401 lines
34 KiB
Bash
401 lines
34 KiB
Bash
#!/bin/bash
|
|
# Vérification root
|
|
if [ `whoami` != 'root' ];
|
|
then
|
|
exit
|
|
fi
|
|
|
|
# Initialisation des variables
|
|
SOURCE=`pwd`
|
|
echo ' __ __ _____ ____ ____ _____ ______'
|
|
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|'
|
|
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__'
|
|
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|'
|
|
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____'
|
|
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|'
|
|
echo ' _____ __ _'
|
|
echo '/ ___| / _| |'
|
|
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___'
|
|
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \'
|
|
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/'
|
|
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|'
|
|
echo ""
|
|
echo "Programme de déploiement de service mail (V1)"
|
|
echo ""
|
|
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulez-vous continuer ? (o/N) : " CONFIRM
|
|
CONFIRM=${CONFIRM^^}
|
|
if [ $CONFIRM != 'O' ];
|
|
then
|
|
exit
|
|
fi
|
|
echo "#######################"
|
|
echo "# Lancement du script #"
|
|
echo "#######################"
|
|
|
|
# Installation des mises à jours
|
|
echo "########################################"
|
|
echo "# Début de la procédure de mise à jour #"
|
|
echo "########################################"
|
|
apt-get update
|
|
apt-get upgrade -y
|
|
echo "-- Mise à jour terminé !"
|
|
|
|
# Services à déployer
|
|
echo "#######################"
|
|
echo "# Services à déployer #"
|
|
echo "#######################"
|
|
read -p "Voulez-vous déployer le service mail ? (o/N) : " MAIL
|
|
MAIL=${MAIL^^}
|
|
|
|
if [ $MAIL == 'O' ];
|
|
then
|
|
|
|
# Installation Mail
|
|
echo "###############################################"
|
|
echo "# Lancement de l'installation du service mail #"
|
|
echo "###############################################"
|
|
apt-get install mariadb-server mariadb-client expect -y
|
|
echo "-- Installation de MariaDB terminé !"
|
|
apt-get install postfix -y
|
|
echo "-- Installation de Postfix terminé !"
|
|
apt-get install postfix-mysql -y
|
|
echo "-- Installation du plugin postfix-mysql terminé !"
|
|
apt-get install dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql -y
|
|
echo "-- Installation de Dovecot terminé !"
|
|
apt-get install spamassassin spamc -y
|
|
echo "-- Installation de SpamAssassin terminé !"
|
|
apt-get install dovecot-sieve dovecot-managesieved -y
|
|
echo "-- Installation de Sieve terminé !"
|
|
apt-get install clamav-milter -y
|
|
echo "-- Installation de ClamAV terminé !"
|
|
apt-get install opendkim opendkim-tools -y
|
|
echo "-- Installation de OpenDKIM terminé !"
|
|
apt-get install opendmarc -y
|
|
echo "-- Installation de OpenDMARC terminé !"
|
|
apt-get install apache2 -y
|
|
echo "-- Installation de Apache terminé !"
|
|
apt-get install php php-mysql php-imap php-mbstring -y
|
|
echo "-- Installation de PHP terminé !"
|
|
|
|
# Questions Mail et définition des variables
|
|
echo "#################################"
|
|
echo "# Configuration du service mail #"
|
|
echo "#################################"
|
|
read -p "Entrer votre nom de domaine : " DOMAIN
|
|
read -p "Définir le nom d'utilisateur administrateur du serveur mail : " POSTFIXADMIN_ADMIN
|
|
read -p "Entrer le mot de passe root du SGBD (laisser vide si première BDD) : " MARIADB_ROOT_PASSWORD
|
|
read -p "Définir le mot de passe postfix du SGBD : " MARIADB_POSTFIX_PASSWORD
|
|
APACHE_CONFIG_SS=`cat /etc/apache2/apache2.conf | grep "ServerSignature Off"`
|
|
APACHE_CONFIG_ST=`cat /etc/apache2/apache2.conf | grep "ServerTokens Prod"`
|
|
SPAMASSASSIN_CRONTAB_UPDATE=`crontab -l | grep "/usr/bin/sa-update"`
|
|
SPAMASSASSIN_CRONTAB_LEARN=`crontab -l | grep "/usr/bin/sa-learn"`
|
|
|
|
echo "#####################"
|
|
echo "# Configuration BDD #"
|
|
echo "#####################"
|
|
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "UPDATE mysql.user SET Password=PASSWORD('$MARIADB_ROOT_PASSWORD') WHERE User='root';"
|
|
echo "-- Mot de passe root changé !"
|
|
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "DELETE FROM mysql.user WHERE User='';"
|
|
echo "-- Suppression des utilisateurs anonymes !"
|
|
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
|
|
echo "-- Suppression des connexions root à distance !"
|
|
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "CREATE database postfix;"
|
|
echo "-- Base de donné postfix créée !"
|
|
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "CREATE USER 'postfix'@'localhost' IDENTIFIED BY '$MARIADB_POSTFIX_PASSWORD';"
|
|
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "GRANT USAGE ON *.* TO 'postfix'@'localhost';"
|
|
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'localhost';"
|
|
echo "-- Création de l'utilisateur postfix !"
|
|
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "FLUSH PRIVILEGES;"
|
|
echo "-- Application des paramètres !"
|
|
|
|
echo "###########################"
|
|
echo "# Configuration de Apache #"
|
|
echo "###########################"
|
|
if [ -z $APACHE_CONFIG_SS ];
|
|
then
|
|
echo "ServerSignature Off" >> /etc/apache2/apache2.conf
|
|
fi
|
|
if [ -z $APACHE_CONFIG_ST ];
|
|
then
|
|
echo "ServerTokens Prod" >> /etc/apache2/apache2.conf
|
|
fi
|
|
echo "-- Signature serveur supprimée !"
|
|
echo "Listen 8083" >> /etc/apache2/ports.conf
|
|
echo "-- Ports d'écoute ajoutés !"
|
|
|
|
echo "############################"
|
|
echo "# Configuration de Postfix #"
|
|
echo "############################"
|
|
echo "" > /etc/postfix/main.cf
|
|
echo -e "#######################\n## GENERALS SETTINGS ##\n#######################\n\nsmtpd_banner\t\t= \$myhostname ESMTP \$mail_name (Debian/GNU)\ncompatibility_level\t= 2\nbiff\t\t\t= no\nappend_dot_mydomain\t= no\nreadme_directory\t= no\nallow_percent_hack\t= no\ndelay_warning_time\t= 4h\nmailbox_command\t\t= procmail -a \"\$EXTENSION\"\nrecipient_delimiter\t= +\ndisable_vrfy_command\t= yes\nmessage_size_limit\t= 26214400\nmailbox_size_limit\t= 524288000\n\ninet_interfaces\t= all\ninet_protocols\t= ipv4\n\nmyhostname\t= $HOSTNAME.$DOMAIN\nmyorigin\t= $DOMAIN\nmydestination\t= localhost localhost.\$mydomain\nmynetworks\t= 127.0.0.0/8\nrelayhost\t= \n\n##################\n## MILTERS ##\n##################\n\nmilter_protocol = 6\nmilter_default_action = accept\nsmtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock, unix:/clamav/clamav-milter.ctl\nnon_smtpd_milters = unix:/opendkim/opendkim.sock\n\n####################\n## TLS PARAMETERS ##\n####################\n# Smtp ( OUTGOING / Client )\nsmtp_tls_loglevel\t\t= 1\nsmtp_tls_security_level\t\t= may\nsmtp_tls_CApath\t\t\t= /etc/ssl/certs\nsmtp_tls_protocols\t\t= !TLSv1, !SSLv2, !SSLv3\nsmtp_tls_mandatory_protocols\t= !TLSv1, !SSLv2, !SSLv3\nsmtp_tls_mandatory_ciphers\t= high\nsmtp_tls_note_starttls_offer\t= yes\n\n# Smtpd ( INCOMING / Server )\nsmtpd_tls_loglevel\t\t= 1\nsmtpd_tls_auth_only\t\t= yes\nsmtpd_tls_security_level\t= may\nsmtpd_tls_received_header\t= yes\nsmtpd_tls_protocols\t\t= !TLSv1, !SSLv2, !SSLv3\nsmtpd_tls_mandatory_protocols\t= !TLSv1, !SSLv2, !SSLv3\nsmtpd_tls_mandatory_ciphers\t= medium\nsmtpd_tls_exclude_ciphers\t= aNULL, eNULL, EXPORT, DES, 3DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH, SEED\nsmtpd_tls_CAfile\t\t= /etc/ssl/certs/ca.cert.pem\nsmtpd_tls_cert_file\t\t= /etc/ssl/certs/mailserver.crt\nsmtpd_tls_key_file\t\t= /etc/ssl/private/mailserver.key\nsmtpd_tls_dh1024_param_file\t= \$config_directory/dh2048.pem\n\ntls_preempt_cipherlist\t= yes\ntls_random_source\t= dev:/dev/urandom\n\nsmtp_tls_session_cache_database\t\t= btree:\${data_directory}/smtp_scache\nsmtpd_tls_session_cache_database\t= btree:\${data_directory}/smtpd_scache\nlmtp_tls_session_cache_database\t\t= btree:\${data_directory}/lmtp_scache\n\n#####################\n## SASL PARAMETERS ##\n#####################\n\nsmtpd_sasl_auth_enable\t\t= yes\nsmtpd_sasl_type\t\t\t= dovecot\nsmtpd_sasl_path\t\t\t= private/auth\nsmtpd_sasl_security_options\t= noanonymous\nsmtpd_sasl_tls_security_options\t= \$smtpd_sasl_security_options\nsmtpd_sasl_local_domain\t\t= \$mydomain\nsmtpd_sasl_authenticated_header\t= no\n\n##############################\n## VIRTUALS MAPS PARAMETERS ##\n##############################\n\nvirtual_uid_maps\t= static:5000\nvirtual_gid_maps\t= static:5000\nvirtual_minimum_uid\t= 5000\nvirtual_mailbox_base\t= /var/mail\nvirtual_transport\t= lmtp:unix:private/dovecot-lmtp\nvirtual_mailbox_domains\t= mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf\nvirtual_mailbox_maps\t= mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf\nvirtual_alias_maps\t= mysql:/etc/postfix/mysql-virtual-alias-maps.cf\nsmtpd_sender_login_maps\t= mysql:/etc/postfix/mysql-sender-login-maps.cf\n\n######################\n## ERRORS REPORTING ##\n######################\n\nbounce_template_file\t= /etc/postfix/bounce.cf\n\nnotify_classes\t\t= resource, software\n\nerror_notice_recipient\t= $POSTFIXADMIN_ADMIN@$DOMAIN\n\n##################\n## RESTRICTIONS ##\n##################\n\nmime_header_checks\t= regexp:/etc/postfix/header_checks\nheader_checks\t\t= regexp:/etc/postfix/header_checks\n\nsmtpd_recipient_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_non_fqdn_recipient,\n\treject_unauth_destination,\n\treject_unknown_recipient_domain,\n\treject_unlisted_recipient,\n\treject_rbl_client zen.spamhaus.org\n\nsmtpd_reject_unlisted_sender = yes\n\nsmtpd_sender_restrictions =\n\treject_non_fqdn_sender,\n\treject_unknown_sender_domain,\n\treject_sender_login_mismatch,\n\treject_authenticated_sender_login_mismatch,\n\treject_rhsbl_sender dbl.spamhaus.org,\n\treject_unlisted_sender\n\nsmtpd_helo_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_invalid_helo_hostname,\n\treject_non_fqdn_helo_hostname,\n\treject_unknown_helo_hostname\n\nsmtpd_helo_required = yes\n\nsmtpd_client_restrictions =\n\tpermit_mynetworks,\n\tpermit_inet_interfaces,\n\tpermit_sasl_authenticated,\n\treject_unauth_pipelining\n\nsmtpd_relay_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_unauth_destination" >> /etc/postfix/main.cf
|
|
echo "" > /etc/postfix/bounce.cf
|
|
echo -e "failure_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message non transmis\nPostmaster-Subject: Postmaster Copy: Message non transmis\n\nCeci est un message automatique du serveur $myhostname.\n\nNous sommes désolés de vous informer que votre message n'a pas pu\netre acheminé à un ou plusieurs destinataires.\nLe détail est expliqué ci dessous.\n\nPour une assistance, envoyez un e-mail à l'administrateur de\nvotre messagerie : postmaster@xarobase.com\n\nSi vous le faites, merci d'inclure ce message d'erreur dans\nvotre courriel.\n\n Le serveur de messagerie.\n\nMessage d'erreur :\nEOF\n\ndelay_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message mis en attente.\nPostmaster-Subject: Postmaster Warning: Delayed Mail\n\nCeci est un message automatique du serveur $myhostname.\n\n##############################################################################\n#C'EST UN SIMPLE AVERTISSEMENT, VOUS N'AVEZ PAS BESOIN DE RENVOYER UN MESSAGE#\n##############################################################################\n\nVotre message ne peut pas être délivré avant un délai de $delay_warning_time_hours heures.\n\nDes tentatives de renvoi seront effectuées durant : $maximal_queue_lifetime_days jours.\n\nPour une assistance, envoyez un e-mail à l'administrateur de\nvotre messagerie : postmaster@xarobase.com\n\nSi vous le faites, merci d'inclure ce message d'erreur dans\nvotre courriel.\n\n Le serveur de messagerie.\n\nMessage :\nEOF\n\nsuccess_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message correctement transmis\n\nCeci est un message automatique du serveur $myhostname.\n\nVotre message a correctement été envoyé aux destinataires listés ci-dessous\nSi le message a bien été délivré dans la boite de réception de votre destinataire,\nvous ne recevrez pas d'autre notification.\n\nSi non, vous pourriez recevoir des notifications provenant du système de messagerie\nde votre destinataire.\n\n Le serveur de messagerie.\n\nMessage :\nEOF\n\nverify_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Rapport de transmission de message\n\nCeci est un message automatique du serveur $myhostname.\n\nLe rapport de transmission de message que vous avez demandé est en pièce jointe.\n\n Le serveur de messagerie.\n\nMessage d'erreur :\nEOF" >> /etc/postfix/bounce.cf
|
|
echo "" > /etc/postfix/master.cf
|
|
echo -e "smtp\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o content_filter=spamassassin\n\nsubmission\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o syslog_name=postfix/submission\n\t-o smtpd_tls_dh1024_param_file=\${config_directory}/dh2048.pem\n\t-o smtpd_tls_security_level=encrypt\n\t-o smtpd_sasl_auth_enable=yes\n\t-o content_filter=spamassassin\npickup\tunix\tn\t-\ty\t60\t1\tpickup\ncleanup\tunix\tn\t-\ty\t-\t0\tcleanup\nqmgr\tunix\tn\t-\tn\t300\t1\tqmgr\ntlsmgr\tunix\t-\t-\ty\t1000?\t1\ttlsmgr\nrewrite\tunix\t-\t-\ty\t-\t-\ttrivial-rewrite\nbounce\tunix\t-\t-\ty\t-\t0\tbounce\ndefer\tunix\t-\t-\ty\t-\t0\tbounce\ntrace\tunix\t-\t-\ty\t-\t0\tbounce\nverify\tunix\t-\t-\ty\t-\t1\tverify\nflush\tunix\tn\t-\ty\t1000?\t0\tflush\nproxymap\tunix\t-\t-\tn\t-\t-\tproxymap\nproxywrite\tunix -\t-\tn\t-\t1\tproxymap\nsmtp\tunix\t-\t-\ty\t-\t-\tsmtp\nrelay\tunix\t-\t-\ty\t-\t-\tsmtp\nshowq\tunix\tn\t-\ty\t-\t-\tshowq\nerror\tunix\t-\t-\ty\t-\t-\terror\nretry\tunix\t-\t-\ty\t-\t-\terror\ndiscard\tunix\t-\t-\ty\t-\t-\tdiscard\nlocal\tunix\t-\tn\tn\t-\t-\tlocal\nvirtual\tunix\t-\tn\tn\t-\t-\tvirtual\nlmtp\tunix\t-\t-\ty\t-\t-\tlmtp\nanvil\tunix\t-\t-\ty\t-\t1\tanvil\nscache\tunix\t-\t-\ty\t-\t1\tscache\nmaildrop\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}\nuucp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop\!rmail (\$recipient)\nifmail\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)\nbsmtp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient\nscalemail-ackend\tunix\t-\tn\tn\t-\t2\tpipe\n\tflags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}\nmailman\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=FR user=list rgv=/usr/lib/mailman/bin/postfix-to-mailman.py\n\t\${nexthop} \${user}\n\nspamassassin\tunix\t-\tn\tn\t-\t-\tpipe\n\tuser=debian-spamd argv=/usr/bin/spamc -s 26214400 -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf
|
|
echo "" > /etc/postfix/header_checks
|
|
echo -e "/^\s*Received:[^\\\n]*(.*)/\t\tREPLACE Received: from authenticated-user ($HOSTNAME.$DOMAIN)\n/^\s*User-Agent:/\t\t\tIGNORE\n/^\s*X-Enigmail:/\t\t\tIGNORE\n/^\s*X-Mailer:/\t\t\t\tIGNORE\n/^\s*X-Originating-IP:/\t\t\tIGNORE\n/^\s*X-Pgp-Agent:/\t\t\tIGNORE\n/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/\tREPLACE \$1\n/filename=\\\"?(.*)\.(ade|adp|bat|chm|cmd|com|cpl|docm|exe|hta|ins|isp|jar|js|jse|lib|lnk|mde|msc|msi|msp|mst|nsh|pif|ps|scr|sct|sh|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh)\\\"?$/ REJECT .2$ files are prohibited for security reasons" >> /etc/postfix/header_checks
|
|
postmap /etc/postfix/header_checks
|
|
postalias /etc/aliases
|
|
echo "-- Fichiers créés !"
|
|
cd /etc/ssl/
|
|
openssl genrsa -out ca.key.pem 4096
|
|
openssl req -x509 -new -nodes -days 3650 -sha256 -key ca.key.pem -out ca.cert.pem
|
|
openssl genrsa -out mailserver.key 4096
|
|
openssl req -new -sha256 -key mailserver.key -out mailserver.csr
|
|
openssl x509 -req -days 3650 -sha256 -in mailserver.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out mailserver.crt
|
|
chmod 444 ca.cert.pem
|
|
chmod 444 mailserver.crt
|
|
chmod 400 ca.key.pem
|
|
chmod 400 mailserver.key
|
|
mv ca.key.pem private/
|
|
mv ca.cert.pem certs/
|
|
mv mailserver.key private/
|
|
mv mailserver.crt certs/
|
|
openssl dhparam -out /etc/postfix/dh2048.pem 2048
|
|
echo "-- Certificats générés !"
|
|
touch /etc/postfix/mysql-virtual-mailbox-domains.cf
|
|
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1" >> /etc/postfix/mysql-virtual-mailbox-domains.cf
|
|
touch /etc/postfix/mysql-virtual-mailbox-maps.cf
|
|
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1" >> /etc/postfix/mysql-virtual-mailbox-maps.cf
|
|
touch /etc/postfix/mysql-virtual-alias-maps.cf
|
|
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-virtual-alias-maps.cf
|
|
touch /etc/postfix/mysql-sender-login-maps.cf
|
|
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-sender-login-maps.cf
|
|
echo "-- Requêtes SQL créés !"
|
|
echo "-- Postfix déployé !"
|
|
|
|
echo "############################"
|
|
echo "# Configuration de Dovecot #"
|
|
echo "############################"
|
|
echo "" > /etc/dovecot/dovecot.conf
|
|
echo -e "!include_try /usr/share/dovecot/protocols.d/*.protocol\n protocols = imap lmtp sieve\nlisten = *\nmail_plugins = \$mail_plugins quota\n!include conf.d/*.conf\n!include_try local.conf" >> /etc/dovecot/dovecot.conf
|
|
echo "" > /etc/dovecot/conf.d/10-mail.conf
|
|
echo -e "mail_location = maildir:/var/mail/vhosts/%d/%n/mail\nmaildir_stat_dirs=yes\nnamespace inbox {\n\tinbox = yes\n}\nmail_uid = 5000\nmail_gid = 5000\nfirst_valid_uid = 5000\nlast_valid_uid = 5000\nmail_privileged_group = vmail" >> /etc/dovecot/conf.d/10-mail.conf
|
|
echo "" > /etc/dovecot/conf.d/10-auth.conf
|
|
echo -e "disable_plaintext_auth = yes\nauth_mechanisms = plain login\n!include auth-sql.conf.ext" >> /etc/dovecot/conf.d/10-auth.conf
|
|
echo "" > /etc/dovecot/conf.d/10-logging.conf
|
|
echo -e "log_path = syslog\nsyslog_facility = mail\n\n#auth_verbose = yes\n#auth_verbose_passwords = sha1\n#auth_debug = yes\n#auth_debug_passwords = yes\n#mail_debug = yes\n#verbose_ssl = yes" >> /etc/dovecot/conf.d/10-logging.conf
|
|
echo "" > /etc/dovecot/conf.d/10-master.conf
|
|
echo -e "service imap-login {\n\tinet_listener imap {\n\t\tport = 143\n\t}\n\tinet_listener imaps {\n\t\tport = 993\n\t\tssl = yes\n\t}\n\tservice_count = 0\n}\nservice lmtp {\n\tunix_listener /var/spool/postfix/private/dovecot-lmtp {\n\t\tmode = 0600\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n}\nservice auth {\n\tunix_listener auth-userdb {\n\t\tmode = 0600\n\t\tuser = vmail\n\t\tgroup = vmail\n\t}\n\tunix_listener /var/spool/postfix/private/auth {\n\t\tmode = 0666\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n\tuser = dovecot\n}\nservice auth-worker {\n\tuser = vmail\n}" >> /etc/dovecot/conf.d/10-master.conf
|
|
echo "" > /etc/dovecot/conf.d/10-ssl.conf
|
|
echo -e "ssl = required\nssl_cert = </etc/ssl/certs/mailserver.crt\nssl_key = </etc/ssl/private/mailserver.key\nssl_min_protocol = TLSv1.2\nssl_cipher_list = EECDH+AES:EDH+AES+aRSA:!DH\nssl_prefer_server_ciphers = yes" >> /etc/dovecot/conf.d/10-ssl.conf
|
|
echo "" > /etc/dovecot/conf.d/15-mailboxes.conf
|
|
echo -e "namespace inbox {\n\n\tmailbox Drafts {\n\t\tspecial_use = \Drafts\n\t\tauto = subscribe\n\t}\n\n\tmailbox Spam {\n\t\tspecial_use = \Junk\n\t\tauto = subscribe\n\t}\n\n\tmailbox Junk {\n\t\tspecial_use = \Junk\n\t}\n\n\tmailbox Trash {\n\t\tspecial_use = \Trash\n\t\tauto = subscribe\n\t}\n\n\tmailbox Sent {\n\t\tspecial_use = \Sent\n\t\tauto = subscribe\n\t}\n\n\tmailbox \"Sent Messages\" {\n\t\tspecial_use = \Sent\n\t}\n\n\tmailbox Archive {\n\t\tspecial_use = \Archive\n\t\tauto = subscribe\n\t}\n\n}" >> /etc/dovecot/conf.d/15-mailboxes.conf
|
|
echo "" > /etc/dovecot/conf.d/20-imap.conf
|
|
echo -e "protocol imap {\n\tmail_plugins = \$mail_plugins imap_quota imap_sieve\n}" >> /etc/dovecot/conf.d/20-imap.conf
|
|
echo "" > /etc/dovecot/conf.d/90-quota.conf
|
|
echo -e "service dict {\n\tunix_listener dict {\n\t\tmode = 0600\n\t\tuser = vmail\n\t}\n}\nplugin {\n\tquota = dict:Quota:%d:proxy::sqldomainquota\n\tquota = dict:User Quota::proxy::sqluserquota\n\n\tquota_rule2 = Trash:storage=+10%%\n}\n\ndict {\n\tsqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf\n\tsqldomainquota = mysql:/etc/dovecot/dovecot-dict-sql-domain.conf\n}" >> /etc/dovecot/conf.d/90-quota.conf
|
|
echo "-- Fichiers créés !"
|
|
echo "" > /etc/dovecot/conf.d/auth-sql.conf.ext
|
|
echo -e "passdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}\nuserdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}" >> /etc/dovecot/conf.d/auth-sql.conf.ext
|
|
echo "" > /etc/dovecot/dovecot-sql.conf
|
|
echo -e "driver = mysql\nconnect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\ndefault_pass_scheme = SHA512-CRYPT\nuser_query = SELECT CONCAT('/var/mail/vhosts/',maildir) as home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') as mail, CONCAT('*:bytes=', IF(mailbox.quota = -1, domain.maxquota*1048576, mailbox.quota)) as quota_rule FROM mailbox, domain WHERE username = '%u' AND mailbox.active = '1' AND domain.domain = '%d' AND domain.active = '1'\npassword_query = SELECT username as user, password, CONCAT('/var/mail/vhosts/',maildir) AS userdb_home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') AS userdb_mail FROM mailbox WHERE username = '%u' AND active = '1'" >> /etc/dovecot/dovecot-sql.conf
|
|
touch /etc/dovecot/dovecot-dict-sql-user.conf
|
|
echo -e "connect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\n\nmap {\n\tpattern = priv/quota/storage\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = bytes\n}\nmap {\n\tpattern = priv/quota/messages\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = messages\n}" >> /etc/dovecot/dovecot-dict-sql-user.conf
|
|
touch /etc/dovecot/dovecot-dict-sql-domain.conf
|
|
echo -e "connect = host=127.0.0.1 dbname=postfix user=postfix password=$MARIADB_POSTFIX_PASSWORD\n\nmap {\n\tpattern = priv/quota/storage\n\ttable = domain\n\tusername_field = domain\n\tvalue_field = quota\n}\n\nmap {\n\tpattern = priv/quota/messages\n\ttable = quota2\n\tusername_field = username\n\tvalue_field = messages\n}" >> /etc/dovecot/dovecot-dict-sql-domain.conf
|
|
echo "-- Requêtes SQL créés !"
|
|
groupadd -g 5000 vmail
|
|
useradd -g vmail -u 5000 vmail -d /var/mail
|
|
chown -R vmail:vmail /var/mail
|
|
chown -R vmail:dovecot /etc/dovecot
|
|
chmod -R o-rwx /etc/dovecot
|
|
mkdir -p /var/mail/vhosts/$DOMAIN
|
|
echo "-- Droits appliqués !"
|
|
echo "-- Dovecot déployé !"
|
|
|
|
echo "#################################"
|
|
echo "# Configuration de SpamAssassin #"
|
|
echo "#################################"
|
|
echo "" > /etc/spamassassin/local.cf
|
|
echo -e "rewrite_header Subject *****SPAM*****\n\nifplugin Mail::SpamAssassin::Plugin::Shortcircuit\n\nendif # Mail::SpamAssassin::Plugin::Shortcircuit\n\nreport_safe 0\nwhitelist_auth *@$DOMAIN\n\nadd_header all Report _REPORT_\nadd_header spam Flag _YESNOCAPS_\nadd_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_\nadd_header all Level _STARS(*)_\nadd_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_" >> /etc/spamassassin/local.cf
|
|
echo "" > /etc/default/spamassassin
|
|
echo -e "ENABLED=0\nOPTIONS=\"--create-prefs --max-children 5 --helper-home-dir\"\nPIDFILE=\"/var/run/spamd.pid\"\nCRON=0\n" >> /etc/default/spamassassin
|
|
echo "-- Fichiers créés !"
|
|
if [ -z $SPAMASSASSIN_CRONTAB_UPDATE ];
|
|
then
|
|
crontab -l | { cat; echo "00 02 * * * /usr/bin/sa-update"; } | crontab -
|
|
fi
|
|
if [ -z $SPAMASSASSIN_CRONTAB_LEARN ];
|
|
then
|
|
crontab -l | { cat; echo "*/10 * * * * /usr/bin/sa-learn --ham /var/mail/vhosts/*/*/mail/cur/* >/dev/null 2>&1"; } | crontab -
|
|
crontab -l | { cat; echo "*/10 * * * * /usr/bin/sa-learn --spam /var/mail/vhosts/*/*/mail/.Junk/cur/* >/dev/null 2>&1"; } | crontab -
|
|
fi
|
|
echo "-- Crontab ajouté !"
|
|
echo "-- SpamAssassin déployé !"
|
|
|
|
echo "##########################"
|
|
echo "# Configuration de Sieve #"
|
|
echo "##########################"
|
|
echo "" > /etc/dovecot/conf.d/20-lmtp.conf
|
|
echo -e "protocol lmtp {\n\tpostmaster_address = $POSTFIXADMIN_ADMIN@$DOMAIN\n\tmail_plugins = \$mail_plugins sieve\n}" >> /etc/dovecot/conf.d/20-lmtp.conf
|
|
echo "" > /etc/dovecot/conf.d/90-sieve.conf
|
|
echo -e "plugin {\n\tsieve = /var/mail/vhosts/%d/%n/.dovecot.sieve\n\tsieve_default = /var/mail/sieve/default.sieve\n\tsieve_dir = /var/mail/vhosts/%d/%n/sieve\n\tsieve_global_dir = /var/mail/sieve\n}" >> /etc/dovecot/conf.d/90-sieve.conf
|
|
mkdir /var/mail/sieve/
|
|
touch /var/mail/sieve/default.sieve
|
|
echo -e "require [\"fileinto\"];\nif header :contains \"Subject\" \"*****SPAM*****\" {\nfileinto \"Junk\";\n}" >>/var/mail/sieve/default.sieve
|
|
sievec /var/mail/sieve/default.sieve
|
|
echo "-- Fichiers créés !"
|
|
chown -R vmail:vmail /var/mail/sieve
|
|
echo "-- Droits appliqués !"
|
|
echo "-- Sieve déployé !"
|
|
|
|
echo "###########################"
|
|
echo "# Configuration de ClamAV #"
|
|
echo "###########################"
|
|
systemctl stop clamav-freshclam
|
|
freshclam
|
|
systemctl start clamav-freshclam
|
|
systemctl start clamav-daemon
|
|
echo "-- Mises à jours effectuées !"
|
|
mkdir /var/spool/postfix/clamav
|
|
chown clamav /var/spool/postfix/clamav
|
|
echo "-- Droits appliqués !"
|
|
echo "" > /etc/clamav/clamav-milter.conf
|
|
echo -e "MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl\nFixStaleSocket true\nUser clamav\nReadTimeout 120\nForeground false\nPidFile /var/run/clamav/clamav-milter.pid\nClamdSocket unix:/var/run/clamav/clamd.ctl\nOnClean Accept\nOnInfected Reject\nOnFail Defer\nAddHeader Replace\nLogSyslog false\nLogFacility LOG_LOCAL6\nLogVerbose false\nLogInfected Full\nLogClean Off\nLogRotate true\nMaxFileSize 50M\nSupportMultipleRecipients false\nRejectMsg Rejecting harmful e-mail: %v found.\nTemporaryDirectory /tmp\nLogFile /var/log/clamav/clamav-milter.log\nLogTime true\nLogFileUnlock false\nLogFileMaxSize 50\nMilterSocketGroup clamav\nMilterSocketMode 666" >>/etc/clamav/clamav-milter.conf
|
|
echo "-- Configuration créée !"
|
|
echo "-- ClamAV déployé !"
|
|
|
|
echo "#############################"
|
|
echo "# Configuration de OpenDKIM #"
|
|
echo "#############################"
|
|
echo "" > /etc/opendkim.conf
|
|
echo -e "AutoRestart\t\tYes\nAutoRestartRate\t\t10/1h\nUMask\t\t\t002\nSyslog\t\t\tYes\nSyslogSuccess\t\tYes\nLogWhy\t\t\tYes\n\nOversignHeaders\t\tFrom\nAlwaysAddARHeader\tYes\nCanonicalization\trelaxed/simple\n\nExternalIgnoreList\trefile:/etc/opendkim/TrustedHosts\nInternalHosts\t\trefile:/etc/opendkim/TrustedHosts\nKeyTable\t\trefile:/etc/opendkim/KeyTable\nSigningTable\t\trefile:/etc/opendkim/SigningTable\n\nMode\t\t\tsv\nPidFile\t\t\t/var/run/opendkim/opendkim.pid\nSignatureAlgorithm\trsa-sha256\n\nUserID\t\t\topendkim:opendkim\n\nSocket\t\t\tlocal:/var/spool/postfix/opendkim/opendkim.sock" >> /etc/opendkim.conf
|
|
mkdir /var/spool/postfix/opendkim
|
|
chown opendkim: /var/spool/postfix/opendkim
|
|
usermod -aG opendkim postfix
|
|
mkdir -p /etc/opendkim/keys
|
|
touch /etc/opendkim/TrustedHosts
|
|
echo -e "127.0.0.1\nlocalhost\n::1\n*.$DOMAIN" >> /etc/opendkim/TrustedHosts
|
|
touch /etc/opendkim/KeyTable
|
|
echo -e "mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail.private" >> /etc/opendkim/KeyTable
|
|
touch /etc/opendkim/SigningTable
|
|
echo -e "*@$DOMAIN mail._domainkey.$DOMAIN" >> /etc/opendkim/SigningTable
|
|
echo "-- Fichiers créés !"
|
|
mkdir -p /etc/opendkim/keys/$DOMAIN
|
|
cd /etc/opendkim/keys/$DOMAIN
|
|
opendkim-genkey -s mail -d $DOMAIN -b 4096
|
|
echo "-- Clé généré !"
|
|
chown opendkim:opendkim /etc/opendkim/keys/$DOMAIN/mail.private
|
|
echo "-- Droits appliqués !"
|
|
echo "-- OpenDKIM déployé !"
|
|
|
|
echo "##############################"
|
|
echo "# Configuration de OpenDMARC #"
|
|
echo "##############################"
|
|
echo "" > /etc/opendmarc.conf
|
|
echo -e "AutoRestart\t\tYes\nAutoRestartRate\t\t10/1h\nUMask\t\t\t0002\nSyslog\t\t\ttrue\n\nAuthservID\t\t\"$HOSTNAME.$DOMAIN\"\nTrustedAuthservIDs\t\"$HOSTNAME.$DOMAIN\"\nIgnoreHosts\t\t/etc/opendkim/TrustedHosts\nIgnoreMailFrom\t\t\"$DOMAIN\"\nRejectFailures\t\tfalse\n\nUserID\t\t\topendmarc:opendmarc\nPidFile\t\t\t/var/run/opendmarc/opendmarc.pid\nSocket\t\t\tlocal:/var/spool/postfix/opendmarc/opendmarc.sock" >> /etc/opendmarc.conf
|
|
echo "-- Fichier créé !"
|
|
mkdir /var/spool/postfix/opendmarc
|
|
chown opendmarc: /var/spool/postfix/opendmarc
|
|
usermod -aG opendmarc postfix
|
|
echo "-- Droits appliqués !"
|
|
echo "-- OpenDMARC déployé !"
|
|
|
|
echo "#############################"
|
|
echo "# Installation PostfixAdmin #"
|
|
echo "#############################"
|
|
cd /var/www
|
|
wget https://sourceforge.net/projects/postfixadmin/files/latest/postfixadmin.tar.gz
|
|
echo "-- Archive téléchargée !"
|
|
tar -xzf postfixadmin.tar.gz
|
|
echo "-- Archive décompressée !"
|
|
mv postfixadmin-* postfixadmin
|
|
cp /var/www/postfixadmin/config.inc.php /var/www/postfixadmin/config.local.php
|
|
mkdir /var/www/postfixadmin/templates_c
|
|
rm -rf postfixadmin.tar.gz
|
|
sed -i -e "s/\$CONF\[\x27configured\x27\] =.*/\$CONF['configured'] = true;/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27default_language\x27\] =.*/\$CONF['default_language'] = 'fr';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27database_type\x27\] =.*/\$CONF['database_type'] = 'mysqli';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27database_host\x27\] =.*/\$CONF['database_host'] = 'localhost';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27database_user\x27\] =.*/\$CONF['database_user'] = 'postfix';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27database_password\x27\] =.*/\$CONF['database_password'] = '$MARIADB_POSTFIX_PASSWORD';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27database_name\x27\] =.*/\$CONF['database_name'] = 'postfix';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27admin_email\x27\] =.*/\$CONF['admin_email'] = '$POSTFIXADMIN_ADMIN@$DOMAIN';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27domain_path\x27\] =.*/\$CONF['domain_path'] = 'YES';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27domain_in_mailbox\x27\] =.*/\$CONF['domain_in_mailbox'] = 'NO';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27fetchmail\x27\] =.*/\$CONF['fetchmail'] = 'NO';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27quota\x27\] =.*/\$CONF['quota'] = 'YES';/" /var/www/postfixadmin/config.local.php
|
|
sed -i -e "s/\$CONF\[\x27used_quotas\x27\] =.*/\$CONF['used_quotas'] = 'YES';/" /var/www/postfixadmin/config.local.php
|
|
echo "-- Paramètres appliqués !"
|
|
chown -R www-data:www-data postfixadmin
|
|
echo "-- Droits sur le répertoire appliqués !"
|
|
touch /etc/apache2/sites-available/postfixadmin.conf
|
|
echo -e "<VirtualHost *:8083>\n\tServerAdmin webmaster@$DOMAIN\n\tDocumentRoot /var/www/postfixadmin/public\n\tErrorLog \${APACHE_LOG_DIR}/error.log\n\tCustomLog \${APACHE_LOG_DIR}/access.log combined\n</VirtualHost>" >> /etc/apache2/sites-available/postfixadmin.conf
|
|
echo "-- Vhost créé !"
|
|
a2ensite postfixadmin
|
|
echo "-- Vhost activé !"
|
|
fi
|
|
|
|
# Redémarrage des services
|
|
echo "############################"
|
|
echo "# Redémarrage des services #"
|
|
echo "############################"
|
|
if [ $MAIL == 'O' ];
|
|
then
|
|
systemctl enable postfix.service
|
|
echo "-- Postfix activé !"
|
|
service postfix restart
|
|
echo "-- Postfix redémarré !"
|
|
systemctl enable dovecot.service
|
|
echo "-- Dovecot activé !"
|
|
service dovecot restart
|
|
echo "-- Dovecot redémarré !"
|
|
systemctl enable spamassassin.service
|
|
echo "-- SpamAssassin activé !"
|
|
service spamassassin restart
|
|
echo "-- SpamAssassin redémarré !"
|
|
systemctl enable clamav-daemon.service
|
|
echo "-- ClamAV activé !"
|
|
service clamav-daemon restart
|
|
echo "-- ClamAV redémarré !"
|
|
systemctl enable opendkim.service
|
|
echo "-- OpenDKIM activé !"
|
|
service opendkim restart
|
|
echo "-- OpenDKIM redémarré !"
|
|
systemctl enable opendmarc.service
|
|
echo "-- OpenDMARC activé !"
|
|
service opendmarc restart
|
|
echo "-- OpenDMARC redémarré !"
|
|
fi
|
|
cd $SOURCE
|
|
|
|
# Ajout de la vérification XAROBASE
|
|
FILE=`cat /etc/XAROBASE`
|
|
|
|
if [ -z $FILE ] || [ $FILE != 'INSTALLED' ];
|
|
then
|
|
# Ajout du motd
|
|
touch /etc/XAROBASE
|
|
echo "INSTALLED" > /etc/XAROBASE
|
|
echo "" > /etc/motd
|
|
echo ' __ __ _____ ____ ____ _____ ______' >> /etc/motd
|
|
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|' >> /etc/motd
|
|
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__' >> /etc/motd
|
|
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|' >> /etc/motd
|
|
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____' >> /etc/motd
|
|
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|' >> /etc/motd
|
|
echo ' _____ __ _' >> /etc/motd
|
|
echo '/ ___| / _| |' >> /etc/motd
|
|
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___' >> /etc/motd
|
|
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \' >> /etc/motd
|
|
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/' >> /etc/motd
|
|
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|' >> /etc/motd
|
|
echo -e "\n\t\t\t\t\t\t${HOSTNAME^^}" >> /etc/motd
|
|
echo '' >> /etc/motd
|
|
fi
|
|
if [ $MAIL == 'O' ];
|
|
then
|
|
echo "-- Service Mail" >> /etc/motd
|
|
fi
|
|
echo "#########################"
|
|
echo "# Fin de l'installation #"
|
|
echo "#########################"
|
|
echo "Vous disposé maintenant des services suivant : "
|
|
if [ $MAIL == 'O' ];
|
|
then
|
|
echo "-- Service MAIL"
|
|
echo "Vous pouvez vous connecter à l'interface web d'administration PostfixAdmin http://$HOSTNAME.$DOMAIN:8083/setup.php"
|
|
echo "Un redémarrage est nécessaire !"
|
|
fi
|