install_postfix_advanced.sh: add support for Postfix Firewall Daemon 'postfwd'.
This commit is contained in:
parent
0b60c881c9
commit
7a769af49e
@ -512,6 +512,189 @@ else
|
||||
fi
|
||||
|
||||
|
||||
## - Install Postfix Firewall Daemon from debian packages system
|
||||
## -
|
||||
echononl " Install Postfix Firewall Daemon from debian packages system"
|
||||
_pkg="postfwd"
|
||||
if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
|
||||
echo_skipped
|
||||
else
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
fi
|
||||
|
||||
echononl " Adjust /etc/default/postfwd"
|
||||
perl -i -n -p -e "s#^(\s*)(STARTUP=.*)#\#\1\2\nSTARTUP=1#" \
|
||||
/etc/default/postfwd > $tmp_err_msg 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
|
||||
_file="/etc/postfix/postfwd.wl-user"
|
||||
echononl " Create whitelist file '$_file' for postfwd"
|
||||
if [[ ! -f "$_file" ]]; then
|
||||
cat << EOF > "$_file"
|
||||
# ---
|
||||
# SASL Users whitelisted by postfwd
|
||||
# ---
|
||||
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
_file="/etc/postfix/postfwd.bl-user"
|
||||
echononl " Create whitelist file '$_file' for postfwd"
|
||||
if [[ ! -f "$_file" ]]; then
|
||||
cat << EOF > "$_file"
|
||||
# ---
|
||||
# SASL Users blocked by postfwd
|
||||
# ---
|
||||
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
_file="/etc/postfix/postfwd.bl-sender"
|
||||
echononl " Create whitelist file '$_file' for postfwd"
|
||||
if [[ ! -f "$_file" ]]; then
|
||||
cat << EOF > "$_file"
|
||||
# ---
|
||||
# Sender addresses blocked by postfwd
|
||||
# ---
|
||||
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
echononl " Create configuration file '/etc/postfix/postfwd.cf'.."
|
||||
if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then
|
||||
cat << EOF > /etc/postfix/postfwd.cf
|
||||
|
||||
#======= Definitions ============
|
||||
|
||||
# Match messages with an associated SASL username
|
||||
&&SASL_AUTH {
|
||||
sasl_username!~^\$
|
||||
}
|
||||
|
||||
# Whitelist users
|
||||
&&TRUSTED_USERS {
|
||||
sasl_username=file:/etc/postfix/postfwd.wl-user
|
||||
}
|
||||
|
||||
# Blacklist users
|
||||
&&BLOCK_USERS {
|
||||
sasl_username=file:/etc/postfix/postfwd.bl-user
|
||||
}
|
||||
|
||||
# Blacklist sender adresses
|
||||
&&BLOCK_SENDER {
|
||||
sender=file:/etc/postfix/postfwd.bl-sender
|
||||
}
|
||||
|
||||
# Inbound emails only
|
||||
&&INCOMING {
|
||||
client_address!=127.0.0.1
|
||||
}
|
||||
|
||||
|
||||
#======= Rule sets ============
|
||||
|
||||
# Whitelists
|
||||
|
||||
id=WHL_USERS
|
||||
&&TRUSTED_USERS
|
||||
action=DUNNO
|
||||
|
||||
# Blacklist users
|
||||
id=BL_USERS
|
||||
&&SASL_AUTH
|
||||
&&BLOCK_USERS
|
||||
action=REJECT User is blocked by so36.NET admins. Error: BL_USERS
|
||||
|
||||
id=BL_SENDER
|
||||
&&BLOCK_SENDER
|
||||
action=REJECT Sender address is blocked by so36.NET admins. Error: BL_SENDER
|
||||
|
||||
|
||||
# Rate Limits
|
||||
|
||||
# Block messages with more than 70 recipients
|
||||
id=BLOCK_MSG_RCPT
|
||||
&&INCOMING
|
||||
&&SASL_AUTH
|
||||
recipient_count=70
|
||||
action=REJECT Too many recipients, please reduce to less than 70 or consider using a mailing list. Error: BLOCK_MSG_RCPT
|
||||
|
||||
# Block users sending more than 50 messages/hour
|
||||
id=RATE_MSG
|
||||
&&INCOMING
|
||||
&&SASL_AUTH
|
||||
action=rate(\$\$sasl_username/50/3600/450 4.7.1 Rate limit number messages per hour exceeded. Error:RATE_MSG)
|
||||
|
||||
# Block users sending more than 250 recipients total/hour
|
||||
id=RATE_RCPT
|
||||
&&INCOMING
|
||||
&&SASL_AUTH
|
||||
action=rcpt(\$\$sasl_username/250/3600/450 4.7.1 Rate limit number recipients per hour exceeded. Error:RATE_RCPT)
|
||||
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
echononl " Restart Postfix firewall daemon 'postfwd'.."
|
||||
if $systemd_exists ; then
|
||||
systemctl restart postfwd > /dev/null 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
else
|
||||
/etc/init.d/postfwd restart > /dev/null 2> $tmp_err_msg
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# - Backup existing postfix configuration file
|
||||
# -
|
||||
echononl " Backup existing postfix configuration file"
|
||||
@ -1056,6 +1239,8 @@ smtpd_recipient_restrictions =
|
||||
check_recipient_access btree:/etc/postfix/access_recipient,
|
||||
# permit trusted network (mynetwork)
|
||||
permit_mynetworks,
|
||||
# Check Postfix Firewall Daemon
|
||||
check_policy_service inet:127.0.0.1:10040,
|
||||
# permit our users
|
||||
permit_sasl_authenticated,
|
||||
# dont' accept misconfigured Mail
|
||||
@ -1150,6 +1335,8 @@ smtpd_relay_restrictions =
|
||||
check_recipient_access btree:/etc/postfix/access_recipient,
|
||||
# permit trusted network (mynetwork)
|
||||
permit_mynetworks,
|
||||
# Check Postfix Firewall Daemon
|
||||
check_policy_service inet:127.0.0.1:10040,
|
||||
# permit our users
|
||||
permit_sasl_authenticated,
|
||||
# dont' accept misconfigured Mail
|
||||
|
||||
Loading…
Reference in New Issue
Block a user