install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: install:8dc105be6811c5da1512d17a4f91d7397e57e3c4
Branches Tags
install:master
...
compare: install:master
Branches Tags
install:master

17 Commits
8dc105be68 ... master

Author SHA1 Message Date
Christoph
b99844c1b5 install_postfixadmin.sh: remove space.. 2026-02-18 18:53:38 +01:00
Christoph
691c34fa18 Merge branch 'master' of https://git.oopen.de/install/mailsystem 2026-02-18 18:48:01 +01:00
Christoph
1ca6031fea install_postfixadmin.sh: fix error determin PFA configuration file. 2026-02-18 18:47:25 +01:00
Christoph
8234254094 Merge branch 'master' of git.oopen.de:install/mailsystem 2026-02-18 12:38:47 +01:00
Christoph
afff836253 install_postfix_advanced.sh: comment entries '127.0.0.1:10040_time_limit=3600' and 'policyd-spf_time_limit=3600'. 2026-02-18 12:38:33 +01:00
Christoph
7c05201520 install_postfix_advanced.sh: some changes of 'main.cf' in case of relay host only. 2026-02-18 01:48:45 +01:00
Christoph
0674fb1231 install_amavis.sh: fix entering procedure of variable 'SASL_AUTH_ENABLED'. 2026-02-18 01:33:55 +01:00
Christoph
32980f67de install_postfix_advanced.sh: fix handling of additional smtp port. 2026-02-18 01:32:08 +01:00
Christoph
7b9a6f52ca install_postfix_advanced.sh: add support for parameter 'smtpd_tls_eccert_file'. 2026-02-16 14:38:21 +01:00
Christoph
5a8280b767 install_amavis.sh: in any case, IS_SYMPA_LIST_SERVER must be set to false except server ist a sympa listmanager. 2026-02-16 14:01:12 +01:00
Christoph
7c99515e72 install_postfix_advanced.sh: some minor changes. 2026-02-16 13:32:21 +01:00
Christoph Kuchenbuch
ef963e89fc install_amavis.sh: separate amavis inbound (port 10024) amd outbound (10029) in case of sympa listserver or 'only relay' server. 2026-02-16 00:17:56 +01:00
Christoph Kuchenbuch
654e5738d4 install_postfix_advanced.sh: fix error - forgot 'fi'.. 2026-02-16 00:15:57 +01:00
Christoph Kuchenbuch
6356876ab6 Change some settings, if Server is a listserver. 2026-02-15 14:37:19 +01:00
Christoph Kuchenbuch
ee892a6b33 Add script 'set-policyd-spf-config-for-listserver.sh' - More relaxed settings for Listenserver. 2026-02-15 14:36:21 +01:00
Christoph
7741803f71 install_amavis.sh: fix some error writing file '50-user'. 2026-02-13 23:46:22 +01:00
Christoph
da1867ef91 install_amavis.sh: some minor changes.. 2026-02-13 22:47:16 +01:00
6 changed files with 416 additions and 193 deletions
Expand all files Collapse all files

184
install_amavis.sh
View File

@@ -110,7 +110,8 @@ detect_os_1 () {
# --- Some default settings # --- Some default settings
# ------------- # -------------
DEFAULT_SASL_AUTH_ENABLED="no" DEFAULT_SASL_AUTH_ENABLED=false
DEFAULT_IS_SYMPA_LIST_SERVER=false
DEFAULT_QUARANTINE_DIR="/var/QUARANTINE" DEFAULT_QUARANTINE_DIR="/var/QUARANTINE"
DEFAULT_QUARANTINE_ADMIN='postmaster\@$mydomain' DEFAULT_QUARANTINE_ADMIN='postmaster\@$mydomain'
@@ -187,7 +188,9 @@ if [[ -z "$_HOSTNAME" ]] ; then
[[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME="" [[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME=""
fi fi
[[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED="$DEFAULT_SASL_AUTH_ENABLED" [[ -z "$_SASL_AUTH_ENABLED" ]] && _SASL_AUTH_ENABLED=${DEFAULT_SASL_AUTH_ENABLED}
[[ -z "${_IS_SYMPA_LIST_SERVER}" ]] && _IS_SYMPA_LIST_SERVER=${DEFAULT_IS_SYMPA_LIST_SERVER}
[[ -z "$_QUARANTINE_DIR" ]] && _QUARANTINE_DIR="$DEFAULT_QUARANTINE_DIR" [[ -z "$_QUARANTINE_DIR" ]] && _QUARANTINE_DIR="$DEFAULT_QUARANTINE_DIR"
@@ -375,9 +378,12 @@ SASL_AUTH_ENABLED=
echo "" echo ""
echo -e "\033[32m--\033[m" echo -e "\033[32m--\033[m"
echo "" echo ""
echo "Should this mail server support Cyrus SASL authentication?" echo "Should this mail server support Cyrus SASL authentication? [true/yes/false/no]"
echo "" echo ""
while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do while [[ "$SASL_AUTH_ENABLED" != "yes" &&
"$SASL_AUTH_ENABLED" != "true" &&
"$SASL_AUTH_ENABLED" != "no" &&
"$SASL_AUTH_ENABLED" != "false" ]];do
if [[ -n "$_SASL_AUTH_ENABLED" ]]; then if [[ -n "$_SASL_AUTH_ENABLED" ]]; then
echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: " echononl "Support Cyrus SASL authentication [${_SASL_AUTH_ENABLED}]: "
@@ -390,13 +396,62 @@ while [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]];do
SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,} SASL_AUTH_ENABLED=${SASL_AUTH_ENABLED,,}
fi fi
if [[ "$SASL_AUTH_ENABLED" != "yes" && "$SASL_AUTH_ENABLED" != "no" ]] ; then [[ -z "${SASL_AUTH_ENABLED}" ]] && SASL_AUTH_ENABLED=${_SASL_AUTH_ENABLED}
_SASL_AUTH_ENABLED=""
if [[ "$SASL_AUTH_ENABLED" != "yes" &&
"$SASL_AUTH_ENABLED" != "true" &&
"$SASL_AUTH_ENABLED" != "false" &&
"$SASL_AUTH_ENABLED" != "no" ]] ; then
SASL_AUTH_ENABLED=""
echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n Type 'yes' or 'no'" echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n Type 'yes' or 'no'"
fi fi
done done
[[ "$SASL_AUTH_ENABLED" = "yes" ]] && SASL_AUTH_ENABLED=true
[[ "$SASL_AUTH_ENABLED" = "no" ]] && SASL_AUTH_ENABLED=false
if ! ${SASL_AUTH_ENABLED} ; then
IS_SYMPA_LIST_SERVER=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Are Sympa List Services provided? - [true/yes/false/no]"
echo ""
echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: "
read IS_SYMPA_LIST_SERVER
if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then
IS_SYMPA_LIST_SERVER="$_IS_SYMPA_LIST_SERVER"
fi
IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,}
while [[ "$IS_SYMPA_LIST_SERVER" != "yes" && \
"$IS_SYMPA_LIST_SERVER" != "true" && \
"$IS_SYMPA_LIST_SERVER" != "no" && \
"$IS_SYMPA_LIST_SERVER" != "false" ]]; do
echo -e "\n\t\033[33m\033[1mWrong value was given!!\033[m\n"
echononl "Sympa List Server? [$_IS_SYMPA_LIST_SERVER]: "
read IS_SYMPA_LIST_SERVER
if [[ -z "${IS_SYMPA_LIST_SERVER}" ]] ; then
IS_SYMPA_LIST_SERVER=false
fi
IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER,,}
done
if [[ "$IS_SYMPA_LIST_SERVER" = 'yes' || "$IS_SYMPA_LIST_SERVER" = 'true' ]] ; then
IS_SYMPA_LIST_SERVER=true
else
IS_SYMPA_LIST_SERVER=false
fi
else
IS_SYMPA_LIST_SERVER=false
fi
echo "" echo ""
@@ -704,7 +759,6 @@ else
fi fi
if ! $DB_IN_USE ; then if ! $DB_IN_USE ; then
echo -e "[3] \033[37m\033[1mSkip (No Database in use)\033[m" echo -e "[3] \033[37m\033[1mSkip (No Database in use)\033[m"
_DB_TYPE="None"
else else
echo "[3] Skip (No Database in use)" echo "[3] Skip (No Database in use)"
fi fi
@@ -855,6 +909,7 @@ echo -e "\tIPv4 address...........................: $IPV4"
echo -e "\tIPv6 address...........................: $IPV6" echo -e "\tIPv6 address...........................: $IPV6"
echo "" echo ""
echo -e "\tSASL AUTH support......................: $SASL_AUTH_ENABLED" echo -e "\tSASL AUTH support......................: $SASL_AUTH_ENABLED"
echo -e "\tSupport sympa mailinglists.............: ${IS_SYMPA_LIST_SERVER}"
echo "" echo ""
echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR" echo -e "\tQuarantine Directory ..................: $QUARANTINE_DIR"
echo "" echo ""
@@ -906,6 +961,7 @@ _IPV4=$IPV4
_IPV6=$IPV6 _IPV6=$IPV6
_SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED _SASL_AUTH_ENABLED=$SASL_AUTH_ENABLED
_IS_SYMPA_LIST_SERVER=${IS_SYMPA_LIST_SERVER}
_QUARANTINE_DIR=$QUARANTINE_DIR _QUARANTINE_DIR=$QUARANTINE_DIR
_QUARANTINE_ADMIN=$QUARANTINE_ADMIN _QUARANTINE_ADMIN=$QUARANTINE_ADMIN
@@ -4210,10 +4266,49 @@ use strict;
# !! smtpd_proxy_filter - see master.cf !! # !! smtpd_proxy_filter - see master.cf !!
# #
# #
EOF
if ${SASL_AUTH_ENABLED} ; then
cat << EOF >> "${_config_file}"
\$inet_socket_port = [10024, 10026]; \$inet_socket_port = [10024, 10026];
#\$inet_socket_port = [10024, 10029]; #\$inet_socket_port = [10024, 10029];
#\$inet_socket_port = [10024, 10026, 10029]; #\$inet_socket_port = [10024, 10026, 10029];
\$interface_policy{'10026'} = 'ORIGINATING';
\$policy_bank{'ORIGINATING'} = {
originating => 1, # declare that mail was submitted by our smtp client
bypass_spam_checks_maps => (1),
bypass_virus_checks_maps => (0),
remove_existing_spam_headers => 1,
};
EOF
else
cat << EOF >> "${_config_file}"
#\$inet_socket_port = [10024, 10026];
\$inet_socket_port = [10024, 10029];
#\$inet_socket_port = [10024, 10026, 10029];
\$interface_policy{'10024'} = 'INBOUND';
\$interface_policy{'10029'} = 'VIRUSONLY';
# Inbound: Spam + Virus
\$policy_bank{'INBOUND'} = { };
# Outbound: nur Virus
\$policy_bank{'VIRUSONLY'} = {
bypass_spam_checks_maps => [1],
bypass_header_checks_maps => [1],
final_spam_destiny => D_PASS,
originating => 1,
};
EOF
fi
cat << EOF >> "${_config_file}"
# Bypass spam checking fro trusted networks # Bypass spam checking fro trusted networks
# #
#\$interface_policy{'10026'} = 'TRUSTED'; #\$interface_policy{'10026'} = 'TRUSTED';
@@ -4432,14 +4527,15 @@ EOF
if [[ "$?" -ne 0 ]] ; then if [[ "$?" -ne 0 ]] ; then
installation_failed=true installation_failed=true
error "$(cat $tmp_err_msg)"
fi fi
if [[ "${DB_TYPE}" = "PostgreSQL" ]] || [[ "${DB_TYPE}" = "MySQL" ]]; then if [[ "${DB_TYPE}" = "PostgreSQL" ]] || \
[[ "${DB_TYPE}" = "MySQL" ]] && \
! ${IS_SYMPA_LIST_SERVER}; then
if [[ "$DB_TYPE" = "PostgreSQL" ]]; then if [[ "$DB_TYPE" = "PostgreSQL" ]]; then
_db="psql" _db="pgsql"
else else
_db="mysql" _db="mysql"
fi fi
@@ -4451,7 +4547,6 @@ EOF
if [[ "$?" -ne 0 ]] ; then if [[ "$?" -ne 0 ]] ; then
installation_failed=true installation_failed=true
error "$(cat $tmp_err_msg)"
fi fi
@@ -4465,39 +4560,38 @@ EOF
if [[ "$?" -ne 0 ]] ; then if [[ "$?" -ne 0 ]] ; then
installation_failed=true installation_failed=true
error "$(cat $tmp_err_msg)"
fi fi
fi fi
if [[ -f "/etc/postfix/${_db}_relay-domain-maps.cf" ]]; then if [[ -f "/etc/postfix/${_db}_relay-domain-maps.cf" ]]; then
cat >> /etc/amavis/conf.d/50-user <<EOF cat >> /etc/amavis/conf.d/50-user <<EOF
# Domains, die als relay_domains akzeptiert werden: # Domains, die als Relay Domains akzeptiert werden:
'${_db}:/etc/postfix/${_db}_relay-domain-maps.cf', '${_db}:/etc/postfix/${_db}_relay-domain-maps.cf',
EOF EOF
if [[ "$?" -ne 0 ]] ; then if [[ "$?" -ne 0 ]] ; then
installation_failed=true installation_failed=true
error "$(cat $tmp_err_msg)"
fi fi
fi fi
if grep -iq -E "^\s*btree:/etc/postfix/relay_domains" $postfix_main_cf > /dev/null 2>&1 ; then
if grep -iq -E "^\s*btree:/etc/postfix/relay_domains" "/etc/postfix/main.cf" > /dev/null 2>&1 ; then
cat >> /etc/amavis/conf.d/50-user <<EOF cat >> /etc/amavis/conf.d/50-user <<EOF
# Domains, die als virtuelle Mailbox-Domains gehostet sind: # weiter Domains, die als Relay Domains akzeptiert werden
'${_db}:/etc/postfix/${_db}_relay-domain-maps.cf', 'btree:/etc/postfix/relay_domains',
EOF EOF
if [[ "$?" -ne 0 ]] ; then if [[ "$?" -ne 0 ]] ; then
installation_failed=true installation_failed=true
error "$(cat $tmp_err_msg)"
fi fi
@@ -4522,15 +4616,6 @@ fi
cat >> /etc/amavis/conf.d/50-user <<EOF cat >> /etc/amavis/conf.d/50-user <<EOF
## - get rid of "Open Relay" warnings in amavis logfile.
## -
\$interface_policy{'10026'} = 'ORIGINATING';
\$policy_bank{'ORIGINATING'} = {
originating => 1, # declare that mail was submitted by our smtp client
bypass_spam_checks_maps => (1),
bypass_virus_checks_maps => (0),
remove_existing_spam_headers => 1,
};
## - If you get am error like: ## - If you get am error like:
## - ## -
@@ -4550,33 +4635,42 @@ fi
if [[ "$DB_TYPE" = "PostgreSQL" ]]; then if [[ "$DB_TYPE" = "PostgreSQL" ]]; then
cat >> /etc/amavis/conf.d/50-user <<EOF if [[ -n "${DB_NAME}" ]] && [[ -n "${DB_HOST}" ]] && [[ -n "${DB_USER}" ]] && [[ -n "${DB_PASS}" ]] ; then
cat >> /etc/amavis/conf.d/50-user <<EOF
## - lookup for local domains in PostgreSQL database ## - lookup for local domains in PostgreSQL database
## - ## -
@lookup_sql_dsn = ( #@lookup_sql_dsn = (
['DBI:Pg:database=${DB_NAME};host=${DB_HOST}', '$DB_USER', '$DB_PASS'] # ['DBI:Pg:database=${DB_NAME};host=${DB_HOST}', '$DB_USER', '$DB_PASS']
); #);
\$sql_select_policy = 'SELECT \\'Y\\' AS local FROM domain WHERE \\'@\\' || domain IN (%k);'; #\$sql_select_policy = 'SELECT \\'Y\\' AS local FROM domain WHERE \\'@\\' || domain IN (%k);';
EOF EOF
if [[ "$?" -ne 0 ]] ; then if [[ "$?" -ne 0 ]] ; then
installation_failed=true installation_failed=true
error "$(cat $tmp_err_msg)" error "$(cat $tmp_err_msg)"
fi
fi fi
elif [[ "$DB_TYPE" = "MySQL" ]];then elif [[ "$DB_TYPE" = "MySQL" ]];then
cat >> /etc/amavis/conf.d/50-user <<EOF
if [[ -n "${DB_NAME}" ]] && [[ -n "${DB_HOST}" ]] && [[ -n "${DB_USER}" ]] && [[ -n "${DB_PASS}" ]] ; then
cat >> /etc/amavis/conf.d/50-user <<EOF
## - lookup for local domains in MySQL database ## - lookup for local domains in MySQL database
## - ## -
@lookup_sql_dsn = ( #@lookup_sql_dsn = (
['DBI:mysql:database=${DB_NAME};host=${DB_HOST}', '$DB_USER', '$DB_PASS'] # ['DBI:mysql:database=${DB_NAME};host=${DB_HOST}', '$DB_USER', '$DB_PASS']
); #);
\$sql_select_policy = 'SELECT "Y" AS local FROM domain WHERE CONCAT("@", domain) IN (%k)'; #\$sql_select_policy = 'SELECT "Y" AS local FROM domain WHERE CONCAT("@", domain) IN (%k)';
EOF EOF
if [[ "$?" -ne 0 ]] ; then if [[ "$?" -ne 0 ]] ; then
installation_failed=true installation_failed=true
error "$(cat $tmp_err_msg)" error "$(cat $tmp_err_msg)"
fi
fi fi
fi fi
@@ -5168,7 +5262,7 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
smtp inet n - y - - smtpd smtp inet n - y - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10024 -o content_filter=amavisfeed:[127.0.0.1]:10024
EOF EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then if ! ${SASL_AUTH_ENABLED} ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_sasl_auth_enable=no -o smtpd_sasl_auth_enable=no
EOF EOF
@@ -5202,7 +5296,7 @@ EOF
${additional_smtp_port} inet n - y - - smtpd ${additional_smtp_port} inet n - y - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10024 -o content_filter=amavisfeed:[127.0.0.1]:10024
EOF EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then if ! ${SASL_AUTH_ENABLED} ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_sasl_auth_enable=no -o smtpd_sasl_auth_enable=no
EOF EOF

7
install_opendkim.sh
View File

@@ -726,8 +726,11 @@ fi
if grep -q -E "^\s*#?\s*non_smtpd_milters\s*=" ${main_cf_file} ; then if grep -q -E "^\s*#?\s*non_smtpd_milters\s*=" ${main_cf_file} ; then
ensure_dkim_var "non_smtpd_milters" > "${tmp_main_cf_file}" # In case of sympa, DKIM signatures will be added by sympa list manager
cp "${tmp_main_cf_file}" "${main_cf_file}" if ! which sympa ; then
ensure_dkim_var "non_smtpd_milters" > "${tmp_main_cf_file}"
cp "${tmp_main_cf_file}" "${main_cf_file}"
fi
else else

11
install_opendmarc.sh
View File

@@ -26,8 +26,15 @@ opendmarc_socket_file="${opendmarc_socket_dir}/opendmarc.sock"
config_file_name_value_parameters=" config_file_name_value_parameters="
AuthservID|HOSTNAME AuthservID|HOSTNAME
TrustedAuthservIDs|HOSTNAME TrustedAuthservIDs|HOSTNAME
PidFile|/run/opendmarc/opendmarc.pid PidFile|/run/opendmarc/opendmarc.pid"
RejectFailures|true if which sympa ; then
config_file_name_value_parameters="$config_file_name_value_parameters
RejectFailures|false"
else
config_file_name_value_parameters="$config_file_name_value_parameters
RejectFailures|true"
fi
config_file_name_value_parameters="$config_file_name_value_parameters
Syslog|true Syslog|true
SyslogFacility|mail SyslogFacility|mail
IgnoreHosts|${opendmarc_base_dir}/ignore.hosts IgnoreHosts|${opendmarc_base_dir}/ignore.hosts

128
install_postfix_advanced.sh
View File

@@ -171,8 +171,10 @@ fi
if [[ -z "$_RELAY_HOST" ]]; then if [[ -z "$_RELAY_HOST" ]]; then
_IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST _IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST
else else
_IS_RELAY_HOST="$_RELAY_HOST" _IS_RELAY_HOST="${_RELAY_HOST,,}"
fi fi
[[ "${_IS_RELAY_HOST}" == "yes" ]] && _IS_RELAY_HOST=true
[[ "${_IS_RELAY_HOST}" == "no" ]] && _IS_RELAY_HOST=false
if [[ -z "$_LISTEN_ON_ADDITIONAL_RELAY_PORT" ]] ; then if [[ -z "$_LISTEN_ON_ADDITIONAL_RELAY_PORT" ]] ; then
_LISTEN_ON_ADDITIONAL_RELAY_PORT=${DEFAULT_LISTEN_ON_ADDITIONAL_RELAY_PORT} _LISTEN_ON_ADDITIONAL_RELAY_PORT=${DEFAULT_LISTEN_ON_ADDITIONAL_RELAY_PORT}
@@ -466,7 +468,7 @@ if ! ${IS_RELAY_HOST} ; then
fi fi
if [[ "${INPUT,,}" == "yes" || "${INPUT,,}" == "true" ]]; then if [[ "${INPUT,,}" == "yes" || "${INPUT,,}" == "true" ]]; then
INSTALL_DMARC_REPORT_SUPPORT=true INSTALL_DMARC_REPORT_SUPPORT=true
fi fi
fi fi
@@ -1071,7 +1073,18 @@ debugLevel = 1
# HELO_reject = Null - Only reject HELO Fail for Null sender (SPF Classic) # HELO_reject = Null - Only reject HELO Fail for Null sender (SPF Classic)
# HELO_reject = False - Never reject/defer on HELO, append header only. # HELO_reject = False - Never reject/defer on HELO, append header only.
# HELO_reject = No_Check - Never check HELO. # HELO_reject = No_Check - Never check HELO.
EOF
if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> "${_file}"
HELO_reject = False
EOF
else
cat <<EOF >> "${_file}"
HELO_reject = SPF_Not_Pass HELO_reject = SPF_Not_Pass
EOF
fi
cat <<EOF >> "${_file}"
# Mail From rejection policy. Options are: # Mail From rejection policy. Options are:
# Mail_From_reject = SPF_Not_Pass - Reject if result not Pass/None/Tempfail. # Mail_From_reject = SPF_Not_Pass - Reject if result not Pass/None/Tempfail.
@@ -1084,7 +1097,18 @@ HELO_reject = SPF_Not_Pass
# MAIL FROM-Adresse reagiert. Ein Fehler tritt auf, wenn die IP-Adresse des sendenden # MAIL FROM-Adresse reagiert. Ein Fehler tritt auf, wenn die IP-Adresse des sendenden
# Servers nicht den SPF-Einträgen der Domain in der MAIL FROM-Adresse entspricht. # Servers nicht den SPF-Einträgen der Domain in der MAIL FROM-Adresse entspricht.
# #
EOF
if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> "${_file}"
Mail_From_reject = False
EOF
else
cat <<EOF >> "${_file}"
Mail_From_reject = Fail Mail_From_reject = Fail
EOF
fi
cat <<EOF >> "${_file}"
# Policy for rejecting due to SPF PermError. Options are: # Policy for rejecting due to SPF PermError. Options are:
# PermError_reject = True # PermError_reject = True
@@ -1096,7 +1120,18 @@ Mail_From_reject = Fail
# #
# Wenn PermError_reject auf True gesetzt ist, wird die E-Mail abgewiesen (rejected), # Wenn PermError_reject auf True gesetzt ist, wird die E-Mail abgewiesen (rejected),
# #
EOF
if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> "${_file}"
PermError_reject = False
EOF
else
cat <<EOF >> "${_file}"
PermError_reject = True PermError_reject = True
EOF
fi
cat <<EOF >> "${_file}"
# Policy for deferring messages due to SPF TempError. Options are: # Policy for deferring messages due to SPF TempError. Options are:
# TempError_Defer = True # TempError_Defer = True
@@ -1109,7 +1144,7 @@ PermError_reject = True
# Wenn TempError_Defer auf True gesetzt ist, wird die E-Mail vorübergehend zurückgewiesen # Wenn TempError_Defer auf True gesetzt ist, wird die E-Mail vorübergehend zurückgewiesen
# (deferred), und der empfangende Server versucht später erneut, die E-Mail zuzustelle # (deferred), und der empfangende Server versucht später erneut, die E-Mail zuzustelle
# #
TempError_Defer = Defer TempError_Defer = True
# Type of header to insert to document SPF result. Can be Received-SPF (SPF) # Type of header to insert to document SPF result. Can be Received-SPF (SPF)
# or Authentication Results (AR). It cannot be both. # or Authentication Results (AR). It cannot be both.
@@ -2111,9 +2146,24 @@ smtp_tls_security_level=dane
smtpd_tls_loglevel = 1 smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1 smtp_tls_loglevel = 1
# TLS RSA keys path
smtpd_tls_cert_file = $_TLS_CERT_FILE smtpd_tls_cert_file = $_TLS_CERT_FILE
smtpd_tls_key_file = $_TLS_KEY_FILE smtpd_tls_key_file = $_TLS_KEY_FILE
EOF
if [[ -f "/etc/postfix/ssl/mailserver-ecdsa.crt" &&
-f "/etc/postfix/ssl/mailserver-ecdsa.key" ]] ; then
cat <<EOF >> /etc/postfix/main.cf
# TLS ECDSA keys path
smtpd_tls_eccert_file = /etc/postfix/ssl/mailserver-ecdsa.crt
smtpd_tls_eckey_file = /etc/postfix/ssl/mailserver-ecdsa.key
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## - ## -
@@ -2427,8 +2477,8 @@ virtual_alias_domains =
#======= Postfix DSN Support ============ #======= Postfix DSN Support ============
# #
# Use the smtpd_discard_ehlo_keyword_address_maps feature if you wish to allow DSN # Use the smtpd_discard_ehlo_keyword_address_maps feature if you wish to allow DSN
# requests from trusted clients but not from random strangers # requests from trusted clients but not from random strangers
# #
# smtpd_discard_ehlo_keyword_address_maps = # smtpd_discard_ehlo_keyword_address_maps =
@@ -2443,15 +2493,15 @@ virtual_alias_domains =
#smtpd_discard_ehlo_keyword_address_maps = #smtpd_discard_ehlo_keyword_address_maps =
# If you want to disallow all use of DSN requests from the network, use the # If you want to disallow all use of DSN requests from the network, use the
# smtpd_discard_ehlo_keywords feature: # smtpd_discard_ehlo_keywords feature:
# #
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# smtpd_discard_ehlo_keywords = silent-discard, dsn # smtpd_discard_ehlo_keywords = silent-discard, dsn
# #
#
# #
# A case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that #
# A case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that
# the Postfix SMTP server will not send in the EHLO response to a remote SMTP client. # the Postfix SMTP server will not send in the EHLO response to a remote SMTP client.
# #
# #
@@ -2681,7 +2731,7 @@ EOF
if [[ -n "$(which postfwd)" ]] ; then if [[ -n "$(which postfwd)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf cat <<EOF >> /etc/postfix/main.cf
127.0.0.1:10040_time_limit = 3600 #127.0.0.1:10040_time_limit = 3600
EOF EOF
else else
cat <<EOF >> /etc/postfix/main.cf cat <<EOF >> /etc/postfix/main.cf
@@ -2699,7 +2749,7 @@ if [[ -n "$(which policyd-spf)" ]] ; then
# policyd-spf unix - n n - 0 spawn # policyd-spf unix - n n - 0 spawn
# user=policyd-spf argv=/usr/bin/policyd-spf # user=policyd-spf argv=/usr/bin/policyd-spf
# #
policyd-spf_time_limit = 3600 #policyd-spf_time_limit = 3600
EOF EOF
fi fi
@@ -2876,6 +2926,16 @@ smtpd_recipient_restrictions =
# \$relay_recipient_maps, and \$relay_recipient_maps is not null. # \$relay_recipient_maps, and \$relay_recipient_maps is not null.
# #
reject_unlisted_recipient, reject_unlisted_recipient,
EOF
if [[ -n "$(which policyd-spf)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf
# Check Postfix policy service ..
#
check_policy_service unix:private/policy-spf
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
# reject_unauth_destination # reject_unauth_destination
# #
# Reject the request unless one of the following is true: # Reject the request unless one of the following is true:
@@ -2898,17 +2958,7 @@ smtpd_recipient_restrictions =
# managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html # managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html
# for more details # for more details
reject_unverified_recipient, reject_unverified_recipient,
EOF
if [[ -n "$(which policyd-spf)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf
# Check Postfix policy service ..
#
check_policy_service unix:private/policy-spf
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
# Policyd-Weight # Policyd-Weight
#check_policy_service inet:127.0.0.1:12525, #check_policy_service inet:127.0.0.1:12525,
# --------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------
@@ -2999,6 +3049,16 @@ else
EOF EOF
fi fi
if ${IS_SYMPA_LIST_SERVER} || ${IS_RELAY_HOST}; then
cat <<EOF >> /etc/postfix/main.cf
# Default: alles was nicht explizit überschrieben wird (pickup/local/sympa/cron/...)
content_filter = amavisfeed:[127.0.0.1]:10029
EOF
fi
if [[ -n "$(which opendkim)" ]] || [[ -n "$(which opendmarc)" ]] ; then if [[ -n "$(which opendkim)" ]] || [[ -n "$(which opendmarc)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf cat <<EOF >> /etc/postfix/main.cf
@@ -3040,7 +3100,7 @@ EOF
# Was sind non_smtpd_milters? # Was sind non_smtpd_milters?
# #
# non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT # non_smtpd_milters gilt für alle Postfix-Prozesse, die Mails verarbeiten, aber NICHT
# der smtpd-Daemon sind. # der smtpd-Daemon sind.
# #
# Das betrifft z. B.: # Das betrifft z. B.:
@@ -3068,7 +3128,13 @@ EOF
# #
EOF EOF
if [[ -n "$(which opendkim)" ]] ; then if ${IS_SYMPA_LIST_SERVER} ; then
cat <<EOF >> /etc/postfix/main.cf
# DKIM signing takes place in the Sympa list manager.
non_smtpd_milters =
EOF
elif [[ -n "$(which opendkim)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf cat <<EOF >> /etc/postfix/main.cf
non_smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = local:/opendkim/opendkim.sock
EOF EOF
@@ -3940,10 +4006,10 @@ if ${INSTALL_DMARC_REPORT_SUPPORT} ; then
cat <<EOF >> /etc/postfix/transport 2> $log_file cat <<EOF >> /etc/postfix/transport 2> $log_file
# - Take care your master.cf file ($postfix_master_cf) contains: # - Take care your master.cf file ($postfix_master_cf) contains:
# - # -
# - dmarc-pipe unix - n n - - pipe # - dmarc-pipe unix - n n - - pipe
# - flags=Rq user=vmail argv=/usr/local/bin/dmarc-collect.sh # - flags=Rq user=vmail argv=/usr/local/bin/dmarc-collect.sh
# - # -
dmarc-reports@oopen.de dmarc-pipe: dmarc-reports@oopen.de dmarc-pipe:
EOF EOF
@@ -4032,7 +4098,7 @@ EOF
_failed=true _failed=true
fi fi
if ${_failed} ; then if ${_failed} ; then
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
@@ -4081,6 +4147,14 @@ else
dmarc_pipe_present=false dmarc_pipe_present=false
fi fi
if ${LISTEN_ON_ADDITIONAL_RELAY_PORT} ; then
if grep -iq -E "^${ADDITIONAL_RELAY_LISTEN_PORT}\s+" $postfix_master_cf > /dev/null 2>&1 ; then
additional_relay_port_present=true
else
additional_relay_port_present=false
fi
fi
_found=false _found=false
echononl " Create new file \"${postfix_master_cf}\"" echononl " Create new file \"${postfix_master_cf}\""
if [[ -f "${postfix_master_cf}.$backup_date" ]]; then if [[ -f "${postfix_master_cf}.$backup_date" ]]; then
@@ -4110,9 +4184,11 @@ smtps inet n - y - - smtpd
EOF EOF
fi fi
elif $LISTEN_ON_ADDITIONAL_RELAY_PORT ; then elif $LISTEN_ON_ADDITIONAL_RELAY_PORT ; then
cat >> $postfix_master_cf << EOF if ! ${additional_relay_port_present} ; then
cat >> $postfix_master_cf << EOF
${ADDITIONAL_RELAY_LISTEN_PORT} inet n - y - - smtpd ${ADDITIONAL_RELAY_LISTEN_PORT} inet n - y - - smtpd
EOF EOF
fi
fi fi
continue continue
fi fi

239
install_postfixadmin.sh
View File

@@ -389,7 +389,7 @@ if [[ -z "$APACHE_VHOST_DIR" ]] ; then
fi fi
fi fi
[[ -n "${COMPOSER}" ]] || COMPOSER=${DEFAULT_COMPOSER} [[ -n "${COMPOSER}" ]] || COMPOSER=${DEFAULT_COMPOSER}
[[ -n "$POSTFIX_DB_TYPE" ]] || fatal "Database Type of Postfix Database (POSTFIX_DB_TYPE) not present!" [[ -n "$POSTFIX_DB_TYPE" ]] || fatal "Database Type of Postfix Database (POSTFIX_DB_TYPE) not present!"
[[ -n "$POSTFIX_DB_HOST_MYSQL" ]] || POSTFIX_DB_HOST_MYSQL="$DEFAULT_POSTFIX_DB_HOST_MYSQL" [[ -n "$POSTFIX_DB_HOST_MYSQL" ]] || POSTFIX_DB_HOST_MYSQL="$DEFAULT_POSTFIX_DB_HOST_MYSQL"
@@ -430,7 +430,7 @@ if [[ "$POSTFIX_DB_TYPE" = "mysql" ]] ; then
fi fi
else else
echononl "\tGet MySQL command.." echononl "\tGet MySQL command.."
mysql_command="$(which mysql)" mysql_command="$(which mysql)"
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
@@ -453,9 +453,9 @@ if [[ "$POSTFIX_DB_TYPE" = "mysql" ]] ; then
elif [[ -f "/etc/mysql/debian.cnf" ]] ; then elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf" MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
else else
fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated. fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
Use configuration file "$conf_file" to set Use configuration file "$conf_file" to set
parameter manually." parameter manually."
fi fi
fi fi
@@ -475,7 +475,7 @@ fi
if [[ "$ENCRYPTION_METHOD" =~ dovecot ]]; then if [[ "$ENCRYPTION_METHOD" =~ dovecot ]]; then
[[ -n "$DOVEADM_PW" ]] || DOVEADM_PW=$DEFAULT_DOVEADM_PW [[ -n "$DOVEADM_PW" ]] || DOVEADM_PW=$DEFAULT_DOVEADM_PW
fi fi
[[ -n "$DELETED_MAILBOX_DIR" ]] || DELETED_MAILBOX_DIR=$DEFAULT_DELETED_MAILBOX_DIR [[ -n "$DELETED_MAILBOX_DIR" ]] || DELETED_MAILBOX_DIR=$DEFAULT_DELETED_MAILBOX_DIR
[[ -n "$DELETED_DOMAINS_DIR" ]] || DELETED_DOMAINS_DIR=$DEFAULT_DELETED_DOMAINS_DIR [[ -n "$DELETED_DOMAINS_DIR" ]] || DELETED_DOMAINS_DIR=$DEFAULT_DELETED_DOMAINS_DIR
@@ -767,7 +767,7 @@ fi
if ! $database_exists ; then if ! $database_exists ; then
echononl "\tCreate Postfix Database '$POSTFIX_DB_NAME'" echononl "\tCreate Postfix Database '$POSTFIX_DB_NAME'"
if [ "$POSTFIX_DB_TYPE" = "mysql" ]; then if [ "$POSTFIX_DB_TYPE" = "mysql" ]; then
echo -n " (MySQL).." echo -n " (MySQL).."
mysql $MYSQL_CREDENTIALS -N -s -e \ mysql $MYSQL_CREDENTIALS -N -s -e \
"CREATE DATABASE IF NOT EXISTS $POSTFIX_DB_NAME CHARACTER SET utf8 COLLATE utf8_general_ci" >> $log_file 2>&1 "CREATE DATABASE IF NOT EXISTS $POSTFIX_DB_NAME CHARACTER SET utf8 COLLATE utf8_general_ci" >> $log_file 2>&1
@@ -817,7 +817,7 @@ else
else else
_db_backup_file_name="${POSTFIX_DB_NAME}-pfa.${backup_date}.sql" _db_backup_file_name="${POSTFIX_DB_NAME}-pfa.${backup_date}.sql"
fi fi
if [[ "$POSTFIX_DB_TYPE" = "mysql" ]]; then if [[ "$POSTFIX_DB_TYPE" = "mysql" ]]; then
echo -n " (MySQL).." echo -n " (MySQL).."
mysqldump $MYSQL_CREDENTIALS --opt $POSTFIX_DB_NAME > ${WEBSITE_BASEDIR}/${_db_backup_file_name} 2> $log_file mysqldump $MYSQL_CREDENTIALS --opt $POSTFIX_DB_NAME > ${WEBSITE_BASEDIR}/${_db_backup_file_name} 2> $log_file
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
@@ -1011,7 +1011,7 @@ else
fi fi
echo -e "\n\n\t\033[37m\033[1mBase install Postfixadmin..\033[m\n" echo -e "\n\n\t\033[37m\033[1mBase install Postfixadmin..\033[m\n"
@@ -1358,13 +1358,13 @@ if [[ "$PHP_TYPE" = "fcgid" ]] ; then
#!/bin/sh #!/bin/sh
export PHPRC="${WEBSITE_BASEDIR}/conf/" export PHPRC="${WEBSITE_BASEDIR}/conf/"
export TMPDIR="${WEBSITE_BASEDIR}/tmp" export TMPDIR="${WEBSITE_BASEDIR}/tmp"
# PHP child process management (PHP_FCGI_CHILDREN) should # PHP child process management (PHP_FCGI_CHILDREN) should
# always be disabled with mod_fcgid, which will only route one # always be disabled with mod_fcgid, which will only route one
# request at a time to application processes it has spawned; # request at a time to application processes it has spawned;
# thus, any child processes created by PHP will not be used # thus, any child processes created by PHP will not be used
# effectively. (Additionally, the PHP child processes may not # effectively. (Additionally, the PHP child processes may not
# be terminated properly.) By default, and with the environment # be terminated properly.) By default, and with the environment
# variable setting PHP_FCGI_CHILDREN=0, PHP child process # variable setting PHP_FCGI_CHILDREN=0, PHP child process
# management is disabled. # management is disabled.
PHP_FCGI_CHILDREN=0 PHP_FCGI_CHILDREN=0
export PHP_FCGI_CHILDREN export PHP_FCGI_CHILDREN
@@ -1697,17 +1697,17 @@ EOF
# - X-Frame-Options # - X-Frame-Options
# - # -
# - The X-Frame-Options header (RFC), or XFO header, protects your visitors # - The X-Frame-Options header (RFC), or XFO header, protects your visitors
# - against clickjacking attacks. An attacker can load up an iframe on their # - against clickjacking attacks. An attacker can load up an iframe on their
# - site and set your site as the source, it's quite easy: # - site and set your site as the source, it's quite easy:
# - # -
# - <iframe src="https://scotthelme.co.uk"></iframe> # - <iframe src="https://scotthelme.co.uk"></iframe>
# - # -
# - Using some crafty CSS they can hide your site in the background and create some # - Using some crafty CSS they can hide your site in the background and create some
# - genuine looking overlays. When your visitors click on what they think is a harmless # - genuine looking overlays. When your visitors click on what they think is a harmless
# - link, they're actually clicking on links on your website in the background. That # - link, they're actually clicking on links on your website in the background. That
# - might not seem so bad until we realise that the browser will execute those requests # - might not seem so bad until we realise that the browser will execute those requests
# - in the context of the user, which could include them being logged in and authenticated # - in the context of the user, which could include them being logged in and authenticated
# - to your site! # - to your site!
# - # -
# - Troy Hunt has a great blog on 'Clickjack attack the hidden threat right in front : # - Troy Hunt has a great blog on 'Clickjack attack the hidden threat right in front :
@@ -1715,49 +1715,49 @@ EOF
# - # -
# - http://www.troyhunt.com/2013/05/clickjack-attack-hidden-threat-right-in.html # - http://www.troyhunt.com/2013/05/clickjack-attack-hidden-threat-right-in.html
# - # -
# - Valid values include DENY meaning your site can't be framed, SAMEORIGIN which allows # - Valid values include DENY meaning your site can't be framed, SAMEORIGIN which allows
# - you to frame your own site or ALLOW-FROM https://example.com/ which lets you specify # - you to frame your own site or ALLOW-FROM https://example.com/ which lets you specify
# -sites that are permitted to frame your own site. # -sites that are permitted to frame your own site.
# - # -
Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Frame-Options "SAMEORIGIN"
# - X-Xss-Protection # - X-Xss-Protection
# - # -
# - This header is used to configure the built in reflective XSS protection found # - This header is used to configure the built in reflective XSS protection found
# - in Internet Explorer, Chrome and Safari (Webkit). Valid settings for the header # - in Internet Explorer, Chrome and Safari (Webkit). Valid settings for the header
# - are 0, which disables the protection, 1 which enables the protection # - are 0, which disables the protection, 1 which enables the protection
# - and 1; mode=block which tells the browser to block the response if it # - and 1; mode=block which tells the browser to block the response if it
# - detects an attack rather than sanitising the script. # - detects an attack rather than sanitising the script.
# - # -
Header always set X-Xss-Protection "1; mode=block" Header always set X-Xss-Protection "1; mode=block"
# - X-Content-Type-Options # - X-Content-Type-Options
# - # -
# - Nice and easy to configure, this header only has one valid value, nosniff. # - Nice and easy to configure, this header only has one valid value, nosniff.
# - It prevents Google Chrome and Internet Explorer from trying to mime-sniff # - It prevents Google Chrome and Internet Explorer from trying to mime-sniff
# - the content-type of a response away from the one being declared by the server. # - the content-type of a response away from the one being declared by the server.
# - It reduces exposure to drive-by downloads and the risks of user uploaded content # - It reduces exposure to drive-by downloads and the risks of user uploaded content
# - that, with clever naming, could be treated as a different content-type, like # - that, with clever naming, could be treated as a different content-type, like
# - an executable. # - an executable.
# - # -
Header always set X-Content-Type-Options "nosniff" Header always set X-Content-Type-Options "nosniff"
# - Content Security Policy # - Content Security Policy
# - # -
# - The CSP header allows you to define a whitelist of approved sources of content # - The CSP header allows you to define a whitelist of approved sources of content
# - for your site. By restricting the assets that a browser can load for your site, # - for your site. By restricting the assets that a browser can load for your site,
# - like js and css, CSP can act as an effective countermeasure to XSS attacks. I # - like js and css, CSP can act as an effective countermeasure to XSS attacks. I
# - have covered CSP in a lot more detail in my blog Content Security Policy - An # - have covered CSP in a lot more detail in my blog Content Security Policy - An
# - Introduction (https://scotthelme.co.uk/content-security-policy-an-introduction/). # - Introduction (https://scotthelme.co.uk/content-security-policy-an-introduction/).
# - # -
# - Here is a basic policy to enforce TLS on all assets and prevent # - Here is a basic policy to enforce TLS on all assets and prevent
# - mixed content warnings. # - mixed content warnings.
# - # -
# - Allow Google Analytics, Google AJAX CDN and Same Origin # - Allow Google Analytics, Google AJAX CDN and Same Origin
# - script-src 'self' www.google-analytics.com ajax.googleapis.com; # - script-src 'self' www.google-analytics.com ajax.googleapis.com;
# - # -
# - Emmbedding Google Fonts # - Emmbedding Google Fonts
# - style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; # - style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
# - # -
# - Allow YouTube Videos (iframe embedded) # - Allow YouTube Videos (iframe embedded)
# - frame-src 'self' https://www.youtube.com # - frame-src 'self' https://www.youtube.com
@@ -1767,9 +1767,9 @@ EOF
# - Referrer-Policy # - Referrer-Policy
# - # -
# - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header # - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header
# - field that identifies the address of the webpage (i.e. the URI or IRI) that # - field that identifies the address of the webpage (i.e. the URI or IRI) that
# - linked to the resource being requested. By checking the referrer, the new # - linked to the resource being requested. By checking the referrer, the new
# - webpage can see where the request originated. # - webpage can see where the request originated.
# - # -
Header set Referrer-Policy "strict-origin-when-cross-origin" Header set Referrer-Policy "strict-origin-when-cross-origin"
@@ -1889,7 +1889,7 @@ fi
echononl "\tCreate system user '$VACATION_USER'" echononl "\tCreate system user '$VACATION_USER'"
if ! grep -q "$VACATION_USER" /etc/passwd > /dev/null 2>&1 ; then if ! grep -q "$VACATION_USER" /etc/passwd > /dev/null 2>&1 ; then
adduser --system --home /var/spool/vacation --no-create-home --uid 65501 --gid 65501 --shell /usr/sbin/nologin $VACATION_USER > "$log_file" 2>&1 adduser --system --home /var/spool/vacation --no-create-home --uid 65501 --gid 65501 --shell /usr/sbin/nologin $VACATION_USER > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
@@ -1960,7 +1960,7 @@ fi
# - # -
#echononl "\tWorkaround, because encoding does not work as exspected." #echononl "\tWorkaround, because encoding does not work as exspected."
## - Vacation script changed. Since Version 3.2 we need another perl regexp. ## - Vacation script changed. Since Version 3.2 we need another perl regexp.
## - The old one was: ## - The old one was:
## - perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \ ## - perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \
## - ## -
##perl -i -n -p -e "s/(\s*\'Content-Type\'\s* =>\s*)\"text\/plain.*$/\1\"text\/plain; charset=iso-8859-1\",/" \ ##perl -i -n -p -e "s/(\s*\'Content-Type\'\s* =>\s*)\"text\/plain.*$/\1\"text\/plain; charset=iso-8859-1\",/" \
@@ -1995,7 +1995,7 @@ fi
# - /etc/mail/postfixadmin/vacation.conf # - /etc/mail/postfixadmin/vacation.conf
# - /etc/postfixadmin/vacation.conf # - /etc/postfixadmin/vacation.conf
# - # -
# - Instead of changing this script, we put the needed entries # - Instead of changing this script, we put the needed entries
# - to file /etc/postfixadmin/vacation.conf: # - to file /etc/postfixadmin/vacation.conf:
# - # -
echononl "\tCreate directory '/etc/postfixadmin' " echononl "\tCreate directory '/etc/postfixadmin' "
@@ -2101,15 +2101,15 @@ fi
# - Create an entry in /etc/hosts for the (non-existant domain) # - Create an entry in /etc/hosts for the (non-existant domain)
# - $AUTOREPLY_HOSTNAME # - $AUTOREPLY_HOSTNAME
# - # -
# - add: # - add:
# - # -
# - 127.0.0.1 $AUTOREPLY_HOSTNAME # - 127.0.0.1 $AUTOREPLY_HOSTNAME
# - # -
echononl "\tCreate entry in /etc/hosts for '$AUTOREPLY_HOSTNAME'" echononl "\tCreate entry in /etc/hosts for '$AUTOREPLY_HOSTNAME'"
if ! grep -q "$AUTOREPLY_HOSTNAME" /etc/hosts > $log_file 2>&1 ; then if ! grep -q "$AUTOREPLY_HOSTNAME" /etc/hosts > $log_file 2>&1 ; then
perl -i -n -p -e"s#(^\s*127.0.0.1\s+localhost.*)#\1\n\n127.0.0.1 ${AUTOREPLY_HOSTNAME}#" /etc/hosts > $log_file 2>&1 perl -i -n -p -e"s#(^\s*127.0.0.1\s+localhost.*)#\1\n\n127.0.0.1 ${AUTOREPLY_HOSTNAME}#" /etc/hosts > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@@ -2120,7 +2120,7 @@ else
echo_skipped echo_skipped
fi fi
# - Define the transport type in the Postfix master file # - Define the transport type in the Postfix master file
# - /etc/postfix/master.cf # - /etc/postfix/master.cf
# - # -
# - vacation unix - n n - - pipe # - vacation unix - n n - - pipe
@@ -2208,15 +2208,18 @@ fi
echo -e "\n\n\t\033[37m\033[1mConfigure Postfix Admin\033[m\n" echo -e "\n\n\t\033[37m\033[1mConfigure Postfix Admin\033[m\n"
if [[ $MAJOR_VERSION -gt 3 ]] || [[ $MAJOR_VERSION -eq 3 ]] && [[ $MINOR_VERSION -gt 0 ]]; then if [[ $MAJOR_VERSION -gt 3 ]] ; then
pfa_conf_file="${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.local.php"
cp -a "${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.inc.php" "$pfa_conf_file"
elif [[ $MAJOR_VERSION -eq 3 ]] && [[ $MINOR_VERSION -gt 0 ]] ; then
pfa_conf_file="${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.local.php" pfa_conf_file="${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.local.php"
cp -a "${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.inc.php" "$pfa_conf_file" cp -a "${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.inc.php" "$pfa_conf_file"
else else
pfa_conf_file="${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.inc.php" pfa_conf_file="${WEBSITE_BASEDIR}/postfixadmin-${PF_ADMIN_VERSION}/config.inc.php"
cp -a "$pfa_conf_file" "${pfa_conf_file}.ORIG" cp -a "$pfa_conf_file" "${pfa_conf_file}.ORIG"
fi fi
# - Use 'Re: $SUBJECT' as the default subject template for vacation # - Use 'Re: $SUBJECT' as the default subject template for vacation
# - in postfixadmin # - in postfixadmin
@@ -2277,26 +2280,26 @@ else
fi fi
> $log_file > $log_file
perl -i -n -p -e "s#^(\s*\\\$CONF\['default_language'\]\s*=.*)#//!\1\n\\\$CONF['default_language'] = 'de';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['default_language'\]\s*=.*)#//!\1\n\\\$CONF['default_language'] = 'de';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['database_type'\]\s*=.*)#//!\1\n\\\$CONF['database_type'] = '$_database_type';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['database_type'\]\s*=.*)#//!\1\n\\\$CONF['database_type'] = '$_database_type';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['database_host'\]\s*=.*)#//!\1\n\\\$CONF['database_host'] = 'localhost';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['database_host'\]\s*=.*)#//!\1\n\\\$CONF['database_host'] = 'localhost';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['database_user'\]\s*=.*)#//!\1\n\\\$CONF['database_user'] = '$POSTFIX_DB_USER';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['database_user'\]\s*=.*)#//!\1\n\\\$CONF['database_user'] = '$POSTFIX_DB_USER';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['database_password'\]\s*=.*)#//!\1\n\\\$CONF['database_password'] = '$POSTFIX_DB_PASS';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['database_password'\]\s*=.*)#//!\1\n\\\$CONF['database_password'] = '$POSTFIX_DB_PASS';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['database_name'\]\s*=.*)#//!\1\n\\\$CONF['database_name'] = '$POSTFIX_DB_NAME';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['database_name'\]\s*=.*)#//!\1\n\\\$CONF['database_name'] = '$POSTFIX_DB_NAME';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['database_prefix'\]\s*=.*)#//!\1\n\\\$CONF['database_prefix'] = '';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['database_prefix'\]\s*=.*)#//!\1\n\\\$CONF['database_prefix'] = '';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['admin_email'\]\s*=.*)#//!\1\n\\\$CONF['admin_email'] = '$WEBMASTER_EMAIL';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['admin_email'\]\s*=.*)#//!\1\n\\\$CONF['admin_email'] = '$WEBMASTER_EMAIL';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['encrypt'\]\s*=.*)#//!\1\n\\\$CONF['encrypt'] = '$ENCRYPTION_METHOD';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['encrypt'\]\s*=.*)#//!\1\n\\\$CONF['encrypt'] = '$ENCRYPTION_METHOD';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
if grep -q -E "^\\\$CONF\['dovecotpw'\]\s*=.*" "$pfa_conf_file" 2> /dev/null ; then if grep -q -E "^\\\$CONF\['dovecotpw'\]\s*=.*" "$pfa_conf_file" 2> /dev/null ; then
perl -i -n -p -e "s#^(\\\$CONF\['dovecotpw'\]\s*=.*)#//!\1\n\\\$CONF['dovecotpw'] = '$DOVEADM_PW';#" \ perl -i -n -p -e "s#^(\\\$CONF\['dovecotpw'\]\s*=.*)#//!\1\n\\\$CONF['dovecotpw'] = '$DOVEADM_PW';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
else else
cat <<EOF >> $pfa_conf_file cat <<EOF >> $pfa_conf_file
@@ -2335,7 +2338,7 @@ echononl "\tAdjust Postfix Admin's Configuration - Part 2"
_failed=false _failed=false
> $log_file > $log_file
perl -i -n -p -e "s#^(\s*\\\$CONF\['default_aliases'\]\s*=.*)#//\n//! 'default_aliases' will be overridden - see end of configfile\n//\n\1#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['default_aliases'\]\s*=.*)#//\n//! 'default_aliases' will be overridden - see end of configfile\n//\n\1#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
cat <<EOF >> $pfa_conf_file 2> $log_file cat <<EOF >> $pfa_conf_file 2> $log_file
@@ -2355,10 +2358,10 @@ EOF
perl -i -n -p -e "s#^(\s*\\\$CONF\['language_hook'\]\s*=.*)#//\n//! 'language_hook' will be overridden - see end of configfile\n//\n\1#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['language_hook'\]\s*=.*)#//\n//! 'language_hook' will be overridden - see end of configfile\n//\n\1#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['password_validation'\]\s*=.*)#//\n//! 'password_validation' will be overridden - see end of configfile\n//\n\1#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['password_validation'\]\s*=.*)#//\n//! 'password_validation' will be overridden - see end of configfile\n//\n\1#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
cat <<EOF >> $pfa_conf_file 2> $log_file cat <<EOF >> $pfa_conf_file 2> $log_file
// Password validation // Password validation
@@ -2384,19 +2387,19 @@ cat <<EOF >> $pfa_conf_file 2> $log_file
); );
/* /*
language_hook example function language_hook example function
Called if \$CONF['language_hook'] == '<name_of_the_function>' Called if \$CONF['language_hook'] == '<name_of_the_function>'
Allows to add or override \$PALANG interface texts. Allows to add or override \$PALANG interface texts.
If you add new texts, please always prefix them with 'x_' (for example If you add new texts, please always prefix them with 'x_' (for example
\$PALANG['x_mytext'] = 'foo') to avoid they clash with texts that might be \$PALANG['x_mytext'] = 'foo') to avoid they clash with texts that might be
added to languages/*.lang in future versions of PostfixAdmin. added to languages/*.lang in future versions of PostfixAdmin.
Please also make sure that all your added texts are included in all Please also make sure that all your added texts are included in all
sections - that includes all 'case "XY":' sections and the 'default:' sections - that includes all 'case "XY":' sections and the 'default:'
section (for users that don't have any of the languages specified section (for users that don't have any of the languages specified
in the 'case "XY":' section). in the 'case "XY":' section).
Usually the 'default:' section should contain english text. Usually the 'default:' section should contain english text.
If you modify an existing text/translation, please consider to report it If you modify an existing text/translation, please consider to report it
@@ -2442,23 +2445,23 @@ EOF
perl -i -n -p -e "s#^(\s*\\\$CONF\['domain_path'\]\s*=.*)#//!\1\n\\\$CONF['domain_path'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['domain_path'\]\s*=.*)#//!\1\n\\\$CONF['domain_path'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['domain_in_mailbox'\]\s*=.*)#//!\1\n\\\$CONF['domain_in_mailbox'] = 'NO';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['domain_in_mailbox'\]\s*=.*)#//!\1\n\\\$CONF['domain_in_mailbox'] = 'NO';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['aliases'\]\s*=.*)#//!\1\n\\\$CONF['aliases'] = '100';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['aliases'\]\s*=.*)#//!\1\n\\\$CONF['aliases'] = '100';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['mailboxes'\]\s*=.*)#//!\1\n\\\$CONF['mailboxes'] = '100';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['mailboxes'\]\s*=.*)#//!\1\n\\\$CONF['mailboxes'] = '100';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['maxquota'\]\s*=.*)#//!\1\n\\\$CONF['maxquota'] = '0';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['maxquota'\]\s*=.*)#//!\1\n\\\$CONF['maxquota'] = '0';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['domain_quota_default'\]\s*=.*)#//!\1\n\\\$CONF['domain_quota_default'] = '0';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['domain_quota_default'\]\s*=.*)#//!\1\n\\\$CONF['domain_quota_default'] = '0';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['quota'\]\s*=.*)#//!\1\n\\\$CONF['quota'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['quota'\]\s*=.*)#//!\1\n\\\$CONF['quota'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['domain_quota'\]\s*=.*)#//!\1\n\\\$CONF['domain_quota'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['domain_quota'\]\s*=.*)#//!\1\n\\\$CONF['domain_quota'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['quota_multiplier'\]\s*=.*)#//!\1\n\\\$CONF['quota_multiplier'] = '1048576';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['quota_multiplier'\]\s*=.*)#//!\1\n\\\$CONF['quota_multiplier'] = '1048576';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
if $_failed ; then if $_failed ; then
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
@@ -2536,8 +2539,8 @@ cat <<EOF >> $pfa_conf_file 2> $log_file
// ReplyType options // ReplyType options
// If you want to define additional reply options put them in array below. // If you want to define additional reply options put them in array below.
// The array has the format seconds between replies => $PALANG text // The array has the format seconds between replies => $PALANG text
// Special values for seconds are: // Special values for seconds are:
// 0 => only reply to the first mail while on vacation // 0 => only reply to the first mail while on vacation
// 1 => reply on every mail // 1 => reply on every mail
// 60*60*24*7 => Reply if last autoreply was at least a week ago // 60*60*24*7 => Reply if last autoreply was at least a week ago
// //
@@ -2570,8 +2573,8 @@ fi
## - EOM; ## - EOM;
## - ## -
echononl "\tCreate welcome message.." echononl "\tCreate welcome message.."
if [[ -n "$WELCOME_MESSAGE" ]] ; then if [[ -n "$WELCOME_MESSAGE" ]] ; then
cat <<EOF >> $pfa_conf_file 2> $log_file cat <<EOF >> $pfa_conf_file 2> $log_file
// Welcome Message // Welcome Message
// This message is send to every newly created mailbox. // This message is send to every newly created mailbox.
@@ -2614,35 +2617,35 @@ echononl "\tAdjust Postfix Admin's Configuration - Part 5"
_failed=false _failed=false
> $log_file > $log_file
perl -i -n -p -e "s#^(\s*\\\$CONF\['alias_control_admin'\]\s+=.*)#//!\1\n\\\$CONF['alias_control_admin'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['alias_control_admin'\]\s+=.*)#//!\1\n\\\$CONF['alias_control_admin'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['alias_control'\]\s*=.*)#//!\1\n\\\$CONF['alias_control'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['alias_control'\]\s*=.*)#//!\1\n\\\$CONF['alias_control'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['special_alias_control'\]\s*=.*)#//!\1\n\\\$CONF['special_alias_control'] = 'NO';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['special_alias_control'\]\s*=.*)#//!\1\n\\\$CONF['special_alias_control'] = 'NO';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['backup'\]\s*=.*)#//!\1\n\\\$CONF['backup'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['backup'\]\s*=.*)#//!\1\n\\\$CONF['backup'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['fetchmail'\]\s*=.*)#//!\1\n\\\$CONF['fetchmail'] = 'NO';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['fetchmail'\]\s*=.*)#//!\1\n\\\$CONF['fetchmail'] = 'NO';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['user_footer_link'\]\s+=.*)#//!\1\n\\\$CONF['user_footer_link'] = 'https://${WEBSITE_NAME}/main.php';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['user_footer_link'\]\s+=.*)#//!\1\n\\\$CONF['user_footer_link'] = 'https://${WEBSITE_NAME}/main.php';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['footer_text'\]\s+=.*)#//!\1\n\\\$CONF['footer_text'] = 'Main Menu';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['footer_text'\]\s+=.*)#//!\1\n\\\$CONF['footer_text'] = 'Main Menu';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['footer_link'\]\s+=.*)#//!\1\n\\\$CONF['footer_link'] = 'http://${WEBSITE_NAME}/main.php';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['footer_link'\]\s+=.*)#//!\1\n\\\$CONF['footer_link'] = 'http://${WEBSITE_NAME}/main.php';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['emailcheck_resolve_domain'\]\s*=.*)#//!\1\n\\\$CONF['emailcheck_resolve_domain'] = 'NO';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['emailcheck_resolve_domain'\]\s*=.*)#//!\1\n\\\$CONF['emailcheck_resolve_domain'] = 'NO';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['show_status'\]\s*=.*)#//!\1\n\\\$CONF['show_status'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['show_status'\]\s*=.*)#//!\1\n\\\$CONF['show_status'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['show_status_key'\]\s*=.*)#//!\1\n\\\$CONF['show_status_key'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['show_status_key'\]\s*=.*)#//!\1\n\\\$CONF['show_status_key'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['show_undeliverable'\]\s*=.*)#//!\1\n\\\$CONF['show_undeliverable'] = 'NO';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['show_undeliverable'\]\s*=.*)#//!\1\n\\\$CONF['show_undeliverable'] = 'NO';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['show_popimap'\]\s*=.*)#//!\1\n\\\$CONF['show_popimap'] = 'NO';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['show_popimap'\]\s*=.*)#//!\1\n\\\$CONF['show_popimap'] = 'NO';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['used_quotas'\]\s*=.*)#//!\1\n\\\$CONF['used_quotas'] = 'NO';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['used_quotas'\]\s*=.*)#//!\1\n\\\$CONF['used_quotas'] = 'NO';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
perl -i -n -p -e "s#^(\s*\\\$CONF\['new_quota_table'\]\s*=.*)#//!\1\n\\\$CONF['new_quota_table'] = 'YES';#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['new_quota_table'\]\s*=.*)#//!\1\n\\\$CONF['new_quota_table'] = 'YES';#" \
$pfa_conf_file >> $log_file 2>&1 || _failed=true $pfa_conf_file >> $log_file 2>&1 || _failed=true
if $_failed ; then if $_failed ; then
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
@@ -2675,7 +2678,7 @@ fi
# - $CONF['configured'] = true; # - $CONF['configured'] = true;
echononl "\tSet '\$CONF['configured'] = true'" echononl "\tSet '\$CONF['configured'] = true'"
perl -i -n -p -e "s#^(\s*\\\$CONF\['configured'\]\s*=.*)#//!\1\n\\\$CONF['configured'] = true;#" \ perl -i -n -p -e "s#^(\s*\\\$CONF\['configured'\]\s*=.*)#//!\1\n\\\$CONF['configured'] = true;#" \
$pfa_conf_file > $log_file 2>&1 $pfa_conf_file > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@@ -2736,7 +2739,7 @@ echo ""
# - AFTER DELETION MAILBOX # - AFTER DELETION MAILBOX
# - # -
# - activate script for moving a mailbox from the mailboxdirectory # - activate script for moving a mailbox from the mailboxdirectory
# - and save it to the backupb directory /var/deleted-maildirs # - and save it to the backupb directory /var/deleted-maildirs
# - # -
@@ -2745,7 +2748,7 @@ echononl "\tCreate folder '${DELETED_MAILBOX_DIR}"
if [[ ! -d "${DELETED_MAILBOX_DIR}" ]] ; then if [[ ! -d "${DELETED_MAILBOX_DIR}" ]] ; then
mkdir $DELETED_MAILBOX_DIR > $log_file 2>&1 mkdir $DELETED_MAILBOX_DIR > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
@@ -2799,11 +2802,11 @@ else
fi fi
# - Change the posdeletion scripts to your needs: # - Change the posdeletion scripts to your needs:
# - # -
# - set: # - set:
# - basedir=/var/vmail # - basedir=/var/vmail
# - trashbase=$DELETED_MAILBOX_DIR # - trashbase=$DELETED_MAILBOX_DIR
# - # -
# - trashdir="${trashbase}/$2/`date +%F_$H-%M`_${subdir}" # - trashdir="${trashbase}/$2/`date +%F_$H-%M`_${subdir}"
# - # -
echononl "\tAdjust 'postfixadmin-mailbox-postdeletion.sh'" echononl "\tAdjust 'postfixadmin-mailbox-postdeletion.sh'"
@@ -2825,9 +2828,9 @@ fi
# - Edit ${WEBSITE_BASEDIR}/htdocs/config.inc.php # - Edit ${WEBSITE_BASEDIR}/htdocs/config.inc.php
# - # -
# - in section add line # - in section add line
# - $CONF['mailbox_postdeletion_script']='sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postdeletion.sh'; # - $CONF['mailbox_postdeletion_script']='sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
# - # -
echononl "\tAdjust 'config.inc.php' to make script available" echononl "\tAdjust 'config.inc.php' to make script available"
perl -i -n -p -e "s#^(\s*[/*]?\s*\\\$CONF\['mailbox_postdeletion_script'\]\s*=.*)#//!\1\n\\\$CONF['mailbox_postdeletion_script'] = 'sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';#" \ perl -i -n -p -e "s#^(\s*[/*]?\s*\\\$CONF\['mailbox_postdeletion_script'\]\s*=.*)#//!\1\n\\\$CONF['mailbox_postdeletion_script'] = 'sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';#" \
$pfa_conf_file > $log_file 2>&1 $pfa_conf_file > $log_file 2>&1
@@ -2890,7 +2893,7 @@ fi
# - AFTER DELETION MAILDOMIAN # - AFTER DELETION MAILDOMIAN
# - # -
# - activate script for moving a mailbox from the mailboxdirectory # - activate script for moving a mailbox from the mailboxdirectory
# - and save it to the backupb directory $DELETED_DOMAINS_DIR # - and save it to the backupb directory $DELETED_DOMAINS_DIR
# - # -
@@ -2899,7 +2902,7 @@ echononl "\tCreate folder '${DELETED_DOMAINS_DIR}"
if [[ ! -d "${DELETED_DOMAINS_DIR}" ]] ; then if [[ ! -d "${DELETED_DOMAINS_DIR}" ]] ; then
mkdir $DELETED_DOMAINS_DIR > $log_file 2>&1 mkdir $DELETED_DOMAINS_DIR > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
@@ -2956,11 +2959,11 @@ fi
# - Change the posdeletion scripts to your needs: # - Change the posdeletion scripts to your needs:
# - # -
# - set: # - set:
# - basedir=/var/vmail # - basedir=/var/vmail
# - trashbase=$DELETED_DOMAINS_DIR # - trashbase=$DELETED_DOMAINS_DIR
# - # -
# - trashdir="${trashbase}/`date +%F_%H-%M`_$1" # - trashdir="${trashbase}/`date +%F_%H-%M`_$1"
# - # -
echononl "\tAdjust 'postfixadmin-domain-postdeletion.sh'" echononl "\tAdjust 'postfixadmin-domain-postdeletion.sh'"
@@ -2981,9 +2984,9 @@ fi
# - edit ${WEBSITE_BASEDIR}/htdocs/config.inc.php # - edit ${WEBSITE_BASEDIR}/htdocs/config.inc.php
# - # -
# - in section add line # - in section add line
# - $CONF['domain_postdeletion_script']='sudo -u vmail /usr/local/bin/postfixadmin-domain-postdeletion.sh'; # - $CONF['domain_postdeletion_script']='sudo -u vmail /usr/local/bin/postfixadmin-domain-postdeletion.sh';
# - # -
echononl "\tAdjust 'config.inc.php' to make script available" echononl "\tAdjust 'config.inc.php' to make script available"
perl -i -n -p -e "s#^(\s*[/*]?\s*\\\$CONF\['domain_postdeletion_script'\]\s*=.*)#//!\1\n\\\$CONF['domain_postdeletion_script'] = 'sudo -u vmail /usr/local/bin/postfixadmin-domain-postdeletion.sh';#" \ perl -i -n -p -e "s#^(\s*[/*]?\s*\\\$CONF\['domain_postdeletion_script'\]\s*=.*)#//!\1\n\\\$CONF['domain_postdeletion_script'] = 'sudo -u vmail /usr/local/bin/postfixadmin-domain-postdeletion.sh';#" \
$pfa_conf_file >> $log_file 2>&1 $pfa_conf_file >> $log_file 2>&1
@@ -3050,9 +3053,9 @@ fi
## - specified database. ## - specified database.
## - ## -
## - Now you have to setup Postfix to recognize all these entries. To do so, ## - Now you have to setup Postfix to recognize all these entries. To do so,
## - you must specify database requests (in different files) and load them ## - you must specify database requests (in different files) and load them
## - into Postfix configuration. In particular that are the following files: ## - into Postfix configuration. In particular that are the following files:
## - ## -
## - pgsql_relay-domain-maps.cf ## - pgsql_relay-domain-maps.cf
## - pgsql_sender_login_maps.cf ## - pgsql_sender_login_maps.cf
## - pgsql_transport_maps.cf ## - pgsql_transport_maps.cf
@@ -3494,7 +3497,7 @@ echononl "\tCreate file '/etc/postfix/${POSTFIX_DB_TYPE}_virtual_alias_address_r
if [ "$POSTFIX_DB_TYPE" = "pgsql" ]; then if [ "$POSTFIX_DB_TYPE" = "pgsql" ]; then
cat <<EOF > /etc/postfix/${POSTFIX_DB_TYPE}_virtual_alias_address_rewriting.cf cat <<EOF > /etc/postfix/${POSTFIX_DB_TYPE}_virtual_alias_address_rewriting.cf
## - this address rewriting acts as address extension ## - this address rewriting acts as address extension
## - with delimeter "-" ## - with delimeter "-"
## - ## -
hosts = $POSTFIX_DB_HOST_PGSQL hosts = $POSTFIX_DB_HOST_PGSQL
@@ -3686,14 +3689,14 @@ info "Browse to \033[1mhttps://${WEBSITE_NAME}/setup.php\033[m to create a 'setu
\t Instructions on how to do this are pointed out at the setup site, maybe like this: \t Instructions on how to do this are pointed out at the setup site, maybe like this:
\t - Generate setup_password hash and set \033[1m$CONF['setup_password']\033[m \t - Generate setup_password hash and set \033[1m$CONF['setup_password']\033[m
\t in file \033[1mconfig.local.php\033[m as printed out. \t in file \033[1mconfig.local.php\033[m as printed out.
\t - Browse to \033[1mhttp://${WEBSITE_NAME}/setup.php\033[m once again to update \t - Browse to \033[1mhttp://${WEBSITE_NAME}/setup.php\033[m once again to update
\t the database \t the database
\t Browse to \033[1mhttp://${WEBSITE_NAME}\033[m and login using an existent admin account \t Browse to \033[1mhttp://${WEBSITE_NAME}\033[m and login using an existent admin account
\t[ \033[33m\033[1mNotice\033[m ]: \033[1mScroll back to see if all seems to be fine!\033[m \t[ \033[33m\033[1mNotice\033[m ]: \033[1mScroll back to see if all seems to be fine!\033[m
@@ -3747,7 +3750,7 @@ dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' AND active = true query = SELECT quota FROM mailbox WHERE username='%s' AND active = true
EOF EOF
## - add configuration parameter virtual_mailbox_limit_maps ## - add configuration parameter virtual_mailbox_limit_maps
## - in Postfix /etc/postfix/main.cf ## - in Postfix /etc/postfix/main.cf
## - ## -
## - add: ## - add:

40
set-policyd-spf-config-for-listserver.sh Executable file
View File

@@ -0,0 +1,40 @@
#!/usr/bin/env bash
set -euo pipefail
CONF="/etc/postfix-policyd-spf-python/policyd-spf.conf"
BACKUP="${CONF}.$(date +%Y%m%d-%H%M%S).bak"
if [[ ! -f "$CONF" ]]; then
echo "ERROR: Config not found: $CONF" >&2
exit 1
fi
cp -a -- "$CONF" "$BACKUP"
ensure_kv() {
local key="$1"
local value="$2"
# Prüfen ob es eine AKTIVE (nicht auskommentierte) Zeile gibt
if grep -Eq "^[[:space:]]*${key}[[:space:]]*=" "$CONF"; then
# Nur erste aktive Zeile ersetzen
sed -ri "0,/^[[:space:]]*${key}[[:space:]]*=.*/s//${key} = ${value}/" "$CONF"
else
# Anfügen mit Leerzeile + Kommentar
cat >>"$CONF" <<EOF
# --- Mailinglist-friendly SPF policy (added by script) ---
${key} = ${value}
EOF
fi
}
ensure_kv "HELO_reject" "False"
ensure_kv "Mail_From_reject" "False"
ensure_kv "PermError_reject" "False"
ensure_kv "TempError_Defer" "True"
echo "Updated: $CONF"
echo "Backup : $BACKUP"
exit