-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmailx365-setup
executable file
·118 lines (98 loc) · 3.46 KB
/
mailx365-setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/bin/bash
# Set-up ~/.mailrc to work via O365 SMTP authentication.
# usage: mailx365-setup <O365 App authentication code>
#
# creates:
# 1. ~/.mailrc file
# 2. ~/.certificate directory
#
# 2018-07-30 yaswant.pradhan
# 2018-08-09 Use system databases of trusted certificate authorities. YP.
# -----------------------------------------------------------------------------
set -e
SMTP='smtp.office365.com:587'
CERT_DIR=~/.certificates
MAIL_DIR=~/Mail
o365cert="${CERT_DIR}/O365.cer"
mailrc=~/.mailrc
user_email=$(getent passwd $USER |cut -d: -f5)@metoffice.gov.uk # <- update
auth_help()
{ # Check for O365 app authentication file for mail ---------------------------
cat << EOF
A. Generate Office365 app authentication token:
1. Go to https://account.activedirectory.windowsazure.com/AppPasswords.aspx
and jump to A.3.
2. [optional] If the link in A.1 does not redirect to appropriate location:
2.1. Navigate to https://myapps.microsoft.com.
2.2. Click on the user name on the top right hand corner.
2.3. Select 'Profile' from the drop down options.
2.4. Under the 'Manage account' column Click 'Additional security verification'.
2.5. Select 'App Passwords' in the heading.
3. Click on 'create' button.
4. Enter a relevant name.
5. Select 'next' and copy the password (o365_app_token) somewhere safe.
B. Run (this) mail set-up script from a terminal using the following command:
(replace <o365_app_token> with actual password)
B. Then run: ${0##*/} o365_app_token
EOF
}
update_mailrc() { # Update mailrc file ----------------------------------------
# usage: $0 authentication_token
[ -f "$mailrc" ] && mv "$mailrc" "${mailrc}.bkp"
mkdir -p $MAIL_DIR
cat > "$mailrc" << EOF
set smtp-use-starttls
set ssl-verify=ignore
set smtp-auth=login
set smtp=$SMTP
set from=$user_email
set smtp-auth-user=$user_email
set smtp-auth-password=$1
set ssl-verify=ignore
set nss-config-dir=$CERT_DIR
# keep a record of sent mails
set record=$MAIL_DIR/sent
EOF
chmod 600 "$mailrc"
}
while [[ $1 == -* ]]; do
case "$1" in
-h|--help|-\?) auth_help; exit 0;;
--) shift; break;;
-*) echo "invalid option: $1" 1>&2; exit 1;;
esac
done
O365_TOKEN="$1"
if [[ "$O365_TOKEN" ]]; then
update_mailrc "$O365_TOKEN"
else
echo "usage: ${0##*/} O365_app_token"
echo "try: ${0##*/} --help"
exit 1
fi
# Create certificate ----------------------------------------------------------
# First, backup existing certificate directory, if any.
CERT_BKP="${CERT_DIR}.bkp"
[ -d "$CERT_DIR" ] && rsync -au --remove-source-files $CERT_DIR/ $CERT_BKP
# Create new O365 certificate
if [ ! -f "$o365cert" ]; then
mkdir -p "$CERT_DIR"
# opt 1. Create new certificate and key databases in $CERT_DIR
# this will mostly likely result in certificate verification error.
# certutil -N -d "$CERT_DIR"
# opt 2. Link to databases (cert8.db and key3.db required) of trusted
# certificate authorities in $CERT_DIR
for i in /etc/pki/nssdb/*; do
ln -sf "$i" -t $CERT_DIR
done
# optional: create a certificate and restrict permission
echo -n \
| openssl s_client -starttls smtp -crlf -connect $SMTP \
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > "$o365cert"
# restrict permission on the certificate
chmod 600 $o365cert
# List certificates in CERT_DIR (-trustargs SSL, email, object signing)
# certutil -L -d $CERT_DIR
fi
echo -e "\n\n${0##*/}: ~/${mailrc##*/} file was updated successfully. \c"
echo -e "You may use mail, mailx, nail application normally.\n"