@@ -30,7 +30,6 @@ config_file_name_value_parameters="
RejectFailures|true
Syslog|true
SyslogFacility|mail
TrustedAuthservIDs| $( hostname -f)
IgnoreHosts| ${ opendmarc_base_dir } /ignore.hosts
IgnoreMailFrom| ${ opendmarc_base_dir } /ignore.mailfrom
IgnoreAuthenticatedClients|true
@@ -527,11 +526,22 @@ else
cat <<EOF > ${opendmarc_base_dir}/ignore.hosts 2> $log_file
# /etc/opendmarc/ignore.hosts
#
# Diese Datei wird aktuell NICHT genutzt, da OpenDMARC
# auf localhost:10025 arbeitet und dort immer nur
# 127.0.0.1/::1 als Client-IP sieht .
# Bitte KEINE Einträge hinzufügen.
# Aktuell hat OpenDMARC seinen Milter nur am Dienst
# ' localhost:10025' hängen. Dort ist der Client
# immer 127.0.0.1, nicht die externe Gegenstelle .
#
# Deshalb macht es in diesem Setup keinen Sinn,
# hier IP-Adressen von externen Diensten (CRSend etc.)
# einzutragen –
#
# WICHTIG:
# - KEIN 127.0.0.1
# - KEIN localhost
# - KEIN ::1
#
# Eintrag dieser Adressen würde DMARC komplett deaktivieren.
#
# ==> Datei bleibt absichtlich leer.
EOF
opendmarc_needs_restart = true
if [ [ $? -eq 0 ] ] ; then
@@ -566,8 +576,16 @@ else
cat <<EOF > ${opendmarc_base_dir}/ignore.mailfrom 2> $log_file
# /etc/opendmarc/ignore.mailfrom
#
# Wird derzeit nicht genutzt.
# Keine Einträge hinzufügen .
# Hier könnte man Absender-Domains von der DMARC-Prüfung
# ausnehmen (z. B. problematische Partner-Domains) .
#
# Aktuell ist das für dein Setup nicht notwendig.
#
# Beispiele (NICHT aktiv!):
# @example.org
# example.org
#
# ==> Datei bleibt absichtlich leer.
EOF
opendmarc_needs_restart = true
if [ [ $? -eq 0 ] ] ; then
@@ -671,6 +689,101 @@ else
fi
echo ""
# - Edit /etc/postfix/main.cf and add a section to activate
# - processing of e-mail through the OpenDKIM daemon:
# -
backup_date = " $( date +%Y-%m-%d-%H%M) "
echononl " Backup existing postfix configuration (main.cf).."
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.$backup_date 2> $log_file
if [ [ $? -eq 0 ] ] ; then
echo_ok
else
echo_failed
error " $( cat $log_file ) "
fi
echononl " Activate processing of e-mail through the OpenDKIM daemon.."
if grep -q -E "milter_default_action\s*=\s*accept" /etc/postfix/main.cf ; then
echo_skipped
info "Postfix (main.cf) was not changed - seems already be configured right."
echononl " Delete previosly saved Postfix configuration.."
rm /etc/postfix/main.cf.$backup_date 2> $log_file
if [ [ $? -eq 0 ] ] ; then
echo_ok
else
echo_failed
error " $( cat $log_file ) "
fi
else
cat <<EOF >> /etc/postfix/main.cf 2> $log_file
# ======= Milter configuration =======
# OpenDKIM
milter_default_action = accept
# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2
milter_protocol = 6
# Note:
# We will sign AFTER sending through AmaVIS, just befor sending out. So
# set 'smtpd_milters =' to an emty string here and add to localhost:10025
# section in master.cf: 'smtpd_milters=local:/opendkim/opendkim.sock'
#
# If you want sign mails before sending through AmaVIS, set
# 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to
# localhost:10025 section in master.cf: 'smtpd_milters='
#
#smtpd_milters = local:/opendkim/opendkim.sock
smtpd_milters =
# Was sind non_smtpd_milters?
#
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind.
#
# Das betrifft z. B.:
#
# cleanup Header/Content-Bereinigung
# qmgr Queue-Manager
# lmtp / smtp Auslieferung nach extern
# local lokale Zustellung
#
# Das sind z. B.:
#
# - interne Bounces (MAILER-DAEMON)
#
# - Cron-Mails vom Server
#
# - Weiterleitungen, die Postfix selbst generiert
#
# - Mails, die über sendmail CLI gesendet werden
#
# - Mails, die Amavis über LMTP zurückgibt
#
# - etc.
#
#
# DKIM soll auch die ausgehenden Mails signieren, die nicht über smtpd daemon versendet werden.
non_smtpd_milters = local:/opendkim/opendkim.sock
EOF
postfix_needs_restart = true
if [ [ $? -eq 0 ] ] ; then
echo_ok
else
echo_failed
error " $( cat $log_file ) "
fi
fi
echo ""
# - Prevent Postfix from setting the DMARC Header twice (one befor
# - and one after processing amavis
# -
@@ -696,24 +809,58 @@ else
fi
echononl " Adjust /etc/postfix/master.cf. Set DMARC after sending throuh AmaVIS.."
if $( grep -q -E "^\s*-o\s+smtpd_milters\s*=\s*.*opendkim.sock" /etc/postfix/master.cf 2> /dev/null) ; then
if $( grep -q -E " ^\s*-o\s+smtpd_milters\s*=\s*.* $( basename ${ opendmarc_socket_file } ) " /etc/postfix/master.cf) ; then
echo_skipped
els e
perl -i -n -p -e " s&(^\s*-o\s+smtpd_milters\s*=.*)&\1,local:/ $( basename " ${ opendmarc_socket_dir } " ) / $( basename " ${ opendmarc_socket_file } " ) & " \
$log_file 2>& 1
_found = false
_changed = false
tmp_master_file = "/tmp/postfix_master.cf"
> $tmp_master_fil e
while IFS = '' read -r _line || [ [ -n $_line ] ] ; do
if $_found && ! echo " $_line " | grep -i -q -E "^\s*-o" 2> /dev/null ; then
echo " -o smtpd_milters=local:/opendmarc/opendmarc.sock" >> " $tmp_master_file "
_changed = true
_found = false
fi
if $_found && echo " $_line " | grep -i -q -E "^\s*-o\s+smtpd_milters=\s*" ; then
_found = false
if ! echo " $_line " | grep -i -q -E " ^\s*-o\s+smtpd_milters=\s*local:/opendmarc/opendmarc.sock\s* $" ; then
echo " -o smtpd_milters=local:/opendmarc/opendmarc.sock" >> " $tmp_master_file "
_changed = true
continue
fi
fi
if echo " $_line " | grep -i -q -E "^\s*(localhost|127.0.0.1):10025\s+inet\s+" 2> /dev/null ; then
_found = true
fi
echo " $_line " >> " $tmp_master_file "
done < "/etc/postfix/master.cf"
if $_changed ; then
cp $tmp_master_file /etc/postfix/master.cf 2> $log_file
postfix_needs_restart = true
if [ [ $? -eq 0 ] ] ; then
echo_ok
postfix_needs_restart = true
else
echo_failed
error " $( cat $log_file ) "
fi
fi
else
echo_skipped
warn "Postfix is not adjusted. Complete Postfix configuration (master.cf) manually\! "
info "Postfix (master.cf) was not changed - seems already be configured right. "
echononl " Delete previosly saved file '/etc/postfix/master.cf'.."
rm /etc/postfix/master.cf.$backup_date 2> $log_file
if [ [ $? -eq 0 ] ] ; then
echo_ok
else
echo_failed
error " $( cat $log_file ) "
fi
fi
rm -f $tmp_master_file
echo ""
@@ -781,20 +928,6 @@ else
echo_skipped
fi
echo ""
if [ [ -f " /etc/postfix/master.cf. ${ backup_date } " ] ] ; then
if $( diff "/etc/postfix/master.cf" " /etc/postfix/master.cf. ${ backup_date } " > /dev/null 2>& 1) ; then
info "File \033[1m/etc/postfix/master.cf\033[m has not changed.\n\t Removing previos created backup.."
rm " /etc/postfix/master.cf. ${ backup_date } "
fi
fi
if [ [ -f " /etc/postfix/main.cf. ${ backup_date } " ] ] ; then
if $( diff "/etc/postfix/main.cf" " /etc/postfix/main.cf. ${ backup_date } " > /dev/null 2>& 1) ; then
info "File \033[1m/etc/postfix/main.cf\033[m has not changed.\n\t Removing previos created backup.."
rm " /etc/postfix/main.cf. ${ backup_date } "
fi
fi
echo ""
rm -f " $log_file "
