blob: 16a040c76f8dfd59a00b012ad43da161acf3b0f8 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +01001#!/usr/bin/env bash
2
3set -o pipefail
4
5if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
6 echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
7 echo "Please update to 5.x or use another distribution."
8 exit 1
9fi
10
11if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
12 if grep -q Ubuntu <<< $(uname -a); then
13 echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
14 echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
15 fi
16 exit 1
17fi
18
19if grep --help 2>&1 | grep -q -i "busybox"; then
20 echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""
21 exit 1
22fi
23if cp --help 2>&1 | grep -q -i "busybox"; then
24 echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""
25 exit 1
26fi
27
28for bin in openssl curl docker-compose docker git awk sha1sum; do
29 if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
30done
31
32if [ -f mailcow.conf ]; then
33 read -r -p "A config file exists and will be overwritten, are you sure you want to contine? [y/N] " response
34 case $response in
35 [yY][eE][sS]|[yY])
36 mv mailcow.conf mailcow.conf_backup
37 chmod 600 mailcow.conf_backup
38 ;;
39 *)
40 exit 1
41 ;;
42 esac
43fi
44
45echo "Press enter to confirm the detected value '[value]' where applicable or enter a custom value."
46while [ -z "${MAILCOW_HOSTNAME}" ]; do
47 read -p "Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: " -e MAILCOW_HOSTNAME
48 DOTS=${MAILCOW_HOSTNAME//[^.]};
49 if [ ${#DOTS} -lt 2 ] && [ ! -z ${MAILCOW_HOSTNAME} ]; then
50 echo "${MAILCOW_HOSTNAME} is not a FQDN"
51 MAILCOW_HOSTNAME=
52 fi
53done
54
55if [ -a /etc/timezone ]; then
56 DETECTED_TZ=$(cat /etc/timezone)
57elif [ -a /etc/localtime ]; then
58 DETECTED_TZ=$(readlink /etc/localtime|sed -n 's|^.*zoneinfo/||p')
59fi
60
61while [ -z "${MAILCOW_TZ}" ]; do
62 if [ -z "${DETECTED_TZ}" ]; then
63 read -p "Timezone: " -e MAILCOW_TZ
64 else
65 read -p "Timezone [${DETECTED_TZ}]: " -e MAILCOW_TZ
66 [ -z "${MAILCOW_TZ}" ] && MAILCOW_TZ=${DETECTED_TZ}
67 fi
68done
69
70MEM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
71
72if [ ${MEM_TOTAL} -le "2621440" ]; then
73 echo "Installed memory is <= 2.5 GiB. It is recommended to disable ClamAV to prevent out-of-memory situations."
74 echo "ClamAV can be re-enabled by setting SKIP_CLAMD=n in mailcow.conf."
75 read -r -p "Do you want to disable ClamAV now? [Y/n] " response
76 case $response in
77 [nN][oO]|[nN])
78 SKIP_CLAMD=n
79 ;;
80 *)
81 SKIP_CLAMD=y
82 ;;
83 esac
84else
85 SKIP_CLAMD=n
86fi
87
88if [ ${MEM_TOTAL} -le "2097152" ]; then
89 echo "Disabling Solr on low-memory system."
90 SKIP_SOLR=y
91elif [ ${MEM_TOTAL} -le "3670016" ]; then
92 echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
93 echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
94 echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
95 read -r -p "Do you want to disable Solr now? [Y/n] " response
96 case $response in
97 [nN][oO]|[nN])
98 SKIP_SOLR=n
99 ;;
100 *)
101 SKIP_SOLR=y
102 ;;
103 esac
104else
105 SKIP_SOLR=n
106fi
107
108[ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
109
110cat << EOF > mailcow.conf
111# ------------------------------
112# mailcow web ui configuration
113# ------------------------------
114# example.org is _not_ a valid hostname, use a fqdn here.
115# Default admin user is "admin"
116# Default password is "moohoo"
117
118MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
119
120# Password hash algorithm
121# Only certain password hash algorithm are supported. For a fully list of supported schemes,
122# see https://mailcow.github.io/mailcow-dockerized-docs/model-passwd/
123MAILCOW_PASS_SCHEME=BLF-CRYPT
124
125# ------------------------------
126# SQL database configuration
127# ------------------------------
128
129DBNAME=mailcow
130DBUSER=mailcow
131
132# Please use long, random alphanumeric strings (A-Za-z0-9)
133
134DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
135DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
136
137# ------------------------------
138# HTTP/S Bindings
139# ------------------------------
140
141# You should use HTTPS, but in case of SSL offloaded reverse proxies:
142# Might be important: This will also change the binding within the container.
143# If you use a proxy within Docker, point it to the ports you set below.
144# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
145# IMPORTANT: Do not use port 8081, 9081 or 65510!
146
147HTTP_PORT=80
148HTTP_BIND=0.0.0.0
149
150HTTPS_PORT=443
151HTTPS_BIND=0.0.0.0
152
153# ------------------------------
154# Other bindings
155# ------------------------------
156# You should leave that alone
157# Format: 11.22.33.44:25 or 0.0.0.0:465 etc.
158
159SMTP_PORT=25
160SMTPS_PORT=465
161SUBMISSION_PORT=587
162IMAP_PORT=143
163IMAPS_PORT=993
164POP_PORT=110
165POPS_PORT=995
166SIEVE_PORT=4190
167DOVEADM_PORT=127.0.0.1:19991
168SQL_PORT=127.0.0.1:13306
169SOLR_PORT=127.0.0.1:18983
170REDIS_PORT=127.0.0.1:7654
171
172# Your timezone
173# See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
174# Use the row named 'TZ database name' + pay attention for 'Notes' row
175
176TZ=${MAILCOW_TZ}
177
178# Fixed project name
179# Please use lowercase letters only
180
181COMPOSE_PROJECT_NAME=mailcowdockerized
182
183# Set this to "allow" to enable the anyone pseudo user. Disabled by default.
184# When enabled, ACL can be created, that apply to "All authenticated users"
185# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
186# Otherwise a user might share data with too many other users.
187ACL_ANYONE=disallow
188
189# Garbage collector cleanup
190# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
191# How long should objects remain in the garbage until they are being deleted? (value in minutes)
192# Check interval is hourly
193
194MAILDIR_GC_TIME=7200
195
196# Additional SAN for the certificate
197#
198# You can use wildcard records to create specific names for every domain you add to mailcow.
199# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
200#ADDITIONAL_SAN=imap.*,smtp.*
201# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "imap.example.net"
202# plus every domain you add in the future.
203#
204# You can also just add static names...
205#ADDITIONAL_SAN=srv1.example.net
206# ...or combine wildcard and static names:
207#ADDITIONAL_SAN=imap.*,srv1.example.com
208#
209
210ADDITIONAL_SAN=
211
212# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
213
214SKIP_LETS_ENCRYPT=n
215
216# Create seperate certificates for all domains - y/n
217# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
218# see https://wiki.dovecot.org/SSL/SNIClientSupport
219ENABLE_SSL_SNI=n
220
221# Skip IPv4 check in ACME container - y/n
222
223SKIP_IP_CHECK=n
224
225# Skip HTTP verification in ACME container - y/n
226
227SKIP_HTTP_VERIFICATION=n
228
229# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
230
231SKIP_CLAMD=${SKIP_CLAMD}
232
233# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
234
235SKIP_SOGO=n
236
237# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
238
239SKIP_SOLR=${SKIP_SOLR}
240
241# Solr heap size in MB, there is no recommendation, please see Solr docs.
242# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
243
244SOLR_HEAP=1024
245
246# Allow admins to log into SOGo as email user (without any password)
247
248ALLOW_ADMIN_EMAIL_LOGIN=n
249
250# Enable watchdog (watchdog-mailcow) to restart unhealthy containers
251
252USE_WATCHDOG=y
253
254# Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
255# CAUTION:
256# 1. You should use external recipients
257# 2. Mails are sent unsigned (no DKIM)
258# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
259# Multiple rcpts allowed, NO quotation marks, NO spaces
260
261#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
262#WATCHDOG_NOTIFY_EMAIL=
263
264# Notify about banned IP (includes whois lookup)
265WATCHDOG_NOTIFY_BAN=n
266
267# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
268# https://www.servercow.de/mailcow?lang=en
269# https://www.servercow.de/mailcow?lang=de
270# No data is collected. Opt-in and anonymous.
271# Will only work with unmodified mailcow setups.
272WATCHDOG_EXTERNAL_CHECKS=n
273
274# Max log lines per service to keep in Redis logs
275
276LOG_LINES=9999
277
278# Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
279# Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
280
281IPV4_NETWORK=172.22.1
282
283# Internal IPv6 subnet in fc00::/7
284# Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
285
286IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
287
288# Use this IPv4 for outgoing connections (SNAT)
289
290#SNAT_TO_SOURCE=
291
292# Use this IPv6 for outgoing connections (SNAT)
293
294#SNAT6_TO_SOURCE=
295
296# Create or override an API key for the web UI
297# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
298# An API key defined as API_KEY has read-write access
299# An API key defined as API_KEY_READ_ONLY has read-only access
300# Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
301# You can define API_KEY and/or API_KEY_READ_ONLY
302
303#API_KEY=
304#API_KEY_READ_ONLY=
305#API_ALLOW_FROM=172.22.1.1,127.0.0.1
306
307# mail_home is ~/Maildir
308MAILDIR_SUB=Maildir
309
310# SOGo session timeout in minutes
311SOGO_EXPIRE_SESSION=480
312
313# DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
314# Empty by default to auto-generate master user and password on start.
315# User expands to DOVECOT_MASTER_USER@mailcow.local
316# LEAVE EMPTY IF UNSURE
317DOVECOT_MASTER_USER=
318# LEAVE EMPTY IF UNSURE
319DOVECOT_MASTER_PASS=
320
321EOF
322
323mkdir -p data/assets/ssl
324
325chmod 600 mailcow.conf
326
327# copy but don't overwrite existing certificate
328echo "Generating snake-oil certificate..."
329# Making Willich more popular
330openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
331echo "Copying snake-oil certificate..."
332cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/