boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dovecot Systax Problem

main
boksbc 2025-10-21 01:06:05 +02:00
parent c29f2ce683
commit 048479060c
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
scripts/75-le-issue.sh
View File

@ -70,3 +70,52 @@ if [[ "${BASE_DOMAIN}" != "example.com" ]]; then
else else
echo "[i] BASE_DOMAIN=example.com LE wird übersprungen." echo "[i] BASE_DOMAIN=example.com LE wird übersprungen."
fi fi
# ──────────────────────────────────────────────────────────────────────────────
# FIX: Validierung & Reparatur des Mail-Zertifikats
# ──────────────────────────────────────────────────────────────────────────────
MAIL_SSL_DIR="/etc/ssl/mail"
install -d -m 0755 "$MAIL_SSL_DIR"
MAIL_CERT="${MAIL_SSL_DIR}/fullchain.pem"
MAIL_KEY="${MAIL_SSL_DIR}/privkey.pem"
HOST="${MAIL_HOSTNAME:-}"
LE_DIR=""
[[ -n "$HOST" ]] && LE_DIR="/etc/letsencrypt/live/${HOST}"
need_fix=0
# Ist der vorhandene Key gültig? (leer/nicht vorhanden/ungültig -> fix)
if [[ ! -s "$MAIL_KEY" ]] || ! openssl pkey -in "$MAIL_KEY" -noout >/dev/null 2>&1; then
need_fix=1
fi
# Wenn Fix nötig: aus Let's Encrypt Live kopieren
if [[ $need_fix -eq 1 ]]; then
echo "[!] Ungültiger oder fehlender Mail-Private-Key versuche Reparatur …"
if [[ -n "$LE_DIR" && -r "${LE_DIR}/privkey.pem" && -r "${LE_DIR}/fullchain.pem" ]]; then
cp -f "${LE_DIR}/privkey.pem" "$MAIL_KEY"
cp -f "${LE_DIR}/fullchain.pem" "$MAIL_CERT"
chown root:root "$MAIL_CERT" "$MAIL_KEY"
chmod 600 "$MAIL_KEY"
chmod 644 "$MAIL_CERT"
echo "[+] Zertifikate neu kopiert aus ${LE_DIR}."
# Reload NICHT sofort flaggen für 90-services
touch /run/mailwolt.need-dovecot-reload
else
echo "[!] Konnte ${LE_DIR}/privkey.pem oder fullchain.pem nicht lesen bitte prüfen."
fi
else
echo "[✓] Mail-Zertifikat & -Key sind gültig."
fi
# Optionaler Live-Check (nur wenn Host gesetzt)
if [[ -n "$HOST" ]]; then
if openssl s_client -connect "${HOST}:993" -servername "${HOST}" </dev/null 2>/dev/null \
| grep -q "Verify return code: 0"; then
echo "[✓] TLS-Handshake erfolgreich auf imaps://${HOST}:993."
else
echo "[!] TLS-Handshake auf imaps://${HOST}:993 fehlgeschlagen (Dovecot Reload folgt in 90-services, falls Flag gesetzt)."
fi
fi

7
scripts/90-services.sh
View File

@ -117,11 +117,16 @@ if [[ -e /run/mailwolt.need-opendkim-reload ]]; then
rm -f /run/mailwolt.need-opendkim-reload || true rm -f /run/mailwolt.need-opendkim-reload || true
fi fi
# Falls Zert-Fix markiert ist: Dovecot neu laden
if [[ -e /run/mailwolt.need-dovecot-reload ]]; then
systemctl reload dovecot || true
rm -f /run/mailwolt.need-dovecot-reload || true
fi
# Falls DB-Migration schon durch: einmal reload # Falls DB-Migration schon durch: einmal reload
db_ready(){ mysql -u"${DB_USER}" -p"${DB_PASS}" -h 127.0.0.1 -D "${DB_NAME}" -e "SHOW TABLES LIKE 'migrations'\G" >/dev/null 2>&1; } db_ready(){ mysql -u"${DB_USER}" -p"${DB_PASS}" -h 127.0.0.1 -D "${DB_NAME}" -e "SHOW TABLES LIKE 'migrations'\G" >/dev/null 2>&1; }
if db_ready; then if db_ready; then
systemctl reload postfix || true systemctl reload postfix || true
systemctl reload dovecot || true
fi fi
# Mini-Portcheck (hilft beim Installer-Output) # Mini-Portcheck (hilft beim Installer-Output)