msb/vmail-stack
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Debian 12 bookworm compat

Browse Source
This commit is contained in:
Matthew Saunders Brown 2024-06-14 14:36:22 -07:00
parent 66ffd65399
commit e4e5c41bbc
4 changed files with 1320 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
etc/exim4/autowhitelist.filter
View File

@ -3,17 +3,17 @@
if error_message then finish endif if error_message then finish endif
# check for and delete type = MANUAL. don't need to insert anything??? # check for and delete type = MANUAL. don't need to insert anything???
if "${lookup mysql{SELECT COUNT(*) FROM vm_greylisting WHERE sender = \"$local_part@$domain\" AND recipient = '$sender_address' AND type = 'MANUAL'}}" is 0 then if "${lookup mysql{SELECT COUNT(*) FROM vm_greylisting WHERE sender = \"${quote_mysql:$local_part}@${quote_mysql:$domain}\" AND recipient = '${quote_mysql:$sender_address}' AND type = 'MANUAL'}}" is 0 then
if "${lookup mysql{INSERT INTO vm_greylisting SET sender = \"$local_part@$domain\", recipient = '$sender_address', create_time = NOW()}}" is not 0 then if "${lookup mysql{INSERT INTO vm_greylisting SET sender = \"${quote_mysql:$local_part}@${quote_mysql:$domain}\", recipient = '${quote_mysql:$sender_address}', create_time = NOW()}}" is not 0 then
if "${lookup mysql{DELETE FROM vm_greylisting WHERE sender = \"$local_part@$domain\" AND recipient = '$sender_address' AND type = 'AUTO'}}" is not 0 then if "${lookup mysql{DELETE FROM vm_greylisting WHERE sender = \"${quote_mysql:$local_part}@${quote_mysql:$domain}\" AND recipient = '${quote_mysql:$sender_address}' AND type = 'AUTO'}}" is not 0 then
# done updated greylisting # done updated greylisting
endif endif
endif endif
endif endif
if "${lookup mysql{SELECT COUNT(*) FROM sa_userpref WHERE username = '$sender_address' AND preference = 'whitelist_from' AND value = \"$local_part@$domain\"}}" is 0 then if "${lookup mysql{SELECT COUNT(*) FROM sa_userpref WHERE username = '${quote_mysql:$sender_address}' AND preference = 'whitelist_from' AND value = \"${quote_mysql:$local_part}@${quote_mysql:$domain}\"}}" is 0 then
if "${lookup mysql{INSERT INTO sa_userpref SET username = '$sender_address', preference = 'whitelist_from', value = \"$local_part@$domain\"}}" is not 0 then if "${lookup mysql{INSERT INTO sa_userpref SET username = '${quote_mysql:$sender_address}', preference = 'whitelist_from', value = \"${quote_mysql:$local_part}@${quote_mysql:$domain}\"}}" is not 0 then
if "${lookup mysql{DELETE FROM sa_userpref WHERE username = '$sender_address' AND preference != 'whitelist_from' AND value = \"$local_part@$domain\"}}" is not 0 then if "${lookup mysql{DELETE FROM sa_userpref WHERE username = '${quote_mysql:$sender_address}' AND preference != 'whitelist_from' AND value = \"${quote_mysql:$local_part}@${quote_mysql:$domain}\"}}" is not 0 then
# done updated sa_userpref # done updated sa_userpref
endif endif
endif endif

1203
etc/exim4/exim4-bookworm.conf Normal file
View File

File diff suppressed because it is too large Load Diff

116
etc/exim4/exim4.conf → etc/exim4/exim4-jammy.conf
View File

@ -72,7 +72,7 @@ log_selector = +all
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists: # are all colon-separated lists:
domainlist local_domains = ${lookup mysql{SELECT domain FROM vm_domains WHERE domain='$domain' AND status = '1'}} domainlist local_domains = ${lookup mysql{SELECT domain FROM vm_domains WHERE domain='${quote_mysql:$domain}' AND status = '1'}}
domainlist relay_to_domains = /etc/exim4/relay_domains domainlist relay_to_domains = /etc/exim4/relay_domains
hostlist relay_from_hosts = 127.0.0.1 hostlist relay_from_hosts = 127.0.0.1
hostlist skip_greylisting_hosts = /etc/exim4/skip_greylisting_hosts hostlist skip_greylisting_hosts = /etc/exim4/skip_greylisting_hosts
@ -275,7 +275,7 @@ greylist_acl:
condition = ${lookup mysql{GREYLIST_OK_BOUNCE}} condition = ${lookup mysql{GREYLIST_OK_BOUNCE}}
deny deny
add_header = X-DNS-Greylist: mail from $sender_address to $local_part@$domain accepted by greylisting add_header = :at_start_rfc:X-DNS-Greylist: mail from $sender_address to $local_part@$domain accepted by greylisting
condition = ${lookup mysql{GREYLIST_RESENDERS_UPDATE}} condition = ${lookup mysql{GREYLIST_RESENDERS_UPDATE}}
# This access control list is used at the start of an incoming # This access control list is used at the start of an incoming
@ -323,27 +323,27 @@ acl_check_dkim:
accept accept
dkim_status = fail dkim_status = fail
logwrite = DKIM test failed: $dkim_verify_reason logwrite = DKIM test failed: $dkim_verify_reason
add_header = X-DKIM-Status: fail: $dkim_verify_reason add_header = :at_start_rfc:X-DKIM-Status: fail: $dkim_verify_reason
set acl_m_junk = yes set acl_m_junk = yes
# DKIM invalid # DKIM invalid
accept accept
dkim_status = invalid dkim_status = invalid
logwrite = DKIM test invalid: $dkim_verify_reason logwrite = DKIM test invalid: $dkim_verify_reason
add_header = X-DKIM-Status: invalid: $dkim_verify_reason add_header = :at_start_rfc:X-DKIM-Status: invalid: $dkim_verify_reason
set acl_m_junk = yes set acl_m_junk = yes
# DKIM none # DKIM none
accept accept
dkim_status = none dkim_status = none
logwrite = DKIM test none logwrite = DKIM test none
add_header = X-DKIM-Status: none add_header = :at_start_rfc:X-DKIM-Status: none
# DKIM pass # DKIM pass
accept accept
dkim_status = pass dkim_status = pass
logwrite = DKIM test passed logwrite = DKIM test passed
add_header = X-DKIM-Status: passed: (address=$sender_address domain=$dkim_cur_signer), signature is good. add_header = :at_start_rfc:X-DKIM-Status: passed: (address=$sender_address domain=$dkim_cur_signer), signature is good.
# Accept the message. # Accept the message.
accept accept
@ -524,7 +524,7 @@ acl_rcpt_to:
accept accept
condition = WHITELISTED condition = WHITELISTED
logwrite = From: $sender_address To: $local_part@$domain is whitelisted in sa_userpref logwrite = From: $sender_address To: $local_part@$domain is whitelisted in sa_userpref
add_header = X-Whitelist-Flag: YES add_header = :at_start_rfc:X-Whitelist-Flag: YES
set acl_m_whitelist = yes set acl_m_whitelist = yes
###################################################################### ######################################################################
@ -546,9 +546,9 @@ acl_rcpt_to:
## domains = +local_domains ## domains = +local_domains
## dnslists = swl.spamhaus.org : list.dnswl.org&0.0.0.2 ## dnslists = swl.spamhaus.org : list.dnswl.org&0.0.0.2
## logwrite = $sender_host_address is whitelisted in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}, adding X-DNS-Whitelist header ## logwrite = $sender_host_address is whitelisted in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}, adding X-DNS-Whitelist header
## add_header = X-DNS-Whitelist: $sender_host_address is listed in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}} ## add_header = :at_start_rfc:X-DNS-Whitelist: $sender_host_address is listed in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}
# add SPF header # Check SPF. Failures are marked as Junk and accepted - this skips further checks (e.g. DNSBL) and filters messages to the Junk folder
accept accept
!senders = : !senders = :
condition = ${run{/usr/bin/spfquery --scope mfrom \ condition = ${run{/usr/bin/spfquery --scope mfrom \
@ -599,7 +599,7 @@ acl_rcpt_to:
!condition = ${if eq {$header_X-Whitelist-Flag:}{YES}} !condition = ${if eq {$header_X-Whitelist-Flag:}{YES}}
dnslists = zen.spamhaus.org dnslists = zen.spamhaus.org
logwrite = Warning: $sender_host_address is listed in DNSBL $dnslist_domain ${if def:dnslist_text {($dnslist_text)}} logwrite = Warning: $sender_host_address is listed in DNSBL $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}
add_header = X-DNS-Blacklist: $sender_host_address is listed in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}} add_header = :at_start_rfc:X-DNS-Blacklist: $sender_host_address is listed in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}
set acl_m_junk = yes set acl_m_junk = yes
# greylisting # greylisting
@ -622,7 +622,7 @@ acl_rcpt_to:
accept accept
condition = ${lookup mysql{SELECT id FROM GREYLIST_RESENDERS_TABLE WHERE hostname = '${quote_mysql:$acl_m_sender}'}{yes}{no}} condition = ${lookup mysql{SELECT id FROM GREYLIST_RESENDERS_TABLE WHERE hostname = '${quote_mysql:$acl_m_sender}'}{yes}{no}}
condition = ${lookup mysql{UPDATE GREYLIST_RESENDERS_TABLE SET count=count+1, timestamp = NOW() WHERE hostname = '${quote_mysql:$acl_m_sender}'}{yes}{yes}} condition = ${lookup mysql{UPDATE GREYLIST_RESENDERS_TABLE SET count=count+1, timestamp = NOW() WHERE hostname = '${quote_mysql:$acl_m_sender}'}{yes}{yes}}
add_header = X-DNS-Greylist: known resender add_header = :at_start_rfc:X-DNS-Greylist: known resender
logwrite = skipping greylisting for $acl_m_sender due to match in GREYLIST_RESENDERS_TABLE logwrite = skipping greylisting for $acl_m_sender due to match in GREYLIST_RESENDERS_TABLE
# run greylisting acl # run greylisting acl
@ -685,7 +685,7 @@ acl_data:
!hosts = +relay_from_hosts !hosts = +relay_from_hosts
!senders = : postmaster@* !senders = : postmaster@*
!verify = header_syntax !verify = header_syntax
add_header = X-RFC2822-Error: Your message does not conform to RFC2822 standard add_header = :at_start_rfc:X-RFC2822-Error: Your message does not conform to RFC2822 standard
set acl_m_junk = yes set acl_m_junk = yes
# Warn unless there is a verifiable sender address in at least # Warn unless there is a verifiable sender address in at least
@ -693,7 +693,7 @@ acl_data:
warn warn
!verify = header_sender !verify = header_sender
log_message = No valid sender in message header log_message = No valid sender in message header
add_header = X-Sender-Verify-Failed: No valid sender in message header add_header = :at_start_rfc:X-Sender-Verify-Failed: No valid sender in message header
# Deny if the message contains a virus. Before enabling this check, you # Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above. # must install a virus scanner and set the av_scanner option above.
@ -701,7 +701,7 @@ acl_data:
#accept #accept
# malware = */defer_ok # malware = */defer_ok
# log_message = This message contains a virus ($malware_name). # log_message = This message contains a virus ($malware_name).
# add_header = X-Virus-Warning: This message contains a virus ($malware_name). # add_header = :at_start_rfc:X-Virus-Warning: This message contains a virus ($malware_name).
# set acl_m_junk = yes # set acl_m_junk = yes
# Accept the message. # Accept the message.
@ -723,7 +723,7 @@ autowhitelist_filter:
driver = redirect driver = redirect
domains = ! +local_domains domains = ! +local_domains
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_mboxes WHERE vm_mboxes.mbox="$sender_address_local_part" AND vm_mboxes.domain="$sender_address_domain" }} condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_mboxes WHERE vm_mboxes.mbox="${quote_mysql:$sender_address_local_part}" AND vm_mboxes.domain="${quote_mysql:$sender_address_domain}" }}
check_local_user = false check_local_user = false
user = Debian-exim user = Debian-exim
file = /etc/exim4/autowhitelist.filter file = /etc/exim4/autowhitelist.filter
@ -749,7 +749,7 @@ srs_forward:
driver = redirect driver = redirect
senders = ! : ! *@+local_domains senders = ! : ! *@+local_domains
domains = ! +local_domains : ! +relay_to_domains domains = ! +local_domains : ! +relay_to_domains
condition = ${lookup mysql{SELECT vm_domains.id FROM vm_domains WHERE vm_domains.domain='${original_domain}' AND vm_domains.status = '1'}} condition = ${lookup mysql{SELECT vm_domains.id FROM vm_domains WHERE vm_domains.domain='${quote_mysql:$original_domain}' AND vm_domains.status = '1'}}
address_data = ${run{/usr/bin/srs --secretfile=/etc/exim4/srsd.secret --hashlength=24 --forward --address=$sender_address_local_part@$sender_address_domain --alias=$original_domain}{$value}{:defer: SRS failure}} address_data = ${run{/usr/bin/srs --secretfile=/etc/exim4/srsd.secret --hashlength=24 --forward --address=$sender_address_local_part@$sender_address_domain --alias=$original_domain}{$value}{:defer: SRS failure}}
## srsd is broken on ubuntu 22.04. using above "run" command instead ## srsd is broken on ubuntu 22.04. using above "run" command instead
# address_data = ${readsocket{/run/srsd/srsd.sock}\ # address_data = ${readsocket{/run/srsd/srsd.sock}\
@ -779,14 +779,6 @@ dnslookup:
# The remaining routers handle addresses in the local domain(s). # The remaining routers handle addresses in the local domain(s).
virtual_alias:
driver = redirect
domains = +local_domains
local_part_suffix = +*
local_part_suffix_optional = true
## condition = ${if !eq {$received_protocol}{spam-scanned}}
data = ${lookup mysql{SELECT CONCAT(vm_aliases.mbox,'@','${domain}') FROM vm_mboxes, vm_aliases WHERE vm_mboxes.mbox=vm_aliases.mbox AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_aliases.alias='${local_part}' AND vm_aliases.domain='${domain}'}}
junk_filter: junk_filter:
driver = accept driver = accept
domains = +local_domains domains = +local_domains
@ -795,7 +787,7 @@ junk_filter:
condition = ${if !eq {$received_protocol}{spam-scanned}} condition = ${if !eq {$received_protocol}{spam-scanned}}
local_part_suffix = +* local_part_suffix = +*
local_part_suffix_optional = true local_part_suffix_optional = true
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter > '0'}} local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter > '0'}}
headers_add = X-Junk-Flag: YES headers_add = X-Junk-Flag: YES
transport = junk_delivery transport = junk_delivery
@ -807,16 +799,38 @@ spam_filter:
## condition = ${if !eq {$header_X-Whitelist-Flag:}{YES}} ## condition = ${if !eq {$header_X-Whitelist-Flag:}{YES}}
local_part_suffix = +* local_part_suffix = +*
local_part_suffix_optional = true local_part_suffix_optional = true
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter = '2'}} local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter = '2'}}
transport = junk_delivery transport = junk_delivery
mailman3_router:
driver = accept
domains = +local_domains
condition = ${if !eq {$received_protocol}{spam-scanned}}
require_files = /var/lib/mailman3/lists/${local_part}.${domain}
local_part_suffix_optional
local_part_suffix = \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman3_transport
virtual_alias:
driver = redirect
domains = +local_domains
local_part_suffix = +*
local_part_suffix_optional = true
condition = ${if !eq {$received_protocol}{spam-scanned}}
data = ${lookup mysql{SELECT CONCAT(vm_aliases.mbox,'@','${quote_mysql:$domain}') FROM vm_mboxes, vm_aliases WHERE vm_mboxes.mbox=vm_aliases.mbox AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_aliases.alias='${quote_mysql:$local_part}' AND vm_aliases.domain='${quote_mysql:$domain}'}}
virtual_vacation: virtual_vacation:
driver = accept driver = accept
domains = +local_domains domains = +local_domains
# currently configured to *not* autorespond to + aliases # currently configured to *not* autorespond to + aliases
#local_part_suffix = +* #local_part_suffix = +*
#local_part_suffix_optional = true #local_part_suffix_optional = true
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes, vm_autoresponders WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_autoresponders.mbox='${local_part}' AND vm_autoresponders.domain='${domain}' AND vm_autoresponders.mode='Vacation' AND vm_autoresponders.status='1'}} local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes, vm_autoresponders WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_autoresponders.mbox='${quote_mysql:$local_part}' AND vm_autoresponders.domain='${quote_mysql:$domain}' AND vm_autoresponders.mode='Vacation' AND vm_autoresponders.status='1'}}
# add options for start & end date fields to above query # add options for start & end date fields to above query
# do not reply to errors or lists or spam-scanned messages, require vacation message in db # do not reply to errors or lists or spam-scanned messages, require vacation message in db
condition = ${if !match {$h_precedence:} {(?i)junk|bulk|list}} condition = ${if !match {$h_precedence:} {(?i)junk|bulk|list}}
@ -841,7 +855,7 @@ virtual_autoresponder:
# currently configured to *not* autorespond to + aliases # currently configured to *not* autorespond to + aliases
#local_part_suffix = +* #local_part_suffix = +*
#local_part_suffix_optional = true #local_part_suffix_optional = true
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes, vm_autoresponders WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_autoresponders.mbox='${local_part}' AND vm_autoresponders.domain='${domain}' AND vm_autoresponders.mode='Autoresponder' AND vm_autoresponders.status='1'}} local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes, vm_autoresponders WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_autoresponders.mbox='${quote_mysql:$local_part}' AND vm_autoresponders.domain='${quote_mysql:$domain}' AND vm_autoresponders.mode='Autoresponder' AND vm_autoresponders.status='1'}}
# add options for start & end date fields to above query # add options for start & end date fields to above query
# do not reply to errors or lists or spam-scanned messages, require autoresponder message in db # do not reply to errors or lists or spam-scanned messages, require autoresponder message in db
condition = ${if !match {$h_precedence:} {(?i)junk|bulk|list}} condition = ${if !match {$h_precedence:} {(?i)junk|bulk|list}}
@ -866,7 +880,7 @@ virtual_forward_and_drop:
condition = ${if !eq {$received_protocol}{spam-scanned}} condition = ${if !eq {$received_protocol}{spam-scanned}}
local_part_suffix = +* local_part_suffix = +*
local_part_suffix_optional = true local_part_suffix_optional = true
data = ${lookup mysql{SELECT vm_forwards.forward_to FROM vm_mboxes, vm_forwards WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_forwards.mbox='${local_part}' AND vm_forwards.domain='${domain}' AND vm_forwards.save_local='0'}} data = ${lookup mysql{SELECT vm_forwards.forward_to FROM vm_mboxes, vm_forwards WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_forwards.mbox='${quote_mysql:$local_part}' AND vm_forwards.domain='${quote_mysql:$domain}' AND vm_forwards.save_local='0'}}
virtual_forward_and_keep: virtual_forward_and_keep:
driver = redirect driver = redirect
@ -874,7 +888,7 @@ virtual_forward_and_keep:
condition = ${if !eq {$received_protocol}{spam-scanned}} condition = ${if !eq {$received_protocol}{spam-scanned}}
local_part_suffix = +* local_part_suffix = +*
local_part_suffix_optional = true local_part_suffix_optional = true
data = ${lookup mysql{SELECT CONCAT('${local_part}@${domain}\n', vm_forwards.forward_to) FROM vm_mboxes, vm_forwards WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_forwards.mbox='${local_part}' AND vm_forwards.domain='${domain}' AND vm_forwards.save_local='1'}} data = ${lookup mysql{SELECT CONCAT('${quote_mysql:$local_part}@${quote_mysql:$domain}\n', vm_forwards.forward_to) FROM vm_mboxes, vm_forwards WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_forwards.mbox='${quote_mysql:$local_part}' AND vm_forwards.domain='${quote_mysql:$domain}' AND vm_forwards.save_local='1'}}
spamcheck_router: spamcheck_router:
driver = accept driver = accept
@ -887,16 +901,18 @@ spamcheck_router:
condition = ${if < {$message_size}{512k}} condition = ${if < {$message_size}{512k}}
local_part_suffix = +* local_part_suffix = +*
local_part_suffix_optional = true local_part_suffix_optional = true
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter = '2'}} local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter = '2'}}
headers_remove = X-Spam-Checker-Version:X-Spam-Flag:X-Spam-Level:X-Spam-Status:X-Spam-Score:X-Spam-Report headers_remove = X-Spam-Checker-Version:X-Spam-Flag:X-Spam-Level:X-Spam-Status:X-Spam-Score:X-Spam-Report
transport = spamcheck transport = spamcheck
# add mailman3 spamcheck?
user_filter: user_filter:
driver = redirect driver = redirect
domains = +local_domains domains = +local_domains
local_part_suffix = +* local_part_suffix = +*
local_part_suffix_optional = true local_part_suffix_optional = true
data = ${lookup mysql{SELECT vm_filters.filter FROM vm_mboxes, vm_filters WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_filters.mbox='${local_part}' AND vm_filters.domain='${domain}'}} data = ${lookup mysql{SELECT vm_filters.filter FROM vm_mboxes, vm_filters WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_filters.mbox='${quote_mysql:$local_part}' AND vm_filters.domain='${quote_mysql:$domain}'}}
user = vmail user = vmail
no_verify no_verify
no_expn no_expn
@ -913,7 +929,7 @@ lmtp_localuser:
domains = +local_domains domains = +local_domains
local_part_suffix = +* local_part_suffix = +*
local_part_suffix_optional = true local_part_suffix_optional = true
condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0'}} condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_mboxes WHERE vm_mboxes.mbox='${quote_mysql:$local_part}' AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0'}}
transport = dovecot_lmtp transport = dovecot_lmtp
cannot_route_message = Unknown user cannot_route_message = Unknown user
@ -922,7 +938,7 @@ virtual_alias_catchall:
driver = redirect driver = redirect
domains = +local_domains domains = +local_domains
## condition = ${if !eq {$received_protocol}{spam-scanned}} ## condition = ${if !eq {$received_protocol}{spam-scanned}}
data = ${lookup mysql{SELECT CONCAT(vm_aliases.mbox,'@','${domain}') FROM vm_mboxes, vm_aliases WHERE vm_mboxes.mbox=vm_aliases.mbox AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_aliases.alias='catchall' AND vm_aliases.domain='${domain}'}} data = ${lookup mysql{SELECT CONCAT(vm_aliases.mbox,'@','${quote_mysql:$domain}') FROM vm_mboxes, vm_aliases WHERE vm_mboxes.mbox=vm_aliases.mbox AND vm_mboxes.domain='${quote_mysql:$domain}' AND vm_mboxes.status > '0' AND vm_aliases.alias='catchall' AND vm_aliases.domain='${quote_mysql:$domain}'}}
# This router handles aliasing using a linearly searched alias file with the # This router handles aliasing using a linearly searched alias file with the
# name SYSTEM_ALIASES_FILE. When this configuration is installed automatically, # name SYSTEM_ALIASES_FILE. When this configuration is installed automatically,
@ -1062,8 +1078,8 @@ vacation_transport:
return_path = ${local_part}@${domain} return_path = ${local_part}@${domain}
to = ${sender_address} to = ${sender_address}
from = ${local_part}@${domain} from = ${local_part}@${domain}
subject = ${lookup mysql{SELECT vm_autoresponders.subject FROM vm_autoresponders WHERE vm_autoresponders.mbox='${local_part}' AND vm_autoresponders.domain='${domain}' AND vm_autoresponders.status='1' AND vm_autoresponders.mode='Vacation'}{$value}{"Auto Reply"}} subject = ${lookup mysql{SELECT vm_autoresponders.subject FROM vm_autoresponders WHERE vm_autoresponders.mbox='${quote_mysql:$local_part}' AND vm_autoresponders.domain='${quote_mysql:$domain}' AND vm_autoresponders.status='1' AND vm_autoresponders.mode='Vacation'}{$value}{"Auto Reply"}}
text = ${lookup mysql{SELECT vm_autoresponders.body FROM vm_autoresponders WHERE vm_autoresponders.mbox='${local_part}' AND vm_autoresponders.domain='${domain}' AND vm_autoresponders.status='1' AND vm_autoresponders.mode='Vacation'}{$value}fail} text = ${lookup mysql{SELECT vm_autoresponders.body FROM vm_autoresponders WHERE vm_autoresponders.mbox='${quote_mysql:$local_part}' AND vm_autoresponders.domain='${quote_mysql:$domain}' AND vm_autoresponders.status='1' AND vm_autoresponders.mode='Vacation'}{$value}fail}
user = vmail user = vmail
## for autoresponder ## for autoresponder
@ -1073,8 +1089,8 @@ autoresponder_transport:
return_path = ${local_part}@${domain} return_path = ${local_part}@${domain}
to = ${sender_address} to = ${sender_address}
from = ${local_part}@${domain} from = ${local_part}@${domain}
subject = ${lookup mysql{SELECT vm_autoresponders.subject FROM vm_autoresponders WHERE vm_autoresponders.mbox='${local_part}' AND vm_autoresponders.domain='${domain}' AND vm_autoresponders.status='1' AND vm_autoresponders.mode='Autoresponder'}{$value}{"Auto Reply"}} subject = ${lookup mysql{SELECT vm_autoresponders.subject FROM vm_autoresponders WHERE vm_autoresponders.mbox='${quote_mysql:$local_part}' AND vm_autoresponders.domain='${quote_mysql:$domain}' AND vm_autoresponders.status='1' AND vm_autoresponders.mode='Autoresponder'}{$value}{"Auto Reply"}}
text = ${lookup mysql{SELECT vm_autoresponders.body FROM vm_autoresponders WHERE vm_autoresponders.mbox='${local_part}' AND vm_autoresponders.domain='${domain}' AND vm_autoresponders.status='1' AND vm_autoresponders.mode='Autoresponder'}{$value}fail} text = ${lookup mysql{SELECT vm_autoresponders.body FROM vm_autoresponders WHERE vm_autoresponders.mbox='${quote_mysql:$local_part}' AND vm_autoresponders.domain='${quote_mysql:$domain}' AND vm_autoresponders.status='1' AND vm_autoresponders.mode='Autoresponder'}{$value}fail}
user = vmail user = vmail
#maildir_delivery: #maildir_delivery:
@ -1103,7 +1119,7 @@ spamcheck:
driver = pipe driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS command = /usr/sbin/exim -oMr spam-scanned -bS
use_bsmtp = true use_bsmtp = true
transport_filter = /usr/bin/spamc -f -u $local_part@$domain transport_filter = /usr/bin/spamc -f -u $local_part_data@$domain_data
home_directory = "/tmp" home_directory = "/tmp"
current_directory = "/tmp" current_directory = "/tmp"
# must use a privileged user to set $received_protocol on the way back in! # must use a privileged user to set $received_protocol on the way back in!
@ -1115,6 +1131,28 @@ spamcheck:
message_prefix = message_prefix =
message_suffix = message_suffix =
mailman3_transport:
driver = smtp
protocol = lmtp
allow_localhost
hosts = localhost
#hosts_override
port = 8024
rcpt_include_affixes = true
#mailman_transport:
# driver = pipe
# command = MAILMAN_WRAP \
# '${if def:local_part_suffix \
# {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
# {post}}' \
# $local_part
# current_directory = MAILMAN_HOME
# home_directory = MAILMAN_HOME
# user = MAILMAN_UID
# group = MAILMAN_GID
# clamav # clamav
#clamav_scan #clamav_scan
# driver = pipe # driver = pipe

46
install.sh
View File

@ -5,13 +5,11 @@ if [ "${EUID}" -ne 0 ]; then
exit exit
fi fi
# check for Ubuntu 20.04 # check for Ubuntu 22.04 (jammy) or Debian 12 (bookworm)
if ! grep -q "Ubuntu 22.04" /etc/issue; then os_codename=`lsb_release -cs`
echo "This installer is only tested on Ubuntu 22.04. If you are on a" if [ $os_codename != jammy ] && [ $os_codename != bookworm ]; then
echo "different version of Ubuntu or a Debian/Debian based distro" echo "This installer only runs on Ubuntu 22.04 (jammy) or Debian 12 (Bookworm), bailing out."
echo "and want to try running this installer open this script and" exit 1
echo "comment out the exit command below this line and re-run."
exit
fi fi
# check if install is already in place # check if install is already in place
@ -93,13 +91,19 @@ sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql
sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin if [ $os_codename = jammy ]; then
sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin
sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin
elif [ $os_codename != bookworm ]; then
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamd
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
cp etc/spamassassin/*.cf /etc/spamassassin/ cp etc/spamassassin/*.cf /etc/spamassassin/
sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf sed -i "s|user_scores_sql_password password|user_scores_sql_password $VMAILPASS|g" /etc/spamassassin/sql.cf
chown root:root /etc/spamassassin/local.cf chown root:root /etc/spamassassin/local.cf
chmod 644 /etc/spamassassin/local.cf chmod 644 /etc/spamassassin/local.cf
chown debian-spamd:mail /etc/spamassassin/sql.cf chown Debian-exim:mail /etc/spamassassin/sql.cf
chmod 640 /etc/spamassassin/sql.cf chmod 640 /etc/spamassassin/sql.cf
# create local systemd dir, used by srsd & vmail-cron # create local systemd dir, used by srsd & vmail-cron
@ -123,6 +127,13 @@ maildomain=`hostname -d`
sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog
install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains
cp etc/exim4/* /etc/exim4/ cp etc/exim4/* /etc/exim4/
if [ $os_codename = jammy ]; then
cp /etc/exim4/exim4-jammy.conf /etc/exim4/exim4.conf
elif [ $os_codename != bookworm ]; then
cp /etc/exim4/exim4-bookworm.conf /etc/exim4/exim4.conf
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
chmod 640 /etc/exim4/exim4.conf chmod 640 /etc/exim4/exim4.conf
chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter
chmod 640 /etc/exim4/autowhitelist.filter chmod 640 /etc/exim4/autowhitelist.filter
@ -140,6 +151,9 @@ chown Debian-exim:Debian-exim /etc/exim4/srsd.secret
pwgen -N 1 64 > /etc/exim4/srsd.secret pwgen -N 1 64 > /etc/exim4/srsd.secret
sed -i "s|^QUEUERUNNER.*|QUEUERUNNER='separate'|g" /etc/default/exim4 sed -i "s|^QUEUERUNNER.*|QUEUERUNNER='separate'|g" /etc/default/exim4
sed -i "s|^QUEUEINTERVAL.*|QUEUEINTERVAL='15m'|g" /etc/default/exim4 sed -i "s|^QUEUEINTERVAL.*|QUEUEINTERVAL='15m'|g" /etc/default/exim4
if [[ ! -f /var/log/exim4/rejectlog ]]; then
install --owner=Debian-exim --group=adm --mode=640 /dev/null /var/log/exim4/rejectlog
fi
# dovecot config # dovecot config
mkdir /etc/dovecot/sites.d mkdir /etc/dovecot/sites.d
@ -155,8 +169,15 @@ chmod 750 /usr/local/libexec/vmail-quota-warning.sh
chown dovecot:mail /usr/local/libexec/vmail-quota-warning.sh chown dovecot:mail /usr/local/libexec/vmail-quota-warning.sh
# restart services # restart services
systemctl enable spamassassin if [ $os_codename = jammy ]; then
systemctl restart spamassassin systemctl enable spamassassin
systemctl restart spamassassin
elif [ $os_codename != bookworm ]; then
systemctl enable spamd
systemctl restart spamd
else
echo "WARNING: Unexpected OS codename. This should never happen due to previous checks."
fi
systemctl restart exim4 systemctl restart exim4
systemctl restart dovecot systemctl restart dovecot
@ -201,6 +222,7 @@ else
echo "fail2ban not installed, skipping fail2ban email configs." echo "fail2ban not installed, skipping fail2ban email configs."
fi fi
sed -i '/^root/d' /etc/aliases
echo "webmaster@$maildomain" > /root/.forward echo "webmaster@$maildomain" > /root/.forward
echo echo
echo "System emails are all configured to alias to root@$fqdn," echo "System emails are all configured to alias to root@$fqdn,"