#!/usr/bin/env bash _QUARANTINE_ADMIN='postmaster\@$mydomain' QUARANTINE_ADMIN=$_QUARANTINE_ADMIN # ------------- # --- Some functions # ------------- echononl(){ echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n "$*\\c" 1>&2 else echo -e -n "$*" 1>&2 fi rm /tmp/shprompt$$ } fatal(){ echo "" echo -e "fatal error: $*" echo "" echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" echo "" exit 1 } error(){ echo "" echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" echo "" } warn (){ echo "" echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" echo "" } info (){ echo "" echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo "" } echo_done() { echo -e "\033[80G[ \033[32mdone\033[m ]" } echo_ok() { echo -e "\033[80G[ \033[32mok\033[m ]" } echo_warning() { echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" } echo_failed(){ echo -e "\033[80G[ \033[1;31mfailed\033[m ]" } echo_skipped() { echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" } # - Is this a systemd system? # - if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false else systemd_exists=true fi echo "" script_dir="$(realpath $(dirname $0))" conf_file="${script_dir}/conf/install_amavis.conf" if [[ -f "$conf_file" ]]; then source $conf_file fi #clear #echo "" #echo -e "\033[32m--\033[m" #echo "" #echononl "Run with Install Script with previous settings (yes/no): " #read OK #OK=${OK,,} #if [[ "X$OK" = "X" ]] ; then # OK=yes #fi #while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do # echononl "Wrong entry! [yes/no]: " # read OK # OK=${OK,,} #done #[[ $OK = yes ]] && skip_interactive_use=true # #if $skip_interactive_use ; then # #HOSTNAME=$_HOSTNAME #IPV4=$_IPV4 #IPV6=$_IPV6 # #QUARANTINE_DIR=$_QUARANTINE_DIR #QUARANTINE_ADMIN=$_QUARANTINE_ADMIN # #DB_IN_USE=$_DB_IN_USE #DB_TYPE=$_DB_TYPE #DB_HOST=$_DB_HOST #DB_NAME=$_DB_NAME #DB_USER=$_DB_USER #DB_PASS=$_DB_PASS #INSTALL_CLAMAV_UNOFFICIAL_SIGS=$_INSTALL_CLAMAV_UNOFFICIAL_SIGS #MALWARE_PATROL_IN_USE=$_MALWARE_PATROL_IN_USE #MALWERE_PATROL_FREE=$_MALWERE_PATROL_FREE #MP_RECEIPT_NUMBER=$_MP_RECEIPT_NUMBER #SECURITE_INFO_IN_USE=$_SECURITE_INFO_IN_USE #SI_AUTHORISATION_SIGNATURE=$_SI_AUTHORISATION_SIGNATURE # #else #clear #echo -e "\033[21G\033[32mInstallation script for AMaViS, Spamassassin and ClamAV\033[m" #echo clear echo -e "\033[21G\033[32mInstallation script for AMaViS, Spamassassin and ClamAV\033[m" echo HOSTNAME= echo "" echo -e "\033[32m--\033[m" echo "" echo "Insert hostname" echo "" if [[ -n "$_HOSTNAME" ]]; then echononl "hostname [${_HOSTNAME}]: " read HOSTNAME if [[ "X${HOSTNAME}" = "X" ]]; then HOSTNAME=$_HOSTNAME fi else while [[ "X${HOSTNAME}" = "X" ]]; do echononl "hostname: " read HOSTNAME if [[ "X${HOSTNAME}" = "X" ]]; then echo -e "\n\t\033[33m\033[1mHostname is reqired\033[m\n" fi done fi IPV4= echo "" echo -e "\033[32m--\033[m" echo "" echo "Insert IPv4 address" echo "" if [[ -n "$_IPV4" ]]; then echononl "IPv4 address [${_IPV4}]: " read IPV4 if [[ "X${IPV4}" = "X" ]]; then IPV4=$_IPV4 fi else while [[ "X${IPV4}" = "X" ]]; do echononl "IPv4 address: " read IPV4 if [[ "X${IPV4}" = "X" ]]; then echo -e "\n\t\033[33m\033[1mIPv4 address is reqired\033[m\n" fi done fi IPV6= echo "" echo -e "\033[32m--\033[m" echo "" echo "Insert IPv6 address" echo "Type:" echo -e "\t\033[33mNone\033[m if IPv6 is not suppoerted" echo "" if [[ -n "$_IPV6" ]]; then [[ "X$_IPV6" = "Xdisabled" ]] && _IPV6=None echononl "IPv6 address [${_IPV6}]: " read IPV6 if [[ "X${IPV6}" = "X" ]]; then IPV6=$_IPV6 fi else while [[ "X${IPV6}" = "X" ]]; do echononl "IPv6 address: " read IPV6 if [[ "X${IPV6}" = "X" ]]; then echo -e "\n\t\033[33m\033[1mIPv4 address is reqired\033[m\n" fi done fi if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then IPV6=disabled fi echo "" echo -e "\033[32m--\033[m" echo "" echo "Insert quarantine directory" echo "" echo "" QUARANTINE_DIR= if [[ -n "$_QUARANTINE_DIR" ]] ; then while [[ "X$QUARANTINE_DIR" = "X" ]]; do echononl "Quarantine Directory [$_QUARANTINE_DIR]: " read QUARANTINE_DIR if [[ "X$QUARANTINE_DIR" = "X" ]]; then QUARANTINE_DIR=$_QUARANTINE_DIR fi done else while [[ "X$QUARANTINE_DIR" = "X" ]]; do echononl "Quarantine Directory: " read QUARANTINE_DIR if [[ "X$QUARANTINE_DIR" = "X" ]]; then echo -e "\n\t\033[33m\033[1mQuarantine Directory is reqired\033[m\n" fi done fi echo "" echo -e "\033[32m--\033[m" echo "" echo "Should ClamAV unofficial Singatures be installed?" echo "" if [[ -z "$_INSTALL_CLAMAV_UNOFFICIAL_SIGS" ]]; then echononl "Install ClamAV unofficial Singatures (yes/no): " else if $_INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then echononl "Install ClamAV unofficial Singatures [yes]: " else echononl "Install ClamAV unofficial Singatures [no]: " fi fi read _TMP_INSTALL_CUS _TMP_INSTALL_CUS=${_TMP_INSTALL_CUS,,} while [ "X$_TMP_INSTALL_CUS" != "Xyes" -a "X$_TMP_INSTALL_CUS" != "Xno" ]; do if [[ -z "$_INSTALL_CLAMAV_UNOFFICIAL_SIGS" ]]; then echononl "Wrong entry! (yes/no): " read _TMP_INSTALL_CUS _TMP_INSTALL_CUS=${_TMP_INSTALL_CUS,,} else if [ "X$_TMP_INSTALL_CUS" != "Xyes" -a "X$_TMP_INSTALL_CUS" != "Xno" ]; then if $_INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then _TMP_INSTALL_CUS=yes else _TMP_INSTALL_CUS=no fi fi fi done if [[ "$_TMP_INSTALL_CUS" = "yes" ]] ; then INSTALL_CLAMAV_UNOFFICIAL_SIGS=true else INSTALL_CLAMAV_UNOFFICIAL_SIGS=false fi if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then echo "" echo -e "\033[32m--\033[m" echo "" echo "Load MalwarePatrol Signatures (https://www.malwarepatrol.net)?" echo "" echo "Note: You have to sign up for an account. For a free account thats here:" echo " https://www.malwarepatrol.net/signup-free.shtml" echo "" if [[ -z "$_MALWARE_PATROL_IN_USE" ]]; then echononl "Load MalwarePatrol Singatures (yes/no): " else if $_MALWARE_PATROL_IN_USE ; then echononl "Load MalwarePatrol Singatures [yes]: " else echononl "Load MalwarePatrol Singatures [no]: " fi fi read _TMP_LOAD_MP _TMP_LOAD_MP=${_TMP_LOAD_MP,,} while [ "X$_TMP_LOAD_MP" != "Xyes" -a "X$_TMP_LOAD_MP" != "Xno" ]; do if [[ -z "$_MALWARE_PATROL_IN_USE" ]]; then echononl "Wrong entry! (yes/no): " read _TMP_LOAD_MP _TMP_LOAD_MP=${_TMP_LOAD_MP,,} else if [ "X$_TMP_LOAD_MP" != "Xyes" -a "X$_TMP_LOAD_MP" != "Xno" ]; then if [[ "X$_TMP_LOAD_MP" = "X" ]]; then if $_MALWARE_PATROL_IN_USE ; then _TMP_LOAD_MP=yes else _TMP_LOAD_MP=no fi else if $_MALWARE_PATROL_IN_USE ; then echononl "Wrong entry! [yes]: " else echononl "Wrong entry! [no]: " fi read _TMP_LOAD_MP fi fi fi done if [[ "$_TMP_LOAD_MP" = "yes" ]] ; then MALWARE_PATROL_IN_USE=true else MALWARE_PATROL_IN_USE=false fi if $MALWARE_PATROL_IN_USE ; then echo "" echo "" echo "Are you using a free account from MalwarePatrol?" echo "" echo "" if [[ -z "$_MALWERE_PATROL_FREE" ]] ; then echononl " Using fgree acount from MalwarePatrol? (yes/no): " else if $_MALWERE_PATROL_FREE ; then echononl "Using free acount from MalwarePatrol? [yes]: " else echononl "Using free acount from MalwarePatrol? [no]: " fi fi read _TMP_FREE_MP _TMP_FREE_MP=${_TMP_FREE_MP,,} while [ "X$_TMP_FREE_MP" != "Xyes" -a "X$_TMP_FREE_MP" != "Xno" ]; do if [[ -z "$_MALWERE_PATROL_FREE" ]]; then echononl "Wrong entry! (yes/no): " read _TMP_FREE_MP _TMP_FREE_MP=${_TMP_FREE_MP,,} else if [ "X$_TMP_FREE_MP" != "Xyes" -a "X$_TMP_FREE_MP" != "Xno" ]; then if [[ "X$_TMP_FREE_MP" = "X" ]]; then if $_MALWERE_PATROL_FREE ; then _TMP_FREE_MP=yes else _TMP_FREE_MP=no fi else if $_MALWERE_PATROL_FREE ; then echononl "Wrong entry! [yes]: " else echononl "Wrong entry! [no]: " fi read _TMP_FREE_MP fi fi fi done if [[ "$_TMP_FREE_MP" = "yes" ]] ; then MALWERE_PATROL_FREE=true else MALWERE_PATROL_FREE=false fi echo "" echo -e "\033[32m--\033[m" echo "" echo "Insert receipt number for MalwarePatrol Account" echo "" echo "" MP_RECEIPT_NUMBER= if [[ -n "$_MP_RECEIPT_NUMBER" ]] ; then while [[ "X$MP_RECEIPT_NUMBER" = "X" ]]; do echononl "MalwarePatrol receipt number [$_MP_RECEIPT_NUMBER]: " read MP_RECEIPT_NUMBER if [[ "X$MP_RECEIPT_NUMBER" = "X" ]]; then MP_RECEIPT_NUMBER=$_MP_RECEIPT_NUMBER fi done else while [[ "X$MP_RECEIPT_NUMBER" = "X" ]]; do echononl "MalwarePatrol receipt number: " read MP_RECEIPT_NUMBER if [[ "X$MP_RECEIPT_NUMBER" = "X" ]]; then echo -e "\n\t\033[33m\033[1mMalwarePatrol receipt number is reqired\033[m\n" fi done fi fi echo "" echo -e "\033[32m--\033[m" echo "" echo "Load SecuriteInfo Signatures (https://www.securiteinfo.com)?" echo "" echo "Note: You have to sign up for an account. For a free account thats here:" echo " https://www.securiteinfo.com/clients/customers/signup" echo "" if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then echononl "Load SecuriteInfo Singatures (yes/no): " else if $_SECURITE_INFO_IN_USE ; then echononl "Load SecuriteInfo Singatures [yes]: " else echononl "Load SecuriteInfo Singatures [no]: " fi fi read _TMP_LOAD_SI _TMP_LOAD_SI=${_TMP_LOAD_SI,,} while [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; do if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then echononl "Wrong entry! (yes/no): " read _TMP_LOAD_SI _TMP_LOAD_SI=${_TMP_LOAD_SI,,} else if [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; then if [[ "X$_TMP_LOAD_SI" = "X" ]]; then if $_SECURITE_INFO_IN_USE ; then _TMP_LOAD_SI=yes else _TMP_LOAD_SI=no fi else if $_SECURITE_INFO_IN_USE ; then echononl "Wrong entry! [yes]: " else echononl "Wrong entry! [no]: " fi read _TMP_LOAD_SI fi fi fi done if [[ "$_TMP_LOAD_SI" = "yes" ]] ; then SECURITE_INFO_IN_USE=true else SECURITE_INFO_IN_USE=false fi if $SECURITE_INFO_IN_USE ; then echo "" echo -e "\033[32m--\033[m" echo "" echo "Insert SecuriteInfo Authorisation Signature" echo "" echo "" SI_AUTHORISATION_SIGNATURE= if [[ -n "$_SI_AUTHORISATION_SIGNATURE" ]] ; then while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do echononl "SecuriteInfo Authorisation Signature [$(echo ${_SI_AUTHORISATION_SIGNATURE:0:4})..$(echo ${_SI_AUTHORISATION_SIGNATURE: -4})]: " read SI_AUTHORISATION_SIGNATURE if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then SI_AUTHORISATION_SIGNATURE=$_SI_AUTHORISATION_SIGNATURE fi done else while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do echononl "SecuriteInfo Authorisation Signature: " read SI_AUTHORISATION_SIGNATURE if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then echo -e "\n\t\033[33m\033[1mSecuriteInfo Authorisation Signature is reqired\033[m\n" fi done fi fi fi if [[ -n "$_DB_IN_USE" ]]; then DB_IN_USE=$_DB_IN_USE else DB_IN_USE=false fi DB_TYPE="" echo "" echo -e "\033[32m--\033[m" echo "" echo "Are a database for lookup loca domains in use?" echo "" if [[ "$_DB_TYPE" = "MySQL" ]] ; then echo -e "\033[37m\033[1m[1] MySQL\033[m" else echo "[1] MySQL" fi if [[ "$_DB_TYPE" = "PostgreSQL" ]] ; then echo -e "[2] \033[37m\033[1mPostgeSQL\033[m" else echo "[2] PostgeSQL" fi if ! $DB_IN_USE ; then echo -e "[3] \033[37m\033[1mSkip (No Database in use)\033[m" else echo "[3] Skip (No Database in use)" fi echo "" echo "Type a number or press to choose highlighted value" echo "" echononl "Eingabe: " while [ "$DB_TYPE" != "MySQL" -a "$DB_TYPE" != "PostgreSQL" -a "$DB_TYPE" != "None" ];do read OPTION case $OPTION in 1) DB_TYPE="MySQL" DB_IN_USE=true ;; 2) DB_TYPE="PostgreSQL" DB_IN_USE=true ;; 3) DB_TYPE="None" DB_IN_USE=false ;; '') DB_TYPE=$_DB_TYPE ;; *) echo "" echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL , 3 = Skip] or type " echo "" echononl "Eingabe: " ;; esac done if $DB_IN_USE ; then echo "" echo "" echo "Insert Database Host" echo "" DB_HOST= if [[ -n "$_DB_HOST" ]] ; then while [[ "X$DB_HOST" = "X" ]]; do echononl "Database Host [$_DB_HOST]: " read DB_HOST if [[ "X$DB_HOST" = "X" ]]; then DB_HOST=$_DB_HOST fi done else while [[ "X$DB_HOST" = "X" ]]; do echononl "Database Host: " read DB_HOST if [[ "X$DB_HOST" = "X" ]]; then echo -e "\n\t\033[33m\033[1mA Database Host is reqired\033[m\n" fi done fi echo "" echo "" echo "Insert Database Name" echo "" DB_NAME= if [[ -n "$_DB_NAME" ]] ; then while [[ "X$DB_NAME" = "X" ]]; do echononl "Database Name [$_DB_NAME]: " read DB_NAME if [[ "X$DB_NAME" = "X" ]]; then DB_NAME=$_DB_NAME fi done else while [[ "X$DB_NAME" = "X" ]]; do echononl "Database Name: " read DB_NAME if [[ "X$DB_NAME" = "X" ]]; then echo -e "\n\t\033[33m\033[1mA Database Name is reqired\033[m\n" fi done fi echo "" echo "" echo "Insert Database User" echo "" DB_USER= if [[ -n "$_DB_USER" ]] ; then while [[ "X$DB_USER" = "X" ]]; do echononl "Database User [$_DB_USER]: " read DB_USER if [[ "X$DB_USER" = "X" ]]; then DB_USER=$_DB_USER fi done else while [[ "X$DB_USER" = "X" ]]; do echononl "Database User: " read DB_USER if [[ "X$DB_USER" = "X" ]]; then echo -e "\n\t\033[33m\033[1mA Database User is reqired\033[m\n" fi done fi echo "" echo "" echo "Insert Database Password" echo "" DB_PASS= if [[ -n "$_DB_PASS" ]] ; then while [[ "X$DB_PASS" = "X" ]]; do echononl "Database Password [$_DB_PASS]: " read DB_PASS if [[ "X$DB_PASS" = "X" ]]; then DB_PASS=$_DB_PASS fi done else while [[ "X$DB_PASS" = "X" ]]; do echononl "Database Password: " read DB_PASS if [[ "X$DB_PASS" = "X" ]]; then echo -e "\n\t\033[33m\033[1mA Database Password is reqired\033[m\n" fi done fi else DB_HOST=$_DB_HOST DB_NAME=$_DB_NAME DB_USER=$_DB_USER DB_PASS=$_DB_PASS fi #fi # if $skip_interactive_use clear echo "" echo "" echo -e "\033[21G\033[32mStart Installation/Configuration of AMaViS with the following parameters\033[m" echo "" echo -e "\tHostname...............................: $HOSTNAME" echo -e "\tIPv4 address...........................: $IPV4" echo -e "\tIPv6 address...........................: $IPV6" echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR" echo "" echo -e "\tInstall ClamAv Unoffical Sigs .........: $QUARANTINE_DIR" if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then echo -e "\tInstall Signatures from MalwarePatrol..: $MALWARE_PATROL_IN_USE" if $MALWARE_PATROL_IN_USE ; then echo -e "\t Free MalwarePatrol account..........: $MALWERE_PATROL_FREE" echo -e "\t MalwarePatrol receipt number........: $MP_RECEIPT_NUMBER" fi echo -e "\tInstall Signatures from SecuriteInfo...: $SECURITE_INFO_IN_USE" if $SECURITE_INFO_IN_USE ; then echo -e "\t SecuriteInfo auth signature.........: $(echo ${SI_AUTHORISATION_SIGNATURE:0:4})..$(echo ${SI_AUTHORISATION_SIGNATURE: -4})" fi fi echo "" echo -e "\tDatabase in use........................: $INSTALL_CLAMAV_UNOFFICIAL_SIGS" if $DB_IN_USE ; then echo -e "\t Database type.......................: $DB_TYPE" echo -e "\t Database host.......................: $DB_HOST" echo -e "\t Database name.......................: $DB_NAME" echo -e "\t Database user.......................: $DB_USER" echo -e "\t Database password...................: $DB_PASS" fi warn "Don't forget to oopen TCP Port 873 and TCP Port 443.\n\n It's needed by ClamAV Unofficial Signatures Installation" echo "" echononl "einverstanden (yes/no): " read OK OK=${OK,,} while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do echononl "Wrong entry! [yes/no]: " read OK OK=${OK,,} done [ $OK = "yes" ] || fatal Repeat with other settings.. echo "" echo "" echononl " Save Configuration" cat << EOF > $conf_file # --- # - Parametersettins postfix bases system # --- _HOSTNAME=$HOSTNAME _IPV4=$IPV4 _IPV6=$IPV6 _QUARANTINE_DIR=$QUARANTINE_DIR _QUARANTINE_ADMIN=$QUARANTINE_ADMIN _DB_IN_USE=$DB_IN_USE _DB_TYPE=$DB_TYPE _DB_HOST=$DB_HOST _DB_NAME=$DB_NAME _DB_USER=$DB_USER _DB_PASS=$DB_PASS _INSTALL_CLAMAV_UNOFFICIAL_SIGS=$INSTALL_CLAMAV_UNOFFICIAL_SIGS _MALWARE_PATROL_IN_USE=$MALWARE_PATROL_IN_USE _MALWERE_PATROL_FREE=$MALWERE_PATROL_FREE _MP_RECEIPT_NUMBER=$MP_RECEIPT_NUMBER _SECURITE_INFO_IN_USE=$SECURITE_INFO_IN_USE _SI_AUTHORISATION_SIGNATURE=$SI_AUTHORISATION_SIGNATURE EOF if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi tmp_err_msg=$(mktemp) # ------------------------------- #ommit=true #if ! $ommit ; then echo echo -e "\033[37m\033[1mSome pre-installation tasks..\033[m" echo # - Install Prerequisites from debian package system # - echononl " Install prerequisites from debian package system" _needed_packages_base="libnet-ldap-perl \ libauthen-sasl-perl \ libsnmp-perl \ libdbd-mysql \ libdbd-mysql-perl \ libdbd-pgsql \ libdbd-pg-perl \ libdbi-perl \ libdbi-dev \ g++ \ cpanminus" for _pkg in $_needed_packages_base ; do if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then continue else needed_packages_base="$needed_packages_base $_pkg" fi done if [[ -n "$needed_packages_base" ]]; then DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages_base > /dev/null 2> "$tmp_err_msg" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Install database related CPAN Modules" installation_failed=false _needed_cpan_modules="CPAN DBI DBD::mysql DBD::Pg" for _module in $_needed_cpan_modules ; do cpanm -q --skip-installed $_module > "$tmp_err_msg" 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi done if ! $installation_failed ; then echo_ok fi ## - Install package amavisd-new NOW, because we need at least the existence ## - of the AmaViS user (amavis) befor finally installation and configuration ## - of AmaViS itself. ## - echononl " Install packages \"amavisd-new\"" _pkg=amavisd-new if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then echo_skipped else DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > "$tmp_err_msg" 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echo echo -e "\033[37m\033[1mGoing to install Spamassassin..\033[m" echo echononl " Install packages needed for Spamassassin" _needed_packages_spamassassin="spamassassin razor \ pyzor \ libio-socket-ssl-perl \ libdbi-perl \ libmail-dkim-perl \ libmail-spf-perl \ libgeo-ipfree-perl \ libnet-ident-perl \ libio-zlib-perl \ libio-string-perl \ libimage-info-perl \ libnet-cidr-lite-perl \ libgeo-ip-perl \ geoip-bin \ libgeoip-dev \ geoip-database \ re2c \ ftp \ ncftp \ less" for _pkg in $_needed_packages_spamassassin ; do if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then continue else needed_packages_spamassassin="$needed_packages_spamassassin $_pkg" fi done if [[ -n "$needed_packages_spamassassin" ]]; then DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages_spamassassin > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi ## - Download a sample spam file. For testing purpose you can feed it to spamassassin: ## - ## - # cp /root/sample-spam.txt /tmp ## - # cd /tmp ## - # su amavis -c 'spamassassin -D $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cp -a /tmp/sample-spam.txt /root > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi echo "" echo -e " \033[37m\033[1mConfigure Pyzor..\033[m" info "Open firewall outgoing port 2441 for Pyzor" ## - Pyzor configuration ## - ## - Here we supply the hostname of the Pyzor server to Pyzor (for both the ## - 'root' and 'amavis' users). This will create a .pyzor directory in both ## - user's home directories, and place the server's hostname in a 'servers' file ## - therein: ## - echononl " Run pyzor discover (places server's hostname in file ~/.pyzor/servers)" installation_failed=false pyzor discover > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi su amavis -c 'pyzor discover' > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi ## - Pyzor Ping should show 'OK'. If not, then it's possible your firewall is ## - blocking udp replies from 82.94.255.100 or 188.40.77.236 (public.pyzor.org ## - port 24441), or the server may simply be slow to respond (often the case). ## - echononl " Ping test for server's hostname" installation_failed=false if ! pyzor ping 2> $tmp_err_msg | grep "'OK'" > /dev/null 2>&1 ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! su amavis -c 'pyzor ping' 2> $tmp_err_msg | grep "'OK'" > /dev/null 2>&1 ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi echo "" echo -e " \033[37m\033[1mConfigure Razor2..\033[m" info "Open firewall outgoing port 2703 for Razor2" _date="$(date +%Y-%m-%d-%H%M)" ## - This next section gets Razor2 up and running and copies its files where ## - both root and amavis expect to find them. ## - ## - SpamAssassin is designed to enable each user to have their own settings and ## - data. This section will make both users happy. ## - ## - This is because if we are debugging SpamAssassin or Razor or Pyzor or DCC, ## - we want to be able to do so with spamassassin -D $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Backup directory \"/root/.razor.\"" if [[ -d /root/.razor ]] ; then mv /root/.razor /root/.razor."${_date}" > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi ## - Razor2 (Spamassassin Plugin) ## - ## - Razor configuration ## - ## - This next section configures Razor; sets the exclusive "razorhome" and ## - makes both root and amavis happy in their attempts to figure out "where ## - in the heck are the Razor2 configuration files"? ## - echononl " Create \"razor-agent.conf\" in (user root)" razor-admin -create > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi ## - Registers a new identity, used for authenticating with Razor Nomination Servers. ## - Identities are a user + password pair stored in "/identity-" ## - echononl " Registers a new identity (user root)" razor-admin -register > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi ## - Now edit root's razor configuration file: ## - ## - and change the line: ## - debuglevel = 3 ## - to: ## - debuglevel = 0 ## - echononl " Adjust /root/.razor/razor-agent.conf" perl -i -n -p -e "s#^(\s*)(debuglevel\s*=).*#\1\2 0#" /root/.razor/razor-agent.conf > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi ## - Backup razor's configuration directory of user amavis if exists ## - _home_amavais=$(realpath ~amavis) echononl " Backup directory \"${_home_amavais}/.razor\"" if [[ -d "${_home_amavais}/.razor" ]] ; then mv ${_home_amavais}/.razor ${_home_amavais}/.razor."${_date}" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi ## - Copy root's .razor directory and files to the amavis user's home directory ## - echononl " Copy root's razor configuration to user \"amavis\" (${_home_amavais}/.razor)" installation_failed=false cp -r /root/.razor ${_home_amavais}/ > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi chown -R amavis:amavis ${_home_amavais}/.razor > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok if [[ -d "${_home_amavais}/.razor.${_date}" ]] ; then echononl " Delete previous created backup \"${_home_amavais}/.razor.${_date}\"" rm -r "${_home_amavais}/.razor.${_date}" > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi if [[ -d "/root/.razor.${_date}" ]] ; then echononl " Delete previous created backup \"/root/.razor.${_date}\"" rm -r "/root/.razor.${_date}" > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi fi ## - Aadd a cronjob for razor2 updates ## - ## - echononl " add a cronjob for razor2 updates" if ! grep -i -E "/usr/bin/razor-admin\s+-discover" /var/spool/cron/crontabs/root > /dev/null 2>&1; then installation_failed=false crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cat << EOF >> /tmp/tmp_crontab # - Update razor2 # - 33 0 * * * su amavis -lc '/usr/bin/razor-admin -discover' EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi else echo_skipped fi echo "" echo -e " \033[37m\033[1mConfigure Distributed Checksum Clearinghouses (DCC)..\033[m" info "Open firewall outgoing port UDP 6277 and if DCC Server is running\n also in- and outfoing port TCP 6277." if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then echononl " An instance off dccifd ist already running. Stop it now." installation_failed=false if $systemd_exists ; then systemctl stop adcc > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi else /etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi fi if ! $installation_failed ; then echo_ok fi fi _dcc_src_dir="$script_dir" _archiv=dcc-dccproc.tar.Z echononl " Create archive directory \"$_dcc_src_dir\"" mkdir -p "$_dcc_src_dir" > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Download archide \"$_archiv\"" wget -O ${_dcc_src_dir}/$_archiv http://www.dcc-servers.net/dcc/source/$_archiv > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Determin archiv directory.." archiv_dir="${_dcc_src_dir}/$(dirname $(tar -tzf ${_dcc_src_dir}/$_archiv | head -n 1) 2> $tmp_err_msg)" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Backup directory \"$archiv_dir\" if exists" if [[ -d "$archiv_dir" ]]; then mv "${archiv_dir}" "${archiv_dir}.$(date +%Y-%m-%d-%H%M)" > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Unpack \"${_dcc_src_dir}/$_archiv\"" tar xzvf ${_dcc_src_dir}/$_archiv -C $_dcc_src_dir > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Change into directory \"$archiv_dir\"" cd $archiv_dir if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Configure dcc" ./configure --with-uid=amavis > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Compile dcc" make > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi _lib_dir_dcc=/var/dcc echononl " Backup directory \"${_lib_dir_dcc}\" if exists" if [[ -d "$_lib_dir_dcc" ]]; then mv "${_lib_dir_dcc}" "${_lib_dir_dcc}.$(date +%Y-%m-%d-%H%M)" > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Install dcc" make install > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi ## - Update file ownership: #echononl " Update directory/file ownership of /var/dcc" #chown -R amavis:amavis /var/dcc > $tmp_err_msg 2>&1 #make install > $tmp_err_msg 2>&1 #if [[ $? -eq 0 ]] ; then # echo_ok #else # echo_failed # error "$(cat $tmp_err_msg)" #fi ## - Add cronjob for updating and cleaning up dcc ## - ## - echononl " Add a cronjob for updating and cleaning up dcc" if ! grep -i -E "/var/dcc/libexec/cron-dccd" /var/spool/cron/crontabs/root > /dev/null 2>&1; then installation_failed=false crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cat << EOF >> /tmp/tmp_crontab # - Cleaning up dcc (Distributed Checksum Clearinghouses) # - 13 1 * * * /var/dcc/libexec/cron-dccd EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi else echo_skipped fi _config_file=/var/dcc/dcc_conf installation_failed=false echononl " Adjust configuration file \"${_config_file}\"" perl -i -n -p -e "s#^([ ]*\ *)(DCCIFD_ENABLE\s*=.*)#\#\#\1\2\nDCCIFD_ENABLE=on#" \ $_config_file > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi perl -i -n -p -e "s#^([ ]*\ *)(DBCLEAN_LOGDAYS\s*=.*)#\#\#\1\2\nDBCLEAN_LOGDAYS=1#" \ $_config_file > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi echononl " Install start script (rcDCC) to automatically start dccifd at boot time" installation_failed=false cp /var/dcc/libexec/rcDCC /etc/init.d/adcc > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if $systemd_exists ; then systemctl enable adcc > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi else update-rc.d adcc defaults > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi fi if ! $installation_failed ; then echo_ok fi echononl " Start daemon dccifd" if $systemd_exists ; then systemctl start adcc > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/adcc start > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi info "You can test DCC with command \033[37m\033[1mcdcc info\033[m\n\n You should get 'requests ok' from the servers but 'not answering' from 127.0.0.1 is expected." #fi # if $ommit ; then # ------------------------------- echo "" echo -e " \033[37m\033[1mConfigure Spamassassin..\033[m" ## - Backup existing SpamAssassin's main configuration file /etc/spamassassin/local.cf ## - _config_file=/etc/spamassassin/local.cf _date="$(date +%Y-%m-%d-%H%M)" if [[ ! -f "${_config_file}.ORIG" ]]; then echononl " Save installation version of ${_config_file} (Suffix \".ORIF\")" cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echononl " Backup $_config_file" cp -a "$_config_file" "${_config_file}.${_date}" 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Determin IP-Addresses for trusted systems" TRUSTED_MAIL_SYSTEMS="a.mx.oopen.de b.mx.oopen.de c.mx.oopen.de d.mx.oopen.de" _msg_trusted="clear_trusted_networks " _msg_internal="clear_internal_networks " for _mx_server in $TRUSTED_MAIL_SYSTEMS ; do installation_failed=false if [[ "$_mx_server" = "$HOSTNAME" ]]; then _msg_trusted="$_msg_trusted # - $HOSTNAME #trusted_networks $IPV4" _msg_internal="$_msg_internal # - $HOSTNAME #internal_networks $IPV4" if [[ -n "$IPV6" ]]; then _msg_trusted="$_msg_trusted #trusted_networks $IPV6" _msg_internal="$_msg_internal #internal_networks $IPV6" fi continue fi _ipv4_server_addr="$(dig +short $_mx_server A)" if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi _ipv6_server_addr="$(dig +short $_mx_server AAAA)" if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then if [[ -n "$_ipv4_server_addr" ]] ; then _msg_trusted="$_msg_trusted # - $_mx_server trusted_networks $_ipv4_server_addr" _msg_internal="$_msg_internal # - $_mx_server internal_networks $_ipv4_server_addr" if [[ -n "$_ipv6_server_addr" ]]; then _msg_trusted="$_msg_trusted trusted_networks $_ipv6_server_addr" _msg_internal="$_msg_internal internal_networks $_ipv6_server_addr" fi fi fi done if ! $installation_failed ; then echo_ok fi ## - Create new configuration file /etc/spamassassin/local.cf ## - ## - see also perldoc Mail::SpamAssassin::Conf ## - echononl " Create new configuration file /etc/spamassassin/local.cf" cat << EOF > /etc/spamassassin/local.cf 2>$tmp_err_msg # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # ########################################################################### # Add *****SPAM***** to the Subject header of spam e-mails # # rewrite_header Subject *****SPAM***** # Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # # report_safe 1 report_safe 0 # Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # # # Our own IP's # # Notice: i decided not to trust our own ip's, because i want # to filter also mails from local users out EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi echo "$_msg_trusted" >> /etc/spamassassin/local.cf echo "" >> /etc/spamassassin/local.cf echo "$_msg_internal" >> /etc/spamassassin/local.cf cat << EOF >> /etc/spamassassin/local.cf 2>$tmp_err_msg # Set file-locking method (flock is not safe over NFS, but is faster) # # lock_method flock lock_method flock # Set the threshold at which a message is considered spam (default: 5.0) # # required_score 5.0 required_score 5.1 # Use Bayesian classifier (default: 1) # # use_bayes 1 use_bayes 1 bayes_path /var/lib/amavis/.spamassassin/bayes # Bayesian classifier auto-learning (default: 1) # # bayes_auto_learn 1 bayes_auto_learn_threshold_spam 10.0 bayes_auto_learn_threshold_nonspam -0.5 # NOTE: Since there is a script that runs each day to --force-expire old # Bayes tokens "/etc/cron.daily/amavisd-new" (make sure there is if # you use this setting!), we can set: # bayes_auto_expire 0 # Set headers which may provide inappropriate cues to the Bayesian # classifier # # bayes_ignore_header X-Bogosity # bayes_ignore_header X-Spam-Flag # bayes_ignore_header X-Spam-Status bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status # Optional: # Some people believe auto-whitelist is more of a liability than an asset: # #use_auto_whitelist 1 #auto_whitelist_path /var/lib/amavis/.spamassassin/auto-whitelist # Optional: # We will normally have DNS available: # dns_available yes # Enable or disable network checks # skip_rbl_checks 1 use_razor2 1 razor_timeout 8 use_dcc 1 dcc_home /var/dcc use_pyzor 1 pyzor_timeout 8 # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. # ok_locales all # Local delivery uses this flag to distinguish between possible spam # and ham # # Again: in our setup wee NEED to set the spam flag # add_header spam Flag _YESNOCAPS_ # Some shortcircuiting, if the plugin is enabled # ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # default: strongly-whitelisted mails are *really* whitelisted now, if the # shortcircuiting plugin is active, causing early exit to save CPU load. # Uncomment to turn this on # # shortcircuit USER_IN_WHITELIST on # shortcircuit USER_IN_DEF_WHITELIST on # shortcircuit USER_IN_ALL_SPAM_TO on # shortcircuit SUBJECT_IN_WHITELIST on shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_ALL_SPAM_TO on shortcircuit SUBJECT_IN_WHITELIST on # the opposite; blacklisted mails can also save CPU # # shortcircuit USER_IN_BLACKLIST on # shortcircuit USER_IN_BLACKLIST_TO on # shortcircuit SUBJECT_IN_BLACKLIST on shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_BLACKLIST_TO on shortcircuit SUBJECT_IN_BLACKLIST on # if you have taken the time to correctly specify your "trusted_networks", # this is another good way to save CPU # # shortcircuit ALL_TRUSTED on shortcircuit ALL_TRUSTED on # and a well-trained bayes DB can save running rules, too # # shortcircuit BAYES_99 spam # shortcircuit BAYES_00 ham shortcircuit BAYES_99 spam shortcircuit BAYES_00 ham endif # Mail::SpamAssassin::Plugin::Shortcircuit EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi if [[ -f "${_config_file}.${_date}" ]]; then if diff "${_config_file}" "${_config_file}.${_date}" ; then info "${_config_file} has not changed.\n\t Removing previos created backup.." rm "${_config_file}.${_date}" fi fi # - Adjust /etc/spamassassin/v310.pre # - _config_file=/etc/spamassassin/v310.pre _date="$(date +%Y-%m-%d-%H%M)" _backup_file="" if [[ ! -f "${_config_file}.ORIG" ]]; then echononl " Save installation version of ${_config_file} (Suffix \".ORIF\")" cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi _backup_file="${_config_file}.ORIG" else echononl " Backup $_config_file" cp -a "$_config_file" "${_config_file}.${_date}" 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi _backup_file="${_config_file}.${_date}" fi installation_failed=false _adjusted=false echononl " Adjust configuration file \"${_config_file}\"" if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::AWL" $_config_file > /dev/null 2>&1 ; then perl -i -n -p -e "s#^([ ]*\ *)(\#loadplugin Mail::SpamAssassin::Plugin::AWL.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::AWL#" \ $_config_file > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi _adjusted=true fi if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::TextCat" $_config_file > /dev/null 2>&1 ; then perl -i -n -p -e "s#^([ ]*\ *)(\#loadplugin Mail::SpamAssassin::Plugin::TextCat.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::TextCat#" \ $_config_file > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi _adjusted=true fi if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::DCC" $_config_file > /dev/null 2>&1 ; then perl -i -n -p -e "s#^([ ]*\ *)(\#loadplugin Mail::SpamAssassin::Plugin::DCC.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::DCC#" \ $_config_file > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi _adjusted=true fi if ! $installation_failed ; then if $_adjusted ; then echo_ok else echo_skipped [[ -f "$_backup_file" ]] && rm "$_backup_file" fi fi # - Adjust /etc/spamassassin/v312.pre # - _config_file=/etc/spamassassin/v312.pre _date="$(date +%Y-%m-%d-%H%M)" _backup_file="" if [[ ! -f "${_config_file}.ORIG" ]]; then echononl " Save installation version of ${_config_file} (Suffix \".ORIG\")" cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok _backup_file=${_config_file}.ORIG else echo_failed error "$(cat $tmp_err_msg)" fi else echononl " Backup $_config_file" cp -a "$_config_file" "${_config_file}.${_date}" 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok _backup_file=${_config_file}.${_date} else echo_failed error "$(cat $tmp_err_msg)" fi fi installation_failed=false _adjusted=false echononl " Adjust configuration file \"${_config_file}\"" if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::DKIM" $_config_file > /dev/null 2>&1 ; then perl -i -n -p -e "s#^([ ]*\ *)(\#\s*loadplugin Mail::SpamAssassin::Plugin::DKIM.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::DKIM#" \ $_config_file > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi _adjusted=true fi if ! $installation_failed ; then if $_adjusted ; then echo_ok else echo_skipped [[ -f "$_backup_file" ]] && rm "$_backup_file" fi fi # - Adjust /etc/spamassassin/v320.pre # - _config_file=/etc/spamassassin/v320.pre _date="$(date +%Y-%m-%d-%H%M)" _backup_file="" if [[ ! -f "${_config_file}.ORIG" ]]; then echononl " Save installation version of ${_config_file} (Suffix \".ORIG\")" cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi _backup_file="${_config_file}.ORIG" else echononl " Backup $_config_file" cp -a "$_config_file" "${_config_file}.${_date}" 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi _backup_file="${_config_file}.${_date}" fi installation_failed=false _adjusted=false echononl " Adjust configuration file \"${_config_file}\"" if ! grep -i -E "\s*^loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody" $_config_file > /dev/null 2>&1 ; then perl -i -n -p -e "s#^([ ]*\ *)(\#\s*loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody.*)#\1\2\nloadplugin Mail::SpamAssassin::Plugin::Rule2XSBody#" \ $_config_file > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi _adjusted=true fi if ! $installation_failed ; then if $_adjusted ; then echo_ok else echo_skipped [[ -f "$_backup_file" ]] && rm "$_backup_file" fi fi # - Enable nightly cronjob for spamassassin # - # - edit /etc/default/spamassassin and set: # - CRON=1 # - _config_file=/etc/default/spamassassin installation_failed=false echononl " Adjust \"$_config_file\" (set CRON=1)" if ! grep -i -E "\s*^CRON\s*=\s*1" $_config_file > /dev/null 2>&1 ; then perl -i -n -p -e "s#^([ ]*\#?\ *)(CRON\ *=.*)#\#\#\1\2\nCRON=1#" $_config_file > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi # - Add a cronjob for cleaning up bayes # - echononl " Add a cronjob for updating clamav (and freshclam) packages" if ! grep -i -E "/usr/bin/sa-learn\s+--sync" /var/spool/cron/crontabs/root > /dev/null 2> $tmp_err_msg ; then installation_failed=false crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cat << EOF >> /tmp/tmp_crontab # - Cleanup sa bayes for espired entries # - 33 3 * * * su amavis -lc "/usr/bin/sa-learn --sync >/dev/null" ; su amavis -lc "/usr/bin/sa-learn --sync --force-expire >/dev/null" EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi else echo_skipped fi # - !! Notice !! # - if su clamav -c 'spamassassin --lint' failed ( with warn # - message "warn: Use of uninitialized value $type in numeric..") # - reading "/etc/spamassassin/local.cf": razor_timeout 8, have a look # - at SpamAssassin/Plugin/Razor2.pm line 118: # - # - type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATIION, # - # - Should be: # - # - type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATION, # - # - see also: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7018 # - _file=/usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm if [[ ! -f ${_file}.ORIG ]] ; then echononl " Save \"${_file}\" (suffix \".ORIG\")" cp -a ${_file} ${_file}.ORIG > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Repair \"${_file}\"" if grep CONF_TYPE_DURATIION $_file > /dev/null 2> $tmp_err_msg ; then perl -i -n -p -e "s/CONF_TYPE_DURATIION/CONF_TYPE_DURATION/" $_file > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Run \"sa-update\"" sa-update -v > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else if grep "Update finished, no fresh updates were available" $tmp_err_msg > /dev/null 2>&1 ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Run \"sa-compile\"" sa-compile > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi # - Test Installation. It's important, that all completes without error # - installation_failed=false echononl " Test Installation. It's important, that all completes without error." _pwd=$(pwd) cd /tmp > /dev/null 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi su amavis -c 'spamassassin --lint' > /dev/null 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cd "$_pwd" > /dev/null 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi # - SpamAssassin Rules # - # - updates.spamassassin.org is used automatically # - and you have to do nothing, because "sa-update" # - has done the update from updates.spamassassin.org. install # - a cronjob for doing this periodically. for better understanding, # - i added that rules (from spamassassin.apache.org) here # - # - Add SpamAssassin Rules from spamassassin.apache.org # - installation_failed=false echononl " Add SpamAssassin Rules from spamassassin.apache.org" wget -O /etc/spamassassin/GPG.KEY https://spamassassin.apache.org/updates/GPG.KEY > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi sa-update --import /etc/spamassassin/GPG.KEY > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi rm /etc/spamassassin/GPG.KEY if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! grep 5244EC45 /etc/spamassassin/sa_keys > /dev/null 2>&1 ; then echo "5244EC45" >> /etc/spamassassin/sa_keys if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi fi if ! grep updates.spamassassin.org /etc/spamassassin/sa_channel > /dev/null 2>&1 ; then echo "updates.spamassassin.org" >> /etc/spamassassin/sa_channel if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi fi if ! $installation_failed ; then echo_ok fi echononl " Update Rules" sa-update -v --channelfile /etc/spamassassin/sa_channel --gpgkeyfile /etc/spamassassin/sa_keys > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else if grep "Update finished, no fresh updates were available" $tmp_err_msg > /dev/null 2>&1 ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Add Rules from Heinlein Support" sa-update -v --nogpg --channel spamassassin.heinlein-support.de > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else if grep "Update finished, no fresh updates were available" $tmp_err_msg > /dev/null 2>&1 ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Compile Rules (sa-compile) again" sa-compile > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi # - Test Installation. It's important, that all completes without error # - installation_failed=false echononl " Test Installation. It's important, that all completes without error." _pwd=$(pwd) cd /tmp > /dev/null 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi su amavis -c 'spamassassin --lint' > /dev/null 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cd "$_pwd" > /dev/null 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi # - Create a update-script using sa.update # - if [[ ! -d "/root/bin" ]]; then echononl " Create directory \"/root/bin\"" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Create an update-script using sa.update" cat > /root/bin/sa-update.sh < 1 ]]; then echo "problem with sa-update" fi sa-update --allowplugins --channelfile /etc/spamassassin/sa_channel --gpgkeyfile /etc/spamassassin/sa_keys code2=\$? if [[ \$code2 > 1 ]]; then echo "problem with sa-update using channelfile.." fi ## - Get rules from heinlein-support.de ## - ## - see: ## - https://www.heinlein-support.de/blog/news/aktuelle-spamassassin-regeln-von-heinlein-support/ ## - sa-update --nogpg --channel spamassassin.heinlein-support.de code3=\$? if [[ \$code3 > 1 ]]; then echo "problem with sa-update using channel spamassassin.heinlein-support.de.." fi if [[ \`expr \$code1 + \$code2 + \$code3\` < 4 ]]; then spamassassin --lint code4=\$? if [[ \$code4 = 0 ]]; then #svc -h /service/spamd #/etc/init.d/spamassassin restart > /dev/null /etc/init.d/amavis restart >/dev/null else echo "spamassassin failed to lint" fi fi # Fixup perms -- group and other should be able to read and execute, # but never write. Works around sa-compile's failure to obey umask. if [ -d /var/lib/spamassassin ]; then chown -R debian-spamd:debian-spamd /var/lib/spamassassin chmod -R go-w,go+rX /var/lib/spamassassin chmod 700 /var/lib/spamassassin/sa-update-keys chmod 600 /var/lib/spamassassin/sa-update-keys/* fi if [ -d /var/lib/amavis ]; then chown -R amavis:amavis /var/lib/amavis fi EOF if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi echononl " Make \"/root/bin/sa-update.sh\" executable" chmod 755 /root/bin/sa-update.sh > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi # - Add a cronjob for spamassassin updates # - echononl " Add a cronjob for spamassassin updates" if ! grep -i -E "/root/bin/sa-update.sh" /var/spool/cron/crontabs/root > /dev/null 2>&1; then installation_failed=false crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cat << EOF >> /tmp/tmp_crontab # - Update spamassassin rules # - 33 1 * * * /root/bin/sa-update.sh EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi else echo_skipped fi # - Create an update-script that will run sa-compile # - if [[ ! -d "/root/bin" ]]; then echononl " Create directory \"/root/bin\"" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Create an update-script running sa-compile" cat > /root/bin/sa-compile.sh < /dev/null 2>&1 fi code1=\$? if [[ \$code1 > 0 ]]; then echo "problem with sa-compile, turning off Rule2XSBody plugin" sed -i 's/loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/#loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/' /etc/spamassassin/v320.pre test -x /usr/sbin/amavisd-new || exit 0 /etc/init.d/amavis restart >/dev/null else sed -i 's/#\ *loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/' /etc/spamassassin/v320.pre test -x /usr/sbin/amavisd-new || exit 0 /etc/init.d/amavis restart >/dev/null fi # Fixup perms -- group and other should be able to read and execute, # but never write. Works around sa-compile's failure to obey umask. if [ -d /var/lib/spamassassin ]; then chown -R debian-spamd:debian-spamd /var/lib/spamassassin chmod -R go-w,go+rX /var/lib/spamassassin chmod 700 /var/lib/spamassassin/sa-update-keys chmod 600 /var/lib/spamassassin/sa-update-keys/* fi if [ -d /var/lib/amavis ]; then chown -R amavis:amavis /var/lib/amavis fi EOF if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi echononl " Make \"/root/bin/sa-compile.sh\" executable" chmod 755 /root/bin/sa-compile.sh > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi # - Add a cronjob for compiling rules # - echononl " Add a cronjob for compiling rules" if ! grep -i -E "/root/bin/sa-compile.sh" /var/spool/cron/crontabs/root > /dev/null 2>&1; then installation_failed=false crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cat << EOF >> /tmp/tmp_crontab # - Compiling rules (SpamAssassin) # - 53 0 * * * /root/bin/sa-compile.sh EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi else echo_skipped fi echononl " Restart spamassassin" if $systemd_exists ; then systemctl restart spamassassin > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/spamassassin restart > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi info "You can test spamassassin by typing:\n\n \033[37m\033[1msu amavis -lc 'spamassassin -D /dev/null 2>&1 ; then continue else needed_packages_clamav="$needed_packages_clamav $_pkg" fi done if [[ -n "$needed_packages_clamav" ]]; then DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages_clamav > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi # - Add user clamav to group amavis in order to giv clamav the needed # - rights to e-mails # - echononl " Add user clamv to group amavis" usermod -a -G amavis clamav > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Stop ClamAv daemon.." if $systemd_exists ; then systemctl stop clamav-daemon > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/clamav-daemon stop /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Stop ClamAv freshclam.." if $systemd_exists ; then systemctl stop clamav-freshclam if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/clamav-freshclam stop /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Initial run of freshclam.." freshclam > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Start ClamAv daemon.." if $systemd_exists ; then systemctl start clamav-daemon > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/clamav-daemon start /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Start ClamAv freshclam.." if $systemd_exists ; then systemctl start clamav-freshclam if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/clamav-freshclam start /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi ## - Add cronjob for updating clamav (and freshclam) packages ## - ## - echononl " Add a cronjob for updating clamav (and freshclam) packages" if ! grep -i -E "/usr/bin/apt-get\s+.*clamav-daemon" /var/spool/cron/crontabs/root > /dev/null 2>&1; then installation_failed=false crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cat << EOF >> /tmp/tmp_crontab # - Update clamav (and freshclam) software packages # - 03 0 * * * /usr/bin/apt-get update > /dev/null ; PATH=/bin:/sbin:/usr/bin:/usr/sbin /usr/bin/apt-get -y install clamav clamav-base clamav-docs clamav-daemon clamav-freshclam > /dev/null EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi else echo_skipped fi if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then ## - ClamAV Unofficial Signatures ## - ## - Use ClamAV Unofficial Signatures Updater: ## - https://github.com/extremeshok/clamav-unofficial-sigs/releases ## - ## - See readme file: ## - https://github.com/extremeshok/clamav-unofficial-sigs ## - echo "" echo -e " \033[37m\033[1mClamAV Unofficial Signatures..\033[m" echononl " Install (debian package) socat" _pkg=socat if aptitude search " $_pkg " | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then echo_skipped else DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Install CPAN Module IO::Socket::UNIX" _module="IO::Socket::UNIX" cpanm -q --skip-installed $_module > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Cloning repository \"clamav-unofficial-sigs.git\".." installation_failed=false if [[ -d "/tmp/clamav-unofficial-sigs" ]]; then rm -rf "/tmp/clamav-unofficial-sigs" > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi fi git clone https://github.com/extremeshok/clamav-unofficial-sigs.git /tmp/clamav-unofficial-sigs > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi echononl " Copy \"clamav-unofficial-sigs.sh\" to /usr/local/sbin/" cp -a /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs.sh /usr/local/sbin/ > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Make /usr/local/sbin/clamav-unofficial-sigs.sh executable" chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi _create_dirs="/var/log/clamav-unofficial-sigs /etc/clamav-unofficial-sigs" for _create_dir in $_create_dirs ; do echononl " Create directory \"${_create_dir}\"" if [[ -d "$_create_dir" ]]; then echo_skipped else mkdir "$_create_dir" > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi done echononl " Copy Configuration files to /etc/clamav-unofficial-sigs" cp -a /tmp/clamav-unofficial-sigs/config/* /etc/clamav-unofficial-sigs > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi ## - For Debian Jessie (Debian 8) ## - echononl " At directory /etc/clamav-unofficial-sigs copy os.debian8.conf to os.conf" cp /etc/clamav-unofficial-sigs/os.debian8.conf /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi ## - Edit /etc/clamav-unofficial-sigs/os.conf and make changes if needed ## - ## - Maybe the following changes are needed: ## - clam_user="clamav" ## - clam_group="clamav" ## - ## - clamd_pid="/var/run/clamav/clamd.pid" ## - ## - clamd_restart_opt="systemctl restart clamav-daemon" ## - clamd_reload_opt="systemctl reload clamav-daemon" ## - or if debian 7 ## - clamd_restart_opt="service clamav-daemon restart" ## - clamd_reload_opt="service clamav-daemon reload" ## - ## - clamd_socket="/var/run/clamav/clamd.ctl" ## - echononl " Adjust /etc/clamav-unofficial-sigs/os.conf" installation_failed=false perl -i -n -p -e "s#^([ ]*\ *)(clam_user=.*)#\#\#\1\2\nclam_user=\"clamav\"#" \ /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi perl -i -n -p -e "s#^([ ]*\ *)(clam_group=.*)#\#\#\1\2\nclam_group=\"clamav\"#" \ /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi perl -i -n -p -e "s#^([ ]*\ *)(clamd_pid=.*)#\#\#\1\2\nclamd_pid=\"/var/run/clamav/clamd.pid\"#" \ /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if $systemd_exists ; then perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_restart_opt=.*)#\#\#\1\2\nclamd_restart_opt=\"systemctl restart clamav-daemon\"\nclamd_reload_opt=\"systemctl reload clamav-daemon\"#" \ /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi else perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_restart_opt=.*)#\#\#\1\2\nclamd_restart_opt=\"service clamav-daemon restart\"\nclamd_reload_opt=\"service clamav-daemon reload\"#" \ /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi fi perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_socket=.*)#\#\#\1\2\nclamd_socket=\"/var/run/clamav/clamd.ctl\"#" \ /etc/clamav-unofficial-sigs/os.conf > $tmp_err_msg 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi echononl " Adjust /etc/clamav-unofficial-sigs/user.conf" cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg # -------------------------------------- # --- Begin: User specific modifications # --- Inserted by install-script "$(basename "$0")" at $(date +"%Y-%m-%d %H:%M") EOF if $MALWARE_PATROL_IN_USE || $SECURITE_INFO_IN_USE ; then if $MALWARE_PATROL_IN_USE ; then cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg malwarepatrol_receipt_code="$MP_RECEIPT_NUMBER" malwarepatrol_list="clamav_basic" EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if $MALWERE_PATROL_FREE ; then cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg malwarepatrol_product_code="8" malwarepatrol_free="yes" EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi else cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg malwarepatrol_product_code="15" malwarepatrol_free="no" EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi fi fi # if $MALWARE_PATROL_IN_USE if $SECURITE_INFO_IN_USE ; then cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg securiteinfo_authorisation_signature="$SI_AUTHORISATION_SIGNATURE" EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi fi # if $SECURITE_INFO_IN_USE fi #if $MALWARE_PATROL_IN_USE || $SECURITE_INFO_IN_USE cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg # - Disable Yara-Rule set, because (some?) pgp mails where blocked. # - yararulesproject_enabled="no" user_configuration_complete="yes" # --- End: User specific modifications" # ------------------------------------- EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi echononl " Copy Systemd Configurations to /etc/systemd" cp /tmp/clamav-unofficial-sigs/systemd/* /etc/systemd/ > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Adjust /etc/systemd/clamav-unofficial-sigs.service" perl -i -n -p -e "s#^([ ]*\ *)(ExecStart=.*)#\#\#\1\2\nExecStart=/usr/local/sbin/clamav-unofficial-sigs.sh#" \ /etc/systemd/clamav-unofficial-sigs.service > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Install Cron configs" /usr/local/sbin/clamav-unofficial-sigs.sh --install-cron > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Install logrotate configuration" /usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Install man (help) file" /usr/local/sbin/clamav-unofficial-sigs.sh --install-man > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echo " First Usage to initialise ClamAV unofficial sigs" echo -n " see /var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log" /usr/local/sbin/clamav-unofficial-sigs.sh > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Remove git repository /tmp/clamav-unofficial-sigs" rm -rf /tmp/clamav-unofficial-sigs > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi # if $INSTALL_CLAMAV_UNOFFICIAL_SIGS # --- # --- Install AMaVis # --- echo echo -e "\033[37m\033[1mGoing to install AMaVis..\033[m" echo echononl " Install packages needed for AMaVis" _needed_packages_amavis="amavisd-new" for _pkg in $_needed_packages_amavis ; do if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then continue else needed_packages_amavis="$needed_packages_amavis $_pkg" fi done if [[ -n "$needed_packages_amavis" ]]; then DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages_amavis > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Install some decoders needed for AMaVis" _needed_decoders_amavis=" alien \ arc \ arj \ binutils \ bzip2 \ cabextract \ cpio\ lhasa \ lzop \ liblz4-tool \ lrzip \ melt \ nomarch \ pax \ p7zip \ p7zip-full \ p7zip-rar \ rpm \ tar \ tnef \ ripole \ rar \ unrar \ unrar-free \ unzip \ zip \ zoo" #libzeromq-perl \ #freeze \ for _pkg in $_needed_decoders_amavis ; do if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then continue else needed_decoders_amavis="$needed_decoders_amavis $_pkg" fi done if [[ -n "$needed_decoders_amavis" ]]; then DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_decoders_amavis > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Install CPAN Modules mostly needed for decoding" installation_failed=false _needed_cpan_modules=" Digest::SHA1 Digest::SHA2 Digest::SHA256 Encode::Detect Net::Patricia" for _module in $_needed_cpan_modules ; do cpanm -q --skip-installed $_module > "$tmp_err_msg" 2>&1 if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi done if ! $installation_failed ; then echo_ok fi ## - Quarantine Directories ## - echo "" echononl " Create Quarantine Directories" mkdir -p ${QUARANTINE_DIR}/{spam,virus,banned,bad-headers,spammy} > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Set Permissions on Quarantine Directories" installation_failed=false chown -R amavis:amavis $QUARANTINE_DIR if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi chmod 750 $QUARANTINE_DIR if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi chmod 750 ${QUARANTINE_DIR}/{spam,virus,banned,bad-headers,spammy} > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi ## - Configure amavis in /etc/amavis/conf.d ## - ## - write all changes and customization to a seperate ## - file named "50-user", which will load at end of ## - configuration and overwrites the (debian)-default values ## - _config_file=/etc/amavis/conf.d/50-user _date="$(date +%Y-%m-%d-%H%M)" if [[ ! -f "/etc/amavis/$(basename ${_config_file}).ORIG" ]]; then echononl " Save installation version of ${_config_file} (Suffix \".ORIF\")" cp -a "$_config_file" "/etc/amavis/$(basename ${_config_file}).ORIG" > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echononl " Backup $_config_file" cp -a "$_config_file" "/etc/amavis/$(basename ${_config_file}).${_date}" 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Create new configuration \"/etc/amavis/conf.d/50-user\"" installation_failed=false cat << EOF > /etc/amavis/conf.d/50-user use strict; # # Place your configuration directives here. They will override those in # earlier files. # # See /usr/share/doc/amavisd-new/ for documentation and examples of # the directives you can use in this file # # Ports to listen on # # 10024: default listening port # 10026: used for whitelisting IP's (trusted networks) # # Notice: take care, to configure postfix sending mails from # trusted networks to port 10026 # # Example for postfix configuration: # # /etc/postfix/amavis_client_whitelist: # 83.223.73.205/32 FILTER amavisfeed:[127.0.0.1]:10026 # 2a01:30:1fff:fd00::205/128 FILTER amavisfeed:[127.0.0.1]:10026 # # /etc/postfix/main.cf # ... # smtpd_client_restrictions = # check_client_access cidr:/etc/postfix/amavis_client_whitelist # ... # # !! Only possible if using postfix with conten_filter instead of !! # !! smtpd_proxy_filter - see master.cf !! # # #$inet_socket_port = [10024, 10026]; # Bypass spam checking fro trusted networks # #\$interface_policy{'10026'} = 'TRUSTED'; #\$policy_bank{'TRUSTED'} = { # bypass_spam_checks_maps => [1], # bypass_header_checks_maps => [1], # final_spam_destiny => D_PASS, # $final_bad_header_destiny = D_PASS, #}; ## - 7 instances seems to be a good value. ## - \$max_servers = 7; ## - overrides settings in 01-debian ## - \$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; #disabled (non-free, no security support) \$unrar = ['rar', 'unrar']; #disabled (non-free, no security support) \$lha = 'lha'; #disabled (non-free, no security support) \$tnef = 'tnef'; ## - overrides settings in 15-content_filter_mode ## - ## - Default antivirus checking mode ## - @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); ## - Default SPAM checking mode ## - @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); ## - overrides settings in 20-debian_defaults ## - \$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) \$final_banned_destiny = D_DISCARD; # D_REJECT when front-end MTA #\$final_spam_destiny = D_DISCARD; \$final_spam_destiny = D_BOUNCE; #\$final_bad_header_destiny = D_PASS; # False-positive prone (for spam) \$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level \$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level ## - user / domain specific settings ## - example for \$sa_tag2_level_deflt: ## - #\$sa_tag2_level_deflt = { # # oopen.de # 'oopen.de'=>'2.1', # 'ckubu@oopen.de'=>'2.2', # 'argus@oopen.de'=>'2.3', # # k8h.de # 'k8h.de'=>'6.5', # # default # '.'=>'5.1' #}; \$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass #\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent ## - We will inform the sender about bouncing his mail with a DSN (Delivery ## - StatusNotification). That DSN message will no be send, if the spamvalue ## - exceeds the value of sa_dsn_cutoff_level ## - \$sa_dsn_cutoff_level = 20; ## - change the default server response if mail was blocked ## - because of spam. ## - ## - results in (is an example): ## - : host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, Mailserver ## - at a.mx.oopen.de: identified as SPAM - (in reply to end of DATA command) ## - %smtp_reason_by_ccat = ( CC_SPAM, "Mailserver at \$myhostname: identified as SPAM - %x" ); \$sa_spam_subject_tag = undef; #\$sa_spam_subject_tag = '***SPAM*** '; ## - QUARANTINE ## - \$QUARANTINEDIR = "$QUARANTINE_DIR"; \$quarantine_subdir_levels = 0; ## - don't store mails in quarantine directory ## - #\$virus_quarantine_method = undef; #\$spam_quarantine_method = undef; #\$banned_files_quarantine_method = undef; #\$bad_header_quarantine_method = undef; ## - store mails in quarantine directory ## - \$virus_quarantine_method = 'local:virus/virus-%m'; \$spam_quarantine_method = 'local:spam/spam-%m.gz'; \$banned_files_quarantine_method = 'local:banned/banned-%m'; \$bad_header_quarantine_method = 'local:bad-headers/badh-%m'; \$clean_quarantine_method = undef; \$archive_quarantine_method = undef; #\$virus_admin ="$QUARANTINE_ADMIN"; #\$spam_admin = "$QUARANTINE_ADMIN"; #\$banned_admin = "$QUARANTINE_ADMIN"; #\$bad_header_admin = "$QUARANTINE_ADMIN"; \$virus_admin = undef; \$spam_admin = undef; \$banned_admin = undef; \$bad_header_admin = undef; # Pass SPAMMY but quarantine and inform admin # \$quarantine_to_maps_by_ccat{+CC_SPAMMY} = \\@spam_quarantine_to_maps ; \$quarantine_method_by_ccat{+CC_SPAMMY} = 'local:spammy/spammy-%m.gz' ; \$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS ; \$admin_maps_by_ccat{+CC_SPAMMY} = sub { ca('spam_admin_maps') }; # Bypass spam checking fro trusted networks using mynetworks # # list of trusted IPs: # # - $HOSTNAME ($IPV4 [${IPV6}]) # #\@mynetworks = qw( 127.0.0.0/8 [::1] 83.223.86.162 [2a01:30:1fff:a::162] ); # #\$policy_bank{'MYNETS'} = { # clients in @mynetworks # bypass_spam_checks_maps => [1], # don't spam-check internal mail # bypass_header_checks_maps => [1], # don't header-check internal mail # final_spam_destiny => D_PASS, # final_bad_header_destiny => D_PASS, # #remove_existing_x_scanned_headers => undef, # #remove_existing_spam_headers => undef, #}; #\$remove_existing_x_scanned_headers = 0; #\$remove_existing_spam_headers = 0; # allow all mail from local IPs: #\$policy_bank{'MYNETS'} = { # clients in @mynetworks # bypass_spam_checks_maps => [1], # don't spam-check internal mail # bypass_header_checks_maps => [1], # don't header-check internal mail # final_spam_destiny => D_PASS, # final_bad_header_destiny => D_PASS, #}; ## - Amavisd-New scans all mail passing through it for viruses, but will ## - only hand mail for local delivery off to SA for checking - you tell ## - it which domains are local using the @local_domains_maps variable, ## - which by default is set to the value of \$mydomain & its subdomains: ## - #@local_domains_maps = ( ["."] ); ## - get rid of "Open Relay" warnings in amavis logfile. ## - \$interface_policy{'10024'} = 'ORIGINATING'; \$policy_bank{'ORIGINATING'} = { originating => 1, # declare that mail was submitted by our smtp client }; ## - If you get am error like: ## - ## - amavis[9766]: () (!)DENIED ACCESS from IP $IPV4, policy bank 'ORIGINATING' ## - ## - you must add your ip address to @inet_acl ## - #@inet_acl = qw( 127.0.0.1 [::1] $IPV4 ); #\$inet_socket_bind = undef; EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if [[ "$DB_TYPE" = "PostgreSQL" ]]; then cat >> /etc/amavis/conf.d/50-user <> /etc/amavis/conf.d/50-user <> /etc/amavis/conf.d/50-user < syslog; false (e.g. 0) => logging to file \$DO_SYSLOG = 1; # (defaults to 0) \$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis') #\$syslog_facility = 'mail'; # Syslog facility as a string \$syslog_facility = 'local0'; # Syslog facility as a string # e.g.: mail, daemon, user, local0, ... local7, ... \$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, # debug # Log file (if not using syslog) #\$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log) #NOTE: levels are not strictly observed and are somewhat arbitrary # 0: startup/exit/failure messages, viruses detected # 1: args passed from client, some more interesting messages # 2: virus scanner output, timing # 3: server, client # 4: decompose parts # 5: more debug details \$log_level = 1; # (defaults to 0), -d ## - amavis add a tag "***UNCHECKED***" if mail was not ## - checked. to get rid of that tag add: ## - \$undecipherable_subject_tag = undef; ## - get rid of warning messages to postmaster if content is unchecked (that occurs ## - i.e. if mail is encrypted ## - delete \$admin_maps_by_ccat{&CC_UNCHECKED}; ## - Replace "localhost" in the mailheader ## - \$localhost_name = "amavis.${HOSTNAME}"; ## - DKIM ## - #\$enable_dkim_verification = 1; # enable DKIM signatures verification #\$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key #dkim_key('oopen.de', 'main', '/etc/amavis/dkim/dkim-key.pem'); #dkim_key('mbr-berlin.de', 'main', '/etc/amavis/dkim/dkim-key.pem'); #dkim_key ... #\@dkim_signature_options_bysender_maps = ( # { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); #------------ Do not modify anything below this line ------------- 1; # ensure a defined return EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi if [[ -f "/etc/amavis/$(basename ${_config_file}).${_date}" ]]; then if diff "${_config_file}" "/etc/amavis/$(basename ${_config_file}).${_date}" > /dev/null 2>&1 ; then info "${_config_file} has not changed.\n\t Removing previos created backup.." rm "/etc/amavis/$(basename ${_config_file}).${_date}" fi fi echononl " Set permissions on \"/etc/amavis/conf.d/50-user\"" chmod 644 /etc/amavis/conf.d/50-user > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi ## - Configure syslogd matching the configuration od amavisd ## - echononl " Configure syslogd matching the configuration of amavis" cat << EOF > /etc/rsyslog.d/amavis.conf ## - amavis ## - local0.* -/var/log/amavis.log & ~ EOF if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi echononl " Create empty file \"/var/log/amavis.log\"" touch /var/log/amavis.log > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Set permissions on \"/var/log/amavis.log\"" installation_failed=false chmod 644 /var/log/amavis.log > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi chown amavis:amavis /var/log/amavis.log> /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi echononl " Restart syslog daemon (rsyslog)" if $systemd_exists ; then systemctl restart rsyslog > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/rsyslog restart > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi ## - Add a crontab to cleanup the quarantine folder ## - echononl " Add a cronjob to cleanup the quarantine folder" if ! grep -i -E "find\s+${QUARANTINE_DIR}/spam\s+-type\s+f\s+" /var/spool/cron/crontabs/root > /dev/null 2>&1; then installation_failed=false crontab -l > /tmp/tmp_crontab 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi cat << EOF >> /tmp/tmp_crontab # - Remove old quarantined messages (>30 days). # - # - Spam 0 3 * * * find ${QUARANTINE_DIR}/spam -type f -name "spam-*" -mtime +30 -exec rm {} \; # - Spammy 0 3 * * * find ${QUARANTINE_DIR}/spammy -type f -name "spammy-*" -mtime +30 -exec rm {} \; # - Virus 0 3 * * * find ${QUARANTINE_DIR}/virus -type f -name "virus-*" -mtime +30 -exec rm {} \; # - Banned files 0 3 * * * find ${QUARANTINE_DIR}/banned -type f -name "banned-*" -mtime +30 -exec rm {} \; # - Bad headers 0 3 * * * find ${QUARANTINE_DIR}/bad-headers -type f -name "badh-*" -mtime +30 -exec rm {} \; EOF if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi rm /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi if ! $installation_failed ; then echo_ok fi else echo_skipped fi ## - Install logrotate-script for amavis ## - echononl " Install logrotate-script for amavis" cat < /etc/logrotate.d/amavis /var/log/amavis.log { daily start 0 rotate 7 missingok compress delaycompress notifempty create 644 amavis amavis copytruncate } EOF if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi ## - Set up /etc/postfix/master ## - ## - Forward emails to amavis using "Pre-Queue" Option smtpd_proxy_filter ## - ## - edit /etc/postfix/master.cf and add flags for "smtpd_proxy_filter" (to ## - forward to amavis service on localhost port 10024) and for "content_filter" ## - (to avoid rechecking by "Post-Queue" content_filter) to smtp service ## - ## - smtp inet n - - - - smtpd ## - -o smtpd_proxy_filter=127.0.0.1:10024 ## - -o content_filter= ## - ## - take care, that, in case NOT to reject, amavis fowards the mail to the ## - MTA (Postfix) for delivering. To avoid loops in checking, install a ## - (Postfix) smtpd service on a local Port (10025) without checking anymore ## - ## - to do this edit /etc/postfix/master.cf and add service: ## - ## - localhost:10025 inet n - - - - smtpd ## - -o content_filter= ## - -o smtpd_proxy_filter= ## - -o smtpd_authorized_xforward_hosts=127.0.0.0/8 ## - -o smtpd_client_restrictions= ## - -o smtpd_helo_restrictions= ## - -o smtpd_sender_restrictions= ## - -o smtpd_recipient_restrictions=permit_mynetworks,reject ## - -o smtpd_data_restrictions= ## - -o mynetworks=127.0.0.0/8,<$_ipv4_address/32> ## - -o receive_override_options=no_unknown_recipient_checks ## - postfix_master_cf="/etc/postfix/master.cf" _date=$(date +%Y-%m-%d-%H%M) echo "" echononl " Backup file \"${postfix_master_cf}\"" cp -a $postfix_master_cf "${postfix_master_cf}.$_date" > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Create new file \"${postfix_master_cf}\"" _found=false if grep -iq -E "^localhost:10025" "$postfix_master_cf" > /dev/null 2>&1 ; then localhost_10025_present=true else localhost_10025_present=false fi if grep -iq -E "^submission\s+" $postfix_master_cf > /dev/null 2>&1 ; then submission_present=true else submission_present=false fi if grep -iq -E "^smtps\s+" $postfix_master_cf > /dev/null 2>&1 ; then smtps_present=true else smtps_present=false fi if grep -iq -E "^amavisfeed\s+" $postfix_master_cf > /dev/null 2>&1 ; then amavisfeed_present=true else amavisfeed_present=false fi > $postfix_master_cf while IFS='' read -r _line || [[ -n $_line ]] ; do if echo "$_line" | grep -i -E "^\s*smtp\s+inet\s+" > /dev/null 2>&1 ; then _found=true cat >> $postfix_master_cf << EOF smtp inet n - y - - smtpd -o smtpd_proxy_filter=127.0.0.1:10024 -o content_filter= EOF if ! $submission_present && ! $smtps_present && ! $localhost_10025_present ; then cat >> $postfix_master_cf << EOF localhost:10025 inet n - y - - smtpd -o content_filter= -o smtpd_proxy_filter= -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks #-o mynetworks=127.0.0.0/8,${IPV4}/32 EOF fi continue fi if $submission_present && echo "$_line" | grep -i -E "^^submission\s+" > /dev/null 2>&1 ; then _found=true cat >> $postfix_master_cf << EOF submission inet n - y - 20 smtpd -o content_filter=amavisfeed:[127.0.0.1]:10024 -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject #-o milter_macro_daemon_name=ORIGINATING EOF if ! $smtps_present ; then if ! $localhost_10025_present ; then cat >> $postfix_master_cf << EOF localhost:10025 inet n - y - - smtpd -o content_filter= -o smtpd_proxy_filter= -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks #-o mynetworks=127.0.0.0/8,${IPV4}/32 EOF fi if ! $amavisfeed_present ; then cat >> $postfix_master_cf << EOF amavisfeed unix - - n - 20 lmtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes EOF fi fi # if ! $smtps_present continue fi # if $submission_present && echo "$_line" | grep.. if $smtps_present && echo "$_line" | grep -i -E "^smtps\s+" > /dev/null 2>&1 ; then cat >> $postfix_master_cf << EOF smtps inet n - y - - smtpd -o content_filter=amavisfeed:[127.0.0.1]:10024 -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING EOF if ! $localhost_10025_present ; then cat >> $postfix_master_cf << EOF localhost:10025 inet n - y - - smtpd -o content_filter= -o smtpd_proxy_filter= -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks #-o mynetworks=127.0.0.0/8,${IPV4}/32 EOF fi if ! $amavisfeed_present ; then cat >> $postfix_master_cf << EOF amavisfeed unix - - n - 20 lmtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes EOF fi continue fi # if $smtps_present if $localhost_10025_present && echo "$_line" | grep -i -E "^localhost:10025" > /dev/null 2>&1 ; then _found=true cat >> $postfix_master_cf << EOF localhost:10025 inet n - y - - smtpd -o content_filter= -o smtpd_proxy_filter= -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks #-o mynetworks=127.0.0.0/8,${IPV4}/32 EOF continue fi if $amavisfeed_present && echo "$_line" | grep -i -E "^amavisfeed\s+" > /dev/null 2>&1 ; then _found=true cat >> $postfix_master_cf << EOF amavisfeed unix - - n - 20 lmtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes EOF continue fi # - [[:blank:]] means space and tab. This makes it similar to: [ \t] # - [[:space;]] in addition to space and tab, includes newline, linefeed, formfeed, # - and vertical tab. This makes it similar to: [ \t\n\r\f\v] # - #if [[ $_line =~ ^[[:space:]]+[^[:space:]]+ ]] && $_smtp_found ; then # - if [[ $_line =~ ^[[:blank:]]+[^[:space:]]+ ]] && $_found ; then continue fi _found=false echo "$_line" >> $postfix_master_cf done < "${postfix_master_cf}.$_date" echo_done warn "Please check file \"$postfix_master_cf\" !" # --- # --- Restart Services # --- echo echo -e "\033[37m\033[1mRestart Services..\033[m" echo echononl " Restart AmaViS" if $systemd_exists ; then systemctl restart amavis > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/amavis restart > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi echononl " Restart Postfix" if $systemd_exists ; then systemctl restart postfix > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/postfix restart > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi #fi # if $ommit ; then # ------------------------------- rm $tmp_err_msg echo "" exit 0