#!/usr/bin/env bash # ------------- # --- Some functions # ------------- clean_up() { # Perform program exit housekeeping rm -f $tmp_err_msg blank_line exit $1 } echononl(){ echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n "$*\\c" 1>&2 else echo -e -n "$*" 1>&2 fi rm /tmp/shprompt$$ } fatal(){ echo "" echo "" echo -e "Fatal error: $*" echo "" echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" echo "" clean_up 1 } error(){ echo "" echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" echo "" } warn (){ echo "" echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" echo "" } info (){ echo "" echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo "" } echo_done() { echo -e "\033[80G[ \033[32mdone\033[m ]" } echo_ok() { echo -e "\033[80G[ \033[32mok\033[m ]" } echo_warning() { echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" } echo_failed(){ echo -e "\033[80G[ \033[1;31mfailed\033[m ]" } echo_skipped() { echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" } detect_os_1 () { if $(which lsb_release > /dev/null 2>&1) ; then os_dist="$(lsb_release -i | awk '{print tolower($3)}')" os_version="$(lsb_release -r | awk '{print tolower($2)}')" os_codename="$(lsb_release -c | awk '{print tolower($2)}')" if [[ "$os_dist" = "debian" ]]; then if $(echo "$os_version" | grep -q '\.') ; then os_version=$(echo "$os_version" | cut --delimiter='.' -f1) fi fi elif [[ -e "/etc/os-release" ]]; then . /etc/os-release os_dist=$ID os_version=${VERSION_ID} fi # remove whitespace from os_dist and os_version os_dist="${os_dist// /}" os_version="${os_version// /}" } trim() { local var="$*" var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters echo -n "$var" } blank_line() { echo "" } # ------------- # --- Some default settings # ------------- DEFAULT_ADMIN_EMAIL="argus@oopen.de" # - Is this a systemd system? # - if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false else systemd_exists=true fi FORCE_UPDATE="" UPDATED=false blank_line blank_line if [[ -f "/etc/postfix/header_checks.pcre" ]] \ || [[ -f "/etc/postfix/body_check.pcre" ]] \ || [[ -f "/etc/postfix/mime_header_check.pcre" ]]; then echo -e " \033[1;32mUpdate/Create SPAM Header/MIME-Header-/Body PCRE check files..\033[m" echo "" echo "" echo " At least one PCRE check file exits. Should these file(s) be updated?" echo "" echo -e " \033[33mType to choose the highlighted value\033[m" echo "" echo "" echononl " Force update existing header/mime-header/body checks? [\033[1;33myes\033[m/no]: " read FORCE_UPDATE FORCE_UPDATE=${FORCE_UPDATE,,} FORCE_UPDATE="$(trim "$FORCE_UPDATE")" if [[ -z "$FORCE_UPDATE" ]] || [[ "$FORCE_UPDATE" = "yes" ]]; then FORCE_UPDATE=true elif [[ "$FORCE_UPDATE" = "no" ]]; then FORCE_UPDATE=false else FORCE_UPDATE="" fi while [[ -z "$FORCE_UPDATE" ]] ; do echononl " Wrong entry! [\033[1myes\033[m/no]: " read FORCE_UPDATE FORCE_UPDATE=${FORCE_UPDATE,,} FORCE_UPDATE="$(trim "$FORCE_UPDATE")" if [[ -z "$FORCE_UPDATE" ]] || [[ "$FORCE_UPDATE" = "yes" ]]; then FORCE_UPDATE=true elif [[ "$FORCE_UPDATE" = "no" ]]; then FORCE_UPDATE=false else FORCE_UPDATE="" fi done echo "" echo " FORCE_UPDATE.....: $FORCE_UPDATE" echo "" echononl " Continue (yes/no): " read OK OK=${OK,,} while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do echononl " Wrong entry! [yes/no]: " read OK OK=${OK,,} done [ $OK = "yes" ] || fatal Repeat with other settings.. echo "" echo -e "\033[32m--\033[m" echo "" else echo -e " \033[32mCreate SPAM Header/MIME-Header-/Body PCRE check files..\033[m" FORCE_UPDATE="true" fi blank_line _file="/etc/postfix/header_checks.pcre" echononl " Create file '$_file' used for header replacing" if $FORCE_UPDATE ; then cat << EOF > "$_file" # --- # - Replace headers # --- # - Replace recieved from #/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])\$2(Authenticated sender: \$3)\$4 # --- # - Ignore Headers # --- #/^\s*User-Agent/ IGNORE #/^\s*X-Enigmail/ IGNORE #/^\s*X-Mailer/ IGNORE #/^\s*X-Originating-IP/ IGNORE # --- # - Reject / Discard headers # --- /^To:.*<>/ DISCARD Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001 /\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001 /^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001 /^Reply-To: .+\@ppe-healthcare-europe\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1002 /^Reply-To: .+\@testbedarf.shop/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1003 /^Reply-To: .+\@acieu\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1004 /^Reply-To: .+\@acievents\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1005 /^Reply-To: .+\@dokpotenz\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1006 /^Reply-To: .+\@doktorapo\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1007 /^Reply-To: .+\@sendelope.eu/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1008 /^Reply-To: .+\@team-de-luxe\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1009 /^Reply-To: .+\@klickensiejetzt\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1010 /^Reply-To: .+\@podiumskate\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1011 /^Reply-To: videotech\@gmx\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1012 /^Reply-To: stdukefoundation@hotmail.com/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1013 /^From:.*<>/ DISCARD Possible SPAM - Header-Spamschutzregel FROM-1001 /^From: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1002 /^From: .+\@ppe-healthcare-europe\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1003 /^From: .+\@testbedarf.shop/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1004 /^From: .+\@acieu\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1005 /^From: .+\@acievents\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1006 /^From: .+\@dokpotenz\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1007 /^From: .+\@doktorapo\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1008 /^From: .+\@sendelope.eu/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1009 /^From: .+\@team-de-luxe\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1010 /^From: .+\@klickensiejetzt\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1011 /^From: .+\@podiumskate\..+/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1012 /^From: .+\@growthrecords.com/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1013 /^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001 /^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002 /^Date: .* 201[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003 /^Date: .* 2020/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004 EOF if [[ $? -eq 0 ]] ; then echo_ok UPDATED=true else echo_failed fi else echo_skipped fi _file="/etc/postfix/mime_header_check.pcre" echononl " Create file '$_file' used for header replacing" if $FORCE_UPDATE ; then cat << EOF > "$_file" # --- # - Check MIME-Headers # --- /name=[^>]*\.exe/ REJECT No .exe files allowed - Mime--Spamschutzregel EXE-1001 /name=[^>]*\.bat/ REJECT No .bat files allowed - Mime--Spamschutzregel BAT-1002 /name=[^>](screensaver|movie)\.zip/ REJECT Sobig Virus found - Mime-Spamschutzregel VIR-1003 EOF if [[ $? -eq 0 ]] ; then echo_ok UPDATED=true else echo_failed fi else echo_skipped fi _file="/etc/postfix/body_check.pcre" echononl " Create file '$_file' used for header replacing" if $FORCE_UPDATE ; then cat << EOF > "$_file" # --- # - Body Checks # --- /See the attached file for details/ REJECT Sobig Virus found. - Body-Spamschutzregel TEXT-1001 /.*https?:\/\/click2eat.shop\/Installer\/updatedwebmails/ REJECT Maype fishing E-Mail credentials - Body-Spamschutzregel TEXT-1002 EOF if [[ $? -eq 0 ]] ; then echo_ok UPDATED=true else echo_failed fi else echo_skipped fi if $UPDATED ; then echo "" echo "" echononl " Reload postfix daemon" if $systemd_exists ; then systemctl reload postfix 2> /dev/null if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else /etc/init.d/postfix reload 2> /dev/null if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi fi fi clean_up 0