install_postfix_advanced.sh: add SPF sender whitelist configuration
This commit is contained in:
@@ -36,9 +36,52 @@ openssl s_client -crlf -connect ${mailserver}:993
|
|||||||
openssl s_client -crlf -starttls imap -connect ${mailserver}:143
|
openssl s_client -crlf -starttls imap -connect ${mailserver}:143
|
||||||
|
|
||||||
|
|
||||||
|
# Force IPv4
|
||||||
|
openssl s_client -crlf -starttls smtp -4 -connect ${mailserver}:25 [-state -debug]
|
||||||
|
openssl s_client -crlf -starttls smtp -4 -connect ${mailserver}:587
|
||||||
|
openssl s_client -crlf -4 -connect ${mailserver}:465
|
||||||
|
openssl s_client -crlf -4 -connect ${mailserver}:995
|
||||||
|
openssl s_client -crlf -starttls pop3 -4 -connect ${mailserver}:110
|
||||||
|
openssl s_client -crlf -4 -connect ${mailserver}:993
|
||||||
|
openssl s_client -crlf -starttls imap -4 -connect ${mailserver}:143
|
||||||
|
|
||||||
|
|
||||||
# Test RSA based TLS connection
|
# Test RSA based TLS connection
|
||||||
#
|
#
|
||||||
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
|
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
|
||||||
|
|
||||||
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2
|
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2
|
||||||
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp
|
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp
|
||||||
|
|
||||||
|
|
||||||
|
# ---
|
||||||
|
|
||||||
|
|
||||||
|
# Test tracerout TCP
|
||||||
|
#
|
||||||
|
# allgemein:
|
||||||
|
traceroute -T mail.oopen.de
|
||||||
|
|
||||||
|
# speziell die mailuser ports:
|
||||||
|
traceroute -T -p 587 mail.oopen.de
|
||||||
|
traceroute -T -p 465 mail.oopen.de
|
||||||
|
traceroute -T -p 110 mail.oopen.de
|
||||||
|
traceroute -T -p 995 mail.oopen.de
|
||||||
|
traceroute -T -p 143 mail.oopen.de
|
||||||
|
traceroute -T -p 993 mail.oopen.de
|
||||||
|
|
||||||
|
|
||||||
|
# Force IPv4
|
||||||
|
|
||||||
|
# allgemein:
|
||||||
|
traceroute -4 -T mail.oopen.de
|
||||||
|
|
||||||
|
# speziell die mailuser ports:
|
||||||
|
traceroute -4 -T -p 587 mail.oopen.de
|
||||||
|
traceroute -4 -T -p 465 mail.oopen.de
|
||||||
|
traceroute -4 -T -p 110 mail.oopen.de
|
||||||
|
traceroute -4 -T -p 995 mail.oopen.de
|
||||||
|
traceroute -4 -T -p 143 mail.oopen.de
|
||||||
|
traceroute -4 -T -p 993 mail.oopen.de
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -2932,6 +2932,7 @@ if [[ -n "$(which policyd-spf)" ]] ; then
|
|||||||
cat <<EOF >> /etc/postfix/main.cf
|
cat <<EOF >> /etc/postfix/main.cf
|
||||||
# Check Postfix policy service ..
|
# Check Postfix policy service ..
|
||||||
#
|
#
|
||||||
|
check_client_access btree:/etc/postfix/spf_sender_whitelist
|
||||||
check_policy_service unix:private/policy-spf
|
check_policy_service unix:private/policy-spf
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
@@ -3495,6 +3496,25 @@ else
|
|||||||
echo_failed
|
echo_failed
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -n "$(which policyd-spf)" ]] ; then
|
||||||
|
_file="/etc/postfix/spf_sender_whitelist"
|
||||||
|
echononl " Create file \"${_file}\""
|
||||||
|
cat <<EOF > ${_file}
|
||||||
|
# (Sender) Whitelist from SPF (polidy-spf)
|
||||||
|
|
||||||
|
# All mails from domain 'domain-robot.org' (including subdomains)
|
||||||
|
domain-robot.org OK
|
||||||
|
EOF
|
||||||
|
|
||||||
|
postmap btree:${_file}
|
||||||
|
if [[ $? -eq 0 ]] ; then
|
||||||
|
echo_ok
|
||||||
|
else
|
||||||
|
echo_failed
|
||||||
|
fi
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
echononl " Create file \"client_allow_relay\""
|
echononl " Create file \"client_allow_relay\""
|
||||||
if [[ ! -f "/etc/postfix/client_allow_relay" ]]; then
|
if [[ ! -f "/etc/postfix/client_allow_relay" ]]; then
|
||||||
cat <<EOF > /etc/postfix/client_allow_relay
|
cat <<EOF > /etc/postfix/client_allow_relay
|
||||||
|
|||||||
Reference in New Issue
Block a user