install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: install:0303c79b0398e6f28a466d65c96f678b37a53e67
Branches Tags
install:master
...
compare: install:master
Branches Tags
install:master

19 Commits
0303c79b03 ... master

Author SHA1 Message Date
Christoph
b87793cbad Fis systemd support on debian system version 13 (trixie) or newer. 2025-12-15 01:23:16 +01:00
Christoph
cc155c578a install_amavis.sh: fix error in creating master.cf if aditional port is used. 2025-12-10 02:13:58 +01:00
Christoph
b28b3a8316 install_update_dovecot-2.4.sh: adjust sieve configuration. 2025-12-09 17:49:41 +01:00
Christoph
ecfd630612 install_amavis.sh: no warn messages from amavis to admin. 2025-12-09 13:50:52 +01:00
Christoph
68d2bd18b7 install_amavis.sh: some minor changes. 2025-12-09 00:01:31 +01:00
Christoph
6521b03aa2 install_amavis.sh: adjust printing master.cf. 2025-12-08 23:44:29 +01:00
Christoph
05723c0514 Merge branch 'master' of https://git.oopen.de/install/mailsystem 2025-12-08 19:26:34 +01:00
Christoph
32b3c8b01e install_update_dovecot-2.4.sh: some minor changes. 2025-12-08 19:25:46 +01:00
Christoph
f2f3797c1e install_amavis.sh: Some minor changes. 2025-12-08 19:14:37 +01:00
Christoph
d8979faa06 install_update_dovecot-2.4.sh: increase sieve_max_redirects to 25. 2025-12-05 12:35:07 +01:00
Christoph
d407b2ecf0 install_opendkim.sh,install_opendmarc.sh: Support the execution of scripts at any time. A non-existent configuration is created, and an already installed configuration is adjusted if necessary. 2025-11-26 12:36:56 +01:00
Christoph
13e1d575f9 install_opendmarc.sh: remove duplicate setting 'AuthservID'. 2025-11-26 11:33:58 +01:00
Christoph
a246f5009f install_opendmarc.sh: some minor changes. 2025-11-25 22:43:11 +01:00
Christoph
41f5f61d32 Merge branch 'master' of https://git.oopen.de/install/mailsystem 2025-11-25 22:39:47 +01:00
Christoph
eb18cf2a84 Fix errors handling DKIM signatures and DMARC proofs. 2025-11-25 22:34:40 +01:00
Christoph
578db07b76 README.dovecot.index: modify documentation. 2025-11-23 12:23:49 +01:00
Christoph
3b3652ec55 DOC/DMARC-Report/dmarc-server-setup.md: fix errors in documentation. 2025-11-13 22:21:28 +01:00
Christoph
44c56d6083 Merge branch 'master' of git.oopen.de:install/mailsystem 2025-11-13 00:28:17 +01:00
Christoph
8e9f35ed76 dmarc-server-setup.md: Adjust .. 2025-11-13 00:27:35 +01:00
14 changed files with 807 additions and 534 deletions
Expand all files Collapse all files

21
DOC/DMARC-Report/dmarc-server-setup.md
View File

@@ -1,4 +1,3 @@
# DMARC-Server-Sammelsystem Einrichtung und Betrieb
## 📖 Präambel
@@ -34,7 +33,7 @@ Alle Dateien werden unter `/var/lib/dmarc` abgelegt:
Verzeichnisse anlegen:
```bash
sudo install -d -o root -g root -m 750 /var/lib/dmarc/{reports,processed,exports,logs}
sudo install -d -o vmail -g vmail -m 750 /var/lib/dmarc/{reports,processed,exports,logs}
sudo install -d -o root -g root -m 750 /usr/local/lib/dmarc
```
@@ -74,20 +73,20 @@ Damit weiß Postfix, dass Mails an diese Adresse an das Skript weitergegeben wer
Wenn du zusätzlich eine Kopie im IMAP-Postfach haben willst:
In `/etc/postfix/virtual`:
In `/etc/postfix/virtual_alias_maps`:
```bash
dmarc-reports@oopen.de reports@oopen.de, dmarc-pipe:
dmarc-reports@oopen.de dmarc-reports-mbox@oopen.de
```
Dann:
```bash
sudo postmap /etc/postfix/virtual
sudo postmap btree:/etc/postfix/virtual_alias_maps
sudo systemctl reload postfix
```
> **Merke:** `/etc/postfix/transport` = ZustellWEG, `/etc/postfix/virtual` = EmpfängerALIAS.
> **Merke:** `/etc/postfix/transport` = ZustellWEG, `/etc/postfix/virtual_alias_maps` = EmpfängerALIAS.
> Nur Skript? → Nur `transport`-Eintrag.
> Skript + Kopie? → `virtual`-Alias **zusätzlich**.
@@ -115,6 +114,7 @@ oopen.de._report._dmarc.oopen.de. IN TXT "v=DMARC1"
## 🧰 3. Sammelskript `/usr/local/bin/dmarc-collect.sh`
**Datei anlegen:**
```bash
sudo tee /usr/local/bin/dmarc-collect.sh >/dev/null <<'EOF'
#!/usr/bin/env bash
@@ -166,10 +166,12 @@ fi
EOF
sudo apt install -y ripmime
sudo install -m 750 -o vmail -g vmail /usr/local/bin/dmarc-collect.sh
sudo chown vmail:vmail /usr/local/bin/dmarc-collect.sh
sudo chmod 750 /usr/local/bin/dmarc-collect.sh
```
Inhalt von `dmarc-collect.sh`:
```bash
#!/usr/bin/env bash
set -euo pipefail
@@ -217,7 +219,6 @@ else
echo "$(date -Is) no usable attachment in message" >> "$LOGF"
exit 0
fi
```
---
@@ -247,6 +248,7 @@ sudo chmod 750 /usr/local/lib/dmarc/daily-run.sh
```
Cronjob anlegen:
```bash
echo '17 3 * * * root /usr/local/lib/dmarc/daily-run.sh' | sudo tee /etc/cron.d/dmarc-daily >/dev/null
```
@@ -256,6 +258,7 @@ echo '17 3 * * * root /usr/local/lib/dmarc/daily-run.sh' | sudo tee /etc/cron.d/
## 🧮 5. Auswertungsskript `/usr/local/bin/dmarc-scan.sh`
Installation:
```bash
sudo apt install -y xmlstarlet unzip gzip
sudo tee /usr/local/bin/dmarc-scan.sh >/dev/null <<'EOF'
@@ -568,6 +571,7 @@ sudo chmod 750 /usr/local/bin/dmarc-scan.sh
Beschreibung: Das Skript liest XML/ZIP/GZ-Reports, zeigt eine Tabelle pro Report, schreibt eine Records-CSV (mit `--append` fortsetzbar) und exportiert Top-Listen als CSV in `--outdir`.
**Wichtige Parameter:**
- `--domain DOMAIN` (Filter)
- `--csv PFAD` (Records-CSV)
- `--append` (anhängen statt überschreiben)
@@ -575,6 +579,7 @@ Beschreibung: Das Skript liest XML/ZIP/GZ-Reports, zeigt eine Tabelle pro Report
- `--outdir PFAD` (Top-CSV Ziel)
**Beispiel:**
```bash
dmarc-scan.sh /var/lib/dmarc/reports/2025/11/12 --domain fluechtlingsrat-brandenburg.de --csv /var/lib/dmarc/exports/records.csv --append --top 25 --outdir /var/lib/dmarc/exports/
```

16
DOC/dovecot/README.dovecot.index
View File

@@ -19,3 +19,19 @@ doveadm index -A INBOX
# -the storage files will be also checked.
# -
doveadm force-resync -A INBOX
# - Index users .Sent Folder
# -
doveadm index -u <user@domain.ltd> .Sent
# - oder alternativ und etwas allgemeiner für egal welchen Unterordner
# - ==================================================================
# -
# - Index eines Unterverzeichnisses einer Mailbox löschen
# -
# - z.Bsp. für den 'gesendet' Ordner der Mailbox presse@mbr-berlin.de
# -
# - rm /var/vmail/mbr-berlin.de/presse/Maildir/.Sent/dovecot.index*
# - systemctl restart dovecot.service

8
create-update-postfix-pcre-chek-files.sh
View File

@@ -115,9 +115,11 @@ DEFAULT_ADMIN_EMAIL="argus@oopen.de"
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true
fi

648
install_amavis.sh
View File

@@ -154,9 +154,11 @@ QUARANTINE_ADMIN=$DEFAULT_QUARANTINE_ADMIN
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true
fi
@@ -1168,19 +1170,38 @@ fi
## - If not testing as user roor, you need to change int a directora, where the testing
## - user has read/write? access, even if the sample spam file is located at /tmp
## -
echononl " Download a sample spam file"
installation_failed=false
wget -O /tmp/sample-spam.txt https://opensource.apple.com/source/SpamAssassin/SpamAssassin-137.1/SpamAssassin/sample-spam.txt 2> $tmp_err_msg
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
echononl " Save a sample spam file into /root folder."
cat <<'EOF' > /root/sample-spam.txt
Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network
EOF
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat $tmp_err_msg)"
fi
cp -a /tmp/sample-spam.txt /root > $tmp_err_msg 2>&1
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
if ! $installation_failed ; then
else
echo_ok
fi
@@ -1470,27 +1491,45 @@ echo -e " \033[37m\033[1mConfigure Distributed Checksum Clearinghouses (DCC)..
info "Open firewall outgoing port UDP 6277 and if DCC Server is running\n also in- and outfoing port TCP 6277."
services=("clamav-freshclam" "clamav-daemon" "adcc")
for svc in "${services[@]}"; do
echononl " Stop Service '${svc}.."
if systemctl is-active --quiet "$svc"; then
systemctl stop "$svc" > /dev/null 2> $tmp_err_msg
if [[ $? -ne 0 ]] ; then
echo_failed
if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then
echononl " An instance off dccifd ist already running. Stop it now."
installation_failed=false
if $systemd_exists ; then
systemctl stop adcc > /dev/null 2> $tmp_err_msg
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
else
/etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
fi
if ! $installation_failed ; then
echo_ok
fi
fi
else
echo_skipped
fi
done
#if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then
# echononl " An instance off dccifd ist already running. Stop it now."
# installation_failed=false
# if $systemd_exists ; then
# systemctl stop adcc > /dev/null 2> $tmp_err_msg
# if [[ "$?" -ne 0 ]] ; then
# installation_failed=true
# error "$(cat $tmp_err_msg)"
# fi
# else
# /etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg
# if [[ "$?" -ne 0 ]] ; then
# installation_failed=true
# error "$(cat $tmp_err_msg)"
# fi
# fi
# if ! $installation_failed ; then
# echo_ok
# fi
#fi
_dcc_src_dir="$script_dir"
#_archiv=dcc-dccproc.tar.Z
@@ -4003,6 +4042,7 @@ if [[ ! -f "/etc/postfix/spam_lovers" ]]; then
# - adress_1@domain3.com 0
# - domain3.com 1
# -
# - Wichtig: letzte Zeile mit Newline abschließen!
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
@@ -4031,6 +4071,7 @@ if [[ ! -f "/etc/postfix/virus_lovers" ]]; then
# - adress_1@domain3.com 0
# - domain3.com 1
# -
# - Wichtig: letzte Zeile mit Newline abschließen!
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
@@ -4187,203 +4228,111 @@ read_hash(\%whitelist_sender, '/etc/postfix/sender_whitelist');
@whitelist_sender_maps = (\%whitelist_sender);
## ---
## - Default antivirus checking mode
## ---
## - bypass_virus_checks_maps
## -
## - Addresses/Domains listet here will not be checked.
## -
## - !! Notice !!
## -
## - Virus checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - virus-checking will still be performed. To ensure that virus is still delivered
## - to whitelisted recipients in such cases, use the "virus_lovers" features
## - see below.
## -
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \\\$bypass_virus_checks_re);
# ----------------------------------------------------------
# Basis-Quarantäneverzeichnis
# ----------------------------------------------------------
\$QUARANTINEDIR = '${QUARANTINE_DIR}';
## - We will use '%bypass_virus_checks_maps'. So we could set:
## -
## - %bypass_virus_checks = (
## - # Adresses
## - adress@domain1.com => '1',
## - [..]
## - # All addresses of a domain
## - domain2.com => '1',
## - [..]
## - # All adresses of a domain except a single user
## - address_1@domain3.com => '0',
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/virus_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
## - [..]
## -
## - # All addresses of a domain
## - domain2.com 1
## - [..]
## -
## - # All adresses of a domain except a single user
## - adress_1@domain3.com 0
## - domain3.com 1
## -
read_hash(\%bypass_virus_checks, '/etc/postfix/virus_lovers');
## - virus_lovers_maps
## -
## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like
## - adding spam headers or discarding the mail) will be performed.
## -
@virus_lovers_maps = (
\%virus_lovers, \@virus_lovers_acl, \\\$virus_lovers_re);
## - We will use the read_hash function to read in a list of recipients
## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'.
## -
## - For more explanations see above
## -
read_hash(\%virus_lovers, '/etc/postfix/virus_lovers');
## ---
## - Default SPAM checking mode
## ---
## - bypass_spam_checks_maps
## -
## - Addresses/Domains listet here will not be checked.
## -
## - !! Notice !!
## -
## - Spam checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - spam-checking will still be performed. To ensure that spam is still delivered
## - to whitelisted recipients in such cases, use the "spam_lovers" features
## - see below.
## -
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \\\$bypass_spam_checks_re);
## - We will use '%bypass_spam_checks'. So we could set:
## -
## - %bypass_spam_checks = (
## - # Adresses
## - adress@domain1.com => '1',
## - [..]
## - # All addresses of a domain
## - domain2.com => '1',
## - [..]
## - # All adresses of a domain except a single user
## - address_1@domain3.com => '0',
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/spam_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
## - [..]
## -
## - # All addresses of a domain
## - domain2.com 1
## - [..]
## -
## - # All adresses of a domain except a single user
## - adress_1@domain3.com 0
## - domain3.com 1
## -
read_hash(\%bypass_spam_checks, '/etc/postfix/spam_lovers');
## - spam_lovers_maps
## -
## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like
## - adding spam headers or discarding the mail) will be performed.
## -
@spam_lovers_maps = (
\%spam_lovers, \@spam_lovers_acl, \\\$spam_lovers_re);
## - We will use the read_hash function to read in a list of recipients
## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'.
## -
## - For more explanations see above
## -
read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
## - overrides settings in 20-debian_defaults
## -
\$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
\$final_banned_destiny = D_DISCARD; # D_REJECT when front-end MTA
#\$final_spam_destiny = D_DISCARD;
\$final_spam_destiny = D_BOUNCE;
#\$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)
##- Moved to file '/etc/amavis/policy_banks.conf'
## -
## - \$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
## - \$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level
## - \$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass
## -
do "/etc/amavis/policy_banks.conf"; # Externe Datei einbinden
## - QUARANTINE
## -
\$QUARANTINEDIR = "$QUARANTINE_DIR";
# Keine automatisch erzeugten Unterverzeichnisse wie a/, b/, c/, f/, g/
\$quarantine_subdir_levels = 0;
\$sa_spam_subject_tag = undef; # Kein Prefix wie "***SPAM***" o.ä.
\$sa_spam_modifies_subj = 0; # Betreff NICHT verändern
## - don't store mails in quarantine directory
## -
#\$virus_quarantine_method = undef;
#\$spam_quarantine_method = undef;
#\$banned_files_quarantine_method = undef;
#\$bad_header_quarantine_method = undef;
# Viren: /var/QUARANTINE/virus/virus-<msgid>.gz
\$virus_quarantine_method = 'local:virus/virus-%m.gz';
## - store mails in quarantine directory
## -
\$virus_quarantine_method = 'local:virus/virus-%m';
# Spam (Kill-Spam): /var/QUARANTINE/spam/spam-<msgid>.gz
\$spam_quarantine_method = 'local:spam/spam-%m.gz';
\$banned_files_quarantine_method = 'local:banned/banned-%m';
\$bad_header_quarantine_method = 'local:bad-headers/badh-%m';
\$clean_quarantine_method = undef;
\$archive_quarantine_method = undef;
#\$virus_admin ="$QUARANTINE_ADMIN";
#\$spam_admin = "$QUARANTINE_ADMIN";
#\$banned_admin = "$QUARANTINE_ADMIN";
#\$bad_header_admin = "$QUARANTINE_ADMIN";
# Banned: /var/QUARANTINE/banned/banned-<msgid>
\$banned_files_quarantine_method = 'local:banned/banned-%m';
# Bad headers: /var/QUARANTINE/bad-headers/badh-<msgid>
\$bad_header_quarantine_method = 'local:bad-headers/badh-%m';
# ----------------------------------------------------------
# Einbinden der Spam- und Virus-Lovers Dateien
# ----------------------------------------------------------
@bypass_spam_checks_maps = (
read_hash('/etc/postfix/spam_lovers'),
);
@bypass_virus_checks_maps = (
read_hash('/etc/postfix/virus_lovers'),
);
# ----------------------------------------------------------
# Spam-Schwellwerte
# ----------------------------------------------------------
\$sa_tag_level_deflt = 1.9; # ab hier Info-Header
\$sa_tag2_level_deflt = 5.1; # ab hier X-Spam-Flag: YES
\$sa_kill_level_deflt = 9.51; # high-spam - final destiny (DISCARD)
\$sa_dsn_cutoff_level = 20.1; # ab hier keine DSN mehr
\$sa_quarantine_cutoff_level = 30.1; # oberhalb keine Quarantäne mehr
# ----------------------------------------------------------
# Domain-/Adress-spezifische Einstellungen extern einlesen
# ----------------------------------------------------------
my \$policy_banks_file = '/etc/amavis/policy_banks.conf';
if (-r \$policy_banks_file) {
do \$policy_banks_file
or die "Fehler beim Einlesen von \$policy_banks_file: \$@";
}
# ----------------------------------------------------------
# spammy (zwischen Tag2 und Kill-Level)
# zusätzlich in /spammy/, Mail wird zugestellt
# ----------------------------------------------------------
# spammy in /var/QUARANTINE/spammy/
\$quarantine_method_by_ccat{+CC_SPAMMY}
= 'local:spammy/spammy-%m.gz';
\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS;
# ----------------------------------------------------------
# Final Destinies
# ----------------------------------------------------------
# High-Spam (>=9.51)
\$final_spam_destiny = D_DISCARD;
# Viren
\$final_virus_destiny = D_DISCARD;
# Banned (z.B. .exe)
\$final_banned_destiny = D_BOUNCE;
# Schlechte Header
\$final_bad_header_destiny = D_PASS;
# ----------------------------------------------------------
# Admin E-Mails / Warnungen direct von AMaViS (nicht DSN- oder Bounce-Mails)
# ----------------------------------------------------------
# Bemerkung:
# *nochmal*: das hat nichts mit den eigentlichen DSN-/Bounce-Mails zu tun.
\$virus_admin = undef;
\$spam_admin = undef;
\$banned_admin = undef;
\$bad_header_admin = undef;
\$warnvirusrecip = 0;
\$warnbannedrecip = 0;
\$warnbannedsender = 0;
\$warnbadhrecip = 0;
\$warn_offsite = 0;
# Pass SPAMMY but quarantine and inform admin
#
\$quarantine_to_maps_by_ccat{+CC_SPAMMY} = \\@spam_quarantine_to_maps ;
\$quarantine_method_by_ccat{+CC_SPAMMY} = 'local:spammy/spammy-%m.gz' ;
\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS ;
\$admin_maps_by_ccat{+CC_SPAMMY} = sub { ca('spam_admin_maps') };
# Bypass spam checking for trusted networks using mynetworks
@@ -4598,133 +4547,67 @@ echononl " Create File \"${_config_policy_banks_file}\""
if [[ -f "${_config_policy_banks_file}" ]]; then
echo_skipped
else
cat << EOF > ${_config_policy_banks_file}
# Externe Richtliniendatei für amavisd
use strict;
# ---
# add spam info headers if at, or above that level
# ---
## - All recipients with identical the same setting:
## -
#\$sa_tag_level_deflt = 2.0;
## - Per-recipient mapping of tag2 levels to email addresses (tag2 level):
## -
## - Set directly:
## -
\$sa_tag_level_deflt = {
'oopen.de' => '-4.5',
# default
'.'=>'2.0'
};
## - Read from file using @spam_tag2_level_maps
## -
## - default: @spam_tag2_level_maps = (\$sa_tag2_level_deflt);
## -
## - Example file '/etc/postfix/tag2_level_maps.dat'
## -
## - # oopen.de
## - oopen.de 2.1
## - ckubu@oopen.de 2.2
## - argus@oopen.de 2.3
## - [..]
## - # k8h.de
## - k8h.de 6.5
## - [..]
## - # default
## - . 5.1
## -
#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
#\$sa_spam_subject_tag = '***SPAM*** '; # Spam-Betreff-Tag
\$sa_spam_subject_tag = undef;
# ---
# add 'spam detected' headers at that level
# ---
## - All recipients with identical the same setting:
## -
#\$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level
## - Per-recipient mapping of kill levels to email addresses (kill level):
## -
## - Set directly
## -
\$sa_tag2_level_deflt = {
'oopen.de' => '3.1',
'123comics.net' => '4.1',
'info@123comics.net' => '3.1',
# default
'.' => '5.1',
};
## - Read from file using @spam_kill_level_maps
## -
## - default: @spam_kill_level_maps = (\$sa_kill_level_deflt);
## -
## - Example file '/etc/postfix/kill_level_maps.dat'
## -
## - # oopen.de
## - ckubu@oopen.de 1500.0
## - ckubu-adm@oopen.de 1500.0
## - [..]
## - # default
## - . 10.31
## -
#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') );
# ---
# adding more detailed spam-related headers.
# ---
## - All recipients with identical the same setting:
## -
\$sa_tag3_level_deflt = 7.0; # threshold for sa_tag3_level_deflt
## - Note
## - Like 'sa_tag2_level_deflt' above per-recipient also possible
@sa_tag3_level_maps = (
['^Subject:', '\[HIGH-SPAM\] $&'], # Modify subject
['HEADER', 'X-High-Spam-Flag', 'YES'], # Add a custom header
);
# ---
# spam score threshold at which amavisd-new will reject (kill) an email.
# ---
## - All recipients with identical the same setting:
## -
\$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass
## - Note
## - Like 'sa_tag2_level_deflt' above per-recipient also possible
# ---
# The threshold for sending a delivery status notification (DSN) to the sender
# ---
## - We will inform the sender about bouncing his mail with a DSN (Delivery
## - StatusNotification). That DSN message will no be send, if the spamvalue
## - exceeds the value of sa_dsn_cutoff_level
## -
#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
\$sa_dsn_cutoff_level = 20;
cat <<'EOF' > ${_config_policy_banks_file}
# /etc/amavis/policy_banks.conf
#
# ---------------------------------------------
# Domain- und adressspezifische Amavis-Settings
# ---------------------------------------------
#
#
# Wichtig: KEIN "use strict;" hier, das ist schon in 50-user aktiv.
# Diese Datei wird via "do" aus /etc/amavis/conf.d/50-user eingelesen.
#
#
# Tag2-Level (Schwelle für X-Spam-Flag: YES) abhängig von Empfänger/Domain
# ========================================================================
#
#
# Read from file using @spam_tag2_level_maps
# ------------------------------------------
#
# default: @spam_tag2_level_maps = ($sa_tag2_level_deflt);
#
# Example file '/etc/postfix/tag2_level_maps.dat'
#
# # Specific address first
# info@123comics.net 2.1
# ckubu@oopen.de 2.2
# ...
#
# # All recipients of the domains @oopen.de / @k8h.de
# oopen.de 3.1
# k8h.de 4.5
#
# # default
# . 5.1
#
#
# Read file into the variable @spam_tag2_level_maps
#
# @spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
#
#
# Set the variable $sa_tag2_level_deflt directly.
# -----------------------------------------------
#
# Example:
#
# @spam_tag2_level_maps = (
# {
# # Spezifische Adresse zuerst
# 'info@123comics.net' => 3.1,
# 'info@berliner-register.de' => 3.1,
#
# # Domains (alle Empfänger @oopen.de / @123comics.net)
# '.oopen.de' => 3.1,
# '.123comics.net' => 4.1,
# 'regishut.de' => 2.5,
# },
#
# # Fallback: Standard-Tag2-Level aus 50-user
# $sa_tag2_level_deflt,
# );
#------------ Do not modify anything below this line -------------
@@ -5116,6 +4999,8 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
smtp inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter=
-o smtpd_milters=
-o non_smtpd_milters=
EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF
@@ -5123,19 +5008,6 @@ EOF
EOF
fi
if ${listen_on_additional_smtp_port} ; then
cat >> $postfix_master_cf << EOF
${additional_smtp_port} inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter=
EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_sasl_auth_enable=no
EOF
fi
fi
if ! $submission_present && ! $smtps_present && ! $localhost_10025_present ; then
cat >> $postfix_master_cf << EOF
localhost:10025 inet n - y - - smtpd
@@ -5150,13 +5022,9 @@ localhost:10025 inet n - y - - smtpd
-o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks
EOF
if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then
if [[-n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF
@@ -5167,8 +5035,26 @@ EOF
continue
fi
if ${listen_on_additional_smtp_port} \
&& echo "$_line" | grep -i -E "^\s*${additional_smtp_port}\s+inet" > /dev/null 2>&1 ; then
_found=true
cat >> $postfix_master_cf << EOF
${additional_smtp_port} inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter=
EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_sasl_auth_enable=no
EOF
fi
if $submission_present && echo "$_line" | grep -i -E "^^submission\s+" > /dev/null 2>&1 ; then
continue
fi
if $submission_present && echo "$_line" | grep -i -E "^submission\s+" > /dev/null 2>&1 ; then
_found=true
cat >> $postfix_master_cf << EOF
submission inet n - y - 20 smtpd
@@ -5176,6 +5062,13 @@ submission inet n - y - 20 smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
EOF
if [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
EOF
fi
cat >> $postfix_master_cf << EOF
#-o milter_macro_daemon_name=ORIGINATING
EOF
if ! $smtps_present ; then
@@ -5193,13 +5086,9 @@ localhost:10025 inet n - y - - smtpd
-o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks
EOF
if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then
if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF
@@ -5230,6 +5119,13 @@ smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
EOF
if [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
EOF
fi
cat >> $postfix_master_cf << EOF
#-o milter_macro_daemon_name=ORIGINATING
EOF
@@ -5247,13 +5143,9 @@ localhost:10025 inet n - y - - smtpd
-o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks
EOF
if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then
if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF
@@ -5290,13 +5182,9 @@ localhost:10025 inet n - y - - smtpd
-o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks
EOF
if [[ -n "$(which opendkim)" && -n "$(which opendmarc)" ]] ; then
if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF

62
install_opendkim.sh
View File

@@ -14,6 +14,8 @@ echo -e "\n \033[32mStart Installation of OpenDKIM..\033[m"
log_file="$(mktemp)"
backup_date="$(date +%Y-%m-%d-%H%M)"
_opendkim_packages="opendkim opendkim-tools"
opendkim_base_dir="/etc/opendkim"
@@ -28,6 +30,7 @@ opendkim_socket_file="${opendkim_socket_dir}/opendkim.sock"
postfix_needs_restart=false
opendkim_needs_restart=false
# -------------
# --- Some functions
# -------------
@@ -91,9 +94,11 @@ echo_skipped() {
# - Is 'systemd' supported on this system
# -
if [ "X`which systemd`" = "X" ]; then
SYSTEMD_EXISTS=false
else
SYSTEMD_EXISTS=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
SYSTEMD_EXISTS=true
fi
@@ -175,6 +180,18 @@ else
echo_skipped
fi
echononl " Backup existing file '${opendkim_conf_file}'.."
if [[ -f "${opendkim_conf_file}" ]] ; then
mv "${opendkim_conf_file}" "${opendkim_conf_file}.${backup_date}"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Create OpenDKIM configuration
# -
@@ -200,6 +217,7 @@ AuthservID "DKIM check $(hostname -f)"
# Modi signer (s) und verifier (v) und verwendet eine
# Socket-Datei zur Kommunikation (alternativ: lokaler Port)
Mode sv
# Socket local:/var/run/opendkim/opendkim.sock
# Socket local:$opendkim_socket_file
# Socket inet:12345@localhost
@@ -492,6 +510,35 @@ milter_protocol = 6
#
#smtpd_milters = local:/opendkim/opendkim.sock
smtpd_milters =
# Was sind non_smtpd_milters?
#
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind.
#
# Das betrifft z. B.:
#
# cleanup Header/Content-Bereinigung
# qmgr Queue-Manager
# lmtp / smtp Auslieferung nach extern
# local lokale Zustellung
#
# Das sind z. B.:
#
# - interne Bounces (MAILER-DAEMON)
#
# - Cron-Mails vom Server
#
# - Weiterleitungen, die Postfix selbst generiert
#
# - Mails, die über sendmail CLI gesendet werden
#
# - Mails, die Amavis über LMTP zurückgibt
#
# - etc.
#
#
# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden.
non_smtpd_milters = local:/opendkim/opendkim.sock
EOF
postfix_needs_restart=true
@@ -542,9 +589,14 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then
_found=false
if ! echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*local:/opendkim/opendkim.sock\s*$" ; then
echo " -o smtpd_milters=local:/opendkim/opendkim.sock" >> "$tmp_master_file"
_changed=true
continue
fi
fi
if echo "$_line" | grep -i -q -E "^\s*(127.0.0.1|localhost):10025\s+inet\s+" 2> /dev/null ; then
if echo "$_line" | grep -i -q -E "^\s*(submission|smtps)\s+inet\s+" 2> /dev/null ; then
_found=true
fi
@@ -562,7 +614,7 @@ if $_changed ; then
fi
else
echo_skipped
warn "Postfix (master.cf) seems already be configured."
info "Postfix (master.cf) was not changed - seems already be configured right."
echononl " Delete previosly saved file '/etc/postfix/master.cf'.."
rm /etc/postfix/master.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then

284
install_opendmarc.sh
View File

@@ -3,6 +3,7 @@
clear
echo -e "\n \033[32mStart Installation of OpenDMARC..\033[m"
overwrite_config_files=true
# -------------
@@ -23,13 +24,14 @@ opendmarc_socket_dir="${postfix_spool_dir}/opendmarc"
opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock"
config_file_name_value_parameters="
AuthservID|DMARC check $(hostname -f)
AuthservID|$(hostname -f)
TrustedAuthservIDs|$(hostname -f)
PidFile|/run/opendmarc/opendmarc.pid
RejectFailures|true
Syslog|true
SyslogFacility|mail
TrustedAuthservIDs|$(hostname -f)
IgnoreHosts|/etc/opendmarc/ignore.hosts
IgnoreHosts|${opendmarc_base_dir}/ignore.hosts
IgnoreMailFrom|${opendmarc_base_dir}/ignore.mailfrom
IgnoreAuthenticatedClients|true
RequiredHeaders|false
UMask|002
@@ -114,9 +116,11 @@ echo_skipped() {
# - Is 'systemd' supported on this system
# -
if [ "X`which systemd`" = "X" ]; then
SYSTEMD_EXISTS=false
else
SYSTEMD_EXISTS=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
SYSTEMD_EXISTS=true
fi
@@ -194,6 +198,9 @@ if ! $(grep -q -E "^IgnoreHosts\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
## ignored by the filter. If not specified, defaults to "127.0.0.1" only.
#
IgnoreHosts 127.0.0.1
# Optional - auch nach Absender-Domain ignorieren:
IgnoreMailFrom ${opendmarc_base_dir}/ignore.mailfrom
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
@@ -229,6 +236,33 @@ else
fi
# - Add 'TrustedAuthservIDs' with default value to the original opendmarc.conf file
#
_param="TrustedAuthservIDs"
echononl " Add '${_param}' with default value to the opendmarc.conf file.."
if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
cat << EOF >> ${opendmarc_conf_file}
# Provides a list of authserv-ids that are to be used to identify Authentication-Results
# header fields whose contents are to be assumed as valid input for the DMARC assessment.
# To provide a list, separate values by commas. If the string "HOSTNAME" is provided,
# the name of the host running the filter (as returned by the gethostname(3) function)
# will be used. Matching against this list is case-insensitive. The default is to use the
# value of AuthservID.
#
TrustedAuthservIDs OpenDMARC
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file
#
_param="IgnoreAuthenticatedClients"
@@ -472,6 +506,18 @@ else
fi
echononl " Backup existing file '${opendmarc_base_dir}/ignore.hosts'.."
if [[ -f "${opendmarc_base_dir}/ignore.hosts" ]] ; then
mv "${opendmarc_base_dir}/ignore.hosts" "${opendmarc_base_dir}/ignore.hosts.${backup_date}"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Create the file ${opendmarc_base_dir}/ignore.hosts
# -
@@ -480,11 +526,68 @@ if [[ -f "${opendmarc_base_dir}/ignore.hosts" ]] ; then
echo_skipped
else
cat <<EOF > ${opendmarc_base_dir}/ignore.hosts 2> $log_file
# We are using AmaViS at 'localhost 127.0.0.1 . So we cannot bypass them
# /etc/opendmarc/ignore.hosts
#
# 127.0.0.1
# localhost
$(hostname -f)
# Aktuell hat OpenDMARC seinen Milter nur am Dienst
# 'localhost:10025' hängen. Dort ist der Client
# immer 127.0.0.1, nicht die externe Gegenstelle.
#
# Deshalb macht es in diesem Setup keinen Sinn,
# hier IP-Adressen von externen Diensten (CRSend etc.)
# einzutragen sie würden nie matchen.
#
# WICHTIG:
# - KEIN 127.0.0.1
# - KEIN localhost
# - KEIN ::1
#
# Eintrag dieser Adressen würde DMARC komplett deaktivieren.
#
# ==> Datei bleibt absichtlich leer.
EOF
opendmarc_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Create the file ${opendmarc_base_dir}/ignore.hosts
# -
echononl " Backup existing file '${opendmarc_base_dir}/ignore.mailfrom'.."
if [[ -f "${opendmarc_base_dir}/ignore.mailfrom" ]] ; then
mv "${opendmarc_base_dir}/ignore.mailfrom" "${opendmarc_base_dir}/ignore.mailfrom.${backup_date}"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
echononl " Create file '${opendmarc_base_dir}/ignore.mailfrom'.."
if [[ -f "${opendmarc_base_dir}/ignore.mailfrom" ]] ; then
echo_skipped
else
cat <<EOF > ${opendmarc_base_dir}/ignore.mailfrom 2> $log_file
# /etc/opendmarc/ignore.mailfrom
#
# Hier könnte man Absender-Domains von der DMARC-Prüfung
# ausnehmen (z. B. problematische Partner-Domains).
#
# Aktuell ist das für dein Setup nicht notwendig.
#
# Beispiele (NICHT aktiv!):
# @example.org
# example.org
#
# ==> Datei bleibt absichtlich leer.
EOF
opendmarc_needs_restart=true
if [[ $? -eq 0 ]] ; then
@@ -588,6 +691,101 @@ else
fi
echo ""
# - Edit /etc/postfix/main.cf and add a section to activate
# - processing of e-mail through the OpenDKIM daemon:
# -
backup_date="$(date +%Y-%m-%d-%H%M)"
echononl " Backup existing postfix configuration (main.cf).."
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Activate processing of e-mail through the OpenDKIM daemon.."
if grep -q -E "milter_default_action\s*=\s*accept" /etc/postfix/main.cf ; then
echo_skipped
info "Postfix (main.cf) was not changed - seems already be configured right."
echononl " Delete previosly saved Postfix configuration.."
rm /etc/postfix/main.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
cat <<EOF >> /etc/postfix/main.cf 2> $log_file
# ======= Milter configuration =======
# OpenDKIM
milter_default_action = accept
# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2
milter_protocol = 6
# Note:
# We will sign AFTER sending through AmaVIS, just befor sending out. So
# set 'smtpd_milters =' to an emty string here and add to localhost:10025
# section in master.cf: 'smtpd_milters=local:/opendkim/opendkim.sock'
#
# If you want sign mails before sending through AmaVIS, set
# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to
# localhost:10025 section in master.cf: 'smtpd_milters='
#
#smtpd_milters = local:/opendkim/opendkim.sock
smtpd_milters =
# Was sind non_smtpd_milters?
#
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind.
#
# Das betrifft z. B.:
#
# cleanup Header/Content-Bereinigung
# qmgr Queue-Manager
# lmtp / smtp Auslieferung nach extern
# local lokale Zustellung
#
# Das sind z. B.:
#
# - interne Bounces (MAILER-DAEMON)
#
# - Cron-Mails vom Server
#
# - Weiterleitungen, die Postfix selbst generiert
#
# - Mails, die über sendmail CLI gesendet werden
#
# - Mails, die Amavis über LMTP zurückgibt
#
# - etc.
#
#
# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden.
non_smtpd_milters = local:/opendkim/opendkim.sock
EOF
postfix_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
echo ""
# - Prevent Postfix from setting the DMARC Header twice (one befor
# - and one after processing amavis
# -
@@ -613,24 +811,58 @@ else
fi
echononl " Adjust /etc/postfix/master.cf. Set DMARC after sending throuh AmaVIS.."
if $(grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*opendkim.sock" /etc/postfix/master.cf 2> /dev/null) ; then
if $(grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*$(basename ${opendmarc_socket_file})" /etc/postfix/master.cf); then
echo_skipped
else
perl -i -n -p -e "s&(^\s*-o\s+smtpd_milters\s*=.*)&\1,local:/$(basename "${opendmarc_socket_dir}")/$(basename "${opendmarc_socket_file}")&" \
/etc/postfix/master.cf > $log_file 2>&1
_found=false
_changed=false
tmp_master_file="/tmp/postfix_master.cf"
> $tmp_master_file
while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && ! echo "$_line" | grep -i -q -E "^\s*-o" 2> /dev/null ; then
echo " -o smtpd_milters=local:/opendmarc/opendmarc.sock" >> "$tmp_master_file"
_changed=true
_found=false
fi
if $_found && echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then
_found=false
if ! echo "$_line" | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*local:/opendmarc/opendmarc.sock\s*$" ; then
echo " -o smtpd_milters=local:/opendmarc/opendmarc.sock" >> "$tmp_master_file"
_changed=true
continue
fi
fi
if echo "$_line" | grep -i -q -E "^\s*(localhost|127.0.0.1):10025\s+inet\s+" 2> /dev/null ; then
_found=true
fi
echo "$_line" >> "$tmp_master_file"
done < "/etc/postfix/master.cf"
if $_changed ; then
cp $tmp_master_file /etc/postfix/master.cf 2> $log_file
postfix_needs_restart=true
if [[ $? -eq 0 ]] ; then
echo_ok
postfix_needs_restart=true
else
echo_failed
error "$(cat $log_file)"
fi
fi
else
echo_skipped
warn "Postfix is not adjusted. Complete Postfix configuration (master.cf) manually\!"
info "Postfix (master.cf) was not changed - seems already be configured right."
echononl " Delete previosly saved file '/etc/postfix/master.cf'.."
rm /etc/postfix/master.cf.$backup_date 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
rm -f $tmp_master_file
echo ""
@@ -698,20 +930,6 @@ else
echo_skipped
fi
echo ""
if [[ -f "/etc/postfix/master.cf.${backup_date}" ]] ; then
if $(diff "/etc/postfix/master.cf" "/etc/postfix/master.cf.${backup_date}"> /dev/null 2>&1) ; then
info "File \033[1m/etc/postfix/master.cf\033[m has not changed.\n\t Removing previos created backup.."
rm "/etc/postfix/master.cf.${backup_date}"
fi
fi
if [[ -f "/etc/postfix/main.cf.${backup_date}" ]] ; then
if $(diff "/etc/postfix/main.cf" "/etc/postfix/main.cf.${backup_date}"> /dev/null 2>&1) ; then
info "File \033[1m/etc/postfix/main.cf\033[m has not changed.\n\t Removing previos created backup.."
rm "/etc/postfix/main.cf.${backup_date}"
fi
fi
echo ""
rm -f "$log_file"

48
install_postfix_advanced.sh
View File

@@ -136,9 +136,11 @@ DEFAULT_INSTALL_DMARC_REPORT_SUPPORT=false
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true
fi
@@ -3011,21 +3013,45 @@ milter_protocol = 6
#
smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
smtpd_milters =
# Was sind non_smtpd_milters?
#
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind.
#
# Das betrifft z. B.:
#
# cleanup Header/Content-Bereinigung
# qmgr Queue-Manager
# lmtp / smtp Auslieferung nach extern
# local lokale Zustellung
#
# Das sind z. B.:
#
# - interne Bounces (MAILER-DAEMON)
#
# - Cron-Mails vom Server
#
# - Weiterleitungen, die Postfix selbst generiert
#
# - Mails, die über sendmail CLI gesendet werden
#
# - Mails, die Amavis über LMTP zurückgibt
#
# - etc.
#
#
EOF
fi
if [[ -n "$(which opendkim)" ]] ; then
if [[ -n "$(which opendmarc)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf
non_smtpd_milters = local:/opendkim/opendkim.sock,local:/opendmarc/opendmarc.sock
EOF
else
cat <<EOF >> /etc/postfix/main.cf
# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden.
#
non_smtpd_milters = local:/opendkim/opendkim.sock
EOF
fi
elif [[ -n "$(which opendmarc)" ]] ; then
else
cat <<EOF >> /etc/postfix/main.cf
non_smtpd_milters = local:/opendmarc/opendmarc.sock
non_smtpd_milters =
EOF
fi

8
install_postfix_base.sh
View File

@@ -136,9 +136,11 @@ DEFAULT_REWRITE_SENDER_DOMAIN=None
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true
fi

8
install_postfwd.sh
View File

@@ -65,6 +65,14 @@ echo_skipped() {
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
}
systemd_exists=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true
fi
## - Install Postfix Firewall Daemon from debian packages system
## -
echononl " Install Postfix Firewall Daemon from debian packages system"

100
install_update_dovecot-2.4.sh
View File

@@ -964,9 +964,11 @@ delete_variable_with_comments() {
# - Support systemd ?
# -
if [[ "X$(which systemd)" = "X" ]]; then
SYSTEMD_EXISTS=false
else
SYSTEMD_EXISTS=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
SYSTEMD_EXISTS=true
fi
@@ -2790,11 +2792,12 @@ fi
## - Compile dovecot
## -
echononl " Compile Dovecot Sources.."
make > ${_log_dir}/dovecot-${_version}-make.log 2>&1 || clean_up 1
make > ${_log_dir}/dovecot-${_version}-make.log 2>&1
if [ "$?" = 0 ]; then
echo -e "$rc_done"
else
echo -e "$rc_failed"
echo -e "\n See file \033[1m${_log_dir}/dovecot-${_version}-make.log\033[m for more details."
fatal Compiling dovecot failed
fi
@@ -7586,6 +7589,7 @@ if [[ $dovecot_major_version -gt 2 ]] \
read -r -d '' NEW_BLOCK <<EOF
sieve_script personal {
type = personal # kann man schreiben, ist aber Default
driver = file
path = ~/sieve
active_path = ~/.dovecot.sieve
@@ -7603,6 +7607,8 @@ EOF
# personal
# --------
#
# ** Used by both the Sieve plugin and the ManageSieve protocol **
#
# The personal storage serves as the user's main personal storage. Although more than a single
# personal storage can be defined, only the first one listed in the configuration is used.
#
@@ -7625,6 +7631,7 @@ EOF
# no default script is executed.
sieve_script personal {
type = personal # kann man schreiben, ist aber Default
driver = file
path = ~/sieve
active_path = ~/.dovecot.sieve
@@ -7637,16 +7644,17 @@ EOF
fi
if grep -qE "^\s*sieve_script\s+before\s*{" "${_conf_file}"; then
if grep -qE "^\s*sieve_script\s+before_spam\s*{" "${_conf_file}"; then
read -r -d '' NEW_BLOCK <<EOF
sieve_script before {
sieve_script before_spam {
type = before
driver = file
path = /usr/local/dovecot/etc/dovecot/sieve/
}
EOF
replace_or_append_code_block "sieve_script before" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1
replace_or_append_code_block "sieve_script before_spam" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1
if [[ $? -gt 0 ]]; then
_failed=true
fi
@@ -7675,7 +7683,8 @@ EOF
# A before storage behaves identical to an after storage, except the contained script or
# scripts are run before user's personal script (instead of after).
sieve_script before {
sieve_script before_spam {
type = before
driver = file
path = /usr/local/dovecot/etc/dovecot/sieve/
}
@@ -7687,16 +7696,17 @@ EOF
fi
if grep -qE "^\s*sieve_script\s+global\s*{" "${_conf_file}"; then
if grep -qE "^\s*sieve_script\s+global_includes\s*{" "${_conf_file}"; then
read -r -d '' NEW_BLOCK <<EOF
sieve_script global {
sieve_script global_includes {
type = global
driver = file
path = /usr/local/dovecot/etc/dovecot/sieve/global/
}
EOF
replace_or_append_code_block "sieve_script global" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1
replace_or_append_code_block "sieve_script global_includes" "${NEW_BLOCK}" "${_conf_file}" >> "${log_file}" 2>&1
if [[ $? -gt 0 ]]; then
_failed=true
fi
@@ -7745,7 +7755,8 @@ EOF
# storages are defined in the configuration until the script is found. The order can be
# overridden by the sieve_script_precedence setting.
sieve_script global {
sieve_script global_includes {
type = global
driver = file
path = /usr/local/dovecot/etc/dovecot/sieve/global/
}
@@ -7776,6 +7787,32 @@ EOF
fi
_replace_key="sieve_max_redirects"
_replace_val=25
read -r -d '' COMMENT_BLOCK <<EOF
# sieve_max_redirects
#
# The maximum number of redirect actions that can be performed during a single script execution.
#
# Defaults to: 4
EOF
if grep -qE "^\s*${_replace_key}\s*=" "${_conf_file}"; then
replace_variable "${_replace_key}" "${_replace_val}" "${_conf_file}" 2>> "${log_file}" || _failed=true
else
cat <<EOF >> "${_conf_file}" 2>> "${log_file}" || _failed=true
${COMMENT_BLOCK}
${_replace_key} = ${_replace_val}
EOF
fi
else
@@ -10844,24 +10881,27 @@ EOF
replace_or_append_code_block "protocol sieve" "${NEW_BLOCK}" "${_conf_file}" || _failed=true
read -r -d '' NEW_BLOCK <<'EOF'
sieve_script personal {
path = ~/sieve
active_path = ~/.dovecot.sieve
}
EOF
if grep -qE "^\s*sieve_script\s+personal\s+{" "${_conf_file}"; then
replace_code_block "sieve_script personal" "${NEW_BLOCK}" "${_conf_file}" || _failed=true
else
cat <<EOF >> "${_conf_file}" || _failed=true
# Used by both the Sieve plugin and the ManageSieve protocol
${NEW_BLOCK}
EOF
fi
# read -r -d '' NEW_BLOCK <<'EOF'
#sieve_script personal {
# type = personal # kann man schreiben, ist aber Default
# type = personal
# driver = file
# path = ~/sieve
# active_path = ~/.dovecot.sieve
#}
#EOF
# if grep -qE "^\s*sieve_script\s+personal\s+{" "${_conf_file}"; then
#
# replace_code_block "sieve_script personal" "${NEW_BLOCK}" "${_conf_file}" || _failed=true
#
# else
#
# cat <<EOF >> "${_conf_file}" || _failed=true
#
## Used by both the Sieve plugin and the ManageSieve protocol
#${NEW_BLOCK}
#EOF
# fi
if ! $_failed ; then

8
install_update_dovecot.sh
View File

@@ -148,9 +148,11 @@ detect_os_1 () {
# - Support systemd ?
# -
if [[ "X$(which systemd)" = "X" ]]; then
SYSTEMD_EXISTS=false
else
SYSTEMD_EXISTS=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
SYSTEMD_EXISTS=true
fi

10
install_vacation.sh
View File

@@ -95,6 +95,16 @@ echo_skipped() {
echo -e "\033[75G[ \033[30m\033[1mskipped\033[m ]"
}
# -Is systemd supported on this system?
# -
systemd_supported=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_supported=true
fi
if [ "$POSTFIX_DB_TYPE" = "postgres" -o "$POSTFIX_DB_TYPE" = "postgresql" -o "$POSTFIX_DB_TYPE" = "pgsql" -o "$POSTFIX_DB_TYPE" = "psql" ];then
POSTFIX_DB_TYPE=pgsql

8
update_clamav-unofficial-sigs.sh
View File

@@ -182,9 +182,11 @@ fi
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true
fi

8
update_postfix_dh_parameters.sh
View File

@@ -126,9 +126,11 @@ DEFAULT_SASL_AUTH=false
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=false
systemd=$(which systemd)
systemctl=$(which systemctl)
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_exists=true
fi