lolcat/bullmail
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first, and hopefully last commit

Browse Source
This commit is contained in:
lolcat
2025-07-13 18:46:18 -04:00
commit dba715f47f
14 changed files with 508 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
script/actions.conf Normal file
View File

@@ -0,0 +1,3 @@
reject = 100;
add_header = 5;
greylist = 100;

103
script/bullmail.sh Executable file
View File

@@ -0,0 +1,103 @@
#!/bin/bash
#
# Input your settings here
#
tls_cert="/etc/apache2/ssl/yourdomain.com.pem"
tls_key="/etc/apache2/ssl/yourdomain.com.key"
hostname="mail.yourdomain.com"
domain="yourdomain.com"
#
# Script
#
echo "Welcome to bullmail"
if [ "$EUID" -ne 0 ]; then
echo "Run this shit as root. Exiting"
exit 1
fi
packages="dovecot-core dovecot-imapd postfix rspamd postfix dovecot-lmtpd dovecot-sieve dovecot-managesieved postfix postfix-pcre"
echo "=== Cleaning up garbage... ==="
rm -rf /etc/rspamd/
rm -rf /etc/dovecot/
apt purge --autoremove $packages -y
echo "=== Installing packages ==="
apt install $packages -y
echo "=== Configuring rspamd ==="
echo "Generating DKIM keys..."
mkdir -p /var/lib/rspamd/dkim
chown _rspamd:_rspamd /var/lib/rspamd/dkim
chmod 750 /var/lib/rspamd/dkim
dkim=$(rspamadm dkim_keygen -d $domain -s mail)
private_key=$(echo "$dkim" | awk 'BEGIN {RS="-----END PRIVATE KEY-----"} NR==1 {print $0 RS}' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
dns_record=$(echo "$dkim" | awk 'BEGIN {RS="-----END PRIVATE KEY-----"} NR==2 {print $0}' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
touch /var/lib/rspamd/dkim/$domain.mail.key
echo "$private_key" > "/var/lib/rspamd/dkim/$domain.mail.key"
rspamd_dkim=$(< "$PWD/dkim_signing.conf")
rspamd_dkim="${rspamd_dkim//__domain__/$domain}"
echo "$rspamd_dkim" > "/etc/rspamd/local.d/dkim_signing.conf"
chown _rspamd:_rspamd /var/lib/rspamd/dkim/$domain.mail.key
chmod 644 /var/lib/rspamd/dkim/$domain.mail.key
cp $PWD/milter_headers.conf /etc/rspamd/local.d/milter_headers.conf
cp $PWD/actions.conf /etc/rspamd/local.d/actions.conf
touch /var/log/rspamd/rspamd.log
chown _rspamd:_rspamd -R /etc/rspamd/local.d
chown _rspamd:_rspamd /var/log/rspamd/rspamd.log
chmod 744 /etc/rspamd/local.d
chmod 644 /etc/rspamd/local.d/*
chmod 644 /var/log/rspamd/rspamd.log
echo "Restarting rspamd..."
service rspamd restart
echo "=== Configuring Postfix ==="
postfix_conf=$(< "$PWD/main.cf")
postfix_conf="${postfix_conf//KEY.pem/$tls_cert}"
postfix_conf="${postfix_conf//KEY.key/$tls_key}"
postfix_conf="${postfix_conf//__domain__/$domain}"
postfix_conf="${postfix_conf//__hostname__/$hostname}"
echo "$postfix_conf" > "/etc/postfix/main.cf"
escaped_domain="${hostname//./\\.}"
header_checks=$(< "$PWD/header_checks")
header_checks="${header_checks//__hostname__/$escaped_domain}"
touch /etc/postfix/header_checks
echo "$header_checks" > "/etc/postfix/header_checks"
cp $PWD/master.cf /etc/postfix/master.cf
echo "Restarting Postfix..."
service postfix restart
echo "=== Configuring Dovecot ==="
dovecot_conf=$(< "$PWD/dovecot.conf")
dovecot_conf="${dovecot_conf//KEY.pem/$tls_cert}"
dovecot_conf="${dovecot_conf//KEY.key/$tls_key}"
dovecot_conf="${dovecot_conf//__domain__/$domain}"
echo "$dovecot_conf" > "/etc/dovecot/dovecot.conf"
mkdir -p /etc/dovecot/sieve
cp $PWD/spam2junk.sieve /etc/dovecot/sieve
sievec /etc/dovecot/sieve/spam2junk.sieve
chown -R vmail:vmail /etc/dovecot/sieve
echo "Restarting Dovecot..."
service dovecot restart
echo "Done. Please set this TXT record on your $domain domain."
echo $dns_record
echo "Bye!"

11
script/dkim_signing.conf Normal file
View File

@@ -0,0 +1,11 @@
enabled = true;
sign_authenticated = true;
allow_hdrfrom_mismatch = false;
allow_username_mismatch = true;
domain {
__domain__ {
selector = "mail";
path = "/var/lib/rspamd/dkim/__domain__.mail.key";
}
}

99
script/dovecot.conf Normal file
View File

@@ -0,0 +1,99 @@
#logging
#auth_verbose = yes
#auth_debug = yes
#mail_debug = yes
#log_path = /var/log/dovecot.log
disable_plaintext_auth = no
auth_mechanisms = plain login
auth_username_format = %Ln
ssl = yes
ssl_cert = <KEY.pem
ssl_key = <KEY.key
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = </usr/share/dovecot/dh.pem
ssl_min_protocol = TLSv1.1
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imap_alt {
port = 1143
}
inet_listener imaps {
port = 993
ssl = yes
}
inet_listener imaps_alt {
port = 1993
ssl = yes
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location = maildir:~/Maildir
prefix =
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
}
passdb {
driver = pam
}
userdb {
driver = passwd
}
plugin {
sieve_global_path = /etc/dovecot/sieve/spam2junk.sieve
#sieve_global_dir = /etc/dovecot/sieve/
#sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
postmaster_address = postmaster@__domain__
mail_fsync = optimized
}
protocol lda {
mail_plugins = $mail_plugins sieve
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
protocols = imap lmtp

8
script/header_checks Normal file
View File

@@ -0,0 +1,8 @@
/^\s*Received: from __hostname__/ OK
/^\s*Received:/ IGNORE
/^From:/ PREPEND User-Agent: Mozilla Thunderbird
/^\s*X-Enigmail/ IGNORE
/^\s*X-Mailer/ IGNORE
/^\s*X-Originating-IP/ IGNORE
/^\s*X-Forward/ IGNORE
/^\s*User-Agent/ IGNORE

51
script/main.cf Normal file
View File

@@ -0,0 +1,51 @@
# logging
maillog_file = /var/log/mail.log
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 3.6
smtpd_tls_cert_file = KEY.pem
smtpd_tls_key_file = KEY.key
smtpd_tls_security_level = may
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
milter_default_action = accept
milter_protocol = 6
milter_mail_macros = i {auth_authen} {client_addr}
smtp_header_checks = pcre:/etc/postfix/header_checks
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = __hostname__
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
virtual_transport = dovecot
local_transport = lmtp:unix:private/dovecot-lmtp
dovecot_destination_recipient_limit = 1
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = __hostname__
mydomain = __domain__
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = __hostname__, __domain__, localhost, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/

46
script/master.cf Normal file
View File

@@ -0,0 +1,46 @@
smtp inet n - y - - smtpd
-o smtpd_milters=inet:127.0.0.1:11332
2525 inet n - y - - smtpd
-o smtpd_milters=inet:127.0.0.1:11332
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}

7
script/milter_headers.conf Normal file
View File

@@ -0,0 +1,7 @@
enabled = true;
# avoid x-spam headers on sent emails
use_authenticated = false;
# add x-spam headers
extended_spam_headers = true;

6
script/spam2junk.sieve Normal file
View File

@@ -0,0 +1,6 @@
require ["fileinto"];
if header :contains "X-Spam" "Yes" {
fileinto "Junk";
stop;
}