#!/bin/bash # ========================================== # KONFIGURATION # ========================================== AWS_REGION="us-east-2" # CADDY_SERVER_IP="DEINE_CADDY_IP_HIER" # WICHTIG: IP deines Caddy Servers eintragen # MAIL_SERVER_HOSTNAME="mail.email-srvr.com" # Der Server, mit dem sich Outlook/iPhone verbinden if [ -z "$DOMAIN_NAME" ]; then echo "Fehler: DOMAIN_NAME ist nicht gesetzt (z.B. export DOMAIN_NAME='bayarea-cc.com')." exit 1 fi if [ -z "$CF_API_TOKEN" ]; then echo "Fehler: CF_API_TOKEN fehlt." exit 1 fi if [ -z "$CADDY_SERVER_IP" ]; then echo "Fehler: CADDY_SERVER_IP fehlt. Bitte im Skript eintragen." exit 1 fi # Fallback für Mailserver Variable if [ -z "$MAIL_SERVER_HOSTNAME" ]; then MAIL_SERVER_HOSTNAME="mail.email-srvr.com" fi # ========================================== # ZONE ID ERMITTELN # ========================================== echo "Zone ID für $DOMAIN_NAME abrufen..." ZONE_RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DOMAIN_NAME" \ -H "Authorization: Bearer $CF_API_TOKEN" \ -H "Content-Type: application/json") if [ "$(echo $ZONE_RESPONSE | jq -r '.success')" != "true" ]; then echo "Fehler beim Abrufen der Zone ID:" echo $ZONE_RESPONSE | jq . exit 1 fi CF_ZONE_ID=$(echo $ZONE_RESPONSE | jq -r '.result[0].id') echo "Zone ID: $CF_ZONE_ID" # ========================================== # FUNKTIONEN # ========================================== create_dns_record() { local TYPE=$1 local NAME=$2 local CONTENT=$3 local PROXIED=$4 local TTL=$5 local PRIORITY=$6 if [ -z "$PROXIED" ]; then PROXIED="false"; fi if [ -z "$TTL" ]; then TTL=3600; fi echo "Erstelle $TYPE-Eintrag für $NAME..." local JSON_DATA="" if [ "$TYPE" = "MX" ]; then if [ -z "$PRIORITY" ]; then PRIORITY=10; fi JSON_DATA="{ \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"$CONTENT\", \"ttl\": $TTL, \"priority\": $PRIORITY, \"proxied\": $PROXIED }" elif [ "$TYPE" = "TXT" ]; then CONTENT=$(echo "$CONTENT" | sed 's/"//g') JSON_DATA="{ \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"\\\"$CONTENT\\\"\", \"ttl\": $TTL, \"proxied\": $PROXIED }" else JSON_DATA="{ \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"$CONTENT\", \"ttl\": $TTL, \"proxied\": $PROXIED }" fi curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/dns_records" \ -H "Authorization: Bearer $CF_API_TOKEN" \ -H "Content-Type: application/json" \ --data "$JSON_DATA" | jq -r '.success' } create_srv_record() { local SERVICE=$1 # z.B. _imap local PROTO=$2 # z.B. _tcp local PORT=$3 # z.B. 993 local TARGET=$4 # z.B. mail.email-srvr.com local NAME="${SERVICE}.${PROTO}.${DOMAIN_NAME}" echo "Erstelle SRV-Eintrag für $NAME -> $TARGET:$PORT..." local JSON_DATA="{ \"type\": \"SRV\", \"name\": \"$NAME\", \"data\": { \"service\": \"$SERVICE\", \"proto\": \"$PROTO\", \"name\": \"$DOMAIN_NAME\", \"priority\": 0, \"weight\": 1, \"port\": $PORT, \"target\": \"$TARGET\" }, \"ttl\": 3600 }" curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/dns_records" \ -H "Authorization: Bearer $CF_API_TOKEN" \ -H "Content-Type: application/json" \ --data "$JSON_DATA" | jq -r '.success' } # ========================================== # 1. AWS SES Setup (DKIM & Verifizierung) # ========================================== echo "--- AWS SES Konfiguration ---" DKIM_TOKENS=$(aws ses get-identity-dkim-attributes \ --identities ${DOMAIN_NAME} --region ${AWS_REGION} \ --query "DkimAttributes.\"${DOMAIN_NAME}\".DkimTokens" --output text) VERIFICATION_TOKEN=$(aws ses get-identity-verification-attributes \ --identities ${DOMAIN_NAME} --region ${AWS_REGION} \ --query "VerificationAttributes.\"${DOMAIN_NAME}\".VerificationToken" --output text) if [ -n "$DKIM_TOKENS" ]; then for TOKEN in ${DKIM_TOKENS}; do create_dns_record "CNAME" "${TOKEN}._domainkey.${DOMAIN_NAME}" "${TOKEN}.dkim.amazonses.com" "false" done fi if [ -n "$VERIFICATION_TOKEN" ]; then create_dns_record "TXT" "_amazonses.${DOMAIN_NAME}" "${VERIFICATION_TOKEN}" "false" fi # ========================================== # 2. MX Records (AWS SES Ingest) # ========================================== echo "--- MX Records (AWS SES) ---" # Hier leiten wir eingehende Mails an Amazon S3/SQS Pipeline create_dns_record "MX" "${DOMAIN_NAME}" "inbound-smtp.${AWS_REGION}.amazonaws.com" "false" 3600 10 # ========================================== # 3. Autodiscover & Caddy (Client Access) # ========================================== echo "--- Autodiscover & Caddy Konfiguration ---" # A-Records: Autodiscover Domains zeigen auf deinen Caddy create_dns_record "A" "autodiscover.${DOMAIN_NAME}" "$CADDY_SERVER_IP" "false" create_dns_record "A" "autoconfig.${DOMAIN_NAME}" "$CADDY_SERVER_IP" "false" # ========================================== # 4. SPF & DMARC # ========================================== echo "--- E-Mail Sicherheit (SPF & DMARC) ---" # SPF: Nur Amazon SES erlaubt (Versand läuft darüber) create_dns_record "TXT" "${DOMAIN_NAME}" "v=spf1 include:amazonses.com ~all" "false" create_dns_record "TXT" "mail.${DOMAIN_NAME}" "v=spf1 include:amazonses.com ~all" "false" # DMARC: Standard Policy create_dns_record "TXT" "_dmarc.${DOMAIN_NAME}" "v=DMARC1; p=none; pct=100; rua=mailto:postmaster@${DOMAIN_NAME}" "false" echo "Fertig. Konfiguration für $DOMAIN_NAME abgeschlossen."