kitoy
/
conf_server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
conf_server/configure_mail_service.sh

284 lines
6.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
. ./myserver.conf
. ./utils.sh
install_mails_services_pkg()
{
pkg_add dovecot dovecot-pigeonhole opensmtpd-filter-rspamd \
opensmtpd-extras-6.7.1v0 opensmtpd-filter-dkimsign-0.5 rspamd-3.2
}
gen_mails_service_configuration()
{
#Generate opensmtpd configuration
cat > my_configuration/mail/smtpd.conf <<EOF
# See smtpd.conf(5) for more information.
# To accept external mail, replace with: listen on all
#
# les Certificats
pki "cert_mail" cert "/etc/ssl/$DOMAIN.crt"
pki "cert_mail" key "/etc/ssl/private/$DOMAIN.key"
table aliases file:/etc/mail/aliases
table passwd file:/etc/mail/passwd
table virtuals file:/etc/mail/virtuals
filter "rspamd" proc-exec "filter-rspamd"
filter "dkimsign" proc-exec "filter-dkimsign -d $DOMAIN -s dkim -k /etc/mail/dkim/$DOMAIN-private.key" user _dkimsign group _dkimsign
# Activation du check du reverse DNS
#filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
#filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
# To accept external mail, replace with: listen on all
listen on all tls pki "cert_mail" hostname "$DOMAIN" filter rspamd
listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
action "local_mail" mbox alias <aliases>
action "domain_mail" maildir "/var/vmail/$DOMAIN/%{dest.user:lowercase}" virtual <virtuals>
action "outbound" relay
# Uncomment the following to accept external mail for domain "example.org"
match from any for domain "$DOMAIN" action "domain_mail"
match from local for local action "local_mail"
match auth from any for any action "outbound"
EOF
#Generate spamd configuration
cat > my_configuration/mail/spamd.conf <<EOF
all:\
:nixspam:
# Nixspam recent sources list.
# Mirrored from http://www.heise.de/ix/nixspam
nixspam:\
:black:\
:msg="Your address %A is in the nixspam list\n\
See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
:method=https:\
:file=www.openbsd.org/spamd/nixspam.gz
# An example of a list containing addresses which should not talk to spamd.
#
#override:\
# :white:\
# :method=file:\
# :file=/var/db/override.txt:
EOF
## Generate Dovecot configuration
cat > my_configuration/dovecot/local.conf <<EOF
listen = *
protocols = imap
first_valid_uid = 1000
first_valid_gid = 1000
mail_location = maildir:/var/vmail/%d/%n
mail_plugin_dir = /usr/local/lib/dovecot
disable_plaintext_auth = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
service auth {
user = $default_internal_user
group = _maildaemons
}
passdb {
args = scheme=blf-crypt /etc/mail/passwd
driver = passwd-file
}
plugin {
imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap sieve
service imap-login {
inet_listener imap {
port = 143
}
}
ssl = required
ssl_min_protocol = TLSv1.2
ssl_cipher_list = EECDH+AESGCM
ssl_prefer_server_ciphers = yes
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_cert = </etc/ssl/$DOMAIN.crt
ssl_key = </etc/ssl/private/$DOMAIN.key
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
}
protocol imap {
mail_plugins = " imap_sieve"
}
EOF
}
gen_dkim_keys(){
# Generate dkim key
openssl genrsa -out my_configuration/mail/$DOMAIN-private.key 2048
openssl rsa -in my_configuration/mail/$DOMAIN-private.key -pubout | \
sed '1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\n//g;b nl;' > default_configuration/mail/$DOMAIN-public.key
}
install_dovecot_service_antispam()
{
# Add antispam utils for Dovecot
cd /usr/local/lib/dovecot/sieve
cat > report-ham.sieve <<EOF
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "${1}";
}
if string "${mailbox}" "Trash" {
stop;
}
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-ham.sh" [ "${username}" ];
EOF
cat > report-spam.sieve <<EOF
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-spam.sh" [ "${username}" ];
EOF
cat > sa-learn-ham.sh<<EOF
#!/bin/sh
exec /usr/local/bin/rspamc -d "${1}" learn_ham
EOF
cat > sa-learn-spam.sh<<EOF
#!/bin/sh
exec /usr/local/bin/rspamc -d "${1}" learn_spam
EOF
sievec report-ham.sieve
sievec report-spam.sieve
chmod 755 sa-learn-ham.sh
chmod 755 sa-learn-spam.sh
}
install_mails_services_configuration()
{
cp my_configuration/mail/smtpd.conf /etc/mail/smtpd.conf
cp my_configuration/dovecot/local.conf /etc/dovecot/local.conf
mkdir /etc/mail/dkim/
cp my_configuration/mail/$DOMAIN-private.key /etc/mail/dkim/
cp my_configuration/mail/$DOMAIN-public.key /etc/mail/dkim/
chown -R _dkimsign /etc/mail/dkim/
touch /etc/mail/virtuals
touch /etc/mail/passwd
rm /etc/dovecot/conf.d/10-ssl.conf
}
make_system_mails_services_requirements()
{
useradd -c "Virtual Mail Account" -d /var/vmail -s /sbin/nologin -u 2000 -g =uid -L staff vmail
mkdir -p /var/vmail/$DOMAIN
chown -R vmail:vmail /var/vmail/
groupadd _maildaemons
usermod -G _maildaemons _dovecot
usermod -G _maildaemons _smtpd
cp /etc/login.conf /etc/login.conf.old
cat >> /etc/login.conf <<EOF
dovecot:\
:openfiles-cur=1024:\
:openfiles-max=2048:\
:tc=daemon:
EOF
}
mkdir my_configuration/mail
mkdir my_configuration/dovecot
install_mails_services_pkg
gen_mails_service_configuration
gen_dkim_keys
gen_mails_service_utils
install_mails_services_configuration
make_system_mails_services_requirements
rcctl enable redis
rcctl start redis
restart_mails_service
Reference in New Issue View Git Blame Copy Permalink