install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_amavis.sh: SecuriteInfo was moved to ClamAV's Freshclam. Also get rid of trailling spaces.

Browse Source
This commit is contained in:
Christoph 2024-09-18 16:46:38 +02:00
parent 240dfbb54a
commit b069fdac30
1 changed files with 231 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

460
install_amavis.sh
View File

@ -131,7 +131,7 @@ DEFAULT_SI_AUTHORISATION_SIGNATURE_OOPEN=abb4ec6b194639f3d123154f1b971843a3b8751
# SecuriteInfo signatur databases
#
SI_SIGNATUR_DATABASES="
securiteinfo.hdb
securiteinfo.hdb
securiteinfo.ign2
javascript.ndb
spam_marketing.ndb
@ -210,7 +210,7 @@ _needed_packages_clamav="clamav \
if [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 10 ]] ; then
_needed_packages_clamav="$_needed_packages_clamav \
libclamunrar7"
elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 11 ]] ; then
elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 11 ]] ; then
_needed_packages_clamav="$_needed_packages_clamav \
libclamunrar9"
elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 12 ]] ; then
@ -355,7 +355,7 @@ else
fi
done
fi
if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
IPV6=disabled
fi
@ -384,7 +384,7 @@ while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do
fi
done
echo ""
@ -413,11 +413,90 @@ else
done
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Should ClamAV unofficial Singatures be installed?"
echo ""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Use SecuriteInfo Signatures (https://www.securiteinfo.com)?"
echo ""
echo "Note: You have to sign up for an account. For a free account thats here:"
echo " https://www.securiteinfo.com/clients/customers/signup"
echo ""
if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then
echononl "Load SecuriteInfo Singatures (yes/no): "
else
if $_SECURITE_INFO_IN_USE ; then
echononl "Load SecuriteInfo Singatures [yes]: "
else
echononl "Load SecuriteInfo Singatures [no]: "
fi
fi
read _TMP_LOAD_SI
_TMP_LOAD_SI=${_TMP_LOAD_SI,,}
while [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; do
if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then
echononl "Wrong entry! (yes/no): "
read _TMP_LOAD_SI
_TMP_LOAD_SI=${_TMP_LOAD_SI,,}
else
if [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; then
if [[ "X$_TMP_LOAD_SI" = "X" ]]; then
if $_SECURITE_INFO_IN_USE ; then
_TMP_LOAD_SI=yes
else
_TMP_LOAD_SI=no
fi
else
if $_SECURITE_INFO_IN_USE ; then
echononl "Wrong entry! [yes]: "
else
echononl "Wrong entry! [no]: "
fi
read _TMP_LOAD_SI
fi
fi
fi
done
if [[ "$_TMP_LOAD_SI" = "yes" ]] ; then
SECURITE_INFO_IN_USE=true
else
SECURITE_INFO_IN_USE=false
fi
if $SECURITE_INFO_IN_USE ; then
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert SecuriteInfo Authorisation Signature"
echo ""
echo ""
SI_AUTHORISATION_SIGNATURE=
if [[ -n "$_SI_AUTHORISATION_SIGNATURE" ]] ; then
while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do
echononl "SecuriteInfo Authorisation Signature [$(echo ${_SI_AUTHORISATION_SIGNATURE:0:4})..$(echo ${_SI_AUTHORISATION_SIGNATURE: -4})]: "
read SI_AUTHORISATION_SIGNATURE
if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then
SI_AUTHORISATION_SIGNATURE=$_SI_AUTHORISATION_SIGNATURE
fi
done
else
while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do
echononl "SecuriteInfo Authorisation Signature: "
read SI_AUTHORISATION_SIGNATURE
if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mSecuriteInfo Authorisation Signature is reqired\033[m\n"
fi
done
fi
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Should ClamAV unofficial Singatures be installed?"
echo ""
if [[ -z "$_INSTALL_CLAMAV_UNOFFICIAL_SIGS" ]]; then
echononl "Install ClamAV unofficial Singatures (yes/no): "
else
@ -451,14 +530,14 @@ else
fi
if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Load MalwarePatrol Signatures (https://www.malwarepatrol.net)?"
echo ""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Load MalwarePatrol Signatures (https://www.malwarepatrol.net)?"
echo ""
echo "Note: You have to sign up for an account. For a free account thats here:"
echo " https://www.malwarepatrol.net/signup-free.shtml"
echo ""
echo ""
if [[ -z "$_MALWARE_PATROL_IN_USE" ]]; then
echononl "Load MalwarePatrol Singatures (yes/no): "
else
@ -491,7 +570,7 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
fi
read _TMP_LOAD_MP
fi
fi
fi
done
@ -501,14 +580,14 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
MALWARE_PATROL_IN_USE=false
fi
if $MALWARE_PATROL_IN_USE ; then
echo ""
echo ""
echo "Are you using a free account from MalwarePatrol?"
echo ""
echo ""
echo ""
echo ""
echo "Are you using a free account from MalwarePatrol?"
echo ""
echo ""
if [[ -z "$_MALWERE_PATROL_FREE" ]] ; then
echononl " Using fgree acount from MalwarePatrol? (yes/no): "
@ -583,85 +662,7 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
done
fi
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Load SecuriteInfo Signatures (https://www.securiteinfo.com)?"
echo ""
echo "Note: You have to sign up for an account. For a free account thats here:"
echo " https://www.securiteinfo.com/clients/customers/signup"
echo ""
if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then
echononl "Load SecuriteInfo Singatures (yes/no): "
else
if $_SECURITE_INFO_IN_USE ; then
echononl "Load SecuriteInfo Singatures [yes]: "
else
echononl "Load SecuriteInfo Singatures [no]: "
fi
fi
read _TMP_LOAD_SI
_TMP_LOAD_SI=${_TMP_LOAD_SI,,}
while [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; do
if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then
echononl "Wrong entry! (yes/no): "
read _TMP_LOAD_SI
_TMP_LOAD_SI=${_TMP_LOAD_SI,,}
else
if [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; then
if [[ "X$_TMP_LOAD_SI" = "X" ]]; then
if $_SECURITE_INFO_IN_USE ; then
_TMP_LOAD_SI=yes
else
_TMP_LOAD_SI=no
fi
else
if $_SECURITE_INFO_IN_USE ; then
echononl "Wrong entry! [yes]: "
else
echononl "Wrong entry! [no]: "
fi
read _TMP_LOAD_SI
fi
fi
fi
done
if [[ "$_TMP_LOAD_SI" = "yes" ]] ; then
SECURITE_INFO_IN_USE=true
else
SECURITE_INFO_IN_USE=false
fi
if $SECURITE_INFO_IN_USE ; then
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert SecuriteInfo Authorisation Signature"
echo ""
echo ""
SI_AUTHORISATION_SIGNATURE=
if [[ -n "$_SI_AUTHORISATION_SIGNATURE" ]] ; then
while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do
echononl "SecuriteInfo Authorisation Signature [$(echo ${_SI_AUTHORISATION_SIGNATURE:0:4})..$(echo ${_SI_AUTHORISATION_SIGNATURE: -4})]: "
read SI_AUTHORISATION_SIGNATURE
if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then
SI_AUTHORISATION_SIGNATURE=$_SI_AUTHORISATION_SIGNATURE
fi
done
else
while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do
echononl "SecuriteInfo Authorisation Signature: "
read SI_AUTHORISATION_SIGNATURE
if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mSecuriteInfo Authorisation Signature is reqired\033[m\n"
fi
done
fi
fi
fi
@ -674,28 +675,28 @@ else
DB_IN_USE=false
fi
DB_TYPE=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Are a database lookups for local domains in use?"
echo ""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Are a database lookups for local domains in use?"
echo ""
if [[ "$_DB_TYPE" = "MySQL" ]] ; then
echo -e "\033[37m\033[1m[1] MySQL\033[m"
else
echo "[1] MySQL"
echo "[1] MySQL"
fi
if [[ "$_DB_TYPE" = "PostgreSQL" ]] ; then
echo -e "[2] \033[37m\033[1mPostgeSQL\033[m"
else
echo "[2] PostgeSQL"
echo "[2] PostgeSQL"
fi
if ! $DB_IN_USE ; then
echo -e "[3] \033[37m\033[1mSkip (No Database in use)\033[m"
echo -e "[3] \033[37m\033[1mSkip (No Database in use)\033[m"
_DB_TYPE="None"
else
echo "[3] Skip (No Database in use)"
echo "[3] Skip (No Database in use)"
fi
echo ""
echo ""
echo "Type a number or press <RETURN> to choose highlighted value"
echo ""
echononl "Eingabe: "
@ -714,12 +715,12 @@ while [ "$DB_TYPE" != "MySQL" -a "$DB_TYPE" != "PostgreSQL" -a "$DB_TYPE" != "No
DB_TYPE="None"
DB_IN_USE=false
;;
'') DB_TYPE=$_DB_TYPE
'') DB_TYPE=$_DB_TYPE
;;
*)
echo ""
echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL , 3 = Skip] or type <RETURN>"
echo ""
echo ""
echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL , 3 = Skip] or type <RETURN>"
echo ""
echononl "Eingabe: "
;;
esac
@ -1018,7 +1019,7 @@ if [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 12 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)
command was:
command was:
cpanm -q --skip-installed $_module"
echononl "\tcontinue anyway [yes/no]: "
@ -1080,7 +1081,7 @@ echo
## - Install package amavisd-new NOW, because we need at least the existence
## - of the AmaViS user (amavis) befor finally installation and configuration
## - of the AmaViS user (amavis) befor finally installation and configuration
## - of AmaViS itself.
## -
echononl " Install packages \"amavisd-new\""
@ -1159,7 +1160,7 @@ fi
## - # cp /root/sample-spam.txt /tmp
## - # cd /tmp
## - # su amavis -c 'spamassassin -D </tmp/sample-spam.txt'
## -
## -
## - Notice:
## - If not testing as user roor, you need to change int a directora, where the testing
## - user has read/write? access, even if the sample spam file is located at /tmp
@ -1232,27 +1233,27 @@ echo -e " \033[37m\033[1mConfigure Razor2..\033[m"
info "Open firewall outgoing port 2703 for Razor2"
## - This next section gets Razor2 up and running and copies its files where
## - both root and amavis expect to find them.
## - This next section gets Razor2 up and running and copies its files where
## - both root and amavis expect to find them.
## -
## - SpamAssassin is designed to enable each user to have their own settings and
## - SpamAssassin is designed to enable each user to have their own settings and
## - data. This section will make both users happy.
## -
## - This is because if we are debugging SpamAssassin or Razor or Pyzor or DCC,
## - This is because if we are debugging SpamAssassin or Razor or Pyzor or DCC,
## - we want to be able to do so with spamassassin -D </tmp/sample-spam.txt
## - rather than amavisd-new -d 5 debug-sa , because we don't want to shut
## - amavisd-new down every time we need to debug one of those programs. A better
## - rather than amavisd-new -d 5 debug-sa , because we don't want to shut
## - amavisd-new down every time we need to debug one of those programs. A better
## - A way to debug SpamAssassin is to run the program as the AmaViS user amavis
## - like so:
## - su clamav -c 'spamassassin -D </root/sample-spam.txt'
## -
## - First:
## - First:
## - To create a new razor-agent.conf file in /root/.razor/razor-agent.conf, we
## - must 'razor-admin -create' prevent from using the defaut one in directory
## - /etc/razor/
## -
## -
echononl " Rename /etc/razor/razor-agent.conf to /etc/razor/razor-agent.conf.ORIG"
if [[ -f /etc/razor/razor-agent.conf ]]; then
mv /etc/razor/razor-agent.conf /etc/razor/razor-agent.conf.ORIG > $tmp_err_msg 2>&1
@ -1365,7 +1366,7 @@ fi
## - Copy root's .razor directory and files to the amavis user's home directory
## -
echononl " Copy root's razor configuration to user \"amavis\" (${_home_amavais}/.razor)"
echononl " Copy root's razor configuration to user \"amavis\" (${_home_amavais}/.razor)"
installation_failed=false
cp -r /root/.razor ${_home_amavais}/ > $tmp_err_msg 2>&1
if [[ "$?" -ne 0 ]] ; then
@ -1867,7 +1868,7 @@ report_safe 0
#
#
# Our own IP's
#
#
# Notice: i decided not to trust our own ip's, because i want
# to filter also mails from local users out
@ -1879,7 +1880,7 @@ fi
echo "$_msg_trusted" >> /etc/spamassassin/local.cf
echo "" >> /etc/spamassassin/local.cf
echo "$_msg_internal" >> /etc/spamassassin/local.cf
echo "$_msg_internal" >> /etc/spamassassin/local.cf
cat << EOF >> /etc/spamassassin/local.cf 2>$tmp_err_msg
@ -1910,8 +1911,8 @@ bayes_auto_learn_threshold_spam 10.0
bayes_auto_learn_threshold_nonspam -0.5
# NOTE: Since there is a script that runs each day to --force-expire old
# Bayes tokens "/etc/cron.daily/amavisd-new" (make sure there is if
# NOTE: Since there is a script that runs each day to --force-expire old
# Bayes tokens "/etc/cron.daily/amavisd-new" (make sure there is if
# you use this setting!), we can set:
#
bayes_auto_expire 0
@ -1983,14 +1984,14 @@ ok_locales all
# Local delivery uses this flag to distinguish between possible spam
# and ham
#
#
# Again: in our setup wee NEED to set the spam flag
#
#
add_header spam Flag _YESNOCAPS_
# Some shortcircuiting, if the plugin is enabled
#
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
@ -2289,11 +2290,11 @@ EOF
fi
# - !! Notice !!
# - if su clamav -c 'spamassassin --lint' failed ( with warn
# - if su clamav -c 'spamassassin --lint' failed ( with warn
# - message "warn: Use of uninitialized value $type in numeric..")
# - reading "/etc/spamassassin/local.cf": razor_timeout 8, have a look
# - at SpamAssassin/Plugin/Razor2.pm line 118:
# -
# -
# - type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATIION,
# -
# - Should be:
@ -2536,7 +2537,7 @@ if [[ \`expr \$code1 + \$code2 + \$code3\` < 4 ]]; then
fi
fi
# Fixup perms -- group and other should be able to read and execute,
# Fixup perms -- group and other should be able to read and execute,
# but never write. Works around sa-compile's failure to obey umask.
if [ -d /var/lib/spamassassin ]; then
chown -R debian-spamd:debian-spamd /var/lib/spamassassin
@ -2661,7 +2662,7 @@ else
/etc/init.d/amavis restart >/dev/null
fi
# Fixup perms -- group and other should be able to read and execute,
# Fixup perms -- group and other should be able to read and execute,
# but never write. Works around sa-compile's failure to obey umask.
if [ -d /var/lib/spamassassin ]; then
chown -R debian-spamd:debian-spamd /var/lib/spamassassin
@ -3143,10 +3144,10 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
## -
## - Use ClamAV Unofficial Signatures Updater:
## - https://github.com/extremeshok/clamav-unofficial-sigs/releases
## -
## -
## - See readme file:
## - https://github.com/extremeshok/clamav-unofficial-sigs
## -
## -
echo ""
echo -e " \033[37m\033[1mClamAV Unofficial Signatures..\033[m"
@ -3183,7 +3184,7 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
echo_failed
error "$(cat $tmp_err_msg)
command was:
command was:
cpanm -q --skip-installed $_module"
echononl "continue anyway [yes/no]: "
@ -3257,7 +3258,7 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
if ! $(grep -q -E "^\s*xshok_mkdir_ownership\s+\"\\\$work_dir_urlhaus\"" "${_clamav_script}" 2> /dev/null) ; then
if $(grep -q -E "^\s*xshok_mkdir_ownership\s+\"\\\$work_dir\"" "${_clamav_script}" 2> /dev/null) ; then
perl -i -n -p \
-e "s#(\s*xshok_mkdir_ownership\s+)(\"\\\$work_dir\")#\1\2\n\1\"\\\$work_dir_urlhaus\"#" \
"${_clamav_script}" > $tmp_err_msg 2>&1
@ -3395,7 +3396,7 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
fi
if [[ "${os_dist,,}" = "debian" ]] ; then
## - For Debian Jessie (Debian 8) // Stretch (Debian 9) // Buster (Debian 10) // Bullseye (Debian 11)
@ -3550,65 +3551,66 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
# --------------------------------------
# --- Begin: User specific modifications
# --- Inserted by install-script "$(basename "$0")" at $(date +"%Y-%m-%d %H:%M")
# - SecuriteInfo
# -
# - SecuriteInfo signatures are now directly integrated into ClamAV's Freshclam.
# -
# - We therefore disable them here.
# -
securiteinfo_enabled="no"
EOF
if $MALWARE_PATROL_IN_USE || $SECURITE_INFO_IN_USE ; then
if $MALWARE_PATROL_IN_USE ; then
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
if $MALWARE_PATROL_IN_USE ; then
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
malwarepatrol_receipt_code="$MP_RECEIPT_NUMBER"
malwarepatrol_list="clamav_basic"
EOF
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
if $MALWERE_PATROL_FREE ; then
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
if $MALWERE_PATROL_FREE ; then
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
malwarepatrol_product_code="8"
malwarepatrol_free="yes"
EOF
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
else
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
else
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
malwarepatrol_product_code="15"
malwarepatrol_free="no"
EOF
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
fi
fi # if $MALWARE_PATROL_IN_USE
if $SECURITE_INFO_IN_USE ; then
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
# - SecuriteInfo
# -
# - type: Gold
# - account: ckubu@oopen.de
# - signatur: abb4ec6..46b59a4e
# -
# - - ALT -
# - type: professional
# - account: oo@oopen.de
# - signatur: b0b7e94d..0c2e3a89
# -
securiteinfo_authorisation_signature="$SI_AUTHORISATION_SIGNATURE"
EOF
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
fi # if $SECURITE_INFO_IN_USE
fi #if $MALWARE_PATROL_IN_USE || $SECURITE_INFO_IN_USE
fi
else
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
# - MalwarePatrol
# -
# - Not in use
# -
malwarepatrol_enabled="no"
EOF
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
fi #if $MALWARE_PATROL_IN_USE
cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
# - Disable Yara-Rule set, because (some?) pgp mails where blocked.
@ -3687,7 +3689,7 @@ EOF
error "
$(cat $tmp_err_msg)
command was:
command was:
/usr/local/sbin/clamav-unofficial-sigs.sh --install-cron"
echononl "continue anyway [yes/no]: "
@ -3888,7 +3890,7 @@ fi
echononl " Install CPAN Modules mostly needed for decoding"
installation_failed=false
_needed_cpan_modules="
Digest::SHA1
Digest::SHA1
Digest::SHA2
Digest::SHA256
Encode::Detect
@ -3899,7 +3901,7 @@ for _module in $_needed_cpan_modules ; do
installation_failed=true
error "$(cat $tmp_err_msg)
command was:
command was:
cpanm -q --skip-installed $_module"
echononl "continue anyway [yes/no]: "
@ -3954,7 +3956,7 @@ fi
echononl " Create file '/etc/postfix/sender_whitelist'"
if [[ ! -f "/etc/postfix/sender_whitelist" ]]; then
cat << EOF > /etc/postfix/sender_whitelist 2> '$tmp_err_msg'
# - Example '/etc/postfix/sender_whitelist'
# - Example '/etc/postfix/sender_whitelist'
# -
# - Used by Amavis Configuration 'whitelist_sender_maps' / '%whitelist_sender'
# -
@ -3984,7 +3986,7 @@ fi
echononl " Create file '/etc/postfix/spam_lovers'"
if [[ ! -f "/etc/postfix/spam_lovers" ]]; then
cat << EOF > /etc/postfix/spam_lovers 2> '$tmp_err_msg'
# - Example '/etc/postfix/spam_lovers'
# - Example '/etc/postfix/spam_lovers'
# -
# - # Adresses
# - adress@domain1.com 1
@ -4012,7 +4014,7 @@ fi
echononl " Create file '/etc/postfix/virus_lovers'"
if [[ ! -f "/etc/postfix/virus_lovers" ]]; then
cat << EOF > /etc/postfix/virus_lovers 2> '$tmp_err_msg'
# - Example '/etc/postfix/virus_lovers'
# - Example '/etc/postfix/virus_lovers'
# -
# - # Adresses
# - adress@domain1.com 1
@ -4041,7 +4043,7 @@ fi
## - Configure amavis in /etc/amavis/conf.d
## -
## - write all changes and customization to a seperate
## - file named "50-user", which will load at end of
## - file named "50-user", which will load at end of
## - configuration and overwrites the (debian)-default values
## -
@ -4081,7 +4083,7 @@ use strict;
#
# Ports to listen on
#
#
# 10024: default listening port
# 10026: used for whitelisting IP's (trusted networks)
#
@ -4121,7 +4123,7 @@ use strict;
#};
# Bypass spam checking for whitelisted senders
# Bypass spam checking for whitelisted senders
#
#\$interface_policy{'10029'} = 'VIRUSONLY';
#\$policy_bank{'VIRUSONLY'} = { # mail from the pickup daemon
@ -4162,10 +4164,10 @@ use strict;
## - .domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - But we will use the read_hash function to read in a list
## - of senders from the external file '/etc/postfix/sender_whitelist'
## -
## - Example '/etc/postfix/sender_whitelist'
## - Example '/etc/postfix/sender_whitelist'
## -
## - some.trustworthy@doma.in #full email address
## - some.trustworthy@ #full local part
@ -4192,18 +4194,18 @@ read_hash(\%whitelist_sender, '/etc/postfix/sender_whitelist');
## -
## - !! Notice !!
## -
## - Virus checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - virus-checking will still be performed. To ensure that virus is still delivered
## - to whitelisted recipients in such cases, use the "virus_lovers" features
## - see below.
## - Virus checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - virus-checking will still be performed. To ensure that virus is still delivered
## - to whitelisted recipients in such cases, use the "virus_lovers" features
## - see below.
## -
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \\\$bypass_virus_checks_re);
## - We will use '%bypass_virus_checks_maps'. So we could set:
## -
## -
## - %bypass_virus_checks = (
## - # Adresses
## - adress@domain1.com => '1',
@ -4216,10 +4218,10 @@ read_hash(\%whitelist_sender, '/etc/postfix/sender_whitelist');
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/virus_lovers'
## - Example '/etc/postfix/virus_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
@ -4248,7 +4250,7 @@ read_hash(\%bypass_virus_checks, '/etc/postfix/virus_lovers');
## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'.
## -
## - For more explanations see above
## -
## -
read_hash(\%virus_lovers, '/etc/postfix/virus_lovers');
@ -4262,17 +4264,17 @@ read_hash(\%virus_lovers, '/etc/postfix/virus_lovers');
## -
## - !! Notice !!
## -
## - Spam checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - spam-checking will still be performed. To ensure that spam is still delivered
## - to whitelisted recipients in such cases, use the "spam_lovers" features
## - see below.
## - Spam checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - spam-checking will still be performed. To ensure that spam is still delivered
## - to whitelisted recipients in such cases, use the "spam_lovers" features
## - see below.
## -
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \\\$bypass_spam_checks_re);
## - We will use '%bypass_spam_checks'. So we could set:
## -
## -
## - %bypass_spam_checks = (
## - # Adresses
## - adress@domain1.com => '1',
@ -4285,10 +4287,10 @@ read_hash(\%virus_lovers, '/etc/postfix/virus_lovers');
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/spam_lovers'
## - Example '/etc/postfix/spam_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
@ -4357,7 +4359,7 @@ read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
## -
## - default: @spam_tag2_level_maps = (\\\$sa_tag2_level_deflt);
## -
## - Example file '/etc/postfix/tag2_level_maps.dat'
## - Example file '/etc/postfix/tag2_level_maps.dat'
## -
## - # oopen.de
## - oopen.de 2.1
@ -4387,7 +4389,7 @@ read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
## -
## - default: @spam_kill_level_maps = (\\\$sa_kill_level_deflt);
## -
## - Example file '/etc/postfix/kill_level_maps.dat'
## - Example file '/etc/postfix/kill_level_maps.dat'
## -
## - # oopen.de
## - ckubu@oopen.de 1500.0
@ -4400,7 +4402,7 @@ read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
## - We will inform the sender about bouncing his mail with a DSN (Delivery
## - StatusNotification). That DSN message will no be send, if the spamvalue
## - StatusNotification). That DSN message will no be send, if the spamvalue
## - exceeds the value of sa_dsn_cutoff_level
## -
#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
@ -4419,7 +4421,7 @@ read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
);
\$sa_spam_subject_tag = undef;
#\$sa_spam_subject_tag = '***SPAM*** ';
#\$sa_spam_subject_tag = '***SPAM*** ';
## - QUARANTINE
@ -4491,15 +4493,15 @@ read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
#};
## - Amavisd-New scans all mail passing through it for viruses, but will
## - only hand mail for local delivery off to SA for checking - you tell
## - it which domains are local using the @local_domains_maps variable,
## - which by default is set to the value of \$mydomain & its subdomains:
## - Amavisd-New scans all mail passing through it for viruses, but will
## - only hand mail for local delivery off to SA for checking - you tell
## - it which domains are local using the @local_domains_maps variable,
## - which by default is set to the value of \$mydomain & its subdomains:
## -
#@local_domains_maps = ( ["."] );
## - get rid of "Open Relay" warnings in amavis logfile.
## - get rid of "Open Relay" warnings in amavis logfile.
## -
\$interface_policy{'10024'} = 'ORIGINATING';
\$policy_bank{'ORIGINATING'} = {
@ -4622,8 +4624,8 @@ delete \$admin_maps_by_ccat{&CC_UNCHECKED};
## -
## - zur Signierung der e-Mail mit herangezogen werden.
## -
## - Dies hat jedoch den Nachteil, dass bei einer Veränderung der Received: from-Zeilen
## - im Nachhinein, wie es z.B. bei der Einlieferung durch Postfix via smtpd_proxy_filter
## - Dies hat jedoch den Nachteil, dass bei einer Veränderung der Received: from-Zeilen
## - im Nachhinein, wie es z.B. bei der Einlieferung durch Postfix via smtpd_proxy_filter
## - (Pre-Queue) bei AMaViS der Fall sein könnte, die DKIM-Sigantur sprichwörtlich „
## - kaputt“ geht.
## -
@ -4632,8 +4634,8 @@ delete \$admin_maps_by_ccat{&CC_UNCHECKED};
## -
## - \$signed_header_fields{'received'} = 0; # turn off signing of Received
## -
## - verhindert werden, indem die Received: from-Zeilen nicht mehr mit in die
## - Berechnung der DKIM-Signatur mit einfließen.
## - verhindert werden, indem die Received: from-Zeilen nicht mehr mit in die
## - Berechnung der DKIM-Signatur mit einfließen.
## -
\$signed_header_fields{'received'} = 0; # turn off signing of Received
@ -4915,7 +4917,7 @@ EOF
error "$(cat $tmp_err_msg)"
fi
fi
if $installed ; then
crontab /tmp/tmp_crontab > /dev/null 2> $tmp_err_msg
if [[ "$?" -ne 0 ]] ; then
@ -4967,7 +4969,7 @@ fi
## - Forward emails to amavis using "Pre-Queue" Option smtpd_proxy_filter
## -
## - edit /etc/postfix/master.cf and add flags for "smtpd_proxy_filter" (to
## - forward to amavis service on localhost port 10024) and for "content_filter"
## - forward to amavis service on localhost port 10024) and for "content_filter"
## - (to avoid rechecking by "Post-Queue" content_filter) to smtp service
## -
## - smtp inet n - - - - smtpd
@ -5089,7 +5091,7 @@ submission inet n - y - 20 smtpd
#-o milter_macro_daemon_name=ORIGINATING
EOF
if ! $smtps_present ; then
if ! $localhost_10025_present ; then
if ! $localhost_10025_present ; then
cat >> $postfix_master_cf << EOF
localhost:10025 inet n - y - - smtpd
-o content_filter=
@ -5116,7 +5118,7 @@ EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF
fi
if ! $amavisfeed_present ; then
cat >> $postfix_master_cf << EOF
amavisfeed unix - - n - 20 lmtp
@ -5143,7 +5145,7 @@ smtps inet n - y - - smtpd
#-o milter_macro_daemon_name=ORIGINATING
EOF
if ! $localhost_10025_present ; then
if ! $localhost_10025_present ; then
cat >> $postfix_master_cf << EOF
localhost:10025 inet n - y - - smtpd
-o content_filter=
@ -5227,7 +5229,7 @@ EOF
fi
# - [[:blank:]] means space and tab. This makes it similar to: [ \t]
# - [[:space;]] in addition to space and tab, includes newline, linefeed, formfeed,
# - [[:space;]] in addition to space and tab, includes newline, linefeed, formfeed,
# - and vertical tab. This makes it similar to: [ \t\n\r\f\v]
# -
#if [[ $_line =~ ^[[:space:]]+[^[:space:]]+ ]] && $_smtp_found ; then