install_update_dovecot-2.4.sh: fix errors Correct errors relating to database access.

Merge branch 'master' of git.oopen.de:install/mailsystem
install_update_dovecot-2.4.sh: Set 'quota_storage_size' to 9 (unlimited) - We only use personalized quotas.
2025-08-23 17:28:28 +02:00 · 2025-08-23 11:49:42 +02:00 · 2025-08-23 11:49:29 +02:00 · 2025-08-23 02:19:37 +02:00 · 2025-08-22 00:18:41 +02:00 · 2025-08-21 23:38:55 +02:00
21 changed files with 19425 additions and 997 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,6 +3,7 @@
 *.log
 *.swp
 conf/*.conf
+conf/*.env

 # - Postfixadmin
 postfixadmin-*
--- a/BAK/install_update_dovecot.sh.00
+++ b/BAK/install_update_dovecot.sh.00
--- a/DOC/README.test_mailprotocolls
+++ b/DOC/README.test_mailprotocolls
@ -1,16 +0,0 @@
-
-## -------------------------------------- ##
-## -          some litle tests            ##
-## -------------------------------------- ##
-
-## - test smtp (STARTTLS), submission (587) (STARTTLS), smtp (SSL),
-## - pop3 (SSL), pop3 (STARTTLS), imap (SSL) and imap (STARTTLS)
-## -
-openssl s_client -crlf -starttls smtp -connect localhost:25 [-state -debug]
-openssl s_client -crlf -starttls smtp -connect localhost:587
-openssl s_client -crlf -connect localhost:465
-openssl s_client -crlf -connect localhost:995
-openssl s_client -crlf -starttls pop3 -connect localhost:110
-openssl s_client -crlf -connect localhost:993
-openssl s_client -crlf -starttls imap -connect localhost:143
-
--- a/DOC/README.test_mailprotocols
+++ b/DOC/README.test_mailprotocols
@ -0,0 +1,44 @@
+
+## -------------------------------------- ##
+## -          some litle tests            ##
+## -------------------------------------- ##
+
+## -
+## - test smtp (STARTTLS), submission (587) (STARTTLS), smtp (SSL),
+## - pop3 (SSL), pop3 (STARTTLS), imap (SSL) and imap (STARTTLS)
+## -
+
+# ---
+# test - localhost
+# ---
+
+openssl s_client -crlf -starttls smtp -connect localhost:25 [-state -debug]
+openssl s_client -crlf -starttls smtp -connect localhost:587
+openssl s_client -crlf -connect localhost:465
+openssl s_client -crlf -connect localhost:995
+openssl s_client -crlf -starttls pop3 -connect localhost:110
+openssl s_client -crlf -connect localhost:993
+openssl s_client -crlf -starttls imap -connect localhost:143
+
+
+# ---
+# tests -  remote mailserver
+# ---
+
+mailserver="mx.gemeinschaft-altenschlirf.de"
+
+openssl s_client -crlf -starttls smtp -connect ${mailserver}:25 [-state -debug]
+openssl s_client -crlf -starttls smtp -connect ${mailserver}:587
+openssl s_client -crlf -connect ${mailserver}:465
+openssl s_client -crlf -connect ${mailserver}:995
+openssl s_client -crlf -starttls pop3 -connect ${mailserver}:110
+openssl s_client -crlf -connect ${mailserver}:993
+openssl s_client -crlf -starttls imap -connect ${mailserver}:143
+
+
+# Test RSA based TLS connection
+#
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
+
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2
+echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp
--- a/DOC/dovecot/README.maildir-size-fix.pl
+++ b/DOC/dovecot/README.maildir-size-fix.pl
@ -0,0 +1,61 @@
+# ----------
+# Fix Maildir Size
+#
+#     falls sich die tatsächliche Größe einer E-mail im Maildir Format 
+#     von der Größenangabe im Dateinamen unterscheidet, dann läuft
+#     dovecot auf fehler.
+#
+# Es gibt 2 Möglichekeiten das zu verhindern:
+#
+#     1. in der dovecot.conf (z.Bsp. in 10-mail.conf deb Parameter
+#        'maildir_broken_filename_sizes' auf 'yes' setzen
+#
+#              maildir_broken_filename_sizes = yes
+#
+#
+#     2. Die Größenangaben im Dateinamen korrigieren. Dafür gint es ein Skript
+#        namens 'maildir-size-fix.pl'. Dieses Skript steht bei Githup's
+#        'dovecot/tools' zur Verfügung:
+#
+#              https://github.com/dovecot/tools
+#
+# Das Perl-Skript maildir-size-fix.pl ist ein Werkzeug, das im Dovecot-Projekt 
+# verwendet wird, um Probleme mit der Größe von Maildir-Dateien zu beheben.
+#
+# Nützliche Optionen 
+#
+#     - add_missing_size: Fügt die Größeninformation hinzu, wenn sie fehlt.
+#
+#     - fix_existing_size: Überprüft und korrigiert bestehende Größeninformationen.
+#
+#     - recursive: Scannt das Maildir rekursiv, um auch Unterordner zu berücksichtigen.
+#
+#     - verbose: Ermöglicht detaillierte Protokollierung der Vorgänge.
+#
+#
+# ---------------------------------------------------------------------------------------
+#
+# Jede E.Mail in einem Maildir Ordner ist eine eigene Datei, dess dateiname üblicherweise
+# die Größe der datei selbst enthält (..,S=<dateigrösse>,W=..)
+#
+# ein typische Datei innerhalb eines Maildirordners sieht so aus:
+#
+#     1755713024.M837247P2624513.rage,S=38568,W=39101:2,Sc
+#          |            |          |
+#     Zeitstempel       |       Hostname  
+#                    eind. ID 
+#
+#     S= und ,W=: Dateigröße und "Weighted size" (für IMAP/Quota).
+#
+# wobei die flags folgende bedeitung haben:
+#
+#            +-------+-----------------------------+
+#            | Flag  | Bedeutung                   |
+#            +-------+-----------------------------+
+#            | S     | Seen (gelesen)              |
+#            | R     | Replied (beantwortet)       |
+#            | F     | Flagged (markiert / wichtig)|
+#            | T     | Trashed (zum Löschen mark.) |
+#            | D     | Draft (Entwurf)             |
+#            | P     | Passed (weitergeleitet)     |
+#            +-------+-----------------------------+
--- a/DOC/postfwd/README.default-rate-limits
+++ b/DOC/postfwd/README.default-rate-limits
@ -0,0 +1,18 @@
+default rate limits
+===================
+
+- von unbekannten Server 5 Empfänger pro 5 Minuten
+  Message: only 5 recipients per 5 minutes allowed
+
+- von einer IP-Adresse nicht mehr als 50 Nachrichten pro Minute
+  Message: Too many connections from <IP-Adress>
+
+- Pro Nachricht nicht mehr als 50 Empfänger
+  Message: Too many recipients, please reduce to less than 50 or consider using a mailing list
+
+- von einem User (also z.Bsp. cloud@oopen.de) nicht mehr 50 Nachrichten/Stunde
+  Message: Number messages per hour exceeded
+
+- von einem User (also z.Bsp. cloud@oopen.de) nicht mehr 250 Empfänger/Stunde
+  Message: Number recipients per hour exceeded
+
--- a/README.disable-milter-mail-filter
+++ b/README.disable-milter-mail-filter
@ -0,0 +1,10 @@
+# ----------
+# Disable Milter (mail filter) for (remote) SMTP client IP address(es).
+
+# see: 
+#     https://www.postfix.org/MILTER_README.html
+#     https://www.postfix.org/MILTER_README.html#per-client
+#
+#     https://www.postfix.org/postconf.5.html#smtpd_milter_maps
+
+
--- a/README.smtp-over-tor-hidden-services
+++ b/README.smtp-over-tor-hidden-services
@ -0,0 +1,3 @@
+#
+# see: https://www.void.gr/kargig/blog/2014/05/10/smtp-over-hidden-services-with-postfix/
+#
--- a/README.virtual-do-not-reply
+++ b/README.virtual-do-not-reply
@ -0,0 +1,159 @@
+# ====================
+# Forward E-Mails to 'do-not-reply@..' address to (file) /dev/null
+# ====================
+
+# ---
+# Example for this readme:
+#
+# Create a forwarding to /dev/null for the address no-reply@cloud-01.oopen.de
+# ---
+
+DOMAIN=""cloud-01.oopen.de
+E_MAIL="no-reply@cloud-01.oopen.de"
+
+# see also:
+#     https://www.postfix.org/VIRTUAL_README.html
+#
+#     https://think.unblog.ch/weiterleiten-von-postfix-alias-an-dev-null/
+#     https://think.unblog.ch/en/forward-postfix-alias-to-dev-null/
+#
+#     https://www.serverwatch.com/guides/forwarding-a-postfix-virtual-alias-to-dev-null/
+
+
+# Notice:
+#     the usual solution is to forward to (file) /dev/null. In a local-only setup you could do 
+#     that in /etc/aliases.
+#
+#     However, if your're using Postfix virtual domains, it gets a little more complicated. With 
+#     virtual domains/users, you can't forward mail to a file (like /dev/null). 
+
+
+# ---
+# 1. Set up an alias user 'do-not-reply'that forwards incoming e-mails to /dev/null.
+# ---
+
+# Add to file '/etc/aliases' a line like:
+#     do-not-reply: /dev/null
+
+if ! $(grep -q -E "^\s*do-not-reply:" /etc/aliases 2>/devnull) ; then
+   cat <<EOF >> /etc/aliases
+
+do-not-reply: /dev/null
+EOF
+fi
+
+# Renew alias database:
+#
+newaliases
+
+
+# ---
+# 2. Set up the domain (domain part of not-reply address)
+# ---
+
+# Create file '/etc/postfix/virtual_alias_domains' and add your domain '@cloud-01.oopen.de'
+#
+#  ${DOMAIN}         OK
+#
+if [[ ! -f "/etc/postfix/virtual_alias_domains" ]] ; then
+
+   cat <<EOF >> /etc/postfix/virtual_alias_domains
+# - File: /etc/postfix/virtual_alias_domains
+# -
+# - Note:
+# -  a mapping file always has two columns. In such a 'one-dimensional' mapping (list of domains) 
+# -  Postfix does not care about your second column. It does not even have to be 'OK', it can be
+# -  anything.
+# -
+# - Example:
+# -      <domain>            OK
+
+${DOMAIN}    OK
+EOF
+else
+   if ! $(grep -q -E "^\s*${DOMAIN}" /etc/postfix/virtual_alias_domains 2> /dev/null) ; then
+      cat <<EOF >> /etc/postfix/virtual_alias_domains
+
+${DOMAIN}    OK
+EOF
+   fi
+fi
+
+
+# Create Postfix lookup table (database file) from '/etc/postfix/virtual_alias_domains'
+#
+postmap btree:/etc/postfix/virtual_alias_domains
+
+
+# Add virtual_alias_domains to Postfix main Configuration
+#
+#  ...
+#  virtual_alias_domains =
+#     btree:/etc/postfix/virtual_alias_domains
+#  ...
+#
+if ! $(grep -q -E "^\s*virtual_alias_domains\s*=\s*btree:/etc/postfix/virtual_alias_domains" /etc/postfix/main.cf) \
+      && ! $(grep -q -E "^\s*btree:/etc/postfix/virtual_alias_domains" /etc/postfix/main.cf); then
+   perl -i -n -p -e "s#^(\s*virtual_alias_domains\s*=.*)#\1\n   btree:/etc/postfix/virtual_alias_domains#" /etc/postfix/main.cf
+fi
+
+
+
+# ---
+# 3. Set up adress mapping
+# ---
+
+# - Create file '/etc/postfix/virtual_alias_maps' and add your address mapping
+# -
+# -      ${E_MAIL}         do-not-reply
+# -
+if [[ ! -f "/etc/postfix/virtual_alias_maps" ]] ; then
+
+   cat <<EOF >> /etc/postfix/virtual_alias_maps
+# - File: /etc/postfix/virtual_alias_maps
+# -
+# - Redirect mail for one address to one or more addresses.
+# -
+# - Example:
+# -   # incomming address 'no-reply@cloud-01.oopen.de' to local 'do-not-reply' address
+# -   no-reply@cloud-01.oopen.de    do-not-reply
+# -
+
+${E_MAIL}      do-not-reply
+EOF
+else
+   if ! $(grep -q -E "^\s*${E_MAIL}" /etc/postfix/virtual_alias_maps 2> /dev/null) ; then
+      cat <<EOF >> /etc/postfix/virtual_alias_maps
+
+${E_MAIL}      do-not-reply
+EOF
+   fi
+fi
+
+
+# Create Postfix lookup table (database file) from '/etc/postfix/virtual_alias_maps'
+#
+postmap btree:/etc/postfix/virtual_alias_maps
+
+
+
+
+# Add virtual_alias_maps to Postfix main Configuration
+#
+#  ...
+#  virtual_alias_maps =
+#     btree:/etc/postfix/virtual_alias_maps
+#  ...
+#
+if ! $(grep -q -E "^\s*virtual_alias_maps\s*=\s*btree:/etc/postfix/virtual_alias_maps" /etc/postfix/main.cf) \
+      && ! $(grep -q -E "^\s*btree:/etc/postfix/virtual_alias_maps" /etc/postfix/main.cf); then
+   perl -i -n -p -e "s#^(\s*virtual_alias_maps\s*=.*)#\1\n   btree:/etc/postfix/virtual_alias_maps#" /etc/postfix/main.cf
+fi
+
+
+# ---
+# 4. Reload Postfix
+# ---
+
+systemctl reload postfix
+
--- a/conf/install_amavis.conf.sample
+++ b/conf/install_amavis.conf.sample
@ -6,6 +6,8 @@ _HOSTNAME=
 _IPV4=
 _IPV6=

+_SASL_AUTH_ENABLED=no
+
 _QUARANTINE_DIR=/var/QUARANTINE
 _QUARANTINE_ADMIN=postmaster\@$mydomain

--- a/install_amavis.sh
+++ b/install_amavis.sh
@ -110,19 +110,42 @@ detect_os_1 () {
 # --- Some default settings
 # -------------

+DEFAULT_SASL_AUTH_ENABLED="no"
+
 DEFAULT_QUARANTINE_DIR="/var/QUARANTINE"
 DEFAULT_QUARANTINE_ADMIN='postmaster\@$mydomain'
 DEFAULT_DB_IN_USE=false

 DEFAULT_INSTALL_CLAMAV_UNOFFICIAL_SIGS=true

-DEFAULT_MALWARE_PATROL_IN_USE=true
+DEFAULT_MALWARE_PATROL_IN_USE=false
 DEFAULT_MALWERE_PATROL_FREE=false
 DEFAULT_MP_RECEIPT_NUMBER=106015125438

 DEFAULT_SECURITE_INFO_IN_USE=true
 DEFAULT_SI_AUTHORISATION_SIGNATURE_WF=76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b
-DEFAULT_SI_AUTHORISATION_SIGNATURE_OOPEN=b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89
+
+#DEFAULT_SI_AUTHORISATION_SIGNATURE_OOPEN=b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89
+DEFAULT_SI_AUTHORISATION_SIGNATURE_OOPEN=abb4ec6b194639f3d123154f1b971843a3b8751d8c1bcdc7d07ed6db26621b11bca0e23d2a42b60aef3f7b7803a1466a964d90c7b1e82d67c7680c8f46b59a4e
+
+# SecuriteInfo signatur databases
+#
+SI_SIGNATUR_DATABASES="
+   securiteinfo.hdb
+   securiteinfo.ign2
+   javascript.ndb
+   spam_marketing.ndb
+   securiteinfohtml.hdb
+   securiteinfoascii.hdb
+   securiteinfoandroid.hdb
+   securiteinfoold.hdb
+   securiteinfopdf.hdb
+   securiteinfo0hour.hdb
+   securiteinfo.mdb
+   securiteinfo.yara
+   securiteinfo.pdb
+   securiteinfo.wdb
+"

 # - This parameter will be not asked, so setting it here
 # -
@ -162,6 +185,8 @@ if [[ -z "$_HOSTNAME" ]] ; then
   [[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME=""
 fi

+[[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED="$DEFAULT_SASL_AUTH_ENABLED"
+

 [[ -z "$_QUARANTINE_DIR" ]] && _QUARANTINE_DIR="$DEFAULT_QUARANTINE_DIR"

@ -182,12 +207,18 @@ _needed_packages_clamav="clamav \
   clamav-freshclam \
   libgmp-dev \
   libgmp10"
-if [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 10 ]] ; then
+if [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -eq 10 ]] ; then
 	_needed_packages_clamav="$_needed_packages_clamav \
   libclamunrar7"
-else
+elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -eq 11 ]] ; then
 	_needed_packages_clamav="$_needed_packages_clamav \
   libclamunrar9"
+elif [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -eq 12 ]] ; then
+	_needed_packages_clamav="$_needed_packages_clamav \
+   libclamunrar11"
+else
+   _needed_packages_clamav="$_needed_packages_clamav \
+   libclamunrar13"
 fi

 _needed_decoders_amavis="
@ -331,6 +362,33 @@ if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
   IPV6=disabled
 fi

+SASL_AUTH_ENABLED=
+echo ""
+echo -e "\033[32m--\033[m"
+echo ""
+echo "Should this mail server support Cyrus SASL authentication?"
+echo ""
+while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do
+
+   if [[ -n "$_SASL_AUTH_ENABLED" ]]; then
+      echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: "
+      read SASL_AUTH_ENABLED
+      SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,}
+      [[ -z "$SASL_AUTH_ENABLED" ]] && SASL_AUTH_ENABLED="$_SASL_AUTH_ENABLED"
+   else
+      echononl "Support Cyrus SASL authentication [yes/no]: "
+      read SASL_AUTH_ENABLED
+      SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,}
+   fi
+
+   if [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]] ; then
+      _SASL_AUTH_ENABLED=""
+      echo -e  "\n\t\033[33m\033[1mWrong entry!\033[m\n Type 'yes' or 'no'"
+   fi
+
+done
+
+

 echo ""
 echo -e "\033[32m--\033[m"
@ -358,6 +416,85 @@ else
   done
 fi

+
+echo ""
+echo -e "\033[32m--\033[m"
+echo ""
+echo "Use SecuriteInfo Signatures (https://www.securiteinfo.com)?"
+echo ""
+echo "Note: You have to sign up for an account. For a free account thats here:"
+echo "      https://www.securiteinfo.com/clients/customers/signup"
+echo ""
+if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then
+   echononl "Load SecuriteInfo Singatures (yes/no): "
+else
+   if $_SECURITE_INFO_IN_USE ; then
+      echononl "Load SecuriteInfo Singatures [yes]: "
+   else
+      echononl "Load SecuriteInfo Singatures [no]: "
+   fi
+fi
+read _TMP_LOAD_SI
+_TMP_LOAD_SI=${_TMP_LOAD_SI,,}
+while [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; do
+   if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then
+      echononl "Wrong entry! (yes/no): "
+      read _TMP_LOAD_SI
+      _TMP_LOAD_SI=${_TMP_LOAD_SI,,}
+   else
+      if [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; then
+         if [[ "X$_TMP_LOAD_SI" = "X" ]]; then
+            if $_SECURITE_INFO_IN_USE ; then
+               _TMP_LOAD_SI=yes
+            else
+               _TMP_LOAD_SI=no
+            fi
+         else
+            if $_SECURITE_INFO_IN_USE ; then
+               echononl "Wrong entry! [yes]: "
+            else
+               echononl "Wrong entry! [no]: "
+            fi
+            read _TMP_LOAD_SI
+         fi
+      fi
+   fi
+done
+if [[ "$_TMP_LOAD_SI" = "yes" ]] ; then
+   SECURITE_INFO_IN_USE=true
+else
+   SECURITE_INFO_IN_USE=false
+fi
+
+if $SECURITE_INFO_IN_USE ; then
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "Insert SecuriteInfo Authorisation Signature"
+   echo ""
+   echo ""
+   SI_AUTHORISATION_SIGNATURE=
+   if [[ -n "$_SI_AUTHORISATION_SIGNATURE" ]] ; then
+      while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do
+         echononl "SecuriteInfo Authorisation Signature [$(echo ${_SI_AUTHORISATION_SIGNATURE:0:4})..$(echo ${_SI_AUTHORISATION_SIGNATURE: -4})]: "
+         read SI_AUTHORISATION_SIGNATURE
+         if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then
+               SI_AUTHORISATION_SIGNATURE=$_SI_AUTHORISATION_SIGNATURE
+            fi
+      done
+   else
+
+      while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do
+         echononl "SecuriteInfo Authorisation Signature: "
+         read SI_AUTHORISATION_SIGNATURE
+         if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then
+            echo -e "\n\t\033[33m\033[1mSecuriteInfo Authorisation Signature is reqired\033[m\n"
+         fi
+      done
+   fi
+fi
+
+
 echo ""
 echo -e "\033[32m--\033[m"
 echo ""
@ -531,84 +668,6 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then

   fi

-
-   echo "" 
-   echo -e "\033[32m--\033[m" 
-   echo "" 
-   echo "Load SecuriteInfo Signatures (https://www.securiteinfo.com)?" 
-   echo "" 
-   echo "Note: You have to sign up for an account. For a free account thats here:"
-   echo "      https://www.securiteinfo.com/clients/customers/signup"
-   echo "" 
-   if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then
-      echononl "Load SecuriteInfo Singatures (yes/no): "
-   else
-      if $_SECURITE_INFO_IN_USE ; then
-         echononl "Load SecuriteInfo Singatures [yes]: "
-      else
-         echononl "Load SecuriteInfo Singatures [no]: "
-      fi
-   fi
-   read _TMP_LOAD_SI
-   _TMP_LOAD_SI=${_TMP_LOAD_SI,,}
-   while [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; do
-      if [[ -z "$_SECURITE_INFO_IN_USE" ]]; then
-         echononl "Wrong entry! (yes/no): "
-         read _TMP_LOAD_SI
-         _TMP_LOAD_SI=${_TMP_LOAD_SI,,}
-      else
-         if [ "X$_TMP_LOAD_SI" != "Xyes" -a "X$_TMP_LOAD_SI" != "Xno" ]; then
-            if [[ "X$_TMP_LOAD_SI" = "X" ]]; then
-               if $_SECURITE_INFO_IN_USE ; then
-                  _TMP_LOAD_SI=yes
-               else
-                  _TMP_LOAD_SI=no
-               fi
-            else
-               if $_SECURITE_INFO_IN_USE ; then
-                  echononl "Wrong entry! [yes]: "
-               else
-                  echononl "Wrong entry! [no]: "
-               fi
-               read _TMP_LOAD_SI
-            fi
-         fi
-      fi
-   done
-   if [[ "$_TMP_LOAD_SI" = "yes" ]] ; then
-      SECURITE_INFO_IN_USE=true
-   else
-      SECURITE_INFO_IN_USE=false
-   fi
-
-   if $SECURITE_INFO_IN_USE ; then
-      echo ""
-      echo -e "\033[32m--\033[m"
-      echo ""
-      echo "Insert SecuriteInfo Authorisation Signature"
-      echo ""
-      echo ""
-      SI_AUTHORISATION_SIGNATURE=
-      if [[ -n "$_SI_AUTHORISATION_SIGNATURE" ]] ; then
-         while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do
-            echononl "SecuriteInfo Authorisation Signature [$(echo ${_SI_AUTHORISATION_SIGNATURE:0:4})..$(echo ${_SI_AUTHORISATION_SIGNATURE: -4})]: "
-            read SI_AUTHORISATION_SIGNATURE
-            if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then
-                  SI_AUTHORISATION_SIGNATURE=$_SI_AUTHORISATION_SIGNATURE
-               fi
-         done
-      else
-
-         while [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; do
-            echononl "SecuriteInfo Authorisation Signature: "
-            read SI_AUTHORISATION_SIGNATURE
-            if [[ "X$SI_AUTHORISATION_SIGNATURE" = "X" ]]; then
-               echo -e "\n\t\033[33m\033[1mSecuriteInfo Authorisation Signature is reqired\033[m\n"
-            fi
-         done
-      fi
-   fi
-
 fi


@ -785,6 +844,9 @@ echo ""
 echo -e "\tHostname...............................: $HOSTNAME"
 echo -e "\tIPv4 address...........................: $IPV4"
 echo -e "\tIPv6 address...........................: $IPV6"
+echo ""
+echo -e "\tSASL AUTH support......................: $SASL_AUTH_ENABLED"
+echo ""
 echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR"
 echo ""
 echo -e "\tInstall ClamAv Unoffical Sigs .........: $INSTALL_CLAMAV_UNOFFICIAL_SIGS"
@ -834,6 +896,8 @@ _HOSTNAME=$HOSTNAME
 _IPV4=$IPV4
 _IPV6=$IPV6

+_SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED
+
 _QUARANTINE_DIR=$QUARANTINE_DIR
 _QUARANTINE_ADMIN=$QUARANTINE_ADMIN

@ -912,6 +976,7 @@ _needed_packages_base="libnet-ldap-perl \
   libdbd-pg-perl \
   libdbi-perl \
   libdbi-dev \
+   libnet-patricia-perl \
   g++ \
   cpanminus"
 for _pkg in $_needed_packages_base ; do
@ -949,7 +1014,9 @@ _needed_cpan_modules="CPAN
   DBI
   DBD::mysql
   DBD::Pg"
-for _module in $_needed_cpan_modules ; do
+
+if [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 12 ]] ; then
+   for _module in $_needed_cpan_modules ; do
      cpanm -q --skip-installed $_module  > "$tmp_err_msg" 2>&1
      if [[ "$?" -ne 0 ]] ; then
         installation_failed=true
@ -968,9 +1035,24 @@ for _module in $_needed_cpan_modules ; do
         [[ $OK = "yes" ]] || fatal "Abbruch durch User"

      fi
-done
-if ! $installation_failed ; then
+   done
+   if ! $installation_failed ; then
      echo_ok
+   fi
+else
+   echo_skipped
+   info "Needed Perl modules are:
+
+                     DBI
+                     DBD::mysql
+                     DBD::Pg
+
+                   All of them are installed via debian package system:
+
+                     libdbi-perl
+                     libdbd-mysql-perl
+                     libdbd-pg-perl"
+
 fi

 ## - Temporarily disable crontab for user root
@ -1052,6 +1134,10 @@ if [[ "$os_version" -lt 10 ]] ; then
   _needed_packages_spamassassin="$_needed_packages_spamassassin \
   libio-zlib-perl"
 fi
+if [[ "$os_version" -gt 11 ]] ; then
+   _needed_packages_spamassassin="$_needed_packages_spamassassin \
+   spamd"
+fi

 for _pkg in $_needed_packages_spamassassin ; do
   if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
@ -1670,7 +1756,7 @@ echo -e "   \033[37m\033[1mConfigure Spamassassin..\033[m"
 ## -
 _config_file=/etc/spamassassin/local.cf
 if [[ ! -f "${_config_file}.ORIG" ]]; then
-   echononl   "   Save installation version of ${_config_file} (Suffix \".ORIF\")"
+   echononl   "   Save installation version of ${_config_file} (Suffix \".ORIG\")"
   cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg
   if [[ $? -eq 0 ]] ; then
      echo_ok
@ -1764,6 +1850,10 @@ cat << EOF > /etc/spamassassin/local.cf 2>$tmp_err_msg
 #
 ###########################################################################

+#    A 'contact address' users should contact for more info. (replaces
+#    _CONTACTADDRESS_ in the report template)
+# report_contact youremailaddress@domain.tld
+
 #   Add *****SPAM***** to the Subject header of spam e-mails
 #
 # rewrite_header Subject *****SPAM*****
@ -1842,6 +1932,28 @@ bayes_ignore_header X-Spam-Flag
 bayes_ignore_header X-Spam-Status


+#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
+#   them to UTF-8 before the text is given over to rules processing.
+#
+# normalize_charset 1
+
+#   Textual body scan limit    (default: 50000)
+#
+#   Amount of data per email text/* mimepart, that will be run through body
+#   rules.  This enables safer and faster scanning of large messages,
+#   perhaps having very large textual attachments.  There should be no need
+#   to change this well tested default.
+#
+# body_part_scan_size 50000
+
+#   Textual rawbody data scan limit    (default: 500000)
+#
+#   Amount of data per email text/* mimepart, that will be run through
+#   rawbody rules.
+#
+# rawbody_part_scan_size 500000
+
+
 #   Optional:
 #   Some people believe auto-whitelist is more of a liability than an asset:
 #
@ -1943,7 +2055,7 @@ fi
 _config_file=/etc/spamassassin/v310.pre
 _backup_file=""
 if [[ ! -f "${_config_file}.ORIG" ]]; then
-   echononl   "   Save installation version of ${_config_file} (Suffix \".ORIF\")"
+   echononl   "   Save installation version of ${_config_file} (Suffix \".ORIG\")"
   cp -a "$_config_file" "${_config_file}.ORIG" > /dev/null 2> $tmp_err_msg
   if [[ $? -eq 0 ]] ; then
      echo_ok
@ -2642,21 +2754,49 @@ EOF
 fi

 echononl "   Restart spamassassin"
+if [[ "${os_dist,,}" = "debian" ]] && [[ "$os_version" -lt 12 ]] ; then
+   _service="spamassassin"
+else
+   _service="spamd"
+fi
 if $systemd_exists ; then
-   systemctl restart spamassassin > /dev/null 2> $tmp_err_msg
+   systemctl restart ${_service} > /dev/null 2> $tmp_err_msg
   if [[ $? -eq 0 ]] ; then
      echo_ok
   else
      echo_failed
      error "$(cat $tmp_err_msg)"
+
+		echononl "continue anyway [yes/no]: "
+		read OK
+		OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+		while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+			echononl "Wrong entry! - repeat [yes/nno]: "
+			read OK
+		done
+		[[ $OK = "yes" ]] || fatal "Abbruch durch User"
   fi
 else
-   /etc/init.d/spamassassin restart > /dev/null 2> $tmp_err_msg
+   if [[ -f "/etc/init.d/${_service}" ]]; then
+      /etc/init.d/${_service} restart > /dev/null 2> $tmp_err_msg
      if [[ $? -eq 0 ]] ; then
         echo_ok
      else
         echo_failed
         error "$(cat $tmp_err_msg)"
+
+         echononl "continue anyway [yes/no]: "
+         read OK
+         OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+         while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+            echononl "Wrong entry! - repeat [yes/nno]: "
+            read OK
+         done
+         [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+      fi
+   else
+      echo_skipped
+      warn "Please restart spamassassin manually.."
   fi
 fi

@ -2819,6 +2959,50 @@ else
 	[[ $OK = "yes" ]] || fatal "Abbruch durch User"
 fi

+echononl "   Add SecuriteInfo signatur databases to freshclam.conf"
+if $SECURITE_INFO_IN_USE ; then
+
+   if [[ -f "/etc/clamav/freshclam.conf" ]] ; then
+
+      _done=false
+      for signatur_database in $SI_SIGNATUR_DATABASES ; do
+
+         if ! $(grep -q -E "DatabaseCustomURL\s+https://www.securiteinfo.com.*${signatur_database}" "/etc/clamav/freshclam.conf" 2>/dev/null) ; then
+
+            echo "DatabaseCustomURL https://www.securiteinfo.com/get/signatures/${SI_AUTHORISATION_SIGNATURE}/${signatur_database}" >> /etc/clamav/freshclam.conf
+
+            _done=true
+
+         fi
+
+      done
+
+      if $_done ; then
+         echo_ok
+      else
+         echo_skipped
+      fi
+
+   else
+
+      echo_failed
+      error "Cannot find freshclam configuration file '/etc/clamav/freshclam.conf'!"
+
+      echononl "continue anyway [yes/no]: "
+      read OK
+      OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+      while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+         echononl "Wrong entry! - repeat [yes/nno]: "
+         read OK
+      done
+      [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+
+   fi # if [[ -f "/etc/clamav/freshclam.conf" ]] ; then
+
+else
+   echo_skipped
+fi
+
 echononl "   Start ClamAv daemon.."
 if $systemd_exists ; then
   systemctl start clamav-daemon > /dev/null 2> $tmp_err_msg
@ -3370,9 +3554,16 @@ if $INSTALL_CLAMAV_UNOFFICIAL_SIGS ; then
 # --------------------------------------
 # --- Begin: User specific modifications
 # --- Inserted by install-script "$(basename "$0")" at $(date +"%Y-%m-%d %H:%M")
+
+# - SecuriteInfo
+# -
+# - SecuriteInfo signatures are now directly integrated into ClamAV's Freshclam.
+# -
+# - We therefore disable them here.
+# -
+securiteinfo_enabled="no"
 EOF

-   if $MALWARE_PATROL_IN_USE || $SECURITE_INFO_IN_USE ; then

   if $MALWARE_PATROL_IN_USE ; then

@ -3406,28 +3597,23 @@ EOF
            error "$(cat $tmp_err_msg)"
         fi
      fi
-      fi # if $MALWARE_PATROL_IN_USE

-      if $SECURITE_INFO_IN_USE ; then
+   else
      cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg
-# - SecuriteInfo
+
+# - MalwarePatrol
 # -
-# -    type:     basic
-# -    account:  ckubu@oopen.de
-# -    signatur: abb4ec6b..46b59a4e
+# - Not in use
 # -
-# -    type:     professional
-# -    account:  oo@oopen.de
-# -    signatur: b0b7e94d..0c2e3a89
-# -
-securiteinfo_authorisation_signature="$SI_AUTHORISATION_SIGNATURE"
+malwarepatrol_enabled="no"
 EOF
      if [[ "$?" -ne 0 ]] ; then
         installation_failed=true
         error "$(cat $tmp_err_msg)"
      fi
-      fi # if $SECURITE_INFO_IN_USE
-   fi #if $MALWARE_PATROL_IN_USE || $SECURITE_INFO_IN_USE
+
+   fi #if $MALWARE_PATROL_IN_USE
+
   cat << EOF >> /etc/clamav-unofficial-sigs/user.conf 2> $tmp_err_msg

 # - Disable  Yara-Rule set, because (some?) pgp mails where blocked.
@ -3904,6 +4090,8 @@ use strict;
 #    10024: default listening port
 #    10026: used for whitelisting IP's (trusted networks)
 #
+#    10029: used for whitelisting senders from spam checks BUT NOT from virus check
+#
 # Notice: take care, to configure postfix sending mails from
 #         trusted networks to port 10026
 #
@ -3924,6 +4112,8 @@ use strict;
 #
 #
 #\$inet_socket_port = [10024, 10026];
+#\$inet_socket_port = [10024, 10029];
+#\$inet_socket_port = [10024, 10026, 10029];

 # Bypass spam checking fro trusted networks
 #
@ -3936,6 +4126,16 @@ use strict;
 #};


+# Bypass spam checking for whitelisted senders
+#
+#\$interface_policy{'10029'} = 'VIRUSONLY';
+#\$policy_bank{'VIRUSONLY'} = { # mail from the pickup daemon
+#   bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't spam-check this mail
+#   bypass_banned_checks_maps => ['@whitelist_sender_maps'], # don't banned-check this mail
+#   bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't header-check this mail
+#};
+
+
 ## - 7 instances seems to be a good value.
 ## -
 \$max_servers = 7;
@ -3954,12 +4154,6 @@ use strict;
 ## -


-## - Global whitelisting of senders.
-## -
-## - Don't know if this works !!
-## -
-@whitelist_sender_maps = (\%whitelist_sender);
-
 ## -    %whitelist_sender = (
 ## -        # Full E-Mail Adresses
 ## -        adress1@domain1.com      => '1',
@ -3986,6 +4180,12 @@ use strict;
 ## -
 read_hash(\%whitelist_sender, '/etc/postfix/sender_whitelist');

+## - Global whitelisting of senders.
+## -
+## - Don't know if this works !!
+## -
+@whitelist_sender_maps = (\%whitelist_sender);
+

 ## ---
 ## - Default antivirus checking mode
@ -4135,96 +4335,15 @@ read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
 \$final_spam_destiny       = D_BOUNCE;
 #\$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)

-\$sa_tag_level_deflt  = 2.0;    # add spam info headers if at, or above that level
-\$sa_tag2_level_deflt = 5.1;    # add 'spam detected' headers at that level
-\$sa_kill_level_deflt = 10.31;  # reject/bounce/discard/pass

+##- Moved to file '/etc/amavis/policy_banks.conf'
 ## -
-## - User / Domain specific settings
+## -  \$sa_tag_level_deflt  = 2.0;    # add spam info headers if at, or above that level
+## -  \$sa_tag2_level_deflt = 5.1;    # add 'spam detected' headers at that level
+## -  \$sa_kill_level_deflt = 10.31;  # reject/bounce/discard/pass
 ## -
+do "/etc/amavis/policy_banks.conf";  # Externe Datei einbinden

-## - Per-recipient mapping of tag2 levels to email addresses (tag2 level):
-## -
-## - Set directly:
-## -
-#\$sa_tag2_level_deflt = {
-#   # oopen.de
-#   'oopen.de'=>'2.1',
-#   'ckubu@oopen.de'=>'2.2',
-#   'argus@oopen.de'=>'2.3',
-#   # k8h.de
-#   'k8h.de'=>'6.5',
-#   # default
-#   '.'=>'5.1'
-#};
-## -
-## - Read from file using @spam_tag2_level_maps
-## -
-## -    default: @spam_tag2_level_maps = (\\\$sa_tag2_level_deflt);
-## -
-## - Example file '/etc/postfix/tag2_level_maps.dat' 
-## -
-## -    # oopen.de
-## -    oopen.de           2.1
-## -    ckubu@oopen.de     2.2
-## -    argus@oopen.de     2.3
-## -    [..]
-## -    # k8h.de
-## -    k8h.de             6.5
-## -    [..]
-## -    # default
-## -    .                  5.1
-## -
-#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
-
-## - Per-recipient mapping of kill levels to email addresses (kill level):
-## -
-## - Set directly
-## -
-#\$sa_kill_level_deflt = {
-#   'ckubu@oopen.de'=>'1500.0',
-#   'ckubu-adm@oopen.de'=>'1500.0',
-#   # default
-#   '.'=>'10.31'
-#};
-## -
-## - Read from file using @spam_kill_level_maps
-## -
-## -    default: @spam_kill_level_maps = (\\\$sa_kill_level_deflt);
-## -
-## - Example file '/etc/postfix/kill_level_maps.dat' 
-## -
-## -    # oopen.de
-## -    ckubu@oopen.de     1500.0
-## -    ckubu-adm@oopen.de 1500.0
-## -    [..]
-## -    # default
-## -    .                  10.31
-## -
-#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') );
-
-
-## - We will inform the sender about bouncing his mail with a DSN (Delivery
-## - StatusNotification). That DSN message will no be send, if the spamvalue 
-## - exceeds the value of sa_dsn_cutoff_level
-## -
-#\$sa_dsn_cutoff_level = 10;     # spam level beyond which a DSN is not sent
-\$sa_dsn_cutoff_level = 20;
-
-
-## - change the default server response if mail was blocked
-## - because of spam.
-## -
-## - results in (is an example):
-## -    <ckubu@so36.net>: host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, Mailserver
-## -    at a.mx.oopen.de: identified as SPAM -  (in reply to end of DATA command)
-## -
-%smtp_reason_by_ccat = (
-  CC_SPAM, "Mailserver at \$myhostname: identified as SPAM - %x"
-);
-
-\$sa_spam_subject_tag = undef;
-#\$sa_spam_subject_tag = '***SPAM*** '; 


 ## - QUARANTINE
@ -4472,6 +4591,153 @@ else
 fi


+## - Create File containing policy settings
+## -
+_config_policy_banks_file=/etc/amavis/policy_banks.conf
+echononl "    Create File \"${_config_policy_banks_file}\""
+if [[ -f "${_config_policy_banks_file}" ]]; then
+   echo_skipped
+else
+   cat << EOF > ${_config_policy_banks_file}
+# Externe Richtliniendatei für amavisd
+
+use strict;
+
+
+# ---
+# add spam info headers if at, or above that level
+# ---
+
+## - All recipients with identical the same setting:
+## -
+#\$sa_tag_level_deflt  = 2.0;
+
+## - Per-recipient mapping of tag2 levels to email addresses (tag2 level):
+## -
+## - Set directly:
+## -
+\$sa_tag_level_deflt = {
+   'oopen.de'           => '-4.5',
+   # default
+   '.'=>'2.0'
+};
+
+## - Read from file using @spam_tag2_level_maps
+## -
+## -    default: @spam_tag2_level_maps = (\$sa_tag2_level_deflt);
+## -
+## - Example file '/etc/postfix/tag2_level_maps.dat'
+## -
+## -    # oopen.de
+## -    oopen.de           2.1
+## -    ckubu@oopen.de     2.2
+## -    argus@oopen.de     2.3
+## -    [..]
+## -    # k8h.de
+## -    k8h.de             6.5
+## -    [..]
+## -    # default
+## -    .                  5.1
+## -
+#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
+
+
+#\$sa_spam_subject_tag = '***SPAM*** ';    # Spam-Betreff-Tag
+\$sa_spam_subject_tag = undef;
+
+
+
+# ---
+# add 'spam detected' headers at that level
+# ---
+
+## - All recipients with identical the same setting:
+## -
+#\$sa_tag2_level_deflt = 5.1;               # add 'spam detected' headers at that level
+
+## - Per-recipient mapping of kill levels to email addresses (kill level):
+## -
+## - Set directly
+## -
+\$sa_tag2_level_deflt = {
+   'oopen.de'           => '3.1',
+   '123comics.net'      => '4.1',
+   'info@123comics.net' => '3.1',
+   # default
+   '.'                  => '5.1',
+};
+
+## - Read from file using @spam_kill_level_maps
+## -
+## -    default: @spam_kill_level_maps = (\$sa_kill_level_deflt);
+## -
+## - Example file '/etc/postfix/kill_level_maps.dat'
+## -
+## -    # oopen.de
+## -    ckubu@oopen.de     1500.0
+## -    ckubu-adm@oopen.de 1500.0
+## -    [..]
+## -    # default
+## -    .                  10.31
+## -
+#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') );
+
+
+
+# ---
+# adding more detailed spam-related headers.
+# ---
+
+## - All recipients with identical the same setting:
+## -
+\$sa_tag3_level_deflt = 7.0;               # threshold for sa_tag3_level_deflt
+
+## - Note
+## -  Like 'sa_tag2_level_deflt' above per-recipient also possible
+
+
+@sa_tag3_level_maps = (
+  ['^Subject:', '\[HIGH-SPAM\] $&'],      # Modify subject
+  ['HEADER', 'X-High-Spam-Flag', 'YES'],  # Add a custom header
+);
+
+
+# ---
+# spam score threshold at which amavisd-new will reject (kill) an email.
+# ---
+
+## - All recipients with identical the same setting:
+## -
+\$sa_kill_level_deflt = 10.31;             # reject/bounce/discard/pass
+
+## - Note
+## -  Like 'sa_tag2_level_deflt' above per-recipient also possible
+
+
+
+# ---
+# The threshold for sending a delivery status notification (DSN) to the sender
+# ---
+
+## - We will inform the sender about bouncing his mail with a DSN (Delivery
+## - StatusNotification). That DSN message will no be send, if the spamvalue
+## - exceeds the value of sa_dsn_cutoff_level
+## -
+#\$sa_dsn_cutoff_level = 10;     # spam level beyond which a DSN is not sent
+\$sa_dsn_cutoff_level = 20;
+
+
+#------------ Do not modify anything below this line -------------
+1;  # ensure a defined return
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+   fi
+fi
+
+
 ## - Configure syslogd matching the configuration od amavisd
 ## -
 echononl "   Configure syslogd matching the configuration of amavis"
@ -4834,6 +5100,12 @@ if grep -iq -E "^amavisfeed\s+" $postfix_master_cf > /dev/null 2>&1 ; then
 else
   amavisfeed_present=false
 fi
+if grep -iq -E "^[0-9]{2,5}\s+inet.*smtpd" $postfix_master_cf > /dev/null 2>&1 ; then
+   listen_on_additional_smtp_port=true
+   additional_smtp_port="$(grep -E "^[0-9]{2,5}\s+inet.*smtpd" /etc/postfix/master.cf | grep -o -E "^[0-9]{2,5}")"
+else
+   listen_on_additional_smtp_port=false
+fi

 > $postfix_master_cf
 while IFS='' read -r _line || [[ -n $_line ]] ; do
@ -4844,8 +5116,26 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
 smtp      inet  n       -       y       -       -       smtpd
   -o smtpd_proxy_filter=127.0.0.1:10024
   -o content_filter=
+EOF
+      if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
+         cat >> $postfix_master_cf << EOF
   -o smtpd_sasl_auth_enable=no
 EOF
+      fi
+
+      if ${listen_on_additional_smtp_port} ; then
+         cat >> $postfix_master_cf << EOF
+${additional_smtp_port}      inet  n       -       y       -       -       smtpd
+   -o smtpd_proxy_filter=127.0.0.1:10024
+   -o content_filter=
+EOF
+         if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
+            cat >> $postfix_master_cf << EOF
+   -o smtpd_sasl_auth_enable=no
+EOF
+         fi
+      fi
+
 		if ! $submission_present && ! $smtps_present && ! $localhost_10025_present ; then
 					cat >> $postfix_master_cf << EOF
 localhost:10025  inet  n       -       y       -       -       smtpd
@ -5100,6 +5390,13 @@ else
   fi
 fi

+if ${listen_on_additional_smtp_port}; then
+
+   echo ""
+   warn "Please do not forget to allow incomming traffic on port \033[1m${additional_smtp_port}\033[m.
+                     Check your firewall settings.."
+fi
+

 #fi # if $ommit ; then
 # -------------------------------
--- a/install_opendkim.sh
+++ b/install_opendkim.sh
@ -189,6 +189,13 @@ else
   cat <<EOF > $opendkim_conf_file 2> $log_file
 # Datei $opendkim_conf_file

+# Sets the "authserv-id" to use when generating the Authentication-Results:
+# header field after verifying a message. The default is to use the name of
+# the MTA processing the message. If the string "HOSTNAME" is provided, the
+# name of the host running the filter (as returned by the gethostname(3)
+# function) will be used.
+AuthservID              "DKIM check $(hostname -f)"
+
 # OpenDKIM agiert als Mail Filter (= Milter) in den
 # Modi signer (s) und verifier (v) und verwendet eine
 # Socket-Datei zur Kommunikation (alternativ: lokaler Port)
@ -237,6 +244,21 @@ SignatureAlgorithm      rsa-sha256
 # because it is often the identity key used by reputation systems and thus
 # somewhat security sensitive.
 OversignHeaders         From
+
+# Add an "Authentication-Results:" header field even to unsigned messages
+# from domains with no "signs all" policy. The reported DKIM result will be
+# "none" in such cases. Normally unsigned mail from non-strict domains does
+# not cause the results header field to be added.
+AlwaysAddARHeader       yes
+
+# Causes opendkim to fork and exits immediately, leaving the service running
+# in the background. The default is "true".
+Background              yes
+
+# Sets the DNS timeout in seconds. A value of 0 causes an infinite wait. The
+# default is 5. Ignored if not using an asynchronous resolver package. See
+# also the NOTES section below.
+DNSTimeout              5
 EOF
   opendkim_needs_restart=true
   if [[ $? -eq 0 ]] ; then
--- a/install_opendmarc.sh
+++ b/install_opendmarc.sh
@ -23,7 +23,7 @@ opendmarc_socket_dir="${postfix_spool_dir}/opendmarc"
 opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock"

 config_file_name_value_parameters="
-   AuthservID|OpenDMARC
+   AuthservID|DMARC check $(hostname -f)
   PidFile|/run/opendmarc/opendmarc.pid
   RejectFailures|true
   Syslog|true
@ -31,11 +31,12 @@ config_file_name_value_parameters="
   TrustedAuthservIDs|$(hostname -f)
   IgnoreHosts|/etc/opendmarc/ignore.hosts
   IgnoreAuthenticatedClients|true
-   RequiredHeaders|true
+   RequiredHeaders|false
   UMask|002
   FailureReports|false
   AutoRestart|true
   HistoryFile|/run/opendmarc/opendmarc.dat
+   SPFIgnoreResults|false
   SPFSelfValidate|true
   Socket|${opendmarc_socket_file}
 "
@ -182,6 +183,200 @@ else
 fi


+# - Add 'IgnoreHosts' with default value to the original opendmarc.conf file
+#
+echononl " Add 'IgnoreHosts' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^IgnoreHosts\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Specifies the path to a file that contains a list of hostnames, IP addresses,
+## and/or CIDR expressions identifying hosts whose SMTP connections are to be
+## ignored by the filter. If not specified, defaults to "127.0.0.1" only.
+#
+IgnoreHosts 127.0.0.1
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'IgnoreAuthenticatedClients' with default value to the original opendmarc.conf file
+#
+_param="IgnoreAuthenticatedClients"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, causes mail from authenticated clients (i.e., those that used 
+## SMTP AUTH) to be ignored by the filter. The default is "false".
+#
+IgnoreAuthenticatedClients false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file
+#
+_param="IgnoreAuthenticatedClients"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, causes mail from authenticated clients (i.e., those that used
+## SMTP AUTH) to be ignored by the filter. The default is "false".
+#
+IgnoreAuthenticatedClients false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'RequiredHeaders' with default value to the original opendmarc.conf file
+#
+_param="RequiredHeaders"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, the filter will ensure the header of the message conforms to the basic 
+## header field count restrictions laid out in RFC5322, Section 3.6. Messages 
+## failing this test are rejected without further processing. A From: field from 
+## which no domain name could be extracted will also be rejected.
+#
+RequiredHeaders false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'AutoRestart' with default value to the original opendmarc.conf file
+#
+_param="AutoRestart"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Automatically re-start on failures. Use with caution; if the filter fails
+## instantly after it starts, this can cause a tight fork(2) loop.
+#
+AutoRestart false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'HistoryFile' with default value to the original opendmarc.conf file
+#
+_param="HistoryFile"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## If set, specifies the location of a text file to which records are written
+## that can be used to generate DMARC aggregate reports. Records are batches of
+## rows containing information about a single received message, and include all
+## relevant information needed to generate a DMARC aggregate report. It is
+## expected that this will not be used in its raw form, but rather periodically
+## imported into a relational database from which the aggregate reports can be
+## extracted using opendmarc-importstats(8).
+#
+HistoryFile /run/opendmarc/opendmarc.dat
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'SPFIgnoreResults' with default value to the original opendmarc.conf file
+#
+_param="SPFIgnoreResults"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Causes the filter to ignore any SPF results in the header of the message. This
+## is useful if you want the filter to perform SPF checks itself, or because you
+## don't trust the arriving header. The default is "false".
+#
+SPFIgnoreResults false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
+# - Add 'SPFSelfValidate' with default value to the original opendmarc.conf file
+#
+_param="SPFSelfValidate"
+echononl " Add '${_param}' with default value to the opendmarc.conf file.."
+if ! $(grep -q -E "^${_param}\s+" ${opendmarc_conf_file} 2> /dev/null) ; then
+   cat << EOF >> ${opendmarc_conf_file}
+
+## Causes the filter to perform a fallback SPF check itself when it can find no
+## SPF results in the message header. If SPFIgnoreResults is also set, it never
+## looks for SPF results in headers and always performs the SPF check itself when
+## this is set. The default is "false".
+#
+SPFSelfValidate false
+EOF
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+
 # - Save configuration file from distribution
 # -
 echononl "   Save configuration file from distribution"
--- a/install_postfix_advanced.sh
+++ b/install_postfix_advanced.sh
--- a/install_postfix_base.sh
+++ b/install_postfix_base.sh
@ -78,6 +78,50 @@ echo_skipped() {
   echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
 }

+blank_line() {
+   if $terminal ; then
+      echo ""
+   fi
+}
+
+trim() {
+    local var="$*"
+    var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
+    var="${var%"${var##*[![:space:]]}"}"   # remove trailing whitespace characters
+    echo -n "$var"
+}
+
+
+detect_os_1 () {
+
+   if $(which lsb_release > /dev/null 2>&1) ; then
+
+      os_dist="$(lsb_release -i | awk '{print tolower($3)}')"
+      os_version="$(lsb_release -r | awk '{print tolower($2)}')"
+      os_codename="$(lsb_release -c | awk '{print tolower($2)}')"
+
+      if [[ "$os_dist" = "debian" ]]; then
+         if $(echo "$os_version" | grep -q '\.') ; then
+            os_version=$(echo "$os_version" | cut --delimiter='.' -f1)
+         fi
+      fi
+
+   elif [[ -e "/etc/os-release" ]]; then
+
+      . /etc/os-release
+
+      os_dist=$ID
+      os_version=${VERSION_ID}
+
+   fi
+
+   # remove whitespace from os_dist and os_version
+   os_dist="${os_dist// /}"
+   os_version="${os_version// /}"
+
+}
+
+

 # -------------
 # --- Some default settings
@ -85,7 +129,9 @@ echo_skipped() {

 DEFAULT_ADMIN_EMAIL="argus@oopen.de"
 DEFAULT_RELAY_HOST="b.mx.oopen.de"
+DEFAULT_RELAY_PORT=25
 DEFAULT_SASL_AUTH=false
+DEFAULT_REWRITE_SENDER_DOMAIN=None


 # - Is this a systemd system?
@ -118,8 +164,19 @@ if [[ -z "$_HOSTNAME" ]] ; then
   [[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME=""
 fi

+blank_line
+echononl "Detect distribution/release of running OS.."
+detect_os_1  > /dev/null 2>&1
+if [[ $? -ne 0 ]]; then
+   echo_failed
+else
+   echo_ok
+fi
+blank_line
+blank_line

-clear
+
+#clear
 echo -e "\033[21G\033[32mInstallation script for Postfix basic mailsystem \033[m"
 echo

@ -284,13 +341,17 @@ fi
 # --- Some further default values depending on sasl authentification
 # -------------

-# - Set default value for relay host if sasl authentification should be
-# - supported and value for _RELAY_HOST not given
+# - Set default value for relay host / relay port if sasl authentification should be
+# - supported and value for _RELAY_HOST / _RELAY_PORT not given
 # -
 if [[ "$SASL_AUTH" = "yes" ]] || $SASL_AUTH ; then
   [[ -z "$_RELAY_HOST" ]] && _RELAY_HOST="$DEFAULT_RELAY_HOST"
+   [[ -z "$_RELAY_PORT" ]] && _RELAY_PORT="$DEFAULT_RELAY_PORT"
 fi

+if [[ -z ${_REWRITE_SENDER_DOMAIN} ]] ; then
+   _REWRITE_SENDER_DOMAIN="${DEFAULT_REWRITE_SENDER_DOMAIN}"
+fi


 if [[ "$SASL_AUTH" = "yes" ]] || $SASL_AUTH ; then
@ -357,11 +418,57 @@ if [[ "$SASL_AUTH" = "yes" ]] || $SASL_AUTH ; then
   fi


+   RELAY_PORT=
+   echo ""
+   echo "Insert the target port to connect to ${RELAY_HOST}"
+   echo ""
+   if [[ -n "$_RELAY_PORT" ]];then
+      echononl "(target) Port on ${RELAY_HOST} [$_RELAY_PORT]: "
+      read RELAY_PORT
+      if [[ "X${RELAY_PORT}" = "X" ]]; then
+         RELAY_PORT=$_RELAY_PORT
+      fi
+   else
+      while [[ "X${RELAY_PORT}" = "X" ]]; do
+         echononl "(target) Port on ${RELAY_HOST}: "
+         read RELAY_PORT
+         if [[ "X${RELAY_PORT}" = "X" ]]; then
+            echo -e "\n\t\033[33m\033[1mi(target) Port of ${RELAY_HOST} is reqired\033[m\n"
+         fi
+      done
+   fi

 else
   SASL_AUTH=false
 fi

+REWRITE_SENDER_DOMAIN=
+echo ""
+echo ""
+echo -e "\033[33m** \033[32m-- \033[33m**\033[m"
+echo ""
+echo "Change the sender domain"
+echo ""
+echo -e "\t'\033[33mNone\033[m' if no change is desired"
+echo ""
+if [[ -n "${_REWRITE_SENDER_DOMAIN}" ]] ; then
+   echononl "New sender domain [${_REWRITE_SENDER_DOMAIN}]: "
+   read REWRITE_SENDER_DOMAIN
+   if [[ "X${REWRITE_SENDER_DOMAIN}" = "X" ]]; then
+      REWRITE_SENDER_DOMAIN="${_REWRITE_SENDER_DOMAIN}"
+   fi
+else
+   while [[ "X${IPV6}" = "X" ]]; do
+      echononl "New sender domain: "
+      read REWRITE_SENDER_DOMAIN
+      if [[ "X${REWRITE_SENDER_DOMAIN}" = "X" ]]; then
+         REWRITE_SENDER_DOMAIN="None"
+      fi
+   done
+fi
+
+echo ""
+echo -e "\033[33m** \033[32m-- \033[33m**\033[m"

 echo ""
 echo ""
@ -372,11 +479,18 @@ echo -e "\tIPv4 address.............: $IPV4"
 echo -e "\tIPv6 address.............: $IPV6"
 echo -e "\tAdmin e-mail.............: $ADMIN_EMAIL"
 echo ""
+if [[ "$(trim ${REWRITE_SENDER_DOMAIN,,})" = 'none' ]] ; then
+   echo -e "\trewrite sender domain....: \033[33mNone\033[m"
+else
+   echo -e "\trewrite sender domain....: $REWRITE_SENDER_DOMAIN"
+fi
+echo ""
 echo -e "\tRelay using sasl auth....: $SASL_AUTH"
 if $SASL_AUTH ; then
   echo -e "\t   sasl user.............: $SASL_USER"
   echo -e "\t   sasl password.........: $SASL_PASS"
   echo -e "\t   Relayhost.............: $RELAY_HOST"
+   echo -e "\t   Port on Relayhost.....: $RELAY_PORT"
 fi
 echo ""
 echononl "einverstanden (yes/no): "
@ -408,6 +522,8 @@ _SASL_AUTH=$SASL_AUTH
 _SASL_USER=$SASL_USER
 _SASL_PASS=$SASL_PASS
 _RELAY_HOST=$RELAY_HOST
+_RELAY_PORT=$RELAY_PORT
+_REWRITE_SENDER_DOMAIN=$REWRITE_SENDER_DOMAIN
 EOF
 if [[ $? -eq 0 ]] ; then
   echo_ok
@ -583,12 +699,25 @@ mydestination =
 ## -
 mynetworks =
   127.0.0.0/8
+EOF
+
+   if [[ ${IPV4} =~ ^127 ]] ; then
+
+      cat <<EOF >> /etc/postfix/main.cf
+
+smtp_bind_address =
+smtp_bind_address6 =
+
+EOF
+   else
+      cat <<EOF >> /etc/postfix/main.cf
      ${IPV4}/32

 smtp_bind_address = $IPV4
-smtp_bind_address6 = $IPV6
+#smtp_bind_address6 =

 EOF
+   fi
 fi

 cat <<EOF >> /etc/postfix/main.cf
@ -641,9 +770,21 @@ alias_database =
 ## -
 ## - Note: \$sender_canonical_maps is processed before \$canonical_maps.
 ## -
-sender_canonical_maps = btree:/etc/postfix/sender_canonical
+sender_canonical_maps =
+   btree:/etc/postfix/sender_canonical


+## - smtp_generic_maps (default: empty)
+## -
+## - Optional lookup tables that perform address rewriting in the Postfix
+## - SMTP client, typically to transform a locally valid address into a
+## - globally valid address when sending mail across the Internet. This is
+## - needed when the local machine does not have its own Internet domain name,
+## -but uses something like localdomain.local instead.
+## -
+smtp_generic_maps =
+   btree:/etc/postfix/generic
+
 ## - The maximal time a message is queued before it is sent back as
 ## - undeliverable. Defaults to 5d (5 days)
 ## - Specify 0 when mail delivery should be tried only once.
@ -685,9 +826,24 @@ smtp_sasl_auth_enable = yes

 # Only offer SMTP AUTH when talking over an encrypted connection
 smtpd_tls_auth_only = yes
+EOF
+
+   if [[ ${RELAY_PORT} -ne 25 ]] ; then
+      cat <<EOF >> /etc/postfix/main.cf
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [${RELAY_HOST}]:${RELAY_PORT}
+EOF
+   else
+      cat <<EOF >> /etc/postfix/main.cf

 # Forwarding to the ip-adress of host b.mx.oopen.de
 relayhost = [${RELAY_HOST}]
+EOF
+
+   fi
+
+   cat <<EOF >> /etc/postfix/main.cf

 # File including login data
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
@ -806,59 +962,103 @@ smtp_tls_CAfile = $_TLS_CA_FILE
 #
 # List of TLS protocols that the Postfix SMTP server will exclude or
 # include with opportunistic TLS encryption.
-smtpd_tls_protocols = !SSLv2, !SSLv3
+#smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1
+
+# TLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption.
 #
-# The SSL/TLS protocols accepted by the Postfix SMTP server  
-# with mandatory TLS encryption. 
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+#smtpd_tls_protocols = >=TLSv1

-
-# Disable SSLv2 SSLv3 - Postfix SMTP client 
+# TLS protocols accepted by the Postfix SMTP server with mandatory TLS encryption.
 #
-# List of TLS protocols that the Postfix SMTP client will exclude or  
-# include with opportunistic TLS encryption.  
-smtp_tls_protocols = !SSLv2, !SSLv3
+#smtpd_tls_mandatory_protocols = >=TLSv1
+
+# TLS protocols that the Postfix SMTP client will use with opportunistic TLS encryption.
 #
-# List of SSL/TLS protocols that the Postfix SMTP client will use  
-# with mandatory TLS encryption 
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+#smtp_tls_protocols = >=TLSv1

-
-## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
-## -    openssl > 1.0
-## -
-smtpd_tls_eecdh_grade = strong
-
-# standard list cryptographic algorithm
-tls_preempt_cipherlist = yes
-
-# Disable ciphers which are less than 256-bit:
+# The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory TLS encryption.
 #
-#smtpd_tls_mandatory_ciphers = high
+smtp_tls_mandatory_protocols = >=TLSv1.2
+
+
+# The Postfix SMTP server security grade for ephemeral elliptic-curve
+# Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of this
+# parameter is always ignored, and Postfix behaves as though the auto value
+# (described below) was chosen.
 #
-# opportunistic
-smtpd_tls_ciphers = high
+# auto
+#    Use the most preferred curve that is supported by both the client and the server.
+#    This setting requires Postfix ≥ 3.2 compiled and linked with OpenSSL ≥ 1.0.2. This
+#    is the default setting under the above conditions (and the only setting used with
+#    Postfix ≥ 3.6).
+#
+# none
+#    Don't use EECDH. Ciphers based on EECDH key exchange will be disabled. This is the
+#    default in Postfix versions 2.6 and 2.7.
+#
+# strong
+#    Use EECDH with approximately 128 bits of security at a reasonable computational cost.
+#    This is the default in Postfix versions 2.8-3.5.
+#
+# ultra
+#    Use EECDH with approximately 192 bits of security at computational cost that is
+#    approximately twice as high as 128 bit strength ECC.
+#
+smtpd_tls_eecdh_grade = auto


-# Exclude ciphers
+# With SSLv3 and later, use the Postfix SMTP server's cipher preference order instead
+# of the remote client's cipher preference order.
+#
+# By default, the OpenSSL server selects the client's most preferred cipher that the
+# server supports. With SSLv3 and later, the server may choose its own most preferred
+# cipher that is supported (offered) by the client.
+#
+# Setting "tls_preempt_cipherlist = yes" enables server cipher preferences.
+#
+# default: no
+#
+#tls_preempt_cipherlist = no
+
+
+# The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory
+# TLS encryption. The default grade ("medium") is sufficiently strong that any benefit
+# from globally restricting TLS sessions to a more stringent grade is likely negligible,
+# especially given the fact that many implementations still do not offer any stronger
+# ("high" grade) ciphers, while those that do, will always use "high" grade ciphers.
+# So insisting on "high" grade ciphers is generally counter-productive. Allowing "export"
+# or "low" ciphers is typically not a good idea, as systems limited to just these are
+# limited to obsolete browsers. No known SMTP clients fail to support at least one
+# "medium" or "high" grade cipher.
+#
+# default: medium
+#
+#smtpd_tls_mandatory_ciphers = medium
+
+# The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic
+# TLS encryption. Cipher types listed in smtpd_tls_exclude_ciphers are excluded from the
+# base definition of the selected cipher grade.
+#
+# default: medium
+#
+#smtpd_tls_ciphers = medium
+
+
+# List of ciphers or cipher types to exclude from the SMTP server cipher list at all
+# TLS security levels.
+#
+# DO NOT exclude ciphers unless it is essential to do so. This is not an OpenSSL cipherlist;
+# it is a simple list separated by whitespace and/or commas. The elements are a single cipher,
+# or one or more "+" separated cipher properties, in which case only ciphers matching all the
+# properties are excluded.
+#
 #smtpd_tls_exclude_ciphers =
-#   RC4
-#   aNULL
-#   SEED-SHA
-#   EXP
-#   MD5
-smtpd_tls_exclude_ciphers =
-   aNULL
-   eNULL
-   EXPORT
-   DES
-   RC4
-   MD5
-   PSK
-   aECDH
-   EDH-DSS-DES-CBC3-SHA
-   EDH-RSA-DES-CDC3-SHA
-   KRB5-DE5, CBC3-SHA
+
+# Additional list of ciphers or cipher types to exclude from the Postfix SMTP client cipher
+# list at mandatory TLS security levels. This list works in addition to the exclusions listed
+# with smtp_tls_exclude_ciphers
+#
+#smtp_tls_mandatory_exclude_ciphers =


 smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
@ -903,8 +1103,21 @@ echo_ok
 echononl "   Configure SASL authentification"
 if $SASL_AUTH ; then

+   _sasl_pw_file="/etc/postfix/sasl_passwd"
+   if [[ -f "${_sasl_pw_file}" ]] && $(grep -q -E "^\[${RELAY_HOST}\]" ${_sasl_pw_file} 2> /dev/null); then
+      sed -i "/^\[${RELAY_HOST}/d" ${_sasl_pw_file}
+      if [[ "$?" != "0" ]]; then
+         error "Setting \"/etc/postfix/sasl_passwd\" failed! "
+         _failed=true
+      fi
+   fi
+
   _failed=false
-   echo "[$RELAY_HOST] ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" > /etc/postfix/sasl_passwd
+   if [[ ${RELAY_PORT} -ne 25 ]] ; then
+      echo "[$RELAY_HOST]:${RELAY_PORT} ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" >> /etc/postfix/sasl_passwd
+   else
+      echo "[$RELAY_HOST] ${SASL_USER}@${RELAY_HOST}:$SASL_PASS" >> /etc/postfix/sasl_passwd
+   fi
   if [[ "$?" != "0" ]]; then
      error "Setting \"/etc/postfix/sasl_passwd\" failed! "
      _failed=true
@ -998,41 +1211,91 @@ fi
 ## - with EDH ciphers (length 512 and 1024
 ## -
 echononl "   Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
-if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then
-   #openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1
+if [[ ! -f /etc/postfix/ssl/dh_512.pem ]]; then
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
+   else
      openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
+   fi
   if [[ $? -eq 0 ]] ; then
      echo_ok
   else
      echo_failed
   fi
 else
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_512.pem 2> /dev/null); then
+         openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+         fi
+      else
         echo_skipped
+      fi
+   else
+      echo_skipped
+   fi
 fi
 echononl "   Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
-if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then
-   #openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1
+if [[ ! -f /etc/postfix/ssl/dh_1024.pem ]]; then
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
+   else
      openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
+   fi
   if [[ $? -eq 0 ]] ; then
      echo_ok
   else
      echo_failed
   fi
 else
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_1024.pem 2> /dev/null); then
+         openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+         fi
+      else
         echo_skipped
+      fi
+   else
+      echo_skipped
+   fi
 fi
 echononl "   Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
-if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then
-   #openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1
+if [[ ! -f /etc/postfix/ssl/dh_2048.pem ]]; then
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
+   else
      openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
+   fi
   if [[ $? -eq 0 ]] ; then
      echo_ok
   else
      echo_failed
   fi
 else
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_2048.pem 2> /dev/null); then
+         openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+         fi
+      else
         echo_skipped
+      fi
+   else
+      echo_skipped
+   fi
 fi
+
+
 echononl "   Create Symlink \"$_TLS_CERT_FILE\""
 if [ ! -h "$_TLS_CERT_FILE" ]; then
   ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem  $_TLS_CERT_FILE
@ -1121,6 +1384,21 @@ else
   echo_failed
 fi

+echononl "   Create file \"generic\""
+if [[ "$(trim ${REWRITE_SENDER_DOMAIN,,})" = 'none' ]] ; then
+   touch /etc/postfix/generic
+else
+   cat <<EOF > /etc/postfix/generic
+@$(cat cat /etc/mailname) $(hostname)@$(trim ${REWRITE_SENDER_DOMAIN,,})
+EOF
+fi
+postmap btree:/etc/postfix/generic
+if [[ $? -eq 0 ]] ; then
+   echo_ok
+else
+   echo_failed
+fi
+

 ## - restart postfix
 ## -
@ -1145,15 +1423,19 @@ fi
 ## - Omitt logging into system.log
 ## -
 echononl "   Create \"/etc/rsyslog.d/postfix.conf\""
-cat << EOF >> /etc/rsyslog.d/postfix.conf
+cat << EOF > /etc/rsyslog.d/postfix.conf
+# Create an additional socket in postfix's chroot in order not to break
+# mail logging when rsyslog is restarted.  If the directory is missing,
+# rsyslog will silently skip creating the socket.
+\$AddUnixListenSocket /var/spool/postfix/dev/log

 #
 # Logging for the mail system.  Split it up so that
 # it is easy to write scripts to parse these files.
 #
-mail.info                       -/var/log/mail.info
-mail.warn                       -/var/log/mail.warn
-mail.err                        /var/log/mail.err
+#mail.info                       -/var/log/mail.info
+#mail.warn                       -/var/log/mail.warn
+#mail.err                        /var/log/mail.err

 mail.*                          -/var/log/mail.log
 & stop
@ -1181,6 +1463,12 @@ else
   fi
 fi

+if [[ ${RELAY_PORT} -ne 25 ]] ; then
+
+   echo ""
+   warn "Please do not forget to allow port \033[1m${RELAY_PORT}\033[m on both sides, outgoing
+                     on this host here and incoming on the relay host '${RELAY_HOST}'."
+fi

 echo ""
 clean_up 0
--- a/install_postfixadmin.sh
+++ b/install_postfixadmin.sh
@ -126,6 +126,61 @@ detect_os_1 () {

 }

+detect_mysql_version () {
+
+   _MYSQLD_VERSION="$(mysqld -V 2>/dev/null)"
+
+   if [[ -z "$_MYSQLD_VERSION" ]]; then
+      fatal "No installed MySQL server or distribution found!"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ percona- ]]; then
+      MYSQL_CUR_DISTRIBUTION="Percona"
+   elif [[ "$_MYSQLD_VERSION" =~ MariaDB ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   elif [[ "$_MYSQLD_VERSION" =~ MySQL ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mysql- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mariadb- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   else
+      error "MySQL Instalation found, but cannot determin the distribution!"
+
+      MYSQL_CUR_DISTRIBUTION=
+      echo ""
+      echo "   Select the installed MySQL distribution."
+      echo ""
+      echo "   [1] MySQL (the original community edition)"
+      echo "   [2] Percona Server for MySQL"
+      echo "   [3] MariaDB"
+      echo ""
+      echononl "   Eingabe [1/2/3]: "
+
+      while [ "$MYSQL_CUR_DISTRIBUTION" != "MySQL" -a "$MYSQL_CUR_DISTRIBUTION" != "MariaDB" -a "$MYSQL_CUR_DISTRIBUTION" != "Percona" ];do
+         read OPTION
+         case $OPTION in
+               1)      MYSQL_CUR_DISTRIBUTION="MySQL"
+               ;;
+               2)      MYSQL_CUR_DISTRIBUTION="Percona"
+               ;;
+               3)      MYSQL_CUR_DISTRIBUTION="MariaDB"
+               ;;
+               *)    echo ""
+                     echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = Percona ; 3 = MariaDB ]"
+                     echo ""
+                     echononl "   Eingabe:"
+               ;;
+         esac
+      done
+   fi
+
+   MYSQL_VERSION="$(echo $_MYSQLD_VERSION | grep -o -E "[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?" | head -n 1)"
+   MYSQL_MAJOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1)"
+   MYSQL_MINOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f2)"
+   MYSQL_PATCH_LEVEL="$(echo $MYSQL_VERSION | cut -d '.' -f3)"
+   MYSQL_MAIN_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1,2)"
+
+}
+


 # - Is 'systemd' supported on this system
@ -228,14 +283,14 @@ else
 fi
 DEFAULT_POSTFIX_DB_NAME="postfix"
 DEFAULT_POSTFIX_DB_USER="postfix"
-if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
-elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
-else
-   DEFAULT_MYSQL_CREDENTIALS=""
-fi
-DEFAULT_DEBIAN_MYSQL_CREDENTIALS="/etc/mysql/debian.cnf"
+#if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+#   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+#elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
+#   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
+#else
+#   DEFAULT_MYSQL_CREDENTIALS=""
+#fi
+#DEFAULT_DEBIAN_MYSQL_CREDENTIALS="/etc/mysql/debian.cnf"

 DEFAULT_DOVEADM_PW="/usr/local/dovecot/bin/doveadm pw"
 DEFAULT_DELETED_MAILBOX_DIR="/var/deleted-maildirs"
@ -341,11 +396,64 @@ fi

 [[ -n "$MYSQL_DEBIAN_INSTALLATION" ]] || MYSQL_DEBIAN_INSTALLATION=false

-if [[ "$POSTFIX_DB_TYPE" = "mysql" ]]; then
-   if $MYSQL_DEBIAN_INSTALLATION ; then
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+if [[ "$POSTFIX_DB_TYPE" = "mysql" ]] ; then
+
+   if [[ -z ${MYSQL_CREDENTIALS} ]] ; then
+
+      detect_mysql_version
+
+      if [[ "$MYSQL_CUR_DISTRIBUTION" = "MariaDB" ]] && ([[ $MYSQL_MAJOR_VERSION -gt 10 ]] \
+            || ( [[ $MYSQL_MAJOR_VERSION -eq 10 ]] && [[ $MYSQL_MINOR_VERSION -gt 3 ]] )) ; then
+         if [[ -S "/tmp/mysql.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /tmp/mysql.sock"
+         elif [[ -S "/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /run/mysqld/mysqld.sock"
+         elif [[ -S "/var/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /var/run/mysqld/mysqld.sock"
         else
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
+
+               Use configuration file "$conf_file" to set
+               parameter manually."
+         fi
+
+      else
+      
+         echononl "\tGet MySQL command.."
+         mysql_command="$(which mysql)"
+         if [[ $? -eq 0 ]]; then
+            echo_ok
+         else
+
+            if [[ -x "/usr/local/mysql/bin/mysql" ]]; then
+               mysql_command="/usr/local/mysql/bin/mysql"
+               echo_ok
+            else
+               echo_failed
+               fatal "$(cat $tmp_log_file)"
+            fi
+         fi
+
+         if $(${mysql_command} --login-path=local  -e ";" > /dev/null 2>&1) ; then
+            MYSQL_CREDENTIALS="--login-path=local"
+         elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+         elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated. 
+
+               Use configuration file "$conf_file" to set 
+               parameter manually."
+         fi
+      fi
+
+      #if $MYSQL_DEBIAN_INSTALLATION ; then
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+      #else
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+      #fi
+
   fi
 else
   [[ "$POSTFIX_DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$POSTFIX_DB_TYPE' (POSTFIX_DB_TYPE)"
@ -406,12 +514,103 @@ else
   fi
 fi

+# - Get activ PHP version, means that on which is part of $PATH environment
+# -
+echononl "\tGet PHP version in PATH environment.."
+if $(which php > /dev/null 2>&1)  ; then
+   php_version_in_path="$(php --version 2> /dev/null | head -1 | cut -d' ' -f2 | cut -d '-' -f1 2> /dev/null)"
+   if [[ $? -eq 0 ]] && [[ -n "${php_version_in_path}" ]]; then
+      echo_ok
+   else
+      echo_failed
+
+      fatal "Failed getting PHP Version.."
+   fi
+else
+   echo_skipped
+
+   fatal "No PHP binary found in PATH environment.."
+fi
+
+_actual_config_file=""
+_actual_password_hash=""
+_actual_pfa_dir=""
+_actual_pfa_documentroot=""
+if [[ -d "${WEBSITE_BASEDIR}/htdocs" ]] ; then
+   PFA_UPDATE=true
+   _actual_pfa_documentroot="$(realpath "${WEBSITE_BASEDIR}/htdocs")"
+   if [[ "$(basename "$(dirname "${_actual_pfa_documentroot}")")" =~ ^postfixadmin ]]; then
+      _actual_pfa_dir="$(dirname "${_actual_pfa_documentroot}")"
+   else
+      _actual_pfa_dir="${_actual_pfa_documentroot}"
+   fi
+else
+   PFA_UPDATE=false
+fi
+
+echononl "\tKeep passwordhasch from actual installation in mind.."
+if [[ -n "$_actual_pfa_dir" && -d "$_actual_pfa_dir" ]] ; then
+   if [[ -f "${_actual_pfa_dir}/config.local.php" ]]; then
+      _actual_config_file="${_actual_pfa_dir}/config.local.php"
+   else
+      _actual_config_file="${_actual_pfa_dir}/config.inc.php"
+   fi
+fi
+
+
+if [[ -f "$_actual_config_file" ]]; then
+   _actual_password_hash="$(grep -E "^\s*\\\$CONF\['setup_password'\]" $_actual_config_file 2> /dev/null \
+      | grep -v changeme \
+      | awk -F '=' '{print$2}'\
+      | awk -F ';' '{print$1}')"
+
+   _actual_password_hash="${_actual_password_hash#"${_actual_password_hash%%[![:space:]]*}"}"
+   # - Remove trailing whitespace characters
+   _actual_password_hash="${_actual_password_hash%"${_actual_password_hash##*[![:space:]]}"}"
+   # - Remove leading single quote
+   _actual_password_hash="${_actual_password_hash#"${_actual_password_hash%%[!\']*}"}"
+   # - Remove trailing single quote
+   _actual_password_hash="${_actual_password_hash%"${_actual_password_hash##*[!\']}"}"
+   # - Remove leading double quote
+   _actual_password_hash="${_actual_password_hash#"${_actual_password_hash%%[!\"]*}"}"
+   # - Remove trailing double quote
+   _actual_password_hash="${_actual_password_hash%"${_actual_password_hash##*[!\"]}"}"
+
+   echo_ok
+else
+   echo_skipped
+fi
+
+_installed_version=""
+if $PFA_UPDATE ; then
+   echononl "\tDetermine installed version of PFA .."
+   _installed_version="$(echo "$(basename "${_actual_pfa_dir}")" | cut -d'-' -f2)"
+   echo_ok
+fi
+
+

 echo ""
 echo ""
 echo -e "\033[1;32mSettings for installation of \033[1;37mPostfix Admin / Vacation\033[m"
 echo ""
-echo -e   "\tPostfix Admin Version................: $PF_ADMIN_VERSION"
+if $PFA_UPDATE ; then
+   echo -e   "\tUpdate Postfixadmin..................: YES"
+   if [[ -n "${_installed_version}" ]] ; then
+       echo -e   "\tinstalled PFA verion.................: $_installed_version"
+   else
+       echo -e   "\tinstalled PFA verion.................: "** \033[33mnot detected\033[m **
+   fi
+   if [[ -n "$_actual_password_hash" ]]; then
+      echo -e   "\tactual Passwordhash..................: $_actual_password_hash"
+   else
+      echo -e   "\tactual Passwordhash..................: ** \033[33mnot found\033[m **"
+   fi
+else
+   echo -e   "\tInstall Postfixadmin first time......: YES"
+fi
+echo ""
+echo -e   "\tPostfix Admin new Version............: $PF_ADMIN_VERSION"
 echo ""
 echo -e   "\tName of the Website..................: $WEBSITE_NAME"
 echo ""
@ -439,8 +638,18 @@ echo ""
 if $PHP_DEBIAN_INSTALLATION ; then
   echo -e   "\tInstalled PHP version................: $php_major_version"
 else
-   echo -e   "\tInstalled PHP versions...............: $php_major_versions"
+   declare -i index=1
+   for _ver in $php_major_versions ; do
+      if [[ $index -eq 1 ]] ; then
+         echo -en "\tInstalled PHP versions...............: $_ver"
+      else
+         echo -en " $_ver"
+      fi
+      ((index++))
+   done
+   echo ""
   echo -e   "\tNewest PHP Version...................: $php_latest_ver"
+   echo -e   "\tPHP Version of php binary in PATH....: $php_version_in_path"
 fi
 echo ""
 if [[ "$POSTFIX_DB_TYPE" = "mysql" ]]; then
@ -509,45 +718,6 @@ _failed=false
 > $log_file


-_actual_config_file=""
-_actual_password_hash=""
-_actual_pfa_dir=""
-if [[ -d "${WEBSITE_BASEDIR}/htdocs" ]] ; then
-   _actual_pfa_dir="$(realpath "${WEBSITE_BASEDIR}/htdocs")"
-fi
-echononl "\tKeep passwordhasch from actual installation in mind.."
-if [[ -n "$_actual_pfa_dir" && -d "$_actual_pfa_dir" ]] ; then
-   if [[ -f "${_actual_pfa_dir}/config.local.php" ]]; then
-      _actual_config_file="${_actual_pfa_dir}/config.local.php"
-   else
-      _actual_config_file="${_actual_pfa_dir}/config.inc.php"
-   fi
-fi
-
-
-if [[ -f "$_actual_config_file" ]]; then
-   _actual_password_hash="$(grep -E "^\s*\\\$CONF\['setup_password'\]" $_actual_config_file 2> /dev/null \
-      | grep -v changeme \
-      | awk -F '=' '{print$2}'\
-      | awk -F ';' '{print$1}')"
-
-   _actual_password_hash="${_actual_password_hash#"${_actual_password_hash%%[![:space:]]*}"}"
-   # - Remove trailing whitespace characters
-   _actual_password_hash="${_actual_password_hash%"${_actual_password_hash##*[![:space:]]}"}"
-   # - Remove leading single quote
-   _actual_password_hash="${_actual_password_hash#"${_actual_password_hash%%[!\']*}"}"
-   # - Remove trailing single quote
-   _actual_password_hash="${_actual_password_hash%"${_actual_password_hash##*[!\']}"}"
-   # - Remove leading double quote
-   _actual_password_hash="${_actual_password_hash#"${_actual_password_hash%%[!\"]*}"}"
-   # - Remove trailing double quote
-   _actual_password_hash="${_actual_password_hash%"${_actual_password_hash##*[!\"]}"}"
-
-   echo_ok
-else
-   echo_skipped
-fi
-
 if [[ "$POSTFIX_DB_TYPE" = "mysql" ]] ; then
   echononl "\tCheck if database '$POSTFIX_DB_NAME' already exists.."
   _db_response="$(mysql $MYSQL_CREDENTIALS -N -s -e \
@ -630,9 +800,14 @@ else
   if [[ ! -d "${WEBSITE_BASEDIR}" ]] ; then
      echo_skipped
   else
+      if [[ -n "$_installed_version" ]] ; then
+         _db_backup_file_name="${POSTFIX_DB_NAME}-pfa-${_installed_version}.${backup_date}.sql"
+      else
+         _db_backup_file_name="${POSTFIX_DB_NAME}-pfa.${backup_date}.sql"
+      fi
      if [[ "$POSTFIX_DB_TYPE" = "mysql" ]]; then 
         echo -n " (MySQL).."
-         mysqldump $MYSQL_CREDENTIALS --opt $POSTFIX_DB_NAME > ${WEBSITE_BASEDIR}/${POSTFIX_DB_NAME}.${backup_date}.sql 2> $log_file
+         mysqldump $MYSQL_CREDENTIALS --opt $POSTFIX_DB_NAME > ${WEBSITE_BASEDIR}/${_db_backup_file_name} 2> $log_file
         if [[ $? -eq 0 ]]; then
            echo_ok
         else
@ -646,7 +821,7 @@ else
         fi
      elif [[ "$POSTFIX_DB_TYPE" = "pgsql" ]]; then
         echo -n " (PostgreSQL).."
-         su - postgres -c "pg_dump -c $POSTFIX_DB_NAME" >> ${WEBSITE_BASEDIR}/${POSTFIX_DB_NAME}.${backup_date}.sql 2> $log_file
+         su - postgres -c "pg_dump -c $POSTFIX_DB_NAME" >> ${WEBSITE_BASEDIR}/${_db_backup_file_name} 2> $log_file
         if [[ $? -eq 0 ]]; then
            echo_ok
         else
@ -1377,22 +1552,22 @@ EOF
      cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
   DocumentRoot "${WEBSITE_BASEDIR}/htdocs/"

-   <FilesMatch \.php$>
 EOF
      if $PHP_DEBIAN_INSTALLATION ; then
         php_socket_file="/run/php/php${php_major_version}-fpm.sock"
         if [[ -S "/run/php$(echo $php_major_version | cut -d'.' -f1)-fpm.sock" ]]; then
            php_socket_file="/run/php$(echo $php_major_version | cut -d'.' -f1)-fpm.sock"
         fi
-         cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
-      SetHandler "proxy:unix:${php_socket_file}|fcgi://127.0.0.1"
-EOF
      else
-         cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
-      SetHandler "proxy:unix:/tmp/php-${php_latest_ver}-fpm.www.sock|fcgi://127.0.0.1"
-EOF
+         php_socket_file="/run/php/php-${php_latest_ver}-fpm.www.sock"
+         if [[ -S "/tmp/php-${php_latest_ver}-fpm.www.sock" ]]; then
+            php_socket_file="/run/php/php-${php_latest_ver}-fpm.www.sock"
         fi
+      fi
+
      cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
+   <FilesMatch \.php$>
+      SetHandler "proxy:unix:${php_socket_file}|fcgi://127.0.0.1"
   </FilesMatch>

   <IfModule dir_module>
@ -1667,23 +1842,25 @@ fi

 # - Encoding does not work as exspected.
 # -
+# - Update: Encoding seems to works now
+# -
 # - NOTE:
 # -    this IS NOT a fix, but a workaround
 # -
-echononl "\tWorkaround, because encoding does not work as exspected."
-# - Vacation script changed. Since Version 3.2 we need another perl regexp.
-# - The old one was: 
-# -    perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \
-# -
-perl -i -n -p -e "s/(\s*\'Content-Type\'\s* =>\s*)\"text\/plain.*$/\1\"text\/plain; charset=iso-8859-1\",/" \
-   /var/spool/vacation/vacation.pl > "$log_file" 2>&1
-if [[ $? -eq 0 ]];then
-   echo_ok
-   info "This IS NOT a fix, but a workaround."
-else
-   echo_failed
-   error "$(cat $log_file)"
-fi
+#echononl "\tWorkaround, because encoding does not work as exspected."
+## - Vacation script changed. Since Version 3.2 we need another perl regexp.
+## - The old one was: 
+## -    perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \
+## -
+##perl -i -n -p -e "s/(\s*\'Content-Type\'\s* =>\s*)\"text\/plain.*$/\1\"text\/plain; charset=iso-8859-1\",/" \
+##   /var/spool/vacation/vacation.pl > "$log_file" 2>&1
+#if [[ $? -eq 0 ]];then
+#   echo_ok
+#   info "This IS NOT a fix, but a workaround."
+#else
+#   echo_failed
+#   error "$(cat $log_file)"
+#fi

 echononl "\tSet Permission on vacation script"
 _failed=false
@ -2187,8 +2364,9 @@ fi
 ## -        'relay'     // for backup mx
 ## -    );
 ## -    $CONF['transport_default'] = 'lmtp:unix:private/dovecot-lmtp';
-## -    $CONF['vacation'] = 'YES';
+## -    $CONF['vacation'] = 'NO';
 ## -    $CONF['vacation_domain'] = '$AUTOREPLY_HOSTNAME';
+## -    $CONF['password_expiration'] = 'NO';
 ## -
 echononl "\tAdjust Postfix Admin's Configuration - Part 3"
 _failed=false
@ -2213,10 +2391,12 @@ cat <<EOF >> $pfa_conf_file 2> $log_file
 \$CONF['transport_default'] = 'lmtp:unix:private/dovecot-lmtp';
 EOF

-perl -i -n -p -e "s#^(\s*\\\$CONF\['vacation'\]\s*=.*)#//!\1\n\\\$CONF['vacation'] = 'YES';#" \
+perl -i -n -p -e "s#^(\s*\\\$CONF\['vacation'\]\s*=.*)#//!\1\n\\\$CONF['vacation'] = 'NO';#" \
  $pfa_conf_file >> $log_file 2>&1 || _failed=true
 perl -i -n -p -e "s#^(\s*\\\$CONF\['vacation_domain'\]\s*=.*)#//!\1\n\\\$CONF['vacation_domain'] = '$AUTOREPLY_HOSTNAME';#" \
  $pfa_conf_file >> $log_file 2>&1 || _failed=true
+perl -i -n -p -e "s#^(\s*\\\$CONF\['password_expiration'\]\s*=.*)#//!\1\n\\\$CONF['password_expiration'] = 'NO';#" \
+  $pfa_conf_file >> $log_file 2>&1 || _failed=true
 if $_failed ; then
   echo_failed
   error "$(cat $log_file)"
@ -2396,13 +2576,47 @@ fi
 # -
 echononl "\tTake passwordhash from previosly installation.."
 if [[ -n "$_actual_password_hash" ]] ; then
-   perl -i -n -p -e "s#^(\s*\\\$CONF\['setup_password'\]\s*=.*)#//!\1\n\\\$CONF['setup_password'] = '$_actual_password_hash';#" \
-     $pfa_conf_file >> $log_file 2>&1
-   if [[ $? -eq 0 ]] ; then
-      echo_ok
-   else
-      echo_failed
+
+   _failed=false
+   _backup_file="/tmp/$(basename "${pfa_conf_file}")"
+   mv "$pfa_conf_file" "$_backup_file" > $log_file 2>&1
+   if [[ $? -ne 0 ]] ; then
+      _failed=true
   fi
+
+   > $pfa_conf_file
+   _found=false
+   while IFS='' read -r _line || [[ -n $_line ]] ; do
+      if echo "$_line" | grep -i -E "^\s*\\\$CONF\['setup_password'\]\s*=.*;" > /dev/null 2>&1 ; then
+         echo -n '//!' >> $pfa_conf_file
+         echo "$_line" >> $pfa_conf_file
+         if ! $_found ; then
+            echo "\$CONF['setup_password'] = '$_actual_password_hash';" >> $pfa_conf_file
+            _found=true
+         fi
+      else
+         echo "$_line" >> $pfa_conf_file
+      fi
+   done < $_backup_file
+
+   if [[ $? -ne 0 ]] ; then
+      _failed=true
+   fi
+
+   if $_failed ; then
+      echo_failed
+   else
+      echo_ok
+   fi
+
+   #perl -i -n -p -e "s#^(\s*\\\$CONF\['setup_password'\]\s*=.*)#//!\1\n\\\$CONF['setup_password'] = '$_actual_password_hash';#" \
+   #  $pfa_conf_file > $log_file 2>&1
+   #if [[ $? -eq 0 ]] ; then
+   #   echo_ok
+   #else
+   #   echo_failed
+   #fi
+
 else
   echo_skipped
 fi
@ -3331,6 +3545,11 @@ fi
 echo ""
 info "Browse to \033[1mhttp://${WEBSITE_NAME}/setup.php\033[m to create a 'setup password'\n$(cat <<EOF

+\t          \033[33mIn caes of updating postfix.admin browse this URL and \033[1mlogin with your
+\t          setup_password\033[m\033[33m, because only after that the database '${POSTFIX_DB_NAME}'
+\t          will be updated. If you don't know this password, create a new one. This is also
+\t          done within this interface.\033[m
+
 \t          If this is a fresh new installation, you have also to ceate one (ore more)
 \t          superadmin account(s).

@ -3354,6 +3573,14 @@ info "Browse to \033[1mhttp://${WEBSITE_NAME}/setup.php\033[m to create a 'setup
 EOF
 )"

+if [[ -n "$_actual_password_hash" ]] ; then
+   info  "The Parameter \$CONF['setup_password'] was set as follows:\n$(cat <<EOF
+
+\t          \$CONF['setup_password'] = '${_actual_password_hash}';
+EOF
+   )"
+fi
+
 echo ""
 clean_up 0

--- a/install_roundcube.sh
+++ b/install_roundcube.sh
@ -108,6 +108,62 @@ is_number() {
   #return $([[ ! -z "${1##*[!0-9]*}" ]])
 }

+detect_mysql_version () {
+
+   _MYSQLD_VERSION="$(mysqld -V 2>/dev/null)"
+
+   if [[ -z "$_MYSQLD_VERSION" ]]; then
+      fatal "No installed MySQL server or distribution found!"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ percona- ]]; then
+      MYSQL_CUR_DISTRIBUTION="Percona"
+   elif [[ "$_MYSQLD_VERSION" =~ MariaDB ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   elif [[ "$_MYSQLD_VERSION" =~ MySQL ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mysql- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mariadb- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   else
+      error "MySQL Instalation found, but cannot determin the distribution!"
+
+      MYSQL_CUR_DISTRIBUTION=
+      echo ""
+      echo "   Select the installed MySQL distribution."
+      echo ""
+      echo "   [1] MySQL (the original community edition)"
+      echo "   [2] Percona Server for MySQL"
+      echo "   [3] MariaDB"
+      echo ""
+      echononl "   Eingabe [1/2/3]: "
+
+      while [ "$MYSQL_CUR_DISTRIBUTION" != "MySQL" -a "$MYSQL_CUR_DISTRIBUTION" != "MariaDB" -a "$MYSQL_CUR_DISTRIBUTION" != "Percona" ];do
+         read OPTION
+         case $OPTION in
+               1)      MYSQL_CUR_DISTRIBUTION="MySQL"
+               ;;
+               2)      MYSQL_CUR_DISTRIBUTION="Percona"
+               ;;
+               3)      MYSQL_CUR_DISTRIBUTION="MariaDB"
+               ;;
+               *)    echo ""
+                     echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = Percona ; 3 = MariaDB ]"
+                     echo ""
+                     echononl "   Eingabe:"
+               ;;
+         esac
+      done
+   fi
+
+   MYSQL_VERSION="$(echo $_MYSQLD_VERSION | grep -o -E "[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?" | head -n 1)"
+   MYSQL_MAJOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1)"
+   MYSQL_MINOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f2)"
+   MYSQL_PATCH_LEVEL="$(echo $MYSQL_VERSION | cut -d '.' -f3)"
+   MYSQL_MAIN_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1,2)"
+
+}
+
+
 trim() {
    local var="$*"
    var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
@ -296,14 +352,6 @@ DEFAULT_APACHE_VHOST_DIR="/usr/local/apache2/conf/vhosts"
 DEFAULT_DB_HOST="localhost"
 DEFAULT_DB_NAME="roundcubemail"
 DEFAULT_DB_USER="roundcube"
-if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
-elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
-else
-   DEFAULT_MYSQL_CREDENTIALS=""
-fi
-DEFAULT_DEBIAN_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"

 [[ -n "$ROUNDCUBE_VERSION" ]] || fatal "Roundcube Version (ROUNDCUBE_VERSION) not present!"
 [[ -n "$WEBSITE_NAME" ]] || fatal "Website's name (WEBSITE_NAME) not present!"
@ -401,16 +449,76 @@ fi

 [[ -n "$MYSQL_DEBIAN_INSTALLATION" ]] || MYSQL_DEBIAN_INSTALLATION=false

-if [[ "$DB_TYPE" = "mysql" ]]; then
-   if $MYSQL_DEBIAN_INSTALLATION ; then
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+
+if [ "$DB_TYPE" = "postgres" -o  "$DB_TYPE" = "postgresql" -o "$DB_TYPE" = "pgsql" -o "$DB_TYPE" = "psql" ];then
+   DB_TYPE="pgsql"
+fi
+
+
+if [[ "$DB_TYPE" = "mysql" ]] ; then
+
+   if [[ -z ${MYSQL_CREDENTIALS} ]] ; then
+
+      detect_mysql_version
+
+      if [[ "$MYSQL_CUR_DISTRIBUTION" = "MariaDB" ]] && ([[ $MYSQL_MAJOR_VERSION -gt 10 ]] \
+            || ( [[ $MYSQL_MAJOR_VERSION -eq 10 ]] && [[ $MYSQL_MINOR_VERSION -gt 3 ]] )) ; then
+         if [[ -S "/tmp/mysql.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /tmp/mysql.sock"
+         elif [[ -S "/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /run/mysqld/mysqld.sock"
+         elif [[ -S "/var/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /var/run/mysqld/mysqld.sock"
         else
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
+
+               Use configuration file "$conf_file" to set
+               parameter manually."
+         fi
+
+      else
+
+         echononl "\tGet MySQL command.."
+         mysql_command="$(which mysql)"
+         if [[ $? -eq 0 ]]; then
+            echo_ok
+         else
+
+            if [[ -x "/usr/local/mysql/bin/mysql" ]]; then
+               mysql_command="/usr/local/mysql/bin/mysql"
+               echo_ok
+            else
+               echo_failed
+               fatal "$(cat $tmp_log_file)"
+            fi
+         fi
+
+         if $(${mysql_command} --login-path=local  -e ";" > /dev/null 2>&1) ; then
+            MYSQL_CREDENTIALS="--login-path=local"
+         elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+         elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
+
+               Use configuration file "$conf_file" to set
+               parameter manually."
+         fi
+      fi
+
+      #if $MYSQL_DEBIAN_INSTALLATION ; then
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+      #else
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+      #fi
+
   fi
 else
   [[ "$DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$DB_TYPE' (DB_TYPE)"
 fi

+
 [[ -n "$SPAM_FOLDER_NAME" ]] || SPAM_FOLDER_NAME=$DEFAULT_SPAM_FOLDER_NAME

 [[ -n "$SUPPORT_URL" ]] || SUPPORT_URL="http://www.${MAIN_DOMAIN}.$TLD"
@ -1480,7 +1588,7 @@ EOF
 EOF
      else
         cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
-      SetHandler "proxy:unix:/tmp/php-${php_latest_ver}-fpm.www.sock|fcgi://127.0.0.1"
+      SetHandler "proxy:unix:/run/php/php-${php_latest_ver}-fpm.www.sock|fcgi://127.0.0.1"
 EOF
      fi
      cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
@ -1856,8 +1964,7 @@ info "Now browse to the intaller site and continue installation.\n$(cat <<EOF
      junk_mbox..............: $SPAM_FOLDER_NAME

   SMTP Settings:
-      smtp_server............: tls://$(hostname -f)
-      smtp_port..............: 587
+      smtp_host..............: tls://$(hostname -f):587

      smtp_user/smtp_pass....:
         [x] Use the current IMAP username and password for SMTP authentication
@ -1972,9 +2079,10 @@ cat <<EOF >>$WEBSITE_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.in
 // SMTP
 // ----------------------------------

-// SMTP server host (for sending mails).
-// Enter hostname with prefix tls:// to use STARTTLS, or use
-// prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS)
+// SMTP server host (and optional port number) for sending mails.
+// Enter hostname with prefix ssl:// to use Implicit TLS, or use
+// prefix tls:// to use STARTTLS.
+// If port number is omitted it will be set to 465 (for ssl://) or 587 otherwise.
 // Supported replacement variables:
 // %h - user's IMAP hostname
 // %n - hostname (\$_SERVER['SERVER_NAME'])
@ -1982,11 +2090,9 @@ cat <<EOF >>$WEBSITE_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.in
 // %d - domain (http hostname \$_SERVER['HTTP_HOST'] without the first part)
 // %z - IMAP domain (IMAP hostname without the first part)
 // For example %n = mail.domain.tld, %t = domain.tld
-\$config['smtp_server'] = 'tls://$(hostname -f)';
-
-// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
-// deprecated SSL over SMTP (aka SMTPS))
-\$config['smtp_port'] = 587;
+// To specify different SMTP servers for different IMAP hosts provide an array
+// of IMAP host (no prefix or port) and SMTP server e.g. ['imap.example.com' => 'smtp.example.net']
+\$config['smtp_host'] = 'tls://$(hostname -f):587';

 // SMTP username (if required) if you use %u as the username Roundcube
 // will use the current username for login
--- a/install_update_dovecot-2.4.sh
+++ b/install_update_dovecot-2.4.sh
--- a/install_update_dovecot.sh
+++ b/install_update_dovecot.sh
@ -115,6 +115,35 @@ echo_skipped() {
   echo -e "\033[71G[ \033[33m\033[1mskipped\033[m ]"
 }

+detect_os_1 () {
+
+   if $(which lsb_release > /dev/null 2>&1) ; then
+
+      os_dist="$(lsb_release -i | awk '{print tolower($3)}')"
+      os_version="$(lsb_release -r | awk '{print tolower($2)}')"
+      os_codename="$(lsb_release -c | awk '{print tolower($2)}')"
+
+      if [[ "$os_dist" = "debian" ]]; then
+         if $(echo "$os_version" | grep -q '\.') ; then
+            os_version=$(echo "$os_version" | cut --delimiter='.' -f1)
+         fi
+      fi
+
+   elif [[ -e "/etc/os-release" ]]; then
+
+      . /etc/os-release
+
+      os_dist=$ID
+      os_version=${VERSION_ID}
+
+   fi
+
+   # remove whitespace from os_dist and os_version
+   os_dist="${os_dist// /}"
+   os_version="${os_version// /}"
+
+}
+


 # - Support systemd ?
@ -134,6 +163,14 @@ else
 fi


+# - Detect OS - Set variable
+# -    os_dist
+# -    os_version
+# -    os_codename
+# -
+detect_os_1
+
+
 echo
 echononl "\tInclude Configuration file.."
 if [[ ! -f $conf_file ]]; then
@ -250,6 +287,9 @@ dovecot_main_version="$(echo $_version | cut -d '.' -f1,2)"
 dovecot_major_version="$(echo $_version | cut -d '.' -f1)"
 dovecot_minor_version="$(echo $_version | cut -d '.' -f2)"
 dovecot_patch_level="$(echo $_version | cut -d '.' -f3)"
+dovecot_minor_patch_level="$(echo $_version | cut -d '.' -f4)"
+
+_version_short="${_version%-*}"

 #echo ""
 #echo "_version:                  $_version"
@ -257,7 +297,11 @@ dovecot_patch_level="$(echo $_version | cut -d '.' -f3)"
 #echo "dovecot_major_version      $dovecot_major_version"
 #echo "dovecot_minor_version      $dovecot_minor_version"
 #echo "dovecot_patch_level        $dovecot_patch_level"
+#echo "dovecot_minor_patch_level  $dovecot_minor_patch_level"
 #echo ""
+#
+#clean_up 0
+

 # 'expire plugin'was rRemoved in version 2.3.14: This plugin is not needed. 
 # Use mailbox { autoexpunge } Mailbox settings instead.
@ -673,8 +717,10 @@ fi

 ## - Download Pigeonhole for Dovecot v2.2
 ## -
-echononl "\tDownload dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
-if [ ! -f "${_src_base_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz" ]; then
+if [[ ${dovecot_major_version} -eq 2 ]] && [[ ${dovecot_minor_version} -lt 4 ]] ; then
+   
+   echononl "\tDownload dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
+   if [ ! -f "${_src_base_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz" ]; then
      wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
      if [ "$?" = 0 ]; then
         echo -e "$rc_done"
@ -695,10 +741,48 @@ if [ ! -f "${_src_base_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeon
         [[ $OK = "yes" ]] || fatal "Abbruch durch User"

      fi
-else
+   else
      echo -e "$rc_skipped"
+   fi
+
+   dovecot_pigeonhole_archiv="dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz"
+
+else
+
+   echononl "\tDownload dovecot-pigeonhole-${_pigeonhole}.tar.gz.."
+   if [ ! -f "${_src_base_dir}/dovecot-pigeonhole-${_pigeonhole}.tar.gz" ]; then
+      wget --no-check-certificate https://pigeonhole.dovecot.org/releases/${dovecot_main_version}/dovecot-pigeonhole-${_pigeonhole}.tar.gz > /dev/null 2>&1
+      if [ "$?" = 0 ]; then
+         echo -e "$rc_done"
+         dovecot_pigeonhole_archiv="dovecot-pigeonhole-${_pigeonhole}.tar.gz"
+      else
+         echo -e "$rc_failed"
+
+         error "Direct download of 'Pigeonhole Sieve and ManageSieve' source archiv  failed
+
+                  Download Pigeonhole Sieve and ManageSieve manually and name it to
+
+                  \033[1mdovecot-pigeonhole-${_pigeonhole}.tar.gz\033[m\n"
+
+
+         echononl "\tProceed instllation [yes/no]: "
+         read OK
+         OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+         while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+            echononl "Wrong entry! - repeat [yes/no]: "
+            read OK
+         done
+         [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+      fi
+   else
+      echo -e "$rc_skipped"
+   fi
+
+   dovecot_pigeonhole_archiv="dovecot-pigeonhole-${_pigeonhole}.tar.gz"
 fi

+dovecot_pigeonhole_archiv_prefix="${dovecot_pigeonhole_archiv%.tar.gz}"
+dovecot_pigeonhole_archiv_dir="${dovecot_pigeonhole_archiv%.tar.gz}"


 if $_new ; then
@ -864,6 +948,7 @@ config_params="
   --prefix=/usr/local/dovecot-${_version} \
   --with-${db_driver} \
   --with-gssapi=yes
+   --with-ldap=yes
   --with-rundir=/run/dovecot"
 if $systemd_support ; then
   config_params="$config_params \
@ -1018,20 +1103,20 @@ fi
 cd ${_src_base_dir}
 echo ""
 echononl "\tExtracting dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz.."
-gunzip < dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz | tar -xf -
+gunzip < ${_src_base_dir}/${dovecot_pigeonhole_archiv} | tar -C ${_src_base_dir} -xf -
 if [ "$?" = 0 ]; then
   echo -e "$rc_done"
 else
   echo -e "$rc_failed"
-   fatal Extracting dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}.tar.gz failed
+   fatal Extracting ${dovecot_pigeonhole_archiv} failed
 fi
-cd dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}
+cd ${dovecot_pigeonhole_archiv_dir}


 echononl "\tConfigure Pigeonhole ManageSieve.."
 ./configure \
 	--prefix=/usr/local/dovecot-${_version} \
-   --with-dovecot=/usr/local/dovecot-${_version}/lib/dovecot > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-configure.log 2<&1
+   --with-dovecot=/usr/local/dovecot-${_version}/lib/dovecot > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-configure.log 2<&1
 if [ "$?" = 0 ]; then
   echo -e "$rc_done"
 else
@ -1040,7 +1125,7 @@ else
 fi

 echononl "\tCompile Pigeonhole ManageSieve.."
-make > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-make.log 2<&1
+make > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-make.log 2<&1
 if [ "$?" = 0 ]; then
   echo -e "$rc_done"
 else
@ -1049,7 +1134,7 @@ else
 fi

 echononl "\tInstall Pigeonhole ManageSieve.."
-make install > ${_log_dir}/dovecot-${dovecot_main_version}-pigeonhole-${_pigeonhole}-install.log 2<&1
+make install > ${_log_dir}/${dovecot_pigeonhole_archiv_prefix}-install.log 2<&1
 if [ "$?" = 0 ]; then
   echo -e "$rc_done"
 else
@ -1058,6 +1143,7 @@ else
 fi


+
 ## -----------------
 ## --- Configure dovecot services

@ -1597,7 +1683,11 @@ if [[ $dovecot_major_version -ge 3 ]] \
   if [[ ! -f "$dh_pem_file" ]] ; then
      echononl "\tCreate SSL DH parameters '$dh_pem_file'.."
      echo -en "$rc_wait"
+      if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+         openssl dhparam -out "$dh_pem_file" 4096 > /dev/null 2>&1
+      else 
         openssl dhparam -dsaparam -out "$dh_pem_file" 4096 > /dev/null 2>&1
+      fi
 		if [[ $? -eq 0 ]]; then
 			echo -e "$rc_done"
 		else
@ -2164,7 +2254,12 @@ EOF
      fatal "Creating file /etc/rsyslog.d/dovecot.conf failed"
   fi

+   echononl "\tRestart rsyslog Servive"
+   if $systemd_support ; then
+      systemctl restart rsyslog.service > /dev/null 2>&1
+   else
      /etc/init.d/rsyslog restart > /dev/null 2>&1
+   fi
   if [ "$?" = 0 ]; then
      echo -e "$rc_done"
   else
@ -3610,8 +3705,8 @@ fi
 ## -      quota_rule = *:storage=1g
 ## -      quota_rule2 = trash:storage=+100m
 ## -
-## -      quota_warning = storage=95%% quota-warning 95 %u
-## -      quota_warning2 = storage=80%% quota-warning 80 %u
+## -      quota_warning = storage=80%% quota-warning 80 %u
+## -      quota_warning2 = storage=95%% quota-warning 95 %u
 ## -    }
 ## -    
 ## -    service quota-warning {
@ -3636,8 +3731,8 @@ plugin {
  quota_rule = *:storage=1G
  quota_rule2 = Trash:storage=+200M

-  quota_warning = storage=95%% quota-warning 95 %u
-  quota_warning2 = storage=80%% quota-warning 80 %u
+  quota_warning = storage=80%% quota-warning 80 %u
+  quota_warning2 = storage=95%% quota-warning 95 %u
 }

 service quota-warning {
@ -4393,6 +4488,16 @@ if [[ -x "/root/bin/monitoring/check_cert_for_dovecot.sh" ]] ; then
   else
      echo -e "$rc_failed"
      error "$(cat "$log_file")"
+
+      echononl "\tcontinue anyway [yes/no]: "
+      read OK
+      OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+      while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+         echononl "Wrong entry! - repeat [yes/no]: "
+         read OK
+      done
+      [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+
   fi
 else
   echo -e "$rc_skipped"
--- a/update_postfix_dh_parameters.sh
+++ b/update_postfix_dh_parameters.sh
@ -0,0 +1,285 @@
+#!/usr/bin/env bash
+
+script_dir="$(dirname $(realpath $0))"
+script_name="$(basename "$0")"
+
+conf_dir=$(dirname $0)/conf
+conf_file="${conf_dir}/install_postfix_base.conf"
+
+_TLS_CERT_DIR=/etc/postfix/ssl
+_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
+_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
+_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
+
+
+log_file=$(mktemp)
+
+
+# -------------
+# --- Some functions
+# -------------
+clean_up() {
+
+   # Perform program exit housekeeping
+   rm -f $log_file
+   exit $1
+}
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+
+fatal(){
+   echo ""
+   echo -e "fatal error: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m"
+   echo ""
+   clean_up 1
+}
+
+error(){
+   echo ""
+   echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   echo ""
+}
+
+warn (){
+   echo ""
+   echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   echo ""
+}
+
+info (){
+   echo ""
+   echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   echo ""
+}
+
+echo_done() {
+   echo -e "\033[80G[ \033[32mdone\033[m ]"
+}
+echo_ok() {
+   echo -e "\033[80G[ \033[32mok\033[m ]"
+}
+echo_warning() {
+   echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
+}
+echo_failed(){
+   echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
+}
+echo_skipped() {
+   echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
+}
+
+blank_line() {
+   if $terminal ; then
+      echo ""
+   fi
+}
+
+detect_os_1 () {
+
+   if $(which lsb_release > /dev/null 2>&1) ; then
+
+      os_dist="$(lsb_release -i | awk '{print tolower($3)}')"
+      os_version="$(lsb_release -r | awk '{print tolower($2)}')"
+      os_codename="$(lsb_release -c | awk '{print tolower($2)}')"
+
+      if [[ "$os_dist" = "debian" ]]; then
+         if $(echo "$os_version" | grep -q '\.') ; then
+            os_version=$(echo "$os_version" | cut --delimiter='.' -f1)
+         fi
+      fi
+
+   elif [[ -e "/etc/os-release" ]]; then
+
+      . /etc/os-release
+
+      os_dist=$ID
+      os_version=${VERSION_ID}
+
+   fi
+
+   # remove whitespace from os_dist and os_version
+   os_dist="${os_dist// /}"
+   os_version="${os_version// /}"
+
+}
+
+
+
+# -------------
+# --- Some default settings
+# -------------
+
+DEFAULT_ADMIN_EMAIL="argus@oopen.de"
+DEFAULT_RELAY_HOST="b.mx.oopen.de"
+DEFAULT_SASL_AUTH=false
+
+
+# - Is this a systemd system?
+# -
+if [[ "X`which systemd`" = "X" ]]; then
+   systemd_exists=false
+else
+   systemd_exists=true
+fi
+
+echo ""
+
+# - Read Configuration File if exists
+# -
+if [[ -f "$conf_file" ]]; then
+   source $conf_file
+fi
+
+
+# -------------
+# --- Set default values for some non existent variables (i.e. no configuration file is present)
+# -------------
+
+[[ -z "$_ADMIN_EMAIL" ]] && _ADMIN_EMAIL="$DEFAULT_ADMIN_EMAIL"
+[[ -z "$_SASL_AUTH" ]] && _SASL_AUTH="$DEFAULT_SASL_AUTH"
+
+if [[ -z "$_HOSTNAME" ]] ; then
+   _HOSTNAME="$(hostname -f)"
+   _HOSTNAME_SHORT="$(hostname)"
+   [[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME=""
+fi
+
+blank_line
+echononl "Detect distribution/release of running OS.."
+detect_os_1  > /dev/null 2>&1
+if [[ $? -ne 0 ]]; then
+   echo_failed
+else
+   echo_ok
+fi
+blank_line
+blank_line
+
+## - create directory for certificates and copy certificates 
+## - and coresponding keys to /etc/postfix/ssl/
+## -
+if [[ ! -d "/etc/postfix/ssl" ]] ; then
+   fatal "Certification directory \033[1m/etc/postfix/ssl\033[m not found!"
+fi
+
+
+## - generate DH parameters that the Postfix SMTP server should use 
+## - with EDH ciphers (length 512 and 1024
+## -
+echononl "   Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
+if [[ ! -f /etc/postfix/ssl/dh_512.pem ]]; then
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
+   else
+      openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
+   fi
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+   fi
+else
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_512.pem 2> /dev/null); then
+         openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+         fi
+      else
+         echo_skipped
+      fi
+   else
+      echo_skipped
+   fi
+fi
+echononl "   Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
+if [[ ! -f /etc/postfix/ssl/dh_1024.pem ]]; then
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
+   else
+      openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
+   fi
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+   fi
+else
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_1024.pem 2> /dev/null); then
+         openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+         fi
+      else
+         echo_skipped
+      fi
+   else
+      echo_skipped
+   fi
+fi
+echononl "   Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
+if [[ ! -f /etc/postfix/ssl/dh_2048.pem ]]; then
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
+   else
+      openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
+   fi
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+   fi
+else
+   if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then
+      if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_2048.pem 2> /dev/null); then
+         openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
+         if [[ $? -eq 0 ]] ; then
+            echo_ok
+         else
+            echo_failed
+         fi
+      else
+         echo_skipped
+      fi
+   else
+      echo_skipped
+   fi
+fi
+
+## - restart postfix
+## -
+echononl "   Restart postfix"
+if $systemd_exists ; then
+   systemctl restart postfix > /dev/null 2>&1
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+   fi
+else
+   /etc/init.d/postfix restart > /dev/null 2>&1
+   if [[ $? -eq 0 ]] ; then
+      echo_ok
+   else
+      echo_failed
+   fi
+fi
+
+
+echo ""
+clean_up 0
--- a/upgrade_roundcube.sh
+++ b/upgrade_roundcube.sh
@ -3,6 +3,8 @@
 clear
 echo -e "\n   \033[32mStart script for upgrading Roundcube Webmailer..\033[m"

+CUR_IFS="$IFS"
+
 ## -----------------------------------------------------------------
 ## ----------------------------------------------------------------
 ## ---
@ -18,7 +20,7 @@ echo -e "\n   \033[32mStart script for upgrading Roundcube Webmailer..\033[m"
 # - Settings
 # -------------

-#_src_base_dir="$(realpath $(dirname $0))"
+_src_base_dir="$(realpath $(dirname $0))"
 #conf_file="${_src_base_dir}/conf/install_upgrade_roundcube.conf"

 script_name="$(basename $(realpath $0))"
@ -110,6 +112,62 @@ echo_not_yet_implemented(){
   echo -e "\033[85G[ \033[30m\033[1mnot yet implemented\033[m ]"
 }

+detect_mysql_version () {
+
+   _MYSQLD_VERSION="$(mysqld -V 2>/dev/null)"
+
+   if [[ -z "$_MYSQLD_VERSION" ]]; then
+      fatal "No installed MySQL server or distribution found!"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ percona- ]]; then
+      MYSQL_CUR_DISTRIBUTION="Percona"
+   elif [[ "$_MYSQLD_VERSION" =~ MariaDB ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   elif [[ "$_MYSQLD_VERSION" =~ MySQL ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mysql- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MySQL"
+   elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mariadb- ]]; then
+      MYSQL_CUR_DISTRIBUTION="MariaDB"
+   else
+      error "MySQL Instalation found, but cannot determin the distribution!"
+
+      MYSQL_CUR_DISTRIBUTION=
+      echo ""
+      echo "   Select the installed MySQL distribution."
+      echo ""
+      echo "   [1] MySQL (the original community edition)"
+      echo "   [2] Percona Server for MySQL"
+      echo "   [3] MariaDB"
+      echo ""
+      echononl "   Eingabe [1/2/3]: "
+
+      while [ "$MYSQL_CUR_DISTRIBUTION" != "MySQL" -a "$MYSQL_CUR_DISTRIBUTION" != "MariaDB" -a "$MYSQL_CUR_DISTRIBUTION" != "Percona" ];do
+         read OPTION
+         case $OPTION in
+               1)      MYSQL_CUR_DISTRIBUTION="MySQL"
+               ;;
+               2)      MYSQL_CUR_DISTRIBUTION="Percona"
+               ;;
+               3)      MYSQL_CUR_DISTRIBUTION="MariaDB"
+               ;;
+               *)    echo ""
+                     echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = Percona ; 3 = MariaDB ]"
+                     echo ""
+                     echononl "   Eingabe:"
+               ;;
+         esac
+      done
+   fi
+
+   MYSQL_VERSION="$(echo $_MYSQLD_VERSION | grep -o -E "[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?" | head -n 1)"
+   MYSQL_MAJOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1)"
+   MYSQL_MINOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f2)"
+   MYSQL_PATCH_LEVEL="$(echo $MYSQL_VERSION | cut -d '.' -f3)"
+   MYSQL_MAIN_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1,2)"
+
+}
+
+
 trap clean_up SIGHUP SIGINT SIGTERM


@ -154,15 +212,6 @@ fi
 DEFAULT_DB_HOST="localhost"
 DEFAULT_DB_NAME="roundcubemail"
 DEFAULT_DB_USER="roundcube"
-if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
-elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
-   DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
-else
-   DEFAULT_MYSQL_CREDENTIALS=""
-fi
-DEFAULT_DEBIAN_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
-DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"


 while IFS='' read -r -d '' _conf_file ; do
@ -186,6 +235,7 @@ while IFS='' read -r -d '' _conf_file ; do
   fi
   WEBSITE_NAME=""
 done  < <(find "${conf_dir}" -maxdepth 1 -type f -name "install_upgrade_roundcube*.conf" -print0)
+IFS="$CUR_IFS"

 if [[ ${#unsorted_website_arr} -eq 0 ]]; then
   fatal "No configuration files found in '${script_dir}/conf' or no website configured!"
@ -194,7 +244,7 @@ fi
 # - Sort array
 # -
 IFS=$'\n' website_arr=($(sort <<<"${unsorted_website_arr[*]}"))
-IFS=' '
+IFS="$CUR_IFS"


 WEBSITE_NAME=
@ -208,6 +258,8 @@ for _site in ${website_arr[@]} ; do
   echo "   [$i] ${_arr[0]}"
   ((i++))
 done
+IFS="$CUR_IFS"
+
 echo
 echononl "   Eingabe: "
 while ! $_OK ; do
@ -223,6 +275,7 @@ read _IN
      echononl "   Eingabe: "
   fi
 done
+IFS="$CUR_IFS"

 echo ""
 echononl "   Include Configuration file.."
@ -234,6 +287,7 @@ else
   echo_ok
 fi

+
 [[ -n "$WEBSITE_NAME" ]] || fatal "Website's name (WEBSITE_NAME) not present!"

 DEFAULT_WEBSITE_BASEDIR="/var/www/${WEBSITE_NAME}"
@ -269,17 +323,98 @@ if [ "$DB_TYPE" = "postgres" -o  "$DB_TYPE" = "postgresql" -o "$DB_TYPE" = "pgsq
 fi


-if [[ "$DB_TYPE" = "mysql" ]]; then
-   if $MYSQL_DEBIAN_INSTALLATION ; then
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+if [[ "$DB_TYPE" = "mysql" ]] ; then
+
+   if [[ -z ${MYSQL_CREDENTIALS} ]] ; then
+
+      detect_mysql_version
+
+      if [[ "$MYSQL_CUR_DISTRIBUTION" = "MariaDB" ]] && ([[ $MYSQL_MAJOR_VERSION -gt 10 ]] \
+            || ( [[ $MYSQL_MAJOR_VERSION -eq 10 ]] && [[ $MYSQL_MINOR_VERSION -gt 3 ]] )) ; then
+         if [[ -S "/tmp/mysql.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /tmp/mysql.sock"
+         elif [[ -S "/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /run/mysqld/mysqld.sock"
+         elif [[ -S "/var/run/mysqld/mysqld.sock" ]]; then
+            MYSQL_CREDENTIALS="-u root -S /var/run/mysqld/mysqld.sock"
         else
-      [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
+
+               Use configuration file "$conf_file" to set
+               parameter manually."
+         fi
+
+      else
+      
+         echononl "\tGet MySQL command.."
+         mysql_command="$(which mysql)"
+         if [[ $? -eq 0 ]]; then
+            echo_ok
+         else
+
+            if [[ -x "/usr/local/mysql/bin/mysql" ]]; then
+               mysql_command="/usr/local/mysql/bin/mysql"
+               echo_ok
+            else
+               echo_failed
+               fatal "$(cat $tmp_log_file)"
+            fi
+         fi
+
+         if $(${mysql_command} --login-path=local  -e ";" > /dev/null 2>&1) ; then
+            MYSQL_CREDENTIALS="--login-path=local"
+         elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+         elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
+            MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
+         else
+            fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated. 
+
+               Use configuration file "$conf_file" to set 
+               parameter manually."
+         fi
+      fi
+
+      #if $MYSQL_DEBIAN_INSTALLATION ; then
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
+      #else
+      #   [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
+      #fi
+
   fi
 else
+   #[[ "$POSTFIX_DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$POSTFIX_DB_TYPE' (POSTFIX_DB_TYPE)"
   [[ "$DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$DB_TYPE' (DB_TYPE)"
 fi


+if [[ "$DB_TYPE" = "mysql" ]]; then
+   echononl "   Get MySQL command.."
+   mysql_command="$(which mysql)"
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+
+      if [[ -x "/usr/local/mysql/bin/mysql" ]]; then
+         mysql_command="/usr/local/mysql/bin/mysql"
+         echo_ok
+      else
+         echo_failed
+         fatal "$(cat $tmp_log_file)"
+      fi
+   fi
+elif [[ "$DB_TYPE" = "pgsql" ]] ; then
+   echononl "   Get PostgreSQL command.."
+   psql_command="$(which psql)"
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+      echo_failed
+   fi
+
+fi
+
+
 echo -e "\033[32m--\033[m"
 echo ""
 echo "Version of the Roundcube Webmailer to install"
@ -330,8 +465,56 @@ else
   else
      echo_ok
   fi
+   IFS="$CUR_IFS"
 fi

+# - Get the latest PHP version
+# -
+echononl "\tGet major version of latest installed PHP version"
+php_latest_ver=""
+if $PHP_DEBIAN_INSTALLATION ; then
+   echo_skipped
+else
+   if [[  -n "$php_major_versions" ]]; then
+      for _ver in $php_major_versions ; do
+         if [[ -z "$php_latest_ver" ]] ; then
+            php_latest_ver=$_ver
+         elif [[ "${_ver%.*}" -gt "${php_latest_ver%.*}" ]] ; then
+            php_latest_ver=$_ver
+         elif [[ "${_ver%.*}" -eq "${php_latest_ver%.*}" ]] ; then
+            [[ "${_ver#*.}"  -gt  "${php_latest_ver#*.}" ]] && php_latest_ver=$_ver
+         fi
+      done
+      echo_ok
+   else
+      echo_skipped
+      warn "Getting major version of latest installed PHP version failed! -  No installed PHP versiond found!"
+   fi
+fi
+
+# - Get activ PHP version, means that on which is part of $PATH environment
+# -
+echononl "\tGet PHP version in PATH environment.."
+if $(which php > /dev/null 2>&1)  ; then
+   php_version_in_path="$(php --version 2> /dev/null | head -1 | cut -d' ' -f2 | cut -d '-' -f1 2> /dev/null)"
+   if [[ $? -eq 0 ]] && [[ -n "${php_version_in_path}" ]]; then
+      echo_ok
+   else
+      echo_failed
+
+      fatal "Failed getting PHP Version.."
+   fi
+else
+   echo_skipped
+
+   fatal "No PHP binary found in PATH environment.."
+fi
+
+
+# - Log directory containing upgrade log files
+# -
+_log_dir=${script_dir}/log-upgrade-roundcube-${ROUNDCUBE_VERSION}
+

 echo ""
 echo ""
@ -383,6 +566,7 @@ else
   done
   echo ""
   echo -e   "\tNewest PHP Version...................: $php_latest_ver"
+   echo -e   "\tPHP Version of php binary in PATH....: $php_version_in_path"
 fi
 echo ""
 echo -e   "\tCrontab backup file..................: $crontab_backup_file"
@ -399,24 +583,86 @@ else
   fatal "Abort by user request - Answer as not 'YES'"
 fi

+echononl "\tCheck Database connection .."
 if [[ "$DB_TYPE" = "mysql" ]]; then
-   if ! mysql $MYSQL_CREDENTIALS -N -s -e \
+   ${mysql_command} $MYSQL_CREDENTIALS -N -s -e \
      "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '$DB_NAME'" 2>> $log_file \
-      | grep $DB_NAME >> $log_file 2>&1 ; then
-		fatal "MySQL Database '$DB_NAME' does not exit. (See Parameter 'DB_NAME')"
+      | grep $DB_NAME >> $log_file 2>&1
+
+   if [[ "$?" = "0" ]]; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+
+      echononl "continue anyway [yes/no]: "
+      read OK
+      OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+      while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+         echononl "Wrong entry! - repeat [yes/no]: "
+         read OK
+      done
+      [[ $OK = "yes" ]] || fatal "Abbruch durch User"
   fi
+ 
 elif [[ "$DB_TYPE" = "pgsql" ]]; then
-   count=$(su - postgres -c "psql -q -A -t -l" | grep -c -e "^$DB_NAME")
+   count=$(su - postgres -c "${psql_command} -q -A -t -l" | grep -c -e "^$DB_NAME")
   if [[ $count -eq 0 ]];then
-		fatal "PostgreSQL Database '$DB_NAME' does not exit. (See Parameter 'DB_NAME')"
+      echo_failed
+      error "$(cat $log_file)"
+
+      echononl "continue anyway [yes/no]: "
+      read OK
+      OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+      while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+         echononl "Wrong entry! - repeat [yes/no]: "
+         read OK
+      done
+      [[ $OK = "yes" ]] || fatal "Abbruch durch User"
+   else
+      echo_ok
   fi
 else
   fatal "Cannot detect database type (value of  DB_TYPE is neither 'mysql' nor 'pgsql')"
 fi


+echononl "\tInstall/Update composer to /usr/local/bin"
+
+echononl "\tDownload composer from 'getcomposer.org'.."
+php -r "copy('https://getcomposer.org/installer', '${script_dir}/composer-setup.php');" > $log_file 2>&1
+if [[ "$?" = "0" ]]; then
+   echo_ok
+else
+   echo_failed
+   error "$(cat $log_file)"
+fi
+
+echononl "\tInstall composer to /usr/local/bin"
+php ${script_dir}/composer-setup.php --install-dir=/usr/local/bin --filename=composer > $log_file 2>&1
+if [[ "$?" = "0" ]]; then
+   echo_ok
+else
+   echo_failed
+   error "$(cat $log_file)"
+fi
+
+
 echo -e "\n\n   \033[37m\033[1mCreate some Backups..\033[m\n"

+echononl "   Backup existing upgrade log directory \033[37m\033[1m$(basename "${_log_dir}")\033[m"
+if [[ -d "${_log_dir}" ]] ; then
+   mv "${_log_dir}" "${_log_dir}.${backup_date}" > $log_file 2>&1
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+      echo_failed
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
 echononl "   Backup existing Database '$DB_NAME'"
 if [[ "$DB_TYPE" = "mysql" ]]; then
 	echo -n " (MySQL).."
@ -631,8 +877,8 @@ else
 fi

 echononl "   Create log-directory for update log file"
-if [[ ! -d "${script_dir}/log" ]]; then
-	mkdir "${script_dir}/log" > $log_file 2>&1
+if [[ ! -d "${_log_dir}" ]]; then
+	mkdir "${_log_dir}" > $log_file 2>&1
 	if [[ $? -eq 0 ]]; then
 		echo_ok
 	else
@ -643,10 +889,40 @@ else
 	echo_skipped
 fi

+
+echononl "\tRename the composer.json-dist file into composer.json"
+cp -a "composer.json-dist" "composer.json" > $log_file 2>&1
+if [[ $? -eq 0 ]]; then
+      echo_ok
+else
+   echo_failed
+   error "$(cat $log_file)"
+fi
+
+echononl "\tInstall composer to ${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}"
+php ${script_dir}/composer-setup.php --install-dir=${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION} > $log_file 2>&1
+if [[ "$?" = "0" ]]; then
+   echo_ok
+else
+   echo_failed
+   error "$(cat $log_file)"
+fi
+
+echononl "\tRemove the installer"
+php -r "unlink('${script_dir}/composer-setup.php');" > $log_file 2>&1
+if [[ "$?" = "0" ]]; then
+   echo_ok
+else
+   echo_failed
+   error "$(cat $log_file)"
+fi
+
+
+
 echo ""
 echo "   Update the the roundcube web-directory to version '${ROUNDCUBE_VERSION}'"
-echononl "      See: ${script_dir}/log/update_roundcube-${ROUNDCUBE_VERSION}.${backup_date}.log"
-echo "y" | ${script_dir}/roundcubemail-${ROUNDCUBE_VERSION}/bin/installto.sh "${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}" > ${script_dir}/log/update_roundcube-${ROUNDCUBE_VERSION}.${backup_date}.log 2>&1
+echononl "      See: ${_log_dir}/update_roundcube-${ROUNDCUBE_VERSION}.${backup_date}.log"
+echo "y" | ${script_dir}/roundcubemail-${ROUNDCUBE_VERSION}/bin/installto.sh "${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}" > ${_log_dir}/update_roundcube-${ROUNDCUBE_VERSION}.${backup_date}.log 2>&1
 if [[ $? -eq 0 ]]; then
   echo_ok
 else
@ -681,12 +957,12 @@ done


 echononl "   Update dependencies by running 'php composer.phar update --no-dev'"
-php composer.phar --no-interaction update --no-dev > ${script_dir}/log/update_roundcube-${ROUNDCUBE_VERSION}-dependencies.${backup_date}.log 2>&1
+php composer.phar --no-interaction update --no-dev > ${_log_dir}/update_roundcube-${ROUNDCUBE_VERSION}-dependencies.${backup_date}.log 2>&1
 if [[ $? -eq 0 ]]; then
   echo_ok
 else
 	echo_failed
-   error "command was:\n\t            # cd "${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}"\n\t            #php composer.phar --no-interaction update --no-dev\n\n$(cat ${script_dir}/log/update_roundcube-${ROUNDCUBE_VERSION}-dependencies.${backup_date}.log)"
+   error "command was:\n\t            # cd "${WEBSITE_BASEDIR}/roundcubemail-${ROUNDCUBE_VERSION}"\n\t            #php composer.phar --no-interaction update --no-dev\n\n$(cat ${_log_dir}/update_roundcube-${ROUNDCUBE_VERSION}-dependencies.${backup_date}.log)"

   echononl "continue anyway [yes/no]: "
   read OK
Author	SHA1	Message	Date
Christoph	cb9e958d39	install_update_dovecot-2.4.sh: fix errors Correct errors relating to database access.	2025-08-23 17:28:28 +02:00
Christoph	761a3a3b34	Merge branch 'master' of git.oopen.de:install/mailsystem	2025-08-23 11:49:42 +02:00
Christoph	ae06305069	install_update_dovecot-2.4.sh: Set 'quota_storage_size' to 9 (unlimited) - We only use personalized quotas.	2025-08-23 11:49:29 +02:00
Christoph	e50851b519	install_update_dovecot-2.4.sh: fix errors concerning mail location settings of shared folders,	2025-08-23 02:19:37 +02:00
Christoph	c82ff77bbe	Add DOC/dovecot/README.maildir-size-fix.pl.	2025-08-22 00:18:41 +02:00
Christoph	f4c7453675	install_update_dovecot-2.4.sh: add parameter 'maildir_broken_filename_sizes = yes' and 'auth_allow_weak_schemes = yes'.	2025-08-21 23:38:55 +02:00
Christoph	06914fcade	install_postfix_advanced.sh: add parameters for 'Postfix DSN Support' to file 'main.cf'.	2025-08-21 00:06:17 +02:00
Christoph	230ab94ca6	install_update_dovecot-2.4.sh: fix quota relating errors.	2025-08-14 12:43:33 +02:00
Christoph	7cc2369ea0	install_update_dovecot-2.4.sh: initial versionm.	2025-08-14 01:41:47 +02:00
Christoph	4aaeae3b1a	install_update_dovecot-2.4.sh: another intermediate version.	2025-08-13 01:54:56 +02:00
Christoph	692e76ad1d	install_update_dovecot-2.4.sh: another intermediate version.	2025-08-12 02:03:37 +02:00
Christoph	6f02a45023	Rename 'README.test_mailprotocolls' to 'README.test_mailprotocols'.	2025-08-03 11:01:44 +02:00
Christoph	e971f26c75	README.test_mailprotocolls: adjust / expand documentation.	2025-08-03 11:00:31 +02:00
Christoph	bbc3cf87f1	install_update_dovecot-2.4.sh: another intermediate version.	2025-07-23 01:57:24 +02:00
Christoph	195e3f65ee	install_update_dovecot-2.4.sh: another imtermediate update.	2025-07-22 03:01:11 +02:00
Christoph	0270997761	install_update_dovecot-2.4.sh: another imtermediate update	2025-07-20 13:19:59 +02:00
Christoph	6e19d1a938	install_update_dovecot-2.4.sh: another intermediate version.	2025-07-19 01:46:06 +02:00
Christoph	5a9dcc4b8f	install_update_dovecot-2.4.sh: another intermediate version.	2025-07-18 02:31:55 +02:00
Christoph	94a1895873	install_update_dovecot-2.4.sh: another intermediate version.	2025-07-14 15:17:45 +02:00
Christoph	e00ba6f4ce	install_update_dovecot-2.4.sh: intermediate version.	2025-07-14 01:41:53 +02:00
Christoph	845325eac8	ignore '.env' files.	2025-07-14 01:41:03 +02:00
Christoph	ba20cb36fe	Add initial not yet running installscript for dovecot version 2.4.x	2025-07-12 12:55:16 +02:00
Christoph	83ad91f77d	install_update_dovecot.sh:cleanup fron debug code..	2025-07-12 12:54:08 +02:00
Christoph	3a98ac15f7	Merge branch 'master' of https://git.oopen.de/install/mailsystem	2025-07-12 11:10:26 +02:00
Christoph	d811cbfbd1	Backup 'BAK/install_update_dovecot.sh' bevor uploading a new one.	2025-07-12 11:10:17 +02:00
Christoph	5eebd200f4	install_update_dovecot.sh: some minor changes.	2025-07-12 11:07:57 +02:00
Christoph	14ae5a3ebf	install_postfix_advanced.sh: workarround for error: the query to zen.spamhaus.org was blocked due to usage of an open resolver.	2025-05-15 02:59:51 +02:00
Christoph	e24fb4cad3	install_postfix_advanced.sh: fix error in creating master.cf (+policy-spf).	2025-05-14 11:18:56 +02:00
Christoph	cc06fe5cfa	install_amavis.sh: fix errors in if statements: replace ':' with ';'.	2025-05-14 10:26:50 +02:00
Christoph	4442c6230e	install_postfix_advanced.s - policyd-spf h: increase 'void lookup limit'fro '2' to '5'.	2025-04-29 17:09:27 +02:00
Christoph	3f141499dc	install_postfix_base.sh: update file 'sasl_passwd' instead ao renewing it.	2025-03-12 14:43:41 +01:00
Christoph	9b12e32853	install_amavis.sh: Moving SPAM policies into an external file.	2025-03-03 17:57:22 +01:00
Christoph	894ff4eced	install_opendmarc.sh: adjust configuration file.	2025-03-03 15:42:04 +01:00
Christoph	99b1205d1b	install_opendkim.sh: adjust configuration file.	2025-03-03 15:41:40 +01:00
Christoph	ae2b6540af	install_postfix_advanced.sh: add support for postfix-policyd-spf-python .	2025-03-02 02:17:25 +01:00
Christoph	6cc1848e45	install_opendkim.sh: Add an Authentication-Results: header field.	2025-02-26 12:26:19 +01:00
Christoph	07231ac1c7	install_postfix_advanced.sh: ix.dnsbl.manitu.net (also known as NixSpam) has been shutdown on 2025-01-16.	2025-02-14 14:29:14 +01:00
Christoph	7b6e4c36d0	install_amavis.sh,install_postfix_advanced.sh: support additional smtp port in case of relay host.	2025-01-27 18:50:01 +01:00
Christoph	ee41a335b1	install_postfix_base.sh: some really minor changes..	2025-01-27 17:48:36 +01:00
Christoph	0b410ad6d8	install_postfix_base.sh: support relaying to non standard port (other than 25).	2025-01-27 17:02:08 +01:00
Christoph	aa092ea841	install_postfixadmin.sh: orioginal script now has the right charset (utf8).	2025-01-05 01:15:39 +01:00
Christoph	da6c7fca0e	install_postfix_base.sh: fix error if IPv4 address is a loopback address (127.x).	2024-12-18 12:04:04 +01:00
root	f1f56f48f6	install_amavis.sh: fix error in if statement.	2024-10-01 17:27:21 +02:00
Christoph	765b16fd59	Merge branch 'master' of git.oopen.de:install/mailsystem	2024-10-01 00:21:35 +02:00
Christoph	6a34a5b74c	README.test_mailprotocolls: add test of RSA based TLS connection.	2024-10-01 00:21:16 +02:00
Christoph	ad1d844b54	install_postfix_advanced.sh: some minor changes in writing 'main.cf'.	2024-10-01 00:20:04 +02:00
Christoph	aa38ae7d76	install_postfix_advanced.sh: some realy minor changes.	2024-09-30 17:55:26 +02:00
Christoph	f6482795c4	install_postfix_advanced.sh: get rid of trailling blanks.	2024-09-28 22:53:45 +02:00
root	361ccefd9a	install_postfix_advanced.sh: adjust defaulr 'main.cf' file.	2024-09-26 17:44:21 +02:00
root	307c47d4a5	install_amavis.sh: adjust '_needed_packages_clamav'.	2024-09-26 16:19:25 +02:00
Christoph	8670eb3dba	Merge branch 'master' of https://git.oopen.de/install/mailsystem	2024-09-18 23:10:34 +02:00
Christoph	8a66f11f49	install_postfix_advanced.sh: change comments for some tls parameters.	2024-09-18 23:05:30 +02:00
Christoph	1d78a7e4b3	Merge branch 'master' of https://git.oopen.de/install/mailsystem	2024-09-18 19:38:15 +02:00
Christoph	6c3c0c596b	install_amavis.sh: fix error in adding SecuriteInfo signatures to freshclam.conf.	2024-09-18 19:37:54 +02:00
Christoph	b069fdac30	install_amavis.sh: SecuriteInfo was moved to ClamAV's Freshclam. Also get rid of trailling spaces.	2024-09-18 16:46:38 +02:00
Christoph	240dfbb54a	install_postfix_advanced.sh, install_postfix_base.sh: adjust tls parameters of 'main.cf'.	2024-09-17 16:28:25 +02:00
Christoph	3eb53b5463	install_postfix_base.sh,install_postfix_advanced.sh: adjust second time '/etc/rsyslog.d/postfix.conf'.	2024-09-15 22:18:20 +02:00
Christoph	e976d0e3ef	install_postfix_base.sh,install_postfix_advanced.sh: adjust '/etc/rsyslog.d/postfix.conf'.	2024-09-15 22:07:54 +02:00
ckubu	da37fc1938	install_amavis.sh: add support for SecuriteInfo signatur databases at clamav-freshclam.	2024-08-31 22:59:44 +02:00
ckubu	d189d8c4e9	install_amavis.sh: change cooment for SecuritoInfo accounts.	2024-08-31 22:17:25 +02:00
ckubu	d0816ecf1c	install_amavis.sh: change variable DEFAULT_SI_AUTHORISATION_SIGNATURE_OOPEN.	2024-08-31 22:01:08 +02:00
Christoph	8a9ea4141b	install_roundcube.sh: Change way to determin 'MYSQL_CREDENTIALS'.	2024-08-10 21:35:13 +02:00
Christoph	46ea239260	upgrade_roundcube.sh: delete unused statement..	2024-08-10 21:33:22 +02:00
Christoph	f766e859f7	upgrade_roundcube.sh: Change settimgs of var 'MYSQL_CREDENTIALS'.	2024-08-10 16:43:51 +02:00
Christoph	3785baa94a	install_postfixadmin.sh: some changes in determinatiom MySQL installed Version.	2024-08-02 18:16:36 +02:00
Christoph	a792c623bd	Change determination of MySQL credentials.	2024-08-02 17:47:06 +02:00
Christoph	2110953673	install_update_dovecot.sh: fix minor error restarting rsyslog.	2024-07-04 00:38:36 +02:00
Christoph	aad56b6497	install_update_dovecot.sh: fix error on quota warnings.	2024-05-15 16:27:47 +02:00
Christoph	97898ca194	Merge branch 'master' of git.oopen.de:install/mailsystem	2024-05-11 16:03:50 +02:00
Christoph	520a1c115d	Call of 'check_sender_access' and 'check_recipient_access' already with 'smtpd_client_restrictions' before querying blacklists.	2024-05-11 16:03:36 +02:00
Christoph	e70949f6ec	Add suport for sender domain rewriting.	2024-05-07 13:41:32 +02:00
Christoph	397c6304e8	install_postfix_*: add support for 'smtp_generic_maps'.	2024-05-07 12:23:58 +02:00
Christoph	5365eb8e18	Add file 'README.disable-milter-mail-filter'.	2024-05-07 12:23:26 +02:00
Christoph	0c5c9915f8	install_postfix_*: add support for 'smtp_generic_maps'.	2024-05-07 12:23:00 +02:00
Christoph	015cba6d05	Add 'README.default-rate-limits'.	2024-04-17 14:43:06 +02:00
Christoph	b4cbe3989c	install_opendmarc.sh: change default value for 'RequiredHeaders' to 'false'.	2024-03-22 22:03:09 +01:00
Christoph	ba486f22db	install_postfix_advanced.sh: add support for allowing extra hosts (ip-addresses) for relaying.	2024-03-22 01:54:45 +01:00
Christoph	44317f0b57	Add support for disabling milter mail filters.	2024-03-20 16:50:31 +01:00
Christoph	0f6fa53e6d	upgrade_roundcube.sh: fix error using internal field separator IFS.	2024-03-17 18:34:07 +01:00
Christoph	0c4dd7b5e9	README.virtual-do-not-reply: minor changes.	2024-02-28 18:28:08 +01:00
Christoph	e93a4783a2	install_postfix_advanced.sh: add support for lookup tables 'virtual_alias_domains' and 'virtual_alias_maps'.	2024-02-28 18:26:56 +01:00
Christoph	5261828376	Add 'README.virtual-do-not-reply'.	2024-02-28 17:59:55 +01:00
Christoph	3f3ef95240	install_postfixadmin.sh: change '$CONF['password_expiration']' to 'NO'.	2024-01-03 22:37:41 +01:00
Christoph	cda7fb08da	install_postfix_advanced.sh: remove 127.0.0.25 from inte_interfaces.	2023-12-09 01:08:03 +01:00
Christoph	83a4e631b5	install_postfix_advanced.sh: add comment for '127.0.0.25'.	2023-12-08 23:58:32 +01:00
Christoph	b1f4cdc84d	install_roundcube.sh: change location of php-socket to directory '/run/php/'.	2023-12-08 23:57:00 +01:00
Christoph	1f05685af9	install_update_dovecot.sh: creating DH parameter changes if debian version is 12 or above.	2023-12-08 18:53:30 +01:00
Christoph	e48b35bdd1	install_amavis.sh: fix error on data input.	2023-12-08 18:09:12 +01:00
Christoph	e595f034d8	install_amavis.sh: fix error in writing 'master.cf' in case of SASL AUTH enabled.	2023-11-21 21:03:14 +01:00
Christoph	d5d3bddb8c	install_postfix_base.sh: change function dectec_os to dectect_os_1.	2023-11-15 18:36:51 +01:00
Christoph	b717e88130	update_postfix_dh_parameters.sh: change function dectec_os to dectect_os_1.	2023-11-15 18:35:48 +01:00
Christoph	ccc527abc2	Add script 'update_postfix_dh_parameters.sh'.	2023-11-15 17:49:01 +01:00
Christoph	2291f6efa9	install_postfix_advanced.sh: fix error detecting os distribution/version.	2023-11-15 17:20:34 +01:00
chris	bb464c1686	install_postfix_base.sh: minor chanmges on script output.	2023-11-15 16:42:53 +01:00
chris	23165653f5	install_postfix_advanced.sh: fix error icreatunf / installing DH parameters.	2023-11-15 16:42:05 +01:00
chris	ba988c63bc	install_postfix_base.sh: fix error on script output.	2023-11-15 16:37:47 +01:00
Christoph	4dd9611151	fix error creating / installing DH parameters.	2023-11-15 15:50:06 +01:00
Christoph	0bde654616	install_postfix_advanced.sh: exclude TLSv1 for smtp server and TLSv1 and TLSv1.1 for smtp client.	2023-11-13 09:25:54 +01:00
Christoph	190b0d0fcb	install_postfix_advanced.sh: add message headers that include information about the protocol and cipher used.	2023-11-13 09:22:18 +01:00
Christoph	30db99c91e	install_amavis.sh: adjust spamassassin's local.cnf file.	2023-11-07 11:44:59 +01:00
Christoph	25d24ccdfc	install_amavis.sh: add debian package 'libnet-patricia-perl'.	2023-10-23 01:08:10 +02:00
Christoph	e50d23d9e8	install_amavis.sh: some minor changes/fixes	2023-10-22 18:56:34 +02:00
Christoph Kuchenbuch	2984da58c9	install_amavis.sh: some fixes to support debian version 12.	2023-10-22 17:54:47 +02:00
Christoph	4a6d7034f2	install_postfixadmin.sh: Change use of virtual vacation from 'YES' to 'NO'.	2023-08-30 18:57:44 +02:00
Christoph	0e9f2d739b	install_amavis.sh: install 'libclamunrar11' in case of debian 12 (bookworm).	2023-06-24 09:57:44 +02:00
Christoph	58cd085f59	install_postfixadmin.sh: some minor changes in script output.	2023-06-24 02:16:53 +02:00
Christoph	a0f75035ad	install_postfixadmin.sh: support transfer 'setup_password' from old installation.	2023-06-24 02:14:45 +02:00
Christoph	db1c2fd72b	install_amavis.sh: some changes (i.e. port number) for whitelisted sender addresses.	2023-05-18 12:51:27 +02:00
Christoph	058ea39ce7	install_amavis.sh: forgot to add tcp port 10026 ..	2023-05-17 02:16:44 +02:00
Christoph	225d8f83c6	install_amavis.sh: do virus check on whitelisted addresses.	2023-05-17 01:52:02 +02:00
Christoph	93a7f2fe62	add 'README.smtp-over-tor-hidden-services'.	2023-04-27 00:02:13 +02:00
Christoph	5f554c8bbd	install_roundcube.sh: replace 'smtp_server' with 'smtp_host' in configuration file.	2023-03-06 22:57:13 +01:00
Christoph	cc146aa5fc	install_postfixadmin.sh: some minor dhanges in script output.	2023-03-06 13:00:33 +01:00
Christoph	1f34f1eaaa	upgrade_roundcube.sh: install new version of composer.	2023-03-06 12:48:49 +01:00