432 lines
12 KiB
Bash
Executable File
432 lines
12 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# email_account, Copyright © 2010 Thomas Preud'homme
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
# email_account is a helper to create e-mail accounts in a configuration
|
|
# using Postfix mail transport agent with vhosts and Cyrus IMAP server,
|
|
# in a Debian environment.
|
|
|
|
set -u
|
|
|
|
# Display usage.
|
|
usage ()
|
|
{
|
|
local - progname
|
|
progname=$1
|
|
echo "Usage :"
|
|
echo
|
|
echo "$progname emailaccount [emailalias]"
|
|
echo "$progname -h | --help"
|
|
echo
|
|
echo "Fist form adds an email account named emailaccount if it doesn't already exist"
|
|
echo "and creates an alias named emailalias for this email account if specified."
|
|
echo
|
|
echo "Second form prints this help."
|
|
}
|
|
|
|
# Test an email is valid and exit if it isn't.
|
|
test_email ()
|
|
{
|
|
local -
|
|
user=$(echo "$1" | cut -d '@' -f 1)
|
|
if [ -z "$user" ]
|
|
then
|
|
echo "Error! Missing user in email account." >&2
|
|
exit 1
|
|
fi
|
|
domain=$(echo "$1" | cut -d '@' -f 2)
|
|
if echo "$domain" | grep -E -v "^([[:alnum:]]+\.)+[[:alnum:]]+$" > /dev/null
|
|
then
|
|
echo "Error! Invalid domain for email account." >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Ask a question to the user. Return 1 if the answer is negative,
|
|
# or 0 if it is positive.
|
|
ask_user_default_no ()
|
|
{
|
|
local - answer
|
|
answer="unset"
|
|
echo -n "$1 [y/N] "
|
|
while [ -n "$answer" -a "$answer" != "y" -a "$answer" != "Y" -a "$answer" != "n" -a "$answer" != "N" ]
|
|
do
|
|
read answer
|
|
if [ -z "$answer" -o "$answer" = "n" -o "$answer" = "N" ]
|
|
then
|
|
return 1
|
|
fi
|
|
if [ "$answer" = "y" -o "$answer" = "Y" ]
|
|
then
|
|
break
|
|
fi
|
|
echo -n "$2 [y/N] "
|
|
done
|
|
return 0
|
|
}
|
|
|
|
# Test number of argument is correct and their value are correct also.
|
|
test_args ()
|
|
{
|
|
local - user domain
|
|
if [ \( $# -ge 1 -a "$1" = "-h" -a $# -gt 1 \) -o $# -gt 2 ]
|
|
then
|
|
echo "Error! Too many arguments." >&2
|
|
exit 1
|
|
fi
|
|
if [ $# -eq 0 -o "$1" = "-h" -o "$1" = "-help" ]
|
|
then
|
|
usage $(basename $0)
|
|
exit 0
|
|
else
|
|
# Test email arguments
|
|
test_email "$1"
|
|
emailuser="$user"
|
|
emaildomain="$domain"
|
|
if [ $# -eq 2 ]
|
|
then
|
|
test_email "$2"
|
|
aliasuser="$user"
|
|
aliasdomain="$domain"
|
|
if [ "$emaildomain" != "$aliasdomain" ]
|
|
then
|
|
echo "Error! Domain of the alias must be identical to the domain of the email account." >&2
|
|
exit 1
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Are we root?
|
|
must_sudo ()
|
|
{
|
|
uid="$(id -u)"
|
|
[ ! $uid -eq 0 ]
|
|
return $?
|
|
}
|
|
|
|
# This function tries to become root with sudo and execute this script.
|
|
# NB: This function doesn't return.
|
|
try_sudo ()
|
|
{
|
|
local - ret
|
|
echo "You aren't root. Trying to use sudo to become root…"
|
|
sudo $0 "$@" # Try to execute the script with sudo
|
|
ret=$?
|
|
if [ ! $ret -eq 0 ]
|
|
then
|
|
echo "Error! You must be root or being able to become root by sudo without password to create an email account or add an email alias." >&2
|
|
fi
|
|
exit $ret
|
|
}
|
|
|
|
# Warn user that cyrus will need to restart twice and postfix will have
|
|
# to reload its configuration once and ask him if he is ok for that
|
|
test_ready_for_restarts ()
|
|
{
|
|
local - first_ask next_ask
|
|
first_ask="Be aware that you'll need to restart cyrus twice and to make postfix reload its configuration once. Are you ready?"
|
|
next_ask="Incorrect answer. Are you ready to restart cyrus and make postfix reload its configuration?"
|
|
ask_user_default_no "$first_ask" "$next_ask"
|
|
if [ $? -eq 1 ]
|
|
then
|
|
echo "Ok, exiting…"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Test cyrus password is OK.
|
|
test_cyrus_admin ()
|
|
{
|
|
local -
|
|
cyruser=$(grep -E "^[[:space:]]*admins:" /etc/imapd.conf | cut -d ':' -f 2- | sed -r "s/[[:alnum:]]+@[[:alnum:].]+//g" | tr -d ' ')
|
|
cyrpwd=$(cat /root/cyrus_main_admin_password)
|
|
testsaslauthd -u $cyruser -p $cyrpwd > /dev/null || { echo "Error! Password for main cyrus admin has changed but has not been modified in /root/" >&2 && exit 1 ; }
|
|
}
|
|
|
|
# Save cyrus state and make it cyradm ready, that is save and change
|
|
# allowplaintext and virtdomain and make it listen on localhost:imap
|
|
# instead of *:imap
|
|
save_cyrus_state_and_become_cyradm_ready ()
|
|
{
|
|
local -
|
|
sed -r -i "s/^(.*cmd=\"imapd.* listen=\")(imap\".*)$/\1localhost:\2/" /etc/cyrus.conf
|
|
sed -r -i "s/^([[:space:]]*allowplaintext:.*)$/#\1\nallowplaintext: 1/" /etc/imapd.conf
|
|
sed -r -i "s/^([[:space:]]*virtdomains:.*)$/#\1\nvirtdomains: userid/" /etc/imapd.conf
|
|
invoke-rc.d cyrus2.2 restart
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
echo "Error! Restarting cyrus failed. The requested action coudn't be performed." >&2
|
|
echo "Look at the logs and restart Cyrus manually." >&2
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
# Ask a password to the user and create the entry in sasldb database.
|
|
ask_and_create_password ()
|
|
{
|
|
local - newemailpassword
|
|
emailpassword=""
|
|
newemailpassword="different"
|
|
while [ "$emailpassword" != "$newemailpassword" ]
|
|
do
|
|
emailpassword=""
|
|
echo "What password do you want for your email account?"
|
|
while [ -z "$emailpassword" ]
|
|
do
|
|
echo -n "Password: "
|
|
read emailpassword
|
|
done
|
|
newemailpassword=""
|
|
echo "Please re-enter your password to ensure you typed it correctly."
|
|
while [ -z "$newemailpassword" ]
|
|
do
|
|
echo -n "Password (bis): "
|
|
read newemailpassword
|
|
done
|
|
if [ "$emailpassword" != "$newemailpassword" ]
|
|
then
|
|
echo "Passwords don't match!"
|
|
fi
|
|
done
|
|
echo "$emailpassword" | saslpasswd2 -p -u "$emaildomain" "$emailuser"
|
|
}
|
|
|
|
# Check if a password already exists in the sasldb database.
|
|
# Then ask a password to the user and create the entry in sasldb
|
|
# database if password doesn't exist are user want to change it.
|
|
create_sasldb_password ()
|
|
{
|
|
local - first_ask next_ask
|
|
sasldblistusers2 | grep "$emailuser@$emaildomain" > /dev/null
|
|
if [ $? -eq 0 ]
|
|
then
|
|
first_ask="There is already a password for this user, do you want to change it?"
|
|
next_ask="Do you want to change the existing password for your email account?"
|
|
ask_user_default_no "$first_ask" "$next_ask"
|
|
if [ $? -eq 0 ]
|
|
then
|
|
ask_and_create_password
|
|
else
|
|
emailpassword="has remained unchanged"
|
|
fi
|
|
else
|
|
ask_and_create_password
|
|
fi
|
|
}
|
|
|
|
# Add the domain of the email account to the list of virtual domain
|
|
# in cyrus and postfix if necessary.
|
|
update_virtual_domains ()
|
|
{
|
|
local -
|
|
grep "defaultdomain:" /etc/imapd.conf | grep "$emaildomain" > /dev/null
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
grep "loginrealms:" /etc/imapd.conf | grep "$emaildomain" > /dev/null
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
sed -r -i "s/^([[:space:]]*loginrealms): ?(.*)$/\1: $emaildomain \2/" /etc/imapd.conf
|
|
fi
|
|
fi
|
|
grep "mydomain[[:space:]]*=" /etc/postfix/main.cf | grep "$emaildomain" > /dev/null
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
grep "virtual_mailbox_domains[[:space:]]*=" /etc/postfix/main.cf | grep "$emaildomain" /dev/null
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
sed -r -i "s/^([[:space:]]*virtual_mailbox_domains[[:space:]]*)= ?(.*)$/\1= $emaildomain \2/" /etc/postfix/main.cf
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Print the first parameter and then the second parameter at a distance
|
|
# of $3 tabs.
|
|
echo_with_tabs ()
|
|
{
|
|
local - nbchars nbtabs
|
|
nbchars=$(echo "$1" | wc -m)
|
|
nbtabs=$(($3-nbchars/8))
|
|
[ $nbtabs -lt 1 ] && nbtabs=1
|
|
echo -n "$1"
|
|
for i in $(seq $nbtabs)
|
|
do
|
|
echo -n "\t"
|
|
done
|
|
echo "$2"
|
|
}
|
|
|
|
# Add requested email to postfix virtual_mailbox_maps.
|
|
update_postfix_email_account ()
|
|
{
|
|
local -
|
|
grep "^[[:space:]]*$emailuser@$emaildomain" /etc/postfix/vmailbox > /dev/null
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
echo_with_tabs "$emailuser@$emaildomain" "whatever" 4 >> /etc/postfix/vmailbox
|
|
fi
|
|
if [ ! $# -eq 0 ]
|
|
then
|
|
grep "^[[:space:]]*$aliasuser@$aliasdomain" /etc/postfix/vmailbox > /dev/null
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
echo_with_tabs "$aliasuser@$aliasdomain" "whatever" 4 >> /etc/postfix/vmailbox
|
|
fi
|
|
fi
|
|
postmap /etc/postfix/vmailbox
|
|
}
|
|
|
|
# Add requested alias to postfix virtual_alias_maps.
|
|
update_email_aliases ()
|
|
{
|
|
local -
|
|
grep "$aliasuser@$aliasdomain[[:space:]]+$emailuser@$emaildomain" /etc/postfix/virtual > /dev/null
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
echo_with_tabs "$aliasuser@$aliasdomain" "$emailuser@$emaildomain" 4 >> /etc/postfix/virtual
|
|
fi
|
|
postmap /etc/postfix/virtual
|
|
}
|
|
|
|
display_infos ()
|
|
{
|
|
local - imap imaps imapret imapsret security
|
|
set +u
|
|
grep "defaultdomain:" /etc/imapd.conf | grep "$emaildomain" > /dev/null
|
|
if [ $? -eq 0 ]
|
|
then
|
|
echo "Your email login is $emailuser and your password $emailpassword"
|
|
else
|
|
echo "Your email login is $emailuser@$emaildomain and your password $emailpassword"
|
|
fi
|
|
echo -n "Supported mechanism for imap authentification are: "
|
|
sed -r -n "{s/sasl_mech_list: *(.*)$/\1/;t success;T;: success;p}" /etc/imapd.conf
|
|
echo -n "The imap server listen on port "
|
|
imap=$(grep -E "^[^#]+cmd=\"imapd[^#]+listen=\"imap\"" /etc/cyrus.conf)
|
|
imapret=$?
|
|
if [ $imapret -eq 0 ]
|
|
then
|
|
security=$(echo "$imap" | sed -r -n "{s/^.*cmd=\".* -s.*$/(SSL\/TLS)/;t success;T;: success;p}")
|
|
if [ -z "$security" ]
|
|
then
|
|
security="(STARTTLS)"
|
|
fi
|
|
echo -n "143 ($security)"
|
|
fi
|
|
imaps=$(grep -E "^[^#]+cmd=\"imapd[^#]+listen=\"imaps\"" /etc/cyrus.conf)
|
|
imapsret=$?
|
|
if [ $imapsret -eq 0 ]
|
|
then
|
|
security=$(echo "$imaps" | sed -r -n "{s/^.*cmd=\".* -s.*$/(SSL\/TLS)/;t success;T;: success;p}")
|
|
if [ -z "$security" ]
|
|
then
|
|
security="(STARTTLS)"
|
|
fi
|
|
if [ $imapret -eq 0 ]
|
|
then
|
|
echo -n " and on port "
|
|
fi
|
|
echo -n "993 ($security)"
|
|
fi
|
|
echo "."
|
|
}
|
|
|
|
# Restore cyrus state as it was before making it cyradm ready, that is
|
|
# restore allowplaintext, virtdomain and make it listen on *:imap
|
|
# instead of localhost:imap
|
|
restore_cyrus_state ()
|
|
{
|
|
local -
|
|
sed -r -i "s/^(.*cmd=\"imapd.* listen=\")localhost:(imap\".*)$/\1\2/" /etc/cyrus.conf
|
|
# OK, let's explain the following sed line.
|
|
# First you must understand that for each line, all the commands inside
|
|
# the {} block and separated by ; are executed.
|
|
# When the allowplaintext commented line is found, the # is removed by
|
|
# a s/pattern/replacement/ command. Then, as this substitution is
|
|
# successful, we jump at success which copy the substituted line in
|
|
# the hold space, get the next line in the pattern space and replace
|
|
# it by the substituted line. We've just deleted the next line. Then,
|
|
# we print the line in the pattern space. If from the beginning we
|
|
# have a non allowplaintext line, then T makes us jump to fail and
|
|
# print the line in the pattern space (that is the current line).
|
|
sed -r -n -i "{s/^#([[:space:]]*allowplaintext:.*)$/\1/;t success;T fail;: success;h;n;g;: fail;p}" /etc/imapd.conf
|
|
# Same as above for virtdomains
|
|
sed -r -n -i "{s/^#([[:space:]]*virtdomains:.*)$/\1/;t success;T fail;: success;h;n;g;: fail;p}" /etc/imapd.conf
|
|
invoke-rc.d --quiet cyrus2.2 restart
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
echo "Error! Restarting cyrus failed." >&2
|
|
exit 1
|
|
fi
|
|
invoke-rc.d --quiet postfix reload
|
|
if [ ! $? -eq 0 ]
|
|
then
|
|
echo "Error! Reloading postfix failed." >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Create the mailbox
|
|
create_mail_account ()
|
|
{
|
|
local - nblines
|
|
nblines=$(echo "listmailbox user.$emailuser@$emaildomain" | cyradm --user $cyruser --auth login --pass $cyrpwd localhost | wc -l)
|
|
if [ $nblines -eq 0 ]
|
|
then
|
|
echo "Mailbox for $emailuser@$emaildomain doesn't exist, creating it…"
|
|
echo "createmailbox user.$emailuser@$emaildomain" | cyradm --user $cyruser --auth login --pass $cyrpwd localhost
|
|
fi
|
|
|
|
}
|
|
|
|
main ()
|
|
{
|
|
ret=0
|
|
# This test should be useless if rights on this file are corrects
|
|
# (that is 770 for root:gt owner)
|
|
test_args "$@"
|
|
if must_sudo
|
|
then
|
|
try_sudo "$@"
|
|
fi
|
|
test_ready_for_restarts
|
|
test_cyrus_admin
|
|
save_cyrus_state_and_become_cyradm_ready
|
|
if [ $? -eq 0 ]
|
|
then
|
|
create_sasldb_password
|
|
update_virtual_domains
|
|
aliasuser="${aliasuser:-""}"
|
|
if [ -n "$aliasuser" ]
|
|
then
|
|
update_postfix_email_account 1
|
|
update_email_aliases
|
|
else
|
|
update_postfix_email_account
|
|
fi
|
|
create_mail_account
|
|
display_infos
|
|
else
|
|
ret=1
|
|
fi
|
|
restore_cyrus_state
|
|
return $ret
|
|
}
|
|
|
|
main "$@"
|
|
exit $?
|