From d8ae31fcf3ede6c9cb9ba7d83ceae7e90208607d Mon Sep 17 00:00:00 2001 From: Jeff Becker Date: Sat, 8 Jun 2019 11:02:44 -0400 Subject: generate spf record --- emailwiz.sh | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index f4763c2..d9c9c65 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -207,9 +207,13 @@ echo echo echo printf "Record Name\\tRecord Type\\tText of entry\\n" +# the DKIM record is this one printf "%s._domainkey\\tTXT\\t\\tv=DKIM1; k=rsa; %s\\n" "$subdom" "$pval" +# the SPF record is this one +printf "%s\\tTXT\\tTXT\\t\\tv=spf1 mx a:%s -all\\n" "@" "$maildomain" echo echo echo "$pval" + -- cgit v1.2.3 From 8a50caca80c715005f86afd7bac97e4cb759c3b5 Mon Sep 17 00:00:00 2001 From: Jeff Becker Date: Sat, 8 Jun 2019 11:03:57 -0400 Subject: remove whitespace --- emailwiz.sh | 1 - 1 file changed, 1 deletion(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index d9c9c65..3938f9a 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -216,4 +216,3 @@ echo echo "$pval" - -- cgit v1.2.3 From ba71c3cfa8134cbdcc71f2ec09a368ff3d066dfc Mon Sep 17 00:00:00 2001 From: Jeff Becker Date: Sat, 8 Jun 2019 11:05:45 -0400 Subject: correct formatting --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index 3938f9a..cd6440a 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -210,7 +210,7 @@ printf "Record Name\\tRecord Type\\tText of entry\\n" # the DKIM record is this one printf "%s._domainkey\\tTXT\\t\\tv=DKIM1; k=rsa; %s\\n" "$subdom" "$pval" # the SPF record is this one -printf "%s\\tTXT\\tTXT\\t\\tv=spf1 mx a:%s -all\\n" "@" "$maildomain" +printf "%s\\tTXT\\t\\tv=spf1 mx a:%s -all\\n" "@" "$maildomain" echo echo echo "$pval" -- cgit v1.2.3 From 6ba27925b7ca89a906c53e0168cd437f521b610f Mon Sep 17 00:00:00 2001 From: daniel Date: Wed, 12 Jun 2019 08:45:47 +0200 Subject: TLS Encryption --- emailwiz.sh | 3 +++ 1 file changed, 3 insertions(+) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index f4763c2..829eeef 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -34,6 +34,9 @@ postconf -e "smtpd_tls_key_file=/etc/letsencrypt/live/$maildomain/privkey.pem" postconf -e "smtpd_tls_cert_file=/etc/letsencrypt/live/$maildomain/fullchain.pem" postconf -e "smtpd_use_tls = yes" postconf -e "smtpd_tls_auth_only = yes" +postconf -e "smtp_tls_security_level = may" +postconf -e "smtp_tls_loglevel = 1" +postconf -e "smtp_tls_CAfile = /etc/letsencrypt/live/$maildomain/cert.pem" # Here we tell Postfix to look to Dovecot for authenticating users/passwords. # Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth -- cgit v1.2.3 From 08107c0ee3d0aa06ad8b34671d2166ba630bb63f Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Fri, 26 Jul 2019 08:43:57 -0400 Subject: spamassassin auto move to Junk --- emailwiz.sh | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index f4763c2..83d1ae7 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -140,14 +140,40 @@ service auth { group = postfix } } + +protocol lda { + mail_plugins = \$mail_plugins sieve +} + +protocol lmtp { + mail_plugins = \$mail_plugins sieve +} + +plugin { + sieve = ~/.dovecot.sieve + sieve_default = /var/lib/dovecot/sieve/default.sieve + #sieve_global_path = /var/lib/dovecot/sieve/default.sieve + sieve_dir = ~/.sieve + sieve_global_dir = /var/lib/dovecot/sieve/ +} " > /etc/dovecot/dovecot.conf +mkdir /var/lib/dovecot/sieve/ + +echo "require [\"fileinto\", \"mailbox\"]; +if header :contains \"X-Spam-Flag\" \"YES\" + { + fileinto \"Junk\"; + }" > /var/lib/dovecot/sieve/default.sieve + +chown -R vmail:vmail /var/lib/dovecot +sievec /var/lib/dovecot/sieve/default.sieve + echo "Preparing user authetication..." grep nullok /etc/pam.d/dovecot >/dev/null || echo "auth required pam_unix.so nullok account required pam_unix.so" >> /etc/pam.d/dovecot - # OpenDKIM # A lot of the big name email services, like Google, will automatically rejectmark as spam unfamiliar and unauthenticated email addresses. As in, the server will flattly reject the email, not even deliverring it to someone's Spam folder. @@ -190,7 +216,7 @@ postconf -e "milter_default_action = accept" postconf -e "milter_protocol = 2" postconf -e "smtpd_milters = inet:localhost:8891" postconf -e "non_smtpd_milters = inet:localhost:8891" - +postconf -e "mailbox_command = /usr/lib/dovecot/deliver" echo "Restarting Dovecot..." service dovecot restart && echo "Dovecot restarted." -- cgit v1.2.3 From 46c35da49652d6080cfad22d672cc72e233b5728 Mon Sep 17 00:00:00 2001 From: Artem Kobets Date: Sun, 11 Aug 2019 18:05:11 +0300 Subject: Use spamassassin on port 25 only --- emailwiz.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index 83d1ae7..cd42e76 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -59,15 +59,14 @@ sed -i "/^\s*-o/d;/^\s*submission/d;/^\s*smtp/d" /etc/postfix/master.cf echo "smtp unix - - n - - smtp smtp inet n - y - - smtpd + -o content_filter=spamassassin submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt - -o content_filter=spamassassin -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes smtps inet n - y - - smtpd -o syslog_name=postfix/smtps - -o content_filter=spamassassin -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes spamassassin unix - n n - - pipe -- cgit v1.2.3 From 30e2072783aa0941ee67ef0c38f2566ebb646f81 Mon Sep 17 00:00:00 2001 From: pellertson Date: Mon, 2 Sep 2019 19:40:20 -0600 Subject: Fixed a bug with installing opendkim (#1) The main command for generating DKIM keys (`opendkim`) wasn't installed with just the `opendkim` package. Added a fix so it would be installed should it not be there the first time `apt` is ran. --- emailwiz.sh | 2 ++ 1 file changed, 2 insertions(+) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index cd42e76..ff39ac2 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -17,6 +17,8 @@ echo "Installing programs..." apt install postfix dovecot-imapd opendkim spamassassin spamc +# Install another requirement for opendikm only if the above command didn't get it already +[ -e $(which opendkim-genkey) ] || apt install opendkim-tools domain="$(cat /etc/mailname)" subdom="mail" maildomain="$subdom.$domain" -- cgit v1.2.3 From dde31ef1063bbf9e372c6aa25526a2dd6ce18be5 Mon Sep 17 00:00:00 2001 From: Aaron Duxler Date: Tue, 17 Dec 2019 04:56:57 +0100 Subject: Added relaxed option for DKIM. Create user vmail, if not present. Add 'login' option in dovecot to be able to send emails fro mutt. --- emailwiz.sh | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index 96f2bfd..28560f4 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -16,7 +16,7 @@ # On installation of Postfix, select "Internet Site" and put in TLD (without before it mail.) echo "Installing programs..." -apt install postfix dovecot-imapd opendkim spamassassin spamc +apt install postfix dovecot-imapd dovecot-sieve opendkim spamassassin spamc # Install another requirement for opendikm only if the above command didn't get it already [ -e $(which opendkim-genkey) ] || apt install opendkim-tools domain="$(cat /etc/mailname)" @@ -96,7 +96,7 @@ ssl = required ssl_cert = /var/lib/dovecot/sieve/default.sieve +cut -d: -f1 /etc/passwd | grep ^vmail > /dev/null 2&>1 || useradd vmail chown -R vmail:vmail /var/lib/dovecot sievec /var/lib/dovecot/sieve/default.sieve @@ -211,15 +212,18 @@ grep ^KeyTable /etc/opendkim.conf >/dev/null || echo "KeyTable file:/etc/postfix SigningTable refile:/etc/postfix/dkim/signingtable InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf +sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf +sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf + # OpenDKIM daemon settings, removing previously activated socket. -sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:8891@localhost\"" >> /etc/default/opendkim +sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim # Here we add to postconf the needed settings for working with OpenDKIM echo "Configuring Postfix with OpenDKIM settings..." postconf -e "milter_default_action = accept" -postconf -e "milter_protocol = 2" -postconf -e "smtpd_milters = inet:localhost:8891" -postconf -e "non_smtpd_milters = inet:localhost:8891" +postconf -e "milter_protocol = 6" +postconf -e "smtpd_milters = inet:localhost:12301" +postconf -e "non_smtpd_milters = inet:localhost:12301" postconf -e "mailbox_command = /usr/lib/dovecot/deliver" echo "Restarting Dovecot..." -- cgit v1.2.3 From 1b455cfee521cc12becbfcb1e399a84da6504b83 Mon Sep 17 00:00:00 2001 From: Aaron Duxler Date: Wed, 25 Dec 2019 20:14:14 +0100 Subject: opendkim socket fix + install opendkim-tools --- emailwiz.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index 28560f4..8d66b5f 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -18,7 +18,7 @@ echo "Installing programs..." apt install postfix dovecot-imapd dovecot-sieve opendkim spamassassin spamc # Install another requirement for opendikm only if the above command didn't get it already -[ -e $(which opendkim-genkey) ] || apt install opendkim-tools +[ which opendkim-genkey > /dev/null 2>&1 ] || apt install opendkim-tools domain="$(cat /etc/mailname)" subdom="mail" maildomain="$subdom.$domain" @@ -215,6 +215,9 @@ InternalHosts refile:/etc/postfix/dkim/trustedhosts" >> /etc/opendkim.conf sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf +sed -e '/Socket/s/^#*/#/' -i /etc/opendkim.conf +sed -i '/\local:\/var\/run\/opendkim\/opendkim.sock/a \Socket\t\t\tinet:12301@localhost' /etc/opendkim.conf + # OpenDKIM daemon settings, removing previously activated socket. sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim -- cgit v1.2.3 From e7914356a73790d134be4517d58934a40bbfe379 Mon Sep 17 00:00:00 2001 From: Aaron Duxler Date: Thu, 26 Dec 2019 10:56:38 +0100 Subject: myhostname should be the domain --- emailwiz.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index 8d66b5f..86bffa4 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -96,7 +96,7 @@ ssl = required ssl_cert =