install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_amavis.sh: change some konfigurations at file '/etc/amavis/conf.d/50-user' . Add file '/etc/postfix/spam_lovers'.

Browse Source
This commit is contained in:
Christoph 2018-09-26 18:45:02 +02:00
parent fabc15356a
commit aee7bf0293
1 changed files with 181 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
install_amavis.sh
View File

@ -3169,6 +3169,34 @@ if ! $installation_failed ; then
echo_ok
fi
echononl " Create file '/etc/postfix/spam_lovers'"
if [[ ! -f "" ]]; then
cat << EOF > /etc/postfix/spam_lovers 2> '$tmp_err_msg'
# - Example '/etc/postfix/spam_lovers'
# -
# - # Adresses
# - adress@domain1.com 1
# - [..]
# -
# - # All addresses of a domain
# - domain2.com 1
# - [..]
# -
# - # All adresses of a domain except a single user
# - adress_1@domain3.com 0
# - domain3.com 1
# -
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
else
echo_skipped
fi
## - Configure amavis in /etc/amavis/conf.d
## -
@ -3269,20 +3297,80 @@ use strict;
## - Default antivirus checking mode
## -
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl,
\$bypass_virus_checks_re);
\%bypass_virus_checks, \@bypass_virus_checks_acl, \\\$bypass_virus_checks_re);
## - Default SPAM checking mode
## -
## - bypass_spam_checks_maps
## -
## - Addresses/Domains listet here will not be checked.
## -
## - !! Notice !!
## -
## - Spam checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - spam-checking will still be performed. To ensure that spam is still delivered
## - to whitelisted recipients in such cases, use the "spam_lovers" features
## - see below.
## -
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
\%bypass_spam_checks, \@bypass_spam_checks_acl, \\\$bypass_spam_checks_re);
## - We will use '%bypass_spam_checks'. So we could set:
## -
## - %bypass_spam_checks = (
## - # Adresses
## - adress@domain1.com => '1',
## - [..]
## - # All addresses of a domain
## - domain2.com => '1',
## - [..]
## - # All adresses of a domain except a single user
## - address_1@domain3.com => '0',
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/spam_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
## - [..]
## -
## - # All addresses of a domain
## - domain2.com 1
## - [..]
## -
## - # All adresses of a domain except a single user
## - adress_1@domain3.com 0
## - domain3.com 1
## -
read_hash(\%bypass_spam_checks, '/etc/postfix/spam_lovers');
## - spam_lovers_maps
## -
## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like
## - adding spam headers or discarding the mail) will be performed.
## -
@spam_lovers_maps = (
\%spam_lovers, \@spam_lovers_acl, \\\$spam_lovers_re);
## - We will use the read_hash function to read in a list of recipients
## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'.
## -
## - For more explanations see above
## -
read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
## - overrides settings in 20-debian_defaults
## -
\$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
\$final_banned_destiny = D_DISCARD; # D_REJECT when front-end MTA
#\$final_spam_destiny = D_DISCARD;
@ -3291,9 +3379,15 @@ use strict;
\$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
\$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level
\$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass
## - user / domain specific settings
## - example for \$sa_tag2_level_deflt:
## -
## - User / Domain specific settings
## -
## - Per-recipient mapping of tag2 levels to email addresses (tag2 level):
## -
## - Set directly:
## -
#\$sa_tag2_level_deflt = {
# # oopen.de
@ -3305,14 +3399,58 @@ use strict;
# # default
# '.'=>'5.1'
#};
## -
## - Read from file using @spam_tag2_level_maps
## -
## - default: @spam_tag2_level_maps = (\\\$sa_tag2_level_deflt);
## -
## - Example file '/etc/postfix/tag2_level_maps.dat'
## -
## - # oopen.de
## - oopen.de 2.1
## - ckubu@oopen.de 2.2
## - argus@oopen.de 2.3
## - [..]
## - # k8h.de
## - k8h.de 6.5
## - [..]
## - # default
## - . 5.1
## -
#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
## - Per-recipient mapping of kill levels to email addresses (kill level):
## -
## - Set directly
## -
#\$sa_kill_level_deflt = {
# 'ckubu@oopen.de'=>'1500.0',
# 'ckubu-adm@oopen.de'=>'1500.0',
# # default
# '.'=>'10.31'
#};
## -
## - Read from file using @spam_kill_level_maps
## -
## - default: @spam_kill_level_maps = (\\\$sa_kill_level_deflt);
## -
## - Example file '/etc/postfix/kill_level_maps.dat'
## -
## - # oopen.de
## - ckubu@oopen.de 1500.0
## - ckubu-adm@oopen.de 1500.0
## - [..]
## - # default
## - . 10.31
## -
#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') );
\$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass
#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
## - We will inform the sender about bouncing his mail with a DSN (Delivery
## - StatusNotification). That DSN message will no be send, if the spamvalue
## - exceeds the value of sa_dsn_cutoff_level
## -
#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
\$sa_dsn_cutoff_level = 20;
@ -3371,14 +3509,15 @@ use strict;
\$admin_maps_by_ccat{+CC_SPAMMY} = sub { ca('spam_admin_maps') };
# Bypass spam checking fro trusted networks using mynetworks
# Bypass spam checking for trusted networks using mynetworks
#
# list of trusted IPs:
#
# - $HOSTNAME ($IPV4 [${IPV6}])
# - b.mx.oopen.de (83.223.86.97 [2a01:30:0:13:21f:92ff:fe00:538b])
#
#\@mynetworks = qw( 127.0.0.0/8 [::1] 83.223.86.162 [2a01:30:1fff:a::162] );
#
#@mynetworks = qw( 127.0.0.0/8 [::1] $IPV4 [${IPV6}] 83.223.86.97 [2a01:30:0:13:21f:92ff:fe00:538b] );
#\$policy_bank{'MYNETS'} = { # clients in @mynetworks
# bypass_spam_checks_maps => [1], # don't spam-check internal mail
# bypass_header_checks_maps => [1], # don't header-check internal mail
@ -3465,6 +3604,7 @@ fi
cat >> /etc/amavis/conf.d/50-user <<EOF
# Section III - Logging
#
@ -3508,15 +3648,41 @@ delete \$admin_maps_by_ccat{&CC_UNCHECKED};
## -
\$localhost_name = "amavis.${HOSTNAME}";
## - DKIM
## -
#\$enable_dkim_verification = 1; # enable DKIM signatures verification
#\$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
\$enable_dkim_verification = 1; # enable DKIM signatures verification
\$enable_dkim_signing = 0; # load DKIM signing code, keys defined by dkim_key
## - DKIM Signing (if \$enable_dkim_signing = 1) by AMaVIS
## -
#dkim_key('oopen.de', 'main', '/etc/amavis/dkim/dkim-key.pem');
#dkim_key('mbr-berlin.de', 'main', '/etc/amavis/dkim/dkim-key.pem');
#dkim_key ...
#\@dkim_signature_options_bysender_maps = (
# { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
## - Laut RFC 4871 können auch die
## -
## - Received: from-Zeilen
## -
## - zur Signierung der e-Mail mit herangezogen werden.
## -
## - Dies hat jedoch den Nachteil, dass bei einer Veränderung der Received: from-Zeilen
## - im Nachhinein, wie es z.B. bei der Einlieferung durch Postfix via smtpd_proxy_filter
## - (Pre-Queue) bei AMaViS der Fall sein könnte, die DKIM-Sigantur sprichwörtlich „
## - kaputt“ geht.
## -
## - Dies kann durch hinzufügen von nachfolgender Konfigurationszeile in die
## - datei /etc/amavisd.conf
## -
## - \$signed_header_fields{'received'} = 0; # turn off signing of Received
## -
## - verhindert werden, indem die Received: from-Zeilen nicht mehr mit in die
## - Berechnung der DKIM-Signatur mit einfließen.
## -
\$signed_header_fields{'received'} = 0; # turn off signing of Received