270 lines
5.1 KiB
Bash
Executable File
270 lines
5.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
tmp_err_msg=$(mktemp)
|
|
|
|
# -------------
|
|
# --- Some functions
|
|
# -------------
|
|
clean_up() {
|
|
|
|
# Perform program exit housekeeping
|
|
rm -f $tmp_err_msg
|
|
exit $1
|
|
}
|
|
|
|
echononl(){
|
|
echo X\\c > /tmp/shprompt$$
|
|
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
|
|
echo -e -n "$*\\c" 1>&2
|
|
else
|
|
echo -e -n "$*" 1>&2
|
|
fi
|
|
rm /tmp/shprompt$$
|
|
}
|
|
|
|
fatal(){
|
|
echo ""
|
|
echo -e "fatal error: $*"
|
|
echo ""
|
|
echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m"
|
|
echo ""
|
|
exit 1
|
|
}
|
|
|
|
error(){
|
|
echo ""
|
|
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
|
|
echo ""
|
|
}
|
|
|
|
warn (){
|
|
echo ""
|
|
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
|
|
echo ""
|
|
}
|
|
|
|
info (){
|
|
echo ""
|
|
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
|
|
echo ""
|
|
}
|
|
|
|
echo_done() {
|
|
echo -e "\033[80G[ \033[32mdone\033[m ]"
|
|
}
|
|
echo_ok() {
|
|
echo -e "\033[80G[ \033[32mok\033[m ]"
|
|
}
|
|
echo_warning() {
|
|
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
|
|
}
|
|
echo_failed(){
|
|
echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
|
|
}
|
|
echo_skipped() {
|
|
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
|
|
}
|
|
|
|
## - Install Postfix Firewall Daemon from debian packages system
|
|
## -
|
|
echononl " Install Postfix Firewall Daemon from debian packages system"
|
|
_pkg="postfwd"
|
|
if aptitude search $_pkg | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
|
|
echo_skipped
|
|
else
|
|
DEBIAN_FRONTEND=noninteractive apt-get -y install $_pkg > /dev/null 2> $tmp_err_msg
|
|
if [[ $? -eq 0 ]] ; then
|
|
echo_ok
|
|
else
|
|
echo_failed
|
|
error "$(cat $tmp_err_msg)"
|
|
fi
|
|
fi
|
|
|
|
echononl " Adjust /etc/default/postfwd"
|
|
perl -i -n -p -e "s#^(\s*)(STARTUP=.*)#\#\1\2\nSTARTUP=1#" \
|
|
/etc/default/postfwd > $tmp_err_msg 2>&1
|
|
if [[ $? -eq 0 ]] ; then
|
|
echo_ok
|
|
else
|
|
echo_failed
|
|
error "$(cat $tmp_err_msg)"
|
|
fi
|
|
|
|
_file="/etc/postfix/postfwd.wl-user"
|
|
echononl " Create whitelist file '$_file' for postfwd"
|
|
if [[ ! -f "$_file" ]]; then
|
|
cat << EOF > "$_file"
|
|
# ---
|
|
# SASL Users whitelisted by postfwd
|
|
# ---
|
|
|
|
EOF
|
|
if [[ $? -eq 0 ]] ; then
|
|
echo_ok
|
|
else
|
|
echo_failed
|
|
fi
|
|
else
|
|
echo_skipped
|
|
fi
|
|
|
|
_file="/etc/postfix/postfwd.bl-user"
|
|
echononl " Create whitelist file '$_file' for postfwd"
|
|
if [[ ! -f "$_file" ]]; then
|
|
cat << EOF > "$_file"
|
|
# ---
|
|
# SASL Users blocked by postfwd
|
|
# ---
|
|
|
|
EOF
|
|
if [[ $? -eq 0 ]] ; then
|
|
echo_ok
|
|
else
|
|
echo_failed
|
|
fi
|
|
else
|
|
echo_skipped
|
|
fi
|
|
|
|
_file="/etc/postfix/postfwd.bl-sender"
|
|
echononl " Create whitelist file '$_file' for postfwd"
|
|
if [[ ! -f "$_file" ]]; then
|
|
cat << EOF > "$_file"
|
|
# ---
|
|
# Sender addresses blocked by postfwd
|
|
# ---
|
|
|
|
# annoying spammer domains
|
|
@acieu.co.uk
|
|
|
|
# annoying spammer addresses
|
|
error@mailfrom.com
|
|
|
|
EOF
|
|
if [[ $? -eq 0 ]] ; then
|
|
echo_ok
|
|
else
|
|
echo_failed
|
|
fi
|
|
else
|
|
echo_skipped
|
|
fi
|
|
|
|
echononl " Create configuration file '/etc/postfix/postfwd.cf'.."
|
|
if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then
|
|
cat << EOF > /etc/postfix/postfwd.cf
|
|
|
|
#======= Definitions ============
|
|
|
|
# Match messages with an associated SASL username
|
|
&&SASL_AUTH {
|
|
sasl_username!~^\$
|
|
}
|
|
|
|
# Whitelist users
|
|
&&TRUSTED_USERS {
|
|
sasl_username==file:/etc/postfix/postfwd.wl-user
|
|
}
|
|
|
|
# Blacklist users
|
|
&&BLOCK_USERS {
|
|
sasl_username==file:/etc/postfix/postfwd.bl-user
|
|
}
|
|
|
|
# Blacklist sender adresses
|
|
&&BLOCK_SENDER {
|
|
# =~
|
|
# using '=~' allows also matching entries for domains (i.e. @acieu.co.uk)
|
|
sender=~file:/etc/postfix/postfwd.bl-sender
|
|
}
|
|
|
|
# Inbound emails only
|
|
&&INCOMING {
|
|
client_address!=127.0.0.1
|
|
}
|
|
|
|
|
|
#======= Rule Sets ============
|
|
|
|
# Whitelists
|
|
|
|
# Whitelist sasl users
|
|
id=WHL_USERS
|
|
&&TRUSTED_USERS
|
|
action=DUNNO
|
|
|
|
|
|
# Blacklist users
|
|
|
|
id=BL_USERS
|
|
&&BLOCK_USERS
|
|
action=REJECT User is blocked by so36.NET admins. Error: BL_USERS
|
|
|
|
# Blacklist sender
|
|
#
|
|
# Claim successful delivery and silently discard the message.
|
|
#
|
|
id=BL_SENDER
|
|
&&BLOCK_SENDER
|
|
action=DISCARD
|
|
#action=REJECT Sender address is blocked by so36.NET admins. Error: BL_SENDER
|
|
|
|
|
|
# Rate Limits
|
|
|
|
# Block messages with more than 50 recipients
|
|
id=BLOCK_MSG_RCPT
|
|
&&INCOMING
|
|
&&SASL_AUTH
|
|
recipient_count=50
|
|
action=REJECT Too many recipients, please reduce to less than 50 or consider using a mailing list. Error: BLOCK_MSG_RCPT
|
|
|
|
# Block users sending more than 50 messages/hour
|
|
id=RATE_MSG
|
|
&&INCOMING
|
|
&&SASL_AUTH
|
|
action=rate(\$\$sasl_username/50/3600/450 4.7.1 Number messages per hour exceeded. Error:RATE_MSG)
|
|
|
|
# Block users sending more than 250 recipients total/hour
|
|
id=RATE_RCPT
|
|
&&INCOMING
|
|
&&SASL_AUTH
|
|
action=rcpt(\$\$sasl_username/250/3600/450 4.7.1 Number recipients per hour exceeded. Error:RATE_RCPT)
|
|
|
|
EOF
|
|
if [[ $? -eq 0 ]] ; then
|
|
echo_ok
|
|
else
|
|
echo_failed
|
|
fi
|
|
else
|
|
echo_skipped
|
|
fi
|
|
|
|
echononl " Restart Postfix firewall daemon 'postfwd'.."
|
|
if $systemd_exists ; then
|
|
systemctl restart postfwd > /dev/null 2> $tmp_err_msg
|
|
if [[ $? -eq 0 ]] ; then
|
|
echo_ok
|
|
else
|
|
echo_failed
|
|
error "$(cat $tmp_err_msg)"
|
|
fi
|
|
else
|
|
/etc/init.d/postfwd restart > /dev/null 2> $tmp_err_msg
|
|
if [[ $? -eq 0 ]] ; then
|
|
echo_ok
|
|
else
|
|
echo_failed
|
|
error "$(cat $tmp_err_msg)"
|
|
fi
|
|
fi
|
|
|
|
|
|
warn "Postfix firewall daemin is installed, but not integrated in postfix mailsystem (/etc/postfix/main.cf)"
|
|
|
|
|
|
|
|
clean_up 0
|