wildduck/setup/install.sh

#!/bin/bash

# Run as root:
# sudo ./install.sh [maildomain.com]

HOSTNAME="$1"

WILDDUCK_COMMIT="30f0e83ed34efcaacd56b997d85a0b76ad1cdd8d"
ZONEMTA_COMMIT="88f73b6f6fa4c1135af611d1bb79213ed5ee3869"
WEBMAIL_COMMIT="bbac73339f192b1dfa39be20ac3a6acf5ffffc07"

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

# stop on first error
set -e

export DEBIAN_FRONTEND=noninteractive

useradd wildduck

# mongo
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list

# node
curl -sL https://deb.nodesource.com/setup_8.x | bash -

apt-get update

apt-get -q -y install mongodb-org pwgen nodejs git ufw build-essential libssl-dev dnsutils python software-properties-common nginx

# redis
apt-add-repository -y ppa:chris-lea/redis-server
apt-get update
apt-get -q -y install redis-server

apt-get clean

if [ -z "$HOSTNAME" ]
  then
    PUBLIC_IP=`curl -s https://api.ipify.org`
    if [ ! -z "$PUBLIC_IP" ]; then
        HOSTNAME=`dig +short -x $PUBLIC_IP | sed 's/\.$//'`
        HOSTNAME="${HOSTNAME:-$PUBLIC_IP}"
    fi
    HOSTNAME="${HOSTNAME:-`hostname`}"
fi

node -v
redis-server -v
mongod --version
echo "HOSTNAME: $HOSTNAME"

####### WILD DUCK #######

cd /var/opt
git clone --bare git://github.com/nodemailer/wildduck.git
mkdir /opt/wildduck
git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck checkout "$WILDDUCK_COMMIT"
cp -r /opt/wildduck/config /etc/wildduck
mv /etc/wildduck/default.toml /etc/wildduck/wildduck.toml

echo 'sender="zone-mta"' >> /etc/wildduck/dbs.toml

echo 'enabled=true
port=993
host="0.0.0.0"
secure=true' > /etc/wildduck/imap.toml

echo 'enabled=true
port=995
host="0.0.0.0"
secure=true' > /etc/wildduck/pop3.toml

echo "enabled=true
port=24
emailDomain=\"$HOSTNAME\"" > /etc/wildduck/lmtp.toml

echo 'user="wildduck"
group="wildduck"' | cat - /etc/wildduck/wildduck.toml > temp && mv temp /etc/wildduck/wildduck.toml

cd /opt/wildduck
sudo npm install --production

chown -R wildduck:wildduck /var/opt/wildduck.git
chown -R wildduck:wildduck /opt/wildduck

echo '[Unit]
Description=Wild Duck Mail Server
Conflicts=cyrus.service dovecot.service
After=mongod.service redis.service

[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/wildduck
ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck.toml"
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always

[Install]
WantedBy=multi-user.target' > /etc/systemd/system/wildduck.service

systemctl enable wildduck.service

####### HARAKA #######
cd
sudo npm install --unsafe-perm -g Haraka
haraka -i /opt/haraka
cd /opt/haraka
sudo npm install --save haraka-plugin-wildduck Haraka

mv config/plugins config/pluginbs.bak

echo "26214400" > config/databytes

echo "$HOSTNAME" > config/me

echo "queue/lmtp
wildduck" > config/plugins

echo "host=127.0.0.1
port=24" > config/lmtp.ini

echo '---
accounts:
  maxStorage: 1024
redis: "redis://127.0.0.1:6379/3"
mongo:
  url: "mongodb://127.0.0.1:27017/wildduck"
srs:
  secret: "supersecret"
attachments:
  type: "gridstore"
  bucket: "attachments"
  decodeBase64: true
log:
  authlogExpireDays: 30' > config/wildduck.yaml

echo '[Unit]
Description=Haraka MX Server
After=mongod.service redis.service

[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/haraka
ExecStart=/usr/bin/node ./node_modules/.bin/haraka -c .
Type=simple
Restart=always

[Install]
WantedBy=multi-user.target' > /etc/systemd/system/haraka.service

echo 'user=wildduck
group=wildduck' >> config/smtp.ini

chown -R wildduck:wildduck /opt/haraka

systemctl enable haraka.service

#### ZoneMTA ####

cd /var/opt
git clone --bare git://github.com/zone-eu/zone-mta-template.git zone-mta.git
mkdir /opt/zone-mta
git --git-dir=/var/opt/zone-mta.git --work-tree=/opt/zone-mta checkout "$ZONEMTA_COMMIT"
cp -r /opt/zone-mta/config /etc/zone-mta
sed -i -e 's/port=2525/port=587/g;s/host="127.0.0.1"/host="0.0.0.0"/g;s/authentication=false/authentication=true/g' /etc/zone-mta/interfaces/feeder.toml
echo '# @include "../wildduck/dbs.toml"' > /etc/zone-mta/dbs-production.toml
echo 'user="wildduck"
group="wildduck"' | cat - /etc/zone-mta/zonemta.toml > temp && mv temp /etc/zone-mta/zonemta.toml

echo "[\"modules/zonemta-wildduck\"]
enabled=[\"receiver\", \"sender\"]

# which interfaces this plugin applies to
interfaces=[\"feeder\"]

# optional hostname to be used in headers
# defaults to os.hostname()
hostname=\"$HOSTNAME\"

# How long to keep auth records in log
authlogExpireDays=30

# SRS settings for forwarded emails

# Handle rewriting of forwarded emails
forwardedSRS=true
# SRS secret value. Must be the same as in the MX side
secret=\"secret value\"
# SRS domain, must resolve back to MX
rewriteDomain=\"$HOSTNAME\"

# Delivery settings for local messages
# do not set these values if you do not want to use local delivery

# Use LMTP instead of SMTP
localLmtp=true
localMxPort=24
# SMTP/LMTP server for local delivery
[[\"modules/zonemta-wildduck\".localMx]]
    priority=0
    # hostname is for logging only, IP is actually used
    exchange=\"$HOSTNAME\"
    A=[\"127.0.0.1\"]
    AAAA=[]
# Interface to be used for local delivery
# Make sure that it can connect to the localMX IP
[\"modules/zonemta-wildduck\".localZoneAddress]
    address=\"127.0.0.1\"
    name=\"$HOSTNAME\"" > /etc/zone-mta/plugins/wildduck.toml

cd /opt/zone-mta
sudo npm install zonemta-wildduck --save
sudo npm install --production

chown -R wildduck:wildduck /var/opt/zone-mta.git
chown -R wildduck:wildduck /opt/zone-mta

echo '[Unit]
Description=Zone Mail Transport Agent
Conflicts=sendmail.service exim.service postfix.service
After=mongod.service redis.service

[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/zone-mta
ExecStart=/usr/bin/node index.js --config="/etc/zone-mta/zonemta.toml"
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always

[Install]
WantedBy=multi-user.target' > /etc/systemd/system/zone-mta.service

systemctl enable zone-mta.service

#### WWW ####

cd /var/opt
git clone --bare git://github.com/nodemailer/wildduck-webmail.git
mkdir /opt/wildduck-webmail
git --git-dir=/var/opt/wildduck-webmail.git --work-tree=/opt/wildduck-webmail checkout "$WEBMAIL_COMMIT"
cp /opt/wildduck-webmail/config/default.toml /etc/wildduck/wildduck-webmail.toml

sed -i -e "s/localhost/$HOSTNAME/g" /etc/wildduck/wildduck-webmail.toml

cd /opt/wildduck-webmail
sudo npm install --production

chown -R wildduck:wildduck /var/opt/wildduck-webmail.git
chown -R wildduck:wildduck /opt/wildduck-webmail

echo '[Unit]
Description=Wildduck Webmail
After=wildduck.service

[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/wildduck-webmail
ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck-webmail.toml"
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always

[Install]
WantedBy=multi-user.target' > /etc/systemd/system/wildduck-webmail.service

systemctl enable wildduck-webmail.service

mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak

echo 'server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect off;
    }
}' > /etc/nginx/sites-available/default

#### UFW ####

ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 25/tcp
ufw allow 587/tcp
ufw --force enable

### start services ####

systemctl start mongod
systemctl start wildduck
systemctl start haraka
systemctl start zone-mta
systemctl start wildduck-webmail
systemctl reload nginx
added installer script 2017-10-16 18:15:51 +08:00			`#!/bin/bash`

			`# Run as root:`
			`# sudo ./install.sh [maildomain.com]`

			`HOSTNAME="$1"`

			`WILDDUCK_COMMIT="30f0e83ed34efcaacd56b997d85a0b76ad1cdd8d"`
			`ZONEMTA_COMMIT="88f73b6f6fa4c1135af611d1bb79213ed5ee3869"`
			`WEBMAIL_COMMIT="bbac73339f192b1dfa39be20ac3a6acf5ffffc07"`

			`if [[ $EUID -ne 0 ]]; then`
			`echo "This script must be run as root" 1>&2`
			`exit 1`
			`fi`

			`# stop on first error`
			`set -e`

			`export DEBIAN_FRONTEND=noninteractive`

			`useradd wildduck`

			`# mongo`
			`apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6`
			`echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" \| sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list`

			`# node`
			`curl -sL https://deb.nodesource.com/setup_8.x \| bash -`

			`apt-get update`

			`apt-get -q -y install mongodb-org pwgen nodejs git ufw build-essential libssl-dev dnsutils python software-properties-common nginx`

			`# redis`
			`apt-add-repository -y ppa:chris-lea/redis-server`
			`apt-get update`
			`apt-get -q -y install redis-server`

			`apt-get clean`

			`if [ -z "$HOSTNAME" ]`
			`then`
			PUBLIC_IP=`curl -s https://api.ipify.org`
			`if [ ! -z "$PUBLIC_IP" ]; then`
			HOSTNAME=`dig +short -x $PUBLIC_IP \| sed 's/\.$//'`
			`HOSTNAME="${HOSTNAME:-$PUBLIC_IP}"`
			`fi`
			HOSTNAME="${HOSTNAME:-`hostname`}"
			`fi`

			`node -v`
			`redis-server -v`
			`mongod --version`
			`echo "HOSTNAME: $HOSTNAME"`

			`####### WILD DUCK #######`

			`cd /var/opt`
			`git clone --bare git://github.com/nodemailer/wildduck.git`
			`mkdir /opt/wildduck`
			`git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck checkout "$WILDDUCK_COMMIT"`
			`cp -r /opt/wildduck/config /etc/wildduck`
			`mv /etc/wildduck/default.toml /etc/wildduck/wildduck.toml`

			`echo 'sender="zone-mta"' >> /etc/wildduck/dbs.toml`

			`echo 'enabled=true`
			`port=993`
			`host="0.0.0.0"`
			`secure=true' > /etc/wildduck/imap.toml`

			`echo 'enabled=true`
			`port=995`
			`host="0.0.0.0"`
			`secure=true' > /etc/wildduck/pop3.toml`

			`echo "enabled=true`
			`port=24`
			`emailDomain=\"$HOSTNAME\"" > /etc/wildduck/lmtp.toml`

			`echo 'user="wildduck"`
			`group="wildduck"' \| cat - /etc/wildduck/wildduck.toml > temp && mv temp /etc/wildduck/wildduck.toml`

			`cd /opt/wildduck`
			`sudo npm install --production`

			`chown -R wildduck:wildduck /var/opt/wildduck.git`
			`chown -R wildduck:wildduck /opt/wildduck`

			`echo '[Unit]`
			`Description=Wild Duck Mail Server`
			`Conflicts=cyrus.service dovecot.service`
			`After=mongod.service redis.service`

			`[Service]`
			`Environment="NODE_ENV=production"`
			`WorkingDirectory=/opt/wildduck`
			`ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck.toml"`
			`ExecReload=/bin/kill -HUP $MAINPID`
			`Type=simple`
			`Restart=always`

			`[Install]`
			`WantedBy=multi-user.target' > /etc/systemd/system/wildduck.service`

			`systemctl enable wildduck.service`

			`####### HARAKA #######`
			`cd`
			`sudo npm install --unsafe-perm -g Haraka`
			`haraka -i /opt/haraka`
			`cd /opt/haraka`
			`sudo npm install --save haraka-plugin-wildduck Haraka`

			`mv config/plugins config/pluginbs.bak`

			`echo "26214400" > config/databytes`

			`echo "$HOSTNAME" > config/me`

			`echo "queue/lmtp`
			`wildduck" > config/plugins`

			`echo "host=127.0.0.1`
			`port=24" > config/lmtp.ini`

			`echo '---`
			`accounts:`
			`maxStorage: 1024`
			`redis: "redis://127.0.0.1:6379/3"`
			`mongo:`
			`url: "mongodb://127.0.0.1:27017/wildduck"`
			`srs:`
			`secret: "supersecret"`
			`attachments:`
			`type: "gridstore"`
			`bucket: "attachments"`
			`decodeBase64: true`
			`log:`
			`authlogExpireDays: 30' > config/wildduck.yaml`

			`echo '[Unit]`
			`Description=Haraka MX Server`
			`After=mongod.service redis.service`

			`[Service]`
			`Environment="NODE_ENV=production"`
			`WorkingDirectory=/opt/haraka`
			`ExecStart=/usr/bin/node ./node_modules/.bin/haraka -c .`
			`Type=simple`
			`Restart=always`

			`[Install]`
			`WantedBy=multi-user.target' > /etc/systemd/system/haraka.service`

			`echo 'user=wildduck`
			`group=wildduck' >> config/smtp.ini`

			`chown -R wildduck:wildduck /opt/haraka`

			`systemctl enable haraka.service`

			`#### ZoneMTA ####`

			`cd /var/opt`
			`git clone --bare git://github.com/zone-eu/zone-mta-template.git zone-mta.git`
			`mkdir /opt/zone-mta`
			`git --git-dir=/var/opt/zone-mta.git --work-tree=/opt/zone-mta checkout "$ZONEMTA_COMMIT"`
			`cp -r /opt/zone-mta/config /etc/zone-mta`
			`sed -i -e 's/port=2525/port=587/g;s/host="127.0.0.1"/host="0.0.0.0"/g;s/authentication=false/authentication=true/g' /etc/zone-mta/interfaces/feeder.toml`
			`echo '# @include "../wildduck/dbs.toml"' > /etc/zone-mta/dbs-production.toml`
			`echo 'user="wildduck"`
			`group="wildduck"' \| cat - /etc/zone-mta/zonemta.toml > temp && mv temp /etc/zone-mta/zonemta.toml`

			`echo "[\"modules/zonemta-wildduck\"]`
			`enabled=[\"receiver\", \"sender\"]`

			`# which interfaces this plugin applies to`
			`interfaces=[\"feeder\"]`

			`# optional hostname to be used in headers`
			`# defaults to os.hostname()`
			`hostname=\"$HOSTNAME\"`

			`# How long to keep auth records in log`
			`authlogExpireDays=30`

			`# SRS settings for forwarded emails`

			`# Handle rewriting of forwarded emails`
			`forwardedSRS=true`
			`# SRS secret value. Must be the same as in the MX side`
			`secret=\"secret value\"`
			`# SRS domain, must resolve back to MX`
			`rewriteDomain=\"$HOSTNAME\"`

			`# Delivery settings for local messages`
			`# do not set these values if you do not want to use local delivery`

			`# Use LMTP instead of SMTP`
			`localLmtp=true`
			`localMxPort=24`
			`# SMTP/LMTP server for local delivery`
			`[[\"modules/zonemta-wildduck\".localMx]]`
			`priority=0`
			`# hostname is for logging only, IP is actually used`
			`exchange=\"$HOSTNAME\"`
			`A=[\"127.0.0.1\"]`
			`AAAA=[]`
			`# Interface to be used for local delivery`
			`# Make sure that it can connect to the localMX IP`
			`[\"modules/zonemta-wildduck\".localZoneAddress]`
			`address=\"127.0.0.1\"`
			`name=\"$HOSTNAME\"" > /etc/zone-mta/plugins/wildduck.toml`

			`cd /opt/zone-mta`
			`sudo npm install zonemta-wildduck --save`
			`sudo npm install --production`

			`chown -R wildduck:wildduck /var/opt/zone-mta.git`
			`chown -R wildduck:wildduck /opt/zone-mta`

			`echo '[Unit]`
			`Description=Zone Mail Transport Agent`
			`Conflicts=sendmail.service exim.service postfix.service`
			`After=mongod.service redis.service`

			`[Service]`
			`Environment="NODE_ENV=production"`
			`WorkingDirectory=/opt/zone-mta`
			`ExecStart=/usr/bin/node index.js --config="/etc/zone-mta/zonemta.toml"`
			`ExecReload=/bin/kill -HUP $MAINPID`
			`Type=simple`
			`Restart=always`

			`[Install]`
			`WantedBy=multi-user.target' > /etc/systemd/system/zone-mta.service`

			`systemctl enable zone-mta.service`

			`#### WWW ####`

			`cd /var/opt`
			`git clone --bare git://github.com/nodemailer/wildduck-webmail.git`
			`mkdir /opt/wildduck-webmail`
			`git --git-dir=/var/opt/wildduck-webmail.git --work-tree=/opt/wildduck-webmail checkout "$WEBMAIL_COMMIT"`
			`cp /opt/wildduck-webmail/config/default.toml /etc/wildduck/wildduck-webmail.toml`

			`sed -i -e "s/localhost/$HOSTNAME/g" /etc/wildduck/wildduck-webmail.toml`

			`cd /opt/wildduck-webmail`
			`sudo npm install --production`

			`chown -R wildduck:wildduck /var/opt/wildduck-webmail.git`
			`chown -R wildduck:wildduck /opt/wildduck-webmail`

			`echo '[Unit]`
			`Description=Wildduck Webmail`
			`After=wildduck.service`

			`[Service]`
			`Environment="NODE_ENV=production"`
			`WorkingDirectory=/opt/wildduck-webmail`
			`ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck-webmail.toml"`
			`ExecReload=/bin/kill -HUP $MAINPID`
			`Type=simple`
			`Restart=always`

			`[Install]`
			`WantedBy=multi-user.target' > /etc/systemd/system/wildduck-webmail.service`

			`systemctl enable wildduck-webmail.service`

			`mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak`

			`echo 'server {`
			`listen 80 default_server;`
			`listen [::]:80 default_server;`

			`server_name _;`

			`location / {`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header HOST $http_host;`
			`proxy_set_header X-NginX-Proxy true;`
			`proxy_pass http://127.0.0.1:3000;`
			`proxy_redirect off;`
			`}`
			`}' > /etc/nginx/sites-available/default`

			`#### UFW ####`

			`ufw allow 22/tcp`
			`ufw allow 80/tcp`
			`ufw allow 443/tcp`
			`ufw allow 25/tcp`
			`ufw allow 587/tcp`
			`ufw --force enable`

			`### start services ####`

			`systemctl start mongod`
			`systemctl start wildduck`
			`systemctl start haraka`
			`systemctl start zone-mta`
			`systemctl start wildduck-webmail`
			`systemctl reload nginx`