SCRIPT: configurar CSF para correo (Gmail friendly)

#!/bin/bash
set -e

echo "🔥 Configurando CSF para SMTP seguro (Gmail friendly)"
echo "===================================================="

# 1. Verificar root
if [ "$EUID" -ne 0 ]; then
echo "❌ Ejecuta como root"
exit 1
fi

CSF_CONF="/etc/csf/csf.conf"

if [ ! -f "$CSF_CONF" ]; then
echo "❌ CSF no está instalado"
exit 1
fi

# 2. Activar CSF (producción)
echo "✅ Activando CSF..."
sed -i 's/^TESTING =.*/TESTING = "0"/' $CSF_CONF

# 3. Puertos necesarios (Webuzo + Mail)
echo "🔓 Configurando puertos..."
sed -i 's/^TCP_IN =.*/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2002,2003,3306"/' $CSF_CONF
sed -i 's/^TCP_OUT =.*/TCP_OUT = "20,21,22,25,53,80,110,143,443,465,587,993,995,2002,2003,3306"/' $CSF_CONF
sed -i 's/^UDP_IN =.*/UDP_IN = "53,123"/' $CSF_CONF
sed -i 's/^UDP_OUT =.*/UDP_OUT = "53,123"/' $CSF_CONF

# 4. Protección SMTP AUTH (clave contra spam)
echo "📧 Protegiendo SMTP AUTH..."
sed -i 's/^LF_SMTPAUTH =.*/LF_SMTPAUTH = "1"/' $CSF_CONF
sed -i 's/^LF_SMTPAUTH_PERM =.*/LF_SMTPAUTH_PERM = "1"/' $CSF_CONF

# 5. Protección contra brute force
echo "🛡️ Protecciones básicas..."
sed -i 's/^LF_SSHD =.*/LF_SSHD = "5"/' $CSF_CONF
sed -i 's/^LF_SSHD_PERM =.*/LF_SSHD_PERM = "1"/' $CSF_CONF

# 6. Port flood (SMTP + Web)
sed -i 's/^PORTFLOOD =.*/PORTFLOOD = "22;tcp;5;300,25;tcp;30;300,587;tcp;30;300,80;tcp;50;5"/' $CSF_CONF

# 7. Permitir ping (recomendado)
sed -i 's/^ICMP_IN =.*/ICMP_IN = "1"/' $CSF_CONF

# 8. Permitir loopback
sed -i 's/^ALLOW_SYSLOG =.*/ALLOW_SYSLOG = "1"/' $CSF_CONF

# 9. Reiniciar CSF
echo "🔄 Reiniciando CSF..."
csf -r

echo "===================================================="
echo "✅ CSF CONFIGURADO CORRECTAMENTE"
echo ""
echo "📌 IMPORTANTE PARA GMAIL:"
echo " ✔ SPF"
echo " ✔ DKIM"
echo " ✔ DMARC"
echo " ✔ Reverse DNS"
echo ""
echo "🧪 Recomendado: enviar correo de prueba a Gmail"