95 lines
2.6 KiB
Bash
95 lines
2.6 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
source ./lib.sh
|
|
|
|
MAIL_SSL_DIR="/etc/ssl/mail"
|
|
MAIL_CERT="${MAIL_SSL_DIR}/fullchain.pem"
|
|
MAIL_KEY="${MAIL_SSL_DIR}/privkey.pem"
|
|
|
|
log "Dovecot konfigurieren…"
|
|
|
|
cat > /etc/dovecot/dovecot.conf <<'CONF'
|
|
!include_try /etc/dovecot/conf.d/*.conf
|
|
CONF
|
|
|
|
cat > /etc/dovecot/conf.d/10-mail.conf <<'CONF'
|
|
protocols = imap pop3 lmtp
|
|
mail_location = maildir:/var/mail/vhosts/%d/%n
|
|
|
|
namespace inbox {
|
|
inbox = yes
|
|
}
|
|
|
|
mail_privileged_group = mail
|
|
CONF
|
|
|
|
cat > /etc/dovecot/conf.d/10-auth.conf <<'CONF'
|
|
disable_plaintext_auth = yes
|
|
auth_mechanisms = plain login
|
|
!include_try auth-sql.conf.ext
|
|
CONF
|
|
|
|
cat > /etc/dovecot/dovecot-sql.conf.ext <<CONF
|
|
driver = mysql
|
|
connect = host=127.0.0.1 dbname=${DB_NAME} user=${DB_USER} password=${DB_PASS}
|
|
default_pass_scheme = BLF-CRYPT
|
|
password_query = SELECT email AS user, password_hash AS password FROM mail_users WHERE email = '%u' AND is_active = 1 LIMIT 1;
|
|
CONF
|
|
chown root:dovecot /etc/dovecot/dovecot-sql.conf.ext; chmod 640 /etc/dovecot/dovecot-sql.conf.ext
|
|
|
|
cat > /etc/dovecot/conf.d/auth-sql.conf.ext <<'CONF'
|
|
passdb {
|
|
driver = sql
|
|
args = /etc/dovecot/dovecot-sql.conf.ext
|
|
}
|
|
userdb {
|
|
driver = static
|
|
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
|
|
}
|
|
CONF
|
|
chown root:dovecot /etc/dovecot/conf.d/auth-sql.conf.ext; chmod 640 /etc/dovecot/conf.d/auth-sql.conf.ext
|
|
|
|
cat > /etc/dovecot/conf.d/10-master.conf <<'CONF'
|
|
service lmtp {
|
|
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
|
mode = 0600
|
|
user = postfix
|
|
group = postfix
|
|
}
|
|
}
|
|
service auth {
|
|
unix_listener /var/spool/postfix/private/auth {
|
|
mode = 0660
|
|
user = postfix
|
|
group = postfix
|
|
}
|
|
}
|
|
service imap-login {
|
|
inet_listener imap { port = 143 }
|
|
inet_listener imaps { port = 993; ssl = yes }
|
|
}
|
|
service pop3-login {
|
|
inet_listener pop3 { port = 110 }
|
|
inet_listener pop3s { port = 995; ssl = yes }
|
|
}
|
|
CONF
|
|
|
|
DOVECOT_SSL_CONF="/etc/dovecot/conf.d/10-ssl.conf"
|
|
grep -q '^ssl\s*=' "$DOVECOT_SSL_CONF" 2>/dev/null || echo "ssl = required" >> "$DOVECOT_SSL_CONF"
|
|
if grep -q '^\s*ssl_cert\s*=' "$DOVECOT_SSL_CONF"; then
|
|
sed -i "s|^\s*ssl_cert\s*=.*|ssl_cert = <${MAIL_CERT}|" "$DOVECOT_SSL_CONF"
|
|
else
|
|
echo "ssl_cert = <${MAIL_CERT}" >> "$DOVECOT_SSL_CONF"
|
|
fi
|
|
if grep -q '^\s*ssl_key\s*=' "$DOVECOT_SSL_CONF"; then
|
|
sed -i "s|^\s*ssl_key\s*=.*|ssl_key = <${MAIL_KEY}|" "$DOVECOT_SSL_CONF"
|
|
else
|
|
echo "ssl_key = <${MAIL_KEY}" >> "$DOVECOT_SSL_CONF"
|
|
fi
|
|
|
|
mkdir -p /var/spool/postfix/private
|
|
chown postfix:postfix /var/spool/postfix /var/spool/postfix/private
|
|
chmod 0755 /var/spool/postfix /var/spool/postfix/private
|
|
|
|
systemctl enable dovecot >/dev/null 2>&1 || true
|