update...

roles/common/files/rage/etc/postfix/header_checks.pcre

@@ -0,0 +1,43 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ---
+# - Replace headers
+
+# - Replace recieved from IPv4 / IPv6 header - hide senders IP address and also 'Authenticated sender'
+#
+#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4
+#
+#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6
+
+# - Replace recieved from IPv4 / IPv6 header - hide only sender IP address
+#
+/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3
+
+/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5
+
+# ---
+# - Ignore Headers
+# ---
+
+#/^\s*User-Agent/        IGNORE
+#/^\s*X-Enigmail/        IGNORE
+#/^\s*X-Mailer/          IGNORE
+#/^\s*X-Originating-IP/  IGNORE
+
+
+# ---
+# - Reject / Discard headers
+# ---
+
+/^To:.*<>/                    REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001
+
+/\(envelope-from <>\)/        REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
+
+/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
+
+/^From:.*<>/                  REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
+
+/^Date: .* 19[0-9][0-9]/      REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
+/^Date: .* 200[0-9]/          REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
+/^Date: .* 201[0-9]/          REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003
+/^Date: .* 2020/              REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004

roles/common/files/rage/etc/postfix/postfwd.wl-hosts

@@ -0,0 +1,22 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ---
+# Trusted hosts whitelisted by postfwd
+#
+#    This file is called with '=~'. This means perl regexp is possible
+#
+#
+# To increase performance use ^ and/or $ in regular expressions
+#
+# Example:
+#
+#  # all hosts of domain 'oopen.de'
+#  \.oopen\.de$
+#
+#  # host a.mx.oopen.de
+#  ^a\.mx\.oopen\.de$
+#
+# ---
+
+# give truested hostnames here
+

roles/common/files/rage/etc/postfix/postfwd.wl-nets

@@ -0,0 +1,18 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ---
+# Trusted networks whitelisted by postfwd
+#
+# Example:
+#
+#   # web0.warenform.de
+#   #83.223.86.76
+#   #2a01:30:0:505:286:96ff:fe4a:6ee
+#   #2a01:30:0:13:286:96ff:fe4a:6eee
+#
+# ---
+
+# give truested networrk adresses here
+# d.mx.oopen.de (listen server)
+95.217.204.227
+2a01:4f9:4a:47e5::227

roles/common/files/rage/etc/postfix/postfwd.wl-sender

@@ -0,0 +1,23 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ---
+# Trusted senders whitelisted by postfwd
+#
+#    This file is called with '=~'. This means perl regexp is possible
+#
+#
+# To increase performance use ^ and/or $ in regular expressions
+#
+# Example:
+#
+#  # all senders of maildomaindomain 'oopen.de'
+#  @oopen\.de$
+#
+#  # sender address ckubu@oopen.de
+#  ^ckubu@oopen\.de$
+#
+# ---
+
+# give trusted sender addresses here
+^noreply@login\.ubuntu\.com$
+

roles/common/files/rage/etc/postfix/postfwd.wl-user

@@ -0,0 +1,14 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ---
+# SASL Users whitelisted by postfwd
+#
+# example:
+#
+#    # give trusted sasl usernames here
+#    ckubu@oopen.de
+#    vertrieb@akweb.de
+#
+# ---
+
+# give trusted sasl usernames here

roles/common/files/rage/root/bin/monitoring/conf/check_cert_for_dovecot.conf

@@ -0,0 +1,135 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+#---------------------------------------
+#-----------------------------
+# Settings for script check_cert_for_dovecot.sh
+#-----------------------------
+#---------------------------------------
+
+# - service_domain
+# -
+# - The main domain for which the certificate was issued
+# -
+# - Example:
+# -    service_domain="a.mx.oopen.de"
+# -    service_domain="mail.cadus.org"
+# -    service_domain="mx.warenform.de"
+# -
+#service_domain=""
+service_domain="rage.so36.net"
+
+
+# - service_name
+# -
+# - Name of service.
+# -
+# - Note: this var will also be used to determin systemd service file
+# - or sysVinit script.
+# -
+# - Example: 
+# -    service_name="Mumble"
+# -    service_name="Prosody"
+# -
+# - Defaults to:
+# -    service_name="Dovecot"
+# -
+#service_name=""
+
+
+# - check_string_ps
+# -
+# - String wich (clearly) identifies the service at the process list (ps)
+# -
+# - Example:
+# -    check_string_ps="[[:digit:]]\ /usr/sbin/murmurd"
+# -    check_string_ps=""
+# -
+# - Defaults to:
+# -    check_string_ps="[[:digit:]]\ /usr/local/dovecot-[[:digit:]]{1,2}\.[[:digit:]]{1,2}\.[[:digit:]]{1,2}(\.[[:digit:]]{1,2})?/sbin/dovecot"
+# -
+#check_string_ps=""
+
+
+# - service_user
+# -
+# - User under which the service is running.
+# -
+# - Example:
+# -    service_user="mumble-server"
+# -    service_user="prosody"
+# -
+# - Defaults to:
+# -    service_user="prosody"
+# -
+#service_user=""
+
+
+# - service_group
+# -
+# - Group under which the service is running.
+# -
+# - Example:
+# -    service_group="mumble-server"
+# -    service_group="prosody"
+# -
+# - Defaults to:
+# -    service_group="prosody"
+# -
+#service_group=""
+
+
+# - cert_installed
+# -
+# - Locataion of certificate read by service
+# -
+# - Example:
+# -    cert_installed="/var/lib/mumble-server/fullchain.pem"
+# -    cert_installed="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
+# -
+# - Defaults to:
+# -    /etc/dovecot/ssl/mailserver.crt
+# -
+#cert_installed=""
+
+
+# - key_installed
+# -
+# - Location of the key read by service
+# -
+# - Example:
+# -    key_installed="/var/lib/mumble-server/privkey.pem"
+# -    key_installed="/etc/prosody/certs/privkey_jabber.so36.pem"
+# -
+# - Defaults to:
+# -    /etc/dovecot/ssl/mailserver.key
+# -
+#key_installed=""
+
+
+# - cert_newest
+# -
+# - Location of the newest certificate.
+# -
+# - Example:
+# -    cert_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/fullchain.pem"
+# -    cert_newest="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
+# -
+# - Defaults to: 
+# -    /var/lib/dehydrated/certs/${service_domain}/fullchain.pem
+# -
+#cert_newest=""
+
+
+# - key_newest
+# -
+# - Location of the newest Key
+# -
+# - Example:
+# -    key_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/privkey.pem"
+# -    key_newest="/var/lib/dehydrated/certs/jabber.so36.net/privkey.pem"
+# -
+# - Defaults to:
+# -    /var/lib/dehydrated/certs/${service_domain}/privkey.pem
+# -
+#key_newest=""
+

roles/common/files/rage/root/bin/postfix/conf/check-postfix-fatal-errors.conf

@@ -0,0 +1,55 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ---------------------------------------------------------------
+# - Parameter Settings for script 'check-postfix-fatal-error.sh'.
+# ---------------------------------------------------------------
+
+# MAIL_LOG
+#
+# Full qualified path to the mail log-file
+#
+# Defaults to: MAIL_LOG=/var/log/mail.log
+#
+#MAIL_LOG="/var/log/mail.log"
+
+
+# ---
+# - E-Mail settings for sending script messages
+# ---
+
+# - company
+# -
+# - Example: company="Cadus e.V."
+# -
+# -  Defaults to:
+# -    company="O.OPEN"
+# -
+#company="O.OPEN"
+company="so36.NET e.V."
+
+# - sender_address
+# -
+# - Defaults to:
+# -    sender_address="${script_name%%.*}@$(hostname -f)"
+# -
+#sender_address="check-postfix-fatal-error@$(hostname -f)"
+
+# - content_type
+# -
+# - Defaults to:
+# -    content_type='Content-Type: text/plain;\n charset="utf-8"'
+# -
+#content_type='Content-Type: text/plain;\n charset="utf-8"'
+
+# - alert_email_addresses
+# -
+# - blank separated list of e-mail addresses
+#
+# - Example: alert_email_addresses="ckubu@oopen.de axel@warenform.net"
+# -
+# - Defaults to:
+# -    alert_email_addresses="ckubu@oopen.de"
+# -
+#alert_email_addresses="ckubu@oopen.de"
+alert_email_addresses="roots@so36.net"
+

roles/common/files/rage/root/bin/postfix/conf/get_number_of_deferred_mailqueue.conf

@@ -0,0 +1,27 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ----------------------------------------------------
+# ---
+# - Parameter Settings for script 'get_number_of_deferred_mailqueue.sh'.
+# ---
+# ----------------------------------------------------
+
+# -   notification_addresses
+# -
+# - Where to send notifications
+# -
+# - Defaults to argus@oopen.de
+# -
+notification_addresses="roots@so36.net"
+
+
+# - count_warn
+# -
+# - If number of deferred e-mails exceeds give parameter 'count_warn'
+# - an e-mail will be written to adresse(s) given at parameter
+# - 'notification_addresses'.
+# -
+# - Defaults to 100
+# -
+#count_warn=100
+

roles/common/files/rage/root/bin/postfix/conf/sent_userinfo_postfix.conf

@@ -0,0 +1,94 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ----------------------------------------------------
+# ---
+# - Parameter Settings for script 'sent_userinfo_postfix.sh'.
+# ---
+# ----------------------------------------------------
+
+# - message_body_file
+# -
+# - Full path to file containing the user info. This file must contain 
+# - the message body WITHOUT e-mail headers. If file is placed in the
+# - 'files' directory use '${file_dir}/<file-name>'
+# -
+# - Defaults to '${file_dir}/sent_userinfo_postfix.message'
+# -
+#message_body_file="${file_dir}/sent_userinfo_postfix.message"
+
+
+# - email_from
+# -
+# - From Address of user info
+# -
+# - Example: 'oo@oopen.de'
+# -
+#email_from=""
+email_from="support@so36.net"
+
+
+# - email_from_org
+# -
+# - Example: email_from_org="O.OPEN"
+# -
+#email_from_org=""
+email_from_org="so36.NET e.V."
+
+
+# - db_type
+# -
+# - Type of Postfix Database
+# -
+# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
+# - 
+# - Defaults to: db_type="pgsql"
+# -
+#db_type="pgsql"
+
+# - db_name
+# -
+# - Database name for the postfix database
+# - 
+# - Defaults to: db_name="postfix"
+# -
+#db_name="postfix"
+
+# - mysql_credential_args (root access to MySQL Database)
+# -
+# - Example
+# -    mysql_credential_args="--login-path=local"
+# -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
+# -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+# -
+# - Defaults to:
+# -    '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
+# -    '/usr/local/mysql/sys-maint.cnf' otherwise
+# -
+#mysql_credential_args=""
+
+
+# - mail_user
+# -
+# - The owner of the mailbox directories and within the e-mails itself.
+# -
+# - defaults to mail_user="vmail"
+# -
+#mail_user="vmail"
+
+
+# - mail_group
+# -
+# - The group of the mailbox directories
+# -
+# - defaults to mail_group="vmail"
+# -
+#mail_group="vmail"
+
+
+# - mail_basedir - No more needed!
+# -
+# - The root directory where all mailbox-domains are located.
+# -
+# - Defaults to '/var/vmail'.
+# -
+#mail_basedir=/var/vmail