diff --git a/install-mailcow-debian.sh b/install-mailcow-debian.sh index 1dd369b..60dc6bb 100644 --- a/install-mailcow-debian.sh +++ b/install-mailcow-debian.sh @@ -67,38 +67,33 @@ ufw allow 995/tcp ufw allow 4190/tcp ufw --force enable -# Configure fail2ban with SSH honeypot -log_message "Configuring fail2ban and SSH honeypot..." +# Configure fail2ban for SSH +log_message "Configuring fail2ban for SSH protection..." cat > /etc/fail2ban/jail.local << EOL [DEFAULT] bantime = 1h findtime = 10m maxretry = 3 +banaction = ufw +backend = systemd + +ignoreip = 127.0.0.1/8 ::1 [sshd] enabled = true port = ssh filter = sshd -logpath = /var/log/auth.log +logpath = %(sshd_log)s maxretry = 3 -EOL - -# Create SSH honeypot configuration -cat > /etc/fail2ban/jail.d/ssh-honeypot.conf << EOL -[ssh-honeypot] -enabled = true -filter = ssh-honeypot -logpath = /var/log/auth.log -maxretry = 1 bantime = 1d -findtime = 1d +findtime = 10m EOL -cat > /etc/fail2ban/filter.d/ssh-honeypot.conf << EOL -[Definition] -failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from -ignoreregex = -EOL +# Reload systemd daemon +systemctl daemon-reload + +# Restart fail2ban +systemctl restart fail2ban # Restart fail2ban systemctl restart fail2ban @@ -108,19 +103,97 @@ log_message "Setting up Mailcow directory..." mkdir -p /opt/mailcow-dockerized chown dockeruser:dockeruser /opt/mailcow-dockerized +# Function to get FQDN input +get_fqdn() { + local fqdn + while true; do + read -p "Please enter your Fully Qualified Domain Name (FQDN) (e.g., mail.example.com): " fqdn + if [[ $fqdn =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "$fqdn" + return 0 + else + echo "Invalid FQDN format. Please try again." + fi + done +} + +# Get timezone +get_timezone() { + local timezone + while true; do + read -p "Please enter your timezone (e.g., Europe/Berlin) [default: UTC]: " timezone + timezone=${timezone:-UTC} + if [ -f "/usr/share/zoneinfo/$timezone" ]; then + echo "$timezone" + return 0 + else + echo "Invalid timezone. Please try again." + fi + done +} + +# Function to configure mailcow +configure_mailcow() { + local fqdn=$1 + local timezone=$2 + + # Create temporary config file + cat > /tmp/mailcow_config << EOL +MAILCOW_HOSTNAME=${fqdn} +TIMEZONE=${timezone} +EOL + + # Ask for additional configuration + read -p "Do you want to customize additional mailcow configuration? (y/N): " customize + if [[ $customize =~ ^[Yy]$ ]]; then + nano /tmp/mailcow_config + fi + + return 0 +} + # Switch to dockeruser and install Mailcow log_message "Installing Mailcow as dockeruser..." + +# Get configuration parameters +FQDN=$(get_fqdn) +TIMEZONE=$(get_timezone) + +# Store configuration for dockeruser +echo "FQDN=$FQDN" > /tmp/mailcow_vars +echo "TIMEZONE=$TIMEZONE" >> /tmp/mailcow_vars + +configure_mailcow "$FQDN" "$TIMEZONE" + su - dockeruser << 'EOF' +# Source the configuration variables +source /tmp/mailcow_vars + +# Clone and set up mailcow cd /opt git clone https://github.com/mailcow/mailcow-dockerized cd mailcow-dockerized -./generate_config.sh + +# Use the prepared configuration +cat /tmp/mailcow_config > mailcow.conf + +# Generate config with the provided FQDN +printf "%s\n" "$FQDN" | ./generate_config.sh + +# Offer to edit the full configuration +read -p "Would you like to review and edit the full mailcow configuration? (y/N): " edit_conf +if [[ $edit_conf =~ ^[Yy]$ ]]; then + nano mailcow.conf +fi # Start Mailcow docker compose pull docker compose up -d EOF +# Clean up temporary files +rm -f /tmp/mailcow_vars /tmp/mailcow_config + # Final security checks log_message "Performing final security checks..." su - dockeruser -c "cd /opt/mailcow-dockerized && docker compose ps"