-
benedikt.kroening authoredbenedikt.kroening authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
install-dovecot.sh 29.26 KiB
#!/bin/bash
#
# Copyright (C) 2019 OX Software GmbH
#
# This file is part of OX Automation.
#
# OX Automation is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# OX Automation is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with OX Automation. If not, see <http://www.gnu.org/licenses/>.
#
# Authors:
# Martin Heiland <martin.heiland@open-xchange.com>
# Nikolaos Tsapanidis <nikolaos.tsapanidis@open-xchange.com>
# Benedikt Kroening <benedikt.kroening@open-xchange.com>
#
# Note, this is for TESTING ONLY, DO NOT USE IT FOR PRODUCTION
shopt -s extglob
#================================================================================
# CONFIGURATION_VARIABLES
#================================================================================
#DN=$(hostname -f)
FQDN=$(hostname -s)
if [ "$?" -ne 0 ]; then
FQDN=$(hostname -f)
echo "FQDN not found, using computer name: "$FQDN
fi
DN=$FQDN
DC_PRO=false
DC_REPO_SOURCE=EXT
AS_BUILDKEY="http://software.open-xchange.com/oxbuildkey.pub"
DC_BUILDKEY="https://apt.dovecot.fi/dovecot-gpg.key"
#================================================================================
# FUNCTION_DEFINITIONS
#================================================================================
function sanity_checks() {
# Checking if we are running as root
echo -n "Checking user... "
if [[ $EUID -ne 0 ]]; then
die "This script must be run as root."
else
ok "OK."
fi
# Checking OS architecture
echo -n "Checking architecture... "
ARCH=$(uname -m)
if [[ "${ARCH}" != "x86_64" ]]; then
die "Failed.\nA 64bit operating system is mandatory to install."
else
ok "OK."
fi
# FQDN check
# ping -c 1 -q "${FQDN}" > /dev/null 2>&1
# if [[ $? -ne 0 ]]; then
# die "Cannot resolve FQDN (${FQDN}), please check the network configuration."
# fi
# Release detection
echo -n "Checking operating system... "
OS=$(uname -s)
if [[ ${OS} != "Linux" ]] ; then
die "non-Linux.\n\nError: This installer is designed for Linux based operating systems."
fi
if [[ -f /etc/os-release ]]; then
OS=$(awk -F= '/^ID=/{print $2}' /etc/os-release | tr -d \")
REV=$(awk -F= '/^VERSION_ID/{print $2}' /etc/os-release | tr -d \")
if [[ ${OS} = "debian" ]]; then
export DEBIAN_FRONTEND=noninteractive
if [[ ${REV} = "9" ]]; then
DIST="DebianStretch"
COMPATIBLE=true
DC_REPO_PREFIX="apt"
DC_REPO_SUFFIX="debian/stretch/ stretch main"
elif [[ ${REV} = "8" ]]; then
DIST="DebianJessie"
COMPATIBLE=true
DC_REPO_PREFIX="apt"
DC_REPO_SUFFIX="debian/jessie/ jessie main"
elif [[ ${REV} = "7" ]]; then
DIST="DebianWheezy"
COMPATIBLE=true
DC_REPO_PREFIX="apt"
# no wheezy packages, may fail
DC_REPO_SUFFIX="debian/jessie/ jessie main"
fi
elif [[ ${OS} = "ubuntu" ]]; then
export DEBIAN_FRONTEND=noninteractive
if [[ ${REV} = "16.04" ]]; then
DIST="Ubuntu_16.04"
COMPATIBLE=true
DC_REPO_PREFIX="apt"
DC_REPO_SUFFIX="ubuntu/xenial xenial main"
fi
elif [[ ${OS} = "rhel" ]]; then
if [[ ${REV} = "7"* ]]; then
DIST="RHEL7"
COMPATIBLE=true
DC_REPO_PREFIX="yum"
DC_REPO_SUFFIX="rhel/7/RPMS/x86_64/"
fi
elif [[ ${OS} = "centos" ]]; then
if [[ ${REV} = "7"* ]]; then
DIST="CentOS7"
COMPATIBLE=true
DC_REPO_PREFIX="yum"
DC_REPO_SUFFIX="centos/7/RPMS/x86_64/"
fi
fi
elif [[ -f /etc/redhat-release ]]; then
REV=$(sed s/.*Red\ Hat\ Enterprise\ Linux\ Server\ release\ // < /etc/redhat-release | sed s/\ .*//)
if [[ ${REV} = "6."* ]]; then
DIST="RHEL6"
COMPATIBLE=true
DC_REPO_PREFIX="yum"
DC_REPO_SUFFIX="rhel/6/RPMS/x86_64/"
fi
REV=$(sed s/.*CentOS\ release\ // < /etc/redhat-release | sed s/\ .*//)
if [[ ${REV} = "6."* ]]; then
DIST="CentOS6"
COMPATIBLE=true
DC_REPO_PREFIX="yum"
DC_REPO_SUFFIX="centos/6/RPMS/x86_64/"
fi
fi
if [[ -z ${COMPATIBLE} ]]; then
echo "unknown."
echo ""
echo "This installer supports:"
echo "* Debian GNU/Linux 7.0 (Wheezy)"
echo "* Debian GNU/Linux 8.0 (Jessie)"
echo "* Debian GNU/Linux 9.0 (Wheezy)"
echo "* Ubuntu 16.04 (Xenial Xerus)"
echo "* RedHat Enterprise Linux 6.0 (RHEL6)"
echo "* RedHat Enterprise Linux 7.0 (RHEL7)"
echo "* CentOS 6.0"
echo "* CentOS 7.0"
exit 1
fi
if [[ ${DIST} == "DebianStretch" ]] || [[ ${DIST} == "DebianJessie" ]] || [[ ${DIST} == "DebianWheezy" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
if [[ ${DC_PRO} == true ]]; then
#IMAP_PACKAGES="dovecot-ee-*"
IMAP_PACKAGES="dovecot-ee-core dovecot-ee-imapd dovecot-ee-lmtpd dovecot-ee-sieve dovecot-ee-managesieved dovecot-ee-pop3d dovecot-ee-cassandra-plugin dovecot-ee-dovemon dovecot-ee-fts dovecot-ee-license dovecot-ee-lucene dovecot-ee-mail-crypt-plugin dovecot-ee-solr dovecot-ee-virtual-attachments-plugin"
else
IMAP_PACKAGES="dovecot-core dovecot-imapd dovecot-lmtpd dovecot-managesieved dovecot-sieve dovecot-pop3d"
fi
TESTER_PACKAGES="python-pip psmisc"
else
if [[ ${DC_PRO} == true ]]; then
IMAP_PACKAGES="dovecot-ee-core dovecot-ee-imapd dovecot-ee-lmtpd dovecot-ee-pigeonhole dovecot-ee-managesieve dovecot-ee-pop3d dovecot-ee-cassandra-plugin dovecot-ee-dovemon dovecot-ee-fts dovecot-ee-license dovecot-ee-lucene dovecot-ee-mail-crypt-plugin dovecot-ee-solr dovecot-ee-virtual-attachments-plugin"
else
IMAP_PACKAGES="dovecot dovecot-pigeonhole"
fi
fi
}
function generate_cert() {
echo "Generating certificate for $FQDN"
if [[ "${DIST}" == "DebianStretch" ]] || [[ "${DIST}" == "DebianJessie" ]] || [[ "${DIST}" == "DebianWheezy" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
SSL_DIR="/etc/ssl"
elif [[ "${DIST}" == "RHEL6" ]] || [[ "${DIST}" == "RHEL7" ]] || [[ "${DIST}" == "CentOS6" ]] || [[ "${DIST}" == "CentOS7" ]]; then
SSL_DIR="/etc/pki/tls"
fi
openssl req -new -x509 -newkey rsa:2048 -days 3650 -nodes -subj "/CN=$FQDN" -keyout "${SSL_DIR}/private/${FQDN}.key" -out "${SSL_DIR}/certs/${FQDN}.crt"
chmod 444 "${SSL_DIR}/certs/${FQDN}.crt"
chmod 400 "${SSL_DIR}/private/${FQDN}.key"
}
function add_repo_info {
echo "Adding repository information..."
if [[ "${DC_REPO_SOURCE}" == "EXT" && ${DC_PRO} == false ]]; then
# Using EXTernal repository
# Not installing PRO, using Community Edition (ce)
# Using repo.dovecot.org build key
DC_REPO_SRV="https://repo.dovecot.org/"
DC_VERSION_PREFIX="ce-"
DC_BUILDKEY="https://repo.dovecot.org/DOVECOT-REPO-GPG"
echo "Using official dovecot community packages ... "
URL=${DC_REPO_SRV}${DC_VERSION_PREFIX}${DC_VERSION}/${DC_REPO_SUFFIX}
elif [[ "${DC_REPO_SOURCE}" == "EXT" && ${DC_PRO} == true ]]; then
if [[ ${DIST} = *"Debian"* ]]; then
DC_REPO_SRV="https://${DC_USER}:${DC_PASS}@apt.dovecot.fi/"
elif [[ ${DIST} == *"RHEL"* ]] || [[ ${DIST} == *"CentOS"* ]]; then
DC_REPO_SRV="https://${DC_USER}:${DC_PASS}@yum.dovecot.fi/"
fi
# Using EXTernal repository
# Installing PRO, using Enterprise Edition (ee, pro)
# Using apt.dovecot.fi build key
DC_VERSION_PREFIX="stable-"
DC_BUILDKEY="https://apt.dovecot.fi/dovecot-gpg.key"
echo "Using official dovecot pro packages ... "
URL=${DC_REPO_SRV}${DC_VERSION_PREFIX}${DC_VERSION}/${DC_REPO_SUFFIX}
# We will need 3rdparty drivers for pro:
DC_3RD_PARTY="${DC_REPO_SRV}3rdparty/${DC_REPO_SUFFIX}"
elif [[ "${DC_REPO_SOURCE}" == "INT" && ${DC_PRO} == true ]]; then
if [[ ${DIST} = *"Debian"* ]]; then
DC_REPO_SRV="https://apt.dovecot.net/"
elif [[ ${DIST} == *"RHEL"* ]] || [[ ${DIST} == *"CentOS"* ]]; then
DC_REPO_SRV="https://yum.dovecot.net/"
fi
# Using INTernal repository
# Installing PRO, using ee packages
# Using ?? build key
DC_VERSION_PREFIX=""
DC_BUILDKEY="https://repo.dovecot.org/DOVECOT-REPO-GPG" # ??
echo "Using internal dovecot enterprise packages ... "
URL="${DC_REPO_SRV}${DC_VERSION}/${DC_REPO_SUFFIX}"
# We will need 3rdparty drivers for pro:
DC_3RD_PARTY="${DC_REPO_SRV}3rdparty/${DC_REPO_SUFFIX}"
# Right now there seems to be no access to the build key to the public
# We have to override the key check
OVERRIDE_BUILDKEY_CHECK=true
elif [[ "${DC_REPO_SOURCE}" == "SNAPSHOT" && ${DC_PRO} == false ]]; then
if [[ -z ${DC_USER} ]] || [[ -z ${DC_PASS} ]]; then
die "ERROR: Missing credentials for dovecot pro repository (specify in set-install.sh)"
fi
if [[ ${DIST} = *"Debian"* ]]; then
# Using external snapshot repository
# SEE: https://wiki2.dovecot.org/PrebuiltBinaries
# Not installing PRO, using Community Edition (ce)
# Using xi.dovecot.fi build key
DC_BUILDKEY="http://xi.dovecot.fi/debian/archive.key"
DC_REPO_SRV="https://xi.dovecot.fi/"
# Building debian snapshot url
URL="${DC_REPO_SRV}debian/ "
if [[ ${DIST} == "DebianStretch" ]]; then
URL=${URL}"stretch"
elif [[ ${DIST} == "DebianJessie" ]]; then
URL=${URL}"jessie"
elif [[ ${DIST} == "DebianWheezy" ]]; then
URL=${URL}"wheezy"
fi
URL="${URL}-auto/dovecot-${DC_VERSION} main"
echo "Using official dovecot snapshot packages (debian only, ce only)... "
else
die "ERROR: Snapshot packages are only available for Debian based distributions ..."
fi
fi
echo "Repository url: "$URL
if [[ -z ${URL} ]]; then
die "ERROR: could not determine repository url ..."
fi
# At this time a valid repository url for the current distro is required.
# Otherwise it may install outdated dovecot packages that are delievered with the distro
# write repo data
if [[ ${DIST} == "DebianStretch" ]] || [[ ${DIST} == "DebianJessie" ]] || [[ ${DIST} == "DebianWheezy" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
echo "deb ${URL}" > /etc/apt/sources.list.d/dovecot.list
if [[ -n ${DC_3RD_PARTY} ]]; then
echo "Adding 3rd party dovecot repo ..."
echo "deb ${DC_3RD_PARTY}" > /etc/apt/sources.list.d/dovecot-3rd.list
fi
elif [[ ${DIST} == "RHEL6" ]] || [[ ${DIST} == "RHEL7" ]] || [[ ${DIST} == "CentOS6" ]] || [[ ${DIST} == "CentOS7" ]]; then
{
echo "[dovecot]"
echo "name=Dovecot Repo"
echo "baseurl=${URL}/"
echo "enabled=1"
} > /etc/yum.repos.d/dovecot.repo
{
echo "[dovecot-3rdparty]"
echo "name=Dovecot 3rdparty"
echo "baseurl=${DC_3RD_PARTY}/"
echo "enabled=1"
} > /etc/yum.repos.d/dovecot-3rd.repo
fi
}
function install_packages() {
# Adding OX App Suite and Dovecot repository build key
echo -n "Adding OX App Suite and Dovecot repository build key..."
if [[ "${DIST}" == "DebianStretch" ]] || [[ "${DIST}" == "DebianJessie" ]] || [[ "${DIST}" == "DebianWheezy" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
wget -q ${AS_BUILDKEY} -O - | apt-key add -
wget -q ${DC_BUILDKEY} -O - | apt-key add -
elif [[ "${DIST}" == "RHEL6" ]] || [[ "${DIST}" == "RHEL7" ]]; then
rpm --import ${AS_BUILDKEY}
rpm --import ${DC_BUILDKEY}
elif [[ "${DIST}" == "CentOS6" ]] || [[ "${DIST}" == "CentOS7" ]]; then
rpm --import ${AS_BUILDKEY}
rpm --import ${DC_BUILDKEY}
fi
if [[ true == "${POSTFIX}" ]]; then
SMTP_PACKAGES="postfix"
fi
PACKAGES="${IMAP_PACKAGES} ${SMTP_PACKAGES}"
echo "Installing mail backend packages..."
INSTALL_OPTIONS="-y "
if [[ ${DIST} == "DebianStretch" ]] || [[ ${DIST} == "DebianWheezy" ]] || [[ ${DIST} == "DebianJessie" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
if [[ true == "${POSTFIX}" ]]; then
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string $FQDN" | debconf-set-selections
echo "postfix postfix/relayhost string \$mydomain" | debconf-set-selections
echo "postfix postfix/protocols select all" | debconf-set-selections
echo "postfix postfix/procmail boolean false" | debconf-set-selections
fi
if [[ "${OVERRIDE_BUILDKEY_CHECK}" == true ]]; then
INSTALL_OPTIONS="${INSTALL_OPTIONS}--allow-unauthenticated "
fi
apt-get clean
apt-get -qq update
apt-get ${INSTALL_OPTIONS} install ${PACKAGES} ${TESTER_PACKAGES}
elif [[ ${DIST} == "RHEL6" ]] || [[ ${DIST} == "RHEL7" ]]; then
if [[ "${OVERRIDE_BUILDKEY_CHECK}" == true ]]; then
INSTALL_OPTIONS="${INSTALL_OPTIONS}--nogpgcheck "
fi
subscription-manager refresh
yum clean all
yum ${INSTALL_OPTIONS} install ${PACKAGES} ${TESTER_PACKAGES}
elif [[ ${DIST} == "CentOS6" ]] || [[ ${DIST} == "CentOS7" ]]; then
if [[ "${OVERRIDE_BUILDKEY_CHECK}" == true ]]; then
INSTALL_OPTIONS="${INSTALL_OPTIONS}--nogpgcheck "
fi
yum clean all
yum ${INSTALL_OPTIONS} install ${PACKAGES} ${TESTER_PACKAGES}
fi
}
function configure_postfix() {
echo "Configure postfix main.cf"
postconf -e "myorigin = \$mydomain"
postconf -e "mydestination = "
postconf -e "relayhost = "\$mydomain
postconf -e "smtpd_tls_cert_file=${SSL_DIR}/certs/${FQDN}.crt"
postconf -e "smtpd_tls_key_file=${SSL_DIR}/private/${FQDN}.key"
postconf -e "dovecot_destination_recipient_limit = 1"
postconf -e "virtual_mailbox_domains = $FQDN, $DN, $DN.localdomain"
postconf -e "virtual_transport = dovecot"
echo "Configure postfix master.cf"
# uncomment the next line if you want debug output
#postconf -M smtp/inet="smtp inet n - - - - smtpd -v"
if [[ ${DIST} == "DebianStretch" ]] || [[ ${DIST} == "DebianWheezy" ]] || [[ ${DIST} == "DebianJessie" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
LDA_PATH="/usr/lib/dovecot/dovecot-lda"
else
LDA_PATH="/usr/libexec/dovecot/dovecot-lda"
fi
echo "dovecot unix - n n - - pipe" >> /etc/postfix/master.cf
echo " flags=DRhu user=vmail:vmail argv=${LDA_PATH} -f \${sender} -d \${user}" >> /etc/postfix/master.cf
}
function configure_dovecot() {
echo "Configure dovecot"
DC_CONF_DIR="/etc/dovecot/conf.d/"
if [[ "${DIST}" == "CentOS6" ]] || [[ "${DIST}" == "CentOS7" ]]; then
selinuxenabled
if [ $? -ne 0 ]
then
echo "Selinux not enabled"
else
echo "Enabling selinux dovecot policies"
semanage permissive -a dovecot_t
fi
fi
if [[ true == "${DC_PRO}" ]]; then
if [[ "${DIST}" == "CentOS6" ]] || [[ "${DIST}" == "CentOS7" ]] || [[ "${DIST}" == "RHEL6" ]] || [[ "${DIST}" == "RHEL7" ]]; then
DC_DEFAULT_CONF_DIR="/usr/share/doc/dovecot-ee-*/example-config/conf.d/"
declare -a CONF_FILE_LIST=("10-mail.conf" "10-master.conf" "10-auth.conf" "10-ssl.conf" "10-logging.conf" "15-lda.conf" "20-imap.conf" "20-managesieve.conf" "90-quota.conf" "90-plugin.conf" "90-sieve.conf" "90-acl.conf" "auth-static.conf.ext" "../dovecot.conf")
elif [[ "${DIST}" == "DebianStretch" ]] || [[ "${DIST}" == "DebianWheezy" ]] || [[ "${DIST}" == "DebianJessie" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
DC_DEFAULT_CONF_DIR="/usr/share/doc/dovecot-ee-core/example-config/conf.d/"
declare -a CONF_FILE_LIST=("10-master.conf" "10-logging.conf" "15-lda.conf" "10-ssl.conf" "20-imap.conf" "20-managesieve.conf" "90-quota.conf" "90-plugin.conf" "90-acl.conf" "auth-static.conf.ext")
cp /usr/share/doc/dovecot-ee-core/example-config/conf.d/10-mail.conf "${DC_CONF_DIR}"10-mail.conf
cp /usr/share/doc/dovecot-ee-core/example-config/conf.d/10-auth.conf "${DC_CONF_DIR}"10-auth.conf
cp /usr/share/doc/dovecot-ee-core/example-config/dovecot.conf "${DC_CONF_DIR}"../dovecot.conf
gunzip /usr/share/doc/dovecot/example-config/conf.d/90-sieve.conf.gz -c > "${DC_CONF_DIR}"90-sieve.conf
cp /usr/share/doc/dovecot/example-config/conf.d/20-managesieve.conf "${DC_CONF_DIR}"20-managesieve.conf
fi
else
DC_DEFAULT_CONF_DIR="/usr/share/dovecot/conf.d/"
declare -a CONF_FILE_LIST=("20-imap.conf" "20-managesieve.conf" "90-sieve.conf" "../dovecot.conf")
fi
for file in "${CONF_FILE_LIST[@]}"
do
if [ ! -f "${DC_CONF_DIR}/${file}" ]
then
echo -n "Copying $file to ${DC_CONF_DIR}... "
cp ${DC_DEFAULT_CONF_DIR}${file} ${DC_CONF_DIR}${file}
ok "OK"
fi
done
echo "Backing up config files"
for file in "10-mail.conf" "10-master.conf" "10-auth.conf" "10-ssl.conf" "auth-static.conf.ext" "10-logging.conf" "15-lda.conf" "20-imap.conf" "20-managesieve.conf" "90-quota.conf" "90-acl.conf" "90-plugin.conf"
do
echo -n "Renaming file ${file} to ${file}.orig... "
mv -- "${DC_CONF_DIR}${file}" "${DC_CONF_DIR}${file}.orig"
echo "OK"
done
# dovecot.conf
sed -i '/\!include\_try.*protocol/a protocols = imap lmtp' /etc/dovecot/dovecot.conf
# 10-mail.conf
if [[ "${DC_VERSION}" == "2.3" ]] || [[ "${DC_VERSION}" > "2.3."* ]]; then
DC_MAIL_PLUGINS="acl mail_log notify quota old_stats virtual zlib"
else
DC_MAIL_PLUGINS="acl mail_log notify quota stats virtual zlib"
fi
if [[ "${DC_VERSION}" > "2.2.27"* ]] || [[ "${DC_REPO}" == "nightly" ]]; then
cat > "${DC_CONF_DIR}"/10-mail.conf <<EOF
mail_vsize_bg_after_count = 100
EOF
fi
cat >> "${DC_CONF_DIR}"/10-mail.conf <<EOF
mailbox_list_index = yes
mail_always_cache_fields = body.snippet
mail_location = maildir:~/Maildir
mail_uid = vmail
mail_gid = vmail
EOF
if [[ true == "${DC_PRO}" ]]; then
cat >> "${DC_CONF_DIR}"/10-mail.conf <<EOF
mail_plugins = \$mail_plugins ${DC_MAIL_PLUGINS} virtual_attachments
EOF
else
cat >> "${DC_CONF_DIR}"/10-mail.conf <<EOF
mail_plugins = \$mail_plugins ${DC_MAIL_PLUGINS}
EOF
fi
cat >> "${DC_CONF_DIR}"/10-mail.conf <<EOF
namespace inbox {
inbox = yes
prefix = INBOX/
separator = /
}
namespace {
type = shared
separator = /
prefix = shared/%%u/
location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u
subscriptions = yes
list = children
}
EOF
if [[ "${DIST}" != "CentOS6" ]] && [[ "${DIST}" != "RHEL6" ]]; then
cat >> "${DC_CONF_DIR}"/10-mail.conf <<EOF
namespace virtual {
prefix = virtual/
separator = /
hidden = yes
list = no
subscriptions = no
location = virtual:/var/lib/dovecot/virtual:INDEX=~/Maildir/virtual
mailbox all {
special_use = \All
}
}
EOF
fi
if [[ ${DC_PRO} == true ]]; then
cat >> "${DC_CONF_DIR}"/10-mail.conf <<EOF
namespace virtualattachments {
prefix = VirtualAttachments/
separator = /
hidden = yes
list = no
subscriptions = no
location = attachments:~/Maildir/virtual-attachments
mailbox INBOX {
auto = create
}
mailbox "INBOX/Sent Items" {
auto = create
}
mailbox virtual/all {
auto = create
special_use = \All
}
}
EOF
fi
# TLS cert
if [[ "${DIST}" == "CentOS6" ]] || [[ "${DIST}" == "CentOS7" ]] || [[ "${DIST}" == "RHEL6" ]] || [[ "${DIST}" == "RHEL7" ]]; then
DC_CERT_FILE="/etc/pki/dovecot/certs/dovecot.pem"
DC_KEY_FILE="/etc/pki/dovecot/private/dovecot.pem"
elif [[ "${DIST}" == "DebianStretch" ]] || [[ "${DIST}" == "DebianWheezy" ]] || [[ "${DIST}" == "DebianJessie" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
if [[ true == "${DC_PRO}" ]]; then
DC_CERT_FILE="/etc/ssl/certs/dovecot.pem"
DC_KEY_FILE="/etc/ssl/private/dovecot.pem"
else
DC_CERT_FILE="/etc/dovecot/dovecot.pem"
DC_KEY_FILE="/etc/dovecot/private/dovecot.pem"
fi
fi
if [[ "${DIST}" == "CentOS7" ]] || [[ "${DIST}" == "RHEL7" ]]; then
if [[ true == "${DC_PRO}" ]]; then
cd /usr/share/doc/dovecot-ee-+([0-9])*
else
cd /usr/share/doc/dovecot-+([0-9])*
fi
elif [[ "${DIST}" == "CentOS6" ]] || [[ "${DIST}" == "RHEL6" ]]; then
if [[ true == "${DC_PRO}" ]]; then
cd /usr/share/doc/dovecot-ee-+([0-9])*
else
cd /usr/libexec/dovecot/
fi
elif [[ "${DIST}" == "DebianStretch" ]] || [[ "${DIST}" == "DebianWheezy" ]] || [[ "${DIST}" == "DebianJessie" ]] || [[ ${DIST} == "Ubuntu_16.04" ]]; then
if [[ true == "${DC_PRO}" ]]; then
cd /usr/share/doc/dovecot-ee-core/
else
cd /usr/share/dovecot/
fi
fi
# 10-ssl.conf
cat > "${DC_CONF_DIR}"/10-ssl.conf <<EOF
ssl = yes
ssl_cert = <${DC_CERT_FILE}
ssl_key = <${DC_KEY_FILE}
EOF
if [[ "${DC_VERSION}" == "2.3" ]] || [[ "${DC_VERSION}" > "2.3."* ]]; then
DC_SSL_DH_FILE="/etc/dovecot/dh.pem"
echo "Generating ssl dh file with openssl dhparam 1024 at ${DC_SSL_DH_FILE}"
openssl dhparam -out ${DC_SSL_DH_FILE} 1024
cat >> "${DC_CONF_DIR}"/10-ssl.conf <<EOF
ssl_dh = <${DC_SSL_DH_FILE}
EOF
fi
bash mkcert.sh
# 10-master.conf
cat > "${DC_CONF_DIR}"/10-master.conf <<EOF
service auth {
unix_listener auth-userdb {
mode = 0666
user = vmail
group = vmail
}
}
EOF
# 10-auth.conf
cat > "${DC_CONF_DIR}"/10-auth.conf <<EOF
disable_plaintext_auth = no
auth_mechanisms = plain
!include auth-static.conf.ext
EOF
# auth-static.conf.ext
cat > "${DC_CONF_DIR}"/auth-static.conf.ext <<EOF
passdb {
driver = static
args = password=secret
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%u
}
EOF
# 10-logging.conf
cat > "${DC_CONF_DIR}"/10-logging.conf <<EOF
#log_path = /var/log/dovecot.log
auth_verbose = yes
plugin {
mail_log_events = delete undelete expunge copy flag_change append mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
}
EOF
# 15-lda.conf
cat > "${DC_CONF_DIR}"/15-lda.conf <<EOF
protocol lda {
mail_plugins = \$mail_plugins sieve
}
postmaster_address = invalid@invalid.invalid
EOF
if [[ "${DC_VERSION}" == "2.3" ]] || [[ "${DC_VERSION}" > "2.3."* ]]; then
DC_IMAP_PLUGINS="imap_acl imap_quota imap_old_stats imap_filter_sieve"
else
DC_IMAP_PLUGINS="imap_acl imap_quota imap_stats"
fi
# 20-imap.conf
cat > "${DC_CONF_DIR}"/20-imap.conf <<EOF
imap_capability = +SEARCH=X-MIMEPART XDOVECOT
protocol imap {
mail_plugins = \$mail_plugins ${DC_IMAP_PLUGINS}
}
EOF
# 20-managesieve.conf
cat > "${DC_CONF_DIR}"/20-managesieve.conf <<EOF
protocols = \$protocols sieve
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
EOF
# 90-quota.conf
cat > "${DC_CONF_DIR}"/90-quota.conf <<EOF
plugin {
quota = count:User quota
quota_rule = *:storage=1G
quota_rule2 = INBOX/Trash:storage=+100M
quota_grace = 10%%
}
plugin {
quota = maildir:User quota
}
EOF
# 90-acl.conf
cat > "${DC_CONF_DIR}"/90-acl.conf <<EOF
plugin {
acl = vfile
acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
}
EOF
# 91-stats.conf
if [[ "${DC_VERSION}" == "2.3" ]] || [[ "${DC_VERSION}" > "2.3."* ]]; then
cat >> "${DC_CONF_DIR}"/91-stats.conf <<EOF
service old-stats {
fifo_listener old-stats-mail {
user = vmail
mode = 0600
}
## permission denied issues @RHEL
#inet_listener {
# address = 127.0.0.1
# port = 24242
#}
}
EOF
else
cat >> "${DC_CONF_DIR}"/91-stats.conf <<EOF
service stats {
fifo_listener stats-mail {
user = vmail
mode = 0600
}
## permission denied issues @RHEL
#inet_listener {
# address = 127.0.0.1
# port = 24242
#}
}
EOF
fi
}
function prerequisites() {
echo "Creating user and group: vmail"
groupadd -g 5000 vmail
useradd -u 5000 -g 5000 -m -d /home/vmail -s /bin/false vmail
chown -R vmail:vmail /home/vmail
chmod 2770 /home/vmail
echo "Creating directory for dovecot acl informations"
mkdir -p /var/lib/dovecot/db
chmod 0770 /var/lib/dovecot
echo "Creating dictionary for shared namespace"
touch /var/lib/dovecot/db/shared-mailboxes.db
echo "Creating virtual directories"
mkdir -p /var/lib/dovecot/virtual/all
chmod -R 700 /var/lib/dovecot/virtual
echo "*
-INBOX/Trash
-INBOX/Trash/*
-INBOX/Spam
-INBOX/Spam/*
all" > /var/lib/dovecot/virtual/all/dovecot-virtual
chown -R vmail:vmail /var/lib/dovecot
}
function restart_services() {
if [[ "${DIST}" == "DebianWheezy" ]] || [[ "${DIST}" == "CentOS6" ]] || [[ "${DIST}" == "RHEL6" ]]; then
service dovecot restart
if [[ true == "${POSTFIX}" ]]; then
service postfix restart
fi
else
systemctl unmask dovecot.service
systemctl enable dovecot.service
systemctl restart dovecot.service
if [[ true == "${POSTFIX}" ]]; then
systemctl restart postfix.service
fi
fi
}
# Green
function ok() {
echo -e '\e[32m'${1}'\e[m';
}
# Red
function die() {
echo -e '\e[1;31m'${1}'\e[m';
exit 1;
}
function usage() {
echo -n "
$0 [OPTIONS]
When not providing any option, the script will attempt to source \"set-install.sh\". If no information can be found, the distribution specific Dovecot package is being installed as fallback.
OPTIONS:
-e Sets the environment, e.g. \"release\" or \"nightly\"
-v Sets the version, e.g. \"2.2.26.1-10\" or \"2.2\"
-p Use Dovecot Pro
-s Installs and configures a SMTP service (Postfix)
-h Display this help and exit
"
}
#================================================================================
# MAIN_CODE
#================================================================================
while getopts "he::v::ps" OPTION
do
case ${OPTION} in
h)
usage
exit 1
;;
e)
DC_REPO=${OPTARG}
;;
v)
DC_VERSION=${OPTARG}
;;
p)
DC_PRO=true
;;
s)
POSTFIX=true
;;
\?)
echo "Invalid option: -${OPTARG}" >&2
usage
exit 1
;;
:)
echo "Option -${OPTARG} requires an argument." >&2
exit 1
;;
esac
done
if [[ -z "${DC_VERSION}" ]]; then
echo "Version not specified, sourcing set-install.sh."
source set-install.sh
if [[ -z "${DC_VERSION}" ]]; then
echo "DC_VERSION environment variable still not set"
die "No dovecot version specified. Either set DC_VERSION in set-install.sh or as environment variable. Or use the parameter '-v'"
fi
fi
# if [[ -z "${DC_REPO}" ]] && [[ -z "${DC_VERSION}" ]]; then
# echo "Repository and version not specified, sourcing set-install.sh."
# source set-install.sh
# if [[ -n "${DC_REPO}" ]] && [[ "EXT" == "${DC_REPO_SOURCE}" ]]; then
# if [[ -n "${DC_USER}" ]] && [[ -n "${DC_PASS}" ]]; then
# echo "Found credentials for Dovecot Pro repository."
# DC_REPO="${DC_REPO}"
# DC_PRO=true
# # todo: re-implement ...
# die "Enterprise dovecot with custom credentials not yet re-implemented"
# # else
# # echo "No Dovecot Pro repository credentials found, fallback to distro specific Dovecot"
# # DC_PRO=false
# fi
# # elif [[ -n "${DC_REPO}" ]] && [[ "OBS" == "${DC_REPO_SOURCE}" ]]; then
# # echo "Using internal repository source"
# # else
# # echo "No repo settings found at set-install.sh, fallback to distro specific Dovecot."
# # DC_PRO=false
# fi
# fi
sanity_checks
prerequisites
generate_cert
add_repo_info
INSTALLCOUNT=0
while [[ ${INSTALLCOUNT} -lt 6 ]]; do
install_packages
if [[ $? -ne 0 ]]; then
INSTALLCOUNT=$((INSTALLCOUNT+1))
echo "Error while installing packages, retrying in 30s ($INSTALLCOUNT/5)."
sleep 30
else
break
fi
done
if [[ ${INSTALLCOUNT} -ge 5 ]]; then
echo "Error while installing packages, aborting."
exit 1
fi
if [[ true == "${POSTFIX}" ]]; then
configure_postfix
fi
configure_dovecot
restart_services
echo "
Installation complete, thanks for using Dovecot. Have a lot of fun!
"