boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dovecot Systax Problem

main
boksbc 2025-10-18 21:25:40 +02:00
parent 608c53d873
commit bbbb9480f7
2 changed files with 50 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
scripts/60-rspamd-opendkim.sh
View File

@ -228,23 +228,15 @@ chmod 0750 /usr/local/sbin/mailwolt-remove-dkim
# --- Sudoers für beide Helper sicherstellen -------------------
APP_USER="${APP_USER:-mailwolt}"
cat >/etc/sudoers.d/mailwolt-dkim <<EOF
Defaults! /usr/local/sbin/mailwolt-install-dkim !requiretty
Defaults! /usr/local/sbin/mailwolt-remove-dkim !requiretty
${APP_USER} ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-install-dkim
${APP_USER} ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-remove-dkim
EOF
chmod 440 /etc/sudoers.d/mailwolt-dkim
# --- Sudoers-Regel für App-User --------------------------------
APP_USER="${APP_USER:-mailwolt}"
cat > /etc/sudoers.d/mailwolt-dkim <<EOF
Defaults! /usr/local/sbin/mailwolt-install-dkim !requiretty
Defaults! /usr/local/sbin/mailwolt-remove-dkim !requiretty
cat >/etc/sudoers.d/mailwolt-dkim <<EOF
Defaults!/usr/local/sbin/mailwolt-install-dkim !requiretty
Defaults!/usr/local/sbin/mailwolt-remove-dkim !requiretty
${APP_USER} ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-install-dkim
${APP_USER} ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-remove-dkim
EOF
chmod 440 /etc/sudoers.d/mailwolt-dkim
visudo -cf /etc/sudoers.d/mailwolt-dkim >/dev/null
# ── Dienst + Postfix-Milter aktivieren ─────────────────────────
systemctl daemon-reload

65
scripts/80-app.sh
View File

@ -171,6 +171,17 @@ setfacl -R -m u:www-data:rwx,u:${APP_USER}:rwx storage bootstrap/cache || true
setfacl -dR -m u:www-data:rwx,u:${APP_USER}:rwx storage bootstrap/cache || true
log "[✓] Schreibrechte für Laravel korrigiert."
# --- DKIM: Verzeichnisse & Basisrechte --------------------------------------
# Laravel-Storage: private/dkim von mailwolt beschreibbar
install -d -m 0770 -o "$APP_USER" -g "$APP_GROUP" "$APP_DIR/storage/app/private"
install -d -m 0770 -o "$APP_USER" -g "$APP_GROUP" "$APP_DIR/storage/app/private/dkim"
# OpenDKIM: keys & dns-Verzeichnis
install -d -m 0750 -o opendkim -g opendkim /etc/opendkim
install -d -m 0750 -o opendkim -g opendkim /etc/opendkim/keys
install -d -m 0755 -o root -g root /etc/mailwolt
install -d -m 0755 -o root -g root /etc/mailwolt/dns
# --- Caches leeren, Migrationen ausführen -----------------------------------
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan migrate --force"
@ -180,7 +191,7 @@ if [[ "${BASE_DOMAIN}" != "example.com" ]]; then
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan db:seed --class=SystemDomainSeeder --force"
fi
# --- DKIM für SYSMAIL_DOMAIN via App erzeugen & in OpenDKIM einhängen -------
# --- DKIM für SYSMAIL_DOMAIN via App erzeugen & per Helper einhängen --------
DKIM_ENABLE="${DKIM_ENABLE:-1}"
DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}"
SYSMAIL_DOMAIN="${SYSMAIL_DOMAIN:-sysmail.${BASE_DOMAIN}}"
@ -188,27 +199,43 @@ SYSMAIL_DOMAIN="${SYSMAIL_DOMAIN:-sysmail.${BASE_DOMAIN}}"
if [[ "${DKIM_ENABLE}" = "1" && -n "${SYSMAIL_DOMAIN}" ]]; then
log "Erzeuge/aktualisiere DKIM für ${SYSMAIL_DOMAIN} (Selector: ${DKIM_SELECTOR}) …"
TMP_PRIV="$(mktemp /tmp/dkim_priv_XXXXXX.pem)"
TMP_TXT="$(mktemp /tmp/dkim_txt_XXXXXX.txt)"
chown "${APP_USER}:${APP_GROUP}" "$TMP_PRIV" "$TMP_TXT"
chmod 600 "$TMP_PRIV" "$TMP_TXT"
# 1) In der App generieren (als mailwolt), und Pfad + TXT zurückgeben
OUT="$(sudo -u "${APP_USER}" -H bash -lc "
set -e
cd '${APP_DIR}'
php -r '
require \"vendor/autoload.php\";
\$app=require \"bootstrap/app.php\";
\$app->make(Illuminate\\Contracts\\Console\\Kernel::class)->bootstrap();
\$d = App\\Models\\Domain::firstOrCreate([\"domain\"=>\"${SYSMAIL_DOMAIN}\"],[\"is_active\"=>1,\"is_system\"=>1]);
\$r = app(App\\Services\\DkimService::class)->generateForDomain(\$d, 2048, \"${DKIM_SELECTOR}\");
echo \$r[\"priv_path\"], \"\\n\";
echo \$r[\"dns_txt\"], \"\\n\";
'
")"
sudo -u "${APP_USER}" -H bash -lc "cd ${APP_DIR} && php -r '
require \"vendor/autoload.php\";
\$app = require \"bootstrap/app.php\";
\$kernel = \$app->make(Illuminate\\Contracts\\Console\\Kernel::class); \$kernel->bootstrap();
\$domain = App\\Models\\Domain::firstOrCreate([\"domain\"=>\"${SYSMAIL_DOMAIN}\"],[\"is_active\"=>1,\"is_system\"=>1]);
\$svc = app(App\\Services\\DkimService::class);
\$res = \$svc->generateForDomain(\$domain, 2048, \"${DKIM_SELECTOR}\");
file_put_contents(\"${TMP_PRIV}\", \$res[\"private_pem\"]);
file_put_contents(\"${TMP_TXT}\", \$res[\"dns_txt\"]);
echo \"OK\\n\";
'"
PRIV_PATH="$(printf '%s\n' "$OUT" | sed -n '1p')"
DNS_TXT="$(printf '%s\n' "$OUT" | sed -n '2,$p')"
if [[ -x /usr/local/sbin/mailwolt-install-dkim ]]; then
sudo /usr/local/sbin/mailwolt-install-dkim "${SYSMAIL_DOMAIN}" "${DKIM_SELECTOR}" "${TMP_PRIV}" "${TMP_TXT}" || true
if [[ -z "$PRIV_PATH" || ! -s "$PRIV_PATH" ]]; then
echo "[!] DKIM priv_path fehlt oder Datei leer: $PRIV_PATH" >&2
exit 1
fi
rm -f "${TMP_PRIV}" "${TMP_TXT}" || true
TMP_TXT="$(mktemp /tmp/dkim_txt_XXXXXX.txt)"
printf '%s' "$DNS_TXT" >"$TMP_TXT"
# 2) Root-Helper ausführen (hängt Key ein, pflegt Key/SigningTable, kopiert TXT)
if [[ -x /usr/local/sbin/mailwolt-install-dkim ]]; then
/usr/local/sbin/mailwolt-install-dkim "${SYSMAIL_DOMAIN}" "${DKIM_SELECTOR}" "${PRIV_PATH}" "${TMP_TXT}"
else
echo "[!] Helper /usr/local/sbin/mailwolt-install-dkim fehlt oder ist nicht ausführbar." >&2
fi
rm -f "$TMP_TXT" || true
# 3) OpenDKIM neu laden
systemctl reload opendkim || systemctl restart opendkim || true
else
log "DKIM übersprungen (DKIM_ENABLE=${DKIM_ENABLE}, SYSMAIL_DOMAIN='${SYSMAIL_DOMAIN}')."
fi