emailwiz

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit eb15bba5f388c9bc2f228ac677d339c709e37fe8
parent 7788391d60454133264c80e512b92e555d027503
Author: Luke Smith <luke@lukesmith.xyz>
Date:   Thu, 26 Dec 2019 18:41:27 -0500

Merge pull request #15 from Schueni1/master

Added relaxed option for DKIM.
Diffstat:
Memailwiz.sh | 31+++++++++++++++++++++++--------
1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/emailwiz.sh b/emailwiz.sh @@ -16,9 +16,9 @@ # On installation of Postfix, select "Internet Site" and put in TLD (without before it mail.) echo "Installing programs..." -apt install postfix dovecot-imapd opendkim spamassassin spamc +apt install postfix dovecot-imapd dovecot-sieve opendkim spamassassin spamc # Install another requirement for opendikm only if the above command didn't get it already -[ -e $(which opendkim-genkey) ] || apt install opendkim-tools +[ which opendkim-genkey > /dev/null 2>&1 ] || apt install opendkim-tools domain="$(cat /etc/mailname)" subdom="mail" maildomain="$subdom.$domain" @@ -96,7 +96,7 @@ ssl = required ssl_cert = </etc/letsencrypt/live/$maildomain/fullchain.pem ssl_key = </etc/letsencrypt/live/$maildomain/privkey.pem # Plaintext login. This is safe and easy thanks to SSL. -auth_mechanisms = plain +auth_mechanisms = plain login cram-md5 protocols = \$protocols imap @@ -104,7 +104,12 @@ protocols = \$protocols imap userdb { driver = passwd } -# Use plain old PAM to find user passwords +# Use file with cram-md5 hashed passwords to find user passwords +passdb { + driver = passwd-file + args = scheme=cram-md5 /etc/cram-md5.pwd +} +#Fallback: Use plain old PAM to find user passwords passdb { driver = pam } @@ -170,6 +175,7 @@ if header :contains \"X-Spam-Flag\" \"YES\" fileinto \"Junk\"; }" > /var/lib/dovecot/sieve/default.sieve +cut -d: -f1 /etc/passwd | grep ^vmail > /dev/null 2&>1 || useradd vmail chown -R vmail:vmail /var/lib/dovecot sievec /var/lib/dovecot/sieve/default.sieve @@ -211,15 +217,24 @@ grep ^KeyTable /etc/opendkim.conf >/dev/null || echo "KeyTable file:/etc/postfix SigningTable refile:/etc/postfix/dkim/signingtable InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf +sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf +sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf + +sed -e '/Socket/s/^#*/#/' -i /etc/opendkim.conf +sed -i '/\local:\/var\/run\/opendkim\/opendkim.sock/a \Socket\t\t\tinet:12301@localhost' /etc/opendkim.conf + # OpenDKIM daemon settings, removing previously activated socket. -sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:8891@localhost\"" >> /etc/default/opendkim +sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim # Here we add to postconf the needed settings for working with OpenDKIM echo "Configuring Postfix with OpenDKIM settings..." +postconf -e "smtpd_sasl_security_options = noanonymous, noplaintext" +postconf -e "smtpd_sasl_tls_security_options = noanonymous" +postconf -e "myhostname = $maildomain" postconf -e "milter_default_action = accept" -postconf -e "milter_protocol = 2" -postconf -e "smtpd_milters = inet:localhost:8891" -postconf -e "non_smtpd_milters = inet:localhost:8891" +postconf -e "milter_protocol = 6" +postconf -e "smtpd_milters = inet:localhost:12301" +postconf -e "non_smtpd_milters = inet:localhost:12301" postconf -e "mailbox_command = /usr/lib/dovecot/deliver" echo "Restarting Dovecot..."