Compare commits
13 Commits
6356876ab6
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| b99844c1b5 | |||
| 691c34fa18 | |||
| 1ca6031fea | |||
| 8234254094 | |||
| afff836253 | |||
|
7c05201520 | ||
|
|
0674fb1231 | ||
|
|
32980f67de | ||
|
|
7b9a6f52ca | ||
| 5a8280b767 | |||
| 7c99515e72 | |||
| ef963e89fc | |||
| 654e5738d4 |
@@ -110,7 +110,8 @@ detect_os_1 () {
|
||||
# --- Some default settings
|
||||
# -------------
|
||||
|
||||
DEFAULT_SASL_AUTH_ENABLED="no"
|
||||
DEFAULT_SASL_AUTH_ENABLED=false
|
||||
DEFAULT_IS_SYMPA_LIST_SERVER=false
|
||||
|
||||
DEFAULT_QUARANTINE_DIR="/var/QUARANTINE"
|
||||
DEFAULT_QUARANTINE_ADMIN='postmaster\@$mydomain'
|
||||
@@ -187,7 +188,9 @@ if [[ -z "$_HOSTNAME" ]] ; then
|
||||
[[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME=""
|
||||
fi
|
||||
|
||||
[[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED="$DEFAULT_SASL_AUTH_ENABLED"
|
||||
[[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED=${DEFAULT_SASL_AUTH_ENABLED}
|
||||
|
||||
[[ -z "${_IS_SYMPA_LIST_SERVER}" ]] && _IS_SYMPA_LIST_SERVER=${DEFAULT_IS_SYMPA_LIST_SERVER}
|
||||
|
||||
|
||||
[[ -z "$_QUARANTINE_DIR" ]] && _QUARANTINE_DIR="$DEFAULT_QUARANTINE_DIR"
|
||||
@@ -375,9 +378,12 @@ SASL_AUTH_ENABLED=
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo "Should this mail server support Cyrus SASL authentication?"
|
||||
echo "Should this mail server support Cyrus SASL authentication? [true/yes/false/no]"
|
||||
echo ""
|
||||
while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do
|
||||
while [[ "$SASL_AUTH_ENABLED" != "yes" &&
|
||||
"$SASL_AUTH_ENABLED" != "true" &&
|
||||
"$SASL_AUTH_ENABLED" != "no" &&
|
||||
"$SASL_AUTH_ENABLED" != "false" ]];do
|
||||
|
||||
if [[ -n "$_SASL_AUTH_ENABLED" ]]; then
|
||||
echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: "
|
||||
@@ -390,13 +396,62 @@ while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do
|
||||
SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,}
|
||||
fi
|
||||
|
||||
if [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]] ; then
|
||||
_SASL_AUTH_ENABLED=""
|
||||
[[ -z "${SASL_AUTH_ENABLED}" ]] && SASL_AUTH_ENABLED=${_SASL_AUTH_ENABLED}
|
||||
|
||||
if [[ "$SASL_AUTH_ENABLED" != "yes" &&
|
||||
"$SASL_AUTH_ENABLED" != "true" &&
|
||||
"$SASL_AUTH_ENABLED" != "false" &&
|
||||
"$SASL_AUTH_ENABLED" != "no" ]] ; then
|
||||
SASL_AUTH_ENABLED=""
|
||||
echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n Type 'yes' or 'no'"
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
[[ "$SASL_AUTH_ENABLED" = "yes" ]] && SASL_AUTH_ENABLED=true
|
||||
[[ "$SASL_AUTH_ENABLED" = "no" ]] && SASL_AUTH_ENABLED=false
|
||||
|
||||
|
||||
if ! ${SASL_AUTH_ENABLED} ; then
|
||||
|
||||
IS_SYMPA_LIST_SERVER=""
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo "Are Sympa List Services provided? - [true/yes/false/no]"
|
||||
echo ""
|
||||
echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: "
|
||||
|
||||
read IS_SYMPA_LIST_SERVER
|
||||
if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then
|
||||
IS_SYMPA_LIST_SERVER="$_IS_SYMPA_LIST_SERVER"
|
||||
fi
|
||||
IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,}
|
||||
|
||||
while [[ "$IS_SYMPA_LIST_SERVER" != "yes" && \
|
||||
"$IS_SYMPA_LIST_SERVER" != "true" && \
|
||||
"$IS_SYMPA_LIST_SERVER" != "no" && \
|
||||
"$IS_SYMPA_LIST_SERVER" != "false" ]]; do
|
||||
|
||||
echo -e "\n\t\033[33m\033[1mWrong value was given!!\033[m\n"
|
||||
|
||||
echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: "
|
||||
read IS_SYMPA_LIST_SERVER
|
||||
if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then
|
||||
IS_SYMPA_LIST_SERVER=false
|
||||
fi
|
||||
IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,}
|
||||
|
||||
done
|
||||
|
||||
if [[ "$IS_SYMPA_LIST_SERVER" = 'yes' || "$IS_SYMPA_LIST_SERVER" = 'true' ]] ; then
|
||||
IS_SYMPA_LIST_SERVER=true
|
||||
else
|
||||
IS_SYMPA_LIST_SERVER=false
|
||||
fi
|
||||
else
|
||||
IS_SYMPA_LIST_SERVER=false
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
@@ -854,6 +909,7 @@ echo -e "\tIPv4 address...........................: $IPV4"
|
||||
echo -e "\tIPv6 address...........................: $IPV6"
|
||||
echo ""
|
||||
echo -e "\tSASL AUTH support......................: $SASL_AUTH_ENABLED"
|
||||
echo -e "\tSupport sympa mailinglists.............: ${IS_SYMPA_LIST_SERVER}"
|
||||
echo ""
|
||||
echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR"
|
||||
echo ""
|
||||
@@ -905,6 +961,7 @@ _IPV4=$IPV4
|
||||
_IPV6=$IPV6
|
||||
|
||||
_SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED
|
||||
_IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER}
|
||||
|
||||
_QUARANTINE_DIR=$QUARANTINE_DIR
|
||||
_QUARANTINE_ADMIN=$QUARANTINE_ADMIN
|
||||
@@ -4209,10 +4266,49 @@ use strict;
|
||||
# !! smtpd_proxy_filter - see master.cf !!
|
||||
#
|
||||
#
|
||||
EOF
|
||||
|
||||
if ${SASL_AUTH_ENABLED} ; then
|
||||
cat << EOF >> "${_config_file}"
|
||||
\$inet_socket_port = [10024, 10026];
|
||||
#\$inet_socket_port = [10024, 10029];
|
||||
#\$inet_socket_port = [10024, 10026, 10029];
|
||||
|
||||
\$interface_policy{'10026'} = 'ORIGINATING';
|
||||
\$policy_bank{'ORIGINATING'} = {
|
||||
originating => 1, # declare that mail was submitted by our smtp client
|
||||
bypass_spam_checks_maps => (1),
|
||||
bypass_virus_checks_maps => (0),
|
||||
remove_existing_spam_headers => 1,
|
||||
};
|
||||
EOF
|
||||
|
||||
else
|
||||
|
||||
cat << EOF >> "${_config_file}"
|
||||
#\$inet_socket_port = [10024, 10026];
|
||||
\$inet_socket_port = [10024, 10029];
|
||||
#\$inet_socket_port = [10024, 10026, 10029];
|
||||
|
||||
\$interface_policy{'10024'} = 'INBOUND';
|
||||
\$interface_policy{'10029'} = 'VIRUSONLY';
|
||||
|
||||
# Inbound: Spam + Virus
|
||||
\$policy_bank{'INBOUND'} = { };
|
||||
|
||||
# Outbound: nur Virus
|
||||
\$policy_bank{'VIRUSONLY'} = {
|
||||
bypass_spam_checks_maps => [1],
|
||||
bypass_header_checks_maps => [1],
|
||||
final_spam_destiny => D_PASS,
|
||||
originating => 1,
|
||||
};
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
cat << EOF >> "${_config_file}"
|
||||
|
||||
# Bypass spam checking fro trusted networks
|
||||
#
|
||||
#\$interface_policy{'10026'} = 'TRUSTED';
|
||||
@@ -4434,7 +4530,9 @@ if [[ "$?" -ne 0 ]] ; then
|
||||
fi
|
||||
|
||||
|
||||
if [[ "${DB_TYPE}" = "PostgreSQL" ]] || [[ "${DB_TYPE}" = "MySQL" ]]; then
|
||||
if [[ "${DB_TYPE}" = "PostgreSQL" ]] || \
|
||||
[[ "${DB_TYPE}" = "MySQL" ]] && \
|
||||
! ${IS_SYMPA_LIST_SERVER}; then
|
||||
|
||||
if [[ "$DB_TYPE" = "PostgreSQL" ]]; then
|
||||
_db="pgsql"
|
||||
@@ -4503,10 +4601,6 @@ EOF
|
||||
);
|
||||
EOF
|
||||
|
||||
echo ""
|
||||
echo "hallo 9"
|
||||
echo ""
|
||||
|
||||
else
|
||||
cat >> /etc/amavis/conf.d/50-user <<'EOF'
|
||||
@local_domains_maps = ( ["."] );
|
||||
@@ -4522,15 +4616,6 @@ fi
|
||||
|
||||
cat >> /etc/amavis/conf.d/50-user <<EOF
|
||||
|
||||
## - get rid of "Open Relay" warnings in amavis logfile.
|
||||
## -
|
||||
\$interface_policy{'10026'} = 'ORIGINATING';
|
||||
\$policy_bank{'ORIGINATING'} = {
|
||||
originating => 1, # declare that mail was submitted by our smtp client
|
||||
bypass_spam_checks_maps => (1),
|
||||
bypass_virus_checks_maps => (0),
|
||||
remove_existing_spam_headers => 1,
|
||||
};
|
||||
|
||||
## - If you get am error like:
|
||||
## -
|
||||
@@ -5177,7 +5262,7 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
|
||||
smtp inet n - y - - smtpd
|
||||
-o content_filter=amavisfeed:[127.0.0.1]:10024
|
||||
EOF
|
||||
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
|
||||
if ! ${SASL_AUTH_ENABLED} ; then
|
||||
cat >> $postfix_master_cf << EOF
|
||||
-o smtpd_sasl_auth_enable=no
|
||||
EOF
|
||||
@@ -5211,7 +5296,7 @@ EOF
|
||||
${additional_smtp_port} inet n - y - - smtpd
|
||||
-o content_filter=amavisfeed:[127.0.0.1]:10024
|
||||
EOF
|
||||
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
|
||||
if ! ${SASL_AUTH_ENABLED} ; then
|
||||
cat >> $postfix_master_cf << EOF
|
||||
-o smtpd_sasl_auth_enable=no
|
||||
EOF
|
||||
|
||||
@@ -171,8 +171,10 @@ fi
|
||||
if [[ -z "$_RELAY_HOST" ]]; then
|
||||
_IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST
|
||||
else
|
||||
_IS_RELAY_HOST="$_RELAY_HOST"
|
||||
_IS_RELAY_HOST="${_RELAY_HOST,,}"
|
||||
fi
|
||||
[[ "${_IS_RELAY_HOST}" == "yes" ]] && _IS_RELAY_HOST=true
|
||||
[[ "${_IS_RELAY_HOST}" == "no" ]] && _IS_RELAY_HOST=false
|
||||
|
||||
if [[ -z "$_LISTEN_ON_ADDITIONAL_RELAY_PORT" ]] ; then
|
||||
_LISTEN_ON_ADDITIONAL_RELAY_PORT=${DEFAULT_LISTEN_ON_ADDITIONAL_RELAY_PORT}
|
||||
@@ -1080,6 +1082,7 @@ else
|
||||
cat <<EOF >> "${_file}"
|
||||
HELO_reject = SPF_Not_Pass
|
||||
EOF
|
||||
fi
|
||||
|
||||
cat <<EOF >> "${_file}"
|
||||
|
||||
@@ -2143,9 +2146,24 @@ smtp_tls_security_level=dane
|
||||
smtpd_tls_loglevel = 1
|
||||
smtp_tls_loglevel = 1
|
||||
|
||||
|
||||
# TLS RSA keys path
|
||||
smtpd_tls_cert_file = $_TLS_CERT_FILE
|
||||
smtpd_tls_key_file = $_TLS_KEY_FILE
|
||||
|
||||
EOF
|
||||
|
||||
if [[ -f "/etc/postfix/ssl/mailserver-ecdsa.crt" &&
|
||||
-f "/etc/postfix/ssl/mailserver-ecdsa.key" ]] ; then
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
# TLS ECDSA keys path
|
||||
smtpd_tls_eccert_file = /etc/postfix/ssl/mailserver-ecdsa.crt
|
||||
smtpd_tls_eckey_file = /etc/postfix/ssl/mailserver-ecdsa.key
|
||||
|
||||
EOF
|
||||
fi
|
||||
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
|
||||
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
|
||||
## -
|
||||
@@ -2713,7 +2731,7 @@ EOF
|
||||
|
||||
if [[ -n "$(which postfwd)" ]] ; then
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
127.0.0.1:10040_time_limit = 3600
|
||||
#127.0.0.1:10040_time_limit = 3600
|
||||
EOF
|
||||
else
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
@@ -2731,7 +2749,7 @@ if [[ -n "$(which policyd-spf)" ]] ; then
|
||||
# policyd-spf unix - n n - 0 spawn
|
||||
# user=policyd-spf argv=/usr/bin/policyd-spf
|
||||
#
|
||||
policyd-spf_time_limit = 3600
|
||||
#policyd-spf_time_limit = 3600
|
||||
EOF
|
||||
fi
|
||||
|
||||
@@ -3031,7 +3049,7 @@ else
|
||||
EOF
|
||||
fi
|
||||
|
||||
if ${IS_SYMPA_LIST_SERVER} ; then
|
||||
if ${IS_SYMPA_LIST_SERVER} || ${IS_RELAY_HOST}; then
|
||||
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
|
||||
@@ -4129,6 +4147,14 @@ else
|
||||
dmarc_pipe_present=false
|
||||
fi
|
||||
|
||||
if ${LISTEN_ON_ADDITIONAL_RELAY_PORT} ; then
|
||||
if grep -iq -E "^${ADDITIONAL_RELAY_LISTEN_PORT}\s+" $postfix_master_cf > /dev/null 2>&1 ; then
|
||||
additional_relay_port_present=true
|
||||
else
|
||||
additional_relay_port_present=false
|
||||
fi
|
||||
fi
|
||||
|
||||
_found=false
|
||||
echononl " Create new file \"${postfix_master_cf}\""
|
||||
if [[ -f "${postfix_master_cf}.$backup_date" ]]; then
|
||||
@@ -4158,9 +4184,11 @@ smtps inet n - y - - smtpd
|
||||
EOF
|
||||
fi
|
||||
elif $LISTEN_ON_ADDITIONAL_RELAY_PORT ; then
|
||||
cat >> $postfix_master_cf << EOF
|
||||
if ! ${additional_relay_port_present} ; then
|
||||
cat >> $postfix_master_cf << EOF
|
||||
${ADDITIONAL_RELAY_LISTEN_PORT} inet n - y - - smtpd
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
continue
|
||||
fi
|
||||
|
||||
@@ -2208,7 +2208,11 @@ fi
|
||||
|
||||
echo -e "\n\n\t\033[37m\033[1mConfigure Postfix Admin\033[m\n"
|
||||
|
||||
if [[ $MAJOR_VERSION -gt 3 ]] || [[ $MAJOR_VERSION -eq 3 ]] && [[ $MINOR_VERSION -gt 0 ]]; then
|
||||
if [[ $MAJOR_VERSION -gt 3 ]] ; then
|
||||
pfa_conf_file="${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.local.php"
|
||||
cp -a "${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.inc.php" "$pfa_conf_file"
|
||||
|
||||
elif [[ $MAJOR_VERSION -eq 3 ]] && [[ $MINOR_VERSION -gt 0 ]] ; then
|
||||
pfa_conf_file="${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.local.php"
|
||||
cp -a "${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.inc.php" "$pfa_conf_file"
|
||||
else
|
||||
@@ -2217,7 +2221,6 @@ else
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# - Use 'Re: $SUBJECT' as the default subject template for vacation
|
||||
# - in postfixadmin
|
||||
# -
|
||||
|
||||
Reference in New Issue
Block a user