install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit - merge old projekts 'amavisd-new/', 'dovecot/', 'postfix', 'postfixadmin' and 'roundcube'.

Browse Source
This commit is contained in:
Christoph
2017-10-22 12:11:03 +02:00
commit ced2a28679
41 changed files with 28210 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.gitignore vendored Normal file
View File

@@ -0,0 +1,21 @@
# - common
*.log
*.swp
conf/*.conf
# - Postfixadmin
postfixadmin-*
# - AMaVis /vacation
/dcc*
*.log
*.tar.Z
# - Dovecot
dovecot*
log*
# - roundcube
/log/*
roundcubemail-*

502
BAK/install_postfix_base.sh.00 Executable file
View File

@@ -0,0 +1,502 @@
#!/usr/bin/env bash
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=<hostname>
_IPV4=<IPv4-address>
_EXT_IF_IP=<extern interface IPv4>
## - Leave empty, if no IPv6 should be supported
## -
_IPV6=<IPv6 Address>
#_IPV6=
_ADMIN_EMAIL=<admin email>
_SASL_AUTH=<true|false>
_RELAY_HOST=b.mx.oopen.de
_SASL_USER=anw-urb
_SASL_PASS='OhPie2aethei'
## ---
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=true
else
systemd_exists=false
fi
# - Deinstall debian exim4 packages
# -
_installed_exim_packages=`dpkg -l | grep exim4 | grep -e "^i" | awk '{print$2}'`
installed_exim_packages="bsd-mailx"
for _pkg in $_installed_exim_packages ; do
installed_exim_packages="$_installed_exim_packages $_pkg"
done
apt-get remove --purge -q -y $installed_exim_packages > /dev/null 2>&1
# - Install Postfix from debian packages system
# -
needed_packages="postfix postfix-pcre libsasl2-modules bsd-mailx haveged"
apt-get install -q -y $needed_packages > /dev/null 2>&1
# - Backup existing postfix configuration file
# -
if [[ -f "/etc/postfix/main.cf" ]]; then
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.`date +%Y%m%d-%H%M`
fi
# - Creeate nes postfix configuration filr
## -
cat <<EOF > /etc/postfix/main.cf
# ============ Basic settings ============
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myorigin = /etc/mailname
smtpd_banner = \$myhostname ESMTP \$mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
## - The Internet protocols Postfix will attempt to use when making
## - or accepting connections.
## - DEFAULT: ipv4
EOF
if [ -n "$_IPV6" ]; then
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4, ipv6
#inet_interfaces = all
inet_interfaces = 127.0.0.1
$_IPV4
$_IPV6
myhostname = $_HOSTNAME
mydestination =
$_HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
[::ffff:127.0.0.0]/104
[::1]/128
${_IPV4}/32
[${_IPV6}]/128
smtp_bind_address = $_IPV4
smtp_bind_address6 = $_IPV6
EOF
else
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4
#inet_interfaces = all
inet_interfaces =
127.0.0.1
$_IPV4
myhostname = $_HOSTNAME
mydestination =
$_HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
${_IPV4}/32
smtp_bind_address = $_IPV4
#smtp_bind_address6 = $_IPV6
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - The method to generate the default value for the mynetworks parameter.
## -
## - mynetworks_style = host" when Postfix should "trust" only the local machine
## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
## - clients in the same IP subnetworks as the local machine.
## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
## - IP class A/B/C networks as the local machine.
## -
#mynetworks_style = host
## - The maximal size of any local(8) individual mailbox or maildir file,
## - or zero (no limit). In fact, this limits the size of any file that is
## - written to upon local delivery, including files written by external
## - commands that are executed by the local(8) delivery agent.
## -
mailbox_size_limit = 0
## - The maximal size in bytes of a message, including envelope information.
## -
## - we user 50MB
## -
message_size_limit = 52480000
## - The system-wide recipient address extension delimiter
## -
recipient_delimiter = +
## - The alias databases that are used for local(8) delivery.
## -
alias_maps =
hash:/etc/aliases
## - The alias databases for local(8) delivery that are updated
## - with "newaliases" or with "sendmail -bi".
## -
alias_database =
hash:/etc/aliases
## - The maximal time a message is queued before it is sent back as
## - undeliverable. Defaults to 5d (5 days)
## - Specify 0 when mail delivery should be tried only once.
## -
maximal_queue_lifetime = 3d
bounce_queue_lifetime = \$maximal_queue_lifetime
## - delay_warning_time (default: 0h)
## -
## - The time after which the sender receives a copy of the message
## - headers of mail that is still queued. To enable this feature,
## - specify a non-zero time value (an integral value plus an optional
## - one-letter suffix that specifies the time unit).
## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
## - The default time unit is h (hours).
delay_warning_time = 1d
EOF
if $_SASL_AUTH ; then
cat <<EOF >> /etc/postfix/main.cf
# ============ Relay parameters ============
#relayhost =
# ============ SASL authentication ============
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Forwarding to the ip-adress of host b.mx.oopen.de
relayhost = [b.mx.oopen.de]
# File including login data
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Force using a (TLS) security connection
# obsulete - use smtp_tls_security_level instead
#smtp_use_tls = yes
#smtp_tls_enforce_peername = no
smtp_tls_security_level = encrypt
# Disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level=encrypt
EOF
else
cat <<EOF >> /etc/postfix/main.cf
# ============ Relay parameters ============
relayhost =
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level=may
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - Aktiviert TLS für den Mailversand
## -
## - may:
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
## - but do not require that clients use TLS encryption.
# smtp_use_tls=yes
smtpd_tls_security_level=may
## - 0 Disable logging of TLS activity.
## - 1 Log TLS handshake and certificate information.
## - 2 Log levels during TLS negotiation.
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
## -
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtpd_tls_cert_file = $_TLS_CERT_FILE
smtpd_tls_key_file = $_TLS_KEY_FILE
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter
## -
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
## - server certificates or intermediate CA certificates. These are loaded into
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
## -
smtp_tls_CAfile = $_TLS_CA_FILE
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
## - necessary "hash" links with, for example, "
## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
## -
## - !! Note !!
## - To use this option in chroot mode, this directory (or a copy) must be inside
## - the chroot jail.
## -
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
## - queue directory (/var/spool/postfix)
## -
#smtpd_tls_CApath = /etc/postfix/certs
# Disable SSLv2 SSLv3 - Postfix SMTP server
#
# List of TLS protocols that the Postfix SMTP server will exclude or
# include with opportunistic TLS encryption.
smtpd_tls_protocols = !SSLv2, !SSLv3
#
# The SSL/TLS protocols accepted by the Postfix SMTP server
# with mandatory TLS encryption.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Disable SSLv2 SSLv3 - Postfix SMTP client
#
# List of TLS protocols that the Postfix SMTP client will exclude or
# include with opportunistic TLS encryption.
smtp_tls_protocols = !SSLv2, !SSLv3
#
# List of SSL/TLS protocols that the Postfix SMTP client will use
# with mandatory TLS encryption
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
## - openssl > 1.0
## -
smtpd_tls_eecdh_grade = strong
# standard list cryptographic algorithm
tls_preempt_cipherlist = yes
# Disable ciphers which are less than 256-bit:
#
#smtpd_tls_mandatory_ciphers = high
#
# opportunistic
smtpd_tls_ciphers = high
# Exclude ciphers
#smtpd_tls_exclude_ciphers =
# RC4
# aNULL
# SEED-SHA
# EXP
# MD5
smtpd_tls_exclude_ciphers =
aNULL
eNULL
EXPORT
DES
RC4
MD5
PSK
aECDH
EDH-DSS-DES-CBC3-SHA
EDH-RSA-DES-CDC3-SHA
KRB5-DE5, CBC3-SHA
smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
EOF
if $_SASL_AUTH ; then
echo "[$_RELAY_HOST] ${_SASL_USER}@${_RELAY_HOST}:$_SASL_PASS" > /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd.db
fi
## - /etc/mailname
## -
echo $_HOSTNAME > /etc/mailname
## - /etc/aliases
## -
cat << EOF > /etc/aliases
# See man 5 aliases for format
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: $_ADMIN_EMAIL
EOF
## - create directory for certificates and copy certificates
## - and coresponding keys to /etc/postfix/ssl/
## -
mkdir -p /etc/postfix/ssl
## - generate DH parameters that the Postfix SMTP server should use
## - with EDH ciphers (length 512 and 1024
## -
if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
fi
if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
fi
if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048
fi
if [ ! -h "$_TLS_CERT_FILE" ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem $_TLS_CERT_FILE
fi
if [ ! -h "$_TLS_KEY_FILE" ]; then
ln -s /etc/ssl/private/ssl-cert-snakeoil.key $_TLS_KEY_FILE
fi
## - rebuld alias database
## -
newaliases
## - restart postfix
## -
if $systemd_exists ; then
systemctl restart postfix
else
/etc/init.d/postfix restart
fi
## - Omitt logging into system.log
## -
cat << EOF >> /etc/rsyslog.d/postfix.conf
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
mail.* -/var/log/mail.log
& ~
EOF
if $systemd_exists ; then
systemctl restart rsyslog
else
/etc/init.d/rsyslog restart
fi
exit

725
BAK/install_postfix_base.sh.01 Executable file
View File

@@ -0,0 +1,725 @@
#!/usr/bin/env bash
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=o15.oopen.de
_IPV4=83.223.86.96
_EXT_IF_IP=83.223.86.96
## - Leave empty, if no IPv6 should be supported
## -
_IPV6=2a01:30:0:13:5054:ff:fe09:2318
#_IPV6=
_ADMIN_EMAIL=admin@oopen.de
_SASL_AUTH=false
_RELAY_HOST=b.mx.oopen.de
_SASL_USER=anw-urb
_SASL_PASS='OhPie2aethei'
# -------------
# --- Some functions
# -------------
echononl(){
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
fatal(){
echo ""
echo -e "fataler Fehler: $*"
echo ""
echo -e "\t\033[31m\033[1mInstalllation wird abgebrochen\033[m\033[m"
echo ""
exit 1
}
error(){
echo ""
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
}
warn (){
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
}
info (){
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
}
echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]"
}
echo_ok() {
echo -e "\033[80G[ \033[32mok\033[m ]"
}
echo_warning() {
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
}
echo_failed(){
echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
}
echo_skipped() {
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
}
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=true
fi
echo ""
# - Deinstall debian exim4 packages
# -
echononl " Deinstall debian exim4 packages"
_installed_exim_packages=`dpkg -l | grep exim4 | grep -e "^i" | awk '{print$2}'`
for _pkg in $_installed_exim_packages ; do
installed_exim_packages="$installed_exim_packages $_pkg"
done
if [[ -n "$installed_exim_packages" ]] ; then
if `dpkg -l | grep bsd-mailx | grep -e "^i" > /dev/null 2>&1` ; then
installed_exim_packages="$installed_exim_packages bsd-mailx"
fi
apt-get remove --purge -qq -y $installed_exim_packages > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
# - Install Postfix from debian packages system
# -
echononl " Install Postfix from debian packages system"
_needed_packages="postfix postfix-pcre libsasl2-modules bsd-mailx haveged"
for _pkg in $_needed_packages ; do
if `dpkg -l | grep $_pkg | grep -e "^i" > /dev/null 2>&1` ; then
continue
else
needed_packages="$needed_packages $_pkg"
fi
done
if [[ -n "$needed_packages" ]]; then
DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
# - Backup existing postfix configuration file
# -
echononl " Backup existing postfix configuration file"
if [[ -f "/etc/postfix/main.cf" ]]; then
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.`date +%Y%m%d-%H%M`
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
# - Creeate new postfix configuration file
# -
echononl " Creeate new postfix configuration file"
cat <<EOF > /etc/postfix/main.cf
# ============ Basic settings ============
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myorigin = /etc/mailname
smtpd_banner = \$myhostname ESMTP \$mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
## - The Internet protocols Postfix will attempt to use when making
## - or accepting connections.
## - DEFAULT: ipv4
EOF
if [ -n "$_IPV6" ]; then
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4, ipv6
#inet_interfaces = all
inet_interfaces = 127.0.0.1
$_IPV4
$_IPV6
myhostname = $_HOSTNAME
mydestination =
$_HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
[::ffff:127.0.0.0]/104
[::1]/128
${_IPV4}/32
[${_IPV6}]/128
smtp_bind_address = $_IPV4
smtp_bind_address6 = $_IPV6
EOF
else
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4
#inet_interfaces = all
inet_interfaces =
127.0.0.1
$_IPV4
myhostname = $_HOSTNAME
mydestination =
$_HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
${_IPV4}/32
smtp_bind_address = $_IPV4
#smtp_bind_address6 = $_IPV6
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - The method to generate the default value for the mynetworks parameter.
## -
## - mynetworks_style = host" when Postfix should "trust" only the local machine
## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
## - clients in the same IP subnetworks as the local machine.
## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
## - IP class A/B/C networks as the local machine.
## -
#mynetworks_style = host
## - The maximal size of any local(8) individual mailbox or maildir file,
## - or zero (no limit). In fact, this limits the size of any file that is
## - written to upon local delivery, including files written by external
## - commands that are executed by the local(8) delivery agent.
## -
mailbox_size_limit = 0
## - The maximal size in bytes of a message, including envelope information.
## -
## - we user 50MB
## -
message_size_limit = 52480000
## - The system-wide recipient address extension delimiter
## -
recipient_delimiter = +
## - The alias databases that are used for local(8) delivery.
## -
alias_maps =
hash:/etc/aliases
## - The alias databases for local(8) delivery that are updated
## - with "newaliases" or with "sendmail -bi".
## -
alias_database =
hash:/etc/aliases
## - The maximal time a message is queued before it is sent back as
## - undeliverable. Defaults to 5d (5 days)
## - Specify 0 when mail delivery should be tried only once.
## -
maximal_queue_lifetime = 3d
bounce_queue_lifetime = \$maximal_queue_lifetime
## - delay_warning_time (default: 0h)
## -
## - The time after which the sender receives a copy of the message
## - headers of mail that is still queued. To enable this feature,
## - specify a non-zero time value (an integral value plus an optional
## - one-letter suffix that specifies the time unit).
## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
## - The default time unit is h (hours).
delay_warning_time = 1d
EOF
if $_SASL_AUTH ; then
cat <<EOF >> /etc/postfix/main.cf
# ============ Relay parameters ============
#relayhost =
# ============ SASL authentication ============
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Forwarding to the ip-adress of host b.mx.oopen.de
relayhost = [b.mx.oopen.de]
# File including login data
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Force using a (TLS) security connection
# obsulete - use smtp_tls_security_level instead
#smtp_use_tls = yes
#smtp_tls_enforce_peername = no
smtp_tls_security_level = encrypt
# Disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level=encrypt
EOF
else
cat <<EOF >> /etc/postfix/main.cf
# ============ Relay parameters ============
relayhost =
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level=may
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - Aktiviert TLS für den Mailversand
## -
## - may:
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
## - but do not require that clients use TLS encryption.
# smtp_use_tls=yes
smtpd_tls_security_level=may
## - 0 Disable logging of TLS activity.
## - 1 Log TLS handshake and certificate information.
## - 2 Log levels during TLS negotiation.
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
## -
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtpd_tls_cert_file = $_TLS_CERT_FILE
smtpd_tls_key_file = $_TLS_KEY_FILE
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter
## -
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
## - server certificates or intermediate CA certificates. These are loaded into
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
## -
smtp_tls_CAfile = $_TLS_CA_FILE
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
## - necessary "hash" links with, for example, "
## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
## -
## - !! Note !!
## - To use this option in chroot mode, this directory (or a copy) must be inside
## - the chroot jail.
## -
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
## - queue directory (/var/spool/postfix)
## -
#smtpd_tls_CApath = /etc/postfix/certs
# Disable SSLv2 SSLv3 - Postfix SMTP server
#
# List of TLS protocols that the Postfix SMTP server will exclude or
# include with opportunistic TLS encryption.
smtpd_tls_protocols = !SSLv2, !SSLv3
#
# The SSL/TLS protocols accepted by the Postfix SMTP server
# with mandatory TLS encryption.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Disable SSLv2 SSLv3 - Postfix SMTP client
#
# List of TLS protocols that the Postfix SMTP client will exclude or
# include with opportunistic TLS encryption.
smtp_tls_protocols = !SSLv2, !SSLv3
#
# List of SSL/TLS protocols that the Postfix SMTP client will use
# with mandatory TLS encryption
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
## - openssl > 1.0
## -
smtpd_tls_eecdh_grade = strong
# standard list cryptographic algorithm
tls_preempt_cipherlist = yes
# Disable ciphers which are less than 256-bit:
#
#smtpd_tls_mandatory_ciphers = high
#
# opportunistic
smtpd_tls_ciphers = high
# Exclude ciphers
#smtpd_tls_exclude_ciphers =
# RC4
# aNULL
# SEED-SHA
# EXP
# MD5
smtpd_tls_exclude_ciphers =
aNULL
eNULL
EXPORT
DES
RC4
MD5
PSK
aECDH
EDH-DSS-DES-CBC3-SHA
EDH-RSA-DES-CDC3-SHA
KRB5-DE5, CBC3-SHA
smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
EOF
echo_ok
echononl " Configure SASL authentification"
if $_SASL_AUTH ; then
_failed=false
echo "[$_RELAY_HOST] ${_SASL_USER}@${_RELAY_HOST}:$_SASL_PASS" > /etc/postfix/sasl_passwd
if [[ "$?" != "0" ]]; then
error "Setting \"/etc/postfix/sasl_passwd\" failed! "
_failed=true
fi
chown root:root /etc/postfix/sasl_passwd
if [[ "$?" != "0" ]]; then
error "Setting ownership of \"/etc/postfix/sasl_passwd\" failed! "
_failed=true
fi
chmod 600 /etc/postfix/sasl_passwd
if [[ "$?" != "0" ]]; then
error "Setting permissions on \"/etc/postfix/sasl_passwd\" failed! "
_failed=true
fi
postmap /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd.db
if [[ "$?" != "0" ]]; then
error "Creating \"/etc/postfix/sasl_passwd\" failed! "
_failed=true
fi
chown root:root /etc/postfix/sasl_passwd.db
if [[ "$?" != "0" ]]; then
error "Setting ownership of \"/etc/postfix/sasl_passwd.db\" failed! "
_failed=true
fi
if $_failed ; then
echo_failed
else
echo_ok
fi
else
echo_skipped
fi
## - /etc/mailname
## -
echononl " Set \"/etc/mailname\""
echo $_HOSTNAME > /etc/mailname
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
## - /etc/aliases
## -
echononl " Adjust \"/etc/aliases\""
cat << EOF > /etc/aliases
# See man 5 aliases for format
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: $_ADMIN_EMAIL
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
## - create directory for certificates and copy certificates
## - and coresponding keys to /etc/postfix/ssl/
## -
echononl " Create directory for certificates \"/etc/postfix/ssl\""
if [[ -d "/etc/postfix/ssl" ]] ; then
echo_skipped
else
mkdir -p /etc/postfix/ssl
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
## - generate DH parameters that the Postfix SMTP server should use
## - with EDH ciphers (length 512 and 1024
## -
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
echononl " Create Symlink \"$_TLS_CERT_FILE\""
if [ ! -h "$_TLS_CERT_FILE" ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem $_TLS_CERT_FILE
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
echononl " Create Symlink \"$_TLS_KEY_FILE\""
if [ ! -h "$_TLS_KEY_FILE" ]; then
ln -s /etc/ssl/private/ssl-cert-snakeoil.key $_TLS_KEY_FILE
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
## - rebuld alias database
## -
echononl " Rebuld alias database"
newaliases > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
## - restart postfix
## -
echononl " Restart postfix"
if $systemd_exists ; then
systemctl restart postfix > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
/etc/init.d/postfix restart > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
## - Omitt logging into system.log
## -
echononl " Create \"/etc/rsyslog.d/postfix.conf\""
cat << EOF >> /etc/rsyslog.d/postfix.conf
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
mail.* -/var/log/mail.log
& ~
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
echononl " Restart rsyslog daemon"
if $systemd_exists ; then
systemctl restart rsyslog > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
/etc/init.d/rsyslog restart > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
echo ""
exit

1120
BAK/install_postfix_relay.sh Executable file
View File

File diff suppressed because it is too large Load Diff

1011
BAK/install_postfix_relay.sh.00 Executable file
View File

File diff suppressed because it is too large Load Diff

1441
DOC/amavis/amavis_clamav_sa.install Normal file
View File

File diff suppressed because it is too large Load Diff

3
DOC/postfix/etc_postgrey_whitelist_clients.local Normal file
View File

@@ -0,0 +1,3 @@
# For Office 365 - servers:
##/.*outbound.protection.outlook.com$/
/^mail-.*\.outbound\.protection\.outlook\.com$/

461
DOC/postfix/postfix_base_mailsystem.install Normal file
View File

@@ -0,0 +1,461 @@
## ------------------------------------ ## ## - - ##
## - install postfix base system - ##
## - - ##
## - supports ipv6 - ##
## - - ##
## ------------------------------------ ##
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=<hostname>
_IPV4=<ipv4-address>
## - Leave empty, if no IPv6 should be supported
## -
#_IPV6=<ipv6-address>
_IPV6=
_ADMIN_EMAIL=<admin_email>
_SASL_AUTH=<true|false>
_RELAY_HOST=b.mx.oopen.de
_SASL_USER=<sasl_user>
_SASL_PASS='sasl_password'
## - remove exim4 and related if installed and you plan
## - to install an alternative mailer
## -
apt-get remove --purge bsd-mailx exim4 exim4-base exim4-config \
exim4-daemon-light mailx
apt-get install postfix postfix-pcre libsasl2-modules bsd-mailx haveged
if $_SASL_AUTH ; then
apt-get install libsasl2-modules
fi
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.ORIG
cat <<EOF > /etc/postfix/main.cf
# ============ Basic settings ============
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myorigin = /etc/mailname
smtpd_banner = \$myhostname ESMTP \$mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
## - The Internet protocols Postfix will attempt to use when making
## - or accepting connections.
## - DEFAULT: ipv4
EOF
if [ -n "$_IPV6" ]; then
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4, ipv6
#inet_interfaces = all
inet_interfaces = 127.0.0.1
$_IPV4
$_IPV6
myhostname = $_HOSTNAME
mydestination =
$_HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
[::ffff:127.0.0.0]/104
[::1]/128
${_IPV4}/32
[${_IPV6}]/128
smtp_bind_address = $_IPV4
smtp_bind_address6 = $_IPV6
EOF
else
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4
#inet_interfaces = all
inet_interfaces =
127.0.0.1
$_IPV4
myhostname = $_HOSTNAME
mydestination =
$_HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
${_IPV4}/32
smtp_bind_address = $_IPV4
#smtp_bind_address6 = $_IPV6
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - The method to generate the default value for the mynetworks parameter.
## -
## - mynetworks_style = host" when Postfix should "trust" only the local machine
## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
## - clients in the same IP subnetworks as the local machine.
## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
## - IP class A/B/C networks as the local machine.
## -
#mynetworks_style = host
## - The maximal size of any local(8) individual mailbox or maildir file,
## - or zero (no limit). In fact, this limits the size of any file that is
## - written to upon local delivery, including files written by external
## - commands that are executed by the local(8) delivery agent.
## -
mailbox_size_limit = 0
## - The maximal size in bytes of a message, including envelope information.
## -
## - we user 50MB
## -
message_size_limit = 52480000
## - The system-wide recipient address extension delimiter
## -
recipient_delimiter = +
## - The alias databases that are used for local(8) delivery.
## -
alias_maps =
hash:/etc/aliases
## - The alias databases for local(8) delivery that are updated
## - with "newaliases" or with "sendmail -bi".
## -
alias_database =
hash:/etc/aliases
## - The maximal time a message is queued before it is sent back as
## - undeliverable. Defaults to 5d (5 days)
## - Specify 0 when mail delivery should be tried only once.
## -
maximal_queue_lifetime = 3d
bounce_queue_lifetime = \$maximal_queue_lifetime
## - delay_warning_time (default: 0h)
## -
## - The time after which the sender receives a copy of the message
## - headers of mail that is still queued. To enable this feature,
## - specify a non-zero time value (an integral value plus an optional
## - one-letter suffix that specifies the time unit).
## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
## - The default time unit is h (hours).
delay_warning_time = 1d
EOF
if $_SASL_AUTH ; then
cat <<EOF >> /etc/postfix/main.cf
# ============ Relay parameters ============
#relayhost =
# ============ SASL authentication ============
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Forwarding to the ip-adress of host b.mx.oopen.de
relayhost = [b.mx.oopen.de]
# File including login data
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Force using a (TLS) security connection
# obsulete - use smtp_tls_security_level instead
#smtp_use_tls = yes
#smtp_tls_enforce_peername = no
smtp_tls_security_level = encrypt
# Disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level=encrypt
EOF
else
cat <<EOF >> /etc/postfix/main.cf
# ============ Relay parameters ============
relayhost =
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level=may
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - Aktiviert TLS für den Mailversand
## -
## - may:
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
## - but do not require that clients use TLS encryption.
# smtp_use_tls=yes
smtpd_tls_security_level=may
## - 0 Disable logging of TLS activity.
## - 1 Log TLS handshake and certificate information.
## - 2 Log levels during TLS negotiation.
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
## -
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtpd_tls_cert_file = $_TLS_CERT_FILE
smtpd_tls_key_file = $_TLS_KEY_FILE
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
## -
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter
## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
## - server certificates or intermediate CA certificates. These are loaded into
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
## -
smtp_tls_CAfile = $_TLS_CA_FILE
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
## - necessary "hash" links with, for example, "
## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
## -
## - !! Note !!
## - To use this option in chroot mode, this directory (or a copy) must be inside
## - the chroot jail.
## -
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
## - queue directory (/var/spool/postfix)
## -
#smtpd_tls_CApath = /etc/postfix/certs
# Disable SSLv2 SSLv3 - Postfix SMTP server
#
# List of TLS protocols that the Postfix SMTP server will exclude or
# include with opportunistic TLS encryption.
smtpd_tls_protocols = !SSLv2, !SSLv3
#
# The SSL/TLS protocols accepted by the Postfix SMTP server
# with mandatory TLS encryption.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Disable SSLv2 SSLv3 - Postfix SMTP client
#
# List of TLS protocols that the Postfix SMTP client will exclude or
# include with opportunistic TLS encryption.
smtp_tls_protocols = !SSLv2, !SSLv3
#
# List of SSL/TLS protocols that the Postfix SMTP client will use
# with mandatory TLS encryption
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
## - openssl > 1.0
## -
smtpd_tls_eecdh_grade = strong
# standard list cryptographic algorithm
tls_preempt_cipherlist = yes
# Disable ciphers which are less than 256-bit:
#
#smtpd_tls_mandatory_ciphers = high
#
# opportunistic
smtpd_tls_ciphers = high
# Exclude ciphers
#smtpd_tls_exclude_ciphers =
# RC4
# aNULL
# SEED-SHA
# EXP
# MD5
smtpd_tls_exclude_ciphers =
aNULL
eNULL
EXPORT
DES
RC4
MD5
PSK
aECDH
EDH-DSS-DES-CBC3-SHA
EDH-RSA-DES-CDC3-SHA
KRB5-DE5, CBC3-SHA
smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
EOF
if $_SASL_AUTH ; then
echo "[$_RELAY_HOST] ${_SASL_USER}@${_RELAY_HOST}:$_SASL_PASS" > /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
fi
## - create directory for certificates and copy certificates
## - and coresponding keys to /etc/postfix/ssl/
## -
mkdir -p /etc/postfix/ssl
cp <zertificates and keys to> /etc/postfix/ssl/
## - generate DH parameters that the Postfix SMTP server should use
## - with EDH ciphers (length 512 and 1024
## -
openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem $_TLS_CERT_FILE
ln -s /etc/ssl/private/ssl-cert-snakeoil.key $_TLS_KEY_FILE
## - /etc/mailname
## -
echo $_HOSTNAME > /etc/mailname
## - /etc/aliases
## -
cat << EOF > /etc/aliases
# See man 5 aliases for format
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: $_ADMIN_EMAIL
EOF
## - rebuld alias database
## -
newaliases
cat << EOF >> /etc/rsyslog.d/postfix.conf
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
mail.* -/var/log/mail.log
& ~
EOF
/etc/init.d/rsyslog restart

1706
DOC/postfix/postfix_mailsystem.install Normal file
View File

File diff suppressed because it is too large Load Diff

190
DOC/postfix/postfix_sasl_cyrus_on_relayhost.txt Normal file
View File

@@ -0,0 +1,190 @@
## - Configure a postfix server to act as relay host for
## - AUTENTiCATED clients
## -
## - see also Postfix SASL Howto:
## - http://www.postfix.org/SASL_README.html
## - http://www.synology-wiki.de/index.php/Mail-Relay_mit_Postfix
## -
## - Todo:
## - 1.) Configuring SASL authentication in the Postfix SMTP server
## - - Configuring Cyrus SASL - using accounts are stored in a Cyrus SASL
## - Berkeley DB database
## - 2.) Configuring SASL authentication in the Postfix SMTP/LMTP client
## - ------------------------------------------------------------- - ##
## - 1. Configuring SASL authentication at the Postfix SMTP server - ##
## - ------------------------------------------------------------- - ##
## -----------------------------
## - Create the sasldb2 Database
## -
## - To create and maintain the database, we will user the
## - command-line utility "saslpasswd2". So, we have to install
## - the packages sasl2-bin
## -
apt-get install sasl2-bin
## - The sasldb auxprop plugin authenticates SASL clients against credentials
## - that are stored in a Berkeley DB database. The database schema is specific
## - to Cyrus SASL. The database is usually located at /etc/sasldb2
## -
## - !!!!
## - NOTE: in chrooted postfix, thats if chroot in master.cf is not set (have
## - "-") or is set to yes (have "y"), the database "sasdb2" ist
## - searched in the chrooted path. In debian it is file
## - /var/spool/postfix/etc/sasldb2
## - !!!!
## -
## - Create a new account
## -
## - Note:
## - 1.) usernames of accounts are of the Form:
## - <username>@<domain> and NOT <username>
## -
## - 2.) The database-file defaults to "/etc/sasldb2". But on chrooted
## - postfix (as we have), the database file must placed to
## - /var/spool/postfix/etc/sasldb2 - on default debian postfix
## - install. So use flag "-f"
## -
saslpasswd2 -c -u b.mx.oopen.de <username> -f /var/spool/postfix/etc/sasldb2
## - Check with command-line utility "sasldblistusers2"
## -
sasldblistusers2 -f /var/spool/postfix/etc/sasldb2
## ------------------------------------------------
## - Configure and Enable Cyrus SASL authentication
## - in /etc/postfix/main.cf set:
## -
## - smtpd_sasl_type = cyrus
## -
## - # Define the name of the configuration file. Cyrus SASL add's the
## - # suffix ".conf". The location where Cyrus SASL searches for the named
## - # file depends on the Cyrus SASL version and the OS/distribution used.
## - # For debian it is: /etc/postfix/sasl/
## - smtpd_sasl_path = smtpd
## -
## - # enable SASL authentication
## - smtpd_sasl_auth_enable = yes
## -
## - # Disallow methods that allow anonymous authentication.
## - smtpd_sasl_security_options = noanonymous
## - smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
## -
## - # Do not accept SASL authentication over unencrypted connections
## - smtpd_tls_auth_only = yes
## -
vim /etc/postfix/main.cf
## - create /etc/postfix/sasl/smtpd.conf
## -
## - pwcheck_method: auxprop
## - auxprop_plugin: sasldb
## - mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
## -
## - Take care only to use provided login mechanisms
## - # saslpluginviewer -x AUXPROP_MECHS
## -
vim /etc/postfix/sasl/smtpd.conf
## - To allow (dynamic) ip-adresses to relay, even if they ar blacklistet
## - you can use permit_sasl_authenticated in postfix smtpd_relay_restrictions
## - BEFOR checking against blacklists
## -
## - in /etc/postfix/main.cf set:
## -
## - smtpd_recipient_restrictions =
## - ...
## - # permit trusted network mynetwork
## - permit_mynetworks,
## - # sasl authenticated user (we work as relayhost for some office networks)
## - permit_sasl_authenticated,
## - # dont' accept misconfigured Mail
## - reject_non_fqdn_recipient,
## - reject_unknown_sender_domain,
## - reject_unknown_recipient_domain,
## - reject_unlisted_recipient,
## - # RBL check - !! comment out if postcreens postscreen_dnsbl_sites is in use
## - permit_dnswl_client dnswl.oopen.de,
## - #reject_rbl_client zen.spamhaus.org,
## - reject_rbl_client ix.dnsbl.manitu.net,
## - reject_rbl_client bl.spamcop.net,
## - reject_rbl_client dnsbl.njabl.org,
## - # Policyd-Weight
## - ...
## -
vim /etc/postfix/main.cf
## - --------------------------------------------------------------- - ##
## - Configuring SASL authentication in the Postfix SMTP/LMTP client - ##
## - --------------------------------------------------------------- - ##
## - Notice: you have to install Pluggable Authentication Modules for SASL
## - for debian: install package libsasl2-modules
## -
apt-get install libsasl2-modules
## - Edit file /etc/postfix/main.cf and set:
## -
## - # Enable SASL authentication
## - smtp_sasl_auth_enable = yes
## -
## - # Forwarding to the ip-adress of host b.mx.oopen.de
## - relayhost = [b.mx.oopen.de]
## -
## - # File including login data
## - smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
## -
## - # Force using a (TLS) security connection
## - # obsulete - use smtp_tls_security_level instead
## - #smtp_use_tls = yes
## - #smtp_tls_enforce_peername = no
## - smtp_tls_security_level = encrypt
## -
## - # Disallow methods that allow anonymous authentication.
## - smtp_sasl_security_options = noanonymous
## -
vim /etc/postfix/main.cf
## - Enter SASL account data into file /etc/postfix/sasl_passwd
## -
## - <relayhost> <username>:<password>
## -
## - Note: if relayhost is configured as above, username is of the form
## - <username>@<domain>
## -
vim /etc/postfix/sasl_passwd
## - Important
## -
## - Keep the SASL client password file in /etc/postfix, and make the file
## - read+write only for root to protect the username/password combinations against
## - other users. The Postfix SMTP client will still be able to read the SASL
## - client passwords. It opens the file as user root before it drops privileges,
## - and before entering an optional chroot jail.
## -
chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
## - Create databasefile of /etc/postfix/sasl_passwd
## -
postmap /etc/postfix/sasl_passwd
## - Reload postfix
## -
/etc/init.d/postfix reload

29
DOC/postfix/whitelist_email_domain_postgrey.txt Normal file
View File

@@ -0,0 +1,29 @@
## - Empfänger Domains oder E-Mailadressen vom Greylisting
## -ausschliessen
## - Dazu zu sind Einträge in der whitelist_recipients nötig.
## - Das ist die Whitelist für die Empfänger, die dort eingetragenen
## - Domains, Postfächer oder E-Mail-Adressen werden vom Greylisting
## - ausgeschlossen.
## -
## - Die whitelist_recipients sind unter /etc/postgrey zu finden.
## -
vim /etc/postgrey/whitelist_recipients
## - Beispiel /etc/postgrey/whitelist_recipients:
## -
## - # postgrey whitelist for mail recipients
## - # --------------------------------------
## - # put this file in /etc/postgrey or specify its path
## - # with --whitelist-recipients=xxx
## -
## - postmaster@
## - abuse@
## -
## - # Domain und E-Mail-Adresse vom Greylisting ausschließen
## - oopen.de
## - wolle@k8h.de
## -
## - # Diese Einträge wären ueberflüssig
## - #ckubu-adm@oopen.de
## - #argus@oopen.de

185
DOC/postfix/whitelist_host_ip_address.txt Normal file
View File

@@ -0,0 +1,185 @@
## - To whitelist a server ther a multiple possibilities
## -
## -----
## - 1.)
## -
## - To whitelist a server (name or ip-adress) or network , create the file
## - /etc/postfix/rbl_override
## - where you list all IP addresses or host names
## - (one per line!) that you want to whitelist:
## -
## - 1.2.3.4 OK
## - mail.freemailer.tld OK
## - 194.25.134/24 OK
## - ...
## -
vim /etc/postfix/rbl_override
## - After you've created/modified that file, you must run:
## -
postmap btree:/etc/postfix/rbl_override
#postmap /etc/postfix/rbl_override
## - Next open
## - /etc/postfix/main.cf
## - and search for the smtpd_recipient_restrictions parameter.
## - Add check_client_access hash:/etc/postfix/rbl_override to
## - that parameter, after reject_unauth_destination, but before
## - the first blacklist.
## -
## - smtpd_recipient_restrictions =
## - ...
## - permit_sasl_authenticated,
## - check_client_access btree:/etc/postfix/rbl_override,
## - #check_client_access hash:/etc/postfix/rbl_override,
## - reject_rbl_client zen.spamhaus.org,
## - ...
## - Now restart postfix:
## -
/etc/init.d/postfix restart
## ----
## - Notice:
## - there are also whitelist dns service, like list.dnswl.org
## - see: http://www.dnswl.org/
## - requesting such a service works the same as requesting a
## - blacklist server like
## -
## - for example the server 194.25.134.17 (one mailserver from t-online)
## - is blacklisted at bl.spamcop.net. that means the request
## -
## - chris@sol:~$ dig 17.134.25.194.bl.spamcop.net
## -
## - results in an ANSWER SECTION like
## -
## - 17.134.25.194.bl.spamcop.net. 2100 IN A 127.0.0.2
## -
## - ( or using host command:
## - chris@sol:~$ host 17.134.25.194.bl.spamcop.net
## - 17.134.25.194.bl.spamcop.net has address 127.0.0.2 )
## -
## - in contrast to "not found: 3(NXDOMAIN)" in case of a not blacklistet one
## -
## -
## - That t-online server is also (white-)listed at the at list.dnswl.org and
## - so, the request
## -
## - chris@sol:~$ dig 17.134.25.194.list.dnswl.org
## -
## - results in an ANSWER SECTION like:
## -
## - 17.134.25.194.list.dnswl.org. 12506 IN A 127.0.5.0
## -
## - or rather
## - chris@sol:~$ host 17.134.25.194.list.dnswl.org
## - 17.134.25.194.list.dnswl.org has address 127.0.5.0
## -
## -
## -----
## -----
## - 2.)
## -
## - You can question more than one blacklist server an also whitelist server,
## - weight the single result and make a decision after getting the all-overresult
## -
## - Do so, use parameters "postscreen_dnsbl_sites and"
## - "postscreen_dnsbl_threshold".
## -
## -
## - Example configuration:
## -
## - postscreen_dnsbl_sites =
## - one.blacklist.server.com*2
## - another.blacklist.server.com
## - third.blacklist.server.com
## - list.dnswl.org*-3
## - postscreen_dnsbl_threshold=1 # (the default value)
## -
## - if the requested incomming-ip-adress matches the first blacklist server,
## - you get a result of "2" (because the entry for that blacklict server is
## - weighted with 2).
## - if the requested ip-address matches the second or the third blacklist
## - server the result is each with "1"
## - if the requested ip-address matches the whitelist server, the result
## - is "-3"
## -
## - assuming all servers matches, than the all over result is "2+1+1-3=1".
## - because 1 is equal or grater than "1" (the value of the parameter of
## - "postscreen_dnsbl_threshold"), the concerning the concerning network
## - connection will be dropped.
## -
## - assuming the first and second blacklist server and also the whitelist
## - server matches the concerning the all over result is "2+1-3=0".
## - Because 0 is lower then 1 (the value of the parameter
## - "postscreen_dnsbl_threshold"). the connection will be accepted (at that
## - point)
## -
## -
## - See "man postconf" or site
## - http://www.postfix.org/postconf.5.html for advanced usage
## -
## -----
## -----
## - 3.)
## -
## - you can use postfix conf parameter "permit_dnswl_client"
## - in main.cf
## -
## - here is an example using list.dnswl.org
## -
## - smtpd_recipient_restrictions =
## - ...
## - permit_sasl_authenticated,
## - permit_dnswl_client list.dnswl.org,
## - reject_rbl_client someblacklist.example.com,
## - reject_rbl_client moreblacklist.example.com,
## - permit_mynetworks,
## - ...
## -
## - To override only for "low", "med" and "hi" (see
## - http://www.dnswl.org/tech):
## -
## - smtpd_recipient_restrictions =
## - ...
## - permit_sasl_authenticated,
## - permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3],
## - reject_rbl_client someblacklist.example.com,
## - permit_mynetworks,
## - reject_unauth_destination
## -
## -----
## - Notice:
## -
## - I have configured some white list entries d.c.b.a.dnswl.oopen.de.
## - see file /opt/tinydns/root/zonefiles/dnswl.oopen.de.zone on
## - a.ns.oopen.de
## -
## - i.e. to avoid blacklisting t-online servers 194.25.134.*, i added
## - the followig entry
## - +*.134.25.194.dnswl.oopen.de:127.0.0.2:4300
## -
## - i added also a concerning TXT record (not needed):
## - '*.134.25.194.dnswl.oopen.de:T-Online:4300
## -
## - concernin entry in smtpd_recipient_restrictions of main.cf:
## -
## - ...
## - # RBL check - !! comment out if postcreens postscreen_dnsbl_sites is in use
## - # Whitelist (configured on a.ns.oopen.de
## - # in /opt/tinydns/root/zonefiles/dnswl.oopen.de.zone )
## - permit_dnswl_client dnswl.oopen.de,
## - # Blacklists
## - reject_rbl_client zen.spamhaus.org,
## - reject_rbl_client ix.dnsbl.manitu.net,
## - ...

58
DOC/roundcube/Environments/postfixadmin.env.a.mx.oopen.de Normal file
View File

@@ -0,0 +1,58 @@
## - Postfixadmin environment for server
## -
## - a.mx.oopen.de (adm.oopen.de)
## -
## -------------------------------------
## - a.mx.oopen.de (adm.oopen.de)
HOSTNAME=adm.oopen.de
DOMAIN=oopen.de
ADMIN_EMAIL="admin\@oopen.de"
APACHE_CONF_DIR=/usr/local/apache2/conf
APACHE_VHOST_DIR=/usr/local/apache2/conf/vhosts
APACHE_BASE_WEBDIR=/var/www
APACHE_LOG_DIR=/var/log/apache2
APACHE_USER=www-data
APACHE_GROUP=www-data
_use_mod_php=false
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=sub.class2.server.ca.pem
## - adm.oopen.de
IPV4=83.223.86.91
IPV6=2a01:30:0:13:2f7:50ff:fed2:cef7
#_pf_admin_version=2.91
_pf_admin_version=3.0
#_db_type='mysql'
_db_type='pgsql'
_db_name='postfix'
_db_user='postfix'
_db_pass='FKt4z55FxMZp'
#_db_host='localhost'
_db_host='/var/run/postgresql'
# _encrypt=md5crypt
_encrypt=cleartext
_spam_folder=Spam
_autoreply_domain='autoreply.oopen.de'
vacation_user=vacation
vacation_group=vacation
deleted_maildirs="/var/deleted-maildirs"
deleted_maildomains="/var/deleted-maildomains"

60
DOC/roundcube/Environments/postfixadmin.env.c.mx.oopen.de Normal file
View File

@@ -0,0 +1,60 @@
## - Postfixadmin environment for server
## -
## - c.mx.oopen.de (adm.initiativenserver.de)
## -
## -------------------------------
## - c.mx.oopen.de (adm.initiativenserver.de)
HOSTNAME=adm.initiativenserver.de
DOMAIN=initiativenserver.de
ADMIN_EMAIL="admin\@initiativenserver.de"
APACHE_CONF_DIR=/usr/local/apache2/conf
APACHE_VHOST_DIR=/usr/local/apache2/conf/vhosts
APACHE_BASE_WEBDIR=/var/www
APACHE_LOG_DIR=/var/log/apache2
APACHE_USER=www-data
APACHE_GROUP=www-data
_use_mod_php=false
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=SSL123_CA_Bundle.pem
IPV4=83.223.85.101
IPV6=2a01:30:1fff:3::101
_pf_admin_version=code-1676-trunk
#_db_type='pgsql'
_db_type='mysql'
_db_name='postfix'
_db_user='postfix'
_db_pass='AeB4kohyie5rahJ7'
#_db_host='/var/run/postgresql'
_db_host='localhost'
_mysql_rootuser=root
_mysql_rootpass=buz111
# _encrypt=md5crypt
_encrypt=cleartext
#_spam_folder=Spam
_spam_folder=Junk
_autoreply_domain='autoreply.initiativenserver.de'
vacation_user=vacation
vacation_group=vacation
deleted_maildirs="/var/deleted-maildirs"
deleted_maildomains="/var/deleted-maildomains"

65
DOC/roundcube/Environments/postfixadmin.env.mail.interventionistische-linke.org Normal file
View File

@@ -0,0 +1,65 @@
## - Postfixadmin environment for server
## -
## - adm.interventionistische-linke.org
## -
## --------------------------------------------------------------------------
## - mail.interventionistische-linke.org (adm.interventionistische-linke.org)
HOSTNAME=adm.interventionistische-linke.org
DOMAIN=interventionistische-linke.org
ADMIN_EMAIL="support\@interventionistische-linke.org"
APACHE_CONF_DIR=/usr/local/apache2/conf
APACHE_VHOST_DIR=/usr/local/apache2/conf/vhosts
APACHE_BASE_WEBDIR=/var/www
APACHE_LOG_DIR=/var/log/apache2
APACHE_USER=www-data
APACHE_GROUP=www-data
_use_mod_php=false
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=sub.class2.server.ca.pem
IPV4=83.223.85.215
IPV6=2a01:30:1fff:5::215
_pf_admin_version=2.91
#_db_type='mysql'
_db_type='pgsql'
_db_name='postfix'
_db_user='postfix'
_db_pass='NcXxt7sf7bfV'
#_db_host='localhost'
_db_host='/var/run/postgresql'
_encrypt=md5crypt
#_encrypt=cleartext
_spam_folder=Spam
_autoreply_domain='autoreply.interventionistische-linke.org'
vacation_user=vacation
vacation_group=vacation
deleted_maildirs="/data/deleted-maildirs"
deleted_maildomains="/data/deleted-maildomains"
_welcome_email="
Hallo,
Deine neue E-Mail Adresse ist eingerichtet.
- IL - Interventionistische Linke
--
e: support@interventionistische-linke.org"

68
DOC/roundcube/Environments/postfixadmin.env.mx.warenform.de Normal file
View File

@@ -0,0 +1,68 @@
## - Postfixadmin environment for server
## -
## - mx.warenform.de (adm.warenform.de)
## -
## -------------------------------------
## - mx.warenform.de (adm.warenform.de)
HOSTNAME=adm.warenform.de
DOMAIN=warenform.de
ADMIN_EMAIL="admin\@warenform.de"
APACHE_CONF_DIR=/usr/local/apache2/conf
APACHE_VHOST_DIR=/usr/local/apache2/conf/vhosts
APACHE_BASE_WEBDIR=/var/www
APACHE_LOG_DIR=/var/log/apache2
APACHE_USER=www-data
APACHE_GROUP=www-data
_use_mod_php=false
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=SSL123_CA_Bundle.pem
IPV4=83.223.85.154
IPV6=2a01:30:1fff:6::154
#_pf_admin_version=2.3.7
_pf_admin_version=2.91
#_db_type='mysql'
_db_type='pgsql'
_db_name='postfix'
_db_user='postfix'
_db_pass='CbX8vg347Vvm'
#_db_host='localhost'
_db_host='/var/run/postgresql'
# _encrypt=md5crypt
_encrypt=cleartext
_spam_folder=Spam
_autoreply_domain='autoreply.warenform.de'
vacation_user=vacation
vacation_group=vacation
deleted_maildirs="/var/deleted-maildirs"
deleted_maildomains="/var/deleted-maildomains"
_welcome_email="
Hallo,
Ihre neue E-Mail Adresse ist eingerichtet.
Das WARENFORM-Team
--
WARENFORM | Phone: +49 30 / 61 65 17 52 -0
Dresdner Str. 11 | Fax: +49 30 / 61 65 17 52 -66
D-10999 Berlin | http://www.warenform.net"

65
DOC/roundcube/Environments/postfixadmin.env.rage.so36.net Normal file
View File

@@ -0,0 +1,65 @@
## - Postfixadmin environment for server
## -
## - rage.so36.net (adm.so36.net)
## -
## -------------------------------
## - rage.so36.net (adm.so36.net)
HOSTNAME=adm.so36.net
DOMAIN=so36.net
ADMIN_EMAIL="support\@so36.net"
APACHE_CONF_DIR=/etc/apache2
APACHE_VHOST_DIR=/etc/apache2/sites-available
APACHE_BASE_WEBDIR=/var/www
APACHE_LOG_DIR=/var/log/apache2
APACHE_USER=www-data
APACHE_GROUP=www-data
_use_mod_php=false
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=sub.class2.server.ca.pem
IPV4=83.223.73.193
IPV6=2a01:30:1fff:fd00::193
_pf_admin_version=2.3.7
#_db_type='mysql'
_db_type='pgsql'
_db_name='postfix'
_db_user='postfix'
_db_pass='9jKqFHNGrgFb'
#_db_host='localhost'
_db_host='/var/run/postgresql'
_encrypt=md5crypt
#_encrypt=cleartext
_spam_folder=Spam
_autoreply_domain='autoreply.so36.net'
vacation_user=vacation
vacation_group=vacation
deleted_maildirs="/data/deleted-maildirs"
deleted_maildomains="/data/deleted-maildomains"
_welcome_email="
Hallo,
Deine neue E-Mail Adresse ist eingerichtet.
- so36.NET
--
e: support@so36.net"

69
DOC/roundcube/Environments/roundcube.env.webmail.initiativenserver.de Normal file
View File

@@ -0,0 +1,69 @@
## - Rounfcube environment for server
## -
## - c.mx.oopen.de (webmail.initiativenserver.de)
## -
## - webmail.initiativenserver.de
## -
SRC_BASE_DIR=/usr/local/src/mailsystem
SRC_ARCHIVE_DIR=${SRC_BASE_DIR}/tarballs
ROUNDCUBE_VERSION=1.1.3
SPAM_FOLDER_NAME=Junk
WEBSITE=webmail.initiativenserver.de
IPV4=83.223.85.101
IPV6=2a01:30:1fff:3::101
WEBMASTER_EMAIL=admin@oopen.de
WEBMAIL_BASEDIR=/var/www/webmail.initiativenserver.de
WEBMAIL_TMPDIR=${WEBMAIL_BASEDIR}/temp
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APACHE_LOG_DIR=${WEBMAIL_BASEDIR}/logs
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=sub.class2.server.ca.pem
## - apache installed from debian package system ?
## -
_apache_debian=false
## - if installed from source, specify vhost directory
## -
_vhost_dir=/usr/local/apache2/conf/vhosts
_apache_cert_dir=/usr/local/apache2/conf
if $_apache_debian ; then
_vhost_dir=/etc/apache2/sites-available
_apache_cert_dir=/etc/apache2
fi
_SSLCertificateChainFile=""
if [ -n "$CERT_ChainFile" ];then
_SSLCertificateChainFile="SSLCertificateChainFile ${_apache_cert_dir}/$CERT_ChainFile"
fi
_autoreply_domain=autoreply.oopen.de
#_db_type=pgsql
_db_type=mysql
_db_host=localhost
_db_user=roundcube
_db_pass=re6Xe8Fereejai3D
#_mysql_rootuser=root
#_mysql_rootpass=<root-pass>
## -
## - END: webmail.initiativenserver.de

69
DOC/roundcube/Environments/roundcube.env.webmail.interventionistische-linke.org Normal file
View File

@@ -0,0 +1,69 @@
## - Rounfcube environment for server
## -
## - webmail.interventionistische-linke.org (webmail.interventionistische-linke.org)
## -
## - webmail.interventionistische-linke.org
## -
SRC_BASE_DIR=/usr/local/src/mailsystem
SRC_ARCHIVE_DIR=${SRC_BASE_DIR}/tarballs
ROUNDCUBE_VERSION=1.1.3
SPAM_FOLDER_NAME=SPAM
WEBSITE=webmail.interventionistische-linke.org
IPV4=83.223.73.211
IPV6=2a01:30:1fff:fd00::194
WEBMASTER_EMAIL=admin@oopen.de
WEBMAIL_BASEDIR=/var/www/webmail.interventionistische-linke.org
WEBMAIL_TMPDIR=${WEBMAIL_BASEDIR}/temp
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APACHE_LOG_DIR=${WEBMAIL_BASEDIR}/logs
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=sub.class2.server.ca.pem
## - apache installed from debian package system ?
## -
_apache_debian=true
## - if installed from source, specify vhost directory
## -
_vhost_dir=/usr/local/apache2/conf/vhosts
_apache_cert_dir=/usr/local/apache2/conf
if $_apache_debian ; then
_vhost_dir=/etc/apache2/sites-available
_apache_cert_dir=/etc/apache2
fi
_SSLCertificateChainFile=""
if [ -n "$CERT_ChainFile" ];then
_SSLCertificateChainFile="SSLCertificateChainFile ${_apache_cert_dir}/$CERT_ChainFile"
fi
_autoreply_domain=autoreply.interventionistische-linke.org
_db_type=pgsql
#_db_type=mysql
_db_host=localhost
_db_user=roundcube
_db_pass=MjXQJpR9SvcX
#_mysql_rootuser=root
#_mysql_rootpass=<root-pass>
## -
## - END: webmail.interventionistische-linke.org

74
DOC/roundcube/Environments/roundcube.env.webmail.oopen.de Normal file
View File

@@ -0,0 +1,74 @@
## - Rounfcube environment for server
## -
## - a.mx.oopen.de (webmail.oopen.de)
## -
## ----------------------
## - webmail.oopen.de
## -
SRC_BASE_DIR=/usr/local/src/mailsystem
SRC_ARCHIVE_DIR=${SRC_BASE_DIR}/tarballs
ROUNDCUBE_VERSION=1.2.2
SPAM_FOLDER_NAME=Spam
WEBSITE=webmail.oopen.de
IPV4=83.223.86.91
IPV6=2a01:30:0:13:2f7:50ff:fed2:cef7
WEBMASTER_EMAIL=admin@oopen.de
WEBMAIL_BASEDIR=/var/www/webmail.oopen.de
WEBMAIL_TMPDIR=${WEBMAIL_BASEDIR}/temp
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APACHE_LOG_DIR=${WEBMAIL_BASEDIR}/logs
#APACHE_SERVER_CERT=webmail.oopen.de-bundle.crt
#APACHE_SERVER_KEY=webmail.oopen.de.key
APACHE_SERVER_CERT=server-bundle.crt
APACHE_SERVER_KEY=server.key
_use_mod_php=false
## - Leave empty if not needed
## -
#CERT_ChainFile=
## - apache installed from debian package system ?
## -
_apache_debian=false
## - if installed from source, specify vhost directory
## -
_vhost_dir=/usr/local/apache2/conf/vhosts
_apache_cert_dir=/usr/local/apache2/conf
if $_apache_debian ; then
_vhost_dir=/etc/apache2/sites-available
_apache_cert_dir=/etc/apache2
fi
_SSLCertificateChainFile=""
if [ -n "$CERT_ChainFile" ];then
_SSLCertificateChainFile="SSLCertificateChainFile ${_apache_cert_dir}/$CERT_ChainFile"
fi
_autoreply_domain=autoreply.oopen.de
_db_type=pgsql
#_db_type=mysql
_db_host=localhost
_db_user=roundcube
_db_pass=3Dsz3j5R
_db_name=roundcubemail
#_mysql_rootuser=root
#_mysql_rootpass=<root-pass>
## -
## - END: webmail.oopen.de

69
DOC/roundcube/Environments/roundcube.env.webmail.so36.net Normal file
View File

@@ -0,0 +1,69 @@
## - Rounfcube environment for server
## -
## - rage.so36.net (webmail.so36.net)
## -
## - webmail.oopen.de
## -
SRC_BASE_DIR=/usr/local/src/mailsystem
SRC_ARCHIVE_DIR=${SRC_BASE_DIR}/tarballs
ROUNDCUBE_VERSION=1.1.3
SPAM_FOLDER_NAME=SPAM
WEBSITE=webmail.so36.net
IPV4=83.223.73.211
IPV6=2a01:30:1fff:fd00::194
WEBMASTER_EMAIL=roots@so36.net
WEBMAIL_BASEDIR=/var/www/webmail.so36.net
WEBMAIL_TMPDIR=${WEBMAIL_BASEDIR}/temp
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APACHE_LOG_DIR=${WEBMAIL_BASEDIR}/logs
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=sub.class2.server.ca.pem
## - apache installed from debian package system ?
## -
_apache_debian=true
## - if installed from source, specify vhost directory
## -
_vhost_dir=/usr/local/apache2/conf/vhosts
_apache_cert_dir=/usr/local/apache2/conf
if $_apache_debian ; then
_vhost_dir=/etc/apache2/sites-available
_apache_cert_dir=/etc/apache2
fi
_SSLCertificateChainFile=""
if [ -n "$CERT_ChainFile" ];then
_SSLCertificateChainFile="SSLCertificateChainFile ${_apache_cert_dir}/$CERT_ChainFile"
fi
_autoreply_domain=autoreply.so36.net
_db_type=pgsql
#_db_type=mysql
_db_host=localhost
_db_user=roundcube
_db_pass=MjXQJpR9SvcX
#_mysql_rootuser=root
#_mysql_rootpass=<root-pass>
## -
## - END: webmail.so36.net

72
DOC/roundcube/Environments/roundcube.env.webmail.warenform.de Normal file
View File

@@ -0,0 +1,72 @@
## - Rounfcube environment for server
## -
## - mx.warenform.de (webmail.warenform.de)
## -
## ----------------------
## - webmail.warenform.de
## -
SRC_BASE_DIR=/usr/local/src/mailsystem
SRC_ARCHIVE_DIR=${SRC_BASE_DIR}/tarballs
#ROUNDCUBE_VERSION=0.9.5
ROUNDCUBE_VERSION=1.0.1
SPAM_FOLDER_NAME=SPAM
WEBSITE=webmail.warenform.de
IPV4=83.223.85.154
IPV6=2a01:30:1fff:6::154
WEBMASTER_EMAIL=admin@warenform.de
WEBMAIL_BASEDIR=/var/www/webmail.warenform.de
WEBMAIL_TMPDIR=${WEBMAIL_BASEDIR}/temp
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APACHE_LOG_DIR=/var/log/apache2
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
_use_mod_php=false
## - Leave empty if not needed
## -
CERT_ChainFile=SSL123_CA_Bundle.pem
## - apache installed from debian package system ?
## -
_apache_debian=false
## - if installed from source, specify vhost directory
## -
_vhost_dir=/usr/local/apache2/conf/vhosts
_apache_cert_dir=/usr/local/apache2/conf
if $_apache_debian ; then
_vhost_dir=/etc/apache2/sites-available
_apache_cert_dir=/etc/apache2
fi
_SSLCertificateChainFile=""
if [ -n "$CERT_ChainFile" ];then
_SSLCertificateChainFile="SSLCertificateChainFile ${_apache_cert_dir}/$CERT_ChainFile"
fi
_autoreply_domain=autoreply.warenform.de
_db_type=pgsql
#_db_type=mysql
_db_host=localhost
_db_user=roundcube
_db_pass=Hoo5heis
_db_name=roundcubemail
#_mysql_rootuser=root
#_mysql_rootpass=<root-pass>

69
DOC/roundcube/Environments/roundcube.env.webmail2.initiativenserver.de Normal file
View File

@@ -0,0 +1,69 @@
## - Rounfcube environment for server
## -
## - c.mx.oopen.de (webmail2.initiativenserver.de)
## -
## - webmail2.initiativenserver.de
## -
SRC_BASE_DIR=/usr/local/src/mailsystem
SRC_ARCHIVE_DIR=${SRC_BASE_DIR}/tarballs
ROUNDCUBE_VERSION=1.1.3
SPAM_FOLDER_NAME=Junk
WEBSITE=webmail2.initiativenserver.de
IPV4=83.223.85.101
IPV6=2a01:30:1fff:3::101
WEBMASTER_EMAIL=admin@oopen.de
WEBMAIL_BASEDIR=/var/www/webmail2.initiativenserver.de
WEBMAIL_TMPDIR=${WEBMAIL_BASEDIR}/temp
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APACHE_LOG_DIR=${WEBMAIL_BASEDIR}/logs
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
## - Leave empty if not needed
## -
CERT_ChainFile=sub.class2.server.ca.pem
## - apache installed from debian package system ?
## -
_apache_debian=false
## - if installed from source, specify vhost directory
## -
_vhost_dir=/usr/local/apache2/conf/vhosts
_apache_cert_dir=/usr/local/apache2/conf
if $_apache_debian ; then
_vhost_dir=/etc/apache2/sites-available
_apache_cert_dir=/etc/apache2
fi
_SSLCertificateChainFile=""
if [ -n "$CERT_ChainFile" ];then
_SSLCertificateChainFile="SSLCertificateChainFile ${_apache_cert_dir}/$CERT_ChainFile"
fi
_autoreply_domain=autoreply.oopen.de
#_db_type=pgsql
_db_type=mysql
_db_host=localhost
_db_user=roundcube
_db_pass=re6Xe8Fereejai3D
#_mysql_rootuser=root
#_mysql_rootpass=<root-pass>
## -
## - END: webmail2.initiativenserver.de

72
DOC/roundcube/Environments/roundcube.env.webmail2.oopen.de Normal file
View File

@@ -0,0 +1,72 @@
## - Rounfcube environment for server
## -
## - a.mx.oopen.de (webmail2.oopen.de)
## -
## ----------------------
## - webmail2.oopen.de
## -
SRC_BASE_DIR=/usr/local/src/mailsystem
SRC_ARCHIVE_DIR=${SRC_BASE_DIR}/tarballs
ROUNDCUBE_VERSION=1.1.4
SPAM_FOLDER_NAME=Spam
WEBSITE=webmail2.oopen.de
IPV4=83.223.85.165
IPV6=2a01:30:1fff:9::165
WEBMASTER_EMAIL=admin@oopen.de
WEBMAIL_BASEDIR=/var/www/webmail2.oopen.de
WEBMAIL_TMPDIR=${WEBMAIL_BASEDIR}/temp
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APACHE_LOG_DIR=${WEBMAIL_BASEDIR}/logs
APACHE_SERVER_CERT=wildcard.oopen.de-bundle.crt
APACHE_SERVER_KEY=wildcard.oopen.de.key
_use_mod_php=false
## - Leave empty if not needed
## -
#CERT_ChainFile=
## - apache installed from debian package system ?
## -
_apache_debian=false
## - if installed from source, specify vhost directory
## -
_vhost_dir=/usr/local/apache2/conf/vhosts
_apache_cert_dir=/usr/local/apache2/conf
if $_apache_debian ; then
_vhost_dir=/etc/apache2/sites-available
_apache_cert_dir=/etc/apache2
fi
_SSLCertificateChainFile=""
if [ -n "$CERT_ChainFile" ];then
_SSLCertificateChainFile="SSLCertificateChainFile ${_apache_cert_dir}/$CERT_ChainFile"
fi
_autoreply_domain=autoreply.oopen.de
_db_type=pgsql
#_db_type=mysql
_db_host=localhost
_db_user=roundcube
_db_pass=3Dsz3j5R
_db_name=roundcubemail2
#_mysql_rootuser=root
#_mysql_rootpass=<root-pass>
## -
## - END: webmail2.oopen.de

71
DOC/roundcube/Environments/roundcube.env.webmail2.warenform.de Normal file
View File

@@ -0,0 +1,71 @@
## - Rounfcube environment for server
## -
## - mx.warenform.de (webmail2.warenform.de)
## -
## ----------------------
## - webmail.warenform.de
## -
SRC_BASE_DIR=/usr/local/src/mailsystem
SRC_ARCHIVE_DIR=${SRC_BASE_DIR}/tarballs
ROUNDCUBE_VERSION=1.1.1
SPAM_FOLDER_NAME=SPAM
WEBSITE=webmail2.warenform.de
IPV4=83.223.85.154
IPV6=2a01:30:1fff:6::154
WEBMASTER_EMAIL=admin@warenform.de
WEBMAIL_BASEDIR=/var/www/webmail2.warenform.de
WEBMAIL_TMPDIR=${WEBMAIL_BASEDIR}/temp
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APACHE_LOG_DIR=/var/log/apache2
APACHE_SERVER_CERT=server.crt
APACHE_SERVER_KEY=server.key
_use_mod_php=false
## - Leave empty if not needed
## -
#CERT_ChainFile=SSL123_CA_Bundle.pem
## - apache installed from debian package system ?
## -
_apache_debian=false
## - if installed from source, specify vhost directory
## -
_vhost_dir=/usr/local/apache2/conf/vhosts
_apache_cert_dir=/usr/local/apache2/conf
if $_apache_debian ; then
_vhost_dir=/etc/apache2/sites-available
_apache_cert_dir=/etc/apache2
fi
_SSLCertificateChainFile=""
if [ -n "$CERT_ChainFile" ];then
_SSLCertificateChainFile="SSLCertificateChainFile ${_apache_cert_dir}/$CERT_ChainFile"
fi
_autoreply_domain=autoreply.warenform.de
_db_type=pgsql
#_db_type=mysql
_db_host=localhost
_db_user=roundcube
_db_pass=Hoo5heis
_db_name=roundcubemail2
#_mysql_rootuser=root
#_mysql_rootpass=<root-pass>

2122
DOC/roundcube/roundcube.install Normal file
View File

File diff suppressed because it is too large Load Diff

12
DOC/roundcube/roundcube.reset_admin.txt Normal file
View File

@@ -0,0 +1,12 @@
## - To reset Plugin Manager superadmin account do the following
## -
- Logout from Roundcube and close your browser to make sure all sessions are ended.
- Delete the [md5-hash].myrc file in the root of the Roundcube installation folder.
- DROP table plugin_manager from roundcube SQL database.
- Remove entry myrc_plugin_manager from system table.
- Login to Roundcube.

805
DOC/roundcube/roundcube_plugin.install Normal file
View File

@@ -0,0 +1,805 @@
## ----------------------
## - webmail.warenform.de
## -
. roundcube.env.webmail.warenform.de
## -
## - END: webmail.warenform.de
## ----------------------------
## ----------------------
## - webmail2.warenform.de
## -
. roundcube.env.webmail2.warenform.de
## -
## - END: webmail.warenform.de
## ----------------------------
## ----------------------
## - webmail.so36.net
## -
. roundcube.env.webmail.so36.net
## -
## - END: webmail.so36.net
## ----------------------------
## ----------------------
## - webmail.interventionistische-linke.org
## -
. roundcube.env.webmail.interventionistische-linke.org
## -
## - END: webmail.interventionistische-linke.org
## ----------------------------
## ----------------------
## - webmail.initiativenserver.de
## -
. roundcube.env.webmail.initiativenserver.de
## -
## - END: webmail.interventionistische-linke.org
## ----------------------------
## ----------------------
## - webmail2.initiativenserver.de
## -
. roundcube.env.webmail2.initiativenserver.de
## -
## - END: webmail.interventionistische-linke.org
## ----------------------------
## ----------------------
## - webmail2.oopen.de
## -
. roundcube.env.webmail2.oopen.de
## -
## - END: webmail.oopen.de
## ----------------------------
## ----------------------
## - webmail.oopen.de
## -
. roundcube.env.webmail.oopen.de
## -
## - END: webmail.oopen.de
## ----------------------------
## ----------------------------------------------- #
## --- integrate jqueryui plugin for roundcube --- #
## ----------------------------------------------- #
## - jqueryui plugin comes with roundcube core distribution. So you have
## - only to register it.
## - register jqueryui plugin with roundcube
## -
## - edit $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## -
## - add "login_lang" to array plugins
## - $config['plugins'] = array('jqueryui');
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## ----------------------------------------------- #
## --- integrate password plugin for roundcube --- #
## ----------------------------------------------- #
cp $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/password/config.inc.php.dist \
$WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/password/config.inc.php
## - edit $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/password/config.inc.php
## -
## - adjust:
## -
## - $config['password_driver'] = 'sql';
## - $config['password_confirm_current'] = true;
## -
## - $config['password_minimum_length'] = 8;
## - $config['password_require_nonalpha'] = true;
## -
## - NOTE: The database configuration data from POSTFIX Dateabase are needed !!
## - Put in your database credentials
## -
## - $config['password_db_dsn'] = '${_db_type}://${_db_user}:${_db_pass}@localhost/${_db_name}';
## -
## - $config['password_query'] = 'UPDATE mailbox SET password=%p WHERE username=%u';
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/password/config.inc.php
## - register password plugin with roundcube
## -
## - edit $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## -
## - add "password" to array plugins
## - $config['plugins'] = array('jqueryui', 'password');
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## --------------------------------------------------- #
## --- Install vacation plugin bhusigen rc-vacation -- #
## --------------------------------------------------- #
## - see: https://github.com/bhuisgen/rc-vacation/
## - requirements, if using datepicker:
## - - plugin jqueryui
## - Download from site https://github.com/bhuisgen/rc-vacation/ and
## - store archive in $WEBMAIL_BASEDIR
## -
cd $WEBMAIL_BASEDIR
rm rc-vacation-master.zip
wget -O rc-vacation-master.zip https://github.com/bhuisgen/rc-vacation/archive/master.zip
cd $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins
unzip $WEBMAIL_BASEDIR/rc-vacation-master.zip
ln -s rc-vacation-master $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/vacation
cp $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/vacation/config.inc.php.dist \
$WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/vacation/config.inc.php
if [ "$_db_type" = "pgsql" ];then
## -------------------------------------------------------------- ##
## - !! That (very long) part concerns to PostgeSQL Database !! - ##
## -------------------------------------------------------------- ##
## - Note: In the following sql statements set the correct AUTOREPLY domain !!
## - Also chnage the database parameters as yor needs
## -
## - edit configuration $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/vacation/config.inc.php
## -
## - $rcmail_config['vacation_gui_vacationdate'] = TRUE;
## - $rcmail_config['vacation_subject_default'] = 'Re: $SUBJECT';
## -
## - $rcmail_config['vacation_gui_vacationforwarder'] = FALSE;
## -
## - $rcmail_config['vacation_dateformat'] = 'Y-m-d' ;
## - $rcmail_config['vacation_jquery_calendar'] = TRUE;
## - $rcmail_config['vacation_jquery_dateformat'] = 'yy-m-d';
## -
## - $rcmail_config['vacation_forwarder_multiple'] = FALSE;
## - $rcmail_config['vacation_forwarder_separator'] = ',';
## -
## - $rcmail_config['vacation_driver'] = 'sql';
## -
## - #configure your database connection to POSTFIX database
## - $rcmail_config['vacation_sql_dsn'] = '${_db_type}://${_db_user}:${_db_pass}@localhost/${_db_name}';
## -
## -
## - # !! NOTE: You have to create postgres function udf_forwarders_out and
## - # udf_forwarders_in to get the following SQL statements working
## - #
## -
## - // read data queries
## - $rcmail_config['vacation_sql_read'] =
## - array(
## - "SELECT
## - subject AS vacation_subject,
## - body AS vacation_message,
## - date(activefrom) AS vacation_start,
## - date(activeuntil) AS vacation_end,
## - CASE WHEN vacation.active = TRUE THEN true ELSE false END AS vacation_enable,
## - udf_forwarders_out(%username,'$_autoreply_domain',',') AS vacation_forwarder
## - FROM vacation,alias
## - WHERE email=%username AND address=%username AND vacation.domain=%email_domain;"
## - );
## -
## -
## - // write data queries
## - /* !! Wichtig:
## - Nur wenn rcmail_config['vacation_gui_vacationforwarder'] = FALSE
## -
## - NOTE: interval_time wird statisch gesetzt auf 86400 (1 Tag)
## - */
## - $rcmail_config['vacation_sql_write'] =
## - array("DELETE FROM vacation WHERE email=%email AND domain=%email_domain;",
## - "DELETE from vacation_notification WHERE on_vacation=%email;",
## - "INSERT INTO vacation (email,domain,subject,body,activefrom,activeuntil,interval_time,created,active) " .
## - "VALUES (%email,%email_domain,%vacation_subject,%vacation_message," .
## - "to_timestamp(%vacation_start - extract(timezone from current_timestamp))," .
## - "to_timestamp(%vacation_end + 86399 - extract(timezone from current_timestamp))," .
## - "86400,NOW(),udf_set_active(%vacation_enable));",
## - "UPDATE alias SET goto = udf_forwarders_in(udf_forwarders_out(%email,'$_autoreply_domain',',')," .
## - "%email,'$_autoreply_domain',',',udf_set_active(%vacation_enable))" .
## - ", modified = NOW() " .
## - " WHERE address = %email"
## -
## - );
## -
## - /* !! Wichtig:
## - Nur wenn rcmail_config['vacation_gui_vacationforwarder'] = TRUE
## -
## - NOTE: interval_time wird statisch gesetzt auf 86400 (1 Tag)
## - */
## - /*
## - $rcmail_config['vacation_sql_write'] =
## - array("DELETE FROM vacation WHERE email=%email AND domain=%email_domain;",
## - "DELETE from vacation_notification WHERE on_vacation=%email;",
## - "INSERT INTO vacation (email,domain,subject,body,activefrom,activeuntil,interval_time,created,active) " .
## - "VALUES (%email,%email_domain,%vacation_subject,%vacation_message," .
## - "to_timestamp(%vacation_start - extract(timezone from current_timestamp))," .
## - "to_timestamp(%vacation_end + 86399 - extract(timezone from current_timestamp))," .
## - "86400,NOW(),udf_set_active(%vacation_enable));",
## - "UPDATE alias SET goto = udf_forwarders_in(%vacation_forwarder," .
## - "%email,'$_autoreply_domain',',',udf_set_active(%vacation_enable))" .
## - ", modified = NOW() " .
## - " WHERE address = %email"
## - );
## -
## - !! Notice !!
## - Replace '$_autoreply_domain' string with the true vaction domain.
## -
## - i.e for oopen.de: :1,$s/\$_autoreply_domain/autoreply.oopen.de/gc
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/vacation/config.inc.php
## - create postfix trigger function udf_forwarders_out:
## -
cat <<EOF > /tmp/postgres.forwarders_out.sql
CREATE LANGUAGE plpgsql;
CREATE FUNCTION udf_forwarders_out(email_str text, vacation_domain text, list_seperator character) RETURNS text
LANGUAGE plpgsql
AS \$\$
DECLARE
forward_str text;
local_email_part TEXT;
domain_email_part TEXT;
BEGIN
-- get list of forwarders
--
SELECT goto INTO forward_str FROM alias WHERE address=email_str;
-- entferne mailbox emailadresse
--
forward_str = replace(forward_str, email_str, '' );
-- entferne vacation adresse
--
local_email_part = substring(email_str, 1, position('@' in email_str) - 1);
domain_email_part = substring(email_str, position('@' in email_str) + 1 );
forward_str = replace(forward_str, local_email_part || '#' || domain_email_part || '@' || vacation_domain, '');
-- enferne doppelte seperatorzeichen
--
WHILE position( list_seperator || list_seperator in forward_str ) > 0 LOOP
forward_str = replace(forward_str, list_seperator || list_seperator , '');
END LOOP;
-- entferne erstes zeichen wenn es das seperatorzeichen ist
--
IF substring(forward_str,1,1) = list_seperator THEN
forward_str = substring(forward_str from 2);
END IF;
-- entferne letztes zeichen wenn es das seperatorzeichen ist
--
IF substring(forward_str from char_length(forward_str)) = list_seperator THEN
forward_str = substring(forward_str, 1, char_length(forward_str) - 1);
END IF;
-- forward_str = substring(forward_str from char_length(forward_str));
RETURN forward_str;
END;
\$\$;
EOF
## - create function
## -
## - Note 1.
## - if datbase language plpgsql already exists, an error occurs. but you can
## - savely ignore that error
## -
## - Note 2.
## - if you create the function not as postfix database user, you have to
## - give the permission afterwards:
## - ALTER FUNCTION public.udf_forwarders_out(email_str text, vacation_domain text, list_seperator character) OWNER TO postfix;
## - But we will use the db postfix user (here also named postfix)
## -
psql -Upostfix postfix < /tmp/postgres.forwarders_out.sql
rm /tmp/postgres.forwarders_out.sql
## - create sql file for installing function udf_set_active:
## -
cat <<EOF > /tmp/postgres.set_active.sql
CREATE LANGUAGE plpgsql;
CREATE FUNCTION udf_set_active(vacation_enable text) RETURNS boolean
LANGUAGE plpgsql
AS \$\$
DECLARE
return_val boolean;
BEGIN
return_val = 't';
IF vacation_enable = '' THEN
return_val = 'f';
END IF;
IF vacation_enable = '0' THEN
return_val = 'f';
END IF;
IF lower(vacation_enable) = 'false' THEN
return_val = 'f';
END IF;
RETURN return_val;
END;
\$\$;
EOF
## - create function udf_set_active
## -
## - Note 1.
## - if datbase language plpgsql already exists, an error occurs. but you can
## - savely ignore that error
## -
## - Note 2.
## - if you create the function not as postfix database user, you have to
## - give the permission afterwards:
## - ALTER FUNCTION public.udf_forwarders_in(forewarders_str text, email_str text, vacation_domain text, list_seperator character, vacation_enable boolean) OWNER TO postfix;
## - But we will use the db postfix user (here also named postfix)
## -
psql -Upostfix postfix < /tmp/postgres.set_active.sql
rm /tmp/postgres.set_active.sql
## - create postfix database function udf_forwarders_in:
## -
cat <<EOF > /tmp/postgres.forwarders_in.sql
CREATE LANGUAGE plpgsql;
CREATE FUNCTION udf_forwarders_in(forewarders_str text, email_str text, vacation_domain text, list_seperator character, vacation_enable boolean) RETURNS text
LANGUAGE plpgsql
AS \$\$
DECLARE
return_str text;
local_email_part TEXT;
domain_email_part TEXT;
BEGIN
return_str = email_str;
IF vacation_enable THEN
local_email_part = substring(email_str, 1, position('@' in email_str) - 1);
domain_email_part = substring(email_str, position('@' in email_str) + 1 );
return_str = return_str || list_seperator || local_email_part || '#' || domain_email_part || '@' || vacation_domain;
END IF;
IF char_length(forewarders_str) > 7 THEN
return_str = return_str || list_seperator || forewarders_str;
END IF;
RETURN return_str;
END;
\$\$;
EOF
## - create function udf_forwarders_in
## -
## - Note 1.
## - if datbase language plpgsql already exists, an error occurs. but you can
## - savely ignore that error
## -
## - Note 2.
## - if you create the function not as postfix database user, you have to
## - give the permission afterwards:
## - ALTER FUNCTION public.udf_forwarders_in(forewarders_str text, email_str text, vacation_domain text, list_seperator character, vacation_enable boolean) OWNER TO postfix;
## - But we will use the db postfix user (here also named postfix)
## -
psql -Upostfix postfix < /tmp/postgres.forwarders_in.sql
rm /tmp/postgres.forwarders_in.sql
elif [ "$_db_type" = "mysql" ];then
## ---------------------------------------------------------- ##
## - !! That (very long) part concerns to MySQL Database !! - ##
## ---------------------------------------------------------- ##
## - Note: In the following sql statements set the correct AUTOREPLY domain !!
## - Also chnage the database parameters as yor needs
## -
## - edit configuration $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/vacation/config.inc.php
## -
## - $rcmail_config['vacation_gui_vacationforwarder'] = FALSE;
## - $rcmail_config['vacation_forwarder_multiple'] = FALSE;
## - $rcmail_config['vacation_forwarder_separator'] = ',';
## -
## - $rcmail_config['vacation_driver'] = 'sql';
## -
## - #configure your database connection to POSTFIX database
## - $rcmail_config['vacation_sql_dsn'] = '${_db_type}://${_db_user}:${_db_pass}@localhost/${_db_name}';
## -
## - # !! NOTE: You have to create myql functions FORWARDERS_OUT and
## - # FORWARDERS_IN to get the following SQL read statement working
## - #
## -
## - // read data queries
## - /* - OLD: vcation.pl included in posfixadmin until version 2.3.7
## - $rcmail_config['vacation_sql_read'] =
## - array("SELECT subject AS vacation_subject, body AS vacation_message, " .
## - "vacation.active AS vacation_enable, FORWARDERS_OUT(%username,'$_autoreply_domain',',') AS vacation_forwarder FROM vacation,alias " .
## - "WHERE email=%username AND address=%username AND vacation.domain=%email_domain;"
## - );
## - *)
## - /* - NEW: vcation.pl included in posfixadmin since version 2.91 */
## - $rcmail_config['vacation_sql_read'] =
## - array("SELECT subject AS vacation_subject, body AS vacation_message," .
## - "UNIX_TIMESTAMP(activefrom) AS vacation_start," .
## - "UNIX_TIMESTAMP(activeuntil) AS vacation_end," .
## - "vacation.active AS vacation_enable," .
## - "FORWARDERS_OUT(%username,'$_autoreply_domain',',') AS vacation_forwarder " .
## - "FROM vacation,alias " .
## - "WHERE email=%username AND address=%username AND vacation.domain=%email_domain;"
## - );
## -
## -
## - // write data queries
## - /* !! Wichtig:
## - Nur wenn rcmail_config['vacation_gui_vacationforwarder'] = FALSE
## - */
## -
## - /* - OLD: vcation.pl included in posfixadmin until version 2.3.7
## - $rcmail_config['vacation_gui_vacationforwarder'] = FALSE;
## - $rcmail_config['vacation_sql_write'] =
## - array("DELETE FROM vacation WHERE email=%email AND " .
## - "domain=%email_domain;",
## - "DELETE from vacation_notification WHERE on_vacation=%email;",
## - "INSERT INTO vacation (email,domain,subject,body,created," .
## - "active) VALUES (%email,%email_domain,%vacation_subject," .
## - "%vacation_message,NOW(),%vacation_enable);",
## - "UPDATE alias SET goto = FORWARDERS_IN(FORWARDERS_OUT(%email,'$_autoreply_domain',',')," .
## - "%email,'$_autoreply_domain',',',%vacation_enable)" .
## - ", modified = NOW() " .
## - " WHERE address = %email"
## - );
## - /*
## -
## - /* - NEW: vcation.pl included in posfixadmin since version 2.91 */
## - /*
## - $rcmail_config['vacation_gui_vacationforwarder'] = FALSE;
## - $rcmail_config['vacation_sql_write'] =
## - array("DELETE FROM vacation WHERE email=%email AND domain=%email_domain;",
## - "DELETE from vacation_notification WHERE on_vacation=%email;",
## - "INSERT INTO vacation (email,domain,subject,body,activefrom,activeuntil,interval_time,created,active) " .
## - "VALUES (%email,%email_domain,%vacation_subject,%vacation_message," .
## - "CONCAT(DATE(FROM_UNIXTIME(%vacation_start)), ' 00:00:00')," .
## - "CONCAT(DATE(FROM_UNIXTIME(%vacation_end)), ' 23:59:59')," .
## - "86400,NOW(),%vacation_enable);",
## - "UPDATE alias SET goto = FORWARDERS_IN(FORWARDERS_OUT(%email,'$_autoreply_domain',',')," .
## - "%email,'$_autoreply_domain',',',%vacation_enable)" .
## - ", modified = NOW() " .
## - " WHERE address = %email"
## - );
## - */
## -
## - /* !! Wichtig:
## - Nur wenn rcmail_config['vacation_gui_vacationforwarder'] = TRUE
## - */
## -
## - /*
## -
## - /* - OLD: vcation.pl included in posfixadmin until version 2.3.7
## - $rcmail_config['vacation_gui_vacationforwarder'] = TRUE;
## - $rcmail_config['vacation_sql_write'] =
## - array("DELETE FROM vacation WHERE email=%email AND " .
## - "domain=%email_domain;",
## - "DELETE from vacation_notification WHERE on_vacation=%email;",
## - "INSERT INTO vacation (email,domain,subject,body,created," .
## - "active) VALUES (%email,%email_domain,%vacation_subject," .
## - "%vacation_message,NOW(),%vacation_enable);",
## - "UPDATE alias SET goto = FORWARDERS_IN(%vacation_forwarder," .
## - "%email,'$_autoreply_domain',',',%vacation_enable)" .
## - ", modified = NOW() " .
## - " WHERE address = %email"
## - );
## - */
## -
## - /* - NEW: vcation.pl included in posfixadmin since version 2.91 */
## - $rcmail_config['vacation_gui_vacationforwarder'] = TRUE;
## - $rcmail_config['vacation_sql_write'] =
## - array("DELETE FROM vacation WHERE email=%email AND domain=%email_domain;",
## - "DELETE from vacation_notification WHERE on_vacation=%email;",
## - "INSERT INTO vacation (email,domain,subject,body,activefrom,activeuntil,interval_time,created,active) " .
## - "VALUES (%email,%email_domain,%vacation_subject,%vacation_message," .
## - "CONCAT(DATE(FROM_UNIXTIME(%vacation_start)), ' 00:00:00')," .
## - "CONCAT(DATE(FROM_UNIXTIME(%vacation_end)), ' 23:59:59')," .
## - "86400,NOW(),%vacation_enable);",
## - "UPDATE alias SET goto = FORWARDERS_IN(%vacation_forwarder," .
## - "%email,'$_autoreply_domain',',',%vacation_enable)" .
## - ", modified = NOW() " .
## - " WHERE address = %email"
## - );
## -
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/vacation/config.inc.php
## - create function FORWARDERS_OUT:
## -
cat <<EOF > /tmp/FORWARDERS_OUT.sql
DROP FUNCTION IF EXISTS FORWARDERS_OUT ;
DELIMITER |
CREATE FUNCTION FORWARDERS_OUT (email_str TEXT, vacation_domain TEXT , list_seperator CHAR)
RETURNS TEXT
DETERMINISTIC
BEGIN
DECLARE forward_str TEXT;
DECLARE local_email_part TEXT;
DECLARE domain_email_part TEXT;
DECLARE first_char CHAR;
DECLARE last_char CHAR;
-- get list of forwarders
--
SELECT goto INTO forward_str FROM alias WHERE address=email_str;
-- entferne mailbox emailadresse
--
SET forward_str = REPLACE(forward_str, email_str, '' );
-- SELECT REPLACE(forward_str, email_str, '' ) INTO forward_str;
-- entferne vacation adresse
--
SET local_email_part = SUBSTRING(email_str,1, LOCATE('@',email_str) - 1);
SET domain_email_part = SUBSTRING(email_str, LOCATE('@',email_str) + 1, LENGTH(email_str));
SET forward_str = REPLACE(forward_str, CONCAT(local_email_part, "#" ,domain_email_part,"@", vacation_domain), '');
-- SELECT REPLACE(forward_str, CONCAT(list_seperator,list_seperator), list_seperator) INTO forward_str;
-- enferne doppelte seperatorzeichen
--
WHILE LOCATE(CONCAT(list_seperator,list_seperator) , forward_str) DO
SET forward_str = REPLACE(forward_str, CONCAT(list_seperator,list_seperator), list_seperator);
-- SELECT REPLACE(forward_str, CONCAT(list_seperator,list_seperator), list_seperator) INTO forward_str;
END WHILE ;
-- entferne erstes zeichen wenn es das seperatorzeichen ist
--
IF LEFT(forward_str,1) = list_seperator THEN
SET forward_str = SUBSTRING(forward_str FROM 2);
-- SELECT SUBSTRING(forward_str FROM 2) INTO forward_str;
END IF;
-- entferne letztes zeichen wenn es das seperatorzeichen ist
--
IF RIGHT(forward_str,1) = list_seperator THEN
SET forward_str = SUBSTRING(forward_str , 1, LENGTH(forward_str) - 1);
-- SELECT SUBSTRING(forward_str , 1, LENGTH(forward_str) - 1) INTO forward_str;
END IF;
RETURN forward_str;
END |
DELIMITER ;
EOF
## - create function
## -
## - Note 1.
## - Create function as postfix database user
## -
## - The postfix databaseuser wil need 'Super_priv'. At MySQL monitor
## - (as mysql admin user i.e. root) type:
## - UPDATE user SET Super_priv = 'Y' WHERE User = 'postfix';
## -
## - Note 2.
## - You can verify on mysql monitor (database postfix) with:
## - SHOW FUNCTION STATUS;
## - or see the code:
## - SHOW CREATE FUNCTION FORWARDERS_OUT;
## -
mysql -upostfix -p postfix < /tmp/FORWARDERS_OUT.sql
rm /tmp/FORWARDERS_OUT.sql
## - create database function FORWARDERS_IN:
## -
cat <<EOF > /tmp/FORWARDERS_IN.sql
DROP FUNCTION IF EXISTS FOWARDERS_IN ;
DELIMITER |
CREATE FUNCTION FORWARDERS_IN (forewarders_str TEXT,
email_str TEXT,
vacation_domain TEXT ,
list_seperator CHAR ,
vacation_enable BOOLEAN)
RETURNS TEXT
DETERMINISTIC
BEGIN
DECLARE return_str TEXT;
DECLARE local_email_part TEXT;
DECLARE domain_email_part TEXT;
SET return_str = email_str;
IF vacation_enable THEN
SET local_email_part = SUBSTRING(email_str,1, LOCATE('@',email_str) - 1);
SET domain_email_part = SUBSTRING(email_str, LOCATE('@',email_str) + 1, LENGTH(email_str));
SET return_str = CONCAT(return_str, list_seperator, local_email_part, "#" ,domain_email_part,"@", vacation_domain);
END IF;
IF LENGTH(forewarders_str) > 2 THEN
SET return_str = CONCAT(return_str, list_seperator, forewarders_str);
END IF;
RETURN return_str;
END |
DELIMITER ;
EOF
## - create function FOWARDERS_IN
## -
## - Note 1.
## - Create function as postfix database user
## -
## - The postfix databaseuser wil need 'Super_priv'. At MySQL monitor
## - (as mysql admin user i.e. root) type:
## - UPDATE user SET Super_priv = 'Y' WHERE User = 'postfix';
## -
## - Note 2.
## - You can verify on mysql monitor (database postfix) with:
## - SHOW FUNCTION STATUS;
## - or see the code:
## - SHOW CREATE FUNCTION FOWARDERS_IN;
## -
mysql -upostfix -p postfix < /tmp/FORWARDERS_IN.sql
rm /tmp/FORWARDERS_IN.sql
else
echo -e "\n\t[ ERROR ]: Unknown database type \"$_db_type\""
fo
## - register vacation plugin with roundcube
## -
## - edit $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## -
## - add "rc-vacation" to array plugins
## - $rcmail_config['plugins'] = array('jquery', 'password', 'vacation');
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## -------------------------------------------------------- #
## --- Install plugin language selector on login screen --- #
## -------------------------------------------------------- #
## - see: https://github.com/hassansin/roundcube-login-language/
## - Download from site https://github.com/hassansin/roundcube-login-language/ and
## - store archive in $WEBMAIL_BASEDIR
## -
cd $WEBMAIL_BASEDIR
rm login-language-master.zip
wget -O login-language-master.zip https://github.com/hassansin/roundcube-login-language/archive/master.zip
cd $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins
unzip $WEBMAIL_BASEDIR/login-language-master.zip
ln -s roundcube-login-language-master/ $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/login_lang
cp $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/login_lang/config.inc.php.dist \
$WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/login_lang/config.inc.php
## - edit config.php and set default language selection
## -
## - $config['language_dropdown_selected'] = 'de_DE';
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/login_lang/config.inc.php
## - register language selector plugin with roundcube
## -
## - edit $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## -
## - add "login_lang" to array plugins
## - $config['plugins'] = array('login_lang', 'jqueryui', 'password', 'vacation');
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## -------------------------------------------------- #
## --- integrate ContextMenu plugin for roundcube --- #
## -------------------------------------------------- #
## - see: https://github.com/JohnDoh/Roundcube-Plugin-Context-Menu
## - Download from site https://github.com/bhuisgen/rc-vacation/ and
## - store archive in $WEBMAIL_BASEDIR
## -
cd $WEBMAIL_BASEDIR
rm Roundcube-Plugin-Context-Menu-master.zip
wget -O Roundcube-Plugin-Context-Menu-master.zip https://github.com/JohnDoh/Roundcube-Plugin-Context-Menu/archive/master.zip
cd $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins
unzip $WEBMAIL_BASEDIR/Roundcube-Plugin-Context-Menu-master.zip
ln -s Roundcube-Plugin-Context-Menu-master $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/contextmenu
## - register ContextMenu plugin with roundcube
## -
## - edit $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## -
## - add "login_lang" to array plugins
## - $config['plugins'] = array('login_lang', 'jqueryui', 'password', 'vacation', 'contextmenu');
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## ---------------------------------- #
## --- Install plugin markasjunk2 --- #
## ---------------------------------- #
cd $WEBMAIL_BASEDIR
rm Roundcube-Plugin-Mark-as-Junk-2-master.zip
wget -O Roundcube-Plugin-Mark-as-Junk-2-master.zip https://github.com/JohnDoh/Roundcube-Plugin-Mark-as-Junk-2/archive/master.zip
cd $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins
unzip $WEBMAIL_BASEDIR/Roundcube-Plugin-Mark-as-Junk-2-master.zip
ln -s Roundcube-Plugin-Mark-as-Junk-2-master $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/markasjunk2
cp $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/markasjunk2/config.inc.php.dist \
$WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/plugins/markasjunk2/config.inc.php
## - register markasjunk2 plugin with roundcube
## -
## - edit $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php
## -
## - add "login_lang" to array plugins
## - $config['plugins'] = array('login_lang', 'jqueryui', 'password', 'vacation', 'contextmenu','markasjunk2');
## -
vim $WEBMAIL_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php

21
README.dovecot.systemd Normal file
View File

@@ -0,0 +1,21 @@
Debian Jessie comes with systemd so you really should not use initscript anymore but
switch to systemd for starting dovecot. There is systemd service description file available
for you in case your vendor does not provide it in the package:
https://github.com/dovecot/core/blob/master/dovecot.service.in
--
> i use ./configure with
> --with-systemdsystemunitdir=/etc/systemd/system/ and that installs the
> systemd.service and socket
That's what I missed, thank you a lot. And service seems to handle
correctly restarts
Also use:
--with-rundir=/var/run/dovecot
--

51
README.install Normal file
View File

@@ -0,0 +1,51 @@
# - Install complete Mailsystem
# - ===========================
# -
# - postfix
# - vacation, postfixadmin
# - amavisd-new
# - dovecot
# - roundcube
# - opendekim
# -
# - Assuming the following services are installed (and running) correctly:
# - apache2 webservice
# - PHP engine
# - Let's encrypt (dehydrated - optional
# -
1.) Install Postfix
- run script 'install_postfix_advanced.sh'
if running the forst time, configuration file conf/install_postfix_advanced.conf
will be created automatically.
choose 'complete Mailserver (with mailboxes)'
2.) Install vacation and postfixadmin
- create configuration file 'install_postfixadmin.conf'
cp -a conf/install_postfixadmin.conf.sample conf/install_postfixadmin.conf
- adjust config file 'conf/install_postfixadmin.conf' to your needs
- run script 'install_postfixadmin.sh'
3.) Install AMaViS
- run script 'install_amavis.sh'.
if running the forst time, configuration file conf/install_amavis.sh.conf
will be created automatically.
4.) Install dovecot
- create configuration file 'install_update_dovecot.conf'
cp -a conf install_update_dovecot.conf.sample install_update_dovecot.conf
- adjust configuration file 'install_update_dovecot.conf' to your needs
- run script 'install_update_dovecot.sh'
5.) Install roundcube webmailer
- create configuration file 'install_upgrade_roundcube.conf'
sp -a install_upgrade_roundcube.conf.sample install_upgrade_roundcube.conf
- adjust config file 'install_upgrade_roundcube.conf' to your needs
run script 'install_roundcube.sh'.
6.) Install OpenDKIM
- run script 'install_opendkim.sh'.

17
conf/install_postfix_advanced.conf.sample Normal file
View File

@@ -0,0 +1,17 @@
# ----------------------------------------------------
# ---
# - Parameter Settings Postfix Bases System
# -
# - Note: You need not to create a configuration file,
# - the installation script will do that.
# ---
# ----------------------------------------------------
_HOSTNAME=
_IPV4=
_IPV6=
_ADMIN_EMAIL=
_SASL_AUTH=
_SASL_USER=
_SASL_PASS=
_RELAY_HOST=

17
conf/install_postfix_base.conf.sample Normal file
View File

@@ -0,0 +1,17 @@
# ----------------------------------------------------
# ---
# - Parameter Settings Postfix Bases System
# -
# - Note: You need not to create a configuration file,
# - the installation script will do that.
# ---
# ----------------------------------------------------
_HOSTNAME=
_IPV4=
_IPV6=
_ADMIN_EMAIL=
_SASL_AUTH=
_SASL_USER=
_SASL_PASS=
_RELAY_HOST=

260
conf/install_postfixadmin.conf.sample Normal file
View File

@@ -0,0 +1,260 @@
# -----------------------------------------------
# - Configuration for postfixadmin install script
# -----------------------------------------------
# - Version of Postfix Admin
# -
PF_ADMIN_VERSION=
# - Name of the website - usualy 'webmail.<domain>.<tld>'
# -
WEBSITE_NAME=""
# - IPv4 Address
# -
IPV4=""
# - IPv6 Address
# -
IPV6=""
# - Is apache installed from debian package system ?
# -
# - Boolean, possible values are 'true', 'false'
# -
# - Defaults to 'false'
#
#APACHE_DEBIAN_INSTALLATION=""
# - Apache User
# -
# - If ommitted, script tries to determine the user under which user the webserver
# - is running. If that fails, parameter defaults to 'www-data'
# -
#HTTP_USER=""
# - Apache Group
# -
# - If ommitted, script tries to determine the user under which group the webserver
# - is running. If that fails, parameter defaults to 'www-data'
# -
#HTTP_GROUP=""
# - Webmasters E-Mail Address
# -
# - Defaults to 'admin@<domain>.<tld>'
# -
#WEBMASTER_EMAIL=""
# - Base Directory of Roundcube Website
# -
# - Note: it's not the 'DocumentRoot' directory, but the directory where
# - the 'DocumentRoot' Directory lives.
# -
# - Defaults to '/var/www/$WEBSITE_NAME'
# -
#WEBSITE_BASEDIR=""
# - Directory, where apache places the log-files for thw webmailers site.
# -
# - Defaults to '/var/log/apache2'
# -
#APACHE_LOG_DIR=""
# - Directory where certificate and key for the roundcube website
# - are stored.
# -
# - Example:
# - APACHE_CERT_DIR="/var/lib/dehydrated/certs/$WEBSITE_NAME"
# -
# - Defaults to
# - '/etc/apache2' if apache is installed from debian package system
# - '/usr/local/apache2/conf' otherwise
# -
APACHE_CERT_DIR=""
# - Certificate for the Rounfcube Website
# -
# - Example:
# - APACHE_SERVER_CERT="fullchain.pem"
# -
# - Defaults to 'server-bundle.crt'
# -
APACHE_SERVER_CERT=""
# - Key File for the Rounfcube Website
# -
# - Example:
# - APACHE_SERVER_KEY="privkey.pem"
# -
# - Defaults to 'server.key'
# -
APACHE_SERVER_KEY=""
# - Certification Chain File
# -
# - Deprecated since Apache 2.4 - Leave empty if not present
# -
#CERT_ChainFile=""
# - Type of PHP installation.
# -
# - Possible values are: 'php_fpm' , 'fcgid' , 'mod_php
# -
# - defaults to 'php_fpm''
# -
#PHP_TYPE=""
# - Directory where apache vhosts definitions live.
# -
# - Defaults to
# - '/etc/apache2/sites-available' if installed from debain package system
# - '/usr/local/apache2/conf/vhosts' otherwise
# -
#APACHE_VHOST_DIR=""
# - Hostname for vacation / absence messages
# -
# - Defaults to 'autoreply.<domain>.<tld>
# -
#AUTOREPLY_HOSTNAME=""
# - Is MySQL installed from debian package system?
# -
# - Only needed, if DB_TYPE is set to 'mysql'
# -
# - Defaults to 'false'
# -
#MYSQL_DEBIAN_INSTALLATION=""
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
#MYSQL_CREDENTIALS=""
# - The wa passwords will be encrypted.
# -
# - $CONF['encrypt']
# -
# - Possible values:
# - md5crypt = internal postfix admin md5
# - md5 = md5 sum of the password
# - cleartext = clear text passwords
# - mysql_encrypt = useful for PAM integration
# -
# - authlib = support for courier-authlib style passwords - also set $CONF['authlib_default_flavor']
# - dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
# - IMPORTANT:
# - - don't use dovecot:* methods that include the username in the hash - you won't be able
# - to login to PostfixAdmin in this case
# - - you'll need at least dovecot 2.1 for salted passwords ('doveadm pw' 2.0.x doesn't support the '-t' option)
# - - dovecot 2.0.0 - 2.0.7 is not supported
# -
ENCRYPTION_METHOD="cleartext"
#ENCRYPTION_METHOD="dovecot:CRAM-MD5"
# - If you use the dovecot encryption method: where is the dovecotpw binary located?
# -
# - Defaults to '/usr/local/dovecot/bin/doveadm pw'
# -
#DOVEADM_PW=""
# - Directory where deleted mailbox will be saved
# -
# - defaults to '/var/deleted-maildirs'
# -
#DELETED_MAILBOX_DIR=
# - Directory where deleted domains will be saved
# -
# - defaults to '/var/deleted-maildomains'
# -
#DELETED_DOMAINS_DIR=
# - Welcome Message
# - This message is send to every newly created mailbox.
# -
WELCOME_MESSAGE="
Hallo,
Ihre/Deine neue E-Mail Adresse ist eingerichtet.
O.OPEN
--
O.OPEN | Phone: +49 30 / 290 484 91
Erkelenzdamm 21 | Fax: +49 30 / 290 484 99
D-10999 Berlin | E-MAIL: oo@oopen.de
"
# ==========
# - Settings Postfix Database
# ==========
# - Type of Postfix database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
POSTFIX_DB_TYPE="pgsql"
# - Host of Postfix Database
# -
# - Defaults to 'localhost'
# -
#POSTFIX_DB_HOST=""
# - Unix socket where PostgreSQL is listening
# -
# - Only possible, for postgreSQL
# -
# - Defaults to '/var/run/postgresql'
# -
#POSTFIX_DB_SOCKET=""
# - Name of Postfix Database
# -
# - Defaults to 'postfix'
# -
#POSTFIX_DB_NAME=
# - User of Postfix Database
# -
# - used for setting $config['password_db_dsn']
# -
# - Defaults to 'postfix'
# -
#POSTFIX_DB_USER=""
# - Password of Postfix Database
# -
POSTFIX_DB_PASS=''
# ==========
# - vacation
# ==========
# - Vacation User
# -
# - Defaults to 'vacation'
# -
#VACATION_USER=""
# - Vacation Group
# -
# - Defaults to ''
# -
#VACATION_GROUP="vacation"

3734
install_amavis.sh Executable file
View File

File diff suppressed because it is too large Load Diff

610
install_opendkim.sh Executable file
View File

@@ -0,0 +1,610 @@
#!/usr/bin/env bash
clear
echo -e "\n \033[32mStart Installation of OpenDKIM..\033[m"
# -------------
# - Settings
# -------------
#_src_base_dir="$(realpath $(dirname $0))"
#conf_file="${_src_base_dir}/conf/install_opendkim.conf"
log_file="$(mktemp)"
_opendkim_packages="opendkim opendkim-tools"
opendkim_base_dir="/etc/opendkim"
opendkim_key_dir="${opendkim_base_dir}/keys"
opendkim_conf_file="/etc/opendkim.conf"
postfix_spool_dir="/var/spool/postfix"
opendkim_socket_dir="${postfix_spool_dir}/opendkim"
opendkim_socket_file="${opendkim_socket_dir}/opendkim.sock"
postfix_needs_restart=false
opendkim_needs_restart=false
# -------------
# --- Some functions
# -------------
echononl(){
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
fatal(){
echo ""
echo -e "fatal error: $*"
echo ""
echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m"
echo ""
exit 1
}
error(){
echo ""
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
}
warn (){
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
}
info (){
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
}
echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]"
}
echo_ok() {
echo -e "\033[80G[ \033[32mok\033[m ]"
}
echo_warning() {
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
}
echo_failed(){
echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
}
echo_skipped() {
echo -e "\033[80G[ \033[37mskipped\033[m ]"
}
# -------------
# - Some pre-installation tasks
# -------------
# - Is 'systemd' supported on this system
# -
if [ "X`which systemd`" = "X" ]; then
SYSTEMD_EXISTS=false
else
SYSTEMD_EXISTS=true
fi
# =============
# - Start Installation
# =============
echo ""
# - Synchronise package index files with the repository
# -
echononl " Synchronise package index files with the repository.."
apt-get update > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
# - Install OpenDKIM
# -
echononl " Install needed debian packages.."
opendkim_packages=""
packages_installed=false
for _pkg in $_opendkim_packages ; do
if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
continue
else
opendkim_packages="$opendkim_packages $_pkg"
fi
done
if [[ -n "$opendkim_packages" ]]; then
DEBIAN_FRONTEND=noninteractive apt-get -y install $opendkim_packages > /dev/null 2> "$log_file"
packages_installed=true
opendkim_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Add user 'postfix' to group 'opendkim'
# -
echononl " Add user 'postfix' to group 'opendkim'.."
if grep opendkim /etc/group | grep -q postfix 2> /dev/null ; then
echo_skipped
else
adduser postfix opendkim > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Save configuration file from distribution
# -
echononl " Save configuration file from distribution"
if $packages_installed ; then
cp -a $opendkim_conf_file $opendkim_conf_file.ORIG 2> "$log_file"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Create OpenDKIM configuration
# -
echononl " Create OpenDKIM configuration"
if [[ -f "$opendkim_conf_file" ]] \
&& grep -i -q -E "^\s*Socket\s+local:$opendkim_socket_file" "$opendkim_conf_file" \
&& grep -i -q -E "^\s*SigningTable.*${opendkim_base_dir}/signing.table" "$opendkim_conf_file" \
&& grep -i -q -E "^\s*KeyTable.*${opendkim_base_dir}/key.table" "$opendkim_conf_file" ; then
echo_skipped
warn "OpenDKIM seems already be configured."
else
cat <<EOF > $opendkim_conf_file 2> $log_file
# Datei $opendkim_conf_file
# OpenDKIM agiert als Mail Filter (= Milter) in den
# Modi signer (s) und verifier (v) und verwendet eine
# Socket-Datei zur Kommunikation (alternativ: lokaler Port)
Mode sv
# Socket local:/var/run/opendkim/opendkim.sock
# Socket local:$opendkim_socket_file
# Socket inet:12345@localhost
Socket local:$opendkim_socket_file
# OpenDKIM verwendet diesen Benutzer bzw.
# diese Gruppe
UserID opendkim:opendkim
UMask 002
PidFile /var/run/opendkim/opendkim.pid
# OpenDKIM bei Problemen neustarten,
# aber max. 10 mal pro Stunde
AutoRestart yes
AutoRestartRate 10/1h
# Logging (wenn alles funktioniert eventuell reduzieren)
Syslog yes
SyslogSuccess yes
LogWhy yes
# Verfahren, wie Header und Body durch
# OpenDKIM verarbeitet werden sollen.
Canonicalization relaxed/simple
# interne Mails nicht mit OpenDKIM verarbeiten
ExternalIgnoreList refile:${opendkim_base_dir}/trusted
InternalHosts refile:${opendkim_base_dir}/trusted
# welche Verschlüsselungs-Keys sollen für welche
# Domains verwendet werden
# (refile: für Dateien mit regulären Ausdrücke)
SigningTable refile:${opendkim_base_dir}/signing.table
KeyTable ${opendkim_base_dir}/key.table
# diesen Signatur-Algorithmus verwenden
SignatureAlgorithm rsa-sha256
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
EOF
opendkim_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Assign ownership to the opendkim user and restrict tthe
# - file permissions:
# -
echononl " Assign ownership and file permissions.."
chmod u=rw,go=r $opendkim_conf_file 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
# - Create the directories to hold OpenDKIMs data files, assign
# - ownership to the opendkim user, and restrict the file
# - permissions:
# -
echononl " Create directory '$opendkim_base_dir'"
if [[ -d "$opendkim_base_dir" ]] ; then
echo_skipped
else
opendkim_needs_restart=true
mkdir ${opendkim_base_dir} 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
echononl " Create directory '$opendkim_key_dir'"
if [[ -d "$opendkim_key_dir" ]] ; then
echo_skipped
else
opendkim_needs_restart=true
mkdir $opendkim_key_dir 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
echononl " Set ownership on directory '${opendkim_base_dir}' (recursive).."
chown -R opendkim:opendkim ${opendkim_base_dir} 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Set file-permission on $opendkim_key_dir"
chmod go-rw $opendkim_key_dir 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
# - Create empty files
# - ${opendkim_base_dir}/signing.table
# - ${opendkim_base_dir}/key.table
# -
echononl " Create empty file '${opendkim_base_dir}/signing.table'.."
if [[ -f "${opendkim_base_dir}/signing.table" ]] ; then
echo_skipped
else
touch ${opendkim_base_dir}/signing.table 2> $log_file
opendkim_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
echononl " Create empty file '${opendkim_base_dir}/key.table'.."
if [[ -f "${opendkim_base_dir}/key.table" ]] ; then
echo_skipped
else
touch ${opendkim_base_dir}/key.table 2> $log_file
opendkim_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Create the trusted hosts file ${opendkim_base_dir}/trusted.hosts.
# -
echononl " Create trusted hosts file '${opendkim_base_dir}/trusted'.."
if [[ -f "${opendkim_base_dir}/trusted" ]] ; then
echo_skipped
else
cat <<EOF > ${opendkim_base_dir}/trusted 2> $log_file
127.0.0.1
::1
localhost
$(hostname -f)
EOF
opendkim_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Create the OpenDKIM socket directory in Postfixs work area
# - and make sure it has the correct ownership:
# -
echononl " Create the OpenDKIM socket directory in Postfixs work area.."
if [[ -d "${postfix_spool_dir}/opendkim" ]] ; then
echo_skipped
else
mkdir ${postfix_spool_dir}/opendkim 2> $log_file
opendkim_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Set ownership on directory '${postfix_spool_dir}/opendkim'.."
chown opendkim:postfix ${postfix_spool_dir}/opendkim 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Edit /etc/default/opendkim
# -
# - Set:
# - SOCKET="local:${postfix_spool_dir}/opendkim/opendkim.sock"
# -
echononl " Set 'SOCKET' at file /etc/default/opendkim.."
if grep -q -E "^\s*SOCKET" /etc/default/opendkim 2>/dev/null ; then
if grep -q -E "^\s*SOCKET.*local:$opendkim_socket_file" /etc/default/opendkim 2>/dev/null ; then
echo_skipped
else
perl -i -n -p -e "s#^\s*SOCKET=.*#SOCKET=\"local:$opendkim_socket_file\"#" /etc/default/opendkim 2> $log_file
opendkim_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
else
cat <<EOF >>/etc/default/opendkim 2> $log_file
SOCKET="local:$opendkim_socket_file"
EOF
opendkim_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Edit /etc/postfix/main.cf and add a section to activate
# - processing of e-mail through the OpenDKIM daemon:
# -
backup_date="$(date +%Y-%m-%d-%H%M)"
echononl " Backup existing postfix configuration (main.cf).."
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Activate processing of e-mail through the OpenDKIM daemon.."
if grep -q -E "milter_default_action\s*=\s*accept" /etc/postfix/main.cf ; then
echo_skipped
warn "Postfix (main.cf) seems already be configured for milters"
echononl " Delete previosly saved Postfix configuration.."
rm /etc/postfix/main.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
cat <<EOF >> /etc/postfix/main.cf 2> $log_file
# ======= Milter configuration =======
# OpenDKIM
milter_default_action = accept
# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2
milter_protocol = 6
# Note:
# We will sign AFTER sending through AmaVIS, just befor sending out. So
# set 'smtpd_milters =' to an emty string here and add to localhost:10025
# section in master.cf: 'smtpd_milters=local:/opendkim/opendkim.sock'
#
# If you want sign mails before sending through AmaVIS, set
# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to
# localhost:10025 section in master.cf: 'smtpd_milters='
#
#smtpd_milters = local:/opendkim/opendkim.sock
smtpd_milters =
non_smtpd_milters = local:/opendkim/opendkim.sock
EOF
postfix_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Prevent Postfix from setting the DKIM Header twice (one befor
# - and one after processing amavis
# -
# - To disable milter processing after amavis, add to your master.cf in
# - the after-amavis section:
# - 127.0.0.1:10025 inet n - - - - smtpd
# - [...]
# - -o smtpd_milters=
# -
# - If you want to run the milter after amavis, set in main.cf
# - smtpd_milters=
# - to an empty string and add the smtpd_milters configuration to master.cf
# - (after-section amavis) instead:
# - -o smtpd_milters=local:/opendkim/opendkim.sock
# -
echononl " Backup file '/etc/postfix/master.cf'.."
cp -a /etc/postfix/master.cf /etc/postfix/master.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Adjust /etc/postfix/master.cf. Set DKIM after sending throuh AmaVIS.."
_found=false
_changed=false
tmp_master_file="/tmp/postfix_master.cf"
> $tmp_master_file
while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && ! echo "$_line" | grep -i -q -E "^\s*-o" 2> /dev/null ; then
echo " -o smtpd_milters=local:/opendkim/opendkim.sock" >> "$tmp_master_file"
_changed=true
_found=false
fi
if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then
_found=false
fi
if echo "$_line" | grep -i -q -E "^\s*(127.0.0.1|localhost):10025\s+inet\s+" 2> /dev/null ; then
_found=true
fi
echo "$_line" >> "$tmp_master_file"
done < "/etc/postfix/master.cf"
if $_changed ; then
cp $tmp_master_file /etc/postfix/master.cf 2> $log_file
postfix_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
warn "Postfix (master.cf) seems already be configured."
echononl " Delete previosly saved file '/etc/postfix/master.cf'.."
rm /etc/postfix/master.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
rm -f $tmp_master_file
echo ""
# - Restart OpenDKIM
# -
echononl " Restart OpenDKIM.."
if $opendkim_needs_restart ; then
if $SYSTEMD_EXISTS ; then
systemctl restart opendkim > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
/etc/init.d/opendkim restart > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
else
echo_skipped
fi
# - Restart Postfix so it starts using OpenDKIM when processing mail:
# -
echononl " Restart Postfix.."
if $postfix_needs_restart ; then
if $SYSTEMD_EXISTS ; then
systemctl restart postfix > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
/etc/init.d/postfix restart > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
else
echo_skipped
fi
echo ""
rm -f "$log_file"
exit 0

1484
install_postfix_advanced.sh Executable file
View File

File diff suppressed because it is too large Load Diff

999
install_postfix_base.sh Executable file
View File

@@ -0,0 +1,999 @@
#!/usr/bin/env bash
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
#
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
#
#
#_HOSTNAME=o15.oopen.de
#_IPV4=83.223.86.96
#_EXT_IF_IP=83.223.86.96
#
### - Leave empty, if no IPv6 should be supported
### -
#_IPV6=2a01:30:0:13:5054:ff:fe09:2318
##_IPV6=
#
#_ADMIN_EMAIL=admin@oopen.de
#
#_SASL_AUTH=false
#_RELAY_HOST=b.mx.oopen.de
#_SASL_USER=anw-urb
#_SASL_PASS='OhPie2aethei'
# -------------
# --- Some functions
# -------------
echononl(){
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
fatal(){
echo ""
echo -e "fatal error: $*"
echo ""
echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m"
echo ""
exit 1
}
error(){
echo ""
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
}
warn (){
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
}
info (){
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
}
echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]"
}
echo_ok() {
echo -e "\033[80G[ \033[32mok\033[m ]"
}
echo_warning() {
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
}
echo_failed(){
echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
}
echo_skipped() {
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
}
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=true
fi
echo ""
conf_dir=$(dirname $0)/conf
conf_file="${conf_dir}/install_postfix_base.conf"
if [[ -f "$conf_file" ]]; then
source $conf_file
fi
clear
echo -e "\033[21G\033[32mInstallation script for Postfix basic mailsystem \033[m"
echo
HOSTNAME=
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert hostname"
echo ""
if [[ -n "$_HOSTNAME" ]]; then
echononl "hostname [${_HOSTNAME}]: "
read HOSTNAME
if [[ "X${HOSTNAME}" = "X" ]]; then
HOSTNAME=$_HOSTNAME
fi
else
while [[ "X${HOSTNAME}" = "X" ]]; do
echononl "hostname: "
read HOSTNAME
if [[ "X${HOSTNAME}" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mHostname is reqired\033[m\n"
fi
done
fi
IPV4=
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert IPv4 address"
echo ""
if [[ -n "$_IPV4" ]]; then
echononl "IPv4 address [${_IPV4}]: "
read IPV4
if [[ "X${IPV4}" = "X" ]]; then
IPV4=$_IPV4
fi
else
while [[ "X${IPV4}" = "X" ]]; do
echononl "IPv4 address: "
read IPV4
if [[ "X${IPV4}" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mIPv4 address is reqired\033[m\n"
fi
done
fi
IPV6=
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert IPv6 address"
echo "Type:"
echo -e "\t\033[33mNone\033[m if IPv6 is not suppoerted"
echo ""
if [[ -n "$_IPV6" ]]; then
[[ "X$_IPV6" = "Xdisabled" ]] && _IPV6=None
echononl "IPv6 address [${_IPV6}]: "
read IPV6
if [[ "X${IPV6}" = "X" ]]; then
IPV6=$_IPV6
fi
else
while [[ "X${IPV6}" = "X" ]]; do
echononl "IPv6 address: "
read IPV6
if [[ "X${IPV6}" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mIPv4 address is reqired\033[m\n"
fi
done
fi
if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
IPV6=disabled
fi
ADMIN_EMAIL=
echo ""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert e-mail address where messages to local root should be forwarded"
echo ""
echo ""
if [[ -n "$_ADMIN_EMAIL" ]]; then
echononl "Admin e-mail address [$_ADMIN_EMAIL]: "
read ADMIN_EMAIL
if [[ "X${ADMIN_EMAIL}" = "X" ]]; then
ADMIN_EMAIL=$_ADMIN_EMAIL
fi
else
while [[ "X${ADMIN_EMAIL}" = "X" ]]; do
echononl "Admin e-mail address: "
read ADMIN_EMAIL
if [[ "X${ADMIN_EMAIL}" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mAdmin e-mail address is reqired\033[m\n"
fi
done
fi
SASL_AUTH=
echo ""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Should this System relay mails through another host using sasl auth?"
echo ""
if [[ -n "$_SASL_AUTH" ]]; then
if $_SASL_AUTH ; then
echononl "Relay mails using sasl auth? [yes]; "
read SASL_AUTH
if [[ "X${SASL_AUTH}" = "X" ]]; then
SASL_AUTH=true
else
SASL_AUTH=${SASL_AUTH,,}
if [ "X$SASL_AUTH" != "Xyes" -a "X$SASL_AUTH" != "Xno" ]; then
echononl "Wrong entry {yes/no]: "
fi
fi
else
echononl "Relay mails using sasl auth? [no]; "
read SASL_AUTH
if [[ "X${SASL_AUTH}" = "X" ]]; then
SASL_AUTH=false
else
SASL_AUTH=${SASL_AUTH,,}
if [ "X$SASL_AUTH" != "Xyes" -a "X$SASL_AUTH" != "Xno" ]; then
echononl "Wrong entry [yes/no]: "
fi
fi
fi
else
echononl "Relay mails using sasl auth? (yes/no); "
while [[ "X${SASL_AUTH}" = "X" ]] ; do
read SASL_AUTH
SASL_AUTH=${SASL_AUTH,,}
if [ "X$SASL_AUTH" != "Xyes" -a "X$SASL_AUTH" != "Xno" ]; then
SASL_AUTH=
echononl "Wrong entry [yes/no]: "
fi
done
fi
if [[ "$SASL_AUTH" = "yes" ]] || $SASL_AUTH ; then
SASL_AUTH=true
SASL_USER=
echo ""
echo "Insert SASL user"
echo ""
if [[ -n "$_SASL_USER" ]];then
echononl "SASL user [$_SASL_USER]: "
read SASL_USER
if [[ "X${SASL_USER}" = "X" ]]; then
SASL_USER=$_SASL_USER
fi
else
while [[ "X${SASL_USER}" = "X" ]]; do
echononl "SASL user: "
read SASL_USER
if [[ "X${SASL_USER}" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mSASL user is reqired\033[m\n"
fi
done
fi
SASL_PASS=
echo ""
echo "Insert SASL pasword"
echo ""
if [[ -n "$_SASL_PASS" ]];then
echononl "SASL password [$_SASL_PASS]: "
read SASL_PASS
if [[ "X${SASL_PASS}" = "X" ]]; then
SASL_PASS=$_SASL_PASS
fi
else
while [[ "X${SASL_PASS}" = "X" ]]; do
echononl "SASL password: "
read SASL_PASS
if [[ "X${SASL_PASS}" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mSASL password is reqired\033[m\n"
fi
done
fi
RELAY_HOST=
echo ""
echo "Insert Relayhost"
echo ""
if [[ -n "$_RELAY_HOST" ]];then
echononl "Relayhost [$_RELAY_HOST]: "
read RELAY_HOST
if [[ "X${RELAY_HOST}" = "X" ]]; then
RELAY_HOST=$_RELAY_HOST
fi
else
while [[ "X${RELAY_HOST}" = "X" ]]; do
echononl "Relayhost: "
read RELAY_HOST
if [[ "X${RELAY_HOST}" = "X" ]]; then
echo -e "\n\t\033[33m\033[1mRelayhost is reqired\033[m\n"
fi
done
fi
else
SASL_AUTH=false
fi
echo ""
echo ""
echo -e "\033[21G\033[32mStart installation/configuration with the following parameters\033[m"
echo ""
echo -e "\tHostname.................: $HOSTNAME"
echo -e "\tIPv4 address.............: $IPV4"
echo -e "\tIPv6 address.............: $IPV6"
echo -e "\tAdmin e-mail.............: $ADMIN_EMAIL"
echo ""
echo -e "\tRelay using sasl auth....: $SASL_AUTH"
if $SASL_AUTH ; then
echo -e "\t sasl user.............: $SASL_USER"
echo -e "\t sasl password.........: $SASL_PASS"
echo -e "\t Relayhost.............: $RELAY_HOST"
fi
echo ""
echononl "einverstanden (yes/no): "
read OK
OK=${OK,,}
while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do
echononl "Wrong entry! [yes/no]: "
read OK
OK=${OK,,}
done
[ $OK = "yes" ] || fatal Repeat with other settings..
echo ""
echo ""
echononl " Save Configuration"
cat << EOF > $conf_file
# ---
# - Parameter Settings Postfix Bases System
# -
# - - automated generated config file -
# ---
_HOSTNAME=$HOSTNAME
_IPV4=$IPV4
_IPV6=$IPV6
_ADMIN_EMAIL=$ADMIN_EMAIL
_SASL_AUTH=$SASL_AUTH
_SASL_USER=$SASL_USER
_SASL_PASS=$SASL_PASS
_RELAY_HOST=$RELAY_HOST
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
[[ "$IPV6" = "disabled" ]] && IPV6=""
# - Deinstall debian exim4 packages
# -
echononl " Deinstall debian exim4 packages"
_installed_exim_packages=`dpkg -l | grep exim4 | grep -e "^i" | awk '{print$2}'`
for _pkg in $_installed_exim_packages ; do
installed_exim_packages="$installed_exim_packages $_pkg"
done
if [[ -n "$installed_exim_packages" ]] ; then
if `dpkg -l | grep bsd-mailx | grep -e "^i" > /dev/null 2>&1` ; then
installed_exim_packages="$installed_exim_packages bsd-mailx"
fi
apt-get remove --purge -qq -y $installed_exim_packages > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
# - Install Postfix from debian packages system
# -
echononl " Install Postfix from debian packages system"
_needed_packages="postfix postfix-pcre libsasl2-modules bsd-mailx haveged"
for _pkg in $_needed_packages ; do
if `dpkg -l | grep $_pkg | grep -e "^i" > /dev/null 2>&1` ; then
continue
else
needed_packages="$needed_packages $_pkg"
fi
done
if [[ -n "$needed_packages" ]]; then
DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
# - Backup existing postfix configuration file
# -
echononl " Backup existing postfix configuration file"
if [[ -f "/etc/postfix/main.cf" ]]; then
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.`date +%Y%m%d-%H%M`
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
# - Creeate new postfix configuration file
# -
echononl " Creeate new postfix configuration file"
cat <<EOF > /etc/postfix/main.cf
# ============ Basic settings ============
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myorigin = /etc/mailname
smtpd_banner = \$myhostname ESMTP \$mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
## - The Internet protocols Postfix will attempt to use when making
## - or accepting connections.
## - DEFAULT: ipv4
EOF
if [ -n "$IPV6" ]; then
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4, ipv6
#inet_interfaces = all
inet_interfaces = 127.0.0.1
$IPV4
$IPV6
myhostname = $HOSTNAME
mydestination =
$HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
[::ffff:127.0.0.0]/104
[::1]/128
${IPV4}/32
[${IPV6}]/128
#smtp_bind_address = $IPV4
#smtp_bind_address6 = $IPV6
EOF
else
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4
#inet_interfaces = all
inet_interfaces =
127.0.0.1
$IPV4
myhostname = $HOSTNAME
mydestination =
$HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
${IPV4}/32
#smtp_bind_address = $IPV4
#smtp_bind_address6 = $IPV6
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - The method to generate the default value for the mynetworks parameter.
## -
## - mynetworks_style = host" when Postfix should "trust" only the local machine
## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
## - clients in the same IP subnetworks as the local machine.
## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
## - IP class A/B/C networks as the local machine.
## -
#mynetworks_style = host
## - The maximal size of any local(8) individual mailbox or maildir file,
## - or zero (no limit). In fact, this limits the size of any file that is
## - written to upon local delivery, including files written by external
## - commands that are executed by the local(8) delivery agent.
## -
mailbox_size_limit = 0
## - The maximal size in bytes of a message, including envelope information.
## -
## - we user 50MB
## -
message_size_limit = 52480000
## - The system-wide recipient address extension delimiter
## -
recipient_delimiter = +
## - The alias databases that are used for local(8) delivery.
## -
alias_maps =
hash:/etc/aliases
## - The alias databases for local(8) delivery that are updated
## - with "newaliases" or with "sendmail -bi".
## -
alias_database =
hash:/etc/aliases
## - The maximal time a message is queued before it is sent back as
## - undeliverable. Defaults to 5d (5 days)
## - Specify 0 when mail delivery should be tried only once.
## -
maximal_queue_lifetime = 3d
bounce_queue_lifetime = \$maximal_queue_lifetime
## - delay_warning_time (default: 0h)
## -
## - The time after which the sender receives a copy of the message
## - headers of mail that is still queued. To enable this feature,
## - specify a non-zero time value (an integral value plus an optional
## - one-letter suffix that specifies the time unit).
## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
## - The default time unit is h (hours).
delay_warning_time = 1d
EOF
if $SASL_AUTH ; then
cat <<EOF >> /etc/postfix/main.cf
# ============ Relay parameters ============
#relayhost =
# ============ SASL authentication ============
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Forwarding to the ip-adress of host b.mx.oopen.de
relayhost = [${RELAY_HOST}]
# File including login data
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Force using a (TLS) security connection
# obsulete - use smtp_tls_security_level instead
#smtp_use_tls = yes
#smtp_tls_enforce_peername = no
smtp_tls_security_level = encrypt
# Disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level=encrypt
EOF
else
cat <<EOF >> /etc/postfix/main.cf
# ============ Relay parameters ============
relayhost =
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level=may
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - Aktiviert TLS für den Mailversand
## -
## - may:
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
## - but do not require that clients use TLS encryption.
# smtp_use_tls=yes
smtpd_tls_security_level=may
## - 0 Disable logging of TLS activity.
## - 1 Log TLS handshake and certificate information.
## - 2 Log levels during TLS negotiation.
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
## -
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtpd_tls_cert_file = $_TLS_CERT_FILE
smtpd_tls_key_file = $_TLS_KEY_FILE
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter
## -
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
## - server certificates or intermediate CA certificates. These are loaded into
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
## -
smtp_tls_CAfile = $_TLS_CA_FILE
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
## - necessary "hash" links with, for example, "
## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
## -
## - !! Note !!
## - To use this option in chroot mode, this directory (or a copy) must be inside
## - the chroot jail.
## -
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
## - queue directory (/var/spool/postfix)
## -
#smtpd_tls_CApath = /etc/postfix/certs
# Disable SSLv2 SSLv3 - Postfix SMTP server
#
# List of TLS protocols that the Postfix SMTP server will exclude or
# include with opportunistic TLS encryption.
smtpd_tls_protocols = !SSLv2, !SSLv3
#
# The SSL/TLS protocols accepted by the Postfix SMTP server
# with mandatory TLS encryption.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Disable SSLv2 SSLv3 - Postfix SMTP client
#
# List of TLS protocols that the Postfix SMTP client will exclude or
# include with opportunistic TLS encryption.
smtp_tls_protocols = !SSLv2, !SSLv3
#
# List of SSL/TLS protocols that the Postfix SMTP client will use
# with mandatory TLS encryption
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
## - openssl > 1.0
## -
smtpd_tls_eecdh_grade = strong
# standard list cryptographic algorithm
tls_preempt_cipherlist = yes
# Disable ciphers which are less than 256-bit:
#
#smtpd_tls_mandatory_ciphers = high
#
# opportunistic
smtpd_tls_ciphers = high
# Exclude ciphers
#smtpd_tls_exclude_ciphers =
# RC4
# aNULL
# SEED-SHA
# EXP
# MD5
smtpd_tls_exclude_ciphers =
aNULL
eNULL
EXPORT
DES
RC4
MD5
PSK
aECDH
EDH-DSS-DES-CBC3-SHA
EDH-RSA-DES-CDC3-SHA
KRB5-DE5, CBC3-SHA
smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
EOF
echo_ok
echononl " Configure SASL authentification"
if $SASL_AUTH ; then
_failed=false
echo "[$RELAY_HOST] ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" > /etc/postfix/sasl_passwd
if [[ "$?" != "0" ]]; then
error "Setting \"/etc/postfix/sasl_passwd\" failed! "
_failed=true
fi
chown root:root /etc/postfix/sasl_passwd
if [[ "$?" != "0" ]]; then
error "Setting ownership of \"/etc/postfix/sasl_passwd\" failed! "
_failed=true
fi
chmod 600 /etc/postfix/sasl_passwd
if [[ "$?" != "0" ]]; then
error "Setting permissions on \"/etc/postfix/sasl_passwd\" failed! "
_failed=true
fi
postmap /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd.db
if [[ "$?" != "0" ]]; then
error "Creating \"/etc/postfix/sasl_passwd\" failed! "
_failed=true
fi
chown root:root /etc/postfix/sasl_passwd.db
if [[ "$?" != "0" ]]; then
error "Setting ownership of \"/etc/postfix/sasl_passwd.db\" failed! "
_failed=true
fi
if $_failed ; then
echo_failed
else
echo_ok
fi
else
echo_skipped
fi
## - /etc/mailname
## -
echononl " Set \"/etc/mailname\""
echo $HOSTNAME > /etc/mailname
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
## - /etc/aliases
## -
echononl " Adjust \"/etc/aliases\""
cat << EOF > /etc/aliases
# See man 5 aliases for format
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
do-not-reply: /dev/null
root: $ADMIN_EMAIL
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
## - create directory for certificates and copy certificates
## - and coresponding keys to /etc/postfix/ssl/
## -
echononl " Create directory for certificates \"/etc/postfix/ssl\""
if [[ -d "/etc/postfix/ssl" ]] ; then
echo_skipped
else
mkdir -p /etc/postfix/ssl
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
## - generate DH parameters that the Postfix SMTP server should use
## - with EDH ciphers (length 512 and 1024
## -
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then
openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then
openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then
openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
echononl " Create Symlink \"$_TLS_CERT_FILE\""
if [ ! -h "$_TLS_CERT_FILE" ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem $_TLS_CERT_FILE
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
echononl " Create Symlink \"$_TLS_KEY_FILE\""
if [ ! -h "$_TLS_KEY_FILE" ]; then
ln -s /etc/ssl/private/ssl-cert-snakeoil.key $_TLS_KEY_FILE
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
## - rebuld alias database
## -
echononl " Rebuld alias database"
newaliases > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
## - restart postfix
## -
echononl " Restart postfix"
if $systemd_exists ; then
systemctl restart postfix > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
/etc/init.d/postfix restart > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
## - Omitt logging into system.log
## -
echononl " Create \"/etc/rsyslog.d/postfix.conf\""
cat << EOF >> /etc/rsyslog.d/postfix.conf
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
mail.* -/var/log/mail.log
& ~
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
echononl " Restart rsyslog daemon"
if $systemd_exists ; then
systemctl restart rsyslog > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
/etc/init.d/rsyslog restart > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
echo ""
exit

2978
install_postfixadmin.sh Executable file
View File

File diff suppressed because it is too large Load Diff

3030
install_roundcube.sh Executable file
View File

File diff suppressed because it is too large Load Diff

3223
install_update_dovecot.sh Executable file
View File

File diff suppressed because it is too large Load Diff

572
upgrade_roundcube.sh Executable file
View File

@@ -0,0 +1,572 @@
#!/usr/bin/env bash
clear
echo -e "\n \033[32mStart script for upgrading Roundcube Webmailer..\033[m"
## -----------------------------------------------------------------
## ----------------------------------------------------------------
## ---
## --- For configurations see file conf/install_upgrade_roundcube.conf
## ---
## --- Dont make changes here!
## ---
## -----------------------------------------------------------------
## -----------------------------------------------------------------
# -------------
# - Settings
# -------------
_src_base_dir="$(realpath $(dirname $0))"
conf_file="${_src_base_dir}/conf/install_upgrade_roundcube.conf"
curdir=`pwd`
log_file="$(mktemp)"
tmp_dir="$(mktemp -d)"
backup_date="$(date +%Y-%m-%d-%H%M)"
crontab_backup_file="/root/crontab-root.${backup_date}"
# -------------
# - Functions
# -------------
clean_up() {
# Perform program exit housekeeping
rm -f "$log_file"
rm -rf "$tmp_dir"
exit $1
}
echononl(){
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
fatal(){
echo ""
echo -e "\t[ \033[31m\033[1mFatal\033[m ]: $*"
echo ""
echo -e "\t\033[31m\033[1mInstalllation wird abgebrochen\033[m"
echo ""
clean_up 1
}
error(){
echo ""
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
}
warn (){
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
}
info (){
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
}
echo_ok() {
echo -e "\033[85G[ \033[32mok\033[m ]"
}
echo_failed(){
echo -e "\033[85G[ \033[1;31mfailed\033[m ]"
}
echo_skipped() {
echo -e "\033[85G[ \033[30m\033[1mskipped\033[m ]"
}
echo_not_yet_implemented(){
echo -e "\033[85G[ \033[30m\033[1mnot yet implemented\033[m ]"
}
trap clean_up SIGHUP SIGINT SIGTERM
# - Support systemd ?
# -
if [[ "X$(which systemd)" = "X" ]]; then
SYSTEMD_EXISTS=false
else
SYSTEMD_EXISTS=true
fi
DEFAULT_DB_HOST="localhost"
DEFAULT_DB_NAME="roundcubemail"
DEFAULT_DB_USER="roundcube"
echo
echononl " Include Configuration file.."
if [[ ! -f $conf_file ]]; then
echo_failed
fatal "Missing configuration file '$conf_file'"
else
source $conf_file
echo_ok
fi
[[ -n "$WEBSITE_NAME" ]] || fatal "Website's name (WEBSITE_NAME) not present!"
DEFAULT_WEBSITE_BASEDIR="/var/www/${WEBSITE_NAME}"
[[ -n "$WEBSITE_BASEDIR" ]] || WEBSITE_BASEDIR=$DEFAULT_WEBSITE_BASEDIR
CUR_INSTALL_DIR="$(realpath "${WEBSITE_BASEDIR}/htdocs")"
if [[ ! -d "$CUR_INSTALL_DIR" ]] ; then
fatal "No current installation of roundcube found!"
fi
[[ -n "$DB_TYPE" ]] || fatal "Database Type of Roundcube Database (DB_TYPE) not present!"
[[ -n "$DB_HOST" ]] || DB_HOST="$DEFAULT_DB_HOST"
[[ -n "$DB_NAME" ]] || DB_NAME="$DEFAULT_DB_NAME"
[[ -n "$DB_USER" ]] || DB_USER="$DEFAULT_DB_USER"
[[ -n "$MYSQL_DEBIAN_INSTALLATION" ]] || MYSQL_DEBIAN_INSTALLATION=false
if [ "$DB_TYPE" = "postgres" -o "$DB_TYPE" = "postgresql" -o "$DB_TYPE" = "pgsql" -o "$DB_TYPE" = "psql" ];then
DB_TYPE="pgsql"
fi
if [[ "$DB_TYPE" = "mysql" ]]; then
if $MYSQL_DEBIAN_INSTALLATION ; then
[[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
else
[[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
fi
else
[[ "$DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$DB_TYPE' (DB_TYPE)"
fi
echo -e "\033[32m--\033[m"
echo ""
echo "Version of the Roundcube Webmailer to install"
echo ""
echo ""
ROUNDCUBE_VERSION=
while [ "X$ROUNDCUBE_VERSION" = "X" ]
do
echononl "Roundcube Version: "
read ROUNDCUBE_VERSION
if [ "X$ROUNDCUBE_VERSION" = "X" ]; then
echo -e "\n\t\033[33m\033[1mA version number is required!\033[m\n"
fi
done
echo ""
echo -e "\033[32m--\033[m"
echo ""
NEW_INSTALL_DIR="${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}"
if [[ "$NEW_INSTALL_DIR" = "$CUR_INSTALL_DIR" ]] ; then
fatal "Version '${ROUNDCUBE_VERSION}' is already installed"
fi
echo ""
echo ""
echo -e "\033[1;32mSettings for installation of \033[1;37mRoundcube Webmail\033[m"
echo ""
echo -e "\tRoundcube Version....................: $ROUNDCUBE_VERSION"
echo ""
echo -e "\tName of the Website..................: $WEBSITE_NAME"
echo ""
if [[ "$DB_TYPE" = "mysql" ]]; then
echo -e "\tDatabase type of Roundcube Database..: MySQL"
echo -e "\tMySQL from Debian Package System.....: $MYSQL_DEBIAN_INSTALLATION"
else
echo -e "\tDatabase type of Roundcube Database..: PostgreSQL"
fi
echo -e "\tHost of Roundcube Database...........: $DB_HOST"
echo -e "\tName of Roundcube Database...........: $DB_NAME"
echo -e "\tUser of Roundcube Database...........: $DB_USER"
echo -e "\tPassword of Roundcube Database.......: $DB_PASS"
if [[ "$DB_TYPE" = "mysql" ]]; then
echo -e "\tMySQL Credentials (root access)......: $MYSQL_CREDENTIALS"
fi
echo ""
echo -e "\tCrontab backup file..................: $crontab_backup_file"
echo ""
echo -n "Type upper case 'YES' to continue executing with this parameters: "
read OK
if [[ "$OK" = "YES" ]] ; then
echo ""
echo ""
echo -e " \033[1;32mGoing to upgrade Roundcube Webmailer \033[1;37m$network \033[m"
echo ""
else
fatal "Abort by user request - Answer as not 'YES'"
fi
if [[ "$DB_TYPE" = "mysql" ]]; then
if ! mysql $MYSQL_CREDENTIALS -N -s -e \
"SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '$DB_NAME'" 2>> $log_file \
| grep $DB_NAME >> $log_file 2>&1 ; then
fatal "MySQL Database '$DB_NAME' does not exit. (See Parameter 'DB_NAME')"
fi
elif [[ "$DB_TYPE" = "pgsql" ]]; then
count=$(su - postgres -c "psql -q -A -t -l" | grep -c -e "^$DB_NAME")
if [[ $count -eq 0 ]];then
fatal "PostgreSQL Database '$DB_NAME' does not exit. (See Parameter 'DB_NAME')"
fi
else
fatal "Cannot detect database type (value of DB_TYPE is neither 'mysql' nor 'pgsql')"
fi
echo -e "\n\n \033[37m\033[1mCreate some Backups..\033[m\n"
echononl " Backup existing Database '$DB_NAME'"
if [[ "$DB_TYPE" = "mysql" ]]; then
echo -n " (MySQL).."
mysqldump -u$_mysql_rootuser -p$_mysql_rootpass --opt $DB_NAME > ${WEBSITE_BASEDIR}/${DB_NAME}.$backup_date 2> $log_file
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
elif [[ "$DB_TYPE" = "pgsql" ]]; then
echo -n " (PostgreSQL).."
su - postgres -c "pg_dump -c $DB_NAME" > ${WEBSITE_BASEDIR}/${DB_NAME}.$backup_date.sql 2> $log_file
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
echononl " Backup existing web-directory .."
if [[ -d "$CUR_INSTALL_DIR" ]]; then
mv "$CUR_INSTALL_DIR" "${CUR_INSTALL_DIR}.$backup_date" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
else
fatal "No current installation of roundcube found!"
fi
echo -e "\n\n \033[37m\033[1mDownloud/Unpack source archive..\033[m\n"
echononl " Download 'roundcubemail-${ROUNDCUBE_VERSION}'.."
if [[ ! -f "$_src_base_dir/roundcubemail-${ROUNDCUBE_VERSION}.tar.gz" ]]; then
wget -O ${_src_base_dir}/roundcubemail-${ROUNDCUBE_VERSION}.tar.gz https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBE_VERSION}/roundcubemail-${ROUNDCUBE_VERSION}.tar.gz > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
echononl " Remove existing source directory"
if [[ -d "${_src_base_dir}/roundcubemail-${ROUNDCUBE_VERSION}" ]]; then
rm -rf "${_src_base_dir}/roundcubemail-${ROUNDCUBE_VERSION}" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
echononl " Unpack roundcube source archive.."
gunzip < ${_src_base_dir}/roundcubemail-${ROUNDCUBE_VERSION}.tar.gz | tar -C ${_src_base_dir} -xf - > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
echo -e "\n\n \033[37m\033[1mSome pre-installation tasks..\033[m\n"
## - Disable crontab for user root
## -
echononl " Backup crontab"
echo "" >> ${logdir}/main.log
echo "crontab -u root -l > $crontab_backup_file" >> ${logdir}/main.log
crontab -u root -l >> $crontab_backup_file 2>> ${logdir}/main.log
if [[ "$?" = "0" ]]; then
echo_ok
else
echo_failed
fi
echononl " Disable crontab for user root"
echo "" >> ${logdir}/main.log
echo "crontab -r -u root" >> ${logdir}/main.log
crontab -r -u root >> ${logdir}/main.log 2>&1
if [[ "$?" = "0" ]]; then
echo_ok
else
echo_failed
fi
echononl " Stop Apache Webserver.."
if $SYSTEMD_EXISTS ; then
systemctl stop apache2
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
else
/etc/init.d/apache2 stop
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
fi
# - Determin PHP of all installed versions
# -
echononl "\tGet major version of all installed PHP versions"
php_major_versions="$(find /usr/local/ -maxdepth 1 -mindepth 1 -type l -name "php-*" -print | cut -d "-" -f2 | sort)"
if [[ -z "$php_major_versions" ]]; then
echo_failed
error "Getting version numbers of installed PHP versions failed! No installed PHP versiond found!"
else
echo_ok
fi
# - Stop all PHP FPM engines
# -
if [[ -n "$php_major_versions" ]]; then
for _ver in $php_major_versions ; do
echononl " Stop PHP FPM engine v${_ver}.."
if [[ -f "/etc/init.d/php-${_ver}-fpm" ]]; then
/etc/init.d/php-${_ver}-fpm stop > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
elif [[ -f "/etc/systemd/system/php-${_ver}-fpm.service" ]] ; then
systemctl stop php-${_ver}-fpm > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
done
fi
echo -e "\n\n \033[37m\033[1mUgrade Roundcube Webmail..\033[m\n"
echononl " Copy current web-directory into a the new one.."
cp -a "${CUR_INSTALL_DIR}.$backup_date" "${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
echononl " Set actual timestamp to the new web-directory"
touch -t "$(date +%Y%m%d%H%M.%S)" "${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
echononl " Change into new roundcube source directory"
cd "${_src_base_dir}/roundcubemail-${ROUNDCUBE_VERSION}" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
echononl " Create log-directory for update log file"
if [[ ! -d "${_src_base_dir}/log" ]]; then
mkdir "${_src_base_dir}/log" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
else
echo_skipped
fi
echo ""
echo " Update the the roundcube web-directory to version '${ROUNDCUBE_VERSION}'"
echononl " See: ${_src_base_dir}/log/update_roundcube-${ROUNDCUBE_VERSION}.${backup_date}.log"
echo "y" | ${_src_base_dir}/roundcubemail-${ROUNDCUBE_VERSION}/bin/installto.sh "${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}" > ${_src_base_dir}/log/update_roundcube-${ROUNDCUBE_VERSION}.${backup_date}.log 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fi
echo ""
echononl " Change into new roundcube web directory"
cd "${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
echononl " Update dependencies by running 'php composer.phar update --no-dev'"
php composer.phar update --no-dev > ${_src_base_dir}/log/update_roundcube-${ROUNDCUBE_VERSION}-dependencies.${backup_date}.log 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat ${_src_base_dir}/log/update_roundcube-${ROUNDCUBE_VERSION}-dependencies.${backup_date}.log)"
fi
echononl " Index build-in addressbook"
${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}/bin/indexcontacts.sh > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
_failed=false
echononl " Symlink DocumentRoot to the new installation directory.."
if [[ -h "${WEBSITE_BASEDIR}/htdocs" ]]; then
rm "${WEBSITE_BASEDIR}/htdocs" > $log_file 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
elif [[ -f "${WEBSITE_BASEDIR}/htdocs" ]]; then
mv "${WEBSITE_BASEDIR}/htdocs" "${WEBSITE_BASEDIR}/htdocs/.$backup_date" > $log_file 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
ln -s "roundcubemail-${ROUNDCUBE_VERSION}" "${WEBSITE_BASEDIR}/htdocs" >> $log_file 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $_failed ; then
echo_failed
error "$(cat $log_file)"
else
echo_ok
fi
echo -e "\n\n \033[37m\033[1mSome post-installation tasks..\033[m\n"
# - Start all PHP FPM engines
# -
if [[ -n "$php_major_versions" ]]; then
for _ver in $php_major_versions ; do
echononl " Start PHP FPM engine v${_ver}.."
if [[ -f "/etc/init.d/php-${_ver}-fpm" ]]; then
/etc/init.d/php-${_ver}-fpm start > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
elif [[ -f "/etc/systemd/system/php-${_ver}-fpm.service" ]] ; then
systemctl start php-${_ver}-fpm > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
done
fi
# - Start Apache Webserver
# -
echononl " Start Apache Webserver.."
if $SYSTEMD_EXISTS ; then
systemctl start apache2 > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
else
/etc/init.d/apache2 start> $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
fi
echononl " Renstall previously saved crontab from '$crontab_backup_file'.."
crontab $crontab_backup_file > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Delete previously saved crontab file '$crontab_backup_file'.."
rm "$crontab_backup_file" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echo ""
clean_up 0