From ef963e89fcb3336149c02e27543e8b0c661f96b5 Mon Sep 17 00:00:00 2001 From: Christoph Kuchenbuch Date: Mon, 16 Feb 2026 00:17:56 +0100 Subject: [PATCH] install_amavis.sh: separate amavis inbound (port 10024) amd outbound (10029) in case of sympa listserver or 'only relay' server. --- install_amavis.sh | 119 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 99 insertions(+), 20 deletions(-) diff --git a/install_amavis.sh b/install_amavis.sh index 01bbd54..bad9d8b 100755 --- a/install_amavis.sh +++ b/install_amavis.sh @@ -110,7 +110,8 @@ detect_os_1 () { # --- Some default settings # ------------- -DEFAULT_SASL_AUTH_ENABLED="no" +DEFAULT_SASL_AUTH_ENABLED=false +DEFAULT_IS_SYMPA_LIST_SERVER=false DEFAULT_QUARANTINE_DIR="/var/QUARANTINE" DEFAULT_QUARANTINE_ADMIN='postmaster\@$mydomain' @@ -187,7 +188,9 @@ if [[ -z "$_HOSTNAME" ]] ; then [[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME="" fi -[[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED="$DEFAULT_SASL_AUTH_ENABLED" +[[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED=${DEFAULT_SASL_AUTH_ENABLED} + +[[ -z "${_IS_SYMPA_LIST_SERVER}" ]] && _IS_SYMPA_LIST_SERVER=${DEFAULT_IS_SYMPA_LIST_SERVER} [[ -z "$_QUARANTINE_DIR" ]] && _QUARANTINE_DIR="$DEFAULT_QUARANTINE_DIR" @@ -375,9 +378,12 @@ SASL_AUTH_ENABLED= echo "" echo -e "\033[32m--\033[m" echo "" -echo "Should this mail server support Cyrus SASL authentication?" +echo "Should this mail server support Cyrus SASL authentication? [true/yes/false/no]" echo "" -while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do +while [[ "$SASL_AUTH_ENABLED" != "yes" && + "$SASL_AUTH_ENABLED" != "true" && + "$SASL_AUTH_ENABLED" != "no" && + "$SASL_AUTH_ENABLED" != "false" ]];do if [[ -n "$_SASL_AUTH_ENABLED" ]]; then echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: " @@ -397,6 +403,49 @@ while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do done +[[ "$SASL_AUTH_ENABLED" = "yes" ]] && SASL_AUTH_ENABLED=true +[[ "$SASL_AUTH_ENABLED" = "no" ]] && SASL_AUTH_ENABLED=false + + +if ! ${SASL_AUTH_ENABLED} ; then + + IS_SYMPA_LIST_SERVER="" + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo "Are Sympa List Services provided? - [true/yes/false/no]" + echo "" + echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: " + + read IS_SYMPA_LIST_SERVER + if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then + IS_SYMPA_LIST_SERVER="$_IS_SYMPA_LIST_SERVER" + fi + IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,} + + while [[ "$IS_SYMPA_LIST_SERVER" != "yes" && \ + "$IS_SYMPA_LIST_SERVER" != "true" && \ + "$IS_SYMPA_LIST_SERVER" != "no" && \ + "$IS_SYMPA_LIST_SERVER" != "false" ]]; do + + echo -e "\n\t\033[33m\033[1mWrong value was given!!\033[m\n" + + echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: " + read IS_SYMPA_LIST_SERVER + if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then + IS_SYMPA_LIST_SERVER=false + fi + IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,} + + done + + if [[ "$IS_SYMPA_LIST_SERVER" = 'yes' || "$IS_SYMPA_LIST_SERVER" = 'true' ]] ; then + IS_SYMPA_LIST_SERVER=true + else + IS_SYMPA_LIST_SERVER=false + fi + +fi echo "" @@ -854,6 +903,7 @@ echo -e "\tIPv4 address...........................: $IPV4" echo -e "\tIPv6 address...........................: $IPV6" echo "" echo -e "\tSASL AUTH support......................: $SASL_AUTH_ENABLED" +echo -e "\tSupport sympa mailinglists.............: ${IS_SYMPA_LIST_SERVER}" echo "" echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR" echo "" @@ -905,6 +955,7 @@ _IPV4=$IPV4 _IPV6=$IPV6 _SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED +_IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER} _QUARANTINE_DIR=$QUARANTINE_DIR _QUARANTINE_ADMIN=$QUARANTINE_ADMIN @@ -4209,10 +4260,49 @@ use strict; # !! smtpd_proxy_filter - see master.cf !! # # +EOF + +if ${SASL_AUTH_ENABLED} ; then + cat << EOF >> "${_config_file}" \$inet_socket_port = [10024, 10026]; #\$inet_socket_port = [10024, 10029]; #\$inet_socket_port = [10024, 10026, 10029]; +\$interface_policy{'10026'} = 'ORIGINATING'; +\$policy_bank{'ORIGINATING'} = { + originating => 1, # declare that mail was submitted by our smtp client + bypass_spam_checks_maps => (1), + bypass_virus_checks_maps => (0), + remove_existing_spam_headers => 1, +}; +EOF + +else + + cat << EOF >> "${_config_file}" +#\$inet_socket_port = [10024, 10026]; +\$inet_socket_port = [10024, 10029]; +#\$inet_socket_port = [10024, 10026, 10029]; + +\$interface_policy{'10024'} = 'INBOUND'; +\$interface_policy{'10029'} = 'VIRUSONLY'; + +# Inbound: Spam + Virus +\$policy_bank{'INBOUND'} = { }; + +# Outbound: nur Virus +\$policy_bank{'VIRUSONLY'} = { + bypass_spam_checks_maps => [1], + bypass_header_checks_maps => [1], + final_spam_destiny => D_PASS, + originating => 1, +}; +EOF + +fi + +cat << EOF >> "${_config_file}" + # Bypass spam checking fro trusted networks # #\$interface_policy{'10026'} = 'TRUSTED'; @@ -4434,7 +4524,9 @@ if [[ "$?" -ne 0 ]] ; then fi -if [[ "${DB_TYPE}" = "PostgreSQL" ]] || [[ "${DB_TYPE}" = "MySQL" ]]; then +if [[ "${DB_TYPE}" = "PostgreSQL" ]] || \ + [[ "${DB_TYPE}" = "MySQL" ]] && \ + ! ${IS_SYMPA_LIST_SERVER}; then if [[ "$DB_TYPE" = "PostgreSQL" ]]; then _db="pgsql" @@ -4503,10 +4595,6 @@ EOF ); EOF -echo "" -echo "hallo 9" -echo "" - else cat >> /etc/amavis/conf.d/50-user <<'EOF' @local_domains_maps = ( ["."] ); @@ -4522,15 +4610,6 @@ fi cat >> /etc/amavis/conf.d/50-user < 1, # declare that mail was submitted by our smtp client - bypass_spam_checks_maps => (1), - bypass_virus_checks_maps => (0), - remove_existing_spam_headers => 1, -}; ## - If you get am error like: ## - @@ -5177,7 +5256,7 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do smtp inet n - y - - smtpd -o content_filter=amavisfeed:[127.0.0.1]:10024 EOF - if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then + if ! ${SASL_AUTH_ENABLED} ; then cat >> $postfix_master_cf << EOF -o smtpd_sasl_auth_enable=no EOF @@ -5211,7 +5290,7 @@ EOF ${additional_smtp_port} inet n - y - - smtpd -o content_filter=amavisfeed:[127.0.0.1]:10024 EOF - if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then + if ! ${SASL_AUTH_ENABLED} ; then cat >> $postfix_master_cf << EOF -o smtpd_sasl_auth_enable=no EOF