mirror of
https://github.com/nodemailer/wildduck.git
synced 2025-01-08 17:07:44 +08:00
97e3b6ed41
I renamed some install scripts to be more clear. SPF: Suggest [MAILDOMAIN], [HOSTNAME] and [IP ADDRESS] Its a better practice to be more inclusive when it comes to dns SPF records. DKIM: Some dns registrars truncate dns TXT records at 255 chars. So 2048bit do not fit (about 390 vs. 230 chars). So 1024bit keys are a good choice, after all it is only a mail verification mechanism, do not encrypt the mail... Show tip how to stop systemd service (03_install_check_running_services.sh) sudo su prefered to become root, sudo su fails with npm permission errors when installing (dunno why). A mini tutorial is shown at the end about SPF, DKIM and how to add/remove/modify DKIM keys. This pull request closes issue 85,86.
139 lines
4.4 KiB
Bash
139 lines
4.4 KiB
Bash
#! /bin/bash
|
|
|
|
OURNAME=08_install_zone_mta.sh
|
|
|
|
echo -e "\n-- Executing ${ORANGE}${OURNAME}${NC} subscript --"
|
|
|
|
|
|
#### ZoneMTA ####
|
|
|
|
# clear previous install
|
|
if [ -f "/etc/systemd/system/zone-mta.service" ]
|
|
then
|
|
$SYSTEMCTL_PATH stop zone-mta || true
|
|
$SYSTEMCTL_PATH disable zone-mta || true
|
|
rm -rf /etc/systemd/system/zone-mta.service
|
|
fi
|
|
rm -rf /var/opt/zone-mta.git
|
|
rm -rf /var/opt/zonemta-wildduck.git
|
|
rm -rf /opt/zone-mta
|
|
rm -rf /etc/zone-mta
|
|
|
|
# fresh install
|
|
cd /var/opt
|
|
git clone --bare git://github.com/zone-eu/zone-mta-template.git zone-mta.git
|
|
git clone --bare git://github.com/nodemailer/zonemta-wildduck.git
|
|
|
|
# create update hooks so we can later deploy to this location
|
|
hook_script zone-mta
|
|
echo "#!/bin/bash
|
|
git --git-dir=/var/opt/zonemta-wildduck.git --work-tree=/opt/zone-mta/plugins/wildduck checkout "\$3" -f
|
|
cd /opt/zone-mta/plugins/wildduck
|
|
rm -rf package-lock.json
|
|
npm install --production --progress=false
|
|
sudo $SYSTEMCTL_PATH restart zone-mta || echo \"Failed restarting service\"" > "/var/opt/zonemta-wildduck.git/hooks/update"
|
|
chmod +x "/var/opt/zonemta-wildduck.git/hooks/update"
|
|
|
|
# allow deploy user to restart zone-mta service
|
|
echo "deploy ALL = (root) NOPASSWD: $SYSTEMCTL_PATH restart zone-mta" >> /etc/sudoers.d/zone-mta
|
|
|
|
# checkout files from git to working directory
|
|
mkdir -p /opt/zone-mta
|
|
git --git-dir=/var/opt/zone-mta.git --work-tree=/opt/zone-mta checkout "$ZONEMTA_COMMIT"
|
|
|
|
mkdir -p /opt/zone-mta/plugins/wildduck
|
|
git --git-dir=/var/opt/zonemta-wildduck.git --work-tree=/opt/zone-mta/plugins/wildduck checkout "$WILDDUCK_ZONEMTA_COMMIT"
|
|
|
|
cp -r /opt/zone-mta/config /etc/zone-mta
|
|
sed -i -e 's/port=2525/port=587/g;s/host="127.0.0.1"/host="0.0.0.0"/g;s/authentication=false/authentication=true/g' /etc/zone-mta/interfaces/feeder.toml
|
|
rm -rf /etc/zone-mta/plugins/dkim.toml
|
|
echo '# @include "/etc/wildduck/dbs.toml"' > /etc/zone-mta/dbs-production.toml
|
|
echo 'user="wildduck"
|
|
group="wildduck"' | cat - /etc/zone-mta/zonemta.toml > temp && mv temp /etc/zone-mta/zonemta.toml
|
|
|
|
echo "[[default]]
|
|
address=\"0.0.0.0\"
|
|
name=\"$HOSTNAME\"" > /etc/zone-mta/pools.toml
|
|
|
|
echo "[\"modules/zonemta-loop-breaker\"]
|
|
enabled=\"sender\"
|
|
secret=\"$ZONEMTA_SECRET\"
|
|
algo=\"md5\"" > /etc/zone-mta/plugins/loop-breaker.toml
|
|
|
|
echo '["modules/zonemta-onion"]
|
|
enabled=["sender"]
|
|
["modules/zonemta-onion".proxy]
|
|
host="127.0.0.1"
|
|
port=9050' > /etc/zone-mta/plugins/onion.toml
|
|
|
|
echo "[\"wildduck\"]
|
|
enabled=[\"receiver\", \"sender\"]
|
|
|
|
# which interfaces this plugin applies to
|
|
interfaces=[\"feeder\"]
|
|
|
|
# optional hostname to be used in headers
|
|
# defaults to os.hostname()
|
|
hostname=\"$HOSTNAME\"
|
|
|
|
# How long to keep auth records in log
|
|
authlogExpireDays=30
|
|
|
|
# SRS settings for forwarded emails
|
|
|
|
[srs]
|
|
# Handle rewriting of forwarded emails
|
|
enabled=true
|
|
# SRS secret value. Must be the same as in the MX side
|
|
secret=\"$SRS_SECRET\"
|
|
# SRS domain, must resolve back to MX
|
|
rewriteDomain=\"$MAILDOMAIN\"
|
|
|
|
[dkim]
|
|
# share config with WildDuck installation
|
|
# @include \"/etc/wildduck/dkim.toml\"
|
|
" > /etc/zone-mta/plugins/wildduck.toml
|
|
|
|
cd /opt/zone-mta/keys
|
|
# Many registrar limits dns TXT fields to 255 char. 1024bit is almost too long:-\
|
|
openssl genrsa -out "$MAILDOMAIN-dkim.pem" 1024
|
|
chmod 400 "$MAILDOMAIN-dkim.pem"
|
|
openssl rsa -in "$MAILDOMAIN-dkim.pem" -out "$MAILDOMAIN-dkim.cert" -pubout
|
|
DKIM_DNS="v=DKIM1;k=rsa;p=$(grep -v -e '^-' $MAILDOMAIN-dkim.cert | tr -d "\n")"
|
|
|
|
DKIM_JSON=`DOMAIN="$MAILDOMAIN" SELECTOR="$DKIM_SELECTOR" node -e 'console.log(JSON.stringify({
|
|
domain: process.env.DOMAIN,
|
|
selector: process.env.SELECTOR,
|
|
description: "Default DKIM key for "+process.env.DOMAIN,
|
|
privateKey: fs.readFileSync("/opt/zone-mta/keys/"+process.env.DOMAIN+"-dkim.pem", "UTF-8")
|
|
}))'`
|
|
|
|
cd /opt/zone-mta
|
|
npm install --unsafe-perm --production
|
|
npm install zonemta-onion --save
|
|
|
|
cd /opt/zone-mta/plugins/wildduck
|
|
npm install --unsafe-perm --production
|
|
|
|
chown -R deploy:deploy /var/opt/zone-mta.git
|
|
chown -R deploy:deploy /var/opt/zonemta-wildduck.git
|
|
chown -R deploy:deploy /opt/zone-mta
|
|
|
|
echo '[Unit]
|
|
Description=Zone Mail Transport Agent
|
|
Conflicts=sendmail.service exim.service postfix.service
|
|
After=mongod.service redis.service
|
|
|
|
[Service]
|
|
Environment="NODE_ENV=production"
|
|
WorkingDirectory=/opt/zone-mta
|
|
ExecStart=/usr/bin/node index.js --config="/etc/zone-mta/zonemta.toml"
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
Type=simple
|
|
Restart=always
|
|
SyslogIdentifier=zone-mta
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target' > /etc/systemd/system/zone-mta.service
|
|
|
|
$SYSTEMCTL_PATH enable zone-mta.service
|