#!/usr/bin/env bash # Fill in the following variables domain= #www.google.com mailver= #latest/stable # Exit on any error set -e # Check for subdomain if [ $(echo ${domain} | awk -F . '{print $3}') ] then _subdomain=$(echo ${domain} | awk -F . '{print $1}') _domain="$(echo ${domain} | awk -F . '{print $2}').$(echo ${domain} | awk -F . '{print $3}')" else echo "Invalid \${domain} variable, exiting" exit 1 fi # Variable check if [ -z ${domain} ] then echo "Missing variable, exiting..." exit 1 fi # Certbot sudo certbot certonly --nginx --non-interactive --agree-tos --no-eff-email \ --staple-ocsp --hsts --no-redirect --renew-hook 'docker exec myvemailbackup postfix reload' \ -m eff@${_domain} -d ${domain} # Log [ -d ./data/log/ ] || install --directory ./data/log/ echo | tee ./data/log/{mail,downtime} # SSL [ -d ./data/ssl/ ] || install --directory ./data/ssl/ sudo ln -s -f /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem sudo ln -s -f /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key # Environment file [ -f ./.env ] || \ cat >./.env <<- gen-env # Required # Mail domain MYVEMAIL_SUBDOMAIN=${_subdomain} MYVEMAIL_DOMAIN=${_domain} # Webmail port MYVEMAIL_PORT=${proxyport} # Optional # Version: latest or stable (defaults to latest) MYVEMAIL_VERSION=${mailver} # Additional mail domains separated by commas MYVEMAIL_ADDMX=${_domain} # Backup mail servers separated by commas MYVEMAIL_PRIMARYMX= # Volumes MYVEMAIL_VOLUME_SSL= MYVEMAIL_VOLUME_LOG= gen-env # Cleanup rm -r ${0} ./build/ ./README.md -f # Create a downtime log echo >./data/log/downtime # Add postqueue check systemd service sudo tee /etc/systemd/system/postqueue-check.service >/dev/null <<'POSTQ-SERVICE' [Unit] Description=Check postfix mail queue [Service] ExecStart=docker exec myvemailbackup postqueue-check Type=oneshot [Install] WantedBy=basic.target POSTQ-SERVICE sudo tee /etc/systemd/system/postqueue-check.timer >/dev/null <<'POSTQ-TIMER' [Unit] Description=Run postqueue-check every 5 seconds [Timer] OnCalendar=*:*:0/5 Persistent=true [Install] WantedBy=timers.target POSTQ-TIMER sudo systemctl enable --now postqueue-check.timer # Log downtimes sudo install /dev/stdin /usr/local/bin/downtime-check >/dev/null </dev/null && ping -q -c 1 -W 15 google.com >/dev/null then if [[ \$(ssh ${domain} docker container inspect -f '{{.State.Running}}' myvemail) == true ]] then exit 0 else echo "${domain} was inaccessible on \$(date)" >>$(pwd)/data/log/downtime exit 1 fi else exit 1 fi MAILSERVER sudo tee /etc/systemd/system/downtime-check.service >/dev/null <<'MAILSERVER-SERVICE' [Unit] Description=Log downtimes [Service] ExecStart=/usr/local/bin/downtime-check Type=oneshot [Install] WantedBy=basic.target MAILSERVER-SERVICE sudo tee /etc/systemd/system/downtime-check.timer >/dev/null <<'MAILSERVER-TIMER' [Unit] Description=Run primary mail server check every minute [Timer] OnCalendar=*:0/1 Persistent=true [Install] WantedBy=timers.target MAILSERVER-TIMER sudo tee /etc/systemd/system/downtime-send.service >/dev/null <<'POSTQ-SERVICE' [Unit] Description=Send downtime log [Service] ExecStart=docker exec myvemailbackup downtime-send Type=oneshot [Install] WantedBy=basic.target POSTQ-SERVICE sudo tee /etc/systemd/system/downtime-send.timer >/dev/null <<'POSTQ-TIMER' [Unit] Description=Send downtime log monthly [Timer] OnCalendar=monthly AccuracySec=1h Persistent=true [Install] WantedBy=timers.target POSTQ-TIMER sudo systemctl enable --now downtime-check.timer downtime-send.timer # fail2ban postfix sudo tee /etc/fail2ban/jail.d/postfix.local >/dev/null </dev/null <<'POSTFIX-FLOOD-ATTACK' [Definition] failregex = lost connection after AUTH from (.*)\[\] ignoreregex = POSTFIX-FLOOD-ATTACK