Ajout commentaires
This commit is contained in:
parent
113bcf1f64
commit
58f3cfeb5f
|
|
@ -121,7 +121,7 @@ then
|
|||
fi
|
||||
echo "-- Signature serveur supprimée !"
|
||||
echo "Listen 8083" >> /etc/apache2/ports.conf
|
||||
echo "-- Port d'écoute ajouté !"
|
||||
echo "-- Ports d'écoute ajoutés !"
|
||||
|
||||
echo "############################"
|
||||
echo "# Configuration de Postfix #"
|
||||
|
|
@ -130,6 +130,12 @@ then
|
|||
echo -e "#######################\n## GENERALS SETTINGS ##\n#######################\n\nsmtpd_banner\t\t= \$myhostname ESMTP \$mail_name (Debian/GNU)\nbiff\t\t\t= no\nappend_dot_mydomain\t= no\nreadme_directory\t= no\ndelay_warning_time\t= 4h\nmailbox_command\t\t= procmail -a \"\$EXTENSION\"\nrecipient_delimiter\t= +\ndisable_vrfy_command\t= yes\nmessage_size_limit\t= 26214400\nmailbox_size_limit\t= 524288000\n\ninet_interfaces\t= all\ninet_protocols\t= ipv4\n\nmyhostname\t= $DOMAIN\nmyorigin\t= $DOMAIN\nmydestination\t= localhost localhost.\$mydomain\nmynetworks\t= 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128\nrelayhost\t= \n\nalias_maps\t= hash:/etc/aliases\nalias_database\t= hash:/etc/aliases\n\n##################\n## MILTERS ##\n##################\n\nmilter_protocol = 6\nmilter_default_action = accept\nsmtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock, unix:/clamav/clamav-milter.ctl\nnon_smtpd_milters = unix:/opendkim/opendkim.sock\n\n####################\n## TLS PARAMETERS ##\n####################\n# Smtp ( OUTGOING / Client )\nsmtp_tls_loglevel\t\t= 1\nsmtp_tls_security_level\t\t= may\nsmtp_tls_CAfile\t\t\t= /etc/ssl/certs/ca.cert.pem\nsmtp_tls_protocols\t\t= !SSLv3\nsmtp_tls_mandatory_protocols\t= !SSLv3\nsmtp_tls_mandatory_ciphers\t= high\nsmtp_tls_exclude_ciphers\t= aNULL, eNULL, EXPORT, DES, DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH\nsmtp_tls_note_starttls_offer\t= yes\n\n# Smtpd ( INCOMING / Server )\nsmtpd_tls_loglevel\t\t= 1\nsmtpd_tls_auth_only\t\t= yes\nsmtpd_tls_security_level\t= may\nsmtpd_tls_received_header\t= yes\nsmtpd_tls_protocols\t\t= !SSLv3\nsmtpd_tls_mandatory_protocols\t= !SSLv3\nsmtpd_tls_mandatory_ciphers\t= medium\nsmtpd_tls_CAfile\t\t= \$smtp_tls_CAfile\nsmtpd_tls_cert_file\t\t= etc/ssl/certs/mailserver.crt\nsmtpd_tls_key_file\t\t= /etc/ssl/private/mailserver.key\nsmtpd_tls_dh1024_param_file\t= \$config_directory/dh2048.pem\nsmtpd_tls_dh512_param_file\t= \$config_directory/dh512.pem\n\ntls_preempt_cipherlist\t= yes\ntls_random_source\t= dev:/dev/urandom\n\nsmtp_tls_session_cache_database\t\t= btree:\${data_directory}/smtp_scache\nsmtpd_tls_session_cache_database\t= tree:\${data_directory}/smtpd_scache\nlmtp_tls_session_cache_database\t\t= btree:\${data_directory}/lmtp_scache\n\n#####################\n## SASL PARAMETERS ##\n#####################\n\nsmtpd_sasl_auth_enable\t\t= yes\nsmtpd_sasl_type\t\t\t= dovecot\nsmtpd_sasl_path\t\t\t= private/auth\nsmtpd_sasl_security_options\t= noanonymous\nsmtpd_sasl_tls_security_options\t= \$smtpd_sasl_security_options\nsmtpd_sasl_local_domain\t\t= \$mydomain\nsmtpd_sasl_authenticated_header\t= yes\n\n##############################\n## VIRTUALS MAPS PARAMETERS ##\n##############################\n\nvirtual_uid_maps\t= static:5000\nvirtual_gid_maps\t= static:5000\nvirtual_minimum_uid\t= 5000\nvirtual_mailbox_base\t= /var/mail\nvirtual_transport\t= lmtp:unix:private/dovecot-lmtp\nvirtual_mailbox_domains\t= mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf\nvirtual_mailbox_maps\t= mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf\nvirtual_alias_maps\t= mysql:/etc/postfix/mysql-virtual-alias-maps.cf\nsmtpd_sender_login_maps\t= mysql:/etc/postfix/mysql-sender-ogin-maps.cf\n\n######################\n## ERRORS REPORTING ##\n######################\n\nbounce_template_file\t= /etc/postfix/bounce.cf\n\nnotify_classes\t\t= resource, software\n\nerror_notice_recipient\t= $POSTFIXADMIN_ADMIN@$DOMAIN\n\n##################\n## RESTRICTIONS ##\n##################\n\nmime_header_checks\t= regexp:/etc/postfix/header_checks\nheader_checks\t\t= regexp:/etc/postfix/header_checks\n\nsmtpd_recipient_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_non_fqdn_recipient,\n\treject_unauth_destination,\n\treject_unknown_recipient_domain,\n\treject_unlisted_recipient,\n\treject_rbl_client zen.spamhaus.org\n\nsmtpd_reject_unlisted_sender = yes\n\nsmtpd_sender_restrictions =\n\treject_non_fqdn_sender,\n\treject_unknown_sender_domain,\n\treject_sender_login_mismatch,\n\treject_authenticated_sender_login_mismatch,\n\treject_rhsbl_sender dbl.spamhaus.org,\n\treject_unlisted_sender\n\nsmtpd_helo_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_invalid_helo_hostname,\n\treject_non_fqdn_helo_hostname,\n\treject_unknown_helo_hostname\n\nsmtpd_helo_required = yes\n\nsmtpd_client_restrictions =\n\tpermit_mynetworks,\n\tpermit_inet_interfaces,\n\tpermit_sasl_authenticated,\n\treject_unauth_pipelining\n\nsmtpd_relay_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_unauth_destination" >> /etc/postfix/main.cf
|
||||
echo "" > /etc/postfix/bounce.cf
|
||||
echo -e "failure_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message non transmis\nPostmaster-Subject: Postmaster Copy: Message non transmis\n\nCeci est un message automatique du serveur $myhostname.\n\nNous sommes désolés de vous informer que votre message n'a pas pu\netre acheminé à un ou plusieurs destinataires.\nLe détail est expliqué ci dessous.\n\nPour une assistance, envoyez un e-mail à l'administrateur de\nvotre messagerie : postmaster@xarobase.com\n\nSi vous le faites, merci d'inclure ce message d'erreur dans\nvotre courriel.\n\n Le serveur de messagerie.\n\nMessage d'erreur :\nEOF\n\ndelay_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message mis en attente.\nPostmaster-Subject: Postmaster Warning: Delayed Mail\n\nCeci est un message automatique du serveur $myhostname.\n\n##############################################################################\n#C'EST UN SIMPLE AVERTISSEMENT, VOUS N'AVEZ PAS BESOIN DE RENVOYER UN MESSAGE#\n##############################################################################\n\nVotre message ne peut pas être délivré avant un délai de $delay_warning_time_hours heures.\n\nDes tentatives de renvoi seront effectuées durant : $maximal_queue_lifetime_days jours.\n\nPour une assistance, envoyez un e-mail à l'administrateur de\nvotre messagerie : postmaster@xarobase.com\n\nSi vous le faites, merci d'inclure ce message d'erreur dans\nvotre courriel.\n\n Le serveur de messagerie.\n\nMessage :\nEOF\n\nsuccess_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message correctement transmis\n\nCeci est un message automatique du serveur $myhostname.\n\nVotre message a correctement été envoyé aux destinataires listés ci-dessous\nSi le message a bien été délivré dans la boite de réception de votre destinataire,\nvous ne recevrez pas d'autre notification.\n\nSi non, vous pourriez recevoir des notifications provenant du système de messagerie\nde votre destinataire.\n\n Le serveur de messagerie.\n\nMessage :\nEOF\n\nverify_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Rapport de transmission de message\n\nCeci est un message automatique du serveur $myhostname.\n\nLe rapport de transmission de message que vous avez demandé est en pièce jointe.\n\n Le serveur de messagerie.\n\nMessage d'erreur :\nEOF" >> /etc/postfix/bounce.cf
|
||||
echo "" > /etc/postfix/master.cf
|
||||
echo -e "smtp\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o content_filter=spamassassin\n\nsubmission\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o syslog_name=postfix/submission\n\t-o smtpd_tls_dh1024_param_file=\${config_directory}/dh2048.pem\n\t-o smtpd_tls_security_level=encrypt\n\t-o smtpd_sasl_auth_enable=yes\n\t-o smtpd_client_restrictions=\$mua_client_restrictions\n\t-o smtpd_helo_restrictions=\$mua_helo_restrictions\n\t-o smtpd_sender_restrictions=\$mua_sender_restrictions\n\t-o smtpd_recipient_restrictions=\$mua_sender_restrictions\n\t-o content_filter=spamassassin\npickup\tunix\tn\t-\ty\t60\t1\tpickup\ncleanup\tunix\tn\t-\ty\t-\t0\tcleanup\nqmgr\tunix\tn\t-\tn\t300\t1\tqmgr\n#qmgr\tunix\tn\t-\tn\t300\t1\toqmgr\ntlsmgr\tunix\t-\t-\ty\t1000?\t1\ttlsmgr\nrewrite\tunix\t-\t-\ty\t-\t-\ttrivial-rewrite\nbounce\tunix\t-\t-\ty\t-\t0\tbounce\ndefer\tunix\t-\t-\ty\t-\t0\tbounce\ntrace\tunix\t-\t-\ty\t-\t0\tbounce\nverify\tunix\t-\t-\ty\t-\t1\tverify\nflush\tunix\tn\t-\ty\t1000?\t0\tflush\nproxymap\tunix\t-\t-\tn\t-\t-\tproxymap\nproxywrite\tunix -\t-\tn\t-\t1\tproxymap\nsmtp\tunix\t-\t-\ty\t-\t-\tsmtp\nrelay\tunix\t-\t-\ty\t-\t-\tsmtp\nshowq\tunix\tn\t-\ty\t-\t-\tshowq\nerror\tunix\t-\t-\ty\t-\t-\terror\nretry\tunix\t-\t-\ty\t-\t-\terror\ndiscard\tunix\t-\t-\ty\t-\t-\tdiscard\nlocal\tunix\t-\tn\tn\t-\t-\tlocal\nvirtual\tunix\t-\tn\tn\t-\t-\tvirtual\nlmtp\tunix\t-\t-\ty\t-\t-\tlmtp\nanvil\tunix\t-\t-\ty\t-\t1\tanvil\nscache\tunix\t-\t-\ty\t-\t1\tscache\nmaildrop\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}\nuucp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop\!rmail (\$recipient)\nifmail\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)\nbsmtp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient\nscalemail-ackend\tunix\t-\tn\tn\t-\t2\tpipe\n\tflags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}\nmailman\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=FR user=list rgv=/usr/lib/mailman/bin/postfix-to-mailman.py\n\t\${nexthop} \${user}\n\nspamassassin\tunix\t-\tn\tn\t-\t-\tpipe\n\tuser=debian-spamd argv=/usr/bin/spamc -s 26214400 -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf
|
||||
echo "" > /etc/postfix/header_checks
|
||||
echo -e "/^Received:.*with ESMTPSA/\tIGNORE\n/^X-Originating-IP:/\t\tIGNORE\n/^X-Mailer:/\t\t\tIGNORE\n/^User-Agent:/\t\t\tIGNORE" >> /etc/postfix/header_checks
|
||||
postmap /etc/postfix/header_checks
|
||||
echo "-- Fichiers créés !"
|
||||
cd /etc/ssl/
|
||||
openssl genrsa -out ca.key.pem 4096
|
||||
openssl req -x509 -new -nodes -days 3650 -sha256 -key ca.key.pem -out ca.cert.pem
|
||||
|
|
@ -146,6 +152,7 @@ then
|
|||
mv mailserver.crt certs/
|
||||
openssl dhparam -out /etc/postfix/dh2048.pem 2048
|
||||
openssl dhparam -out /etc/postfix/dh512.pem 512
|
||||
echo "-- Certificats générés !"
|
||||
touch /etc/postfix/mysql-virtual-mailbox-domains.cf
|
||||
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1" >> /etc/postfix/mysql-virtual-mailbox-domains.cf
|
||||
touch /etc/postfix/mysql-virtual-mailbox-maps.cf
|
||||
|
|
@ -154,11 +161,8 @@ then
|
|||
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-virtual-alias-maps.cf
|
||||
touch /etc/postfix/mysql-sender-login-maps.cf
|
||||
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-sender-login-maps.cf
|
||||
echo "" > /etc/postfix/master.cf
|
||||
echo -e "smtp\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o content_filter=spamassassin\n\nsubmission\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o syslog_name=postfix/submission\n\t-o smtpd_tls_dh1024_param_file=\${config_directory}/dh2048.pem\n\t-o smtpd_tls_security_level=encrypt\n\t-o smtpd_sasl_auth_enable=yes\n\t-o smtpd_client_restrictions=\$mua_client_restrictions\n\t-o smtpd_helo_restrictions=\$mua_helo_restrictions\n\t-o smtpd_sender_restrictions=\$mua_sender_restrictions\n\t-o smtpd_recipient_restrictions=\$mua_sender_restrictions\n\t-o content_filter=spamassassin\npickup\tunix\tn\t-\ty\t60\t1\tpickup\ncleanup\tunix\tn\t-\ty\t-\t0\tcleanup\nqmgr\tunix\tn\t-\tn\t300\t1\tqmgr\n#qmgr\tunix\tn\t-\tn\t300\t1\toqmgr\ntlsmgr\tunix\t-\t-\ty\t1000?\t1\ttlsmgr\nrewrite\tunix\t-\t-\ty\t-\t-\ttrivial-rewrite\nbounce\tunix\t-\t-\ty\t-\t0\tbounce\ndefer\tunix\t-\t-\ty\t-\t0\tbounce\ntrace\tunix\t-\t-\ty\t-\t0\tbounce\nverify\tunix\t-\t-\ty\t-\t1\tverify\nflush\tunix\tn\t-\ty\t1000?\t0\tflush\nproxymap\tunix\t-\t-\tn\t-\t-\tproxymap\nproxywrite\tunix -\t-\tn\t-\t1\tproxymap\nsmtp\tunix\t-\t-\ty\t-\t-\tsmtp\nrelay\tunix\t-\t-\ty\t-\t-\tsmtp\nshowq\tunix\tn\t-\ty\t-\t-\tshowq\nerror\tunix\t-\t-\ty\t-\t-\terror\nretry\tunix\t-\t-\ty\t-\t-\terror\ndiscard\tunix\t-\t-\ty\t-\t-\tdiscard\nlocal\tunix\t-\tn\tn\t-\t-\tlocal\nvirtual\tunix\t-\tn\tn\t-\t-\tvirtual\nlmtp\tunix\t-\t-\ty\t-\t-\tlmtp\nanvil\tunix\t-\t-\ty\t-\t1\tanvil\nscache\tunix\t-\t-\ty\t-\t1\tscache\nmaildrop\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}\nuucp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop\!rmail (\$recipient)\nifmail\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)\nbsmtp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient\nscalemail-ackend\tunix\t-\tn\tn\t-\t2\tpipe\n\tflags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}\nmailman\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=FR user=list rgv=/usr/lib/mailman/bin/postfix-to-mailman.py\n\t\${nexthop} \${user}\n\nspamassassin\tunix\t-\tn\tn\t-\t-\tpipe\n\tuser=debian-spamd argv=/usr/bin/spamc -s 26214400 -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf
|
||||
echo "" > /etc/postfix/header_checks
|
||||
echo -e "/^Received:.*with ESMTPSA/\tIGNORE\n/^X-Originating-IP:/\t\tIGNORE\n/^X-Mailer:/\t\t\tIGNORE\n/^User-Agent:/\t\t\tIGNORE" >> /etc/postfix/header_checks
|
||||
postmap /etc/postfix/header_checks
|
||||
echo "-- Requêtes SQL créés !"
|
||||
echo "-- Postfix déployé !"
|
||||
|
||||
echo "############################"
|
||||
echo "# Configuration de Dovecot #"
|
||||
|
|
@ -167,30 +171,34 @@ then
|
|||
echo -e "!include_try /usr/share/dovecot/protocols.d/*.protocol\n protocols = imap lmtp sieve\nlisten = *\nmail_plugins = \$mail_plugins quota\n!include conf.d/*.conf\n!include_try local.conf" >> /etc/dovecot/dovecot.conf
|
||||
echo "" > /etc/dovecot/conf.d/10-mail.conf
|
||||
echo -e "mail_location = maildir:/var/mail/vhosts/%d/%n/mail\nmaildir_stat_dirs=yes\nnamespace inbox {\n\tinbox = yes\n}\nmail_uid = 5000\nmail_gid = 5000\nfirst_valid_uid = 5000\nlast_valid_uid = 5000\nmail_privileged_group = vmail" >> /etc/dovecot/conf.d/10-mail.conf
|
||||
mkdir -p /var/mail/vhosts/$DOMAIN
|
||||
groupadd -g 5000 vmail
|
||||
useradd -g vmail -u 5000 vmail -d /var/mail
|
||||
chown -R vmail:vmail /var/mail
|
||||
echo "" > /etc/dovecot/conf.d/10-auth.conf
|
||||
echo -e "disable_plaintext_auth = yes\nauth_mechanisms = plain login\n!include auth-sql.conf.ext" >> /etc/dovecot/conf.d/10-auth.conf
|
||||
echo "" > /etc/dovecot/conf.d/auth-sql.conf.ext
|
||||
echo -e "passdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}\nuserdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}" >> /etc/dovecot/conf.d/auth-sql.conf.ext
|
||||
echo "" > /etc/dovecot/dovecot-sql.conf
|
||||
echo -e "driver = mysql\nconnect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\ndefault_pass_scheme = SHA512-CRYPT\nuser_query = SELECT CONCAT('/var/mail/vhosts/',maildir) as home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') as mail, CONCAT('*:bytes=', IF(mailbox.quota = -1, domain.maxquota*1048576, mailbox.quota)) as quota_rule FROM mailbox, domain WHERE username = '%u' AND mailbox.active = '1' AND domain.domain = '%d' AND domain.active = '1'\npassword_query = SELECT username as user, password, CONCAT('/var/mail/vhosts/',maildir) AS userdb_home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') AS userdb_mail FROM mailbox WHERE username = '%u' AND active = '1'" >> /etc/dovecot/dovecot-sql.conf
|
||||
chown -R vmail:dovecot /etc/dovecot
|
||||
chmod -R o-rwx /etc/dovecot
|
||||
echo "" > /etc/dovecot/conf.d/10-master.conf
|
||||
echo -e "service imap-login {\n\tinet_listener imap {\n\t\tport = 143\n\t}\n\tinet_listener imaps {\n\t\tport = 993\n\t\tssl = yes\n\t}\n\tservice_count = 0\n}\nservice lmtp {\n\tunix_listener /var/spool/postfix/private/dovecot-lmtp {\n\t\tmode = 0600\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n}\nservice auth {\n\tunix_listener auth-userdb {\n\t\tmode = 0600\n\t\tuser = vmail\n\t\tgroup = vmail\n\t}\n\tunix_listener /var/spool/postfix/private/auth {\n\t\tmode = 0666\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n\tuser = dovecot\n}\nservice auth-worker {\n\tuser = vmail\n}" >> /etc/dovecot/conf.d/10-master.conf
|
||||
echo "" > /etc/dovecot/conf.d/10-ssl.conf
|
||||
echo -e "ssl = required\nssl_cert = </etc/ssl/certs/mailserver.crt\nssl_key = </etc/ssl/private/mailserver.key\nssl_dh_parameters_length = 2048\nssl_protocols = !SSLv3\nssl_cipher_list = ALL:!aNULL:!eNULL:!LOW:!MEDIUM:!EXP:!RC2:!RC4:!DES:!3DES:!MD5:!PSK:!SRP:!DSS:!AECDH:!ADH:@STRENGTH\nssl_prefer_server_ciphers = yes" >> /etc/dovecot/conf.d/10-ssl.conf
|
||||
touch /etc/dovecot/dovecot-dict-sql-user.conf
|
||||
echo -e "connect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\n\nmap {\n\tpattern = priv/quota/storage\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = bytes\n}\nmap {\n\tpattern = priv/quota/messages\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = messages\n}" >> /etc/dovecot/dovecot-dict-sql-user.conf
|
||||
touch /etc/dovecot/dovecot-dict-sql-domain.conf
|
||||
echo -e "connect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\n\nmap {\n\tpattern = priv/quota/storage\n\ttable = domain\n\tusername_field = domain\n\tvalue_field = quota\n}\n\nmap {\n\tpattern = priv/quota/messages\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = messages\n}" >> /etc/dovecot/dovecot-dict-sql-domain.conf
|
||||
echo "" > /etc/dovecot/conf.d/20-imap.conf
|
||||
echo -e "protocol imap {\n\tmail_plugins = \$mail_plugins imap_quota\n}" >> /etc/dovecot/conf.d/20-imap.conf
|
||||
echo "" > /etc/dovecot/conf.d/90-quota.conf
|
||||
echo -e "service dict {\n\tunix_listener dict {\n\t\tmode = 0600\n\t\tuser = vmail\n\t}\n}\nplugin {\n\tquota = dict:Quota:%d:proxy::sqldomainquota\n\tquota = dict:User Quota::proxy::sqluserquota\n\n\tquota_rule2 = Trash:storage=+10%%\n}\n\ndict {\n\tsqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf\n\tsqldomainquota = mysql:/etc/dovecot/dovecot-dict-sql-domain.conf\n}" >> /etc/dovecot/conf.d/90-quota.conf
|
||||
echo "-- Fichiers créés !"
|
||||
echo "" > /etc/dovecot/conf.d/auth-sql.conf.ext
|
||||
echo -e "passdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}\nuserdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}" >> /etc/dovecot/conf.d/auth-sql.conf.ext
|
||||
echo "" > /etc/dovecot/dovecot-sql.conf
|
||||
echo -e "driver = mysql\nconnect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\ndefault_pass_scheme = SHA512-CRYPT\nuser_query = SELECT CONCAT('/var/mail/vhosts/',maildir) as home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') as mail, CONCAT('*:bytes=', IF(mailbox.quota = -1, domain.maxquota*1048576, mailbox.quota)) as quota_rule FROM mailbox, domain WHERE username = '%u' AND mailbox.active = '1' AND domain.domain = '%d' AND domain.active = '1'\npassword_query = SELECT username as user, password, CONCAT('/var/mail/vhosts/',maildir) AS userdb_home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') AS userdb_mail FROM mailbox WHERE username = '%u' AND active = '1'" >> /etc/dovecot/dovecot-sql.conf
|
||||
touch /etc/dovecot/dovecot-dict-sql-user.conf
|
||||
echo -e "connect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\n\nmap {\n\tpattern = priv/quota/storage\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = bytes\n}\nmap {\n\tpattern = priv/quota/messages\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = messages\n}" >> /etc/dovecot/dovecot-dict-sql-user.conf
|
||||
touch /etc/dovecot/dovecot-dict-sql-domain.conf
|
||||
echo -e "connect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\n\nmap {\n\tpattern = priv/quota/storage\n\ttable = domain\n\tusername_field = domain\n\tvalue_field = quota\n}\n\nmap {\n\tpattern = priv/quota/messages\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = messages\n}" >> /etc/dovecot/dovecot-dict-sql-domain.conf
|
||||
echo "-- Requêtes SQL créés !"
|
||||
chown -R vmail:dovecot /etc/dovecot
|
||||
chmod -R o-rwx /etc/dovecot
|
||||
mkdir -p /var/mail/vhosts/$DOMAIN
|
||||
groupadd -g 5000 vmail
|
||||
useradd -g vmail -u 5000 vmail -d /var/mail
|
||||
chown -R vmail:vmail /var/mail
|
||||
echo "-- Droits appliqués !"
|
||||
echo "-- Dovecot déployé !"
|
||||
|
||||
echo "#################################"
|
||||
echo "# Configuration de SpamAssassin #"
|
||||
|
|
@ -199,6 +207,7 @@ then
|
|||
echo -e "rewrite_header Subject *****SPAM*****\n\nifplugin Mail::SpamAssassin::Plugin::Shortcircuit\n\nendif # Mail::SpamAssassin::Plugin::Shortcircuit\n\nreport_safe 0\nwhitelist_auth *@$DOMAIN\n\nadd_header all Report _REPORT_\nadd_header spam Flag _YESNOCAPS_\nadd_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_\nadd_header all Level _STARS(*)_\nadd_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_" >> /etc/spamassassin/local.cf
|
||||
echo "" > /etc/default/spamassassin
|
||||
echo -e "ENABLED=0\nOPTIONS=\"--create-prefs --max-children 5 --helper-home-dir\"\nPIDFILE=\"/var/run/spamd.pid\"\nCRON=0\n" >> /etc/default/spamassassin
|
||||
echo "-- Fichiers créés !"
|
||||
if [ -z $SPAMASSASSIN_CRONTAB_UPDATE ];
|
||||
then
|
||||
crontab -l | { cat; echo "00 02 * * * /usr/bin/sa-update"; } | crontab -
|
||||
|
|
@ -208,6 +217,8 @@ then
|
|||
crontab -l | { cat; echo "*/10 * * * * /usr/bin/sa-learn --ham /var/mail/vhosts/*/*/mail/cur/* >/dev/null 2>&1"; } | crontab -
|
||||
crontab -l | { cat; echo "*/10 * * * * /usr/bin/sa-learn --spam /var/mail/vhosts/*/*/mail/.Junk/cur/* >/dev/null 2>&1"; } | crontab -
|
||||
fi
|
||||
echo "-- Crontab ajouté !"
|
||||
echo "-- SpamAssassin déployé !"
|
||||
|
||||
echo "##########################"
|
||||
echo "# Configuration de Sieve #"
|
||||
|
|
@ -220,7 +231,10 @@ then
|
|||
touch /var/mail/sieve/default.sieve
|
||||
echo -e "require [\"fileinto\"];\nif header :contains \"Subject\" \"*****SPAM*****\" {\nfileinto \"Junk\";\n}" >>/var/mail/sieve/default.sieve
|
||||
sievec /var/mail/sieve/default.sieve
|
||||
echo "-- Fichiers créés !"
|
||||
chown -R vmail:vmail /var/mail/sieve
|
||||
echo "-- Droits appliqués !"
|
||||
echo "-- Sieve déployé !"
|
||||
|
||||
echo "###########################"
|
||||
echo "# Configuration de ClamAV #"
|
||||
|
|
@ -229,10 +243,14 @@ then
|
|||
freshclam
|
||||
systemctl start clamav-freshclam
|
||||
systemctl start clamav-daemon
|
||||
echo "-- Mises à jours effectuées !"
|
||||
mkdir /var/spool/postfix/clamav
|
||||
chown clamav /var/spool/postfix/clamav
|
||||
echo "-- Droits appliqués !"
|
||||
echo "" > /etc/clamav/clamav-milter.conf
|
||||
echo -e "MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl\nFixStaleSocket true\nUser clamav\nReadTimeout 120\nForeground false\nPidFile /var/run/clamav/clamav-milter.pid\nClamdSocket unix:/var/run/clamav/clamd.ctl\nOnClean Accept\nOnInfected Reject\nOnFail Defer\nAddHeader Replace\nLogSyslog false\nLogFacility LOG_LOCAL6\nLogVerbose false\nLogInfected Full\nLogClean Off\nLogRotate true\nMaxFileSize 50M\nSupportMultipleRecipients false\nRejectMsg Rejecting harmful e-mail: %v found.\nTemporaryDirectory /tmp\nLogFile /var/log/clamav/clamav-milter.log\nLogTime true\nLogFileUnlock false\nLogFileMaxSize 50\nMilterSocketGroup clamav\nMilterSocketMode 666" >>/etc/clamav/clamav-milter.conf
|
||||
echo "-- Configuration créée !"
|
||||
echo "-- ClamAV déployé !"
|
||||
|
||||
echo "#############################"
|
||||
echo "# Configuration de OpenDKIM #"
|
||||
|
|
@ -249,19 +267,26 @@ then
|
|||
echo -e "mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail.private" >> /etc/opendkim/KeyTable
|
||||
touch /etc/opendkim/SigningTable
|
||||
echo -e "*@$DOMAIN mail._domainkey.$DOMAIN" >> /etc/opendkim/SigningTable
|
||||
echo "-- Fichiers créés !"
|
||||
mkdir -p /etc/opendkim/keys/$DOMAIN
|
||||
cd /etc/opendkim/keys/$DOMAIN
|
||||
opendkim-genkey -s mail -d $DOMAIN -b 4096
|
||||
echo "-- Clé généré !"
|
||||
chown opendkim:opendkim /etc/opendkim/keys/$DOMAIN/mail.private
|
||||
echo "-- Droits appliqués !"
|
||||
echo "-- OpenDKIM déployé !"
|
||||
|
||||
echo "##############################"
|
||||
echo "# Configuration de OpenDMARC #"
|
||||
echo "##############################"
|
||||
echo "" > /etc/opendmarc.conf
|
||||
echo -e "AutoRestart\t\tYes\nAutoRestartRate\t\t10/1h\nUMask\t\t\t0002\nSyslog\t\t\ttrue\n\nAuthservID\t\t\"$HOSTNAME.$DOMAIN\"\nTrustedAuthservIDs\t\"$HOSTNAME.$DOMAIN\"\nIgnoreHosts\t\t/etc/opendkim/TrustedHosts\nIgnoreMailFrom\t\t\"$DOMAIN\"\nRejectFailures\t\tfalse\n\nUserID\t\t\topendmarc:opendmarc\nPidFile\t\t\t/var/run/opendmarc/opendmarc.pid\nSocket\t\t\tlocal:/var/spool/postfix/opendmarc/opendmarc.sock" >> /etc/opendmarc.conf
|
||||
echo "-- Fichier créé !"
|
||||
mkdir /var/spool/postfix/opendmarc
|
||||
chown opendmarc: /var/spool/postfix/opendmarc
|
||||
usermod -aG opendmarc postfix
|
||||
echo "-- Droits appliqués !"
|
||||
echo "-- OpenDMARC déployé !"
|
||||
|
||||
echo "#############################"
|
||||
echo "# Installation PostfixAdmin #"
|
||||
|
|
|
|||
Loading…
Reference in New Issue