diff --git a/exim4/exim4.conf b/exim4/exim4.conf index 6345677..119c846 100644 --- a/exim4/exim4.conf +++ b/exim4/exim4.conf @@ -10,29 +10,33 @@ LOCAL_DELIVERY = mail_spool CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%%!/|`#&?] CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%%!`#&?] : ^.*/\\.\\./ -%(dkim_enable)s -DKIM_SELECTOR = %(dkim_selector)s -DKIM_PRIVATE_KEY = %(dkim_private_key)s +DKIM_ENABLE = 1 +DKIM_SELECTOR = x +DKIM_PRIVATE_KEY = /etc/exim4/dkim/private.key DKIM_CANON = relaxed DKIM_STRICT = 1 -%(tls_enable)s +TLS_ENABLE = 1 TLS_ADVERTISE_HOSTS = * -TLS_CERTIFICATE = %(tls_certificate)s -TLS_PRIVATEKEY = %(tls_privatekey)s +TLS_CERTIFICATE = /etc/exim4/tls/mail.crt +TLS_PRIVATEKEY = /etc/exim4/tls/mail.key TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt} {/etc/ssl/certs/ca-certificates.crt} {/dev/null}} -COURIERSOCKET = %(courier_authsocket)s +COURIERSOCKET = /var/run/courier/authdaemon/socket ACL_SMTP_MAIL = acl_check_mail ACL_SMTP_RCPT = acl_check_rcpt ACL_SMTP_DATA = acl_check_data +# SPAMD_ENABLE = 1 +# CLAMAV_ENABLE = 1 + #--CONFIGURATION hostlist relay_from_hosts = 127.0.0.1 -%(custom_mta_config)s +CHECK_RCPT_VERIFY_SENDER = 1 +keep_environment = daemon_smtp_ports = SMTP_PORT local_interfaces = LOCAL_INTERFACES @@ -46,7 +50,13 @@ acl_smtp_mail = ACL_SMTP_MAIL acl_smtp_rcpt = ACL_SMTP_RCPT acl_smtp_data = ACL_SMTP_DATA -# spamd_address = 127.0.0.1 783 +.ifdef SPAMD_ENABLE +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMAV_ENABLE +av_scanner = clamd:/var/run/clamav/clamd.ctl +.endif local_from_check = false local_sender_retain = true @@ -70,8 +80,6 @@ tls_verify_certificates = TLS_VERIFY_CERTIFICATES begin acl -%(custom_mta_acl)s - acl_check_mail: .ifdef CHECK_MAIL_HELO_ISSUED deny @@ -186,15 +194,34 @@ acl_check_rcpt: acl_check_data: - deny - message = Message headers fail syntax check + accept authenticated = * + + .ifdef SPAMD_ENABLE + warn spam = debian-spamd + add_header = X-Spam-Score: $spam_score ($spam_bar) + add_header = X-Spam-Report: $spam_report + add_header = Subject: ***SPAM (score:$spam_score)*** $h_Subject: + control = fakereject + .endif + + .ifdef CLAMAV_ENABLE + deny malware = * + message = This message was detected as possible malware ($malware_name). + .endif + + deny message = Message headers fail syntax check !verify = header_syntax accept begin routers -%(custom_mta_routers)s +maildir_spam: + driver = accept + transport = maildir_spam_delivery + condition = ${if def:h_X-Spam-Score: {true}} + condition = ${if >{$spam_score_int}{1}} + condition = ${if match {$h_Subject:}{SPAM}} vforward: debug_print = "R: vforward for $local_part@$domain" @@ -202,18 +229,16 @@ vforward: allow_defer allow_fail domains = +local_domains - file = %(mailforward)s/$local_part@$domain + file = /etc/exim.forward/$local_part@$domain file_transport = address_file pipe_transport = address_pipe - %(custom_mta_local_router)s vdomain: debug_print = "R: vdomain for $local_part@$domain" driver = accept - domains = dsearch;%(maildomains)s - local_parts = lsearch;%(maildomains)s/$domain + domains = dsearch;/etc/exim.domains + local_parts = lsearch;/etc/exim.domains/$domain transport = vmail - %(custom_mta_local_router)s dnslookup: debug_print = "R: dnslookup for $local_part@$domain" @@ -248,7 +273,6 @@ real_local: local_part_prefix = real- check_local_user transport = LOCAL_DELIVERY - %(custom_mta_local_router)s procmail: debug_print = "R: procmail for $local_part@$domain" @@ -283,7 +307,6 @@ local_user: local_parts = ! root transport = LOCAL_DELIVERY cannot_route_message = Unknown user - %(custom_mta_local_router)s mail4root: debug_print = "R: mail4root for $local_part@$domain" @@ -294,20 +317,28 @@ mail4root: local_parts = root user = mail group = mail - %(custom_mta_local_router)s begin transports -%(custom_mta_transports)s - +maildir_spam_delivery: + driver = appendfile + maildir_format = true + directory = /var/vmail/$domain/spam + user = mail + create_directory + delivery_date_add + envelope_to_add + return_path_add + group = mail + mode = 0600 vmail: debug_print = "T: vmail for $local_part@$domain" driver = appendfile user = mail maildir_format = true - directory = %(mailroot)s/$domain/$local_part + directory = /var/vmail/$domain/$local_part create_directory delivery_date_add envelope_to_add diff --git a/mailserver.sh b/mailserver.sh index 6b1da94..440f764 100755 --- a/mailserver.sh +++ b/mailserver.sh @@ -15,29 +15,52 @@ STD="\e[0m" [[ $1 == "help" ]] && usage [[ $EUID -ne 0 ]] && echo -e "${RED}This script must be run as root.${STD}" && exit 1 -install_exim_ask_domain() { +install_ask_domain() { echo -e "${GRE}Please enter the mail server's main domain${STD}" read choice [[ -n $choice ]] && echo $choice > /etc/mailname - [[ -z $choice ]] && install_exim_ask_domain + [[ -z $choice ]] && install_ask_domain +} + +install_tls_dkim() { + mkdir -pv /etc/exim4/tls + openssl req -x509 -newkey rsa -keyout /etc/exim4/tls/mail.key -out /etc/exim4/tls/mail.crt -days 4096 -nodes + mkdir -pv /etc/exim4/dkim + openssl genrsa -out /etc/exim4/dkim/private.key 2048 } install_exim() { - install_exim_ask_domain + install_ask_domain echo -e "${YEL}Two boxes will appear. Hit [Enter] each time to continue.${STD}" echo "Press [Enter] key to continue..." - aptitude -y install exim4 courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-authlib-userdb - chown -vR daemon: courier/* - cp -v courier/* /etc/courier + aptitude -y install exim4 courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-authlib-userdb ssl-cert + chown -fvR daemon: courier/* + cp -fv courier/* /etc/courier/ chown -vR $USER: courier/* + mkdir -pv /etc/exim.domains + mkdir -pv /etc/exim.forward + cp -fv exim4/* /etc/exim4/ + chmod -fv 777 /var/run/courier/authdaemon/socket + install_tls_dkim } install_spamassassin() { - echo "lol" + aptitude -y install exim4-daemon-heavy sa-exim spamassassin + cp -fv spamd/sa-learn /etc/cron.daily/sa-learn + cp -fv spamd/spamassassin /etc/default/spamassassin } install_clamav() { - echo "lol" + aptitude -y install exim4-daemon-heavy clamav clamav-daemon +} + +install_restart() { + service courier-authdeamon restart + service courier-imap restart + service courier-pop restart + service courier-imap-ssl restart + service courier-pop-ssl restart + service exim4 restart } install_mailserver() { @@ -49,10 +72,10 @@ install_mailserver() { echo "5. Exit" read -p "Enter choice [1 - 4] " choice case $choice in - 1) clear && install_exim ;; - 2) clear && install_exim && install_spamassassin ;; - 3) clear && install_exim && install_clamav ;; - 4) clear && install_exim && install_spamassassin && install_clamav ;; + 1) clear && install_exim && install_restart ;; + 2) clear && install_exim && install_spamassassin && install_restart ;; + 3) clear && install_exim && install_clamav && install_restart ;; + 4) clear && install_exim && install_spamassassin && install_clamav && install_restart ;; 5) exit ;; *) clear && echo -e "${RED}Please enter a valid input${STD}" && install_mailserver ;; esac diff --git a/spamd/sa-learn b/spamd/sa-learn new file mode 100644 index 0000000..aafb89b --- /dev/null +++ b/spamd/sa-learn @@ -0,0 +1,5 @@ +#!/bin/bash + +date >> /var/log/exim4/sa-learn +find /var/vmail -type d -name '.Junk' | xargs -I junk sa-learn --spam junk/{cur,new} >> /var/log/exim4/sa-learn +find /var/vmail -type d -name '.Junk' | xargs -I junk find junk/{cur,new} -type f -delete >> /var/log/exim4/sa-learn diff --git a/spamd/spamassassin b/spamd/spamassassin new file mode 100644 index 0000000..85384cf --- /dev/null +++ b/spamd/spamassassin @@ -0,0 +1,5 @@ +ENABLED=1 +OPTIONS="--create-prefs --max-children 5 --helper-home-dir" +PIDFILE="/var/run/spamd.pid" +#NICE="--nicelevel 15" +CRON=1