install_postfix_advanced.sh: add support for 'tumgreyspf'in case of debian 10 (buster) an above.
This commit is contained in:
parent
73303ddb27
commit
1617fd32c4
@ -11,6 +11,8 @@ _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
|
||||
|
||||
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
postfix_master_cf="/etc/postfix/master.cf"
|
||||
|
||||
|
||||
tmp_err_msg=$(mktemp)
|
||||
backup_date="$(date +%Y-%m-%d-%H%M)"
|
||||
@ -77,6 +79,34 @@ echo_failed(){
|
||||
echo_skipped() {
|
||||
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
|
||||
}
|
||||
detect_os_1 () {
|
||||
|
||||
if $(which lsb_release > /dev/null 2>&1) ; then
|
||||
|
||||
os_dist="$(lsb_release -i | awk '{print tolower($3)}')"
|
||||
os_version="$(lsb_release -r | awk '{print tolower($2)}')"
|
||||
os_codename="$(lsb_release -c | awk '{print tolower($2)}')"
|
||||
|
||||
if [[ "$os_dist" = "debian" ]]; then
|
||||
if $(echo "$os_version" | grep -q '\.') ; then
|
||||
os_version=$(echo "$os_version" | cut --delimiter='.' -f1)
|
||||
fi
|
||||
fi
|
||||
|
||||
elif [[ -e "/etc/os-release" ]]; then
|
||||
|
||||
. /etc/os-release
|
||||
|
||||
os_dist=$ID
|
||||
os_version=${VERSION_ID}
|
||||
|
||||
fi
|
||||
|
||||
# remove whitespace from os_dist and os_version
|
||||
os_dist="${os_dist// /}"
|
||||
os_version="${os_version// /}"
|
||||
|
||||
}
|
||||
|
||||
|
||||
trap clean_up SIGHUP SIGINT SIGTERM
|
||||
@ -99,6 +129,14 @@ fi
|
||||
|
||||
echo ""
|
||||
|
||||
|
||||
# - Detect OS - Set variable
|
||||
# - os_dist
|
||||
# - os_version
|
||||
# - os_codename
|
||||
# -
|
||||
detect_os_1
|
||||
|
||||
# - Default Values
|
||||
# -
|
||||
#_IS_RELAY_HOST=false
|
||||
@ -454,13 +492,14 @@ else
|
||||
fi
|
||||
|
||||
|
||||
## - Install Postgrey from debian packages system
|
||||
## -
|
||||
echononl " Install Postgrey from debian packages system"
|
||||
_pkg="postgrey"
|
||||
if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
|
||||
if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
|
||||
## - Install Postgrey from debian packages system
|
||||
## -
|
||||
echononl " Install Postgrey from debian packages system"
|
||||
_pkg="postgrey"
|
||||
if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
|
||||
echo_skipped
|
||||
else
|
||||
else
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
@ -468,37 +507,37 @@ else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
echononl " Adjust /etc/default/postgrey"
|
||||
perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \
|
||||
echononl " Adjust /etc/default/postgrey"
|
||||
perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \
|
||||
/etc/default/postgrey > $tmp_err_msg 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
fi
|
||||
|
||||
echononl " Create /etc/postgrey/whitelist_clients.local (additional whitelist entries)"
|
||||
cat << EOF > /etc/postgrey/whitelist_clients.local
|
||||
# For Office 365 - servers:
|
||||
##/.*outbound.protection.outlook.com\$/
|
||||
/^mail-.*\\.outbound\\.protection\\.outlook\\.com\$/
|
||||
# facebookmail.com - big pool
|
||||
/.*\\.mail-mail\\.facebook\\.com\$/
|
||||
# tor hidde service
|
||||
127.0.0.25
|
||||
echononl " Create /etc/postgrey/whitelist_clients.local (additional whitelist entries)"
|
||||
cat << EOF > /etc/postgrey/whitelist_clients.local
|
||||
# For Office 365 - servers:
|
||||
##/.*outbound.protection.outlook.com\$/
|
||||
/^mail-.*\\.outbound\\.protection\\.outlook\\.com\$/
|
||||
# facebookmail.com - big pool
|
||||
/.*\\.mail-mail\\.facebook\\.com\$/
|
||||
# tor hidde service
|
||||
127.0.0.25
|
||||
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
else
|
||||
echo_failed
|
||||
fi
|
||||
fi
|
||||
|
||||
echononl " Restart postrey daemon"
|
||||
if $systemd_exists ; then
|
||||
echononl " Restart postrey daemon"
|
||||
if $systemd_exists ; then
|
||||
systemctl restart postgrey > /dev/null 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
@ -506,7 +545,7 @@ if $systemd_exists ; then
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
else
|
||||
else
|
||||
/etc/init.d/postgrey restart > /dev/null 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
@ -514,6 +553,247 @@ else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
fi
|
||||
|
||||
postgrey_socket=""
|
||||
postgrey_additional_options=""
|
||||
|
||||
else
|
||||
## - Install tumgreyspf from debian packages system
|
||||
echononl " Install tumgreyspf from debian packages system"
|
||||
_pkg="tumgreyspf"
|
||||
if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
|
||||
echo_skipped
|
||||
else
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
fi
|
||||
|
||||
echononl " Add entry for 'tumgreyspf' at end of file '$postfix_master_cf"
|
||||
if ! $(grep -iq -E "^\s*tumgreyspf\s+" 2>/dev/null $postfix_master_cf) ; then
|
||||
cat <<EOF >> /etc/postfix/master.cf 2> $tmp_err_msg
|
||||
|
||||
# This is tumgreyspf, an external policy checker for the postfix mail server.
|
||||
# It can optionally greylist and/or use spfquery to check SPF records to
|
||||
# determine if email should be accepted by your server.
|
||||
#
|
||||
tumgreyspf unix - n n - - spawn
|
||||
user=tumgreyspf argv=/usr/bin/tumgreyspf
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
echononl " Create configuration file for whitelisting: /etc/tumgreyspf/disable.conf"
|
||||
if [[ ! -f /etc/tumgreyspf/disable.conf ]] ; then
|
||||
cat <<EOF > "/etc/tumgreyspf/disable.conf" 2> $tmp_err_msg
|
||||
SPFSEEDONLY=0
|
||||
GREYLISTTIME=300
|
||||
CHECKERS=
|
||||
OTHERCONFIGS=
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
_failed=false
|
||||
echononl " Whitelist tor hidde service '127.0.0.25'.."
|
||||
if [[ ! -d "/var/lib/tumgreyspf/config/client_address/127/0/0/" ]] ; then
|
||||
mkdir -p /var/lib/tumgreyspf/config/client_address/127/0/0/ 2> $tmp_err_msg
|
||||
if [[ $? -ne 0 ]]; then
|
||||
_failed=true
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ ! -L /var/lib/tumgreyspf/config/client_address/127/0/0/25 ]]; then
|
||||
ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/127/0/0/25 2>> $tmp_err_msg
|
||||
fi
|
||||
if [[ $? -ne 0 ]]; then
|
||||
_failed=true
|
||||
fi
|
||||
if $_failed ; then
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# Configure parameters of tumgreyspf service
|
||||
# ---
|
||||
|
||||
_setup_key="SPFSEEDONLY"
|
||||
_setup_val="0"
|
||||
_setup_file="/etc/tumgreyspf/default.conf"
|
||||
echononl " Setup defaults for tumgreyspf: $_setup_key .."
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
|
||||
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
|
||||
|
||||
# Added by script $(basename $0) at $(date +%Y-%m-%d)
|
||||
$_setup_key = $_setup_val
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
|
||||
else
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*0$" "$_setup_file") ; then
|
||||
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
fi
|
||||
|
||||
_setup_key="GREYLISTTIME"
|
||||
_setup_val="180"
|
||||
_setup_file="/etc/tumgreyspf/default.conf"
|
||||
echononl " Setup defaults for tumgreyspf: $_setup_key .."
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
|
||||
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
|
||||
|
||||
# Added by script $(basename $0) at $(date +%Y-%m-%d)
|
||||
$_setup_key = $_setup_val
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
|
||||
else
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
|
||||
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
fi
|
||||
|
||||
_setup_key="CHECKERS"
|
||||
_setup_val="spf,greylist"
|
||||
_setup_file="/etc/tumgreyspf/default.conf"
|
||||
echononl " Setup defaults for tumgreyspf: $_setup_key .."
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
|
||||
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
|
||||
|
||||
# Added by script $(basename $0) at $(date +%Y-%m-%d)
|
||||
$_setup_key = $_setup_val
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
|
||||
else
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
|
||||
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
fi
|
||||
|
||||
_setup_key="OTHERCONFIGS"
|
||||
_setup_val="client_address,envelope_sender,envelope_recipient"
|
||||
_setup_file="/etc/tumgreyspf/default.conf"
|
||||
echononl " Setup defaults for tumgreyspf: $_setup_key .."
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
|
||||
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
|
||||
|
||||
# Added by script $(basename $0) at $(date +%Y-%m-%d)
|
||||
$_setup_key = $_setup_val
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
|
||||
else
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
|
||||
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
fi
|
||||
|
||||
_setup_key="GREYLISTEXPIREDAYS"
|
||||
_setup_val="10.0"
|
||||
_setup_file="/etc/tumgreyspf/default.conf"
|
||||
echononl " Setup defaults for tumgreyspf: $_setup_key .."
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
|
||||
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg
|
||||
|
||||
# Added by script $(basename $0) at $(date +%Y-%m-%d)
|
||||
$_setup_key = $_setup_val
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
|
||||
else
|
||||
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
|
||||
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
fi
|
||||
|
||||
postgrey_socket="unix:private/tumgreyspf"
|
||||
postgrey_additional_options="tumgreyspf_time_limit = 3600"
|
||||
fi
|
||||
|
||||
|
||||
@ -1266,7 +1546,17 @@ virtual_alias_domains =
|
||||
## ---
|
||||
|
||||
smtpd_restriction_classes = check_greylist
|
||||
check_greylist = check_policy_service inet:127.0.0.1:10023
|
||||
check_greylist = check_policy_service $postgrey_socket
|
||||
EOF
|
||||
|
||||
if [[ -n "$postgrey_additional_options" ]]; then
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
$postgrey_additional_options
|
||||
EOF
|
||||
fi
|
||||
|
||||
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
|
||||
# The time limit for delivery to 'postfwd'
|
||||
#
|
||||
@ -1960,7 +2250,6 @@ fi
|
||||
## - Create Listener for user authenticated smtp connection port 587 (submission)
|
||||
## - and port 465 (smtps)
|
||||
## -
|
||||
postfix_master_cf="/etc/postfix/master.cf"
|
||||
echononl " Backup file \"${postfix_master_cf}\""
|
||||
cp -a $postfix_master_cf "${postfix_master_cf}.$backup_date" > /dev/null 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
@ -2061,14 +2350,21 @@ EOF
|
||||
|
||||
# - Add transport definitions for only sending over IPv4/IPv6
|
||||
# -
|
||||
if ! $(grep -iq -E "^smtp-ipv4-only\s+" "$postfix_master_cf" 2> /dev/null) ; then
|
||||
cat <<EOF >> $postfix_master_cf
|
||||
|
||||
smtp-ipv4-only unix - - n - - smtp
|
||||
-o inet_protocols=ipv4
|
||||
EOF
|
||||
fi
|
||||
|
||||
if ! $(grep -iq -E "^smtp-ipv6-only\s+" "$postfix_master_cf" 2> /dev/null) ; then
|
||||
cat <<EOF >> $postfix_master_cf
|
||||
|
||||
smtp-ipv6-only unix - - n - - smtp
|
||||
-o inet_protocols=ipv6
|
||||
EOF
|
||||
fi
|
||||
|
||||
echo_done
|
||||
warn "Please check file \"$postfix_master_cf\" !"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user