From d407b2ecf0af783913d4f9bf78be74cacaabe7bb Mon Sep 17 00:00:00 2001 From: Christoph Date: Wed, 26 Nov 2025 12:36:56 +0100 Subject: [PATCH] install_opendkim.sh,install_opendmarc.sh: Support the execution of scripts at any time. A non-existent configuration is created, and an already installed configuration is adjusted if necessary. --- install_opendkim.sh | 38 +++++++++- install_opendmarc.sh | 169 ++++++++++++++++++++++++++++++++++++------- 2 files changed, 178 insertions(+), 29 deletions(-) diff --git a/install_opendkim.sh b/install_opendkim.sh index ff7acce..9b85d7a 100755 --- a/install_opendkim.sh +++ b/install_opendkim.sh @@ -505,9 +505,38 @@ milter_protocol = 6 # If you want sign mails before sending through AmaVIS, set # 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to # localhost:10025 section in master.cf: 'smtpd_milters=' -# +# #smtpd_milters = local:/opendkim/opendkim.sock smtpd_milters = + +# Was sind non_smtpd_milters? +# +# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT +# der smtpd-Daemon sind. +# +# Das betrifft z. B.: +# +# cleanup Header/Content-Bereinigung +# qmgr Queue-Manager +# lmtp / smtp Auslieferung nach extern +# local lokale Zustellung +# +# Das sind z. B.: +# +# - interne Bounces (MAILER-DAEMON) +# +# - Cron-Mails vom Server +# +# - Weiterleitungen, die Postfix selbst generiert +# +# - Mails, die über sendmail CLI gesendet werden +# +# - Mails, die Amavis über LMTP zurückgibt +# +# - etc. +# +# +# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden. non_smtpd_milters = local:/opendkim/opendkim.sock EOF postfix_needs_restart=true @@ -558,6 +587,11 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then _found=false + if ! echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*local:/opendkim/opendkim.sock\s*$" ; then + echo " -o smtpd_milters=local:/opendkim/opendkim.sock" >> "$tmp_master_file" + _changed=true + continue + fi fi if echo "$_line" | grep -i -q -E "^\s*(submission|smtps)\s+inet\s+" 2> /dev/null ; then @@ -578,7 +612,7 @@ if $_changed ; then fi else echo_skipped - warn "Postfix (master.cf) seems already be configured." + info "Postfix (master.cf) was not changed - seems already be configured right." echononl " Delete previosly saved file '/etc/postfix/master.cf'.." rm /etc/postfix/master.cf.$backup_date 2> $log_file if [[ $? -eq 0 ]] ; then diff --git a/install_opendmarc.sh b/install_opendmarc.sh index 4672056..dafd81d 100755 --- a/install_opendmarc.sh +++ b/install_opendmarc.sh @@ -689,6 +689,101 @@ else fi +echo "" + + +# - Edit /etc/postfix/main.cf and add a section to activate +# - processing of e-mail through the OpenDKIM daemon: +# - +backup_date="$(date +%Y-%m-%d-%H%M)" +echononl " Backup existing postfix configuration (main.cf).." +cp -a /etc/postfix/main.cf /etc/postfix/main.cf.$backup_date 2> $log_file +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + +echononl " Activate processing of e-mail through the OpenDKIM daemon.." +if grep -q -E "milter_default_action\s*=\s*accept" /etc/postfix/main.cf ; then + echo_skipped + info "Postfix (main.cf) was not changed - seems already be configured right." + echononl " Delete previosly saved Postfix configuration.." + rm /etc/postfix/main.cf.$backup_date 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + cat <> /etc/postfix/main.cf 2> $log_file + +# ======= Milter configuration ======= + +# OpenDKIM + +milter_default_action = accept + +# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2 +milter_protocol = 6 + +# Note: +# We will sign AFTER sending through AmaVIS, just befor sending out. So +# set 'smtpd_milters =' to an emty string here and add to localhost:10025 +# section in master.cf: 'smtpd_milters=local:/opendkim/opendkim.sock' +# +# If you want sign mails before sending through AmaVIS, set +# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to +# localhost:10025 section in master.cf: 'smtpd_milters=' +# +#smtpd_milters = local:/opendkim/opendkim.sock +smtpd_milters = + +# Was sind non_smtpd_milters? +# +# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT +# der smtpd-Daemon sind. +# +# Das betrifft z. B.: +# +# cleanup Header/Content-Bereinigung +# qmgr Queue-Manager +# lmtp / smtp Auslieferung nach extern +# local lokale Zustellung +# +# Das sind z. B.: +# +# - interne Bounces (MAILER-DAEMON) +# +# - Cron-Mails vom Server +# +# - Weiterleitungen, die Postfix selbst generiert +# +# - Mails, die über sendmail CLI gesendet werden +# +# - Mails, die Amavis über LMTP zurückgibt +# +# - etc. +# +# +# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden. +non_smtpd_milters = local:/opendkim/opendkim.sock +EOF + postfix_needs_restart=true + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + + +echo "" + + # - Prevent Postfix from setting the DMARC Header twice (one befor # - and one after processing amavis # - @@ -714,24 +809,58 @@ else fi echononl " Adjust /etc/postfix/master.cf. Set DMARC after sending throuh AmaVIS.." -if $(grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*opendkim.sock" /etc/postfix/master.cf 2> /dev/null) ; then - if $(grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*$(basename ${opendmarc_socket_file})" /etc/postfix/master.cf); then - echo_skipped - else - perl -i -n -p -e "s&(^\s*-o\s+smtpd_milters\s*=.*)&\1,local:/$(basename "${opendmarc_socket_dir}")/$(basename "${opendmarc_socket_file}")&" \ - /etc/postfix/master.cf > $log_file 2>&1 - if [[ $? -eq 0 ]] ; then - echo_ok - postfix_needs_restart=true - else - echo_failed - error "$(cat $log_file)" +_found=false +_changed=false +tmp_master_file="/tmp/postfix_master.cf" +> $tmp_master_file +while IFS='' read -r _line || [[ -n $_line ]] ; do + + if $_found && ! echo "$_line" | grep -i -q -E "^\s*-o" 2> /dev/null ; then + echo " -o smtpd_milters=local:/opendmarc/opendmarc.sock" >> "$tmp_master_file" + _changed=true + _found=false + fi + + if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then + _found=false + if ! echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*local:/opendmarc/opendmarc.sock\s*$" ; then + echo " -o smtpd_milters=local:/opendmarc/opendmarc.sock" >> "$tmp_master_file" + _changed=true + continue fi + + fi + + if echo "$_line" | grep -i -q -E "^\s*(localhost|127.0.0.1):10025\s+inet\s+" 2> /dev/null ; then + _found=true + fi + + echo "$_line" >> "$tmp_master_file" + +done < "/etc/postfix/master.cf" + +if $_changed ; then + cp $tmp_master_file /etc/postfix/master.cf 2> $log_file + postfix_needs_restart=true + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" fi else echo_skipped - warn "Postfix is not adjusted. Complete Postfix configuration (master.cf) manually\!" + info "Postfix (master.cf) was not changed - seems already be configured right." + echononl " Delete previosly saved file '/etc/postfix/master.cf'.." + rm /etc/postfix/master.cf.$backup_date 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi fi +rm -f $tmp_master_file echo "" @@ -799,20 +928,6 @@ else echo_skipped fi -echo "" -if [[ -f "/etc/postfix/master.cf.${backup_date}" ]] ; then - if $(diff "/etc/postfix/master.cf" "/etc/postfix/master.cf.${backup_date}"> /dev/null 2>&1) ; then - info "File \033[1m/etc/postfix/master.cf\033[m has not changed.\n\t Removing previos created backup.." - rm "/etc/postfix/master.cf.${backup_date}" - fi -fi -if [[ -f "/etc/postfix/main.cf.${backup_date}" ]] ; then - if $(diff "/etc/postfix/main.cf" "/etc/postfix/main.cf.${backup_date}"> /dev/null 2>&1) ; then - info "File \033[1m/etc/postfix/main.cf\033[m has not changed.\n\t Removing previos created backup.." - rm "/etc/postfix/main.cf.${backup_date}" - fi -fi - echo "" rm -f "$log_file"