install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_postfix_advanced.sh: add support for update postfix configuration - not only initial install.

Browse Source
This commit is contained in:
Christoph
2022-09-26 00:43:15 +02:00
parent 15d4247fb3
commit a277586090
1 changed files with 380 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

477
install_postfix_advanced.sh
View File

@@ -2,7 +2,7 @@
working_dir="$(dirname $(realpath $0))" working_dir="$(dirname $(realpath $0))"
conf_file="${working_dir}/conf//install_postfix_advanced.conf" conf_file="${working_dir}/conf/install_postfix_advanced.conf"
_TLS_CERT_DIR=/etc/postfix/ssl _TLS_CERT_DIR=/etc/postfix/ssl
@@ -11,14 +11,15 @@ _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
postfix_master_cf="/etc/postfix/master.cf" postfix_conf_dir="/etc/postfix"
postfix_master_cf="${postfix_conf_dir}/master.cf"
postfix_spool_dir="/var/spool/postfix" postfix_spool_dir="/var/spool/postfix"
postgrey_socket_dir="${postfix_spool_dir}/postgrey" postgrey_socket_dir="${postfix_spool_dir}/postgrey"
postgrey_socket_file="${postgrey_socket_dir}/postgrey.sock" postgrey_socket_file="${postgrey_socket_dir}/postgrey.sock"
tmp_err_msg=$(mktemp) log_file=$(mktemp)
backup_date="$(date +%Y-%m-%d-%H%M)" backup_date="$(date +%Y-%m-%d-%H%M)"
# ------------- # -------------
@@ -27,7 +28,7 @@ backup_date="$(date +%Y-%m-%d-%H%M)"
clean_up() { clean_up() {
# Perform program exit housekeeping # Perform program exit housekeeping
rm -f $tmp_err_msg rm -f $log_file
exit $1 exit $1
} }
@@ -120,7 +121,11 @@ trap clean_up SIGHUP SIGINT SIGTERM
# --- Some default settings # --- Some default settings
# ------------- # -------------
# - Default Values
# -
DEFAULT_ADMIN_EMAIL="argus@oopen.de" DEFAULT_ADMIN_EMAIL="argus@oopen.de"
DEFAULT_IS_RELAY_HOST=false
DEFAULT_IS_SYMPA_LIST_SERVER=no
# - Is this a systemd system? # - Is this a systemd system?
@@ -141,10 +146,6 @@ echo ""
# - # -
detect_os_1 detect_os_1
# - Default Values
# -
#_IS_RELAY_HOST=false
# - Read Configuration File if exists # - Read Configuration File if exists
# - # -
if [[ -f "$conf_file" ]]; then if [[ -f "$conf_file" ]]; then
@@ -152,8 +153,12 @@ if [[ -f "$conf_file" ]]; then
fi fi
[[ -z "$_ADMIN_EMAIL" ]] && _ADMIN_EMAIL="$DEFAULT_ADMIN_EMAIL" [[ -z "$_ADMIN_EMAIL" ]] && _ADMIN_EMAIL="$DEFAULT_ADMIN_EMAIL"
[[ -z "$_IS_SYMPA_LIST_SERVER" ]] && _IS_SYMPA_LIST_SERVER="$DEFAULT_IS_SYMPA_LIST_SERVER"
[[ -z "$_IS_RELAY_HOST" ]] && _IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST
echo ""
echo "_IS_RELAY_HOST: $_IS_RELAY_HOST"
echo ""
# ------------- # -------------
# --- Set default values for some non existent variables (i.e. no configuration file is present) # --- Set default values for some non existent variables (i.e. no configuration file is present)
@@ -166,7 +171,7 @@ if [[ -z "$_HOSTNAME" ]] ; then
fi fi
clear #clear
echo -e "\033[21G\033[32mInstallation script for Postfix basic mailsystem \033[m" echo -e "\033[21G\033[32mInstallation script for Postfix basic mailsystem \033[m"
echo echo
@@ -264,6 +269,8 @@ echo -e "\033[32m--\033[m"
echo "" echo ""
echo "How will this Mailserver be used?" echo "How will this Mailserver be used?"
echo "" echo ""
echo "_IS_RELAY_HOST: $_IS_RELAY_HOST"
echo ""
if [[ -n "$_IS_RELAY_HOST" ]]; then if [[ -n "$_IS_RELAY_HOST" ]]; then
if $_IS_RELAY_HOST ; then if $_IS_RELAY_HOST ; then
echo "[1] Complete Mailserver (with mailboxes)" echo "[1] Complete Mailserver (with mailboxes)"
@@ -339,6 +346,42 @@ if $IS_RELAY_HOST ; then
done done
IS_SYMPA_LIST_SERVER=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Are Sympa List Services provided? - [yes/no]"
echo ""
echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: "
read IS_SYMPA_LIST_SERVER
if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then
IS_SYMPA_LIST_SERVER=false
fi
IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,}
while [[ "$IS_SYMPA_LIST_SERVER" != "yes" && "$IS_SYMPA_LIST_SERVER" != "true" \
&& "$IS_SYMPA_LIST_SERVER" != "no" && "$IS_SYMPA_LIST_SERVER" != "false" ]]; do
echo -e "\n\t\033[33m\033[1mWrong value was given!!\033[m\n"
echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: "
read IS_SYMPA_LIST_SERVER
if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then
IS_SYMPA_LIST_SERVER=false
fi
IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,}
done
if [[ "$IS_SYMPA_LIST_SERVER" = 'yes' || "$IS_SYMPA_LIST_SERVER" = 'true' ]] ; then
IS_SYMPA_LIST_SERVER=true
else
IS_SYMPA_LIST_SERVER=false
fi
else
IS_SYMPA_LIST_SERVER=false
fi fi
@@ -380,6 +423,8 @@ if $IS_RELAY_HOST ; then
echo -e "\tConfigure as relay host?..........: \033[33m\033[1m$IS_RELAY_HOST\033[m" echo -e "\tConfigure as relay host?..........: \033[33m\033[1m$IS_RELAY_HOST\033[m"
echo -e "\tConfigure as complete mailserver..: false" echo -e "\tConfigure as complete mailserver..: false"
echo "" echo ""
echo -e "\tConfigure as sympa list server?...: $IS_SYMPA_LIST_SERVER"
echo ""
echo -e "\tSupport Cyrus SASL authentication.: $SASL_AUTH_ENABLED" echo -e "\tSupport Cyrus SASL authentication.: $SASL_AUTH_ENABLED"
else else
echo -e "\tConfigure as relay host?..........: $IS_RELAY_HOST" echo -e "\tConfigure as relay host?..........: $IS_RELAY_HOST"
@@ -419,6 +464,7 @@ fi
if $IS_RELAY_HOST ; then if $IS_RELAY_HOST ; then
cat << EOF >> $conf_file cat << EOF >> $conf_file
_SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED _SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED
_IS_SYMPA_LIST_SERVER=$IS_SYMPA_LIST_SERVER
EOF EOF
fi fi
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@@ -436,12 +482,12 @@ fi
# - Synchronise package index files with the repository # - Synchronise package index files with the repository
# - # -
echononl " Synchronise package index files with the repository.." echononl " Synchronise package index files with the repository.."
apt-get update > "$tmp_err_msg" 2>&1 apt-get update > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
@@ -504,12 +550,12 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -ne 10 ]] ; then
if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
echo_skipped echo_skipped
else else
DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
fi fi
@@ -518,17 +564,17 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -ne 10 ]] ; then
# postgrey as tcp/ip socket # postgrey as tcp/ip socket
# #
#perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \ #perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \
# /etc/default/postgrey > $tmp_err_msg 2>&1 # /etc/default/postgrey > $log_file 2>&1
# postgrey as unix socket # postgrey as unix socket
# #
perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--unix=/var/spool/postfix/postgrey/postgrey.sock --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \ perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--unix=/var/spool/postfix/postgrey/postgrey.sock --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \
/etc/default/postgrey > $tmp_err_msg 2>&1 /etc/default/postgrey > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
echononl " Create /etc/postgrey/whitelist_clients.local (additional whitelist entries)" echononl " Create /etc/postgrey/whitelist_clients.local (additional whitelist entries)"
@@ -552,12 +598,12 @@ EOF
if [[ -d "${postgrey_socket_dir}" ]]; then if [[ -d "${postgrey_socket_dir}" ]]; then
echo_skipped echo_skipped
else else
mkdir "${postgrey_socket_dir}" > /dev/null 2> $tmp_err_msg mkdir "${postgrey_socket_dir}" > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
echononl "\tcontinue anyway [yes/no]: " echononl "\tcontinue anyway [yes/no]: "
read OK read OK
@@ -572,12 +618,12 @@ EOF
fi fi
echononl " Set ownership on directory '${postgrey_socket_dir}'.." echononl " Set ownership on directory '${postgrey_socket_dir}'.."
chown -R postgrey:postgrey ${postgrey_socket_dir} 2> $tmp_err_msg chown -R postgrey:postgrey ${postgrey_socket_dir} 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
echononl "\tcontinue anyway [yes/no]: " echononl "\tcontinue anyway [yes/no]: "
read OK read OK
@@ -592,12 +638,12 @@ EOF
echononl " Enable Postgrey service at boot time.." echononl " Enable Postgrey service at boot time.."
if $systemd_exists ; then if $systemd_exists ; then
systemctl enable networking >/dev/null 2> $tmp_err_msg systemctl enable networking >/dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -607,20 +653,20 @@ EOF
echononl " Restart postrey daemon" echononl " Restart postrey daemon"
if $systemd_exists ; then if $systemd_exists ; then
systemctl restart postgrey > /dev/null 2> $tmp_err_msg systemctl restart postgrey > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
/etc/init.d/postgrey restart > /dev/null 2> $tmp_err_msg /etc/init.d/postgrey restart > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
fi fi
@@ -635,18 +681,18 @@ else
if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
echo_skipped echo_skipped
else else
DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
fi fi
echononl " Add entry for 'tumgreyspf' at end of file '$postfix_master_cf" echononl " Add entry for 'tumgreyspf' at end of file '$postfix_master_cf"
if ! $(grep -iq -E "^\s*tumgreyspf\s+" 2>/dev/null $postfix_master_cf) ; then if ! $(grep -iq -E "^\s*tumgreyspf\s+" 2>/dev/null $postfix_master_cf) ; then
cat <<EOF >> /etc/postfix/master.cf 2> $tmp_err_msg cat <<EOF >> $postfix_master_cf 2> $log_file
# This is tumgreyspf, an external policy checker for the postfix mail server. # This is tumgreyspf, an external policy checker for the postfix mail server.
# It can optionally greylist and/or use spfquery to check SPF records to # It can optionally greylist and/or use spfquery to check SPF records to
@@ -666,7 +712,7 @@ EOF
echononl " Create configuration file for whitelisting: /etc/tumgreyspf/disable.conf" echononl " Create configuration file for whitelisting: /etc/tumgreyspf/disable.conf"
if [[ ! -f /etc/tumgreyspf/disable.conf ]] ; then if [[ ! -f /etc/tumgreyspf/disable.conf ]] ; then
cat <<EOF > "/etc/tumgreyspf/disable.conf" 2> $tmp_err_msg cat <<EOF > "/etc/tumgreyspf/disable.conf" 2> $log_file
SPFSEEDONLY=0 SPFSEEDONLY=0
GREYLISTTIME=300 GREYLISTTIME=300
CHECKERS= CHECKERS=
@@ -676,7 +722,7 @@ EOF
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -685,21 +731,21 @@ EOF
_failed=false _failed=false
echononl " Whitelist tor hidde service '127.0.0.25'.." echononl " Whitelist tor hidde service '127.0.0.25'.."
if [[ ! -d "/var/lib/tumgreyspf/config/client_address/127/0/0/" ]] ; then if [[ ! -d "/var/lib/tumgreyspf/config/client_address/127/0/0/" ]] ; then
mkdir -p /var/lib/tumgreyspf/config/client_address/127/0/0/ 2> $tmp_err_msg mkdir -p /var/lib/tumgreyspf/config/client_address/127/0/0/ 2> $log_file
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
_failed=true _failed=true
fi fi
fi fi
if [[ ! -L /var/lib/tumgreyspf/config/client_address/127/0/0/25 ]]; then if [[ ! -L /var/lib/tumgreyspf/config/client_address/127/0/0/25 ]]; then
ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/127/0/0/25 2>> $tmp_err_msg ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/127/0/0/25 2>> $log_file
fi fi
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
_failed=true _failed=true
fi fi
if $_failed ; then if $_failed ; then
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
else else
echo_ok echo_ok
fi fi
@@ -714,7 +760,7 @@ EOF
_setup_file="/etc/tumgreyspf/default.conf" _setup_file="/etc/tumgreyspf/default.conf"
echononl " Setup defaults for tumgreyspf: $_setup_key .." echononl " Setup defaults for tumgreyspf: $_setup_key .."
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg cat <<EOF >> "$_setup_file" 2> $log_file
# Added by script $(basename $0) at $(date +%Y-%m-%d) # Added by script $(basename $0) at $(date +%Y-%m-%d)
$_setup_key = $_setup_val $_setup_key = $_setup_val
@@ -723,17 +769,17 @@ EOF
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*0$" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*0$" "$_setup_file") ; then
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -745,7 +791,7 @@ EOF
_setup_file="/etc/tumgreyspf/default.conf" _setup_file="/etc/tumgreyspf/default.conf"
echononl " Setup defaults for tumgreyspf: $_setup_key .." echononl " Setup defaults for tumgreyspf: $_setup_key .."
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg cat <<EOF >> "$_setup_file" 2> $log_file
# Added by script $(basename $0) at $(date +%Y-%m-%d) # Added by script $(basename $0) at $(date +%Y-%m-%d)
$_setup_key = $_setup_val $_setup_key = $_setup_val
@@ -754,17 +800,17 @@ EOF
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -776,7 +822,7 @@ EOF
_setup_file="/etc/tumgreyspf/default.conf" _setup_file="/etc/tumgreyspf/default.conf"
echononl " Setup defaults for tumgreyspf: $_setup_key .." echononl " Setup defaults for tumgreyspf: $_setup_key .."
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg cat <<EOF >> "$_setup_file" 2> $log_file
# Added by script $(basename $0) at $(date +%Y-%m-%d) # Added by script $(basename $0) at $(date +%Y-%m-%d)
$_setup_key = $_setup_val $_setup_key = $_setup_val
@@ -785,17 +831,17 @@ EOF
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -807,7 +853,7 @@ EOF
_setup_file="/etc/tumgreyspf/default.conf" _setup_file="/etc/tumgreyspf/default.conf"
echononl " Setup defaults for tumgreyspf: $_setup_key .." echononl " Setup defaults for tumgreyspf: $_setup_key .."
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg cat <<EOF >> "$_setup_file" 2> $log_file
# Added by script $(basename $0) at $(date +%Y-%m-%d) # Added by script $(basename $0) at $(date +%Y-%m-%d)
$_setup_key = $_setup_val $_setup_key = $_setup_val
@@ -816,17 +862,17 @@ EOF
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -838,7 +884,7 @@ EOF
_setup_file="/etc/tumgreyspf/default.conf" _setup_file="/etc/tumgreyspf/default.conf"
echononl " Setup defaults for tumgreyspf: $_setup_key .." echononl " Setup defaults for tumgreyspf: $_setup_key .."
if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=" "$_setup_file") ; then
cat <<EOF >> "$_setup_file" 2> $tmp_err_msg cat <<EOF >> "$_setup_file" 2> $log_file
# Added by script $(basename $0) at $(date +%Y-%m-%d) # Added by script $(basename $0) at $(date +%Y-%m-%d)
$_setup_key = $_setup_val $_setup_key = $_setup_val
@@ -847,17 +893,17 @@ EOF
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then if ! $(grep -iq -E "^\s*${_setup_key}\s*=\s*${_setup_val/}$" "$_setup_file") ; then
perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $tmp_err_msg perl -i -n -p -e "s/(\s*${_setup_key}.*)/#\1\n${_setup_key} = $_setup_val/" "$_setup_file" 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -876,23 +922,23 @@ _pkg="postfwd"
if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
echo_skipped echo_skipped
else else
DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
fi fi
echononl " Adjust /etc/default/postfwd" echononl " Adjust /etc/default/postfwd"
perl -i -n -p -e "s#^(\s*)(STARTUP=.*)#\#\1\2\nSTARTUP=1#" \ perl -i -n -p -e "s#^(\s*)(STARTUP=.*)#\#\1\2\nSTARTUP=1#" \
/etc/default/postfwd > $tmp_err_msg 2>&1 /etc/default/postfwd > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
_file="/etc/postfix/postfwd.wl-nets" _file="/etc/postfix/postfwd.wl-nets"
@@ -1325,39 +1371,39 @@ fi
echononl " Enable Postfix firewall daemon at boot time .." echononl " Enable Postfix firewall daemon at boot time .."
if $systemd_exists ; then if $systemd_exists ; then
systemctl enable postfwd > /dev/null 2> $tmp_err_msg systemctl enable postfwd > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
update-rc.d postfwd defaults > /dev/null 2> $tmp_err_msg update-rc.d postfwd defaults > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
fi fi
echononl " Restart Postfix firewall daemon 'postfwd'.." echononl " Restart Postfix firewall daemon 'postfwd'.."
if $systemd_exists ; then if $systemd_exists ; then
systemctl restart postfwd > /dev/null 2> $tmp_err_msg systemctl restart postfwd > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
/etc/init.d/postfwd restart > /dev/null 2> $tmp_err_msg /etc/init.d/postfwd restart > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
fi fi
@@ -1387,6 +1433,21 @@ cat <<EOF > /etc/postfix/main.cf
# Disable backwards compatibility # Disable backwards compatibility
compatibility_level = 2 compatibility_level = 2
# With "smtputf8_enable = yes", Postfix requires that non-ASCII address information
# is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not
# practical for Postfix to support multiple encodings at the same time. There is no
# problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", because those use
# only characters from the ASCII characterset.
#smtputf8_enable = no
EOF
if $IS_SYMPA_LIST_SERVER ; then
cat <<EOF >> /etc/postfix/main.cf
smtputf8_enable = no
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
# Debian specific: Specifying a file name will cause the first # Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default # line of that file to be used as the name. The Debian default
@@ -1579,6 +1640,15 @@ sender_canonical_maps = btree:/etc/postfix/sender_canonical
transport_maps = transport_maps =
btree:/etc/postfix/transport btree:/etc/postfix/transport
btree:/etc/postfix/relay_domains btree:/etc/postfix/relay_domains
EOF
if $IS_SYMPA_LIST_SERVER ; then
cat <<EOF >> /etc/postfix/main.cf
regexp:/etc/postfix/sympa_transport
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - The maximal time a message is queued before it is sent back as ## - The maximal time a message is queued before it is sent back as
## - undeliverable. Defaults to 5d (5 days) ## - undeliverable. Defaults to 5d (5 days)
@@ -1622,10 +1692,31 @@ prepend_delivered_header =
# ============ Relay parameters ============ # ============ Relay parameters ============
relayhost = relayhost =
EOF
if $IS_SYMPA_LIST_SERVER ; then
cat <<EOF >> /etc/postfix/main.cf
sympa_destination_recipient_limit = 1
sympabounce_destination_recipient_limit = 1
relay_domains =
\$mydestination
btree:/etc/postfix/relay_domains
btree:/etc/postfix/sympa_domains
EOF
else
cat <<EOF >> /etc/postfix/main.cf
relay_domains = relay_domains =
\$mydestination \$mydestination
btree:/etc/postfix/relay_domains btree:/etc/postfix/relay_domains
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
# ============ TLS parameters ============ # ============ TLS parameters ============
@@ -1915,6 +2006,15 @@ virtual_mailbox_domains =
## - manipulations see the ADDRESS_REWRITING_README document. ## - manipulations see the ADDRESS_REWRITING_README document.
## - ## -
virtual_alias_maps = virtual_alias_maps =
EOF
if $IS_SYMPA_LIST_SERVER ; then
cat <<EOF >> /etc/postfix/main.cf
regexp:/etc/postfix/sympa_virtual_aliases
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - mailman ## - mailman
#hash:/var/lib/mailman/data/virtual-mailman #hash:/var/lib/mailman/data/virtual-mailman
@@ -2140,7 +2240,19 @@ cat <<EOF >> /etc/postfix/main.cf
# The time limit for all external commands is controlled by command_time_limit # The time limit for all external commands is controlled by command_time_limit
# #
# #
EOF
if [[ -n "$(which postfwd)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf
127.0.0.1:10040_time_limit = 3600
EOF
else
cat <<EOF >> /etc/postfix/main.cf
#127.0.0.1:10040_time_limit = 3600 #127.0.0.1:10040_time_limit = 3600
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
# smtpd_delay_reject (default: yes) # smtpd_delay_reject (default: yes)
@@ -2390,6 +2502,34 @@ smtpd_end_of_data_restrictions =
check_policy_service inet:127.0.0.1:10040 check_policy_service inet:127.0.0.1:10040
EOF EOF
if [[ -n "$(which opendkim)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf
# ======= Milter configuration =======
# OpenDKIM
milter_default_action = accept
# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2
milter_protocol = 6
# Note:
# We will sign AFTER sending through AmaVIS, just befor sending out. So
# set 'smtpd_milters =' to an emty string here and add to localhost:10025
# section in master.cf: 'smtpd_milters=local:/opendkim/opendkim.sock'
#
# If you want sign mails before sending through AmaVIS, set
# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to
# localhost:10025 section in master.cf: 'smtpd_milters='
#
#smtpd_milters = local:/opendkim/opendkim.sock
smtpd_milters =
non_smtpd_milters = local:/opendkim/opendkim.sock
EOF
echo_ok echo_ok
@@ -2408,12 +2548,12 @@ fi
echononl " Backup existing file '/etc/aliases'" echononl " Backup existing file '/etc/aliases'"
if [[ -f /etc/aliases ]] ; then if [[ -f /etc/aliases ]] ; then
mv /etc/aliases "/etc/aliases.$backup_date" > $tmp_err_msg 2>&1 mv /etc/aliases "/etc/aliases.$backup_date" > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -2624,7 +2764,7 @@ if [[ ! -f /etc/postfix/transport ]]; then
cat <<EOF > /etc/postfix/transport cat <<EOF > /etc/postfix/transport
# - Force sending through IPv4 # - Force sending through IPv4
# - # -
# - Take care your master.cf file (/etc/postfix/master.cf) contains: # - Take care your master.cf file ($postfix_master_cf) contains:
# - # -
# - smtp-ipv4-only unix - - n - - smtp # - smtp-ipv4-only unix - - n - - smtp
# - -o inet_protocols=ipv4 # - -o inet_protocols=ipv4
@@ -2633,7 +2773,7 @@ if [[ ! -f /etc/postfix/transport ]]; then
# - Force sending through IPv6 # - Force sending through IPv6
# - # -
# - Take care your master.cf file (/etc/postfix/master.cf) contains: # - Take care your master.cf file ($postfix_master_cf) contains:
# - # -
# - smtp-ipv6-only unix - - n - - smtp # - smtp-ipv6-only unix - - n - - smtp
# - -o inet_protocols=ipv6 # - -o inet_protocols=ipv6
@@ -2745,29 +2885,8 @@ if [[ ! -f "$_file" ]]; then
/\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001 /\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001 /^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
/^Reply-To: .+\@ppe-healthcare-europe\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1002
/^Reply-To: .+\@testbedarf.shop/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1003
/^Reply-To: .+\@acieu\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1004
/^Reply-To: .+\@acievents\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1005
/^Reply-To: .+\@dokpotenz\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1006
/^Reply-To: .+\@doktorapo\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1007
/^Reply-To: .+\@sendelope.eu/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1008
/^Reply-To: .+\@team-de-luxe\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1009
/^Reply-To: .+\@klickensiejetzt\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1010
/^Reply-To: .+\@podiumskate\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1011
/^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001 /^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
/^From: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1002
/^From: .+\@ppe-healthcare-europe\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1003
/^From: .+\@testbedarf.shop/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1004
/^From: .+\@acieu\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1005
/^From: .+\@acievents\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1006
/^From: .+\@dokpotenz\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1007
/^From: .+\@doktorapo\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1008
/^From: .+\@sendelope.eu/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1009
/^From: .+\@team-de-luxe\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1010
/^From: .+\@klickensiejetzt\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1011
/^From: .+\@podiumskate\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1012
/^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001 /^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
/^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002 /^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
@@ -2828,6 +2947,56 @@ else
fi fi
if $IS_SYMPA_LIST_SERVER ; then
_file_name=sympa_domains
echononl "\tCreate (empty) file \"$_file_name\".."
if [ -f "${postfix_conf_dir}/$_file_name" ];then
echo_skipped
else
touch ${postfix_conf_dir}/$_file_name > /dev/null 2>&1
if [ "$?" = "0" ]; then
echo_ok
echononl "\tCreate concerning db-file \"${postfix_conf_dir}/${_file_name}.db\".."
postmap btree:${postfix_conf_dir}/$_file_name > /dev/null 2>&1
if [ "$?" = "0" ]; then
echo_ok
else
echo_failed
fi
else
echo_failed
fi
fi
_file_name=sympa_transport
echononl "\tCreate (empty) file \"$_file_name\".."
if [ -f "${postfix_conf_dir}/$_file_name" ];then
echo_skipped
else
touch ${postfix_conf_dir}/$_file_name >> $_log_file 2>&1
if [ "$?" = "0" ]; then
echo_ok
else
echo_failed
fi
fi
_file_name=sympa_virtual_aliases
echononl "\tCreate (empty) file \"$_file_name\".."
if [ -f "${postfix_conf_dir}/$_file_name" ];then
echo_skipped
else
touch ${postfix_conf_dir}/$_file_name >> $_log_file 2>&1
if [ "$?" = "0" ]; then
echo_ok
else
echo_failed
fi
fi
fi
if ! $IS_RELAY_HOST ; then if ! $IS_RELAY_HOST ; then
## - Create Directory '/var/vmail' for virtual mailboxes ## - Create Directory '/var/vmail' for virtual mailboxes
@@ -2896,12 +3065,12 @@ else
echononl " Backup existing file '/etc/postfix/sasl/smtpd.conf'" echononl " Backup existing file '/etc/postfix/sasl/smtpd.conf'"
if [[ -f /etc/postfix/sasl/smtpd.conf ]] ; then if [[ -f /etc/postfix/sasl/smtpd.conf ]] ; then
mv /etc/postfix/sasl/smtpd.conf "/etc/postfix/sasl/smtpd.conf.$backup_date" > $tmp_err_msg 2>&1 mv /etc/postfix/sasl/smtpd.conf "/etc/postfix/sasl/smtpd.conf.$backup_date" > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
@@ -2932,12 +3101,12 @@ fi
## - and port 465 (smtps) ## - and port 465 (smtps)
## - ## -
echononl " Backup file \"${postfix_master_cf}\"" echononl " Backup file \"${postfix_master_cf}\""
cp -a $postfix_master_cf "${postfix_master_cf}.$backup_date" > /dev/null 2> $tmp_err_msg cp -a $postfix_master_cf "${postfix_master_cf}.$backup_date" > /dev/null 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $log_file)"
fi fi
if grep -iq -E "^submission\s+" $postfix_master_cf > /dev/null 2>&1 ; then if grep -iq -E "^submission\s+" $postfix_master_cf > /dev/null 2>&1 ; then
@@ -3055,6 +3224,115 @@ else
fi fi
echononl " Adjust $postfix_master_cf. Set DKIM after sending throuh AmaVIS.."
if [[ -n "$(which opendkim)" ]] ; then
_found=false
_changed=false
tmp_master_file="/tmp/postfix_master.cf"
> $tmp_master_file
while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && ! echo "$_line" | grep -i -q -E "^\s*-o" 2> /dev/null ; then
echo " -o smtpd_milters=local:/opendkim/opendkim.sock" >> "$tmp_master_file"
_changed=true
_found=false
fi
if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then
_found=false
fi
if echo "$_line" | grep -i -q -E "^\s*(127.0.0.1|localhost):10025\s+inet\s+" 2> /dev/null ; then
_found=true
fi
echo "$_line" >> "$tmp_master_file"
done < "$postfix_master_cf"
if $_changed ; then
cp $tmp_master_file $postfix_master_cf 2> $log_file
postfix_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
warn "Postfix (master.cf) seems already be configured."
echononl " Delete previosly saved file '$postfix_master_cf'.."
rm ${postfix_master_cf}.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
rm -f $tmp_master_file
else
echo_skipped
fi
echononl " Adjust $postfix_master_cf to play with dovecot lda"
if [[ -x "/usr/local/dovecot/libexec/dovecot/dovecot-lda" ]] ; then
## - /etc/postfix/master.cf
## -
## - add line
## - dovecot unix - n n - - pipe
## - flags=drhu user=vmail:vmail argv=/usr/local/dovecot/libexec/dovecot/dovecot-lda -f ${sender} -d ${user}@${nexthop}
if ! grep -e dovecot-lda $postfix_master_cf > /dev/null ; then
cp -a "$postfix_master_cf" "${postfix_master_cf}.$backup_date"
echo -e "\ndovecot unix - n n - - pipe\n flags=drhu user=vmail:vmail argv=/usr/local/dovecot/libexec/dovecot/dovecot-lda -f \${sender} -d \${user}@\${nexthop}" >> $postfix_master_cf
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "Configuring $postfix_master_cf for use with dovecot-lda failed"
fi
else
echo_skipped
fi
else
echo_skipped
fi
echononl "\tAdd transport declaration for sympa domains to file master.cf"
if $IS_SYMPA_LIST_SERVER ; then
if grep -q -e "^sympa\ " ${postfix_master_cf} 2>> /dev/null ; then
echo_skipped
else
cat <<EOF >> ${postfix_master_cf}
sympa unix - n n - - pipe
flags=FR user=sympa argv=${SYMPA_LIBEXEC_DIR}/queue \${recipient}
sympabounce unix - n n - - pipe
flags=FR user=sympa argv=${SYMPA_LIBEXEC_DIR}/bouncequeue \${user}
EOF
if [ "$?" = "0" ]; then
echo_ok
else
echo_failed
error "Adding transport declaration for sympa domains to \"${postfix_master_cf}\" failed!"
fi
fi
else
echo_skipped
fi
## - restart postfix ## - restart postfix
## - ## -
echononl " Restart postfix" echononl " Restart postfix"
@@ -3114,7 +3392,12 @@ else
fi fi
fi fi
if [[ -n "$(which amavisd-new)" ]] ; then
warn "You have to run \033[1minstall_amavis.sh\033[m script to continue the configuration."
fi
rm $tmp_err_msg
echo "" echo ""
clean_up 0 clean_up 0