From a27758609060dd508fb27a42b7db7fc2be75e22d Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 26 Sep 2022 00:43:15 +0200 Subject: [PATCH 1/3] install_postfix_advanced.sh: add support for update postfix configuration - not only initial install. --- install_postfix_advanced.sh | 477 ++++++++++++++++++++++++++++-------- 1 file changed, 380 insertions(+), 97 deletions(-) diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 5344d04..8feaa5f 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -2,7 +2,7 @@ working_dir="$(dirname $(realpath $0))" -conf_file="${working_dir}/conf//install_postfix_advanced.conf" +conf_file="${working_dir}/conf/install_postfix_advanced.conf" _TLS_CERT_DIR=/etc/postfix/ssl @@ -11,14 +11,15 @@ _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key" _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt -postfix_master_cf="/etc/postfix/master.cf" +postfix_conf_dir="/etc/postfix" +postfix_master_cf="${postfix_conf_dir}/master.cf" postfix_spool_dir="/var/spool/postfix" postgrey_socket_dir="${postfix_spool_dir}/postgrey" postgrey_socket_file="${postgrey_socket_dir}/postgrey.sock" -tmp_err_msg=$(mktemp) +log_file=$(mktemp) backup_date="$(date +%Y-%m-%d-%H%M)" # ------------- @@ -27,7 +28,7 @@ backup_date="$(date +%Y-%m-%d-%H%M)" clean_up() { # Perform program exit housekeeping - rm -f $tmp_err_msg + rm -f $log_file exit $1 } @@ -120,7 +121,11 @@ trap clean_up SIGHUP SIGINT SIGTERM # --- Some default settings # ------------- +# - Default Values +# - DEFAULT_ADMIN_EMAIL="argus@oopen.de" +DEFAULT_IS_RELAY_HOST=false +DEFAULT_IS_SYMPA_LIST_SERVER=no # - Is this a systemd system? @@ -141,10 +146,6 @@ echo "" # - detect_os_1 -# - Default Values -# - -#_IS_RELAY_HOST=false - # - Read Configuration File if exists # - if [[ -f "$conf_file" ]]; then @@ -152,8 +153,12 @@ if [[ -f "$conf_file" ]]; then fi [[ -z "$_ADMIN_EMAIL" ]] && _ADMIN_EMAIL="$DEFAULT_ADMIN_EMAIL" +[[ -z "$_IS_SYMPA_LIST_SERVER" ]] && _IS_SYMPA_LIST_SERVER="$DEFAULT_IS_SYMPA_LIST_SERVER" +[[ -z "$_IS_RELAY_HOST" ]] && _IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST - +echo "" +echo "_IS_RELAY_HOST: $_IS_RELAY_HOST" +echo "" # ------------- # --- Set default values for some non existent variables (i.e. no configuration file is present) @@ -166,7 +171,7 @@ if [[ -z "$_HOSTNAME" ]] ; then fi -clear +#clear echo -e "\033[21G\033[32mInstallation script for Postfix basic mailsystem \033[m" echo @@ -264,6 +269,8 @@ echo -e "\033[32m--\033[m" echo "" echo "How will this Mailserver be used?" echo "" +echo "_IS_RELAY_HOST: $_IS_RELAY_HOST" +echo "" if [[ -n "$_IS_RELAY_HOST" ]]; then if $_IS_RELAY_HOST ; then echo "[1] Complete Mailserver (with mailboxes)" @@ -339,6 +346,42 @@ if $IS_RELAY_HOST ; then done + IS_SYMPA_LIST_SERVER="" + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo "Are Sympa List Services provided? - [yes/no]" + echo "" + + echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: " + read IS_SYMPA_LIST_SERVER + if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then + IS_SYMPA_LIST_SERVER=false + fi + IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,} + + while [[ "$IS_SYMPA_LIST_SERVER" != "yes" && "$IS_SYMPA_LIST_SERVER" != "true" \ + && "$IS_SYMPA_LIST_SERVER" != "no" && "$IS_SYMPA_LIST_SERVER" != "false" ]]; do + + echo -e "\n\t\033[33m\033[1mWrong value was given!!\033[m\n" + + echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: " + read IS_SYMPA_LIST_SERVER + if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then + IS_SYMPA_LIST_SERVER=false + fi + IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,} + + done + + if [[ "$IS_SYMPA_LIST_SERVER" = 'yes' || "$IS_SYMPA_LIST_SERVER" = 'true' ]] ; then + IS_SYMPA_LIST_SERVER=true + else + IS_SYMPA_LIST_SERVER=false + fi + +else + IS_SYMPA_LIST_SERVER=false fi @@ -380,6 +423,8 @@ if $IS_RELAY_HOST ; then echo -e "\tConfigure as relay host?..........: \033[33m\033[1m$IS_RELAY_HOST\033[m" echo -e "\tConfigure as complete mailserver..: false" echo "" + echo -e "\tConfigure as sympa list server?...: $IS_SYMPA_LIST_SERVER" + echo "" echo -e "\tSupport Cyrus SASL authentication.: $SASL_AUTH_ENABLED" else echo -e "\tConfigure as relay host?..........: $IS_RELAY_HOST" @@ -419,6 +464,7 @@ fi if $IS_RELAY_HOST ; then cat << EOF >> $conf_file _SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED +_IS_SYMPA_LIST_SERVER=$IS_SYMPA_LIST_SERVER EOF fi if [[ $? -ne 0 ]]; then @@ -436,12 +482,12 @@ fi # - Synchronise package index files with the repository # - echononl " Synchronise package index files with the repository.." -apt-get update > "$tmp_err_msg" 2>&1 +apt-get update > "$log_file" 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi @@ -504,12 +550,12 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -ne 10 ]] ; then if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then echo_skipped else - DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg + DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi fi @@ -518,17 +564,17 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -ne 10 ]] ; then # postgrey as tcp/ip socket # #perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \ - # /etc/default/postgrey > $tmp_err_msg 2>&1 + # /etc/default/postgrey > $log_file 2>&1 # postgrey as unix socket # perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--unix=/var/spool/postfix/postgrey/postgrey.sock --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \ - /etc/default/postgrey > $tmp_err_msg 2>&1 + /etc/default/postgrey > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi echononl " Create /etc/postgrey/whitelist_clients.local (additional whitelist entries)" @@ -552,12 +598,12 @@ EOF if [[ -d "${postgrey_socket_dir}" ]]; then echo_skipped else - mkdir "${postgrey_socket_dir}" > /dev/null 2> $tmp_err_msg + mkdir "${postgrey_socket_dir}" > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" echononl "\tcontinue anyway [yes/no]: " read OK @@ -572,12 +618,12 @@ EOF fi echononl " Set ownership on directory '${postgrey_socket_dir}'.." - chown -R postgrey:postgrey ${postgrey_socket_dir} 2> $tmp_err_msg + chown -R postgrey:postgrey ${postgrey_socket_dir} 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" echononl "\tcontinue anyway [yes/no]: " read OK @@ -592,12 +638,12 @@ EOF echononl " Enable Postgrey service at boot time.." if $systemd_exists ; then - systemctl enable networking >/dev/null 2> $tmp_err_msg + systemctl enable networking >/dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -607,20 +653,20 @@ EOF echononl " Restart postrey daemon" if $systemd_exists ; then - systemctl restart postgrey > /dev/null 2> $tmp_err_msg + systemctl restart postgrey > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else - /etc/init.d/postgrey restart > /dev/null 2> $tmp_err_msg + /etc/init.d/postgrey restart > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi fi @@ -635,18 +681,18 @@ else if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then echo_skipped else - DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg + DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi fi echononl " Add entry for 'tumgreyspf' at end of file '$postfix_master_cf" if ! $(grep -iq -E "^\s*tumgreyspf\s+" 2>/dev/null $postfix_master_cf) ; then - cat <> /etc/postfix/master.cf 2> $tmp_err_msg + cat <> $postfix_master_cf 2> $log_file # This is tumgreyspf, an external policy checker for the postfix mail server. # It can optionally greylist and/or use spfquery to check SPF records to @@ -666,7 +712,7 @@ EOF echononl " Create configuration file for whitelisting: /etc/tumgreyspf/disable.conf" if [[ ! -f /etc/tumgreyspf/disable.conf ]] ; then - cat < "/etc/tumgreyspf/disable.conf" 2> $tmp_err_msg + cat < "/etc/tumgreyspf/disable.conf" 2> $log_file SPFSEEDONLY=0 GREYLISTTIME=300 CHECKERS= @@ -676,7 +722,7 @@ EOF echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -685,21 +731,21 @@ EOF _failed=false echononl " Whitelist tor hidde service '127.0.0.25'.." if [[ ! -d "/var/lib/tumgreyspf/config/client_address/127/0/0/" ]] ; then - mkdir -p /var/lib/tumgreyspf/config/client_address/127/0/0/ 2> $tmp_err_msg + mkdir -p /var/lib/tumgreyspf/config/client_address/127/0/0/ 2> $log_file if [[ $? -ne 0 ]]; then _failed=true fi fi if [[ ! -L /var/lib/tumgreyspf/config/client_address/127/0/0/25 ]]; then - ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/127/0/0/25 2>> $tmp_err_msg + ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/127/0/0/25 2>> $log_file fi if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" else echo_ok fi @@ -714,7 +760,7 @@ EOF _setup_file="/etc/tumgreyspf/default.conf" echononl " Setup defaults for tumgreyspf: $_setup_key .." if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then - cat <> "$_setup_file" 2> $tmp_err_msg + cat <> "$_setup_file" 2> $log_file # Added by script $(basename $0) at $(date +%Y-%m-%d) $_setup_key = $_setup_val @@ -723,17 +769,17 @@ EOF echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*0$" "$_setup_file") ; then - perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg + perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -745,7 +791,7 @@ EOF _setup_file="/etc/tumgreyspf/default.conf" echononl " Setup defaults for tumgreyspf: $_setup_key .." if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then - cat <> "$_setup_file" 2> $tmp_err_msg + cat <> "$_setup_file" 2> $log_file # Added by script $(basename $0) at $(date +%Y-%m-%d) $_setup_key = $_setup_val @@ -754,17 +800,17 @@ EOF echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then - perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg + perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -776,7 +822,7 @@ EOF _setup_file="/etc/tumgreyspf/default.conf" echononl " Setup defaults for tumgreyspf: $_setup_key .." if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then - cat <> "$_setup_file" 2> $tmp_err_msg + cat <> "$_setup_file" 2> $log_file # Added by script $(basename $0) at $(date +%Y-%m-%d) $_setup_key = $_setup_val @@ -785,17 +831,17 @@ EOF echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then - perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg + perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -807,7 +853,7 @@ EOF _setup_file="/etc/tumgreyspf/default.conf" echononl " Setup defaults for tumgreyspf: $_setup_key .." if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then - cat <> "$_setup_file" 2> $tmp_err_msg + cat <> "$_setup_file" 2> $log_file # Added by script $(basename $0) at $(date +%Y-%m-%d) $_setup_key = $_setup_val @@ -816,17 +862,17 @@ EOF echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then - perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg + perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -838,7 +884,7 @@ EOF _setup_file="/etc/tumgreyspf/default.conf" echononl " Setup defaults for tumgreyspf: $_setup_key .." if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then - cat <> "$_setup_file" 2> $tmp_err_msg + cat <> "$_setup_file" 2> $log_file # Added by script $(basename $0) at $(date +%Y-%m-%d) $_setup_key = $_setup_val @@ -847,17 +893,17 @@ EOF echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then - perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg + perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -876,23 +922,23 @@ _pkg="postfwd" if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then echo_skipped else - DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg + DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi fi echononl " Adjust /etc/default/postfwd" perl -i -n -p -e "s#^(\s*)(STARTUP=.*)#\#\1\2\nSTARTUP=1#" \ - /etc/default/postfwd > $tmp_err_msg 2>&1 + /etc/default/postfwd > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi _file="/etc/postfix/postfwd.wl-nets" @@ -1325,39 +1371,39 @@ fi echononl " Enable Postfix firewall daemon at boot time .." if $systemd_exists ; then - systemctl enable postfwd > /dev/null 2> $tmp_err_msg + systemctl enable postfwd > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else - update-rc.d postfwd defaults > /dev/null 2> $tmp_err_msg + update-rc.d postfwd defaults > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi fi echononl " Restart Postfix firewall daemon 'postfwd'.." if $systemd_exists ; then - systemctl restart postfwd > /dev/null 2> $tmp_err_msg + systemctl restart postfwd > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else - /etc/init.d/postfwd restart > /dev/null 2> $tmp_err_msg + /etc/init.d/postfwd restart > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi fi @@ -1387,6 +1433,21 @@ cat < /etc/postfix/main.cf # Disable backwards compatibility compatibility_level = 2 +# With "smtputf8_enable = yes", Postfix requires that non-ASCII address information +# is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not +# practical for Postfix to support multiple encodings at the same time. There is no +# problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", because those use +# only characters from the ASCII characterset. +#smtputf8_enable = no +EOF +if $IS_SYMPA_LIST_SERVER ; then + cat <> /etc/postfix/main.cf +smtputf8_enable = no +EOF +fi + +cat <> /etc/postfix/main.cf + # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default @@ -1579,6 +1640,15 @@ sender_canonical_maps = btree:/etc/postfix/sender_canonical transport_maps = btree:/etc/postfix/transport btree:/etc/postfix/relay_domains +EOF + +if $IS_SYMPA_LIST_SERVER ; then + cat <> /etc/postfix/main.cf + regexp:/etc/postfix/sympa_transport +EOF +fi + +cat <> /etc/postfix/main.cf ## - The maximal time a message is queued before it is sent back as ## - undeliverable. Defaults to 5d (5 days) @@ -1622,10 +1692,31 @@ prepend_delivered_header = # ============ Relay parameters ============ relayhost = + +EOF + +if $IS_SYMPA_LIST_SERVER ; then + cat <> /etc/postfix/main.cf +sympa_destination_recipient_limit = 1 + +sympabounce_destination_recipient_limit = 1 + +relay_domains = + \$mydestination + btree:/etc/postfix/relay_domains + btree:/etc/postfix/sympa_domains + +EOF +else + cat <> /etc/postfix/main.cf relay_domains = \$mydestination btree:/etc/postfix/relay_domains +EOF +fi + +cat <> /etc/postfix/main.cf # ============ TLS parameters ============ @@ -1915,6 +2006,15 @@ virtual_mailbox_domains = ## - manipulations see the ADDRESS_REWRITING_README document. ## - virtual_alias_maps = +EOF + +if $IS_SYMPA_LIST_SERVER ; then + cat <> /etc/postfix/main.cf + regexp:/etc/postfix/sympa_virtual_aliases +EOF +fi + +cat <> /etc/postfix/main.cf ## - mailman #hash:/var/lib/mailman/data/virtual-mailman @@ -2140,7 +2240,19 @@ cat <> /etc/postfix/main.cf # The time limit for all external commands is controlled by command_time_limit # # +EOF + +if [[ -n "$(which postfwd)" ]] ; then + cat <> /etc/postfix/main.cf +127.0.0.1:10040_time_limit = 3600 +EOF +else + cat <> /etc/postfix/main.cf #127.0.0.1:10040_time_limit = 3600 +EOF +fi + +cat <> /etc/postfix/main.cf # smtpd_delay_reject (default: yes) @@ -2390,6 +2502,34 @@ smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040 EOF + +if [[ -n "$(which opendkim)" ]] ; then + cat <> /etc/postfix/main.cf + +# ======= Milter configuration ======= + +# OpenDKIM + +milter_default_action = accept + +# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2 +milter_protocol = 6 + +# Note: +# We will sign AFTER sending through AmaVIS, just befor sending out. So +# set 'smtpd_milters =' to an emty string here and add to localhost:10025 +# section in master.cf: 'smtpd_milters=local:/opendkim/opendkim.sock' +# +# If you want sign mails before sending through AmaVIS, set +# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to +# localhost:10025 section in master.cf: 'smtpd_milters=' +# +#smtpd_milters = local:/opendkim/opendkim.sock +smtpd_milters = +non_smtpd_milters = local:/opendkim/opendkim.sock +EOF + + echo_ok @@ -2408,12 +2548,12 @@ fi echononl " Backup existing file '/etc/aliases'" if [[ -f /etc/aliases ]] ; then - mv /etc/aliases "/etc/aliases.$backup_date" > $tmp_err_msg 2>&1 + mv /etc/aliases "/etc/aliases.$backup_date" > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -2624,7 +2764,7 @@ if [[ ! -f /etc/postfix/transport ]]; then cat < /etc/postfix/transport # - Force sending through IPv4 # - -# - Take care your master.cf file (/etc/postfix/master.cf) contains: +# - Take care your master.cf file ($postfix_master_cf) contains: # - # - smtp-ipv4-only unix - - n - - smtp # - -o inet_protocols=ipv4 @@ -2633,7 +2773,7 @@ if [[ ! -f /etc/postfix/transport ]]; then # - Force sending through IPv6 # - -# - Take care your master.cf file (/etc/postfix/master.cf) contains: +# - Take care your master.cf file ($postfix_master_cf) contains: # - # - smtp-ipv6-only unix - - n - - smtp # - -o inet_protocols=ipv6 @@ -2745,29 +2885,8 @@ if [[ ! -f "$_file" ]]; then /\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001 /^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001 -/^Reply-To: .+\@ppe-healthcare-europe\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1002 -/^Reply-To: .+\@testbedarf.shop/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1003 -/^Reply-To: .+\@acieu\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1004 -/^Reply-To: .+\@acievents\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1005 -/^Reply-To: .+\@dokpotenz\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1006 -/^Reply-To: .+\@doktorapo\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1007 -/^Reply-To: .+\@sendelope.eu/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1008 -/^Reply-To: .+\@team-de-luxe\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1009 -/^Reply-To: .+\@klickensiejetzt\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1010 -/^Reply-To: .+\@podiumskate\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1011 /^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001 -/^From: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1002 -/^From: .+\@ppe-healthcare-europe\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1003 -/^From: .+\@testbedarf.shop/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1004 -/^From: .+\@acieu\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1005 -/^From: .+\@acievents\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1006 -/^From: .+\@dokpotenz\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1007 -/^From: .+\@doktorapo\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1008 -/^From: .+\@sendelope.eu/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1009 -/^From: .+\@team-de-luxe\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1010 -/^From: .+\@klickensiejetzt\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1011 -/^From: .+\@podiumskate\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1012 /^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001 /^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002 @@ -2828,6 +2947,56 @@ else fi +if $IS_SYMPA_LIST_SERVER ; then + + _file_name=sympa_domains + echononl "\tCreate (empty) file \"$_file_name\".." + if [ -f "${postfix_conf_dir}/$_file_name" ];then + echo_skipped + else + touch ${postfix_conf_dir}/$_file_name > /dev/null 2>&1 + if [ "$?" = "0" ]; then + echo_ok + echononl "\tCreate concerning db-file \"${postfix_conf_dir}/${_file_name}.db\".." + postmap btree:${postfix_conf_dir}/$_file_name > /dev/null 2>&1 + if [ "$?" = "0" ]; then + echo_ok + else + echo_failed + fi + else + echo_failed + fi + fi + + _file_name=sympa_transport + echononl "\tCreate (empty) file \"$_file_name\".." + if [ -f "${postfix_conf_dir}/$_file_name" ];then + echo_skipped + else + touch ${postfix_conf_dir}/$_file_name >> $_log_file 2>&1 + if [ "$?" = "0" ]; then + echo_ok + else + echo_failed + fi + fi + + _file_name=sympa_virtual_aliases + echononl "\tCreate (empty) file \"$_file_name\".." + if [ -f "${postfix_conf_dir}/$_file_name" ];then + echo_skipped + else + touch ${postfix_conf_dir}/$_file_name >> $_log_file 2>&1 + if [ "$?" = "0" ]; then + echo_ok + else + echo_failed + fi + fi +fi + + if ! $IS_RELAY_HOST ; then ## - Create Directory '/var/vmail' for virtual mailboxes @@ -2896,12 +3065,12 @@ else echononl " Backup existing file '/etc/postfix/sasl/smtpd.conf'" if [[ -f /etc/postfix/sasl/smtpd.conf ]] ; then - mv /etc/postfix/sasl/smtpd.conf "/etc/postfix/sasl/smtpd.conf.$backup_date" > $tmp_err_msg 2>&1 + mv /etc/postfix/sasl/smtpd.conf "/etc/postfix/sasl/smtpd.conf.$backup_date" > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi else echo_skipped @@ -2932,12 +3101,12 @@ fi ## - and port 465 (smtps) ## - echononl " Backup file \"${postfix_master_cf}\"" -cp -a $postfix_master_cf "${postfix_master_cf}.$backup_date" > /dev/null 2> $tmp_err_msg +cp -a $postfix_master_cf "${postfix_master_cf}.$backup_date" > /dev/null 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - error "$(cat $tmp_err_msg)" + error "$(cat $log_file)" fi if grep -iq -E "^submission\s+" $postfix_master_cf > /dev/null 2>&1 ; then @@ -3055,6 +3224,115 @@ else fi +echononl " Adjust $postfix_master_cf. Set DKIM after sending throuh AmaVIS.." +if [[ -n "$(which opendkim)" ]] ; then + + _found=false + _changed=false + tmp_master_file="/tmp/postfix_master.cf" + + > $tmp_master_file + + while IFS='' read -r _line || [[ -n $_line ]] ; do + + if $_found && ! echo "$_line" | grep -i -q -E "^\s*-o" 2> /dev/null ; then + echo " -o smtpd_milters=local:/opendkim/opendkim.sock" >> "$tmp_master_file" + _changed=true + _found=false + fi + + if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then + _found=false + fi + + if echo "$_line" | grep -i -q -E "^\s*(127.0.0.1|localhost):10025\s+inet\s+" 2> /dev/null ; then + _found=true + fi + + echo "$_line" >> "$tmp_master_file" + + done < "$postfix_master_cf" + + if $_changed ; then + cp $tmp_master_file $postfix_master_cf 2> $log_file + postfix_needs_restart=true + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi + else + echo_skipped + warn "Postfix (master.cf) seems already be configured." + echononl " Delete previosly saved file '$postfix_master_cf'.." + rm ${postfix_master_cf}.$backup_date 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi + fi + rm -f $tmp_master_file +else + echo_skipped +fi + + +echononl " Adjust $postfix_master_cf to play with dovecot lda" +if [[ -x "/usr/local/dovecot/libexec/dovecot/dovecot-lda" ]] ; then + + + ## - /etc/postfix/master.cf + ## - + ## - add line + ## - dovecot unix - n n - - pipe + ## - flags=drhu user=vmail:vmail argv=/usr/local/dovecot/libexec/dovecot/dovecot-lda -f ${sender} -d ${user}@${nexthop} + if ! grep -e dovecot-lda $postfix_master_cf > /dev/null ; then + cp -a "$postfix_master_cf" "${postfix_master_cf}.$backup_date" + echo -e "\ndovecot unix - n n - - pipe\n flags=drhu user=vmail:vmail argv=/usr/local/dovecot/libexec/dovecot/dovecot-lda -f \${sender} -d \${user}@\${nexthop}" >> $postfix_master_cf + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "Configuring $postfix_master_cf for use with dovecot-lda failed" + fi + else + echo_skipped + fi +else + echo_skipped +fi + + +echononl "\tAdd transport declaration for sympa domains to file master.cf" +if $IS_SYMPA_LIST_SERVER ; then + + if grep -q -e "^sympa\ " ${postfix_master_cf} 2>> /dev/null ; then + echo_skipped + else + cat <> ${postfix_master_cf} + +sympa unix - n n - - pipe + flags=FR user=sympa argv=${SYMPA_LIBEXEC_DIR}/queue \${recipient} +sympabounce unix - n n - - pipe + flags=FR user=sympa argv=${SYMPA_LIBEXEC_DIR}/bouncequeue \${user} + +EOF + + if [ "$?" = "0" ]; then + echo_ok + else + echo_failed + error "Adding transport declaration for sympa domains to \"${postfix_master_cf}\" failed!" + fi + fi +else + echo_skipped +fi + + ## - restart postfix ## - echononl " Restart postfix" @@ -3114,7 +3392,12 @@ else fi fi +if [[ -n "$(which amavisd-new)" ]] ; then + + warn "You have to run \033[1minstall_amavis.sh\033[m script to continue the configuration." + +fi + -rm $tmp_err_msg echo "" clean_up 0 From 6eb955b34ef90aa46f1c82a7aa48577d76f8714c Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 26 Sep 2022 01:39:03 +0200 Subject: [PATCH 2/3] install_postfix_advanced.sh: fix some errors. --- install_postfix_advanced.sh | 98 ++++++++++++++++++++++--------------- 1 file changed, 58 insertions(+), 40 deletions(-) diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 8feaa5f..abee50f 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -126,6 +126,7 @@ trap clean_up SIGHUP SIGINT SIGTERM DEFAULT_ADMIN_EMAIL="argus@oopen.de" DEFAULT_IS_RELAY_HOST=false DEFAULT_IS_SYMPA_LIST_SERVER=no +DEFAULT_SASL_AUTH_ENABLED=no # - Is this a systemd system? @@ -136,8 +137,6 @@ else systemd_exists=true fi -echo "" - # - Detect OS - Set variable # - os_dist @@ -153,12 +152,27 @@ if [[ -f "$conf_file" ]]; then fi [[ -z "$_ADMIN_EMAIL" ]] && _ADMIN_EMAIL="$DEFAULT_ADMIN_EMAIL" -[[ -z "$_IS_SYMPA_LIST_SERVER" ]] && _IS_SYMPA_LIST_SERVER="$DEFAULT_IS_SYMPA_LIST_SERVER" -[[ -z "$_IS_RELAY_HOST" ]] && _IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST + +[[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED="$DEFAULT_SASL_AUTH_ENABLED" + +if [[ -z "$_SYMPA_LIST_SERVER" ]] ; then + _IS_SYMPA_LIST_SERVER=false +else + _IS_SYMPA_LIST_SERVER="$_SYMPA_LIST_SERVER" +fi + +if [[ -z "$_RELAY_HOST" ]]; then + _IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST +else + _IS_RELAY_HOST="$_RELAY_HOST" +fi echo "" -echo "_IS_RELAY_HOST: $_IS_RELAY_HOST" echo "" +echo "" +echo "" +echo "" + # ------------- # --- Set default values for some non existent variables (i.e. no configuration file is present) @@ -171,7 +185,7 @@ if [[ -z "$_HOSTNAME" ]] ; then fi -#clear +clear echo -e "\033[21G\033[32mInstallation script for Postfix basic mailsystem \033[m" echo @@ -269,8 +283,6 @@ echo -e "\033[32m--\033[m" echo "" echo "How will this Mailserver be used?" echo "" -echo "_IS_RELAY_HOST: $_IS_RELAY_HOST" -echo "" if [[ -n "$_IS_RELAY_HOST" ]]; then if $_IS_RELAY_HOST ; then echo "[1] Complete Mailserver (with mailboxes)" @@ -316,36 +328,8 @@ while [[ "$IS_RELAY_HOST" != "true" && "$IS_RELAY_HOST" != "false" ]];do esac done -SASL_AUTH_ENABLED="no" if $IS_RELAY_HOST ; then - SASL_AUTH_ENABLED="" - echo "" - echo -e "\033[32m--\033[m" - echo "" - echo "Should this mail relay server support Cyrus SASL authentication?" - echo "" - - while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do - - if [[ -n "$_SASL_AUTH_ENABLED" ]]; then - echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: " - read SASL_AUTH_ENABLED - SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,} - [[ -z "$SASL_AUTH_ENABLED" ]] && SASL_AUTH_ENABLED="$_SASL_AUTH_ENABLED" - else - echononl "Support Cyrus SASL authentication [yes/no]: " - read SASL_AUTH_ENABLED - SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,} - fi - - if [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]] ; then - _SASL_AUTH_ENABLED="" - echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n Type 'yes' or 'no'" - fi - - done - IS_SYMPA_LIST_SERVER="" echo "" echo -e "\033[32m--\033[m" @@ -356,7 +340,7 @@ if $IS_RELAY_HOST ; then echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: " read IS_SYMPA_LIST_SERVER if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then - IS_SYMPA_LIST_SERVER=false + IS_SYMPA_LIST_SERVER="$_IS_SYMPA_LIST_SERVER" fi IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,} @@ -376,10 +360,41 @@ if $IS_RELAY_HOST ; then if [[ "$IS_SYMPA_LIST_SERVER" = 'yes' || "$IS_SYMPA_LIST_SERVER" = 'true' ]] ; then IS_SYMPA_LIST_SERVER=true + SASL_AUTH_ENABLED=yes else IS_SYMPA_LIST_SERVER=false fi + + if [[ -z "$SASL_AUTH_ENABLED" ]]; then + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo "Should this mail relay server support Cyrus SASL authentication?" + echo "" + + while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do + + if [[ -n "$_SASL_AUTH_ENABLED" ]]; then + echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: " + read SASL_AUTH_ENABLED + SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,} + [[ -z "$SASL_AUTH_ENABLED" ]] && SASL_AUTH_ENABLED="$_SASL_AUTH_ENABLED" + else + echononl "Support Cyrus SASL authentication [yes/no]: " + read SASL_AUTH_ENABLED + SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,} + fi + + if [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]] ; then + _SASL_AUTH_ENABLED="" + echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n Type 'yes' or 'no'" + fi + + done + fi + + else IS_SYMPA_LIST_SERVER=false fi @@ -456,7 +471,7 @@ _HOSTNAME=$HOSTNAME _IPV4=$IPV4 _IPV6=$IPV6 _ADMIN_EMAIL=$ADMIN_EMAIL -_IS_RELAY_HOST=$IS_RELAY_HOST +_RELAY_HOST=$IS_RELAY_HOST EOF if [[ $? -ne 0 ]]; then _failed=true @@ -464,7 +479,7 @@ fi if $IS_RELAY_HOST ; then cat << EOF >> $conf_file _SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED -_IS_SYMPA_LIST_SERVER=$IS_SYMPA_LIST_SERVER +_SYMPA_LIST_SERVER=$IS_SYMPA_LIST_SERVER EOF fi if [[ $? -ne 0 ]]; then @@ -2528,6 +2543,7 @@ milter_protocol = 6 smtpd_milters = non_smtpd_milters = local:/opendkim/opendkim.sock EOF +fi echo_ok @@ -3306,7 +3322,9 @@ else fi -echononl "\tAdd transport declaration for sympa domains to file master.cf" +SYMPA_BIN_DIR="/usr/local/sympa/bin" +SYMPA_LIBEXEC_DIR="$SYMPA_BIN_DIR" +echononl " Add transport declaration for sympa domains to file master.cf" if $IS_SYMPA_LIST_SERVER ; then if grep -q -e "^sympa\ " ${postfix_master_cf} 2>> /dev/null ; then From ecb0037e16125bfe1c69d471fb89ce497b9f7f86 Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 26 Sep 2022 02:54:07 +0200 Subject: [PATCH 3/3] install_postfix_advanced.sh,install_amavis.sh: fix some error creating master.cf. --- install_amavis.sh | 44 +++++++++++++++++++++++++++++++++++++ install_postfix_advanced.sh | 8 +++++-- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/install_amavis.sh b/install_amavis.sh index f492bc8..9a279ae 100755 --- a/install_amavis.sh +++ b/install_amavis.sh @@ -4837,6 +4837,17 @@ localhost:10025 inet n - y - - smtpd -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8,[::1]/128 -o receive_override_options=no_unknown_recipient_checks +EOF + if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then + cat >> $postfix_master_cf << EOF + -o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock +EOF + elif [[ -n "$(which opendkim)" ]] ; then + cat >> $postfix_master_cf << EOF + -o smtpd_milters=local:/opendkim/opendkim.sock +EOF + fi + cat >> $postfix_master_cf << EOF #-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32 EOF fi @@ -4869,6 +4880,17 @@ localhost:10025 inet n - y - - smtpd -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8,[::1]/128 -o receive_override_options=no_unknown_recipient_checks +EOF + if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then + cat >> $postfix_master_cf << EOF + -o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock +EOF + elif [[ -n "$(which opendkim)" ]] ; then + cat >> $postfix_master_cf << EOF + -o smtpd_milters=local:/opendkim/opendkim.sock +EOF + fi + cat >> $postfix_master_cf << EOF #-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32 EOF fi @@ -4912,6 +4934,17 @@ localhost:10025 inet n - y - - smtpd -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8,[::1]/128 -o receive_override_options=no_unknown_recipient_checks +EOF + if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then + cat >> $postfix_master_cf << EOF + -o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock +EOF + elif [[ -n "$(which opendkim)" ]] ; then + cat >> $postfix_master_cf << EOF + -o smtpd_milters=local:/opendkim/opendkim.sock +EOF + fi + cat >> $postfix_master_cf << EOF #-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32 EOF fi @@ -4944,6 +4977,17 @@ localhost:10025 inet n - y - - smtpd -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8,[::1]/128 -o receive_override_options=no_unknown_recipient_checks +EOF + if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then + cat >> $postfix_master_cf << EOF + -o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock +EOF + elif [[ -n "$(which opendkim)" ]] ; then + cat >> $postfix_master_cf << EOF + -o smtpd_milters=local:/opendkim/opendkim.sock +EOF + fi + cat >> $postfix_master_cf << EOF #-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32 EOF continue diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index abee50f..38d613a 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -438,7 +438,7 @@ if $IS_RELAY_HOST ; then echo -e "\tConfigure as relay host?..........: \033[33m\033[1m$IS_RELAY_HOST\033[m" echo -e "\tConfigure as complete mailserver..: false" echo "" - echo -e "\tConfigure as sympa list server?...: $IS_SYMPA_LIST_SERVER" + echo -e "\tConfigure as sympa list server?...: \033[33m\033[1m$IS_SYMPA_LIST_SERVER\033[m" echo "" echo -e "\tSupport Cyrus SASL authentication.: $SASL_AUTH_ENABLED" else @@ -3252,7 +3252,11 @@ if [[ -n "$(which opendkim)" ]] ; then while IFS='' read -r _line || [[ -n $_line ]] ; do if $_found && ! echo "$_line" | grep -i -q -E "^\s*-o" 2> /dev/null ; then - echo " -o smtpd_milters=local:/opendkim/opendkim.sock" >> "$tmp_master_file" + if [[ -n "$(which opendmarc)" ]] ; then + echo " -o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock" >> "$tmp_master_file" + else + echo " -o smtpd_milters=local:/opendkim/opendkim.sock" >> "$tmp_master_file" + fi _changed=true _found=false fi