#!/bin/bash # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users # options: MAIL_HOSTNAME MAIL_IP # # The function add new ip, add new host for mail, try to generate letsencrypt for it, and makes email to be sent via that IP only for SMTP authenticated users #----------------------------------------------------------# # Variable&Function # #----------------------------------------------------------# whoami=$(whoami) if [ "$whoami" != "root" ]; then echo "You must be root to execute this script" exit 1 fi # Importing system environment source /etc/profile # Includes source /usr/local/vesta/func/main.sh MAIL_HOSTNAME=$1 MAIL_IP=$2 if [ $# -gt 2 ]; then NETMASK=$3 else NETMASK='255.255.255.192' fi if [ $# -gt 3 ]; then INTERFACE=$4 else INTERFACE='eth0' fi #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# check_args '2' "$#" 'MAIL_HOSTNAME MAIL_IP [NETMASK] [INTERFACE]' is_domain_format_valid "$MAIL_HOSTNAME" is_ip_format_valid "$MAIL_IP" HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME") if [ -z "$HOST_USER" ]; then echo "Error: hostname $HOSTNAME is not created as web domain" exit 4 fi HOST_IP=$($VESTA/bin/v-list-web-domain "$HOST_USER" "$HOSTNAME" | grep 'IP:' | awk '{print $2}') echo "HOSTNAME : $HOSTNAME" echo "HOSTNAME IP : $HOST_IP" echo "MAIL HOSTNAME: $MAIL_HOSTNAME" echo "MAIL_IP : $MAIL_IP" if [ $# -gt 2 ]; then echo "NETMASK : $NETMASK" fi if [ $# -gt 3 ]; then echo "INTERFACE : $INTERFACE" fi #----------------------------------------------------------# # Action # #----------------------------------------------------------# if [ ! -f "/usr/local/vesta/data/ips/$MAIL_IP" ]; then echo "=== Adding IP $MAIL_IP with netmask $NETMASK on interface $INTERFACE" $VESTA/bin/v-add-sys-ip "$MAIL_IP" "$NETMASK" "$INTERFACE" 'admin' 'dedicated' '' '' fi MAIL_USER=$($VESTA/bin/v-search-domain-owner "$MAIL_HOSTNAME") if [ -z "$MAIL_USER" ]; then MAIL_USER=$HOST_USER echo "=== Creating (sub)domain $MAIL_HOSTNAME" $VESTA/bin/v-add-domain "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes' echo "=== Deleting www from (sub)domain $MAIL_HOSTNAME" www_host="www.$MAIL_HOSTNAME" $VESTA/bin/v-delete-web-domain-alias "$MAIL_USER" "$MAIL_HOSTNAME" "$www_host" 'no' $VESTA/bin/v-delete-dns-on-web-alias "$MAIL_USER" "$MAIL_HOSTNAME" "$www_host" 'no' else CURRENT_MAIL_IP=$($VESTA/bin/v-list-web-domain "$MAIL_USER" "$MAIL_HOSTNAME" | grep 'IP:' | awk '{print $2}') if [ "$CURRENT_MAIL_IP" != "$MAIL_IP" ]; then echo "=== Switching (sub)domain $MAIL_HOSTNAME to IP: $MAIL_IP" $VESTA/bin/v-change-web-domain-ip "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes' $VESTA/bin/v-change-dns-domain-ip "$MAIL_USER" "$MAIL_HOSTNAME" "$MAIL_IP" 'yes' fi fi if [ -f "/home/$MAIL_USER/conf/web/ssl.$MAIL_HOSTNAME.ca" ]; then echo "=== Signed SSL already installed" else echo "=== Installing LetsEncrypt for (sub)domain $MAIL_HOSTNAME" $VESTA/bin/v-add-letsencrypt-domain "$MAIL_USER" "$MAIL_HOSTNAME" "" "yes" if [ $? -ne 0 ]; then echo "=== LetsEncrypt installation failed" fi fi if [ ! -d "/etc/exim4/virtual" ]; then echo "=== Creating /etc/exim4/virtual directory" mkdir -p /etc/exim4/virtual echo "$HOST_IP: $HOSTNAME" > /etc/exim4/virtual/helo_data echo "$HOSTNAME: $HOST_IP" > /etc/exim4/virtual/interfaces length=$(wc -c /dev/null 2>&1 length=$(wc -c /dev/null 2>&1 fi check_grep1=$(grep -c "^$MAIL_IP:" /etc/exim4/virtual/helo_data) check_grep2=$(grep -c ": $MAIL_HOSTNAME" /etc/exim4/virtual/helo_data) if [ "$check_grep1" -eq 0 ] && [ "$check_grep2" -eq 0 ]; then echo "=== Adding $MAIL_IP: $MAIL_HOSTNAME to /etc/exim4/virtual/helo_data" echo "" >> /etc/exim4/virtual/helo_data echo "$MAIL_IP: $MAIL_HOSTNAME" >> /etc/exim4/virtual/helo_data length=$(wc -c /dev/null 2>&1 fi check_grep1=$(grep -c "^$MAIL_HOSTNAME:" /etc/exim4/virtual/interfaces) check_grep2=$(grep -c ": $MAIL_IP" /etc/exim4/virtual/interfaces) if [ "$check_grep1" -eq 0 ] && [ "$check_grep2" -eq 0 ]; then echo "=== Adding $MAIL_HOSTNAME: $MAIL_IP to /etc/exim4/virtual/interfaces" echo "" >> /etc/exim4/virtual/interfaces echo "$MAIL_HOSTNAME: $MAIL_IP" >> /etc/exim4/virtual/interfaces length=$(wc -c /dev/null 2>&1 fi echo "=== Generating IP SSL for hostname $HOSTNAME" $VESTA/bin/v-make-ip-ssl "$HOST_USER" "$HOSTNAME" echo "=== Generating IP SSL for mail hostname $MAIL_HOSTNAME" $VESTA/bin/v-make-ip-ssl "$MAIL_USER" "$MAIL_HOSTNAME" check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template) if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') if (( $(echo "$eximversion < 4.96" | bc -l) )); then cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template fi if (( $(echo "$eximversion < 4.94" | bc -l) )); then sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template fi sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDHOST|$MAIL_HOSTNAME|g" /etc/exim4/exim4.conf.template sed -i "s|#local_interfaces|local_interfaces|g" /etc/exim4/exim4.conf.template sed -i "s|#smtp_active_hostname|smtp_active_hostname|g" /etc/exim4/exim4.conf.template sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template' /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template' touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour touch /etc/exim4/limit_per_email_account_max_recipients touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour touch /etc/exim4/limit_per_hosting_account_max_recipients check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup) if [ "$check_grep" -eq 0 ]; then sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template fi check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup) if [ "$check_grep" -eq 0 ]; then sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template fi check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup) if [ "$check_grep" -eq 0 ]; then sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template fi systemctl restart exim4 if [ $? -ne 0 ]; then systemctl status exim4 cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template systemctl restart exim4 echo "=== Patching failed, old exim conf returned, exim4 restarted again." exit 1 fi echo "=== Patching successful" else echo "=== exim4.conf.template already patched" fi check_grep=$(grep -c 'v-make-ip-ssl' /usr/local/vesta/conf/vesta.conf) if [ "$check_grep" -eq 0 ]; then echo "=== Set UPDATE_SSL_SCRIPT to 'v-make-ip-ssl'" echo "UPDATE_SSL_SCRIPT='/usr/local/vesta/bin/v-make-ip-ssl'" >> /usr/local/vesta/conf/vesta.conf else echo "=== Value UPDATE_SSL_SCRIPT is already 'v-make-ip-ssl'" fi check_grep=$(grep -c "ip4:$MAIL_IP" /usr/local/vesta/data/templates/dns/default.tpl) if [ "$check_grep" -eq 0 ]; then echo "=== Adding IP to SPF" sed -i "s|ip4:%ip%|ip4:%ip% ip4:$MAIL_IP|g" /usr/local/vesta/data/templates/dns/default.tpl NOTFOUNDVAL="ip4:$MAIL_IP" OLDVAL="ip4:$HOST_IP" NEWVAL="ip4:$HOST_IP ip4:$MAIL_IP" find /usr/local/vesta/data/users/*/dns/ -type f -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" find /home/*/conf/dns/ -type f -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" service bind9 reload fi echo "=== Done!" ptr=$(dig +short -x $MAIL_IP) ptr_len=${#ptr} ptr_len=$((ptr_len-1)) ptr=${ptr:0:ptr_len} if [ "$ptr" != "$MAIL_HOSTNAME" ]; then echo "==============================================================================" echo "WARNING:" echo "PTR record (reverse DNS) for IP $MAIL_IP is $ptr" echo "PTR record (reverse DNS) for IP $MAIL_IP should be $MAIL_HOSTNAME" echo "==============================================================================" fi #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# # Logging log_event "$OK" "$ARGUMENTS" exit