AWS & Cloudflare Script

2025-03-20 14:02:25 +01:00
parent 6ae4da137e
commit 2174fe4869
3 changed files with 264 additions and 24 deletions
--- a/dovecot/awsdomain.sh
+++ b/dovecot/awsdomain.sh
@@ -0,0 +1,108 @@
+#!/bin/bash
+
+if [ -z "$DOMAIN_NAME" ]; then
+  echo "Fehler: DOMAIN_NAME ist nicht gesetzt."
+  echo "Bitte setzen Sie die Variable mit: export DOMAIN_NAME='IhreDomain.de'"
+  exit 1  # Skript mit Fehlercode beenden
+fi
+AWS_REGION="us-east-2"
+EMAIL_PREFIX="emails/"
+S3_BUCKET_NAME=$(echo "$DOMAIN_NAME" | tr '.' '-' | awk '{print $0 "-emails"}')
+# Ersetzen Sie alle Punkte durch Bindestriche und erstellen Sie den RULE_NAME
+RULE_NAME="store-$(echo "$DOMAIN_NAME" | tr '.' '-')-to-s3"
+
+# ------------------------
+# 1. S3 Bucket erstellen
+# ------------------------
+echo "S3 Bucket erstellen..."
+aws s3api create-bucket \
+  --bucket ${S3_BUCKET_NAME} \
+  --region ${AWS_REGION} \
+  --create-bucket-configuration LocationConstraint=${AWS_REGION}
+
+# Öffentlichen Zugriff blockieren
+aws s3api put-public-access-block \
+  --bucket ${S3_BUCKET_NAME} \
+  --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
+
+# Lebenszyklus-Konfiguration hinzufügen
+aws s3api put-bucket-lifecycle-configuration \
+  --bucket ${S3_BUCKET_NAME} \
+  --lifecycle-configuration '{
+    "Rules": [
+      {
+        "ID": "DeleteOldEmails",
+        "Status": "Enabled",
+        "Expiration": {
+          "Days": 90
+        },
+        "Filter": {
+          "Prefix": ""
+        }
+      }
+    ]
+  }'
+  
+echo "S3 Bucket Policy hinzufügen..."
+aws s3api put-bucket-policy \
+  --bucket ${S3_BUCKET_NAME} \
+  --policy '{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Principal": {
+          "Service": "ses.amazonaws.com"
+        },
+        "Action": [
+          "s3:PutObject",
+          "s3:GetBucketLocation",
+          "s3:ListBucket"
+        ],
+        "Resource": [
+          "arn:aws:s3:::'${S3_BUCKET_NAME}'",
+          "arn:aws:s3:::'${S3_BUCKET_NAME}'/*"
+        ]
+      }
+    ]
+  }'
+
+# ------------------------  
+# 2. SES Domain-Identität erstellen
+# ------------------------
+echo "SES Domain-Identität erstellen..."
+aws sesv2 create-email-identity \
+  --email-identity ${DOMAIN_NAME} \
+  --region ${AWS_REGION}
+
+# DKIM-Signierung aktivieren
+aws sesv2 put-email-identity-dkim-attributes \
+  --email-identity ${DOMAIN_NAME} \
+  --signing-enabled \
+  --region ${AWS_REGION}
+
+# Mail-From-Domain konfigurieren
+aws sesv2 put-email-identity-mail-from-attributes \
+  --email-identity ${DOMAIN_NAME} \
+  --mail-from-domain "mail.${DOMAIN_NAME}" \
+  --behavior-on-mx-failure USE_DEFAULT_VALUE \
+  --region ${AWS_REGION}
+
+# --------------------------
+# Receive Emails
+# -------------------------
+# 3. Receipt Rule Set erstellen
+echo "Receipt Rule for bizmatch ruleset erstellen..."
+    
+aws ses create-receipt-rule --rule-set-name "bizmatch-ruleset" --rule '{
+  "Name": "'"${RULE_NAME}"'",
+  "Enabled": true,
+  "ScanEnabled": true,
+  "Actions": [{
+    "S3Action": {
+      "BucketName": "'"${S3_BUCKET_NAME}"'",
+      "ObjectKeyPrefix": "emails/"
+    }
+  }],
+  "TlsPolicy": "Require"
+}'