XAROBASE/Scripts
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
9e95773ff0
Scripts/Linux/Messagerie/mail.sh

361 lines
30 KiB
Bash
Raw Blame History

#!/bin/bash
# Vérification root
if [ `whoami` != 'root' ];
then
exit
fi
# Initialisation des variables
SOURCE=`pwd`
echo ' __ __ _____ ____ ____ _____ ______'
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|'
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__'
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|'
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____'
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|'
echo ' _____ __ _'
echo '/ ___| / _| |'
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___'
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \'
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/'
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|'
echo ""
echo "Programme de déploiement de service mail (V1)"
echo ""
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulez-vous continuer ? (o/N) : " CONFIRM
CONFIRM=${CONFIRM^^}
if [ $CONFIRM != 'O' ];
then
exit
fi
echo "#######################"
echo "# Lancement du script #"
echo "#######################"
# Installation des mises à jours
echo "########################################"
echo "# Début de la procédure de mise à jour #"
echo "########################################"
apt-get update
apt-get upgrade -y
echo "-- Mise à jour terminé !"
# Services à déployer
echo "#######################"
echo "# Services à déployer #"
echo "#######################"
read -p "Voulez-vous déployer le service mail ? (o/N) : " MAIL
MAIL=${MAIL^^}
if [ $MAIL == 'O' ];
then
# Installation Mail
echo "###############################################"
echo "# Lancement de l'installation du service mail #"
echo "###############################################"
apt-get install mariadb-server mariadb-client expect -y
echo "-- Installation de MariaDB terminé !"
apt-get install postfix -y
echo "-- Installation de Postfix terminé !"
apt-get install postfix-mysql -y
echo "-- Installation du plugin postfix-mysql terminé !"
apt-get install dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql -y
echo "-- Installation de Dovecot terminé !"
apt-get install spamassassin spamc -y
echo "-- Installation de SpamAssassin terminé !"
apt-get install dovecot-sieve dovecot-managesieved -y
echo "-- Installation de Sieve terminé !"
apt-get install clamav-milter -y
echo "-- Installation de ClamAV terminé !"
apt-get install opendkim opendkim-tools -y
echo "-- Installation de OpenDKIM terminé !"
apt-get install opendmarc -y
echo "-- Installation de OpenDMARC terminé !"
apt-get install apache2 -y
echo "-- Installation de Apache terminé !"
apt-get install php php-mysql php-imap -y
echo "-- Installation de PHP terminé !"
# Questions Mail et définition des variables
echo "#################################"
echo "# Configuration du service mail #"
echo "#################################"
read -p "Entrer votre nom de domaine : " DOMAIN
read -p "Définir le nom d'utilisateur administrateur du serveur mail : " POSTFIXADMIN_ADMIN
read -p "Entrer le mot de passe root du SGBD (laisser vide si première BDD) : " MARIADB_ROOT_PASSWORD
read -p "Définir le mot de passe postfix du SGBD : " MARIADB_POSTFIX_PASSWORD
APACHE_CONFIG_SS=`cat /etc/apache2/apache2.conf | grep "ServerSignature Off"`
APACHE_CONFIG_ST=`cat /etc/apache2/apache2.conf | grep "ServerTokens Prod"`
SPAMASSASSIN_CRONTAB_UPDATE=`crontab -l | grep "/usr/bin/sa-update"`
SPAMASSASSIN_CRONTAB_LEARN=`crontab -l | grep "/usr/bin/sa-learn"`
echo "#####################"
echo "# Configuration BDD #"
echo "#####################"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "UPDATE mysql.user SET Password=PASSWORD('$MARIADB_ROOT_PASSWORD') WHERE User='root';"
echo "-- Mot de passe root changé !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "DELETE FROM mysql.user WHERE User='';"
echo "-- Suppression des utilisateurs anonymes !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
echo "-- Suppression des connexions root à distance !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "CREATE database postfix;"
echo "-- Base de donné postfix créée !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "CREATE USER 'postfix'@'localhost' IDENTIFIED BY '$MARIADB_POSTFIX_PASSWORD';"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "GRANT USAGE ON *.* TO 'postfix'@'localhost';"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'localhost';"
echo "-- Création de l'utilisateur postfix !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "FLUSH PRIVILEGES;"
echo "-- Application des paramètres !"
echo "###########################"
echo "# Configuration de Apache #"
echo "###########################"
if [ -z $APACHE_CONFIG_SS ];
then
echo "ServerSignature Off" >> /etc/apache2/apache2.conf
fi
if [ -z $APACHE_CONFIG_ST ];
then
echo "ServerTokens Prod" >> /etc/apache2/apache2.conf
fi
echo "-- Signature serveur supprimée !"
echo "Listen 8083" >> /etc/apache2/ports.conf
echo "-- Port d'écoute ajouté !"
echo "############################"
echo "# Configuration de Postfix #"
echo "############################"
echo "" > /etc/postfix/main.cf
echo -e "#######################\n## GENERALS SETTINGS ##\n#######################\n\nsmtpd_banner\t\t= \$myhostname ESMTP \$mail_name (Debian/GNU)\nbiff\t\t\t= no\nappend_dot_mydomain\t= no\nreadme_directory\t= no\ndelay_warning_time\t= 4h\nmailbox_command\t\t= procmail -a \"\$EXTENSION\"\nrecipient_delimiter\t= +\ndisable_vrfy_command\t= yes\nmessage_size_limit\t= 26214400\nmailbox_size_limit\t= 524288000\n\ninet_interfaces\t= all\ninet_protocols\t= ipv4\n\nmyhostname\t= $DOMAIN\nmyorigin\t= $DOMAIN\nmydestination\t= localhost localhost.\$mydomain\nmynetworks\t= 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128\nrelayhost\t= \n\nalias_maps\t= hash:/etc/aliases\nalias_database\t= hash:/etc/aliases\n\n##################\n## MILTERS ##\n##################\n\nmilter_protocol = 6\nmilter_default_action = accept\nsmtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock, unix:/clamav/clamav-milter.ctl\nnon_smtpd_milters = unix:/opendkim/opendkim.sock\n\n####################\n## TLS PARAMETERS ##\n####################\n# Smtp ( OUTGOING / Client )\nsmtp_tls_loglevel\t\t= 1\nsmtp_tls_security_level\t\t= may\nsmtp_tls_CAfile\t\t\t= /etc/ssl/certs/ca.cert.pem\nsmtp_tls_protocols\t\t= !SSLv3\nsmtp_tls_mandatory_protocols\t= !SSLv3\nsmtp_tls_mandatory_ciphers\t= high\nsmtp_tls_exclude_ciphers\t= aNULL, eNULL, EXPORT, DES, DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH\nsmtp_tls_note_starttls_offer\t= yes\n\n# Smtpd ( INCOMING / Server )\nsmtpd_tls_loglevel\t\t= 1\nsmtpd_tls_auth_only\t\t= yes\nsmtpd_tls_security_level\t= may\nsmtpd_tls_received_header\t= yes\nsmtpd_tls_protocols\t\t= !SSLv3\nsmtpd_tls_mandatory_protocols\t= !SSLv3\nsmtpd_tls_mandatory_ciphers\t= medium\nsmtpd_tls_CAfile\t\t= \$smtp_tls_CAfile\nsmtpd_tls_cert_file\t\t= etc/ssl/certs/mailserver.crt\nsmtpd_tls_key_file\t\t= /etc/ssl/private/mailserver.key\nsmtpd_tls_dh1024_param_file\t= \$config_directory/dh2048.pem\nsmtpd_tls_dh512_param_file\t= \$config_directory/dh512.pem\n\ntls_preempt_cipherlist\t= yes\ntls_random_source\t= dev:/dev/urandom\n\nsmtp_tls_session_cache_database\t\t= btree:\${data_directory}/smtp_scache\nsmtpd_tls_session_cache_database\t= tree:\${data_directory}/smtpd_scache\nlmtp_tls_session_cache_database\t\t= btree:\${data_directory}/lmtp_scache\n\n#####################\n## SASL PARAMETERS ##\n#####################\n\nsmtpd_sasl_auth_enable\t\t= yes\nsmtpd_sasl_type\t\t\t= dovecot\nsmtpd_sasl_path\t\t\t= private/auth\nsmtpd_sasl_security_options\t= noanonymous\nsmtpd_sasl_tls_security_options\t= \$smtpd_sasl_security_options\nsmtpd_sasl_local_domain\t\t= \$mydomain\nsmtpd_sasl_authenticated_header\t= yes\n\n##############################\n## VIRTUALS MAPS PARAMETERS ##\n##############################\n\nvirtual_uid_maps\t= static:5000\nvirtual_gid_maps\t= static:5000\nvirtual_minimum_uid\t= 5000\nvirtual_mailbox_base\t= /var/mail\nvirtual_transport\t= lmtp:unix:private/dovecot-lmtp\nvirtual_mailbox_domains\t= mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf\nvirtual_mailbox_maps\t= mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf\nvirtual_alias_maps\t= mysql:/etc/postfix/mysql-virtual-alias-maps.cf\nsmtpd_sender_login_maps\t= mysql:/etc/postfix/mysql-sender-ogin-maps.cf\n\n######################\n## ERRORS REPORTING ##\n######################\n\nbounce_template_file\t= /etc/postfix/bounce.cf\n\nnotify_classes\t\t= resource, software\n\nerror_notice_recipient\t= $POSTFIXADMIN_ADMIN@$DOMAIN\n\n##################\n## RESTRICTIONS ##\n##################\n\nmime_header_checks\t= regexp:/etc/postfix/header_checks\nheader_checks\t\t= regexp:/etc/postfix/header_checks\n\nsmtpd_recipient_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_non_fqdn_recipient,\n\treject_unauth_destination,\n\treject_unknown_recipient_domain,\n\treject_unlisted_recipient,\n\treject_rbl_client zen.spamhaus.org\n\nsmtpd_reject_unlisted_sender = yes\n\nsmtpd_sender_restrictions =\n\treject_non_fqdn_sender,\n\treject_unknown_sender_domain,\n\treject_sender_login_mismatch,\n\treject_authenticated_sender_login_mismatch,\n\treject_rhsbl_sender dbl.spamhaus.org,\n\treject_unlisted_sender\n\nsmtpd_helo_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_invalid_helo_hostname,\n\treject_non_fqdn_helo_hostname,\n\treject_unknown_helo_hostname\n\nsmtpd_helo_required = yes\n\nsmtpd_client_restrictions =\n\tpermit_mynetworks,\n\tpermit_inet_interfaces,\n\tpermit_sasl_authenticated,\n\treject_unauth_pipelining\n\nsmtpd_relay_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_unauth_destination" >> /etc/postfix/main.cf
echo "" > /etc/postfix/bounce.cf
echo -e "failure_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message non transmis\nPostmaster-Subject: Postmaster Copy: Message non transmis\n\nCeci est un message automatique du serveur $myhostname.\n\nNous sommes désolés de vous informer que votre message n'a pas pu\netre acheminé à un ou plusieurs destinataires.\nLe détail est expliqué ci dessous.\n\nPour une assistance, envoyez un e-mail à l'administrateur de\nvotre messagerie : postmaster@xarobase.com\n\nSi vous le faites, merci d'inclure ce message d'erreur dans\nvotre courriel.\n\n Le serveur de messagerie.\n\nMessage d'erreur :\nEOF\n\ndelay_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message mis en attente.\nPostmaster-Subject: Postmaster Warning: Delayed Mail\n\nCeci est un message automatique du serveur $myhostname.\n\n##############################################################################\n#C'EST UN SIMPLE AVERTISSEMENT, VOUS N'AVEZ PAS BESOIN DE RENVOYER UN MESSAGE#\n##############################################################################\n\nVotre message ne peut pas être délivré avant un délai de $delay_warning_time_hours heures.\n\nDes tentatives de renvoi seront effectuées durant : $maximal_queue_lifetime_days jours.\n\nPour une assistance, envoyez un e-mail à l'administrateur de\nvotre messagerie : postmaster@xarobase.com\n\nSi vous le faites, merci d'inclure ce message d'erreur dans\nvotre courriel.\n\n Le serveur de messagerie.\n\nMessage :\nEOF\n\nsuccess_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message correctement transmis\n\nCeci est un message automatique du serveur $myhostname.\n\nVotre message a correctement été envoyé aux destinataires listés ci-dessous\nSi le message a bien été délivré dans la boite de réception de votre destinataire,\nvous ne recevrez pas d'autre notification.\n\nSi non, vous pourriez recevoir des notifications provenant du système de messagerie\nde votre destinataire.\n\n Le serveur de messagerie.\n\nMessage :\nEOF\n\nverify_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Rapport de transmission de message\n\nCeci est un message automatique du serveur $myhostname.\n\nLe rapport de transmission de message que vous avez demandé est en pièce jointe.\n\n Le serveur de messagerie.\n\nMessage d'erreur :\nEOF" >> /etc/postfix/bounce.cf
cd /etc/ssl/
openssl genrsa -out ca.key.pem 4096
openssl req -x509 -new -nodes -days 3650 -sha256 -key ca.key.pem -out ca.cert.pem
openssl genrsa -out mailserver.key 4096
openssl req -new -sha256 -key mailserver.key -out mailserver.csr
openssl x509 -req -days 3650 -sha256 -in mailserver.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out mailserver.crt
chmod 444 ca.cert.pem
chmod 444 mailserver.crt
chmod 400 ca.key.pem
chmod 400 mailserver.key
mv ca.key.pem private/
mv ca.cert.pem certs/
mv mailserver.key private/
mv mailserver.crt certs/
openssl dhparam -out /etc/postfix/dh2048.pem 2048
openssl dhparam -out /etc/postfix/dh512.pem 512
touch /etc/postfix/mysql-virtual-mailbox-domains.cf
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1" >> /etc/postfix/mysql-virtual-mailbox-domains.cf
touch /etc/postfix/mysql-virtual-mailbox-maps.cf
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1" >> /etc/postfix/mysql-virtual-mailbox-maps.cf
touch /etc/postfix/mysql-virtual-alias-maps.cf
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-virtual-alias-maps.cf
touch /etc/postfix/mysql-sender-login-maps.cf
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-sender-login-maps.cf
echo "" > /etc/postfix/master.cf
echo -e "smtp\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o content_filter=spamassassin\n\nsubmission\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o syslog_name=postfix/submission\n\t-o smtpd_tls_dh1024_param_file=\${config_directory}/dh2048.pem\n\t-o smtpd_tls_security_level=encrypt\n\t-o smtpd_sasl_auth_enable=yes\n\t-o smtpd_client_restrictions=\$mua_client_restrictions\n\t-o smtpd_helo_restrictions=\$mua_helo_restrictions\n\t-o smtpd_sender_restrictions=\$mua_sender_restrictions\n\t-o smtpd_recipient_restrictions=\$mua_sender_restrictions\n\t-o content_filter=spamassassin\npickup\tunix\tn\t-\ty\t60\t1\tpickup\ncleanup\tunix\tn\t-\ty\t-\t0\tcleanup\nqmgr\tunix\tn\t-\tn\t300\t1\tqmgr\n#qmgr\tunix\tn\t-\tn\t300\t1\toqmgr\ntlsmgr\tunix\t-\t-\ty\t1000?\t1\ttlsmgr\nrewrite\tunix\t-\t-\ty\t-\t-\ttrivial-rewrite\nbounce\tunix\t-\t-\ty\t-\t0\tbounce\ndefer\tunix\t-\t-\ty\t-\t0\tbounce\ntrace\tunix\t-\t-\ty\t-\t0\tbounce\nverify\tunix\t-\t-\ty\t-\t1\tverify\nflush\tunix\tn\t-\ty\t1000?\t0\tflush\nproxymap\tunix\t-\t-\tn\t-\t-\tproxymap\nproxywrite\tunix -\t-\tn\t-\t1\tproxymap\nsmtp\tunix\t-\t-\ty\t-\t-\tsmtp\nrelay\tunix\t-\t-\ty\t-\t-\tsmtp\nshowq\tunix\tn\t-\ty\t-\t-\tshowq\nerror\tunix\t-\t-\ty\t-\t-\terror\nretry\tunix\t-\t-\ty\t-\t-\terror\ndiscard\tunix\t-\t-\ty\t-\t-\tdiscard\nlocal\tunix\t-\tn\tn\t-\t-\tlocal\nvirtual\tunix\t-\tn\tn\t-\t-\tvirtual\nlmtp\tunix\t-\t-\ty\t-\t-\tlmtp\nanvil\tunix\t-\t-\ty\t-\t1\tanvil\nscache\tunix\t-\t-\ty\t-\t1\tscache\nmaildrop\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}\nuucp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop\!rmail (\$recipient)\nifmail\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)\nbsmtp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient\nscalemail-ackend\tunix\t-\tn\tn\t-\t2\tpipe\n\tflags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}\nmailman\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=FR user=list rgv=/usr/lib/mailman/bin/postfix-to-mailman.py\n\t\${nexthop} \${user}\n\nspamassassin\tunix\t-\tn\tn\t-\t-\tpipe\n\tuser=debian-spamd argv=/usr/bin/spamc -s 26214400 -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf
echo "" > /etc/postfix/header_checks
echo -e "/^Received:.*with ESMTPSA/\tIGNORE\n/^X-Originating-IP:/\t\tIGNORE\n/^X-Mailer:/\t\t\tIGNORE\n/^User-Agent:/\t\t\tIGNORE" >> /etc/postfix/header_checks
postmap /etc/postfix/header_checks
echo "############################"
echo "# Configuration de Dovecot #"
echo "############################"
echo "" > /etc/dovecot/dovecot.conf
echo -e "!include_try /usr/share/dovecot/protocols.d/*.protocol\n protocols = imap lmtp sieve\nlisten = *\nmail_plugins = \$mail_plugins quota\n!include conf.d/*.conf\n!include_try local.conf" >> /etc/dovecot/dovecot.conf
echo "" > /etc/dovecot/conf.d/10-mail.conf
echo -e "mail_location = maildir:/var/mail/vhosts/%d/%n/mail\nmaildir_stat_dirs=yes\nnamespace inbox {\n\tinbox = yes\n}\nmail_uid = 5000\nmail_gid = 5000\nfirst_valid_uid = 5000\nlast_valid_uid = 5000\nmail_privileged_group = vmail" >> /etc/dovecot/conf.d/10-mail.conf
mkdir -p /var/mail/vhosts/$DOMAIN
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/mail
chown -R vmail:vmail /var/mail
echo "" > /etc/dovecot/conf.d/10-auth.conf
echo -e "disable_plaintext_auth = yes\nauth_mechanisms = plain login\n!include auth-sql.conf.ext" >> /etc/dovecot/conf.d/10-auth.conf
echo "" > /etc/dovecot/conf.d/auth-sql.conf.ext
echo -e "passdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}\nuserdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}" >> /etc/dovecot/conf.d/auth-sql.conf.ext
echo "" > /etc/dovecot/dovecot-sql.conf
echo -e "driver = mysql\nconnect = host=127.0.0.1 dbname=postfix user=postfixuser password=$MARIADB_POSTFIX_PASSWORD\ndefault_pass_scheme = SHA512-CRYPT\nuser_query = SELECT CONCAT('/var/mail/vhosts/',maildir) as home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') as mail, CONCAT('*:bytes=', IF(mailbox.quota = -1, domain.maxquota*1048576, mailbox.quota)) as quota_rule FROM mailbox, domain WHERE username = '%u' AND mailbox.active = '1' AND domain.domain = '%d' AND domain.active = '1'\npassword_query = SELECT username as user, password, CONCAT('/var/mail/vhosts/',maildir) AS userdb_home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') AS userdb_mail FROM mailbox WHERE username = '%u' AND active = '1'" >> /etc/dovecot/dovecot-sql.conf
chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot
echo "" > /etc/dovecot/conf.d/10-master.conf
echo -e "service imap-login {\n\tinet_listener imap {\n\t\tport = 143\n\t}\n\tinet_listener imaps {\n\t\tport = 993\n\t\tssl = yes\n\t}\n\tservice_count = 0\n}\nservice lmtp {\n\tunix_listener /var/spool/postfix/private/dovecot-lmtp {\n\t\tmode = 0600\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n}\nservice auth {\n\tunix_listener auth-userdb {\n\t\tmode = 0600\n\t\tuser = vmail\n\t\tgroup = vmail\n\t}\n\tunix_listener /var/spool/postfix/private/auth {\n\t\tmode = 0666\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n\tuser = dovecot\n}\nservice auth-worker {\n\tuser = vmail\n}" >> /etc/dovecot/conf.d/10-master.conf
echo "" > /etc/dovecot/conf.d/10-ssl.conf
echo -e "ssl = required\nssl_cert = </etc/ssl/certs/mailserver.crt\nssl_key = </etc/ssl/private/mailserver.key\nssl_dh_parameters_length = 2048\nssl_protocols = !SSLv3\nssl_cipher_list = ALL:!aNULL:!eNULL:!LOW:!MEDIUM:!EXP:!RC2:!RC4:!DES:!3DES:!MD5:!PSK:!SRP:!DSS:!AECDH:!ADH:@STRENGTH\nssl_prefer_server_ciphers = yes" >> /etc/dovecot/conf.d/10-ssl.conf
echo "#################################"
echo "# Configuration de SpamAssassin #"
echo "#################################"
echo "" > /etc/spamassassin/local.cf
echo -e "rewrite_header Subject *****SPAM*****\n\nifplugin Mail::SpamAssassin::Plugin::Shortcircuit\n\nendif # Mail::SpamAssassin::Plugin::Shortcircuit\n\nreport_safe 0\nwhitelist_auth *@$DOMAIN\n\nadd_header all Report _REPORT_\nadd_header spam Flag _YESNOCAPS_\nadd_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_\nadd_header all Level _STARS(*)_\nadd_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_" >> /etc/spamassassin/local.cf
echo "" > /etc/default/spamassassin
echo -e "ENABLED=0\nOPTIONS=\"--create-prefs --max-children 5 --helper-home-dir\"\nPIDFILE=\"/var/run/spamd.pid\"\nCRON=0\n" >> /etc/default/spamassassin
if [ -z $SPAMASSASSIN_CRONTAB_UPDATE ];
then
crontab -l | { cat; echo "00 02 * * * /usr/bin/sa-update"; } | crontab -
fi
if [ -z $SPAMASSASSIN_CRONTAB_LEARN ];
then
crontab -l | { cat; echo "*/10 * * * * /usr/bin/sa-learn --ham /var/mail/vhosts/*/*/mail/cur/* >/dev/null 2>&1"; } | crontab -
crontab -l | { cat; echo "*/10 * * * * /usr/bin/sa-learn --spam /var/mail/vhosts/*/*/mail/.Junk/cur/* >/dev/null 2>&1"; } | crontab -
fi
echo "##########################"
echo "# Configuration de Sieve #"
echo "##########################"
echo "" > /etc/dovecot/conf.d/20-lmtp.conf
echo -e "protocol lmtp {\n\tpostmaster_address = $POSTFIXADMIN_ADMIN@$DOMAIN\n\tmail_plugins = \$mail_plugins sieve\n}" >> /etc/dovecot/conf.d/20-lmtp.conf
echo "" > /etc/dovecot/conf.d/90-sieve.conf
echo -e "plugin {\n\tsieve = /var/mail/vhosts/%d/%n/.dovecot.sieve\n\tsieve_default = /var/mail/sieve/default.sieve\n\tsieve_dir = /var/mail/vhosts/%d/%n/sieve\n\tsieve_global_dir = /var/mail/sieve\n}" >> /etc/dovecot/conf.d/90-sieve.conf
mkdir /var/mail/sieve/
touch /var/mail/sieve/default.sieve
echo -e "require [\"fileinto\"];\nif header :contains \"Subject\" \"*****SPAM*****\" {\nfileinto \"Junk\";\n}" >>/var/mail/sieve/default.sieve
sievec /var/mail/sieve/default.sieve
chown -R vmail:vmail /var/mail/sieve
echo "###########################"
echo "# Configuration de ClamAV #"
echo "###########################"
systemctl stop clamav-freshclam
freshclam
systemctl start clamav-freshclam
systemctl start clamav-daemon
mkdir /var/spool/postfix/clamav
chown clamav /var/spool/postfix/clamav
echo "" > /etc/clamav/clamav-milter.conf
echo -e "MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl\nFixStaleSocket true\nUser clamav\nReadTimeout 120\nForeground false\nPidFile /var/run/clamav/clamav-milter.pid\nClamdSocket unix:/var/run/clamav/clamd.ctl\nOnClean Accept\nOnInfected Reject\nOnFail Defer\nAddHeader Replace\nLogSyslog false\nLogFacility LOG_LOCAL6\nLogVerbose false\nLogInfected Full\nLogClean Off\nLogRotate true\nMaxFileSize 50M\nSupportMultipleRecipients false\nRejectMsg Rejecting harmful e-mail: %v found.\nTemporaryDirectory /tmp\nLogFile /var/log/clamav/clamav-milter.log\nLogTime true\nLogFileUnlock false\nLogFileMaxSize 50\nMilterSocketGroup clamav\nMilterSocketMode 666" >>/etc/clamav/clamav-milter.conf
echo "#############################"
echo "# Configuration de OpenDKIM #"
echo "#############################"
echo "" > /etc/opendkim.conf
echo -e "AutoRestart\t\tYes\nAutoRestartRate\t\t10/1h\nUMask\t\t\t002\nSyslog\t\t\tYes\nSyslogSuccess\t\tYes\nLogWhy\t\t\tYes\n\nOversignHeaders\t\tFrom\nAlwaysAddARHeader\tYes\nCanonicalization\trelaxed/simple\n\nExternalIgnoreList\trefile:/etc/opendkim/TrustedHosts\nInternalHosts\t\trefile:/etc/opendkim/TrustedHosts\nKeyTable\t\trefile:/etc/opendkim/KeyTable\nSigningTable\t\trefile:/etc/opendkim/SigningTable\n\nMode\t\t\tsv\nPidFile\t\t\t/var/run/opendkim/opendkim.pid\nSignatureAlgorithm\trsa-sha256\n\nUserID\t\t\topendkim:opendkim\n\nSocket\t\t\tlocal:/var/spool/postfix/opendkim/opendkim.sock" >> /etc/opendkim.conf
mkdir /var/spool/postfix/opendkim
chown opendkim: /var/spool/postfix/opendkim
usermod -aG opendkim postfix
mkdir -p /etc/opendkim/keys
touch /etc/opendkim/TrustedHosts
echo -e "127.0.0.1\nlocalhost\n::1\n*.$DOMAIN" >> /etc/opendkim/TrustedHosts
touch /etc/opendkim/KeyTable
echo -e "mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail.private" >> /etc/opendkim/KeyTable
touch /etc/opendkim/SigningTable
echo -e "*@$DOMAIN mail._domainkey.$DOMAIN" >> /etc/opendkim/SigningTable
mkdir -p /etc/opendkim/keys/$DOMAIN
cd /etc/opendkim/keys/$DOMAIN
opendkim-genkey -s mail -d $DOMAIN -b 4096
chown opendkim:opendkim /etc/opendkim/keys/$DOMAIN/mail.private
echo "##############################"
echo "# Configuration de OpenDMARC #"
echo "##############################"
echo "" > /etc/opendmarc.conf
echo -e "AutoRestart\t\tYes\nAutoRestartRate\t\t10/1h\nUMask\t\t\t0002\nSyslog\t\t\ttrue\n\nAuthservID\t\t\"hostname.$DOMAIN\"\nTrustedAuthservIDs\t\"hostname.$DOMAIN\"\nIgnoreHosts\t\t/etc/opendkim/TrustedHosts\nIgnoreMailFrom\t\t\"$DOMAIN\"\nRejectFailures\t\tfalse\n\nUserID\t\t\topendmarc:opendmarc\nPidFile\t\t\t/var/run/opendmarc/opendmarc.pid\nSocket\t\t\tlocal:/var/spool/postfix/opendmarc/opendmarc.sock" >> /etc/opendmarc.conf
mkdir /var/spool/postfix/opendmarc
chown opendmarc: /var/spool/postfix/opendmarc
usermod -aG opendmarc postfix
echo "#############################"
echo "# Installation PostfixAdmin #"
echo "#############################"
cd /var/www
wget https://sourceforge.net/projects/postfixadmin/files/latest/postfixadmin.tar.gz
echo "-- Archive téléchargée !"
tar -xzf postfixadmin.tar.gz
echo "-- Archive décompressée !"
mv postfixadmin-* postfixadmin
cp /var/www/postfixadmin/config.inc.php /var/www/postfixadmin/config.local.php
rm -rf postfixadmin.tar.gz
sed -i -e "s/\$CONF\[\x27configured\x27\] =.*/\$CONF['configured'] = true;/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27default_language\x27\] =.*/\$CONF['default_language'] = 'fr';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_type\x27\] =.*/\$CONF['database_type'] = 'mysqli';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_host\x27\] =.*/\$CONF['database_host'] = 'localhost';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_user\x27\] =.*/\$CONF['database_user'] = 'postfix';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_password\x27\] =.*/\$CONF['database_password'] = '$MARIADB_POSTFIX_PASSWORD';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_name\x27\] =.*/\$CONF['database_name'] = 'postfix';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27admin_email\x27\] =.*/\$CONF['admin_email'] = '$POSTFIXADMIN_ADMIN@$DOMAIN';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27domain_path\x27\] =.*/\$CONF['domain_path'] = 'YES';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27domain_in_mailbox\x27\] =.*/\$CONF['domain_in_mailbox'] = 'NO';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27fetchmail\x27\] =.*/\$CONF['fetchmail'] = 'NO';/" /var/www/postfixadmin/config.local.php
echo "-- Paramètres appliqués !"
chown -R www-data:www-data postfixadmin
echo "-- Droits sur le répertoire appliqués !"
touch /etc/apache2/sites-available/postfixadmin.conf
echo -e "<VirtualHost *:8083>\n\tServerAdmin webmaster@$DOMAIN\n\tDocumentRoot /var/www/postfixadmin/public\n\tErrorLog \${APACHE_LOG_DIR}/error.log\n\tCustomLog \${APACHE_LOG_DIR}/access.log combined\n</VirtualHost>" >> /etc/apache2/sites-available/postfixadmin.conf
echo "-- Vhost créé !"
a2ensite postfixadmin
echo "-- Vhost activé !"
fi
# Redémarrage des services
echo "############################"
echo "# Redémarrage des services #"
echo "############################"
if [ $MAIL == 'O' ];
then
systemctl enable postfix.service
echo "-- Postfix activé !"
service postfix restart
echo "-- Postfix redémarré !"
systemctl enable dovecot.service
echo "-- Dovecot activé !"
service dovecot restart
echo "-- Dovecot redémarré !"
systemctl enable spamassassin.service
echo "-- SpamAssassin activé !"
service spamassassin restart
echo "-- SpamAssassin redémarré !"
systemctl enable clamav-daemon.service
echo "-- ClamAV activé !"
service clamav-daemon restart
echo "-- ClamAV redémarré !"
systemctl enable opendkim.service
echo "-- OpenDKIM activé !"
service opendkim restart
echo "-- OpenDKIM redémarré !"
systemctl enable opendmarc.service
echo "-- OpenDMARC activé !"
service opendmarc restart
echo "-- OpenDMARC redémarré !"
fi
cd $SOURCE
# Ajout de la vérification XAROBASE
FILE=`cat /etc/XAROBASE`
if [ -z $FILE ] || [ $FILE != 'INSTALLED' ];
then
# Ajout du motd
touch /etc/XAROBASE
echo "INSTALLED" > /etc/XAROBASE
echo "" > /etc/motd
echo ' __ __ _____ ____ ____ _____ ______' >> /etc/motd
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|' >> /etc/motd
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__' >> /etc/motd
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|' >> /etc/motd
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____' >> /etc/motd
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|' >> /etc/motd
echo ' _____ __ _' >> /etc/motd
echo '/ ___| / _| |' >> /etc/motd
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___' >> /etc/motd
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \' >> /etc/motd
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/' >> /etc/motd
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|' >> /etc/motd
echo -e "\n\t\t\t\t\t\t${HOSTNAME^^}" >> /etc/motd
echo '' >> /etc/motd
fi
if [ $MAIL == 'O' ];
then
echo "-- Service Mail" >> /etc/motd
fi
echo "#########################"
echo "# Fin de l'installation #"
echo "#########################"
echo "Vous disposé maintenant des services suivant : "
if [ $MAIL == 'O' ];
then
echo "-- Service MAIL"
echo "Vous pouvez vous connecter à l'interface web d'administration PostfixAdmin "
echo "Un redémarrage est nécessaire !"
fi
Reference in New Issue View Git Blame Copy Permalink