#!/bin/bash echo enter domain name : read vdomainname echo enter VPS IP address: read myIP #echo enter sender hostname : #read vshost vhostname="host.$vdomainname" echo -e "Hostname has been set as $vhostname" echo enter username for smtp : read vsmuser echo enter password for smtp : read vpass yum -y remove sendmail yum -y remove exim yum -y remove postfix yum -y remove opendkim yum -y remove cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5 yum -y remove bind bind-utils yum -y install epel-release yum -y install postfix yum -y install cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5 yum -y install opendkim yum -y install bind bind-utils hostname $vhostname MYDOMAIN=$vdomainname rr=$(printf %s "$myIP." | tac -s.)in-addr.arpa rm -f /etc/named.conf rm -f /var/named/forward.$vdomainname rm -f /var/named/reverse.$vdomainname mkdir -p /etc/opendkim/keys/ mkdir -p /etc/opendkim/keys/$MYDOMAIN cd /etc/opendkim/keys/$MYDOMAIN opendkim-genkey -r -d $MYDOMAIN cd chown -R opendkim:opendkim /etc/opendkim chmod go-rw /etc/opendkim/keys echo -e "$vdomainname $vdomainname:default:/etc/opendkim/keys/$vdomainname/default.private" >> /etc/opendkim/KeyTable echo -e "*@$vdomainname $vdomainname" >> /etc/opendkim/SigningTable echo -e "*@mail.$vdomainname $vdomainname" >> /etc/opendkim/SigningTable echo -e "localhost" >> /etc/opendkim/TrustedHosts echo -e "mail.$vdomainname" >> /etc/opendkim/TrustedHosts echo -e "$vdomainname" >> /etc/opendkim/TrustedHosts #echo -e "$vip" >> /etc/opendkim/TrustedHosts #echo -e "$vshost" >> /etc/opendkim/TrustedHosts sed -i "s/example.com/\"${vdomainname}\"/g" /etc/opendkim.conf sed -i "s/KeyFile/#KeyFile/g" /etc/opendkim.conf sed -i "s/# KeyTable/KeyTable/g" /etc/opendkim.conf sed -i "s/# SigningTable/SigningTable/g" /etc/opendkim.conf sed -i "s/# ExternalIgnoreList/ExternalIgnoreList/g" /etc/opendkim.conf sed -i "s/# InternalHosts/InternalHosts/g" /etc/opendkim.conf sed -i "/^Mode.*/c Mode s" /etc/opendkim.conf echo -e "TemporaryDirectory /var/run/opendkim" >> /etc/opendkim.conf echo "/^\s*(Received: from)[^\n]*(.*for <.*@(?!$vdomainname).*)/ REPLACE $1 [127.0.0.1] (localhost [127.0.0.1])$2" >> /etc/postfix/header_checks.conf echo "/^\s*Mime-Version: 1.0.*/ REPLACE Mime-Version: 1.0" >> /etc/postfix/header_checks.conf echo "/^\s*User-Agent/ IGNORE" >> /etc/postfix/header_checks.conf echo "/^\s*X-Enigmail/ IGNORE" >> /etc/postfix/header_checks.conf echo "/^\s*X-Mailer/ IGNORE" >> /etc/postfix/header_checks.conf echo "/^\s*X-Originating-IP/ IGNORE" >> /etc/postfix/header_checks.conf echo -e "myhostname = $vhostname" >> /etc/postfix/main.cf echo -e "alias_maps = hash:/etc/aliases" >> /etc/postfix/main.cf echo -e "alias_database = hash:/etc/aliases" >> /etc/postfix/main.cf echo -e "myorigin = $vhostname" >> /etc/postfix/main.cf echo -e "mydestination = $vhostname, localhost.localdomain, localhost" >> /etc/postfix/main.cf echo -e "transport_maps =" >> /etc/postfix/main.cf echo -e "relayhost =" >> /etc/postfix/main.cf echo -e "mynetworks = 127.0.0.1/32" >> /etc/postfix/main.cf echo -e "#mynetworks = hash:/etc/postfix/networks" >> /etc/postfix/main.cf echo -e "header_checks = regexp:/etc/postfix/header_checks.conf" >> /etc/postfix/main.cf echo -e "milter_protocol = 6" >> /etc/postfix/main.cf echo -e "milter_default_action = accept" >> /etc/postfix/main.cf echo -e "milter_connect_macros = j {daemon_name} v {if_name} _" >> /etc/postfix/main.cf echo -e "milter_mail_macros=\"I {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen}\"" >> /etc/postfix/main.cf echo -e "smtpd_milters = inet:127.0.0.1:8891 inet:localhost:8891" >> /etc/postfix/main.cf echo -e "non_smtpd_milters = \$smtpd_milters" >> /etc/postfix/main.cf echo -e "smtpd_sasl_path = sasl2/smtpd.conf" >> /etc/postfix/main.cf echo -e "smtpd_sasl_auth_enable = yes" >> /etc/postfix/main.cf echo -e "smtpd_sasl_local_domain = $vhostname" >> /etc/postfix/main.cf echo -e "smtpd_sasl_security_options = noanonymous" >> /etc/postfix/main.cf echo -e "broken_sasl_auth_clients = yes" >> /etc/postfix/main.cf echo -e "recipient_delimiter = +" >> /etc/postfix/main.cf echo -e "inet_interfaces = all" >> /etc/postfix/main.cf echo -e "smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net" >> /etc/postfix/main.cf echo -e "submission inet n - n - - smtpd" >> /etc/postfix/master.cf echo -e " -o smtpd_sasl_auth_enable=yes" >> /etc/postfix/master.cf echo -e " -o smtpd_sasl_security_options=$vhostname" >> /etc/postfix/master.cf echo -e " -o smtpd_sasl_local_domain=$vhostname" >> /etc/postfix/master.cf echo -e " -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination" >> /etc/postfix/master.cf echo -e " -o smtpd_sasl_security_options=noanonymous,noplaintext" >> /etc/postfix/master.cf echo -e " -o smtpd_sasl_tls_security_options=noanonymous" >> /etc/postfix/master.cf echo $vpass | saslpasswd2 -p -c -u $vhostname $vsmuser chown postfix:postfix /etc/sasldb2 chmod 660 /etc/sasldb2 mv /etc/sasl2/smtpd.conf /etc/sasl2/smtpd.conf.bck echo -e "pwcheck_method: auxprop" >> /etc/sasl2/smtpd.conf echo -e "auxprop_plugin: sasldb" >> /etc/sasl2/smtpd.conf echo -e "mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5" >> /etc/sasl2/smtpd.conf service iptables stop service opendkim restart service postfix restart service saslauthd restart systemctl stop firewalld echo -e "installation complete \n Hostname : $vhostname \nDomain Name: $vdomainname \nSmtp Username: $vsmuser \nPassword: $vpass \n\n\nYour Dkim Key for DNS is \n\n\n" cat /etc/opendkim/keys/$vdomainname/default.txt dkim=`cat /etc/opendkim/keys/$vdomainname/default.txt` echo -e "options { listen-on port 53 { any; }; directory \"/var/named\"; dump-file \"/var/named/data/cache_dump.db\"; statistics-file \"/var/named/data/named_stats.txt\"; memstatistics-file \"/var/named/data/named_mem_stats.txt\"; secroots-file \"/var/named/data/named.secroots\"; allow-query { any; }; recursion no; dnssec-enable yes; dnssec-validation yes; bindkeys-file \"/etc/named.iscdlv.key\"; managed-keys-directory \"/var/named/dynamic\"; pid-file \"/run/named/named.pid\"; session-keyfile \"/run/named/session.key\"; }; logging { channel default_debug { file \"data/named.run\"; severity dynamic; }; }; zone "." IN { type hint; file \"named.ca\"; }; zone \"$vdomainname\" { type master; file \"/var/named/forward.$vdomainname\"; }; zone \"$rr\" { type master; file \"/var/named/reverse.$vdomainname\"; }; include \"/etc/named.rfc1912.zones\"; include \"/etc/named.root.key\";" >> /etc/named.conf echo "configuring DNS DKIM SPF AND DMARC" echo -e " \$TTL 1d @ IN SOA dns1.$vdomainname. host.$vdomainname. ( 1 ; serial 6h ; refresh after 6 hours 1h ; retry after 1 hour 1w ; expire after 1 week 1d ) ; minimum TTL of 1 day ; ; ;Name Server Information @ IN NS ns1.$vdomainname. @ IN NS ns2.$vdomainname. ns1 IN A $myIP ns2 IN A $myIP ; ; ;Mail Server Information $vdomainname. IN MX 10 mail.$vdomainname. mail IN A $myIP ; ; ; A records host.$vdomainname. IN A $myIP $vdomainname. IN A $myIP ;Additional A Records: www IN A $myIP site IN A $myIP ; ;TXT records $dkim $vdomainname. IN TXT \"v=spf1 a mx ip4:$myIP ~all\" _dmarc.$vdomainname. IN TXT \"v=DMARC1; p=none; rua=mailto:dmarc-reports@$vdomainname;\" ; ;Additional CNAME Records: slave IN CNAME www.$vdomainname." >> /var/named/forward.$vdomainname echo -e " \$TTL 1d @ IN SOA dns1.$vdomainname. host.$vdomainname. ( 1 ; serial 6h ; refresh after 6 hours 1h ; retry after 1 hour 1w ; expire after 1 week 1d ) ; minimum TTL of 1 day ; ; ;Name Server Information @ IN NS $vdomainname. ns1 IN A $myIP ; ; ;Reverse IP Information $rr. IN PTR ns1.$vdomainname. $rr. IN PTR mail.$vdomainname. $rr. IN PTR www.$vdomainname." >> /var/named/reverse.$vdomainname cp /lib/systemd/system/named.service /etc/systemd/system/ systemctl restart named.service service named restart echo -e "\n\n\nSmtp Setup completed SPF DKIM ALL SET\n\n\n"