install_postfix_advanced.sh: add support for 'tumgreyspf'in case of debian 10 (buster) an above.

install_postfix_advanced.sh

@@ -11,6 +11,8 @@ _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
 
 _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
 
+postfix_master_cf="/etc/postfix/master.cf"
+
 
 tmp_err_msg=$(mktemp)
 backup_date="$(date +%Y-%m-%d-%H%M)"
@@ -77,6 +79,34 @@ echo_failed(){
 echo_skipped() {
    echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
 }
+detect_os_1 () {
+
+   if $(which lsb_release > /dev/null 2>&1) ; then
+
+      os_dist="$(lsb_release -i | awk '{print tolower($3)}')"
+      os_version="$(lsb_release -r | awk '{print tolower($2)}')"
+      os_codename="$(lsb_release -c | awk '{print tolower($2)}')"
+
+      if [[ "$os_dist" = "debian" ]]; then
+         if $(echo "$os_version" | grep -q '\.') ; then
+            os_version=$(echo "$os_version" | cut --delimiter='.' -f1)
+         fi
+      fi
+
+   elif [[ -e "/etc/os-release" ]]; then
+
+      . /etc/os-release
+
+      os_dist=$ID
+      os_version=${VERSION_ID}
+
+   fi
+
+   # remove whitespace from os_dist and os_version
+   os_dist="${os_dist// /}"
+   os_version="${os_version// /}"
+
+}
 
 
 trap clean_up SIGHUP SIGINT SIGTERM
@@ -99,6 +129,14 @@ fi
 
 echo ""
 
+
+# - Detect OS - Set variable
+# -    os_dist
+# -    os_version
+# -    os_codename
+# -
+detect_os_1
+
 # - Default Values
 # -
 #_IS_RELAY_HOST=false
@@ -454,66 +492,308 @@ else
 fi
 
 
-## - Install Postgrey from debian packages system
+if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
-## -
+   ## - Install Postgrey from debian packages system
-echononl "   Install Postgrey from debian packages system"
+   ## -
-_pkg="postgrey"
+   echononl "   Install Postgrey from debian packages system"
-if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
+   _pkg="postgrey"
-   echo_skipped
+   if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
-else
+      echo_skipped
-   DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg
+   else
+      DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
+   fi
+
+   echononl "   Adjust /etc/default/postgrey"
+   perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \
+      /etc/default/postgrey > $tmp_err_msg 2>&1
    if [[ $? -eq 0 ]] ; then
       echo_ok
    else
       echo_failed
       error "$(cat $tmp_err_msg)"
    fi
-fi
 
-echononl "   Adjust /etc/default/postgrey"
+   echononl "   Create /etc/postgrey/whitelist_clients.local (additional whitelist entries)"
-perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \
+   cat << EOF > /etc/postgrey/whitelist_clients.local
-   /etc/default/postgrey > $tmp_err_msg 2>&1
+   # For Office 365 - servers:
-if [[ $? -eq 0 ]] ; then
+   ##/.*outbound.protection.outlook.com\$/
-   echo_ok
+   /^mail-.*\\.outbound\\.protection\\.outlook\\.com\$/
-else
+   # facebookmail.com - big pool
-   echo_failed
+   /.*\\.mail-mail\\.facebook\\.com\$/
-   error "$(cat $tmp_err_msg)"
+   # tor hidde service
-fi
+   127.0.0.25
-
-echononl "   Create /etc/postgrey/whitelist_clients.local (additional whitelist entries)"
-cat << EOF > /etc/postgrey/whitelist_clients.local
-# For Office 365 - servers:
-##/.*outbound.protection.outlook.com\$/
-/^mail-.*\\.outbound\\.protection\\.outlook\\.com\$/
-# facebookmail.com - big pool
-/.*\\.mail-mail\\.facebook\\.com\$/
-# tor hidde service
-127.0.0.25
 
 EOF
-if [[ $? -eq 0 ]] ; then
+   if [[ $? -eq 0 ]] ; then
-   echo_ok
+      echo_ok
-else
+   else
-   echo_failed
+      echo_failed
-fi
+   fi
 
-echononl "   Restart postrey daemon"
+   echononl "   Restart postrey daemon"
-if $systemd_exists ; then
+   if $systemd_exists ; then
-   systemctl restart postgrey > /dev/null 2> $tmp_err_msg
+      systemctl restart postgrey > /dev/null 2> $tmp_err_msg
-   if [[ $? -eq 0 ]] ; then
+      if [[ $? -eq 0 ]] ; then
-      echo_ok
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
    else
-      echo_failed
+      /etc/init.d/postgrey restart > /dev/null 2> $tmp_err_msg
-      error "$(cat $tmp_err_msg)"
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
    fi
+
+   postgrey_socket=""
+   postgrey_additional_options=""
+
 else
-   /etc/init.d/postgrey restart > /dev/null 2> $tmp_err_msg
+   ## - Install tumgreyspf from debian packages system
-   if [[ $? -eq 0 ]] ; then
+   echononl "   Install tumgreyspf from debian packages system"
-      echo_ok
+   _pkg="tumgreyspf"
+   if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
+      echo_skipped
    else
+      DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
+   fi
+
+   echononl "   Add entry for 'tumgreyspf' at end of file '$postfix_master_cf"
+   if ! $(grep -iq -E "^\s*tumgreyspf\s+" 2>/dev/null $postfix_master_cf) ; then
+      cat <<EOF >> /etc/postfix/master.cf 2> $tmp_err_msg
+
+# This is tumgreyspf, an external policy checker for the postfix mail server. 
+# It can optionally greylist and/or use spfquery to check SPF records to 
+# determine if email should be accepted by your server.
+#
+tumgreyspf unix  -      n       n       -       -       spawn
+    user=tumgreyspf argv=/usr/bin/tumgreyspf
+EOF
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+      fi
+   else
+      echo_skipped
+   fi
+
+   echononl "   Create configuration file for whitelisting: /etc/tumgreyspf/disable.conf"
+   if [[ ! -f /etc/tumgreyspf/disable.conf ]] ; then
+      cat <<EOF > "/etc/tumgreyspf/disable.conf" 2> $tmp_err_msg
+SPFSEEDONLY=0 
+GREYLISTTIME=300 
+CHECKERS= 
+OTHERCONFIGS= 
+EOF
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
+   else
+      echo_skipped
+   fi
+
+   _failed=false
+   echononl "   Whitelist tor hidde service '127.0.0.25'.."
+   if [[ ! -d "/var/lib/tumgreyspf/config/client_address/127/0/0/" ]] ; then
+      mkdir -p /var/lib/tumgreyspf/config/client_address/127/0/0/ 2> $tmp_err_msg
+      if [[ $? -ne 0 ]]; then
+         _failed=true
+      fi
+   fi
+
+   if [[ ! -L /var/lib/tumgreyspf/config/client_address/127/0/0/25 ]]; then
+      ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/127/0/0/25 2>> $tmp_err_msg
+   fi
+   if [[ $? -ne 0 ]]; then
+      _failed=true
+   fi
+   if $_failed ; then
       echo_failed
       error "$(cat $tmp_err_msg)"
    fi
+
+
+   # ---
+   # Configure parameters of tumgreyspf service
+   # ---
+
+   _setup_key="SPFSEEDONLY"
+   _setup_val="0"
+   _setup_file="/etc/tumgreyspf/default.conf"
+   echononl "   Setup defaults for tumgreyspf: $_setup_key .."
+   if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
+      cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
+
+# Added by script $(basename $0) at $(date +%Y-%m-%d)
+$_setup_key = $_setup_val
+EOF
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
+
+   else
+      if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*0$" "$_setup_file") ; then
+         perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+            error "$(cat $tmp_err_msg)"
+         fi
+      else
+         echo_skipped
+      fi
+   fi
+
+   _setup_key="GREYLISTTIME"
+   _setup_val="180"
+   _setup_file="/etc/tumgreyspf/default.conf"
+   echononl "   Setup defaults for tumgreyspf: $_setup_key .."
+   if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
+      cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
+
+# Added by script $(basename $0) at $(date +%Y-%m-%d)
+$_setup_key = $_setup_val
+EOF
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
+
+   else
+      if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
+         perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+            error "$(cat $tmp_err_msg)"
+         fi
+      else
+         echo_skipped
+      fi
+   fi
+
+   _setup_key="CHECKERS"
+   _setup_val="spf,greylist"
+   _setup_file="/etc/tumgreyspf/default.conf"
+   echononl "   Setup defaults for tumgreyspf: $_setup_key .."
+   if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
+      cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
+
+# Added by script $(basename $0) at $(date +%Y-%m-%d)
+$_setup_key = $_setup_val
+EOF
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
+
+   else
+      if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
+         perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+            error "$(cat $tmp_err_msg)"
+         fi
+      else
+         echo_skipped
+      fi
+   fi
+
+   _setup_key="OTHERCONFIGS"
+   _setup_val="client_address,envelope_sender,envelope_recipient"
+   _setup_file="/etc/tumgreyspf/default.conf"
+   echononl "   Setup defaults for tumgreyspf: $_setup_key .."
+   if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
+      cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
+
+# Added by script $(basename $0) at $(date +%Y-%m-%d)
+$_setup_key = $_setup_val
+EOF
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
+
+   else
+      if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
+         perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+            error "$(cat $tmp_err_msg)"
+         fi
+      else
+         echo_skipped
+      fi
+   fi
+
+   _setup_key="GREYLISTEXPIREDAYS"
+   _setup_val="10.0"
+   _setup_file="/etc/tumgreyspf/default.conf"
+   echononl "   Setup defaults for tumgreyspf: $_setup_key .."
+   if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
+      cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
+
+# Added by script $(basename $0) at $(date +%Y-%m-%d)
+$_setup_key = $_setup_val
+EOF
+      if [[ $? -eq 0 ]] ; then
+         echo_ok
+      else
+         echo_failed
+         error "$(cat $tmp_err_msg)"
+      fi
+
+   else
+      if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
+         perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+            error "$(cat $tmp_err_msg)"
+         fi
+      else
+         echo_skipped
+      fi
+   fi
+
+   postgrey_socket="unix:private/tumgreyspf"
+   postgrey_additional_options="tumgreyspf_time_limit = 3600"
 fi
 
 
@@ -1266,7 +1546,17 @@ virtual_alias_domains =
 ## ---
 
 smtpd_restriction_classes = check_greylist
-check_greylist = check_policy_service inet:127.0.0.1:10023
+check_greylist = check_policy_service $postgrey_socket
+EOF
+
+if [[ -n "$postgrey_additional_options" ]]; then
+   cat <<EOF >> /etc/postfix/main.cf
+$postgrey_additional_options
+EOF
+fi
+
+
+cat <<EOF >> /etc/postfix/main.cf
 
 # The time limit for delivery to 'postfwd'
 # 
@@ -1960,7 +2250,6 @@ fi
 ## - Create Listener for user authenticated smtp connection port 587 (submission)
 ## - and port 465 (smtps)
 ## -
-postfix_master_cf="/etc/postfix/master.cf"
 echononl "   Backup file \"${postfix_master_cf}\""
 cp -a $postfix_master_cf "${postfix_master_cf}.$backup_date" > /dev/null 2> $tmp_err_msg
 if [[ $? -eq 0 ]] ; then
@@ -2061,14 +2350,21 @@ EOF
 
    # - Add transport definitions for only sending over IPv4/IPv6
    # -
-   cat <<EOF >> $postfix_master_cf
+   if ! $(grep -iq -E "^smtp-ipv4-only\s+" "$postfix_master_cf" 2> /dev/null) ; then
+      cat <<EOF >> $postfix_master_cf
 
 smtp-ipv4-only      unix  -       -       n       -       -       smtp
    -o inet_protocols=ipv4
+EOF
+   fi
+
+   if ! $(grep -iq -E "^smtp-ipv6-only\s+" "$postfix_master_cf" 2> /dev/null) ; then
+      cat <<EOF >> $postfix_master_cf
 
 smtp-ipv6-only      unix  -       -       n       -       -       smtp
    -o inet_protocols=ipv6
 EOF
+   fi
 
 	echo_done
 	warn "Please check file \"$postfix_master_cf\" !"