| 2993 |
rexy |
1 |
#!/bin/bash
|
|
|
2 |
|
|
|
3 |
###########################################################################################
|
| 3018 |
rexy |
4 |
## ALCASAR MAIL SERVICE CONFIGURATION
|
| 2993 |
rexy |
5 |
##
|
| 3011 |
rexy |
6 |
## Script by K@M3L & T3RRY (LaPlateform), joss_p & Rexy
|
| 3018 |
rexy |
7 |
## This script configure PostFix
|
|
|
8 |
## 0 : no email autoregistration
|
|
|
9 |
## 1 : PostFix is the SMTP server
|
|
|
10 |
## 2 : PostFix relay to an other SMTP server
|
|
|
11 |
## 2 : PostFix use an external email address (with SASL)
|
| 2993 |
rexy |
12 |
###########################################################################################
|
|
|
13 |
|
| 3018 |
rexy |
14 |
# ****** Paths *******
|
| 2993 |
rexy |
15 |
SED="/bin/sed -i"
|
|
|
16 |
CONF_FILE="/usr/local/etc/alcasar.conf"
|
| 2994 |
rexy |
17 |
POSTFIX_CONF_FILE="/etc/postfix/main.cf"
|
| 2993 |
rexy |
18 |
LOCAL_IPTABLE_FILE="/usr/local/etc/alcasar-iptables-local.sh"
|
| 2997 |
rexy |
19 |
SASLPATH="/etc/postfix/sasl"
|
| 2993 |
rexy |
20 |
smtpIP="0.0.0.0/0"
|
| 3018 |
rexy |
21 |
usage="Usage: alcasar-mail_install.sh -h|-0|-1|-2|-3"
|
| 2993 |
rexy |
22 |
|
|
|
23 |
nb_args=$#
|
| 3018 |
rexy |
24 |
if [ $nb_args -eq 0 ] # apply alcasar.conf
|
| 2993 |
rexy |
25 |
then
|
| 3018 |
rexy |
26 |
mail=`grep ^MAIL= $CONF_FILE|cut -d"=" -f2`
|
|
|
27 |
if [ "$mail" = "off" ]; then
|
|
|
28 |
TYPE_MAIL=0
|
|
|
29 |
else
|
|
|
30 |
TYPE_MAIL=`grep ^MAIL_TYPE= $CONF_FILE|cut -d"=" -f2`
|
| 3021 |
rexy |
31 |
smtpPort=`grep ^MAIL_SMTP_PORT= $CONF_FILE|cut -d"=" -f2`
|
| 3018 |
rexy |
32 |
smtpIP=`grep ^MAIL_SMTP_IP= $CONF_FILE|cut -d"=" -f2`
|
|
|
33 |
mailAddr=`grep ^MAIL_ADDR= $CONF_FILE|cut -d"=" -f2`
|
|
|
34 |
mailMdp=`grep ^MAIL_PASSWORD= $CONF_FILE|cut -d"=" -f2`
|
|
|
35 |
adminMail=`grep ^MAIL_ADMIN= $CONF_FILE|cut -d"=" -f2`
|
|
|
36 |
whiteDomain=`grep ^MAIL_WHTEDOMAIN= $CONF_FILE|cut -d"=" -f2`
|
|
|
37 |
fi
|
|
|
38 |
else # apply args
|
|
|
39 |
if [ "$1" = "-h" ] || [ "$1" = "--h" ]; then
|
|
|
40 |
echo $usage
|
|
|
41 |
exit 0
|
|
|
42 |
fi
|
| 3020 |
rexy |
43 |
while getopts ":h:s:p:m:o:a:w:0123" option
|
| 2993 |
rexy |
44 |
do
|
|
|
45 |
case $option in
|
|
|
46 |
0)
|
|
|
47 |
TYPE_MAIL=0
|
|
|
48 |
;;
|
|
|
49 |
1)
|
|
|
50 |
TYPE_MAIL=1
|
|
|
51 |
;;
|
|
|
52 |
2)
|
|
|
53 |
TYPE_MAIL=2
|
|
|
54 |
;;
|
|
|
55 |
3)
|
|
|
56 |
TYPE_MAIL=3
|
|
|
57 |
;;
|
|
|
58 |
p)
|
| 3021 |
rexy |
59 |
smtpPort=$OPTARG
|
| 2993 |
rexy |
60 |
;;
|
| 3020 |
rexy |
61 |
s)
|
| 2993 |
rexy |
62 |
smtpIP=$OPTARG
|
|
|
63 |
;;
|
|
|
64 |
m)
|
|
|
65 |
mailAddr=$OPTARG
|
|
|
66 |
;;
|
|
|
67 |
o)
|
|
|
68 |
mailMdp=$OPTARG
|
|
|
69 |
;;
|
|
|
70 |
a)
|
|
|
71 |
adminMail=$OPTARG
|
|
|
72 |
;;
|
|
|
73 |
w)
|
|
|
74 |
whiteDomain=$OPTARG
|
|
|
75 |
;;
|
|
|
76 |
:)
|
|
|
77 |
echo "L'option $OPTARG requiert un argument"
|
|
|
78 |
exit 1
|
|
|
79 |
;;
|
|
|
80 |
\?)
|
|
|
81 |
echo "$OPTARG : option invalide"
|
|
|
82 |
exit 1
|
|
|
83 |
;;
|
|
|
84 |
esac
|
|
|
85 |
done
|
|
|
86 |
fi
|
| 2994 |
rexy |
87 |
if [[ $TYPE_MAIL -eq 0 ]]; then # disable mail service
|
| 2993 |
rexy |
88 |
$SED "s/^MAIL=.*/MAIL=off/" $CONF_FILE
|
|
|
89 |
$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=/" $CONF_FILE
|
|
|
90 |
$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=/" $CONF_FILE
|
| 3021 |
rexy |
91 |
$SED "s/^MAIL_SMTP_PORT=.*/MAIL_SMTP_PORT=/" $CONF_FILE
|
| 2993 |
rexy |
92 |
$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=/" $CONF_FILE
|
| 3018 |
rexy |
93 |
$SED "s/^MAIL_PASSWORD=.*/MAIL_PASSWORD=/" $CONF_FILE
|
| 2997 |
rexy |
94 |
$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAIN=/" $CONF_FILE
|
| 2993 |
rexy |
95 |
$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=/" $CONF_FILE
|
| 2997 |
rexy |
96 |
$SED "/^SMTP_IP=/ s/^/#/" $LOCAL_IPTABLE_FILE
|
|
|
97 |
$SED "/^SMTP_PORT=/ s/^/#/" $LOCAL_IPTABLE_FILE
|
| 3018 |
rexy |
98 |
$SED "s/^\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/#\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -d \$SMTP_IP -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
|
|
|
99 |
$SED "s/^\$IPTABLES -A INPUT -p tcp --sport \$SMTP_PORT.*/#\$IPTABLES -A INPUT -p tcp --sport \$SMTP_PORT -s \$SMTP_IP -m conntrack --ctstate ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
|
| 2997 |
rexy |
100 |
$SED "s/^relayhost =.*/relayhost =/" $POSTFIX_CONF_FILE
|
| 3022 |
rexy |
101 |
$SED "s/^smtp_tls_security_level =.*/smtp_tls_security_level = may/g" $POSTFIX_CONF_FILE
|
|
|
102 |
$SED "/^smtp_tls_wrappermode = yes/d" $POSTFIX_CONF_FILE
|
| 3016 |
rexy |
103 |
[ -e ${SASLPATH}/sasl_passwd ] && rm -f ${SASLPATH}/sasl_passwd
|
| 3022 |
rexy |
104 |
elif [[ $TYPE_MAIL -eq 1 ]]; then # Enable mail service (act as smtp server)
|
|
|
105 |
$SED "s/^MAIL=.*/MAIL=on/" $CONF_FILE
|
|
|
106 |
$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=1/" $CONF_FILE
|
|
|
107 |
$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=/" $CONF_FILE
|
|
|
108 |
$SED "s/^MAIL_SMTP_PORT=.*/MAIL_SMTP_PORT=/" $CONF_FILE
|
|
|
109 |
$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=/" $CONF_FILE
|
|
|
110 |
$SED "s/^MAIL_PASSWORD=.*/MAIL_PASSWORD=/" $CONF_FILE
|
|
|
111 |
$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAIN=$whiteDomain/" $CONF_FILE
|
|
|
112 |
$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=$adminMail/" $CONF_FILE
|
|
|
113 |
$SED "/^SMTP_IP=/ s/^/#/" $LOCAL_IPTABLE_FILE
|
|
|
114 |
$SED "/^SMTP_PORT=/ s/^/#/" $LOCAL_IPTABLE_FILE
|
|
|
115 |
$SED "s/^\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/#\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -d \$SMTP_IP -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
|
|
|
116 |
$SED "s/^\$IPTABLES -A INPUT -p tcp --sport \$SMTP_PORT.*/#\$IPTABLES -A INPUT -p tcp --sport \$SMTP_PORT -s \$SMTP_IP -m conntrack --ctstate ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
|
|
|
117 |
$SED "s/^relayhost =.*/relayhost =/" $POSTFIX_CONF_FILE
|
|
|
118 |
$SED "s/^smtp_tls_security_level =.*/smtp_tls_security_level = may/g" $POSTFIX_CONF_FILE
|
|
|
119 |
$SED "/^smtp_tls_wrappermode = yes/d" $POSTFIX_CONF_FILE
|
|
|
120 |
[ -e ${SASLPATH}/sasl_passwd ] && rm -f ${SASLPATH}/sasl_passwd
|
| 2997 |
rexy |
121 |
elif [[ $TYPE_MAIL -eq 2 ]]; then # Enable mail service (relaying to an extern mail server)
|
| 3001 |
rexy |
122 |
$SED "s/^MAIL=.*/MAIL=on/" $CONF_FILE
|
|
|
123 |
$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=2/" $CONF_FILE
|
| 3016 |
rexy |
124 |
$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=$smtpIP/" $CONF_FILE
|
| 3021 |
rexy |
125 |
$SED "s/^MAIL_SMTP_PORT=.*/MAIL_SMTP_PORT=$smtpPort/" $CONF_FILE
|
| 3016 |
rexy |
126 |
$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=/" $CONF_FILE
|
| 3018 |
rexy |
127 |
$SED "s/^MAIL_PASSWORD=.*/MAIL_PASSWORD=/" $CONF_FILE
|
| 3016 |
rexy |
128 |
$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAIN=$whiteDomain/" $CONF_FILE
|
|
|
129 |
$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=$adminMail/" $CONF_FILE
|
|
|
130 |
$SED "s/^#SMTP_IP=.*/SMTP_IP=$smtpIP/" $LOCAL_IPTABLE_FILE
|
| 3021 |
rexy |
131 |
$SED "s/^#SMTP_PORT=.*/SMTP_PORT=$smtpPort/" $LOCAL_IPTABLE_FILE
|
| 3016 |
rexy |
132 |
$SED "s/^#\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -d \$SMTP_IP -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
|
|
|
133 |
$SED "s/^#\$IPTABLES -A INPUT -p tcp --sport \$SMTP_PORT.*/\$IPTABLES -A INPUT -p tcp --sport \$SMTP_PORT -s \$SMTP_IP -m conntrack --ctstate ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
|
| 3022 |
rexy |
134 |
$SED "s/^relayhost =.*/relayhost = $smtpIP:$smtpPort/g" $POSTFIX_CONF_FILE
|
|
|
135 |
$SED "s/^smtp_tls_security_level =.*/smtp_tls_security_level = may/g" $POSTFIX_CONF_FILE
|
|
|
136 |
$SED "/^smtp_tls_wrappermode = yes/d" $POSTFIX_CONF_FILE
|
| 3016 |
rexy |
137 |
[ -e ${SASLPATH}/sasl_passwd ] && rm -f ${SASLPATH}/sasl_passwd
|
| 2997 |
rexy |
138 |
elif [[ $TYPE_MAIL -eq 3 ]]; then # Enable mail service (using an email address)
|
| 2994 |
rexy |
139 |
$SED "s/^MAIL=.*/MAIL=on/" $CONF_FILE
|
|
|
140 |
$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=3/" $CONF_FILE
|
| 3016 |
rexy |
141 |
$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=$smtpIP/" $CONF_FILE
|
| 3021 |
rexy |
142 |
$SED "s/^MAIL_SMTP_PORT=.*/MAIL_SMTP_PORT=$smtpPort/" $CONF_FILE
|
| 2994 |
rexy |
143 |
$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=$mailAddr/" $CONF_FILE
|
| 3018 |
rexy |
144 |
$SED "s/^MAIL_PASSWORD=.*/MAIL_PASSWORD=$mailMdp/" $CONF_FILE
|
| 2997 |
rexy |
145 |
$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAIN=$whiteDomain/" $CONF_FILE
|
| 2994 |
rexy |
146 |
$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=$adminMail/" $CONF_FILE
|
| 3013 |
rexy |
147 |
$SED "s/^#SMTP_IP=.*/SMTP_IP=$smtpIP/" $LOCAL_IPTABLE_FILE
|
| 3021 |
rexy |
148 |
$SED "s/^#SMTP_PORT=.*/SMTP_PORT=$smtpPort/" $LOCAL_IPTABLE_FILE
|
| 3016 |
rexy |
149 |
$SED "s/^#\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT.*/\$IPTABLES -A OUTPUT -p tcp --dport \$SMTP_PORT -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
|
|
|
150 |
$SED "s/^#\$IPTABLES -A INPUT -p tcp --sport \$SMTP_PORT.*/\$IPTABLES -A INPUT -p tcp --sport \$SMTP_PORT -m conntrack --ctstate ESTABLISHED -j ACCEPT/" $LOCAL_IPTABLE_FILE
|
| 3022 |
rexy |
151 |
$SED "s/^relayhost =.*/relayhost = $smtpIP:$smtpPort/g" $POSTFIX_CONF_FILE
|
|
|
152 |
$SED "s/^smtp_tls_security_level =.*/smtp_tls_security_level = encrypt/g" $POSTFIX_CONF_FILE
|
|
|
153 |
echo "smtp_tls_wrappermode = yes" >> $POSTFIX_CONF_FILE
|
| 2997 |
rexy |
154 |
[ -d ${SASLPATH} ] || mkdir ${SASLPATH}
|
| 3022 |
rexy |
155 |
echo "[${smtpIP}]:${smtpPort} ${mailAddr}:${mailMdp}" > ${SASLPATH}/sasl_passwd
|
| 2997 |
rexy |
156 |
postmap ${SASLPATH}/sasl_passwd
|
| 3001 |
rexy |
157 |
chmod -R 644 ${SASLPATH}
|
|
|
158 |
chown root:root ${SASLPATH}/sasl_passwd*
|
|
|
159 |
chmod 0600 ${SASLPATH}/sasl_passwd*
|
| 2993 |
rexy |
160 |
else
|
|
|
161 |
echo "Erreur ! Aucun type de messagerie sélectionné !"
|
|
|
162 |
exit 0
|
|
|
163 |
fi
|
|
|
164 |
/usr/local/bin/alcasar-iptables.sh
|
| 3016 |
rexy |
165 |
systemctl restart postfix.service
|
| 2993 |
rexy |
166 |
exit 0
|