Laudende Default seite entfernen
parent
8fab1b626b
commit
936750e5a3
|
|
@ -173,25 +173,43 @@ EOSH
|
|||
chown root:root /usr/local/sbin/mailwolt-install-dkim
|
||||
chmod 0750 /usr/local/sbin/mailwolt-install-dkim
|
||||
|
||||
KEY_DIR="/etc/opendkim/keys/${SYSMAIL_DOMAIN}"
|
||||
KEY_PRIV="${KEY_DIR}/${DKIM_SELECTOR}.private"
|
||||
KEY_DNSTXT="${KEY_DIR}/${DKIM_SELECTOR}.txt"
|
||||
|
||||
if [[ -s "${KEY_PRIV}" ]]; then
|
||||
systemctl enable --now opendkim || true
|
||||
if systemctl is-active --quiet opendkim; then
|
||||
systemctl reload opendkim || true
|
||||
fi
|
||||
/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||
/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||
#systemctl reload postfix || true
|
||||
else
|
||||
echo "[i] Noch kein Private Key unter ${KEY_PRIV} – OpenDKIM bleibt aus."
|
||||
/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332"
|
||||
/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332"
|
||||
#systemctl reload postfix || true
|
||||
fi
|
||||
# OpenDKIM nur starten, wenn Key vorhanden – sonst nur Rspamd aktiv lassen
|
||||
if [[ -s "${KEY_PRIV}" ]]; then
|
||||
systemctl enable --now opendkim || true
|
||||
systemctl restart opendkim || true
|
||||
/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||
/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||
systemctl reload postfix || true
|
||||
|
||||
install -d -m 0755 /etc/mailwolt/dns
|
||||
[[ -s "${KEY_DNSTXT}" ]] && cp -f "${KEY_DNSTXT}" "/etc/mailwolt/dns/dkim-${SYSMAIL_DOMAIN}.txt" || true
|
||||
|
||||
echo "[✓] OpenDKIM aktiv für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR})"
|
||||
echo " DNS: ${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN} (siehe ${KEY_DNSTXT})"
|
||||
else
|
||||
echo "[i] Noch kein Private Key unter ${KEY_PRIV} – OpenDKIM bleibt aus."
|
||||
/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332"
|
||||
/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332"
|
||||
systemctl reload postfix || true
|
||||
fi
|
||||
#if [[ -s "${KEY_PRIV}" ]]; then
|
||||
# systemctl enable --now opendkim || true
|
||||
# systemctl restart opendkim || true
|
||||
# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||
# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||
# systemctl reload postfix || true
|
||||
#
|
||||
# install -d -m 0755 /etc/mailwolt/dns
|
||||
# [[ -s "${KEY_DNSTXT}" ]] && cp -f "${KEY_DNSTXT}" "/etc/mailwolt/dns/dkim-${SYSMAIL_DOMAIN}.txt" || true
|
||||
#
|
||||
# echo "[✓] OpenDKIM aktiv für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR})"
|
||||
# echo " DNS: ${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN} (siehe ${KEY_DNSTXT})"
|
||||
#else
|
||||
# echo "[i] Noch kein Private Key unter ${KEY_PRIV} – OpenDKIM bleibt aus."
|
||||
# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332"
|
||||
# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332"
|
||||
# systemctl reload postfix || true
|
||||
#fi
|
||||
|
||||
|
||||
##!/usr/bin/env bash
|
||||
|
|
|
|||
|
|
@ -192,29 +192,36 @@ SYSMAIL_DOMAIN="${SYSMAIL_DOMAIN:-sysmail.${BASE_DOMAIN}}"
|
|||
if [[ "${DKIM_ENABLE}" = "1" && -n "${SYSMAIL_DOMAIN}" ]]; then
|
||||
log "Erzeuge/aktualisiere DKIM für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR}) …"
|
||||
|
||||
# Temp-Pfade ALS APP-USER erzeugen, damit PHP (läuft als APP_USER) reinschreiben darf
|
||||
TMP_PRIV="$(sudo -u "${APP_USER}" mktemp -p /tmp dkim_priv_XXXXXX.pem)"
|
||||
TMP_TXT="$(sudo -u "${APP_USER}" mktemp -p /tmp dkim_txt_XXXXXX.txt)"
|
||||
set +u
|
||||
[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
|
||||
set -u
|
||||
|
||||
# (fallback – normalerweise nicht nötig, aber schadet nicht)
|
||||
chown "${APP_USER}:${APP_GROUP}" "$TMP_PRIV" "$TMP_TXT" || true
|
||||
chmod 600 "$TMP_PRIV" "$TMP_TXT" || true
|
||||
: "${SYSMAIL_DOMAIN:?SYSMAIL_DOMAIN fehlt}"
|
||||
: "${DKIM_SELECTOR:=mwl1}"
|
||||
|
||||
# sichere Temp-Dateien EIGENTÜMER = APP_USER (sonst Permission denied in PHP)
|
||||
TMP_PRIV="$(mktemp /tmp/dkim_priv_XXXXXX.pem)"
|
||||
TMP_TXT="$(mktemp /tmp/dkim_txt_XXXXXX.txt)"
|
||||
chown "${APP_USER}:${APP_GROUP}" "$TMP_PRIV" "$TMP_TXT"
|
||||
chmod 600 "$TMP_PRIV" "$TMP_TXT"
|
||||
|
||||
# Key mit deinem bestehenden DkimService generieren (läuft als APP_USER)
|
||||
sudo -u "${APP_USER}" -H bash -lc "cd ${APP_DIR} && php -r '
|
||||
require \"vendor/autoload.php\";
|
||||
\$app = require \"bootstrap/app.php\";
|
||||
\$kernel = \$app->make(Illuminate\\Contracts\\Console\\Kernel::class); \$kernel->bootstrap();
|
||||
\$domain = App\\Models\\Domain::firstOrCreate([\"domain\"=>\"${SYSMAIL_FQDN}\"],[\"is_active\"=>1,\"is_system\"=>1]);
|
||||
\$domain = App\\Models\\Domain::firstOrCreate([\"domain\"=>\"${SYSMAIL_DOMAIN}\"],[\"is_active\"=>1,\"is_system\"=>1]);
|
||||
\$svc = app(App\\Services\\DkimService::class);
|
||||
\$res = \$svc->generateForDomain(\$domain, 2048, \"${DKIM_SELECTOR}\");
|
||||
file_put_contents(\"${TMP_PRIV}\", \$res[\"private_pem\"]);
|
||||
file_put_contents(\"${TMP_TXT}\", \$res[\"dns_txt\"]);
|
||||
echo \"OK\\n\";
|
||||
echo \"OK\n\";
|
||||
'"
|
||||
|
||||
# Root-Helper (kopiert Key nach /etc/opendkim/..., schreibt KeyTable/SigningTable, restartet opendkim)
|
||||
sudo /usr/local/sbin/mailwolt-install-dkim "${SYSMAIL_FQDN}" "${DKIM_SELECTOR}" "${TMP_PRIV}" "${TMP_TXT}" || true
|
||||
|
||||
# Root-Helper installiert den Key in OpenDKIM (KeyTable/SigningTable)
|
||||
if [[ -x /usr/local/sbin/mailwolt-install-dkim ]]; then
|
||||
sudo /usr/local/sbin/mailwolt-install-dkim "${SYSMAIL_DOMAIN}" "${DKIM_SELECTOR}" "${TMP_PRIV}" "${TMP_TXT}" || true
|
||||
fi
|
||||
rm -f "${TMP_PRIV}" "${TMP_TXT}" || true
|
||||
else
|
||||
log "DKIM übersprungen (DKIM_ENABLE=${DKIM_ENABLE}, SYSMAIL_DOMAIN='${SYSMAIL_DOMAIN}')."
|
||||
|
|
|
|||
|
|
@ -72,7 +72,6 @@ if [[ "$MTA_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
|||
fi
|
||||
if [[ "$UI_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||||
UI_SUB="${BASH_REMATCH[1]}"
|
||||
# BASE_DOMAIN hier NICHT überschreiben (wir folgen MX)
|
||||
fi
|
||||
if [[ "$WEBMAIL_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||||
WEBMAIL_SUB="${BASH_REMATCH[1]}"
|
||||
|
|
@ -95,6 +94,29 @@ export UI_HOST WEBMAIL_HOST MAIL_HOSTNAME
|
|||
export DB_NAME DB_USER DB_PASS
|
||||
export SERVER_PUBLIC_IPV4 SERVER_PUBLIC_IPV6 APP_TZ APP_LOCALE
|
||||
|
||||
install -d -m 0755 /etc/mailwolt
|
||||
cat >/etc/mailwolt/installer.env <<EOF
|
||||
BASE_DOMAIN=${BASE_DOMAIN}
|
||||
MTA_SUB=${MTA_SUB}
|
||||
UI_SUB=${UI_SUB}
|
||||
WEBMAIL_SUB=${WEBMAIL_SUB}
|
||||
|
||||
MAIL_HOSTNAME=${MAIL_HOSTNAME}
|
||||
UI_HOST=${UI_HOST}
|
||||
WEBMAIL_HOST=${WEBMAIL_HOST}
|
||||
|
||||
SYSMAIL_SUB=${SYSMAIL_SUB}
|
||||
SYSMAIL_DOMAIN=${SYSMAIL_DOMAIN}
|
||||
|
||||
DKIM_ENABLE=${DKIM_ENABLE}
|
||||
DKIM_SELECTOR=${DKIM_SELECTOR}
|
||||
DKIM_GENERATE=${DKIM_GENERATE}
|
||||
|
||||
SERVER_PUBLIC_IPV4=${SERVER_PUBLIC_IPV4}
|
||||
SERVER_PUBLIC_IPV6=${SERVER_PUBLIC_IPV6}
|
||||
APP_ENV=${APP_ENV}
|
||||
EOF
|
||||
|
||||
# ── Sequenz ────────────────────────────────────────────────────────────────
|
||||
for STEP in 10-provision 20-ssl 21-le-deploy-hook 22-dkim-helper 30-db 40-postfix 50-dovecot 60-rspamd-opendkim 70-nginx 75-le-issue 80-app 90-services 95-monit 98-motd 99-summary
|
||||
do
|
||||
|
|
|
|||
Loading…
Reference in New Issue