#!/bin/bash

systemctl stop postfix exim4 dovecot || true

apt purge -y postfix exim4 exim4-base exim4-config exim4-daemon-light exim4-daemon-heavy dovecot-core dovecot-imapd dovecot-lmtpd

apt autoremove -y
apt autoclean

rm -rf /etc/postfix
rm -rf /etc/exim4
rm -rf /etc/dovecot
rm -rf /var/spool/postfix
rm -rf /var/spool/exim4
rm -rf /var/spool/exim4/private
rm -rf /etc/exim4/conf.d/master
set -e

FQDN=$(hostname -f)
DOM=$(hostname -d)

mkdir -p /var/spool/exim4/private
chown Debian-exim:Debian-exim /var/spool/exim4/private
chmod 750 /var/spool/exim4/private


echo "Maildir für neue Benutzer vorbereiten"
mkdir -p /etc/skel/Maildir/{cur,new,tmp}
grep -q MAILDIR /etc/skel/.bashrc || echo 'export MAIL=$HOME/Maildir' >> /etc/skel/.bashrc

echo "Pakete installieren"
apt update
DEBIAN_FRONTEND=noninteractive apt install -y \
exim4 \
dovecot-core \
dovecot-imapd \
dovecot-lmtpd \
mailutils

echo "Exim konfigurieren"

cat > /etc/exim4/update-exim4.conf.conf <<EOF
dc_eximconfig_configtype='internet'
dc_other_hostnames='$FQDN:$DOM'
dc_local_interfaces='0.0.0.0'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
dc_use_split_config='true'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='maildir_home'
EOF

echo "Exim SMTPS"



echo "Split config erzeugen"
update-exim4.conf
systemctl restart exim4

echo "Exim TLS"
cat <<EOF > /etc/exim4/conf.d/main/03_exim4-config_tlsoptions

tls_certificate = /etc/ssl/own.crt
tls_privatekey  = /etc/ssl/own.key

EOF

cat <<EOF > /etc/exim4/conf.d/main/02_smtps
daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465
EOF

update-exim4.conf



echo "Dovecot maildir"

cat > /etc/dovecot/conf.d/10-mail.conf <<EOF
mail_driver = maildir
mail_home = /home/%{user | username}
mail_path = %{home}/Maildir
EOF

echo "Dovecot TLS"

cat > /etc/dovecot/conf.d/10-ssl.conf <<EOF
ssl = yes
ssl_server_cert_file = /etc/ssl/own.crt
ssl_server_key_file = /etc/ssl/own.key
ssl_min_protocol = TLSv1.2
EOF

echo "Dovecot Dienste"

cat > /etc/dovecot/conf.d/10-master.conf <<EOF
service imap-login {
  inet_listener imap {
  }

  inet_listener imaps {
  }
}

service lmtp {
  unix_listener /var/spool/exim4/private/dovecot-lmtp {
    mode = 0600
    user = Debian-exim
    group = Debian-exim
  }
}

service auth {
  unix_listener /var/spool/exim4/private/auth {
    mode = 0660
    user = Debian-exim
    group = Debian-exim
  }
}
EOF


cat <<HERE > /etc/ssl/own.crt 

-----BEGIN CERTIFICATE-----
MIIFDzCCAvegAwIBAgIUNoGnreAwkoQqp3TK/ARqG9YzCFgwDQYJKoZIhvcNAQEL
BQAwETEPMA0GA1UEAwwGY2EuY3J0MB4XDTI1MDYyNjA3MTcxMFoXDTI3MDYyNjA3
MTcxMFowFjEUMBIGA1UEAwwLKi5pdDIxMy5pbnQwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQCOXnGlGRDzo8m/BgNa+oW5h6e6lwYQIrkECVEXlJhqP9bw
WeP2UFWiSJXmLYIkHlWW5xwY448WjZlOOoERvZP46XjD+9cWTvKX03p0CRuMZqm0
+wrUGKFf1Q3eHaRv8rK+IdNgMkoEYZbl1B8JtK8mXDsTExqnRnVJoWeDjkDN/uIQ
ex8i8EielNx5U2ztf5dVMbKICp1eKxPIkDphsb4fEuJrUO97eYcAUuhPxNGkVY3G
SEccbmsrX17Fq6UrRMOUd30sVRnOyA0OJ2ZRTrr9JLwLb1a+Snl11thIzgAY8xbE
+ntVVNMFCifXhNBfYafGxhQ3LagVrXR/3jKVqZQdqVCai0jILaNJNMJkxSxtlLyX
H/OraVJskJx9CagA6ipqWN4AFM45C5KcpN0SseS4sT4Ukke4VKonWi+At9gPgSD1
eTLRZXnxkPY6bVqxbs1FCFV7qN+wvQXKELx98CYx+OE2QPQagA0gvb0d9VQ/4lsv
Kl9sBzthaMrj7A/s16Lx8uvNnt1tEH/5GZXU9Fsg4bNv/hj6oXKQ9xxlCLErwQs5
b20CBc0wBNtgZTerfVZz9nzXx1oPk28CvCMCobMDhcEMgnDSy/WrMTPDiELoD5yU
XfT2dYZEpI34eMWx+tVVY57i6p11WUp79uo+VH95O3N3r8C0vkuxbHX9J1OJgwID
AQABo1owWDAWBgNVHREEDzANggsqLml0MjEzLmludDAdBgNVHQ4EFgQUxT8e4euj
q1vgGcURcuC+oQl60hkwHwYDVR0jBBgwFoAUQBYyH7acj+9rY82XWP1oMitZWp8w
DQYJKoZIhvcNAQELBQADggIBAEbd8TJq2M1FiKz+WaoxrHRzcNZcfIbHF98BX7SM
ngFmE/oEFkBpKM94D7z50B2tsM8j3AvDVj9DTajBtwElAU8hqr+/Nxto7S7mYANk
BSRqyMJkrg5BDKpPyCIHTU3jZRJeGGGHPoXPt7nxqy+i2EarIDEabuLST8cQGwLS
QVF24JLPXtYfQJgk1xFlvQ8+qxt/df9TLeETTSx7GCjuBwJe792tvTgvNTFZGD0B
ipa7CMpN/mF+4wzNqX/kPf7ijijjABbToIasOWQkMtbod0GwaxiHcvvbxAk4Jj1p
ZQeJljlB6GQQHFqkF+CWE8pkxw8Ofl99UPIOKaCw15mfZk/fiML/1Fp2YRrzjmVb
ZiPmEujClXGKXYs3oCfqM0qxeNeepZqbF74mciXoA8qQvDOS9NSf+P6yeg49h3m1
iXNMQM1WGi2QpA8pV9OtflhZqKTLrRo/cQ42EX0ID71PCJkl5t0lph8n29Hq33qB
/1sR1mfQIXuTOQ/zHEogu2GI7AZ8qMrA80uegL/1xrHBmT+caxSKKYTBd9K4IXid
oS4LUPdccGOexrSzuGDrLSzFrwfnpmSdhq7Y4J8ujaygc7SOQgzA27sK8ZJ/2Qut
su/rZHCLra8PAyvpZO9aMC3Mp/icGsxs/8j0sr5be6U6rEZCSyPDXZywfEuq64sl
KT89
-----END CERTIFICATE-----
HERE
cat <<HERE > /etc/ssl/own.key
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCOXnGlGRDzo8m/
BgNa+oW5h6e6lwYQIrkECVEXlJhqP9bwWeP2UFWiSJXmLYIkHlWW5xwY448WjZlO
OoERvZP46XjD+9cWTvKX03p0CRuMZqm0+wrUGKFf1Q3eHaRv8rK+IdNgMkoEYZbl
1B8JtK8mXDsTExqnRnVJoWeDjkDN/uIQex8i8EielNx5U2ztf5dVMbKICp1eKxPI
kDphsb4fEuJrUO97eYcAUuhPxNGkVY3GSEccbmsrX17Fq6UrRMOUd30sVRnOyA0O
J2ZRTrr9JLwLb1a+Snl11thIzgAY8xbE+ntVVNMFCifXhNBfYafGxhQ3LagVrXR/
3jKVqZQdqVCai0jILaNJNMJkxSxtlLyXH/OraVJskJx9CagA6ipqWN4AFM45C5Kc
pN0SseS4sT4Ukke4VKonWi+At9gPgSD1eTLRZXnxkPY6bVqxbs1FCFV7qN+wvQXK
ELx98CYx+OE2QPQagA0gvb0d9VQ/4lsvKl9sBzthaMrj7A/s16Lx8uvNnt1tEH/5
GZXU9Fsg4bNv/hj6oXKQ9xxlCLErwQs5b20CBc0wBNtgZTerfVZz9nzXx1oPk28C
vCMCobMDhcEMgnDSy/WrMTPDiELoD5yUXfT2dYZEpI34eMWx+tVVY57i6p11WUp7
9uo+VH95O3N3r8C0vkuxbHX9J1OJgwIDAQABAoICADl4KFnj13LyP+MrczlLfaWZ
+/wXMKxcx+C4PhLNugTRxlr5fksUvKyorlHfNvSLhjNHEZF+cmlBOYxZk3Zs14mX
/Vbnlzh7H/RnuruSXZt8aa8T05gwZRwBLfrmblV+W+biUqg3RKemGTqnOOw7EqTi
gDo/8PdrOrdBPz7cso41AF50xOneowHYx3L2WTc51QXf7Nh7qHC15OOGTPrYvA1h
GyME5dcrBHL+BKcGpTW4D2XmEUaJ0BsPAXu7wQ3JUUXiQhYeOC+/k32OLABQTq0X
Ig1foV1pRMRruJ0TAvkPT7auAhE9D32uTszx4QdPrWFQ3iIz/PDbNvbS5AqEDLSe
VNedg5t4dms9trzC1wWDSRVFkOPk/JKBT3/xbbTSedpG7Pcj5Z16+pTWebZfAXps
Xl211AuvhYPQFOZh400/gIt/9jZNib1WaI7xmwYcW5t8d7YfFRbdNi2vq8NIpBQT
p568hiQSzK2PKBdXNPgS6AoOVd4g50E+6V3q3cZ/hvvdL8cj/TJ7g2RFQFbDRXZ2
6JaUEBx9+hfLFKGpyFemjbco9NJJdm5N6nkrnsEDxeZRzNZF35ROlopkSA01Ldwo
ZTp4709KxdMXW62i2JEGoC8YJIXYD7lXF1QbuQQStrnPJCYvFylcST0/My6T0Pxp
CUAXDTLAgO6vnMxixA7hAoIBAQDDHs/hQPhjTXWCc6X5s6WCBOk9Gxv0E3L7b0Xh
6hheaoCLDcWubrs69g6nrNLvB+49Bw1IMNeGtj1Is1o6dXXAjwDIh1Ieg4EfDPZs
iyIapePktKNMTlwPpPRTsOkaweEYCvb//BkBBPmu7DgSmZxdJfsp3AnXIyphd1/i
BFa7ul7KBCUXFa2s8iT4KGxGhNe8K9bL3MnJcKKqjlvvkgPwdb0UoyFtg8VJcIjV
WnbgpShAP/wYFJfuxi/Pa9UkA6SsQdr8qndLWr1wpvd1fCty6rPLCUVezEb70Mzk
URYoHYamxrtD9ZQN0Qj6qcMNhdP2rTztnMITfpK/KKjfO0nTAoIBAQC6yh/f7Z3g
cCuKkyfepMdQuvu60jLBXnLm6qVuz8xidjyIfINunrnLsfOsIVQzimrtDSMFccbx
TNw+eaivAsoIH1p0yufRdO0PvbADngvgEFmjkEDfhZzYD/ASDToUndtikTCIscj+
cGquV3L/68ZeJDYFVT/srCwDycwNQsx4bH64gKe6vqgSERs4SawcX4Fk8PljGKlv
cabfcdb805+zqAn6WYR8/cGWeTObXGG16UF+/cY5az5uqhKKr2cJZe4QXFHLCyXO
ESHcKQASSl8kVSgheTSeuAq7+spMZplAb4RJHDB7zbPMwDNqBX5ukTYU9umOrSXK
6/BKbe4vkcORAoIBAFnmtHlg6hE2+1Gj33FxqGyDvsN83iBTZcMbveMdbSTzhU6M
heyc8H92J8JyCq4/xTExMpl0h5l2Fj6NBKGyxRJ30TCTyO5uQOwBmPjiElCc5qfV
4vehkyFSK5D0DjNZ6VCenLfNe+fQVwqVpDBNvpHckiDzVUVe2oQV8IO+5AeTE2GZ
D03XmzH4T7hXR6wmQRBeUpWToRXDY++ZsBpt+IqudPQxRZGkCR6RTzqed++BqU4R
LSIbOvW1Mwoq8QWq+BC2NyP7lwONR4PEKnhjQdGs+jIuj1viW0JjLkR0Z/ULxaLK
JjZlzFWhXrW/yjNM2iDqKQyCEZnR0+Nn5IcWVikCggEARnYMxBoMnidyJVoRhik+
jrOaVgUI5GzOh1Eoir6UaOgVOZ9OrSHvEGnWc6425yJl53o3JcyfsVK/GkomWa6B
q8K4Cqqn/BlRe8igZxzted5xEgROlIMAgXixpP2cVT6fDXWbi1UVbvXVKGMQnH3C
XKzoO+bGsG7aQ6uR78as/xheTRcrLoTRPc96JyeTZziXxQ4p5TneYI3M1ylIYiMq
cUkISooOMmA+8JZT411b9pVBAbiVV/+ek3xQdkRoZ+EthrpsmF1iK3PHBBfrUPsB
HOGKu+XO9biTRAn82gkx8l6e1j1uBKW6F5jBTFM6OFdKwWnK/OlQAlYyVMFXQlaI
IQKCAQAu9viWCwOVth/5xKyxJ+Rmc5S5Av2a32oNo/YDTttD/zWtwUkns6nzJclT
8bfZDns8fAVtC1toDAFLBW9g/KGI6/bxdG5fKJTO43EHq+UJNo/2gSgNyjS5aT9m
hfQYaHhjWHG6tZPTyWZS1eBFEG74mqm0tEqt1SAHMpRUvbeoIt+Dg2HfatuLZI7f
jUbUnT2GRvEUtcA8BzBn0n6fsSjCIUJgmq/UgH+MB9rYFv2W19PN5XAYfl4HBF3T
iJwz2K6mFOg50SvgPk2LHnaHZ0XbcK4g3mPXoIN0DCSuKWdRoVRAFsBZ9M1I1GjD
ph/XzvH+JD09rY/o+sYHICbeN1h5
-----END PRIVATE KEY-----
HERE


systemctl restart exim4
systemctl restart dovecot