mirror of
https://git.myvelabs.com/docker/myvemailbackup.git
synced 2025-12-17 21:26:18 +00:00
First commit
This commit is contained in:
Myve
commit
cd1be5abe2
6 changed files with 423 additions and 0 deletions
181
01-setup.sh
Executable file
181
01-setup.sh
Executable file
|
|
@ -0,0 +1,181 @@
|
|||
#!/usr/bin/env bash
|
||||
# Fill in the following variables
|
||||
domain= #www.google.com
|
||||
mailver= #latest/stable
|
||||
|
||||
# Exit on any error
|
||||
set -e
|
||||
|
||||
# Check for subdomain
|
||||
if [ $(echo ${domain} | awk -F . '{print $3}') ]
|
||||
then
|
||||
_subdomain=$(echo ${domain} | awk -F . '{print $1}')
|
||||
_domain="$(echo ${domain} | awk -F . '{print $2}').$(echo ${domain} | awk -F . '{print $3}')"
|
||||
else
|
||||
echo "Invalid \${domain} variable, exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Variable check
|
||||
if [ -z ${domain} ]
|
||||
then
|
||||
echo "Missing variable, exiting..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Certbot
|
||||
sudo certbot certonly --nginx --non-interactive --agree-tos --no-eff-email \
|
||||
--staple-ocsp --hsts --no-redirect --renew-hook 'docker exec myvemailbackup postfix reload' \
|
||||
-m eff@${_domain} -d ${domain}
|
||||
|
||||
# Log
|
||||
[ -d ./data/log/ ] || install --directory ./data/log/
|
||||
echo | tee ./data/log/{mail,downtime}
|
||||
|
||||
# SSL
|
||||
[ -d ./data/ssl/ ] || install --directory ./data/ssl/
|
||||
sudo ln -s -f /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem
|
||||
sudo ln -s -f /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key
|
||||
|
||||
# Environment file
|
||||
[ -f ./.env ] || \
|
||||
cat >./.env <<- gen-env
|
||||
# Required
|
||||
# Mail domain
|
||||
MYVEMAIL_SUBDOMAIN=${_subdomain}
|
||||
MYVEMAIL_DOMAIN=${_domain}
|
||||
|
||||
# Webmail port
|
||||
MYVEMAIL_PORT=${proxyport}
|
||||
|
||||
# Optional
|
||||
# Version: latest or stable (defaults to latest)
|
||||
MYVEMAIL_VERSION=${mailver}
|
||||
|
||||
# Additional mail domains separated by commas
|
||||
MYVEMAIL_ADDMX=${_domain}
|
||||
|
||||
# Backup mail servers separated by commas
|
||||
MYVEMAIL_PRIMARYMX=
|
||||
|
||||
# Volumes
|
||||
MYVEMAIL_VOLUME_SSL=
|
||||
MYVEMAIL_VOLUME_LOG=
|
||||
gen-env
|
||||
|
||||
# Cleanup
|
||||
rm -r ${0} ./build/ ./README.md -f
|
||||
|
||||
# Create a downtime log
|
||||
echo >./data/log/downtime
|
||||
|
||||
# Add postqueue check systemd service
|
||||
sudo tee /etc/systemd/system/postqueue-check.service >/dev/null <<'POSTQ-SERVICE'
|
||||
[Unit]
|
||||
Description=Check postfix mail queue
|
||||
|
||||
[Service]
|
||||
ExecStart=docker exec myvemailbackup postqueue-check
|
||||
Type=oneshot
|
||||
|
||||
[Install]
|
||||
WantedBy=basic.target
|
||||
POSTQ-SERVICE
|
||||
sudo tee /etc/systemd/system/postqueue-check.timer >/dev/null <<'POSTQ-TIMER'
|
||||
[Unit]
|
||||
Description=Run postqueue-check every 5 seconds
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*:*:0/5
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
POSTQ-TIMER
|
||||
sudo systemctl enable --now postqueue-check.timer
|
||||
|
||||
# Log downtimes
|
||||
sudo install /dev/stdin /usr/local/bin/downtime-check >/dev/null <<MAILSERVER
|
||||
#!/usr/bin/env bash
|
||||
if ping -q -c 1 -W 15 1.1.1.1 >/dev/null && ping -q -c 1 -W 15 google.com >/dev/null
|
||||
then
|
||||
if [[ \$(ssh ${domain} docker container inspect -f '{{.State.Running}}' myvemail) == true ]]
|
||||
then
|
||||
exit 0
|
||||
else
|
||||
echo "${domain} was inaccessible on \$(date)" >>$(pwd)/data/log/downtime
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
MAILSERVER
|
||||
sudo tee /etc/systemd/system/downtime-check.service >/dev/null <<'MAILSERVER-SERVICE'
|
||||
[Unit]
|
||||
Description=Log downtimes
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/bin/downtime-check
|
||||
Type=oneshot
|
||||
|
||||
[Install]
|
||||
WantedBy=basic.target
|
||||
MAILSERVER-SERVICE
|
||||
sudo tee /etc/systemd/system/downtime-check.timer >/dev/null <<'MAILSERVER-TIMER'
|
||||
[Unit]
|
||||
Description=Run primary mail server check every minute
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*:0/1
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
MAILSERVER-TIMER
|
||||
|
||||
sudo tee /etc/systemd/system/downtime-send.service >/dev/null <<'POSTQ-SERVICE'
|
||||
[Unit]
|
||||
Description=Send downtime log
|
||||
|
||||
[Service]
|
||||
ExecStart=docker exec myvemailbackup downtime-send
|
||||
Type=oneshot
|
||||
|
||||
[Install]
|
||||
WantedBy=basic.target
|
||||
POSTQ-SERVICE
|
||||
sudo tee /etc/systemd/system/downtime-send.timer >/dev/null <<'POSTQ-TIMER'
|
||||
[Unit]
|
||||
Description=Send downtime log monthly
|
||||
|
||||
[Timer]
|
||||
OnCalendar=monthly
|
||||
AccuracySec=1h
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
POSTQ-TIMER
|
||||
sudo systemctl enable --now downtime-check.timer downtime-send.timer
|
||||
|
||||
# fail2ban postfix
|
||||
sudo tee /etc/fail2ban/jail.d/postfix.local >/dev/null <<POSTFIX-FLOOD-ATTACK
|
||||
[postfix-flood-attack]
|
||||
enabled = true
|
||||
bantime = 12h
|
||||
filter = postfix-flood-attack
|
||||
action = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
|
||||
logpath = $(pwd)/data/log/mail
|
||||
|
||||
[postfix]
|
||||
enabled = true
|
||||
maxretry = 3
|
||||
bantime = 12h
|
||||
filter = postfix
|
||||
logpath = $(pwd)/data/log/mail
|
||||
POSTFIX-FLOOD-ATTACK
|
||||
sudo tee /etc/fail2ban/filter.d/postfix-flood-attack.conf >/dev/null <<'POSTFIX-FLOOD-ATTACK'
|
||||
[Definition]
|
||||
failregex = lost connection after AUTH from (.*)\[<HOST>\]
|
||||
ignoreregex =
|
||||
POSTFIX-FLOOD-ATTACK
|
||||
Loading…
Add table
Add a link
Reference in a new issue