From f3379debcbbb3dbac9121e2db1e71f0bd1a849b0 Mon Sep 17 00:00:00 2001 From: superpuffin <35958013+superpuffin@users.noreply.github.com> Date: Fri, 10 Jul 2020 12:00:57 +0200 Subject: Update emailwiz.sh --- emailwiz.sh | 1 - 1 file changed, 1 deletion(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index a4750e4..7565ba1 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -64,7 +64,6 @@ postconf -e "smtpd_use_tls = yes" postconf -e "smtpd_tls_auth_only = yes" postconf -e "smtp_tls_security_level = may" postconf -e "smtp_tls_loglevel = 1" -postconf -e "smtp_tls_CAfile=$certdir/cert.pem" # Here we tell Postfix to look to Dovecot for authenticating users/passwords. # Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth -- cgit v1.2.3-70-g09d2 From 0560bf087b53e5298e48b641369668d51168fc7b Mon Sep 17 00:00:00 2001 From: Laesp <44760628+Laesp@users.noreply.github.com> Date: Tue, 14 Jul 2020 15:33:45 -0400 Subject: Minor change for dovecot.conf to work on v2.3 According to the wiki (https://wiki.dovecot.org/SSL/DovecotConfiguration): "From version 2.3, you must specify path to DH parameters file using: ssl_dh= Date: Fri, 11 Sep 2020 08:35:58 -0400 Subject: guess proper cert if mail subdomain not available --- emailwiz.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index 7565ba1..da81ab5 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -42,7 +42,9 @@ subdom="mail" maildomain="$subdom.$domain" certdir="/etc/letsencrypt/live/$maildomain" -[ ! -d "$certdir" ] && echo "Note! You must first have a HTTPS/SSL Certificate for $maildomain. +[ ! -d "$certdir" ] && certdir="$(dirname "$(certbot certificates 2>/dev/null | grep "$maildomain" -A 2 | awk '/Certificate Path/ {print $3}')")" + +[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. Use Let's Encrypt's Certbot to get that and then rerun this script. -- cgit v1.2.3-70-g09d2 From 983b99e86d9865e6ec82856f192461cbbdde56a5 Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Sun, 11 Oct 2020 14:25:47 -0400 Subject: fix #72 --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index 57f68c7..e24c089 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -274,7 +274,7 @@ for x in dovecot postfix opendkim spamassassin; do service "$x" restart && printf " ...done\\n" done -pval="$(tr -d "\n" Date: Sun, 11 Oct 2020 14:46:45 -0400 Subject: more robust --- emailwiz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'emailwiz.sh') diff --git a/emailwiz.sh b/emailwiz.sh index e24c089..837ea1c 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -253,7 +253,7 @@ sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf sed -e '/Socket/s/^#*/#/' -i /etc/opendkim.conf -sed -i '/\local:\/var\/run\/opendkim\/opendkim.sock/a \Socket\t\t\tinet:12301@localhost' /etc/opendkim.conf +grep -q "^Socket\s*inet:12301@localhost" /etc/opendkim.conf || echo "Socket inet:12301@localhost" >> /etc/opendkim.conf # OpenDKIM daemon settings, removing previously activated socket. sed -i "/^SOCKET/d" /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim -- cgit v1.2.3-70-g09d2 From 1ab9f432df8912e26677935e4d4a26cf278f6a6c Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Sat, 14 Nov 2020 14:18:50 -0500 Subject: log in with full email addr instead of username documentation changes --- README.md | 42 +++++++++++++++++------------------------- emailwiz.sh | 2 +- 2 files changed, 18 insertions(+), 26 deletions(-) (limited to 'emailwiz.sh') diff --git a/README.md b/README.md index 228430c..191588a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Email server setup script -I wrote this script during the gruelling process of installing and setting up +I wrote this script during the grueling process of installing and setting up an email server. It perfectly reproduces my successful steps to ensure the same setup time and time again. @@ -14,14 +14,10 @@ curl -LO lukesmith.xyz/emailwiz.sh When prompted by a dialog menu at the beginning, select "Internet Site", then give your full domain without any subdomain, i.e. `lukesmith.xyz`. -Read this readme and peruse the script's comments before running it. Expect it -to fail and you have to do bug testing and you will be very happy when it -actually works perfectly. - ## This script installs - **Postfix** to send and receive mail. -- **Dovecot** to get mail to your email client (mutt, Thunderbird, etc). +- **Dovecot** to get mail to your email client (mutt, Thunderbird, etc.). - Config files that unique the two above securely with native log-ins. - **Spamassassin** to prevent spam and allow you to make custom filters. - **OpenDKIM** to validate you so you can send to Gmail and other big sites. @@ -50,19 +46,19 @@ actually works perfectly. server: (1) an **MX record** pointing to your own main domain/IP and (2) a **CNAME record** for your `mail.` subdomain. 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an - entry for your IPV4 Reverse DNS that goes from your IP address to - `` (not mail subdomain). If you would like IPV6, you can do + entry for your IPv4 Reverse DNS that goes from your IP address to + `` (not mail subdomain). If you would like IPv6, you can do the same for that. This has been tested on Vultr, and all decent VPS hosts - will have a section on their instance settings page to add a reverse DNS PTR + will have a section on their instance settings page to add a reverse DNS PTR entry. You can use the 'Test Email Server' or ':smtp' tool on [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a reverse DNS correctly. This step is not required for everyone, but some - big email services like gmail will stop emails coming from mail servers + big email services like Gmail will stop emails coming from mail servers with no/invalid rDNS lookups. This means your email will fail to even - make it to the receipients spam folder; it will never make it to them. + make it to the recipients spam folder; it will never make it to them. 5. `apt purge` all your previous (failed) attempts to install and configure a - mailserver. Get rid of _all_ your system settings for Postfix, Dovecot, + mail server. Get rid of _all_ your system settings for Postfix, Dovecot, OpenDKIM and everything else. This script builds off of a fresh install. 6. Some VPS providers block port 25 (used to send mail). You may need to request that this port be opened to send mail successfully. Although I have @@ -105,27 +101,23 @@ email program. For my domain, the server information will be as follows: - SMTP port: 587 - IMAP server: `mail.lukesmith.xyz` - IMAP port: 993 -- Username `luke` (I.e. *not* `luke@lukesmith.xyz`) - -The last point is important. Many email systems use a full email address on -login. Since we just simply use local PAM logins, only the user's name is used -(this makes a difference if you're using my -[mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard), etc.). - -## Tweaking things - -You're a big boy now if you have your own mail server! -You can tweak Postfix (sending mail +In previous versions of emailwiz, you also had to log on with *only* your +username (i.e. `luke`) rather than your whole email address (i.e. +`luke@lukesmith.xyz`), which caused some confusion. This is no longer the +case. ## Benefited from this? -If this script or documentation has saved you some frustration, you can donate -to support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). +I am always glad to hear this script is still making life easy for people! If +this script or documentation has saved you some frustration, you can donate to +support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). ## Troubleshooting -- Can't send mail? - Always check `journalctl -xe` to see the specific problem. +- Check with your VPS host and ask them to enable mail ports. Some providers + disable them by default. It shouldn't take any time. - Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records. If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records incorrectly. diff --git a/emailwiz.sh b/emailwiz.sh index 837ea1c..20685ea 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -130,6 +130,7 @@ ssl_key = <$certdir/privkey.pem ssl_dh = "$HOME/dns_emailwizard" echo " - _ _ | \ | | _____ ___ | \| |/ _ \ \ /\ / (_) -- cgit v1.2.3-70-g09d2