From 80fb2d9d9fd0961b570aa8d45e4db3d08053e481 Mon Sep 17 00:00:00 2001 From: boksbc Date: Sun, 19 Oct 2025 01:21:30 +0200 Subject: [PATCH] Dovecot Systax Problem --- scripts/40-postfix.sh | 2 +- scripts/60-rspamd-opendkim.sh | 1192 +-------------------------------- scripts/bootstrap.sh | 7 +- 3 files changed, 8 insertions(+), 1193 deletions(-) diff --git a/scripts/40-postfix.sh b/scripts/40-postfix.sh index d4fc277..71746d3 100644 --- a/scripts/40-postfix.sh +++ b/scripts/40-postfix.sh @@ -20,7 +20,7 @@ fi /usr/sbin/postconf -e "myorigin = \$myhostname" /usr/sbin/postconf -e "mydestination = " /usr/sbin/postconf -e "inet_interfaces = all" -/usr/sbin/postconf -e "inet_protocols = ipv4" +/usr/sbin/postconf -e "inet_protocols = all" /usr/sbin/postconf -e "smtpd_banner = \$myhostname ESMTP" # --- TLS ---------------------------------------------------------------------- diff --git a/scripts/60-rspamd-opendkim.sh b/scripts/60-rspamd-opendkim.sh index 670f9df..669d47d 100644 --- a/scripts/60-rspamd-opendkim.sh +++ b/scripts/60-rspamd-opendkim.sh @@ -129,6 +129,7 @@ AutoRestartRate 10/1h Background yes DNSTimeout 5 SignatureAlgorithm rsa-sha256 +SyslogSuccess yes CONF # ── systemd Drop-in: /run/opendkim sicherstellen ───────────────────────────── @@ -247,1194 +248,3 @@ systemctl enable --now opendkim || true systemctl reload postfix || true log "[✓] Rspamd + OpenDKIM eingerichtet (läuft; signiert, sobald Keys vorhanden sind)." - -##!/usr/bin/env bash -#set -euo pipefail -#source ./lib.sh -# -#log "Rspamd + OpenDKIM einrichten …" -# -## ────────────────────────────────────────────────────────────── -## ENV laden -## ────────────────────────────────────────────────────────────── -#set +u -#[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env -#set -u -# -#BASE_DOMAIN="${BASE_DOMAIN:-example.com}" -#SYSMAIL_DOMAIN="${SYSMAIL_DOMAIN:-sysmail.${BASE_DOMAIN}}" # z.B. sysmail.example.com -#DKIM_ENABLE="${DKIM_ENABLE:-1}" # 1=OpenDKIM aktiv -#DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}" # z.B. mwl1 -#DKIM_GENERATE="${DKIM_GENERATE:-1}" # 1=Key generieren, falls fehlt -#RSPAMD_CONTROLLER_PASSWORD="${RSPAMD_CONTROLLER_PASSWORD:-admin}" -# -# -#DKIM_GENERATE="0" -## ────────────────────────────────────────────────────────────── -## Rspamd (Controller + Milter) -## ────────────────────────────────────────────────────────────── -#install -d -m 0755 /etc/rspamd/local.d -# -#if command -v rspamadm >/dev/null 2>&1; then -# RSPAMD_HASH="$(rspamadm pw -p "${RSPAMD_CONTROLLER_PASSWORD}")" -#else -# RSPAMD_HASH="${RSPAMD_CONTROLLER_PASSWORD}" -#fi -# -#cat >/etc/rspamd/local.d/worker-controller.inc </etc/rspamd/local.d/worker-normal.inc <<'CONF' -#bind_socket = "127.0.0.1:11332"; -#CONF -# -#cat >/etc/rspamd/local.d/milter_headers.conf <<'CONF' -#use = ["authentication-results"]; -#header = "Authentication-Results"; -#CONF -# -#systemctl enable --now rspamd || true -# -## ────────────────────────────────────────────────────────────── -## OpenDKIM – nur wenn DKIM_ENABLE=1 -## ────────────────────────────────────────────────────────────── -#if [[ "${DKIM_ENABLE}" != "1" ]]; then -# log "DKIM_ENABLE=0 → OpenDKIM wird übersprungen." -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332" -# systemctl reload postfix || true -# exit 0 -#fi -# -#install -d -m 0755 /etc/opendkim -#install -d -m 0750 /etc/opendkim/keys -#chown -R opendkim:opendkim /etc/opendkim -#chmod 750 /etc/opendkim/keys -# -## TrustedHosts -#cat >/etc/opendkim/TrustedHosts <<'CONF' -#127.0.0.1 -#::1 -#localhost -#CONF -#chown opendkim:opendkim /etc/opendkim/TrustedHosts -#chmod 640 /etc/opendkim/TrustedHosts -# -## ── Key-Verzeichnis für SYSMAIL_DOMAIN vorbereiten ─────────────────────────── -#KEY_DIR="/etc/opendkim/keys/${SYSMAIL_DOMAIN}" -#KEY_PRIV="${KEY_DIR}/${DKIM_SELECTOR}.private" -#KEY_DNSTXT="${KEY_DIR}/${DKIM_SELECTOR}.txt" -#install -d -m 0750 -o opendkim -g opendkim "${KEY_DIR}" -# -## ── Key optional generieren (damit sofort signiert werden kann) ────────────── -#if [[ ! -s "${KEY_PRIV}" && "${DKIM_GENERATE}" = "1" ]]; then -# if command -v opendkim-genkey >/dev/null 2>&1; then -# opendkim-genkey -b 2048 -s "${DKIM_SELECTOR}" -d "${SYSMAIL_DOMAIN}" -D "${KEY_DIR}" -# chown opendkim:opendkim "${KEY_DIR}/${DKIM_SELECTOR}.private" || true -# chmod 600 "${KEY_DIR}/${DKIM_SELECTOR}.private" || true -# else -# echo "[!] opendkim-genkey fehlt – kann DKIM-Key nicht generieren." -# fi -#fi -# -## ── Key-/SigningTable SAUBER anlegen (Altlasten entfernen) ─────────────────── -#touch /etc/opendkim/KeyTable /etc/opendkim/SigningTable -#chown opendkim:opendkim /etc/opendkim/KeyTable /etc/opendkim/SigningTable -#chmod 640 /etc/opendkim/KeyTable /etc/opendkim/SigningTable -# -## Nur eintragen, wenn ein Private Key existiert (sonst übernimmt später der Helper) -#if [[ -s "${KEY_PRIV}" && "${BASE_DOMAIN}" != "example.com" ]]; then -# LINE_KT="${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN} ${SYSMAIL_DOMAIN}:${DKIM_SELECTOR}:${KEY_PRIV}" -# LINE_ST="*@${SYSMAIL_DOMAIN} ${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN}" -# grep -Fqx "$LINE_KT" /etc/opendkim/KeyTable || echo "$LINE_KT" >> /etc/opendkim/KeyTable -# grep -Fqx "$LINE_ST" /etc/opendkim/SigningTable || echo "$LINE_ST" >> /etc/opendkim/SigningTable -#else -# echo "[i] Kein Private Key unter ${KEY_PRIV} – Tabellen bleiben ohne SYSMAIL-Eintrag (App/Helper trägt später ein)." -#fi -##: > /etc/opendkim/KeyTable -##: > /etc/opendkim/SigningTable -##chown opendkim:opendkim /etc/opendkim/KeyTable /etc/opendkim/SigningTable -##chmod 640 /etc/opendkim/KeyTable /etc/opendkim/SigningTable -## -### Eintrag nur setzen, wenn BASE_DOMAIN != example.com (kein Platzhalter) -##if [[ "${BASE_DOMAIN}" != "example.com" ]]; then -## echo "${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN} ${SYSMAIL_DOMAIN}:${DKIM_SELECTOR}:${KEY_PRIV}" \ -## >> /etc/opendkim/KeyTable -## echo "*@${SYSMAIL_DOMAIN} ${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN}" \ -## >> /etc/opendkim/SigningTable -##fi -# -## ── Hauptkonfiguration ─────────────────────────────────────────────────────── -#cat >/etc/opendkim.conf <<'CONF' -#Syslog yes -#UMask 002 -#Mode sv -#Socket inet:8891@127.0.0.1 -#PidFile /run/opendkim/opendkim.pid -#Canonicalization relaxed/simple -# -#On-BadSignature accept -#On-Default accept -#On-KeyNotFound accept -#On-NoSignature accept -# -#LogWhy yes -#OversignHeaders From -# -#KeyTable /etc/opendkim/KeyTable -#SigningTable refile:/etc/opendkim/SigningTable -#ExternalIgnoreList /etc/opendkim/TrustedHosts -#InternalHosts /etc/opendkim/TrustedHosts -# -#UserID opendkim:opendkim -#AutoRestart yes -#AutoRestartRate 10/1h -#Background yes -#DNSTimeout 5 -#SignatureAlgorithm rsa-sha256 -#CONF -# -# -## ────────────────────────────────────────────────────────────── -## Root-Helper: DKIM installieren / entfernen -## ────────────────────────────────────────────────────────────── -#install -d -m 0750 /usr/local/sbin -# -## --- 1) mailwolt-install-dkim --------------------------------- -#cat > /usr/local/sbin/mailwolt-install-dkim <<'EOSH' -##!/usr/bin/env bash -#set -euo pipefail -# -#DOMAIN="$1" # z.B. kunden.tld oder sysmail.example.com -#SELECTOR="$2" # z.B. mwl1 -#SRC_PRIV="$3" # absoluter Pfad zum Private-Key -#SRC_TXT="${4:-}" # optional: TXT-Datei mit 'v=DKIM1; k=rsa; p=...' -# -#OKDIR="/etc/opendkim" -#KEYDIR="${OKDIR}/keys/${DOMAIN}" -#KEYPRI="${KEYDIR}/${SELECTOR}.private" -# -#install -d -m 0750 -o opendkim -g opendkim "${KEYDIR}" -#install -m 0600 -o opendkim -g opendkim "${SRC_PRIV}" "${KEYPRI}" -# -#KT="${OKDIR}/KeyTable" -#ST="${OKDIR}/SigningTable" -#touch "$KT" "$ST" -#chown opendkim:opendkim "$KT" "$ST" -#chmod 0640 "$KT" "$ST" -# -#LINE_KT="${SELECTOR}._domainkey.${DOMAIN} ${DOMAIN}:${SELECTOR}:${KEYPRI}" -#LINE_ST="*@${DOMAIN} ${SELECTOR}._domainkey.${DOMAIN}" -# -#grep -Fqx "$LINE_KT" "$KT" || echo "$LINE_KT" >> "$KT" -#grep -Fqx "$LINE_ST" "$ST" || echo "$LINE_ST" >> "$ST" -# -#if [[ -n "${SRC_TXT}" && -s "${SRC_TXT}" ]]; then -# install -d -m 0755 /etc/mailwolt/dns -# cp -f "${SRC_TXT}" "/etc/mailwolt/dns/dkim-${DOMAIN}.txt" -#fi -# -#if systemctl is-active --quiet opendkim; then -# systemctl reload opendkim || true -#fi -# -#echo "OK" -#EOSH -#chown root:root /usr/local/sbin/mailwolt-install-dkim -#chmod 0750 /usr/local/sbin/mailwolt-install-dkim -# -## --- 2) mailwolt-remove-dkim ---------------------------------- -#cat > /usr/local/sbin/mailwolt-remove-dkim <<'EOSH' -##!/usr/bin/env bash -#set -euo pipefail -# -#DOMAIN="$1" -#SELECTOR="$2" -# -#OKDIR="/etc/opendkim" -#KEYDIR="${OKDIR}/keys/${DOMAIN}" -#KEYPRI="${KEYDIR}/${SELECTOR}.private" -#KT="${OKDIR}/KeyTable" -#ST="${OKDIR}/SigningTable" -# -## Key-Datei löschen, wenn vorhanden -#[[ -f "${KEYPRI}" ]] && rm -f "${KEYPRI}" -# -## Tabellenzeilen entfernen -#if [[ -f "$KT" ]]; then -# TMP="$(mktemp)" -# grep -v -F "${SELECTOR}._domainkey.${DOMAIN} ${DOMAIN}:${SELECTOR}:" "$KT" > "$TMP" && mv "$TMP" "$KT" -#fi -#if [[ -f "$ST" ]]; then -# TMP="$(mktemp)" -# grep -v -F "*@${DOMAIN} ${SELECTOR}._domainkey.${DOMAIN}" "$ST" > "$TMP" && mv "$TMP" "$ST" -#fi -# -#rmdir "${KEYDIR}" 2>/dev/null || true -# -#if systemctl is-active --quiet opendkim; then -# systemctl reload opendkim || true -#fi -# -#echo "OK" -#EOSH -#chown root:root /usr/local/sbin/mailwolt-remove-dkim -#chmod 0750 /usr/local/sbin/mailwolt-remove-dkim -# -## --- 3) Sudoers-Regel für App-User (z. B. mailwolt) ---------- -#APP_USER="${APP_USER:-mailwolt}" -#cat > /etc/sudoers.d/mailwolt-dkim </etc/systemd/system/opendkim.service.d/override.conf <<'EOF' -#[Service] -#RuntimeDirectory=opendkim -#RuntimeDirectoryMode=0755 -#EOF -# -## Laufzeitverzeichnis sofort anlegen (erste Startphase im Installer) -#install -d -o opendkim -g opendkim -m 0755 /run/opendkim -# -## ── Root-Helper: DKIM-Keys später aus der App installieren ─────────────────── -#install -d -m 0750 /usr/local/sbin -#cat > /usr/local/sbin/mailwolt-install-dkim <<'EOSH' -##!/usr/bin/env bash -#set -euo pipefail -#DOMAIN="$1" -#SELECTOR="$2" -#TMP_PRIV="$3" -#TMP_PUBTXT="${4:-}" -# -#OKDIR="/etc/opendkim" -#KEYDIR="${OKDIR}/keys/${DOMAIN}" -#KEYPRI="${KEYDIR}/${SELECTOR}.private" -# -#install -d -m 0750 -o opendkim -g opendkim "${KEYDIR}" -#install -m 0600 -o opendkim -g opendkim "${TMP_PRIV}" "${KEYPRI}" -# -#kt="${OKDIR}/KeyTable" -#st="${OKDIR}/SigningTable" -#touch "$kt" "$st" -#chown opendkim:opendkim "$kt" "$st" -#chmod 0640 "$kt" "$st" -# -#line_kt="${SELECTOR}._domainkey.${DOMAIN} ${DOMAIN}:${SELECTOR}:${KEYPRI}" -#grep -Fqx "$line_kt" "$kt" || echo "$line_kt" >> "$kt" -# -#line_st="*@${DOMAIN} ${SELECTOR}._domainkey.${DOMAIN}" -#grep -Fqx "$line_st" "$st" || echo "$line_st" >> "$st" -# -#if [[ -n "${TMP_PUBTXT}" && -s "${TMP_PUBTXT}" ]]; then -# install -d -m 0755 /etc/mailwolt/dns -# cp -f "${TMP_PUBTXT}" "/etc/mailwolt/dns/dkim-${DOMAIN}.txt" -#fi -# -## Dienst läuft evtl. schon – reload reicht -#if systemctl is-active --quiet opendkim; then -# systemctl reload opendkim || true -#fi -#echo "OK" -#EOSH -#chown root:root /usr/local/sbin/mailwolt-install-dkim -#chmod 0750 /usr/local/sbin/mailwolt-install-dkim -# -## ── Dienst + Postfix-Milter: IMMER aktivieren (signiert nur, wenn Key vorhanden) ── -#systemctl daemon-reload -#systemctl enable --now opendkim || true -# -#/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -#/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -#systemctl reload postfix || true -# -#log "[✓] Rspamd + OpenDKIM eingerichtet (OpenDKIM läuft; signiert, sobald Keys vorhanden sind)." -# - - -##!/usr/bin/env bash - -#set -euo pipefail -#source ./lib.sh -# -#log "Rspamd + OpenDKIM einrichten …" -# -## ────────────────────────────────────────────────────────────── -## ENV laden -## ────────────────────────────────────────────────────────────── -#set +u -#[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env -#set -u -# -#BASE_DOMAIN="${BASE_DOMAIN:-example.com}" -#SYSMAIL_DOMAIN="${SYSMAIL_DOMAIN:-sysmail.${BASE_DOMAIN}}" # z.B. sysmail.example.com -#DKIM_ENABLE="${DKIM_ENABLE:-1}" # 1=OpenDKIM aktiv -#DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}" # z.B. mwl1 -#DKIM_GENERATE="${DKIM_GENERATE:-1}" # 1=Key generieren, falls fehlt -#RSPAMD_CONTROLLER_PASSWORD="${RSPAMD_CONTROLLER_PASSWORD:-admin}" -# -## ────────────────────────────────────────────────────────────── -## Rspamd (Controller + Milter) -## ────────────────────────────────────────────────────────────── -#install -d -m 0755 /etc/rspamd/local.d -# -#if command -v rspamadm >/dev/null 2>&1; then -# RSPAMD_HASH="$(rspamadm pw -p "${RSPAMD_CONTROLLER_PASSWORD}")" -#else -# RSPAMD_HASH="${RSPAMD_CONTROLLER_PASSWORD}" -#fi -# -#cat >/etc/rspamd/local.d/worker-controller.inc </etc/rspamd/local.d/worker-normal.inc <<'CONF' -#bind_socket = "127.0.0.1:11332"; -#CONF -# -#cat >/etc/rspamd/local.d/milter_headers.conf <<'CONF' -#use = ["authentication-results"]; -#header = "Authentication-Results"; -#CONF -# -#systemctl enable --now rspamd || true -# -## ────────────────────────────────────────────────────────────── -## OpenDKIM – nur wenn DKIM_ENABLE=1 -## ────────────────────────────────────────────────────────────── -#if [[ "${DKIM_ENABLE}" != "1" ]]; then -# log "DKIM_ENABLE=0 → OpenDKIM wird übersprungen." -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332" -# systemctl reload postfix || true -# exit 0 -#fi -# -#install -d -m 0755 /etc/opendkim -#install -d -m 0750 /etc/opendkim/keys -#chown -R opendkim:opendkim /etc/opendkim -#chmod 750 /etc/opendkim/keys -# -## TrustedHosts -#cat >/etc/opendkim/TrustedHosts <<'CONF' -#127.0.0.1 -#::1 -#localhost -#CONF -#chown opendkim:opendkim /etc/opendkim/TrustedHosts -#chmod 640 /etc/opendkim/TrustedHosts -# -#KEY_DIR="/etc/opendkim/keys/${SYSMAIL_DOMAIN}" -#KEY_PRIV="${KEY_DIR}/${DKIM_SELECTOR}.private" -#KEY_DNSTXT="${KEY_DIR}/${DKIM_SELECTOR}.txt" -# -#install -d -m 0750 -o opendkim -g opendkim "${KEY_DIR}" -# -## Falls kein Key da: optional generieren (auf SYSMAIL_DOMAIN) -#if [[ ! -s "${KEY_PRIV}" && "${DKIM_GENERATE}" = "1" ]]; then -# if command -v opendkim-genkey >/dev/null 2>&1; then -# opendkim-genkey -b 2048 -s "${DKIM_SELECTOR}" -d "${SYSMAIL_DOMAIN}" -D "${KEY_DIR}" -# chown opendkim:opendkim "${KEY_DIR}/${DKIM_SELECTOR}.private" || true -# chmod 600 "${KEY_DIR}/${DKIM_SELECTOR}.private" || true -# else -# echo "[!] opendkim-genkey fehlt – kann DKIM-Key nicht generieren." -# fi -#fi -# -## Tabellen schreiben (zeigen auf SYSMAIL_DOMAIN) -#cat >/etc/opendkim/KeyTable </etc/opendkim/SigningTable </etc/opendkim.conf <<'CONF' -#Syslog yes -#UMask 002 -#Mode sv -#Socket inet:8891@127.0.0.1 -#PidFile /run/opendkim/opendkim.pid -#Canonicalization relaxed/simple -# -#On-BadSignature accept -#On-Default accept -#On-KeyNotFound accept -#On-NoSignature accept -# -#LogWhy yes -#OversignHeaders From -# -#KeyTable /etc/opendkim/KeyTable -#SigningTable refile:/etc/opendkim/SigningTable -#ExternalIgnoreList /etc/opendkim/TrustedHosts -#InternalHosts /etc/opendkim/TrustedHosts -# -#UserID opendkim:opendkim -#AutoRestart yes -#AutoRestartRate 10/1h -#Background yes -#DNSTimeout 5 -#SignatureAlgorithm rsa-sha256 -#CONF -# -# -## ────────────────────────────────────────────────────────────── -## systemd Drop-in: sorgt dafür, dass /run/opendkim existiert -## ────────────────────────────────────────────────────────────── -#install -d -m 0755 /etc/systemd/system/opendkim.service.d -#cat >/etc/systemd/system/opendkim.service.d/override.conf <<'EOF' -#[Service] -#RuntimeDirectory=opendkim -#RuntimeDirectoryMode=0755 -#EOF -# -## Laufzeitverzeichnis sofort anlegen (damit der Start im Installer klappt) -#install -d -o opendkim -g opendkim -m 0755 /run/opendkim -# -## Root-Helper zum nachträglichen Installieren von DKIM-Keys (aus der App) -#install -d -m 0750 /usr/local/sbin -#cat > /usr/local/sbin/mailwolt-install-dkim <<'EOSH' -##!/usr/bin/env bash -#set -euo pipefail -# -#DOMAIN="$1" # z.B. sysmail.example.com ODER kunden.tld -#SELECTOR="$2" # z.B. dkim / mwl1 -#TMP_PRIV="$3" # private PEM (von App) -#TMP_PUBTXT="${4:-}" # optional: fertiger TXT-String-Dateipfad -# -#OKDIR="/etc/opendkim" -#KEYDIR="${OKDIR}/keys/${DOMAIN}" -#KEYPRI="${KEYDIR}/${SELECTOR}.private" -# -#install -d -m 0750 -o opendkim -g opendkim "${KEYDIR}" -#install -m 0600 -o opendkim -g opendkim "${TMP_PRIV}" "${KEYPRI}" -# -#kt="${OKDIR}/KeyTable" -#st="${OKDIR}/SigningTable" -#touch "$kt" "$st" -#chown opendkim:opendkim "$kt" "$st" -#chmod 0640 "$kt" "$st" -# -#line_kt="${SELECTOR}._domainkey.${DOMAIN} ${DOMAIN}:${SELECTOR}:${KEYPRI}" -#grep -Fqx "$line_kt" "$kt" || echo "$line_kt" >> "$kt" -# -#line_st="*@${DOMAIN} ${SELECTOR}._domainkey.${DOMAIN}" -#grep -Fqx "$line_st" "$st" || echo "$line_st" >> "$st" -# -#if [[ -n "${TMP_PUBTXT}" && -s "${TMP_PUBTXT}" ]]; then -# install -d -m 0755 /etc/mailwolt/dns -# cp -f "${TMP_PUBTXT}" "/etc/mailwolt/dns/dkim-${DOMAIN}.txt" -#fi -# -#if systemctl is-active --quiet opendkim; then -# systemctl reload opendkim || true -#fi -# -#echo "OK" -#EOSH -#chown root:root /usr/local/sbin/mailwolt-install-dkim -#chmod 0750 /usr/local/sbin/mailwolt-install-dkim -# -#KEY_DIR="/etc/opendkim/keys/${SYSMAIL_DOMAIN}" -#KEY_PRIV="${KEY_DIR}/${DKIM_SELECTOR}.private" -#KEY_DNSTXT="${KEY_DIR}/${DKIM_SELECTOR}.txt" -# -# if [[ -s "${KEY_PRIV}" ]]; then -# systemctl enable opendkim >/dev/null 2>&1 || true -# if systemctl is-active --quiet opendkim; then -# systemctl reload opendkim || true -# fi -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -# #systemctl reload postfix || true -# else -# echo "[i] Noch kein Private Key unter ${KEY_PRIV} – OpenDKIM bleibt aus." -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332" -# #systemctl reload postfix || true -# fi - - -# OpenDKIM nur starten, wenn Key vorhanden – sonst nur Rspamd aktiv lassen -#if [[ -s "${KEY_PRIV}" ]]; then -# systemctl enable --now opendkim || true -# systemctl restart opendkim || true -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -# systemctl reload postfix || true -# -# install -d -m 0755 /etc/mailwolt/dns -# [[ -s "${KEY_DNSTXT}" ]] && cp -f "${KEY_DNSTXT}" "/etc/mailwolt/dns/dkim-${SYSMAIL_DOMAIN}.txt" || true -# -# echo "[✓] OpenDKIM aktiv für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR})" -# echo " DNS: ${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN} (siehe ${KEY_DNSTXT})" -#else -# echo "[i] Noch kein Private Key unter ${KEY_PRIV} – OpenDKIM bleibt aus." -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332" -# systemctl reload postfix || true -#fi - - -##!/usr/bin/env bash -#set -euo pipefail -#source ./lib.sh -# -#log "Rspamd + OpenDKIM einrichten …" -# -## ────────────────────────────────────────────────────────────── -## ENV laden -## ────────────────────────────────────────────────────────────── -#set +u -#[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env -#set -u -# -#BASE_DOMAIN="${BASE_DOMAIN:-example.com}" -#SYSMAIL_DOMAIN="${SYSMAIL_DOMAIN:-sysmail.${BASE_DOMAIN}}" -#DKIM_ENABLE="${DKIM_ENABLE:-1}" -#DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}" -#DKIM_GENERATE="${DKIM_GENERATE:-1}" -#RSPAMD_CONTROLLER_PASSWORD="${RSPAMD_CONTROLLER_PASSWORD:-admin}" -# -## ────────────────────────────────────────────────────────────── -## Rspamd -## ────────────────────────────────────────────────────────────── -#install -d -m 0755 /etc/rspamd/local.d -# -#if command -v rspamadm >/dev/null 2>&1; then -# RSPAMD_HASH="$(rspamadm pw -p "${RSPAMD_CONTROLLER_PASSWORD}")" -#else -# RSPAMD_HASH="${RSPAMD_CONTROLLER_PASSWORD}" -#fi -# -#cat >/etc/rspamd/local.d/worker-controller.inc </etc/rspamd/local.d/worker-normal.inc <<'CONF' -#bind_socket = "127.0.0.1:11332"; -#CONF -# -#cat >/etc/rspamd/local.d/milter_headers.conf <<'CONF' -#use = ["authentication-results"]; -#header = "Authentication-Results"; -#CONF -# -#systemctl enable --now rspamd || true -# -## ────────────────────────────────────────────────────────────── -## OpenDKIM – nur wenn DKIM_ENABLE=1 -## ────────────────────────────────────────────────────────────── -#if [[ "${DKIM_ENABLE}" != "1" ]]; then -# log "DKIM_ENABLE=0 → OpenDKIM wird übersprungen." -# # Stelle sicher, dass Postfix nur Rspamd nutzt: -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332" -# systemctl reload postfix || true -# exit 0 -#fi -# -#install -d -m 0755 /etc/opendkim -#install -d -m 0750 /etc/opendkim/keys -#chown -R opendkim:opendkim /etc/opendkim -#chmod 750 /etc/opendkim/keys -# -## TrustedHosts -#cat >/etc/opendkim/TrustedHosts <<'CONF' -#127.0.0.1 -#::1 -#localhost -#CONF -#chown opendkim:opendkim /etc/opendkim/TrustedHosts -#chmod 640 /etc/opendkim/TrustedHosts -# -#KEY_DIR="/etc/opendkim/keys/${SYSMAIL_DOMAIN}" -#KEY_PRIV="${KEY_DIR}/${DKIM_SELECTOR}.private" -#KEY_DNSTXT="${KEY_DIR}/${DKIM_SELECTOR}.txt" -# -#install -d -m 0750 -o opendkim -g opendkim "${KEY_DIR}" -# -## Key erzeugen, wenn gewünscht/fehlend -#if [[ ! -s "${KEY_PRIV}" ]]; then -# if [[ "${DKIM_GENERATE}" = "1" ]]; then -# if command -v opendkim-genkey >/dev/null 2>&1; then -# opendkim-genkey -b 2048 -s "${DKIM_SELECTOR}" -d "${SYSMAIL_DOMAIN}" -D "${KEY_DIR}" -# chown opendkim:opendkim "${KEY_PRIV}" || true -# chmod 600 "${KEY_PRIV}" || true -# else -# echo "[!] opendkim-genkey fehlt – kann DKIM-Key nicht generieren." -# fi -# fi -#fi -# -## Tabellen schreiben (zeigen auf SYSMAIL_DOMAIN) -#cat >/etc/opendkim/KeyTable </etc/opendkim/SigningTable </etc/opendkim.conf <<'CONF' -#Syslog yes -#UMask 002 -#Mode sv -#Socket inet:8891@127.0.0.1 -#Canonicalization relaxed/simple -# -#On-BadSignature accept -#On-Default accept -#On-KeyNotFound accept -#On-NoSignature accept -# -#LogWhy yes -#OversignHeaders From -# -#KeyTable /etc/opendkim/KeyTable -#SigningTable refile:/etc/opendkim/SigningTable -#ExternalIgnoreList /etc/opendkim/TrustedHosts -#InternalHosts /etc/opendkim/TrustedHosts -# -#UserID opendkim:opendkim -#AutoRestart yes -#AutoRestartRate 10/1h -#Background yes -#DNSTimeout 5 -#SignatureAlgorithm rsa-sha256 -#CONF -# -## --- Root-Helper zum Einhängen von DKIM-Keys in OpenDKIM --- -#install -d -m 0750 /usr/local/sbin -#cat > /usr/local/sbin/mailwolt-install-dkim <<'EOSH' -##!/usr/bin/env bash -#set -euo pipefail -# -#DOMAIN="$1" # z.B. thinkidoo.at -#SELECTOR="$2" # z.B. dkim / mwl1 -#TMP_PRIV="$3" # Pfad: Private-Key PEM (von der App erzeugt) -#TMP_PUBTXT="${4:-}" # optional: Datei mit fertigem DNS-TXT -# -#OKDIR="/etc/opendkim" -#KEYDIR="${OKDIR}/keys/${DOMAIN}" -#KEYPRI="${KEYDIR}/${SELECTOR}.private" -# -#install -d -m 0750 -o opendkim -g opendkim "${KEYDIR}" -#install -m 0600 -o opendkim -g opendkim "${TMP_PRIV}" "${KEYPRI}" -# -#kt="${OKDIR}/KeyTable" -#st="${OKDIR}/SigningTable" -#touch "$kt" "$st" -#chown opendkim:opendkim "$kt" "$st" -#chmod 0640 "$kt" "$st" -# -#line_kt="${SELECTOR}._domainkey.${DOMAIN} ${DOMAIN}:${SELECTOR}:${KEYPRI}" -#grep -Fqx "$line_kt" "$kt" || echo "$line_kt" >> "$kt" -# -#line_st="*@${DOMAIN} ${SELECTOR}._domainkey.${DOMAIN}" -#grep -Fqx "$line_st" "$st" || echo "$line_st" >> "$st" -# -#if [[ -n "${TMP_PUBTXT}" && -s "${TMP_PUBTXT}" ]]; then -# install -d -m 0755 /etc/mailwolt/dns -# cp -f "${TMP_PUBTXT}" "/etc/mailwolt/dns/dkim-${DOMAIN}.txt" -#fi -# -#systemctl restart opendkim -#echo "OK" -#EOSH -#chown root:root /usr/local/sbin/mailwolt-install-dkim -#chmod 0750 /usr/local/sbin/mailwolt-install-dkim -# -## Nur starten, wenn der Private Key existiert -#if [[ -s "${KEY_PRIV}" ]]; then -# systemctl enable --now opendkim || true -# systemctl restart opendkim || true -# -# # Postfix an beide Milters hängen -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -# systemctl reload postfix || true -# -# # DNS-Export ablegen (für UI/Hinweis) -# install -d -m 0755 /etc/mailwolt/dns -# [[ -s "${KEY_DNSTXT}" ]] && cp -f "${KEY_DNSTXT}" "/etc/mailwolt/dns/dkim-${SYSMAIL_DOMAIN}.txt" || true -# -# echo "[✓] OpenDKIM aktiv für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR})" -# echo " DNS: ${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN} (siehe ${KEY_DNSTXT})" -#else -# echo "[!] Kein Private Key: ${KEY_PRIV}" -# echo " - Setze DKIM_GENERATE=1 ODER lege Key-Datei manuell ab (opendkim:opendkim, 600)." -# echo " - Postfix bleibt bis dahin nur mit Rspamd-Milter verbunden." -# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332" -# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332" -# systemctl reload postfix || true -#fi - - -##!/usr/bin/env bash -#set -euo pipefail -#source ./lib.sh -# -#log "Rspamd + OpenDKIM vorbereiten …" -# -## ────────────────────────────────────────────────────────────────────────────── -## Variablen / Defaults -## ────────────────────────────────────────────────────────────────────────────── -#set +u -#[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env -#set -u -# -#BASE_DOMAIN="${BASE_DOMAIN:-example.com}" -#DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}" -#RSPAMD_CONTROLLER_PASSWORD="${RSPAMD_CONTROLLER_PASSWORD:-admin}" -# -## ────────────────────────────────────────────────────────────────────────────── -## Rspamd -## ────────────────────────────────────────────────────────────────────────────── -#install -d -m 0755 /etc/rspamd/local.d -# -#if command -v rspamadm >/dev/null 2>&1; then -# RSPAMD_HASH="$(rspamadm pw -p "${RSPAMD_CONTROLLER_PASSWORD}")" -#else -# RSPAMD_HASH="${RSPAMD_CONTROLLER_PASSWORD}" -#fi -# -#cat >/etc/rspamd/local.d/worker-controller.inc </etc/rspamd/local.d/worker-normal.inc <<'CONF' -#bind_socket = "127.0.0.1:11332"; -#CONF -# -#cat >/etc/rspamd/local.d/milter_headers.conf <<'CONF' -#use = ["authentication-results"]; -#header = "Authentication-Results"; -#CONF -# -#systemctl enable --now rspamd || true -# -## ────────────────────────────────────────────────────────────────────────────── -## OpenDKIM – nur vorbereiten, nicht starten -## ────────────────────────────────────────────────────────────────────────────── -#install -d -m 0755 /etc/opendkim -#install -d -m 0750 /etc/opendkim/keys -#chown -R opendkim:opendkim /etc/opendkim -#chmod 750 /etc/opendkim/keys -# -#cat >/etc/opendkim/TrustedHosts <<'CONF' -#127.0.0.1 -#::1 -#localhost -#CONF -#chown opendkim:opendkim /etc/opendkim/TrustedHosts -#chmod 640 /etc/opendkim/TrustedHosts -# -#cat >/etc/opendkim.conf <<'CONF' -#Syslog yes -#UMask 002 -#Mode sv -#Socket inet:8891@127.0.0.1 -#Canonicalization relaxed/simple -#On-BadSignature accept -#On-Default accept -#On-KeyNotFound accept -#On-NoSignature accept -#LogWhy yes -#OversignHeaders From -#KeyTable /etc/opendkim/KeyTable -#SigningTable refile:/etc/opendkim/SigningTable -#ExternalIgnoreList /etc/opendkim/TrustedHosts -#InternalHosts /etc/opendkim/TrustedHosts -#UserID opendkim:opendkim -#AutoRestart yes -#AutoRestartRate 10/1h -#Background yes -#DNSTimeout 5 -#SignatureAlgorithm rsa-sha256 -#CONF -# -#cat >/etc/default/opendkim <<'CONF' -#RUNDIR=/run/opendkim -#SOCKET="inet:8891@127.0.0.1" -#USER=opendkim -#GROUP=opendkim -#PIDFILE=/run/opendkim/opendkim.pid -#CONF -# -#systemctl disable --now opendkim >/dev/null 2>&1 || true -# -#echo "[i] OpenDKIM wurde vorbereitet, aber nicht gestartet." -#echo "[i] Es wird nach dem Seeder aktiviert, sobald der erste DKIM-Key existiert." -# -###!/usr/bin/env bash -##set -euo pipefail -##source ./lib.sh -## -##log "Rspamd + OpenDKIM einrichten …" -## -### ────────────────────────────────────────────────────────────────────────────── -### Variablen / Defaults -### ────────────────────────────────────────────────────────────────────────────── -##set +u -##[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env -##set -u -## -##BASE_DOMAIN="${BASE_DOMAIN:-example.com}" -##DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}" -##DKIM_GENERATE="${DKIM_GENERATE:-0}" # 1 = Key erzeugen, falls fehlt -##RSPAMD_CONTROLLER_PASSWORD="${RSPAMD_CONTROLLER_PASSWORD:-admin}" -## -### ────────────────────────────────────────────────────────────────────────────── -### Rspamd: Controller + Milter -### ────────────────────────────────────────────────────────────────────────────── -##install -d -m 0755 /etc/rspamd/local.d -## -### Controller-Passwort (gehasht, sonst Klartext als Fallback) -##if command -v rspamadm >/dev/null 2>&1; then -## RSPAMD_HASH="$(rspamadm pw -p "${RSPAMD_CONTROLLER_PASSWORD}")" -##else -## RSPAMD_HASH="${RSPAMD_CONTROLLER_PASSWORD}" -##fi -## -##cat >/etc/rspamd/local.d/worker-controller.inc </etc/rspamd/local.d/worker-normal.inc <<'CONF' -##bind_socket = "127.0.0.1:11332"; -##CONF -## -### Authentication-Results Header (hilfreich zum Debuggen) -##cat >/etc/rspamd/local.d/milter_headers.conf <<'CONF' -##use = ["authentication-results"]; -##header = "Authentication-Results"; -##CONF -## -##systemctl enable --now rspamd || true -## -### ────────────────────────────────────────────────────────────────────────────── -### OpenDKIM Grund-Setup -### ────────────────────────────────────────────────────────────────────────────── -##install -d -m 0755 /etc/opendkim -##install -d -m 0750 /etc/opendkim/keys -##chown -R opendkim:opendkim /etc/opendkim -##chmod 750 /etc/opendkim/keys -## -### Trusted Hosts (wer signieren darf) -##cat >/etc/opendkim/TrustedHosts <<'CONF' -##127.0.0.1 -##::1 -##localhost -##CONF -##chown opendkim:opendkim /etc/opendkim/TrustedHosts -##chmod 640 /etc/opendkim/TrustedHosts -## -### Key-/Signing-Tabellen -##KEY_DIR="/etc/opendkim/keys/${BASE_DOMAIN}" -##KEY_PRIV="${KEY_DIR}/${DKIM_SELECTOR}.private" -##install -d -m 0750 -o opendkim -g opendkim "${KEY_DIR}" -## -### Optional: Key erzeugen, falls gewünscht und nicht vorhanden -##if [[ "${DKIM_GENERATE}" = "1" && ! -s "${KEY_PRIV}" ]]; then -## if command -v opendkim-genkey >/dev/null 2>&1; then -## opendkim-genkey -b 2048 -s "${DKIM_SELECTOR}" -d "${BASE_DOMAIN}" -D "${KEY_DIR}" -## chown opendkim:opendkim "${KEY_DIR}/${DKIM_SELECTOR}.private" || true -## chmod 600 "${KEY_DIR}/${DKIM_SELECTOR}.private" || true -## fi -##fi -## -### KeyTable -##cat >/etc/opendkim/KeyTable </etc/opendkim/SigningTable </etc/opendkim.conf <<'CONF' -##Syslog yes -##UMask 002 -##Mode sv -##Socket inet:8891@127.0.0.1 -##Canonicalization relaxed/simple -## -##On-BadSignature accept -##On-Default accept -##On-KeyNotFound accept -##On-NoSignature accept -## -##LogWhy yes -##OversignHeaders From -## -##KeyTable /etc/opendkim/KeyTable -##SigningTable refile:/etc/opendkim/SigningTable -##ExternalIgnoreList /etc/opendkim/TrustedHosts -##InternalHosts /etc/opendkim/TrustedHosts -## -##UserID opendkim:opendkim -##AutoRestart yes -##AutoRestartRate 10/1h -##Background yes -##DNSTimeout 5 -##SignatureAlgorithm rsa-sha256 -##CONF -## -##systemctl enable --now opendkim || true -##systemctl restart opendkim || true -##systemctl restart rspamd || true -## -### ────────────────────────────────────────────────────────────────────────────── -### Postfix: Milter-Anbindung (nur setzen, wenn leer) -### ────────────────────────────────────────────────────────────────────────────── -##need_set() { -## local key="$1" -## local cur -## cur="$(postconf -h "$key" 2>/dev/null || true)" -## [[ -z "$cur" ]] -##} -## -##if need_set smtpd_milters; then -## /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -##fi -##if need_set non_smtpd_milters; then -## /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -##fi -## -##systemctl reload postfix || true -## -### ────────────────────────────────────────────────────────────────────────────── -### Hinweis -### ────────────────────────────────────────────────────────────────────────────── -##if [[ ! -s "${KEY_PRIV}" ]]; then -## echo "[!] OpenDKIM: Kein Private Key gefunden unter: ${KEY_PRIV}" -## echo " - Lege dort den Private Key ab (opendkim:opendkim, 600) ODER" -## echo " - setze DKIM_GENERATE=1 und starte dieses Skript erneut." -##fi -## -##echo "[✓] Rspamd + OpenDKIM fertig. Postfix ist an Rspamd (11332) und OpenDKIM (8891) angebunden." -## -####!/usr/bin/env bash -###set -euo pipefail -###source ./lib.sh -### -###log "Rspamd + OpenDKIM einrichten …" -### -#### --------------------------- -#### Variablen / Defaults -#### --------------------------- -#### Installer-Variablen laden, falls vorhanden -###set +u -###[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env -###set -u -### -###BASE_DOMAIN="${BASE_DOMAIN:-example.com}" -###DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}" -###DKIM_GENERATE="${DKIM_GENERATE:-0}" # 1 = Key erzeugen, falls fehlt -###RSPAMD_CONTROLLER_PASSWORD="${RSPAMD_CONTROLLER_PASSWORD:-admin}" -### -#### --------------------------- -#### Rspamd: Controller + Milter -#### --------------------------- -###install -d -m 0755 /etc/rspamd/local.d -### -#### Controller-Passwort gehasht schreiben -###if command -v rspamadm >/dev/null 2>&1; then -### RSPAMD_HASH="$(rspamadm pw -p "${RSPAMD_CONTROLLER_PASSWORD}")" -###else -### # Fallback: falls rspamadm noch nicht verfügbar ist (sollte selten sein) -### # schreibe Klartext, damit Rspamd danach startbar ist; Hashen kann im nächsten Lauf erfolgen. -### RSPAMD_HASH="${RSPAMD_CONTROLLER_PASSWORD}" -###fi -### -###cat >/etc/rspamd/local.d/worker-controller.inc </etc/rspamd/local.d/worker-normal.inc <<'CONF' -###bind_socket = "127.0.0.1:11332"; -###CONF -### -#### Authentication-Results Header schreiben (praktisch zum Debuggen) -###cat >/etc/rspamd/local.d/milter_headers.conf <<'CONF' -###use = ["authentication-results"]; -###header = "Authentication-Results"; -###CONF -### -###systemctl enable --now rspamd || true -### -#### --------------------------- -#### OpenDKIM Grund-Setup -#### --------------------------- -###install -d -m 0755 /etc/opendkim -###install -d -m 0750 /etc/opendkim/keys -###chown -R opendkim:opendkim /etc/opendkim -###chmod 750 /etc/opendkim/keys -### -#### TrustedHosts (wer signieren darf) -###cat >/etc/opendkim/TrustedHosts <<'CONF' -###127.0.0.1 -###::1 -###localhost -###CONF -###chown opendkim:opendkim /etc/opendkim/TrustedHosts -###chmod 640 /etc/opendkim/TrustedHosts -### -#### Key-/Signing-Tabellen vorbereiten -###KEY_DIR="/etc/opendkim/keys/${BASE_DOMAIN}" -###KEY_PRIV="${KEY_DIR}/${DKIM_SELECTOR}.private" -### -###install -d -m 0750 -o opendkim -g opendkim "${KEY_DIR}" -### -#### Falls gewünscht: fehlenden Key erzeugen -###if [[ "${DKIM_GENERATE}" = "1" && ! -s "${KEY_PRIV}" ]]; then -### if command -v opendkim-genkey >/dev/null 2>&1; then -### opendkim-genkey -b 2048 -s "${DKIM_SELECTOR}" -d "${BASE_DOMAIN}" -D "${KEY_DIR}" -### # opendkim legt .private und .txt an (Selector.*) -### chown opendkim:opendkim "${KEY_DIR}/${DKIM_SELECTOR}.private" || true -### chmod 600 "${KEY_DIR}/${DKIM_SELECTOR}.private" || true -### fi -###fi -### -#### KeyTable (Selector → Keydatei) -###cat >/etc/opendkim/KeyTable </etc/opendkim/SigningTable </etc/opendkim.conf <<'CONF' -###Syslog yes -###UMask 002 -###Mode sv -###Socket inet:8891@127.0.0.1 -###Canonicalization relaxed/simple -### -#### Nicht blockieren, wenn mal was fehlt -###On-BadSignature accept -###On-Default accept -###On-KeyNotFound accept -###On-NoSignature accept -### -###LogWhy yes -###OversignHeaders From -### -#### Tabellen/Listen -###KeyTable /etc/opendkim/KeyTable -###SigningTable refile:/etc/opendkim/SigningTable -###ExternalIgnoreList /etc/opendkim/TrustedHosts -###InternalHosts /etc/opendkim/TrustedHosts -### -###UserID opendkim:opendkim -###AutoRestart yes -###AutoRestartRate 10/1h -###Background yes -###DNSTimeout 5 -###SignatureAlgorithm rsa-sha256 -###CONF -### -###systemctl enable --now opendkim || true -###systemctl restart opendkim || true -###systemctl restart rspamd || true -### -#### --------------------------- -#### Postfix: Milter-Anbindung prüfen/setzen (nur ergänzen, nicht zerstören) -#### --------------------------- -#### Diese Werte setzt dein Postfix-Skript normalerweise bereits. -#### Hier nur als Absicherung, falls noch leer. -###need_set() { -### local key="$1" -### local cur -### cur="$(postconf -h "$key" 2>/dev/null || true)" -### [[ -z "$cur" ]] -###} -### -###if need_set smtpd_milters; then -### /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -###fi -###if need_set non_smtpd_milters; then -### /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -###fi -### -###systemctl reload postfix || true -### -#### --------------------------- -#### Hinweise (einmalig, nicht kritisch) -#### --------------------------- -###if [[ ! -s "${KEY_PRIV}" ]]; then -### echo "[!] OpenDKIM: Kein Private Key gefunden unter: ${KEY_PRIV}" -### echo " - Wenn deine App die Keys verwaltet, lege die Private-Key-Datei genau dort ab" -### echo " (Owner: opendkim:opendkim, Mode: 600) und passe ggf. DKIM_SELECTOR/BASIS_DOMAIN an." -### echo " - Oder setze DKIM_GENERATE=1 und starte dieses Skript erneut, um einen Key zu erzeugen." -###fi -### -###echo "[✓] Rspamd + OpenDKIM fertig. Postfix ist an Rspamd (11332) und OpenDKIM (8891) angebunden." -### -#####!/usr/bin/env bash -####set -euo pipefail -####source ./lib.sh -#### -####log "Rspamd + OpenDKIM …" -#### -####cat > /etc/rspamd/local.d/worker-controller.inc <<'CONF' -####password = "admin"; -####bind_socket = "127.0.0.1:11334"; -####CONF -####systemctl enable --now rspamd || true -#### -####cat > /etc/opendkim.conf <<'CONF' -####Syslog yes -####UMask 002 -####Mode sv -####Socket inet:8891@127.0.0.1 -####Canonicalization relaxed/simple -####On-BadSignature accept -####On-Default accept -####On-KeyNotFound accept -####On-NoSignature accept -####LogWhy yes -####OversignHeaders From -####CONF -####systemctl enable --now opendkim || true diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 345c0fe..2c43921 100644 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -91,7 +91,7 @@ export APP_NAME APP_USER APP_GROUP APP_USER_PREFIX APP_DIR export BASE_DOMAIN UI_SUB WEBMAIL_SUB MTA_SUB export SYSMAIL_SUB SYSMAIL_DOMAIN DKIM_ENABLE DKIM_SELECTOR DKIM_GENERATE export UI_HOST WEBMAIL_HOST MAIL_HOSTNAME -export DB_NAME DB_USER DB_PASS +export DB_NAME DB_USER export SERVER_PUBLIC_IPV4 SERVER_PUBLIC_IPV6 APP_TZ APP_LOCALE install -d -m 0755 /etc/mailwolt @@ -112,6 +112,11 @@ DKIM_ENABLE=${DKIM_ENABLE} DKIM_SELECTOR=${DKIM_SELECTOR} DKIM_GENERATE=${DKIM_GENERATE} +DB_HOST=127.0.0.1 +DB_NAME=${DB_NAME} +DB_USER=${DB_USER} +DB_PASS=${DB_PASS} + SERVER_PUBLIC_IPV4=${SERVER_PUBLIC_IPV4} SERVER_PUBLIC_IPV6=${SERVER_PUBLIC_IPV6} APP_ENV=${APP_ENV}