diff --git a/install_opendmarc.sh b/install_opendmarc.sh index edf03f4..8320f7d 100755 --- a/install_opendmarc.sh +++ b/install_opendmarc.sh @@ -23,7 +23,7 @@ opendmarc_socket_dir="${postfix_spool_dir}/opendmarc" opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock" config_file_name_value_parameters=" - AuthservID|OpenDMARC + AuthservID|DMARC check $(hostname -f) PidFile|/run/opendmarc/opendmarc.pid RejectFailures|true Syslog|true @@ -36,6 +36,7 @@ config_file_name_value_parameters=" FailureReports|false AutoRestart|true HistoryFile|/run/opendmarc/opendmarc.dat + SPFIgnoreResults|false SPFSelfValidate|true Socket|${opendmarc_socket_file} " @@ -182,6 +183,200 @@ else fi +# - Add 'IgnoreHosts' with default value to the original opendmarc.conf file +# +echononl " Add 'IgnoreHosts' with default value to the opendmarc.conf file.." +if ! $(grep -q -E "^IgnoreHosts\s+" ${opendmarc_conf_file} 2> /dev/null) ; then + cat << EOF >> ${opendmarc_conf_file} + +## Specifies the path to a file that contains a list of hostnames, IP addresses, +## and/or CIDR expressions identifying hosts whose SMTP connections are to be +## ignored by the filter. If not specified, defaults to "127.0.0.1" only. +# +IgnoreHosts 127.0.0.1 +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Add 'IgnoreAuthenticatedClients' with default value to the original opendmarc.conf file +# +_param="IgnoreAuthenticatedClients" +echononl " Add '${_param}' with default value to the opendmarc.conf file.." +if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then + cat << EOF >> ${opendmarc_conf_file} + +## If set, causes mail from authenticated clients (i.e., those that used +## SMTP AUTH) to be ignored by the filter. The default is "false". +# +IgnoreAuthenticatedClients false +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file +# +_param="IgnoreAuthenticatedClients" +echononl " Add '${_param}' with default value to the opendmarc.conf file.." +if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then + cat << EOF >> ${opendmarc_conf_file} + +## If set, causes mail from authenticated clients (i.e., those that used +## SMTP AUTH) to be ignored by the filter. The default is "false". +# +IgnoreAuthenticatedClients false +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file +# +_param="RequiredHeaders" +echononl " Add '${_param}' with default value to the opendmarc.conf file.." +if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then + cat << EOF >> ${opendmarc_conf_file} + +## If set, the filter will ensure the header of the message conforms to the basic +## header field count restrictions laid out in RFC5322, Section 3.6. Messages +## failing this test are rejected without further processing. A From: field from +## which no domain name could be extracted will also be rejected. +# +RequiredHeaders false +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Add 'AutoRestart' with default value to the original opendmarc.conf file +# +_param="AutoRestart" +echononl " Add '${_param}' with default value to the opendmarc.conf file.." +if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then + cat << EOF >> ${opendmarc_conf_file} + +## Automatically re-start on failures. Use with caution; if the filter fails +## instantly after it starts, this can cause a tight fork(2) loop. +# +AutoRestart false +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Add 'HistoryFile' with default value to the original opendmarc.conf file +# +_param="HistoryFile" +echononl " Add '${_param}' with default value to the opendmarc.conf file.." +if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then + cat << EOF >> ${opendmarc_conf_file} + +## If set, specifies the location of a text file to which records are written +## that can be used to generate DMARC aggregate reports. Records are batches of +## rows containing information about a single received message, and include all +## relevant information needed to generate a DMARC aggregate report. It is +## expected that this will not be used in its raw form, but rather periodically +## imported into a relational database from which the aggregate reports can be +## extracted using opendmarc-importstats(8). +# +HistoryFile /run/opendmarc/opendmarc.dat +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Add 'SPFIgnoreResults' with default value to the original opendmarc.conf file +# +_param="SPFIgnoreResults" +echononl " Add '${_param}' with default value to the opendmarc.conf file.." +if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then + cat << EOF >> ${opendmarc_conf_file} + +## Causes the filter to ignore any SPF results in the header of the message. This +## is useful if you want the filter to perform SPF checks itself, or because you +## don't trust the arriving header. The default is "false". +# +SPFIgnoreResults false +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Add 'SPFSelfValidate' with default value to the original opendmarc.conf file +# +_param="SPFSelfValidate" +echononl " Add '${_param}' with default value to the opendmarc.conf file.." +if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then + cat << EOF >> ${opendmarc_conf_file} + +## Causes the filter to perform a fallback SPF check itself when it can find no +## SPF results in the message header. If SPFIgnoreResults is also set, it never +## looks for SPF results in headers and always performs the SPF check itself when +## this is set. The default is "false". +# +SPFSelfValidate false +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + # - Save configuration file from distribution # - echononl " Save configuration file from distribution"