install_update_dovecot-2.4.sh: fix errors Correct errors relating to database access.

.gitignore

@@ -3,6 +3,7 @@
 *.log
 *.swp
 conf/*.conf
+conf/*.env
 
 # - Postfixadmin
 postfixadmin-*

DOC/README.test_mailprotocolls

@@ -1,16 +0,0 @@
-
-## -------------------------------------- ##
-## -          some litle tests            ##
-## -------------------------------------- ##
-
-## - test smtp (STARTTLS), submission (587) (STARTTLS), smtp (SSL),
-## - pop3 (SSL), pop3 (STARTTLS), imap (SSL) and imap (STARTTLS)
-## -
-openssl s_client -crlf -starttls smtp -connect localhost:25 [-state -debug]
-openssl s_client -crlf -starttls smtp -connect localhost:587
-openssl s_client -crlf -connect localhost:465
-openssl s_client -crlf -connect localhost:995
-openssl s_client -crlf -starttls pop3 -connect localhost:110
-openssl s_client -crlf -connect localhost:993
-openssl s_client -crlf -starttls imap -connect localhost:143
-

DOC/README.test_mailprotocols

@@ -0,0 +1,44 @@
+
+## -------------------------------------- ##
+## -          some litle tests            ##
+## -------------------------------------- ##
+
+## -
+## - test smtp (STARTTLS), submission (587) (STARTTLS), smtp (SSL),
+## - pop3 (SSL), pop3 (STARTTLS), imap (SSL) and imap (STARTTLS)
+## -
+
+# ---
+# test - localhost
+# ---
+
+openssl s_client -crlf -starttls smtp -connect localhost:25 [-state -debug]
+openssl s_client -crlf -starttls smtp -connect localhost:587
+openssl s_client -crlf -connect localhost:465
+openssl s_client -crlf -connect localhost:995
+openssl s_client -crlf -starttls pop3 -connect localhost:110
+openssl s_client -crlf -connect localhost:993
+openssl s_client -crlf -starttls imap -connect localhost:143
+
+
+# ---
+# tests -  remote mailserver
+# ---
+
+mailserver="mx.gemeinschaft-altenschlirf.de"
+
+openssl s_client -crlf -starttls smtp -connect ${mailserver}:25 [-state -debug]
+openssl s_client -crlf -starttls smtp -connect ${mailserver}:587
+openssl s_client -crlf -connect ${mailserver}:465
+openssl s_client -crlf -connect ${mailserver}:995
+openssl s_client -crlf -starttls pop3 -connect ${mailserver}:110
+openssl s_client -crlf -connect ${mailserver}:993
+openssl s_client -crlf -starttls imap -connect ${mailserver}:143
+
+
+# Test RSA based TLS connection
+#
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
+
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp

DOC/dovecot/README.maildir-size-fix.pl

@@ -0,0 +1,61 @@
+# ----------
+# Fix Maildir Size
+#
+#     falls sich die tatsächliche Größe einer E-mail im Maildir Format 
+#     von der Größenangabe im Dateinamen unterscheidet, dann läuft
+#     dovecot auf fehler.
+#
+# Es gibt 2 Möglichekeiten das zu verhindern:
+#
+#     1. in der dovecot.conf (z.Bsp. in 10-mail.conf deb Parameter
+#        'maildir_broken_filename_sizes' auf 'yes' setzen
+#
+#              maildir_broken_filename_sizes = yes
+#
+#
+#     2. Die Größenangaben im Dateinamen korrigieren. Dafür gint es ein Skript
+#        namens 'maildir-size-fix.pl'. Dieses Skript steht bei Githup's
+#        'dovecot/tools' zur Verfügung:
+#
+#              https://github.com/dovecot/tools
+#
+# Das Perl-Skript maildir-size-fix.pl ist ein Werkzeug, das im Dovecot-Projekt 
+# verwendet wird, um Probleme mit der Größe von Maildir-Dateien zu beheben.
+#
+# Nützliche Optionen 
+#
+#     - add_missing_size: Fügt die Größeninformation hinzu, wenn sie fehlt.
+#
+#     - fix_existing_size: Überprüft und korrigiert bestehende Größeninformationen.
+#
+#     - recursive: Scannt das Maildir rekursiv, um auch Unterordner zu berücksichtigen.
+#
+#     - verbose: Ermöglicht detaillierte Protokollierung der Vorgänge.
+#
+#
+# ---------------------------------------------------------------------------------------
+#
+# Jede E.Mail in einem Maildir Ordner ist eine eigene Datei, dess dateiname üblicherweise
+# die Größe der datei selbst enthält (..,S=<dateigrösse>,W=..)
+#
+# ein typische Datei innerhalb eines Maildirordners sieht so aus:
+#
+#     1755713024.M837247P2624513.rage,S=38568,W=39101:2,Sc
+#          |            |          |
+#     Zeitstempel       |       Hostname  
+#                    eind. ID 
+#
+#     S= und ,W=: Dateigröße und "Weighted size" (für IMAP/Quota).
+#
+# wobei die flags folgende bedeitung haben:
+#
+#            +-------+-----------------------------+
+#            | Flag  | Bedeutung                   |
+#            +-------+-----------------------------+
+#            | S     | Seen (gelesen)              |
+#            | R     | Replied (beantwortet)       |
+#            | F     | Flagged (markiert / wichtig)|
+#            | T     | Trashed (zum Löschen mark.) |
+#            | D     | Draft (Entwurf)             |
+#            | P     | Passed (weitergeleitet)     |
+#            +-------+-----------------------------+

install_amavis.sh

@@ -207,15 +207,18 @@ _needed_packages_clamav="clamav \
    clamav-freshclam \
    libgmp-dev \
    libgmp10"
-if [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 10 ]] ; then
+if [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -eq 10 ]] ; then
 	_needed_packages_clamav="$_needed_packages_clamav \
    libclamunrar7"
-elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 11 ]] ; then
+elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -eq 11 ]] ; then
 	_needed_packages_clamav="$_needed_packages_clamav \
    libclamunrar9"
-elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 12 ]] ; then
+elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -eq 12 ]] ; then
 	_needed_packages_clamav="$_needed_packages_clamav \
    libclamunrar11"
+else
+   _needed_packages_clamav="$_needed_packages_clamav \
+   libclamunrar13"
 fi
 
 _needed_decoders_amavis="
@@ -4332,96 +4335,15 @@ read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
 \$final_spam_destiny       = D_BOUNCE;
 #\$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)
 
-\$sa_tag_level_deflt  = 2.0;    # add spam info headers if at, or above that level
-\$sa_tag2_level_deflt = 5.1;    # add 'spam detected' headers at that level
-\$sa_kill_level_deflt = 10.31;  # reject/bounce/discard/pass
 
+##- Moved to file '/etc/amavis/policy_banks.conf'
 ## -
-## - User / Domain specific settings
+## -  \$sa_tag_level_deflt  = 2.0;    # add spam info headers if at, or above that level
+## -  \$sa_tag2_level_deflt = 5.1;    # add 'spam detected' headers at that level
+## -  \$sa_kill_level_deflt = 10.31;  # reject/bounce/discard/pass
 ## -
+do "/etc/amavis/policy_banks.conf";  # Externe Datei einbinden
 
-## - Per-recipient mapping of tag2 levels to email addresses (tag2 level):
-## -
-## - Set directly:
-## -
-#\$sa_tag2_level_deflt = {
-#   # oopen.de
-#   'oopen.de'=>'2.1',
-#   'ckubu@oopen.de'=>'2.2',
-#   'argus@oopen.de'=>'2.3',
-#   # k8h.de
-#   'k8h.de'=>'6.5',
-#   # default
-#   '.'=>'5.1'
-#};
-## -
-## - Read from file using @spam_tag2_level_maps
-## -
-## -    default: @spam_tag2_level_maps = (\\\$sa_tag2_level_deflt);
-## -
-## - Example file '/etc/postfix/tag2_level_maps.dat'
-## -
-## -    # oopen.de
-## -    oopen.de           2.1
-## -    ckubu@oopen.de     2.2
-## -    argus@oopen.de     2.3
-## -    [..]
-## -    # k8h.de
-## -    k8h.de             6.5
-## -    [..]
-## -    # default
-## -    .                  5.1
-## -
-#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
-
-## - Per-recipient mapping of kill levels to email addresses (kill level):
-## -
-## - Set directly
-## -
-#\$sa_kill_level_deflt = {
-#   'ckubu@oopen.de'=>'1500.0',
-#   'ckubu-adm@oopen.de'=>'1500.0',
-#   # default
-#   '.'=>'10.31'
-#};
-## -
-## - Read from file using @spam_kill_level_maps
-## -
-## -    default: @spam_kill_level_maps = (\\\$sa_kill_level_deflt);
-## -
-## - Example file '/etc/postfix/kill_level_maps.dat'
-## -
-## -    # oopen.de
-## -    ckubu@oopen.de     1500.0
-## -    ckubu-adm@oopen.de 1500.0
-## -    [..]
-## -    # default
-## -    .                  10.31
-## -
-#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') );
-
-
-## - We will inform the sender about bouncing his mail with a DSN (Delivery
-## - StatusNotification). That DSN message will no be send, if the spamvalue
-## - exceeds the value of sa_dsn_cutoff_level
-## -
-#\$sa_dsn_cutoff_level = 10;     # spam level beyond which a DSN is not sent
-\$sa_dsn_cutoff_level = 20;
-
-
-## - change the default server response if mail was blocked
-## - because of spam.
-## -
-## - results in (is an example):
-## -    <ckubu@so36.net>: host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, Mailserver
-## -    at a.mx.oopen.de: identified as SPAM -  (in reply to end of DATA command)
-## -
-%smtp_reason_by_ccat = (
-  CC_SPAM, "Mailserver at \$myhostname: identified as SPAM - %x"
-);
-
-\$sa_spam_subject_tag = undef;
-#\$sa_spam_subject_tag = '***SPAM*** ';
 
 
 ## - QUARANTINE
@@ -4669,6 +4591,153 @@ else
 fi
 
 
+## - Create File containing policy settings
+## -
+_config_policy_banks_file=/etc/amavis/policy_banks.conf
+echononl "    Create File \"${_config_policy_banks_file}\""
+if [[ -f "${_config_policy_banks_file}" ]]; then
+   echo_skipped
+else
+   cat << EOF > ${_config_policy_banks_file}
+# Externe Richtliniendatei für amavisd
+
+use strict;
+
+
+# ---
+# add spam info headers if at, or above that level
+# ---
+
+## - All recipients with identical the same setting:
+## -
+#\$sa_tag_level_deflt  = 2.0;
+
+## - Per-recipient mapping of tag2 levels to email addresses (tag2 level):
+## -
+## - Set directly:
+## -
+\$sa_tag_level_deflt = {
+   'oopen.de'           => '-4.5',
+   # default
+   '.'=>'2.0'
+};
+
+## - Read from file using @spam_tag2_level_maps
+## -
+## -    default: @spam_tag2_level_maps = (\$sa_tag2_level_deflt);
+## -
+## - Example file '/etc/postfix/tag2_level_maps.dat'
+## -
+## -    # oopen.de
+## -    oopen.de           2.1
+## -    ckubu@oopen.de     2.2
+## -    argus@oopen.de     2.3
+## -    [..]
+## -    # k8h.de
+## -    k8h.de             6.5
+## -    [..]
+## -    # default
+## -    .                  5.1
+## -
+#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
+
+
+#\$sa_spam_subject_tag = '***SPAM*** ';    # Spam-Betreff-Tag
+\$sa_spam_subject_tag = undef;
+
+
+
+# ---
+# add 'spam detected' headers at that level
+# ---
+
+## - All recipients with identical the same setting:
+## -
+#\$sa_tag2_level_deflt = 5.1;               # add 'spam detected' headers at that level
+
+## - Per-recipient mapping of kill levels to email addresses (kill level):
+## -
+## - Set directly
+## -
+\$sa_tag2_level_deflt = {
+   'oopen.de'           => '3.1',
+   '123comics.net'      => '4.1',
+   'info@123comics.net' => '3.1',
+   # default
+   '.'                  => '5.1',
+};
+
+## - Read from file using @spam_kill_level_maps
+## -
+## -    default: @spam_kill_level_maps = (\$sa_kill_level_deflt);
+## -
+## - Example file '/etc/postfix/kill_level_maps.dat'
+## -
+## -    # oopen.de
+## -    ckubu@oopen.de     1500.0
+## -    ckubu-adm@oopen.de 1500.0
+## -    [..]
+## -    # default
+## -    .                  10.31
+## -
+#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') );
+
+
+
+# ---
+# adding more detailed spam-related headers.
+# ---
+
+## - All recipients with identical the same setting:
+## -
+\$sa_tag3_level_deflt = 7.0;               # threshold for sa_tag3_level_deflt
+
+## - Note
+## -  Like 'sa_tag2_level_deflt' above per-recipient also possible
+
+
+@sa_tag3_level_maps = (
+  ['^Subject:', '\[HIGH-SPAM\] $&'],      # Modify subject
+  ['HEADER', 'X-High-Spam-Flag', 'YES'],  # Add a custom header
+);
+
+
+# ---
+# spam score threshold at which amavisd-new will reject (kill) an email.
+# ---
+
+## - All recipients with identical the same setting:
+## -
+\$sa_kill_level_deflt = 10.31;             # reject/bounce/discard/pass
+
+## - Note
+## -  Like 'sa_tag2_level_deflt' above per-recipient also possible
+
+
+
+# ---
+# The threshold for sending a delivery status notification (DSN) to the sender
+# ---
+
+## - We will inform the sender about bouncing his mail with a DSN (Delivery
+## - StatusNotification). That DSN message will no be send, if the spamvalue
+## - exceeds the value of sa_dsn_cutoff_level
+## -
+#\$sa_dsn_cutoff_level = 10;     # spam level beyond which a DSN is not sent
+\$sa_dsn_cutoff_level = 20;
+
+
+#------------ Do not modify anything below this line -------------
+1;  # ensure a defined return
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+   fi
+fi
+
+
 ## - Configure syslogd matching the configuration od amavisd
 ## -
 echononl "   Configure syslogd matching the configuration of amavis"
@@ -5031,6 +5100,12 @@ if grep -iq -E "^amavisfeed\s+" $postfix_master_cf > /dev/null 2>&1 ; then
 else
    amavisfeed_present=false
 fi
+if grep -iq -E "^[0-9]{2,5}\s+inet.*smtpd" $postfix_master_cf > /dev/null 2>&1 ; then
+   listen_on_additional_smtp_port=true
+   additional_smtp_port="$(grep -E "^[0-9]{2,5}\s+inet.*smtpd" /etc/postfix/master.cf | grep -o -E "^[0-9]{2,5}")"
+else
+   listen_on_additional_smtp_port=false
+fi
 
 > $postfix_master_cf
 while IFS='' read -r _line || [[ -n $_line ]] ; do
@@ -5048,6 +5123,19 @@ EOF
 EOF
       fi
 
+      if ${listen_on_additional_smtp_port} ; then
+         cat >> $postfix_master_cf << EOF
+${additional_smtp_port}      inet  n       -       y       -       -       smtpd
+   -o smtpd_proxy_filter=127.0.0.1:10024
+   -o content_filter=
+EOF
+         if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
+            cat >> $postfix_master_cf << EOF
+   -o smtpd_sasl_auth_enable=no
+EOF
+         fi
+      fi
+
 		if ! $submission_present && ! $smtps_present && ! $localhost_10025_present ; then
 					cat >> $postfix_master_cf << EOF
 localhost:10025  inet  n       -       y       -       -       smtpd
@@ -5302,6 +5390,13 @@ else
    fi
 fi
 
+if ${listen_on_additional_smtp_port}; then
+
+   echo ""
+   warn "Please do not forget to allow incomming traffic on port \033[1m${additional_smtp_port}\033[m.
+                     Check your firewall settings.."
+fi
+
 
 #fi # if $ommit ; then
 # -------------------------------

install_opendkim.sh

@@ -189,6 +189,13 @@ else
    cat <<EOF > $opendkim_conf_file 2> $log_file
 # Datei $opendkim_conf_file
 
+# Sets the "authserv-id" to use when generating the Authentication-Results:
+# header field after verifying a message. The default is to use the name of
+# the MTA processing the message. If the string "HOSTNAME" is provided, the
+# name of the host running the filter (as returned by the gethostname(3)
+# function) will be used.
+AuthservID              "DKIM check $(hostname -f)"
+
 # OpenDKIM agiert als Mail Filter (= Milter) in den
 # Modi signer (s) und verifier (v) und verwendet eine
 # Socket-Datei zur Kommunikation (alternativ: lokaler Port)
@@ -237,6 +244,21 @@ SignatureAlgorithm      rsa-sha256
 # because it is often the identity key used by reputation systems and thus
 # somewhat security sensitive.
 OversignHeaders         From
+
+# Add an "Authentication-Results:" header field even to unsigned messages
+# from domains with no "signs all" policy. The reported DKIM result will be
+# "none" in such cases. Normally unsigned mail from non-strict domains does
+# not cause the results header field to be added.
+AlwaysAddARHeader       yes
+
+# Causes opendkim to fork and exits immediately, leaving the service running
+# in the background. The default is "true".
+Background              yes
+
+# Sets the DNS timeout in seconds. A value of 0 causes an infinite wait. The
+# default is 5. Ignored if not using an asynchronous resolver package. See
+# also the NOTES section below.
+DNSTimeout              5
 EOF
    opendkim_needs_restart=true
    if [[ $? -eq 0 ]] ; then

install_opendmarc.sh

@@ -23,7 +23,7 @@ opendmarc_socket_dir="${postfix_spool_dir}/opendmarc"
 opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock"
 
 config_file_name_value_parameters="
-   AuthservID|OpenDMARC
+   AuthservID|DMARC check $(hostname -f)
    PidFile|/run/opendmarc/opendmarc.pid
    RejectFailures|true
    Syslog|true
@@ -36,6 +36,7 @@ config_file_name_value_parameters="
    FailureReports|false
    AutoRestart|true
    HistoryFile|/run/opendmarc/opendmarc.dat
+   SPFIgnoreResults|false
    SPFSelfValidate|true
    Socket|${opendmarc_socket_file}
 "
@@ -182,6 +183,200 @@ else
 fi
 
 
+# - Add 'IgnoreHosts' with default value to the original opendmarc.conf file
+#
+echononl " Add 'IgnoreHosts' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^IgnoreHosts\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Specifies the path to a file that contains a list of hostnames, IP addresses,
+## and/or CIDR expressions identifying hosts whose SMTP connections are to be
+## ignored by the filter. If not specified, defaults to "127.0.0.1" only.
+#
+IgnoreHosts 127.0.0.1
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'IgnoreAuthenticatedClients' with default value to the original opendmarc.conf file
+#
+_param="IgnoreAuthenticatedClients"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, causes mail from authenticated clients (i.e., those that used 
+## SMTP AUTH) to be ignored by the filter. The default is "false".
+#
+IgnoreAuthenticatedClients false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file
+#
+_param="IgnoreAuthenticatedClients"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, causes mail from authenticated clients (i.e., those that used
+## SMTP AUTH) to be ignored by the filter. The default is "false".
+#
+IgnoreAuthenticatedClients false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file
+#
+_param="RequiredHeaders"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, the filter will ensure the header of the message conforms to the basic 
+## header field count restrictions laid out in RFC5322, Section 3.6. Messages 
+## failing this test are rejected without further processing. A From: field from 
+## which no domain name could be extracted will also be rejected.
+#
+RequiredHeaders false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'AutoRestart' with default value to the original opendmarc.conf file
+#
+_param="AutoRestart"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Automatically re-start on failures. Use with caution; if the filter fails
+## instantly after it starts, this can cause a tight fork(2) loop.
+#
+AutoRestart false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'HistoryFile' with default value to the original opendmarc.conf file
+#
+_param="HistoryFile"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, specifies the location of a text file to which records are written
+## that can be used to generate DMARC aggregate reports. Records are batches of
+## rows containing information about a single received message, and include all
+## relevant information needed to generate a DMARC aggregate report. It is
+## expected that this will not be used in its raw form, but rather periodically
+## imported into a relational database from which the aggregate reports can be
+## extracted using opendmarc-importstats(8).
+#
+HistoryFile /run/opendmarc/opendmarc.dat
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'SPFIgnoreResults' with default value to the original opendmarc.conf file
+#
+_param="SPFIgnoreResults"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Causes the filter to ignore any SPF results in the header of the message. This
+## is useful if you want the filter to perform SPF checks itself, or because you
+## don't trust the arriving header. The default is "false".
+#
+SPFIgnoreResults false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'SPFSelfValidate' with default value to the original opendmarc.conf file
+#
+_param="SPFSelfValidate"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Causes the filter to perform a fallback SPF check itself when it can find no
+## SPF results in the message header. If SPFIgnoreResults is also set, it never
+## looks for SPF results in headers and always performs the SPF check itself when
+## this is set. The default is "false".
+#
+SPFSelfValidate false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
 # - Save configuration file from distribution
 # -
 echononl "   Save configuration file from distribution"

install_postfix_base.sh

@@ -129,6 +129,7 @@ detect_os_1 () {
 
 DEFAULT_ADMIN_EMAIL="argus@oopen.de"
 DEFAULT_RELAY_HOST="b.mx.oopen.de"
+DEFAULT_RELAY_PORT=25
 DEFAULT_SASL_AUTH=false
 DEFAULT_REWRITE_SENDER_DOMAIN=None
 
@@ -264,7 +265,7 @@ else
       fi
    done
 fi
-if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then 
+if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
    IPV6=disabled
 fi
 
@@ -277,7 +278,7 @@ echo "Insert e-mail address where messages to local root should be forwarded"
 echo ""
 echo ""
 if [[ -n "$_ADMIN_EMAIL" ]]; then
-   echononl "Admin e-mail address [$_ADMIN_EMAIL]: "  
+   echononl "Admin e-mail address [$_ADMIN_EMAIL]: "
    read ADMIN_EMAIL
    if [[ "X${ADMIN_EMAIL}" = "X" ]]; then
       ADMIN_EMAIL=$_ADMIN_EMAIL
@@ -340,11 +341,12 @@ fi
 # --- Some further default values depending on sasl authentification
 # -------------
 
-# - Set default value for relay host if sasl authentification should be
-# - supported and value for _RELAY_HOST not given
+# - Set default value for relay host / relay port if sasl authentification should be
+# - supported and value for _RELAY_HOST / _RELAY_PORT not given
 # -
 if [[ "$SASL_AUTH" = "yes" ]] || $SASL_AUTH ; then
    [[ -z "$_RELAY_HOST" ]] && _RELAY_HOST="$DEFAULT_RELAY_HOST"
+   [[ -z "$_RELAY_PORT" ]] && _RELAY_PORT="$DEFAULT_RELAY_PORT"
 fi
 
 if [[ -z ${_REWRITE_SENDER_DOMAIN} ]] ; then
@@ -415,6 +417,27 @@ if [[ "$SASL_AUTH" = "yes" ]] || $SASL_AUTH ; then
       done
    fi
 
+
+   RELAY_PORT=
+   echo ""
+   echo "Insert the target port to connect to ${RELAY_HOST}"
+   echo ""
+   if [[ -n "$_RELAY_PORT" ]];then
+      echononl "(target) Port on ${RELAY_HOST} [$_RELAY_PORT]: "
+      read RELAY_PORT
+      if [[ "X${RELAY_PORT}" = "X" ]]; then
+         RELAY_PORT=$_RELAY_PORT
+      fi
+   else
+      while [[ "X${RELAY_PORT}" = "X" ]]; do
+         echononl "(target) Port on ${RELAY_HOST}: "
+         read RELAY_PORT
+         if [[ "X${RELAY_PORT}" = "X" ]]; then
+            echo -e "\n\t\033[33m\033[1mi(target) Port of ${RELAY_HOST} is reqired\033[m\n"
+         fi
+      done
+   fi
+
 else
    SASL_AUTH=false
 fi
@@ -467,6 +490,7 @@ if $SASL_AUTH ; then
    echo -e "\t   sasl user.............: $SASL_USER"
    echo -e "\t   sasl password.........: $SASL_PASS"
    echo -e "\t   Relayhost.............: $RELAY_HOST"
+   echo -e "\t   Port on Relayhost.....: $RELAY_PORT"
 fi
 echo ""
 echononl "einverstanden (yes/no): "
@@ -487,7 +511,7 @@ cat << EOF > $conf_file
 # ---
 # - Parameter Settings Postfix Bases System
 # -
-# -    - automated generated config file - 
+# -    - automated generated config file -
 # ---
 
 _HOSTNAME=$HOSTNAME
@@ -498,6 +522,7 @@ _SASL_AUTH=$SASL_AUTH
 _SASL_USER=$SASL_USER
 _SASL_PASS=$SASL_PASS
 _RELAY_HOST=$RELAY_HOST
+_RELAY_PORT=$RELAY_PORT
 _REWRITE_SENDER_DOMAIN=$REWRITE_SENDER_DOMAIN
 EOF
 if [[ $? -eq 0 ]] ; then
@@ -506,7 +531,7 @@ else
    echo_failed
 fi
 
-[[ "$IPV6" = "disabled" ]] && IPV6="" 
+[[ "$IPV6" = "disabled" ]] && IPV6=""
 
 
 # - Synchronise package index files with the repository
@@ -611,7 +636,7 @@ append_dot_mydomain = no
 readme_directory = /usr/share/doc/postfix
 html_directory = /usr/share/doc/postfix/html
 
-## - The Internet protocols Postfix will attempt to use when making 
+## - The Internet protocols Postfix will attempt to use when making
 ## - or accepting connections.
 ## - DEFAULT: ipv4
 EOF
@@ -622,7 +647,7 @@ inet_protocols = ipv4, ipv6
 
 #inet_interfaces = all
 
-inet_interfaces = 
+inet_interfaces =
    127.0.0.1
    ::1
    #$IPV4
@@ -630,14 +655,14 @@ inet_interfaces =
 
 myhostname = $HOSTNAME
 
-mydestination = 
+mydestination =
    $HOSTNAME
    localhost
 
-## - The list of "trusted" SMTP clients that have more 
+## - The list of "trusted" SMTP clients that have more
 ## - privileges than "strangers"
 ## -
-mynetworks = 
+mynetworks =
    127.0.0.0/8
    [::ffff:127.0.0.0]/104
    [::1]/128
@@ -665,21 +690,34 @@ inet_interfaces =
 
 myhostname = $HOSTNAME
 
-mydestination = 
+mydestination =
    $HOSTNAME
    localhost
 
-## - The list of "trusted" SMTP clients that have more 
+## - The list of "trusted" SMTP clients that have more
 ## - privileges than "strangers"
 ## -
-mynetworks = 
+mynetworks =
    127.0.0.0/8
-   ${IPV4}/32
+EOF
 
-smtp_bind_address = $IPV4
-smtp_bind_address6 = $IPV6
+   if [[ ${IPV4} =~ ^127 ]] ; then
+
+      cat <<EOF >> /etc/postfix/main.cf
+
+smtp_bind_address =
+smtp_bind_address6 =
 
 EOF
+   else
+      cat <<EOF >> /etc/postfix/main.cf
+      ${IPV4}/32
+
+smtp_bind_address = $IPV4
+#smtp_bind_address6 =
+
+EOF
+   fi
 fi
 
 cat <<EOF >> /etc/postfix/main.cf
@@ -687,18 +725,18 @@ cat <<EOF >> /etc/postfix/main.cf
 ## - The method to generate the default value for the mynetworks parameter.
 ## -
 ## -   mynetworks_style = host" when Postfix should "trust" only the local machine
-## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
 ## -                       clients in the same IP subnetworks as the local machine.
-## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
 ## -                      IP class A/B/C networks as the local machine.
 ## -
 #mynetworks_style = host
 
 
-## - The maximal size of any local(8) individual mailbox or maildir file, 
-## - or zero (no limit). In fact, this limits the size of any file that is 
-## - written to upon local delivery, including files written by external 
-## - commands that are executed by the local(8) delivery agent. 
+## - The maximal size of any local(8) individual mailbox or maildir file,
+## - or zero (no limit). In fact, this limits the size of any file that is
+## - written to upon local delivery, including files written by external
+## - commands that are executed by the local(8) delivery agent.
 ## -
 mailbox_size_limit = 0
 
@@ -717,51 +755,51 @@ recipient_delimiter = +
 alias_maps =
    hash:/etc/aliases
 
-## - The alias databases for local(8) delivery that are updated 
-## - with "newaliases" or with "sendmail -bi". 
+## - The alias databases for local(8) delivery that are updated
+## - with "newaliases" or with "sendmail -bi".
 ## -
 alias_database =
    hash:/etc/aliases
 
-## - Optional address mapping lookup tables for envelope and header sender 
+## - Optional address mapping lookup tables for envelope and header sender
 ## - addresses. The table format and lookups are documented in canonical(5).
 ## -
-## - Example: you want to rewrite the SENDER address "user@ugly.domain" 
-## - to "user@pretty.domain", while still being able to send mail to the 
+## - Example: you want to rewrite the SENDER address "user@ugly.domain"
+## - to "user@pretty.domain", while still being able to send mail to the
 ## - RECIPIENT address "user@ugly.domain".
 ## -
 ## - Note: \$sender_canonical_maps is processed before \$canonical_maps.
 ## -
-sender_canonical_maps = 
+sender_canonical_maps =
    btree:/etc/postfix/sender_canonical
 
 
 ## - smtp_generic_maps (default: empty)
 ## -
-## - Optional lookup tables that perform address rewriting in the Postfix 
-## - SMTP client, typically to transform a locally valid address into a 
-## - globally valid address when sending mail across the Internet. This is 
-## - needed when the local machine does not have its own Internet domain name, 
-## -but uses something like localdomain.local instead. 
+## - Optional lookup tables that perform address rewriting in the Postfix
+## - SMTP client, typically to transform a locally valid address into a
+## - globally valid address when sending mail across the Internet. This is
+## - needed when the local machine does not have its own Internet domain name,
+## -but uses something like localdomain.local instead.
 ## -
 smtp_generic_maps =
    btree:/etc/postfix/generic
 
-## - The maximal time a message is queued before it is sent back as 
+## - The maximal time a message is queued before it is sent back as
 ## - undeliverable. Defaults to 5d (5 days)
 ## - Specify 0 when mail delivery should be tried only once.
-## - 
+## -
 maximal_queue_lifetime = 3d
 bounce_queue_lifetime = \$maximal_queue_lifetime
 
 ## - delay_warning_time (default: 0h)
 ## -
-## - The time after which the sender receives a copy of the message 
-## - headers of mail that is still queued. To enable this feature, 
-## - specify a non-zero time value (an integral value plus an optional 
-## - one-letter suffix that specifies the time unit). 
-## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
-## - The default time unit is h (hours). 
+## - The time after which the sender receives a copy of the message
+## - headers of mail that is still queued. To enable this feature,
+## - specify a non-zero time value (an integral value plus an optional
+## - one-letter suffix that specifies the time unit).
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+## - The default time unit is h (hours).
 delay_warning_time = 1d
 
 
@@ -788,9 +826,24 @@ smtp_sasl_auth_enable = yes
 
 # Only offer SMTP AUTH when talking over an encrypted connection
 smtpd_tls_auth_only = yes
+EOF
+
+   if [[ ${RELAY_PORT} -ne 25 ]] ; then
+      cat <<EOF >> /etc/postfix/main.cf
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [${RELAY_HOST}]:${RELAY_PORT}
+EOF
+   else
+      cat <<EOF >> /etc/postfix/main.cf
 
 # Forwarding to the ip-adress of host b.mx.oopen.de
 relayhost = [${RELAY_HOST}]
+EOF
+
+   fi
+
+   cat <<EOF >> /etc/postfix/main.cf
 
 # File including login data
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
@@ -799,7 +852,7 @@ smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = noanonymous
 smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
 
-# Report the SASL authenticated user name in the smtpd(8) Received message header. 
+# Report the SASL authenticated user name in the smtpd(8) Received message header.
 smtpd_sasl_authenticated_header = no
 
 
@@ -809,11 +862,11 @@ smtpd_sasl_authenticated_header = no
 ## - Aktiviert TLS für den Mailempfang
 ## -
 ## - may:
-## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - Opportunistic TLS. Use TLS if this is supported by the remote
 ## - SMTP server, otherwise use plaintext
 ## -
-## - This overrides the obsolete parameters smtpd_use_tls and 
-## - smtpd_enforce_tls. This parameter is ignored with 
+## - This overrides the obsolete parameters smtpd_use_tls and
+## - smtpd_enforce_tls. This parameter is ignored with
 ## - "smtpd_tls_wrappermode = yes".
 #smtpd_use_tls=yes
 smtp_tls_security_level=encrypt
@@ -833,11 +886,11 @@ relayhost =
 ## - Aktiviert TLS für den Mailempfang
 ## -
 ## - may:
-## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - Opportunistic TLS. Use TLS if this is supported by the remote
 ## - SMTP server, otherwise use plaintext
 ## -
-## - This overrides the obsolete parameters smtpd_use_tls and 
-## - smtpd_enforce_tls. This parameter is ignored with 
+## - This overrides the obsolete parameters smtpd_use_tls and
+## - smtpd_enforce_tls. This parameter is ignored with
 ## - "smtpd_tls_wrappermode = yes".
 #smtpd_use_tls=yes
 smtp_tls_security_level=may
@@ -849,16 +902,16 @@ cat <<EOF >> /etc/postfix/main.cf
 ## - Aktiviert TLS für den Mailversand
 ## -
 ## - may:
-## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
 ## - but do not require that clients use TLS encryption.
 # smtp_use_tls=yes
 smtpd_tls_security_level=may
 
-## -    0 Disable logging of TLS activity. 
-## -    1 Log TLS handshake and certificate information. 
-## -    2 Log levels during TLS negotiation. 
-## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
-## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -    0 Disable logging of TLS activity.
+## -    1 Log TLS handshake and certificate information.
+## -    2 Log levels during TLS negotiation.
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process.
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
 ## -
 smtpd_tls_loglevel = 1
 smtp_tls_loglevel = 1
@@ -867,7 +920,7 @@ smtpd_tls_cert_file = $_TLS_CERT_FILE
 smtpd_tls_key_file = $_TLS_KEY_FILE
 
 ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
-## - 
+## -
 ## - Dont't forget to create it, e.g with openssl:
 ## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
 ## -
@@ -876,30 +929,30 @@ smtpd_tls_key_file = $_TLS_KEY_FILE
 ## -
 smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
 
-## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
-## - 
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## -
 ## - Dont't forget to create it, e.g with openssl:
 ## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
 ## -
 smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
 
 
-## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
-## - server certificates or intermediate CA certificates. These are loaded into 
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP
+## - server certificates or intermediate CA certificates. These are loaded into
 ## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
-## - 
+## -
 smtp_tls_CAfile = $_TLS_CA_FILE
 
-## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
-## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the
 ## - necessary "hash" links with, for example, "
-## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". 
+## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
 ## -
 ## - !! Note !!
-## - To use this option in chroot mode, this directory (or a copy) must be inside 
-## - the chroot jail. 
+## - To use this option in chroot mode, this directory (or a copy) must be inside
+## - the chroot jail.
 ## -
-## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix
 ## - queue directory (/var/spool/postfix)
 ## -
 #smtpd_tls_CApath = /etc/postfix/certs
@@ -1017,8 +1070,8 @@ smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
 
 # smtpd_relay_restrictions
 #
-# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions 
-# parameter must specify at least one of the following restrictions. Otherwise Postfix 
+# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions
+# parameter must specify at least one of the following restrictions. Otherwise Postfix
 # will refuse to receive mail:
 #
 #        reject, reject_unauth_destination
@@ -1028,20 +1081,20 @@ smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
 #
 # The upstream default is:
 #
-#    smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} : 
+#    smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} :
 #       {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
 #
-# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is 
+# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is
 # set to '0', you MUST specify this value. Otherwise Postfix will refuse to receive mail
 # and you get the following error message:
 #
-#     fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify 
-#     at least one working instance of: reject_unauth_destination, defer_unauth_destination, 
+#     fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify
+#     at least one working instance of: reject_unauth_destination, defer_unauth_destination,
 #     reject, defer, defer_if_permit or check_relay_domains
 #
-#smtpd_relay_restrictions = 
-#   permit_mynetworks, 
-#   permit_sasl_authenticated, 
+#smtpd_relay_restrictions =
+#   permit_mynetworks,
+#   permit_sasl_authenticated,
 #   defer_unauth_destination
 
 EOF
@@ -1050,8 +1103,21 @@ echo_ok
 echononl "   Configure SASL authentification"
 if $SASL_AUTH ; then
 
+   _sasl_pw_file="/etc/postfix/sasl_passwd"
+   if [[ -f "${_sasl_pw_file}" ]] && $(grep -q -E "^\[${RELAY_HOST}\]" ${_sasl_pw_file} 2> /dev/null); then
+      sed -i "/^\[${RELAY_HOST}/d" ${_sasl_pw_file}
+      if [[ "$?" != "0" ]]; then
+         error "Setting \"/etc/postfix/sasl_passwd\" failed! "
+         _failed=true
+      fi
+   fi
+
    _failed=false
-   echo "[$RELAY_HOST] ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" > /etc/postfix/sasl_passwd
+   if [[ ${RELAY_PORT} -ne 25 ]] ; then
+      echo "[$RELAY_HOST]:${RELAY_PORT} ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" >> /etc/postfix/sasl_passwd
+   else
+      echo "[$RELAY_HOST] ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" >> /etc/postfix/sasl_passwd
+   fi
    if [[ "$?" != "0" ]]; then
       error "Setting \"/etc/postfix/sasl_passwd\" failed! "
       _failed=true
@@ -1125,7 +1191,7 @@ else
 fi
 
 
-## - create directory for certificates and copy certificates 
+## - create directory for certificates and copy certificates
 ## - and coresponding keys to /etc/postfix/ssl/
 ## -
 echononl "   Create directory for certificates \"/etc/postfix/ssl\""
@@ -1141,7 +1207,7 @@ else
 fi
 
 
-## - generate DH parameters that the Postfix SMTP server should use 
+## - generate DH parameters that the Postfix SMTP server should use
 ## - with EDH ciphers (length 512 and 1024
 ## -
 echononl "   Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
@@ -1397,6 +1463,12 @@ else
    fi
 fi
 
+if [[ ${RELAY_PORT} -ne 25 ]] ; then
+
+   echo ""
+   warn "Please do not forget to allow port \033[1m${RELAY_PORT}\033[m on both sides, outgoing
+                     on this host here and incoming on the relay host '${RELAY_HOST}'."
+fi
 
 echo ""
 clean_up 0

install_postfixadmin.sh

@@ -1842,23 +1842,25 @@ fi
 
 # - Encoding does not work as exspected.
 # -
+# - Update: Encoding seems to works now
+# -
 # - NOTE:
 # -    this IS NOT a fix, but a workaround
 # -
-echononl "\tWorkaround, because encoding does not work as exspected."
-# - Vacation script changed. Since Version 3.2 we need another perl regexp.
-# - The old one was: 
-# -    perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \
-# -
-perl -i -n -p -e "s/(\s*\'Content-Type\'\s* =>\s*)\"text\/plain.*$/\1\"text\/plain; charset=iso-8859-1\",/" \
-   /var/spool/vacation/vacation.pl > "$log_file" 2>&1
-if [[ $? -eq 0 ]];then
-   echo_ok
-   info "This IS NOT a fix, but a workaround."
-else
-   echo_failed
-   error "$(cat $log_file)"
-fi
+#echononl "\tWorkaround, because encoding does not work as exspected."
+## - Vacation script changed. Since Version 3.2 we need another perl regexp.
+## - The old one was: 
+## -    perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \
+## -
+##perl -i -n -p -e "s/(\s*\'Content-Type\'\s* =>\s*)\"text\/plain.*$/\1\"text\/plain; charset=iso-8859-1\",/" \
+##   /var/spool/vacation/vacation.pl > "$log_file" 2>&1
+#if [[ $? -eq 0 ]];then
+#   echo_ok
+#   info "This IS NOT a fix, but a workaround."
+#else
+#   echo_failed
+#   error "$(cat $log_file)"
+#fi
 
 echononl "\tSet Permission on vacation script"
 _failed=false

install_update_dovecot.sh

@@ -287,14 +287,21 @@ dovecot_main_version="$(echo $_version | cut -d '.' -f1,2)"
 dovecot_major_version="$(echo $_version | cut -d '.' -f1)"
 dovecot_minor_version="$(echo $_version | cut -d '.' -f2)"
 dovecot_patch_level="$(echo $_version | cut -d '.' -f3)"
+dovecot_minor_patch_level="$(echo $_version | cut -d '.' -f4)"
+
+_version_short="${_version%-*}"
 
 #echo ""
-#echo "_version:              $_version"
-#echo "dovecot_main_version   $dovecot_main_version"
-#echo "dovecot_major_version  $dovecot_major_version"
-#echo "dovecot_minor_version  $dovecot_minor_version"
-#echo "dovecot_patch_level    $dovecot_patch_level"
+#echo "_version:                  $_version"
+#echo "dovecot_main_version       $dovecot_main_version"
+#echo "dovecot_major_version      $dovecot_major_version"
+#echo "dovecot_minor_version      $dovecot_minor_version"
+#echo "dovecot_patch_level        $dovecot_patch_level"
+#echo "dovecot_minor_patch_level  $dovecot_minor_patch_level"
 #echo ""
+#
+#clean_up 0
+
 
 # 'expire plugin'was rRemoved in version 2.3.14: This plugin is not needed. 
 # Use mailbox { autoexpunge } Mailbox settings instead.
@@ -710,32 +717,72 @@ fi
 
 ## - Download Pigeonhole for Dovecot v2.2
 ## -
-echononl "\tDownload dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
-if [ ! -f "${_src_base_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz" ]; then
-   wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
-   if [ "$?" = 0 ]; then
-      echo -e "$rc_done"
+if [[ ${dovecot_major_version} -eq 2 ]] && [[ ${dovecot_minor_version} -lt 4 ]] ; then
+   
+   echononl "\tDownload dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
+   if [ ! -f "${_src_base_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz" ]; then
+      wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
+      if [ "$?" = 0 ]; then
+         echo -e "$rc_done"
+      else
+         echo -e "$rc_failed"
+         error "Direct download of 'dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz' failed
+
+                     Download \033[1mdovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz\033[m manually 
+                     and proceed instllation."
+
+         echononl "\tProceed instllation [yes/no]: "
+         read OK
+         OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+         while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+            echononl "Wrong entry! - repeat [yes/no]: "
+            read OK
+         done
+         [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+
+      fi
    else
-      echo -e "$rc_failed"
-      error "Direct download of 'dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz' failed
-
-                   Download \033[1mdovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz\033[m manually 
-                   and proceed instllation."
-
-		echononl "\tProceed instllation [yes/no]: "
-		read OK
-		OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
-		while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
-			echononl "Wrong entry! - repeat [yes/no]: "
-			read OK
-		done
-		[[ $OK = "yes" ]] || fatal "Abbruch durch User"
-
+      echo -e "$rc_skipped"
    fi
+
+   dovecot_pigeonhole_archiv="dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz"
+
 else
-   echo -e "$rc_skipped"
+
+   echononl "\tDownload dovecot-pigeonhole-${_pigeonhole}.tar.gz.."
+   if [ ! -f "${_src_base_dir}/dovecot-pigeonhole-${_pigeonhole}.tar.gz" ]; then
+      wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
+      if [ "$?" = 0 ]; then
+         echo -e "$rc_done"
+         dovecot_pigeonhole_archiv="dovecot-pigeonhole-${_pigeonhole}.tar.gz"
+      else
+         echo -e "$rc_failed"
+
+         error "Direct download of 'Pigeonhole Sieve and ManageSieve' source archiv  failed
+
+                  Download Pigeonhole Sieve and ManageSieve manually and name it to
+
+                  \033[1mdovecot-pigeonhole-${_pigeonhole}.tar.gz\033[m\n"
+
+
+         echononl "\tProceed instllation [yes/no]: "
+         read OK
+         OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+         while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+            echononl "Wrong entry! - repeat [yes/no]: "
+            read OK
+         done
+         [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+      fi
+   else
+      echo -e "$rc_skipped"
+   fi
+
+   dovecot_pigeonhole_archiv="dovecot-pigeonhole-${_pigeonhole}.tar.gz"
 fi
 
+dovecot_pigeonhole_archiv_prefix="${dovecot_pigeonhole_archiv%.tar.gz}"
+dovecot_pigeonhole_archiv_dir="${dovecot_pigeonhole_archiv%.tar.gz}"
 
 
 if $_new ; then
@@ -901,6 +948,7 @@ config_params="
    --prefix=/usr/local/dovecot-${_version} \
    --with-${db_driver} \
    --with-gssapi=yes
+   --with-ldap=yes
    --with-rundir=/run/dovecot"
 if $systemd_support ; then
    config_params="$config_params \
@@ -1055,20 +1103,20 @@ fi
 cd ${_src_base_dir}
 echo ""
 echononl "\tExtracting dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
-gunzip < dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz | tar -xf -
+gunzip < ${_src_base_dir}/${dovecot_pigeonhole_archiv} | tar -C ${_src_base_dir} -xf -
 if [ "$?" = 0 ]; then
    echo -e "$rc_done"
 else
    echo -e "$rc_failed"
-   fatal Extracting dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz failed
+   fatal Extracting ${dovecot_pigeonhole_archiv} failed
 fi
-cd dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}
+cd ${dovecot_pigeonhole_archiv_dir}
 
 
 echononl "\tConfigure Pigeonhole ManageSieve.."
 ./configure \
 	--prefix=/usr/local/dovecot-${_version} \
-   --with-dovecot=/usr/local/dovecot-${_version}/lib/dovecot > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-configure.log 2<&1
+   --with-dovecot=/usr/local/dovecot-${_version}/lib/dovecot > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-configure.log 2<&1
 if [ "$?" = 0 ]; then
    echo -e "$rc_done"
 else
@@ -1077,7 +1125,7 @@ else
 fi
 
 echononl "\tCompile Pigeonhole ManageSieve.."
-make > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-make.log 2<&1
+make > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-make.log 2<&1
 if [ "$?" = 0 ]; then
    echo -e "$rc_done"
 else
@@ -1086,7 +1134,7 @@ else
 fi
 
 echononl "\tInstall Pigeonhole ManageSieve.."
-make install > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-install.log 2<&1
+make install > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-install.log 2<&1
 if [ "$?" = 0 ]; then
    echo -e "$rc_done"
 else
@@ -1095,6 +1143,7 @@ else
 fi
 
 
+
 ## -----------------
 ## --- Configure dovecot services