install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: install:0303c79b0398e6f28a466d65c96f678b37a53e67
Branches Tags
install:master
...
compare: install:master
Branches Tags
install:master

19 Commits
0303c79b03 ... master

Author SHA1 Message Date
Christoph
b87793cbad Fis systemd support on debian system version 13 (trixie) or newer. 2025-12-15 01:23:16 +01:00
Christoph
cc155c578a install_amavis.sh: fix error in creating master.cf if aditional port is used. 2025-12-10 02:13:58 +01:00
Christoph
b28b3a8316 install_update_dovecot-2.4.sh: adjust sieve configuration. 2025-12-09 17:49:41 +01:00
Christoph
ecfd630612 install_amavis.sh: no warn messages from amavis to admin. 2025-12-09 13:50:52 +01:00
Christoph
68d2bd18b7 install_amavis.sh: some minor changes. 2025-12-09 00:01:31 +01:00
Christoph
6521b03aa2 install_amavis.sh: adjust printing master.cf. 2025-12-08 23:44:29 +01:00
Christoph
05723c0514 Merge branch 'master' of https://git.oopen.de/install/mailsystem 2025-12-08 19:26:34 +01:00
Christoph
32b3c8b01e install_update_dovecot-2.4.sh: some minor changes. 2025-12-08 19:25:46 +01:00
Christoph
f2f3797c1e install_amavis.sh: Some minor changes. 2025-12-08 19:14:37 +01:00
Christoph
d8979faa06 install_update_dovecot-2.4.sh: increase sieve_max_redirects to 25. 2025-12-05 12:35:07 +01:00
Christoph
d407b2ecf0 install_opendkim.sh,install_opendmarc.sh: Support the execution of scripts at any time. A non-existent configuration is created, and an already installed configuration is adjusted if necessary. 2025-11-26 12:36:56 +01:00
Christoph
13e1d575f9 install_opendmarc.sh: remove duplicate setting 'AuthservID'. 2025-11-26 11:33:58 +01:00
Christoph
a246f5009f install_opendmarc.sh: some minor changes. 2025-11-25 22:43:11 +01:00
Christoph
41f5f61d32 Merge branch 'master' of https://git.oopen.de/install/mailsystem 2025-11-25 22:39:47 +01:00
Christoph
eb18cf2a84 Fix errors handling DKIM signatures and DMARC proofs. 2025-11-25 22:34:40 +01:00
Christoph
578db07b76 README.dovecot.index: modify documentation. 2025-11-23 12:23:49 +01:00
Christoph
3b3652ec55 DOC/DMARC-Report/dmarc-server-setup.md: fix errors in documentation. 2025-11-13 22:21:28 +01:00
Christoph
44c56d6083 Merge branch 'master' of git.oopen.de:install/mailsystem 2025-11-13 00:28:17 +01:00
Christoph
8e9f35ed76 dmarc-server-setup.md: Adjust .. 2025-11-13 00:27:35 +01:00
14 changed files with 807 additions and 534 deletions
Expand all files Collapse all files

31
DOC/DMARC-Report/dmarc-server-setup.md
View File

@@ -1,9 +1,8 @@
# DMARC-Server-Sammelsystem Einrichtung und Betrieb # DMARC-Server-Sammelsystem Einrichtung und Betrieb
## 📖 Präambel ## 📖 Präambel
Dieses Dokument beschreibt die vollständige Einrichtung eines automatisierten DMARC-Report-Sammelsystems auf einem Linux-Mailserver mit **Postfix**, **Amavis** und **Dovecot (LMTP)**. Dieses Dokument beschreibt die vollständige Einrichtung eines automatisierten DMARC-Report-Sammelsystems auf einem Linux-Mailserver mit **Postfix**, **Amavis** und **Dovecot (LMTP)**.
Ziel: DMARC-Aggregatberichte (XML, .gz, .zip) serverseitig empfangen, speichern und regelmäßig auswerten. Ziel: DMARC-Aggregatberichte (XML, .gz, .zip) serverseitig empfangen, speichern und regelmäßig auswerten.
--- ---
@@ -34,7 +33,7 @@ Alle Dateien werden unter `/var/lib/dmarc` abgelegt:
Verzeichnisse anlegen: Verzeichnisse anlegen:
```bash ```bash
sudo install -d -o root -g root -m 750 /var/lib/dmarc/{reports,processed,exports,logs} sudo install -d -o vmail -g vmail -m 750 /var/lib/dmarc/{reports,processed,exports,logs}
sudo install -d -o root -g root -m 750 /usr/local/lib/dmarc sudo install -d -o root -g root -m 750 /usr/local/lib/dmarc
``` ```
@@ -74,21 +73,21 @@ Damit weiß Postfix, dass Mails an diese Adresse an das Skript weitergegeben wer
Wenn du zusätzlich eine Kopie im IMAP-Postfach haben willst: Wenn du zusätzlich eine Kopie im IMAP-Postfach haben willst:
In `/etc/postfix/virtual`: In `/etc/postfix/virtual_alias_maps`:
```bash ```bash
dmarc-reports@oopen.de reports@oopen.de, dmarc-pipe: dmarc-reports@oopen.de dmarc-reports-mbox@oopen.de
``` ```
Dann: Dann:
```bash ```bash
sudo postmap /etc/postfix/virtual sudo postmap btree:/etc/postfix/virtual_alias_maps
sudo systemctl reload postfix sudo systemctl reload postfix
``` ```
> **Merke:** `/etc/postfix/transport` = ZustellWEG, `/etc/postfix/virtual` = EmpfängerALIAS. > **Merke:** `/etc/postfix/transport` = ZustellWEG, `/etc/postfix/virtual_alias_maps` = EmpfängerALIAS.
> Nur Skript? → Nur `transport`-Eintrag. > Nur Skript? → Nur `transport`-Eintrag.
> Skript + Kopie? → `virtual`-Alias **zusätzlich**. > Skript + Kopie? → `virtual`-Alias **zusätzlich**.
--- ---
@@ -115,6 +114,7 @@ oopen.de._report._dmarc.oopen.de. IN TXT "v=DMARC1"
## 🧰 3. Sammelskript `/usr/local/bin/dmarc-collect.sh` ## 🧰 3. Sammelskript `/usr/local/bin/dmarc-collect.sh`
**Datei anlegen:** **Datei anlegen:**
```bash ```bash
sudo tee /usr/local/bin/dmarc-collect.sh >/dev/null <<'EOF' sudo tee /usr/local/bin/dmarc-collect.sh >/dev/null <<'EOF'
#!/usr/bin/env bash #!/usr/bin/env bash
@@ -166,10 +166,12 @@ fi
EOF EOF
sudo apt install -y ripmime sudo apt install -y ripmime
sudo install -m 750 -o vmail -g vmail /usr/local/bin/dmarc-collect.sh sudo chown vmail:vmail /usr/local/bin/dmarc-collect.sh
sudo chmod 750 /usr/local/bin/dmarc-collect.sh
``` ```
Inhalt von `dmarc-collect.sh`: Inhalt von `dmarc-collect.sh`:
```bash ```bash
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
@@ -217,7 +219,6 @@ else
echo "$(date -Is) no usable attachment in message" >> "$LOGF" echo "$(date -Is) no usable attachment in message" >> "$LOGF"
exit 0 exit 0
fi fi
``` ```
--- ---
@@ -247,6 +248,7 @@ sudo chmod 750 /usr/local/lib/dmarc/daily-run.sh
``` ```
Cronjob anlegen: Cronjob anlegen:
```bash ```bash
echo '17 3 * * * root /usr/local/lib/dmarc/daily-run.sh' | sudo tee /etc/cron.d/dmarc-daily >/dev/null echo '17 3 * * * root /usr/local/lib/dmarc/daily-run.sh' | sudo tee /etc/cron.d/dmarc-daily >/dev/null
``` ```
@@ -256,6 +258,7 @@ echo '17 3 * * * root /usr/local/lib/dmarc/daily-run.sh' | sudo tee /etc/cron.d/
## 🧮 5. Auswertungsskript `/usr/local/bin/dmarc-scan.sh` ## 🧮 5. Auswertungsskript `/usr/local/bin/dmarc-scan.sh`
Installation: Installation:
```bash ```bash
sudo apt install -y xmlstarlet unzip gzip sudo apt install -y xmlstarlet unzip gzip
sudo tee /usr/local/bin/dmarc-scan.sh >/dev/null <<'EOF' sudo tee /usr/local/bin/dmarc-scan.sh >/dev/null <<'EOF'
@@ -494,7 +497,7 @@ done
# Zusammenfassung # Zusammenfassung
unique_ips=${#SEEN_IPS[@]} unique_ips=${#SEEN_IPS[@]}
echo "==============================================================================" echo "=============================================================================="
echo "GESAMT-ZUSAMMENFASSUNG" echo "GESAMT-ZUSAMMENFASSUNG"
echo "Nachrichten gesamt: $total_msgs" echo "Nachrichten gesamt: $total_msgs"
echo "Eindeutige Source-IPs: $unique_ips" echo "Eindeutige Source-IPs: $unique_ips"
@@ -568,6 +571,7 @@ sudo chmod 750 /usr/local/bin/dmarc-scan.sh
Beschreibung: Das Skript liest XML/ZIP/GZ-Reports, zeigt eine Tabelle pro Report, schreibt eine Records-CSV (mit `--append` fortsetzbar) und exportiert Top-Listen als CSV in `--outdir`. Beschreibung: Das Skript liest XML/ZIP/GZ-Reports, zeigt eine Tabelle pro Report, schreibt eine Records-CSV (mit `--append` fortsetzbar) und exportiert Top-Listen als CSV in `--outdir`.
**Wichtige Parameter:** **Wichtige Parameter:**
- `--domain DOMAIN` (Filter) - `--domain DOMAIN` (Filter)
- `--csv PFAD` (Records-CSV) - `--csv PFAD` (Records-CSV)
- `--append` (anhängen statt überschreiben) - `--append` (anhängen statt überschreiben)
@@ -575,6 +579,7 @@ Beschreibung: Das Skript liest XML/ZIP/GZ-Reports, zeigt eine Tabelle pro Report
- `--outdir PFAD` (Top-CSV Ziel) - `--outdir PFAD` (Top-CSV Ziel)
**Beispiel:** **Beispiel:**
```bash ```bash
dmarc-scan.sh /var/lib/dmarc/reports/2025/11/12 --domain fluechtlingsrat-brandenburg.de --csv /var/lib/dmarc/exports/records.csv --append --top 25 --outdir /var/lib/dmarc/exports/ dmarc-scan.sh /var/lib/dmarc/reports/2025/11/12 --domain fluechtlingsrat-brandenburg.de --csv /var/lib/dmarc/exports/records.csv --append --top 25 --outdir /var/lib/dmarc/exports/
``` ```
@@ -611,6 +616,6 @@ sudo -u vmail /usr/local/bin/dmarc-collect.sh < testmail.eml
--- ---
**Autor:** oopen.de / Systemkonfiguration **Autor:** oopen.de / Systemkonfiguration
**Stand:** November 2025 **Stand:** November 2025
**Version:** 1.2 **Version:** 1.2

16
DOC/dovecot/README.dovecot.index
View File

@@ -19,3 +19,19 @@ doveadm index -A INBOX
# -the storage files will be also checked. # -the storage files will be also checked.
# - # -
doveadm force-resync -A INBOX doveadm force-resync -A INBOX
# - Index users .Sent Folder
# -
doveadm index -u <user@domain.ltd> .Sent
# - oder alternativ und etwas allgemeiner für egal welchen Unterordner
# - ==================================================================
# -
# - Index eines Unterverzeichnisses einer Mailbox löschen
# -
# - z.Bsp. für den 'gesendet' Ordner der Mailbox presse@mbr-berlin.de
# -
# - rm /var/vmail/mbr-berlin.de/presse/Maildir/.Sent/dovecot.index*
# - systemctl restart dovecot.service

8
create-update-postfix-pcre-chek-files.sh
View File

@@ -115,9 +115,11 @@ DEFAULT_ADMIN_EMAIL="argus@oopen.de"
# - Is this a systemd system? # - Is this a systemd system?
# - # -
if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false
systemd_exists=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true systemd_exists=true
fi fi

686
install_amavis.sh
View File

@@ -154,9 +154,11 @@ QUARANTINE_ADMIN=$DEFAULT_QUARANTINE_ADMIN
# - Is this a systemd system? # - Is this a systemd system?
# - # -
if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false
systemd_exists=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true systemd_exists=true
fi fi
@@ -1168,19 +1170,38 @@ fi
## - If not testing as user roor, you need to change int a directora, where the testing ## - If not testing as user roor, you need to change int a directora, where the testing
## - user has read/write? access, even if the sample spam file is located at /tmp ## - user has read/write? access, even if the sample spam file is located at /tmp
## - ## -
echononl " Download a sample spam file" echononl " Save a sample spam file into /root folder."
installation_failed=false cat <<'EOF' > /root/sample-spam.txt
wget -O /tmp/sample-spam.txt https://opensource.apple.com/source/SpamAssassin/SpamAssassin-137.1/SpamAssassin/sample-spam.txt 2> $tmp_err_msg Subject: Test spam mail (GTUBE)
if [[ "$?" -ne 0 ]] ; then Message-ID: <GTUBE1.1010101@example.net>
installation_failed=true Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network
EOF
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $tmp_err_msg)"
fi else
cp -a /tmp/sample-spam.txt /root > $tmp_err_msg 2>&1
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
if ! $installation_failed ; then
echo_ok echo_ok
fi fi
@@ -1470,27 +1491,45 @@ echo -e " \033[37m\033[1mConfigure Distributed Checksum Clearinghouses (DCC)..
info "Open firewall outgoing port UDP 6277 and if DCC Server is running\n also in- and outfoing port TCP 6277." info "Open firewall outgoing port UDP 6277 and if DCC Server is running\n also in- and outfoing port TCP 6277."
services=("clamav-freshclam" "clamav-daemon" "adcc")
for svc in "${services[@]}"; do
echononl " Stop Service '${svc}.."
if systemctl is-active --quiet "$svc"; then
systemctl stop "$svc" > /dev/null 2> $tmp_err_msg
if [[ $? -ne 0 ]] ; then
echo_failed
if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then
echononl " An instance off dccifd ist already running. Stop it now."
installation_failed=false
if $systemd_exists ; then
systemctl stop adcc > /dev/null 2> $tmp_err_msg
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)" error "$(cat $tmp_err_msg)"
else
echo_ok
fi fi
else else
/etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg echo_skipped
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
fi fi
if ! $installation_failed ; then done
echo_ok
fi
fi
#if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then
# echononl " An instance off dccifd ist already running. Stop it now."
# installation_failed=false
# if $systemd_exists ; then
# systemctl stop adcc > /dev/null 2> $tmp_err_msg
# if [[ "$?" -ne 0 ]] ; then
# installation_failed=true
# error "$(cat $tmp_err_msg)"
# fi
# else
# /etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg
# if [[ "$?" -ne 0 ]] ; then
# installation_failed=true
# error "$(cat $tmp_err_msg)"
# fi
# fi
# if ! $installation_failed ; then
# echo_ok
# fi
#fi
_dcc_src_dir="$script_dir" _dcc_src_dir="$script_dir"
#_archiv=dcc-dccproc.tar.Z #_archiv=dcc-dccproc.tar.Z
@@ -4003,6 +4042,7 @@ if [[ ! -f "/etc/postfix/spam_lovers" ]]; then
# - adress_1@domain3.com 0 # - adress_1@domain3.com 0
# - domain3.com 1 # - domain3.com 1
# - # -
# - Wichtig: letzte Zeile mit Newline abschließen!
EOF EOF
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
@@ -4031,6 +4071,7 @@ if [[ ! -f "/etc/postfix/virus_lovers" ]]; then
# - adress_1@domain3.com 0 # - adress_1@domain3.com 0
# - domain3.com 1 # - domain3.com 1
# - # -
# - Wichtig: letzte Zeile mit Newline abschließen!
EOF EOF
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
@@ -4187,203 +4228,111 @@ read_hash(\%whitelist_sender, '/etc/postfix/sender_whitelist');
@whitelist_sender_maps = (\%whitelist_sender); @whitelist_sender_maps = (\%whitelist_sender);
## ---
## - Default antivirus checking mode
## ---
## - bypass_virus_checks_maps # ----------------------------------------------------------
## - # Basis-Quarantäneverzeichnis
## - Addresses/Domains listet here will not be checked. # ----------------------------------------------------------
## -
## - !! Notice !!
## -
## - Virus checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - virus-checking will still be performed. To ensure that virus is still delivered
## - to whitelisted recipients in such cases, use the "virus_lovers" features
## - see below.
## -
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \\\$bypass_virus_checks_re);
\$QUARANTINEDIR = '${QUARANTINE_DIR}';
## - We will use '%bypass_virus_checks_maps'. So we could set: # Keine automatisch erzeugten Unterverzeichnisse wie a/, b/, c/, f/, g/
## -
## - %bypass_virus_checks = (
## - # Adresses
## - adress@domain1.com => '1',
## - [..]
## - # All addresses of a domain
## - domain2.com => '1',
## - [..]
## - # All adresses of a domain except a single user
## - address_1@domain3.com => '0',
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/virus_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
## - [..]
## -
## - # All addresses of a domain
## - domain2.com 1
## - [..]
## -
## - # All adresses of a domain except a single user
## - adress_1@domain3.com 0
## - domain3.com 1
## -
read_hash(\%bypass_virus_checks, '/etc/postfix/virus_lovers');
## - virus_lovers_maps
## -
## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like
## - adding spam headers or discarding the mail) will be performed.
## -
@virus_lovers_maps = (
\%virus_lovers, \@virus_lovers_acl, \\\$virus_lovers_re);
## - We will use the read_hash function to read in a list of recipients
## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'.
## -
## - For more explanations see above
## -
read_hash(\%virus_lovers, '/etc/postfix/virus_lovers');
## ---
## - Default SPAM checking mode
## ---
## - bypass_spam_checks_maps
## -
## - Addresses/Domains listet here will not be checked.
## -
## - !! Notice !!
## -
## - Spam checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - spam-checking will still be performed. To ensure that spam is still delivered
## - to whitelisted recipients in such cases, use the "spam_lovers" features
## - see below.
## -
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \\\$bypass_spam_checks_re);
## - We will use '%bypass_spam_checks'. So we could set:
## -
## - %bypass_spam_checks = (
## - # Adresses
## - adress@domain1.com => '1',
## - [..]
## - # All addresses of a domain
## - domain2.com => '1',
## - [..]
## - # All adresses of a domain except a single user
## - address_1@domain3.com => '0',
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/spam_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
## - [..]
## -
## - # All addresses of a domain
## - domain2.com 1
## - [..]
## -
## - # All adresses of a domain except a single user
## - adress_1@domain3.com 0
## - domain3.com 1
## -
read_hash(\%bypass_spam_checks, '/etc/postfix/spam_lovers');
## - spam_lovers_maps
## -
## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like
## - adding spam headers or discarding the mail) will be performed.
## -
@spam_lovers_maps = (
\%spam_lovers, \@spam_lovers_acl, \\\$spam_lovers_re);
## - We will use the read_hash function to read in a list of recipients
## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'.
## -
## - For more explanations see above
## -
read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
## - overrides settings in 20-debian_defaults
## -
\$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
\$final_banned_destiny = D_DISCARD; # D_REJECT when front-end MTA
#\$final_spam_destiny = D_DISCARD;
\$final_spam_destiny = D_BOUNCE;
#\$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)
##- Moved to file '/etc/amavis/policy_banks.conf'
## -
## - \$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
## - \$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level
## - \$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass
## -
do "/etc/amavis/policy_banks.conf"; # Externe Datei einbinden
## - QUARANTINE
## -
\$QUARANTINEDIR = "$QUARANTINE_DIR";
\$quarantine_subdir_levels = 0; \$quarantine_subdir_levels = 0;
\$sa_spam_subject_tag = undef; # Kein Prefix wie "***SPAM***" o.ä.
\$sa_spam_modifies_subj = 0; # Betreff NICHT verändern
## - don't store mails in quarantine directory # Viren: /var/QUARANTINE/virus/virus-<msgid>.gz
## - \$virus_quarantine_method = 'local:virus/virus-%m.gz';
#\$virus_quarantine_method = undef;
#\$spam_quarantine_method = undef;
#\$banned_files_quarantine_method = undef;
#\$bad_header_quarantine_method = undef;
## - store mails in quarantine directory # Spam (Kill-Spam): /var/QUARANTINE/spam/spam-<msgid>.gz
## - \$spam_quarantine_method = 'local:spam/spam-%m.gz';
\$virus_quarantine_method = 'local:virus/virus-%m';
\$spam_quarantine_method = 'local:spam/spam-%m.gz'; # Banned: /var/QUARANTINE/banned/banned-<msgid>
\$banned_files_quarantine_method = 'local:banned/banned-%m'; \$banned_files_quarantine_method = 'local:banned/banned-%m';
\$bad_header_quarantine_method = 'local:bad-headers/badh-%m';
\$clean_quarantine_method = undef;
\$archive_quarantine_method = undef;
#\$virus_admin ="$QUARANTINE_ADMIN"; # Bad headers: /var/QUARANTINE/bad-headers/badh-<msgid>
#\$spam_admin = "$QUARANTINE_ADMIN"; \$bad_header_quarantine_method = 'local:bad-headers/badh-%m';
#\$banned_admin = "$QUARANTINE_ADMIN";
#\$bad_header_admin = "$QUARANTINE_ADMIN";
# ----------------------------------------------------------
# Einbinden der Spam- und Virus-Lovers Dateien
# ----------------------------------------------------------
@bypass_spam_checks_maps = (
read_hash('/etc/postfix/spam_lovers'),
);
@bypass_virus_checks_maps = (
read_hash('/etc/postfix/virus_lovers'),
);
# ----------------------------------------------------------
# Spam-Schwellwerte
# ----------------------------------------------------------
\$sa_tag_level_deflt = 1.9; # ab hier Info-Header
\$sa_tag2_level_deflt = 5.1; # ab hier X-Spam-Flag: YES
\$sa_kill_level_deflt = 9.51; # high-spam - final destiny (DISCARD)
\$sa_dsn_cutoff_level = 20.1; # ab hier keine DSN mehr
\$sa_quarantine_cutoff_level = 30.1; # oberhalb keine Quarantäne mehr
# ----------------------------------------------------------
# Domain-/Adress-spezifische Einstellungen extern einlesen
# ----------------------------------------------------------
my \$policy_banks_file = '/etc/amavis/policy_banks.conf';
if (-r \$policy_banks_file) {
do \$policy_banks_file
or die "Fehler beim Einlesen von \$policy_banks_file: \$@";
}
# ----------------------------------------------------------
# spammy (zwischen Tag2 und Kill-Level)
# zusätzlich in /spammy/, Mail wird zugestellt
# ----------------------------------------------------------
# spammy in /var/QUARANTINE/spammy/
\$quarantine_method_by_ccat{+CC_SPAMMY}
= 'local:spammy/spammy-%m.gz';
\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS;
# ----------------------------------------------------------
# Final Destinies
# ----------------------------------------------------------
# High-Spam (>=9.51)
\$final_spam_destiny = D_DISCARD;
# Viren
\$final_virus_destiny = D_DISCARD;
# Banned (z.B. .exe)
\$final_banned_destiny = D_BOUNCE;
# Schlechte Header
\$final_bad_header_destiny = D_PASS;
# ----------------------------------------------------------
# Admin E-Mails / Warnungen direct von AMaViS (nicht DSN- oder Bounce-Mails)
# ----------------------------------------------------------
# Bemerkung:
# *nochmal*: das hat nichts mit den eigentlichen DSN-/Bounce-Mails zu tun.
\$virus_admin = undef; \$virus_admin = undef;
\$spam_admin = undef; \$spam_admin = undef;
\$banned_admin = undef;
\$bad_header_admin = undef;
\$warnvirusrecip = 0;
\$warnbannedrecip = 0;
\$warnbannedsender = 0;
\$warnbadhrecip = 0;
\$warn_offsite = 0;
# Pass SPAMMY but quarantine and inform admin
#
\$quarantine_to_maps_by_ccat{+CC_SPAMMY} = \\@spam_quarantine_to_maps ;
\$quarantine_method_by_ccat{+CC_SPAMMY} = 'local:spammy/spammy-%m.gz' ;
\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS ;
\$admin_maps_by_ccat{+CC_SPAMMY} = sub { ca('spam_admin_maps') };
# Bypass spam checking for trusted networks using mynetworks # Bypass spam checking for trusted networks using mynetworks
@@ -4598,133 +4547,67 @@ echononl " Create File \"${_config_policy_banks_file}\""
if [[ -f "${_config_policy_banks_file}" ]]; then if [[ -f "${_config_policy_banks_file}" ]]; then
echo_skipped echo_skipped
else else
cat << EOF > ${_config_policy_banks_file} cat <<'EOF' > ${_config_policy_banks_file}
# Externe Richtliniendatei für amavisd # /etc/amavis/policy_banks.conf
#
use strict; # ---------------------------------------------
# Domain- und adressspezifische Amavis-Settings
# ---------------------------------------------
# --- #
# add spam info headers if at, or above that level #
# --- # Wichtig: KEIN "use strict;" hier, das ist schon in 50-user aktiv.
# Diese Datei wird via "do" aus /etc/amavis/conf.d/50-user eingelesen.
## - All recipients with identical the same setting: #
## - #
#\$sa_tag_level_deflt = 2.0; # Tag2-Level (Schwelle für X-Spam-Flag: YES) abhängig von Empfänger/Domain
# ========================================================================
## - Per-recipient mapping of tag2 levels to email addresses (tag2 level): #
## - #
## - Set directly: # Read from file using @spam_tag2_level_maps
## - # ------------------------------------------
\$sa_tag_level_deflt = { #
'oopen.de' => '-4.5', # default: @spam_tag2_level_maps = ($sa_tag2_level_deflt);
# default #
'.'=>'2.0' # Example file '/etc/postfix/tag2_level_maps.dat'
}; #
# # Specific address first
## - Read from file using @spam_tag2_level_maps # info@123comics.net 2.1
## - # ckubu@oopen.de 2.2
## - default: @spam_tag2_level_maps = (\$sa_tag2_level_deflt); # ...
## - #
## - Example file '/etc/postfix/tag2_level_maps.dat' # # All recipients of the domains @oopen.de / @k8h.de
## - # oopen.de 3.1
## - # oopen.de # k8h.de 4.5
## - oopen.de 2.1 #
## - ckubu@oopen.de 2.2 # # default
## - argus@oopen.de 2.3 # . 5.1
## - [..] #
## - # k8h.de #
## - k8h.de 6.5 # Read file into the variable @spam_tag2_level_maps
## - [..] #
## - # default # @spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
## - . 5.1 #
## - #
#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') ); # Set the variable $sa_tag2_level_deflt directly.
# -----------------------------------------------
#
#\$sa_spam_subject_tag = '***SPAM*** '; # Spam-Betreff-Tag # Example:
\$sa_spam_subject_tag = undef; #
# @spam_tag2_level_maps = (
# {
# # Spezifische Adresse zuerst
# --- # 'info@123comics.net' => 3.1,
# add 'spam detected' headers at that level # 'info@berliner-register.de' => 3.1,
# --- #
# # Domains (alle Empfänger @oopen.de / @123comics.net)
## - All recipients with identical the same setting: # '.oopen.de' => 3.1,
## - # '.123comics.net' => 4.1,
#\$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level # 'regishut.de' => 2.5,
# },
## - Per-recipient mapping of kill levels to email addresses (kill level): #
## - # # Fallback: Standard-Tag2-Level aus 50-user
## - Set directly # $sa_tag2_level_deflt,
## - # );
\$sa_tag2_level_deflt = {
'oopen.de' => '3.1',
'123comics.net' => '4.1',
'info@123comics.net' => '3.1',
# default
'.' => '5.1',
};
## - Read from file using @spam_kill_level_maps
## -
## - default: @spam_kill_level_maps = (\$sa_kill_level_deflt);
## -
## - Example file '/etc/postfix/kill_level_maps.dat'
## -
## - # oopen.de
## - ckubu@oopen.de 1500.0
## - ckubu-adm@oopen.de 1500.0
## - [..]
## - # default
## - . 10.31
## -
#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') );
# ---
# adding more detailed spam-related headers.
# ---
## - All recipients with identical the same setting:
## -
\$sa_tag3_level_deflt = 7.0; # threshold for sa_tag3_level_deflt
## - Note
## - Like 'sa_tag2_level_deflt' above per-recipient also possible
@sa_tag3_level_maps = (
['^Subject:', '\[HIGH-SPAM\] $&'], # Modify subject
['HEADER', 'X-High-Spam-Flag', 'YES'], # Add a custom header
);
# ---
# spam score threshold at which amavisd-new will reject (kill) an email.
# ---
## - All recipients with identical the same setting:
## -
\$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass
## - Note
## - Like 'sa_tag2_level_deflt' above per-recipient also possible
# ---
# The threshold for sending a delivery status notification (DSN) to the sender
# ---
## - We will inform the sender about bouncing his mail with a DSN (Delivery
## - StatusNotification). That DSN message will no be send, if the spamvalue
## - exceeds the value of sa_dsn_cutoff_level
## -
#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
\$sa_dsn_cutoff_level = 20;
#------------ Do not modify anything below this line ------------- #------------ Do not modify anything below this line -------------
@@ -5116,6 +4999,8 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
smtp inet n - y - - smtpd smtp inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter= -o content_filter=
-o smtpd_milters=
-o non_smtpd_milters=
EOF EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
@@ -5123,19 +5008,6 @@ EOF
EOF EOF
fi fi
if ${listen_on_additional_smtp_port} ; then
cat >> $postfix_master_cf << EOF
${additional_smtp_port} inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter=
EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_sasl_auth_enable=no
EOF
fi
fi
if ! $submission_present && ! $smtps_present && ! $localhost_10025_present ; then if ! $submission_present && ! $smtps_present && ! $localhost_10025_present ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
localhost:10025 inet n - y - - smtpd localhost:10025 inet n - y - - smtpd
@@ -5150,13 +5022,9 @@ localhost:10025 inet n - y - - smtpd
-o mynetworks=127.0.0.0/8,[::1]/128 -o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks -o receive_override_options=no_unknown_recipient_checks
EOF EOF
if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then if [[-n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock -o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
EOF EOF
fi fi
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
@@ -5167,8 +5035,26 @@ EOF
continue continue
fi fi
if ${listen_on_additional_smtp_port} \
&& echo "$_line" | grep -i -E "^\s*${additional_smtp_port}\s+inet" > /dev/null 2>&1 ; then
_found=true
cat >> $postfix_master_cf << EOF
${additional_smtp_port} inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter=
EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_sasl_auth_enable=no
EOF
fi
if $submission_present && echo "$_line" | grep -i -E "^^submission\s+" > /dev/null 2>&1 ; then continue
fi
if $submission_present && echo "$_line" | grep -i -E "^submission\s+" > /dev/null 2>&1 ; then
_found=true _found=true
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
submission inet n - y - 20 smtpd submission inet n - y - 20 smtpd
@@ -5176,6 +5062,13 @@ submission inet n - y - 20 smtpd
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
EOF
if [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
EOF
fi
cat >> $postfix_master_cf << EOF
#-o milter_macro_daemon_name=ORIGINATING #-o milter_macro_daemon_name=ORIGINATING
EOF EOF
if ! $smtps_present ; then if ! $smtps_present ; then
@@ -5193,13 +5086,9 @@ localhost:10025 inet n - y - - smtpd
-o mynetworks=127.0.0.0/8,[::1]/128 -o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks -o receive_override_options=no_unknown_recipient_checks
EOF EOF
if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock -o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
EOF EOF
fi fi
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
@@ -5210,9 +5099,9 @@ EOF
if ! $amavisfeed_present ; then if ! $amavisfeed_present ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
amavisfeed unix - - n - 20 lmtp amavisfeed unix - - n - 20 lmtp
-o smtp_data_done_timeout=1200 -o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes -o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes -o disable_dns_lookups=yes
EOF EOF
fi fi
fi # if ! $smtps_present fi # if ! $smtps_present
@@ -5226,11 +5115,18 @@ EOF
_found=true _found=true
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
smtps inet n - y - - smtpd smtps inet n - y - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10024 -o content_filter=amavisfeed:[127.0.0.1]:10024
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#-o milter_macro_daemon_name=ORIGINATING EOF
if [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
EOF
fi
cat >> $postfix_master_cf << EOF
#-o milter_macro_daemon_name=ORIGINATING
EOF EOF
if ! $localhost_10025_present ; then if ! $localhost_10025_present ; then
@@ -5247,15 +5143,11 @@ localhost:10025 inet n - y - - smtpd
-o mynetworks=127.0.0.0/8,[::1]/128 -o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks -o receive_override_options=no_unknown_recipient_checks
EOF EOF
if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock -o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF EOF
elif [[ -n "$(which opendkim)" ]] ; then fi
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
EOF
fi
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32 #-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF EOF
@@ -5264,9 +5156,9 @@ EOF
if ! $amavisfeed_present ; then if ! $amavisfeed_present ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
amavisfeed unix - - n - 20 lmtp amavisfeed unix - - n - 20 lmtp
-o smtp_data_done_timeout=1200 -o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes -o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes -o disable_dns_lookups=yes
EOF EOF
fi fi
@@ -5290,16 +5182,12 @@ localhost:10025 inet n - y - - smtpd
-o mynetworks=127.0.0.0/8,[::1]/128 -o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks -o receive_override_options=no_unknown_recipient_checks
EOF EOF
if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
EOF
fi
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32 #-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF EOF
continue continue
@@ -5309,9 +5197,9 @@ EOF
_found=true _found=true
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
amavisfeed unix - - n - 20 lmtp amavisfeed unix - - n - 20 lmtp
-o smtp_data_done_timeout=1200 -o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes -o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes -o disable_dns_lookups=yes
EOF EOF
continue continue
fi fi

64
install_opendkim.sh
View File

@@ -14,6 +14,8 @@ echo -e "\n \033[32mStart Installation of OpenDKIM..\033[m"
log_file="$(mktemp)" log_file="$(mktemp)"
backup_date="$(date +%Y-%m-%d-%H%M)"
_opendkim_packages="opendkim opendkim-tools" _opendkim_packages="opendkim opendkim-tools"
opendkim_base_dir="/etc/opendkim" opendkim_base_dir="/etc/opendkim"
@@ -28,6 +30,7 @@ opendkim_socket_file="${opendkim_socket_dir}/opendkim.sock"
postfix_needs_restart=false postfix_needs_restart=false
opendkim_needs_restart=false opendkim_needs_restart=false
# ------------- # -------------
# --- Some functions # --- Some functions
# ------------- # -------------
@@ -91,9 +94,11 @@ echo_skipped() {
# - Is 'systemd' supported on this system # - Is 'systemd' supported on this system
# - # -
if [ "X`which systemd`" = "X" ]; then SYSTEMD_EXISTS=false
SYSTEMD_EXISTS=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
SYSTEMD_EXISTS=true SYSTEMD_EXISTS=true
fi fi
@@ -175,6 +180,18 @@ else
echo_skipped echo_skipped
fi fi
echononl " Backup existing file '${opendkim_conf_file}'.."
if [[ -f "${opendkim_conf_file}" ]] ; then
mv "${opendkim_conf_file}" "${opendkim_conf_file}.${backup_date}"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Create OpenDKIM configuration # - Create OpenDKIM configuration
# - # -
@@ -200,6 +217,7 @@ AuthservID "DKIM check $(hostname -f)"
# Modi signer (s) und verifier (v) und verwendet eine # Modi signer (s) und verifier (v) und verwendet eine
# Socket-Datei zur Kommunikation (alternativ: lokaler Port) # Socket-Datei zur Kommunikation (alternativ: lokaler Port)
Mode sv Mode sv
# Socket local:/var/run/opendkim/opendkim.sock # Socket local:/var/run/opendkim/opendkim.sock
# Socket local:$opendkim_socket_file # Socket local:$opendkim_socket_file
# Socket inet:12345@localhost # Socket inet:12345@localhost
@@ -489,9 +507,38 @@ milter_protocol = 6
# If you want sign mails before sending through AmaVIS, set # If you want sign mails before sending through AmaVIS, set
# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to # 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to
# localhost:10025 section in master.cf: 'smtpd_milters=' # localhost:10025 section in master.cf: 'smtpd_milters='
# #
#smtpd_milters = local:/opendkim/opendkim.sock #smtpd_milters = local:/opendkim/opendkim.sock
smtpd_milters = smtpd_milters =
# Was sind non_smtpd_milters?
#
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind.
#
# Das betrifft z. B.:
#
# cleanup Header/Content-Bereinigung
# qmgr Queue-Manager
# lmtp / smtp Auslieferung nach extern
# local lokale Zustellung
#
# Das sind z. B.:
#
# - interne Bounces (MAILER-DAEMON)
#
# - Cron-Mails vom Server
#
# - Weiterleitungen, die Postfix selbst generiert
#
# - Mails, die über sendmail CLI gesendet werden
#
# - Mails, die Amavis über LMTP zurückgibt
#
# - etc.
#
#
# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden.
non_smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = local:/opendkim/opendkim.sock
EOF EOF
postfix_needs_restart=true postfix_needs_restart=true
@@ -542,9 +589,14 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then
_found=false _found=false
if ! echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*local:/opendkim/opendkim.sock\s*$" ; then
echo " -o smtpd_milters=local:/opendkim/opendkim.sock" >> "$tmp_master_file"
_changed=true
continue
fi
fi fi
if echo "$_line" | grep -i -q -E "^\s*(127.0.0.1|localhost):10025\s+inet\s+" 2> /dev/null ; then if echo "$_line" | grep -i -q -E "^\s*(submission|smtps)\s+inet\s+" 2> /dev/null ; then
_found=true _found=true
fi fi
@@ -562,7 +614,7 @@ if $_changed ; then
fi fi
else else
echo_skipped echo_skipped
warn "Postfix (master.cf) seems already be configured." info "Postfix (master.cf) was not changed - seems already be configured right."
echononl " Delete previosly saved file '/etc/postfix/master.cf'.." echononl " Delete previosly saved file '/etc/postfix/master.cf'.."
rm /etc/postfix/master.cf.$backup_date 2> $log_file rm /etc/postfix/master.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then

316
install_opendmarc.sh
View File

@@ -3,6 +3,7 @@
clear clear
echo -e "\n \033[32mStart Installation of OpenDMARC..\033[m" echo -e "\n \033[32mStart Installation of OpenDMARC..\033[m"
overwrite_config_files=true
# ------------- # -------------
@@ -23,13 +24,14 @@ opendmarc_socket_dir="${postfix_spool_dir}/opendmarc"
opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock" opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock"
config_file_name_value_parameters=" config_file_name_value_parameters="
AuthservID|DMARC check $(hostname -f) AuthservID|$(hostname -f)
TrustedAuthservIDs|$(hostname -f)
PidFile|/run/opendmarc/opendmarc.pid PidFile|/run/opendmarc/opendmarc.pid
RejectFailures|true RejectFailures|true
Syslog|true Syslog|true
SyslogFacility|mail SyslogFacility|mail
TrustedAuthservIDs|$(hostname -f) IgnoreHosts|${opendmarc_base_dir}/ignore.hosts
IgnoreHosts|/etc/opendmarc/ignore.hosts IgnoreMailFrom|${opendmarc_base_dir}/ignore.mailfrom
IgnoreAuthenticatedClients|true IgnoreAuthenticatedClients|true
RequiredHeaders|false RequiredHeaders|false
UMask|002 UMask|002
@@ -114,9 +116,11 @@ echo_skipped() {
# - Is 'systemd' supported on this system # - Is 'systemd' supported on this system
# - # -
if [ "X`which systemd`" = "X" ]; then SYSTEMD_EXISTS=false
SYSTEMD_EXISTS=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
SYSTEMD_EXISTS=true SYSTEMD_EXISTS=true
fi fi
@@ -194,6 +198,9 @@ if ! $(grep -q -E "^IgnoreHosts\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
## ignored by the filter. If not specified, defaults to "127.0.0.1" only. ## ignored by the filter. If not specified, defaults to "127.0.0.1" only.
# #
IgnoreHosts 127.0.0.1 IgnoreHosts 127.0.0.1
# Optional - auch nach Absender-Domain ignorieren:
IgnoreMailFrom ${opendmarc_base_dir}/ignore.mailfrom
EOF EOF
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
@@ -213,7 +220,7 @@ echononl " Add '${_param}' with default value to the opendmarc.conf file.."
if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
cat << EOF >> ${opendmarc_conf_file} cat << EOF >> ${opendmarc_conf_file}
## If set, causes mail from authenticated clients (i.e., those that used ## If set, causes mail from authenticated clients (i.e., those that used
## SMTP AUTH) to be ignored by the filter. The default is "false". ## SMTP AUTH) to be ignored by the filter. The default is "false".
# #
IgnoreAuthenticatedClients false IgnoreAuthenticatedClients false
@@ -229,6 +236,33 @@ else
fi fi
# - Add 'TrustedAuthservIDs' with default value to the original opendmarc.conf file
#
_param="TrustedAuthservIDs"
echononl " Add '${_param}' with default value to the opendmarc.conf file.."
if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
cat << EOF >> ${opendmarc_conf_file}
# Provides a list of authserv-ids that are to be used to identify Authentication-Results
# header fields whose contents are to be assumed as valid input for the DMARC assessment.
# To provide a list, separate values by commas. If the string "HOSTNAME" is provided,
# the name of the host running the filter (as returned by the gethostname(3) function)
# will be used. Matching against this list is case-insensitive. The default is to use the
# value of AuthservID.
#
TrustedAuthservIDs OpenDMARC
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file # - Add 'RequiredHeaders' with default value to the original opendmarc.conf file
# #
_param="IgnoreAuthenticatedClients" _param="IgnoreAuthenticatedClients"
@@ -259,9 +293,9 @@ echononl " Add '${_param}' with default value to the opendmarc.conf file.."
if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
cat << EOF >> ${opendmarc_conf_file} cat << EOF >> ${opendmarc_conf_file}
## If set, the filter will ensure the header of the message conforms to the basic ## If set, the filter will ensure the header of the message conforms to the basic
## header field count restrictions laid out in RFC5322, Section 3.6. Messages ## header field count restrictions laid out in RFC5322, Section 3.6. Messages
## failing this test are rejected without further processing. A From: field from ## failing this test are rejected without further processing. A From: field from
## which no domain name could be extracted will also be rejected. ## which no domain name could be extracted will also be rejected.
# #
RequiredHeaders false RequiredHeaders false
@@ -445,8 +479,8 @@ else
fi fi
# - Create the directories to hold opendmarc's data files, assign # - Create the directories to hold opendmarc's data files, assign
# - ownership to the opendmarc user, and restrict the file # - ownership to the opendmarc user, and restrict the file
# - permissions: # - permissions:
# - # -
echononl " Create directory '$opendmarc_base_dir'" echononl " Create directory '$opendmarc_base_dir'"
@@ -472,6 +506,18 @@ else
fi fi
echononl " Backup existing file '${opendmarc_base_dir}/ignore.hosts'.."
if [[ -f "${opendmarc_base_dir}/ignore.hosts" ]] ; then
mv "${opendmarc_base_dir}/ignore.hosts" "${opendmarc_base_dir}/ignore.hosts.${backup_date}"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Create the file ${opendmarc_base_dir}/ignore.hosts # - Create the file ${opendmarc_base_dir}/ignore.hosts
# - # -
@@ -480,11 +526,68 @@ if [[ -f "${opendmarc_base_dir}/ignore.hosts" ]] ; then
echo_skipped echo_skipped
else else
cat <<EOF > ${opendmarc_base_dir}/ignore.hosts 2> $log_file cat <<EOF > ${opendmarc_base_dir}/ignore.hosts 2> $log_file
# We are using AmaViS at 'localhost 127.0.0.1 . So we cannot bypass them # /etc/opendmarc/ignore.hosts
# #
# 127.0.0.1 # Aktuell hat OpenDMARC seinen Milter nur am Dienst
# localhost # 'localhost:10025' hängen. Dort ist der Client
$(hostname -f) # immer 127.0.0.1, nicht die externe Gegenstelle.
#
# Deshalb macht es in diesem Setup keinen Sinn,
# hier IP-Adressen von externen Diensten (CRSend etc.)
# einzutragen sie würden nie matchen.
#
# WICHTIG:
# - KEIN 127.0.0.1
# - KEIN localhost
# - KEIN ::1
#
# Eintrag dieser Adressen würde DMARC komplett deaktivieren.
#
# ==> Datei bleibt absichtlich leer.
EOF
opendmarc_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Create the file ${opendmarc_base_dir}/ignore.hosts
# -
echononl " Backup existing file '${opendmarc_base_dir}/ignore.mailfrom'.."
if [[ -f "${opendmarc_base_dir}/ignore.mailfrom" ]] ; then
mv "${opendmarc_base_dir}/ignore.mailfrom" "${opendmarc_base_dir}/ignore.mailfrom.${backup_date}"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
echononl " Create file '${opendmarc_base_dir}/ignore.mailfrom'.."
if [[ -f "${opendmarc_base_dir}/ignore.mailfrom" ]] ; then
echo_skipped
else
cat <<EOF > ${opendmarc_base_dir}/ignore.mailfrom 2> $log_file
# /etc/opendmarc/ignore.mailfrom
#
# Hier könnte man Absender-Domains von der DMARC-Prüfung
# ausnehmen (z. B. problematische Partner-Domains).
#
# Aktuell ist das für dein Setup nicht notwendig.
#
# Beispiele (NICHT aktiv!):
# @example.org
# example.org
#
# ==> Datei bleibt absichtlich leer.
EOF EOF
opendmarc_needs_restart=true opendmarc_needs_restart=true
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
@@ -529,7 +632,7 @@ EOF
fi fi
# - Create the opendmarc socket directory in Postfixs work area # - Create the opendmarc socket directory in Postfixs work area
# - and make sure it has the correct ownership: # - and make sure it has the correct ownership:
# - # -
echononl " Create the opendmarc socket directory in Postfix's work area.." echononl " Create the opendmarc socket directory in Postfix's work area.."
@@ -555,7 +658,7 @@ else
fi fi
# - Edit /etc/postfix/main.cf and add a section to activate # - Edit /etc/postfix/main.cf and add a section to activate
# - processing of e-mail through the opendmarc daemon: # - processing of e-mail through the opendmarc daemon:
# - # -
echononl " Backup existing postfix configuration (main.cf).." echononl " Backup existing postfix configuration (main.cf).."
@@ -588,18 +691,113 @@ else
fi fi
echo ""
# - Edit /etc/postfix/main.cf and add a section to activate
# - processing of e-mail through the OpenDKIM daemon:
# -
backup_date="$(date +%Y-%m-%d-%H%M)"
echononl " Backup existing postfix configuration (main.cf).."
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Activate processing of e-mail through the OpenDKIM daemon.."
if grep -q -E "milter_default_action\s*=\s*accept" /etc/postfix/main.cf ; then
echo_skipped
info "Postfix (main.cf) was not changed - seems already be configured right."
echononl " Delete previosly saved Postfix configuration.."
rm /etc/postfix/main.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
cat <<EOF >> /etc/postfix/main.cf 2> $log_file
# ======= Milter configuration =======
# OpenDKIM
milter_default_action = accept
# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2
milter_protocol = 6
# Note:
# We will sign AFTER sending through AmaVIS, just befor sending out. So
# set 'smtpd_milters =' to an emty string here and add to localhost:10025
# section in master.cf: 'smtpd_milters=local:/opendkim/opendkim.sock'
#
# If you want sign mails before sending through AmaVIS, set
# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to
# localhost:10025 section in master.cf: 'smtpd_milters='
#
#smtpd_milters = local:/opendkim/opendkim.sock
smtpd_milters =
# Was sind non_smtpd_milters?
#
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind.
#
# Das betrifft z. B.:
#
# cleanup Header/Content-Bereinigung
# qmgr Queue-Manager
# lmtp / smtp Auslieferung nach extern
# local lokale Zustellung
#
# Das sind z. B.:
#
# - interne Bounces (MAILER-DAEMON)
#
# - Cron-Mails vom Server
#
# - Weiterleitungen, die Postfix selbst generiert
#
# - Mails, die über sendmail CLI gesendet werden
#
# - Mails, die Amavis über LMTP zurückgibt
#
# - etc.
#
#
# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden.
non_smtpd_milters = local:/opendkim/opendkim.sock
EOF
postfix_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
echo ""
# - Prevent Postfix from setting the DMARC Header twice (one befor # - Prevent Postfix from setting the DMARC Header twice (one befor
# - and one after processing amavis # - and one after processing amavis
# - # -
# - To disable milter processing after amavis, add to your master.cf in # - To disable milter processing after amavis, add to your master.cf in
# - the after-amavis section: # - the after-amavis section:
# - 127.0.0.1:10025 inet n - - - - smtpd # - 127.0.0.1:10025 inet n - - - - smtpd
# - [...] # - [...]
# - -o smtpd_milters= # - -o smtpd_milters=
# - # -
# - If you want to run the milter after amavis, set in main.cf # - If you want to run the milter after amavis, set in main.cf
# - smtpd_milters= # - smtpd_milters=
# - to an empty string and add the smtpd_milters configuration to master.cf # - to an empty string and add the smtpd_milters configuration to master.cf
# - (after-section amavis) instead: # - (after-section amavis) instead:
# - -o smtpd_milters=local:/opendmarc/opendmarc.sock # - -o smtpd_milters=local:/opendmarc/opendmarc.sock
# - # -
@@ -613,24 +811,58 @@ else
fi fi
echononl " Adjust /etc/postfix/master.cf. Set DMARC after sending throuh AmaVIS.." echononl " Adjust /etc/postfix/master.cf. Set DMARC after sending throuh AmaVIS.."
if $(grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*opendkim.sock" /etc/postfix/master.cf 2> /dev/null) ; then _found=false
if $(grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*$(basename ${opendmarc_socket_file})" /etc/postfix/master.cf); then _changed=false
echo_skipped tmp_master_file="/tmp/postfix_master.cf"
else > $tmp_master_file
perl -i -n -p -e "s&(^\s*-o\s+smtpd_milters\s*=.*)&\1,local:/$(basename "${opendmarc_socket_dir}")/$(basename "${opendmarc_socket_file}")&" \ while IFS='' read -r _line || [[ -n $_line ]] ; do
/etc/postfix/master.cf > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if $_found && ! echo "$_line" | grep -i -q -E "^\s*-o" 2> /dev/null ; then
echo_ok echo " -o smtpd_milters=local:/opendmarc/opendmarc.sock" >> "$tmp_master_file"
postfix_needs_restart=true _changed=true
else _found=false
echo_failed fi
error "$(cat $log_file)"
if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then
_found=false
if ! echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*local:/opendmarc/opendmarc.sock\s*$" ; then
echo " -o smtpd_milters=local:/opendmarc/opendmarc.sock" >> "$tmp_master_file"
_changed=true
continue
fi fi
fi
if echo "$_line" | grep -i -q -E "^\s*(localhost|127.0.0.1):10025\s+inet\s+" 2> /dev/null ; then
_found=true
fi
echo "$_line" >> "$tmp_master_file"
done < "/etc/postfix/master.cf"
if $_changed ; then
cp $tmp_master_file /etc/postfix/master.cf 2> $log_file
postfix_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi fi
else else
echo_skipped echo_skipped
warn "Postfix is not adjusted. Complete Postfix configuration (master.cf) manually\!" info "Postfix (master.cf) was not changed - seems already be configured right."
echononl " Delete previosly saved file '/etc/postfix/master.cf'.."
rm /etc/postfix/master.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi fi
rm -f $tmp_master_file
echo "" echo ""
@@ -648,7 +880,7 @@ else
fi fi
# - Restart opendmarc # - Restart opendmarc
# - # -
echononl " Restart opendmarc.." echononl " Restart opendmarc.."
if $opendmarc_needs_restart ; then if $opendmarc_needs_restart ; then
if $SYSTEMD_EXISTS ; then if $SYSTEMD_EXISTS ; then
@@ -698,20 +930,6 @@ else
echo_skipped echo_skipped
fi fi
echo ""
if [[ -f "/etc/postfix/master.cf.${backup_date}" ]] ; then
if $(diff "/etc/postfix/master.cf" "/etc/postfix/master.cf.${backup_date}"> /dev/null 2>&1) ; then
info "File \033[1m/etc/postfix/master.cf\033[m has not changed.\n\t Removing previos created backup.."
rm "/etc/postfix/master.cf.${backup_date}"
fi
fi
if [[ -f "/etc/postfix/main.cf.${backup_date}" ]] ; then
if $(diff "/etc/postfix/main.cf" "/etc/postfix/main.cf.${backup_date}"> /dev/null 2>&1) ; then
info "File \033[1m/etc/postfix/main.cf\033[m has not changed.\n\t Removing previos created backup.."
rm "/etc/postfix/main.cf.${backup_date}"
fi
fi
echo "" echo ""
rm -f "$log_file" rm -f "$log_file"

50
install_postfix_advanced.sh
View File

@@ -136,9 +136,11 @@ DEFAULT_INSTALL_DMARC_REPORT_SUPPORT=false
# - Is this a systemd system? # - Is this a systemd system?
# - # -
if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false
systemd_exists=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true systemd_exists=true
fi fi
@@ -3011,21 +3013,45 @@ milter_protocol = 6
# #
smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
smtpd_milters = smtpd_milters =
# Was sind non_smtpd_milters?
#
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind.
#
# Das betrifft z. B.:
#
# cleanup Header/Content-Bereinigung
# qmgr Queue-Manager
# lmtp / smtp Auslieferung nach extern
# local lokale Zustellung
#
# Das sind z. B.:
#
# - interne Bounces (MAILER-DAEMON)
#
# - Cron-Mails vom Server
#
# - Weiterleitungen, die Postfix selbst generiert
#
# - Mails, die über sendmail CLI gesendet werden
#
# - Mails, die Amavis über LMTP zurückgibt
#
# - etc.
#
#
EOF EOF
fi fi
if [[ -n "$(which opendkim)" ]] ; then if [[ -n "$(which opendkim)" ]] ; then
if [[ -n "$(which opendmarc)" ]] ; then cat <<EOF >> /etc/postfix/main.cf
cat <<EOF >> /etc/postfix/main.cf # DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden.
non_smtpd_milters = local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock #
EOF
else
cat <<EOF >> /etc/postfix/main.cf
non_smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = local:/opendkim/opendkim.sock
EOF EOF
fi else
elif [[ -n "$(which opendmarc)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf cat <<EOF >> /etc/postfix/main.cf
non_smtpd_milters = local:/opendmarc/opendmarc.sock non_smtpd_milters =
EOF EOF
fi fi

8
install_postfix_base.sh
View File

@@ -136,9 +136,11 @@ DEFAULT_REWRITE_SENDER_DOMAIN=None
# - Is this a systemd system? # - Is this a systemd system?
# - # -
if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false
systemd_exists=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true systemd_exists=true
fi fi

8
install_postfwd.sh
View File

@@ -65,6 +65,14 @@ echo_skipped() {
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
} }
systemd_exists=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true
fi
## - Install Postfix Firewall Daemon from debian packages system ## - Install Postfix Firewall Daemon from debian packages system
## - ## -
echononl " Install Postfix Firewall Daemon from debian packages system" echononl " Install Postfix Firewall Daemon from debian packages system"

120
install_update_dovecot-2.4.sh
View File

@@ -964,9 +964,11 @@ delete_variable_with_comments() {
# - Support systemd ? # - Support systemd ?
# - # -
if [[ "X$(which systemd)" = "X" ]]; then SYSTEMD_EXISTS=false
SYSTEMD_EXISTS=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
SYSTEMD_EXISTS=true SYSTEMD_EXISTS=true
fi fi
@@ -2790,11 +2792,12 @@ fi
## - Compile dovecot ## - Compile dovecot
## - ## -
echononl " Compile Dovecot Sources.." echononl " Compile Dovecot Sources.."
make > ${_log_dir}/dovecot-${_version}-make.log 2>&1 || clean_up 1 make > ${_log_dir}/dovecot-${_version}-make.log 2>&1
if [ "$?" = 0 ]; then if [ "$?" = 0 ]; then
echo -e "$rc_done" echo -e "$rc_done"
else else
echo -e "$rc_failed" echo -e "$rc_failed"
echo -e "\n See file \033[1m${_log_dir}/dovecot-${_version}-make.log\033[m for more details."
fatal Compiling dovecot failed fatal Compiling dovecot failed
fi fi
@@ -7586,9 +7589,10 @@ if [[ $dovecot_major_version -gt 2 ]] \
read -r -d '' NEW_BLOCK <<EOF read -r -d '' NEW_BLOCK <<EOF
sieve_script personal { sieve_script personal {
driver = file type = personal # kann man schreiben, ist aber Default
path = ~/sieve driver = file
active_path = ~/.dovecot.sieve path = ~/sieve
active_path = ~/.dovecot.sieve
} }
EOF EOF
replace_or_append_code_block "sieve_script personal" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1 replace_or_append_code_block "sieve_script personal" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1
@@ -7603,6 +7607,8 @@ EOF
# personal # personal
# -------- # --------
# #
# ** Used by both the Sieve plugin and the ManageSieve protocol **
#
# The personal storage serves as the user's main personal storage. Although more than a single # The personal storage serves as the user's main personal storage. Although more than a single
# personal storage can be defined, only the first one listed in the configuration is used. # personal storage can be defined, only the first one listed in the configuration is used.
# #
@@ -7625,9 +7631,10 @@ EOF
# no default script is executed. # no default script is executed.
sieve_script personal { sieve_script personal {
driver = file type = personal # kann man schreiben, ist aber Default
path = ~/sieve driver = file
active_path = ~/.dovecot.sieve path = ~/sieve
active_path = ~/.dovecot.sieve
} }
EOF EOF
if [[ $? -gt 0 ]]; then if [[ $? -gt 0 ]]; then
@@ -7637,16 +7644,17 @@ EOF
fi fi
if grep -qE "^\s*sieve_script\s+before\s*{" "${_conf_file}"; then if grep -qE "^\s*sieve_script\s+before_spam\s*{" "${_conf_file}"; then
read -r -d '' NEW_BLOCK <<EOF read -r -d '' NEW_BLOCK <<EOF
sieve_script before { sieve_script before_spam {
type = before
driver = file driver = file
path = /usr/local/dovecot/etc/dovecot/sieve/ path = /usr/local/dovecot/etc/dovecot/sieve/
} }
EOF EOF
replace_or_append_code_block "sieve_script before" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1 replace_or_append_code_block "sieve_script before_spam" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1
if [[ $? -gt 0 ]]; then if [[ $? -gt 0 ]]; then
_failed=true _failed=true
fi fi
@@ -7675,7 +7683,8 @@ EOF
# A before storage behaves identical to an after storage, except the contained script or # A before storage behaves identical to an after storage, except the contained script or
# scripts are run before user's personal script (instead of after). # scripts are run before user's personal script (instead of after).
sieve_script before { sieve_script before_spam {
type = before
driver = file driver = file
path = /usr/local/dovecot/etc/dovecot/sieve/ path = /usr/local/dovecot/etc/dovecot/sieve/
} }
@@ -7687,16 +7696,17 @@ EOF
fi fi
if grep -qE "^\s*sieve_script\s+global\s*{" "${_conf_file}"; then if grep -qE "^\s*sieve_script\s+global_includes\s*{" "${_conf_file}"; then
read -r -d '' NEW_BLOCK <<EOF read -r -d '' NEW_BLOCK <<EOF
sieve_script global { sieve_script global_includes {
driver = file type = global
path = /usr/local/dovecot/etc/dovecot/sieve/global/ driver = file
path = /usr/local/dovecot/etc/dovecot/sieve/global/
} }
EOF EOF
replace_or_append_code_block "sieve_script global" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1 replace_or_append_code_block "sieve_script global_includes" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1
if [[ $? -gt 0 ]]; then if [[ $? -gt 0 ]]; then
_failed=true _failed=true
fi fi
@@ -7745,9 +7755,10 @@ EOF
# storages are defined in the configuration until the script is found. The order can be # storages are defined in the configuration until the script is found. The order can be
# overridden by the sieve_script_precedence setting. # overridden by the sieve_script_precedence setting.
sieve_script global { sieve_script global_includes {
driver = file type = global
path = /usr/local/dovecot/etc/dovecot/sieve/global/ driver = file
path = /usr/local/dovecot/etc/dovecot/sieve/global/
} }
EOF EOF
if [[ $? -gt 0 ]]; then if [[ $? -gt 0 ]]; then
@@ -7776,6 +7787,32 @@ EOF
fi fi
_replace_key="sieve_max_redirects"
_replace_val=25
read -r -d '' COMMENT_BLOCK <<EOF
# sieve_max_redirects
#
# The maximum number of redirect actions that can be performed during a single script execution.
#
# Defaults to: 4
EOF
if grep -qE "^\s*${_replace_key}\s*=" "${_conf_file}"; then
replace_variable "${_replace_key}" "${_replace_val}" "${_conf_file}" 2>> "${log_file}" || _failed=true
else
cat <<EOF >> "${_conf_file}" 2>> "${log_file}" || _failed=true
${COMMENT_BLOCK}
${_replace_key} = ${_replace_val}
EOF
fi
else else
@@ -10844,24 +10881,27 @@ EOF
replace_or_append_code_block "protocol sieve" "${NEW_BLOCK}" "${_conf_file}" || _failed=true replace_or_append_code_block "protocol sieve" "${NEW_BLOCK}" "${_conf_file}" || _failed=true
read -r -d '' NEW_BLOCK <<'EOF' # read -r -d '' NEW_BLOCK <<'EOF'
sieve_script personal { #sieve_script personal {
path = ~/sieve # type = personal # kann man schreiben, ist aber Default
active_path = ~/.dovecot.sieve # type = personal
} # driver = file
EOF # path = ~/sieve
if grep -qE "^\s*sieve_script\s+personal\s+{" "${_conf_file}"; then # active_path = ~/.dovecot.sieve
#}
replace_code_block "sieve_script personal" "${NEW_BLOCK}" "${_conf_file}" || _failed=true #EOF
# if grep -qE "^\s*sieve_script\s+personal\s+{" "${_conf_file}"; then
else #
# replace_code_block "sieve_script personal" "${NEW_BLOCK}" "${_conf_file}" || _failed=true
cat <<EOF >> "${_conf_file}" || _failed=true #
# else
# Used by both the Sieve plugin and the ManageSieve protocol #
${NEW_BLOCK} # cat <<EOF >> "${_conf_file}" || _failed=true
EOF #
fi ## Used by both the Sieve plugin and the ManageSieve protocol
#${NEW_BLOCK}
#EOF
# fi
if ! $_failed ; then if ! $_failed ; then

8
install_update_dovecot.sh
View File

@@ -148,9 +148,11 @@ detect_os_1 () {
# - Support systemd ? # - Support systemd ?
# - # -
if [[ "X$(which systemd)" = "X" ]]; then SYSTEMD_EXISTS=false
SYSTEMD_EXISTS=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
SYSTEMD_EXISTS=true SYSTEMD_EXISTS=true
fi fi

10
install_vacation.sh
View File

@@ -95,6 +95,16 @@ echo_skipped() {
echo -e "\033[75G[ \033[30m\033[1mskipped\033[m ]" echo -e "\033[75G[ \033[30m\033[1mskipped\033[m ]"
} }
# -Is systemd supported on this system?
# -
systemd_supported=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_supported=true
fi
if [ "$POSTFIX_DB_TYPE" = "postgres" -o "$POSTFIX_DB_TYPE" = "postgresql" -o "$POSTFIX_DB_TYPE" = "pgsql" -o "$POSTFIX_DB_TYPE" = "psql" ];then if [ "$POSTFIX_DB_TYPE" = "postgres" -o "$POSTFIX_DB_TYPE" = "postgresql" -o "$POSTFIX_DB_TYPE" = "pgsql" -o "$POSTFIX_DB_TYPE" = "psql" ];then
POSTFIX_DB_TYPE=pgsql POSTFIX_DB_TYPE=pgsql

8
update_clamav-unofficial-sigs.sh
View File

@@ -182,9 +182,11 @@ fi
# - Is this a systemd system? # - Is this a systemd system?
# - # -
if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false
systemd_exists=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true systemd_exists=true
fi fi

8
update_postfix_dh_parameters.sh
View File

@@ -126,9 +126,11 @@ DEFAULT_SASL_AUTH=false
# - Is this a systemd system? # - Is this a systemd system?
# - # -
if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false
systemd_exists=false systemd=$(which systemd)
else systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true systemd_exists=true
fi fi