install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_amavis.sh: separate amavis inbound (port 10024) amd outbound (10029) in case of sympa listserver or 'only relay' server.

Browse Source
This commit is contained in:
Christoph
2026-02-16 00:17:56 +01:00
parent 654e5738d4
commit ef963e89fc
1 changed files with 99 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
install_amavis.sh
View File

@@ -110,7 +110,8 @@ detect_os_1 () {
# --- Some default settings # --- Some default settings
# ------------- # -------------
DEFAULT_SASL_AUTH_ENABLED="no" DEFAULT_SASL_AUTH_ENABLED=false
DEFAULT_IS_SYMPA_LIST_SERVER=false
DEFAULT_QUARANTINE_DIR="/var/QUARANTINE" DEFAULT_QUARANTINE_DIR="/var/QUARANTINE"
DEFAULT_QUARANTINE_ADMIN='postmaster\@$mydomain' DEFAULT_QUARANTINE_ADMIN='postmaster\@$mydomain'
@@ -187,7 +188,9 @@ if [[ -z "$_HOSTNAME" ]] ; then
[[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME="" [[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME=""
fi fi
[[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED="$DEFAULT_SASL_AUTH_ENABLED" [[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED=${DEFAULT_SASL_AUTH_ENABLED}
[[ -z "${_IS_SYMPA_LIST_SERVER}" ]] && _IS_SYMPA_LIST_SERVER=${DEFAULT_IS_SYMPA_LIST_SERVER}
[[ -z "$_QUARANTINE_DIR" ]] && _QUARANTINE_DIR="$DEFAULT_QUARANTINE_DIR" [[ -z "$_QUARANTINE_DIR" ]] && _QUARANTINE_DIR="$DEFAULT_QUARANTINE_DIR"
@@ -375,9 +378,12 @@ SASL_AUTH_ENABLED=
echo "" echo ""
echo -e "\033[32m--\033[m" echo -e "\033[32m--\033[m"
echo "" echo ""
echo "Should this mail server support Cyrus SASL authentication?" echo "Should this mail server support Cyrus SASL authentication? [true/yes/false/no]"
echo "" echo ""
while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do while [[ "$SASL_AUTH_ENABLED" != "yes" &&
"$SASL_AUTH_ENABLED" != "true" &&
"$SASL_AUTH_ENABLED" != "no" &&
"$SASL_AUTH_ENABLED" != "false" ]];do
if [[ -n "$_SASL_AUTH_ENABLED" ]]; then if [[ -n "$_SASL_AUTH_ENABLED" ]]; then
echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: " echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: "
@@ -397,6 +403,49 @@ while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do
done done
[[ "$SASL_AUTH_ENABLED" = "yes" ]] && SASL_AUTH_ENABLED=true
[[ "$SASL_AUTH_ENABLED" = "no" ]] && SASL_AUTH_ENABLED=false
if ! ${SASL_AUTH_ENABLED} ; then
IS_SYMPA_LIST_SERVER=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Are Sympa List Services provided? - [true/yes/false/no]"
echo ""
echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: "
read IS_SYMPA_LIST_SERVER
if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then
IS_SYMPA_LIST_SERVER="$_IS_SYMPA_LIST_SERVER"
fi
IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,}
while [[ "$IS_SYMPA_LIST_SERVER" != "yes" && \
"$IS_SYMPA_LIST_SERVER" != "true" && \
"$IS_SYMPA_LIST_SERVER" != "no" && \
"$IS_SYMPA_LIST_SERVER" != "false" ]]; do
echo -e "\n\t\033[33m\033[1mWrong value was given!!\033[m\n"
echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: "
read IS_SYMPA_LIST_SERVER
if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then
IS_SYMPA_LIST_SERVER=false
fi
IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,}
done
if [[ "$IS_SYMPA_LIST_SERVER" = 'yes' || "$IS_SYMPA_LIST_SERVER" = 'true' ]] ; then
IS_SYMPA_LIST_SERVER=true
else
IS_SYMPA_LIST_SERVER=false
fi
fi
echo "" echo ""
@@ -854,6 +903,7 @@ echo -e "\tIPv4 address...........................: $IPV4"
echo -e "\tIPv6 address...........................: $IPV6" echo -e "\tIPv6 address...........................: $IPV6"
echo "" echo ""
echo -e "\tSASL AUTH support......................: $SASL_AUTH_ENABLED" echo -e "\tSASL AUTH support......................: $SASL_AUTH_ENABLED"
echo -e "\tSupport sympa mailinglists.............: ${IS_SYMPA_LIST_SERVER}"
echo "" echo ""
echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR" echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR"
echo "" echo ""
@@ -905,6 +955,7 @@ _IPV4=$IPV4
_IPV6=$IPV6 _IPV6=$IPV6
_SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED _SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED
_IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER}
_QUARANTINE_DIR=$QUARANTINE_DIR _QUARANTINE_DIR=$QUARANTINE_DIR
_QUARANTINE_ADMIN=$QUARANTINE_ADMIN _QUARANTINE_ADMIN=$QUARANTINE_ADMIN
@@ -4209,10 +4260,49 @@ use strict;
# !! smtpd_proxy_filter - see master.cf !! # !! smtpd_proxy_filter - see master.cf !!
# #
# #
EOF
if ${SASL_AUTH_ENABLED} ; then
cat << EOF >> "${_config_file}"
\$inet_socket_port = [10024, 10026]; \$inet_socket_port = [10024, 10026];
#\$inet_socket_port = [10024, 10029]; #\$inet_socket_port = [10024, 10029];
#\$inet_socket_port = [10024, 10026, 10029]; #\$inet_socket_port = [10024, 10026, 10029];
\$interface_policy{'10026'} = 'ORIGINATING';
\$policy_bank{'ORIGINATING'} = {
originating => 1, # declare that mail was submitted by our smtp client
bypass_spam_checks_maps => (1),
bypass_virus_checks_maps => (0),
remove_existing_spam_headers => 1,
};
EOF
else
cat << EOF >> "${_config_file}"
#\$inet_socket_port = [10024, 10026];
\$inet_socket_port = [10024, 10029];
#\$inet_socket_port = [10024, 10026, 10029];
\$interface_policy{'10024'} = 'INBOUND';
\$interface_policy{'10029'} = 'VIRUSONLY';
# Inbound: Spam + Virus
\$policy_bank{'INBOUND'} = { };
# Outbound: nur Virus
\$policy_bank{'VIRUSONLY'} = {
bypass_spam_checks_maps => [1],
bypass_header_checks_maps => [1],
final_spam_destiny => D_PASS,
originating => 1,
};
EOF
fi
cat << EOF >> "${_config_file}"
# Bypass spam checking fro trusted networks # Bypass spam checking fro trusted networks
# #
#\$interface_policy{'10026'} = 'TRUSTED'; #\$interface_policy{'10026'} = 'TRUSTED';
@@ -4434,7 +4524,9 @@ if [[ "$?" -ne 0 ]] ; then
fi fi
if [[ "${DB_TYPE}" = "PostgreSQL" ]] || [[ "${DB_TYPE}" = "MySQL" ]]; then if [[ "${DB_TYPE}" = "PostgreSQL" ]] || \
[[ "${DB_TYPE}" = "MySQL" ]] && \
! ${IS_SYMPA_LIST_SERVER}; then
if [[ "$DB_TYPE" = "PostgreSQL" ]]; then if [[ "$DB_TYPE" = "PostgreSQL" ]]; then
_db="pgsql" _db="pgsql"
@@ -4503,10 +4595,6 @@ EOF
); );
EOF EOF
echo ""
echo "hallo 9"
echo ""
else else
cat >> /etc/amavis/conf.d/50-user <<'EOF' cat >> /etc/amavis/conf.d/50-user <<'EOF'
@local_domains_maps = ( ["."] ); @local_domains_maps = ( ["."] );
@@ -4522,15 +4610,6 @@ fi
cat >> /etc/amavis/conf.d/50-user <<EOF cat >> /etc/amavis/conf.d/50-user <<EOF
## - get rid of "Open Relay" warnings in amavis logfile.
## -
\$interface_policy{'10026'} = 'ORIGINATING';
\$policy_bank{'ORIGINATING'} = {
originating => 1, # declare that mail was submitted by our smtp client
bypass_spam_checks_maps => (1),
bypass_virus_checks_maps => (0),
remove_existing_spam_headers => 1,
};
## - If you get am error like: ## - If you get am error like:
## - ## -
@@ -5177,7 +5256,7 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
smtp inet n - y - - smtpd smtp inet n - y - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10024 -o content_filter=amavisfeed:[127.0.0.1]:10024
EOF EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then if ! ${SASL_AUTH_ENABLED} ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_sasl_auth_enable=no -o smtpd_sasl_auth_enable=no
EOF EOF
@@ -5211,7 +5290,7 @@ EOF
${additional_smtp_port} inet n - y - - smtpd ${additional_smtp_port} inet n - y - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10024 -o content_filter=amavisfeed:[127.0.0.1]:10024
EOF EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then if ! ${SASL_AUTH_ENABLED} ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_sasl_auth_enable=no -o smtpd_sasl_auth_enable=no
EOF EOF