baronkis · November 17, 2023 17:29
diff --git a/01_postfix_installer.md b/01_postfix_installer.md
diff --git a/02_postfix.sh b/02_postfix.sh
 #!/bin/bash

 ESC_SEQ="\x1b["
 COL_RESET=$ESC_SEQ"39;49;00m"
 COL_RED=$ESC_SEQ"31;01m"
 COL_GREEN=$ESC_SEQ"32;01m"
 COL_YELLOW=$ESC_SEQ"33;01m"

 if [ "$UID" -ne 0 ]
  then echo "Please run as root"
  exit
 fi

 function error_check {
    if [ "$?" = "0" ]; then
        echo -e "$COL_GREEN OK. $COL_RESET"
    else
        echo -e "$COL_RED An error has occured. $COL_RESET"
        read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

        if [[ $key != "" ]]; then
            exit
        fi
    fi
 }


 echo "You are about to install and configure Postfix virtual system with imap support (via Dovecot)."
 echo "This script was made for Debian 7, but was adapted for Ubuntu 18.04 LTS [09/07/2018]."

 echo "Updating system"
 apt-get update
 apt-get upgrade

 echo "Adding group:"
 groupadd -g 5000 vmail
 error_check

 echo "Adding group:"
 useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail
 error_check

 echo "Installing programs:"
 apt-get install postfix dovecot-core dovecot-imapd postgresql postfix-pgsql dovecot-lmtpd dovecot-pgsql
 error_check

 #echo "Preparing database:"

 DBPASS=$(date | md5sum | head -c 32)
 CREATEUSER="CREATE USER postfix_user WITH PASSWORD '${DBPASS}';"
 CREATEDB="CREATE DATABASE postfix_db;"
 PERMISSDB="GRANT ALL PRIVILEGES ON DATABASE postfix_db TO postfix_user;"

 sudo -u postgres psql -c "${CREATEUSER}"
 error_check
 sudo -u postgres psql -c "${CREATEDB}"
 error_check
 sudo -u postgres psql -c "${PERMISSDB}"
 error_check

 echo
 echo "Please inform the main domain of your server, like 'example.com'"

 read MAIN_DOMAIN

 echo
 echo "Please inform the Hostname of your machine like 'hostname.example.com'"
 echo "It'll be needed to add an A entry for the hostname on the DNS zone"
 echo

 read HOST_NAME

 echo "Creating postfix config files (/etc/postfix/main.cf):"
 echo "myhostname = ${HOST_NAME}
 mydomain = ${MAIN_DOMAIN}
 mydestination = \$myhostname, localhost.\$mydomain, localhost
 relay_domains =
 virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
 virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
 virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
 virtual_mailbox_base = /home/vmail
 virtual_mailbox_limit = 512000000
 # message size is max 15M
 message_size_limit = 15728640
 virtual_minimum_uid = 5000
 virtual_transport = dovecot
 virtual_uid_maps = static:5000
 virtual_gid_maps = static:5000
 local_transport = dovecot
 local_recipient_maps = \$virtual_mailbox_maps
 transport_maps = hash:/etc/postfix/transport

 milter_default_action = accept
 milter_protocol = 2
 smtpd_milters = inet:localhost:8891
 non_smtpd_milters = inet:localhost:8891 

 smtp_tls_security_level = may
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 smtpd_sasl_security_options = noanonymous
 smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
 smtpd_tls_auth_only = yes
 smtpd_tls_cert_file = /etc/ssl/private/server.crt
 smtpd_tls_key_file = /etc/ssl/private/server.key
 smtpd_sasl_local_domain = \$mydomain
 broken_sasl_auth_clients = yes
 smtpd_tls_loglevel = 1
 html_directory = /usr/share/doc/postfix/html
 queue_directory = /var/spool/postfix" > /etc/postfix/main.cf
 error_check

 echo "Creating postfix config files (/etc/postfix/master.cf):"
 echo "#
 # Postfix master process configuration file.  For details on the format
 # of the file, see the master(5) manual page (command: "man 5 master").
 #
 # Do not forget to execute "postfix reload" after editing this file.
 #
 # ==========================================================================
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 smtp      inet  n       -       -       -       -       smtpd
  -o smtpd_milters=inet:127.0.0.1:8891
 #smtp      inet  n       -       -       -       1       postscreen
 #smtpd     pass  -       -       -       -       -       smtpd
 #dnsblog   unix  -       -       -       -       0       dnsblog
 #tlsproxy  unix  -       -       -       -       0       tlsproxy
 submission inet n       -       -       -       -       smtpd
 #  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
 smtps     inet  n       -       -       -       -       smtpd
 #  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
 #628       inet  n       -       -       -       -       qmqpd
 pickup    fifo  n       -       -       60      1       pickup
 cleanup   unix  n       -       -       -       0       cleanup
 qmgr      fifo  n       -       n       300     1       qmgr
 #qmgr     fifo  n       -       n       300     1       oqmgr
 tlsmgr    unix  -       -       -       1000?   1       tlsmgr
 rewrite   unix  -       -       -       -       -       trivial-rewrite
 bounce    unix  -       -       -       -       0       bounce
 defer     unix  -       -       -       -       0       bounce
 trace     unix  -       -       -       -       0       bounce
 verify    unix  -       -       -       -       1       verify
 flush     unix  n       -       -       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       -       -       -       smtp
 relay     unix  -       -       -       -       -       smtp
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
 showq     unix  n       -       -       -       -       showq
 error     unix  -       -       -       -       -       error
 retry     unix  -       -       -       -       -       error
 discard   unix  -       -       -       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       -       -       -       lmtp
 anvil     unix  -       -       -       -       1       anvil
 scache    unix  -       -       -       -       1       scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
 # pages of the non-Postfix software to find out what options it wants.
 #
 # Many of the following services use the Postfix pipe(8) delivery
 # agent.  See the pipe(8) man page for information about \${recipient}
 # and other message envelope options.
 # ====================================================================
 #
 # maildrop. See the Postfix MAILDROP_README file for details.
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
 #
 # To 'virtual' LDA:
 #maildrop  unix  -       n       n       -       -       pipe
 #  flags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}
 #
 # To Dovecot LDA:
 dovecot   unix  -       n       n       -       -       pipe                                                                    
   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f \${sender} -d \${recipient}
 #
 # ====================================================================
 #
 # Recent Cyrus versions can use the existing \"lmtp\" master.cf entry.
 #
 # Specify in cyrus.conf:
 #   lmtp    cmd=\"lmtpd -a\" listen=\"localhost:lmtp\" proto=tcp4
 #
 # Specify in main.cf one or more of the following:
 #  mailbox_transport = lmtp:inet:localhost
 #  virtual_transport = lmtp:inet:localhost
 #
 # ====================================================================
 #
 # Cyrus 2.1.5 (Amos Gouaux)
 # Also specify in main.cf: cyrus_destination_recipient_limit=1
 #
 #cyrus     unix  -       n       n       -       -       pipe
 #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m \${extension} \${user}
 #
 # ====================================================================
 # Old example of delivery via Cyrus.
 #
 #old-cyrus unix  -       n       n       -       -       pipe
 #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m \${extension} \${user}
 #
 # ====================================================================
 #
 # See the Postfix UUCP_README file for configuration details.
 #
 uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
 #
 # Other external delivery methods.
 #
 ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
 bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient
 scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}
 mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  \${nexthop} \${user}

 cleanup   unix  n       -       -       -       0       cleanup
 subcleanup unix n       -       -       -       0       cleanup
 -o header_checks=regexp:/etc/postfix/submission_header_checks
 " > /etc/postfix/master.cf
 error_check

 echo "Creating postfix config files (/etc/postfix/submission_header_checks):"
 echo "/^Received:/ IGNORE
 /^User-Agent:/ IGNORE" > /etc/postfix/submission_header_checks
 error_check

 echo "Creating postfix config files (/etc/postfix/virtual_alias_maps.cf):"
 echo "user = postfix_user
 password = ${DBPASS}
 hosts = localhost
 dbname = postfix_db
 query = SELECT goto FROM alias WHERE address='%s' AND active = true
 " > /etc/postfix/virtual_alias_maps.cf
 error_check

 echo "Creating postfix config files (/etc/postfix/virtual_mailbox_domains.cf):"
 echo "user = postfix_user
 password = ${DBPASS}
 hosts = localhost
 dbname = postfix_db
 query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
 " > /etc/postfix/virtual_mailbox_domains.cf
 error_check

 echo "Creating postfix config files (/etc/postfix/virtual_mailbox_maps.cf):"
 echo "user = postfix_user
 password = ${DBPASS}
 hosts = localhost
 dbname = postfix_db
 query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
 " > /etc/postfix/virtual_mailbox_maps.cf
 error_check

 echo "Creating dovecot config files (/etc/dovecot/dovecot.conf):"
 echo "protocols = imap
 auth_mechanisms = plain
 passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
 }
 userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
 }
 service auth {
    unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
    }
    user = root
 }
 mail_home = /home/vmail/%d/%u
 mail_location = maildir:~
 ssl_cert = </etc/ssl/private/server.crt
 ssl_key = </etc/ssl/private/server.key" > /etc/dovecot/dovecot.conf
 error_check

 echo "Creating dovecot config files (/etc/dovecot/dovecot-sql.conf):"
 echo "driver = pgsql
 connect = host=localhost dbname=postfix_db user=postfix_user password=${DBPASS}
 default_pass_scheme = MD5-CRYPT
 user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=',  quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
 password_query = SELECT username as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as  userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
 " > /etc/dovecot/dovecot-sql.conf
 error_check

 echo "Creating postmap:"
 touch /etc/postfix/transport
 postmap /etc/postfix/transport
 error_check

 read -p "Enter Postfix Admin and Roundcube installation path: " DOWNPATH

 if [ ! -d ${DOWNPATH} ]; then
    mkdir -p ${DOWNPATH}
 fi

 echo "Checking if path is correct:"
 cd ${DOWNPATH}
 error_check

 echo "Downloading postfixadmin:"
 wget -O postfixadmin.tar.gz http://sourceforge.net/projects/postfixadmin/files/latest/download
 error_check

 echo "Unpacking postfixadmin:"
 tar xvf postfixadmin.tar.gz -C ${DOWNPATH}
 error_check

 echo "Remove package and move extracted files:"
 rm -rf postfixadmin.tar.gz
 mv postfixadmin-* postfixadmin
 error_check

 echo "Create dir and setting permissions:"
 mkdir postfixadmin/templates_c
 chown -R www-data: postfixadmin/templates_c
 error_check

 echo "Downloading roundcube:"
 wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6-complete.tar.gz
 error_check

 echo "Unpacking roundcube:"
 tar xvf roundcubemail-1.3.6-complete.tar.gz -C ${DOWNPATH}
 error_check

 echo "Remove zip and move files to mail dir:"
 rm -rf roundcubemail-1.3.6-complete.tar.gz
 mv roundcubemail-* mail

 echo "chown rights mail dir:"
 chown -R www-data: mail/*
 chown www-data mail/.htaccess
 error_check


 echo "Checking if php7.2-fpm is working:"
 service php7.2-fpm restart
 error_check

 echo "Creating SSL certificate:"
 cd /etc/ssl/private/
 openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
 chmod 400 server.key
 error_check

 openssl req -new -key server.key -out server.csr
 openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
 chmod 444 server.crt
 error_check

 echo "Starting postfix daemon:"
 /etc/init.d/postfix restart
 error_check

 echo "Starting dovecot daemon:"
 /etc/init.d/dovecot restart
 error_check

 echo "Enabling services:"
 update-rc.d postfix defaults
 update-rc.d dovecot defaults
 error_check


 echo -e "$COL_GREEN Setup complete. $COL_RESET"
 echo
 echo "You should configure postfixadmin and roundcube."
 echo "Use these settings:"
 echo "database type: pgsql"
 echo "database host: localhost"
 echo "database user: postfix_user"
 echo "database pass: ${DBPASS}"
 echo "database name: postfix_db"
 echo
 echo "You must create the following database and user:"
 echo
 echo "USER: postfix_user"
 echo "PASS: ${DBPASS}"
 echo "DATABASE: postfix_db"
 echo
 echo "while in the postgres shell, you can create those with:"
 echo "postgres# createuser -P postfix_user"
 echo
 echo "Past the password when it prompts"
 echo
 echo "postgres# createdb postfix_db -O postfix_user"
 echo

diff --git a/03_nginx.sh b/03_nginx.sh
 #!/bin/bash
 # I use it on blank Ubuntu 18.04 LTS installation to setup nginx with php support for simple tasks.

 ESC_SEQ="\x1b["
 COL_RESET=$ESC_SEQ"39;49;00m"
 COL_RED=$ESC_SEQ"31;01m"
 COL_GREEN=$ESC_SEQ"32;01m"
 COL_YELLOW=$ESC_SEQ"33;01m"

 if [ "$UID" -ne 0 ]
  then echo "Please run as root"
  exit
 fi

 function error_check {
    if [ "$?" = "0" ]; then
        echo -e "$COL_GREEN OK. $COL_RESET"
    else
        echo -e "$COL_RED An error has occured. $COL_RESET"
        read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

        if [[ $key != "" ]]; then
            exit
        fi
    fi
 }

 echo "Updating system"
 apt-get update && apt-get upgrade

 echo "Installing the packages"
 apt-get install nginx php7.2-fpm
 error_check

 echo "Set timezone"
 dpkg-reconfigure tzdata
 #sed 's/";date.timezone ="/"date.timezone = "Europe/Vilnius""/' /etc/php/7.2/fpm/php.ini
 #sed ;;date.timezone =
 error_check

 useradd -m -G users -s /bin/bash www
 error_check

 echo "server {
 #       root /home/www;
        root /var/www;
        index index.php index.html index.htm;
        server_name _;

        location / {
                index index.php index.html index.htm;
                autoindex on;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php7.2-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }
 }" > /etc/nginx/sites-available/default
 error_check

 echo "Create postfixadmin file:"
 server {
       listen 80;
       root /postfixadmin;

       index index.php index.html;

       location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
                deny all;
       }
       location ~ ^/(bin|SQL)/ {
                deny all;
       }

       # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }

       location ~ \.php$ {
                try_files $uri =404;
                include /nginx/conf/fastcgi_params;
                fastcgi_pass unix:/php/run/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_index index.php;
       }
 }" > /etc/nginx/sites-available/postfixadmin
 error_check

 echo "Create roundcube file:"
 server {
       listen 80;
       root /roundcube;
       server_name mail.${MAIN_DOMAIN};
       index index.php index.html;

       location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
                deny all;
       }
       location ~ ^/(bin|SQL)/ {
                deny all;
       }

       # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }

       location ~ \.php$ {
                try_files $uri =404;
                include /nginx/conf/fastcgi_params;
                fastcgi_pass unix:/php/run/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_index index.php;
       }
 }" > /etc/nginx/sites-available/roundcube
 error_check

 #echo "Enabling sites"
 #ln -s /etc/nginx/sites-available/roundcube /etc/nginx/sites-enabled/roundcube
 #ln -s /etc/nginx/sites-available/postfixadmin /etc/nginx/sites-enabled/postfixadmin
 #error_check

 /etc/init.d/nginx start
 /etc/init.d/php7.2-fpm start
diff --git a/04_opendkim.sh b/04_opendkim.sh
 #!/bin/bash
 # ------------------------------------------------------------------
 # [Date: 28/07/2017]
 # [Author: MarcelFox] 
 # [email: [email protected]]
 #
 #	Title: 'opendkim.sh'
 #       The script configure the Opendkim for Debian 9 server,
 #	but with a few modifications you'll be able to ran it 
 #	on every Linux Distro. 
 #
 #	Does:
 #		- Check previous configurations.
 #		- Save backups of every configuration file before
 #		  change it.
 #		- Generate directories at '/etc/opendkim'.
 #		- Generate new key for the given domain.
 #		- Alerts for DNS and Postfix configurations.
 #	
 #	Don't:
 #		- Does not configure your mail server.
 #		- Does not check for integrity of the KeyFile,
 #		  SingingTable files. It's important to check those.
 #
 #	Fixes, Contacts and Improvements are encouraged! =)
 #
 # ------------------------------------------------------------------


 ##
 # Set selector variable as YYYYMMDD:
 ##

 SELECTOR_VAR=$(date +%Y%m%d)



 ##
 # Ask if it'll be needed to Download Opendkim packages:
 ##

 echo
 echo "Download and install OpenDKIM packages? (y/n):"

 read var

 if [ $var == "y" ] || [ $var == "Y" ]; then
    apt-get update
    apt-get install -y opendkim opendkim-tools
 elif [ $var == "n" ] || [ $var == "N" ]; then
    echo
    echo "Skipping..."
    echo
 else
    echo
    echo "Please inform only 'y' or 'n'!"
    echo
    exit
 fi



 ##
 # Check if the keys directory already exists:
 ##

 if [ ! -d /etc/opendkim ]; then
    mkdir /etc/opendkim
 else
    echo
    echo "It seems that an Opendkim configuration already exists. Continue? (y/n):"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
        echo "Ok!"
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo
 	echo "Ok, I'm here if you need!"
 	echo
 	exit
    else
 	echo
 	echo "Please inform only 'y' or 'n'!"
 	echo
 	exit
    fi
 fi


 if [ -f /etc/opendkim.conf ]; then
    cp /etc/opendkim.conf /etc/opendkim.conf.saved.${SELECTOR_VAR}
    echo
    echo "I've saved the original conf file to '/etc/opendkim.conf.saved.${SELECTOR_VAR}'"
    echo
 else
    echo
    echo "There's an issue with your Opendkim installation, check those and come back!"
    echo
    exit
 fi



 ##
 # Read the domain to generate the dkim:
 ##

 echo
 echo "Inform the domain, like 'example.com', in which you'll add the DKIM key:"

 read DOMAIN_DKIM



 ##
 # Checks the main configuration file:
 ##

 grep -E 'KeyTable|SigningTable|ExternalIgnoreList|InternalHosts' /etc/opendkim.conf > /dev/null
 #
 # Stores the last command value, then continue:
 #
 LAST_CMD=$?

 if [ $LAST_CMD == 1]; then

 	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
 	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf
 	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
 	echo "InternalHosts      /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
 fi

 if [ $LAST_CMD == 0 ]; then
    echo
    echo "I found those non-default settings on '/etc/opendkim.conf':"
    grep -E 'KeyTable|SigningTable|ExternalIgnoreList|InternalHosts' /etc/opendkim.conf
    echo
    echo "Do you want to comment these lines? (y/n):"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
 	sed -i.bak '/KeyTable/ s/^/#/g' /etc/opendkim.conf
 	sed -i.bak '/SigningTable/ s/^/#/g' /etc/opendkim.conf
 	sed -i.bak '/ExternalIgnoreList/ s/^/#/g' /etc/opendkim.conf
 	sed -i.bak '/InternalHosts/ s/^/#/g' /etc/opendkim.conf
 	
 	echo "KeyTable           /etc/opendkim/KeyTable" >> /etc/opendkim.conf
 	echo "SigningTable       /etc/opendkim/SigningTable" >> /etc/opendkim.conf
 	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
 	echo "InternalHosts      /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
 	
    elif [ $var == "n" ] || [ $var == "N" ]; then	
 	echo "Skipping..."
 	echo "Be sure that your opendkim.conf has the following settings:"
 	echo
 	echo "KeyTable           /etc/opendkim/KeyTable"
 	echo "SigningTable       /etc/opendkim/SigningTable"
 	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts"
 	echo "InternalHosts      /etc/opendkim/TrustedHosts"
 	echo
 	
 	sleep 1
 	
    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
 	exit
    fi
 fi



 ##
 # Check for SOCKET configurations:
 ##

 cp /etc/default/opendkim /etc/default/opendkim.saved.${SELECTOR_VAR}

 grep "SOCKET=inet" /etc/default/opendkim | grep -v "#" > /dev/null

 if [ $? == 1 ]; then

    echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim

 else
    
    echo
    echo "I've found non-default SOCKET configuration, check below:"

    grep "SOCKET=inet" /etc/default/opendkim | grep -v "#" 

    echo
    echo "The SOCKET section which this script uses is:"
    echo "SOCKET=inet:8891@localhost"
    echo
    echo "Do you want me to comment the line(s) and add my configuration? (y/n)"

    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
 	sed -i.bak '/SOCKET=inet/ s/^/#/g' /etc/default/opendkim
 	echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim
 	echo "Ok!"
 	echo
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo "Skipping..."
        sleep 1
    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
        exit
    fi
 fi


 ##
 # Do the Magik!
 ##

 if [ -f /etc/opendkim/TrustedHosts ]; then
    cp /etc/opendkim/TrustedHosts /etc/opendkim/TrustedHosts.saved.${SELECTOR_VAR}
 fi

 echo "127.0.0.1
 localhost
 x.253.204.64
 x.253.204.32/27" > /etc/opendkim/TrustedHosts



 if [ ! -d /etc/opendkim/keys/${DOMAIN_DKIM} ]; then
    mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
    opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
    GENERATED=0
 else
    echo
    echo "The key directory for ${DOMAIN_DKIM} exists."
    echo "Do you want me to generate a new key? (y/n)"
 	
    read var

    if [ $var == "y" ] || [ $var == "Y" ]; then
 	rm -rf /etc/opendkim/keys/${DOMAIN_DKIM}
 	mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
        opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
 	GENERATED=0
    elif [ $var == "n" ] || [ $var == "N" ]; then
        echo "Skipping..."
 	GENERATED=1
        sleep 1
    else
        echo
        echo "Please inform only 'y' or 'n'!"
        echo
        exit
    fi
 fi


 ##
 # Correct the key permission:
 ##

 if [ $GENERATED == 0 ]; then

    chown opendkim:opendkim /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private

    if [ -f /etc/opendkim/KeyTable ]; then
    	cp /etc/opendkim/KeyTable /etc/opendkim/KeyTable.saved.${SELECTOR_VAR}
    fi

    echo "${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM} ${DOMAIN_DKIM}:${SELECTOR_VAR}:/etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private" >> /etc/opendkim/KeyTable



    if [ -f /etc/opendkim/SigningTable ]; then
        cp /etc/opendkim/SigningTable /etc/opendkim/SigningTable.saved.${SELECTOR_VAR}
    fi

    echo "${DOMAIN_DKIM} ${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM}" >> /etc/opendkim/SigningTable

 fi

 echo
 echo "Please, check if the contents of the files KeyTable and SigningTable"
 echo "do not have old or duplicate entries. They're located at /etc/opendkim"
 echo


 if [  $GENERATED == 0 ]; then

    echo
    echo "The selector for the ${DOMAIN_DKIM} is: ${SELECTOR_VAR}"
    echo
    echo "You should now add the following into ${DOMAIN_DKIM} DNS zone:"
    echo
    
    cat /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.txt
 fi

 echo
 echo "Consider to implement Opendkim in your mailserver
 you must do this or all of my effort will be useless"

 if [ -d /etc/postfix ]; then
    echo
    echo "I've found Postfix!"
    echo
    
    echo "Check if you main.cf have those configurations:"
    echo
    echo "milter_default_action = accept"
    echo "milter_protocol = 2"
    echo "smtpd_milters = inet:localhost:8891"
    echo "non_smtpd_milters = inet:localhost:8891"

    echo
    echo "Check if your master.cf have the following line:"
    echo "  -o smtpd_milters=inet:127.0.0.1:8891"
    echo
    echo "below this line:"
    echo "smtp      inet  n       -       -       -       -       smtpd"
    echo
 fi



 ##
 # Validate Opendkim configuration and restart the service.
 ##

 systemctl start opendkim
 systemctl enable opendkim

 echo "Please run manually the following commands:"
 echo
 echo "/lib/opendkim/opendkim.service.generate"
 echo "systemctl daemon-reload"
 echo "systemctl restart opendkim && systemctl restart postfix"
 echo
 echo "Opendkim is configured!"
	#!/bin/bash

	ESC_SEQ="\x1b["
	COL_RESET=$ESC_SEQ"39;49;00m"
	COL_RED=$ESC_SEQ"31;01m"
	COL_GREEN=$ESC_SEQ"32;01m"
	COL_YELLOW=$ESC_SEQ"33;01m"

	if [ "$UID" -ne 0 ]
	then echo "Please run as root"
	exit
	fi

	function error_check {
	if [ "$?" = "0" ]; then
	echo -e "$COL_GREEN OK. $COL_RESET"
	else
	echo -e "$COL_RED An error has occured. $COL_RESET"
	read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

	if [[ $key != "" ]]; then
	exit
	fi
	fi
	}


	echo "You are about to install and configure Postfix virtual system with imap support (via Dovecot)."
	echo "This script was made for Debian 7, but was adapted for Ubuntu 18.04 LTS [09/07/2018]."

	echo "Updating system"
	apt-get update
	apt-get upgrade

	echo "Adding group:"
	groupadd -g 5000 vmail
	error_check

	echo "Adding group:"
	useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail
	error_check

	echo "Installing programs:"
	apt-get install postfix dovecot-core dovecot-imapd postgresql postfix-pgsql dovecot-lmtpd dovecot-pgsql
	error_check

	#echo "Preparing database:"

	DBPASS=$(date \| md5sum \| head -c 32)
	CREATEUSER="CREATE USER postfix_user WITH PASSWORD '${DBPASS}';"
	CREATEDB="CREATE DATABASE postfix_db;"
	PERMISSDB="GRANT ALL PRIVILEGES ON DATABASE postfix_db TO postfix_user;"

	sudo -u postgres psql -c "${CREATEUSER}"
	error_check
	sudo -u postgres psql -c "${CREATEDB}"
	error_check
	sudo -u postgres psql -c "${PERMISSDB}"
	error_check

	echo
	echo "Please inform the main domain of your server, like 'example.com'"

	read MAIN_DOMAIN

	echo
	echo "Please inform the Hostname of your machine like 'hostname.example.com'"
	echo "It'll be needed to add an A entry for the hostname on the DNS zone"
	echo

	read HOST_NAME

	echo "Creating postfix config files (/etc/postfix/main.cf):"
	echo "myhostname = ${HOST_NAME}
	mydomain = ${MAIN_DOMAIN}
	mydestination = \$myhostname, localhost.\$mydomain, localhost
	relay_domains =
	virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
	virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
	virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
	virtual_mailbox_base = /home/vmail
	virtual_mailbox_limit = 512000000
	# message size is max 15M
	message_size_limit = 15728640
	virtual_minimum_uid = 5000
	virtual_transport = dovecot
	virtual_uid_maps = static:5000
	virtual_gid_maps = static:5000
	local_transport = dovecot
	local_recipient_maps = \$virtual_mailbox_maps
	transport_maps = hash:/etc/postfix/transport

	milter_default_action = accept
	milter_protocol = 2
	smtpd_milters = inet:localhost:8891
	non_smtpd_milters = inet:localhost:8891

	smtp_tls_security_level = may
	smtpd_sasl_auth_enable = yes
	smtpd_sasl_type = dovecot
	smtpd_sasl_path = private/auth
	smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
	smtpd_sasl_security_options = noanonymous
	smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
	smtpd_tls_auth_only = yes
	smtpd_tls_cert_file = /etc/ssl/private/server.crt
	smtpd_tls_key_file = /etc/ssl/private/server.key
	smtpd_sasl_local_domain = \$mydomain
	broken_sasl_auth_clients = yes
	smtpd_tls_loglevel = 1
	html_directory = /usr/share/doc/postfix/html
	queue_directory = /var/spool/postfix" > /etc/postfix/main.cf
	error_check

	echo "Creating postfix config files (/etc/postfix/master.cf):"
	echo "#
	# Postfix master process configuration file. For details on the format
	# of the file, see the master(5) manual page (command: "man 5 master").
	#
	# Do not forget to execute "postfix reload" after editing this file.
	#
	# ==========================================================================
	# service type private unpriv chroot wakeup maxproc command + args
	# (yes) (yes) (yes) (never) (100)
	# ==========================================================================
	smtp inet n - - - - smtpd
	-o smtpd_milters=inet:127.0.0.1:8891
	#smtp inet n - - - 1 postscreen
	#smtpd pass - - - - - smtpd
	#dnsblog unix - - - - 0 dnsblog
	#tlsproxy unix - - - - 0 tlsproxy
	submission inet n - - - - smtpd
	# -o syslog_name=postfix/submission
	-o smtpd_tls_security_level=encrypt
	-o smtpd_sasl_auth_enable=yes
	# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	# -o milter_macro_daemon_name=ORIGINATING
	smtps inet n - - - - smtpd
	# -o syslog_name=postfix/smtps
	-o smtpd_tls_wrappermode=yes
	-o smtpd_sasl_auth_enable=yes
	# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	# -o milter_macro_daemon_name=ORIGINATING
	#628 inet n - - - - qmqpd
	pickup fifo n - - 60 1 pickup
	cleanup unix n - - - 0 cleanup
	qmgr fifo n - n 300 1 qmgr
	#qmgr fifo n - n 300 1 oqmgr
	tlsmgr unix - - - 1000? 1 tlsmgr
	rewrite unix - - - - - trivial-rewrite
	bounce unix - - - - 0 bounce
	defer unix - - - - 0 bounce
	trace unix - - - - 0 bounce
	verify unix - - - - 1 verify
	flush unix n - - 1000? 0 flush
	proxymap unix - - n - - proxymap
	proxywrite unix - - n - 1 proxymap
	smtp unix - - - - - smtp
	relay unix - - - - - smtp
	# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
	showq unix n - - - - showq
	error unix - - - - - error
	retry unix - - - - - error
	discard unix - - - - - discard
	local unix - n n - - local
	virtual unix - n n - - virtual
	lmtp unix - - - - - lmtp
	anvil unix - - - - 1 anvil
	scache unix - - - - 1 scache
	#
	# ====================================================================
	# Interfaces to non-Postfix software. Be sure to examine the manual
	# pages of the non-Postfix software to find out what options it wants.
	#
	# Many of the following services use the Postfix pipe(8) delivery
	# agent. See the pipe(8) man page for information about \${recipient}
	# and other message envelope options.
	# ====================================================================
	#
	# maildrop. See the Postfix MAILDROP_README file for details.
	# Also specify in main.cf: maildrop_destination_recipient_limit=1
	#
	# To 'virtual' LDA:
	#maildrop unix - n n - - pipe
	# flags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}
	#
	# To Dovecot LDA:
	dovecot unix - n n - - pipe
	flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f \${sender} -d \${recipient}
	#
	# ====================================================================
	#
	# Recent Cyrus versions can use the existing \"lmtp\" master.cf entry.
	#
	# Specify in cyrus.conf:
	# lmtp cmd=\"lmtpd -a\" listen=\"localhost:lmtp\" proto=tcp4
	#
	# Specify in main.cf one or more of the following:
	# mailbox_transport = lmtp:inet:localhost
	# virtual_transport = lmtp:inet:localhost
	#
	# ====================================================================
	#
	# Cyrus 2.1.5 (Amos Gouaux)
	# Also specify in main.cf: cyrus_destination_recipient_limit=1
	#
	#cyrus unix - n n - - pipe
	# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m \${extension} \${user}
	#
	# ====================================================================
	# Old example of delivery via Cyrus.
	#
	#old-cyrus unix - n n - - pipe
	# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m \${extension} \${user}
	#
	# ====================================================================
	#
	# See the Postfix UUCP_README file for configuration details.
	#
	uucp unix - n n - - pipe
	flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
	#
	# Other external delivery methods.
	#
	ifmail unix - n n - - pipe
	flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
	bsmtp unix - n n - - pipe
	flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient
	scalemail-backend unix - n n - 2 pipe
	flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}
	mailman unix - n n - - pipe
	flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
	\${nexthop} \${user}

	cleanup unix n - - - 0 cleanup
	subcleanup unix n - - - 0 cleanup
	-o header_checks=regexp:/etc/postfix/submission_header_checks
	" > /etc/postfix/master.cf
	error_check

	echo "Creating postfix config files (/etc/postfix/submission_header_checks):"
	echo "/^Received:/ IGNORE
	/^User-Agent:/ IGNORE" > /etc/postfix/submission_header_checks
	error_check

	echo "Creating postfix config files (/etc/postfix/virtual_alias_maps.cf):"
	echo "user = postfix_user
	password = ${DBPASS}
	hosts = localhost
	dbname = postfix_db
	query = SELECT goto FROM alias WHERE address='%s' AND active = true
	" > /etc/postfix/virtual_alias_maps.cf
	error_check

	echo "Creating postfix config files (/etc/postfix/virtual_mailbox_domains.cf):"
	echo "user = postfix_user
	password = ${DBPASS}
	hosts = localhost
	dbname = postfix_db
	query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
	" > /etc/postfix/virtual_mailbox_domains.cf
	error_check

	echo "Creating postfix config files (/etc/postfix/virtual_mailbox_maps.cf):"
	echo "user = postfix_user
	password = ${DBPASS}
	hosts = localhost
	dbname = postfix_db
	query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
	" > /etc/postfix/virtual_mailbox_maps.cf
	error_check

	echo "Creating dovecot config files (/etc/dovecot/dovecot.conf):"
	echo "protocols = imap
	auth_mechanisms = plain
	passdb {
	driver = sql
	args = /etc/dovecot/dovecot-sql.conf
	}
	userdb {
	driver = sql
	args = /etc/dovecot/dovecot-sql.conf
	}
	service auth {
	unix_listener /var/spool/postfix/private/auth {
	group = postfix
	mode = 0660
	user = postfix
	}
	user = root
	}
	mail_home = /home/vmail/%d/%u
	mail_location = maildir:~
	ssl_cert = </etc/ssl/private/server.crt
	ssl_key = </etc/ssl/private/server.key" > /etc/dovecot/dovecot.conf
	error_check

	echo "Creating dovecot config files (/etc/dovecot/dovecot-sql.conf):"
	echo "driver = pgsql
	connect = host=localhost dbname=postfix_db user=postfix_user password=${DBPASS}
	default_pass_scheme = MD5-CRYPT
	user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
	password_query = SELECT username as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
	" > /etc/dovecot/dovecot-sql.conf
	error_check

	echo "Creating postmap:"
	touch /etc/postfix/transport
	postmap /etc/postfix/transport
	error_check

	read -p "Enter Postfix Admin and Roundcube installation path: " DOWNPATH

	if [ ! -d ${DOWNPATH} ]; then
	mkdir -p ${DOWNPATH}
	fi

	echo "Checking if path is correct:"
	cd ${DOWNPATH}
	error_check

	echo "Downloading postfixadmin:"
	wget -O postfixadmin.tar.gz http://sourceforge.net/projects/postfixadmin/files/latest/download
	error_check

	echo "Unpacking postfixadmin:"
	tar xvf postfixadmin.tar.gz -C ${DOWNPATH}
	error_check

	echo "Remove package and move extracted files:"
	rm -rf postfixadmin.tar.gz
	mv postfixadmin-* postfixadmin
	error_check

	echo "Create dir and setting permissions:"
	mkdir postfixadmin/templates_c
	chown -R www-data: postfixadmin/templates_c
	error_check

	echo "Downloading roundcube:"
	wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6-complete.tar.gz
	error_check

	echo "Unpacking roundcube:"
	tar xvf roundcubemail-1.3.6-complete.tar.gz -C ${DOWNPATH}
	error_check

	echo "Remove zip and move files to mail dir:"
	rm -rf roundcubemail-1.3.6-complete.tar.gz
	mv roundcubemail-* mail

	echo "chown rights mail dir:"
	chown -R www-data: mail/*
	chown www-data mail/.htaccess
	error_check


	echo "Checking if php7.2-fpm is working:"
	service php7.2-fpm restart
	error_check

	echo "Creating SSL certificate:"
	cd /etc/ssl/private/
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
	chmod 400 server.key
	error_check

	openssl req -new -key server.key -out server.csr
	openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
	chmod 444 server.crt
	error_check

	echo "Starting postfix daemon:"
	/etc/init.d/postfix restart
	error_check

	echo "Starting dovecot daemon:"
	/etc/init.d/dovecot restart
	error_check

	echo "Enabling services:"
	update-rc.d postfix defaults
	update-rc.d dovecot defaults
	error_check


	echo -e "$COL_GREEN Setup complete. $COL_RESET"
	echo
	echo "You should configure postfixadmin and roundcube."
	echo "Use these settings:"
	echo "database type: pgsql"
	echo "database host: localhost"
	echo "database user: postfix_user"
	echo "database pass: ${DBPASS}"
	echo "database name: postfix_db"
	echo
	echo "You must create the following database and user:"
	echo
	echo "USER: postfix_user"
	echo "PASS: ${DBPASS}"
	echo "DATABASE: postfix_db"
	echo
	echo "while in the postgres shell, you can create those with:"
	echo "postgres# createuser -P postfix_user"
	echo
	echo "Past the password when it prompts"
	echo
	echo "postgres# createdb postfix_db -O postfix_user"
	echo
	#!/bin/bash
	# I use it on blank Ubuntu 18.04 LTS installation to setup nginx with php support for simple tasks.

	ESC_SEQ="\x1b["
	COL_RESET=$ESC_SEQ"39;49;00m"
	COL_RED=$ESC_SEQ"31;01m"
	COL_GREEN=$ESC_SEQ"32;01m"
	COL_YELLOW=$ESC_SEQ"33;01m"

	if [ "$UID" -ne 0 ]
	then echo "Please run as root"
	exit
	fi

	function error_check {
	if [ "$?" = "0" ]; then
	echo -e "$COL_GREEN OK. $COL_RESET"
	else
	echo -e "$COL_RED An error has occured. $COL_RESET"
	read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key

	if [[ $key != "" ]]; then
	exit
	fi
	fi
	}

	echo "Updating system"
	apt-get update && apt-get upgrade

	echo "Installing the packages"
	apt-get install nginx php7.2-fpm
	error_check

	echo "Set timezone"
	dpkg-reconfigure tzdata
	#sed 's/";date.timezone ="/"date.timezone = "Europe/Vilnius""/' /etc/php/7.2/fpm/php.ini
	#sed ;;date.timezone =
	error_check

	useradd -m -G users -s /bin/bash www
	error_check

	echo "server {
	# root /home/www;
	root /var/www;
	index index.php index.html index.htm;
	server_name _;

	location / {
	index index.php index.html index.htm;
	autoindex on;
	}

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php7.2-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}
	}" > /etc/nginx/sites-available/default
	error_check

	echo "Create postfixadmin file:"
	server {
	listen 80;
	root /postfixadmin;

	index index.php index.html;

	location ~ ^/(README\|INSTALL\|LICENSE\|CHANGELOG\|UPGRADING)$ {
	deny all;
	}
	location ~ ^/(bin\|SQL)/ {
	deny all;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ \.php$ {
	try_files $uri =404;
	include /nginx/conf/fastcgi_params;
	fastcgi_pass unix:/php/run/php-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}
	}" > /etc/nginx/sites-available/postfixadmin
	error_check

	echo "Create roundcube file:"
	server {
	listen 80;
	root /roundcube;
	server_name mail.${MAIN_DOMAIN};
	index index.php index.html;

	location ~ ^/(README\|INSTALL\|LICENSE\|CHANGELOG\|UPGRADING)$ {
	deny all;
	}
	location ~ ^/(bin\|SQL)/ {
	deny all;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ \.php$ {
	try_files $uri =404;
	include /nginx/conf/fastcgi_params;
	fastcgi_pass unix:/php/run/php-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}
	}" > /etc/nginx/sites-available/roundcube
	error_check

	#echo "Enabling sites"
	#ln -s /etc/nginx/sites-available/roundcube /etc/nginx/sites-enabled/roundcube
	#ln -s /etc/nginx/sites-available/postfixadmin /etc/nginx/sites-enabled/postfixadmin
	#error_check

	/etc/init.d/nginx start
	/etc/init.d/php7.2-fpm start
	#!/bin/bash
	# ------------------------------------------------------------------
	# [Date: 28/07/2017]
	# [Author: MarcelFox]
	# [email: [email protected]]
	#
	# Title: 'opendkim.sh'
	# The script configure the Opendkim for Debian 9 server,
	# but with a few modifications you'll be able to ran it
	# on every Linux Distro.
	#
	# Does:
	# - Check previous configurations.
	# - Save backups of every configuration file before
	# change it.
	# - Generate directories at '/etc/opendkim'.
	# - Generate new key for the given domain.
	# - Alerts for DNS and Postfix configurations.
	#
	# Don't:
	# - Does not configure your mail server.
	# - Does not check for integrity of the KeyFile,
	# SingingTable files. It's important to check those.
	#
	# Fixes, Contacts and Improvements are encouraged! =)
	#
	# ------------------------------------------------------------------


	##
	# Set selector variable as YYYYMMDD:
	##

	SELECTOR_VAR=$(date +%Y%m%d)



	##
	# Ask if it'll be needed to Download Opendkim packages:
	##

	echo
	echo "Download and install OpenDKIM packages? (y/n):"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	apt-get update
	apt-get install -y opendkim opendkim-tools
	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo
	echo "Skipping..."
	echo
	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi



	##
	# Check if the keys directory already exists:
	##

	if [ ! -d /etc/opendkim ]; then
	mkdir /etc/opendkim
	else
	echo
	echo "It seems that an Opendkim configuration already exists. Continue? (y/n):"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	echo "Ok!"
	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo
	echo "Ok, I'm here if you need!"
	echo
	exit
	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi
	fi


	if [ -f /etc/opendkim.conf ]; then
	cp /etc/opendkim.conf /etc/opendkim.conf.saved.${SELECTOR_VAR}
	echo
	echo "I've saved the original conf file to '/etc/opendkim.conf.saved.${SELECTOR_VAR}'"
	echo
	else
	echo
	echo "There's an issue with your Opendkim installation, check those and come back!"
	echo
	exit
	fi



	##
	# Read the domain to generate the dkim:
	##

	echo
	echo "Inform the domain, like 'example.com', in which you'll add the DKIM key:"

	read DOMAIN_DKIM



	##
	# Checks the main configuration file:
	##

	grep -E 'KeyTable\|SigningTable\|ExternalIgnoreList\|InternalHosts' /etc/opendkim.conf > /dev/null
	#
	# Stores the last command value, then continue:
	#
	LAST_CMD=$?

	if [ $LAST_CMD == 1]; then

	echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim.conf
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	fi

	if [ $LAST_CMD == 0 ]; then
	echo
	echo "I found those non-default settings on '/etc/opendkim.conf':"
	grep -E 'KeyTable\|SigningTable\|ExternalIgnoreList\|InternalHosts' /etc/opendkim.conf
	echo
	echo "Do you want to comment these lines? (y/n):"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	sed -i.bak '/KeyTable/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/SigningTable/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/ExternalIgnoreList/ s/^/#/g' /etc/opendkim.conf
	sed -i.bak '/InternalHosts/ s/^/#/g' /etc/opendkim.conf

	echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim.conf
	echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim.conf
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
	echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim.conf

	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo "Skipping..."
	echo "Be sure that your opendkim.conf has the following settings:"
	echo
	echo "KeyTable /etc/opendkim/KeyTable"
	echo "SigningTable /etc/opendkim/SigningTable"
	echo "ExternalIgnoreList /etc/opendkim/TrustedHosts"
	echo "InternalHosts /etc/opendkim/TrustedHosts"
	echo

	sleep 1

	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi
	fi



	##
	# Check for SOCKET configurations:
	##

	cp /etc/default/opendkim /etc/default/opendkim.saved.${SELECTOR_VAR}

	grep "SOCKET=inet" /etc/default/opendkim \| grep -v "#" > /dev/null

	if [ $? == 1 ]; then

	echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim

	else

	echo
	echo "I've found non-default SOCKET configuration, check below:"

	grep "SOCKET=inet" /etc/default/opendkim \| grep -v "#"

	echo
	echo "The SOCKET section which this script uses is:"
	echo "SOCKET=inet:8891@localhost"
	echo
	echo "Do you want me to comment the line(s) and add my configuration? (y/n)"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	sed -i.bak '/SOCKET=inet/ s/^/#/g' /etc/default/opendkim
	echo "SOCKET=inet:8891@localhost" >> /etc/default/opendkim
	echo "Ok!"
	echo
	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo "Skipping..."
	sleep 1
	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi
	fi


	##
	# Do the Magik!
	##

	if [ -f /etc/opendkim/TrustedHosts ]; then
	cp /etc/opendkim/TrustedHosts /etc/opendkim/TrustedHosts.saved.${SELECTOR_VAR}
	fi

	echo "127.0.0.1
	localhost
	x.253.204.64
	x.253.204.32/27" > /etc/opendkim/TrustedHosts



	if [ ! -d /etc/opendkim/keys/${DOMAIN_DKIM} ]; then
	mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
	opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
	GENERATED=0
	else
	echo
	echo "The key directory for ${DOMAIN_DKIM} exists."
	echo "Do you want me to generate a new key? (y/n)"

	read var

	if [ $var == "y" ] \|\| [ $var == "Y" ]; then
	rm -rf /etc/opendkim/keys/${DOMAIN_DKIM}
	mkdir -p /etc/opendkim/keys/${DOMAIN_DKIM}
	opendkim-genkey -D /etc/opendkim/keys/${DOMAIN_DKIM} -d ${DOMAIN_DKIM} -s ${SELECTOR_VAR}
	GENERATED=0
	elif [ $var == "n" ] \|\| [ $var == "N" ]; then
	echo "Skipping..."
	GENERATED=1
	sleep 1
	else
	echo
	echo "Please inform only 'y' or 'n'!"
	echo
	exit
	fi
	fi


	##
	# Correct the key permission:
	##

	if [ $GENERATED == 0 ]; then

	chown opendkim:opendkim /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private

	if [ -f /etc/opendkim/KeyTable ]; then
	cp /etc/opendkim/KeyTable /etc/opendkim/KeyTable.saved.${SELECTOR_VAR}
	fi

	echo "${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM} ${DOMAIN_DKIM}:${SELECTOR_VAR}:/etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.private" >> /etc/opendkim/KeyTable



	if [ -f /etc/opendkim/SigningTable ]; then
	cp /etc/opendkim/SigningTable /etc/opendkim/SigningTable.saved.${SELECTOR_VAR}
	fi

	echo "${DOMAIN_DKIM} ${SELECTOR_VAR}._domainkey.${DOMAIN_DKIM}" >> /etc/opendkim/SigningTable

	fi

	echo
	echo "Please, check if the contents of the files KeyTable and SigningTable"
	echo "do not have old or duplicate entries. They're located at /etc/opendkim"
	echo


	if [ $GENERATED == 0 ]; then

	echo
	echo "The selector for the ${DOMAIN_DKIM} is: ${SELECTOR_VAR}"
	echo
	echo "You should now add the following into ${DOMAIN_DKIM} DNS zone:"
	echo

	cat /etc/opendkim/keys/${DOMAIN_DKIM}/${SELECTOR_VAR}.txt
	fi

	echo
	echo "Consider to implement Opendkim in your mailserver
	you must do this or all of my effort will be useless"

	if [ -d /etc/postfix ]; then
	echo
	echo "I've found Postfix!"
	echo

	echo "Check if you main.cf have those configurations:"
	echo
	echo "milter_default_action = accept"
	echo "milter_protocol = 2"
	echo "smtpd_milters = inet:localhost:8891"
	echo "non_smtpd_milters = inet:localhost:8891"

	echo
	echo "Check if your master.cf have the following line:"
	echo " -o smtpd_milters=inet:127.0.0.1:8891"
	echo
	echo "below this line:"
	echo "smtp inet n - - - - smtpd"
	echo
	fi



	##
	# Validate Opendkim configuration and restart the service.
	##

	systemctl start opendkim
	systemctl enable opendkim

	echo "Please run manually the following commands:"
	echo
	echo "/lib/opendkim/opendkim.service.generate"
	echo "systemctl daemon-reload"
	echo "systemctl restart opendkim && systemctl restart postfix"
	echo
	echo "Opendkim is configured!"