From 3c1d49c6a1cc1c8cdec059af4bda68052e2cec0b Mon Sep 17 00:00:00 2001
From: TheSiahxyz <164138827+TheSiahxyz@users.noreply.github.com>
Date: Thu, 30 Jan 2025 23:43:47 +0900
Subject: init

---
 FUNDING.yml  |   2 +
 LICENSE      | 674 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md    | 136 ++++++++++++
 adddomain.sh |  43 ++++
 emailwiz.sh  | 481 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 1336 insertions(+)
 create mode 100644 FUNDING.yml
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100755 adddomain.sh
 create mode 100644 emailwiz.sh

diff --git a/FUNDING.yml b/FUNDING.yml
new file mode 100644
index 0000000..c7c9a22
--- /dev/null
+++ b/FUNDING.yml
@@ -0,0 +1,2 @@
+custom: ["https://lukesmith.xyz/donate.html"]
+github: lukesmithxyz
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..f288702
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2a57b12
--- /dev/null
+++ b/README.md
@@ -0,0 +1,136 @@
+# Email server setup script
+
+This script installs an email server with all the features required in the
+modern web.
+
+I've linked this file on Github to a shorter, more memorable address on my
+website so you can get it on your machine with this short command:
+
+```sh
+curl -LO lukesmith.xyz/emailwiz.sh
+```
+
+When prompted by a dialog menu at the beginning, select "Internet Site", then
+give your full domain without any subdomain, e.g. `lukesmith.xyz`.
+
+I'm glad to say that dozens, hundreds of people have now used it and there is a
+sizeable network of people with email servers thanks to this script.
+
+## This script installs
+
+- **Postfix** to send and receive mail.
+- **Dovecot** to get mail to your email client (mutt, Thunderbird, etc.).
+- Config files that link the two above securely with native PAM log-ins.
+- **Spamassassin** to prevent spam and allow you to make custom filters.
+- **OpenDKIM** to validate you so you can send to Gmail and other big sites.
+- **Certbot** SSL certificates, if not already present.
+- **fail2ban** to increase server security, with enabled modules for the above
+  programs.
+
+## This script does _not_...
+
+- use a SQL database or anything like that. We keep it simple and use normal
+  Unix system users for accounts and passwords.
+- set up a graphical web interface for mail like Roundcube or Squirrel Mail.
+  You are expected to use a normal mail client like Thunderbird or K-9 for
+  Android or good old mutt with
+  [mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard). Note that there
+  is a guide for [Rainloop](https://landchad.net/rainloop/) on
+  [LandChad.net](https://landchad.net) for those that want such a web
+  interface.
+
+## Prerequisites for Installation
+
+1. Debian or Ubuntu server.
+2. DNS records that point at least your domain's `mail.` subdomain to your
+   server's IP (IPv4 and IPv6). This is required on initial run for certbot to
+   get an SSL certificate for your `mail.` subdomain.
+
+## Mandatory Finishing Touches
+
+### Unblock your ports
+
+While the script enables your mail ports on your server, it is common practice
+for all VPS providers to block mail ports on their end by default. Open a help
+ticket with your VPS provider asking them to open your mail ports and they will
+do it in short order.
+
+### DNS records
+
+At the end of the script, you will be given some DNS records to add to your DNS
+server/registrar's website. These are mostly for authenticating your emails as
+non-spam. The 4 records are:
+
+1. An MX record directing to `mail.yourdomain.tld`.
+2. A TXT record for SPF (to reduce mail spoofing).
+3. A TXT record for DMARC policies.
+4. A TXT record with your public DKIM key. This record is long and **uniquely
+   generated** while running `emailwiz.sh` and thus must be added after
+   installation.
+
+They will look something like this:
+
+```
+@	MX	10	mail.example.org
+mail._domainkey.example.org    TXT     v=DKIM1; k=rsa; p=anextremelylongsequenceoflettersandnumbersgeneratedbyopendkim
+_dmarc.example.org     TXT     v=DMARC1; p=reject; rua=mailto:dmarc@example.org; fo=1
+example.org    TXT     v=spf1 mx a: -all
+```
+
+The script will create a file, `~/dns_emailwiz` that will list our the records
+for your convenience, and also prints them at the end of the script.
+
+### Add a rDNS/PTR record as well!
+
+Set a reverse DNS or PTR record to avoid getting spammed. You can do this at
+your VPS provider, and should set it to `mail.yourdomain.tld`. Note that you
+should set this for both IPv4 and IPv6.
+
+## Making new users/mail accounts
+
+Let's say we want to add a user Billy and let him receive mail, run this:
+
+```
+useradd -m -G mail billy
+passwd billy
+```
+
+Any user added to the `mail` group will be able to receive mail. Suppose a user
+Cassie already exists and we want to let her receive mail too. Just run:
+
+```
+usermod -a -G mail cassie
+```
+
+A user's mail will appear in `~/Mail/`. If you want to see your mail while ssh'd
+in the server, you could just install mutt, add `set spoolfile="+Inbox"` to
+your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want
+to log in remotely though:
+
+## Logging in from email clients (Thunderbird/mutt/etc)
+
+Let's say you want to access your mail with Thunderbird or mutt or another
+email program. For my domain, the server information will be as follows:
+
+- SMTP server: `mail.lukesmith.xyz`
+- SMTP port: 465
+- IMAP server: `mail.lukesmith.xyz`
+- IMAP port: 993
+
+## Benefited from this?
+
+I am always glad to hear this script is still making life easy for people. If
+this script or documentation has saved you some frustration, donate here:
+
+- btc: `bc1qzw6mk80t3vrp2cugmgfjqgtgzhldrqac5axfh4`
+- xmr: `8A5v4Ci11Lz7BDoE2z2oPqMoNHzr5Zj8B3Q2N2qzqrUKhAKgNQYGSSaZDnBUWg6iXCiZyvC9mVCyGj5kGMJTi1zGKGM4Trm`
+
+## Sites for Troubleshooting
+
+Can't send or receive mail? Getting marked as spam? There are tools to double-check your DNS records and more:
+
+- Always check `journalctl -xe` first for specific errors.
+- [Check your DNS](https://intodns.com/)
+- [Test your TXT records via mail](https://appmaildev.com/en/dkim)
+- [Is your IP blacklisted?](https://mxtoolbox.com/blacklists.aspx)
+- [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx)
diff --git a/adddomain.sh b/adddomain.sh
new file mode 100755
index 0000000..d44b567
--- /dev/null
+++ b/adddomain.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+domain="$1"
+[ -z "$1" ] && exit
+
+domain="$1"
+subdom="mail"
+
+# Add the domain to the valid postfix addresses.
+grep -q "^mydestination.*$domain" /etc/postfix/main.cf ||
+	sed -i "s/^mydestination.*/&, $domain/" /etc/postfix/main.cf
+
+# Create DKIM for new domain.
+mkdir -p "/etc/postfix/dkim/$domain"
+opendkim-genkey -D "/etc/postfix/dkim/$domain" -d "$domain" -s "$subdom"
+chgrp -R opendkim /etc/postfix/dkim/*
+chmod -R g+r /etc/postfix/dkim/*
+
+# Add entries to keytable and signing table.
+echo "$subdom._domainkey.$domain $domain:$subdom:/etc/postfix/dkim/$domain/$subdom.private" >> /etc/postfix/dkim/keytable
+echo "*@$domain $subdom._domainkey.$domain" >> /etc/postfix/dkim/signingtable
+
+systemctl reload opendkim postfix
+
+# Print out DKIM TXT entry.
+pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')"
+
+dkimentry="$subdom._domainkey.$domain	TXT	v=DKIM1; k=rsa; $pval"
+dmarcentry="_dmarc.$domain	TXT	v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1"
+spfentry="$domain	TXT	v=spf1 mx a:$maildomain -all"
+mxentry="$domain	MX	10	$maildomain	300"
+
+echo "$dkimentry
+$dmarcentry
+$spfentry
+$mxentry" >> "$HOME/dns_emailwizard_added"
+
+echo "=== ADD THE FOLLOWING TO YOUR DNS TXT RECORDS ==="
+echo "$dkimentry
+$dmarcentry
+$spfentry
+$mxentry"
+echo "They have also been stored in ~/dns_emailwizard_added"
diff --git a/emailwiz.sh b/emailwiz.sh
new file mode 100644
index 0000000..ce7d64c
--- /dev/null
+++ b/emailwiz.sh
@@ -0,0 +1,481 @@
+#!/bin/sh
+
+# BEFORE INSTALLING
+
+# Have a Debian or Ubuntu server with a static IP and DNS records (usually
+# A/AAAA) that point your domain name to it.
+
+# NOTE WHILE INSTALLING
+
+# On installation of Postfix, select "Internet Site" and put in TLD (without
+# `mail.` before it).
+
+# AFTER INSTALLING
+
+# More DNS records will be given to you to install. One of them will be
+# different for every installation and is uniquely generated on your machine.
+
+umask 0022
+
+install_packages="postfix postfix-pcre dovecot-imapd dovecot-pop3d dovecot-sieve opendkim opendkim-tools spamassassin spamc net-tools fail2ban bind9-host"
+
+systemctl -q stop dovecot
+systemctl -q stop postfix
+apt-get purge ?config-files -y $install_packages
+apt-get install -y $install_packages
+
+domain="$(cat /etc/mailname)"
+subdom=${MAIL_SUBDOM:-mail}
+maildomain="$subdom.$domain"
+certdir="/etc/letsencrypt/live/$maildomain"
+
+selfsigned="no"                 # yes no
+allow_suboptimal_ciphers="yes"  #yes no
+mailbox_format="maildir"        # maildir sdbox
+allowed_protocols=" imap pop3 " #imap pop3
+
+use_cert_config="no"
+country_name="" # IT US UK IN etc etc
+state_or_province_name=""
+organization_name=""
+common_name="$(hostname -f)"
+
+if [ "$use_cert_config" = "yes" ]; then
+  echo "[req]
+	default_bit = 4096
+	distinguished_name = req_distinguished_name
+	prompt = no
+
+	[req_distinguished_name]
+	countryName             = $country_name
+	stateOrProvinceName     = $state_or_province_name
+	organizationName        = $organization_name
+	commonName              = $common_name " >$certdir/certconfig.conf
+
+fi
+
+# Preliminary record checks
+ipv4=$(host "$domain" | grep -m1 -Eo '([0-9]+\.){3}[0-9]+')
+[ -z "$ipv4" ] && echo "\033[0;31mPlease point your domain ("$domain") to your server's ipv4 address." && exit 1
+ipv6=$(host "$domain" | grep "IPv6" | awk '{print $NF}')
+[ -z "$ipv6" ] && echo "\033[0;31mPlease point your domain ("$domain") to your server's ipv6 address." && exit 1
+
+# Open required mail ports
+for port in 80 993 465 25 587 110 995; do
+  ufw allow "$port" 2>/dev/null
+done
+
+if [ "$selfsigned" = "yes" ]; then
+  rm -f $certdir/privkey.pem
+  rm -f $certdir/csr.pem
+  rm -f $certdir/fullchain.pem
+
+  echo "Generating a 4096 rsa key and a self-signed certificate that lasts 100 years"
+  mkdir -p $certdir
+  openssl genrsa -out $certdir/privkey.pem 4096
+
+  if [ "$use_cert_config" = "yes" ]; then
+    openssl req -new -key $certdir/privkey.pem -out $certdir/csr.pem -config $certdir/certconfig.conf
+  else
+    openssl req -new -key $certdir/privkey.pem -out $certdir/csr.pem
+  fi
+  openssl req -x509 -days 36500 -key $certdir/privkey.pem -in $certdir/csr.pem -out $certdir/fullchain.pem
+else
+
+  # Open port 80 for Certbot.
+  ufw allow 80 2>/dev/null
+
+  [ ! -d "$certdir" ] &&
+    possiblecert="$(certbot certificates 2>/dev/null | grep "Domains:\.* \(\*\.$domain\|$maildomain\)\(\s\|$\)" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" &&
+    certdir="${possiblecert%/*}"
+
+  [ ! -d "$certdir" ] &&
+    certdir="/etc/letsencrypt/live/$maildomain" &&
+    case "$(netstat -tulpn | grep ":80\s")" in
+    *nginx*)
+      apt install -y python3-certbot-nginx
+      certbot -d "$maildomain" certonly --nginx --register-unsafely-without-email --agree-tos
+      ;;
+    *apache*)
+      apt install -y python3-certbot-apache
+      certbot -d "$maildomain" certonly --apache --register-unsafely-without-email --agree-tos
+      ;;
+    *)
+      apt install -y python3-certbot
+      certbot -d "$maildomain" certonly --standalone --register-unsafely-without-email --agree-tos
+      ;;
+    esac
+
+fi
+
+[ ! -f "$certdir/fullchain.pem" ] && echo "Error locating or installing SSL certificate." && exit 1
+[ ! -f "$certdir/privkey.pem" ] && echo "Error locating or installing SSL certificate." && exit 1
+if [ "$selfsigned" != "yes" ]; then
+  [ ! -f "$certdir/cert.pem" ] && echo "Error locating or installing SSL certificate." && exit 1
+fi
+
+[ ! -d "$certdir" ] && echo "Error locating or installing SSL certificate." && exit 1
+
+echo "Configuring Postfix's main.cf..."
+
+# Adding additional vars to fix an issue with receiving emails (relay access denied) and adding it to mydestination.
+postconf -e "myhostname = $maildomain"
+postconf -e "mail_name = $domain" #This is for the smtpd_banner
+postconf -e "mydomain = $domain"
+postconf -e 'mydestination = $myhostname, $mydomain, mail, localhost.localdomain, localhost, localhost.$mydomain'
+
+# Change the cert/key files to the default locations of the Let's Encrypt cert/key
+postconf -e "smtpd_tls_key_file=$certdir/privkey.pem"
+postconf -e "smtpd_tls_cert_file=$certdir/fullchain.pem"
+if [ "$selfsigned" != "yes" ]; then
+  postconf -e "smtp_tls_CAfile=$certdir/cert.pem"
+fi
+
+# Enable, but do not require TLS. Requiring it with other servers would cause
+# mail delivery problems and requiring it locally would cause many other
+# issues.
+postconf -e 'smtpd_tls_security_level = may'
+postconf -e 'smtp_tls_security_level = may'
+
+# TLS required for authentication.
+postconf -e 'smtpd_tls_auth_only = yes'
+
+# Exclude insecure and obsolete encryption protocols.
+postconf -e 'smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1'
+postconf -e 'smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1'
+postconf -e 'smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1'
+postconf -e 'smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1'
+
+# Exclude suboptimal ciphers.
+if [ "$allow_suboptimal_ciphers" = "no" ]; then
+  postconf -e 'tls_preempt_cipherlist = yes'
+  postconf -e 'smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL'
+fi
+
+# Here we tell Postfix to look to Dovecot for authenticating users/passwords.
+# Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth
+postconf -e 'smtpd_sasl_auth_enable = yes'
+postconf -e 'smtpd_sasl_type = dovecot'
+postconf -e 'smtpd_sasl_path = private/auth'
+
+# helo, sender, relay and recipient restrictions
+postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre"
+postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain'
+postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain'
+postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination'
+postconf -e 'smtpd_helo_required = yes'
+postconf -e 'smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname'
+
+# NOTE: the trailing slash here, or for any directory name in the home_mailbox
+# command, is necessary as it distinguishes a maildir (which is the actual
+# directory that we want) from a spoolfile (which is what old unix boomers want
+# and no one else).
+postconf -e 'home_mailbox = Mail/Inbox/'
+
+# Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses
+postconf -e "header_checks = regexp:/etc/postfix/header_checks"
+
+# strips "Received From:" in sent emails
+echo "/^Received:.*/     IGNORE
+/^X-Originating-IP:/    IGNORE" >>/etc/postfix/header_checks
+
+# Create a login map file that ensures that if a sender wants to send a mail from a user at our local
+# domain, they must be authenticated as that user
+echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/   \${1}" >/etc/postfix/login_maps.pcre
+
+# master.cf
+echo "Configuring Postfix's master.cf..."
+
+sed -i '/^\s*-o/d;/^\s*submission/d;/^\s*smtp/d' /etc/postfix/master.cf
+
+echo "smtp unix - - n - - smtp
+smtp inet n - y - - smtpd
+  -o content_filter=spamassassin
+submission inet n       -       y       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_tls_auth_only=yes
+  -o smtpd_enforce_tls=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_sender_restrictions=reject_sender_login_mismatch
+  -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre
+  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination
+smtps     inet  n       -       y       -       -       smtpd
+  -o syslog_name=postfix/smtps
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+spamassassin unix -     n       n       -       -       pipe
+  user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >>/etc/postfix/master.cf
+
+# By default, dovecot has a bunch of configs in /etc/dovecot/conf.d/ These
+# files have nice documentation if you want to read it, but it's a huge pain to
+# go through them to organize.  Instead, we simply overwrite
+# /etc/dovecot/dovecot.conf because it's easier to manage. You can get a backup
+# of the original in /usr/share/dovecot if you want.
+mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf
+
+echo "Creating Dovecot config..."
+
+echo "# Dovecot config
+# Note that in the dovecot conf, you can use:
+# %u for username
+# %n for the name in name@domain.tld
+# %d for the domain
+# %h the user's home directory
+
+ssl = required
+ssl_cert = <$certdir/fullchain.pem
+ssl_key = <$certdir/privkey.pem
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = "'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED'"
+ssl_prefer_server_ciphers = yes
+ssl_dh = </usr/share/dovecot/dh.pem
+auth_mechanisms = plain login
+auth_username_format = %n
+
+protocols = \$protocols $allowed_protocols
+
+# Search for valid users in /etc/passwd
+userdb {
+	driver = passwd
+}
+#Fallback: Use plain old PAM to find user passwords
+passdb {
+	driver = pam
+}
+
+# Our mail for each user will be in ~/Mail, and the inbox will be ~/Mail/Inbox
+# The LAYOUT option is also important because otherwise, the boxes will be \`.Sent\` instead of \`Sent\`.
+mail_location = $mailbox_format:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
+namespace inbox {
+	inbox = yes
+	mailbox Drafts {
+	special_use = \\Drafts
+	auto = subscribe
+}
+	mailbox Junk {
+	special_use = \\Junk
+	auto = subscribe
+	autoexpunge = 30d
+}
+  mailbox Spam {
+	special_use = \\Spam
+	auto = subscribe
+	autoexpunge = 7d
+}
+	mailbox Sent {
+	special_use = \\Sent
+	auto = subscribe
+}
+	mailbox Trash {
+	special_use = \\Trash
+}
+	mailbox Archive {
+	special_use = \\Archive
+}
+}
+
+# Here we let Postfix use Dovecot's authentication system.
+service auth {
+  unix_listener /var/spool/postfix/private/auth {
+	mode = 0660
+	user = postfix
+	group = postfix
+}
+}
+
+protocol lda {
+  mail_plugins = \$mail_plugins sieve
+}
+
+protocol lmtp {
+  mail_plugins = \$mail_plugins sieve
+}
+
+protocol pop3 {
+  pop3_uidl_format = %08Xu%08Xv
+  pop3_no_flag_updates = yes
+}
+
+plugin {
+	sieve = ~/.dovecot.sieve
+	sieve_default = /var/lib/dovecot/sieve/default.sieve
+	#sieve_global_path = /var/lib/dovecot/sieve/default.sieve
+	sieve_dir = ~/.sieve
+	sieve_global_dir = /var/lib/dovecot/sieve/
+}
+" >/etc/dovecot/dovecot.conf
+
+# If using an old version of Dovecot, remove the ssl_dl line.
+case "$(dovecot --version)" in
+1 | 2.1* | 2.2*) sed -i '/^ssl_dh/d' /etc/dovecot/dovecot.conf ;;
+esac
+
+mkdir /var/lib/dovecot/sieve/
+
+echo "require [\"fileinto\", \"mailbox\"];
+if header :contains \"X-Spam-Flag\" \"YES\" {
+	fileinto \"Junk\";
+}" >/var/lib/dovecot/sieve/default.sieve
+
+echo "require [\"fileinto\", \"mailbox\"];
+if header :contains \"X-Spam-Level\" \"***************\" {
+  fileinto \"Spam\";
+}" >>/var/lib/dovecot/sieve/default.sieve
+
+grep -q '^vmail:' /etc/passwd || useradd vmail
+chown -R vmail:vmail /var/lib/dovecot
+sievec /var/lib/dovecot/sieve/default.sieve
+
+echo 'Preparing user authentication...'
+grep -q nullok /etc/pam.d/dovecot ||
+  echo 'auth    required        pam_unix.so nullok
+account required        pam_unix.so' >>/etc/pam.d/dovecot
+
+# OpenDKIM
+
+# A lot of the big name email services, like Google, will automatically reject
+# as spam unfamiliar and unauthenticated email addresses. As in, the server
+# will flatly reject the email, not even delivering it to someone's Spam
+# folder.
+
+# OpenDKIM is a way to authenticate your email so you can send to such services
+# without a problem.
+
+# Create an OpenDKIM key in the proper place with proper permissions.
+echo 'Generating OpenDKIM keys...'
+mkdir -p "/etc/postfix/dkim/$domain"
+opendkim-genkey -D "/etc/postfix/dkim/$domain" -d "$domain" -s "$subdom"
+chgrp -R opendkim /etc/postfix/dkim/*
+chmod -R g+r /etc/postfix/dkim/*
+
+# Generate the OpenDKIM info:
+echo 'Configuring OpenDKIM...'
+grep -q "$domain" /etc/postfix/dkim/keytable 2>/dev/null ||
+  echo "$subdom._domainkey.$domain $domain:$subdom:/etc/postfix/dkim/$domain/$subdom.private" >>/etc/postfix/dkim/keytable
+
+grep -q "$domain" /etc/postfix/dkim/signingtable 2>/dev/null ||
+  echo "*@$domain $subdom._domainkey.$domain" >>/etc/postfix/dkim/signingtable
+
+grep -q '127.0.0.1' /etc/postfix/dkim/trustedhosts 2>/dev/null ||
+  echo '127.0.0.1
+10.1.0.0/16' >>/etc/postfix/dkim/trustedhosts
+
+# ...and source it from opendkim.conf
+grep -q '^KeyTable' /etc/opendkim.conf 2>/dev/null || echo 'KeyTable file:/etc/postfix/dkim/keytable
+SigningTable refile:/etc/postfix/dkim/signingtable
+InternalHosts refile:/etc/postfix/dkim/trustedhosts' >>/etc/opendkim.conf
+
+sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf
+sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf
+
+sed -i '/Socket/s/^#*/#/' /etc/opendkim.conf
+grep -q '^Socket\s*inet:12301@localhost' /etc/opendkim.conf || echo 'Socket inet:12301@localhost' >>/etc/opendkim.conf
+
+# OpenDKIM daemon settings, removing previously activated socket.
+sed -i '/^SOCKET/d' /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >>/etc/default/opendkim
+
+# Here we add to postconf the needed settings for working with OpenDKIM
+echo 'Configuring Postfix with OpenDKIM settings...'
+postconf -e 'smtpd_sasl_security_options = noanonymous, noplaintext'
+postconf -e 'smtpd_sasl_tls_security_options = noanonymous'
+postconf -e "myhostname = $maildomain"
+postconf -e 'milter_default_action = accept'
+postconf -e 'milter_protocol = 6'
+postconf -e 'smtpd_milters = inet:localhost:12301'
+postconf -e 'non_smtpd_milters = inet:localhost:12301'
+postconf -e 'mailbox_command = /usr/lib/dovecot/deliver'
+
+# Long-term fix to prevent SMTP smuggling
+postconf -e 'smtpd_forbid_bare_newline = normalize'
+postconf -e 'smtpd_forbid_bare_newline_exclusions = $mynetworks'
+
+# A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442
+/lib/opendkim/opendkim.service.generate
+systemctl daemon-reload
+
+# Enable fail2ban security for dovecot and postfix.
+[ ! -f /etc/fail2ban/jail.d/emailwiz.local ] && echo "[postfix]
+enabled = true
+[postfix-sasl]
+enabled = true
+[sieve]
+enabled = true
+[dovecot]
+enabled = true" >/etc/fail2ban/jail.d/emailwiz.local
+
+sed -i "s|^backend = auto$|backend = systemd|" /etc/fail2ban/jail.conf
+
+# Enable SpamAssassin update cronjob.
+if [ -f /etc/default/spamassassin ]; then
+  sed -i "s|^CRON=0|CRON=1|" /etc/default/spamassassin
+  printf "Restarting spamassassin..."
+  service spamassassin restart && printf " ...done\\n"
+  systemctl enable spamassassin
+elif [ -f /etc/default/spamd ]; then
+  sed -i "s|^CRON=0|CRON=1|" /etc/default/spamd
+  printf "Restarting spamd..."
+  service spamd restart && printf " ...done\\n"
+  systemctl enable spamd
+else
+  printf "!!! Neither /etc/default/spamassassin or /etc/default/spamd exists, this is unexpected and needs to be investigated"
+fi
+
+for x in opendkim dovecot postfix fail2ban; do
+  printf "Restarting %s..." "$x"
+  service "$x" restart && printf " ...done\\n"
+  systemctl enable "$x"
+done
+
+pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')"
+dkimentry="$subdom._domainkey.$domain	TXT	v=DKIM1; k=rsa; $pval"
+dmarcentry="_dmarc.$domain	TXT	v=DMARC1; p=reject; rua=mailto:postmaster@$domain; fo=1"
+spfentry="$domain	TXT	v=spf1 mx a:$maildomain ip4:$ipv4 ip6:$ipv6 -all"
+mxentry="$domain	MX	10	$maildomain	300"
+
+useradd -m -G mail postmaster
+
+# Create a cronjob that deletes month-old postmaster mails:
+cat <<EOF >/etc/cron.weekly/postmaster-clean
+#!/bin/sh
+
+find /home/postmaster/Mail -type f -mtime +30 -name '*.mail*' -delete >/dev/null 2>&1
+exit 0
+EOF
+chmod 755 /etc/cron.weekly/postmaster-clean
+
+grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.ini ||
+  echo "
+deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >>/etc/letsencrypt/cli.ini
+
+echo "NOTE: Elements in the entries might appear in a different order in your registrar's DNS settings.
+$dkimentry
+$dmarcentry
+$spfentry
+$mxentry" >"$HOME/dns_emailwizard"
+
+printf "\033[31m
+ _   _
+| \ | | _____      ___
+|  \| |/ _ \ \ /\ / (_)
+| |\  | (_) \ V  V / _
+|_| \_|\___/ \_/\_/ (_)\033[0m
+
+Add these three records to your DNS TXT records on either your registrar's site
+or your DNS server:
+\033[32m
+$dkimentry
+
+$dmarcentry
+
+$spfentry
+
+$mxentry
+\033[0m
+NOTE: You may need to omit the \`.$domain\` portion at the beginning if
+inputting them in a registrar's web interface.
+
+Also, these are now saved to \033[34m~/dns_emailwizard\033[0m in case you want them in a file.
+
+Once you do that, you're done! Check the README for how to add users/accounts
+and how to log in.\n"
-- 
cgit v1.2.3