From d8979faa060ba341443da2e38dd6b8530aaaa93d Mon Sep 17 00:00:00 2001 From: Christoph Date: Fri, 5 Dec 2025 12:35:07 +0100 Subject: [PATCH 1/2] install_update_dovecot-2.4.sh: increase sieve_max_redirects to 25. --- install_update_dovecot-2.4.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/install_update_dovecot-2.4.sh b/install_update_dovecot-2.4.sh index 24482d3..d727b9f 100755 --- a/install_update_dovecot-2.4.sh +++ b/install_update_dovecot-2.4.sh @@ -7776,6 +7776,32 @@ EOF fi + _replace_key="sieve_max_redirects" + _replace_val=25 + + read -r -d '' COMMENT_BLOCK <> "${log_file}" || _failed=true + + else + + cat <> "${_conf_file}" 2>> "${log_file}" || _failed=true + +${COMMENT_BLOCK} +${_replace_key} = ${_replace_val} +EOF + fi + else From f2f3797c1e04273e66feba7d7dc1064b6f924c1c Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 8 Dec 2025 19:14:37 +0100 Subject: [PATCH 2/2] install_amavis.sh: Some minor changes. --- install_amavis.sh | 546 +++++++++++++++++----------------------------- 1 file changed, 205 insertions(+), 341 deletions(-) diff --git a/install_amavis.sh b/install_amavis.sh index d526105..83372ab 100755 --- a/install_amavis.sh +++ b/install_amavis.sh @@ -1168,19 +1168,38 @@ fi ## - If not testing as user roor, you need to change int a directora, where the testing ## - user has read/write? access, even if the sample spam file is located at /tmp ## - -echononl " Download a sample spam file" -installation_failed=false -wget -O /tmp/sample-spam.txt https://opensource.apple.com/source/SpamAssassin/SpamAssassin-137.1/SpamAssassin/sample-spam.txt 2> $tmp_err_msg -if [[ "$?" -ne 0 ]] ; then - installation_failed=true +echononl " Save a sample spam file into /root folder." +cat <<'EOF' > /root/sample-spam.txt +Subject: Test spam mail (GTUBE) +Message-ID: +Date: Wed, 23 Jul 2003 23:30:00 +0200 +From: Sender +To: Recipient +Precedence: junk +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +Content-Transfer-Encoding: 7bit + +This is the GTUBE, the + Generic + Test for + Unsolicited + Bulk + Email + +If your spam filter supports it, the GTUBE provides a test by which you +can verify that the filter is installed correctly and is detecting incoming +spam. You can send yourself a test mail containing the following string of +characters (in upper case and with no white spaces and line breaks): + +XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X + +You should send this test mail from an account outside of your network +EOF +if [[ $? -ne 0 ]] ; then + echo_failed error "$(cat $tmp_err_msg)" -fi -cp -a /tmp/sample-spam.txt /root > $tmp_err_msg 2>&1 -if [[ "$?" -ne 0 ]] ; then - installation_failed=true - error "$(cat $tmp_err_msg)" -fi -if ! $installation_failed ; then +else echo_ok fi @@ -1470,27 +1489,45 @@ echo -e " \033[37m\033[1mConfigure Distributed Checksum Clearinghouses (DCC).. info "Open firewall outgoing port UDP 6277 and if DCC Server is running\n also in- and outfoing port TCP 6277." +services=("clamav-freshclam" "clamav-daemon" "adcc") +for svc in "${services[@]}"; do + echononl " Stop Service '${svc}.." + if systemctl is-active --quiet "$svc"; then + systemctl stop "$svc" > /dev/null 2> $tmp_err_msg + if [[ $? -ne 0 ]] ; then + echo_failed -if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then - echononl " An instance off dccifd ist already running. Stop it now." - installation_failed=false - if $systemd_exists ; then - systemctl stop adcc > /dev/null 2> $tmp_err_msg - if [[ "$?" -ne 0 ]] ; then - installation_failed=true error "$(cat $tmp_err_msg)" + else + echo_ok fi else - /etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg - if [[ "$?" -ne 0 ]] ; then - installation_failed=true - error "$(cat $tmp_err_msg)" - fi + echo_skipped fi - if ! $installation_failed ; then - echo_ok - fi -fi +done + + + +#if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then +# echononl " An instance off dccifd ist already running. Stop it now." +# installation_failed=false +# if $systemd_exists ; then +# systemctl stop adcc > /dev/null 2> $tmp_err_msg +# if [[ "$?" -ne 0 ]] ; then +# installation_failed=true +# error "$(cat $tmp_err_msg)" +# fi +# else +# /etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg +# if [[ "$?" -ne 0 ]] ; then +# installation_failed=true +# error "$(cat $tmp_err_msg)" +# fi +# fi +# if ! $installation_failed ; then +# echo_ok +# fi +#fi _dcc_src_dir="$script_dir" #_archiv=dcc-dccproc.tar.Z @@ -4003,6 +4040,7 @@ if [[ ! -f "/etc/postfix/spam_lovers" ]]; then # - adress_1@domain3.com 0 # - domain3.com 1 # - +# - Wichtig: letzte Zeile mit Newline abschließen! EOF if [[ $? -eq 0 ]] ; then echo_ok @@ -4031,6 +4069,7 @@ if [[ ! -f "/etc/postfix/virus_lovers" ]]; then # - adress_1@domain3.com 0 # - domain3.com 1 # - +# - Wichtig: letzte Zeile mit Newline abschließen! EOF if [[ $? -eq 0 ]] ; then echo_ok @@ -4187,203 +4226,94 @@ read_hash(\%whitelist_sender, '/etc/postfix/sender_whitelist'); @whitelist_sender_maps = (\%whitelist_sender); -## --- -## - Default antivirus checking mode -## --- -## - bypass_virus_checks_maps -## - -## - Addresses/Domains listet here will not be checked. -## - -## - !! Notice !! -## - -## - Virus checks are bypassed only if all of the recipients of a message have -## - been added to one of these variables. If even one recipient is not listed, -## - virus-checking will still be performed. To ensure that virus is still delivered -## - to whitelisted recipients in such cases, use the "virus_lovers" features -## - see below. -## - -@bypass_virus_checks_maps = ( - \%bypass_virus_checks, \@bypass_virus_checks_acl, \\\$bypass_virus_checks_re); +# ---------------------------------------------------------- +# Basis-Quarantäneverzeichnis +# ---------------------------------------------------------- +\$QUARANTINEDIR = '${QUARANTINE_DIR}'; -## - We will use '%bypass_virus_checks_maps'. So we could set: -## - -## - %bypass_virus_checks = ( -## - # Adresses -## - adress@domain1.com => '1', -## - [..] -## - # All addresses of a domain -## - domain2.com => '1', -## - [..] -## - # All adresses of a domain except a single user -## - address_1@domain3.com => '0', -## - domain3.com => '1', -## - ); -## - -## - But we will use the read_hash function to read in a list -## - of recipients from the external file '/etc/postfix/spam_lovers' -## - -## - Example '/etc/postfix/virus_lovers' -## - -## - # Adresses -## - adress@domain1.com 1 -## - [..] -## - -## - # All addresses of a domain -## - domain2.com 1 -## - [..] -## - -## - # All adresses of a domain except a single user -## - adress_1@domain3.com 0 -## - domain3.com 1 -## - -read_hash(\%bypass_virus_checks, '/etc/postfix/virus_lovers'); - - -## - virus_lovers_maps -## - -## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like -## - adding spam headers or discarding the mail) will be performed. -## - -@virus_lovers_maps = ( - \%virus_lovers, \@virus_lovers_acl, \\\$virus_lovers_re); - -## - We will use the read_hash function to read in a list of recipients -## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'. -## - -## - For more explanations see above -## - -read_hash(\%virus_lovers, '/etc/postfix/virus_lovers'); - - -## --- -## - Default SPAM checking mode -## --- - -## - bypass_spam_checks_maps -## - -## - Addresses/Domains listet here will not be checked. -## - -## - !! Notice !! -## - -## - Spam checks are bypassed only if all of the recipients of a message have -## - been added to one of these variables. If even one recipient is not listed, -## - spam-checking will still be performed. To ensure that spam is still delivered -## - to whitelisted recipients in such cases, use the "spam_lovers" features -## - see below. -## - -@bypass_spam_checks_maps = ( - \%bypass_spam_checks, \@bypass_spam_checks_acl, \\\$bypass_spam_checks_re); - -## - We will use '%bypass_spam_checks'. So we could set: -## - -## - %bypass_spam_checks = ( -## - # Adresses -## - adress@domain1.com => '1', -## - [..] -## - # All addresses of a domain -## - domain2.com => '1', -## - [..] -## - # All adresses of a domain except a single user -## - address_1@domain3.com => '0', -## - domain3.com => '1', -## - ); -## - -## - But we will use the read_hash function to read in a list -## - of recipients from the external file '/etc/postfix/spam_lovers' -## - -## - Example '/etc/postfix/spam_lovers' -## - -## - # Adresses -## - adress@domain1.com 1 -## - [..] -## - -## - # All addresses of a domain -## - domain2.com 1 -## - [..] -## - -## - # All adresses of a domain except a single user -## - adress_1@domain3.com 0 -## - domain3.com 1 -## - -read_hash(\%bypass_spam_checks, '/etc/postfix/spam_lovers'); - - -## - spam_lovers_maps -## - -## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like -## - adding spam headers or discarding the mail) will be performed. -## - -@spam_lovers_maps = ( - \%spam_lovers, \@spam_lovers_acl, \\\$spam_lovers_re); - -## - We will use the read_hash function to read in a list of recipients -## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'. -## - -## - For more explanations see above -## - -read_hash(\%spam_lovers, '/etc/postfix/spam_lovers'); - - -## - overrides settings in 20-debian_defaults -## - - -\$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) -\$final_banned_destiny = D_DISCARD; # D_REJECT when front-end MTA -#\$final_spam_destiny = D_DISCARD; -\$final_spam_destiny = D_BOUNCE; -#\$final_bad_header_destiny = D_PASS; # False-positive prone (for spam) - - -##- Moved to file '/etc/amavis/policy_banks.conf' -## - -## - \$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level -## - \$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level -## - \$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass -## - -do "/etc/amavis/policy_banks.conf"; # Externe Datei einbinden - - - -## - QUARANTINE -## - -\$QUARANTINEDIR = "$QUARANTINE_DIR"; +# Keine automatisch erzeugten Unterverzeichnisse wie a/, b/, c/, f/, g/ \$quarantine_subdir_levels = 0; +\$sa_spam_subject_tag = undef; # Kein Prefix wie "***SPAM***" o.ä. +\$sa_spam_modifies_subj = 0; # Betreff NICHT verändern -## - don't store mails in quarantine directory -## - -#\$virus_quarantine_method = undef; -#\$spam_quarantine_method = undef; -#\$banned_files_quarantine_method = undef; -#\$bad_header_quarantine_method = undef; +# Viren: /var/QUARANTINE/virus/virus-.gz +\$virus_quarantine_method = 'local:virus/virus-%m.gz'; -## - store mails in quarantine directory -## - -\$virus_quarantine_method = 'local:virus/virus-%m'; -\$spam_quarantine_method = 'local:spam/spam-%m.gz'; +# Spam (Kill-Spam): /var/QUARANTINE/spam/spam-.gz +\$spam_quarantine_method = 'local:spam/spam-%m.gz'; + +# Banned: /var/QUARANTINE/banned/banned- \$banned_files_quarantine_method = 'local:banned/banned-%m'; -\$bad_header_quarantine_method = 'local:bad-headers/badh-%m'; -\$clean_quarantine_method = undef; -\$archive_quarantine_method = undef; -#\$virus_admin ="$QUARANTINE_ADMIN"; -#\$spam_admin = "$QUARANTINE_ADMIN"; -#\$banned_admin = "$QUARANTINE_ADMIN"; -#\$bad_header_admin = "$QUARANTINE_ADMIN"; -\$virus_admin = undef; -\$spam_admin = undef; -\$banned_admin = undef; -\$bad_header_admin = undef; +# Bad headers: /var/QUARANTINE/bad-headers/badh- +\$bad_header_quarantine_method = 'local:bad-headers/badh-%m'; -# Pass SPAMMY but quarantine and inform admin -# -\$quarantine_to_maps_by_ccat{+CC_SPAMMY} = \\@spam_quarantine_to_maps ; -\$quarantine_method_by_ccat{+CC_SPAMMY} = 'local:spammy/spammy-%m.gz' ; -\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS ; -\$admin_maps_by_ccat{+CC_SPAMMY} = sub { ca('spam_admin_maps') }; +# ---------------------------------------------------------- +# Einbinden der Spam- und Virus-Lovers Dateien +# ---------------------------------------------------------- + +@bypass_spam_checks_maps = ( + read_hash('/etc/postfix/spam_lovers'), +); + +@bypass_virus_checks_maps = ( + read_hash('/etc/postfix/virus_lovers'), +); + + +# ---------------------------------------------------------- +# Spam-Schwellwerte +# ---------------------------------------------------------- + +\$sa_tag_level_deflt = 1.9; # ab hier Info-Header +\$sa_tag2_level_deflt = 5.1; # ab hier X-Spam-Flag: YES +\$sa_kill_level_deflt = 9.51; # high-spam - final destiny (DISCARD) +\$sa_dsn_cutoff_level = 20.1; # ab hier keine DSN mehr +\$sa_quarantine_cutoff_level = 30.1; # oberhalb keine Quarantäne mehr + + +# ---------------------------------------------------------- +# Domain-/Adress-spezifische Einstellungen extern einlesen +# ---------------------------------------------------------- + +my \$policy_banks_file = '/etc/amavis/policy_banks.conf'; +if (-r \$policy_banks_file) { + do \$policy_banks_file + or die "Fehler beim Einlesen von \$policy_banks_file: \$@"; +} + + +# ---------------------------------------------------------- +# spammy (zwischen Tag2 und Kill-Level) +# zusätzlich in /spammy/, Mail wird zugestellt +# ---------------------------------------------------------- + +# spammy in /var/QUARANTINE/spammy/ +\$quarantine_method_by_ccat{+CC_SPAMMY} + = 'local:spammy/spammy-%m.gz'; +\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS; + + +# ---------------------------------------------------------- +# Final Destinies +# ---------------------------------------------------------- + +# High-Spam (>=9.51) +\$final_spam_destiny = D_DISCARD; + +# Viren +\$final_virus_destiny = D_DISCARD; + +# Banned (z.B. .exe) +\$final_banned_destiny = D_BOUNCE; + +# Schlechte Header +\$final_bad_header_destiny = D_PASS; + # Bypass spam checking for trusted networks using mynetworks @@ -4598,133 +4528,67 @@ echononl " Create File \"${_config_policy_banks_file}\"" if [[ -f "${_config_policy_banks_file}" ]]; then echo_skipped else - cat << EOF > ${_config_policy_banks_file} -# Externe Richtliniendatei für amavisd - -use strict; - - -# --- -# add spam info headers if at, or above that level -# --- - -## - All recipients with identical the same setting: -## - -#\$sa_tag_level_deflt = 2.0; - -## - Per-recipient mapping of tag2 levels to email addresses (tag2 level): -## - -## - Set directly: -## - -\$sa_tag_level_deflt = { - 'oopen.de' => '-4.5', - # default - '.'=>'2.0' -}; - -## - Read from file using @spam_tag2_level_maps -## - -## - default: @spam_tag2_level_maps = (\$sa_tag2_level_deflt); -## - -## - Example file '/etc/postfix/tag2_level_maps.dat' -## - -## - # oopen.de -## - oopen.de 2.1 -## - ckubu@oopen.de 2.2 -## - argus@oopen.de 2.3 -## - [..] -## - # k8h.de -## - k8h.de 6.5 -## - [..] -## - # default -## - . 5.1 -## - -#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') ); - - -#\$sa_spam_subject_tag = '***SPAM*** '; # Spam-Betreff-Tag -\$sa_spam_subject_tag = undef; - - - -# --- -# add 'spam detected' headers at that level -# --- - -## - All recipients with identical the same setting: -## - -#\$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level - -## - Per-recipient mapping of kill levels to email addresses (kill level): -## - -## - Set directly -## - -\$sa_tag2_level_deflt = { - 'oopen.de' => '3.1', - '123comics.net' => '4.1', - 'info@123comics.net' => '3.1', - # default - '.' => '5.1', -}; - -## - Read from file using @spam_kill_level_maps -## - -## - default: @spam_kill_level_maps = (\$sa_kill_level_deflt); -## - -## - Example file '/etc/postfix/kill_level_maps.dat' -## - -## - # oopen.de -## - ckubu@oopen.de 1500.0 -## - ckubu-adm@oopen.de 1500.0 -## - [..] -## - # default -## - . 10.31 -## - -#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') ); - - - -# --- -# adding more detailed spam-related headers. -# --- - -## - All recipients with identical the same setting: -## - -\$sa_tag3_level_deflt = 7.0; # threshold for sa_tag3_level_deflt - -## - Note -## - Like 'sa_tag2_level_deflt' above per-recipient also possible - - -@sa_tag3_level_maps = ( - ['^Subject:', '\[HIGH-SPAM\] $&'], # Modify subject - ['HEADER', 'X-High-Spam-Flag', 'YES'], # Add a custom header -); - - -# --- -# spam score threshold at which amavisd-new will reject (kill) an email. -# --- - -## - All recipients with identical the same setting: -## - -\$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass - -## - Note -## - Like 'sa_tag2_level_deflt' above per-recipient also possible - - - -# --- -# The threshold for sending a delivery status notification (DSN) to the sender -# --- - -## - We will inform the sender about bouncing his mail with a DSN (Delivery -## - StatusNotification). That DSN message will no be send, if the spamvalue -## - exceeds the value of sa_dsn_cutoff_level -## - -#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent -\$sa_dsn_cutoff_level = 20; + cat <<'EOF' > ${_config_policy_banks_file} +# /etc/amavis/policy_banks.conf +# +# --------------------------------------------- +# Domain- und adressspezifische Amavis-Settings +# --------------------------------------------- +# +# +# Wichtig: KEIN "use strict;" hier, das ist schon in 50-user aktiv. +# Diese Datei wird via "do" aus /etc/amavis/conf.d/50-user eingelesen. +# +# +# Tag2-Level (Schwelle für X-Spam-Flag: YES) abhängig von Empfänger/Domain +# ======================================================================== +# +# +# Read from file using @spam_tag2_level_maps +# ------------------------------------------ +# +# default: @spam_tag2_level_maps = ($sa_tag2_level_deflt); +# +# Example file '/etc/postfix/tag2_level_maps.dat' +# +# # Specific address first +# info@123comics.net 2.1 +# ckubu@oopen.de 2.2 +# ... +# +# # All recipients of the domains @oopen.de / @k8h.de +# oopen.de 3.1 +# k8h.de 4.5 +# +# # default +# . 5.1 +# +# +# Read file into the variable @spam_tag2_level_maps +# +# @spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') ); +# +# +# Set the variable $sa_tag2_level_deflt directly. +# ----------------------------------------------- +# +# Example: +# +# @spam_tag2_level_maps = ( +# { +# # Spezifische Adresse zuerst +# 'info@123comics.net' => 3.1, +# 'info@berliner-register.de' => 3.1, +# +# # Domains (alle Empfänger @oopen.de / @123comics.net) +# '.oopen.de' => 3.1, +# '.123comics.net' => 4.1, +# 'regishut.de' => 2.5, +# }, +# +# # Fallback: Standard-Tag2-Level aus 50-user +# $sa_tag2_level_deflt, +# ); #------------ Do not modify anything below this line -------------