myvemailbackup/01-setup.sh

#!/usr/bin/env bash
# Fill in the following variables
domain=             #www.google.com
mailver=            #latest/stable

# Exit on any error
set -e

# Check for subdomain
if [ $(echo ${domain} | awk -F . '{print $3}') ]
then
    _subdomain=$(echo ${domain} | awk -F . '{print $1}')
    _domain="$(echo ${domain} | awk -F . '{print $2}').$(echo ${domain} | awk -F . '{print $3}')"
else
    echo "Invalid \${domain} variable, exiting"
    exit 1
fi

# Variable check
if [ -z ${domain} ]
then
    echo "Missing variable, exiting..."
    exit 1
fi

# Certbot
sudo certbot certonly --nginx --non-interactive --agree-tos --no-eff-email \
    --hsts --no-redirect --renew-hook 'docker exec myvemailbackup postfix reload' \
     -m eff@${_domain} -d ${domain}

# Log
[ -d ./data/log/ ] || install --directory ./data/log/
echo | tee ./data/log/{mail,downtime}

# SSL
[ -d ./data/ssl/ ] || install --directory ./data/ssl/
sudo ln -s -f /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem
sudo ln -s -f /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key

# Environment file
[ -f ./.env ] || \
cat >./.env <<- gen-env
# Required
# Mail domain
MYVEMAIL_SUBDOMAIN=${_subdomain}
MYVEMAIL_DOMAIN=${_domain}

# Optional
# Version: latest or stable (defaults to latest)
MYVEMAIL_VERSION=${mailver}

# Additional mail domains separated by commas
MYVEMAIL_ADDMX=

# Backup mail servers separated by commas
MYVEMAIL_PRIMARYMX=

# Volumes
MYVEMAIL_VOLUME_SSL=
MYVEMAIL_VOLUME_LOG=
gen-env

# Cleanup
rm -r ${0} ./build/ ./README.md -f

# Create a downtime log
echo >./data/log/downtime

# Add postqueue check systemd service
sudo tee /etc/systemd/system/postqueue-check.service >/dev/null <<'POSTQ-SERVICE'
[Unit]
Description=Check postfix mail queue

[Service]
ExecStart=docker exec myvemailbackup postqueue-check
Type=oneshot

[Install]
WantedBy=basic.target
POSTQ-SERVICE
sudo tee /etc/systemd/system/postqueue-check.timer >/dev/null <<'POSTQ-TIMER'
[Unit]
Description=Run postqueue-check every 5 seconds

[Timer]
OnCalendar=*:*:0/5
Persistent=true

[Install]
WantedBy=timers.target
POSTQ-TIMER
sudo systemctl enable --now postqueue-check.timer

# Log downtimes
sudo install /dev/stdin /usr/local/bin/downtime-check >/dev/null <<MAILSERVER
#!/usr/bin/env bash
if ping -q -c 1 -W 15 1.1.1.1 >/dev/null && ping -q -c 1 -W 15 google.com >/dev/null
then
    if [[ \$(ssh mail.${_subdomain} docker container inspect -f '{{.State.Running}}' myvemail) == true ]]
    then
        exit 0
    else
        echo "mail.${_subdomain} was inaccessible on \$(date)" >>$(pwd)/data/log/downtime
        exit 1
    fi
else
    exit 1
fi
MAILSERVER
sudo tee /etc/systemd/system/downtime-check.service >/dev/null <<'MAILSERVER-SERVICE'
[Unit]
Description=Log downtimes

[Service]
ExecStart=/usr/local/bin/downtime-check
Type=oneshot

[Install]
WantedBy=basic.target
MAILSERVER-SERVICE
sudo tee /etc/systemd/system/downtime-check.timer >/dev/null <<'MAILSERVER-TIMER'
[Unit]
Description=Run primary mail server check every minute

[Timer]
OnCalendar=*:0/1
Persistent=true

[Install]
WantedBy=timers.target
MAILSERVER-TIMER

sudo tee /etc/systemd/system/downtime-send.service >/dev/null <<'POSTQ-SERVICE'
[Unit]
Description=Send downtime log

[Service]
ExecStart=docker exec myvemailbackup downtime-send
Type=oneshot

[Install]
WantedBy=basic.target
POSTQ-SERVICE
sudo tee /etc/systemd/system/downtime-send.timer >/dev/null <<'POSTQ-TIMER'
[Unit]
Description=Send downtime log monthly

[Timer]
OnCalendar=monthly
AccuracySec=1h
Persistent=true

[Install]
WantedBy=timers.target
POSTQ-TIMER
sudo systemctl enable --now downtime-check.timer downtime-send.timer

# fail2ban postfix
sudo tee /etc/fail2ban/jail.d/postfix.local >/dev/null <<POSTFIX-FLOOD-ATTACK
[postfix-flood-attack]
enabled  = true
bantime  = 12h
filter   = postfix-flood-attack
action   = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath  = $(pwd)/data/log/mail

[postfix]
enabled = true
maxretry = 3
bantime = 12h
filter = postfix
logpath = $(pwd)/data/log/mail
POSTFIX-FLOOD-ATTACK
sudo tee /etc/fail2ban/filter.d/postfix-flood-attack.conf >/dev/null <<'POSTFIX-FLOOD-ATTACK'
[Definition]
failregex = lost connection after AUTH from (.*)\[<HOST>\]
ignoreregex =
POSTFIX-FLOOD-ATTACK
First commit 2024-12-19 20:27:46 +00:00			`#!/usr/bin/env bash`
			`# Fill in the following variables`
			`domain= #www.google.com`
			`mailver= #latest/stable`

			`# Exit on any error`
			`set -e`

			`# Check for subdomain`
			`if [ $(echo ${domain} \| awk -F . '{print $3}') ]`
			`then`
			`_subdomain=$(echo ${domain} \| awk -F . '{print $1}')`
			`_domain="$(echo ${domain} \| awk -F . '{print $2}').$(echo ${domain} \| awk -F . '{print $3}')"`
			`else`
			`echo "Invalid \${domain} variable, exiting"`
			`exit 1`
			`fi`

			`# Variable check`
			`if [ -z ${domain} ]`
			`then`
			`echo "Missing variable, exiting..."`
			`exit 1`
			`fi`

			`# Certbot`
			`sudo certbot certonly --nginx --non-interactive --agree-tos --no-eff-email \`
Remove OCSP 2025-06-12 16:36:03 +00:00			`--hsts --no-redirect --renew-hook 'docker exec myvemailbackup postfix reload' \`
First commit 2024-12-19 20:27:46 +00:00			`-m eff@${_domain} -d ${domain}`

			`# Log`
			`[ -d ./data/log/ ] \|\| install --directory ./data/log/`
			`echo \| tee ./data/log/{mail,downtime}`

			`# SSL`
			`[ -d ./data/ssl/ ] \|\| install --directory ./data/ssl/`
			`sudo ln -s -f /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem`
			`sudo ln -s -f /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key`

			`# Environment file`
			`[ -f ./.env ] \|\| \`
			`cat >./.env <<- gen-env`
			`# Required`
			`# Mail domain`
			`MYVEMAIL_SUBDOMAIN=${_subdomain}`
			`MYVEMAIL_DOMAIN=${_domain}`

			`# Optional`
			`# Version: latest or stable (defaults to latest)`
			`MYVEMAIL_VERSION=${mailver}`

			`# Additional mail domains separated by commas`
Update 01-setup.sh 2024-12-19 20:51:27 +00:00			`MYVEMAIL_ADDMX=`
First commit 2024-12-19 20:27:46 +00:00
			`# Backup mail servers separated by commas`
			`MYVEMAIL_PRIMARYMX=`

			`# Volumes`
			`MYVEMAIL_VOLUME_SSL=`
			`MYVEMAIL_VOLUME_LOG=`
			`gen-env`

			`# Cleanup`
			`rm -r ${0} ./build/ ./README.md -f`

			`# Create a downtime log`
			`echo >./data/log/downtime`

			`# Add postqueue check systemd service`
			`sudo tee /etc/systemd/system/postqueue-check.service >/dev/null <<'POSTQ-SERVICE'`
			`[Unit]`
			`Description=Check postfix mail queue`

			`[Service]`
			`ExecStart=docker exec myvemailbackup postqueue-check`
			`Type=oneshot`

			`[Install]`
			`WantedBy=basic.target`
			`POSTQ-SERVICE`
			`sudo tee /etc/systemd/system/postqueue-check.timer >/dev/null <<'POSTQ-TIMER'`
			`[Unit]`
			`Description=Run postqueue-check every 5 seconds`

			`[Timer]`
			`OnCalendar=::0/5`
			`Persistent=true`

			`[Install]`
			`WantedBy=timers.target`
			`POSTQ-TIMER`
			`sudo systemctl enable --now postqueue-check.timer`

			`# Log downtimes`
			`sudo install /dev/stdin /usr/local/bin/downtime-check >/dev/null <<MAILSERVER`
			`#!/usr/bin/env bash`
			`if ping -q -c 1 -W 15 1.1.1.1 >/dev/null && ping -q -c 1 -W 15 google.com >/dev/null`
			`then`
Update 01-setup.sh 2024-12-19 21:01:14 +00:00			`if [[ \$(ssh mail.${_subdomain} docker container inspect -f '{{.State.Running}}' myvemail) == true ]]`
First commit 2024-12-19 20:27:46 +00:00			`then`
			`exit 0`
			`else`
Update 01-setup.sh 2024-12-19 21:01:14 +00:00			`echo "mail.${_subdomain} was inaccessible on \$(date)" >>$(pwd)/data/log/downtime`
First commit 2024-12-19 20:27:46 +00:00			`exit 1`
			`fi`
			`else`
			`exit 1`
			`fi`
			`MAILSERVER`
			`sudo tee /etc/systemd/system/downtime-check.service >/dev/null <<'MAILSERVER-SERVICE'`
			`[Unit]`
			`Description=Log downtimes`

			`[Service]`
			`ExecStart=/usr/local/bin/downtime-check`
			`Type=oneshot`

			`[Install]`
			`WantedBy=basic.target`
			`MAILSERVER-SERVICE`
			`sudo tee /etc/systemd/system/downtime-check.timer >/dev/null <<'MAILSERVER-TIMER'`
			`[Unit]`
			`Description=Run primary mail server check every minute`

			`[Timer]`
			`OnCalendar=*:0/1`
			`Persistent=true`

			`[Install]`
			`WantedBy=timers.target`
			`MAILSERVER-TIMER`

			`sudo tee /etc/systemd/system/downtime-send.service >/dev/null <<'POSTQ-SERVICE'`
			`[Unit]`
			`Description=Send downtime log`

			`[Service]`
			`ExecStart=docker exec myvemailbackup downtime-send`
			`Type=oneshot`

			`[Install]`
			`WantedBy=basic.target`
			`POSTQ-SERVICE`
			`sudo tee /etc/systemd/system/downtime-send.timer >/dev/null <<'POSTQ-TIMER'`
			`[Unit]`
			`Description=Send downtime log monthly`

			`[Timer]`
			`OnCalendar=monthly`
			`AccuracySec=1h`
			`Persistent=true`

			`[Install]`
			`WantedBy=timers.target`
			`POSTQ-TIMER`
			`sudo systemctl enable --now downtime-check.timer downtime-send.timer`

			`# fail2ban postfix`
			`sudo tee /etc/fail2ban/jail.d/postfix.local >/dev/null <<POSTFIX-FLOOD-ATTACK`
			`[postfix-flood-attack]`
			`enabled = true`
			`bantime = 12h`
			`filter = postfix-flood-attack`
			`action = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]`
			`logpath = $(pwd)/data/log/mail`

			`[postfix]`
			`enabled = true`
			`maxretry = 3`
			`bantime = 12h`
			`filter = postfix`
			`logpath = $(pwd)/data/log/mail`
			`POSTFIX-FLOOD-ATTACK`
			`sudo tee /etc/fail2ban/filter.d/postfix-flood-attack.conf >/dev/null <<'POSTFIX-FLOOD-ATTACK'`
			`[Definition]`
			`failregex = lost connection after AUTH from (.*)\[<HOST>\]`
			`ignoreregex =`
			`POSTFIX-FLOOD-ATTACK`