install_amavis.sh: port 25 (smtp/inbound) → Amavis 10024 (NOT ORIGINATING); submission/smtps (outbound) → Amavis 10026 (ORIGINATING).

2026-02-13 21:50:15 +01:00
parent 6bc490bfc1
commit 8dc105be68
1 changed files with 102 additions and 33 deletions
--- a/install_amavis.sh
+++ b/install_amavis.sh
@@ -4210,7 +4210,7 @@ use strict;
 # !! smtpd_proxy_filter - see master.cf                           !!
 #
 #
-#\$inet_socket_port = [10024, 10026];
+\$inet_socket_port = [10024, 10026];
 #\$inet_socket_port = [10024, 10029];
 #\$inet_socket_port = [10024, 10026, 10029];

@@ -4329,7 +4329,8 @@ read_hash(\%whitelist_sender, '/etc/postfix/sender_whitelist');
 # Spam-Schwellwerte
 # ----------------------------------------------------------

-\$sa_tag_level_deflt          = 1.9;    # ab hier Info-Header
+#\$sa_tag_level_deflt          = 1.9;    # ab hier Info-Header
+\$sa_tag_level_deflt          = -999;   # immer header schreiben (Debug-freundlich)
 \$sa_tag2_level_deflt         = 5.1;    # ab hier X-Spam-Flag: YES
 \$sa_kill_level_deflt         = 9.51;   # high-spam - final destiny (DISCARD)
 \$sa_dsn_cutoff_level         = 20.1;   # ab hier keine DSN mehr
@@ -4427,14 +4428,108 @@ if (-r \$policy_banks_file) {
 ## - it which domains are local using the @local_domains_maps variable,
 ## - which by default is set to the value of \$mydomain & its subdomains:
 ## -
-#@local_domains_maps = ( ["."] );
+EOF

+if [[ "$?" -ne 0 ]] ; then
+   installation_failed=true
+   error "$(cat $tmp_err_msg)"
+fi
+
+
+if [[ "${DB_TYPE}" = "PostgreSQL" ]] || [[ "${DB_TYPE}" = "MySQL" ]]; then
+
+   if [[ "$DB_TYPE" = "PostgreSQL" ]]; then
+      _db="psql"
+   else
+      _db="mysql"
+   fi
+
+   cat >> /etc/amavis/conf.d/50-user <<EOF
+@local_domains_maps = (
+   [qw(${HOSTNAME} localhost)],
+EOF
+
+   if [[ "$?" -ne 0 ]] ; then
+      installation_failed=true
+      error "$(cat $tmp_err_msg)"
+   fi
+
+
+   if [[ -f "/etc/postfix/${_db}_virtual_domains_maps.cf" ]]; then
+
+      cat >> /etc/amavis/conf.d/50-user <<EOF
+
+   # Domains, die als virtuelle Mailbox-Domains gehostet sind:
+   '${_db}:/etc/postfix/${_db}_virtual_domains_maps.cf',
+EOF
+
+      if [[ "$?" -ne 0 ]] ; then
+         installation_failed=true
+         error "$(cat $tmp_err_msg)"
+      fi
+
+
+   fi
+
+   if [[ -f "/etc/postfix/${_db}_relay-domain-maps.cf" ]]; then
+
+      cat >> /etc/amavis/conf.d/50-user <<EOF
+
+   # Domains, die als relay_domains akzeptiert werden:
+   '${_db}:/etc/postfix/${_db}_relay-domain-maps.cf',
+EOF
+
+      if [[ "$?" -ne 0 ]] ; then
+         installation_failed=true
+         error "$(cat $tmp_err_msg)"
+      fi
+
+
+   fi
+
+   if grep -iq -E "^\s*btree:/etc/postfix/relay_domains" $postfix_main_cf > /dev/null 2>&1 ; then
+
+      cat >> /etc/amavis/conf.d/50-user <<EOF
+
+   # Domains, die als virtuelle Mailbox-Domains gehostet sind:
+   '${_db}:/etc/postfix/${_db}_relay-domain-maps.cf',
+EOF
+
+      if [[ "$?" -ne 0 ]] ; then
+         installation_failed=true
+         error "$(cat $tmp_err_msg)"
+      fi
+
+
+   fi
+
+   cat >> /etc/amavis/conf.d/50-user <<EOF
+);
+EOF
+
+else
+   cat >> /etc/amavis/conf.d/50-user <<'EOF'
+@local_domains_maps = ( ["."] );
+EOF
+
+   if [[ "$?" -ne 0 ]] ; then
+      installation_failed=true
+      error "$(cat $tmp_err_msg)"
+   fi
+
+
+fi
+
+cat >> /etc/amavis/conf.d/50-user <<EOF

 ## - get rid of "Open Relay" warnings in amavis logfile.
 ## -
-\$interface_policy{'10024'} = 'ORIGINATING';
+\$interface_policy{'10026'} = 'ORIGINATING';
 \$policy_bank{'ORIGINATING'} = {
    originating => 1,  # declare that mail was submitted by our smtp client
+    bypass_spam_checks_maps  => (1),
+    bypass_virus_checks_maps => (0),
+    remove_existing_spam_headers => 1,
 };

 ## - If you get am error like:
@@ -4447,6 +4542,7 @@ if (-r \$policy_banks_file) {
 #\$inet_socket_bind = undef;

 EOF
+
 if [[ "$?" -ne 0 ]] ; then
   installation_failed=true
   error "$(cat $tmp_err_msg)"
@@ -5093,15 +5189,6 @@ localhost:10025  inet  n       -       y       -       -       smtpd
   -o smtpd_data_restrictions=
   -o mynetworks=127.0.0.0/8,[::1]/128
   -o receive_override_options=no_unknown_recipient_checks
-EOF
-         if [[-n "$(which opendmarc)" ]] ; then
-            cat >> $postfix_master_cf << EOF
-   # IMPORTANT: no opendmarc here!
-   #-o smtpd_milters=local:/opendmarc/opendmarc.sock
-EOF
-         fi
-         cat >> $postfix_master_cf << EOF
-   #-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
 EOF
 		fi

@@ -5130,7 +5217,7 @@ EOF
 		_found=true
 		cat >> $postfix_master_cf << EOF
 submission inet n       -       y       -       20       smtpd
-   -o content_filter=amavisfeed:[127.0.0.1]:10024
+   -o content_filter=amavisfeed:[127.0.0.1]:10026
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
@@ -5158,12 +5245,6 @@ localhost:10025  inet  n       -       y       -       -       smtpd
   -o mynetworks=127.0.0.0/8,[::1]/128
   -o receive_override_options=no_unknown_recipient_checks
 EOF
-            if [[ -n "$(which opendmarc)" ]] ; then
-               cat >> $postfix_master_cf << EOF
-   # IMPORTANT: no opendmarc here!
-   #-o smtpd_milters=local:/opendmarc/opendmarc.sock
-EOF
-            fi
 			fi

 			if ! $amavisfeed_present ; then
@@ -5184,7 +5265,7 @@ EOF
 		_found=true
 		cat >> $postfix_master_cf << EOF
 smtps     inet  n       -       y       -       -       smtpd
-   -o content_filter=amavisfeed:[127.0.0.1]:10024
+   -o content_filter=amavisfeed:[127.0.0.1]:10026
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
@@ -5212,12 +5293,6 @@ localhost:10025  inet  n       -       y       -       -       smtpd
   -o mynetworks=127.0.0.0/8,[::1]/128
   -o receive_override_options=no_unknown_recipient_checks
 EOF
-         if [[ -n "$(which opendmarc)" ]] ; then
-            cat >> $postfix_master_cf << EOF
-   # IMPORTANT: no opendmarc here!
-   #-o smtpd_milters=local:/opendmarc/opendmarc.sock
-EOF
-          fi
 		fi

 		if ! $amavisfeed_present ; then
@@ -5250,12 +5325,6 @@ localhost:10025  inet  n       -       y       -       -       smtpd
   -o mynetworks=127.0.0.0/8,[::1]/128
   -o receive_override_options=no_unknown_recipient_checks
 EOF
-      if [[ -n "$(which opendmarc)" ]] ; then
-         cat >> $postfix_master_cf << EOF
-   # IMPORTANT: no opendmarc here!
-   #-o smtpd_milters=local:/opendmarc/opendmarc.sock
-EOF
-      fi
      continue
   fi