Subversion Repositories ALCASAR

Rev

Rev 3060 | Rev 3062 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2993 rexy 1 
#!/bin/bash
2 
 
3 
###########################################################################################
3018 rexy 4 
##				    ALCASAR MAIL SERVICE CONFIGURATION
2993 rexy 5 
##
3011 rexy 6 
##	Script by K@M3L & T3RRY (LaPlateform), joss_p & Rexy
3018 rexy 7 
##  This script configure PostFix
8 
##		0 : no email autoregistration
9 
##		1 : PostFix is the SMTP server
10 
##		2 : PostFix relay to an other SMTP server
3061 rexy 11 
##		3 : PostFix use an external email address (with Cyrus-SASL)
2993 rexy 12 
###########################################################################################
13 
 
3061 rexy 14 
######################################################
15 
##			Email configuration examples (mode = 3)
16 
## common parameters : smtp_use_tls = yes, smtp_tls_security_level = encrypt, smtp_sasl_auth_enable = yes
17 
## common rules : 'myhostname' parameter should be the domain name of the sasl_email account
18 
########## smtp.free.fr:465
19 
## smtp_sasl_security_option = noanonymous, relayhost = [smtp.free.fr]:465, smtp_tls_wrappermode = yes
20 
########## smtp.free.fr:587
21 
## smtp_sasl_security_option = noanonymous, relayhost = [smtp.free.fr]:587, smtp_tls_wrappermode = no
22 
 
3018 rexy 23 
# ****** Paths *******
2993 rexy 24 
SED="/bin/sed -i"
25 
CONF_FILE="/usr/local/etc/alcasar.conf"
2994 rexy 26 
POSTFIX_CONF_FILE="/etc/postfix/main.cf"
2993 rexy 27 
LOCAL_IPTABLE_FILE="/usr/local/etc/alcasar-iptables-local.sh"
2997 rexy 28 
SASLPATH="/etc/postfix/sasl"
2993 rexy 29 
smtpIP="0.0.0.0/0"
3039 rexy 30 
hostName=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
31 
domainName=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2`
3018 rexy 32 
usage="Usage: alcasar-mail_install.sh -h|-0|-1|-2|-3"
2993 rexy 33 
 
34 
nb_args=$#
3039 rexy 35 
if [ $nb_args -eq 0 ]; then  # apply alcasar.conf
3018 rexy 36 
	mail=`grep ^MAIL= $CONF_FILE|cut -d"=" -f2`
37 
	if [ "$mail" = "off" ]; then
38 
		TYPE_MAIL=0
39 
	else
40 
		TYPE_MAIL=`grep ^MAIL_TYPE= $CONF_FILE|cut -d"=" -f2`
3021 rexy 41 
		smtpPort=`grep ^MAIL_SMTP_PORT= $CONF_FILE|cut -d"=" -f2`
3018 rexy 42 
		smtpIP=`grep ^MAIL_SMTP_IP= $CONF_FILE|cut -d"=" -f2`
43 
		mailAddr=`grep ^MAIL_ADDR= $CONF_FILE|cut -d"=" -f2`
3039 rexy 44 
		[ -e ${SASLPATH}/sasl_passwd ] && mailMdp=`cat $SASLPATH/sasl_passwd|cut -d":" -f3`
3018 rexy 45 
		adminMail=`grep ^MAIL_ADMIN= $CONF_FILE|cut -d"=" -f2`
3039 rexy 46 
		whiteDomain=`grep ^MAIL_WHITEDOMAIN= $CONF_FILE|cut -d"=" -f2`
3018 rexy 47 
	fi
48 
else # apply args
49 
	if [ "$1" = "-h" ] || [ "$1" = "--h" ]; then
50 
		echo $usage
51 
		exit 0
52 
	fi
3020 rexy 53 
	while getopts ":h:s:p:m:o:a:w:0123" option
2993 rexy 54 
	do
55 
		case $option in
56 
			0)
57 
				TYPE_MAIL=0
58 
			;;
59 
			1)
60 
				TYPE_MAIL=1
61 
			;;
62 
			2)
63 
				TYPE_MAIL=2
64 
			;;
65 
			3)
66 
				TYPE_MAIL=3
67 
			;;
68 
			p)
3021 rexy 69 
				smtpPort=$OPTARG
2993 rexy 70 
			;;
3020 rexy 71 
			s)
2993 rexy 72 
				smtpIP=$OPTARG
73 
			;;
74 
			m)
75 
				mailAddr=$OPTARG
76 
			;;
77 
			o)
78 
				mailMdp=$OPTARG
79 
			;;
80 
			a)
81 
				adminMail=$OPTARG
82 
			;;
83 
			w)
84 
				whiteDomain=$OPTARG
85 
			;;
86 
			:)
87 
				echo "L'option $OPTARG requiert un argument"
88 
				exit 1
89 
			;;
90 
			\?)
91 
				echo "$OPTARG : option invalide"
92 
				exit 1
93 
			;;
94 
		esac
95 
	done
96 
fi
2994 rexy 97 
if  [[ $TYPE_MAIL -eq 0 ]]; then # disable mail service
2993 rexy 98 
	$SED "s/^MAIL=.*/MAIL=off/" $CONF_FILE
99 
	$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=/" $CONF_FILE
100 
	$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=/" $CONF_FILE
3021 rexy 101 
	$SED "s/^MAIL_SMTP_PORT=.*/MAIL_SMTP_PORT=/" $CONF_FILE
2993 rexy 102 
	$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=/" $CONF_FILE
2997 rexy 103 
	$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAIN=/" $CONF_FILE
2993 rexy 104 
	$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=/" $CONF_FILE
2997 rexy 105 
	$SED "/^SMTP_IP=/ s/^/#/" $LOCAL_IPTABLE_FILE
106 
	$SED "/^SMTP_PORT=/ s/^/#/" $LOCAL_IPTABLE_FILE
3018 rexy 107 
	$SED "s/^\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/#\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -d \$SMTP_IP -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
108 
	$SED "s/^\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT.*/#\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT -s \$SMTP_IP -m conntrack --ctstate ESTABLISHED     -j ACCEPT/" $LOCAL_IPTABLE_FILE
2997 rexy 109 
	$SED "s/^relayhost =.*/relayhost =/" $POSTFIX_CONF_FILE
3022 rexy 110 
	$SED "s/^smtp_tls_security_level =.*/smtp_tls_security_level = may/g" $POSTFIX_CONF_FILE
3038 rexy 111 
	$SED "s/^smtp_tls_wrappermode =.*/smtp_tls_wrappermode = no/g" $POSTFIX_CONF_FILE
112 
	$SED "s/^myhostname =.*/myhostname = $hostName.$domainName/g" $POSTFIX_CONF_FILE
3039 rexy 113 
	[ -e ${SASLPATH}/sasl_passwd ] && rm -f ${SASLPATH}/*
3022 rexy 114 
elif [[ $TYPE_MAIL -eq 1 ]]; then # Enable mail service (act as smtp server)
115 
	$SED "s/^MAIL=.*/MAIL=on/" $CONF_FILE
116 
	$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=1/" $CONF_FILE
117 
	$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=/" $CONF_FILE
3038 rexy 118 
	$SED "s/^MAIL_SMTP_PORT=.*/MAIL_SMTP_PORT=$smtpPort/" $CONF_FILE
3022 rexy 119 
	$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=/" $CONF_FILE
120 
	$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAIN=$whiteDomain/" $CONF_FILE
121 
	$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=$adminMail/" $CONF_FILE
122 
	$SED "/^SMTP_IP=/ s/^/#/" $LOCAL_IPTABLE_FILE
3039 rexy 123 
	$SED "s/^SMTP_PORT=.*/SMTP_PORT=$smtpPort/" $LOCAL_IPTABLE_FILE
124 
	$SED "s/^\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
125 
	$SED "s/^\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT.*/\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT -m conntrack --ctstate ESTABLISHED     -j ACCEPT/" $LOCAL_IPTABLE_FILE
3038 rexy 126 
	$SED "s/^#SMTP_PORT=.*/SMTP_PORT=$smtpPort/" $LOCAL_IPTABLE_FILE
127 
	$SED "s/^#\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
128 
	$SED "s/^#\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT.*/\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT -m conntrack --ctstate ESTABLISHED     -j ACCEPT/" $LOCAL_IPTABLE_FILE
3022 rexy 129 
	$SED "s/^relayhost =.*/relayhost =/" $POSTFIX_CONF_FILE
130 
	$SED "s/^smtp_tls_security_level =.*/smtp_tls_security_level = may/g" $POSTFIX_CONF_FILE
3038 rexy 131 
	$SED "s/^smtp_tls_wrappermode =.*/smtp_tls_wrappermode = no/g" $POSTFIX_CONF_FILE
132 
	$SED "s/^myhostname =.*/myhostname = $hostName.$domainName/g" $POSTFIX_CONF_FILE
3039 rexy 133 
	[ -e ${SASLPATH}/sasl_passwd ] && rm -f ${SASLPATH}/*
2997 rexy 134 
elif [[ $TYPE_MAIL -eq 2 ]]; then # Enable mail service (relaying to an extern mail server)
3001 rexy 135 
	$SED "s/^MAIL=.*/MAIL=on/" $CONF_FILE
136 
	$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=2/" $CONF_FILE
3016 rexy 137 
	$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=$smtpIP/" $CONF_FILE
3021 rexy 138 
	$SED "s/^MAIL_SMTP_PORT=.*/MAIL_SMTP_PORT=$smtpPort/" $CONF_FILE
3016 rexy 139 
	$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=/" $CONF_FILE
140 
	$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAIN=$whiteDomain/" $CONF_FILE
141 
	$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=$adminMail/" $CONF_FILE
3039 rexy 142 
	$SED "s/^SMTP_IP=.*/SMTP_IP=$smtpIP/" $LOCAL_IPTABLE_FILE
143 
	$SED "s/^SMTP_PORT=.*/SMTP_PORT=$smtpPort/" $LOCAL_IPTABLE_FILE
144 
	$SED "s/^\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -d \$SMTP_IP -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
145 
	$SED "s/^\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT.*/\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT -s \$SMTP_IP -m conntrack --ctstate ESTABLISHED     -j ACCEPT/" $LOCAL_IPTABLE_FILE
3016 rexy 146 
	$SED "s/^#SMTP_IP=.*/SMTP_IP=$smtpIP/" $LOCAL_IPTABLE_FILE
3021 rexy 147 
	$SED "s/^#SMTP_PORT=.*/SMTP_PORT=$smtpPort/" $LOCAL_IPTABLE_FILE
3016 rexy 148 
	$SED "s/^#\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -d \$SMTP_IP -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
149 
	$SED "s/^#\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT.*/\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT -s \$SMTP_IP -m conntrack --ctstate ESTABLISHED     -j ACCEPT/" $LOCAL_IPTABLE_FILE
3052 rexy 150 
	$SED "s/^relayhost =.*/relayhost = [$smtpIP]:$smtpPort/g" $POSTFIX_CONF_FILE
3022 rexy 151 
	$SED "s/^smtp_tls_security_level =.*/smtp_tls_security_level = may/g" $POSTFIX_CONF_FILE
3038 rexy 152 
	$SED "s/^smtp_tls_wrappermode =.*/smtp_tls_wrappermode = no/g" $POSTFIX_CONF_FILE
153 
	$SED "s/^myhostname =.*/myhostname = $hostName.$domainName/g" $POSTFIX_CONF_FILE
3039 rexy 154 
	[ -e ${SASLPATH}/sasl_passwd ] && rm -f ${SASLPATH}/*
2997 rexy 155 
elif [[ $TYPE_MAIL -eq 3 ]]; then # Enable mail service (using an email address)
2994 rexy 156 
	$SED "s/^MAIL=.*/MAIL=on/" $CONF_FILE
157 
	$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=3/" $CONF_FILE
3016 rexy 158 
	$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=$smtpIP/" $CONF_FILE
3021 rexy 159 
	$SED "s/^MAIL_SMTP_PORT=.*/MAIL_SMTP_PORT=$smtpPort/" $CONF_FILE
2994 rexy 160 
	$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=$mailAddr/" $CONF_FILE
2997 rexy 161 
	$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAIN=$whiteDomain/" $CONF_FILE
2994 rexy 162 
	$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=$adminMail/" $CONF_FILE
3039 rexy 163 
	$SED "s/^SMTP_IP=.*/SMTP_IP=$smtpIP/" $LOCAL_IPTABLE_FILE
164 
	$SED "s/^SMTP_PORT=.*/SMTP_PORT=$smtpPort/" $LOCAL_IPTABLE_FILE
165 
	$SED "s/^\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
166 
	$SED "s/^\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT.*/\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT -m conntrack --ctstate ESTABLISHED     -j ACCEPT/" $LOCAL_IPTABLE_FILE
3013 rexy 167 
	$SED "s/^#SMTP_IP=.*/SMTP_IP=$smtpIP/" $LOCAL_IPTABLE_FILE
3021 rexy 168 
	$SED "s/^#SMTP_PORT=.*/SMTP_PORT=$smtpPort/" $LOCAL_IPTABLE_FILE
3016 rexy 169 
	$SED "s/^#\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
170 
	$SED "s/^#\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT.*/\$IPTABLES -A INPUT  -p tcp --sport \$SMTP_PORT -m conntrack --ctstate ESTABLISHED     -j ACCEPT/" $LOCAL_IPTABLE_FILE
3052 rexy 171 
	$SED "s/^relayhost =.*/relayhost = [$smtpIP]:$smtpPort/g" $POSTFIX_CONF_FILE
3022 rexy 172 
	$SED "s/^smtp_tls_security_level =.*/smtp_tls_security_level = encrypt/g" $POSTFIX_CONF_FILE
3060 rexy 173 
	if [ "$smtpPort" = "465" ]; then # wrappermode is madatory only if port = 465
174 
		$SED "s/^smtp_tls_wrappermode =.*/smtp_tls_wrappermode = yes/g" $POSTFIX_CONF_FILE
175 
	else
176 
		$SED "s/^smtp_tls_wrappermode =.*/smtp_tls_wrappermode = no/g" $POSTFIX_CONF_FILE
177 
	fi
3061 rexy 178 
	if [ "$domainName" = "localdomain" ]; then  # use the domain name of $mail_Addr to avoid extern smtp servers reject
179 
		domain_of_smtpIP=`echo $smtp_IP|rev|cut -d '.' -f1-2|rev`
180 
		$SED "s/^myhostname =.*/myhostname = $domain_of_smtpIP/g" $POSTFIX_CONF_FILE
3038 rexy 181 
	else
182 
		$SED "s/^myhostname =.*/myhostname = $hostName.$domainName/g" $POSTFIX_CONF_FILE
183 
	fi
2997 rexy 184 
	[ -d ${SASLPATH} ] || mkdir ${SASLPATH}
3022 rexy 185 
	echo "[${smtpIP}]:${smtpPort} ${mailAddr}:${mailMdp}" > ${SASLPATH}/sasl_passwd
2997 rexy 186 
	postmap ${SASLPATH}/sasl_passwd
3001 rexy 187 
	chmod -R 644 ${SASLPATH}
188 
	chown root:root ${SASLPATH}/sasl_passwd*
189 
	chmod 0600 ${SASLPATH}/sasl_passwd*
2993 rexy 190 
else
191 
	echo "Erreur ! Aucun type de messagerie sélectionné !"
192 
	exit 0
193 
fi
194 
/usr/local/bin/alcasar-iptables.sh
3016 rexy 195 
systemctl restart postfix.service
2993 rexy 196 
exit 0