myvesta/bin/v-make-separated-ip-for-email

#!/bin/bash

# info: add new ip and makes email to be sent via that IP only for SMTP authenticated users
# options: MAIL_HOSTNAME MAIL_IP
#
# The function add new ip, add new host for mail, try to generate letsencrypt for it, and makes email to be sent via that IP only for SMTP authenticated users

#----------------------------------------------------------#
#                    Variable&Function                     #
#----------------------------------------------------------#

whoami=$(whoami)
if [ "$whoami" != "root" ]; then
    echo "You must be root to execute this script"
    exit 1
fi

# Importing system environment
source /etc/profile

# Includes
source /usr/local/vesta/func/main.sh

MAIL_HOSTNAME=$1
MAIL_IP=$2

if [ $# -gt 2 ]; then
    NETMASK=$3
else
    NETMASK='255.255.255.192'
fi

if [ $# -gt 3 ]; then
    INTERFACE=$4
else
    INTERFACE='eth0'
fi

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '2' "$#" 'MAIL_HOSTNAME MAIL_IP [NETMASK] [INTERFACE]'
is_domain_format_valid "$MAIL_HOSTNAME"
is_ip_format_valid "$MAIL_IP"

HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME")
if [ -z "$HOST_USER" ]; then
    echo "Error: hostname $HOSTNAME is not created as web domain"
    exit 4
fi

HOST_IP=$($VESTA/bin/v-list-web-domain "$HOST_USER" "$HOSTNAME" | grep 'IP:' | awk '{print $2}')

echo "HOSTNAME     : $HOSTNAME"
echo "HOSTNAME IP  : $HOST_IP"
echo "MAIL HOSTNAME: $MAIL_HOSTNAME"
echo "MAIL_IP      : $MAIL_IP"
if [ $# -gt 2 ]; then
    echo "NETMASK      : $NETMASK"
fi
if [ $# -gt 3 ]; then
    echo "INTERFACE    : $INTERFACE"
fi

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

if [ ! -f "/usr/local/vesta/data/ips/$MAIL_IP" ]; then
    echo "=== Adding IP $MAIL_IP with netmask $NETMASK on interface $INTERFACE"
    $VESTA/bin/v-add-sys-ip  "$MAIL_IP" "$NETMASK" "$INTERFACE" 'admin' 'dedicated' '' ''
fi

MAIL_USER=$($VESTA/bin/v-search-domain-owner "$MAIL_HOSTNAME")
if [ -z "$MAIL_USER" ]; then
    MAIL_USER=$HOST_USER
    echo "=== Creating (sub)domain $MAIL_HOSTNAME"
    $VESTA/bin/v-add-domain "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes'
    echo "=== Deleting www from (sub)domain $MAIL_HOSTNAME"
    www_host="www.$MAIL_HOSTNAME"
    $VESTA/bin/v-delete-web-domain-alias "$MAIL_USER" "$MAIL_HOSTNAME" "$www_host" 'no'
    $VESTA/bin/v-delete-dns-on-web-alias "$MAIL_USER" "$MAIL_HOSTNAME" "$www_host" 'no'
else
    CURRENT_MAIL_IP=$($VESTA/bin/v-list-web-domain "$MAIL_USER" "$MAIL_HOSTNAME" | grep 'IP:' | awk '{print $2}')
    if [ "$CURRENT_MAIL_IP" != "$MAIL_IP" ]; then
        echo "=== Switching (sub)domain $MAIL_HOSTNAME to IP: $MAIL_IP"
        $VESTA/bin/v-change-web-domain-ip "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes'
        $VESTA/bin/v-change-dns-domain-ip "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes'
    fi
fi

if [ -f "/home/$MAIL_USER/conf/web/ssl.$MAIL_HOSTNAME.ca" ]; then
    echo "=== Signed SSL already installed"
else
    echo "=== Installing LetsEncrypt for (sub)domain $MAIL_HOSTNAME"
    $VESTA/bin/v-add-letsencrypt-domain "$MAIL_USER" "$MAIL_HOSTNAME" "" "yes"
    if [ $? -ne 0 ]; then
        echo "=== LetsEncrypt installation failed"
    fi
fi

if [ ! -d "/etc/exim4/virtual" ]; then
    echo "=== Creating /etc/exim4/virtual directory"
    mkdir -p /etc/exim4/virtual
    echo "$HOST_IP: $HOSTNAME" > /etc/exim4/virtual/helo_data
    echo "$HOSTNAME: $HOST_IP" > /etc/exim4/virtual/interfaces
    length=$(wc -c </etc/exim4/virtual/helo_data)
    dd if=/dev/null of=/etc/exim4/virtual/helo_data obs="$((length-1))" seek=1 > /dev/null 2>&1
    length=$(wc -c </etc/exim4/virtual/interfaces)
    dd if=/dev/null of=/etc/exim4/virtual/interfaces obs="$((length-1))" seek=1 > /dev/null 2>&1
fi
check_grep1=$(grep -c "^$MAIL_IP:" /etc/exim4/virtual/helo_data)
check_grep2=$(grep -c ": $MAIL_HOSTNAME" /etc/exim4/virtual/helo_data)
if [ "$check_grep1" -eq 0 ] && [ "$check_grep2" -eq 0 ]; then
    echo "=== Adding $MAIL_IP: $MAIL_HOSTNAME to /etc/exim4/virtual/helo_data"
    echo "" >> /etc/exim4/virtual/helo_data
    echo "$MAIL_IP: $MAIL_HOSTNAME" >> /etc/exim4/virtual/helo_data
    length=$(wc -c </etc/exim4/virtual/helo_data)
    dd if=/dev/null of=/etc/exim4/virtual/helo_data obs="$((length-1))" seek=1 > /dev/null 2>&1
fi
check_grep1=$(grep -c "^$MAIL_HOSTNAME:" /etc/exim4/virtual/interfaces)
check_grep2=$(grep -c ": $MAIL_IP" /etc/exim4/virtual/interfaces)
if [ "$check_grep1" -eq 0 ] && [ "$check_grep2" -eq 0 ]; then
    echo "=== Adding $MAIL_HOSTNAME: $MAIL_IP to /etc/exim4/virtual/interfaces"
    echo "" >> /etc/exim4/virtual/interfaces
    echo "$MAIL_HOSTNAME: $MAIL_IP" >> /etc/exim4/virtual/interfaces
    length=$(wc -c </etc/exim4/virtual/interfaces)
    dd if=/dev/null of=/etc/exim4/virtual/interfaces obs="$((length-1))" seek=1 > /dev/null 2>&1
fi

echo "=== Generating IP SSL for hostname $HOSTNAME"
$VESTA/bin/v-make-ip-ssl "$HOST_USER" "$HOSTNAME"
echo "=== Generating IP SSL for mail hostname $MAIL_HOSTNAME"
$VESTA/bin/v-make-ip-ssl "$MAIL_USER" "$MAIL_HOSTNAME"

check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template)
if [ "$check_grep" -eq 0 ]; then
    echo "=== patching exim4.conf.template"
    mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
    cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template

    release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
    if [ "$release" -lt 11 ]; then
        sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template
    fi
    if [ "$release" -lt 12 ]; then
        sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template
    fi

    sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template
    sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template
    sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template
    sed -i "s|SECONDHOST|$MAIL_HOSTNAME|g" /etc/exim4/exim4.conf.template
    sed -i "s|#local_interfaces|local_interfaces|g" /etc/exim4/exim4.conf.template
    sed -i "s|#smtp_active_hostname|smtp_active_hostname|g" /etc/exim4/exim4.conf.template
    sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template
    sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template
    sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template
    /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template'
    /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template'
    touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
    touch /etc/exim4/limit_per_email_account_max_recipients
    touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
    touch /etc/exim4/limit_per_hosting_account_max_recipients
    check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup)
    if [ "$check_grep" -eq 0 ]; then
        sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template
    fi
    check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup)
    if [ "$check_grep" -eq 0 ]; then
        sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template
    fi
    check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup)
    if [ "$check_grep" -eq 0 ]; then
        sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template
    fi
    systemctl restart exim4
    if [ $? -ne 0 ]; then
        systemctl status exim4
        cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template
        systemctl restart exim4
        echo "=== Patching failed, old exim conf returned, exim4 restarted again."
        exit 1
    fi
    echo "=== Patching successful"
else
    echo "=== exim4.conf.template already patched"
fi

check_grep=$(grep -c 'v-make-ip-ssl' /usr/local/vesta/conf/vesta.conf)
if [ "$check_grep" -eq 0 ]; then
    echo "=== Set UPDATE_SSL_SCRIPT to 'v-make-ip-ssl'"
    echo "UPDATE_SSL_SCRIPT='/usr/local/vesta/bin/v-make-ip-ssl'" >> /usr/local/vesta/conf/vesta.conf
else
    echo "=== Value UPDATE_SSL_SCRIPT is already 'v-make-ip-ssl'"
fi

check_grep=$(grep -c "ip4:$MAIL_IP" /usr/local/vesta/data/templates/dns/default.tpl)
if [ "$check_grep" -eq 0 ]; then
    echo "=== Adding IP to SPF"
    sed -i "s|ip4:%ip%|ip4:%ip% ip4:$MAIL_IP|g" /usr/local/vesta/data/templates/dns/default.tpl
    NOTFOUNDVAL="ip4:$MAIL_IP"
    OLDVAL="ip4:$HOST_IP"
    NEWVAL="ip4:$HOST_IP ip4:$MAIL_IP"
    find /usr/local/vesta/data/users/*/dns/ -type f -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
    find /home/*/conf/dns/ -type f -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
    service bind9 reload
fi

echo "=== Done!"

ptr=$(dig +short -x $MAIL_IP)
ptr_len=${#ptr}
ptr_len=$((ptr_len-1))
ptr=${ptr:0:ptr_len}
if [ "$ptr" != "$MAIL_HOSTNAME" ]; then
    echo "=============================================================================="
    echo "WARNING:"
    echo "PTR record (reverse DNS) for IP $MAIL_IP is $ptr"
    echo "PTR record (reverse DNS) for IP $MAIL_IP should be $MAIL_HOSTNAME"
    echo "=============================================================================="
fi

#----------------------------------------------------------#
#                       Vesta                              #
#----------------------------------------------------------#

# Logging
log_event "$OK" "$ARGUMENTS"

exit