install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change some settings, if Server is a listserver.

Browse Source
This commit is contained in:
Christoph
2026-02-15 14:37:19 +01:00
parent ee892a6b33
commit 6356876ab6
3 changed files with 84 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
install_opendkim.sh
View File

@@ -726,8 +726,11 @@ fi
if grep -q -E "^\s*#?\s*non_smtpd_milters\s*=" ${main_cf_file} ; then if grep -q -E "^\s*#?\s*non_smtpd_milters\s*=" ${main_cf_file} ; then
ensure_dkim_var "non_smtpd_milters" > "${tmp_main_cf_file}" # In case of sympa, DKIM signatures will be added by sympa list manager
cp "${tmp_main_cf_file}" "${main_cf_file}" if ! which sympa ; then
ensure_dkim_var "non_smtpd_milters" > "${tmp_main_cf_file}"
cp "${tmp_main_cf_file}" "${main_cf_file}"
fi
else else

11
install_opendmarc.sh
View File

@@ -26,8 +26,15 @@ opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock"
config_file_name_value_parameters=" config_file_name_value_parameters="
AuthservID|HOSTNAME AuthservID|HOSTNAME
TrustedAuthservIDs|HOSTNAME TrustedAuthservIDs|HOSTNAME
PidFile|/run/opendmarc/opendmarc.pid PidFile|/run/opendmarc/opendmarc.pid"
RejectFailures|true if which sympa ; then
config_file_name_value_parameters="$config_file_name_value_parameters
RejectFailures|false"
else
config_file_name_value_parameters="$config_file_name_value_parameters
RejectFailures|true"
fi
config_file_name_value_parameters="$config_file_name_value_parameters
Syslog|true Syslog|true
SyslogFacility|mail SyslogFacility|mail
IgnoreHosts|${opendmarc_base_dir}/ignore.hosts IgnoreHosts|${opendmarc_base_dir}/ignore.hosts

92
install_postfix_advanced.sh
View File

@@ -466,7 +466,7 @@ if ! ${IS_RELAY_HOST} ; then
fi fi
if [[ "${INPUT,,}" == "yes" || "${INPUT,,}" == "true" ]]; then if [[ "${INPUT,,}" == "yes" || "${INPUT,,}" == "true" ]]; then
INSTALL_DMARC_REPORT_SUPPORT=true INSTALL_DMARC_REPORT_SUPPORT=true
fi fi
fi fi
@@ -1071,7 +1071,17 @@ debugLevel = 1
# HELO_reject = Null - Only reject HELO Fail for Null sender (SPF Classic) # HELO_reject = Null - Only reject HELO Fail for Null sender (SPF Classic)
# HELO_reject = False - Never reject/defer on HELO, append header only. # HELO_reject = False - Never reject/defer on HELO, append header only.
# HELO_reject = No_Check - Never check HELO. # HELO_reject = No_Check - Never check HELO.
EOF
if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> "${_file}"
HELO_reject = False
EOF
else
cat <<EOF >> "${_file}"
HELO_reject = SPF_Not_Pass HELO_reject = SPF_Not_Pass
EOF
cat <<EOF >> "${_file}"
# Mail From rejection policy. Options are: # Mail From rejection policy. Options are:
# Mail_From_reject = SPF_Not_Pass - Reject if result not Pass/None/Tempfail. # Mail_From_reject = SPF_Not_Pass - Reject if result not Pass/None/Tempfail.
@@ -1084,7 +1094,18 @@ HELO_reject = SPF_Not_Pass
# MAIL FROM-Adresse reagiert. Ein Fehler tritt auf, wenn die IP-Adresse des sendenden # MAIL FROM-Adresse reagiert. Ein Fehler tritt auf, wenn die IP-Adresse des sendenden
# Servers nicht den SPF-Einträgen der Domain in der MAIL FROM-Adresse entspricht. # Servers nicht den SPF-Einträgen der Domain in der MAIL FROM-Adresse entspricht.
# #
EOF
if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> "${_file}"
Mail_From_reject = False
EOF
else
cat <<EOF >> "${_file}"
Mail_From_reject = Fail Mail_From_reject = Fail
EOF
fi
cat <<EOF >> "${_file}"
# Policy for rejecting due to SPF PermError. Options are: # Policy for rejecting due to SPF PermError. Options are:
# PermError_reject = True # PermError_reject = True
@@ -1096,7 +1117,18 @@ Mail_From_reject = Fail
# #
# Wenn PermError_reject auf True gesetzt ist, wird die E-Mail abgewiesen (rejected), # Wenn PermError_reject auf True gesetzt ist, wird die E-Mail abgewiesen (rejected),
# #
EOF
if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> "${_file}"
PermError_reject = False
EOF
else
cat <<EOF >> "${_file}"
PermError_reject = True PermError_reject = True
EOF
fi
cat <<EOF >> "${_file}"
# Policy for deferring messages due to SPF TempError. Options are: # Policy for deferring messages due to SPF TempError. Options are:
# TempError_Defer = True # TempError_Defer = True
@@ -1109,7 +1141,7 @@ PermError_reject = True
# Wenn TempError_Defer auf True gesetzt ist, wird die E-Mail vorübergehend zurückgewiesen # Wenn TempError_Defer auf True gesetzt ist, wird die E-Mail vorübergehend zurückgewiesen
# (deferred), und der empfangende Server versucht später erneut, die E-Mail zuzustelle # (deferred), und der empfangende Server versucht später erneut, die E-Mail zuzustelle
# #
TempError_Defer = Defer TempError_Defer = True
# Type of header to insert to document SPF result. Can be Received-SPF (SPF) # Type of header to insert to document SPF result. Can be Received-SPF (SPF)
# or Authentication Results (AR). It cannot be both. # or Authentication Results (AR). It cannot be both.
@@ -2427,8 +2459,8 @@ virtual_alias_domains =
#======= Postfix DSN Support ============ #======= Postfix DSN Support ============
# #
# Use the smtpd_discard_ehlo_keyword_address_maps feature if you wish to allow DSN # Use the smtpd_discard_ehlo_keyword_address_maps feature if you wish to allow DSN
# requests from trusted clients but not from random strangers # requests from trusted clients but not from random strangers
# #
# smtpd_discard_ehlo_keyword_address_maps = # smtpd_discard_ehlo_keyword_address_maps =
@@ -2443,15 +2475,15 @@ virtual_alias_domains =
#smtpd_discard_ehlo_keyword_address_maps = #smtpd_discard_ehlo_keyword_address_maps =
# If you want to disallow all use of DSN requests from the network, use the # If you want to disallow all use of DSN requests from the network, use the
# smtpd_discard_ehlo_keywords feature: # smtpd_discard_ehlo_keywords feature:
# #
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# smtpd_discard_ehlo_keywords = silent-discard, dsn # smtpd_discard_ehlo_keywords = silent-discard, dsn
# #
#
# #
# A case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that #
# A case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that
# the Postfix SMTP server will not send in the EHLO response to a remote SMTP client. # the Postfix SMTP server will not send in the EHLO response to a remote SMTP client.
# #
# #
@@ -2876,6 +2908,16 @@ smtpd_recipient_restrictions =
# \$relay_recipient_maps, and \$relay_recipient_maps is not null. # \$relay_recipient_maps, and \$relay_recipient_maps is not null.
# #
reject_unlisted_recipient, reject_unlisted_recipient,
EOF
if [[ -n "$(which policyd-spf)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf
# Check Postfix policy service ..
#
check_policy_service unix:private/policy-spf
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
# reject_unauth_destination # reject_unauth_destination
# #
# Reject the request unless one of the following is true: # Reject the request unless one of the following is true:
@@ -2898,17 +2940,7 @@ smtpd_recipient_restrictions =
# managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html # managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html
# for more details # for more details
reject_unverified_recipient, reject_unverified_recipient,
EOF
if [[ -n "$(which policyd-spf)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf
# Check Postfix policy service ..
#
check_policy_service unix:private/policy-spf
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
# Policyd-Weight # Policyd-Weight
#check_policy_service inet:127.0.0.1:12525, #check_policy_service inet:127.0.0.1:12525,
# --------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------
@@ -2999,6 +3031,16 @@ else
EOF EOF
fi fi
if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> /etc/postfix/main.cf
# Default: alles was nicht explizit überschrieben wird (pickup/local/sympa/cron/...)
content_filter = amavisfeed:[127.0.0.1]:10029
EOF
fi
if [[ -n "$(which opendkim)" ]] || [[ -n "$(which opendmarc)" ]] ; then if [[ -n "$(which opendkim)" ]] || [[ -n "$(which opendmarc)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf cat <<EOF >> /etc/postfix/main.cf
@@ -3040,7 +3082,7 @@ EOF
# Was sind non_smtpd_milters? # Was sind non_smtpd_milters?
# #
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT # non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind. # der smtpd-Daemon sind.
# #
# Das betrifft z. B.: # Das betrifft z. B.:
@@ -3068,7 +3110,13 @@ EOF
# #
EOF EOF
if [[ -n "$(which opendkim)" ]] ; then if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> /etc/postfix/main.cf
# DKIM signing takes place in the Sympa list manager.
non_smtpd_milters =
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf cat <<EOF >> /etc/postfix/main.cf
non_smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = local:/opendkim/opendkim.sock
EOF EOF
@@ -3940,10 +3988,10 @@ if ${INSTALL_DMARC_REPORT_SUPPORT} ; then
cat <<EOF >> /etc/postfix/transport 2> $log_file cat <<EOF >> /etc/postfix/transport 2> $log_file
# - Take care your master.cf file ($postfix_master_cf) contains: # - Take care your master.cf file ($postfix_master_cf) contains:
# - # -
# - dmarc-pipe unix - n n - - pipe # - dmarc-pipe unix - n n - - pipe
# - flags=Rq user=vmail argv=/usr/local/bin/dmarc-collect.sh # - flags=Rq user=vmail argv=/usr/local/bin/dmarc-collect.sh
# - # -
dmarc-reports@oopen.de dmarc-pipe: dmarc-reports@oopen.de dmarc-pipe:
EOF EOF
@@ -4032,7 +4080,7 @@ EOF
_failed=true _failed=true
fi fi
if ${_failed} ; then if ${_failed} ; then
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"