commit 7b99950e3361b07cd1f7eae9e891fa3661b65c69 Author: Christoph Date: Sun Feb 19 11:29:48 2017 +0100 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dacfdd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/hosts/BAK/* +install-amavis.conf diff --git a/install_amavis.sh b/install_amavis.sh new file mode 100755 index 0000000..a971dbe --- /dev/null +++ b/install_amavis.sh @@ -0,0 +1,3613 @@ +#!/usr/bin/env bash + +_QUARANTINE_ADMIN='postmaster\@$mydomain' +QUARANTINE_ADMIN=$_QUARANTINE_ADMIN + + +# ------------- +# --- Some functions +# ------------- +echononl(){ + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ +} + +fatal(){ + echo "" + echo -e "fatal error: $*" + echo "" + echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" + echo "" + exit 1 +} + +error(){ + echo "" + echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" + echo "" +} + +warn (){ + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" +} + +info (){ + echo "" + echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" + echo "" +} + +echo_done() { + echo -e "\033[80G[ \033[32mdone\033[m ]" +} +echo_ok() { + echo -e "\033[80G[ \033[32mok\033[m ]" +} +echo_warning() { + echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" +} +echo_failed(){ + echo -e "\033[80G[ \033[1;31mfailed\033[m ]" +} +echo_skipped() { + echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" +} + + +# - Is this a systemd system? +# - +if [[ "X`which systemd`" = "X" ]]; then + systemd_exists=false +else + systemd_exists=true +fi + +echo "" + +conf_dir="$(dirname $0)" +conf_file="${conf_dir}/install-amavis.conf" + +if [[ -f "$conf_file" ]]; then + source $conf_file +fi + +#clear +#echo "" +#echo -e "\033[32m--\033[m" +#echo "" +#echononl "Run with Install Script with previous settings (yes/no): " +#read OK +#OK=${OK,,} +#if [[ "X$OK" = "X" ]] ; then +# OK=yes +#fi +#while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do +# echononl "Wrong entry! [yes/no]: " +# read OK +# OK=${OK,,} +#done +#[[ $OK = yes ]] && skip_interactive_use=true +# +#if $skip_interactive_use ; then +# +#HOSTNAME=$_HOSTNAME +#IPV4=$_IPV4 +#IPV6=$_IPV6 +# +#QUARANTINE_DIR=$_QUARANTINE_DIR +#QUARANTINE_ADMIN=$_QUARANTINE_ADMIN +# +#DB_IN_USE=$_DB_IN_USE +#DB_TYPE=$_DB_TYPE +#DB_HOST=$_DB_HOST +#DB_NAME=$_DB_NAME +#DB_USER=$_DB_USER +#DB_PASS=$_DB_PASS +#INSTALL_CLAMAV_UNOFFICIAL_SIGS=$_INSTALL_CLAMAV_UNOFFICIAL_SIGS +#MALWARE_PATROL_IN_USE=$_MALWARE_PATROL_IN_USE +#MALWERE_PATROL_FREE=$_MALWERE_PATROL_FREE +#MP_RECEIPT_NUMBER=$_MP_RECEIPT_NUMBER +#SECURITE_INFO_IN_USE=$_SECURITE_INFO_IN_USE +#SI_AUTHORISATION_SIGNATURE=$_SI_AUTHORISATION_SIGNATURE +# +#else +#clear +#echo -e "\033[21G\033[32mInstallation script for AMaViS, Spamassassin and ClamAV\033[m" +#echo + +clear +echo -e "\033[21G\033[32mInstallation script for AMaViS, Spamassassin and ClamAV\033[m" +echo + + +HOSTNAME= +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert hostname" +echo "" +if [[ -n "$_HOSTNAME" ]]; then + echononl "hostname [${_HOSTNAME}]: " + read HOSTNAME + if [[ "X${HOSTNAME}" = "X" ]]; then + HOSTNAME=$_HOSTNAME + fi +else + while [[ "X${HOSTNAME}" = "X" ]]; do + echononl "hostname: " + read HOSTNAME + if [[ "X${HOSTNAME}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mHostname is reqired\033[m\n" + fi + done +fi + + +IPV4= +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert IPv4 address" +echo "" +if [[ -n "$_IPV4" ]]; then + echononl "IPv4 address [${_IPV4}]: " + read IPV4 + if [[ "X${IPV4}" = "X" ]]; then + IPV4=$_IPV4 + fi +else + while [[ "X${IPV4}" = "X" ]]; do + echononl "IPv4 address: " + read IPV4 + if [[ "X${IPV4}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mIPv4 address is reqired\033[m\n" + fi + done +fi +IPV6= +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert IPv6 address" +echo "Type:" +echo -e "\t\033[33mNone\033[m if IPv6 is not suppoerted" +echo "" +if [[ -n "$_IPV6" ]]; then + [[ "X$_IPV6" = "Xdisabled" ]] && _IPV6=None + echononl "IPv6 address [${_IPV6}]: " + read IPV6 + if [[ "X${IPV6}" = "X" ]]; then + IPV6=$_IPV6 + fi +else + while [[ "X${IPV6}" = "X" ]]; do + echononl "IPv6 address: " + read IPV6 + if [[ "X${IPV6}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mIPv4 address is reqired\033[m\n" + fi + done +fi +if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then + IPV6=disabled +fi + + +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert quarantine directory" +echo "" +echo "" +QUARANTINE_DIR= +if [[ -n "$_QUARANTINE_DIR" ]] ; then + while [[ "X$QUARANTINE_DIR" = "X" ]]; do + echononl "Quarantine Directory [$_QUARANTINE_DIR]: " + read QUARANTINE_DIR + if [[ "X$QUARANTINE_DIR" = "X" ]]; then + QUARANTINE_DIR=$_QUARANTINE_DIR + fi + done +else + + while [[ "X$QUARANTINE_DIR" = "X" ]]; do + echononl "Quarantine Directory: " + read QUARANTINE_DIR + if [[ "X$QUARANTINE_DIR" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mQuarantine Directory is reqired\033[m\n" + fi + done +fi + +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Should ClamAV unofficial Singatures be installed?" +echo "" +if [[ -z "$_INSTALL_CLAMAV_UNOFFICIAL_SIGS" ]]; then + echononl "Install ClamAV unofficial Singatures (yes/no): " +else + if $_INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then + echononl "Install ClamAV unofficial Singatures [yes]: " + else + echononl "Install ClamAV unofficial Singatures [no]: " + fi +fi +read _TMP_INSTALL_CUS +_TMP_INSTALL_CUS=${_TMP_INSTALL_CUS,,} +while [ "X$_TMP_INSTALL_CUS" != "Xyes" -a "X$_TMP_INSTALL_CUS" != "Xno" ]; do + if [[ -z "$_INSTALL_CLAMAV_UNOFFICIAL_SIGS" ]]; then + echononl "Wrong entry! (yes/no): " + read _TMP_INSTALL_CUS + _TMP_INSTALL_CUS=${_TMP_INSTALL_CUS,,} + else + if [ "X$_TMP_INSTALL_CUS" != "Xyes" -a "X$_TMP_INSTALL_CUS" != "Xno" ]; then + if $_INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then + _TMP_INSTALL_CUS=yes + else + _TMP_INSTALL_CUS=no + fi + fi + fi +done +if [[ "$_TMP_INSTALL_CUS" = "yes" ]] ; then + INSTALL_CLAMAV_UNOFFICIAL_SIGS=true +else + INSTALL_CLAMAV_UNOFFICIAL_SIGS=false +fi + +if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo "Load MalwarePatrol Signatures (https://www.malwarepatrol.net)?" + echo "" + echo "Note: You have to sign up for an account. For a free account thats here:" + echo " https://www.malwarepatrol.net/signup-free.shtml" + echo "" + if [[ -z "$_MALWARE_PATROL_IN_USE" ]]; then + echononl "Load MalwarePatrol Singatures (yes/no): " + else + if $_MALWARE_PATROL_IN_USE ; then + echononl "Load MalwarePatrol Singatures [yes]: " + else + echononl "Load MalwarePatrol Singatures [no]: " + fi + fi + read _TMP_LOAD_MP + _TMP_LOAD_MP=${_TMP_LOAD_MP,,} + while [ "X$_TMP_LOAD_MP" != "Xyes" -a "X$_TMP_LOAD_MP" != "Xno" ]; do + if [[ -z "$_MALWARE_PATROL_IN_USE" ]]; then + echononl "Wrong entry! (yes/no): " + read _TMP_LOAD_MP + _TMP_LOAD_MP=${_TMP_LOAD_MP,,} + else + if [ "X$_TMP_LOAD_MP" != "Xyes" -a "X$_TMP_LOAD_MP" != "Xno" ]; then + if [[ "X$_TMP_LOAD_MP" = "X" ]]; then + if $_MALWARE_PATROL_IN_USE ; then + _TMP_LOAD_MP=yes + else + _TMP_LOAD_MP=no + fi + else + if $_MALWARE_PATROL_IN_USE ; then + echononl "Wrong entry! [yes]: " + else + echononl "Wrong entry! [no]: " + fi + read _TMP_LOAD_MP + fi + + fi + fi + done + if [[ "$_TMP_LOAD_MP" = "yes" ]] ; then + MALWARE_PATROL_IN_USE=true + else + MALWARE_PATROL_IN_USE=false + fi + + + if $MALWARE_PATROL_IN_USE ; then + + echo "" + echo "" + echo "Are you using a free account from MalwarePatrol?" + echo "" + echo "" + + if [[ -z "$_MALWERE_PATROL_FREE" ]] ; then + echononl " Using fgree acount from MalwarePatrol? (yes/no): " + else + if $_MALWERE_PATROL_FREE ; then + echononl "Using free acount from MalwarePatrol? [yes]: " + else + echononl "Using free acount from MalwarePatrol? [no]: " + fi + fi + read _TMP_FREE_MP + _TMP_FREE_MP=${_TMP_FREE_MP,,} + while [ "X$_TMP_FREE_MP" != "Xyes" -a "X$_TMP_FREE_MP" != "Xno" ]; do + if [[ -z "$_MALWERE_PATROL_FREE" ]]; then + echononl "Wrong entry! (yes/no): " + read _TMP_FREE_MP + _TMP_FREE_MP=${_TMP_FREE_MP,,} + else + if [ "X$_TMP_FREE_MP" != "Xyes" -a "X$_TMP_FREE_MP" != "Xno" ]; then + if [[ "X$_TMP_FREE_MP" = "X" ]]; then + if $_MALWERE_PATROL_FREE ; then + _TMP_FREE_MP=yes + else + _TMP_FREE_MP=no + fi + else + if $_MALWERE_PATROL_FREE ; then + echononl "Wrong entry! [yes]: " + else + echononl "Wrong entry! [no]: " + fi + read _TMP_FREE_MP + fi + fi + fi + done + if [[ "$_TMP_FREE_MP" = "yes" ]] ; then + MALWERE_PATROL_FREE=true + else + MALWERE_PATROL_FREE=false + fi + + + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo "Insert receipt number for MalwarePatrol Account" + echo "" + echo "" + MP_RECEIPT_NUMBER= + if [[ -n "$_MP_RECEIPT_NUMBER" ]] ; then + while [[ "X$MP_RECEIPT_NUMBER" = "X" ]]; do + echononl "MalwarePatrol receipt number [$_MP_RECEIPT_NUMBER]: " + read MP_RECEIPT_NUMBER + if [[ "X$MP_RECEIPT_NUMBER" = "X" ]]; then + MP_RECEIPT_NUMBER=$_MP_RECEIPT_NUMBER + fi + done + else + + while [[ "X$MP_RECEIPT_NUMBER" = "X" ]]; do + echononl "MalwarePatrol receipt number: " + read MP_RECEIPT_NUMBER + if [[ "X$MP_RECEIPT_NUMBER" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mMalwarePatrol receipt number is reqired\033[m\n" + fi + done + fi + + + fi + + + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo "Load SecuriteInfo Signatures (https://www.securiteinfo.com)?" + echo "" + echo "Note: You have to sign up for an account. For a free account thats here:" + echo " https://www.securiteinfo.com/clients/customers/signup" + echo "" + if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then + echononl "Load SecuriteInfo Singatures (yes/no): " + else + if $_SECURITE_INFO_IN_USE ; then + echononl "Load SecuriteInfo Singatures [yes]: " + else + echononl "Load SecuriteInfo Singatures [no]: " + fi + fi + read _TMP_LOAD_SI + _TMP_LOAD_SI=${_TMP_LOAD_SI,,} + while [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; do + if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then + echononl "Wrong entry! (yes/no): " + read _TMP_LOAD_SI + _TMP_LOAD_SI=${_TMP_LOAD_SI,,} + else + if [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; then + if [[ "X$_TMP_LOAD_SI" = "X" ]]; then + if $_SECURITE_INFO_IN_USE ; then + _TMP_LOAD_SI=yes + else + _TMP_LOAD_SI=no + fi + else + if $_SECURITE_INFO_IN_USE ; then + echononl "Wrong entry! [yes]: " + else + echononl "Wrong entry! [no]: " + fi + read _TMP_LOAD_SI + fi + fi + fi + done + if [[ "$_TMP_LOAD_SI" = "yes" ]] ; then + SECURITE_INFO_IN_USE=true + else + SECURITE_INFO_IN_USE=false + fi + + if $SECURITE_INFO_IN_USE ; then + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo "Insert SecuriteInfo Authorisation Signature" + echo "" + echo "" + SI_AUTHORISATION_SIGNATURE= + if [[ -n "$_SI_AUTHORISATION_SIGNATURE" ]] ; then + while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do + echononl "SecuriteInfo Authorisation Signature [$(echo ${_SI_AUTHORISATION_SIGNATURE:0:4})..$(echo ${_SI_AUTHORISATION_SIGNATURE: -4})]: " + read SI_AUTHORISATION_SIGNATURE + if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then + SI_AUTHORISATION_SIGNATURE=$_SI_AUTHORISATION_SIGNATURE + fi + done + else + + while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do + echononl "SecuriteInfo Authorisation Signature: " + read SI_AUTHORISATION_SIGNATURE + if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mSecuriteInfo Authorisation Signature is reqired\033[m\n" + fi + done + fi + fi + +fi + + + +if [[ -n "$_DB_IN_USE" ]]; then + DB_IN_USE=$_DB_IN_USE +else + DB_IN_USE=false +fi +DB_TYPE="" +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Are a database for lookup loca domains in use?" +echo "" +if [[ "$_DB_TYPE" = "MySQL" ]] ; then + echo -e "\033[37m\033[1m[1] MySQL\033[m" +else + echo "[1] MySQL" +fi +if [[ "$_DB_TYPE" = "PostgreSQL" ]] ; then + echo -e "[2] \033[37m\033[1mPostgeSQL\033[m" +else + echo "[2] PostgeSQL" +fi +if ! $DB_IN_USE ; then + echo -e "[3] \033[37m\033[1mSkip (No Database in use)\033[m" +else + echo "[3] Skip (No Database in use)" +fi +echo "" +echo "Type a number or press to choose highlighted value" +echo "" +echononl "Eingabe: " +while [ "$DB_TYPE" != "MySQL" -a "$DB_TYPE" != "PostgreSQL" -a "$DB_TYPE" != "None" ];do + read OPTION + case $OPTION in + 1) + DB_TYPE="MySQL" + DB_IN_USE=true + ;; + 2) + DB_TYPE="PostgreSQL" + DB_IN_USE=true + ;; + 3) + DB_TYPE="None" + DB_IN_USE=false + ;; + '') DB_TYPE=$_DB_TYPE + ;; + *) + echo "" + echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL , 3 = Skip] or type " + echo "" + echononl "Eingabe: " + ;; + esac +done + +if $DB_IN_USE ; then + + echo "" + echo "" + echo "Insert Database Host" + echo "" + DB_HOST= + if [[ -n "$_DB_HOST" ]] ; then + while [[ "X$DB_HOST" = "X" ]]; do + echononl "Database Host [$_DB_HOST]: " + read DB_HOST + if [[ "X$DB_HOST" = "X" ]]; then + DB_HOST=$_DB_HOST + fi + done + else + + while [[ "X$DB_HOST" = "X" ]]; do + echononl "Database Host: " + read DB_HOST + if [[ "X$DB_HOST" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mA Database Host is reqired\033[m\n" + fi + done + fi + + echo "" + echo "" + echo "Insert Database Name" + echo "" + DB_NAME= + if [[ -n "$_DB_NAME" ]] ; then + while [[ "X$DB_NAME" = "X" ]]; do + echononl "Database Name [$_DB_NAME]: " + read DB_NAME + if [[ "X$DB_NAME" = "X" ]]; then + DB_NAME=$_DB_NAME + fi + done + else + + while [[ "X$DB_NAME" = "X" ]]; do + echononl "Database Name: " + read DB_NAME + if [[ "X$DB_NAME" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mA Database Name is reqired\033[m\n" + fi + done + fi + + echo "" + echo "" + echo "Insert Database User" + echo "" + DB_USER= + if [[ -n "$_DB_USER" ]] ; then + while [[ "X$DB_USER" = "X" ]]; do + echononl "Database User [$_DB_USER]: " + read DB_USER + if [[ "X$DB_USER" = "X" ]]; then + DB_USER=$_DB_USER + fi + done + else + + while [[ "X$DB_USER" = "X" ]]; do + echononl "Database User: " + read DB_USER + if [[ "X$DB_USER" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mA Database User is reqired\033[m\n" + fi + done + fi + + echo "" + echo "" + echo "Insert Database Password" + echo "" + DB_PASS= + if [[ -n "$_DB_PASS" ]] ; then + while [[ "X$DB_PASS" = "X" ]]; do + echononl "Database Password [$_DB_PASS]: " + read DB_PASS + if [[ "X$DB_PASS" = "X" ]]; then + DB_PASS=$_DB_PASS + fi + done + else + + while [[ "X$DB_PASS" = "X" ]]; do + echononl "Database Password: " + read DB_PASS + if [[ "X$DB_PASS" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mA Database Password is reqired\033[m\n" + fi + done + fi + +else + DB_HOST=$_DB_HOST + DB_NAME=$_DB_NAME + DB_USER=$_DB_USER + DB_PASS=$_DB_PASS +fi + +#fi # if $skip_interactive_use + +clear +echo "" +echo "" +echo -e "\033[21G\033[32mStart Installation/Configuration of AMaViS with the following parameters\033[m" +echo "" +echo -e "\tHostname...............................: $HOSTNAME" +echo -e "\tIPv4 address...........................: $IPV4" +echo -e "\tIPv6 address...........................: $IPV6" +echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR" +echo "" +echo -e "\tInstall ClamAv Unoffical Sigs .........: $QUARANTINE_DIR" +if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then + echo -e "\tInstall Signatures from MalwarePatrol..: $MALWARE_PATROL_IN_USE" + if $MALWARE_PATROL_IN_USE ; then + echo -e "\t Free MalwarePatrol account..........: $MALWERE_PATROL_FREE" + echo -e "\t MalwarePatrol receipt number........: $MP_RECEIPT_NUMBER" + fi + echo -e "\tInstall Signatures from SecuriteInfo...: $SECURITE_INFO_IN_USE" + if $SECURITE_INFO_IN_USE ; then + echo -e "\t SecuriteInfo auth signature.........: $(echo ${SI_AUTHORISATION_SIGNATURE:0:4})..$(echo ${SI_AUTHORISATION_SIGNATURE: -4})" + fi +fi +echo "" +echo -e "\tDatabase in use........................: $INSTALL_CLAMAV_UNOFFICIAL_SIGS" +if $DB_IN_USE ; then + echo -e "\t Database type.......................: $DB_TYPE" + echo -e "\t Database host.......................: $DB_HOST" + echo -e "\t Database name.......................: $DB_NAME" + echo -e "\t Database user.......................: $DB_USER" + echo -e "\t Database password...................: $DB_PASS" +fi +warn "Don't forget to oopen TCP Port 873 and TCP Port 443.\n\n It's needed by ClamAV Unofficial Signatures Installation" +echo "" +echononl "einverstanden (yes/no): " +read OK +OK=${OK,,} +while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do + echononl "Wrong entry! [yes/no]: " + read OK + OK=${OK,,} +done +[ $OK = "yes" ] || fatal Repeat with other settings.. + + +echo "" +echo "" + +echononl " Save Configuration" +cat << EOF > $conf_file +# --- +# - Parametersettins postfix bases system +# --- + +_HOSTNAME=$HOSTNAME +_IPV4=$IPV4 +_IPV6=$IPV6 + +_QUARANTINE_DIR=$QUARANTINE_DIR +_QUARANTINE_ADMIN=$QUARANTINE_ADMIN + +_DB_IN_USE=$DB_IN_USE +_DB_TYPE=$DB_TYPE +_DB_HOST=$DB_HOST +_DB_NAME=$DB_NAME +_DB_USER=$DB_USER +_DB_PASS=$DB_PASS +_INSTALL_CLAMAV_UNOFFICIAL_SIGS=$INSTALL_CLAMAV_UNOFFICIAL_SIGS +_MALWARE_PATROL_IN_USE=$MALWARE_PATROL_IN_USE +_MALWERE_PATROL_FREE=$MALWERE_PATROL_FREE +_MP_RECEIPT_NUMBER=$MP_RECEIPT_NUMBER +_SECURITE_INFO_IN_USE=$SECURITE_INFO_IN_USE +_SI_AUTHORISATION_SIGNATURE=$SI_AUTHORISATION_SIGNATURE +EOF +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed +fi + +tmp_err_msg=$(mktemp) + + +# ------------------------------- +#ommit=true +#if ! $ommit ; then + + + +echo +echo -e "\033[37m\033[1mSome pre-installation tasks..\033[m" +echo +# - Install Prerequisites from debian package system +# - +echononl " Install prerequisites from debian package system" +_needed_packages_base="libnet-ldap-perl \ + libauthen-sasl-perl \ + libsnmp-perl \ + libdbd-mysql \ + libdbd-mysql-perl \ + libdbd-pgsql \ + libdbd-pg-perl \ + libdbi-perl \ + libdbi-dev \ + g++ \ + cpanminus" +for _pkg in $_needed_packages_base ; do + if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then + continue + else + needed_packages_base="$needed_packages_base $_pkg" + fi +done +if [[ -n "$needed_packages_base" ]]; then + DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages_base > /dev/null 2> "$tmp_err_msg" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +echononl " Install database related CPAN Modules" +installation_failed=false +_needed_cpan_modules="CPAN + DBI + DBD::mysql + DBD::Pg" +for _module in $_needed_cpan_modules ; do + cpanm -q --skip-installed $_module > "$tmp_err_msg" 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi +done +if ! $installation_failed ; then + echo_ok +fi + +## - Install package amavisd-new NOW, because we need at least the existence +## - of the AmaViS user (amavis) befor finally installation and configuration +## - of AmaViS itself. +## - +echononl " Install packages \"amavisd-new\"" +_pkg=amavisd-new +if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then + echo_skipped +else + DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > "$tmp_err_msg" 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + + + +echo +echo -e "\033[37m\033[1mGoing to install Spamassassin..\033[m" +echo +echononl " Install packages needed for Spamassassin" +_needed_packages_spamassassin="spamassassin razor \ + pyzor \ + libio-socket-ssl-perl \ + libdbi-perl \ + libmail-dkim-perl \ + libmail-spf-perl \ + libgeo-ipfree-perl \ + libnet-ident-perl \ + libio-zlib-perl \ + libio-string-perl \ + libimage-info-perl \ + libnet-cidr-lite-perl \ + libgeo-ip-perl \ + geoip-bin \ + libgeoip-dev \ + geoip-database \ + re2c \ + ftp \ + ncftp \ + less" +for _pkg in $_needed_packages_spamassassin ; do + if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then + continue + else + needed_packages_spamassassin="$needed_packages_spamassassin $_pkg" + fi +done +if [[ -n "$needed_packages_spamassassin" ]]; then + DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages_spamassassin > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +## - Download a sample spam file. For testing purpose you can feed it to spamassassin: +## - +## - # cp /root/sample-spam.txt /tmp +## - # cd /tmp +## - # su amavis -c 'spamassassin -D $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +cp -a /tmp/sample-spam.txt /root > $tmp_err_msg 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + + +echo "" +echo -e " \033[37m\033[1mConfigure Pyzor..\033[m" + +info "Open firewall outgoing port 2441 for Pyzor" + +## - Pyzor configuration +## - +## - Here we supply the hostname of the Pyzor server to Pyzor (for both the +## - 'root' and 'amavis' users). This will create a .pyzor directory in both +## - user's home directories, and place the server's hostname in a 'servers' file +## - therein: +## - +echononl " Run pyzor discover (places server's hostname in file ~/.pyzor/servers)" +installation_failed=false +pyzor discover > /dev/null 2> $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +su amavis -c 'pyzor discover' > /dev/null 2> $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + +## - Pyzor Ping should show 'OK'. If not, then it's possible your firewall is +## - blocking udp replies from 82.94.255.100 or 188.40.77.236 (public.pyzor.org +## - port 24441), or the server may simply be slow to respond (often the case). +## - +echononl " Ping test for server's hostname" +installation_failed=false +if ! pyzor ping 2> $tmp_err_msg | grep "'OK'" > /dev/null 2>&1 ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! su amavis -c 'pyzor ping' 2> $tmp_err_msg | grep "'OK'" > /dev/null 2>&1 ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + +echo "" +echo -e " \033[37m\033[1mConfigure Razor2..\033[m" + +info "Open firewall outgoing port 2703 for Razor2" + +_date="$(date +%Y-%m-%d-%H%M)" + +## - This next section gets Razor2 up and running and copies its files where +## - both root and amavis expect to find them. +## - +## - SpamAssassin is designed to enable each user to have their own settings and +## - data. This section will make both users happy. +## - +## - This is because if we are debugging SpamAssassin or Razor or Pyzor or DCC, +## - we want to be able to do so with spamassassin -D $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + + +echononl " Backup directory \"/root/.razor.\"" +if [[ -d /root/.razor ]] ; then + mv /root/.razor /root/.razor."${_date}" > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +## - Razor2 (Spamassassin Plugin) +## - +## - Razor configuration +## - +## - This next section configures Razor; sets the exclusive "razorhome" and +## - makes both root and amavis happy in their attempts to figure out "where +## - in the heck are the Razor2 configuration files"? +## - +echononl " Create \"razor-agent.conf\" in (user root)" +razor-admin -create > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +## - Registers a new identity, used for authenticating with Razor Nomination Servers. +## - Identities are a user + password pair stored in "/identity-" +## - +echononl " Registers a new identity (user root)" +razor-admin -register > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +## - Now edit root's razor configuration file: +## - +## - and change the line: +## - debuglevel = 3 +## - to: +## - debuglevel = 0 +## - +echononl " Adjust /root/.razor/razor-agent.conf" +perl -i -n -p -e "s#^(\s*)(debuglevel\s*=).*#\1\2 0#" /root/.razor/razor-agent.conf > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + + +## - Backup razor's configuration directory of user amavis if exists +## - +_home_amavais=$(realpath ~amavis) +echononl " Backup directory \"${_home_amavais}/.razor\"" +if [[ -d "${_home_amavais}/.razor" ]] ; then + mv ${_home_amavais}/.razor ${_home_amavais}/.razor."${_date}" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +## - Copy root's .razor directory and files to the amavis user's home directory +## - +echononl " Copy root's razor configuration to user \"amavis\" (${_home_amavais}/.razor)" +installation_failed=false +cp -r /root/.razor ${_home_amavais}/ > $tmp_err_msg 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +chown -R amavis:amavis ${_home_amavais}/.razor > $tmp_err_msg 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok + if [[ -d "${_home_amavais}/.razor.${_date}" ]] ; then + echononl " Delete previous created backup \"${_home_amavais}/.razor.${_date}\"" + rm -r "${_home_amavais}/.razor.${_date}" > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + fi + if [[ -d "/root/.razor.${_date}" ]] ; then + echononl " Delete previous created backup \"/root/.razor.${_date}\"" + rm -r "/root/.razor.${_date}" > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + fi +fi + + +## - Aadd a cronjob for razor2 updates +## - +## - +echononl " add a cronjob for razor2 updates" +if ! grep -i -E "/usr/bin/razor-admin\s+-discover" /var/spool/cron/crontabs/root > /dev/null 2>&1; then + installation_failed=false + crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + cat << EOF >> /tmp/tmp_crontab + +# - Update razor2 +# - +33 0 * * * su amavis -lc '/usr/bin/razor-admin -discover' +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi +else + echo_skipped +fi + + +echo "" +echo -e " \033[37m\033[1mConfigure Distributed Checksum Clearinghouses (DCC)..\033[m" + +info "Open firewall outgoing port UDP 6277 and if DCC Server is running\n also in- and outfoing port TCP 6277." + + +if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then + echononl " An instance off dccifd ist already running. Stop it now." + installation_failed=false + if $systemd_exists ; then + systemctl stop adcc > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + else + /etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + fi + if ! $installation_failed ; then + echo_ok + fi +fi + +_dcc_src_dir=/usr/local/src/dcc +_archiv=dcc-dccproc.tar.Z +echononl " Create archive directory \"$_dcc_src_dir\"" +mkdir -p "$_dcc_src_dir" > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Download archide \"$_archiv\"" +wget -O ${_dcc_src_dir}/$_archiv http://www.dcc-servers.net/dcc/source/$_archiv > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Determin archiv directory.." +archiv_dir="${_dcc_src_dir}/$(dirname $(tar -tzf /usr/local/src/dcc/$_archiv | head -n 1) 2> $tmp_err_msg)" +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Backup directory \"$archiv_dir\" if exists" +if [[ -d "$archiv_dir" ]]; then + mv "${archiv_dir}" "${archiv_dir}.$(date +%Y-%m-%d-%H%M)" > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +echononl " Unpack \"${_dcc_src_dir}/$_archiv\"" +tar xzvf ${_dcc_src_dir}/$_archiv -C $_dcc_src_dir > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Change into directory \"$archiv_dir\"" +cd $archiv_dir +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Configure dcc" +./configure --with-uid=amavis > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Compile dcc" +make > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +_lib_dir_dcc=/var/dcc +echononl " Backup directory \"${_lib_dir_dcc}\" if exists" +if [[ -d "$_lib_dir_dcc" ]]; then + mv "${_lib_dir_dcc}" "${_lib_dir_dcc}.$(date +%Y-%m-%d-%H%M)" > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +echononl " Install dcc" +make install > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + + +## - Update file ownership: +#echononl " Update directory/file ownership of /var/dcc" +#chown -R amavis:amavis /var/dcc > $tmp_err_msg 2>&1 +#make install > $tmp_err_msg 2>&1 +#if [[ $? -eq 0 ]] ; then +# echo_ok +#else +# echo_failed +# error "$(cat $tmp_err_msg)" +#fi + + + +## - Add cronjob for updating and cleaning up dcc +## - +## - +echononl " Add a cronjob for updating and cleaning up dcc" +if ! grep -i -E "/var/dcc/libexec/cron-dccd" /var/spool/cron/crontabs/root > /dev/null 2>&1; then + installation_failed=false + crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + cat << EOF >> /tmp/tmp_crontab + +# - Cleaning up dcc (Distributed Checksum Clearinghouses) +# - +13 1 * * * /var/dcc/libexec/cron-dccd + +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi +else + echo_skipped +fi + +_config_file=/var/dcc/dcc_conf +installation_failed=false +echononl " Adjust configuration file \"${_config_file}\"" +perl -i -n -p -e "s#^([ ]*\ *)(DCCIFD_ENABLE\s*=.*)#\#\#\1\2\nDCCIFD_ENABLE=on#" \ + $_config_file > $tmp_err_msg 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +perl -i -n -p -e "s#^([ ]*\ *)(DBCLEAN_LOGDAYS\s*=.*)#\#\#\1\2\nDBCLEAN_LOGDAYS=1#" \ + $_config_file > $tmp_err_msg 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + +echononl " Install start script (rcDCC) to automatically start dccifd at boot time" +installation_failed=false +cp /var/dcc/libexec/rcDCC /etc/init.d/adcc > /dev/null 2> $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if $systemd_exists ; then + systemctl enable adcc > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi +else + update-rc.d adcc defaults > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi +fi +if ! $installation_failed ; then + echo_ok +fi + + +echononl " Start daemon dccifd" +if $systemd_exists ; then + systemctl start adcc > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/adcc start > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +info "You can test DCC with command \033[37m\033[1mcdcc info\033[m\n\n You should get 'requests ok' from the servers but 'not answering' from 127.0.0.1 is expected." + + +#fi # if $ommit ; then +# ------------------------------- + +echo "" +echo -e " \033[37m\033[1mConfigure Spamassassin..\033[m" + +## - Backup existing SpamAssassin's main configuration file /etc/spamassassin/local.cf +## - +_config_file=/etc/spamassassin/local.cf +_date="$(date +%Y-%m-%d-%H%M)" +if [[ ! -f "${_config_file}.ORIG" ]]; then + echononl " Save installation version of ${_config_file} (Suffix \".ORIF\")" + cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echononl " Backup $_config_file" + cp -a "$_config_file" "${_config_file}.${_date}" 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +echononl " Determin IP-Addresses for trusted systems" +TRUSTED_MAIL_SYSTEMS="a.mx.oopen.de b.mx.oopen.de c.mx.oopen.de d.mx.oopen.de" +_msg_trusted="clear_trusted_networks +" +_msg_internal="clear_internal_networks +" +for _mx_server in $TRUSTED_MAIL_SYSTEMS ; do + + installation_failed=false + if [[ "$_mx_server" = "$HOSTNAME" ]]; then + _msg_trusted="$_msg_trusted +# - $HOSTNAME +#trusted_networks $IPV4" + _msg_internal="$_msg_internal +# - $HOSTNAME +#internal_networks $IPV4" + if [[ -n "$IPV6" ]]; then + _msg_trusted="$_msg_trusted +#trusted_networks $IPV6" + _msg_internal="$_msg_internal +#internal_networks $IPV6" + fi + continue + fi + + _ipv4_server_addr="$(dig +short $_mx_server A)" + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + _ipv6_server_addr="$(dig +short $_mx_server AAAA)" + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + if ! $installation_failed ; then + if [[ -n "$_ipv4_server_addr" ]] ; then + _msg_trusted="$_msg_trusted +# - $_mx_server +trusted_networks $_ipv4_server_addr" + _msg_internal="$_msg_internal +# - $_mx_server +internal_networks $_ipv4_server_addr" + + if [[ -n "$_ipv6_server_addr" ]]; then + _msg_trusted="$_msg_trusted +trusted_networks $_ipv6_server_addr" + _msg_internal="$_msg_internal +internal_networks $_ipv6_server_addr" + + fi + fi + fi +done +if ! $installation_failed ; then + echo_ok +fi + +## - Create new configuration file /etc/spamassassin/local.cf +## - +## - see also perldoc Mail::SpamAssassin::Conf +## - + +echononl " Create new configuration file /etc/spamassassin/local.cf" +cat << EOF > /etc/spamassassin/local.cf 2>$tmp_err_msg +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# Only a small subset of options are listed below +# +########################################################################### + +# Add *****SPAM***** to the Subject header of spam e-mails +# +# rewrite_header Subject *****SPAM***** + + +# Save spam messages as a message/rfc822 MIME attachment instead of +# modifying the original message (0: off, 2: use text/plain instead) +# +# report_safe 1 +report_safe 0 + + +# Set which networks or hosts are considered 'trusted' by your mail +# server (i.e. not spammers) +# +# +# Our own IP's +# +# Notice: i decided not to trust our own ip's, because i want +# to filter also mails from local users out + +EOF +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi + +echo "$_msg_trusted" >> /etc/spamassassin/local.cf +echo "" >> /etc/spamassassin/local.cf +echo "$_msg_internal" >> /etc/spamassassin/local.cf + +cat << EOF >> /etc/spamassassin/local.cf 2>$tmp_err_msg + + +# Set file-locking method (flock is not safe over NFS, but is faster) +# +# lock_method flock +lock_method flock + + +# Set the threshold at which a message is considered spam (default: 5.0) +# +# required_score 5.0 +required_score 5.1 + + +# Use Bayesian classifier (default: 1) +# +# use_bayes 1 +use_bayes 1 +bayes_path /var/lib/amavis/.spamassassin/bayes + + +# Bayesian classifier auto-learning (default: 1) +# +# bayes_auto_learn 1 +bayes_auto_learn_threshold_spam 10.0 +bayes_auto_learn_threshold_nonspam -0.5 + + +# NOTE: Since there is a script that runs each day to --force-expire old +# Bayes tokens "/etc/cron.daily/amavisd-new" (make sure there is if +# you use this setting!), we can set: +# +bayes_auto_expire 0 + + +# Set headers which may provide inappropriate cues to the Bayesian +# classifier +# +# bayes_ignore_header X-Bogosity +# bayes_ignore_header X-Spam-Flag +# bayes_ignore_header X-Spam-Status +bayes_ignore_header X-Bogosity +bayes_ignore_header X-Spam-Flag +bayes_ignore_header X-Spam-Status + + +# Optional: +# Some people believe auto-whitelist is more of a liability than an asset: +# +#use_auto_whitelist 1 +#auto_whitelist_path /var/lib/amavis/.spamassassin/auto-whitelist + + +# Optional: +# We will normally have DNS available: +# +dns_available yes + + +# Enable or disable network checks +# +skip_rbl_checks 1 +use_razor2 1 +razor_timeout 8 + +use_dcc 1 +dcc_home /var/dcc + +use_pyzor 1 +pyzor_timeout 8 + +# Mail using locales used in these country codes will not be marked +# as being possibly spam in a foreign language. +# +ok_locales all + + +# Local delivery uses this flag to distinguish between possible spam +# and ham +# +# Again: in our setup wee NEED to set the spam flag +# +add_header spam Flag _YESNOCAPS_ + + +# Some shortcircuiting, if the plugin is enabled +# +ifplugin Mail::SpamAssassin::Plugin::Shortcircuit +# +# default: strongly-whitelisted mails are *really* whitelisted now, if the +# shortcircuiting plugin is active, causing early exit to save CPU load. +# Uncomment to turn this on +# +# shortcircuit USER_IN_WHITELIST on +# shortcircuit USER_IN_DEF_WHITELIST on +# shortcircuit USER_IN_ALL_SPAM_TO on +# shortcircuit SUBJECT_IN_WHITELIST on +shortcircuit USER_IN_WHITELIST on +shortcircuit USER_IN_DEF_WHITELIST on +shortcircuit USER_IN_ALL_SPAM_TO on +shortcircuit SUBJECT_IN_WHITELIST on + +# the opposite; blacklisted mails can also save CPU +# +# shortcircuit USER_IN_BLACKLIST on +# shortcircuit USER_IN_BLACKLIST_TO on +# shortcircuit SUBJECT_IN_BLACKLIST on +shortcircuit USER_IN_BLACKLIST on +shortcircuit USER_IN_BLACKLIST_TO on +shortcircuit SUBJECT_IN_BLACKLIST on + +# if you have taken the time to correctly specify your "trusted_networks", +# this is another good way to save CPU +# +# shortcircuit ALL_TRUSTED on +shortcircuit ALL_TRUSTED on + +# and a well-trained bayes DB can save running rules, too +# +# shortcircuit BAYES_99 spam +# shortcircuit BAYES_00 ham +shortcircuit BAYES_99 spam +shortcircuit BAYES_00 ham + +endif # Mail::SpamAssassin::Plugin::Shortcircuit +EOF +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + +if [[ -f "${_config_file}.${_date}" ]]; then + if diff "${_config_file}" "${_config_file}.${_date}" ; then + info "${_config_file} has not changed.\n\t Removing previos created backup.." + rm "${_config_file}.${_date}" + fi +fi + + +# - Adjust /etc/spamassassin/v310.pre +# - +_config_file=/etc/spamassassin/v310.pre +_date="$(date +%Y-%m-%d-%H%M)" +_backup_file="" +if [[ ! -f "${_config_file}.ORIG" ]]; then + echononl " Save installation version of ${_config_file} (Suffix \".ORIF\")" + cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + _backup_file="${_config_file}.ORIG" +else + echononl " Backup $_config_file" + cp -a "$_config_file" "${_config_file}.${_date}" 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + _backup_file="${_config_file}.${_date}" +fi + +installation_failed=false +_adjusted=false +echononl " Adjust configuration file \"${_config_file}\"" +if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::AWL" $_config_file > /dev/null 2>&1 ; then + perl -i -n -p -e "s#^([ ]*\ *)(\#loadplugin Mail::SpamAssassin::Plugin::AWL.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::AWL#" \ + $_config_file > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + _adjusted=true +fi +if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::TextCat" $_config_file > /dev/null 2>&1 ; then + perl -i -n -p -e "s#^([ ]*\ *)(\#loadplugin Mail::SpamAssassin::Plugin::TextCat.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::TextCat#" \ + $_config_file > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + _adjusted=true +fi +if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::DCC" $_config_file > /dev/null 2>&1 ; then + perl -i -n -p -e "s#^([ ]*\ *)(\#loadplugin Mail::SpamAssassin::Plugin::DCC.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::DCC#" \ + $_config_file > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + _adjusted=true +fi +if ! $installation_failed ; then + if $_adjusted ; then + echo_ok + else + echo_skipped + [[ -f "$_backup_file" ]] && rm "$_backup_file" + fi +fi + + +# - Adjust /etc/spamassassin/v312.pre +# - +_config_file=/etc/spamassassin/v312.pre +_date="$(date +%Y-%m-%d-%H%M)" +_backup_file="" +if [[ ! -f "${_config_file}.ORIG" ]]; then + echononl " Save installation version of ${_config_file} (Suffix \".ORIG\")" + cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + _backup_file=${_config_file}.ORIG + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echononl " Backup $_config_file" + cp -a "$_config_file" "${_config_file}.${_date}" 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + _backup_file=${_config_file}.${_date} + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +installation_failed=false +_adjusted=false +echononl " Adjust configuration file \"${_config_file}\"" +if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::DKIM" $_config_file > /dev/null 2>&1 ; then + perl -i -n -p -e "s#^([ ]*\ *)(\#\s*loadplugin Mail::SpamAssassin::Plugin::DKIM.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::DKIM#" \ + $_config_file > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + _adjusted=true +fi +if ! $installation_failed ; then + if $_adjusted ; then + echo_ok + else + echo_skipped + [[ -f "$_backup_file" ]] && rm "$_backup_file" + fi +fi + + +# - Adjust /etc/spamassassin/v320.pre +# - +_config_file=/etc/spamassassin/v320.pre +_date="$(date +%Y-%m-%d-%H%M)" +_backup_file="" +if [[ ! -f "${_config_file}.ORIG" ]]; then + echononl " Save installation version of ${_config_file} (Suffix \".ORIG\")" + cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + _backup_file="${_config_file}.ORIG" +else + echononl " Backup $_config_file" + cp -a "$_config_file" "${_config_file}.${_date}" 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + _backup_file="${_config_file}.${_date}" +fi + +installation_failed=false +_adjusted=false +echononl " Adjust configuration file \"${_config_file}\"" +if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody" $_config_file > /dev/null 2>&1 ; then + perl -i -n -p -e "s#^([ ]*\ *)(\#\s*loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::Rule2XSBody#" \ + $_config_file > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + _adjusted=true +fi +if ! $installation_failed ; then + if $_adjusted ; then + echo_ok + else + echo_skipped + [[ -f "$_backup_file" ]] && rm "$_backup_file" + fi +fi + + +# - Enable nightly cronjob for spamassassin +# - +# - edit /etc/default/spamassassin and set: +# - CRON=1 +# - +_config_file=/etc/default/spamassassin +installation_failed=false +echononl " Adjust \"$_config_file\" (set CRON=1)" +if ! grep -i -E "\s*^CRON\s*=\s*1" $_config_file > /dev/null 2>&1 ; then + perl -i -n -p -e "s#^([ ]*\#?\ *)(CRON\ *=.*)#\#\#\1\2\nCRON=1#" $_config_file > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +# - Add a cronjob for cleaning up bayes +# - +echononl " Add a cronjob for updating clamav (and freshclam) packages" +if ! grep -i -E "/usr/bin/sa-learn\s+--sync" /var/spool/cron/crontabs/root > /dev/null 2> $tmp_err_msg ; then + installation_failed=false + crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + cat << EOF >> /tmp/tmp_crontab + +# - Cleanup sa bayes for espired entries +# - +33 3 * * * su amavis -lc "/usr/bin/sa-learn --sync >/dev/null" ; su amavis -lc "/usr/bin/sa-learn --sync --force-expire >/dev/null" + +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi +else + echo_skipped +fi + +# - !! Notice !! +# - if su clamav -c 'spamassassin --lint' failed ( with warn +# - message "warn: Use of uninitialized value $type in numeric..") +# - reading "/etc/spamassassin/local.cf": razor_timeout 8, have a look +# - at SpamAssassin/Plugin/Razor2.pm line 118: +# - +# - type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATIION, +# - +# - Should be: +# - +# - type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATION, +# - +# - see also: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7018 +# - +_file=/usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm +if [[ ! -f ${_file}.ORIG ]] ; then + echononl " Save \"${_file}\" (suffix \".ORIG\")" + cp -a ${_file} ${_file}.ORIG > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi +echononl " Repair \"${_file}\"" +if grep CONF_TYPE_DURATIION $_file > /dev/null 2> $tmp_err_msg ; then + perl -i -n -p -e "s/CONF_TYPE_DURATIION/CONF_TYPE_DURATION/" $_file > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + + +echononl " Run \"sa-update\"" +sa-update -v > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + if grep "Update finished, no fresh updates were available" $tmp_err_msg > /dev/null 2>&1 ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi +echononl " Run \"sa-compile\"" +sa-compile > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +# - Test Installation. It's important, that all completes without error +# - +installation_failed=false +echononl " Test Installation. It's important, that all completes without error." +_pwd=$(pwd) +cd /tmp > /dev/null 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +su amavis -c 'spamassassin --lint' > /dev/null 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +cd "$_pwd" > /dev/null 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + + +# - SpamAssassin Rules +# - +# - updates.spamassassin.org is used automatically +# - and you have to do nothing, because "sa-update" +# - has done the update from updates.spamassassin.org. install +# - a cronjob for doing this periodically. for better understanding, +# - i added that rules (from spamassassin.apache.org) here +# - +# - Add SpamAssassin Rules from spamassassin.apache.org +# - +installation_failed=false +echononl " Add SpamAssassin Rules from spamassassin.apache.org" +wget -O /etc/spamassassin/GPG.KEY https://spamassassin.apache.org/updates/GPG.KEY > /dev/null 2> $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +sa-update --import /etc/spamassassin/GPG.KEY > /dev/null 2> $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +rm /etc/spamassassin/GPG.KEY +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! grep 5244EC45 /etc/spamassassin/sa_keys > /dev/null 2>&1 ; then + echo "5244EC45" >> /etc/spamassassin/sa_keys + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi +fi +if ! grep updates.spamassassin.org /etc/spamassassin/sa_channel > /dev/null 2>&1 ; then + echo "updates.spamassassin.org" >> /etc/spamassassin/sa_channel + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi +fi +if ! $installation_failed ; then + echo_ok +fi + + +echononl " Update Rules" +sa-update -v --channelfile /etc/spamassassin/sa_channel --gpgkeyfile /etc/spamassassin/sa_keys > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + if grep "Update finished, no fresh updates were available" $tmp_err_msg > /dev/null 2>&1 ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + + +echononl " Add Rules from Heinlein Support" +sa-update -v --nogpg --channel spamassassin.heinlein-support.de > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + if grep "Update finished, no fresh updates were available" $tmp_err_msg > /dev/null 2>&1 ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +echononl " Compile Rules (sa-compile) again" +sa-compile > $tmp_err_msg 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +# - Test Installation. It's important, that all completes without error +# - +installation_failed=false +echononl " Test Installation. It's important, that all completes without error." +_pwd=$(pwd) +cd /tmp > /dev/null 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +su amavis -c 'spamassassin --lint' > /dev/null 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +cd "$_pwd" > /dev/null 2>&1 +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + + +# - Create a update-script using sa.update +# - +if [[ ! -d "/root/bin" ]]; then + echononl " Create directory \"/root/bin\"" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +echononl " Create an update-script using sa.update" +cat > /root/bin/sa-update.sh < 1 ]]; then + echo "problem with sa-update" +fi + +sa-update --allowplugins --channelfile /etc/spamassassin/sa_channel --gpgkeyfile /etc/spamassassin/sa_keys + +code2=\$? +if [[ \$code2 > 1 ]]; then + echo "problem with sa-update using channelfile.." +fi + + +## - Get rules from heinlein-support.de +## - +## - see: +## - https://www.heinlein-support.de/blog/news/aktuelle-spamassassin-regeln-von-heinlein-support/ +## - +sa-update --nogpg --channel spamassassin.heinlein-support.de +code3=\$? +if [[ \$code3 > 1 ]]; then + echo "problem with sa-update using channel spamassassin.heinlein-support.de.." +fi + + +if [[ \`expr \$code1 + \$code2 + \$code3\` < 4 ]]; then + spamassassin --lint + code4=\$? + if [[ \$code4 = 0 ]]; then + #svc -h /service/spamd + #/etc/init.d/spamassassin restart > /dev/null + /etc/init.d/amavis restart >/dev/null + else + echo "spamassassin failed to lint" + fi +fi + +# Fixup perms -- group and other should be able to read and execute, +# but never write. Works around sa-compile's failure to obey umask. +if [ -d /var/lib/spamassassin ]; then + chown -R debian-spamd:debian-spamd /var/lib/spamassassin + chmod -R go-w,go+rX /var/lib/spamassassin + chmod 700 /var/lib/spamassassin/sa-update-keys + chmod 600 /var/lib/spamassassin/sa-update-keys/* +fi +if [ -d /var/lib/amavis ]; then + chown -R amavis:amavis /var/lib/amavis +fi +EOF +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed +fi + +echononl " Make \"/root/bin/sa-update.sh\" executable" +chmod 755 /root/bin/sa-update.sh > /dev/null 2> $tmp_err_msg +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +# - Add a cronjob for spamassassin updates +# - +echononl " Add a cronjob for spamassassin updates" +if ! grep -i -E "/root/bin/sa-update.sh" /var/spool/cron/crontabs/root > /dev/null 2>&1; then + installation_failed=false + crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + cat << EOF >> /tmp/tmp_crontab + +# - Update spamassassin rules +# - +33 1 * * * /root/bin/sa-update.sh + +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi +else + echo_skipped +fi + + + + +# - Create an update-script that will run sa-compile +# - +if [[ ! -d "/root/bin" ]]; then + echononl " Create directory \"/root/bin\"" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +echononl " Create an update-script running sa-compile" +cat > /root/bin/sa-compile.sh < /dev/null 2>&1 +fi + +code1=\$? +if [[ \$code1 > 0 ]]; then + echo "problem with sa-compile, turning off Rule2XSBody plugin" + sed -i 's/loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/#loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/' /etc/spamassassin/v320.pre + test -x /usr/sbin/amavisd-new || exit 0 + /etc/init.d/amavis restart >/dev/null +else + sed -i 's/#\ *loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/' /etc/spamassassin/v320.pre + test -x /usr/sbin/amavisd-new || exit 0 + /etc/init.d/amavis restart >/dev/null +fi + +# Fixup perms -- group and other should be able to read and execute, +# but never write. Works around sa-compile's failure to obey umask. +if [ -d /var/lib/spamassassin ]; then + chown -R debian-spamd:debian-spamd /var/lib/spamassassin + chmod -R go-w,go+rX /var/lib/spamassassin + chmod 700 /var/lib/spamassassin/sa-update-keys + chmod 600 /var/lib/spamassassin/sa-update-keys/* +fi +if [ -d /var/lib/amavis ]; then + chown -R amavis:amavis /var/lib/amavis +fi +EOF +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed +fi + +echononl " Make \"/root/bin/sa-compile.sh\" executable" +chmod 755 /root/bin/sa-compile.sh > /dev/null 2> $tmp_err_msg +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +# - Add a cronjob for compiling rules +# - +echononl " Add a cronjob for compiling rules" +if ! grep -i -E "/root/bin/sa-compile.sh" /var/spool/cron/crontabs/root > /dev/null 2>&1; then + installation_failed=false + crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + cat << EOF >> /tmp/tmp_crontab + +# - Compiling rules (SpamAssassin) +# - +53 0 * * * /root/bin/sa-compile.sh + +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi +else + echo_skipped +fi + +echononl " Restart spamassassin" +if $systemd_exists ; then + systemctl restart spamassassin > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/spamassassin restart > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + + + + + +info "You can test spamassassin by typing:\n\n \033[37m\033[1msu amavis -lc 'spamassassin -D /dev/null 2>&1 ; then + continue + else + needed_packages_clamav="$needed_packages_clamav $_pkg" + fi +done +if [[ -n "$needed_packages_clamav" ]]; then + DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages_clamav > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + + +# - Add user clamav to group amavis in order to giv clamav the needed +# - rights to e-mails +# - +echononl " Add user clamv to group amavis" +usermod -a -G amavis clamav > /dev/null 2> $tmp_err_msg +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + + +echononl " Stop ClamAv daemon.." +if $systemd_exists ; then + systemctl stop clamav-daemon > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/clamav-daemon stop /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +echononl " Stop ClamAv freshclam.." +if $systemd_exists ; then + systemctl stop clamav-freshclam + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/clamav-freshclam stop /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +echononl " Initial run of freshclam.." +freshclam > /dev/null 2> $tmp_err_msg +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Start ClamAv daemon.." +if $systemd_exists ; then + systemctl start clamav-daemon > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/clamav-daemon start /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +echononl " Start ClamAv freshclam.." +if $systemd_exists ; then + systemctl start clamav-freshclam + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/clamav-freshclam start /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + + +## - Add cronjob for updating clamav (and freshclam) packages +## - +## - +echononl " Add a cronjob for updating clamav (and freshclam) packages" +if ! grep -i -E "/usr/bin/apt-get\s+.*clamav-daemon" /var/spool/cron/crontabs/root > /dev/null 2>&1; then + installation_failed=false + crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + cat << EOF >> /tmp/tmp_crontab + +# - Update clamav (and freshclam) software packages +# - +03 0 * * * /usr/bin/apt-get update > /dev/null ; PATH=/bin:/sbin:/usr/bin:/usr/sbin /usr/bin/apt-get -y install -t stable-updates clamav clamav-base clamav-docs clamav-daemon clamav-freshclam > /dev/null + +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi +else + echo_skipped +fi + + +if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then + + ## - ClamAV Unofficial Signatures + ## - + ## - Use ClamAV Unofficial Signatures Updater: + ## - https://github.com/extremeshok/clamav-unofficial-sigs/releases + ## - + ## - See readme file: + ## - https://github.com/extremeshok/clamav-unofficial-sigs + ## - + echo "" + echo -e " \033[37m\033[1mClamAV Unofficial Signatures..\033[m" + + + echononl " Install (debian package) socat" + _pkg=socat + if aptitude search " $_pkg " | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then + echo_skipped + else + DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + fi + + echononl " Install CPAN Module IO::Socket::UNIX" + _module="IO::Socket::UNIX" + cpanm -q --skip-installed $_module > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + + echononl " Cloning repository \"clamav-unofficial-sigs.git\".." + installation_failed=false + if [[ -d "/tmp/clamav-unofficial-sigs" ]]; then + rm -rf "/tmp/clamav-unofficial-sigs" > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + fi + git clone https://github.com/extremeshok/clamav-unofficial-sigs.git /tmp/clamav-unofficial-sigs > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi + + echononl " Copy \"clamav-unofficial-sigs.sh\" to /usr/local/sbin/" + cp -a /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs.sh /usr/local/sbin/ > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + echononl " Make /usr/local/sbin/clamav-unofficial-sigs.sh executable" + chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + _create_dirs="/var/log/clamav-unofficial-sigs /etc/clamav-unofficial-sigs" + for _create_dir in $_create_dirs ; do + echononl " Create directory \"${_create_dir}\"" + if [[ -d "$_create_dir" ]]; then + echo_skipped + else + mkdir "$_create_dir" > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + fi + done + + echononl " Copy Configuration files to /etc/clamav-unofficial-sigs" + cp -a /tmp/clamav-unofficial-sigs/config/* /etc/clamav-unofficial-sigs > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + ## - For Debian Jessie (Debian 8) + ## - + echononl " At directory /etc/clamav-unofficial-sigs copy os.debian8.conf to os.conf" + cp /etc/clamav-unofficial-sigs/os.debian8.conf /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + ## - Edit /etc/clamav-unofficial-sigs/os.conf and make changes if needed + ## - + ## - Maybe the following changes are needed: + ## - clam_user="clamav" + ## - clam_group="clamav" + ## - + ## - clamd_pid="/var/run/clamav/clamd.pid" + ## - + ## - clamd_restart_opt="systemctl restart clamav-daemon" + ## - clamd_reload_opt="systemctl reload clamav-daemon" + ## - or if debian 7 + ## - clamd_restart_opt="service clamav-daemon restart" + ## - clamd_reload_opt="service clamav-daemon reload" + ## - + ## - clamd_socket="/var/run/clamav/clamd.ctl" + ## - + echononl " Adjust /etc/clamav-unofficial-sigs/os.conf" + installation_failed=false + perl -i -n -p -e "s#^([ ]*\ *)(clam_user=.*)#\#\#\1\2\nclam_user=\"clamav\"#" \ + /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + perl -i -n -p -e "s#^([ ]*\ *)(clam_group=.*)#\#\#\1\2\nclam_group=\"clamav\"#" \ + /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + perl -i -n -p -e "s#^([ ]*\ *)(clamd_pid=.*)#\#\#\1\2\nclamd_pid=\"/var/run/clamav/clamd.pid\"#" \ + /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + if $systemd_exists ; then + perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_restart_opt=.*)#\#\#\1\2\nclamd_restart_opt=\"systemctl restart clamav-daemon\"\nclamd_reload_opt=\"systemctl reload clamav-daemon\"#" \ + /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + else + perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_restart_opt=.*)#\#\#\1\2\nclamd_restart_opt=\"service clamav-daemon restart\"\nclamd_reload_opt=\"service clamav-daemon reload\"#" \ + /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + fi + perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_socket=.*)#\#\#\1\2\nclamd_socket=\"/var/run/clamav/clamd.ctl\"#" \ + /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi + + echononl " Adjust /etc/clamav-unofficial-sigs/user.conf" + + cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg + +# -------------------------------------- +# --- Begin: User specific modifications +# --- Inserted by install-script "$(basename "$0")" at $(date +"%Y-%m-%d %H:%M") +EOF + + if $MALWARE_PATROL_IN_USE || $SECURITE_INFO_IN_USE ; then + + if $MALWARE_PATROL_IN_USE ; then + + cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg + +malwarepatrol_receipt_code="$MP_RECEIPT_NUMBER" +malwarepatrol_list="clamav_basic" +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + + if $MALWERE_PATROL_FREE ; then + cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg +malwarepatrol_product_code="8" +malwarepatrol_free="yes" +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + else + cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg +malwarepatrol_product_code="15" +malwarepatrol_free="no" +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + fi + fi # if $MALWARE_PATROL_IN_USE + + if $SECURITE_INFO_IN_USE ; then + cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg + +securiteinfo_authorisation_signature="$SI_AUTHORISATION_SIGNATURE" +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + fi # if $SECURITE_INFO_IN_USE + fi #if $MALWARE_PATROL_IN_USE || $SECURITE_INFO_IN_USE + cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg + +# - Disable Yara-Rule set, because (some?) pgp mails where blocked. +# - +yararulesproject_enabled="no" + +user_configuration_complete="yes" + +# --- End: User specific modifications" +# ------------------------------------- +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi + + + echononl " Copy Systemd Configurations to /etc/systemd" + cp /tmp/clamav-unofficial-sigs/systemd/* /etc/systemd/ > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + echononl " Adjust /etc/systemd/clamav-unofficial-sigs.service" + perl -i -n -p -e "s#^([ ]*\ *)(ExecStart=.*)#\#\#\1\2\nExecStart=/usr/local/sbin/clamav-unofficial-sigs.sh#" \ + /etc/systemd/clamav-unofficial-sigs.service > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + + echononl " Install Cron configs" + /usr/local/sbin/clamav-unofficial-sigs.sh --install-cron > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + echononl " Install logrotate configuration" + /usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + echononl " Install man (help) file" + /usr/local/sbin/clamav-unofficial-sigs.sh --install-man > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + echo " First Usage to initialise ClamAV unofficial sigs" + echo -n " see /var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log" + /usr/local/sbin/clamav-unofficial-sigs.sh > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + + + echononl " Remove git repository /tmp/clamav-unofficial-sigs" + rm -rf /tmp/clamav-unofficial-sigs > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + +fi # if $INSTALL_CLAMAV_UNOFFICIAL_SIGS + + + +# --- +# --- Install AMaVis +# --- + +echo +echo -e "\033[37m\033[1mGoing to install AMaVis..\033[m" +echo +echononl " Install packages needed for AMaVis" +_needed_packages_amavis="amavisd-new" +for _pkg in $_needed_packages_amavis ; do + if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then + continue + else + needed_packages_amavis="$needed_packages_amavis $_pkg" + fi +done +if [[ -n "$needed_packages_amavis" ]]; then + DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages_amavis > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +echononl " Install some decoders needed for AMaVis" +_needed_decoders_amavis=" + alien \ + arc \ + arj \ + binutils \ + bzip2 \ + cabextract \ + cpio\ + freeze \ + lhasa \ + libzeromq-perl \ + lzop \ + melt \ + nomarch \ + pax \ + p7zip \ + p7zip-full \ + p7zip-rar \ + rpm \ + tar \ + tnef \ + ripole \ + rar \ + unrar \ + unrar-free \ + unzip \ + zip \ + zoo" +for _pkg in $_needed_decoders_amavis ; do + if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then + continue + else + needed_decoders_amavis="$needed_decoders_amavis $_pkg" + fi +done +if [[ -n "$needed_decoders_amavis" ]]; then + DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_decoders_amavis > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +echononl " Install CPAN Modules mostly needed for decoding" +installation_failed=false +_needed_cpan_modules=" + Digest::SHA1 + Digest::SHA2 + Digest::SHA256 + Encode::Detect + Net::Patricia" +for _module in $_needed_cpan_modules ; do + cpanm -q --skip-installed $_module > "$tmp_err_msg" 2>&1 + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi +done +if ! $installation_failed ; then + echo_ok +fi + + +## - Quarantine Directories +## - +echo "" +echononl " Create Quarantine Directories" +mkdir -p ${QUARANTINE_DIR}/{spam,virus,banned,bad-headers,spammy} > /dev/null 2> $tmp_err_msg +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Set Permissions on Quarantine Directories" +installation_failed=false +chown -R amavis:amavis $QUARANTINE_DIR +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +chmod 750 $QUARANTINE_DIR +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +chmod 750 ${QUARANTINE_DIR}/{spam,virus,banned,bad-headers,spammy} > /dev/null 2> $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + + +## - Configure amavis in /etc/amavis/conf.d +## - +## - write all changes and customization to a seperate +## - file named "50-user", which will load at end of +## - configuration and overwrites the (debian)-default values +## - + +_config_file=/etc/amavis/conf.d/50-user +_date="$(date +%Y-%m-%d-%H%M)" +if [[ ! -f "/etc/amavis/$(basename ${_config_file}).ORIG" ]]; then + echononl " Save installation version of ${_config_file} (Suffix \".ORIF\")" + cp -a "$_config_file" "/etc/amavis/$(basename ${_config_file}).ORIG" > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echononl " Backup $_config_file" + cp -a "$_config_file" "/etc/amavis/$(basename ${_config_file}).${_date}" 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + + +echononl " Create new configuration \"/etc/amavis/conf.d/50-user\"" +installation_failed=false +cat << EOF > /etc/amavis/conf.d/50-user +use strict; + +# +# Place your configuration directives here. They will override those in +# earlier files. +# +# See /usr/share/doc/amavisd-new/ for documentation and examples of +# the directives you can use in this file +# + +# Ports to listen on +# +# 10024: default listening port +# 10026: used for whitelisting IP's (trusted networks) +# +# Notice: take care, to configure postfix sending mails from +# trusted networks to port 10026 +# +# Example for postfix configuration: +# +# /etc/postfix/amavis_client_whitelist: +# 83.223.73.205/32 FILTER amavisfeed:[127.0.0.1]:10026 +# 2a01:30:1fff:fd00::205/128 FILTER amavisfeed:[127.0.0.1]:10026 +# +# /etc/postfix/main.cf +# ... +# smtpd_client_restrictions = +# check_client_access cidr:/etc/postfix/amavis_client_whitelist +# ... +# +# !! Only possible if using postfix with conten_filter instead of !! +# !! smtpd_proxy_filter - see master.cf !! +# +# +#$inet_socket_port = [10024, 10026]; + +# Bypass spam checking fro trusted networks +# +#\$interface_policy{'10026'} = 'TRUSTED'; +#\$policy_bank{'TRUSTED'} = { +# bypass_spam_checks_maps => [1], +# bypass_header_checks_maps => [1], +# final_spam_destiny => D_PASS, +# $final_bad_header_destiny = D_PASS, +#}; + + +## - 7 instances seems to be a good value. +## - +\$max_servers = 7; + + +## - overrides settings in 01-debian +## - + +\$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; #disabled (non-free, no security support) +\$unrar = ['rar', 'unrar']; #disabled (non-free, no security support) +\$lha = 'lha'; #disabled (non-free, no security support) +\$tnef = 'tnef'; + + +## - overrides settings in 15-content_filter_mode +## - + +## - Default antivirus checking mode +## - +@bypass_virus_checks_maps = ( + \%bypass_virus_checks, \@bypass_virus_checks_acl, + \$bypass_virus_checks_re); + + +## - Default SPAM checking mode +## - +@bypass_spam_checks_maps = ( + \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); + + +## - overrides settings in 20-debian_defaults +## - + + +\$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) +\$final_banned_destiny = D_DISCARD; # D_REJECT when front-end MTA +#\$final_spam_destiny = D_DISCARD; +\$final_spam_destiny = D_BOUNCE; +#\$final_bad_header_destiny = D_PASS; # False-positive prone (for spam) + +\$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level +\$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level + +## - user / domain specific settings +## - example for \$sa_tag2_level_deflt: +## - +#\$sa_tag2_level_deflt = { +# # oopen.de +# 'oopen.de'=>'2.1', +# 'ckubu@oopen.de'=>'2.2', +# 'argus@oopen.de'=>'2.3', +# # k8h.de +# 'k8h.de'=>'6.5', +# # default +# '.'=>'5.1' +#}; + +\$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass +#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent + +## - We will inform the sender about bouncing his mail with a DSN (Delivery +## - StatusNotification). That DSN message will no be send, if the spamvalue +## - exceeds the value of sa_dsn_cutoff_level +## - +\$sa_dsn_cutoff_level = 20; + + +## - change the default server response if mail was blocked +## - because of spam. +## - +## - results in (is an example): +## - : host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, Mailserver +## - at a.mx.oopen.de: identified as SPAM - (in reply to end of DATA command) +## - +%smtp_reason_by_ccat = ( + CC_SPAM, "Mailserver at \$myhostname: identified as SPAM - %x" +); + +\$sa_spam_subject_tag = undef; +#\$sa_spam_subject_tag = '***SPAM*** '; + + +## - QUARANTINE +## - +\$QUARANTINEDIR = "$QUARANTINE_DIR"; +\$quarantine_subdir_levels = 0; + + +## - don't store mails in quarantine directory +## - +#\$virus_quarantine_method = undef; +#\$spam_quarantine_method = undef; +#\$banned_files_quarantine_method = undef; +#\$bad_header_quarantine_method = undef; + +## - store mails in quarantine directory +## - +\$virus_quarantine_method = 'local:virus/virus-%m'; +\$spam_quarantine_method = 'local:spam/spam-%m.gz'; +\$banned_files_quarantine_method = 'local:banned/banned-%m'; +\$bad_header_quarantine_method = 'local:bad-headers/badh-%m'; +\$clean_quarantine_method = undef; +\$archive_quarantine_method = undef; + +#\$virus_admin ="$QUARANTINE_ADMIN"; +#\$spam_admin = "$QUARANTINE_ADMIN"; +#\$banned_admin = "$QUARANTINE_ADMIN"; +#\$bad_header_admin = "$QUARANTINE_ADMIN"; +\$virus_admin = undef; +\$spam_admin = undef; +\$banned_admin = undef; +\$bad_header_admin = undef; + + +# Pass SPAMMY but quarantine and inform admin +# +\$quarantine_to_maps_by_ccat{+CC_SPAMMY} = \\@spam_quarantine_to_maps ; +\$quarantine_method_by_ccat{+CC_SPAMMY} = 'local:spammy/spammy-%m.gz' ; +\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS ; +\$admin_maps_by_ccat{+CC_SPAMMY} = sub { ca('spam_admin_maps') }; + + +# Bypass spam checking fro trusted networks using mynetworks +# +# list of trusted IPs: +# +# - $HOSTNAME ($IPV4 [${IPV6}]) +# +#\@mynetworks = qw( 127.0.0.0/8 [::1] 83.223.86.162 [2a01:30:1fff:a::162] ); +# +#\$policy_bank{'MYNETS'} = { # clients in @mynetworks +# bypass_spam_checks_maps => [1], # don't spam-check internal mail +# bypass_header_checks_maps => [1], # don't header-check internal mail +# final_spam_destiny => D_PASS, +# final_bad_header_destiny => D_PASS, +# #remove_existing_x_scanned_headers => undef, +# #remove_existing_spam_headers => undef, +#}; +#\$remove_existing_x_scanned_headers = 0; +#\$remove_existing_spam_headers = 0; + +# allow all mail from local IPs: +#\$policy_bank{'MYNETS'} = { # clients in @mynetworks +# bypass_spam_checks_maps => [1], # don't spam-check internal mail +# bypass_header_checks_maps => [1], # don't header-check internal mail +# final_spam_destiny => D_PASS, +# final_bad_header_destiny => D_PASS, +#}; + + +## - Amavisd-New scans all mail passing through it for viruses, but will +## - only hand mail for local delivery off to SA for checking - you tell +## - it which domains are local using the @local_domains_maps variable, +## - which by default is set to the value of \$mydomain & its subdomains: +## - +#@local_domains_maps = ( ["."] ); + + +## - get rid of "Open Relay" warnings in amavis logfile. +## - +\$interface_policy{'10024'} = 'ORIGINATING'; +\$policy_bank{'ORIGINATING'} = { + originating => 1, # declare that mail was submitted by our smtp client +}; + +## - If you get am error like: +## - +## - amavis[9766]: () (!)DENIED ACCESS from IP $IPV4, policy bank 'ORIGINATING' +## - +## - you must add your ip address to @inet_acl +## - +#@inet_acl = qw( 127.0.0.1 [::1] $IPV4 ); +#\$inet_socket_bind = undef; + +EOF +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi + +if [[ "$DB_TYPE" = "PostgreSQL" ]]; then + + cat >> /etc/amavis/conf.d/50-user <> /etc/amavis/conf.d/50-user <> /etc/amavis/conf.d/50-user < syslog; false (e.g. 0) => logging to file +\$DO_SYSLOG = 1; # (defaults to 0) + +\$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis') +#\$syslog_facility = 'mail'; # Syslog facility as a string +\$syslog_facility = 'local0'; # Syslog facility as a string + # e.g.: mail, daemon, user, local0, ... local7, ... +\$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, + # choose from: emerg, alert, crit, err, warning, notice, info, + # debug + +# Log file (if not using syslog) +#\$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log) + +#NOTE: levels are not strictly observed and are somewhat arbitrary +# 0: startup/exit/failure messages, viruses detected +# 1: args passed from client, some more interesting messages +# 2: virus scanner output, timing +# 3: server, client +# 4: decompose parts +# 5: more debug details +\$log_level = 1; # (defaults to 0), -d + + +## - amavis add a tag "***UNCHECKED***" if mail was not +## - checked. to get rid of that tag add: +## - +\$undecipherable_subject_tag = undef; + + +## - get rid of warning messages to postmaster if content is unchecked (that occurs +## - i.e. if mail is encrypted +## - +delete \$admin_maps_by_ccat{&CC_UNCHECKED}; + + +## - Replace "localhost" in the mailheader +## - +\$localhost_name = "amavis.${HOSTNAME}"; + +## - DKIM +## - +#\$enable_dkim_verification = 1; # enable DKIM signatures verification +#\$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key +#dkim_key('oopen.de', 'main', '/etc/amavis/dkim/dkim-key.pem'); +#dkim_key('mbr-berlin.de', 'main', '/etc/amavis/dkim/dkim-key.pem'); +#dkim_key ... +#\@dkim_signature_options_bysender_maps = ( +# { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); + + + +#------------ Do not modify anything below this line ------------- +1; # ensure a defined return +EOF +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + +if [[ -f "/etc/amavis/$(basename ${_config_file}).${_date}" ]]; then + if diff "${_config_file}" "/etc/amavis/$(basename ${_config_file}).${_date}" > /dev/null 2>&1 ; then + info "${_config_file} has not changed.\n\t Removing previos created backup.." + rm "/etc/amavis/$(basename ${_config_file}).${_date}" + fi +fi + +echononl " Set permissions on \"/etc/amavis/conf.d/50-user\"" +chmod 644 /etc/amavis/conf.d/50-user > /dev/null 2> $tmp_err_msg +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + + +## - Configure syslogd matching the configuration od amavisd +## - +echononl " Configure syslogd matching the configuration of amavis" +cat << EOF > /etc/rsyslog.d/amavis.conf +## - amavis +## - +local0.* -/var/log/amavis.log +& ~ +EOF +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed +fi + +echononl " Create empty file \"/var/log/amavis.log\"" +touch /var/log/amavis.log > /dev/null 2> $tmp_err_msg +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Set permissions on \"/var/log/amavis.log\"" +installation_failed=false +chmod 644 /var/log/amavis.log > /dev/null 2> $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +chown amavis:amavis /var/log/amavis.log> /dev/null 2> $tmp_err_msg +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +if ! $installation_failed ; then + echo_ok +fi + + +echononl " Restart syslog daemon (rsyslog)" +if $systemd_exists ; then + systemctl restart rsyslog > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/rsyslog restart > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + + +## - Add a crontab to cleanup the quarantine folder +## - +echononl " Add a cronjob to cleanup the quarantine folder" +if ! grep -i -E "find\s+${QUARANTINE_DIR}/spam\s+-type\s+f\s+" /var/spool/cron/crontabs/root > /dev/null 2>&1; then + installation_failed=false + crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + + cat << EOF >> /tmp/tmp_crontab + +# - Remove old quarantined messages (>30 days). +# - +# - Spam +0 3 * * * find ${QUARANTINE_DIR}/spam -type f -name "spam-*" -mtime +30 -exec rm {} \; +# - Spammy +0 3 * * * find ${QUARANTINE_DIR}/spammy -type f -name "spammy-*" -mtime +30 -exec rm {} \; +# - Virus +0 3 * * * find ${QUARANTINE_DIR}/virus -type f -name "virus-*" -mtime +30 -exec rm {} \; +# - Banned files +0 3 * * * find ${QUARANTINE_DIR}/banned -type f -name "banned-*" -mtime +30 -exec rm {} \; +# - Bad headers +0 3 * * * find ${QUARANTINE_DIR}/bad-headers -type f -name "badh-*" -mtime +30 -exec rm {} \; +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" + fi + if ! $installation_failed ; then + echo_ok + fi +else + echo_skipped +fi + + + +## - Install logrotate-script for amavis +## - +echononl " Install logrotate-script for amavis" +cat < /etc/logrotate.d/amavis +/var/log/amavis.log { + daily + start 0 + rotate 7 + missingok + compress + delaycompress + notifempty + create 644 amavis amavis + copytruncate +} +EOF +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed +fi + + +## - Set up /etc/postfix/master +## - +## - Forward emails to amavis using "Pre-Queue" Option smtpd_proxy_filter +## - +## - edit /etc/postfix/master.cf and add flags for "smtpd_proxy_filter" (to +## - forward to amavis service on localhost port 10024) and for "content_filter" +## - (to avoid rechecking by "Post-Queue" content_filter) to smtp service +## - +## - smtp inet n - - - - smtpd +## - -o smtpd_proxy_filter=127.0.0.1:10024 +## - -o content_filter= +## - +## - take care, that, in case NOT to reject, amavis fowards the mail to the +## - MTA (Postfix) for delivering. To avoid loops in checking, install a +## - (Postfix) smtpd service on a local Port (10025) without checking anymore +## - +## - to do this edit /etc/postfix/master.cf and add service: +## - +## - localhost:10025 inet n - - - - smtpd +## - -o content_filter= +## - -o smtpd_proxy_filter= +## - -o smtpd_authorized_xforward_hosts=127.0.0.0/8 +## - -o smtpd_client_restrictions= +## - -o smtpd_helo_restrictions= +## - -o smtpd_sender_restrictions= +## - -o smtpd_recipient_restrictions=permit_mynetworks,reject +## - -o smtpd_data_restrictions= +## - -o mynetworks=127.0.0.0/8,<$_ipv4_address/32> +## - -o receive_override_options=no_unknown_recipient_checks +## - +postfix_master_cf="/etc/postfix/master.cf" +_date=$(date +%Y-%m-%d-%H%M) +echo "" +echononl " Backup file \"${postfix_master_cf}\"" +cp -a $postfix_master_cf "${postfix_master_cf}.$_date" > /dev/null 2> $tmp_err_msg +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Create new file \"${postfix_master_cf}\"" +_found=false +if grep -iq -E "^localhost:10025" "$postfix_master_cf" > /dev/null 2>&1 ; then + localhost_10025_present=true +else + localhost_10025_present=false +fi +> $postfix_master_cf +while IFS='' read -r _line || [[ -n $_line ]] ; do + + if echo "$_line" | grep -i -E "^\s*smtp\s+inet\s+" > /dev/null 2>&1 ; then + _found=true + cat >> $postfix_master_cf << EOF +smtp inet n - - - - smtpd + -o smtpd_proxy_filter=127.0.0.1:10024 + -o content_filter= +EOF + if ! $localhost_10025_present ; then + cat >> $postfix_master_cf << EOF +localhost:10025 inet n - - - - smtpd + -o content_filter= + -o smtpd_proxy_filter= + -o smtpd_authorized_xforward_hosts=127.0.0.0/8 + -o smtpd_client_restrictions= + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_data_restrictions= + -o mynetworks=127.0.0.0/8 + -o receive_override_options=no_unknown_recipient_checks + #-o mynetworks=127.0.0.0/8,${IPV4}/32 +EOF + fi + continue + fi + + if $localhost_10025_present && echo "$_line" | grep -i -E "^localhost:10025" > /dev/null 2>&1 ; then + _found=true + cat >> $postfix_master_cf << EOF +localhost:10025 inet n - - - - smtpd + -o content_filter= + -o smtpd_proxy_filter= + -o smtpd_authorized_xforward_hosts=127.0.0.0/8 + -o smtpd_client_restrictions= + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_data_restrictions= + -o mynetworks=127.0.0.0/8 + -o receive_override_options=no_unknown_recipient_checks + #-o mynetworks=127.0.0.0/8,${IPV4}/32 +EOF + continue + fi + + # - [[:blank:]] means space and tab. This makes it similar to: [ \t] + # - [[:space;]] in addition to space and tab, includes newline, linefeed, formfeed, + # - and vertical tab. This makes it similar to: [ \t\n\r\f\v] + # - + #if [[ $_line =~ ^[[:space:]]+[^[:space:]]+ ]] && $_smtp_found ; then + # - + if [[ $_line =~ ^[[:blank:]]+[^[:space:]]+ ]] && $_found ; then + continue + fi + _found=false + + echo "$_line" >> $postfix_master_cf +done < "${postfix_master_cf}.$_date" + +echo_done +warn "Please check file \"$postfix_master_cf\" !" + + +# --- +# --- Restart Services +# --- + + +echo +echo -e "\033[37m\033[1mRestart Services..\033[m" +echo +echononl " Restart AmaViS" +if $systemd_exists ; then + systemctl restart amavis > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/amavis restart > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi +echononl " Restart Postfix" +if $systemd_exists ; then + systemctl restart postfix > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/postfix restart > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + + +#fi # if $ommit ; then +# ------------------------------- + + + + +rm $tmp_err_msg +echo "" +exit 0