#!/bin/bash # By d3fk::Angatar URL_HOST="${URL_HOST:-lists.example.com}" EMAIL_HOST="${EMAIL_HOST:-lists.example.com}" MASTER_PASSWORD="${MASTER_PASSWORD:-example}" LIST_ADMIN="${LIST_ADMIN:-admin@lists.example.com}" LIST_LANGUAGE_CODE="${LIST_LANGUAGE_CODE:-en}" ENABLE_SPF_CHECK="${ENABLE_SPF_CHECK:-false}" URL_ROOT="${URL_ROOT:-/}" URL_PATTERN="${URL_PATTERN:-http}" SSL_FROM_CONTAINER="${SSL_FROM_CONTAINER:-false}" SSL_SELFSIGNED="${SSL_SELFSIGNED:-false}" if [ ! -f started ]; then #set default email originator / and root user aliase echo "root: ${LIST_ADMIN}" >/etc/email-addresses /bin/sed -i "s/admin@example\.com/${LIST_ADMIN}/" /etc/aliases #declare Hostname in hostname and mailname files echo "${EMAIL_HOST}" >/etc/hostname echo ${EMAIL_HOST} >/etc/mailname hostname -I | awk -v hostname=${EMAIL_HOST} '{disp=$1" " hostname; print disp}' >>/etc/hosts #Change owner:group of mailman directory chown -R list:list /var/lib/mailman/ #Create docroot mkdir /var/www/lists echo "

Welcome to ${URL_HOST}

" >/var/www/lists/index.html mailmancfg='/etc/mailman/mm_cfg.py' # define the URL pattern for mailman if [ $URL_PATTERN != "http" ]; then echo "DEFAULT_URL_PATTERN = 'https://%s/${URL_ROOT}'" >>$mailmancfg else echo "DEFAULT_URL_PATTERN = 'http://%s/${URL_ROOT}'" >>$mailmancfg fi # enable spf check if requested if [ $ENABLE_SPF_CHECK = "true" ]; then echo "installing SPF tools before enabling..." apt-get install -y spf-tools-perl /bin/sed -i "s/#CHECK_RCPT_SPF/CHECK_RCPT_SPF/" /etc/exim4/conf.d/main/00_local_macros echo "SPF CHECK is now enabled" fi # Replace default hostnames with runtime values: /bin/sed -i "s/lists\.example\.com/${EMAIL_HOST}/" /etc/exim4/conf.d/main/00_local_macros /bin/sed -i "s/lists\.example\.com/${EMAIL_HOST}/" /etc/exim4/conf.d/main/04_mailman_options /bin/sed -i "s/lists\.example\.com/${EMAIL_HOST}/" /etc/exim4/update-exim4.conf.conf /bin/sed -i "s/lists\.example\.com/${URL_HOST}/" /etc/apache2/apache2.conf /bin/sed -i "s/lists\.example\.com/${URL_HOST}/" /etc/apache2/sites-available/mailman.conf /bin/sed -i "s/URL_ROOT\//${URL_ROOT//\//\\/}/" /etc/apache2/sites-available/mailman.conf /bin/sed -i "s/lists\.example\.com/${EMAIL_HOST}/" $mailmancfg /bin/sed -i "s/DEFAULT_URL_HOST.*\=.*/DEFAULT_URL_HOST\ \=\ \'${URL_HOST}\'/" $mailmancfg /bin/sed -i "s/DEFAULT_SERVER_LANGUAGE.*\=.*/DEFAULT_SERVER_LANGUAGE\ \=\ \'${LIST_LANGUAGE_CODE}\'/" $mailmancfg echo -n "Setting up Mailman..." { dpkg-reconfigure mailman # especialy for debian:buster mkdir /var/run/mailman chown list:list /var/run/mailman/ ln -s /var/lib/mailman/bin/mailmanctl /etc/init.d/mailman } echo -n "Initializing mailing lists..." { /usr/sbin/mmsitepass ${MASTER_PASSWORD} /usr/sbin/newlist -q -l ${LIST_LANGUAGE_CODE} mailman ${LIST_ADMIN} ${MASTER_PASSWORD} } #update aliases /usr/bin/newaliases echo -n "Setting up Apache web server..." { a2enmod -q cgi if [ $SSL_FROM_CONTAINER = "true" ]; then if [ $SSL_SELFSIGNED = "true" ]; then make-ssl-cert generate-default-snakeoil --force-overwrite echo -n "self signed SSL certificate freshly regenerated..." fi a2enmod ssl fi a2dissite -q 000-default a2ensite mailman.conf # edit apache default security.conf for production /bin/sed -i "s/ServerSignature On/ServerSignature Off/" /etc/apache2/conf-available/security.conf /bin/sed -i "s/ServerTokens OS/ServerTokens Prod/" /etc/apache2/conf-available/security.conf echo "Apache2 new configuration is now activated" echo "The service apache2 will be started at the end of this container deployment" } echo "Setting up RSA keys for DKIM..." { if [ ! -f /etc/exim4/tls.d/private.pem ]; then mkdir -p /etc/exim4/tls.d openssl genrsa -out /etc/exim4/tls.d/private.pem 2048 openssl rsa -in /etc/exim4/tls.d/private.pem -out /etc/exim4/tls.d/public.pem -pubout fi } key=$(sed -e '/^-/d' /etc/exim4/tls.d/public.pem | paste -sd '' -) echo "setting up cert for TLS..." { if [ ! -f /etc/exim4/exim.key ]; then openssl req -x509 -sha256 -days 9000 -nodes -newkey rsa:4096 -keyout /etc/exim4/exim.key -out /etc/exim4/exim.crt -subj "/O=${EMAIL_HOST}/OU=IT Department/CN=${EMAIL_HOST}" echo "Cert for TLS now generated..." fi } echo "Fixing exim4 permissions..." { chown -R Debian-exim:Debian-exim /etc/exim4 chown -R Debian-exim /var/log/exim4 } #build updated exim config file echo "Setting up Exim4..." { update-exim4.conf } echo "Fixing mailman permissons..." { /usr/lib/mailman/bin/check_perms -f >/dev/null } touch started echo "///////////This d3fk/mailman2 container is now configured !///////////" fi echo "Starting up services..." { /etc/init.d/exim4 start /etc/init.d/mailman start echo " exim4 OK ... mailman OK ..." } echo '------------- Apache2 service is starting -------------' echo echo cat <