim/keys/${DOMAIN_DKIM}
	mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
	opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
	GENERATED=0
	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo "Skipping..."
	GENERATED=1
	sleep 1
	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi
	fi


	##
	# Correct the key permission:
	##

	if [ $GENERATED == 0 ]; then

	chown opendkim:opendkim /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private

	if [ -f /etc/opendkim/KeyTable ]; then
	cp /etc/opendkim/KeyTable /etc/opendkim/KeyTable.saved.${SELECTOR_VAR}
	fi

	echo "${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM} ${DOMAIN_DKIM}:${SELECTOR_VAR}:/etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private" >> /etc/opendkim/KeyTable



	if [ -f /etc/opendkim/SigningTable ]; then
	cp /etc/opendkim/SigningTable /etc/opendkim/SigningTable.saved.${SELECTOR_VAR}
	fi

	echo "${DOMAIN_DKIM} ${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM}" >> /etc/opendkim/SigningTable

	fi

	echo
	echo "Please, check if the contents of the files KeyTable and SigningTable"
	echo "do not have old or duplicate entries. They're located at /etc/opendkim"
	echo


	if [ $GENERATED == 0 ]; then

	echo
	echo "The selector for the ${DOMAIN_DKIM} is: ${SELECTOR_VAR}"
	echo
	echo "You should now add the following into ${DOMAIN_DKIM} DNS zone:"
	echo

	cat /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.txt
	fi

	echo
	echo "Consider to implement Opendkim in your mailserver
	you must do this or all of my effort will be useless"

	if [ -d /etc/postfix ]; then
	echo
	echo "I've found Postfix!"
	echo

	echo "Check if you main.cf have those configurations:"
	echo
	echo "milter_default_action = accept"
	echo "milter_protocol = 2"
	echo "smtpd_milters = inet:localhost:8891"
	echo "non_smtpd_milters = inet:localhost:8891"

	echo
	echo "Check if your master.cf have the following line:"
	echo " -o smtpd_milters=inet:127.0.0.1:8891"
	echo
	echo "below this line:"
	echo "smtp inet n - - - - smtpd"
	echo
	fi



	##
	# Validate Opendkim configuration and restart the service.
	##

	systemctl start opendkim
	systemctl enable opendkim

	echo "Please run manually the following commands:"
	echo
	echo "/lib/opendkim/opendkim.service.generate"
	echo "systemctl daemon-reload"
	echo "systemctl restart opendkim && systemctl restart postfix"
	echo
	echo "Opendkim is configured!"