myvesta/bin/v-make-separated-ip-for-email
2024-11-18 18:03:53 +01:00

235 lines
9.8 KiB
Plaintext

#!/bin/bash
# info: add new ip and makes email to be sent via that IP only for SMTP authenticated users
# options: MAIL_HOSTNAME MAIL_IP
#
# The function add new ip, add new host for mail, try to generate letsencrypt for it, and makes email to be sent via that IP only for SMTP authenticated users
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Includes
source /usr/local/vesta/func/main.sh
MAIL_HOSTNAME=$1
MAIL_IP=$2
if [ $# -gt 2 ]; then
NETMASK=$3
else
NETMASK='255.255.255.192'
fi
if [ $# -gt 3 ]; then
INTERFACE=$4
else
INTERFACE='eth0'
fi
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'MAIL_HOSTNAME MAIL_IP [NETMASK] [INTERFACE]'
is_domain_format_valid "$MAIL_HOSTNAME"
is_ip_format_valid "$MAIL_IP"
HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME")
if [ -z "$HOST_USER" ]; then
echo "Error: hostname $HOSTNAME is not created as web domain"
exit 4
fi
HOST_IP=$($VESTA/bin/v-list-web-domain "$HOST_USER" "$HOSTNAME" | grep 'IP:' | awk '{print $2}')
echo "HOSTNAME : $HOSTNAME"
echo "HOSTNAME IP : $HOST_IP"
echo "MAIL HOSTNAME: $MAIL_HOSTNAME"
echo "MAIL_IP : $MAIL_IP"
if [ $# -gt 2 ]; then
echo "NETMASK : $NETMASK"
fi
if [ $# -gt 3 ]; then
echo "INTERFACE : $INTERFACE"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ ! -f "/usr/local/vesta/data/ips/$MAIL_IP" ]; then
echo "=== Adding IP $MAIL_IP with netmask $NETMASK on interface $INTERFACE"
$VESTA/bin/v-add-sys-ip "$MAIL_IP" "$NETMASK" "$INTERFACE" 'admin' 'dedicated' '' ''
fi
MAIL_USER=$($VESTA/bin/v-search-domain-owner "$MAIL_HOSTNAME")
if [ -z "$MAIL_USER" ]; then
MAIL_USER=$HOST_USER
echo "=== Creating (sub)domain $MAIL_HOSTNAME"
$VESTA/bin/v-add-domain "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes'
echo "=== Deleting www from (sub)domain $MAIL_HOSTNAME"
www_host="www.$MAIL_HOSTNAME"
$VESTA/bin/v-delete-web-domain-alias "$MAIL_USER" "$MAIL_HOSTNAME" "$www_host" 'no'
$VESTA/bin/v-delete-dns-on-web-alias "$MAIL_USER" "$MAIL_HOSTNAME" "$www_host" 'no'
else
CURRENT_MAIL_IP=$($VESTA/bin/v-list-web-domain "$MAIL_USER" "$MAIL_HOSTNAME" | grep 'IP:' | awk '{print $2}')
if [ "$CURRENT_MAIL_IP" != "$MAIL_IP" ]; then
echo "=== Switching (sub)domain $MAIL_HOSTNAME to IP: $MAIL_IP"
$VESTA/bin/v-change-web-domain-ip "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes'
$VESTA/bin/v-change-dns-domain-ip "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes'
fi
fi
if [ -f "/home/$MAIL_USER/conf/web/ssl.$MAIL_HOSTNAME.ca" ]; then
echo "=== Signed SSL already installed"
else
echo "=== Installing LetsEncrypt for (sub)domain $MAIL_HOSTNAME"
$VESTA/bin/v-add-letsencrypt-domain "$MAIL_USER" "$MAIL_HOSTNAME" "" "yes"
if [ $? -ne 0 ]; then
echo "=== LetsEncrypt installation failed"
fi
fi
if [ ! -d "/etc/exim4/virtual" ]; then
echo "=== Creating /etc/exim4/virtual directory"
mkdir -p /etc/exim4/virtual
echo "$HOST_IP: $HOSTNAME" > /etc/exim4/virtual/helo_data
echo "$HOSTNAME: $HOST_IP" > /etc/exim4/virtual/interfaces
length=$(wc -c </etc/exim4/virtual/helo_data)
dd if=/dev/null of=/etc/exim4/virtual/helo_data obs="$((length-1))" seek=1 > /dev/null 2>&1
length=$(wc -c </etc/exim4/virtual/interfaces)
dd if=/dev/null of=/etc/exim4/virtual/interfaces obs="$((length-1))" seek=1 > /dev/null 2>&1
fi
check_grep1=$(grep -c "^$MAIL_IP:" /etc/exim4/virtual/helo_data)
check_grep2=$(grep -c ": $MAIL_HOSTNAME" /etc/exim4/virtual/helo_data)
if [ "$check_grep1" -eq 0 ] && [ "$check_grep2" -eq 0 ]; then
echo "=== Adding $MAIL_IP: $MAIL_HOSTNAME to /etc/exim4/virtual/helo_data"
echo "" >> /etc/exim4/virtual/helo_data
echo "$MAIL_IP: $MAIL_HOSTNAME" >> /etc/exim4/virtual/helo_data
length=$(wc -c </etc/exim4/virtual/helo_data)
dd if=/dev/null of=/etc/exim4/virtual/helo_data obs="$((length-1))" seek=1 > /dev/null 2>&1
fi
check_grep1=$(grep -c "^$MAIL_HOSTNAME:" /etc/exim4/virtual/interfaces)
check_grep2=$(grep -c ": $MAIL_IP" /etc/exim4/virtual/interfaces)
if [ "$check_grep1" -eq 0 ] && [ "$check_grep2" -eq 0 ]; then
echo "=== Adding $MAIL_HOSTNAME: $MAIL_IP to /etc/exim4/virtual/interfaces"
echo "" >> /etc/exim4/virtual/interfaces
echo "$MAIL_HOSTNAME: $MAIL_IP" >> /etc/exim4/virtual/interfaces
length=$(wc -c </etc/exim4/virtual/interfaces)
dd if=/dev/null of=/etc/exim4/virtual/interfaces obs="$((length-1))" seek=1 > /dev/null 2>&1
fi
echo "=== Generating IP SSL for hostname $HOSTNAME"
$VESTA/bin/v-make-ip-ssl "$HOST_USER" "$HOSTNAME"
echo "=== Generating IP SSL for mail hostname $MAIL_HOSTNAME"
$VESTA/bin/v-make-ip-ssl "$MAIL_USER" "$MAIL_HOSTNAME"
check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template)
if [ "$check_grep" -eq 0 ]; then
echo "=== patching exim4.conf.template"
mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
if (( $(echo "$eximversion < 4.96" | bc -l) )); then
cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template
sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template
fi
if (( $(echo "$eximversion < 4.94" | bc -l) )); then
sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template
fi
sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template
sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template
sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template
sed -i "s|SECONDHOST|$MAIL_HOSTNAME|g" /etc/exim4/exim4.conf.template
sed -i "s|#local_interfaces|local_interfaces|g" /etc/exim4/exim4.conf.template
sed -i "s|#smtp_active_hostname|smtp_active_hostname|g" /etc/exim4/exim4.conf.template
sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template
sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template
sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template
/usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template'
/usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template'
touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
touch /etc/exim4/limit_per_email_account_max_recipients
touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
touch /etc/exim4/limit_per_hosting_account_max_recipients
check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup)
if [ "$check_grep" -eq 0 ]; then
sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template
fi
check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup)
if [ "$check_grep" -eq 0 ]; then
sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template
fi
check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup)
if [ "$check_grep" -eq 0 ]; then
sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template
fi
systemctl restart exim4
if [ $? -ne 0 ]; then
systemctl status exim4
cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template
systemctl restart exim4
echo "=== Patching failed, old exim conf returned, exim4 restarted again."
exit 1
fi
echo "=== Patching successful"
else
echo "=== exim4.conf.template already patched"
fi
check_grep=$(grep -c 'v-make-ip-ssl' /usr/local/vesta/conf/vesta.conf)
if [ "$check_grep" -eq 0 ]; then
echo "=== Set UPDATE_SSL_SCRIPT to 'v-make-ip-ssl'"
echo "UPDATE_SSL_SCRIPT='/usr/local/vesta/bin/v-make-ip-ssl'" >> /usr/local/vesta/conf/vesta.conf
else
echo "=== Value UPDATE_SSL_SCRIPT is already 'v-make-ip-ssl'"
fi
check_grep=$(grep -c "ip4:$MAIL_IP" /usr/local/vesta/data/templates/dns/default.tpl)
if [ "$check_grep" -eq 0 ]; then
echo "=== Adding IP to SPF"
sed -i "s|ip4:%ip%|ip4:%ip% ip4:$MAIL_IP|g" /usr/local/vesta/data/templates/dns/default.tpl
NOTFOUNDVAL="ip4:$MAIL_IP"
OLDVAL="ip4:$HOST_IP"
NEWVAL="ip4:$HOST_IP ip4:$MAIL_IP"
find /usr/local/vesta/data/users/*/dns/ -type f -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
find /home/*/conf/dns/ -type f -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
service bind9 reload
fi
echo "=== Done!"
ptr=$(dig +short -x $MAIL_IP)
ptr_len=${#ptr}
ptr_len=$((ptr_len-1))
ptr=${ptr:0:ptr_len}
if [ "$ptr" != "$MAIL_HOSTNAME" ]; then
echo "=============================================================================="
echo "WARNING:"
echo "PTR record (reverse DNS) for IP $MAIL_IP is $ptr"
echo "PTR record (reverse DNS) for IP $MAIL_IP should be $MAIL_HOSTNAME"
echo "=============================================================================="
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit