install_update_dovecot-2.4.sh: fix errors Correct errors relating to database access.

.gitignore

@@ -3,6 +3,7 @@
 *.log
 *.swp
 conf/*.conf
+conf/*.env
 
 # - Postfixadmin
 postfixadmin-*

DOC/README.test_mailprotocolls

@@ -1,16 +0,0 @@
-
-## -------------------------------------- ##
-## -          some litle tests            ##
-## -------------------------------------- ##
-
-## - test smtp (STARTTLS), submission (587) (STARTTLS), smtp (SSL),
-## - pop3 (SSL), pop3 (STARTTLS), imap (SSL) and imap (STARTTLS)
-## -
-openssl s_client -crlf -starttls smtp -connect localhost:25 [-state -debug]
-openssl s_client -crlf -starttls smtp -connect localhost:587
-openssl s_client -crlf -connect localhost:465
-openssl s_client -crlf -connect localhost:995
-openssl s_client -crlf -starttls pop3 -connect localhost:110
-openssl s_client -crlf -connect localhost:993
-openssl s_client -crlf -starttls imap -connect localhost:143
-

DOC/README.test_mailprotocols

@@ -0,0 +1,44 @@
+
+## -------------------------------------- ##
+## -          some litle tests            ##
+## -------------------------------------- ##
+
+## -
+## - test smtp (STARTTLS), submission (587) (STARTTLS), smtp (SSL),
+## - pop3 (SSL), pop3 (STARTTLS), imap (SSL) and imap (STARTTLS)
+## -
+
+# ---
+# test - localhost
+# ---
+
+openssl s_client -crlf -starttls smtp -connect localhost:25 [-state -debug]
+openssl s_client -crlf -starttls smtp -connect localhost:587
+openssl s_client -crlf -connect localhost:465
+openssl s_client -crlf -connect localhost:995
+openssl s_client -crlf -starttls pop3 -connect localhost:110
+openssl s_client -crlf -connect localhost:993
+openssl s_client -crlf -starttls imap -connect localhost:143
+
+
+# ---
+# tests -  remote mailserver
+# ---
+
+mailserver="mx.gemeinschaft-altenschlirf.de"
+
+openssl s_client -crlf -starttls smtp -connect ${mailserver}:25 [-state -debug]
+openssl s_client -crlf -starttls smtp -connect ${mailserver}:587
+openssl s_client -crlf -connect ${mailserver}:465
+openssl s_client -crlf -connect ${mailserver}:995
+openssl s_client -crlf -starttls pop3 -connect ${mailserver}:110
+openssl s_client -crlf -connect ${mailserver}:993
+openssl s_client -crlf -starttls imap -connect ${mailserver}:143
+
+
+# Test RSA based TLS connection
+#
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
+
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp

DOC/dovecot/README.maildir-size-fix.pl

@@ -0,0 +1,61 @@
+# ----------
+# Fix Maildir Size
+#
+#     falls sich die tatsächliche Größe einer E-mail im Maildir Format 
+#     von der Größenangabe im Dateinamen unterscheidet, dann läuft
+#     dovecot auf fehler.
+#
+# Es gibt 2 Möglichekeiten das zu verhindern:
+#
+#     1. in der dovecot.conf (z.Bsp. in 10-mail.conf deb Parameter
+#        'maildir_broken_filename_sizes' auf 'yes' setzen
+#
+#              maildir_broken_filename_sizes = yes
+#
+#
+#     2. Die Größenangaben im Dateinamen korrigieren. Dafür gint es ein Skript
+#        namens 'maildir-size-fix.pl'. Dieses Skript steht bei Githup's
+#        'dovecot/tools' zur Verfügung:
+#
+#              https://github.com/dovecot/tools
+#
+# Das Perl-Skript maildir-size-fix.pl ist ein Werkzeug, das im Dovecot-Projekt 
+# verwendet wird, um Probleme mit der Größe von Maildir-Dateien zu beheben.
+#
+# Nützliche Optionen 
+#
+#     - add_missing_size: Fügt die Größeninformation hinzu, wenn sie fehlt.
+#
+#     - fix_existing_size: Überprüft und korrigiert bestehende Größeninformationen.
+#
+#     - recursive: Scannt das Maildir rekursiv, um auch Unterordner zu berücksichtigen.
+#
+#     - verbose: Ermöglicht detaillierte Protokollierung der Vorgänge.
+#
+#
+# ---------------------------------------------------------------------------------------
+#
+# Jede E.Mail in einem Maildir Ordner ist eine eigene Datei, dess dateiname üblicherweise
+# die Größe der datei selbst enthält (..,S=<dateigrösse>,W=..)
+#
+# ein typische Datei innerhalb eines Maildirordners sieht so aus:
+#
+#     1755713024.M837247P2624513.rage,S=38568,W=39101:2,Sc
+#          |            |          |
+#     Zeitstempel       |       Hostname  
+#                    eind. ID 
+#
+#     S= und ,W=: Dateigröße und "Weighted size" (für IMAP/Quota).
+#
+# wobei die flags folgende bedeitung haben:
+#
+#            +-------+-----------------------------+
+#            | Flag  | Bedeutung                   |
+#            +-------+-----------------------------+
+#            | S     | Seen (gelesen)              |
+#            | R     | Replied (beantwortet)       |
+#            | F     | Flagged (markiert / wichtig)|
+#            | T     | Trashed (zum Löschen mark.) |
+#            | D     | Draft (Entwurf)             |
+#            | P     | Passed (weitergeleitet)     |
+#            +-------+-----------------------------+

install_opendkim.sh

@@ -189,6 +189,13 @@ else
    cat <<EOF > $opendkim_conf_file 2> $log_file
 # Datei $opendkim_conf_file
 
+# Sets the "authserv-id" to use when generating the Authentication-Results:
+# header field after verifying a message. The default is to use the name of
+# the MTA processing the message. If the string "HOSTNAME" is provided, the
+# name of the host running the filter (as returned by the gethostname(3)
+# function) will be used.
+AuthservID              "DKIM check $(hostname -f)"
+
 # OpenDKIM agiert als Mail Filter (= Milter) in den
 # Modi signer (s) und verifier (v) und verwendet eine
 # Socket-Datei zur Kommunikation (alternativ: lokaler Port)
@@ -237,6 +244,21 @@ SignatureAlgorithm      rsa-sha256
 # because it is often the identity key used by reputation systems and thus
 # somewhat security sensitive.
 OversignHeaders         From
+
+# Add an "Authentication-Results:" header field even to unsigned messages
+# from domains with no "signs all" policy. The reported DKIM result will be
+# "none" in such cases. Normally unsigned mail from non-strict domains does
+# not cause the results header field to be added.
+AlwaysAddARHeader       yes
+
+# Causes opendkim to fork and exits immediately, leaving the service running
+# in the background. The default is "true".
+Background              yes
+
+# Sets the DNS timeout in seconds. A value of 0 causes an infinite wait. The
+# default is 5. Ignored if not using an asynchronous resolver package. See
+# also the NOTES section below.
+DNSTimeout              5
 EOF
    opendkim_needs_restart=true
    if [[ $? -eq 0 ]] ; then

install_opendmarc.sh

@@ -23,7 +23,7 @@ opendmarc_socket_dir="${postfix_spool_dir}/opendmarc"
 opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock"
 
 config_file_name_value_parameters="
-   AuthservID|OpenDMARC
+   AuthservID|DMARC check $(hostname -f)
    PidFile|/run/opendmarc/opendmarc.pid
    RejectFailures|true
    Syslog|true
@@ -36,6 +36,7 @@ config_file_name_value_parameters="
    FailureReports|false
    AutoRestart|true
    HistoryFile|/run/opendmarc/opendmarc.dat
+   SPFIgnoreResults|false
    SPFSelfValidate|true
    Socket|${opendmarc_socket_file}
 "
@@ -182,6 +183,200 @@ else
 fi
 
 
+# - Add 'IgnoreHosts' with default value to the original opendmarc.conf file
+#
+echononl " Add 'IgnoreHosts' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^IgnoreHosts\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Specifies the path to a file that contains a list of hostnames, IP addresses,
+## and/or CIDR expressions identifying hosts whose SMTP connections are to be
+## ignored by the filter. If not specified, defaults to "127.0.0.1" only.
+#
+IgnoreHosts 127.0.0.1
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'IgnoreAuthenticatedClients' with default value to the original opendmarc.conf file
+#
+_param="IgnoreAuthenticatedClients"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, causes mail from authenticated clients (i.e., those that used 
+## SMTP AUTH) to be ignored by the filter. The default is "false".
+#
+IgnoreAuthenticatedClients false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file
+#
+_param="IgnoreAuthenticatedClients"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, causes mail from authenticated clients (i.e., those that used
+## SMTP AUTH) to be ignored by the filter. The default is "false".
+#
+IgnoreAuthenticatedClients false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file
+#
+_param="RequiredHeaders"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, the filter will ensure the header of the message conforms to the basic 
+## header field count restrictions laid out in RFC5322, Section 3.6. Messages 
+## failing this test are rejected without further processing. A From: field from 
+## which no domain name could be extracted will also be rejected.
+#
+RequiredHeaders false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'AutoRestart' with default value to the original opendmarc.conf file
+#
+_param="AutoRestart"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Automatically re-start on failures. Use with caution; if the filter fails
+## instantly after it starts, this can cause a tight fork(2) loop.
+#
+AutoRestart false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'HistoryFile' with default value to the original opendmarc.conf file
+#
+_param="HistoryFile"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, specifies the location of a text file to which records are written
+## that can be used to generate DMARC aggregate reports. Records are batches of
+## rows containing information about a single received message, and include all
+## relevant information needed to generate a DMARC aggregate report. It is
+## expected that this will not be used in its raw form, but rather periodically
+## imported into a relational database from which the aggregate reports can be
+## extracted using opendmarc-importstats(8).
+#
+HistoryFile /run/opendmarc/opendmarc.dat
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'SPFIgnoreResults' with default value to the original opendmarc.conf file
+#
+_param="SPFIgnoreResults"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Causes the filter to ignore any SPF results in the header of the message. This
+## is useful if you want the filter to perform SPF checks itself, or because you
+## don't trust the arriving header. The default is "false".
+#
+SPFIgnoreResults false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'SPFSelfValidate' with default value to the original opendmarc.conf file
+#
+_param="SPFSelfValidate"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Causes the filter to perform a fallback SPF check itself when it can find no
+## SPF results in the message header. If SPFIgnoreResults is also set, it never
+## looks for SPF results in headers and always performs the SPF check itself when
+## this is set. The default is "false".
+#
+SPFSelfValidate false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
 # - Save configuration file from distribution
 # -
 echononl "   Save configuration file from distribution"

install_postfix_base.sh

@@ -129,6 +129,7 @@ detect_os_1 () {
 
 DEFAULT_ADMIN_EMAIL="argus@oopen.de"
 DEFAULT_RELAY_HOST="b.mx.oopen.de"
+DEFAULT_RELAY_PORT=25
 DEFAULT_SASL_AUTH=false
 DEFAULT_REWRITE_SENDER_DOMAIN=None
 
@@ -264,7 +265,7 @@ else
       fi
    done
 fi
-if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then 
+if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
    IPV6=disabled
 fi
 
@@ -277,7 +278,7 @@ echo "Insert e-mail address where messages to local root should be forwarded"
 echo ""
 echo ""
 if [[ -n "$_ADMIN_EMAIL" ]]; then
-   echononl "Admin e-mail address [$_ADMIN_EMAIL]: "  
+   echononl "Admin e-mail address [$_ADMIN_EMAIL]: "
    read ADMIN_EMAIL
    if [[ "X${ADMIN_EMAIL}" = "X" ]]; then
       ADMIN_EMAIL=$_ADMIN_EMAIL
@@ -340,11 +341,12 @@ fi
 # --- Some further default values depending on sasl authentification
 # -------------
 
-# - Set default value for relay host if sasl authentification should be
-# - supported and value for _RELAY_HOST not given
+# - Set default value for relay host / relay port if sasl authentification should be
+# - supported and value for _RELAY_HOST / _RELAY_PORT not given
 # -
 if [[ "$SASL_AUTH" = "yes" ]] || $SASL_AUTH ; then
    [[ -z "$_RELAY_HOST" ]] && _RELAY_HOST="$DEFAULT_RELAY_HOST"
+   [[ -z "$_RELAY_PORT" ]] && _RELAY_PORT="$DEFAULT_RELAY_PORT"
 fi
 
 if [[ -z ${_REWRITE_SENDER_DOMAIN} ]] ; then
@@ -415,6 +417,27 @@ if [[ "$SASL_AUTH" = "yes" ]] || $SASL_AUTH ; then
       done
    fi
 
+
+   RELAY_PORT=
+   echo ""
+   echo "Insert the target port to connect to ${RELAY_HOST}"
+   echo ""
+   if [[ -n "$_RELAY_PORT" ]];then
+      echononl "(target) Port on ${RELAY_HOST} [$_RELAY_PORT]: "
+      read RELAY_PORT
+      if [[ "X${RELAY_PORT}" = "X" ]]; then
+         RELAY_PORT=$_RELAY_PORT
+      fi
+   else
+      while [[ "X${RELAY_PORT}" = "X" ]]; do
+         echononl "(target) Port on ${RELAY_HOST}: "
+         read RELAY_PORT
+         if [[ "X${RELAY_PORT}" = "X" ]]; then
+            echo -e "\n\t\033[33m\033[1mi(target) Port of ${RELAY_HOST} is reqired\033[m\n"
+         fi
+      done
+   fi
+
 else
    SASL_AUTH=false
 fi
@@ -467,6 +490,7 @@ if $SASL_AUTH ; then
    echo -e "\t   sasl user.............: $SASL_USER"
    echo -e "\t   sasl password.........: $SASL_PASS"
    echo -e "\t   Relayhost.............: $RELAY_HOST"
+   echo -e "\t   Port on Relayhost.....: $RELAY_PORT"
 fi
 echo ""
 echononl "einverstanden (yes/no): "
@@ -487,7 +511,7 @@ cat << EOF > $conf_file
 # ---
 # - Parameter Settings Postfix Bases System
 # -
-# -    - automated generated config file - 
+# -    - automated generated config file -
 # ---
 
 _HOSTNAME=$HOSTNAME
@@ -498,6 +522,7 @@ _SASL_AUTH=$SASL_AUTH
 _SASL_USER=$SASL_USER
 _SASL_PASS=$SASL_PASS
 _RELAY_HOST=$RELAY_HOST
+_RELAY_PORT=$RELAY_PORT
 _REWRITE_SENDER_DOMAIN=$REWRITE_SENDER_DOMAIN
 EOF
 if [[ $? -eq 0 ]] ; then
@@ -506,7 +531,7 @@ else
    echo_failed
 fi
 
-[[ "$IPV6" = "disabled" ]] && IPV6="" 
+[[ "$IPV6" = "disabled" ]] && IPV6=""
 
 
 # - Synchronise package index files with the repository
@@ -611,7 +636,7 @@ append_dot_mydomain = no
 readme_directory = /usr/share/doc/postfix
 html_directory = /usr/share/doc/postfix/html
 
-## - The Internet protocols Postfix will attempt to use when making 
+## - The Internet protocols Postfix will attempt to use when making
 ## - or accepting connections.
 ## - DEFAULT: ipv4
 EOF
@@ -622,7 +647,7 @@ inet_protocols = ipv4, ipv6
 
 #inet_interfaces = all
 
-inet_interfaces = 
+inet_interfaces =
    127.0.0.1
    ::1
    #$IPV4
@@ -630,14 +655,14 @@ inet_interfaces =
 
 myhostname = $HOSTNAME
 
-mydestination = 
+mydestination =
    $HOSTNAME
    localhost
 
-## - The list of "trusted" SMTP clients that have more 
+## - The list of "trusted" SMTP clients that have more
 ## - privileges than "strangers"
 ## -
-mynetworks = 
+mynetworks =
    127.0.0.0/8
    [::ffff:127.0.0.0]/104
    [::1]/128
@@ -665,21 +690,34 @@ inet_interfaces =
 
 myhostname = $HOSTNAME
 
-mydestination = 
+mydestination =
    $HOSTNAME
    localhost
 
-## - The list of "trusted" SMTP clients that have more 
+## - The list of "trusted" SMTP clients that have more
 ## - privileges than "strangers"
 ## -
-mynetworks = 
+mynetworks =
    127.0.0.0/8
-   ${IPV4}/32
+EOF
 
-smtp_bind_address = $IPV4
-smtp_bind_address6 = $IPV6
+   if [[ ${IPV4} =~ ^127 ]] ; then
+
+      cat <<EOF >> /etc/postfix/main.cf
+
+smtp_bind_address =
+smtp_bind_address6 =
 
 EOF
+   else
+      cat <<EOF >> /etc/postfix/main.cf
+      ${IPV4}/32
+
+smtp_bind_address = $IPV4
+#smtp_bind_address6 =
+
+EOF
+   fi
 fi
 
 cat <<EOF >> /etc/postfix/main.cf
@@ -687,18 +725,18 @@ cat <<EOF >> /etc/postfix/main.cf
 ## - The method to generate the default value for the mynetworks parameter.
 ## -
 ## -   mynetworks_style = host" when Postfix should "trust" only the local machine
-## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
 ## -                       clients in the same IP subnetworks as the local machine.
-## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
 ## -                      IP class A/B/C networks as the local machine.
 ## -
 #mynetworks_style = host
 
 
-## - The maximal size of any local(8) individual mailbox or maildir file, 
-## - or zero (no limit). In fact, this limits the size of any file that is 
-## - written to upon local delivery, including files written by external 
-## - commands that are executed by the local(8) delivery agent. 
+## - The maximal size of any local(8) individual mailbox or maildir file,
+## - or zero (no limit). In fact, this limits the size of any file that is
+## - written to upon local delivery, including files written by external
+## - commands that are executed by the local(8) delivery agent.
 ## -
 mailbox_size_limit = 0
 
@@ -717,51 +755,51 @@ recipient_delimiter = +
 alias_maps =
    hash:/etc/aliases
 
-## - The alias databases for local(8) delivery that are updated 
-## - with "newaliases" or with "sendmail -bi". 
+## - The alias databases for local(8) delivery that are updated
+## - with "newaliases" or with "sendmail -bi".
 ## -
 alias_database =
    hash:/etc/aliases
 
-## - Optional address mapping lookup tables for envelope and header sender 
+## - Optional address mapping lookup tables for envelope and header sender
 ## - addresses. The table format and lookups are documented in canonical(5).
 ## -
-## - Example: you want to rewrite the SENDER address "user@ugly.domain" 
-## - to "user@pretty.domain", while still being able to send mail to the 
+## - Example: you want to rewrite the SENDER address "user@ugly.domain"
+## - to "user@pretty.domain", while still being able to send mail to the
 ## - RECIPIENT address "user@ugly.domain".
 ## -
 ## - Note: \$sender_canonical_maps is processed before \$canonical_maps.
 ## -
-sender_canonical_maps = 
+sender_canonical_maps =
    btree:/etc/postfix/sender_canonical
 
 
 ## - smtp_generic_maps (default: empty)
 ## -
-## - Optional lookup tables that perform address rewriting in the Postfix 
-## - SMTP client, typically to transform a locally valid address into a 
-## - globally valid address when sending mail across the Internet. This is 
-## - needed when the local machine does not have its own Internet domain name, 
-## -but uses something like localdomain.local instead. 
+## - Optional lookup tables that perform address rewriting in the Postfix
+## - SMTP client, typically to transform a locally valid address into a
+## - globally valid address when sending mail across the Internet. This is
+## - needed when the local machine does not have its own Internet domain name,
+## -but uses something like localdomain.local instead.
 ## -
 smtp_generic_maps =
    btree:/etc/postfix/generic
 
-## - The maximal time a message is queued before it is sent back as 
+## - The maximal time a message is queued before it is sent back as
 ## - undeliverable. Defaults to 5d (5 days)
 ## - Specify 0 when mail delivery should be tried only once.
-## - 
+## -
 maximal_queue_lifetime = 3d
 bounce_queue_lifetime = \$maximal_queue_lifetime
 
 ## - delay_warning_time (default: 0h)
 ## -
-## - The time after which the sender receives a copy of the message 
-## - headers of mail that is still queued. To enable this feature, 
-## - specify a non-zero time value (an integral value plus an optional 
-## - one-letter suffix that specifies the time unit). 
-## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
-## - The default time unit is h (hours). 
+## - The time after which the sender receives a copy of the message
+## - headers of mail that is still queued. To enable this feature,
+## - specify a non-zero time value (an integral value plus an optional
+## - one-letter suffix that specifies the time unit).
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+## - The default time unit is h (hours).
 delay_warning_time = 1d
 
 
@@ -788,9 +826,24 @@ smtp_sasl_auth_enable = yes
 
 # Only offer SMTP AUTH when talking over an encrypted connection
 smtpd_tls_auth_only = yes
+EOF
+
+   if [[ ${RELAY_PORT} -ne 25 ]] ; then
+      cat <<EOF >> /etc/postfix/main.cf
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [${RELAY_HOST}]:${RELAY_PORT}
+EOF
+   else
+      cat <<EOF >> /etc/postfix/main.cf
 
 # Forwarding to the ip-adress of host b.mx.oopen.de
 relayhost = [${RELAY_HOST}]
+EOF
+
+   fi
+
+   cat <<EOF >> /etc/postfix/main.cf
 
 # File including login data
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
@@ -799,7 +852,7 @@ smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = noanonymous
 smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
 
-# Report the SASL authenticated user name in the smtpd(8) Received message header. 
+# Report the SASL authenticated user name in the smtpd(8) Received message header.
 smtpd_sasl_authenticated_header = no
 
 
@@ -809,11 +862,11 @@ smtpd_sasl_authenticated_header = no
 ## - Aktiviert TLS für den Mailempfang
 ## -
 ## - may:
-## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - Opportunistic TLS. Use TLS if this is supported by the remote
 ## - SMTP server, otherwise use plaintext
 ## -
-## - This overrides the obsolete parameters smtpd_use_tls and 
-## - smtpd_enforce_tls. This parameter is ignored with 
+## - This overrides the obsolete parameters smtpd_use_tls and
+## - smtpd_enforce_tls. This parameter is ignored with
 ## - "smtpd_tls_wrappermode = yes".
 #smtpd_use_tls=yes
 smtp_tls_security_level=encrypt
@@ -833,11 +886,11 @@ relayhost =
 ## - Aktiviert TLS für den Mailempfang
 ## -
 ## - may:
-## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - Opportunistic TLS. Use TLS if this is supported by the remote
 ## - SMTP server, otherwise use plaintext
 ## -
-## - This overrides the obsolete parameters smtpd_use_tls and 
-## - smtpd_enforce_tls. This parameter is ignored with 
+## - This overrides the obsolete parameters smtpd_use_tls and
+## - smtpd_enforce_tls. This parameter is ignored with
 ## - "smtpd_tls_wrappermode = yes".
 #smtpd_use_tls=yes
 smtp_tls_security_level=may
@@ -849,16 +902,16 @@ cat <<EOF >> /etc/postfix/main.cf
 ## - Aktiviert TLS für den Mailversand
 ## -
 ## - may:
-## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
 ## - but do not require that clients use TLS encryption.
 # smtp_use_tls=yes
 smtpd_tls_security_level=may
 
-## -    0 Disable logging of TLS activity. 
-## -    1 Log TLS handshake and certificate information. 
-## -    2 Log levels during TLS negotiation. 
-## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
-## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -    0 Disable logging of TLS activity.
+## -    1 Log TLS handshake and certificate information.
+## -    2 Log levels during TLS negotiation.
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process.
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
 ## -
 smtpd_tls_loglevel = 1
 smtp_tls_loglevel = 1
@@ -867,7 +920,7 @@ smtpd_tls_cert_file = $_TLS_CERT_FILE
 smtpd_tls_key_file = $_TLS_KEY_FILE
 
 ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
-## - 
+## -
 ## - Dont't forget to create it, e.g with openssl:
 ## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
 ## -
@@ -876,92 +929,136 @@ smtpd_tls_key_file = $_TLS_KEY_FILE
 ## -
 smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
 
-## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
-## - 
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## -
 ## - Dont't forget to create it, e.g with openssl:
 ## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
 ## -
 smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
 
 
-## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
-## - server certificates or intermediate CA certificates. These are loaded into 
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP
+## - server certificates or intermediate CA certificates. These are loaded into
 ## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
-## - 
+## -
 smtp_tls_CAfile = $_TLS_CA_FILE
 
-## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
-## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the
 ## - necessary "hash" links with, for example, "
-## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". 
+## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
 ## -
 ## - !! Note !!
-## - To use this option in chroot mode, this directory (or a copy) must be inside 
-## - the chroot jail. 
+## - To use this option in chroot mode, this directory (or a copy) must be inside
+## - the chroot jail.
 ## -
-## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix
 ## - queue directory (/var/spool/postfix)
 ## -
 #smtpd_tls_CApath = /etc/postfix/certs
 
 
-# Disable SSLv2 SSLv3 - Postfix SMTP server 
-# 
-# List of TLS protocols that the Postfix SMTP server will exclude or  
-# include with opportunistic TLS encryption.  
-smtpd_tls_protocols = !SSLv2, !SSLv3
-# 
-# The SSL/TLS protocols accepted by the Postfix SMTP server  
-# with mandatory TLS encryption. 
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-
-
-# Disable SSLv2 SSLv3 - Postfix SMTP client 
-#  
-# List of TLS protocols that the Postfix SMTP client will exclude or  
-# include with opportunistic TLS encryption.  
-smtp_tls_protocols = !SSLv2, !SSLv3
-# 
-# List of SSL/TLS protocols that the Postfix SMTP client will use  
-# with mandatory TLS encryption 
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
-
-
-## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
-## -    openssl > 1.0
-## -
-smtpd_tls_eecdh_grade = strong
-
-# standard list cryptographic algorithm
-tls_preempt_cipherlist = yes
-
-# Disable ciphers which are less than 256-bit:
+# Disable SSLv2 SSLv3 - Postfix SMTP server
 #
-#smtpd_tls_mandatory_ciphers = high
+# List of TLS protocols that the Postfix SMTP server will exclude or
+# include with opportunistic TLS encryption.
+#smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1
+
+# TLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption.
 #
-# opportunistic
-smtpd_tls_ciphers = high
+#smtpd_tls_protocols = >=TLSv1
+
+# TLS protocols accepted by the Postfix SMTP server with mandatory TLS encryption.
+#
+#smtpd_tls_mandatory_protocols = >=TLSv1
+
+# TLS protocols that the Postfix SMTP client will use with opportunistic TLS encryption.
+#
+#smtp_tls_protocols = >=TLSv1
+
+# The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory TLS encryption.
+#
+smtp_tls_mandatory_protocols = >=TLSv1.2
 
 
-# Exclude ciphers
+# The Postfix SMTP server security grade for ephemeral elliptic-curve
+# Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of this
+# parameter is always ignored, and Postfix behaves as though the auto value
+# (described below) was chosen.
+#
+# auto
+#    Use the most preferred curve that is supported by both the client and the server.
+#    This setting requires Postfix ≥ 3.2 compiled and linked with OpenSSL ≥ 1.0.2. This
+#    is the default setting under the above conditions (and the only setting used with
+#    Postfix ≥ 3.6).
+#
+# none
+#    Don't use EECDH. Ciphers based on EECDH key exchange will be disabled. This is the
+#    default in Postfix versions 2.6 and 2.7.
+#
+# strong
+#    Use EECDH with approximately 128 bits of security at a reasonable computational cost.
+#    This is the default in Postfix versions 2.8-3.5.
+#
+# ultra
+#    Use EECDH with approximately 192 bits of security at computational cost that is
+#    approximately twice as high as 128 bit strength ECC.
+#
+smtpd_tls_eecdh_grade = auto
+
+
+# With SSLv3 and later, use the Postfix SMTP server's cipher preference order instead
+# of the remote client's cipher preference order.
+#
+# By default, the OpenSSL server selects the client's most preferred cipher that the
+# server supports. With SSLv3 and later, the server may choose its own most preferred
+# cipher that is supported (offered) by the client.
+#
+# Setting "tls_preempt_cipherlist = yes" enables server cipher preferences.
+#
+# default: no
+#
+#tls_preempt_cipherlist = no
+
+
+# The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory
+# TLS encryption. The default grade ("medium") is sufficiently strong that any benefit
+# from globally restricting TLS sessions to a more stringent grade is likely negligible,
+# especially given the fact that many implementations still do not offer any stronger
+# ("high" grade) ciphers, while those that do, will always use "high" grade ciphers.
+# So insisting on "high" grade ciphers is generally counter-productive. Allowing "export"
+# or "low" ciphers is typically not a good idea, as systems limited to just these are
+# limited to obsolete browsers. No known SMTP clients fail to support at least one
+# "medium" or "high" grade cipher.
+#
+# default: medium
+#
+#smtpd_tls_mandatory_ciphers = medium
+
+# The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic
+# TLS encryption. Cipher types listed in smtpd_tls_exclude_ciphers are excluded from the
+# base definition of the selected cipher grade.
+#
+# default: medium
+#
+#smtpd_tls_ciphers = medium
+
+
+# List of ciphers or cipher types to exclude from the SMTP server cipher list at all
+# TLS security levels.
+#
+# DO NOT exclude ciphers unless it is essential to do so. This is not an OpenSSL cipherlist;
+# it is a simple list separated by whitespace and/or commas. The elements are a single cipher,
+# or one or more "+" separated cipher properties, in which case only ciphers matching all the
+# properties are excluded.
+#
 #smtpd_tls_exclude_ciphers =
-#   RC4
-#   aNULL
-#   SEED-SHA
-#   EXP
-#   MD5
-smtpd_tls_exclude_ciphers =
-   aNULL
-   eNULL
-   EXPORT
-   DES
-   RC4
-   MD5
-   PSK
-   aECDH
-   EDH-DSS-DES-CBC3-SHA
-   EDH-RSA-DES-CDC3-SHA
-   KRB5-DE5, CBC3-SHA
+
+# Additional list of ciphers or cipher types to exclude from the Postfix SMTP client cipher
+# list at mandatory TLS security levels. This list works in addition to the exclusions listed
+# with smtp_tls_exclude_ciphers
+#
+#smtp_tls_mandatory_exclude_ciphers =
 
 
 smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
@@ -973,8 +1070,8 @@ smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
 
 # smtpd_relay_restrictions
 #
-# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions 
-# parameter must specify at least one of the following restrictions. Otherwise Postfix 
+# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions
+# parameter must specify at least one of the following restrictions. Otherwise Postfix
 # will refuse to receive mail:
 #
 #        reject, reject_unauth_destination
@@ -984,20 +1081,20 @@ smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
 #
 # The upstream default is:
 #
-#    smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} : 
+#    smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} :
 #       {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
 #
-# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is 
+# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is
 # set to '0', you MUST specify this value. Otherwise Postfix will refuse to receive mail
 # and you get the following error message:
 #
-#     fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify 
-#     at least one working instance of: reject_unauth_destination, defer_unauth_destination, 
+#     fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify
+#     at least one working instance of: reject_unauth_destination, defer_unauth_destination,
 #     reject, defer, defer_if_permit or check_relay_domains
 #
-#smtpd_relay_restrictions = 
-#   permit_mynetworks, 
-#   permit_sasl_authenticated, 
+#smtpd_relay_restrictions =
+#   permit_mynetworks,
+#   permit_sasl_authenticated,
 #   defer_unauth_destination
 
 EOF
@@ -1006,8 +1103,21 @@ echo_ok
 echononl "   Configure SASL authentification"
 if $SASL_AUTH ; then
 
+   _sasl_pw_file="/etc/postfix/sasl_passwd"
+   if [[ -f "${_sasl_pw_file}" ]] && $(grep -q -E "^\[${RELAY_HOST}\]" ${_sasl_pw_file} 2> /dev/null); then
+      sed -i "/^\[${RELAY_HOST}/d" ${_sasl_pw_file}
+      if [[ "$?" != "0" ]]; then
+         error "Setting \"/etc/postfix/sasl_passwd\" failed! "
+         _failed=true
+      fi
+   fi
+
    _failed=false
-   echo "[$RELAY_HOST] ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" > /etc/postfix/sasl_passwd
+   if [[ ${RELAY_PORT} -ne 25 ]] ; then
+      echo "[$RELAY_HOST]:${RELAY_PORT} ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" >> /etc/postfix/sasl_passwd
+   else
+      echo "[$RELAY_HOST] ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" >> /etc/postfix/sasl_passwd
+   fi
    if [[ "$?" != "0" ]]; then
       error "Setting \"/etc/postfix/sasl_passwd\" failed! "
       _failed=true
@@ -1081,7 +1191,7 @@ else
 fi
 
 
-## - create directory for certificates and copy certificates 
+## - create directory for certificates and copy certificates
 ## - and coresponding keys to /etc/postfix/ssl/
 ## -
 echononl "   Create directory for certificates \"/etc/postfix/ssl\""
@@ -1097,7 +1207,7 @@ else
 fi
 
 
-## - generate DH parameters that the Postfix SMTP server should use 
+## - generate DH parameters that the Postfix SMTP server should use
 ## - with EDH ciphers (length 512 and 1024
 ## -
 echononl "   Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
@@ -1313,15 +1423,19 @@ fi
 ## - Omitt logging into system.log
 ## -
 echononl "   Create \"/etc/rsyslog.d/postfix.conf\""
-cat << EOF >> /etc/rsyslog.d/postfix.conf
+cat << EOF > /etc/rsyslog.d/postfix.conf
+# Create an additional socket in postfix's chroot in order not to break
+# mail logging when rsyslog is restarted.  If the directory is missing,
+# rsyslog will silently skip creating the socket.
+\$AddUnixListenSocket /var/spool/postfix/dev/log
 
 #
 # Logging for the mail system.  Split it up so that
 # it is easy to write scripts to parse these files.
 #
-mail.info                       -/var/log/mail.info
-mail.warn                       -/var/log/mail.warn
-mail.err                        /var/log/mail.err
+#mail.info                       -/var/log/mail.info
+#mail.warn                       -/var/log/mail.warn
+#mail.err                        /var/log/mail.err
 
 mail.*                          -/var/log/mail.log
 & stop
@@ -1349,6 +1463,12 @@ else
    fi
 fi
 
+if [[ ${RELAY_PORT} -ne 25 ]] ; then
+
+   echo ""
+   warn "Please do not forget to allow port \033[1m${RELAY_PORT}\033[m on both sides, outgoing
+                     on this host here and incoming on the relay host '${RELAY_HOST}'."
+fi
 
 echo ""
 clean_up 0

install_postfixadmin.sh

@@ -126,6 +126,61 @@ detect_os_1 () {
 
 }
 
+detect_mysql_version () {
+
+   _MYSQLD_VERSION="$(mysqld -V 2>/dev/null)"
+
+   if [[ -z "$_MYSQLD_VERSION" ]]; then
+      fatal "No installed MySQL server or distribution found!"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ percona- ]]; then
+      MYSQL_CUR_DISTRIBUTION="Percona"
+   elif [[ "$_MYSQLD_VERSION" =~ MariaDB ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   elif [[ "$_MYSQLD_VERSION" =~ MySQL ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mysql- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mariadb- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   else
+      error "MySQL Instalation found, but cannot determin the distribution!"
+
+      MYSQL_CUR_DISTRIBUTION=
+      echo ""
+      echo "   Select the installed MySQL distribution."
+      echo ""
+      echo "   [1] MySQL (the original community edition)"
+      echo "   [2] Percona Server for MySQL"
+      echo "   [3] MariaDB"
+      echo ""
+      echononl "   Eingabe [1/2/3]: "
+
+      while [ "$MYSQL_CUR_DISTRIBUTION" != "MySQL" -a "$MYSQL_CUR_DISTRIBUTION" != "MariaDB" -a "$MYSQL_CUR_DISTRIBUTION" != "Percona" ];do
+         read OPTION
+         case $OPTION in
+               1)      MYSQL_CUR_DISTRIBUTION="MySQL"
+               ;;
+               2)      MYSQL_CUR_DISTRIBUTION="Percona"
+               ;;
+               3)      MYSQL_CUR_DISTRIBUTION="MariaDB"
+               ;;
+               *)    echo ""
+                     echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = Percona ; 3 = MariaDB ]"
+                     echo ""
+                     echononl "   Eingabe:"
+               ;;
+         esac
+      done
+   fi
+
+   MYSQL_VERSION="$(echo $_MYSQLD_VERSION | grep -o -E "[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?" | head -n 1)"
+   MYSQL_MAJOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1)"
+   MYSQL_MINOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f2)"
+   MYSQL_PATCH_LEVEL="$(echo $MYSQL_VERSION | cut -d '.' -f3)"
+   MYSQL_MAIN_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1,2)"
+
+}
+
 
 
 # - Is 'systemd' supported on this system
@@ -228,14 +283,14 @@ else
 fi
 DEFAULT_POSTFIX_DB_NAME="postfix"
 DEFAULT_POSTFIX_DB_USER="postfix"
-if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
-elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
-else
-   DEFAULT_MYSQL_CREDENTIALS=""
-fi
-DEFAULT_DEBIAN_MYSQL_CREDENTIALS="/etc/mysql/debian.cnf"
+#if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+#   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+#elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
+#   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
+#else
+#   DEFAULT_MYSQL_CREDENTIALS=""
+#fi
+#DEFAULT_DEBIAN_MYSQL_CREDENTIALS="/etc/mysql/debian.cnf"
 
 DEFAULT_DOVEADM_PW="/usr/local/dovecot/bin/doveadm pw"
 DEFAULT_DELETED_MAILBOX_DIR="/var/deleted-maildirs"
@@ -341,11 +396,64 @@ fi
 
 [[ -n "$MYSQL_DEBIAN_INSTALLATION" ]] || MYSQL_DEBIAN_INSTALLATION=false
 
-if [[ "$POSTFIX_DB_TYPE" = "mysql" ]]; then
-   if $MYSQL_DEBIAN_INSTALLATION ; then
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
-   else
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+if [[ "$POSTFIX_DB_TYPE" = "mysql" ]] ; then
+
+   if [[ -z ${MYSQL_CREDENTIALS} ]] ; then
+
+      detect_mysql_version
+
+      if [[ "$MYSQL_CUR_DISTRIBUTION" = "MariaDB" ]] && ([[ $MYSQL_MAJOR_VERSION -gt 10 ]] \
+            || ( [[ $MYSQL_MAJOR_VERSION -eq 10 ]] && [[ $MYSQL_MINOR_VERSION -gt 3 ]] )) ; then
+         if [[ -S "/tmp/mysql.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /tmp/mysql.sock"
+         elif [[ -S "/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /run/mysqld/mysqld.sock"
+         elif [[ -S "/var/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /var/run/mysqld/mysqld.sock"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
+
+               Use configuration file "$conf_file" to set
+               parameter manually."
+         fi
+
+      else
+      
+         echononl "\tGet MySQL command.."
+         mysql_command="$(which mysql)"
+         if [[ $? -eq 0 ]]; then
+            echo_ok
+         else
+
+            if [[ -x "/usr/local/mysql/bin/mysql" ]]; then
+               mysql_command="/usr/local/mysql/bin/mysql"
+               echo_ok
+            else
+               echo_failed
+               fatal "$(cat $tmp_log_file)"
+            fi
+         fi
+
+         if $(${mysql_command} --login-path=local  -e ";" > /dev/null 2>&1) ; then
+            MYSQL_CREDENTIALS="--login-path=local"
+         elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+         elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated. 
+
+               Use configuration file "$conf_file" to set 
+               parameter manually."
+         fi
+      fi
+
+      #if $MYSQL_DEBIAN_INSTALLATION ; then
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+      #else
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+      #fi
+
    fi
 else
    [[ "$POSTFIX_DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$POSTFIX_DB_TYPE' (POSTFIX_DB_TYPE)"
@@ -1734,23 +1842,25 @@ fi
 
 # - Encoding does not work as exspected.
 # -
+# - Update: Encoding seems to works now
+# -
 # - NOTE:
 # -    this IS NOT a fix, but a workaround
 # -
-echononl "\tWorkaround, because encoding does not work as exspected."
-# - Vacation script changed. Since Version 3.2 we need another perl regexp.
-# - The old one was: 
-# -    perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \
-# -
-perl -i -n -p -e "s/(\s*\'Content-Type\'\s* =>\s*)\"text\/plain.*$/\1\"text\/plain; charset=iso-8859-1\",/" \
-   /var/spool/vacation/vacation.pl > "$log_file" 2>&1
-if [[ $? -eq 0 ]];then
-   echo_ok
-   info "This IS NOT a fix, but a workaround."
-else
-   echo_failed
-   error "$(cat $log_file)"
-fi
+#echononl "\tWorkaround, because encoding does not work as exspected."
+## - Vacation script changed. Since Version 3.2 we need another perl regexp.
+## - The old one was: 
+## -    perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \
+## -
+##perl -i -n -p -e "s/(\s*\'Content-Type\'\s* =>\s*)\"text\/plain.*$/\1\"text\/plain; charset=iso-8859-1\",/" \
+##   /var/spool/vacation/vacation.pl > "$log_file" 2>&1
+#if [[ $? -eq 0 ]];then
+#   echo_ok
+#   info "This IS NOT a fix, but a workaround."
+#else
+#   echo_failed
+#   error "$(cat $log_file)"
+#fi
 
 echononl "\tSet Permission on vacation script"
 _failed=false

install_roundcube.sh

@@ -108,6 +108,62 @@ is_number() {
    #return $([[ ! -z "${1##*[!0-9]*}" ]])
 }
 
+detect_mysql_version () {
+
+   _MYSQLD_VERSION="$(mysqld -V 2>/dev/null)"
+
+   if [[ -z "$_MYSQLD_VERSION" ]]; then
+      fatal "No installed MySQL server or distribution found!"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ percona- ]]; then
+      MYSQL_CUR_DISTRIBUTION="Percona"
+   elif [[ "$_MYSQLD_VERSION" =~ MariaDB ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   elif [[ "$_MYSQLD_VERSION" =~ MySQL ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mysql- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mariadb- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   else
+      error "MySQL Instalation found, but cannot determin the distribution!"
+
+      MYSQL_CUR_DISTRIBUTION=
+      echo ""
+      echo "   Select the installed MySQL distribution."
+      echo ""
+      echo "   [1] MySQL (the original community edition)"
+      echo "   [2] Percona Server for MySQL"
+      echo "   [3] MariaDB"
+      echo ""
+      echononl "   Eingabe [1/2/3]: "
+
+      while [ "$MYSQL_CUR_DISTRIBUTION" != "MySQL" -a "$MYSQL_CUR_DISTRIBUTION" != "MariaDB" -a "$MYSQL_CUR_DISTRIBUTION" != "Percona" ];do
+         read OPTION
+         case $OPTION in
+               1)      MYSQL_CUR_DISTRIBUTION="MySQL"
+               ;;
+               2)      MYSQL_CUR_DISTRIBUTION="Percona"
+               ;;
+               3)      MYSQL_CUR_DISTRIBUTION="MariaDB"
+               ;;
+               *)    echo ""
+                     echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = Percona ; 3 = MariaDB ]"
+                     echo ""
+                     echononl "   Eingabe:"
+               ;;
+         esac
+      done
+   fi
+
+   MYSQL_VERSION="$(echo $_MYSQLD_VERSION | grep -o -E "[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?" | head -n 1)"
+   MYSQL_MAJOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1)"
+   MYSQL_MINOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f2)"
+   MYSQL_PATCH_LEVEL="$(echo $MYSQL_VERSION | cut -d '.' -f3)"
+   MYSQL_MAIN_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1,2)"
+
+}
+
+
 trim() {
     local var="$*"
     var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
@@ -157,7 +213,7 @@ fi
 
 
 while IFS='' read -r -d '' _conf_file ; do
-   
+
    WEBSITE_NAME="$(grep -E "^WEBSITE_NAME" "${_conf_file}" 2>/dev/null | cut -d"=" -f2)"
 
    #Remove leading / trailling double quotes
@@ -208,7 +264,7 @@ read _IN
       conf_file=${_arr[1]}
       _OK=true
    else
-      echo ""  
+      echo ""
       echo -e "\tFalsche Eingabe !"
       echo ""
       echononl "   Eingabe: "
@@ -296,14 +352,6 @@ DEFAULT_APACHE_VHOST_DIR="/usr/local/apache2/conf/vhosts"
 DEFAULT_DB_HOST="localhost"
 DEFAULT_DB_NAME="roundcubemail"
 DEFAULT_DB_USER="roundcube"
-if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
-elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
-else
-   DEFAULT_MYSQL_CREDENTIALS=""
-fi
-DEFAULT_DEBIAN_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
 
 [[ -n "$ROUNDCUBE_VERSION" ]] || fatal "Roundcube Version (ROUNDCUBE_VERSION) not present!"
 [[ -n "$WEBSITE_NAME" ]] || fatal "Website's name (WEBSITE_NAME) not present!"
@@ -322,8 +370,8 @@ HOSTNAME_SHORT=${_tmp_string%%.*}
 if [[ -z "$IPV4" ]] && [[ -z "$IPV6" ]] ; then
    fatal "Neither an IPv4 nor an IPv6 address are given.!"
 else
-   [[ -n "$IPV4" ]] || warn  "IPv4 Address not present!" 
-   [[ -n "$IPV6" ]] || warn  "IPv6 Address not present!" 
+   [[ -n "$IPV4" ]] || warn  "IPv4 Address not present!"
+   [[ -n "$IPV6" ]] || warn  "IPv6 Address not present!"
 fi
 
 [[ -n "$APACHE_DEBIAN_INSTALLATION" ]] || APACHE_DEBIAN_INSTALLATION=false
@@ -355,12 +403,12 @@ if [ -x "$httpd_binary" ];then
       IS_HTTPD_RUNNING=true
    fi
 fi
-   
+
 [[ -n "$HTTP_USER" ]] || HTTP_USER=$DEFAULT_HTTP_USER
 [[ -n "$HTTP_GROUP" ]] || HTTP_GROUP=$DEFAULT_HTTP_GROUP
 
 [[ -n "$WEBMASTER_EMAIL" ]] || fatal "E-Mail (WEBMASTER_EMAIL) for webmaster not present!"
-[[ -n "$WEBSITE_BASEDIR" ]] || WEBSITE_BASEDIR=$DEFAULT_WEBSITE_BASEDIR 
+[[ -n "$WEBSITE_BASEDIR" ]] || WEBSITE_BASEDIR=$DEFAULT_WEBSITE_BASEDIR
 
 if [[ -z "$APACHE_CERT_DIR" ]] ; then
    if $APACHE_DEBIAN_INSTALLATION ; then
@@ -401,16 +449,76 @@ fi
 
 [[ -n "$MYSQL_DEBIAN_INSTALLATION" ]] || MYSQL_DEBIAN_INSTALLATION=false
 
-if [[ "$DB_TYPE" = "mysql" ]]; then
-   if $MYSQL_DEBIAN_INSTALLATION ; then
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
-   else
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+
+if [ "$DB_TYPE" = "postgres" -o  "$DB_TYPE" = "postgresql" -o "$DB_TYPE" = "pgsql" -o "$DB_TYPE" = "psql" ];then
+   DB_TYPE="pgsql"
+fi
+
+
+if [[ "$DB_TYPE" = "mysql" ]] ; then
+
+   if [[ -z ${MYSQL_CREDENTIALS} ]] ; then
+
+      detect_mysql_version
+
+      if [[ "$MYSQL_CUR_DISTRIBUTION" = "MariaDB" ]] && ([[ $MYSQL_MAJOR_VERSION -gt 10 ]] \
+            || ( [[ $MYSQL_MAJOR_VERSION -eq 10 ]] && [[ $MYSQL_MINOR_VERSION -gt 3 ]] )) ; then
+         if [[ -S "/tmp/mysql.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /tmp/mysql.sock"
+         elif [[ -S "/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /run/mysqld/mysqld.sock"
+         elif [[ -S "/var/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /var/run/mysqld/mysqld.sock"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
+
+               Use configuration file "$conf_file" to set
+               parameter manually."
+         fi
+
+      else
+
+         echononl "\tGet MySQL command.."
+         mysql_command="$(which mysql)"
+         if [[ $? -eq 0 ]]; then
+            echo_ok
+         else
+
+            if [[ -x "/usr/local/mysql/bin/mysql" ]]; then
+               mysql_command="/usr/local/mysql/bin/mysql"
+               echo_ok
+            else
+               echo_failed
+               fatal "$(cat $tmp_log_file)"
+            fi
+         fi
+
+         if $(${mysql_command} --login-path=local  -e ";" > /dev/null 2>&1) ; then
+            MYSQL_CREDENTIALS="--login-path=local"
+         elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+         elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
+
+               Use configuration file "$conf_file" to set
+               parameter manually."
+         fi
+      fi
+
+      #if $MYSQL_DEBIAN_INSTALLATION ; then
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+      #else
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+      #fi
+
    fi
 else
    [[ "$DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$DB_TYPE' (DB_TYPE)"
 fi
 
+
 [[ -n "$SPAM_FOLDER_NAME" ]] || SPAM_FOLDER_NAME=$DEFAULT_SPAM_FOLDER_NAME
 
 [[ -n "$SUPPORT_URL" ]] || SUPPORT_URL="http://www.${MAIN_DOMAIN}.$TLD"
@@ -604,7 +712,7 @@ _log_dir=${_src_base_dir}/log-roundcube-$_version
 
 # - REQUIREMENTS
 # - ============
-# - 
+# -
 # - * An IMAP, HTTP and SMTP server
 # - * .htaccess support allowing overrides for DirectoryIndex
 # - * PHP Version 5.4 or greater including:
@@ -701,7 +809,7 @@ if $PHP_DEBIAN_INSTALLATION ; then
          echo_skipped
       fi
    done
-   
+
 else
    for _version in $php_major_versions ; do
 
@@ -1001,7 +1109,7 @@ if $SKIN_LOGO_PRESENT ; then
          cp -a "$(realpath "${tmp_dir}/${SKIN_LOGO_DIR}/${SKIN_LOGO_FILE}")" \
             "${WEBSITE_BASEDIR}/htdocs/${SKIN_LOGO_DIR}/${SKIN_LOGO_FILE}" >> $log_file 2>&1
       fi
-            
+
    fi
    if [[ $? -ne 0 ]]; then
       echo_failed
@@ -1168,13 +1276,13 @@ if [[  "$PHP_TYPE" = "fcgid" ]] ; then
 #!/bin/sh
 export PHPRC="${WEBSITE_BASEDIR}/conf/"
 export TMPDIR="${WEBSITE_BASEDIR}/tmp"
-# PHP child process management (PHP_FCGI_CHILDREN) should 
-# always be disabled with mod_fcgid, which will only route one 
-# request at a time to application processes it has spawned; 
-# thus, any child processes created by PHP will not be used 
-# effectively. (Additionally, the PHP child processes may not 
-# be terminated properly.) By default, and with the environment 
-# variable setting PHP_FCGI_CHILDREN=0, PHP child process 
+# PHP child process management (PHP_FCGI_CHILDREN) should
+# always be disabled with mod_fcgid, which will only route one
+# request at a time to application processes it has spawned;
+# thus, any child processes created by PHP will not be used
+# effectively. (Additionally, the PHP child processes may not
+# be terminated properly.) By default, and with the environment
+# variable setting PHP_FCGI_CHILDREN=0, PHP child process
 # management is disabled.
 PHP_FCGI_CHILDREN=0
 export PHP_FCGI_CHILDREN
@@ -1252,7 +1360,7 @@ EOF
       fi
 
    echononl "\tCreate file '${WEBSITE_BASEDIR}/logs/php_errors.log'.."
-   
+
    if [[ ! -f "${WEBSITE_BASEDIR}/logs/php_errors.log" ]]; then
       touch ${WEBSITE_BASEDIR}/logs/php_errors.log > $log_file 2>&1
       if [[ $? -ne 0 ]]; then
@@ -1339,7 +1447,7 @@ EOF
       _failed=true
       error "$(cat $log_file)"
    fi
-   
+
    if ! $_failed ; then
       echo_ok
    fi
@@ -1350,11 +1458,11 @@ fi
 echo -e "\n\n\t\033[37m\033[1mConfigure Apache Webservice\033[m\n"
 
 
-SSLCertificateChainFile="" 
+SSLCertificateChainFile=""
 # - Create SSCertificateChainFile rule for apache vhost entry
 # -
 echononl "\tCreate SSCertificateChainFile rule for apache vhost entry"
-if [ -n "$CERT_ChainFile" ];then 
+if [ -n "$CERT_ChainFile" ];then
    SSLCertificateChainFile="SSLCertificateChainFile ${APACHE_CERT_DIR}/$CERT_ChainFile"
    echo_ok
 else
@@ -1502,17 +1610,17 @@ EOF
 
    # - X-Frame-Options
    # -
-   # - The X-Frame-Options header (RFC), or XFO header, protects your visitors 
-   # - against clickjacking attacks. An attacker can load up an iframe on their 
-   # - site and set your site as the source, it's quite easy: 
+   # - The X-Frame-Options header (RFC), or XFO header, protects your visitors
+   # - against clickjacking attacks. An attacker can load up an iframe on their
+   # - site and set your site as the source, it's quite easy:
    # -
    # -    <iframe src="https://scotthelme.co.uk"></iframe>
    # -
-   # - Using some crafty CSS they can hide your site in the background and create some 
-   # - genuine looking overlays. When your visitors click on what they think is a harmless 
-   # - link, they're actually clicking on links on your website in the background. That 
-   # - might not seem so bad until we realise that the browser will execute those requests 
-   # - in the context of the user, which could include them being logged in and authenticated 
+   # - Using some crafty CSS they can hide your site in the background and create some
+   # - genuine looking overlays. When your visitors click on what they think is a harmless
+   # - link, they're actually clicking on links on your website in the background. That
+   # - might not seem so bad until we realise that the browser will execute those requests
+   # - in the context of the user, which could include them being logged in and authenticated
    # - to your site!
    # -
    # - Troy Hunt has a great blog on 'Clickjack attack – the hidden threat right in front :
@@ -1520,49 +1628,49 @@ EOF
    # -
    # -    http://www.troyhunt.com/2013/05/clickjack-attack-hidden-threat-right-in.html
    # -
-   # - Valid values include DENY meaning your site can't be framed, SAMEORIGIN which allows 
-   # - you to frame your own site or ALLOW-FROM https://example.com/ which lets you specify 
+   # - Valid values include DENY meaning your site can't be framed, SAMEORIGIN which allows
+   # - you to frame your own site or ALLOW-FROM https://example.com/ which lets you specify
    # -sites that are permitted to frame your own site.
    # -
    Header always set X-Frame-Options "SAMEORIGIN"
 
    # -  X-Xss-Protection
    # -
-   # - This header is used to configure the built in reflective XSS protection found 
-   # - in Internet Explorer, Chrome and Safari (Webkit). Valid settings for the header 
-   # - are 0, which disables the protection, 1 which enables the protection 
-   # - and 1; mode=block which tells the browser to block the response if it 
+   # - This header is used to configure the built in reflective XSS protection found
+   # - in Internet Explorer, Chrome and Safari (Webkit). Valid settings for the header
+   # - are 0, which disables the protection, 1 which enables the protection
+   # - and 1; mode=block which tells the browser to block the response if it
    # - detects an attack rather than sanitising the script.
    # -
    Header always set X-Xss-Protection "1; mode=block"
 
    # - X-Content-Type-Options
    # -
-   # - Nice and easy to configure, this header only has one valid value, nosniff. 
-   # - It prevents Google Chrome and Internet Explorer from trying to mime-sniff 
-   # - the content-type of a response away from the one being declared by the server. 
-   # - It reduces exposure to drive-by downloads and the risks of user uploaded content 
-   # - that, with clever naming, could be treated as a different content-type, like 
+   # - Nice and easy to configure, this header only has one valid value, nosniff.
+   # - It prevents Google Chrome and Internet Explorer from trying to mime-sniff
+   # - the content-type of a response away from the one being declared by the server.
+   # - It reduces exposure to drive-by downloads and the risks of user uploaded content
+   # - that, with clever naming, could be treated as a different content-type, like
    # - an executable.
    # -
    Header always set X-Content-Type-Options "nosniff"
 
    # - Content Security Policy
    # -
-   # - The CSP header allows you to define a whitelist of approved sources of content 
-   # - for your site. By restricting the assets that a browser can load for your site, 
-   # - like js and css, CSP can act as an effective countermeasure to XSS attacks. I 
-   # - have covered CSP in a lot more detail in my blog Content Security Policy - An 
-   # - Introduction (https://scotthelme.co.uk/content-security-policy-an-introduction/). 
+   # - The CSP header allows you to define a whitelist of approved sources of content
+   # - for your site. By restricting the assets that a browser can load for your site,
+   # - like js and css, CSP can act as an effective countermeasure to XSS attacks. I
+   # - have covered CSP in a lot more detail in my blog Content Security Policy - An
+   # - Introduction (https://scotthelme.co.uk/content-security-policy-an-introduction/).
    # -
-   # - Here is a basic policy to enforce TLS on all assets and prevent 
+   # - Here is a basic policy to enforce TLS on all assets and prevent
    # - mixed content warnings.
    # -
    # - Allow Google Analytics, Google AJAX CDN and Same Origin
    # -    script-src 'self' www.google-analytics.com ajax.googleapis.com;
 	# -
 	# - Emmbedding Google Fonts
-	# -    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 
+	# -    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
 	# -
 	# - Allow YouTube Videos (iframe embedded)
 	# -     frame-src 'self' https://www.youtube.com
@@ -1572,9 +1680,9 @@ EOF
 
    # - Referrer-Policy
    # -
-   # - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header 
-   # - field that identifies the address of the webpage (i.e. the URI or IRI) that 
-   # - linked to the resource being requested. By checking the referrer, the new 
+   # - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header
+   # - field that identifies the address of the webpage (i.e. the URI or IRI) that
+   # - linked to the resource being requested. By checking the referrer, the new
    # - webpage can see where the request originated.
    # -
    Header set  Referrer-Policy "strict-origin-when-cross-origin"
@@ -1781,7 +1889,7 @@ if ! $database_exists ; then
       else
          echo_failed
       fi
-	elif [[ "$DB_TYPE" = "pgsql" ]]; then 
+	elif [[ "$DB_TYPE" = "pgsql" ]]; then
 		echo -n " (PostgreSQL).."
 		echo "CREATE ROLE $DB_USER WITH LOGIN NOCREATEDB NOCREATEROLE NOSUPERUSER ENCRYPTED PASSWORD '$DB_PASS'" \
          | su - postgres -c "psql" > /dev/null
@@ -1832,7 +1940,7 @@ info "Now browse to the intaller site and continue installation.\n$(cat <<EOF
 
    Browse to site: \033[1mhttps://${WEBSITE_NAME}/installer\033[m
 
-   Maybe you want to change some values as follows 
+   Maybe you want to change some values as follows
 
    General configuration:
       product_name...........: $PRODUCT_NAME
@@ -1858,7 +1966,7 @@ info "Now browse to the intaller site and continue installation.\n$(cat <<EOF
    SMTP Settings:
       smtp_host..............: tls://$(hostname -f):587
 
-      smtp_user/smtp_pass....: 
+      smtp_user/smtp_pass....:
          [x] Use the current IMAP username and password for SMTP authentication
 
    Display settings & user prefs:
@@ -1928,7 +2036,7 @@ echononl "\tSet.. 'des_key', 'login_autocomplete', and more.."
 cat <<EOF >>$WEBSITE_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php 2> $log_file
 
 // ==================================
-// Added after basic installation 
+// Added after basic installation
 // ==================================
 
 \$config['skin_logo'] = '${SKIN_LOGO}';
@@ -2092,7 +2200,7 @@ cat <<EOF >>$WEBSITE_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.in
 // - 'pspell'  - requires the PHP Pspell module and aspell installed
 // - 'enchant' - requires the PHP Enchant module
 // - 'atd'     - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
-// Since Google shut down their public spell checking service, you need to 
+// Since Google shut down their public spell checking service, you need to
 // connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
 \$config['spellcheck_engine'] = 'pspell';
 
@@ -2170,7 +2278,7 @@ if $INCLUDE_ACL_PLUGIN ; then
    fi
 
    echo -e "\tNothing more to do here. Plugin '$_plugin' will be added to array plugins later.."
-   
+
 fi
 
 
@@ -2217,7 +2325,7 @@ else
 fi
 
 echo -e "\tNothing more to do here. Plugin '$_plugin' will be added to array plugins later.."
- 
+
 
 # - jqueryui
 # -
@@ -2808,12 +2916,12 @@ if $VACATION_PLUGIN ; then
          echo "$_line" >> $_config_file
          echo "*/" >> $_config_file
          echo "\$config['${_key}'] = array(" >> $_config_file
-         
+
          if [[ "$POSTFIX_DB_TYPE" = "pgsql" ]]; then
             cat <<EOF >> $_config_file 2>> $log_file
    "SELECT
-      subject AS vacation_subject, 
-      body AS vacation_message, 
+      subject AS vacation_subject,
+      body AS vacation_message,
       date(activefrom) AS vacation_start,
       date(activeuntil) AS vacation_end,
       CASE WHEN vacation.active = TRUE THEN true ELSE false END AS vacation_enable,
@@ -2886,7 +2994,7 @@ EOF
          echo "$_line" >> $_config_file
          echo "*/" >> $_config_file
          echo "\$config['${_key}'] = array(" >> $_config_file
-         
+
          if [[ "$POSTFIX_DB_TYPE" = "pgsql" ]]; then
             if $VAC_GUI_FORWARDER ; then
 
@@ -3148,7 +3256,7 @@ EOF
          else
             echo_ok
          fi
-      fi 
+      fi
 
 
       # - Create postfix trigger function udf_set_active
@@ -3247,7 +3355,7 @@ EOF
          else
             echo_ok
          fi
-      fi 
+      fi
 
 
       # - Create postfix trigger function udf_forwarders_in
@@ -3346,7 +3454,7 @@ EOF
          else
             echo_ok
          fi
-      fi 
+      fi
    else
 
       echononl "\tCreate function 'FORWARDERS_OUT'"
@@ -3430,5 +3538,5 @@ else
 fi
 
 echo ""
-clean_up 0 
+clean_up 0
 

install_update_dovecot.sh

@@ -287,14 +287,21 @@ dovecot_main_version="$(echo $_version | cut -d '.' -f1,2)"
 dovecot_major_version="$(echo $_version | cut -d '.' -f1)"
 dovecot_minor_version="$(echo $_version | cut -d '.' -f2)"
 dovecot_patch_level="$(echo $_version | cut -d '.' -f3)"
+dovecot_minor_patch_level="$(echo $_version | cut -d '.' -f4)"
+
+_version_short="${_version%-*}"
 
 #echo ""
-#echo "_version:              $_version"
-#echo "dovecot_main_version   $dovecot_main_version"
-#echo "dovecot_major_version  $dovecot_major_version"
-#echo "dovecot_minor_version  $dovecot_minor_version"
-#echo "dovecot_patch_level    $dovecot_patch_level"
+#echo "_version:                  $_version"
+#echo "dovecot_main_version       $dovecot_main_version"
+#echo "dovecot_major_version      $dovecot_major_version"
+#echo "dovecot_minor_version      $dovecot_minor_version"
+#echo "dovecot_patch_level        $dovecot_patch_level"
+#echo "dovecot_minor_patch_level  $dovecot_minor_patch_level"
 #echo ""
+#
+#clean_up 0
+
 
 # 'expire plugin'was rRemoved in version 2.3.14: This plugin is not needed. 
 # Use mailbox { autoexpunge } Mailbox settings instead.
@@ -710,32 +717,72 @@ fi
 
 ## - Download Pigeonhole for Dovecot v2.2
 ## -
-echononl "\tDownload dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
-if [ ! -f "${_src_base_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz" ]; then
-   wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
-   if [ "$?" = 0 ]; then
-      echo -e "$rc_done"
+if [[ ${dovecot_major_version} -eq 2 ]] && [[ ${dovecot_minor_version} -lt 4 ]] ; then
+   
+   echononl "\tDownload dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
+   if [ ! -f "${_src_base_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz" ]; then
+      wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
+      if [ "$?" = 0 ]; then
+         echo -e "$rc_done"
+      else
+         echo -e "$rc_failed"
+         error "Direct download of 'dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz' failed
+
+                     Download \033[1mdovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz\033[m manually 
+                     and proceed instllation."
+
+         echononl "\tProceed instllation [yes/no]: "
+         read OK
+         OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+         while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+            echononl "Wrong entry! - repeat [yes/no]: "
+            read OK
+         done
+         [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+
+      fi
    else
-      echo -e "$rc_failed"
-      error "Direct download of 'dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz' failed
-
-                   Download \033[1mdovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz\033[m manually 
-                   and proceed instllation."
-
-		echononl "\tProceed instllation [yes/no]: "
-		read OK
-		OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
-		while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
-			echononl "Wrong entry! - repeat [yes/no]: "
-			read OK
-		done
-		[[ $OK = "yes" ]] || fatal "Abbruch durch User"
-
+      echo -e "$rc_skipped"
    fi
+
+   dovecot_pigeonhole_archiv="dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz"
+
 else
-   echo -e "$rc_skipped"
+
+   echononl "\tDownload dovecot-pigeonhole-${_pigeonhole}.tar.gz.."
+   if [ ! -f "${_src_base_dir}/dovecot-pigeonhole-${_pigeonhole}.tar.gz" ]; then
+      wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
+      if [ "$?" = 0 ]; then
+         echo -e "$rc_done"
+         dovecot_pigeonhole_archiv="dovecot-pigeonhole-${_pigeonhole}.tar.gz"
+      else
+         echo -e "$rc_failed"
+
+         error "Direct download of 'Pigeonhole Sieve and ManageSieve' source archiv  failed
+
+                  Download Pigeonhole Sieve and ManageSieve manually and name it to
+
+                  \033[1mdovecot-pigeonhole-${_pigeonhole}.tar.gz\033[m\n"
+
+
+         echononl "\tProceed instllation [yes/no]: "
+         read OK
+         OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+         while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+            echononl "Wrong entry! - repeat [yes/no]: "
+            read OK
+         done
+         [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+      fi
+   else
+      echo -e "$rc_skipped"
+   fi
+
+   dovecot_pigeonhole_archiv="dovecot-pigeonhole-${_pigeonhole}.tar.gz"
 fi
 
+dovecot_pigeonhole_archiv_prefix="${dovecot_pigeonhole_archiv%.tar.gz}"
+dovecot_pigeonhole_archiv_dir="${dovecot_pigeonhole_archiv%.tar.gz}"
 
 
 if $_new ; then
@@ -901,6 +948,7 @@ config_params="
    --prefix=/usr/local/dovecot-${_version} \
    --with-${db_driver} \
    --with-gssapi=yes
+   --with-ldap=yes
    --with-rundir=/run/dovecot"
 if $systemd_support ; then
    config_params="$config_params \
@@ -1055,20 +1103,20 @@ fi
 cd ${_src_base_dir}
 echo ""
 echononl "\tExtracting dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
-gunzip < dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz | tar -xf -
+gunzip < ${_src_base_dir}/${dovecot_pigeonhole_archiv} | tar -C ${_src_base_dir} -xf -
 if [ "$?" = 0 ]; then
    echo -e "$rc_done"
 else
    echo -e "$rc_failed"
-   fatal Extracting dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz failed
+   fatal Extracting ${dovecot_pigeonhole_archiv} failed
 fi
-cd dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}
+cd ${dovecot_pigeonhole_archiv_dir}
 
 
 echononl "\tConfigure Pigeonhole ManageSieve.."
 ./configure \
 	--prefix=/usr/local/dovecot-${_version} \
-   --with-dovecot=/usr/local/dovecot-${_version}/lib/dovecot > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-configure.log 2<&1
+   --with-dovecot=/usr/local/dovecot-${_version}/lib/dovecot > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-configure.log 2<&1
 if [ "$?" = 0 ]; then
    echo -e "$rc_done"
 else
@@ -1077,7 +1125,7 @@ else
 fi
 
 echononl "\tCompile Pigeonhole ManageSieve.."
-make > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-make.log 2<&1
+make > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-make.log 2<&1
 if [ "$?" = 0 ]; then
    echo -e "$rc_done"
 else
@@ -1086,7 +1134,7 @@ else
 fi
 
 echononl "\tInstall Pigeonhole ManageSieve.."
-make install > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-install.log 2<&1
+make install > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-install.log 2<&1
 if [ "$?" = 0 ]; then
    echo -e "$rc_done"
 else
@@ -1095,6 +1143,7 @@ else
 fi
 
 
+
 ## -----------------
 ## --- Configure dovecot services
 
@@ -2205,7 +2254,12 @@ EOF
       fatal "Creating file /etc/rsyslog.d/dovecot.conf failed"
    fi
 
-   /etc/init.d/rsyslog restart > /dev/null 2>&1
+   echononl "\tRestart rsyslog Servive"
+   if $systemd_support ; then
+      systemctl restart rsyslog.service > /dev/null 2>&1
+   else
+      /etc/init.d/rsyslog restart > /dev/null 2>&1
+   fi
    if [ "$?" = 0 ]; then
       echo -e "$rc_done"
    else
@@ -3651,8 +3705,8 @@ fi
 ## -      quota_rule = *:storage=1g
 ## -      quota_rule2 = trash:storage=+100m
 ## -
-## -      quota_warning = storage=95%% quota-warning 95 %u
-## -      quota_warning2 = storage=80%% quota-warning 80 %u
+## -      quota_warning = storage=80%% quota-warning 80 %u
+## -      quota_warning2 = storage=95%% quota-warning 95 %u
 ## -    }
 ## -    
 ## -    service quota-warning {
@@ -3677,8 +3731,8 @@ plugin {
   quota_rule = *:storage=1G
   quota_rule2 = Trash:storage=+200M
 
-  quota_warning = storage=95%% quota-warning 95 %u
-  quota_warning2 = storage=80%% quota-warning 80 %u
+  quota_warning = storage=80%% quota-warning 80 %u
+  quota_warning2 = storage=95%% quota-warning 95 %u
 }
 
 service quota-warning {

upgrade_roundcube.sh

@@ -112,6 +112,62 @@ echo_not_yet_implemented(){
    echo -e "\033[85G[ \033[30m\033[1mnot yet implemented\033[m ]"
 }
 
+detect_mysql_version () {
+
+   _MYSQLD_VERSION="$(mysqld -V 2>/dev/null)"
+
+   if [[ -z "$_MYSQLD_VERSION" ]]; then
+      fatal "No installed MySQL server or distribution found!"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ percona- ]]; then
+      MYSQL_CUR_DISTRIBUTION="Percona"
+   elif [[ "$_MYSQLD_VERSION" =~ MariaDB ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   elif [[ "$_MYSQLD_VERSION" =~ MySQL ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mysql- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mariadb- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   else
+      error "MySQL Instalation found, but cannot determin the distribution!"
+
+      MYSQL_CUR_DISTRIBUTION=
+      echo ""
+      echo "   Select the installed MySQL distribution."
+      echo ""
+      echo "   [1] MySQL (the original community edition)"
+      echo "   [2] Percona Server for MySQL"
+      echo "   [3] MariaDB"
+      echo ""
+      echononl "   Eingabe [1/2/3]: "
+
+      while [ "$MYSQL_CUR_DISTRIBUTION" != "MySQL" -a "$MYSQL_CUR_DISTRIBUTION" != "MariaDB" -a "$MYSQL_CUR_DISTRIBUTION" != "Percona" ];do
+         read OPTION
+         case $OPTION in
+               1)      MYSQL_CUR_DISTRIBUTION="MySQL"
+               ;;
+               2)      MYSQL_CUR_DISTRIBUTION="Percona"
+               ;;
+               3)      MYSQL_CUR_DISTRIBUTION="MariaDB"
+               ;;
+               *)    echo ""
+                     echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = Percona ; 3 = MariaDB ]"
+                     echo ""
+                     echononl "   Eingabe:"
+               ;;
+         esac
+      done
+   fi
+
+   MYSQL_VERSION="$(echo $_MYSQLD_VERSION | grep -o -E "[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?" | head -n 1)"
+   MYSQL_MAJOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1)"
+   MYSQL_MINOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f2)"
+   MYSQL_PATCH_LEVEL="$(echo $MYSQL_VERSION | cut -d '.' -f3)"
+   MYSQL_MAIN_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1,2)"
+
+}
+
+
 trap clean_up SIGHUP SIGINT SIGTERM
 
 
@@ -156,15 +212,6 @@ fi
 DEFAULT_DB_HOST="localhost"
 DEFAULT_DB_NAME="roundcubemail"
 DEFAULT_DB_USER="roundcube"
-if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
-elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
-else
-   DEFAULT_MYSQL_CREDENTIALS=""
-fi
-DEFAULT_DEBIAN_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
-DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 
 
 while IFS='' read -r -d '' _conf_file ; do
@@ -276,16 +323,69 @@ if [ "$DB_TYPE" = "postgres" -o  "$DB_TYPE" = "postgresql" -o "$DB_TYPE" = "pgsq
 fi
 
 
-if [[ "$DB_TYPE" = "mysql" ]]; then
-   if $MYSQL_DEBIAN_INSTALLATION ; then
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
-   else
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+if [[ "$DB_TYPE" = "mysql" ]] ; then
+
+   if [[ -z ${MYSQL_CREDENTIALS} ]] ; then
+
+      detect_mysql_version
+
+      if [[ "$MYSQL_CUR_DISTRIBUTION" = "MariaDB" ]] && ([[ $MYSQL_MAJOR_VERSION -gt 10 ]] \
+            || ( [[ $MYSQL_MAJOR_VERSION -eq 10 ]] && [[ $MYSQL_MINOR_VERSION -gt 3 ]] )) ; then
+         if [[ -S "/tmp/mysql.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /tmp/mysql.sock"
+         elif [[ -S "/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /run/mysqld/mysqld.sock"
+         elif [[ -S "/var/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /var/run/mysqld/mysqld.sock"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
+
+               Use configuration file "$conf_file" to set
+               parameter manually."
+         fi
+
+      else
+      
+         echononl "\tGet MySQL command.."
+         mysql_command="$(which mysql)"
+         if [[ $? -eq 0 ]]; then
+            echo_ok
+         else
+
+            if [[ -x "/usr/local/mysql/bin/mysql" ]]; then
+               mysql_command="/usr/local/mysql/bin/mysql"
+               echo_ok
+            else
+               echo_failed
+               fatal "$(cat $tmp_log_file)"
+            fi
+         fi
+
+         if $(${mysql_command} --login-path=local  -e ";" > /dev/null 2>&1) ; then
+            MYSQL_CREDENTIALS="--login-path=local"
+         elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+         elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated. 
+
+               Use configuration file "$conf_file" to set 
+               parameter manually."
+         fi
+      fi
+
+      #if $MYSQL_DEBIAN_INSTALLATION ; then
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+      #else
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+      #fi
+
    fi
 else
+   #[[ "$POSTFIX_DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$POSTFIX_DB_TYPE' (POSTFIX_DB_TYPE)"
    [[ "$DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$DB_TYPE' (DB_TYPE)"
 fi
-mysql_credential_args="$MYSQL_CREDENTIALS"
 
 
 if [[ "$DB_TYPE" = "mysql" ]]; then