#!/bin/bash # Vérification root if [ `whoami` != 'root' ]; then exit fi # Initialisation des variables SOURCE=`pwd` echo ' __ __ _____ ____ ____ _____ ______' echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|' echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__' echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|' echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____' echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|' echo ' _____ __ _' echo '/ ___| / _| |' echo '\ `--. ___ | |_| |___ ____ _ _ __ ___' echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \' echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/' echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|' echo "" echo "Programme de déploiement de service mail (V1)" echo "" read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulez-vous continuer ? (o/N) : " CONFIRM CONFIRM=${CONFIRM^^} if [ $CONFIRM != 'O' ]; then exit fi echo "#######################" echo "# Lancement du script #" echo "#######################" # Installation des mises à jours echo "########################################" echo "# Début de la procédure de mise à jour #" echo "########################################" apt-get update apt-get upgrade -y echo "-- Mise à jour terminé !" # Services à déployer echo "#######################" echo "# Services à déployer #" echo "#######################" read -p "Voulez-vous déployer le service mail ? (o/N) : " MAIL MAIL=${MAIL^^} if [ $MAIL == 'O' ]; then # Installation Mail echo "###############################################" echo "# Lancement de l'installation du service mail #" echo "###############################################" apt-get install mariadb-server mariadb-client expect -y echo "-- Installation de MariaDB terminé !" apt-get install postfix -y echo "-- Installation de Postfix terminé !" apt-get install postfix-mysql -y echo "-- Installation du plugin postfix-mysql terminé !" apt-get install dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql -y echo "-- Installation de Dovecot terminé !" apt-get install spamassassin spamc -y echo "-- Installation de SpamAssassin terminé !" apt-get install dovecot-sieve dovecot-managesieved -y echo "-- Installation de Sieve terminé !" apt-get install clamav-milter -y echo "-- Installation de ClamAV terminé !" apt-get install opendkim opendkim-tools -y echo "-- Installation de OpenDKIM terminé !" apt-get install opendmarc -y echo "-- Installation de OpenDMARC terminé !" apt-get install apache2 -y echo "-- Installation de Apache terminé !" apt-get install php php-mysql php-imap php-mbstring -y echo "-- Installation de PHP terminé !" # Questions Mail et définition des variables echo "#################################" echo "# Configuration du service mail #" echo "#################################" read -p "Entrer votre nom de domaine : " DOMAIN read -p "Définir le nom d'utilisateur administrateur du serveur mail : " POSTFIXADMIN_ADMIN read -p "Entrer le mot de passe root du SGBD (laisser vide si première BDD) : " MARIADB_ROOT_PASSWORD read -p "Définir le mot de passe postfix du SGBD : " MARIADB_POSTFIX_PASSWORD APACHE_CONFIG_SS=`cat /etc/apache2/apache2.conf | grep "ServerSignature Off"` APACHE_CONFIG_ST=`cat /etc/apache2/apache2.conf | grep "ServerTokens Prod"` SPAMASSASSIN_CRONTAB_UPDATE=`crontab -l | grep "/usr/bin/sa-update"` SPAMASSASSIN_CRONTAB_LEARN=`crontab -l | grep "/usr/bin/sa-learn"` echo "#####################" echo "# Configuration BDD #" echo "#####################" mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "UPDATE mysql.user SET Password=PASSWORD('$MARIADB_ROOT_PASSWORD') WHERE User='root';" echo "-- Mot de passe root changé !" mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "DELETE FROM mysql.user WHERE User='';" echo "-- Suppression des utilisateurs anonymes !" mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" echo "-- Suppression des connexions root à distance !" mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "CREATE database postfix;" echo "-- Base de donné postfix créée !" mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "CREATE USER 'postfix'@'localhost' IDENTIFIED BY '$MARIADB_POSTFIX_PASSWORD';" mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "GRANT USAGE ON *.* TO 'postfix'@'localhost';" mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'localhost';" echo "-- Création de l'utilisateur postfix !" mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "FLUSH PRIVILEGES;" echo "-- Application des paramètres !" echo "###########################" echo "# Configuration de Apache #" echo "###########################" if [ -z $APACHE_CONFIG_SS ]; then echo "ServerSignature Off" >> /etc/apache2/apache2.conf fi if [ -z $APACHE_CONFIG_ST ]; then echo "ServerTokens Prod" >> /etc/apache2/apache2.conf fi echo "-- Signature serveur supprimée !" echo "Listen 8083" >> /etc/apache2/ports.conf echo "-- Ports d'écoute ajoutés !" echo "############################" echo "# Configuration de Postfix #" echo "############################" echo "" > /etc/postfix/main.cf echo -e "#######################\n## GENERALS SETTINGS ##\n#######################\n\nsmtpd_banner\t\t= \$myhostname ESMTP \$mail_name (Debian/GNU)\ncompatibility_level\t= 2\nbiff\t\t\t= no\nappend_dot_mydomain\t= no\nreadme_directory\t= no\nallow_percent_hack\t= no\ndelay_warning_time\t= 4h\nmailbox_command\t\t= procmail -a \"\$EXTENSION\"\nrecipient_delimiter\t= +\ndisable_vrfy_command\t= yes\nmessage_size_limit\t= 26214400\nmailbox_size_limit\t= 524288000\n\ninet_interfaces\t= all\ninet_protocols\t= ipv4\n\nmyhostname\t= $DOMAIN\nmyorigin\t= $DOMAIN\nmydestination\t= localhost localhost.\$mydomain\nmynetworks\t= 127.0.0.0/8\nrelayhost\t= \n\n##################\n## MILTERS ##\n##################\n\nmilter_protocol = 6\nmilter_default_action = accept\nsmtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock, unix:/clamav/clamav-milter.ctl\nnon_smtpd_milters = unix:/opendkim/opendkim.sock\n\n####################\n## TLS PARAMETERS ##\n####################\n# Smtp ( OUTGOING / Client )\nsmtp_tls_loglevel\t\t= 1\nsmtp_tls_security_level\t\t= may\nsmtp_tls_CApath\t\t\t= /etc/ssl/certs\nsmtp_tls_protocols\t\t= !TLSv1, !SSLv2, !SSLv3\nsmtp_tls_mandatory_protocols\t= !TLSv1, !SSLv2, !SSLv3\nsmtp_tls_mandatory_ciphers\t= high\nsmtp_tls_note_starttls_offer\t= yes\n\n# Smtpd ( INCOMING / Server )\nsmtpd_tls_loglevel\t\t= 1\nsmtpd_tls_auth_only\t\t= yes\nsmtpd_tls_security_level\t= may\nsmtpd_tls_received_header\t= yes\nsmtpd_tls_protocols\t\t= !TLSv1, !SSLv2, !SSLv3\nsmtpd_tls_mandatory_protocols\t= !TLSv1, !SSLv2, !SSLv3\nsmtpd_tls_mandatory_ciphers\t= medium\nsmtpd_tls_exclude_ciphers\t= aNULL, eNULL, EXPORT, DES, 3DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH, SEED\nsmtpd_tls_CAfile\t\t= /etc/ssl/certs/ca.cert.pem\nsmtpd_tls_cert_file\t\t= /etc/ssl/certs/mailserver.crt\nsmtpd_tls_key_file\t\t= /etc/ssl/private/mailserver.key\nsmtpd_tls_dh1024_param_file\t= \$config_directory/dh2048.pem\n\ntls_preempt_cipherlist\t= yes\ntls_random_source\t= dev:/dev/urandom\n\nsmtp_tls_session_cache_database\t\t= btree:\${data_directory}/smtp_scache\nsmtpd_tls_session_cache_database\t= btree:\${data_directory}/smtpd_scache\nlmtp_tls_session_cache_database\t\t= btree:\${data_directory}/lmtp_scache\n\n#####################\n## SASL PARAMETERS ##\n#####################\n\nsmtpd_sasl_auth_enable\t\t= yes\nsmtpd_sasl_type\t\t\t= dovecot\nsmtpd_sasl_path\t\t\t= private/auth\nsmtpd_sasl_security_options\t= noanonymous\nsmtpd_sasl_tls_security_options\t= \$smtpd_sasl_security_options\nsmtpd_sasl_local_domain\t\t= \$mydomain\nsmtpd_sasl_authenticated_header\t= no\n\n##############################\n## VIRTUALS MAPS PARAMETERS ##\n##############################\n\nvirtual_uid_maps\t= static:5000\nvirtual_gid_maps\t= static:5000\nvirtual_minimum_uid\t= 5000\nvirtual_mailbox_base\t= /var/mail\nvirtual_transport\t= lmtp:unix:private/dovecot-lmtp\nvirtual_mailbox_domains\t= mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf\nvirtual_mailbox_maps\t= mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf\nvirtual_alias_maps\t= mysql:/etc/postfix/mysql-virtual-alias-maps.cf\nsmtpd_sender_login_maps\t= mysql:/etc/postfix/mysql-sender-login-maps.cf\n\n######################\n## ERRORS REPORTING ##\n######################\n\nbounce_template_file\t= /etc/postfix/bounce.cf\n\nnotify_classes\t\t= resource, software\n\nerror_notice_recipient\t= $POSTFIXADMIN_ADMIN@$DOMAIN\n\n##################\n## RESTRICTIONS ##\n##################\n\nmime_header_checks\t= regexp:/etc/postfix/header_checks\nheader_checks\t\t= regexp:/etc/postfix/header_checks\n\nsmtpd_recipient_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_non_fqdn_recipient,\n\treject_unauth_destination,\n\treject_unknown_recipient_domain,\n\treject_unlisted_recipient,\n\treject_rbl_client zen.spamhaus.org\n\nsmtpd_reject_unlisted_sender = yes\n\nsmtpd_sender_restrictions =\n\treject_non_fqdn_sender,\n\treject_unknown_sender_domain,\n\treject_sender_login_mismatch,\n\treject_authenticated_sender_login_mismatch,\n\treject_rhsbl_sender dbl.spamhaus.org,\n\treject_unlisted_sender\n\nsmtpd_helo_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_invalid_helo_hostname,\n\treject_non_fqdn_helo_hostname,\n\treject_unknown_helo_hostname\n\nsmtpd_helo_required = yes\n\nsmtpd_client_restrictions =\n\tpermit_mynetworks,\n\tpermit_inet_interfaces,\n\tpermit_sasl_authenticated,\n\treject_unauth_pipelining\n\nsmtpd_relay_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_unauth_destination" >> /etc/postfix/main.cf echo "" > /etc/postfix/bounce.cf echo -e "failure_template = <> /etc/postfix/bounce.cf echo "" > /etc/postfix/master.cf echo -e "smtp\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o content_filter=spamassassin\n\nsubmission\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o syslog_name=postfix/submission\n\t-o smtpd_tls_dh1024_param_file=\${config_directory}/dh2048.pem\n\t-o smtpd_tls_security_level=encrypt\n\t-o smtpd_sasl_auth_enable=yes\n\t-o content_filter=spamassassin\npickup\tunix\tn\t-\ty\t60\t1\tpickup\ncleanup\tunix\tn\t-\ty\t-\t0\tcleanup\nqmgr\tunix\tn\t-\tn\t300\t1\tqmgr\ntlsmgr\tunix\t-\t-\ty\t1000?\t1\ttlsmgr\nrewrite\tunix\t-\t-\ty\t-\t-\ttrivial-rewrite\nbounce\tunix\t-\t-\ty\t-\t0\tbounce\ndefer\tunix\t-\t-\ty\t-\t0\tbounce\ntrace\tunix\t-\t-\ty\t-\t0\tbounce\nverify\tunix\t-\t-\ty\t-\t1\tverify\nflush\tunix\tn\t-\ty\t1000?\t0\tflush\nproxymap\tunix\t-\t-\tn\t-\t-\tproxymap\nproxywrite\tunix -\t-\tn\t-\t1\tproxymap\nsmtp\tunix\t-\t-\ty\t-\t-\tsmtp\nrelay\tunix\t-\t-\ty\t-\t-\tsmtp\nshowq\tunix\tn\t-\ty\t-\t-\tshowq\nerror\tunix\t-\t-\ty\t-\t-\terror\nretry\tunix\t-\t-\ty\t-\t-\terror\ndiscard\tunix\t-\t-\ty\t-\t-\tdiscard\nlocal\tunix\t-\tn\tn\t-\t-\tlocal\nvirtual\tunix\t-\tn\tn\t-\t-\tvirtual\nlmtp\tunix\t-\t-\ty\t-\t-\tlmtp\nanvil\tunix\t-\t-\ty\t-\t1\tanvil\nscache\tunix\t-\t-\ty\t-\t1\tscache\nmaildrop\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}\nuucp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop\!rmail (\$recipient)\nifmail\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)\nbsmtp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient\nscalemail-ackend\tunix\t-\tn\tn\t-\t2\tpipe\n\tflags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}\nmailman\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=FR user=list rgv=/usr/lib/mailman/bin/postfix-to-mailman.py\n\t\${nexthop} \${user}\n\nspamassassin\tunix\t-\tn\tn\t-\t-\tpipe\n\tuser=debian-spamd argv=/usr/bin/spamc -s 26214400 -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf echo "" > /etc/postfix/header_checks echo -e "/^\s*Received:[^\\\n]*(.*)/\t\tREPLACE Received: from authenticated-user ({{ .FQDN }} [127.0.0.1])\$1\n/^\s*User-Agent:/\t\t\tIGNORE\n/^\s*X-Enigmail:/\t\t\tIGNORE\n/^\s*X-Mailer:/\t\t\t\tIGNORE\n/^\s*X-Originating-IP:/\t\t\tIGNORE\n/^\s*X-Pgp-Agent:/\t\t\tIGNORE\n/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/\tREPLACE \$1\n/filename=\\\"?(.*)\.(ade|adp|bat|chm|cmd|com|cpl|docm|exe|hta|ins|isp|jar|js|jse|lib|lnk|mde|msc|msi|msp|mst|nsh|pif|ps|scr|sct|sh|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh)\\\"?$/ REJECT .2$ files are prohibited for security reasons" >> /etc/postfix/header_checks postmap /etc/postfix/header_checks postalias /etc/aliases echo "-- Fichiers créés !" cd /etc/ssl/ openssl genrsa -out ca.key.pem 4096 openssl req -x509 -new -nodes -days 3650 -sha256 -key ca.key.pem -out ca.cert.pem openssl genrsa -out mailserver.key 4096 openssl req -new -sha256 -key mailserver.key -out mailserver.csr openssl x509 -req -days 3650 -sha256 -in mailserver.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out mailserver.crt chmod 444 ca.cert.pem chmod 444 mailserver.crt chmod 400 ca.key.pem chmod 400 mailserver.key mv ca.key.pem private/ mv ca.cert.pem certs/ mv mailserver.key private/ mv mailserver.crt certs/ openssl dhparam -out /etc/postfix/dh2048.pem 2048 openssl dhparam -out /etc/postfix/dh512.pem 512 echo "-- Certificats générés !" touch /etc/postfix/mysql-virtual-mailbox-domains.cf echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1" >> /etc/postfix/mysql-virtual-mailbox-domains.cf touch /etc/postfix/mysql-virtual-mailbox-maps.cf echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1" >> /etc/postfix/mysql-virtual-mailbox-maps.cf touch /etc/postfix/mysql-virtual-alias-maps.cf echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-virtual-alias-maps.cf touch /etc/postfix/mysql-sender-login-maps.cf echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-sender-login-maps.cf echo "-- Requêtes SQL créés !" echo "-- Postfix déployé !" echo "############################" echo "# Configuration de Dovecot #" echo "############################" echo "" > /etc/dovecot/dovecot.conf echo -e "!include_try /usr/share/dovecot/protocols.d/*.protocol\n protocols = imap lmtp sieve\nlisten = *\nmail_plugins = \$mail_plugins quota\n!include conf.d/*.conf\n!include_try local.conf" >> /etc/dovecot/dovecot.conf echo "" > /etc/dovecot/conf.d/10-mail.conf echo -e "mail_location = maildir:/var/mail/vhosts/%d/%n/mail\nmaildir_stat_dirs=yes\nnamespace inbox {\n\tinbox = yes\n}\nmail_uid = 5000\nmail_gid = 5000\nfirst_valid_uid = 5000\nlast_valid_uid = 5000\nmail_privileged_group = vmail" >> /etc/dovecot/conf.d/10-mail.conf echo "" > /etc/dovecot/conf.d/10-auth.conf echo -e "disable_plaintext_auth = yes\nauth_mechanisms = plain login\n!include auth-sql.conf.ext" >> /etc/dovecot/conf.d/10-auth.conf echo "" > /etc/dovecot/conf.d/10-logging.conf echo -e "log_path = syslog\nsyslog_facility = mail\n\n#auth_verbose = yes\n#auth_verbose_passwords = sha1\n#auth_debug = yes\n#auth_debug_passwords = yes\n#mail_debug = yes\n#verbose_ssl = yes" >> /etc/dovecot/conf.d/10-logging.conf echo "" > /etc/dovecot/conf.d/10-master.conf echo -e "service imap-login {\n\tinet_listener imap {\n\t\tport = 143\n\t}\n\tinet_listener imaps {\n\t\tport = 993\n\t\tssl = yes\n\t}\n\tservice_count = 0\n}\nservice lmtp {\n\tunix_listener /var/spool/postfix/private/dovecot-lmtp {\n\t\tmode = 0600\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n}\nservice auth {\n\tunix_listener auth-userdb {\n\t\tmode = 0600\n\t\tuser = vmail\n\t\tgroup = vmail\n\t}\n\tunix_listener /var/spool/postfix/private/auth {\n\t\tmode = 0666\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n\tuser = dovecot\n}\nservice auth-worker {\n\tuser = vmail\n}" >> /etc/dovecot/conf.d/10-master.conf echo "" > /etc/dovecot/conf.d/10-ssl.conf echo -e "ssl = required\nssl_cert = > /etc/dovecot/conf.d/10-ssl.conf echo "" > /etc/dovecot/conf.d/15-mailboxes.conf echo -e "namespace inbox {\n\n\tmailbox Drafts {\n\t\tspecial_use = \Drafts\n\t\tauto = subscribe\n\t}\n\n\tmailbox Spam {\n\t\tspecial_use = \Junk\n\t\tauto = subscribe\n\t}\n\n\tmailbox Junk {\n\t\tspecial_use = \Junk\n\t}\n\n\tmailbox Trash {\n\t\tspecial_use = \Trash\n\t\tauto = subscribe\n\t}\n\n\tmailbox Sent {\n\t\tspecial_use = \Sent\n\t\tauto = subscribe\n\t}\n\n\tmailbox \"Sent Messages\" {\n\t\tspecial_use = \Sent\n\t}\n\n\tmailbox Archive {\n\t\tspecial_use = \Archive\n\t\tauto = subscribe\n\t}\n\n}" >> /etc/dovecot/conf.d/15-mailboxes.conf echo "" > /etc/dovecot/conf.d/20-imap.conf echo -e "protocol imap {\n\tmail_plugins = \$mail_plugins imap_quota imap_sieve\n}" >> /etc/dovecot/conf.d/20-imap.conf echo "" > /etc/dovecot/conf.d/90-quota.conf echo -e "service dict {\n\tunix_listener dict {\n\t\tmode = 0600\n\t\tuser = vmail\n\t}\n}\nplugin {\n\tquota = dict:Quota:%d:proxy::sqldomainquota\n\tquota = dict:User Quota::proxy::sqluserquota\n\n\tquota_rule2 = Trash:storage=+10%%\n}\n\ndict {\n\tsqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf\n\tsqldomainquota = mysql:/etc/dovecot/dovecot-dict-sql-domain.conf\n}" >> /etc/dovecot/conf.d/90-quota.conf echo "-- Fichiers créés !" echo "" > /etc/dovecot/conf.d/auth-sql.conf.ext echo -e "passdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}\nuserdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}" >> /etc/dovecot/conf.d/auth-sql.conf.ext echo "" > /etc/dovecot/dovecot-sql.conf echo -e "driver = mysql\nconnect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\ndefault_pass_scheme = SHA512-CRYPT\nuser_query = SELECT CONCAT('/var/mail/vhosts/',maildir) as home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') as mail, CONCAT('*:bytes=', IF(mailbox.quota = -1, domain.maxquota*1048576, mailbox.quota)) as quota_rule FROM mailbox, domain WHERE username = '%u' AND mailbox.active = '1' AND domain.domain = '%d' AND domain.active = '1'\npassword_query = SELECT username as user, password, CONCAT('/var/mail/vhosts/',maildir) AS userdb_home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') AS userdb_mail FROM mailbox WHERE username = '%u' AND active = '1'" >> /etc/dovecot/dovecot-sql.conf touch /etc/dovecot/dovecot-dict-sql-user.conf echo -e "connect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\n\nmap {\n\tpattern = priv/quota/storage\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = bytes\n}\nmap {\n\tpattern = priv/quota/messages\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = messages\n}" >> /etc/dovecot/dovecot-dict-sql-user.conf touch /etc/dovecot/dovecot-dict-sql-domain.conf echo -e "connect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\n\nmap {\n\tpattern = priv/quota/storage\n\ttable = domain\n\tusername_field = domain\n\tvalue_field = quota\n}\n\nmap {\n\tpattern = priv/quota/messages\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = messages\n}" >> /etc/dovecot/dovecot-dict-sql-domain.conf echo "-- Requêtes SQL créés !" chown -R vmail:dovecot /etc/dovecot chmod -R o-rwx /etc/dovecot mkdir -p /var/mail/vhosts/$DOMAIN groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /var/mail chown -R vmail:vmail /var/mail echo "-- Droits appliqués !" echo "-- Dovecot déployé !" echo "#################################" echo "# Configuration de SpamAssassin #" echo "#################################" echo "" > /etc/spamassassin/local.cf echo -e "rewrite_header Subject *****SPAM*****\n\nifplugin Mail::SpamAssassin::Plugin::Shortcircuit\n\nendif # Mail::SpamAssassin::Plugin::Shortcircuit\n\nreport_safe 0\nwhitelist_auth *@$DOMAIN\n\nadd_header all Report _REPORT_\nadd_header spam Flag _YESNOCAPS_\nadd_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_\nadd_header all Level _STARS(*)_\nadd_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_" >> /etc/spamassassin/local.cf echo "" > /etc/default/spamassassin echo -e "ENABLED=0\nOPTIONS=\"--create-prefs --max-children 5 --helper-home-dir\"\nPIDFILE=\"/var/run/spamd.pid\"\nCRON=0\n" >> /etc/default/spamassassin echo "-- Fichiers créés !" if [ -z $SPAMASSASSIN_CRONTAB_UPDATE ]; then crontab -l | { cat; echo "00 02 * * * /usr/bin/sa-update"; } | crontab - fi if [ -z $SPAMASSASSIN_CRONTAB_LEARN ]; then crontab -l | { cat; echo "*/10 * * * * /usr/bin/sa-learn --ham /var/mail/vhosts/*/*/mail/cur/* >/dev/null 2>&1"; } | crontab - crontab -l | { cat; echo "*/10 * * * * /usr/bin/sa-learn --spam /var/mail/vhosts/*/*/mail/.Junk/cur/* >/dev/null 2>&1"; } | crontab - fi echo "-- Crontab ajouté !" echo "-- SpamAssassin déployé !" echo "##########################" echo "# Configuration de Sieve #" echo "##########################" echo "" > /etc/dovecot/conf.d/20-lmtp.conf echo -e "protocol lmtp {\n\tpostmaster_address = $POSTFIXADMIN_ADMIN@$DOMAIN\n\tmail_plugins = \$mail_plugins sieve\n}" >> /etc/dovecot/conf.d/20-lmtp.conf echo "" > /etc/dovecot/conf.d/90-sieve.conf echo -e "plugin {\n\tsieve = /var/mail/vhosts/%d/%n/.dovecot.sieve\n\tsieve_default = /var/mail/sieve/default.sieve\n\tsieve_dir = /var/mail/vhosts/%d/%n/sieve\n\tsieve_global_dir = /var/mail/sieve\n}" >> /etc/dovecot/conf.d/90-sieve.conf mkdir /var/mail/sieve/ touch /var/mail/sieve/default.sieve echo -e "require [\"fileinto\"];\nif header :contains \"Subject\" \"*****SPAM*****\" {\nfileinto \"Junk\";\n}" >>/var/mail/sieve/default.sieve sievec /var/mail/sieve/default.sieve echo "-- Fichiers créés !" chown -R vmail:vmail /var/mail/sieve echo "-- Droits appliqués !" echo "-- Sieve déployé !" echo "###########################" echo "# Configuration de ClamAV #" echo "###########################" systemctl stop clamav-freshclam freshclam systemctl start clamav-freshclam systemctl start clamav-daemon echo "-- Mises à jours effectuées !" mkdir /var/spool/postfix/clamav chown clamav /var/spool/postfix/clamav echo "-- Droits appliqués !" echo "" > /etc/clamav/clamav-milter.conf echo -e "MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl\nFixStaleSocket true\nUser clamav\nReadTimeout 120\nForeground false\nPidFile /var/run/clamav/clamav-milter.pid\nClamdSocket unix:/var/run/clamav/clamd.ctl\nOnClean Accept\nOnInfected Reject\nOnFail Defer\nAddHeader Replace\nLogSyslog false\nLogFacility LOG_LOCAL6\nLogVerbose false\nLogInfected Full\nLogClean Off\nLogRotate true\nMaxFileSize 50M\nSupportMultipleRecipients false\nRejectMsg Rejecting harmful e-mail: %v found.\nTemporaryDirectory /tmp\nLogFile /var/log/clamav/clamav-milter.log\nLogTime true\nLogFileUnlock false\nLogFileMaxSize 50\nMilterSocketGroup clamav\nMilterSocketMode 666" >>/etc/clamav/clamav-milter.conf echo "-- Configuration créée !" echo "-- ClamAV déployé !" echo "#############################" echo "# Configuration de OpenDKIM #" echo "#############################" echo "" > /etc/opendkim.conf echo -e "AutoRestart\t\tYes\nAutoRestartRate\t\t10/1h\nUMask\t\t\t002\nSyslog\t\t\tYes\nSyslogSuccess\t\tYes\nLogWhy\t\t\tYes\n\nOversignHeaders\t\tFrom\nAlwaysAddARHeader\tYes\nCanonicalization\trelaxed/simple\n\nExternalIgnoreList\trefile:/etc/opendkim/TrustedHosts\nInternalHosts\t\trefile:/etc/opendkim/TrustedHosts\nKeyTable\t\trefile:/etc/opendkim/KeyTable\nSigningTable\t\trefile:/etc/opendkim/SigningTable\n\nMode\t\t\tsv\nPidFile\t\t\t/var/run/opendkim/opendkim.pid\nSignatureAlgorithm\trsa-sha256\n\nUserID\t\t\topendkim:opendkim\n\nSocket\t\t\tlocal:/var/spool/postfix/opendkim/opendkim.sock" >> /etc/opendkim.conf mkdir /var/spool/postfix/opendkim chown opendkim: /var/spool/postfix/opendkim usermod -aG opendkim postfix mkdir -p /etc/opendkim/keys touch /etc/opendkim/TrustedHosts echo -e "127.0.0.1\nlocalhost\n::1\n*.$DOMAIN" >> /etc/opendkim/TrustedHosts touch /etc/opendkim/KeyTable echo -e "mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail.private" >> /etc/opendkim/KeyTable touch /etc/opendkim/SigningTable echo -e "*@$DOMAIN mail._domainkey.$DOMAIN" >> /etc/opendkim/SigningTable echo "-- Fichiers créés !" mkdir -p /etc/opendkim/keys/$DOMAIN cd /etc/opendkim/keys/$DOMAIN opendkim-genkey -s mail -d $DOMAIN -b 4096 echo "-- Clé généré !" chown opendkim:opendkim /etc/opendkim/keys/$DOMAIN/mail.private echo "-- Droits appliqués !" echo "-- OpenDKIM déployé !" echo "##############################" echo "# Configuration de OpenDMARC #" echo "##############################" echo "" > /etc/opendmarc.conf echo -e "AutoRestart\t\tYes\nAutoRestartRate\t\t10/1h\nUMask\t\t\t0002\nSyslog\t\t\ttrue\n\nAuthservID\t\t\"$HOSTNAME.$DOMAIN\"\nTrustedAuthservIDs\t\"$HOSTNAME.$DOMAIN\"\nIgnoreHosts\t\t/etc/opendkim/TrustedHosts\nIgnoreMailFrom\t\t\"$DOMAIN\"\nRejectFailures\t\tfalse\n\nUserID\t\t\topendmarc:opendmarc\nPidFile\t\t\t/var/run/opendmarc/opendmarc.pid\nSocket\t\t\tlocal:/var/spool/postfix/opendmarc/opendmarc.sock" >> /etc/opendmarc.conf echo "-- Fichier créé !" mkdir /var/spool/postfix/opendmarc chown opendmarc: /var/spool/postfix/opendmarc usermod -aG opendmarc postfix echo "-- Droits appliqués !" echo "-- OpenDMARC déployé !" echo "#############################" echo "# Installation PostfixAdmin #" echo "#############################" cd /var/www wget https://sourceforge.net/projects/postfixadmin/files/latest/postfixadmin.tar.gz echo "-- Archive téléchargée !" tar -xzf postfixadmin.tar.gz echo "-- Archive décompressée !" mv postfixadmin-* postfixadmin cp /var/www/postfixadmin/config.inc.php /var/www/postfixadmin/config.local.php mkdir /var/www/postfixadmin/templates_c rm -rf postfixadmin.tar.gz sed -i -e "s/\$CONF\[\x27configured\x27\] =.*/\$CONF['configured'] = true;/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27default_language\x27\] =.*/\$CONF['default_language'] = 'fr';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27database_type\x27\] =.*/\$CONF['database_type'] = 'mysqli';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27database_host\x27\] =.*/\$CONF['database_host'] = 'localhost';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27database_user\x27\] =.*/\$CONF['database_user'] = 'postfix';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27database_password\x27\] =.*/\$CONF['database_password'] = '$MARIADB_POSTFIX_PASSWORD';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27database_name\x27\] =.*/\$CONF['database_name'] = 'postfix';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27admin_email\x27\] =.*/\$CONF['admin_email'] = '$POSTFIXADMIN_ADMIN@$DOMAIN';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27domain_path\x27\] =.*/\$CONF['domain_path'] = 'YES';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27domain_in_mailbox\x27\] =.*/\$CONF['domain_in_mailbox'] = 'NO';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27fetchmail\x27\] =.*/\$CONF['fetchmail'] = 'NO';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27quota\x27\] =.*/\$CONF['quota'] = 'YES';/" /var/www/postfixadmin/config.local.php sed -i -e "s/\$CONF\[\x27used_quotas\x27\] =.*/\$CONF['used_quotas'] = 'YES';/" /var/www/postfixadmin/config.local.php echo "-- Paramètres appliqués !" chown -R www-data:www-data postfixadmin echo "-- Droits sur le répertoire appliqués !" touch /etc/apache2/sites-available/postfixadmin.conf echo -e "\n\tServerAdmin webmaster@$DOMAIN\n\tDocumentRoot /var/www/postfixadmin/public\n\tErrorLog \${APACHE_LOG_DIR}/error.log\n\tCustomLog \${APACHE_LOG_DIR}/access.log combined\n" >> /etc/apache2/sites-available/postfixadmin.conf echo "-- Vhost créé !" a2ensite postfixadmin echo "-- Vhost activé !" fi # Redémarrage des services echo "############################" echo "# Redémarrage des services #" echo "############################" if [ $MAIL == 'O' ]; then systemctl enable postfix.service echo "-- Postfix activé !" service postfix restart echo "-- Postfix redémarré !" systemctl enable dovecot.service echo "-- Dovecot activé !" service dovecot restart echo "-- Dovecot redémarré !" systemctl enable spamassassin.service echo "-- SpamAssassin activé !" service spamassassin restart echo "-- SpamAssassin redémarré !" systemctl enable clamav-daemon.service echo "-- ClamAV activé !" service clamav-daemon restart echo "-- ClamAV redémarré !" systemctl enable opendkim.service echo "-- OpenDKIM activé !" service opendkim restart echo "-- OpenDKIM redémarré !" systemctl enable opendmarc.service echo "-- OpenDMARC activé !" service opendmarc restart echo "-- OpenDMARC redémarré !" fi cd $SOURCE # Ajout de la vérification XAROBASE FILE=`cat /etc/XAROBASE` if [ -z $FILE ] || [ $FILE != 'INSTALLED' ]; then # Ajout du motd touch /etc/XAROBASE echo "INSTALLED" > /etc/XAROBASE echo "" > /etc/motd echo ' __ __ _____ ____ ____ _____ ______' >> /etc/motd echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|' >> /etc/motd echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__' >> /etc/motd echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|' >> /etc/motd echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____' >> /etc/motd echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|' >> /etc/motd echo ' _____ __ _' >> /etc/motd echo '/ ___| / _| |' >> /etc/motd echo '\ `--. ___ | |_| |___ ____ _ _ __ ___' >> /etc/motd echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \' >> /etc/motd echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/' >> /etc/motd echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|' >> /etc/motd echo -e "\n\t\t\t\t\t\t${HOSTNAME^^}" >> /etc/motd echo '' >> /etc/motd fi if [ $MAIL == 'O' ]; then echo "-- Service Mail" >> /etc/motd fi echo "#########################" echo "# Fin de l'installation #" echo "#########################" echo "Vous disposé maintenant des services suivant : " if [ $MAIL == 'O' ]; then echo "-- Service MAIL" echo "Vous pouvez vous connecter à l'interface web d'administration PostfixAdmin http://$HOSTNAME.$DOMAIN:8083/setup.php" echo "Un redémarrage est nécessaire !" fi