diff --git a/README.install b/README.install index 00c1276..2056616 100644 --- a/README.install +++ b/README.install @@ -73,3 +73,7 @@ 6.) Install OpenDKIM - run script 'install_opendkim.sh'. + + +7.) Install OpenDMARC + - run script 'install_opendmarc.sh'. diff --git a/dovecot_convert_to_lmtp.sh b/dovecot_convert_to_lmtp.sh new file mode 100755 index 0000000..b312ba3 --- /dev/null +++ b/dovecot_convert_to_lmtp.sh @@ -0,0 +1,270 @@ +#!/usr/bin/env bash + +postfix_main_cf="/etc/postfix/main.cf" + +backup_date="$(date +%Y-%m-%d-%H%M)" +changed=false + +log_file="$(mktemp)" + +# ------------- +# - Functions an Variable +# ------------- +clean_up() { + + + if [[ -f "$_backup_crontab_file" ]]; then + + echononl "(Re)Install previously saved crontab from '$_backup_crontab_file'.." + + crontab $_backup_crontab_file >> $log_file 2>&1 + + if [[ $? -eq 0 ]]; then + echo -e "$rc_done" + else + echo -e "$rc_failed" + error "$(cat $log_file)" + fi + + fi + + # Perform program exit housekeeping + rm -f $log_file + blank_line + exit $1 +} + +fatal(){ + echo "" + echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m" + echo "" + echo -e "\t\033[31m\033[1m Skript wird abgebrochen\033[m\033[m\n" + rm -f $log_file + clean_up 1 +} + + +echononl(){ + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e "$*\\c" 1>&2 + else + echo -en "$*" 1>&2 + fi + rm /tmp/shprompt$$ +} +error(){ + echo "" + echo -e "\t[ \033[31m\033[1mError\033[m ]: $*" + echo "" +} + +warn(){ + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" +} + +info(){ + echo "" + echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" + echo "" +} + +echo_done() { + echo -e "\033[75G[ \033[32mdone\033[m ]" +} +echo_ok() { + echo -e "\033[75G[ \033[32mok\033[m ]" +} +echo_warn() { + echo -e "\033[75G[ \033[33mwarn\033[m ]" +} +echo_failed(){ + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" +} +echo_skipped() { + echo -e "\033[75G[ \033[90m\033[1mskipped\033[m ]" +} + +blank_line() { + if $terminal ; then + echo "" + fi +} + + +if [[ ! -f "$postfix_main_cf" ]] ; then + fatal "Postfix configuration '${postfix_main_cf}' NOT found!" +fi + +# ---------- +# - Some checks .. +# ---------- +# -Is systemd supported on this system? +# - +systemd_supported=false +systemd=$(which systemd) +systemctl=$(which systemctl) + +if [[ -n "$systemd" ]] && [[ -n "$systemctl" ]] ; then + systemd_supported=true +fi + +blank_line + +echononl " Backup Postfix Cconfiguration file '${postfix_main_cf}'.." +if [[ ! -f "${postfix_main_cf}.${backup_date}" ]] ; then + cp -a "${postfix_main_cf}" "${postfix_main_cf}.${backup_date}" > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + + + +blank_line + +# - /etc/postfix/main.cf +# - +# - comment in: +# - #virtual_transport = dovecot +# - #dovecot_destination_recipient_limit = .. +# - +# - change: +# - smtpd_sasl_auth_enable = yes +# - smtpd_sasl_type = dovecot +# - smtpd_sasl_path = private/dovecot-auth +# - virtual_transport = lmtp:unix:private/dovecot-lmtp +var="smtpd_sasl_auth_enable" +val="yes" +echononl " ${postfix_main_cf}: adjust '${var}'.." +if ! $(grep -E -q "^\s*${var}\s*=\s*${val}" ${postfix_main_cf} 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*)(${var}\ *=.*)#${var} = ${val}#" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + changed=true + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + +var="smtpd_sasl_type" +val="dovecot" +echononl " ${postfix_main_cf}: adjust '${var}'.." +if ! $(grep -E -q "^\s*${var}\s*=\s*${val}" ${postfix_main_cf} 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*)(${var}\ *=.*)#${var} = ${val}#" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + changed=true + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + +var="smtpd_sasl_path" +val="private/dovecot-auth" +echononl " ${postfix_main_cf}: adjust '${var}'.." +if ! $(grep -E -q "^\s*${var}\s*=\s*${val}" ${postfix_main_cf} 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*)(${var}\ *=.*)#${var} = ${val}#" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + changed=true + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + +var="virtual_transport" +val="lmtp:unix:private/dovecot-lmtp" +echononl " ${postfix_main_cf}: adjust '${var}'.." +if ! $(grep -E -q "^\s*${var}\s*=\s*${val}" ${postfix_main_cf} 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*)(${var}\ *=.*)#${var} = ${val}#" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + changed=true + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + + +echononl " Comment variable 'dovecot_destination_recipient_limit'.." +if $(grep -E -q "^\s*dovecot_destination_recipient_limit" ${postfix_main_cf} 2> /dev/null) ; then + perl -i-n -p -e "s/^(\s*)(dovecot_destination_recipient_limit.*)/\1\#\2/" /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + changed=true + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + +blank_line + +# - restart postfix +# - +echononl " Restart Postfix Service..." +if $changed ; then + if $systemd_supported ; then + systemctl restart postfix > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + fi + else + /etc/init.d/postfix restart > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + fi + fi +else + echo_skipped +fi + + +diff "${postfix_main_cf}" "${postfix_main_cf}.${backup_date}" > /dev/null 2>&1 +if [[ $? -eq 0 ]]; then + + info "File \033[1m${postfix_main_cf}\033[m has not changed. + \033[32mGoing to remove previos created backup\033[m.." + + echononl " Remove file \033[1m${postfix_main_cf}.${backup_date}\033[m .." + rm "${postfix_main_cf}.${backup_date}" > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "$(cat "$log_file")" + fi +fi + + +clean_up 0 diff --git a/install_opendmarc.sh b/install_opendmarc.sh new file mode 100755 index 0000000..550262e --- /dev/null +++ b/install_opendmarc.sh @@ -0,0 +1,523 @@ +#!/usr/bin/env bash + +clear +echo -e "\n \033[32mStart Installation of OpenDMARC..\033[m" + + + +# ------------- +# - Settings +# ------------- + +#_src_base_dir="$(realpath $(dirname $0))" +#conf_file="${_src_base_dir}/conf/install_opendmarc.conf" + +_opendmarc_packages="opendmarc" + +opendmarc_base_dir="/etc/opendmarc" +opendmarc_conf_file="/etc/opendmarc.conf" + +postfix_spool_dir="/var/spool/postfix" + +opendmarc_socket_dir="${postfix_spool_dir}/opendmarc" +opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock" + +config_file_name_value_parameters=" + AuthservID|OpenDMARC + PidFile|/run/opendmarc/opendmarc.pid + RejectFailures|true + Syslog|true + SyslogFacility|mail + TrustedAuthservIDs|$(hostname -f) + IgnoreHosts|/etc/opendmarc/ignore.hosts + IgnoreAuthenticatedClients|true + RequiredHeaders|true + UMask|002 + FailureReports|false + AutoRestart|true + HistoryFile|/run/opendmarc/opendmarc.dat + SPFSelfValidate|true + Socket|${opendmarc_socket_file} +" +declare -a config_file_name_value_parameter_arr=() +for _conf in $config_file_name_value_parameters ; do + config_file_name_value_parameter_arr+=("$_conf") +done + +postfix_needs_restart=false +opendmarc_needs_restart=false + +backup_date="$(date +%Y-%m-%d-%H%M)" +log_file="$(mktemp)" + +# ------------- +# --- Some functions +# ------------- +echononl(){ + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ +} + +fatal(){ + echo "" + echo -e "fatal error: $*" + echo "" + echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" + echo "" + exit 1 +} + +error(){ + echo "" + echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" + echo "" +} + +warn (){ + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" +} + +info (){ + echo "" + echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" + echo "" +} + +echo_done() { + echo -e "\033[80G[ \033[32mdone\033[m ]" +} +echo_ok() { + echo -e "\033[80G[ \033[32mok\033[m ]" +} +echo_warning() { + echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" +} +echo_failed(){ + echo -e "\033[80G[ \033[1;31mfailed\033[m ]" +} +echo_skipped() { + echo -e "\033[80G[ \033[37mskipped\033[m ]" +} + + +# ------------- +# - Some pre-installation tasks +# ------------- + +# - Is 'systemd' supported on this system +# - +if [ "X`which systemd`" = "X" ]; then + SYSTEMD_EXISTS=false +else + SYSTEMD_EXISTS=true +fi + + + +# ============= +# - Start Installation +# ============= + +echo "" + +# - Synchronise package index files with the repository +# - +echononl " Synchronise package index files with the repository.." +apt-get update > "$log_file" 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + + +# - Install opendmarc +# - +echononl " Install needed debian packages.." +opendmarc_packages="" +packages_installed=false +for _pkg in $_opendmarc_packages ; do + if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then + continue + else + opendmarc_packages="$opendmarc_packages $_pkg" + fi +done +if [[ -n "$opendmarc_packages" ]]; then + DEBIAN_FRONTEND=noninteractive apt-get -y install $opendmarc_packages > /dev/null 2> "$log_file" + packages_installed=true + opendmarc_needs_restart=true + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Add user 'postfix' to group 'opendmarc' +# - +echononl " Add user 'postfix' to group 'opendmarc'.." +if grep -E "^opendmarc" /etc/group | grep -q postfix 2> /dev/null ; then + echo_skipped +else + usermod -a -G opendmarc postfix > "$log_file" 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + + +# - Save configuration file from distribution +# - +echononl " Save configuration file from distribution" +if [[ -f "${opendmarc_conf_file}.ORIG" ]] ; then + echo_skipped +else + cp -a $opendmarc_conf_file $opendmarc_conf_file.ORIG 2> "$log_file" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + +for _val in "${config_file_name_value_parameter_arr[@]}" ; do + IFS='|' read -a _val_arr <<< "${_val}" + + echononl " $opendmarc_conf_file: ${_val_arr[0]} -> ${_val_arr[1]}.." + if $(grep -E -q "^\s*${_val_arr[0]}\s+${_val_arr[1]}\s*$" $opendmarc_conf_file 2> /dev/null) ; then + echo_skipped + elif $(grep -E -q "^\s*#\s*${_val_arr[0]}\s+" $opendmarc_conf_file 2> /dev/null); then + perl -i -n -p -e "s&^(\s*#\s*${_val_arr[0]}.*)&\1\n${_val_arr[0]} ${_val_arr[1]}&" $opendmarc_conf_file > "$log_file" 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + opendmarc_needs_restart=true + else + echo_failed + error "$(cat $log_file)" + fi + elif $(grep -E -q "^\s*${_val_arr[0]}\s+" $opendmarc_conf_file 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*${_val_arr[0]}.*)#\#\1\n${_val_arr[0]} ${_val_arr[1]}#" $opendmarc_conf_file > "$log_file" 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + opendmarc_needs_restart=true + else + echo_failed + error "$(cat $log_file)" + fi + else + cat <> $opendmarc_conf_file 2> "$log_file" + +${_val_arr[0]} ${_val_arr[1]} +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + opendmarc_needs_restart=true + else + echo_failed + error "$(cat $log_file)" + fi + fi +done + + +# - Assign ownership to the opendmarc user and restrict tthe +# - file permissions: +# - +echononl " Assign file permissions to '$opendmarc_conf_file'.." +chmod u=rw,go=r $opendmarc_conf_file 2> $log_file +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + + +# - Create the directories to hold opendmarc's data files, assign +# - ownership to the opendmarc user, and restrict the file +# - permissions: +# - +echononl " Create directory '$opendmarc_base_dir'" +if [[ -d "$opendmarc_base_dir" ]] ; then + echo_skipped +else + opendmarc_needs_restart=true + mkdir ${opendmarc_base_dir} 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi +echononl " Set ownership on directory '${opendmarc_base_dir}' (recursive).." +chown -R opendmarc:opendmarc ${opendmarc_base_dir} 2> $log_file +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + + + +# - Create the file ${opendmarc_base_dir}/ignore.hosts +# - +echononl " Create file '${opendmarc_base_dir}/ignore.hosts'.." +if [[ -f "${opendmarc_base_dir}/ignore.hosts" ]] ; then + echo_skipped +else + cat < ${opendmarc_base_dir}/ignore.hosts 2> $log_file +# We are using AmaViS at 'localhost 127.0.0.1 . So we cannot bypass them +# +# 127.0.0.1 +# localhost +$(hostname -f) +EOF + opendmarc_needs_restart=true + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + + +# - Edit /etc/default/opendmarc +# - +# - Set: +# - SOCKET="local:${postfix_spool_dir}/opendmarc/opendmarc.sock" +# - +echononl " Set 'SOCKET' at file /etc/default/opendmarc.." +if grep -q -E "^\s*SOCKET" /etc/default/opendmarc 2>/dev/null ; then + if grep -q -E "^\s*SOCKET\s*=\s*\"*local:$opendmarc_socket_file" /etc/default/opendmarc 2>/dev/null ; then + echo_skipped + else + perl -i -n -p -e "s#^\s*SOCKET=.*#SOCKET=\"local:$opendmarc_socket_file\"#" /etc/default/opendmarc 2> $log_file + opendmarc_needs_restart=true + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi + fi +else + cat <>/etc/default/opendmarc 2> $log_file +SOCKET="local:$opendmarc_socket_file" +EOF + opendmarc_needs_restart=true + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + + +# - Create the opendmarc socket directory in Postfix’s work area +# - and make sure it has the correct ownership: +# - +echononl " Create the opendmarc socket directory in Postfix's work area.." +if [[ -d "${postfix_spool_dir}/opendmarc" ]] ; then + echo_skipped +else + mkdir ${postfix_spool_dir}/opendmarc 2> $log_file + opendmarc_needs_restart=true + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi + echononl " Set ownership on directory '${postfix_spool_dir}/opendmarc'.." + chown opendmarc:postfix ${postfix_spool_dir}/opendmarc 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + + +# - Edit /etc/postfix/main.cf and add a section to activate +# - processing of e-mail through the opendmarc daemon: +# - +echononl " Backup existing postfix configuration (main.cf).." +cp -a /etc/postfix/main.cf /etc/postfix/main.cf.$backup_date 2> $log_file +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + +echononl " Set Variable non_smtpd_milters at '/etc/postfix/main.cf'.." +if $(grep -q -E "^\s*non_smtpd_milters\s*=\s*.*opendkim.sock" /etc/postfix/main.cf 2> /dev/null) ; then + if $(grep -q -E "^\s*non_smtpd_milters\s*=\s*.*$(basename "${opendmarc_socket_file}")" /etc/postfix/main.cf); then + echo_skipped + else + perl -i -n -p -e "s&^\s*(non_smtpd_milters\s*=.*opendkim.sock)&\1,local:/$(basename "${opendmarc_socket_dir}")/$(basename "${opendmarc_socket_file}")&" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + postfix_needs_restart=true + else + echo_failed + error "$(cat $log_file)" + fi + fi +else + echo_skipped + warn "Postfix is not adjusted. Complete Postfix configuration (main.cf) manually\!" +fi + + +# - Prevent Postfix from setting the DMARC Header twice (one befor +# - and one after processing amavis +# - +# - To disable milter processing after amavis, add to your master.cf in +# - the after-amavis section: +# - 127.0.0.1:10025 inet n - - - - smtpd +# - [...] +# - -o smtpd_milters= +# - +# - If you want to run the milter after amavis, set in main.cf +# - smtpd_milters= +# - to an empty string and add the smtpd_milters configuration to master.cf +# - (after-section amavis) instead: +# - -o smtpd_milters=local:/opendmarc/opendmarc.sock +# - +echononl " Backup file '/etc/postfix/master.cf'.." +cp -a /etc/postfix/master.cf /etc/postfix/master.cf.${backup_date} 2> $log_file +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + +echononl " Adjust /etc/postfix/master.cf. Set DMARC after sending throuh AmaVIS.." +if $(grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*opendkim.sock" /etc/postfix/master.cf 2> /dev/null) ; then + if $(grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*$(basename ${opendmarc_socket_file})" /etc/postfix/master.cf); then + echo_skipped + else + perl -i -n -p -e "s&(^\s*-o\s+smtpd_milters\s*=.*)&\1,local:/$(basename "${opendmarc_socket_dir}")/$(basename "${opendmarc_socket_file}")&" \ + /etc/postfix/master.cf > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + postfix_needs_restart=true + else + echo_failed + error "$(cat $log_file)" + fi + fi +else + echo_skipped + warn "Postfix is not adjusted. Complete Postfix configuration (master.cf) manually\!" +fi + +echo "" + +echononl " Enable OpenDMARC Service" +if $SYSTEMD_EXISTS ; then + systemctl enable opendmarc > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + warn "Maybe OpenDMARC Service is not enabled, because its an old non-systemd os.." +fi + +# - Restart opendmarc +# - +echononl " Restart opendmarc.." +if $opendmarc_needs_restart ; then + if $SYSTEMD_EXISTS ; then + systemctl restart opendmarc > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi + else + /etc/init.d/opendmarc restart > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi + fi +else + echo_skipped +fi + + +# - Restart Postfix so it starts using opendmarc when processing mail: +# - +echononl " Restart Postfix.." +if $postfix_needs_restart ; then + if $SYSTEMD_EXISTS ; then + systemctl restart postfix > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi + else + /etc/init.d/postfix restart > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi + fi +else + echo_skipped +fi + +echo "" +if [[ -f "/etc/postfix/master.cf.${backup_date}" ]] ; then + if $(diff "/etc/postfix/master.cf" "/etc/postfix/master.cf.${backup_date}"> /dev/null 2>&1) ; then + info "File \033[1m/etc/postfix/master.cf\033[m has not changed.\n\t Removing previos created backup.." + rm "/etc/postfix/master.cf.${backup_date}" + fi +fi +if [[ -f "/etc/postfix/main.cf.${backup_date}" ]] ; then + if $(diff "/etc/postfix/main.cf" "/etc/postfix/main.cf.${backup_date}"> /dev/null 2>&1) ; then + info "File \033[1m/etc/postfix/main.cf\033[m has not changed.\n\t Removing previos created backup.." + rm "/etc/postfix/main.cf.${backup_date}" + fi +fi + + +echo "" +rm -f "$log_file" +exit 0 diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 254dc8e..098ca40 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -976,6 +976,25 @@ else echo_skipped fi +echononl " Enable Postfix firewall daemon at boot time .." +if $systemd_exists ; then + systemctl enable postfwd > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + update-rc.d postfwd defaults > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + echononl " Restart Postfix firewall daemon 'postfwd'.." if $systemd_exists ; then systemctl restart postfwd > /dev/null 2> $tmp_err_msg @@ -1081,14 +1100,17 @@ mynetworks = ${IPV4}/32 [${IPV6}]/128 # a.mx.oopen.de - #83.223.86.91 - #[2a01:30:0:13:2f7:50ff:fed2:cef7]/128 + #95.217.204.247/32 + #[2a01:4f9:4a:47e5::247]/128 # b.mx.oopen.de - #83.223.86.97 - #[2a01:30:0:13:21f:92ff:fe00:538b] + #83.223.86.97/32 + #[2a01:30:0:13:21f:92ff:fe00:538b]/128 # d.mx.oopen.de - #83.223.86.92/32 - #[2a01:30:0:13:254:9eff:fed5:e7fd]/128 + #95.217.204.227/32 + #[2a01:4f9:4a:47e5::227]/128 + # e.mx.oopen.de + #95.217.204.205/32 + #[2a01:4f9:4a:47e5::205]/128 smtp_bind_address = $IPV4 smtp_bind_address6 = $IPV6 @@ -1517,6 +1539,7 @@ cat <> /etc/postfix/main.cf ## - ## - using dovecot lda ## - virtual_transport = dovecot +## - dovecot_destination_recipient_limit = 1 ## - ## - using dovecot's lmtp service ## - virtual_transport = lmtp:unix:private/dovecot-lmtp @@ -1624,6 +1647,23 @@ smtpd_client_restrictions = # permit_dnswl_client dnswl.oopen.de, # Blacklists + # + # - rhs stands for right hand side, i.e, the domain name. + # + # - reject_rhsbl_helo makes Postfix reject email when the client HELO or EHLO hostname is blacklisted. + # + # - reject_rhsbl_reverse_client: reject the email when the unverified reverse client hostname is + # blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is + # blacklisted, reject the email. + # + # - reject_rhsbl_sender makes Postfix reject email when the MAIL FROM domain is blacklisted. + # + # - reject_rbl_client: This is an IP-based blacklist. When the client IP address is backlisted, + # reject the email. + # + reject_rhsbl_helo dbl.spamhaus.org, + reject_rhsbl_reverse_client dbl.spamhaus.org, + reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, # Greylisting check @@ -1691,6 +1731,7 @@ smtpd_sender_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_non_fqdn_sender + reject_unknown_reverse_client_hostname ## --- diff --git a/install_update_dovecot.sh b/install_update_dovecot.sh index 91ed69b..2773649 100755 --- a/install_update_dovecot.sh +++ b/install_update_dovecot.sh @@ -573,7 +573,7 @@ mkdir -p $_log_dir cd ${_src_base_dir} echo "" -echo "Download sources.." +echo -e "\033[1mDownload sources\033[m.." ## - Downloud Dovecot 2.2.x ## - @@ -668,7 +668,7 @@ fi ## - Create Users/groups needed for dovecot echo "" -echo "Create required users/groups.." +echo -e "\033[1mCreate required users/groups\033[m.." echononl "\tCreate group dovecot.." if ! grep dovecot /etc/group > /dev/null ; then addgroup --system --gid 91 dovecot > ${_log_dir}/system.log 2>&1 @@ -773,7 +773,7 @@ fi ## --- Install Base System echo "" -echo "Installing Base System.." +echo -e "\033[1mInstalling Base System\033[m.." ## - Unpack dovecot sources ## - @@ -950,7 +950,7 @@ fi _failed=false echo "" -echo "Configure Dovecot.." +echo -e "\033[1mConfigure Dovecot\033[m.." ## - Copy example config files to the config directory ## - @@ -2757,7 +2757,7 @@ fi # if $_new echo -echo -e "Change (from lda) to lmtp-service" +echo -e "\033[1mChange (from lda) to lmtp-service\033[m" ## ----------------- ## --- Change (from lda) to lmtp-service @@ -2797,52 +2797,107 @@ else fi -#if $_new ; then -# -# ## - /etc/postfix/main.cf -# ## - -# ## - comment in: -# ## - #virtual_transport = dovecot -# ## - -# ## - change: -# ## - smtpd_sasl_auth_enable = yes -# ## - smtpd_sasl_type = dovecot -# ## - smtpd_sasl_path = private/dovecot-auth -# ## - virtual_transport = lmtp:unix:private/dovecot-lmtp -# _failed=false -# echononl "\tAdjust /etc/postfix/main.cf" -# perl -i -n -p -e "s#^(\s*)(smtpd_sasl_auth_enable\ *=.*)#smtpd_sasl_auth_enable = yes#" \ -# /etc/postfix/main.cf || _failed=true -# #perl -i -n -p -e "s#^(\s*)(smtpd_sasl_type\ *=.*)#\1\#\2\n\1smtpd_sasl_type = dovecot#" \ -# perl -i -n -p -e "s#^(\s*)(smtpd_sasl_type\ *=.*)#smtpd_sasl_type = dovecot#" \ -# /etc/postfix/main.cf || _failed=true -# #perl -i -n -p -e "s#^(\s*)(smtpd_sasl_path\ *=.*)#\1\#\2\n\1smtpd_sasl_path = private/dovecot-auth#" \ -# # /etc/postfix/main.cf || _failed=true -# perl -i -n -p -e "s#^(\s*)(smtpd_sasl_path\ *=.*)#smtpd_sasl_path = private/dovecot-auth#" \ -# /etc/postfix/main.cf || _failed=true -# -# -# -# #perl -i -n -p -e "s#^(\s*)(virtual_transport\ *=.*)#\1\#\2\n\1virtual_transport = lmtp:unix:private/dovecot-lmtp#" \ -# # /etc/postfix/main.cf || _failed=true -# perl -i -n -p -e "s#^(\s*)(virtual_transport\ *=.*)#virtual_transport = lmtp:unix:private/dovecot-lmtp#" \ -# /etc/postfix/main.cf || _failed=true -# perl -i-n -p -e "s#^(\s*)(dovecot_destination_recipient_limit.*)#\1\#\2#" /etc/postfix/main.cf || _failed=true -# if ! $_failed ; then -# echo -e "$rc_done" -# else -# echo -e "$rc_failed" -# fatal "Adjusting /etc/postfix/main.cf failed" -# fi -# -#fi +# - /etc/postfix/main.cf +# - +# - comment in: +# - #virtual_transport = dovecot +# - #dovecot_destination_recipient_limit = .. +# - +# - change: +# - smtpd_sasl_auth_enable = yes +# - smtpd_sasl_type = dovecot +# - smtpd_sasl_path = private/dovecot-auth +# - virtual_transport = lmtp:unix:private/dovecot-lmtp +var="smtpd_sasl_auth_enable" +val="yes" +echononl "\t${postfix_main_cf}: adjust '${var}'.." +if ! $(grep -E -q "^\s*${var}\s*=\s*${val}" ${postfix_main_cf} 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*)(${var}\ *=.*)#${var} = ${val}#" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + changed=true + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + +var="smtpd_sasl_type" +val="dovecot" +echononl "\t${postfix_main_cf}: adjust '${var}'.." +if ! $(grep -E -q "^\s*${var}\s*=\s*${val}" ${postfix_main_cf} 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*)(${var}\ *=.*)#${var} = ${val}#" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + changed=true + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + +var="smtpd_sasl_path" +val="private/dovecot-auth" +echononl "\t${postfix_main_cf}: adjust '${var}'.." +if ! $(grep -E -q "^\s*${var}\s*=\s*${val}" ${postfix_main_cf} 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*)(${var}\ *=.*)#${var} = ${val}#" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + changed=true + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + +var="virtual_transport" +val="lmtp:unix:private/dovecot-lmtp" +echononl "\t${postfix_main_cf}: adjust '${var}'.." +if ! $(grep -E -q "^\s*${var}\s*=\s*${val}" ${postfix_main_cf} 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*)(${var}\ *=.*)#${var} = ${val}#" \ + /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + changed=true + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + + +echononl "\tComment variable 'dovecot_destination_recipient_limit'.." +if $(grep -E -q "^\s*dovecot_destination_recipient_limit" ${postfix_main_cf} 2> /dev/null) ; then + perl -i-n -p -e "s/^(\s*)(dovecot_destination_recipient_limit.*)/\1\#\2/" /etc/postfix/main.cf > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + changed=true + else + echo_failed + error "$(cat "$log_file")" + fi +else + echo_skipped +fi + ## ----------------- ## --- Configure quota support for dovecot echo -echo -e "Configure quota support for dovecot" +echo -e "\033[1mConfigure quota support for dovecot\033[m" ## - take care quota plugins (quota,imap-quota) will