install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_amavis.sh: Some minor changes.

Browse Source
This commit is contained in:
Christoph
2025-12-08 19:14:37 +01:00
parent d8979faa06
commit f2f3797c1e
1 changed files with 205 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

544
install_amavis.sh
View File

@@ -1168,19 +1168,38 @@ fi
## - If not testing as user roor, you need to change int a directora, where the testing ## - If not testing as user roor, you need to change int a directora, where the testing
## - user has read/write? access, even if the sample spam file is located at /tmp ## - user has read/write? access, even if the sample spam file is located at /tmp
## - ## -
echononl " Download a sample spam file" echononl " Save a sample spam file into /root folder."
installation_failed=false cat <<'EOF' > /root/sample-spam.txt
wget -O /tmp/sample-spam.txt https://opensource.apple.com/source/SpamAssassin/SpamAssassin-137.1/SpamAssassin/sample-spam.txt 2> $tmp_err_msg Subject: Test spam mail (GTUBE)
if [[ "$?" -ne 0 ]] ; then Message-ID: <GTUBE1.1010101@example.net>
installation_failed=true Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network
EOF
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat $tmp_err_msg)" error "$(cat $tmp_err_msg)"
fi else
cp -a /tmp/sample-spam.txt /root > $tmp_err_msg 2>&1
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
if ! $installation_failed ; then
echo_ok echo_ok
fi fi
@@ -1470,27 +1489,45 @@ echo -e " \033[37m\033[1mConfigure Distributed Checksum Clearinghouses (DCC)..
info "Open firewall outgoing port UDP 6277 and if DCC Server is running\n also in- and outfoing port TCP 6277." info "Open firewall outgoing port UDP 6277 and if DCC Server is running\n also in- and outfoing port TCP 6277."
services=("clamav-freshclam" "clamav-daemon" "adcc")
for svc in "${services[@]}"; do
echononl " Stop Service '${svc}.."
if systemctl is-active --quiet "$svc"; then
systemctl stop "$svc" > /dev/null 2> $tmp_err_msg
if [[ $? -ne 0 ]] ; then
echo_failed
if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then
echononl " An instance off dccifd ist already running. Stop it now."
installation_failed=false
if $systemd_exists ; then
systemctl stop adcc > /dev/null 2> $tmp_err_msg
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)" error "$(cat $tmp_err_msg)"
fi
else else
/etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
fi
if ! $installation_failed ; then
echo_ok echo_ok
fi fi
fi else
echo_skipped
fi
done
#if ps -ax | grep /var/dcc/libexec/dccifd | grep -v grep > /dev/null 2>&1 ; then
# echononl " An instance off dccifd ist already running. Stop it now."
# installation_failed=false
# if $systemd_exists ; then
# systemctl stop adcc > /dev/null 2> $tmp_err_msg
# if [[ "$?" -ne 0 ]] ; then
# installation_failed=true
# error "$(cat $tmp_err_msg)"
# fi
# else
# /etc/init.d/adcc stop > /dev/null 2> $tmp_err_msg
# if [[ "$?" -ne 0 ]] ; then
# installation_failed=true
# error "$(cat $tmp_err_msg)"
# fi
# fi
# if ! $installation_failed ; then
# echo_ok
# fi
#fi
_dcc_src_dir="$script_dir" _dcc_src_dir="$script_dir"
#_archiv=dcc-dccproc.tar.Z #_archiv=dcc-dccproc.tar.Z
@@ -4003,6 +4040,7 @@ if [[ ! -f "/etc/postfix/spam_lovers" ]]; then
# - adress_1@domain3.com 0 # - adress_1@domain3.com 0
# - domain3.com 1 # - domain3.com 1
# - # -
# - Wichtig: letzte Zeile mit Newline abschließen!
EOF EOF
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
@@ -4031,6 +4069,7 @@ if [[ ! -f "/etc/postfix/virus_lovers" ]]; then
# - adress_1@domain3.com 0 # - adress_1@domain3.com 0
# - domain3.com 1 # - domain3.com 1
# - # -
# - Wichtig: letzte Zeile mit Newline abschließen!
EOF EOF
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
@@ -4187,203 +4226,94 @@ read_hash(\%whitelist_sender, '/etc/postfix/sender_whitelist');
@whitelist_sender_maps = (\%whitelist_sender); @whitelist_sender_maps = (\%whitelist_sender);
## ---
## - Default antivirus checking mode
## ---
## - bypass_virus_checks_maps # ----------------------------------------------------------
## - # Basis-Quarantäneverzeichnis
## - Addresses/Domains listet here will not be checked. # ----------------------------------------------------------
## -
## - !! Notice !!
## -
## - Virus checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - virus-checking will still be performed. To ensure that virus is still delivered
## - to whitelisted recipients in such cases, use the "virus_lovers" features
## - see below.
## -
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \\\$bypass_virus_checks_re);
\$QUARANTINEDIR = '${QUARANTINE_DIR}';
## - We will use '%bypass_virus_checks_maps'. So we could set: # Keine automatisch erzeugten Unterverzeichnisse wie a/, b/, c/, f/, g/
## -
## - %bypass_virus_checks = (
## - # Adresses
## - adress@domain1.com => '1',
## - [..]
## - # All addresses of a domain
## - domain2.com => '1',
## - [..]
## - # All adresses of a domain except a single user
## - address_1@domain3.com => '0',
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/virus_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
## - [..]
## -
## - # All addresses of a domain
## - domain2.com 1
## - [..]
## -
## - # All adresses of a domain except a single user
## - adress_1@domain3.com 0
## - domain3.com 1
## -
read_hash(\%bypass_virus_checks, '/etc/postfix/virus_lovers');
## - virus_lovers_maps
## -
## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like
## - adding spam headers or discarding the mail) will be performed.
## -
@virus_lovers_maps = (
\%virus_lovers, \@virus_lovers_acl, \\\$virus_lovers_re);
## - We will use the read_hash function to read in a list of recipients
## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'.
## -
## - For more explanations see above
## -
read_hash(\%virus_lovers, '/etc/postfix/virus_lovers');
## ---
## - Default SPAM checking mode
## ---
## - bypass_spam_checks_maps
## -
## - Addresses/Domains listet here will not be checked.
## -
## - !! Notice !!
## -
## - Spam checks are bypassed only if all of the recipients of a message have
## - been added to one of these variables. If even one recipient is not listed,
## - spam-checking will still be performed. To ensure that spam is still delivered
## - to whitelisted recipients in such cases, use the "spam_lovers" features
## - see below.
## -
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \\\$bypass_spam_checks_re);
## - We will use '%bypass_spam_checks'. So we could set:
## -
## - %bypass_spam_checks = (
## - # Adresses
## - adress@domain1.com => '1',
## - [..]
## - # All addresses of a domain
## - domain2.com => '1',
## - [..]
## - # All adresses of a domain except a single user
## - address_1@domain3.com => '0',
## - domain3.com => '1',
## - );
## -
## - But we will use the read_hash function to read in a list
## - of recipients from the external file '/etc/postfix/spam_lovers'
## -
## - Example '/etc/postfix/spam_lovers'
## -
## - # Adresses
## - adress@domain1.com 1
## - [..]
## -
## - # All addresses of a domain
## - domain2.com 1
## - [..]
## -
## - # All adresses of a domain except a single user
## - adress_1@domain3.com 0
## - domain3.com 1
## -
read_hash(\%bypass_spam_checks, '/etc/postfix/spam_lovers');
## - spam_lovers_maps
## -
## - For Adresses/Domains listet at spam_lovers_maps, no spam actions (like
## - adding spam headers or discarding the mail) will be performed.
## -
@spam_lovers_maps = (
\%spam_lovers, \@spam_lovers_acl, \\\$spam_lovers_re);
## - We will use the read_hash function to read in a list of recipients
## - from the external file '/etc/postfix/spam_lovers' into '%spam_lovers'.
## -
## - For more explanations see above
## -
read_hash(\%spam_lovers, '/etc/postfix/spam_lovers');
## - overrides settings in 20-debian_defaults
## -
\$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
\$final_banned_destiny = D_DISCARD; # D_REJECT when front-end MTA
#\$final_spam_destiny = D_DISCARD;
\$final_spam_destiny = D_BOUNCE;
#\$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)
##- Moved to file '/etc/amavis/policy_banks.conf'
## -
## - \$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
## - \$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level
## - \$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass
## -
do "/etc/amavis/policy_banks.conf"; # Externe Datei einbinden
## - QUARANTINE
## -
\$QUARANTINEDIR = "$QUARANTINE_DIR";
\$quarantine_subdir_levels = 0; \$quarantine_subdir_levels = 0;
\$sa_spam_subject_tag = undef; # Kein Prefix wie "***SPAM***" o.ä.
\$sa_spam_modifies_subj = 0; # Betreff NICHT verändern
## - don't store mails in quarantine directory # Viren: /var/QUARANTINE/virus/virus-<msgid>.gz
## - \$virus_quarantine_method = 'local:virus/virus-%m.gz';
#\$virus_quarantine_method = undef;
#\$spam_quarantine_method = undef;
#\$banned_files_quarantine_method = undef;
#\$bad_header_quarantine_method = undef;
## - store mails in quarantine directory # Spam (Kill-Spam): /var/QUARANTINE/spam/spam-<msgid>.gz
## -
\$virus_quarantine_method = 'local:virus/virus-%m';
\$spam_quarantine_method = 'local:spam/spam-%m.gz'; \$spam_quarantine_method = 'local:spam/spam-%m.gz';
# Banned: /var/QUARANTINE/banned/banned-<msgid>
\$banned_files_quarantine_method = 'local:banned/banned-%m'; \$banned_files_quarantine_method = 'local:banned/banned-%m';
# Bad headers: /var/QUARANTINE/bad-headers/badh-<msgid>
\$bad_header_quarantine_method = 'local:bad-headers/badh-%m'; \$bad_header_quarantine_method = 'local:bad-headers/badh-%m';
\$clean_quarantine_method = undef;
\$archive_quarantine_method = undef;
#\$virus_admin ="$QUARANTINE_ADMIN";
#\$spam_admin = "$QUARANTINE_ADMIN";
#\$banned_admin = "$QUARANTINE_ADMIN";
#\$bad_header_admin = "$QUARANTINE_ADMIN";
\$virus_admin = undef;
\$spam_admin = undef;
\$banned_admin = undef;
\$bad_header_admin = undef;
# Pass SPAMMY but quarantine and inform admin # ----------------------------------------------------------
# # Einbinden der Spam- und Virus-Lovers Dateien
\$quarantine_to_maps_by_ccat{+CC_SPAMMY} = \\@spam_quarantine_to_maps ; # ----------------------------------------------------------
\$quarantine_method_by_ccat{+CC_SPAMMY} = 'local:spammy/spammy-%m.gz' ;
\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS ; @bypass_spam_checks_maps = (
\$admin_maps_by_ccat{+CC_SPAMMY} = sub { ca('spam_admin_maps') }; read_hash('/etc/postfix/spam_lovers'),
);
@bypass_virus_checks_maps = (
read_hash('/etc/postfix/virus_lovers'),
);
# ----------------------------------------------------------
# Spam-Schwellwerte
# ----------------------------------------------------------
\$sa_tag_level_deflt = 1.9; # ab hier Info-Header
\$sa_tag2_level_deflt = 5.1; # ab hier X-Spam-Flag: YES
\$sa_kill_level_deflt = 9.51; # high-spam - final destiny (DISCARD)
\$sa_dsn_cutoff_level = 20.1; # ab hier keine DSN mehr
\$sa_quarantine_cutoff_level = 30.1; # oberhalb keine Quarantäne mehr
# ----------------------------------------------------------
# Domain-/Adress-spezifische Einstellungen extern einlesen
# ----------------------------------------------------------
my \$policy_banks_file = '/etc/amavis/policy_banks.conf';
if (-r \$policy_banks_file) {
do \$policy_banks_file
or die "Fehler beim Einlesen von \$policy_banks_file: \$@";
}
# ----------------------------------------------------------
# spammy (zwischen Tag2 und Kill-Level)
# zusätzlich in /spammy/, Mail wird zugestellt
# ----------------------------------------------------------
# spammy in /var/QUARANTINE/spammy/
\$quarantine_method_by_ccat{+CC_SPAMMY}
= 'local:spammy/spammy-%m.gz';
\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS;
# ----------------------------------------------------------
# Final Destinies
# ----------------------------------------------------------
# High-Spam (>=9.51)
\$final_spam_destiny = D_DISCARD;
# Viren
\$final_virus_destiny = D_DISCARD;
# Banned (z.B. .exe)
\$final_banned_destiny = D_BOUNCE;
# Schlechte Header
\$final_bad_header_destiny = D_PASS;
# Bypass spam checking for trusted networks using mynetworks # Bypass spam checking for trusted networks using mynetworks
@@ -4598,133 +4528,67 @@ echononl " Create File \"${_config_policy_banks_file}\""
if [[ -f "${_config_policy_banks_file}" ]]; then if [[ -f "${_config_policy_banks_file}" ]]; then
echo_skipped echo_skipped
else else
cat << EOF > ${_config_policy_banks_file} cat <<'EOF' > ${_config_policy_banks_file}
# Externe Richtliniendatei für amavisd # /etc/amavis/policy_banks.conf
#
use strict; # ---------------------------------------------
# Domain- und adressspezifische Amavis-Settings
# ---------------------------------------------
# --- #
# add spam info headers if at, or above that level #
# --- # Wichtig: KEIN "use strict;" hier, das ist schon in 50-user aktiv.
# Diese Datei wird via "do" aus /etc/amavis/conf.d/50-user eingelesen.
## - All recipients with identical the same setting: #
## - #
#\$sa_tag_level_deflt = 2.0; # Tag2-Level (Schwelle für X-Spam-Flag: YES) abhängig von Empfänger/Domain
# ========================================================================
## - Per-recipient mapping of tag2 levels to email addresses (tag2 level): #
## - #
## - Set directly: # Read from file using @spam_tag2_level_maps
## - # ------------------------------------------
\$sa_tag_level_deflt = { #
'oopen.de' => '-4.5', # default: @spam_tag2_level_maps = ($sa_tag2_level_deflt);
# default #
'.'=>'2.0' # Example file '/etc/postfix/tag2_level_maps.dat'
}; #
# # Specific address first
## - Read from file using @spam_tag2_level_maps # info@123comics.net 2.1
## - # ckubu@oopen.de 2.2
## - default: @spam_tag2_level_maps = (\$sa_tag2_level_deflt); # ...
## - #
## - Example file '/etc/postfix/tag2_level_maps.dat' # # All recipients of the domains @oopen.de / @k8h.de
## - # oopen.de 3.1
## - # oopen.de # k8h.de 4.5
## - oopen.de 2.1 #
## - ckubu@oopen.de 2.2 # # default
## - argus@oopen.de 2.3 # . 5.1
## - [..] #
## - # k8h.de #
## - k8h.de 6.5 # Read file into the variable @spam_tag2_level_maps
## - [..] #
## - # default # @spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') );
## - . 5.1 #
## - #
#@spam_tag2_level_maps = ( read_hash('/etc/postfix/tag2_level_maps.dat') ); # Set the variable $sa_tag2_level_deflt directly.
# -----------------------------------------------
#
#\$sa_spam_subject_tag = '***SPAM*** '; # Spam-Betreff-Tag # Example:
\$sa_spam_subject_tag = undef; #
# @spam_tag2_level_maps = (
# {
# # Spezifische Adresse zuerst
# --- # 'info@123comics.net' => 3.1,
# add 'spam detected' headers at that level # 'info@berliner-register.de' => 3.1,
# --- #
# # Domains (alle Empfänger @oopen.de / @123comics.net)
## - All recipients with identical the same setting: # '.oopen.de' => 3.1,
## - # '.123comics.net' => 4.1,
#\$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level # 'regishut.de' => 2.5,
# },
## - Per-recipient mapping of kill levels to email addresses (kill level): #
## - # # Fallback: Standard-Tag2-Level aus 50-user
## - Set directly # $sa_tag2_level_deflt,
## - # );
\$sa_tag2_level_deflt = {
'oopen.de' => '3.1',
'123comics.net' => '4.1',
'info@123comics.net' => '3.1',
# default
'.' => '5.1',
};
## - Read from file using @spam_kill_level_maps
## -
## - default: @spam_kill_level_maps = (\$sa_kill_level_deflt);
## -
## - Example file '/etc/postfix/kill_level_maps.dat'
## -
## - # oopen.de
## - ckubu@oopen.de 1500.0
## - ckubu-adm@oopen.de 1500.0
## - [..]
## - # default
## - . 10.31
## -
#@spam_kill_level_maps = ( read_hash('/etc/postfix/kill_level_maps.dat') );
# ---
# adding more detailed spam-related headers.
# ---
## - All recipients with identical the same setting:
## -
\$sa_tag3_level_deflt = 7.0; # threshold for sa_tag3_level_deflt
## - Note
## - Like 'sa_tag2_level_deflt' above per-recipient also possible
@sa_tag3_level_maps = (
['^Subject:', '\[HIGH-SPAM\] $&'], # Modify subject
['HEADER', 'X-High-Spam-Flag', 'YES'], # Add a custom header
);
# ---
# spam score threshold at which amavisd-new will reject (kill) an email.
# ---
## - All recipients with identical the same setting:
## -
\$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass
## - Note
## - Like 'sa_tag2_level_deflt' above per-recipient also possible
# ---
# The threshold for sending a delivery status notification (DSN) to the sender
# ---
## - We will inform the sender about bouncing his mail with a DSN (Delivery
## - StatusNotification). That DSN message will no be send, if the spamvalue
## - exceeds the value of sa_dsn_cutoff_level
## -
#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
\$sa_dsn_cutoff_level = 20;
#------------ Do not modify anything below this line ------------- #------------ Do not modify anything below this line -------------