Laudende Default seite entfernen
parent
8fab1b626b
commit
936750e5a3
|
|
@ -173,25 +173,43 @@ EOSH
|
||||||
chown root:root /usr/local/sbin/mailwolt-install-dkim
|
chown root:root /usr/local/sbin/mailwolt-install-dkim
|
||||||
chmod 0750 /usr/local/sbin/mailwolt-install-dkim
|
chmod 0750 /usr/local/sbin/mailwolt-install-dkim
|
||||||
|
|
||||||
# OpenDKIM nur starten, wenn Key vorhanden – sonst nur Rspamd aktiv lassen
|
KEY_DIR="/etc/opendkim/keys/${SYSMAIL_DOMAIN}"
|
||||||
if [[ -s "${KEY_PRIV}" ]]; then
|
KEY_PRIV="${KEY_DIR}/${DKIM_SELECTOR}.private"
|
||||||
|
KEY_DNSTXT="${KEY_DIR}/${DKIM_SELECTOR}.txt"
|
||||||
|
|
||||||
|
if [[ -s "${KEY_PRIV}" ]]; then
|
||||||
systemctl enable --now opendkim || true
|
systemctl enable --now opendkim || true
|
||||||
systemctl restart opendkim || true
|
if systemctl is-active --quiet opendkim; then
|
||||||
|
systemctl reload opendkim || true
|
||||||
|
fi
|
||||||
/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||||
/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||||
systemctl reload postfix || true
|
#systemctl reload postfix || true
|
||||||
|
else
|
||||||
install -d -m 0755 /etc/mailwolt/dns
|
|
||||||
[[ -s "${KEY_DNSTXT}" ]] && cp -f "${KEY_DNSTXT}" "/etc/mailwolt/dns/dkim-${SYSMAIL_DOMAIN}.txt" || true
|
|
||||||
|
|
||||||
echo "[✓] OpenDKIM aktiv für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR})"
|
|
||||||
echo " DNS: ${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN} (siehe ${KEY_DNSTXT})"
|
|
||||||
else
|
|
||||||
echo "[i] Noch kein Private Key unter ${KEY_PRIV} – OpenDKIM bleibt aus."
|
echo "[i] Noch kein Private Key unter ${KEY_PRIV} – OpenDKIM bleibt aus."
|
||||||
/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332"
|
/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332"
|
||||||
/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332"
|
/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332"
|
||||||
systemctl reload postfix || true
|
#systemctl reload postfix || true
|
||||||
fi
|
fi
|
||||||
|
# OpenDKIM nur starten, wenn Key vorhanden – sonst nur Rspamd aktiv lassen
|
||||||
|
#if [[ -s "${KEY_PRIV}" ]]; then
|
||||||
|
# systemctl enable --now opendkim || true
|
||||||
|
# systemctl restart opendkim || true
|
||||||
|
# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||||
|
# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
|
||||||
|
# systemctl reload postfix || true
|
||||||
|
#
|
||||||
|
# install -d -m 0755 /etc/mailwolt/dns
|
||||||
|
# [[ -s "${KEY_DNSTXT}" ]] && cp -f "${KEY_DNSTXT}" "/etc/mailwolt/dns/dkim-${SYSMAIL_DOMAIN}.txt" || true
|
||||||
|
#
|
||||||
|
# echo "[✓] OpenDKIM aktiv für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR})"
|
||||||
|
# echo " DNS: ${DKIM_SELECTOR}._domainkey.${SYSMAIL_DOMAIN} (siehe ${KEY_DNSTXT})"
|
||||||
|
#else
|
||||||
|
# echo "[i] Noch kein Private Key unter ${KEY_PRIV} – OpenDKIM bleibt aus."
|
||||||
|
# /usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332"
|
||||||
|
# /usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332"
|
||||||
|
# systemctl reload postfix || true
|
||||||
|
#fi
|
||||||
|
|
||||||
|
|
||||||
##!/usr/bin/env bash
|
##!/usr/bin/env bash
|
||||||
|
|
|
||||||
|
|
@ -192,29 +192,36 @@ SYSMAIL_DOMAIN="${SYSMAIL_DOMAIN:-sysmail.${BASE_DOMAIN}}"
|
||||||
if [[ "${DKIM_ENABLE}" = "1" && -n "${SYSMAIL_DOMAIN}" ]]; then
|
if [[ "${DKIM_ENABLE}" = "1" && -n "${SYSMAIL_DOMAIN}" ]]; then
|
||||||
log "Erzeuge/aktualisiere DKIM für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR}) …"
|
log "Erzeuge/aktualisiere DKIM für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR}) …"
|
||||||
|
|
||||||
# Temp-Pfade ALS APP-USER erzeugen, damit PHP (läuft als APP_USER) reinschreiben darf
|
set +u
|
||||||
TMP_PRIV="$(sudo -u "${APP_USER}" mktemp -p /tmp dkim_priv_XXXXXX.pem)"
|
[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
|
||||||
TMP_TXT="$(sudo -u "${APP_USER}" mktemp -p /tmp dkim_txt_XXXXXX.txt)"
|
set -u
|
||||||
|
|
||||||
# (fallback – normalerweise nicht nötig, aber schadet nicht)
|
: "${SYSMAIL_DOMAIN:?SYSMAIL_DOMAIN fehlt}"
|
||||||
chown "${APP_USER}:${APP_GROUP}" "$TMP_PRIV" "$TMP_TXT" || true
|
: "${DKIM_SELECTOR:=mwl1}"
|
||||||
chmod 600 "$TMP_PRIV" "$TMP_TXT" || true
|
|
||||||
|
|
||||||
|
# sichere Temp-Dateien EIGENTÜMER = APP_USER (sonst Permission denied in PHP)
|
||||||
|
TMP_PRIV="$(mktemp /tmp/dkim_priv_XXXXXX.pem)"
|
||||||
|
TMP_TXT="$(mktemp /tmp/dkim_txt_XXXXXX.txt)"
|
||||||
|
chown "${APP_USER}:${APP_GROUP}" "$TMP_PRIV" "$TMP_TXT"
|
||||||
|
chmod 600 "$TMP_PRIV" "$TMP_TXT"
|
||||||
|
|
||||||
|
# Key mit deinem bestehenden DkimService generieren (läuft als APP_USER)
|
||||||
sudo -u "${APP_USER}" -H bash -lc "cd ${APP_DIR} && php -r '
|
sudo -u "${APP_USER}" -H bash -lc "cd ${APP_DIR} && php -r '
|
||||||
require \"vendor/autoload.php\";
|
require \"vendor/autoload.php\";
|
||||||
\$app = require \"bootstrap/app.php\";
|
\$app = require \"bootstrap/app.php\";
|
||||||
\$kernel = \$app->make(Illuminate\\Contracts\\Console\\Kernel::class); \$kernel->bootstrap();
|
\$kernel = \$app->make(Illuminate\\Contracts\\Console\\Kernel::class); \$kernel->bootstrap();
|
||||||
\$domain = App\\Models\\Domain::firstOrCreate([\"domain\"=>\"${SYSMAIL_FQDN}\"],[\"is_active\"=>1,\"is_system\"=>1]);
|
\$domain = App\\Models\\Domain::firstOrCreate([\"domain\"=>\"${SYSMAIL_DOMAIN}\"],[\"is_active\"=>1,\"is_system\"=>1]);
|
||||||
\$svc = app(App\\Services\\DkimService::class);
|
\$svc = app(App\\Services\\DkimService::class);
|
||||||
\$res = \$svc->generateForDomain(\$domain, 2048, \"${DKIM_SELECTOR}\");
|
\$res = \$svc->generateForDomain(\$domain, 2048, \"${DKIM_SELECTOR}\");
|
||||||
file_put_contents(\"${TMP_PRIV}\", \$res[\"private_pem\"]);
|
file_put_contents(\"${TMP_PRIV}\", \$res[\"private_pem\"]);
|
||||||
file_put_contents(\"${TMP_TXT}\", \$res[\"dns_txt\"]);
|
file_put_contents(\"${TMP_TXT}\", \$res[\"dns_txt\"]);
|
||||||
echo \"OK\\n\";
|
echo \"OK\n\";
|
||||||
'"
|
'"
|
||||||
|
|
||||||
# Root-Helper (kopiert Key nach /etc/opendkim/..., schreibt KeyTable/SigningTable, restartet opendkim)
|
# Root-Helper installiert den Key in OpenDKIM (KeyTable/SigningTable)
|
||||||
sudo /usr/local/sbin/mailwolt-install-dkim "${SYSMAIL_FQDN}" "${DKIM_SELECTOR}" "${TMP_PRIV}" "${TMP_TXT}" || true
|
if [[ -x /usr/local/sbin/mailwolt-install-dkim ]]; then
|
||||||
|
sudo /usr/local/sbin/mailwolt-install-dkim "${SYSMAIL_DOMAIN}" "${DKIM_SELECTOR}" "${TMP_PRIV}" "${TMP_TXT}" || true
|
||||||
|
fi
|
||||||
rm -f "${TMP_PRIV}" "${TMP_TXT}" || true
|
rm -f "${TMP_PRIV}" "${TMP_TXT}" || true
|
||||||
else
|
else
|
||||||
log "DKIM übersprungen (DKIM_ENABLE=${DKIM_ENABLE}, SYSMAIL_DOMAIN='${SYSMAIL_DOMAIN}')."
|
log "DKIM übersprungen (DKIM_ENABLE=${DKIM_ENABLE}, SYSMAIL_DOMAIN='${SYSMAIL_DOMAIN}')."
|
||||||
|
|
|
||||||
|
|
@ -72,7 +72,6 @@ if [[ "$MTA_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||||||
fi
|
fi
|
||||||
if [[ "$UI_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
if [[ "$UI_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||||||
UI_SUB="${BASH_REMATCH[1]}"
|
UI_SUB="${BASH_REMATCH[1]}"
|
||||||
# BASE_DOMAIN hier NICHT überschreiben (wir folgen MX)
|
|
||||||
fi
|
fi
|
||||||
if [[ "$WEBMAIL_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
if [[ "$WEBMAIL_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||||||
WEBMAIL_SUB="${BASH_REMATCH[1]}"
|
WEBMAIL_SUB="${BASH_REMATCH[1]}"
|
||||||
|
|
@ -95,6 +94,29 @@ export UI_HOST WEBMAIL_HOST MAIL_HOSTNAME
|
||||||
export DB_NAME DB_USER DB_PASS
|
export DB_NAME DB_USER DB_PASS
|
||||||
export SERVER_PUBLIC_IPV4 SERVER_PUBLIC_IPV6 APP_TZ APP_LOCALE
|
export SERVER_PUBLIC_IPV4 SERVER_PUBLIC_IPV6 APP_TZ APP_LOCALE
|
||||||
|
|
||||||
|
install -d -m 0755 /etc/mailwolt
|
||||||
|
cat >/etc/mailwolt/installer.env <<EOF
|
||||||
|
BASE_DOMAIN=${BASE_DOMAIN}
|
||||||
|
MTA_SUB=${MTA_SUB}
|
||||||
|
UI_SUB=${UI_SUB}
|
||||||
|
WEBMAIL_SUB=${WEBMAIL_SUB}
|
||||||
|
|
||||||
|
MAIL_HOSTNAME=${MAIL_HOSTNAME}
|
||||||
|
UI_HOST=${UI_HOST}
|
||||||
|
WEBMAIL_HOST=${WEBMAIL_HOST}
|
||||||
|
|
||||||
|
SYSMAIL_SUB=${SYSMAIL_SUB}
|
||||||
|
SYSMAIL_DOMAIN=${SYSMAIL_DOMAIN}
|
||||||
|
|
||||||
|
DKIM_ENABLE=${DKIM_ENABLE}
|
||||||
|
DKIM_SELECTOR=${DKIM_SELECTOR}
|
||||||
|
DKIM_GENERATE=${DKIM_GENERATE}
|
||||||
|
|
||||||
|
SERVER_PUBLIC_IPV4=${SERVER_PUBLIC_IPV4}
|
||||||
|
SERVER_PUBLIC_IPV6=${SERVER_PUBLIC_IPV6}
|
||||||
|
APP_ENV=${APP_ENV}
|
||||||
|
EOF
|
||||||
|
|
||||||
# ── Sequenz ────────────────────────────────────────────────────────────────
|
# ── Sequenz ────────────────────────────────────────────────────────────────
|
||||||
for STEP in 10-provision 20-ssl 21-le-deploy-hook 22-dkim-helper 30-db 40-postfix 50-dovecot 60-rspamd-opendkim 70-nginx 75-le-issue 80-app 90-services 95-monit 98-motd 99-summary
|
for STEP in 10-provision 20-ssl 21-le-deploy-hook 22-dkim-helper 30-db 40-postfix 50-dovecot 60-rspamd-opendkim 70-nginx 75-le-issue 80-app 90-services 95-monit 98-motd 99-summary
|
||||||
do
|
do
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue