Net-FullAuto
view release on metacpan or search on metacpan
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
# https://codex.emailserver.org/Nginx
# https://www.sitepoint.com/setting-up-php-behind-nginx-with-fastcgi/
# http://codingsteps.com/install-php-fpm-nginx-mysql-on-ec2-with-amazon-linux-ami/
# http://code.tutsplus.com/tutorials/revisiting-open-source-social-networking-installing-gnu-social--cms-22456
# https://wiki.loadaverage.org/clipbucket/installation_guides/install_like_loadaverage
# https://karp.id.au/social/index.html
# http://jeffreifman.com/how-to-install-your-own-private-e-mail-server-in-the-amazon-cloud-aws/
# https://www.wpwhitesecurity.com/creating-mysql-emailserver-database/
($stdout,$stderr)=$handle->cwd("/opt/source");
($stdout,$stderr)=$handle->cmd($sudo.
'rm -rvf /etc/nginx','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
"wget -qO- https://nginx.org/en/download.html");
$stdout=~s/^.*Mainline.*?\/download\/(.*?)\.tar\.gz.*$/$1/s;
my $nginx=$stdout;
($stdout,$stderr)=$handle->cmd($sudo."wget --random-wait --progress=dot ".
"http://nginx.org/download/$nginx.tar.gz",300,'__display__');
($stdout,$stderr)=$handle->cmd($sudo."tar xvf $nginx.tar.gz",'__display__');
($stdout,$stderr)=$handle->cwd($nginx);
($stdout,$stderr)=$handle->cmd($sudo."mkdir -vp objs/lib",'__display__');
($stdout,$stderr)=$handle->cwd("objs/lib");
($stdout,$stderr)=$handle->cmd(
"wget --no-check-certificate -qO- https://ftp.pcre.org/pub/pcre/");
my %pcre=();
my %conv=(
Jan => 0, Feb => 1, Mar => 2, Apr => 3, May => 4, Jun => 5, Jul => 6,
Aug => 7, Sep => 8, Oct => 9, Nov => 10, Dec => 11
);
foreach my $line (split /\n/, $stdout) {
last unless $line;
$line=~/^.*?["](.*?)["].*(\d\d-\w\w\w-\d\d\d\d \d\d:\d\d).*(\d+\w).*$/;
my $file=$1;my $date=$2;my $size=$3;
next if $file=~/^pcre2|\.sig$|\.tar\.gz$|\.tar\.bz2$/;
next if $file!~/\.zip$/;
next unless $date;
$date=~/^(\d\d)-(\w\w\w)-(\d\d\d\d) (\d\d):(\d\d)$/;
my $day=$1;my $month=$2;my $year=$3;my $hour=$4,my $minute=$5;
my $timestamp=timelocal(0,$minute,$hour,$day,$conv{$month},--$year);
$pcre{$timestamp}=[$file,$size];
}
my $latest=(reverse sort keys %pcre)[0];
my $pcre=$pcre{$latest}->[0];
$pcre=~s/\.[^\.]+$//;
my $checksum='';
foreach my $cnt (1..3) {
($stdout,$stderr)=$handle->cmd($sudo.
"wget --random-wait --progress=dot ".
"https://ftp.pcre.org/pub/pcre/$pcre.tar.gz",'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
"tar xvf $pcre.tar.gz",'__display__');
last unless $stderr;
($stdout,$stderr)=$handle->cmd($sudo.
"rm -rfv $pcre.tar.gz",'__display__');
}
($stdout,$stderr)=$handle->cwd("/opt/source");
# https://www.liberiangeek.net/2015/10/
# how-to-install-self-signed-certificates-on-nginx-webserver/
# https://www.hrupin.com/2017/07/how-to-automatically-restart-nginx
($stdout,$stderr)=$handle->cwd("/opt/source/$nginx");
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
my $inet_d_script=<<'END';
#\\x21/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# pidfile: /var/run/nginx.pid
# user: nginx
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ \\x22\\x24NETWORKING\\x22 = \\x22no\\x22 ] && exit 0
nginx=\\x22/usr/sbin/nginx\\x22
prog=\\x24(basename \\x24nginx)
NGINX_CONF_FILE=\\x22/etc/nginx/nginx.conf\\x22
lockfile=/var/run/nginx.lock
start() {
[ -x \\x24nginx ] || exit 5
[ -f \\x24NGINX_CONF_FILE ] || exit 6
echo -n \\x24\\x22Starting \\x24prog: \\x22
daemon \\x24nginx -c \\x24NGINX_CONF_FILE
retval=\\x24?
echo
[ \\x24retval -eq 0 ] && touch \\x24lockfile
return \\x24retval
}
stop() {
echo -n \\x24\\x22Stopping \\x24prog: \\x22
killproc \\x24prog -QUIT
retval=\\x24?
echo
[ \\x24retval -eq 0 ] && rm -f \\x24lockfile
return \\x24retval
}
restart() {
configtest || return \\x24?
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
'$document_root$fastcgi_script_name;'.
'%NL% include fastcgi_params;'.
'%NL% }'.
'%NL%'.
'%NL% location /rspamd {'.
'%NL% proxy_pass http://127.0.0.1:11334/;'.
'%NL% proxy_set_header Host $host;'.
'%NL% proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'.
'%NL% }'.
'%NL%'.
'%NL% location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {'.
'%NL% deny all;'.
'%NL% }'.
'%NL%'.
'%NL% location ~ ^/(bin|SQL|config|temp|logs)/ {'.
'%NL% deny all;'.
'%NL% }'.
'%NL%'.
'%NL% location ~ /\. {'.
'%NL% deny all;'.
'%NL% access_log off;'.
'%NL% log_not_found off;'.
'%NL% }%NL%';
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'/404/a$ad\' $nginx_path/nginx/nginx.conf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/%NL%/\'\"`echo \\\\\\n`/g\" ".
"$nginx_path/nginx/nginx.conf");
foreach my $port (443,444,445,443) {
$avail_port=
`true &>/dev/null </dev/tcp/127.0.0.1/$port && echo open || echo closed`;
my $status=$avail_port;
$avail_port=$port;
chomp($status);
last if $status eq 'closed';
}
$ad='client_max_body_size 10M;';
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'/octet-stream/i$ad\' $nginx_path/nginx/nginx.conf");
my $ngx="$nginx_path/nginx/nginx.conf";
$handle->cmd_raw($sudo.
"sed -i 's/\\(^client_max_body_size 10M;$\\\)/ \\1/' $ngx");
#($stdout,$stderr)=$handle->cmd($sudo.
# "sed -i \'s/^ listen 80/ listen ".
# "\*:$avail_port ssl http2 default_server/\' ".
# $nginx_path."/nginx/nginx.conf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i 's/SCRIPT_NAME/PATH_INFO/' ".
$nginx_path."/local/nginx/fastcgi_params");
$ad='# Catalyst requires setting PATH_INFO (instead of SCRIPT_NAME)'.
' to \$fastcgi_script_name';
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'/PATH_INFO/i$ad\' $nginx_path/nginx/fastcgi_params");
$ad='fastcgi_param SCRIPT_NAME /;';
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'/PATH_INFO/a$ad\' $nginx_path/nginx/fastcgi_params");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/%NL%/\'\"`echo \\\\\\n`/g\" ".
"$nginx_path/nginx/fastcgi_params");
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
my $script=<<END;
use Net::FullAuto;
\\x24Net::FullAuto::FA_Core::debug=1;
my \\x24handle=connect_shell();
\\x24handle->print('$nginx_path/nginx/nginx -g \\x22daemon on;\\x22');
\\x24prompt=\\x24handle->prompt();
my \\x24output='';my \\x24password_not_submitted=1;
while (1) {
eval {
local \\x24SIG{ALRM} = sub { die \\x22alarm\\x5Cn\\x22 };# \\x5Cn required
alarm 10;
my \\x24output=fetch(\\x24handle);
last if \\x24output=~/\\x24prompt/;
print \\x24output;
if ((-1<index \\x24output,'Enter PEM pass phrase:') &&
\\x24password_not_submitted) {
\\x24handle->print(\\x24ARGV[0]);
\\x24password_not_submitted=0;
}
};
if (\\x24\@) {
\\x24handle->print();
next;
}
}
exit 0;
END
if ($^O eq 'cygwin') {
($stdout,$stderr)=$handle->cwd("~/EmailServer");
my $vimrc=<<END;
set paste
set mouse-=a
END
($stdout,$stderr)=$handle->cmd("echo -e \"$vimrc\" > ~/.vimrc");
($stdout,$stderr)=$handle->cmd("mkdir -vp script",'__display__');
($stdout,$stderr)=$handle->cmd("touch script/start_nginx.pl");
($stdout,$stderr)=$handle->cmd("chmod -v 755 script/start_nginx.pl",
'__display__');
($stdout,$stderr)=$handle->cmd("chmod o+r $nginx_path/nginx/*",
'__display__');
($stdout,$stderr)=$handle->cmd("chmod -v 755 $nginx_path/nginx/nginx.exe",
'__display__');
($stdout,$stderr)=$handle->cmd("echo -e \"$script\" > ".
"script/start_nginx.pl");
($stdout,$stderr)=$handle->cmd("cygrunsrv -I nginx_first_time ".
"-p /bin/perl -a ".
"\'${home_dir}EmailServer/script/start_nginx.pl ".
"\"$service_and_cert_password\"'");
($stdout,$stderr)=$handle->cmd("cygrunsrv --start nginx_first_time",
'__display__');
($stdout,$stderr)=$handle->cmd("touch script/first_time_start.flag");
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
($stdout,$stderr)=$handle->cmd($sudo.
'systemctl enable nginx.service','__display__');
sleep 2;
($stdout,$stderr)=$handle->cmd($sudo.
'service nginx start','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'service nginx status -l','__display__');
($stdout,$stderr)=$handle->cwd("$nginx_path/nginx");
($stdout,$stderr)=$handle->cmd($sudo.
'yum -y install certbot-nginx','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'certbot -n --nginx --debug --agree-tos --email '.
"$email_address -d mail.$domain_url",
'__display__');
# https://ssldecoder.org
($stdout,$stderr)=$handle->cmd($sudo.
'systemctl enable nginx.service','__display__');
sleep 2;
($stdout,$stderr)=$handle->cmd($sudo.
'service nginx restart','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'service nginx status -l','__display__');
}
}
($stdout,$stderr)=$handle->cwd('/opt/source');
($stdout,$stderr)=$handle->cmd($sudo.
'cmake --version','__display__');
$stdout=~s/^.*?\s(\d+\.\d+).*$/$1/;
if (!(-e '/usr/local/bin/cmake') && $stdout<3.02) {
my $done=0;my $gittry=0;
while ($done==0) {
($stdout,$stderr)=$handle->cmd($sudo.
'git clone https://github.com/Kitware/CMake.git',
'__display__');
if (++$gittry>5) {
print "\n\n FATAL ERROR: $stderr\n\n";
cleanup();
}
my $gittest='Connection reset by peer|'.
'Could not read from remote repository';
$done=1 if $stderr!~/$gittest/s;
last if $done;
sleep 30;
}
($stdout,$stderr)=$handle->cwd('CMake');
($stdout,$stderr)=$handle->cmd($sudo.
'./bootstrap --system-curl -- '.
'-DCMAKE_INSTALL_RPATH="/usr/local/lib64"',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'make','3600','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'make install','__display__');
$build_php=1;
} else {
print "cmake is up to date.\n";
}
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
my $install_mysql=<<'END';
o o o .oPYo. ooooo .oo o o o o o .oPYo.
8 8b 8 8 8 .P 8 8 8 8 8b 8 8 8
8 8`b 8 `Yooo. 8 .P 8 8 8 8 8`b 8 8
8 8 `b 8 `8 8 oPooo8 8 8 8 8 `b 8 8 oo
8 8 `b8 8 8 .P 8 8 8 8 8 `b8 8 8
8 8 `8 `YooP' 8 .P 8 8oooo 8oooo 8 8 `8 `YooP8
........................................................
:::::::::::::::::::::::::::::::::' ':::::::::::::
(MariaDB Foundation is **NOT** a (`*..,
sponsor of the FullAuto© Project.) \ , `.
\ \
https://mariadb.org/ \ \
/ \.
Powered by ( /\ `*,
___ ___ ______ _____ V _ ~-~
| \ / | _ _ / _____| / __ \ | | \
| |\ \/ /| | | | | | \___ \ | | | | | | `
| | \ / | | | |__| | ___) | | |__| | | |____
|_| \/ |_| \___, | |_____/ \___\ \/ \______|®
____| | \_\
|_____/ DATABASE
END
print $install_mysql;sleep 10;
print "\n\n";
($stdout,$stderr)=$handle->cwd('/opt/source');
($stdout,$stderr)=$handle->cmd($sudo.
'ls -1 /opt/source/mariadb');
if ($stdout=~/libmariadb/) {
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /opt/mariadb','__display__');
($stdout,$stderr)=$handle->cwd('/opt/source/mariadb');
($stdout,$stderr)=$handle->cmd($sudo.
'mv -fv *rpm /opt/mariadb','__display__');
}
($stdout,$stderr)=$handle->cwd('/opt/source');
($stdout,$stderr)=$handle->cmd($sudo.'which mysql');
my $mysql_status='';my $mysql_version='';
if ($stdout=~/\/mysql/) {
($mysql_version,$stderr)=$handle->cmd($sudo.
'mysql --version','__display__');
$mysql_version=~s/^mysql\s+Ver\s+(.*?)\s+Distrib.*$/$1/;
($mysql_status,$stderr)=$handle->cmd($sudo.
'service mysql status -l','__display__');
}
if ($mysql_version<15.1 || $mysql_status!~/Taking your SQL requests/) {
($stdout,$stderr)=$handle->cmd($sudo.
'systemctl stop mysql','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
last if $done;
sleep 30;
}
($stdout,$stderr)=$handle->cwd('mariadb');
($stdout,$stderr)=$handle->cmd($sudo.
'yum-builddep -y mariadb-server',
'__display__');
# https://www.linuxfromscratch.org/blfs/view/cvs/server/mariadb.html
($stdout,$stderr)=$handle->cmd($sudo.
'/usr/local/bin/cmake -DWITH_SSL=yes '.
'-DSKIP_TESTS=ON '.
'-DMYSQL_DATADIR=/var/lib/mysql '.
'-DCMAKE_INSTALL_PREFIX=/usr/local/mysql '.
'-DMYSQL_UNIX_ADDR=/run/mysqld/mysqld.sock '.
'-DWITH_EXTRA_CHARSETS=complex '.
'-DINSTALL_SYSTEMD_UNITDIR=/etc/systemd/system '.
'-DOPENSSL_INCLUDE_DIR=/usr/local/include/openssl '.
'-DOPENSSL_SSL_LIBRARY=/usr/local/lib64/libssl.so '.
'-DOPENSSL_CRYPTO_LIBRARY='.
'/usr/local/lib64/libcrypto.so',
'3600','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'make install','3600','__display__');
} else {
($stdout,$stderr)=$handle->cmd($sudo.
'mv -fv /opt/mariadb /opt/source/mariadb',
'__display__');
($stdout,$stderr)=$handle->cwd('mariadb');
}
($stdout,$stderr)=$handle->cmd($sudo.
'groupadd mysql');
($stdout,$stderr)=$handle->cmd($sudo.
'useradd -r -g mysql mysql');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /run/mysqld','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -Rv mysql:root /var/run/mysqld',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'yum -y install galera perl-DBI','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'service mysql stop','__display__');
#($stdout,$stderr)=$handle->cmd($sudo.
# 'chmod -v 1777 /tmp','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'rm -rvf /var/lib/mysql','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /var/lib/mysql','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -v mysql:root /var/lib/mysql','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chmod -v 700 /var/lib/mysql','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'scripts/mysql_install_db --user=mysql '.
'--datadir=/var/lib/mysql','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'ln -s /usr/local/mysql/bin/mariadb /bin/mysql');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /etc/mysql/my.cnf.d','__display__');
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
my $my_cnf=<<END;
# Begin /etc/mysql/my.cnf
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /run/mysqld/mysqld.sock
# The MySQL server
[mysqld]
port = 3306
socket = /run/mysqld/mysqld.sock
datadir = /var/lib/mysql
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
sort_buffer_size = 512K
net_buffer_length = 16K
myisam_sort_buffer_size = 8M
# Don't listen on a TCP/IP port at all.
skip-networking
# required unique id between 1 and 2^32 - 1
server-id = 1
# Uncomment the following if you are using BDB tables
#bdb_cache_size = 4M
#bdb_max_lock = 10000
# InnoDB tables are now used by default
innodb_data_home_dir = /var/lib/mysql
innodb_log_group_home_dir = /var/lib/mysql
# All the innodb_xxx values below are the default ones:
innodb_data_file_path = ibdata1:12M:autoextend
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = 128M
innodb_log_file_size = 48M
innodb_log_buffer_size = 16M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'postconf -e \'mailbox_size_limit = 0\'',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'postconf -e \'message_size_limit = 0\'',
'__display__');
#($stdout,$stderr)=$handle->cmd($sudo.
# 'postconf -e \'proxy_read_maps = $local_recipient_maps '.
# '$mydestination $virtual_alias_maps $virtual_alias_domains '.
# '$virtual_mailbox_maps $virtual_mailbox_domains '.
# '$relay_recipient_maps $relay_domains $canonical_maps '.
# '$sender_canonical_maps $recipient_canonical_maps '.
# '$relocated_maps $transport_maps $mynetworks '.
# '$virtual_mailbox_limit_maps\'',
# '__display__');
$ad=<<END;
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
END
($stdout,$stderr)=$handle->cmd($sudo.
'cp -v /etc/postfix/main.cf ~',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chmod -v 777 ~/main.cf','__display__');
($stdout,$stderr)=$handle->cmd("echo -e \"$ad\" >> ".
"~/main.cf");
($stdout,$stderr)=$handle->cmd($sudo.
'sed -i \'$d\' ~/main.cf');
($stdout,$stderr)=$handle->cmd($sudo.
'mv -fv ~/main.cf /etc/postfix/main.cf',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -v root:root /etc/postfix/main.cf',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chmod -v 644 /etc/postfix/main.cf',
'__display__');
if (ref $main::aws eq 'HASH') {
($stdout,$stderr)=$handle->cmd($sudo.
'postconf -e '.
'\'relayhost = [email-smtp.us-west-2.amazonaws.com]:587\' ',
'\'smtp_sasl_auth_enable = yes\' '.
'\'smtp_sasl_security_options = noanonymous\' '.
'\'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd\' '.
'\'smtp_use_tls = yes\' '.
'\'smtp_tls_security_level = encrypt\' '.
'\'smtp_tls_note_starttls_offer = yes\' '.
'\'smtpd_tls_received_header = yes\'',
'__display__');
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
my ($hash,$output,$error)=('','','');
my $c="aws iam list-access-keys --user-name ses_postfix_email";
($hash,$output,$error)=run_aws_cmd($c);
$hash||={};
foreach my $hash (@{$hash->{AccessKeyMetadata}}) {
my $c="aws iam delete-access-key ".
"--access-key-id $hash->{AccessKeyId} ".
"--user-name ses_postfix_email";
($hash,$output,$error)=run_aws_cmd($c);
}
sleep 1;
$c="aws iam delete-user --user-name ses_postfix_email";
($hash,$output,$error)=run_aws_cmd($c);
$c="aws iam create-user --user-name ses_postfix_email";
($hash,$output,$error)=run_aws_cmd($c);
$c="aws iam create-access-key --user-name ses_postfix_email";
($hash,$output,$error)=run_aws_cmd($c);
$hash||={};
my $access_id=$hash->{AccessKey}{AccessKeyId};
my $secret_access_key=$hash->{AccessKey}{SecretAccessKey};
my $python_smtp_generator=<<END;
#\\x21/usr/bin/env python3
import hmac
import hashlib
import base64
import argparse
SMTP_REGIONS = [
'us-east-2', # US East (Ohio)
'us-east-1', # US East (N. Virginia)
'us-west-2', # US West (Oregon)
'ap-south-1', # Asia Pacific (Mumbai)
'ap-northeast-2', # Asia Pacific (Seoul)
'ap-southeast-1', # Asia Pacific (Singapore)
'ap-southeast-2', # Asia Pacific (Sydney)
'ap-northeast-1', # Asia Pacific (Tokyo)
'ca-central-1', # Canada (Central)
'eu-central-1', # Europe (Frankfurt)
'eu-west-1', # Europe (Ireland)
'eu-west-2', # Europe (London)
'sa-east-1', # South America (Sao Paulo)
'us-gov-west-1', # AWS GovCloud (US)
]
# These values are required to calculate the signature. Do not change them.
DATE = \\x2211111111\\x22
SERVICE = \\x22ses\\x22
MESSAGE = \\x22SendRawEmail\\x22
TERMINAL = \\x22aws4_request\\x22
VERSION = 0x04
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
($stdout,$stderr)=$handle->cmd($sudo.
'postconf -e \'postscreen_access_list = '.
'permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr\'',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'postconf -e \'postscreen_blacklist_action = drop\'',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.'ifconfig');
$stdout=~s/^.*?inet (.*?) .*$/$1/s;
$ad=<<END;
#permit my own IP addresses.
$public_ip/32 permit
$stdout/32 permit
END
($stdout,$stderr)=$handle->cmd("echo -e \"$ad\" > ".
"~/postscreen_access.cidr");
($stdout,$stderr)=$handle->cmd($sudo.
'mv -fv ~/postscreen_access.cidr /etc/postfix',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -v root:root /etc/postfix/postscreen_access.cidr',
'__display__');
$ad='submission inet n - - - - smtpd%NL%'.
' -o syslog_name=postfix/submission%NL%'.
' -o smtpd_tls_security_level=encrypt%NL%'.
' -o smtpd_sasl_auth_enable=yes%NL%'.
' -o smtpd_sasl_type=dovecot%NL%'.
' -o smtpd_sasl_path=private/auth%NL%'.
' -o smtpd_reject_unlisted_recipient=no%NL%'.
' -o smtpd_client_restrictions=permit_sasl_authenticated,reject%NL%'.
' -o milter_macro_daemon_name=ORIGINATING%NL%'.
'smtps inet n - - - - smtpd%NL%'.
' -o syslog_name=postfix/smtps%NL%'.
' -o smtpd_tls_wrappermode=yes%NL%'.
' -o smtpd_sasl_auth_enable=yes%NL%'.
' -o smtpd_sasl_type=dovecot%NL%'.
' -o smtpd_sasl_path=private/auth%NL%'.
' -o smtpd_client_restrictions=permit_sasl_authenticated,reject%NL%'.
' -o milter_macro_daemon_name=ORIGINATING';
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'/tlsproxy/a$ad\' /etc/postfix/master.cf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/%NL%/\'\"`echo \\\\\\n`/g\" ".
"/etc/postfix/master.cf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/^smtp inet/Xsmtp inet/\' ".
"/etc/postfix/master.cf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/#smtp inet/smtp inet/\' ".
"/etc/postfix/master.cf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/#smtpd/smtpd/\' /etc/postfix/master.cf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/#dnsblog/dnsblog/\' /etc/postfix/master.cf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/#tlsproxy/tlsproxy/\' /etc/postfix/master.cf");
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i \'s/Xsmtp/#smtp/\' /etc/postfix/master.cf");
# https://www.linode.com/community/questions/11498/postfix-does-not-start-correctly-on-linode-reboot-not-always
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
$ad=<<'END';
[Unit]
Description=Postfix Mail Transport Agent
After=syslog.target network-online.target
Wants=network-online.target
Conflicts=sendmail.service exim.service
[Service]
Type=forking
PIDFile=/var/spool/postfix/pid/master.pid
EnvironmentFile=-/etc/sysconfig/network
#ExecStartPre=-/usr/libexec/postfix/aliasesdb
#ExecStartPre=-/usr/libexec/postfix/chroot-update
ExecStart=/usr/sbin/postfix start
ExecReload=/usr/sbin/postfix reload
ExecStop=/usr/sbin/postfix stop
[Install]
WantedBy=multi-user.target
END
($stdout,$stderr)=$handle->cmd("echo -e \"$ad\" > ".
"~/postfix.service");
($stdout,$stderr)=$handle->cmd($sudo.
'mv -fv ~/postfix.service /etc/systemd/system',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'systemctl daemon-reload');
($stdout,$stderr)=$handle->cmd($sudo.
'systemctl enable postfix.service','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'postfix stop','__display__');
sleep 2;
($stdout,$stderr)=$handle->cmd($sudo.
'service postfix start','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'service postfix status -l','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'yum -y install nmap','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'yum -y install telnet','__display__');
#https://github.com/postfixadmin/postfixadmin/releases/latest
my $install_postfixadmin=<<'END';
o o o .oPYo. ooooo .oo o o o o o .oPYo.
8 8b 8 8 8 .P 8 8 8 8 8b 8 8 8
8 8`b 8 `Yooo. 8 .P 8 8 8 8 8`b 8 8
8 8 `b 8 `8 8 oPooo8 8 8 8 8 `b 8 8 oo
8 8 `b8 8 8 .P 8 8 8 8 8 `b8 8 8
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
(postfix.admin is **NOT** a sponsor of the FullAuto© Project.)
END
($stdout,$stderr)=$handle->cwd('/opt/source');
print $install_postfixadmin;
sleep 5;
($stdout,$stderr)=$handle->cmd($sudo.
'wget -qO- https://github.com/postfixadmin/'.
'postfixadmin/releases/latest');
$stdout=~s/^.*?return_to.*?(postfixadmin-.*?)["].*$/$1/s;
my $pfix=$stdout;
($stdout,$stderr)=$handle->cmd($sudo.
'wget --random-wait --progress=dot '.
'https://github.com/postfixadmin/postfixadmin'.
"/archive/$pfix.tar.gz",'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
"tar xvf $pfix.tar.gz",'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
"mv -v *$pfix /var/www/html/postfixadmin",
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /var/www/html/postfixadmin/templates_c',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -R www-data:www-data /var/www','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'find /var/www -type f');
foreach my $file (split /\n/, $stdout) {
($stdout,$stderr)=$handle->cmd($sudo.
'chmod -v 644 '.$file,'__display__');
}
($stdout,$stderr)=$handle->cmd($sudo.
'find /var/www -type d');
foreach my $dir (split /\n/, $stdout) {
($stdout,$stderr)=$handle->cmd($sudo.
'chmod -v 755 '.$dir,'__display__');
}
($stdout,$stderr)=$handle->cmd($sudo.
'setfacl -R -m u:www-data:rwx /var/www/html/postfixadmin/templates_c/',
'__display__');
#($stdout,$stderr)=$handle->cmd($sudo.
# 'chcon -t httpd_sys_rw_content_t '.
# '/var/www/html/postfixadmin/templates_c/ -R',
# '__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'setsebool -P httpd_can_network_connect 1',
'__display__');
# sudo setfacl -R -m u:nginx:rwx /var/lib/php/opcache/
# /var/lib/php/session/ /var/lib/php/wsdlcache/
($stdout,$stderr)=$handle->cmd($sudo.
'setfacl -R -m u:www-data:rx /etc/letsencrypt/live/ '.
'/etc/letsencrypt/archive/','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'php -r \'echo password_hash("'.$service_and_cert_password.
'", PASSWORD_DEFAULT);\'');
my $pfapassword=$stdout;
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
$ad=<<END;
<?php
\\x24CONF['configured'] = true;
\\x24CONF['database_type'] = 'mysqli';
\\x24CONF['database_host'] = 'localhost';
\\x24CONF['database_port'] = '3306';
\\x24CONF['database_user'] = 'postfixadmin';
\\x24CONF['database_password'] = \'$service_and_cert_password\';
\\x24CONF['database_socket'] = '/var/run/mysqld/mysqld.sock';
\\x24CONF['database_name'] = 'postfixadmin';
\\x24CONF['encrypt'] = 'dovecot:SHA512';
\\x24CONF['dovecotpw'] = \\x22/usr/local/bin/doveadm pw -r 12\\x22;
\\x24CONF['setup_password'] = \'$pfapassword\';
\\x24CONF['default_aliases'] = array (
'abuse' => \'abuse\@$domain_url\',
'hostmaster' => \'hostmaster\@$domain_url\',
'postmaster' => \'postmaster\@$domain_url\',
'webmaster' => \'webmaster\@$domain_url\'
);
\\x24CONF['fetchmail'] = 'NO';
\\x24CONF['show_footer_text'] = 'NO';
\\x24CONF['quota'] = 'YES';
\\x24CONF['domain_quota'] = 'YES';
\\x24CONF['quota_multiplier'] = '1024000';
\\x24CONF['used_quotas'] = 'YES';
\\x24CONF['new_quota_table'] = 'YES';
\\x24CONF['aliases'] = '0';
\\x24CONF['mailboxes'] = '0';
\\x24CONF['maxquota'] = '0';
\\x24CONF['domain_quota_default'] = '0';
END
($stdout,$stderr)=$handle->cmd("echo -e \"$ad\" > ".
"~/pfa_config");
($stdout,$stderr)=$handle->cmd($sudo.
'mv -fv ~/pfa_config '.
'/var/www/html/postfixadmin/config.local.php',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -R www-data:www-data /var/www/html/postfixadmin',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'bash /var/www/postfixadmin/scripts/postfixadmin-cli '.
'admin add superadmin@'.$domain_url.' --superadmin 1 '.
'--active 1 --password '.$service_and_cert_password.' --password2 '.
$service_and_cert_password,'__display__');
$ad=<<END;
server {
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
}
($stdout,$stderr)=$handle->cwd('redis');
($stdout,$stderr)=$handle->cmd($sudo.
'git tag --list');
$stdout=~s/^.*[^v](\d+\.\d+\.\d+)\s.*$/$1/s;
($stdout,$stderr)=$handle->cmd($sudo.
"git checkout $stdout");
($stdout,$stderr)=$handle->cmd($sudo.
"git status",'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'make CFLAGS="-I/usr/local/include/openssl" '.
'LDFLAGS="-L/usr/local/lib64" '.
'BUILD_TLS=yes USE_SYSTEMD=yes','__display__');
($stdout,$stderr)=$handle->cwd('src');
($stdout,$stderr)=$handle->cmd($sudo.
'/usr/local/bin/gcc -pedantic -DREDIS_STATIC= -std=c11 -Wall -W '.
'-Wno-missing-field-initializers -O2 -g -ggdb '.
'-I../deps/lua/src -I../deps/hiredis '.
'-I/usr/local/include/openssl -MMD -o '.
'sentinel.o -c sentinel.c',
'__display__');
($stdout,$stderr)=$handle->cwd('/opt/source/redis');
($stdout,$stderr)=$handle->cmd($sudo.
'make CFLAGS="-I/usr/local/include/openssl" '.
'LDFLAGS="-L/usr/local/lib64" '.
'BUILD_TLS=yes USE_SYSTEMD=yes','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
"make install",'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i '/information/avm.overcommit_memory = 1' /etc/sysctl.conf");
($stdout,$stderr)=$handle->cmd($sudo.
'sysctl vm.overcommit_memory=1');
($stdout,$stderr)=$handle->cmd($sudo.
"sed -i '/overcommit/anet.core.somaxconn=65535' /etc/sysctl.conf");
($stdout,$stderr)=$handle->cmd($sudo.
'sysctl net.core.somaxconn=65535');
($stdout,$stderr)=$handle->cmd($sudo.
'useradd redis --system --uid 5002 -s /usr/bin/nologin '.
'--user-group --no-create-home');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /usr/local/var/lib/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -v redis:redis /usr/local/var/lib/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /usr/local/var/log/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -v redis:redis /usr/local/var/log/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /usr/local/var/run/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -v redis:redis /usr/local/var/run/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /usr/local/etc/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'chown -v redis:redis /usr/local/etc/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'cp -v redis.conf /usr/local/etc/redis','__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /var/run/redis','__display__');
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
my $redis_service=<<'END';
# example systemd service unit file for redis-server
#
# In order to use this as a template for providing a redis service in your
# environment, _at the very least_ make sure to adapt the redis configuration
# file you intend to use as needed (make sure to set \\x22supervised systemd\\x22), and
# to set sane TimeoutStartSec and TimeoutStopSec property values in the unit's
# \\x22[Service]\\x22 section to fit your needs.
#
# Some properties, such as User= and Group=, are highly desirable for virtually
# all deployments of redis, but cannot be provided in a manner that fits all
# expectable environments. Some of these properties have been commented out in
# this example service unit file, but you are highly encouraged to set them to
# fit your needs.
#
# Please refer to systemd.unit(5), systemd.service(5), and systemd.exec(5) for
# more information.
[Unit]
Description=Redis data structure server
Wants=network-online.target
After=network-online.target
Documentation=http://redis.io/documentation, man:redis-server(1)
[Service]
Type=notify
ExecStart=/usr/local/bin/redis-server /usr/local/etc/redis/redis.conf --supervised systemd --daemonize no
ExecStop=/bin/kill -s TERM \\x24MAINPID
PIDFile=/var/run/redis/redis.pid
Restart=always
User=redis
Group=redis
RuntimeDirectory=redis
RuntimeDirectoryMode=2755
TimeoutStopSec=90
TimeoutStartSec=90
UMask=0077
PrivateTmp=yes
NoNewPrivileges=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
WorkingDirectory=/usr/local/var/lib/redis
ReadWriteDirectories=-/usr/local/var/lib/redis
ReadWriteDirectories=-/usr/local/var/log/redis
ReadWriteDirectories=-/usr/local/var/run/redis
NoNewPrivileges=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
lib/Net/FullAuto/ISets/Local/EmailServer_is.pm view on Meta::CPAN
'__display__');
$ad=<<END;
connect = host=/var/run/mysqld/mysqld.sock dbname=postfixadmin user=postfixadmin password=$service_and_cert_password
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
# map {
# pattern = shared/expire/\\x24user/\\x24mailbox
# table = expires
# value_field = expire_stamp
#
# fields {
# username = \\x24user
# mailbox = \\x24mailbox
# }
# }
END
($stdout,$stderr)=$handle->cmd(
"echo -e \"$ad\" >> ~/dovecot-dict-sql.conf.ext");
($stdout,$stderr)=$handle->cmd($sudo.
'mv -v ~/dovecot-dict-sql.conf.ext '.
'/usr/local/etc/dovecot/conf.d/dovecot-dict-sql.conf.ext',
'__display__');
$ad=<<END;
protocol imap {
mail_plugins = \\x24mail_plugins imap_quota imap_sieve
}
END
($stdout,$stderr)=$handle->cmd(
"echo -e \"$ad\" >> ~/20-imap.conf");
($stdout,$stderr)=$handle->cmd($sudo.
'mv -v ~/20-imap.conf '.
'/usr/local/etc/dovecot/conf.d/20-imap.conf',
'__display__');
$ad=<<END;
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service managesieve {
process_limit = 1024
}
END
($stdout,$stderr)=$handle->cmd(
"echo -e \"$ad\" >> ~/20-managesieve.conf");
($stdout,$stderr)=$handle->cmd($sudo.
'mv -v ~/20-managesieve.conf '.
'/usr/local/etc/dovecot/conf.d/20-managesieve.conf',
'__display__');
#
# echo-ing/streaming files over ssh can be tricky. Use echo -e
# and replace these characters with thier HEX
# equivalents (use an external editor for quick
# search and replace - and paste back results.
# use copy/paste or cat file and copy/paste results.):
#
# ! - \\x21 ` - \\x60 * - \\x2A
# " - \\x22 \ - \\x5C
# $ - \\x24 % - \\x25
#
$ad=<<END;
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_before = /var/mail/vmail/sieve/global/spam-global.sieve
sieve = file:/var/mail/vmail/sieve/\\x25d/\\x25n/scripts;active=/var/mail/vmail/sieve/\\x25d/\\x25n/active-script.sieve
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:/var/mail/vmail/sieve/global/report-spam.sieve
imapsieve_mailbox2_name = \\x2A
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/var/mail/vmail/sieve/global/report-ham.sieve
sieve_pipe_bin_dir = /usr/bin
sieve_global_extensions = +vnd.dovecot.pipe
}
END
($stdout,$stderr)=$handle->cmd(
"echo -e \"$ad\" >> ~/90-sieve.conf");
($stdout,$stderr)=$handle->cmd($sudo.
'mv -v ~/90-sieve.conf '.
'/usr/local/etc/dovecot/conf.d/90-sieve.conf',
'__display__');
($stdout,$stderr)=$handle->cmd($sudo.
'mkdir -vp /var/mail/vmail/sieve/global','__display__');
$ad=<<END;
require [\\x22fileinto\\x22,\\x22mailbox\\x22];
if anyof(
header :contains [\\x22X-Spam-Flag\\x22] \\x22YES\\x22,
header :contains [\\x22X-Spam\\x22] \\x22Yes\\x22,
header :contains [\\x22Subject\\x22] \\x22\\x2A\\x2A\\x2A SPAM \\x2A\\x2A\\x2A\\x22
)
{
fileinto :create \\x22Spam\\x22;
stop;
}
END
($stdout,$stderr)=$handle->cmd(
"echo -e \"$ad\" >> ~/spam-global.sieve");
($stdout,$stderr)=$handle->cmd($sudo.
'mv -v ~/spam-global.sieve '.
'/var/mail/vmail/sieve/global/spam-global.sieve',
'__display__');
$ad=<<END;
require [\\x22vnd.dovecot.pipe\\x22, \\x22copy\\x22, \\x22imapsieve\\x22];
pipe :copy \\x22rspamc\\x22 [\\x22learn_spam\\x22];
END
( run in 0.722 second using v1.01-cache-2.11-cpan-140bd7fdf52 )