boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mailwolt-installer/scripts/50-dovecot.sh

262 lines
8.0 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh
MAIL_SSL_DIR="/etc/ssl/mail"
MAIL_CERT="${MAIL_SSL_DIR}/fullchain.pem"
MAIL_KEY="${MAIL_SSL_DIR}/privkey.pem"
log "Dovecot konfigurieren …"
# ──────────────────────────────────────────────────────────────────────────────
# 1) vmail-Benutzer/Gruppe & Mailspool vorbereiten (DYNAMIC UID!)
# ──────────────────────────────────────────────────────────────────────────────
# Sicherstellen, dass die Gruppe 'mail' existiert (auf Debian/Ubuntu idR vorhanden)
getent group mail >/dev/null || groupadd -g 8 mail || true
# vmail anlegen, wenn er fehlt. Bevorzugt UID 109, falls frei sonst automatisch.
if ! getent passwd vmail >/dev/null; then
if ! getent passwd 109 >/dev/null; then
useradd -u 109 -g mail -d /var/mail -M -s /usr/sbin/nologin vmail
else
useradd -g mail -d /var/mail -M -s /usr/sbin/nologin vmail
fi
fi
# Tatsächliche vmail-UID ermitteln (wird unten in die Dovecot-Config geschrieben)
VMAIL_UID="$(id -u vmail)"
# Mailspool-Basis
install -d -m 0770 -o vmail -g mail /var/mail/vhosts
# ──────────────────────────────────────────────────────────────────────────────
# 2) Dovecot Grundgerüst
# ──────────────────────────────────────────────────────────────────────────────
# Hauptdatei
install -d -m 0755 /etc/dovecot/conf.d
cat > /etc/dovecot/dovecot.conf <<'CONF'
!include_try /etc/dovecot/conf.d/*.conf
CONF
# Mail-Location & Namespace + UID-Grenzen
cat > /etc/dovecot/conf.d/10-mail.conf <<CONF
protocols = imap pop3 lmtp
mail_location = maildir:/var/mail/vhosts/%d/%n
namespace inbox {
inbox = yes
}
mail_privileged_group = mail
mail_access_groups = mail
first_valid_uid = ${VMAIL_UID}
last_valid_uid = ${VMAIL_UID}
CONF
# Auth
cat > /etc/dovecot/conf.d/10-auth.conf <<'CONF'
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include_try auth-sql.conf.ext
CONF
# SQL-Anbindung (Passwörter aus App-DB)
cat > /etc/dovecot/dovecot-sql.conf.ext <<CONF
driver = mysql
connect = host=127.0.0.1 dbname=${DB_NAME} user=${DB_USER} password=${DB_PASS}
default_pass_scheme = BLF-CRYPT
password_query = SELECT email AS user, password_hash AS password
FROM mail_users
WHERE email = '%u' AND is_active = 1
LIMIT 1;
CONF
chown root:dovecot /etc/dovecot/dovecot-sql.conf.ext
chmod 640 /etc/dovecot/dovecot-sql.conf.ext
# Auth-SQL → userdb static auf vmail:mail (Home unter /var/mail/vhosts/%d/%n)
cat > /etc/dovecot/conf.d/auth-sql.conf.ext <<'CONF'
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=mail home=/var/mail/vhosts/%d/%n
}
CONF
chown root:dovecot /etc/dovecot/conf.d/auth-sql.conf.ext
chmod 640 /etc/dovecot/conf.d/auth-sql.conf.ext
# Master-Services (LMTP + AUTH + IMAP/POP3 Listener)
cat > /etc/dovecot/conf.d/10-master.conf <<'CONF'
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
service imap-login {
inet_listener imap { port = 143 }
inet_listener imaps { port = 993 ssl = yes }
}
service pop3-login {
inet_listener pop3 { port = 110 }
inet_listener pop3s { port = 995 ssl = yes }
}
CONF
# SSL auf stabile Mail-Pfade zeigen
DOVECOT_SSL_CONF="/etc/dovecot/conf.d/10-ssl.conf"
touch "$DOVECOT_SSL_CONF"
grep -q '^ssl\s*=' "$DOVECOT_SSL_CONF" 2>/dev/null || echo "ssl = required" >> "$DOVECOT_SSL_CONF"
if grep -q '^\s*ssl_cert\s*=' "$DOVECOT_SSL_CONF"; then
sed -i "s|^\s*ssl_cert\s*=.*|ssl_cert = <${MAIL_CERT}|" "$DOVECOT_SSL_CONF"
else
echo "ssl_cert = <${MAIL_CERT}" >> "$DOVECOT_SSL_CONF"
fi
if grep -q '^\s*ssl_key\s*=' "$DOVECOT_SSL_CONF"; then
sed -i "s|^\s*ssl_key\s*=.*|ssl_key = <${MAIL_KEY}|" "$DOVECOT_SSL_CONF"
else
echo "ssl_key = <${MAIL_KEY}" >> "$DOVECOT_SSL_CONF"
fi
grep -q '^ssl_min_protocol' "$DOVECOT_SSL_CONF" || echo "ssl_min_protocol = TLSv1.2" >> "$DOVECOT_SSL_CONF"
# Postfix-Socket-Verzeichnis sicherstellen
mkdir -p /var/spool/postfix/private
chown root:root /var/spool/postfix
chmod 0755 /var/spool/postfix
chown postfix:postfix /var/spool/postfix/private
chmod 0755 /var/spool/postfix/private
# Nur aktivieren Start/Reload später
systemctl enable dovecot >/dev/null 2>&1 || true
##!/usr/bin/env bash
#set -euo pipefail
#source ./lib.sh
#
#MAIL_SSL_DIR="/etc/ssl/mail"
#MAIL_CERT="${MAIL_SSL_DIR}/fullchain.pem"
#MAIL_KEY="${MAIL_SSL_DIR}/privkey.pem"
#
#log "Dovecot konfigurieren …"
#
## Hauptdatei
#cat > /etc/dovecot/dovecot.conf <<'CONF'
#!include_try /etc/dovecot/conf.d/*.conf
#CONF
#
## Mail-Location & Namespace
#cat > /etc/dovecot/conf.d/10-mail.conf <<'CONF'
#protocols = imap pop3 lmtp
#mail_location = maildir:/var/mail/vhosts/%d/%n
#
#namespace inbox {
# inbox = yes
#}
#
#mail_privileged_group = mail
#first_valid_uid = 109
#last_valid_uid = 109
#CONF
#
## Auth
#cat > /etc/dovecot/conf.d/10-auth.conf <<'CONF'
#disable_plaintext_auth = yes
#auth_mechanisms = plain login
#!include_try auth-sql.conf.ext
#CONF
#
## SQL-Anbindung
#cat > /etc/dovecot/dovecot-sql.conf.ext <<CONF
#driver = mysql
#connect = host=127.0.0.1 dbname=${DB_NAME} user=${DB_USER} password=${DB_PASS}
#default_pass_scheme = BLF-CRYPT
#password_query = SELECT email AS user, password_hash AS password FROM mail_users WHERE email = '%u' AND is_active = 1 LIMIT 1;
#CONF
#chown root:dovecot /etc/dovecot/dovecot-sql.conf.ext
#chmod 640 /etc/dovecot/dovecot-sql.conf.ext
#
## Auth-SQL Einbindung
#cat > /etc/dovecot/conf.d/auth-sql.conf.ext <<'CONF'
#passdb {
# driver = sql
# args = /etc/dovecot/dovecot-sql.conf.ext
#}
#userdb {
# driver = static
# args = uid=vmail gid=mail home=/var/mail/vhosts/%d/%n
#}
#CONF
#chown root:dovecot /etc/dovecot/conf.d/auth-sql.conf.ext
#chmod 640 /etc/dovecot/conf.d/auth-sql.conf.ext
#
## Master-Services (LMTP + AUTH + Listener)
#cat > /etc/dovecot/conf.d/10-master.conf <<'CONF'
#service lmtp {
# unix_listener /var/spool/postfix/private/dovecot-lmtp {
# mode = 0600
# user = postfix
# group = postfix
# }
#}
#service auth {
# unix_listener /var/spool/postfix/private/auth {
# mode = 0660
# user = postfix
# group = postfix
# }
#}
#service imap-login {
# inet_listener imap {
# port = 143
# }
# inet_listener imaps {
# port = 993
# ssl = yes
# }
#}
#service pop3-login {
# inet_listener pop3 {
# port = 110
# }
# inet_listener pop3s {
# port = 995
# ssl = yes
# }
#}
#CONF
#
## SSL stabile Mail-Pfade
#DOVECOT_SSL_CONF="/etc/dovecot/conf.d/10-ssl.conf"
#grep -q '^ssl\s*=' "$DOVECOT_SSL_CONF" 2>/dev/null || echo "ssl = required" >> "$DOVECOT_SSL_CONF"
#if grep -q '^\s*ssl_cert\s*=' "$DOVECOT_SSL_CONF"; then
# sed -i "s|^\s*ssl_cert\s*=.*|ssl_cert = <${MAIL_CERT}|" "$DOVECOT_SSL_CONF"
#else
# echo "ssl_cert = <${MAIL_CERT}" >> "$DOVECOT_SSL_CONF"
#fi
#if grep -q '^\s*ssl_key\s*=' "$DOVECOT_SSL_CONF"; then
# sed -i "s|^\s*ssl_key\s*=.*|ssl_key = <${MAIL_KEY}|" "$DOVECOT_SSL_CONF"
#else
# echo "ssl_key = <${MAIL_KEY}" >> "$DOVECOT_SSL_CONF"
#fi
#
## Postfix-Socket-Verzeichnis sicherstellen
#mkdir -p /var/spool/postfix/private
#chown root:root /var/spool/postfix
#chmod 0755 /var/spool/postfix
#chown postfix:postfix /var/spool/postfix/private
#chmod 0755 /var/spool/postfix/private
#
## Nur aktivieren Start/Reload erst nach App/DB in 90-services.sh
#systemctl enable dovecot >/dev/null 2>&1 || true
Reference in New Issue View Git Blame Copy Permalink