diff --git a/.gitignore b/.gitignore index 1377554..e5b67c7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,5 @@ *.swp +*.log +conf/*.conf +conf/*.email* +!conf/sent_userinfo_postfix.email.sample diff --git a/conf/sent_userinfo_postfix.conf.sample b/conf/sent_userinfo_postfix.conf.sample new file mode 100644 index 0000000..5e6d2b5 --- /dev/null +++ b/conf/sent_userinfo_postfix.conf.sample @@ -0,0 +1,56 @@ +# ---------------------------------------------------- +# --- +# - Parameter Settings for script 'sent_userinfo_postfix.sh'. +# --- +# ---------------------------------------------------- + +# - user_info_file +# - +# - Full path to file containing the user info. If file is placed in this +# - configuration directory use '${conf_dir}/ +Subject: Heartbleed Bug und so36.net +Content-type: text/plain; charset=UTF-8 + +Liebe so36-Nutzer_innen, + +Am Dienstag 08.04.2014 ist eine gravierende Sicherheitslücke in der +Verschlüsselungssoftware OpenSSL bekannt geworden, mit dem u.a. Passwörter +oder andere geheime Daten offen abrufbar sind. Dieser Programmfehler ist +unter dem Namen Heartbleed-Bug [1] berühmt geworden. + +Wie fast alle Web-Anbieter nutz auch so36.net OpenSSL und damit sind auch +wir betroffen. Wir haben am Tag des Bekanntwerden der Schwachstelle sofort +Software-Updates auf allen betroffenen Servern eingsielt. Mittlerweile +haben wir auf allen Maschinen auch neue SSL-Zertifikate installiert. +Trotzdem können wir nicht ausschließen, dass auch unsere Server +kompromitiert wurden und sich Dritte damit eure Passwörter beschaffen +konnten. + +*Daher müssen alle sofort ihre Passwörter ändern.* + +Dazu besucht Ihr folgende Seite: https://webmail.so36.net/ + +Das neue Zertifikat, das Euch der Server präsentiert hat den Fingerprint +SHA1 Fingerprint = 7C:70:79:C1:30:1E:E8:CC:AF:B5:67:AD:07:53:ED:08:33:C5:8B:D8 + +Leider müsst ihr davon ausgehen, dass auch andere Webdienste, die ihr +nutzt, von dieser Sicherheitslücke betroffen sind. Heise.de spricht +davon, dass über 600 der meistgenutzten Webdiensten davon betroffen +sind. [2] Ihr könnt dies auch selbst durch Eingabe der URl bei +http://filippo.io/Heartbleed und http://possible.lv/tools/hb überprüfen. + +Schöne Grüsse aus dem Dschungel +team so36.net + +[1] http://heartbleed.com/ und +http://www.heise.de/newsticker/meldung/Der-GAU-fuer-Verschluesselung-im-Web-Horror-Bug-in-OpenSSL-2165517.html + +[2] +http://www.heise.de/newsticker/meldung/Passwort-Zugriff-Heartbleed-Luecke-mit-katastrophalen-Folgen-2166861.html diff --git a/sent_userinfo_postfix.sh b/sent_userinfo_postfix.sh index 16e4b65..314908d 100755 --- a/sent_userinfo_postfix.sh +++ b/sent_userinfo_postfix.sh @@ -1,26 +1,35 @@ -#!/bin/bash +#!/usr/bin/env bash + +script_dir="$(dirname $(realpath $0))" +conf_dir="${script_dir}/conf" +conf_file="${conf_dir}/sent_userinfo_postfix.conf" + +tmp_dir="$(mktemp -d)" +logfile="${script_dir}/sent_userinfo_postfix.$(date +%Y-%m-%d-%H%M).log" + +#--------------------------------------- +#----------------------------- +# Setting Defaults +#----------------------------- +#--------------------------------------- + +DEFAULT_user_info_file="${conf_dir}/sent_userinfo_postfix.email" +DEFAULT_mail_user="vmail" +DEFAULT_mail_group="vmail" -user_info_file="/root/Heartbleed-Bug_userinfo.txt" +#--------------------------------------- +#----------------------------- +# Base Function(s) +#----------------------------- +#--------------------------------------- -email_from="oo@oopen.de" +clean_up() { -mail_user=vmail -mail_group=vmail - -mail_basedir=/var/vmail - -logfile=/tmp/user_mail.log -> $logfile - - -curdir=`pwd` -rc_done="\033[71G[ \033[32mdone\033[m ]" -rc_failed="\033[71G[ \033[31m\033[1mfailed\033[m ]" - - -## - Functions -## - + # Perform program exit housekeeping + rm -rf $tmp_dir + exit $1 +} echononl(){ echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then @@ -31,32 +40,113 @@ echononl(){ rm /tmp/shprompt$$ } - fatal(){ echo "" - echo Fehler: $* - echo -e "\n\t\033[31m\033[1mSkript wird abgebrochen\033[m\033[m\n" + echo -e "[ \033[31m\033[1mFehler\033[m ]: $*" + echo -e "\n\t Script was interupted!\n" echo - exit 1 + clean_up 1 } -## - -## - End: Functions +echo_ok() { + echo -e "\033[75G[ \033[32mok\033[m ]" +} +echo_failed() { + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" +} +echo_skipped() { + echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" +} + +trap clean_up SIGHUP SIGINT SIGTERM + +clear +echo "" +echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .." +echo "" + +echo "" +echo "" +echononl " Loading default Configuration values from $(basename ${conf_file}).." +if [[ ! -f "$conf_file" ]]; then + echo_skipped +else + source "${conf_file}" > /dev/null 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fi +fi + +if [[ -z "$email_from" ]] ; then + fatal "Missing Mail Sender Address (parameter 'email_from')." +fi +if [[ -z "$email_from_org" ]] ; then + fatal "Missing Mail Sender Organisation (parameter 'email_from_org')." +fi + + +[[ -n "$user_info_file" ]] || user_info_file="$DEFAULT_user_info_file" +[[ -n "$mail_user" ]] || mail_user="$DEFAULT_mail_user" +[[ -n "$mail_group" ]] || mail_group="$DEFAULT_mail_group" + +if [[ ! -f $user_info_file ]];then + fatal "User Info-file to send '$user_info_file' does not exist !!" +fi + + +echo "" +echo "" +echo -e "\033[32mSettings for script \033[37m\033[1msent_userinfo_postfix.sh\033[m" +echo "" +echo " File containing the mail-body.....: $user_info_file" +echo "" +echo " Mail Sender Address...............: $email_from" +echo " Mail Sender Organisation..........: $email_from_org" +echo "" +echo " Mail User.........................: $mail_user" +echo " Mail Group........................: $mail_group" + +echo "" +OK= +while [ "$OK" != "yes" -o "$OK" != "no" ] ; do + echononl "\033[1mParameters ok? [yes/no]:\033[m " + read OK + ## - To lower case + OK=${OK,,} + if [ "X$OK" = "X" ]; then + echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n" + OK="" + continue + fi + if [ "$OK" != "yes" -o "$OK" != "no" ] ; then + break + fi + echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n" +done +[[ $OK = "yes" ]] || fatal "Repeat execution with different parameters." + + + +> $logfile + + +curdir=`pwd` +rc_done="\033[71G[ \033[32mdone\033[m ]" +rc_failed="\033[71G[ \033[31m\033[1mfailed\033[m ]" + if [ ! -f $user_info_file ]; then - fatal "Kann Mailtext nicht finden" + fatal "File containing User Info not found!" fi pwd=`pwd` cd /tmp -clear +echo "" echo -e "\n\t --- Sending userinfo into all local virtual mailboxes --\n" | tee -a $logfile -if [ ! -f $user_info_file ];then - echo "[FATAL]: Info-file to send does not exist !!" >> $logfile - fatal "User Info-file to send does not exist !!" -fi ## - list of local virtual domains @@ -67,14 +157,20 @@ declare -i num_dom=0; declare -i num_mbox_failed=0; declare -i num_mbox=0; +# - Escape '@' sign for use in perl regex +# - +email_from_regex="$(echo ${email_from//\@/\\@})" + for domain in $domains ;do echo -e "\nDOMAIN: $domain\n" | tee -a $logfile local_parts=`su postgres -c"psql -At -F ' ' postfix -c\"SELECT local_part FROM mailbox WHERE domain = '$domain'\""` for local_part in $local_parts ; do - cp $user_info_file /tmp/ - perl -i -n -p -e "s/%email_to%/$local_part\@$domain/" /tmp/`basename $user_info_file` + cp "$user_info_file" "$tmp_dir" + perl -i -n -p -e "s/%email_to%/$local_part\@$domain/" "${tmp_dir}/$(basename $user_info_file)" + perl -i -n -p -e "s/%email_from%/${email_from_regex}/" "${tmp_dir}/$(basename $user_info_file)" + perl -i -n -p -e "s/%email_from_org%/${email_from_org}/" "${tmp_dir}/$(basename $user_info_file)" echononl "\tSend userinfo to $local_part@$domain.." - cat /tmp/`basename $user_info_file` | /usr/sbin/sendmail -F 'Christoph Kuchenbuch' -f $email_from -t "$local_part@$domain" + cat ${tmp_dir}/$(basename $user_info_file) | /usr/sbin/sendmail -F "$email_from_org" -f $email_from -t "$local_part@$domain" if [ "$?" = "0" ]; then num_mbox=num_mbox+1 echo -e "$rc_done" @@ -97,6 +193,5 @@ fi echo cd $pwd -rm /tmp/`basename $user_info_file` -exit +clean_up 0