Configs near finish

This commit is contained in:
Michel Roux 2016-08-15 15:38:21 +02:00
parent c5a2295ccd
commit 9701eb229a
4 changed files with 101 additions and 37 deletions

View File

@ -10,29 +10,33 @@ LOCAL_DELIVERY = mail_spool
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%%!/|`#&?] CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%%!/|`#&?]
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%%!`#&?] : ^.*/\\.\\./ CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%%!`#&?] : ^.*/\\.\\./
%(dkim_enable)s DKIM_ENABLE = 1
DKIM_SELECTOR = %(dkim_selector)s DKIM_SELECTOR = x
DKIM_PRIVATE_KEY = %(dkim_private_key)s DKIM_PRIVATE_KEY = /etc/exim4/dkim/private.key
DKIM_CANON = relaxed DKIM_CANON = relaxed
DKIM_STRICT = 1 DKIM_STRICT = 1
%(tls_enable)s TLS_ENABLE = 1
TLS_ADVERTISE_HOSTS = * TLS_ADVERTISE_HOSTS = *
TLS_CERTIFICATE = %(tls_certificate)s TLS_CERTIFICATE = /etc/exim4/tls/mail.crt
TLS_PRIVATEKEY = %(tls_privatekey)s TLS_PRIVATEKEY = /etc/exim4/tls/mail.key
TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt} {/etc/ssl/certs/ca-certificates.crt} {/dev/null}} TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt} {/etc/ssl/certs/ca-certificates.crt} {/dev/null}}
COURIERSOCKET = %(courier_authsocket)s COURIERSOCKET = /var/run/courier/authdaemon/socket
ACL_SMTP_MAIL = acl_check_mail ACL_SMTP_MAIL = acl_check_mail
ACL_SMTP_RCPT = acl_check_rcpt ACL_SMTP_RCPT = acl_check_rcpt
ACL_SMTP_DATA = acl_check_data ACL_SMTP_DATA = acl_check_data
# SPAMD_ENABLE = 1
# CLAMAV_ENABLE = 1
#--CONFIGURATION #--CONFIGURATION
hostlist relay_from_hosts = 127.0.0.1 hostlist relay_from_hosts = 127.0.0.1
%(custom_mta_config)s CHECK_RCPT_VERIFY_SENDER = 1
keep_environment =
daemon_smtp_ports = SMTP_PORT daemon_smtp_ports = SMTP_PORT
local_interfaces = LOCAL_INTERFACES local_interfaces = LOCAL_INTERFACES
@ -46,7 +50,13 @@ acl_smtp_mail = ACL_SMTP_MAIL
acl_smtp_rcpt = ACL_SMTP_RCPT acl_smtp_rcpt = ACL_SMTP_RCPT
acl_smtp_data = ACL_SMTP_DATA acl_smtp_data = ACL_SMTP_DATA
# spamd_address = 127.0.0.1 783 .ifdef SPAMD_ENABLE
spamd_address = 127.0.0.1 783
.endif
.ifdef CLAMAV_ENABLE
av_scanner = clamd:/var/run/clamav/clamd.ctl
.endif
local_from_check = false local_from_check = false
local_sender_retain = true local_sender_retain = true
@ -70,8 +80,6 @@ tls_verify_certificates = TLS_VERIFY_CERTIFICATES
begin acl begin acl
%(custom_mta_acl)s
acl_check_mail: acl_check_mail:
.ifdef CHECK_MAIL_HELO_ISSUED .ifdef CHECK_MAIL_HELO_ISSUED
deny deny
@ -186,15 +194,34 @@ acl_check_rcpt:
acl_check_data: acl_check_data:
deny accept authenticated = *
message = Message headers fail syntax check
.ifdef SPAMD_ENABLE
warn spam = debian-spamd
add_header = X-Spam-Score: $spam_score ($spam_bar)
add_header = X-Spam-Report: $spam_report
add_header = Subject: ***SPAM (score:$spam_score)*** $h_Subject:
control = fakereject
.endif
.ifdef CLAMAV_ENABLE
deny malware = *
message = This message was detected as possible malware ($malware_name).
.endif
deny message = Message headers fail syntax check
!verify = header_syntax !verify = header_syntax
accept accept
begin routers begin routers
%(custom_mta_routers)s maildir_spam:
driver = accept
transport = maildir_spam_delivery
condition = ${if def:h_X-Spam-Score: {true}}
condition = ${if >{$spam_score_int}{1}}
condition = ${if match {$h_Subject:}{SPAM}}
vforward: vforward:
debug_print = "R: vforward for $local_part@$domain" debug_print = "R: vforward for $local_part@$domain"
@ -202,18 +229,16 @@ vforward:
allow_defer allow_defer
allow_fail allow_fail
domains = +local_domains domains = +local_domains
file = %(mailforward)s/$local_part@$domain file = /etc/exim.forward/$local_part@$domain
file_transport = address_file file_transport = address_file
pipe_transport = address_pipe pipe_transport = address_pipe
%(custom_mta_local_router)s
vdomain: vdomain:
debug_print = "R: vdomain for $local_part@$domain" debug_print = "R: vdomain for $local_part@$domain"
driver = accept driver = accept
domains = dsearch;%(maildomains)s domains = dsearch;/etc/exim.domains
local_parts = lsearch;%(maildomains)s/$domain local_parts = lsearch;/etc/exim.domains/$domain
transport = vmail transport = vmail
%(custom_mta_local_router)s
dnslookup: dnslookup:
debug_print = "R: dnslookup for $local_part@$domain" debug_print = "R: dnslookup for $local_part@$domain"
@ -248,7 +273,6 @@ real_local:
local_part_prefix = real- local_part_prefix = real-
check_local_user check_local_user
transport = LOCAL_DELIVERY transport = LOCAL_DELIVERY
%(custom_mta_local_router)s
procmail: procmail:
debug_print = "R: procmail for $local_part@$domain" debug_print = "R: procmail for $local_part@$domain"
@ -283,7 +307,6 @@ local_user:
local_parts = ! root local_parts = ! root
transport = LOCAL_DELIVERY transport = LOCAL_DELIVERY
cannot_route_message = Unknown user cannot_route_message = Unknown user
%(custom_mta_local_router)s
mail4root: mail4root:
debug_print = "R: mail4root for $local_part@$domain" debug_print = "R: mail4root for $local_part@$domain"
@ -294,20 +317,28 @@ mail4root:
local_parts = root local_parts = root
user = mail user = mail
group = mail group = mail
%(custom_mta_local_router)s
begin transports begin transports
%(custom_mta_transports)s maildir_spam_delivery:
driver = appendfile
maildir_format = true
directory = /var/vmail/$domain/spam
user = mail
create_directory
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0600
vmail: vmail:
debug_print = "T: vmail for $local_part@$domain" debug_print = "T: vmail for $local_part@$domain"
driver = appendfile driver = appendfile
user = mail user = mail
maildir_format = true maildir_format = true
directory = %(mailroot)s/$domain/$local_part directory = /var/vmail/$domain/$local_part
create_directory create_directory
delivery_date_add delivery_date_add
envelope_to_add envelope_to_add

View File

@ -15,29 +15,52 @@ STD="\e[0m"
[[ $1 == "help" ]] && usage [[ $1 == "help" ]] && usage
[[ $EUID -ne 0 ]] && echo -e "${RED}This script must be run as root.${STD}" && exit 1 [[ $EUID -ne 0 ]] && echo -e "${RED}This script must be run as root.${STD}" && exit 1
install_exim_ask_domain() { install_ask_domain() {
echo -e "${GRE}Please enter the mail server's main domain${STD}" echo -e "${GRE}Please enter the mail server's main domain${STD}"
read choice read choice
[[ -n $choice ]] && echo $choice > /etc/mailname [[ -n $choice ]] && echo $choice > /etc/mailname
[[ -z $choice ]] && install_exim_ask_domain [[ -z $choice ]] && install_ask_domain
}
install_tls_dkim() {
mkdir -pv /etc/exim4/tls
openssl req -x509 -newkey rsa -keyout /etc/exim4/tls/mail.key -out /etc/exim4/tls/mail.crt -days 4096 -nodes
mkdir -pv /etc/exim4/dkim
openssl genrsa -out /etc/exim4/dkim/private.key 2048
} }
install_exim() { install_exim() {
install_exim_ask_domain install_ask_domain
echo -e "${YEL}Two boxes will appear. Hit [Enter] each time to continue.${STD}" echo -e "${YEL}Two boxes will appear. Hit [Enter] each time to continue.${STD}"
echo "Press [Enter] key to continue..." echo "Press [Enter] key to continue..."
aptitude -y install exim4 courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-authlib-userdb aptitude -y install exim4 courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-authlib-userdb ssl-cert
chown -vR daemon: courier/* chown -fvR daemon: courier/*
cp -v courier/* /etc/courier cp -fv courier/* /etc/courier/
chown -vR $USER: courier/* chown -vR $USER: courier/*
mkdir -pv /etc/exim.domains
mkdir -pv /etc/exim.forward
cp -fv exim4/* /etc/exim4/
chmod -fv 777 /var/run/courier/authdaemon/socket
install_tls_dkim
} }
install_spamassassin() { install_spamassassin() {
echo "lol" aptitude -y install exim4-daemon-heavy sa-exim spamassassin
cp -fv spamd/sa-learn /etc/cron.daily/sa-learn
cp -fv spamd/spamassassin /etc/default/spamassassin
} }
install_clamav() { install_clamav() {
echo "lol" aptitude -y install exim4-daemon-heavy clamav clamav-daemon
}
install_restart() {
service courier-authdeamon restart
service courier-imap restart
service courier-pop restart
service courier-imap-ssl restart
service courier-pop-ssl restart
service exim4 restart
} }
install_mailserver() { install_mailserver() {
@ -49,10 +72,10 @@ install_mailserver() {
echo "5. Exit" echo "5. Exit"
read -p "Enter choice [1 - 4] " choice read -p "Enter choice [1 - 4] " choice
case $choice in case $choice in
1) clear && install_exim ;; 1) clear && install_exim && install_restart ;;
2) clear && install_exim && install_spamassassin ;; 2) clear && install_exim && install_spamassassin && install_restart ;;
3) clear && install_exim && install_clamav ;; 3) clear && install_exim && install_clamav && install_restart ;;
4) clear && install_exim && install_spamassassin && install_clamav ;; 4) clear && install_exim && install_spamassassin && install_clamav && install_restart ;;
5) exit ;; 5) exit ;;
*) clear && echo -e "${RED}Please enter a valid input${STD}" && install_mailserver ;; *) clear && echo -e "${RED}Please enter a valid input${STD}" && install_mailserver ;;
esac esac

5
spamd/sa-learn Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
date >> /var/log/exim4/sa-learn
find /var/vmail -type d -name '.Junk' | xargs -I junk sa-learn --spam junk/{cur,new} >> /var/log/exim4/sa-learn
find /var/vmail -type d -name '.Junk' | xargs -I junk find junk/{cur,new} -type f -delete >> /var/log/exim4/sa-learn

5
spamd/spamassassin Normal file
View File

@ -0,0 +1,5 @@
ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
PIDFILE="/var/run/spamd.pid"
#NICE="--nicelevel 15"
CRON=1