Update mail-aio.sh

mail-aio.sh

@@ -144,42 +144,36 @@ then
 fi
 
 # Mail account password
-if [ -z ${mailpass} ]
+echo -e '\e[1;34mCreate a password for your mail account\e[0m'
-then
+until [ "${mailpass}" = "${mailpass2}" -a "${mailpass}" ]
-    echo -e '\e[1;34mCreate a password for your mail account\e[0m'
+do
-    until [ "${mailpass}" = "${mailpass2}" -a "${mailpass}" ]
+    read -s -r -p 'Mail password: ' mailpass
-    do
+    read -s -r -p $'\nVerify mail password: ' mailpass2
-        read -s -r -p 'Mail password: ' mailpass
+    if [ -z "${mailpass}" ]
-        read -s -r -p $'\nVerify mail password: ' mailpass2
+    then
-        if [ -z "${mailpass}" ]
+        echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'
-        then
+    elif [ "${mailpass}" != "${mailpass2}" ]
-            echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'
+    then
-        elif [ "${mailpass}" != "${mailpass2}" ]
+        echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'
-        then
+    fi
-            echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'
+done
-        fi
+echo -e '\n\n\e[1;32mMail password has been saved\e[0m\n'
-    done
-    echo -e '\n\n\e[1;32mMail password has been saved\e[0m\n'
-fi
 
 # Postfixadmin password
-if [ -z ${postfixadminpass} ]
+echo -e '\e[1;34mCreate a postfixadmin setup password\e[0m'
-then
+until [ "${postfixadminpass}" = "${postfixadminpass2}" -a "${postfixadminpass}" ]
-    echo -e '\e[1;34mCreate a postfixadmin setup password\e[0m'
+do
-    until [ "${postfixadminpass}" = "${postfixadminpass2}" -a "${postfixadminpass}" ]
+    read -s -r -p 'Postfixadmin password: ' postfixadminpass
-    do
+    read -s -r -p $'\nVerify Postfixadmin password: ' postfixadminpass2
-        read -s -r -p 'Postfixadmin password: ' postfixadminpass
+    if [ -z "${postfixadminpass}" ]
-        read -s -r -p $'\nVerify Postfixadmin password: ' postfixadminpass2
+    then
-        if [ -z "${postfixadminpass}" ]
+        echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'
-        then
+    elif [ "${postfixadminpass}" != "${postfixadminpass2}" ]
-            echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'
+    then
-        elif [ "${postfixadminpass}" != "${postfixadminpass2}" ]
+        echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'
-        then
+    fi
-            echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'
+done
-        fi
+echo -e '\n\n\e[1;32mPostfixadmin password has been saved\e[0m\n'
-    done
-    echo -e '\n\n\e[1;32mPostfixadmin password has been saved\e[0m\n'
-fi
 
 # Static variables
 ip_addr=$(wget -q4O- ipv4.icanhazip.com)
@@ -229,18 +223,26 @@ ufw allow 587/tcp >/dev/null
 ufw allow 143,993/tcp >/dev/null
 
 yes | ufw enable >/dev/null
-systemctl -q enable --now ufw
+systemctl -q enable --now ufw.service
 
 # Check port 25
 echo
 if ! grep -q 'Connected to' <<< $(printf 'quit' | telnet -4 gmail-smtp-in.l.google.com 25)
 then
     echo -e '\n\e[1;31mPort 25 needs to be open for mail server installation to continue, exiting...\e[0m\n'
-    exit
+    exit 1
 fi
 
 # fail2ban
-tee /etc/fail2ban/jail.d/sshd.conf >/dev/null <<'SSHD'
+install /dev/stdin /usr/local/bin/fail2ban-jails <<'ALL-JAILS'
+#!/bin/bash
+JAILS=$(sudo fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g')
+for JAIL in $JAILS
+do
+    sudo fail2ban-client status $JAIL
+done
+ALL-JAILS
+cat >/etc/fail2ban/jail.d/sshd.conf <<'SSHD'
 [sshd]
 enabled = true
 filter = sshd
@@ -250,15 +252,7 @@ findtime = 1d
 bantime = 4w
 ignoreip = 127.0.0.1/8
 SSHD
-install /dev/stdin /usr/local/bin/fail2ban-jails <<'ALL-JAILS'
+cat >/etc/fail2ban/jail.d/postfix.local <<'POSTFIX-FLOOD-ATTACK'
-#!/bin/bash
-JAILS=$(sudo fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g')
-for JAIL in $JAILS
-do
-    sudo fail2ban-client status $JAIL
-done
-ALL-JAILS
-tee /etc/fail2ban/jail.d/postfix.local >/dev/null <<'POSTFIX-FLOOD-ATTACK'
 [postfix-flood-attack]
 enabled  = true
 bantime  = 12h
@@ -273,12 +267,12 @@ bantime = 12h
 filter = postfix
 logpath = /var/log/mail.log
 POSTFIX-FLOOD-ATTACK
-tee /etc/fail2ban/filter.d/postfix-flood-attack.conf >/dev/null <<'POSTFIX-FLOOD-ATTACK'
+cat >/etc/fail2ban/filter.d/postfix-flood-attack.conf <<'POSTFIX-FLOOD-ATTACK'
 [Definition]
 failregex = lost connection after AUTH from (.*)\[<HOST>\]
 ignoreregex =
 POSTFIX-FLOOD-ATTACK
-systemctl -q enable --now fail2ban
+systemctl -q enable --now fail2ban.service
 
 # zram swap
 echo -e "ALGO=zstd\nPERCENT=60" >>/etc/default/zramswap
@@ -300,12 +294,12 @@ Protocol 2" >/etc/ssh/sshd_config.d/zz-ssh.conf
 # Disable history saving
 cat >>~/.bashrc <<EOF
 
-if [ -f ~/.bash_history ]
+# Disable shell history
-then
-    rm -f ~/.bash_history
-fi
-
 unset HISTFILE
+if [ -f \${HISTFILE} ]
+then
+    rm -f \${HISTFILE}
+fi
 history -c
 EOF
 
@@ -369,7 +363,7 @@ GRANT ALL PRIVILEGES ON postfixadmin.* to 'postfixadmin'@'localhost' IDENTIFIED
 flush privileges;
 POSTFIXADMIN
 
-systemctl -q restart mariadb
+systemctl -q restart mariadb.service
 
 # Roundcube config setup
 echo -e '\n\e[1;34mConfiguring Roundcube webmail\e[0m'
@@ -491,7 +485,7 @@ systemctl -q daemon-reload
 # postconf myhostname alias_maps alias_database myorigin mydestination relayhost mynetworks mailbox_size_limit recipient_delimiter inet_interfaces inet_protocols
 # cat /etc/mailname
 echo -e '\e[1;34mConfiguring Postfix\e[0m'
-echo ${domain} | tee /etc/mailname >/dev/null
+echo ${domain} >/etc/mailname
 postconf -e "myhostname = ${subdomain}.${domain}"
 postconf -e 'relay_domains = $mydestination'
 postconf -e 'smtp_tls_security_level = may'
@@ -509,13 +503,13 @@ postconf -e 'smtp_tls_note_starttls_offer = yes'
 postconf -e 'smtpd_tls_received_header = yes'
 
 postconf -e 'inet_interfaces = all'
-# postconf -e ' inet_interfaces = 127.0.0.1'
 postconf -e 'inet_protocols = ipv4'
 postconf -e 'smtp_address_preference = ipv4'
 postconf -e "mydomain = ${domain}"
 postconf -e 'myorigin = $mydomain'
 postconf -e 'mydestination = $myhostname, localhost.$mydomain, localhost'
 
+# Configure backup mail servers
 if [ ${backup_mailserver} ]
 then
     postconf -e "$(postconf mynetworks)$(printf ' %s/32' ${backup_mailserver[@]})"
@@ -646,6 +640,7 @@ echo "/free mortgage quote/    DISCARD
 /repair your credit/     DISCARD
 /lose weight/            DISCARD" | tee -a /etc/postfix/body_checks >/dev/null
 
+# Whitelist localhost
 echo -e "# Permit my own IP addresses
 ${ip_addr}/32\tpermit" | tee /etc/postfix/postscreen_access.cidr >/dev/null
 
@@ -789,7 +784,7 @@ sed -i '/Sent Messages/! s/^  mailbox.*{/&\
     auto = subscribe/' /etc/dovecot/conf.d/15-mailboxes.conf
 adduser dovecot mail >/dev/null
 
-systemctl restart dovecot postfix
+systemctl restart dovecot.service postfix.service
 
 # SPF and DKIM
 echo -e '\e[1;34mConfiguring SPF and DKIM policies\e[0m'
@@ -848,7 +843,7 @@ echo '127.0.0.1' | tee -a /etc/opendmarc/ignore.hosts >/dev/null
 # OpenDKIM and OpenDMARC headers
 echo -e '\nSoftwareHeader  yes' | tee -a /etc/{opendkim,opendmarc}.conf >/dev/null
 
-systemctl -q restart opendkim postfix opendmarc
+systemctl restart postfix.service opendkim.service opendmarc.service
 
 # Roundcube/Nginx
 echo -e '\e[1;34mConfiguring Nginx\e[0m'
@@ -923,7 +918,6 @@ ln -s /etc/nginx/sites-available/mail.conf /etc/nginx/sites-enabled/
 systemctl -q disable --now apache2.service
 systemctl -q reload nginx.service
 /etc/init.d/php*-fpm reload >/dev/null
-
 until certbot --nginx --agree-tos --redirect --hsts --no-eff-email --staple-ocsp -m ${eff_email} -d ${subdomain}.${domain}
 do
     sleep 10
@@ -1043,8 +1037,6 @@ rm ${0}
 dhparam
 CHANGEUSER
 
-clear
-
 # In your DNS manager, create a TXT record, enter default._domainkey in the name field
 echo -e "\e[1;34mUpdate DKIM TXT on DNS registrar and press any key to continue\e[5m...\e[0m"
 echo -e "\e[3m# Use default._domainkey in the host field"