services work, adding the rest of roles, added postfix for services (signup)
This commit is contained in:
parent
449edc2a5f
commit
632475104d
|
@ -5,7 +5,7 @@
|
|||
service
|
||||
{
|
||||
nick = "BOTSERV"
|
||||
user = "s3rv1c3z"
|
||||
user = "svc"
|
||||
host = "n3tw3rk.1ns3cur1ty.c0rp"
|
||||
gecos = "Bot Service"
|
||||
modes = "+o"
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
service
|
||||
{
|
||||
nick = "CHANSERV"
|
||||
user = "s3rv1c3z"
|
||||
host = "n3tw3rk.1ns3cur1ty.c0rp"
|
||||
user = "svc"
|
||||
host = "s3rv1c3z"
|
||||
gecos = "Channel Registration Service"
|
||||
modes = "+o"
|
||||
channels = "@#services"
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
service
|
||||
{
|
||||
nick = "GLOBAL"
|
||||
user = "s3rv1c3z"
|
||||
user = "svc"
|
||||
host = "n3tw3rk.1ns3cur1ty.c0rp"
|
||||
gecos = "Global Noticer"
|
||||
modes = "+o"
|
||||
|
|
|
@ -6,7 +6,7 @@ service
|
|||
{
|
||||
|
||||
nick = "HOSTSERV"
|
||||
user = "s3rv1c3z"
|
||||
user = "svc"
|
||||
host = "n3tw3rk.1ns3cur1ty.c0rp"
|
||||
gecos = "vHost Service"
|
||||
modes = "+o"
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
service
|
||||
{
|
||||
nick = "MEMOSERV"
|
||||
user = "s3rv1c3z"
|
||||
user = "svc"
|
||||
host = "n3tw3rk.1ns3cur1ty.c0rp"
|
||||
gecos = "Memo Service"
|
||||
modes = "+o"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
service
|
||||
{
|
||||
nick = "NICKSERV"
|
||||
user = "s3rv1c3z"
|
||||
user = "svc"
|
||||
host = "n3tw3rk.1ns3cur1ty.c0rp"
|
||||
gecos = "Nickname Registration Service"
|
||||
modes = "+o"
|
||||
|
|
|
@ -2,7 +2,7 @@ service
|
|||
{
|
||||
|
||||
nick = "OPERSERV"
|
||||
user = "s3rv1c3z"
|
||||
user = "svc"
|
||||
host = "n3tw3rk.1ns3cur1ty.c0rp"
|
||||
gecos = "Operator Service"
|
||||
modes = "+o"
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
.include <hb_conf/hub.resv.conf>
|
||||
.include <hb_conf/hub.services.conf>
|
||||
.include <hb_conf/hub.shared.conf>
|
||||
.include <hb_conf/hub.serverhide.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "hub.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
|
@ -33,16 +34,6 @@ serverinfo {
|
|||
max_topic_length = 192;
|
||||
};
|
||||
|
||||
serverhide {
|
||||
disable_remote_commands = no;
|
||||
flatten_links = no;
|
||||
hidden = no;
|
||||
hide_servers = yes;
|
||||
hide_services = yes;
|
||||
hidden_name = "*.your.real-dns.name";
|
||||
hide_server_ips = yes;
|
||||
};
|
||||
|
||||
connect {
|
||||
name = "g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
host = "100.64.64.3";
|
||||
|
@ -106,7 +97,6 @@ connect {
|
|||
listen {
|
||||
host = "100.64.64.42"; # Oper bouncer
|
||||
port = 6666;
|
||||
#
|
||||
host = "100.64.64.50"; # Console
|
||||
port = 6667;
|
||||
host = "100.64.64.34"; # Services
|
|
@ -0,0 +1,5 @@
|
|||
/* Configuration example located at
|
||||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <include/serverhide.conf>
|
|
@ -0,0 +1,13 @@
|
|||
/* Configuration example located at
|
||||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
serverhide {
|
||||
disable_remote_commands = no;
|
||||
flatten_links = no;
|
||||
hidden = no;
|
||||
hide_servers = yes;
|
||||
hide_services = yes;
|
||||
hidden_name = "*.your.real-dns.name";
|
||||
hide_server_ips = yes;
|
||||
};
|
|
@ -0,0 +1,45 @@
|
|||
/* Configuration example located at
|
||||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <hb_conf/tor-dmz.admin.conf>
|
||||
.include <hb_conf/tor-dmz.auth.conf>
|
||||
.include <hb_conf/tor-dmz.channels.conf>
|
||||
.include <hb_conf/tor-dmz.classes.conf>
|
||||
.include <hb_conf/tor-dmz.cluster.conf>
|
||||
.include <hb_conf/tor-dmz.deny.conf>
|
||||
.include <hb_conf/tor-dmz.exempt.conf>
|
||||
.include <hb_conf/tor-dmz.gecos.conf>
|
||||
.include <hb_conf/tor-dmz.general.conf>
|
||||
.include <hb_conf/tor-dmz.kill.conf>
|
||||
.include <hb_conf/tor-dmz.log.conf>
|
||||
.include <hb_conf/tor-dmz.modules.conf>
|
||||
.include <hb_conf/tor-dmz.motd.conf>
|
||||
.include <hb_conf/tor-dmz.oper.conf>
|
||||
.include <hb_conf/tor-dmz.pseudo.conf>
|
||||
.include <hb_conf/tor-dmz.resv.conf>
|
||||
.include <hb_conf/tor-dmz.services.conf>
|
||||
.include <hb_conf/tor-dmz.shared.conf>
|
||||
.include <hb_conf/tor-dmz.serverhide.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "tor-dmz.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
sid = "13X";
|
||||
description = "n3tw3rk 1ns3cur1ty c0rp0r4t10n t0r dmz";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_description = "General-purpose internet relay chat network";
|
||||
hub = no;
|
||||
default_max_clients = 65465;
|
||||
max_nick_length = 30;
|
||||
max_topic_length = 192;
|
||||
};
|
||||
|
||||
|
||||
listen {
|
||||
host = "100.64.64.42"; # Oper bouncer
|
||||
port = 6666;
|
||||
#
|
||||
host = "100.64.64.50"; # Console
|
||||
port = 6667;
|
||||
};
|
||||
|
|
@ -0,0 +1 @@
|
|||
# dict-type so-name (pathname) dict-function mkmap-function
|
|
@ -0,0 +1,29 @@
|
|||
smtpd_banner = $myhostname ESMTP $mail_name (Netwerk)
|
||||
biff = no
|
||||
append_dot_mydomain = no
|
||||
readme_directory = no
|
||||
compatibility_level = 2
|
||||
smtpd_tls_cert_file = /etc/ssl/certs/postfix.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
smtpd_tls_key_file = /etc/ssl/private/postfix.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
smtpd_tls_security_level = may
|
||||
smtp_tls_CApath = /etc/ssl/certs
|
||||
smtp_tls_security_level = may
|
||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
||||
myhostname = postfix
|
||||
alias_maps = hash:/etc/aliases
|
||||
alias_database = hash:/etc/aliases
|
||||
mydestination = $myhostname, localhost.localdomain, localhost
|
||||
relayhost =
|
||||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 100.64.65.64/26
|
||||
mailbox_size_limit = 0
|
||||
recipient_delimiter = +
|
||||
inet_interfaces = all
|
||||
inet_protocols = all
|
||||
#virtual_transport = lmtp:inet:198.18.66.227:2003 # TODO remote SMTP relay
|
||||
virtual_mailbox_domains = mysql:/postfix/configs/postfix/sql/mysql_virtual_domains_maps.cf
|
||||
virtual_alias_maps = mysql:/postfix/configs/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/postfix/configs/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/postfix/configs/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
|
||||
virtual_mailbox_maps = mysql:/postfix/configs/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/postfix/configs/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
|
||||
smtp_tls_note_starttls_offer = yes
|
||||
smtpd_tls_loglevel = 1
|
||||
smtpd_tls_received_header = yes
|
|
@ -0,0 +1,17 @@
|
|||
compatibility_level = 2
|
||||
command_directory = /usr/sbin
|
||||
daemon_directory = /usr/lib/postfix/sbin
|
||||
data_directory = /var/lib/postfix
|
||||
unknown_local_recipient_reject_code = 550
|
||||
mynetworks = 127.0.0.0/8
|
||||
smtpd_banner = $myhostname ESMTP $mail_name (n3tw3rk 1ns3cur1ty c0rp0r4t10n)
|
||||
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
|
||||
sendmail_path =
|
||||
newaliases_path =
|
||||
mailq_path =
|
||||
setgid_group =
|
||||
html_directory =
|
||||
manpage_directory =
|
||||
sample_directory =
|
||||
readme_directory =
|
||||
inet_protocols = ipv4
|
|
@ -0,0 +1 @@
|
|||
/usr/share/postfix/makedefs.out
|
|
@ -0,0 +1,38 @@
|
|||
smtp inet n - y - - smtpd
|
||||
pickup unix n - y 60 1 pickup
|
||||
cleanup unix n - y - 0 cleanup
|
||||
qmgr unix n - n 300 1 qmgr
|
||||
tlsmgr unix - - y 1000? 1 tlsmgr
|
||||
rewrite unix - - y - - trivial-rewrite
|
||||
bounce unix - - y - 0 bounce
|
||||
defer unix - - y - 0 bounce
|
||||
trace unix - - y - 0 bounce
|
||||
verify unix - - y - 1 verify
|
||||
flush unix n - y 1000? 0 flush
|
||||
proxymap unix - - n - - proxymap
|
||||
proxywrite unix - - n - 1 proxymap
|
||||
smtp unix - - y - - smtp
|
||||
relay unix - - y - - smtp
|
||||
-o syslog_name=postfix/$service_name
|
||||
showq unix n - y - - showq
|
||||
error unix - - y - - error
|
||||
retry unix - - y - - error
|
||||
discard unix - - y - - discard
|
||||
local unix - n n - - local
|
||||
virtual unix - n n - - virtual
|
||||
lmtp unix - - y - - lmtp
|
||||
anvil unix - - y - 1 anvil
|
||||
scache unix - - y - 1 scache
|
||||
postlog unix-dgram n - n - 1 postlogd
|
||||
maildrop unix - n n - - pipe
|
||||
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
|
||||
uucp unix - n n - - pipe
|
||||
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
||||
ifmail unix - n n - - pipe
|
||||
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
||||
bsmtp unix - n n - - pipe
|
||||
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
|
||||
scalemail-backend unix - n n - 2 pipe
|
||||
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
|
||||
mailman unix - n n - - pipe
|
||||
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
|
|
@ -0,0 +1,38 @@
|
|||
smtp inet n - y - - smtpd
|
||||
pickup unix n - y 60 1 pickup
|
||||
cleanup unix n - y - 0 cleanup
|
||||
qmgr unix n - n 300 1 qmgr
|
||||
tlsmgr unix - - y 1000? 1 tlsmgr
|
||||
rewrite unix - - y - - trivial-rewrite
|
||||
bounce unix - - y - 0 bounce
|
||||
defer unix - - y - 0 bounce
|
||||
trace unix - - y - 0 bounce
|
||||
verify unix - - y - 1 verify
|
||||
flush unix n - y 1000? 0 flush
|
||||
proxymap unix - - n - - proxymap
|
||||
proxywrite unix - - n - 1 proxymap
|
||||
smtp unix - - y - - smtp
|
||||
relay unix - - y - - smtp
|
||||
-o syslog_name=postfix/$service_name
|
||||
showq unix n - y - - showq
|
||||
error unix - - y - - error
|
||||
retry unix - - y - - error
|
||||
discard unix - - y - - discard
|
||||
local unix - n n - - local
|
||||
virtual unix - n n - - virtual
|
||||
lmtp unix - - y - - lmtp
|
||||
anvil unix - - y - 1 anvil
|
||||
scache unix - - y - 1 scache
|
||||
postlog unix-dgram n - n - 1 postlogd
|
||||
maildrop unix - n n - - pipe
|
||||
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
|
||||
uucp unix - n n - - pipe
|
||||
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
||||
ifmail unix - n n - - pipe
|
||||
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
||||
bsmtp unix - n n - - pipe
|
||||
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
|
||||
scalemail-backend unix - n n - 2 pipe
|
||||
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
|
||||
mailman unix - n n - - pipe
|
||||
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
|
|
@ -0,0 +1,925 @@
|
|||
#!/bin/sh
|
||||
|
||||
# To view the formatted manual page of this file, type:
|
||||
# POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man
|
||||
|
||||
#++
|
||||
# NAME
|
||||
# post-install
|
||||
# SUMMARY
|
||||
# Postfix post-installation script
|
||||
# SYNOPSIS
|
||||
# postfix post-install [name=value] command ...
|
||||
# DESCRIPTION
|
||||
# The post-install script performs the finishing touch of a Postfix
|
||||
# installation, after the executable programs and configuration
|
||||
# files are installed. Usage is one of the following:
|
||||
# .IP o
|
||||
# While installing Postfix from source code on the local machine, the
|
||||
# script is run by the postfix-install script to update selected file
|
||||
# or directory permissions and to update Postfix configuration files.
|
||||
# .IP o
|
||||
# While installing Postfix from a pre-built package, the script is run
|
||||
# by the package management procedure to set all file or directory
|
||||
# permissions and to update Postfix configuration files.
|
||||
# .IP o
|
||||
# The script can be used to change installation parameter settings such
|
||||
# as mail_owner or setgid_group after Postfix is already installed.
|
||||
# .IP o
|
||||
# The script can be used to upgrade configuration files and to upgrade
|
||||
# file/directory permissions of a secondary Postfix instance.
|
||||
# .IP o
|
||||
# At Postfix start-up time, the script is run from "postfix check" to
|
||||
# create missing queue directories.
|
||||
# .PP
|
||||
# The post-install script is controlled by installation parameters.
|
||||
# Specific parameters are described at the end of this document.
|
||||
# All installation parameters must be specified ahead of time via
|
||||
# one of the methods described below.
|
||||
#
|
||||
# Arguments
|
||||
# .IP create-missing
|
||||
# Create missing queue directories with ownerships and permissions
|
||||
# according to the contents of $meta_directory/postfix-files
|
||||
# and optionally in $meta_directory/postfix-files.d/*, using
|
||||
# the mail_owner and setgid_group parameter settings from the
|
||||
# command line, process environment or from the installed
|
||||
# main.cf file.
|
||||
#
|
||||
# This is required at Postfix start-up time.
|
||||
# .IP set-permissions
|
||||
# Set all file/directory ownerships and permissions according to the
|
||||
# contents of $meta_directory/postfix-files and optionally
|
||||
# in $meta_directory/postfix-files.d/*, using the mail_owner
|
||||
# and setgid_group parameter settings from the command line,
|
||||
# process environment or from the installed main.cf file.
|
||||
# Implies create-missing.
|
||||
#
|
||||
# This is required when installing Postfix from a pre-built package,
|
||||
# or when changing the mail_owner or setgid_group installation parameter
|
||||
# settings after Postfix is already installed.
|
||||
# .IP upgrade-permissions
|
||||
# Update ownership and permission of existing files/directories as
|
||||
# specified in $meta_directory/postfix-files and optionally
|
||||
# in $meta_directory/postfix-files.d/*, using the mail_owner
|
||||
# and setgid_group parameter settings from the command line,
|
||||
# process environment or from the installed main.cf file.
|
||||
# Implies create-missing.
|
||||
#
|
||||
# This is required when upgrading an existing Postfix instance.
|
||||
# .IP upgrade-configuration
|
||||
# Edit the installed main.cf and master.cf files, in order to account
|
||||
# for missing services and to fix deprecated parameter settings.
|
||||
#
|
||||
# This is required when upgrading an existing Postfix instance.
|
||||
# .IP upgrade-source
|
||||
# Short-hand for: upgrade-permissions upgrade-configuration.
|
||||
#
|
||||
# This is recommended when upgrading Postfix from source code.
|
||||
# .IP upgrade-package
|
||||
# Short-hand for: set-permissions upgrade-configuration.
|
||||
#
|
||||
# This is recommended when upgrading Postfix from a pre-built package.
|
||||
# .IP first-install-reminder
|
||||
# Remind the user that they still need to configure main.cf and the
|
||||
# aliases file, and that newaliases still needs to be run.
|
||||
#
|
||||
# This is recommended when Postfix is installed for the first time.
|
||||
# MULTIPLE POSTFIX INSTANCES
|
||||
# .ad
|
||||
# .fi
|
||||
# Multiple Postfix instances on the same machine can share command and
|
||||
# daemon program files but must have separate configuration and queue
|
||||
# directories.
|
||||
#
|
||||
# To create a secondary Postfix installation on the same machine,
|
||||
# copy the configuration files from the primary Postfix instance to
|
||||
# a secondary configuration directory and execute:
|
||||
#
|
||||
# postfix post-install config_directory=secondary-config-directory \e
|
||||
# .in +4
|
||||
# queue_directory=secondary-queue-directory \e
|
||||
# .br
|
||||
# create-missing
|
||||
# .PP
|
||||
# This creates secondary Postfix queue directories, sets their access
|
||||
# permissions, and saves the specified installation parameters to the
|
||||
# secondary main.cf file.
|
||||
#
|
||||
# Be sure to list the secondary configuration directory in the
|
||||
# alternate_config_directories parameter in the primary main.cf file.
|
||||
#
|
||||
# To upgrade a secondary Postfix installation on the same machine,
|
||||
# execute:
|
||||
#
|
||||
# postfix post-install config_directory=secondary-config-directory \e
|
||||
# .in +4
|
||||
# upgrade-permissions upgrade-configuration
|
||||
# INSTALLATION PARAMETER INPUT METHODS
|
||||
# .ad
|
||||
# .fi
|
||||
# Parameter settings can be specified through a variety of
|
||||
# mechanisms. In order of decreasing precedence these are:
|
||||
# .IP "command line"
|
||||
# Parameter settings can be given as name=value arguments on
|
||||
# the post-install command line. These have the highest precedence.
|
||||
# Settings that override the installed main.cf file are saved.
|
||||
# .IP "process environment"
|
||||
# Parameter settings can be given as name=value environment
|
||||
# variables.
|
||||
# Settings that override the installed main.cf file are saved.
|
||||
# .IP "installed configuration files"
|
||||
# If a parameter is not specified via the command line or via the
|
||||
# process environment, post-install will attempt to extract its
|
||||
# value from the already installed Postfix main.cf configuration file.
|
||||
# These settings have the lowest precedence.
|
||||
# INSTALLATION PARAMETER DESCRIPTION
|
||||
# .ad
|
||||
# .fi
|
||||
# The description of installation parameters is as follows:
|
||||
# .IP config_directory
|
||||
# The directory for Postfix configuration files.
|
||||
# .IP daemon_directory
|
||||
# The directory for Postfix daemon programs. This directory
|
||||
# should not be in the command search path of any users.
|
||||
# .IP command_directory
|
||||
# The directory for Postfix administrative commands. This
|
||||
# directory should be in the command search path of adminstrative users.
|
||||
# .IP queue_directory
|
||||
# The directory for Postfix queues.
|
||||
# .IP data_directory
|
||||
# The directory for Postfix writable data files (caches, etc.).
|
||||
# .IP sendmail_path
|
||||
# The full pathname for the Postfix sendmail command.
|
||||
# This is the Sendmail-compatible mail posting interface.
|
||||
# .IP newaliases_path
|
||||
# The full pathname for the Postfix newaliases command.
|
||||
# This is the Sendmail-compatible command to build alias databases
|
||||
# for the Postfix local delivery agent.
|
||||
# .IP mailq_path
|
||||
# The full pathname for the Postfix mailq command.
|
||||
# This is the Sendmail-compatible command to list the mail queue.
|
||||
# .IP mail_owner
|
||||
# The owner of the Postfix queue. Its numerical user ID and group ID
|
||||
# must not be used by any other accounts on the system.
|
||||
# .IP setgid_group
|
||||
# The group for mail submission and for queue management commands.
|
||||
# Its numerical group ID must not be used by any other accounts on the
|
||||
# system, not even by the mail_owner account.
|
||||
# .IP html_directory
|
||||
# The directory for the Postfix HTML files.
|
||||
# .IP manpage_directory
|
||||
# The directory for the Postfix on-line manual pages.
|
||||
# .IP sample_directory
|
||||
# The directory for the Postfix sample configuration files.
|
||||
# This feature is obsolete as of Postfix 2.1.
|
||||
# .IP readme_directory
|
||||
# The directory for the Postfix README files.
|
||||
# .IP shlib_directory
|
||||
# The directory for the Postfix shared-library files, and for
|
||||
# the Postfix dabatase plugin files with a relative pathname
|
||||
# in the file dynamicmaps.cf.
|
||||
# .IP meta_directory
|
||||
# The directory for non-executable files that are shared
|
||||
# among multiple Postfix instances, such as postfix-files,
|
||||
# dynamicmaps.cf, as well as the multi-instance template files
|
||||
# main.cf.proto and master.cf.proto.
|
||||
# SEE ALSO
|
||||
# postfix-install(1) Postfix primary installation script.
|
||||
# FILES
|
||||
# $config_directory/main.cf, Postfix installation parameters.
|
||||
# $meta_directory/postfix-files, installation control file.
|
||||
# $meta_directory/postfix-files.d/*, optional control files.
|
||||
# $config_directory/install.cf, obsolete configuration file.
|
||||
# LICENSE
|
||||
# .ad
|
||||
# .fi
|
||||
# The Secure Mailer license must be distributed with this software.
|
||||
# AUTHOR(S)
|
||||
# Wietse Venema
|
||||
# IBM T.J. Watson Research
|
||||
# P.O. Box 704
|
||||
# Yorktown Heights, NY 10598, USA
|
||||
#
|
||||
# Wietse Venema
|
||||
# Google, Inc.
|
||||
# 111 8th Avenue
|
||||
# New York, NY 10011, USA
|
||||
#--
|
||||
|
||||
umask 022
|
||||
|
||||
PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
|
||||
SHELL=/bin/sh
|
||||
IFS="
|
||||
"
|
||||
BACKUP_IFS="$IFS"
|
||||
debug=:
|
||||
#debug=echo
|
||||
MOST_PARAMETERS="command_directory daemon_directory data_directory
|
||||
html_directory mail_owner mailq_path manpage_directory
|
||||
newaliases_path queue_directory readme_directory sample_directory
|
||||
sendmail_path setgid_group shlib_directory meta_directory"
|
||||
NON_SHARED="config_directory queue_directory data_directory"
|
||||
|
||||
USAGE="Usage: $0 [name=value] command
|
||||
create-missing Create missing queue directories.
|
||||
upgrade-source When installing or upgrading from source code.
|
||||
upgrade-package When installing or upgrading from pre-built package.
|
||||
first-install-reminder Remind of mandatory first-time configuration steps.
|
||||
name=value Specify an installation parameter".
|
||||
|
||||
# Process command-line options and parameter settings. Work around
|
||||
# brain damaged shells. "IFS=value command" should not make the
|
||||
# IFS=value setting permanent. But some broken standard allows it.
|
||||
|
||||
create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
|
||||
obsolete=; keep_list=;
|
||||
|
||||
for arg
|
||||
do
|
||||
case $arg in
|
||||
*[" "]*) echo $0: "Error: argument contains whitespace: '$arg'"
|
||||
exit 1;;
|
||||
*=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
|
||||
create-missing) create=1;;
|
||||
set-perm*) create=1; set_perms=1;;
|
||||
upgrade-perm*) create=1; upgrade_perms=1;;
|
||||
upgrade-conf*) upgrade_conf=1;;
|
||||
upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;;
|
||||
upgrade-package) create=1; upgrade_conf=1; set_perms=1;;
|
||||
first-install*) first_install_reminder=1;;
|
||||
*) echo "$0: Error: $USAGE" 1>&2; exit 1;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Sanity checks.
|
||||
|
||||
test -n "$create$upgrade_conf$first_install_reminder" || {
|
||||
echo "$0: Error: $USAGE" 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Bootstrapping problem.
|
||||
|
||||
if [ -n "$command_directory" ]
|
||||
then
|
||||
POSTCONF="$command_directory/postconf"
|
||||
else
|
||||
POSTCONF="postconf"
|
||||
fi
|
||||
|
||||
$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
|
||||
echo $0: Error: no $POSTCONF command found. 1>&2
|
||||
echo Re-run this command as $0 command_directory=/some/where. 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Also used to require license etc. files only in the default instance.
|
||||
|
||||
def_config_directory=`$POSTCONF -d -h config_directory` || exit 1
|
||||
test -n "$config_directory" ||
|
||||
config_directory="$def_config_directory"
|
||||
|
||||
test -d "$config_directory" || {
|
||||
echo $0: Error: $config_directory is not a directory. 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# If this is a secondary instance, don't touch shared files.
|
||||
# XXX Solaris does not have "test -e".
|
||||
|
||||
instances=`test ! -f $def_config_directory/main.cf ||
|
||||
$POSTCONF -c $def_config_directory -h multi_instance_directories |
|
||||
sed 's/,/ /'` || exit 1
|
||||
|
||||
update_shared_files=1
|
||||
for name in $instances
|
||||
do
|
||||
case "$name" in
|
||||
"$def_config_directory") ;;
|
||||
"$config_directory") update_shared_files=; break;;
|
||||
esac
|
||||
done
|
||||
|
||||
test -f $meta_directory/postfix-files || {
|
||||
echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# SunOS5 fmt(1) truncates lines > 1000 characters.
|
||||
|
||||
fake_fmt() {
|
||||
sed '
|
||||
:top
|
||||
/^\( *\)\([^ ][^ ]*\) */{
|
||||
s//\1\2\
|
||||
\1/
|
||||
P
|
||||
D
|
||||
b top
|
||||
}
|
||||
' | fmt
|
||||
}
|
||||
|
||||
case `uname -s` in
|
||||
HP-UX*) FMT=cat;;
|
||||
SunOS*) FMT=fake_fmt;;
|
||||
*) FMT=fmt;;
|
||||
esac
|
||||
|
||||
# If a parameter is not set via the command line or environment,
|
||||
# try to use settings from installed configuration files.
|
||||
|
||||
# Extract parameter settings from the obsolete install.cf file, as
|
||||
# a transitional aid.
|
||||
|
||||
grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
|
||||
test -f $config_directory/install.cf && {
|
||||
for name in sendmail_path newaliases_path mailq_path setgid manpages
|
||||
do
|
||||
eval junk=\$$name
|
||||
case "$junk" in
|
||||
"") eval unset $name;;
|
||||
esac
|
||||
eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \
|
||||
|| exit 1
|
||||
done
|
||||
: ${setgid_group=$setgid}
|
||||
: ${manpage_directory=$manpages}
|
||||
}
|
||||
}
|
||||
|
||||
# Extract parameter settings from the installed main.cf file.
|
||||
|
||||
test -f $config_directory/main.cf && {
|
||||
for name in $MOST_PARAMETERS
|
||||
do
|
||||
eval junk=\$$name
|
||||
case "$junk" in
|
||||
"") eval unset $name;;
|
||||
esac
|
||||
eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1
|
||||
done
|
||||
}
|
||||
|
||||
# Sanity checks
|
||||
|
||||
case $manpage_directory in
|
||||
no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
|
||||
echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
|
||||
esac
|
||||
|
||||
case $setgid_group in
|
||||
no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
|
||||
echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
|
||||
esac
|
||||
|
||||
for path in "$daemon_directory" "$command_directory" "$queue_directory" \
|
||||
"$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
|
||||
"$meta_directory"
|
||||
do
|
||||
case "$path" in
|
||||
/*) ;;
|
||||
*) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;;
|
||||
esac
|
||||
done
|
||||
|
||||
for path in "$html_directory" "$readme_directory" "$shlib_directory"
|
||||
do
|
||||
case "$path" in
|
||||
/*) ;;
|
||||
no) ;;
|
||||
*) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Find out what parameters were not specified via command line,
|
||||
# via environment, or via installed configuration files.
|
||||
|
||||
missing=
|
||||
for name in $MOST_PARAMETERS
|
||||
do
|
||||
eval test -n \"\$$name\" || missing="$missing $name"
|
||||
done
|
||||
|
||||
# All parameters must be specified at this point.
|
||||
|
||||
test -n "$non_interactive" -a -n "$missing" && {
|
||||
cat <<EOF | ${FMT} 1>&2
|
||||
$0: Error: some required installation parameters are not defined.
|
||||
|
||||
- Either the parameters need to be given in the $config_directory/main.cf
|
||||
file from a recent Postfix installation,
|
||||
|
||||
- Or the parameters need to be specified through the process
|
||||
environment.
|
||||
|
||||
- Or the parameters need to be specified as name=value arguments
|
||||
on the $0 command line,
|
||||
|
||||
The following parameters were missing:
|
||||
|
||||
$missing
|
||||
|
||||
EOF
|
||||
exit 1
|
||||
}
|
||||
|
||||
POSTCONF="$command_directory/postconf"
|
||||
|
||||
# Save settings, allowing command line/environment override.
|
||||
|
||||
# Undo MAIL_VERSION expansion at the end of a parameter value. If
|
||||
# someone really wants the expanded mail version in main.cf, then
|
||||
# we're sorry.
|
||||
|
||||
# Confine side effects from mail_version unexpansion within a subshell.
|
||||
|
||||
(case "$mail_version" in
|
||||
"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
|
||||
esac
|
||||
|
||||
for name in $MOST_PARAMETERS
|
||||
do
|
||||
eval junk=\$$name
|
||||
case "$junk" in
|
||||
*"$mail_version"*)
|
||||
case "$pattern" in
|
||||
"") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1
|
||||
esac
|
||||
val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
|
||||
eval ${name}='"$val"'
|
||||
esac
|
||||
done
|
||||
|
||||
# XXX Maybe update main.cf only with first install, upgrade, set
|
||||
# permissions, and what else? Should there be a warning otherwise?
|
||||
|
||||
override=
|
||||
for name in $MOST_PARAMETERS
|
||||
do
|
||||
eval junk=\"\$$name\"
|
||||
test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || {
|
||||
override=1
|
||||
break
|
||||
}
|
||||
done
|
||||
|
||||
test -n "$override" && {
|
||||
$POSTCONF -c $config_directory -e \
|
||||
"daemon_directory = $daemon_directory" \
|
||||
"command_directory = $command_directory" \
|
||||
"queue_directory = $queue_directory" \
|
||||
"data_directory = $data_directory" \
|
||||
"mail_owner = $mail_owner" \
|
||||
"setgid_group = $setgid_group" \
|
||||
"sendmail_path = $sendmail_path" \
|
||||
"mailq_path = $mailq_path" \
|
||||
"newaliases_path = $newaliases_path" \
|
||||
"html_directory = $html_directory" \
|
||||
"manpage_directory = $manpage_directory" \
|
||||
"sample_directory = $sample_directory" \
|
||||
"readme_directory = $readme_directory" \
|
||||
"shlib_directory = $shlib_directory" \
|
||||
"meta_directory = $meta_directory" \
|
||||
|| exit 1
|
||||
} || exit 0) || exit 1
|
||||
|
||||
# Use file/directory status information in $meta_directory/postfix-files.
|
||||
|
||||
test -n "$create" && {
|
||||
postfix_files_d=$meta_directory/postfix-files.d
|
||||
for postfix_file in $meta_directory/postfix-files \
|
||||
`test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }`
|
||||
do
|
||||
exec <$postfix_file || exit 1
|
||||
while IFS=: read path type owner group mode flags junk
|
||||
do
|
||||
IFS="$BACKUP_IFS"
|
||||
set_permission=
|
||||
# Skip comments. Skip shared files, if updating a secondary instance.
|
||||
case $path in
|
||||
[$]*) case "$update_shared_files" in
|
||||
1) $debug keep non-shared or shared $path;;
|
||||
*) non_shared=
|
||||
for name in $NON_SHARED
|
||||
do
|
||||
case $path in
|
||||
"\$$name"*) non_shared=1; break;;
|
||||
esac
|
||||
done
|
||||
case "$non_shared" in
|
||||
1) $debug keep non-shared $path;;
|
||||
*) $debug skip shared $path; continue;;
|
||||
esac;;
|
||||
esac;;
|
||||
*) continue;;
|
||||
esac
|
||||
# Skip hard links and symbolic links.
|
||||
case $type in
|
||||
[hl]) continue;;
|
||||
[df]) ;;
|
||||
*) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;;
|
||||
esac
|
||||
# Expand $name, and canonicalize null fields.
|
||||
for name in path owner group flags
|
||||
do
|
||||
eval junk=\${$name}
|
||||
case $junk in
|
||||
[$]*) eval $name=$junk;;
|
||||
-) eval $name=;;
|
||||
*) ;;
|
||||
esac
|
||||
done
|
||||
# Skip uninstalled files.
|
||||
case $path in
|
||||
no|no/*) continue;;
|
||||
esac
|
||||
# Pick up the flags.
|
||||
case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
|
||||
case $flags in *c*) create_flag=1;; *) create_flag=;; esac
|
||||
case $flags in *r*) recursive="-R";; *) recursive=;; esac
|
||||
case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac
|
||||
case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \
|
||||
"$def_config_directory" && continue;; esac
|
||||
# Flag obsolete objects. XXX Solaris 2..9 does not have "test -e".
|
||||
if [ -n "$obsolete_flag" ]
|
||||
then
|
||||
test -r $path -a "$type" != "d" && obsolete="$obsolete $path"
|
||||
continue;
|
||||
else
|
||||
keep_list="$keep_list $path"
|
||||
fi
|
||||
# Create missing directories with proper owner/group/mode settings.
|
||||
if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
|
||||
then
|
||||
mkdir $path || exit 1
|
||||
set_permission=1
|
||||
# Update all owner/group/mode settings.
|
||||
elif [ -n "$set_perms" ]
|
||||
then
|
||||
set_permission=1
|
||||
# Update obsolete owner/group/mode settings.
|
||||
elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ]
|
||||
then
|
||||
set_permission=1
|
||||
fi
|
||||
test -n "$set_permission" && {
|
||||
chown $recursive $owner $path || exit 1
|
||||
test -z "$group" || chgrp $recursive $group $path || exit 1
|
||||
# Don't "chmod -R"; queue file status is encoded in mode bits.
|
||||
if [ "$type" = "d" -a -n "$recursive" ]
|
||||
then
|
||||
find $path -type d -exec chmod $mode "{}" ";"
|
||||
else
|
||||
chmod $mode $path
|
||||
fi || exit 1
|
||||
}
|
||||
done
|
||||
IFS="$BACKUP_IFS"
|
||||
done
|
||||
}
|
||||
|
||||
# Upgrade existing Postfix configuration files if necessary.
|
||||
|
||||
test -n "$upgrade_conf" && {
|
||||
|
||||
# Postfix 2.0.
|
||||
# Add missing relay service to master.cf.
|
||||
|
||||
grep '^relay' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for relay service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
relay unix - - n - - smtp
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 1.1.
|
||||
# Add missing flush service to master.cf.
|
||||
|
||||
grep '^flush.*flush' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for flush service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
flush unix - - n 1000? 0 flush
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.1.
|
||||
# Add missing trace service to master.cf.
|
||||
|
||||
grep 'trace.*bounce' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for trace service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
trace unix - - n - 0 bounce
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.1.
|
||||
# Add missing verify service to master.cf.
|
||||
|
||||
grep '^verify.*verify' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for verify service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
verify unix - - n - 1 verify
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.1.
|
||||
# Fix verify service process limit.
|
||||
|
||||
grep '^verify.*[ ]0[ ]*verify' \
|
||||
$config_directory/master.cf >/dev/null && {
|
||||
echo Editing $config_directory/master.cf, setting verify process limit to 1
|
||||
ed $config_directory/master.cf <<EOF || exit 1
|
||||
/^verify.*[ ]0[ ]*verify/
|
||||
s/\([ ]\)0\([ ]\)/\11\2/
|
||||
p
|
||||
w
|
||||
q
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 1.1.
|
||||
# Change privileged pickup service into unprivileged.
|
||||
|
||||
grep "^pickup[ ]*fifo[ ]*n[ ]*n" \
|
||||
$config_directory/master.cf >/dev/null && {
|
||||
echo Editing $config_directory/master.cf, making the pickup service unprivileged
|
||||
ed $config_directory/master.cf <<EOF || exit 1
|
||||
/^pickup[ ]*fifo[ ]*n[ ]*n/
|
||||
s/\(n[ ]*\)n/\1-/
|
||||
p
|
||||
w
|
||||
q
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 1.1.
|
||||
# Change private cleanup and flush services into public.
|
||||
|
||||
for name in cleanup flush
|
||||
do
|
||||
grep "^$name[ ]*unix[ ]*[-y]" \
|
||||
$config_directory/master.cf >/dev/null && {
|
||||
echo Editing $config_directory/master.cf, making the $name service public
|
||||
ed $config_directory/master.cf <<EOF || exit 1
|
||||
/^$name[ ]*unix[ ]*[-y]/
|
||||
s/[-y]/n/
|
||||
p
|
||||
w
|
||||
q
|
||||
EOF
|
||||
}
|
||||
done
|
||||
|
||||
# Postfix 2.2.
|
||||
# File systems have improved since Postfix came out, and all we
|
||||
# require now is that defer and deferred are hashed because those
|
||||
# can contain lots of files.
|
||||
|
||||
found=`$POSTCONF -c $config_directory -h hash_queue_names`
|
||||
missing=
|
||||
(echo "$found" | grep defer >/dev/null) || missing="$missing defer"
|
||||
(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
|
||||
test -n "$missing" && {
|
||||
echo fixing main.cf hash_queue_names for missing $missing
|
||||
$POSTCONF -c $config_directory -e hash_queue_names="$found$missing" ||
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Turn on safety nets for new features that could bounce mail that
|
||||
# would be accepted by a previous Postfix version.
|
||||
|
||||
# [The "unknown_local_recipient_reject_code = 450" safety net,
|
||||
# introduced with Postfix 2.0 and deleted after Postfix 2.3.]
|
||||
|
||||
# Postfix 2.0.
|
||||
# Add missing proxymap service to master.cf.
|
||||
|
||||
grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for proxymap service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
proxymap unix - - n - - proxymap
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.1.
|
||||
# Add missing anvil service to master.cf.
|
||||
|
||||
grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for anvil service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
anvil unix - - n - 1 anvil
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.2.
|
||||
# Add missing scache service to master.cf.
|
||||
|
||||
grep '^scache.*scache' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for scache service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
scache unix - - n - 1 scache
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.2.
|
||||
# Add missing discard service to master.cf.
|
||||
|
||||
grep '^discard.*discard' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for discard service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
discard unix - - n - - discard
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.2.
|
||||
# Update the tlsmgr fifo->unix service.
|
||||
|
||||
grep "^tlsmgr[ ]*fifo[ ]" \
|
||||
$config_directory/master.cf >/dev/null && {
|
||||
echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service
|
||||
ed $config_directory/master.cf <<EOF || exit 1
|
||||
/^tlsmgr[ ]*fifo[ ]/
|
||||
s/fifo/unix/
|
||||
s/[0-9][0-9]*/&?/
|
||||
p
|
||||
w
|
||||
q
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.2.
|
||||
# Add missing tlsmgr service to master.cf.
|
||||
|
||||
grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
tlsmgr unix - - n 1000? 1 tlsmgr
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.2.
|
||||
# Add missing retry service to master.cf.
|
||||
|
||||
grep '^retry.*error' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for retry service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
retry unix - - n - - error
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.5.
|
||||
# Add missing proxywrite service to master.cf.
|
||||
|
||||
grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for proxywrite service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
proxywrite unix - - n - 1 proxymap
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.5.
|
||||
# Fix a typo in the default master.cf proxywrite entry.
|
||||
|
||||
grep '^proxywrite.*-[ ]*proxymap' $config_directory/master.cf >/dev/null && {
|
||||
echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
|
||||
ed $config_directory/master.cf <<EOF || exit 1
|
||||
/^proxywrite.*-[ ]*proxymap/
|
||||
s/-\([ ]*proxymap\)/1\1/
|
||||
p
|
||||
w
|
||||
q
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.8.
|
||||
# Add missing postscreen service to master.cf.
|
||||
|
||||
grep '^#*smtp.*postscreen' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
#smtp inet n - n - 1 postscreen
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.8.
|
||||
# Add missing smtpd (unix-domain) service to master.cf.
|
||||
|
||||
grep '^#*smtpd.*smtpd' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
#smtpd pass - - n - - smtpd
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.8.
|
||||
# Add temporary dnsblog (unix-domain) service to master.cf.
|
||||
|
||||
grep '^#*dnsblog.*dnsblog' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
#dnsblog unix - - n - 0 dnsblog
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.8.
|
||||
# Add tlsproxy (unix-domain) service to master.cf.
|
||||
|
||||
grep '^#*tlsproxy.*tlsproxy' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
#tlsproxy unix - - n - 0 tlsproxy
|
||||
EOF
|
||||
}
|
||||
|
||||
# Report (but do not remove) obsolete files.
|
||||
|
||||
test -n "$obsolete" && {
|
||||
cat <<EOF | ${FMT}
|
||||
|
||||
Note: the following files or directories still exist but are
|
||||
no longer part of Postfix:
|
||||
|
||||
$obsolete
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
# Postfix 2.9.
|
||||
# Safety net for incompatible changes in IPv6 defaults.
|
||||
# PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
|
||||
# UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
|
||||
# BEFORE 2.9.
|
||||
# This code assumes that the default is "inet_protocols = ipv4"
|
||||
# when IPv6 support is not compiled in. See util/sys_defs.h.
|
||||
|
||||
test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
|
||||
test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || {
|
||||
cat <<EOF | ${FMT}
|
||||
COMPATIBILITY: editing $config_directory/main.cf, setting
|
||||
inet_protocols=ipv4. Specify inet_protocols explicitly if you
|
||||
want to enable IPv6.
|
||||
In a future release IPv6 will be enabled by default.
|
||||
EOF
|
||||
$POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
|
||||
}
|
||||
|
||||
# Disabled because unhelpful down-stream maintainers disable the safety net.
|
||||
# # Postfix 2.10.
|
||||
# # Safety net for incompatible changes due to the introduction
|
||||
# # of the smtpd_relay_restrictions feature to separate the
|
||||
# # mail relay policy from the spam blocking policy.
|
||||
# # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
|
||||
# # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
|
||||
# # POSTFIX BEFORE 2.10.
|
||||
# test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
|
||||
# cat <<EOF | ${FMT}
|
||||
# COMPATIBILITY: editing $config_directory/main.cf, overriding
|
||||
# smtpd_relay_restrictions to prevent inbound mail from
|
||||
# unexpectedly bouncing.
|
||||
# Specify an empty smtpd_relay_restrictions value to keep using
|
||||
# smtpd_recipient_restrictions as before.
|
||||
#EOF
|
||||
# $POSTCONF -c $config_directory "smtpd_relay_restrictions = \
|
||||
# permit_mynetworks permit_sasl_authenticated \
|
||||
# defer_unauth_destination" || exit 1
|
||||
# }
|
||||
|
||||
# Postfix 3.4
|
||||
# Add a postlog service entry.
|
||||
|
||||
grep '^postlog' $config_directory/master.cf >/dev/null || {
|
||||
echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service
|
||||
cat >>$config_directory/master.cf <<EOF || exit 1
|
||||
postlog unix-dgram n - n - 1 postlogd
|
||||
EOF
|
||||
}
|
||||
}
|
||||
|
||||
# A reminder if this is the first time Postfix is being installed.
|
||||
|
||||
test -n "$first_install_reminder" && {
|
||||
|
||||
ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
|
||||
NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
|
||||
cat <<EOF | ${FMT}
|
||||
|
||||
Warning: you still need to edit myorigin/mydestination/mynetworks
|
||||
parameter settings in $config_directory/main.cf.
|
||||
|
||||
See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
|
||||
for information about dialup sites or about sites inside a
|
||||
firewalled network.
|
||||
|
||||
BTW: Check your $ALIASES file and be sure to set up aliases
|
||||
that send mail for root and postmaster to a real person, then
|
||||
run $NEWALIASES_PATH.
|
||||
|
||||
EOF
|
||||
|
||||
}
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,223 @@
|
|||
#
|
||||
# Do not edit this file.
|
||||
#
|
||||
# This file controls the postfix-install script for installation of
|
||||
# Postfix programs, configuration files and documentation, as well
|
||||
# as the post-install script for setting permissions and for updating
|
||||
# Postfix configuration files. See the respective manual pages within
|
||||
# the script files.
|
||||
#
|
||||
# Do not list $command_directory or $shlib_directory in this file,
|
||||
# or it will be blown away by a future Postfix uninstallation
|
||||
# procedure. You would not want to lose all files in /usr/sbin or
|
||||
# /usr/local/lib.
|
||||
#
|
||||
# Each record in this file describes one file or directory.
|
||||
# Fields are separated by ":". Specify a null field as "-".
|
||||
# Missing fields or separators at the end are OK.
|
||||
#
|
||||
# File format:
|
||||
# name:type:owner:group:permission:flags
|
||||
# No group means don't change group ownership.
|
||||
#
|
||||
# File types:
|
||||
# d=directory
|
||||
# f=regular file
|
||||
# h=hard link (*)
|
||||
# l=symbolic link (*)
|
||||
#
|
||||
# (*) With hard links and symbolic links, the owner field becomes the
|
||||
# source pathname, while the group and permissions are ignored.
|
||||
#
|
||||
# File flags:
|
||||
# No flag means the flag is not active.
|
||||
# p=preserve existing file, do not replace (postfix-install).
|
||||
# u=update owner/group/mode (post-install upgrade-permissions).
|
||||
# c=create missing directory (post-install create-missing).
|
||||
# r=apply owner/group recursively (post-install set/upgrade-permissions).
|
||||
# o=obsolete, no longer part of Postfix
|
||||
# 1=optional for non-default instance (config_dir != built-in default).
|
||||
#
|
||||
# Note: the "u" flag is for upgrading the permissions of existing files
|
||||
# or directories after changes in Postfix architecture. For robustness
|
||||
# it is a good idea to "u" all the files that have special ownership or
|
||||
# permissions, so that running "make install" fixes any glitches.
|
||||
#
|
||||
# Note: order matters. Update shared libraries and database plugins
|
||||
# before daemon/command-line programs.
|
||||
$config_directory:d:root:-:755:u
|
||||
$data_directory:d:$mail_owner:-:700:uc
|
||||
$daemon_directory:d:root:-:755:u
|
||||
$queue_directory:d:root:-:755:uc
|
||||
$queue_directory/active:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/bounce:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/corrupt:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/defer:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/deferred:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/flush:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/hold:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/incoming:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/private:d:$mail_owner:-:700:uc
|
||||
$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
|
||||
$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
|
||||
$queue_directory/pid:d:root:-:755:uc
|
||||
$queue_directory/saved:d:$mail_owner:-:700:ucr
|
||||
$queue_directory/trace:d:$mail_owner:-:700:ucr
|
||||
# Update shared libraries and plugins before daemon or command-line programs.
|
||||
$shlib_directory/libpostfix-util.so:f:root:-:755
|
||||
$shlib_directory/libpostfix-global.so:f:root:-:755
|
||||
$shlib_directory/libpostfix-dns.so:f:root:-:755
|
||||
$shlib_directory/libpostfix-tls.so:f:root:-:755
|
||||
$shlib_directory/libpostfix-master.so:f:root:-:755
|
||||
$meta_directory/dynamicmaps.cf.d:d:root:-:755
|
||||
$meta_directory/dynamicmaps.cf:f:root:-:644
|
||||
$meta_directory/main.cf.proto:f:root:-:644
|
||||
$meta_directory/makedefs.out:f:root:-:644
|
||||
$meta_directory/master.cf.proto:f:root:-:644
|
||||
$meta_directory/postfix-files.d:d:root:-:755
|
||||
$meta_directory/postfix-files:f:root:-:644
|
||||
$daemon_directory/anvil:f:root:-:755
|
||||
$daemon_directory/bounce:f:root:-:755
|
||||
$daemon_directory/cleanup:f:root:-:755
|
||||
$daemon_directory/discard:f:root:-:755
|
||||
$daemon_directory/dnsblog:f:root:-:755
|
||||
$daemon_directory/error:f:root:-:755
|
||||
$daemon_directory/flush:f:root:-:755
|
||||
$daemon_directory/local:f:root:-:755
|
||||
$daemon_directory/main.cf:f:root:-:644:o
|
||||
$daemon_directory/master.cf:f:root:-:644:o
|
||||
$daemon_directory/master:f:root:-:755
|
||||
$daemon_directory/oqmgr:f:root:-:755
|
||||
$daemon_directory/pickup:f:root:-:755
|
||||
$daemon_directory/pipe:f:root:-:755
|
||||
$daemon_directory/post-install:f:root:-:755
|
||||
# In case meta_directory == daemon_directory.
|
||||
#$daemon_directory/postfix-files:f:root:-:644:o
|
||||
#$daemon_directory/postfix-files.d:d:root:-:755:o
|
||||
$daemon_directory/postfix-script:f:root:-:755
|
||||
$daemon_directory/postfix-tls-script:f:root:-:755
|
||||
$daemon_directory/postfix-wrapper:f:root:-:755
|
||||
$daemon_directory/postmulti-script:f:root:-:755
|
||||
$daemon_directory/postlogd:f:root:-:755
|
||||
$daemon_directory/postscreen:f:root:-:755
|
||||
$daemon_directory/proxymap:f:root:-:755
|
||||
$daemon_directory/qmgr:f:root:-:755
|
||||
$daemon_directory/qmqpd:f:root:-:755
|
||||
$daemon_directory/scache:f:root:-:755
|
||||
$daemon_directory/showq:f:root:-:755
|
||||
$daemon_directory/smtp:f:root:-:755
|
||||
$daemon_directory/smtpd:f:root:-:755
|
||||
$daemon_directory/spawn:f:root:-:755
|
||||
$daemon_directory/tlsproxy:f:root:-:755
|
||||
$daemon_directory/tlsmgr:f:root:-:755
|
||||
$daemon_directory/trivial-rewrite:f:root:-:755
|
||||
$daemon_directory/verify:f:root:-:755
|
||||
$daemon_directory/virtual:f:root:-:755
|
||||
$daemon_directory/nqmgr:h:$daemon_directory/qmgr
|
||||
$daemon_directory/lmtp:h:$daemon_directory/smtp
|
||||
$command_directory/postalias:f:root:-:755
|
||||
$command_directory/postcat:f:root:-:755
|
||||
$command_directory/postconf:f:root:-:755
|
||||
$command_directory/postfix:f:root:-:755
|
||||
$command_directory/postkick:f:root:-:755
|
||||
$command_directory/postlock:f:root:-:755
|
||||
$command_directory/postlog:f:root:-:755
|
||||
$command_directory/postmap:f:root:-:755
|
||||
$command_directory/postmulti:f:root:-:755
|
||||
$command_directory/postsuper:f:root:-:755
|
||||
$command_directory/postdrop:f:root:$setgid_group:2755:u
|
||||
$command_directory/postqueue:f:root:$setgid_group:2755:u
|
||||
$sendmail_path:f:root:-:755
|
||||
$newaliases_path:l:$sendmail_path
|
||||
$mailq_path:l:$sendmail_path
|
||||
# Empty files not shipped in Debian
|
||||
#$config_directory/access:f:root:-:644:p1
|
||||
#$config_directory/aliases:f:root:-:644:p1
|
||||
#$config_directory/bounce.cf.default:f:root:-:644:1
|
||||
#$config_directory/canonical:f:root:-:644:p1
|
||||
#$config_directory/cidr_table:f:root:-:644:o
|
||||
#$config_directory/generic:f:root:-:644:p1
|
||||
#$config_directory/generics:f:root:-:644:o
|
||||
#$config_directory/header_checks:f:root:-:644:p1
|
||||
#$config_directory/install.cf:f:root:-:644:o
|
||||
#$config_directory/main.cf.default:f:root:-:644:1
|
||||
$config_directory/main.cf:f:root:-:644:p
|
||||
$config_directory/master.cf:f:root:-:644:p
|
||||
#$config_directory/regexp_table:f:root:-:644:o
|
||||
#$config_directory/relocated:f:root:-:644:p1
|
||||
#$config_directory/tcp_table:f:root:-:644:o
|
||||
#$config_directory/transport:f:root:-:644:p1
|
||||
#$config_directory/virtual:f:root:-:644:p1
|
||||
$config_directory/postfix-script:f:root:-:755:o
|
||||
#$config_directory/postfix-script-sgid:f:root:-:755:o
|
||||
#$config_directory/postfix-script-nosgid:f:root:-:755:o
|
||||
$config_directory/post-install:f:root:-:755:o
|
||||
$manpage_directory/man1/mailq.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/newaliases.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postalias.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postcat.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postconf.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postdrop.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postfix.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postfix-tls.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postkick.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postlock.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postlog.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postmap.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postmulti.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postqueue.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/postsuper.1.gz:f:root:-:644
|
||||
$manpage_directory/man1/sendmail.1.gz:f:root:-:644
|
||||
$manpage_directory/man5/access.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/aliases.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/body_checks.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/bounce.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/canonical.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/cidr_table.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/generics.5.gz:f:root:-:644:o
|
||||
$manpage_directory/man5/generic.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/header_checks.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/master.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/memcache_table.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/nisplus_table.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/postconf.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/postfix-wrapper.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/regexp_table.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/relocated.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/tcp_table.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/transport.5.gz:f:root:-:644
|
||||
$manpage_directory/man5/virtual.5.gz:f:root:-:644
|
||||
$manpage_directory/man8/bounce.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/cleanup.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/anvil.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/defer.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/discard.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/dnsblog.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/error.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/flush.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/lmtp.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/local.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/master.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/nqmgr.8postfix.gz:f:root:-:644:o
|
||||
$manpage_directory/man8/oqmgr.8postfix.gz:f:root:-:644:
|
||||
$manpage_directory/man8/pickup.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/pipe.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/postlogd.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/postfix-add-filter.8.gz:f:root:-:644
|
||||
$manpage_directory/man8/postfix-add-policy.8.gz:f:root:-:644
|
||||
$manpage_directory/man8/postscreen.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/proxymap.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/qmgr.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/qmqpd.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/scache.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/showq.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/smtp.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/smtpd.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/spawn.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/tlsproxy.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/tlsmgr.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/trace.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/trivial-rewrite.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/verify.8postfix.gz:f:root:-:644
|
||||
$manpage_directory/man8/virtual.8postfix.gz:f:root:-:644
|
|
@ -0,0 +1,478 @@
|
|||
#!/bin/sh
|
||||
|
||||
#++
|
||||
# NAME
|
||||
# postfix-script 1
|
||||
# SUMMARY
|
||||
# execute Postfix administrative commands
|
||||
# SYNOPSIS
|
||||
# \fBpostfix-script\fR \fIcommand\fR
|
||||
# DESCRIPTION
|
||||
# The \fBpostfix-script\fR script executes Postfix administrative
|
||||
# commands in an environment that is set up by the \fBpostfix\fR(1)
|
||||
# command.
|
||||
# SEE ALSO
|
||||
# master(8) Postfix master program
|
||||
# postfix(1) Postfix administrative interface
|
||||
# LICENSE
|
||||
# .ad
|
||||
# .fi
|
||||
# The Secure Mailer license must be distributed with this software.
|
||||
# AUTHOR(S)
|
||||
# Wietse Venema
|
||||
# IBM T.J. Watson Research
|
||||
# P.O. Box 704
|
||||
# Yorktown Heights, NY 10598, USA
|
||||
#
|
||||
# Wietse Venema
|
||||
# Google, Inc.
|
||||
# 111 8th Avenue
|
||||
# New York, NY 10011, USA
|
||||
#--
|
||||
|
||||
# Avoid POSIX death due to SIGHUP when some parent process exits.
|
||||
|
||||
trap '' 1
|
||||
|
||||
case $daemon_directory in
|
||||
"") echo This script must be run by the postfix command. 1>&2
|
||||
echo Do not run directly. 1>&2
|
||||
exit 1
|
||||
esac
|
||||
|
||||
LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script"
|
||||
INFO="$LOGGER -p info"
|
||||
WARN="$LOGGER -p warn"
|
||||
ERROR="$LOGGER -p error"
|
||||
FATAL="$LOGGER -p fatal"
|
||||
PANIC="$LOGGER -p panic"
|
||||
|
||||
if [ "X${1#quiet-}" != "X${1}" ]; then
|
||||
INFO=:
|
||||
x=${1#quiet-}
|
||||
shift
|
||||
set -- $x "$@"
|
||||
fi
|
||||
|
||||
umask 022
|
||||
SHELL=/bin/sh
|
||||
|
||||
#
|
||||
# Can't do much without these in place.
|
||||
#
|
||||
cd $command_directory || {
|
||||
$FATAL no Postfix command directory $command_directory!
|
||||
exit 1
|
||||
}
|
||||
cd $daemon_directory || {
|
||||
$FATAL no Postfix daemon directory $daemon_directory!
|
||||
exit 1
|
||||
}
|
||||
test -f master || {
|
||||
$FATAL no Postfix master program $daemon_directory/master!
|
||||
exit 1
|
||||
}
|
||||
cd $config_directory || {
|
||||
$FATAL no Postfix configuration directory $config_directory!
|
||||
exit 1
|
||||
}
|
||||
case $shlib_directory in
|
||||
no) ;;
|
||||
*) cd $shlib_directory || {
|
||||
$FATAL no Postfix shared-library directory $shlib_directory!
|
||||
exit 1
|
||||
}
|
||||
esac
|
||||
cd $meta_directory || {
|
||||
$FATAL no Postfix meta directory $meta_directory!
|
||||
exit 1
|
||||
}
|
||||
cd $queue_directory || {
|
||||
$FATAL no Postfix queue directory $queue_directory!
|
||||
exit 1
|
||||
}
|
||||
def_config_directory=`$command_directory/postconf -dh config_directory` || {
|
||||
$FATAL cannot execute $command_directory/postconf!
|
||||
exit 1
|
||||
}
|
||||
|
||||
# If this is a secondary instance, don't touch shared files.
|
||||
|
||||
instances=`test ! -f $def_config_directory/main.cf ||
|
||||
$command_directory/postconf -c $def_config_directory \
|
||||
-h multi_instance_directories | sed 's/,/ /'` || {
|
||||
$FATAL cannot execute $command_directory/postconf!
|
||||
exit 1
|
||||
}
|
||||
|
||||
check_shared_files=1
|
||||
for name in $instances
|
||||
do
|
||||
case "$name" in
|
||||
"$def_config_directory") ;;
|
||||
"$config_directory") check_shared_files=; break;;
|
||||
esac
|
||||
done
|
||||
|
||||
#
|
||||
# Parse JCL
|
||||
#
|
||||
case $1 in
|
||||
|
||||
start_msg)
|
||||
|
||||
echo "Start postfix"
|
||||
;;
|
||||
|
||||
stop_msg)
|
||||
|
||||
echo "Stop postfix"
|
||||
;;
|
||||
|
||||
quick-start)
|
||||
|
||||
$daemon_directory/master -t 2>/dev/null || {
|
||||
$FATAL the Postfix mail system is already running
|
||||
exit 1
|
||||
}
|
||||
$daemon_directory/postfix-script quick-check || {
|
||||
$FATAL Postfix integrity check failed!
|
||||
exit 1
|
||||
}
|
||||
$INFO starting the Postfix mail system
|
||||
$daemon_directory/master &
|
||||
;;
|
||||
|
||||
start|start-fg)
|
||||
|
||||
$daemon_directory/master -t 2>/dev/null || {
|
||||
$FATAL the Postfix mail system is already running
|
||||
exit 1
|
||||
}
|
||||
if [ -f $queue_directory/quick-start ]
|
||||
then
|
||||
rm -f $queue_directory/quick-start
|
||||
else
|
||||
$daemon_directory/postfix-script check-fatal || {
|
||||
$FATAL Postfix integrity check failed!
|
||||
exit 1
|
||||
}
|
||||
# Foreground this so it can be stopped. All inodes are cached.
|
||||
$daemon_directory/postfix-script check-warn
|
||||
fi
|
||||
$INFO starting the Postfix mail system || exit 1
|
||||
case $1 in
|
||||
start)
|
||||
# NOTE: wait in foreground process to get the initialization status.
|
||||
$daemon_directory/master -w || {
|
||||
$FATAL "mail system startup failed"
|
||||
exit 1
|
||||
}
|
||||
;;
|
||||
start-fg)
|
||||
# Foreground start-up is incompatible with multi-instance mode.
|
||||
# Use "exec $daemon_directory/master" only if PID == 1.
|
||||
# Otherwise, doing so would break process group management,
|
||||
# and "postfix stop" would kill too many processes.
|
||||
case $instances in
|
||||
"") case $$ in
|
||||
1) exec $daemon_directory/master -i
|
||||
$FATAL "cannot start-fg the master daemon"
|
||||
exit 1;;
|
||||
*) $daemon_directory/master -s;;
|
||||
esac
|
||||
;;
|
||||
*) $FATAL "start-fg does not support multi_instance_directories"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
||||
drain)
|
||||
|
||||
$daemon_directory/master -t 2>/dev/null && {
|
||||
$FATAL the Postfix mail system is not running
|
||||
exit 1
|
||||
}
|
||||
$INFO stopping the Postfix mail system
|
||||
kill -9 `sed 1q pid/master.pid`
|
||||
;;
|
||||
|
||||
quick-stop)
|
||||
|
||||
$daemon_directory/postfix-script stop
|
||||
touch $queue_directory/quick-start
|
||||
;;
|
||||
|
||||
stop)
|
||||
|
||||
$daemon_directory/master -t 2>/dev/null && {
|
||||
$FATAL the Postfix mail system is not running
|
||||
exit 0
|
||||
}
|
||||
$INFO stopping the Postfix mail system
|
||||
kill `sed 1q pid/master.pid`
|
||||
for i in 5 4 3 2 1
|
||||
do
|
||||
$daemon_directory/master -t && exit 0
|
||||
$INFO waiting for the Postfix mail system to terminate
|
||||
sleep 1
|
||||
done
|
||||
$WARN stopping the Postfix mail system with force
|
||||
pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` &&
|
||||
kill -9 -$pid
|
||||
;;
|
||||
|
||||
abort)
|
||||
|
||||
$daemon_directory/master -t 2>/dev/null && {
|
||||
$FATAL the Postfix mail system is not running
|
||||
exit 0
|
||||
}
|
||||
$INFO aborting the Postfix mail system
|
||||
kill `sed 1q pid/master.pid`
|
||||
;;
|
||||
|
||||
reload)
|
||||
|
||||
$daemon_directory/master -t 2>/dev/null && {
|
||||
$FATAL the Postfix mail system is not running
|
||||
exit 1
|
||||
}
|
||||
$INFO refreshing the Postfix mail system
|
||||
$command_directory/postsuper active || exit 1
|
||||
kill -HUP `sed 1q pid/master.pid`
|
||||
$command_directory/postsuper &
|
||||
;;
|
||||
|
||||
flush)
|
||||
|
||||
cd $queue_directory || {
|
||||
$FATAL no Postfix queue directory $queue_directory!
|
||||
exit 1
|
||||
}
|
||||
$command_directory/postqueue -f
|
||||
;;
|
||||
|
||||
check)
|
||||
|
||||
$daemon_directory/postfix-script check-fatal || exit 1
|
||||
$daemon_directory/postfix-script check-warn
|
||||
exit 0
|
||||
;;
|
||||
|
||||
status)
|
||||
|
||||
$daemon_directory/master -t 2>/dev/null && {
|
||||
$INFO the Postfix mail system is not running
|
||||
exit 1
|
||||
}
|
||||
$INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid`
|
||||
exit 0
|
||||
;;
|
||||
|
||||
quick-check)
|
||||
# This command is NOT part of the public interface.
|
||||
|
||||
$SHELL $daemon_directory/post-install create-missing || {
|
||||
$WARN unable to create missing queue directories
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Look for incomplete installations.
|
||||
|
||||
test -f $config_directory/master.cf || {
|
||||
$FATAL no $config_directory/master.cf file found
|
||||
exit 1
|
||||
}
|
||||
exit 0
|
||||
;;
|
||||
|
||||
check-fatal)
|
||||
# This command is NOT part of the public interface.
|
||||
|
||||
$daemon_directory/postfix-script quick-check
|
||||
|
||||
maillog_file=`$command_directory/postconf -h maillog_file` || {
|
||||
$FATAL cannot execute $command_directory/postconf!
|
||||
exit 1
|
||||
}
|
||||
test -n "$maillog_file" && {
|
||||
$command_directory/postconf -M postlog/unix-dgram 2>/dev/null \
|
||||
| grep . >/dev/null || {
|
||||
$FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'"
|
||||
exit 1
|
||||
}
|
||||
}
|
||||
|
||||
# See if all queue files are in the right place. This is slow.
|
||||
# We must scan all queues for mis-named queue files before the
|
||||
# mail system can run.
|
||||
|
||||
$command_directory/postsuper || exit 1
|
||||
exit 0
|
||||
;;
|
||||
|
||||
check-warn)
|
||||
# This command is NOT part of the public interface.
|
||||
|
||||
# Check Postfix root-owned directory owner/permissions.
|
||||
|
||||
find $queue_directory/. $queue_directory/pid \
|
||||
-prune ! -user root \
|
||||
-exec $WARN not owned by root: {} \;
|
||||
|
||||
find $queue_directory/. $queue_directory/pid \
|
||||
-prune \( -perm -020 -o -perm -002 \) \
|
||||
-exec $WARN group or other writable: {} \;
|
||||
|
||||
# Check Postfix root-owned directory tree owner/permissions.
|
||||
|
||||
todo="$config_directory/."
|
||||
test -n "$check_shared_files" && {
|
||||
todo="$daemon_directory/. $meta_directory/. $todo"
|
||||
test "$shlib_directory" = "no" ||
|
||||
todo="$shlib_directory/. $todo"
|
||||
}
|
||||
todo=`echo "$todo" | tr ' ' '\12' | sort -u`
|
||||
|
||||
find $todo ! -user root \
|
||||
-exec $WARN not owned by root: {} \;
|
||||
|
||||
# Handle symlinks separately
|
||||
find -L $todo \( -perm -020 -o -perm -002 \) \
|
||||
-exec $WARN group or other writable: {} \;
|
||||
|
||||
find $todo -type l | while read f; do \
|
||||
readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \
|
||||
done; \
|
||||
|
||||
# Check Postfix mail_owner-owned directory tree owner/permissions.
|
||||
|
||||
find $data_directory/. ! -user $mail_owner \
|
||||
-exec $WARN not owned by $mail_owner: {} \;
|
||||
|
||||
find $data_directory/. \( -perm -020 -o -perm -002 \) \
|
||||
-exec $WARN group or other writable: {} \;
|
||||
|
||||
# Check Postfix mail_owner-owned directory tree owner.
|
||||
|
||||
find `ls -d $queue_directory/* | \
|
||||
egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
|
||||
! \( -type p -o -type s \) ! -user $mail_owner \
|
||||
-exec $WARN not owned by $mail_owner: {} \;
|
||||
|
||||
# WARNING: this should not descend into the maildrop directory.
|
||||
# maildrop is the least trusted Postfix directory.
|
||||
|
||||
find $queue_directory/maildrop -prune ! -user $mail_owner \
|
||||
-exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;
|
||||
|
||||
# Check Postfix setgid_group-owned directory and file group/permissions.
|
||||
|
||||
todo="$queue_directory/public $queue_directory/maildrop"
|
||||
test -n "$check_shared_files" &&
|
||||
todo="$command_directory/postqueue $command_directory/postdrop $todo"
|
||||
|
||||
find $todo \
|
||||
-prune ! -group $setgid_group \
|
||||
-exec $WARN not owned by group $setgid_group: {} \;
|
||||
|
||||
test -n "$check_shared_files" &&
|
||||
find $command_directory/postqueue $command_directory/postdrop \
|
||||
-prune ! -perm -02111 \
|
||||
-exec $WARN not set-gid or not owner+group+world executable: {} \;
|
||||
|
||||
# Check non-Postfix root-owned directory tree owner/content.
|
||||
|
||||
for dir in bin etc lib sbin usr
|
||||
do
|
||||
test -d $dir && {
|
||||
find $dir ! -user root \
|
||||
-exec $WARN not owned by root: $queue_directory/{} \;
|
||||
|
||||
find $dir -type f -print | while read path
|
||||
do
|
||||
test -f /$path && {
|
||||
cmp -s $path /$path ||
|
||||
$WARN $queue_directory/$path and /$path differ
|
||||
}
|
||||
done
|
||||
}
|
||||
done
|
||||
|
||||
find corrupt -type f -exec $WARN damaged message: {} \;
|
||||
|
||||
# Check for non-Postfix MTA remnants.
|
||||
|
||||
test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \
|
||||
-f /usr/lib/sendmail && {
|
||||
cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
|
||||
$WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
|
||||
$WARN Replace one by a symbolic link to the other
|
||||
}
|
||||
}
|
||||
exit 0
|
||||
;;
|
||||
|
||||
set-permissions|upgrade-configuration)
|
||||
$daemon_directory/post-install create-missing "$@"
|
||||
;;
|
||||
|
||||
post-install)
|
||||
# Currently not part of the public interface.
|
||||
shift
|
||||
$daemon_directory/post-install "$@"
|
||||
;;
|
||||
|
||||
tls)
|
||||
shift
|
||||
$daemon_directory/postfix-tls-script "$@"
|
||||
;;
|
||||
|
||||
/*)
|
||||
# Currently not part of the public interface.
|
||||
"$@"
|
||||
;;
|
||||
|
||||
logrotate)
|
||||
case $# in
|
||||
1) ;;
|
||||
*) $FATAL "usage postfix $1 (no arguments)"; exit 1;;
|
||||
esac
|
||||
for name in maillog_file maillog_file_compressor \
|
||||
maillog_file_rotate_suffix
|
||||
do
|
||||
value="`$command_directory/postconf -h $name`"
|
||||
case "$value" in
|
||||
"") $FATAL "empty '$name' parameter value - logfile rotation failed"
|
||||
exit 1;;
|
||||
esac
|
||||
eval $name='"$value"';
|
||||
done
|
||||
|
||||
case "$maillog_file" in
|
||||
/dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;;
|
||||
esac
|
||||
|
||||
errors=`(
|
||||
suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1
|
||||
mv "$maillog_file" "$maillog_file.$suffix" || exit 1
|
||||
$daemon_directory/master -t 2>/dev/null ||
|
||||
kill -HUP \`sed 1q pid/master.pid\` || exit 1
|
||||
sleep 1
|
||||
"$maillog_file_compressor" "$maillog_file.$suffix" || exit 1
|
||||
) 2>&1` || {
|
||||
$FATAL "logfile '$maillog_file' rotation failed: $errors"
|
||||
exit 1
|
||||
}
|
||||
;;
|
||||
|
||||
*)
|
||||
$FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration, logrotate)"
|
||||
exit 1
|
||||
;;
|
||||
|
||||
esac
|
|
@ -0,0 +1,5 @@
|
|||
user = root
|
||||
password =
|
||||
hosts = 100.64.64.138
|
||||
dbname = postfixadmin
|
||||
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
|
|
@ -0,0 +1,5 @@
|
|||
user = postfix
|
||||
password =
|
||||
hosts = 100.64.64.138
|
||||
dbname = postfixadmin
|
||||
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
|
|
@ -0,0 +1,5 @@
|
|||
user = postfix
|
||||
password =
|
||||
hosts = 100.64.64.138
|
||||
dbname = postfixadmin
|
||||
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
|
|
@ -0,0 +1,5 @@
|
|||
user = postfix
|
||||
password =
|
||||
hosts = 100.64.64.138
|
||||
dbname = postfixadmin
|
||||
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
|
|
@ -0,0 +1,5 @@
|
|||
user = postfix
|
||||
password =
|
||||
hosts = 100.64.64.138
|
||||
dbname = postfixadmin
|
||||
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
|
|
@ -0,0 +1,5 @@
|
|||
user = postfix
|
||||
password =
|
||||
hosts = 100.64.64.138
|
||||
dbname = postfixadmin
|
||||
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
|
|
@ -0,0 +1,6 @@
|
|||
$ModLoad imuxsock
|
||||
$WorkDirectory /
|
||||
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||
$OmitLocalLogging off
|
||||
*.* -/dev/stdout
|
||||
& stop
|
|
@ -0,0 +1,8 @@
|
|||
[program:postfix]
|
||||
process_name = master
|
||||
command = /usr/lib/postfix/sbin/master -d -c /etc/postfix -s
|
||||
startsecs = 0
|
||||
autorestart = true
|
||||
stdout_logfile = /dev/fd/1
|
||||
stdout_logfile_maxbytes = 0
|
||||
exitcodes = 0
|
|
@ -0,0 +1,6 @@
|
|||
[program:rsyslog]
|
||||
command = /usr/sbin/rsyslogd -n
|
||||
startsecs = 5
|
||||
autorestart = true
|
||||
stdout_logfile = /dev/fd/1
|
||||
stdout_logfile_maxbytes = 0
|
|
@ -0,0 +1,8 @@
|
|||
[supervisord]
|
||||
loglevel = info
|
||||
pidfile = /var/run/supervisord.pid
|
||||
nodaemon = true
|
||||
minfds = 1024
|
||||
minprocs = 200
|
||||
[include]
|
||||
files = /postfix/configs/supervisor/conf.d/*.ini
|
|
@ -0,0 +1,15 @@
|
|||
RunAsDaemon 0
|
||||
|
||||
SocksPort 0
|
||||
|
||||
DNSPort 0
|
||||
|
||||
TransPort 0
|
||||
|
||||
HiddenServiceDir /var/lib/tor/leaf_6667/
|
||||
|
||||
HiddenServicePort 6667 100.64.65.3:6667
|
||||
|
||||
HiddenServiceDir /var/lib/tor/hub_6667/
|
||||
|
||||
HiddenServicePort 6667 100.64.65.15:6667
|
|
@ -0,0 +1,50 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.55.8/30
|
||||
hub:
|
||||
external:
|
||||
name: rb_hub_edge_leaf
|
||||
console:
|
||||
external:
|
||||
name: rb_console_edge
|
||||
tor:
|
||||
external:
|
||||
name: rb_tor_edge_leaf
|
||||
|
||||
services:
|
||||
edge:
|
||||
restart: unless-stopped
|
||||
hostname: edge
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
build:
|
||||
context: ../ratbox
|
||||
dockerfile: Dockerfile
|
||||
image: ratbox:latest
|
||||
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
NICK_LEN: 32
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 198.18.55.10
|
||||
hub:
|
||||
ipv4_address: 198.18.70.27
|
||||
console:
|
||||
ipv4_address: 198.18.70.42
|
||||
volumes:
|
||||
- ../etc/:/usr/local/ircd/etc:rw
|
||||
- ./edge.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
- ../ephemeral/logs:/usr/local/ircd/logs:rw
|
||||
- ../ephemeral/db:/usr/local/ircd/ephemeral/db:rw
|
|
@ -0,0 +1,88 @@
|
|||
.include <admin.conf>
|
||||
.include <modules.all.conf>
|
||||
.include <general.edge.conf>
|
||||
.include <classes.conf>
|
||||
.include <server.classes.conf>
|
||||
.include <channel.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "edge.netwerk.insecurity.corp";
|
||||
sid = "15X";
|
||||
description = "Site border hub for up-link";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_desc = "General-purpose internet relay chat network";
|
||||
hub = yes;
|
||||
default_max_clients = 102400;
|
||||
bandb = "ephemeral/db/edge.ban.db";
|
||||
};
|
||||
|
||||
serverhide {
|
||||
flatten_links = no;
|
||||
links_delay = 16 seconds;
|
||||
hidden = yes;
|
||||
disable_hidden = no;
|
||||
};
|
||||
cluster {
|
||||
name = "*";
|
||||
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
|
||||
};
|
||||
|
||||
shared {
|
||||
oper = "*@*", "*";
|
||||
flags = all;
|
||||
};
|
||||
|
||||
service {
|
||||
name = "n3tw3rk.services";
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "console.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.43";
|
||||
class = "admins";
|
||||
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
|
||||
gline_exempt, kline_exempt, exceed_limit;
|
||||
};
|
||||
|
||||
operator "edge_admin" {
|
||||
user = "*@198.18.70.43";
|
||||
password = "password";
|
||||
|
||||
umodes = cconn, cconnext, debug, full, skill, nchange,
|
||||
rej, external, operwall, locops, unauth;
|
||||
|
||||
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
|
||||
rehash, admin, xline, resv, operwall;
|
||||
};
|
||||
|
||||
connect "hub.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.26";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
||||
port = 7003;
|
||||
aftype = ipv4;
|
||||
class = "hub_server";
|
||||
hub_mask = "*";
|
||||
flags = topicburst;
|
||||
};
|
||||
|
||||
service {
|
||||
name = "ratbox.services";
|
||||
};
|
||||
|
||||
listen {
|
||||
host = "198.18.55.10";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.42";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.27";
|
||||
port = 7003;
|
||||
sslport = 7103;
|
||||
};
|
||||
|
||||
exempt {
|
||||
ip = "198.18.70.0/25";
|
||||
ip = "127.0.0.0/8";
|
||||
};
|
|
@ -0,0 +1,47 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
general_default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.55.0/30
|
||||
hub:
|
||||
external:
|
||||
name: rb_hub_general_leaf
|
||||
console:
|
||||
external:
|
||||
name: rb_console_general
|
||||
|
||||
services:
|
||||
general:
|
||||
restart: unless-stopped
|
||||
hostname: general
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
build:
|
||||
context: ../ratbox
|
||||
dockerfile: Dockerfile
|
||||
image: ratbox:latest
|
||||
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
NICK_LEN: 32
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
networks:
|
||||
general_default:
|
||||
ipv4_address: 198.18.55.2
|
||||
hub:
|
||||
ipv4_address: 198.18.70.3
|
||||
console:
|
||||
ipv4_address: 198.18.70.50
|
||||
volumes:
|
||||
- ../etc/:/usr/local/ircd/etc:rw
|
||||
- ./general.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
- ../ephemeral/logs:/usr/local/ircd/logs:rw
|
||||
- ../ephemeral/db:/usr/local/ircd/ephemeral/db:rw
|
|
@ -0,0 +1,94 @@
|
|||
.include <admin.conf>
|
||||
.include <modules.all.conf>
|
||||
.include <general.general.conf>
|
||||
.include <classes.conf>
|
||||
.include <server.classes.conf>
|
||||
.include <channel.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "general.netwerk.insecurity.corp";
|
||||
sid = "11X";
|
||||
description = "General access link";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_desc = "General-purpose internet relay chat network";
|
||||
hub = no;
|
||||
default_max_clients = 102400;
|
||||
bandb = "ephemeral/db/general.ban.db";
|
||||
};
|
||||
|
||||
serverhide {
|
||||
flatten_links = no;
|
||||
links_delay = 16 seconds;
|
||||
hidden = no;
|
||||
disable_hidden = no;
|
||||
};
|
||||
|
||||
cluster {
|
||||
name = "*";
|
||||
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
|
||||
};
|
||||
|
||||
shared {
|
||||
oper = "*@*", "*";
|
||||
flags = all;
|
||||
};
|
||||
|
||||
service {
|
||||
name = "n3tw3rk.services";
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "console.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.51";
|
||||
class = "admins";
|
||||
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
|
||||
gline_exempt, kline_exempt, exceed_limit;
|
||||
};
|
||||
|
||||
operator "general_admin" {
|
||||
user = "*@198.18.70.51";
|
||||
password = "password";
|
||||
|
||||
umodes = cconn, cconnext, debug, full, skill, nchange,
|
||||
rej, external, operwall, locops, unauth;
|
||||
|
||||
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
|
||||
rehash, admin, xline, resv, operwall;
|
||||
};
|
||||
|
||||
connect "hub.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.2";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
||||
port = 7000;
|
||||
aftype = ipv4;
|
||||
class = "hub_server";
|
||||
hub_mask = "*";
|
||||
flags = autoconn, topicburst;
|
||||
};
|
||||
|
||||
blacklist {
|
||||
host = "dnsbl.dronebl.org";
|
||||
reject_reason = "Your IP is listed in DroneBL. To connect from this address, connect to this work on port 6668 or TLS 6698";
|
||||
};
|
||||
|
||||
service {
|
||||
name = "ratbox.services";
|
||||
};
|
||||
|
||||
listen {
|
||||
host = "198.18.55.2";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.50";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.3";
|
||||
port = 7000;
|
||||
sslport = 7100;
|
||||
};
|
||||
|
||||
exempt {
|
||||
ip = "198.18.70.0/25";
|
||||
ip = "127.0.0.0/8";
|
||||
};
|
|
@ -52,6 +52,12 @@ networks:
|
|||
config:
|
||||
- subnet: 100.64.64.48/29
|
||||
internal: true
|
||||
tor_edge_leaf:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.64.56/29
|
||||
internal: true
|
||||
|
||||
services:
|
||||
hub:
|
||||
|
@ -61,7 +67,7 @@ services:
|
|||
context: ../hybrid
|
||||
dockerfile: Dockerfile
|
||||
image: hybrid:latest
|
||||
command: "/usr/local/ircd/bin/ircd -foreground -pidfile /dev/shm/ircd.pid -configfile /usr/local/ircd/etc/ircd.conf -logfile /dev/stdout"
|
||||
command: "/usr/local/ircd/bin/ircd -foreground -pidfile /dev/shm/ircd.pid -configfile /usr/local/ircd/etc/hb_conf/hub.conf -logfile /dev/stdout"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
|
@ -87,14 +93,15 @@ services:
|
|||
ipv4_address: 100.64.64.42
|
||||
console:
|
||||
ipv4_address: 100.64.64.50
|
||||
tor_edge_leaf:
|
||||
ipv4_address: 100.64.64.58
|
||||
volumes:
|
||||
- type: volume
|
||||
source: hb_hub_ephemeral
|
||||
source: ephemeral
|
||||
target: /usr/local/ircd/var
|
||||
volume:
|
||||
nocopy: false
|
||||
- ../config/hybrid:/usr/local/ircd/etc/hb_conf:ro
|
||||
- ./ircd.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
|
||||
volumes:
|
||||
hb_hub_ephemeral:
|
||||
ephemeral:
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# https://docs.docker.com/compose/compose-file/
|
||||
|
||||
# 100.64.0.4/30 100.64.64.128/26
|
||||
|
||||
version: "2.4"
|
||||
|
@ -13,11 +15,16 @@ networks:
|
|||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.64.128/29
|
||||
postfix:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.64.136/29
|
||||
|
||||
services:
|
||||
mysql:
|
||||
restart: unless-stopped
|
||||
hostname: mysql.mysql.n3tw3rk.1ns3cur1ty.c0rp
|
||||
hostname: mysql.n3tw3rk.1ns3cur1ty.c0rp
|
||||
image: mariadb:latest
|
||||
environment:
|
||||
MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
|
||||
|
@ -26,8 +33,14 @@ services:
|
|||
ipv4_address: 100.64.0.6
|
||||
anope:
|
||||
ipv4_address: 100.64.64.130
|
||||
postfix:
|
||||
ipv4_address: 100.64.64.138
|
||||
volumes:
|
||||
- mysql_data:/var/lib/mysql:rw
|
||||
- type: volume
|
||||
source: ephemeral
|
||||
target: /var/lib/mysql
|
||||
volume:
|
||||
nocopy: false
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
|
@ -35,4 +48,4 @@ services:
|
|||
hard: 1024000
|
||||
|
||||
volumes:
|
||||
mysql_data:
|
||||
ephemeral:
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
# https://docs.docker.com/compose/compose-file/
|
||||
|
||||
# 100.64.48.4/30 100.64.65.64/26
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.48.4/30
|
||||
mysql:
|
||||
external:
|
||||
name: hb_mysql_postfix
|
||||
anope:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.65.64/29
|
||||
internal: true
|
||||
|
||||
services:
|
||||
postfix:
|
||||
restart: unless-stopped
|
||||
hostname: p0stf1x.n3tw3rk.1ns3cur1ty.c0rp
|
||||
build:
|
||||
context: ../postfix
|
||||
image: postfix:latest
|
||||
command: "supervisord -c /postfix/configs/supervisor/supervisord.conf"
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 100.64.48.6
|
||||
mysql:
|
||||
ipv4_address: 100.64.64.139
|
||||
anope:
|
||||
ipv4_address: 100.64.65.66
|
||||
volumes:
|
||||
- type: volume
|
||||
source: ephemeral
|
||||
target: /var/lib/postfix
|
||||
volume:
|
||||
nocopy: false
|
||||
- ../config/postfix:/postfix/configs:ro
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
|
||||
volumes:
|
||||
ephemeral:
|
|
@ -0,0 +1,47 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.55.12/30
|
||||
hub:
|
||||
external:
|
||||
name: rb_hub_proxy_leaf
|
||||
console:
|
||||
external:
|
||||
name: rb_console_proxy_dmz
|
||||
|
||||
services:
|
||||
proxy_dmz:
|
||||
restart: unless-stopped
|
||||
hostname: proxy-dmz
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
build:
|
||||
context: ../ratbox
|
||||
dockerfile: Dockerfile
|
||||
image: ratbox:latest
|
||||
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
NICK_LEN: 32
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 198.18.55.14
|
||||
hub:
|
||||
ipv4_address: 198.18.70.19
|
||||
console:
|
||||
ipv4_address: 198.18.70.66
|
||||
volumes:
|
||||
- ../etc/:/usr/local/ircd/etc:rw
|
||||
- ./proxy-dmz.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
- ../ephemeral/logs:/usr/local/ircd/logs:rw
|
||||
- ../ephemeral/db:/usr/local/ircd/ephemeral/db:rw
|
|
@ -0,0 +1,92 @@
|
|||
.include <admin.conf>
|
||||
.include <modules.all.conf>
|
||||
.include <general.proxy.dmz.conf>
|
||||
.include <classes.conf>
|
||||
.include <server.classes.conf>
|
||||
.include <channel.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "proxy-dmz.netwerk.insecurity.corp";
|
||||
sid = "12X";
|
||||
description = "Proxy & DronesBL friendly link";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_desc = "General-purpose internet relay chat network";
|
||||
hub = no;
|
||||
default_max_clients = 102400;
|
||||
bandb = "ephemeral/db/proxy-dmz.ban.db";
|
||||
};
|
||||
|
||||
serverhide {
|
||||
flatten_links = no;
|
||||
links_delay = 16 seconds;
|
||||
hidden = no;
|
||||
disable_hidden = no;
|
||||
};
|
||||
|
||||
cluster {
|
||||
name = "*";
|
||||
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
|
||||
};
|
||||
|
||||
shared {
|
||||
oper = "*@*", "*";
|
||||
flags = all;
|
||||
};
|
||||
|
||||
service {
|
||||
name = "n3tw3rk.services";
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "dmz.netwerk.insecurity.corp";
|
||||
user = "*@*";
|
||||
class = "proxy_dmz_users";
|
||||
flags = spambot_exempt, no_tilde, gline_exempt, kline_exempt;
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "console.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.67";
|
||||
class = "admins";
|
||||
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
|
||||
gline_exempt, kline_exempt, exceed_limit;
|
||||
};
|
||||
|
||||
operator "proxy_dmz_admin" {
|
||||
user = "*@198.18.70.67";
|
||||
password = "password";
|
||||
|
||||
umodes = cconn, cconnext, debug, full, skill, nchange,
|
||||
rej, external, operwall, locops, unauth;
|
||||
|
||||
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
|
||||
rehash, admin, xline, resv, operwall;
|
||||
};
|
||||
|
||||
connect "hub.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.18";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
||||
port = 7002;
|
||||
aftype = ipv4;
|
||||
class = "hub_server";
|
||||
hub_mask = "*";
|
||||
flags = autoconn, topicburst;
|
||||
};
|
||||
|
||||
listen {
|
||||
host = "198.18.70.66";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.55.14";
|
||||
port = 6668;
|
||||
sslport = 6698;
|
||||
host = "198.18.70.19";
|
||||
port = 7002;
|
||||
sslport = 7102;
|
||||
};
|
||||
|
||||
exempt {
|
||||
ip = "198.18.70.0/25";
|
||||
ip = "127.0.0.0/8";
|
||||
};
|
|
@ -16,6 +16,10 @@ networks:
|
|||
hub:
|
||||
external:
|
||||
name: hb_hub_services
|
||||
smtp:
|
||||
external:
|
||||
name: hb_postfix_anope
|
||||
|
||||
|
||||
services:
|
||||
services:
|
||||
|
@ -37,13 +41,15 @@ services:
|
|||
ipv4_address: 100.64.64.131
|
||||
hub:
|
||||
ipv4_address: 100.64.64.35
|
||||
smtp:
|
||||
ipv4_address: 100.64.65.67
|
||||
volumes:
|
||||
- type: volume
|
||||
source: hb_services_ephemeral
|
||||
source: ephemeral
|
||||
target: /anope/data
|
||||
volume:
|
||||
nocopy: false
|
||||
- ../config/anope:/anope/conf:ro
|
||||
|
||||
volumes:
|
||||
hb_services_ephemeral:
|
||||
ephemeral:
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
# https://docs.docker.com/compose/compose-file/
|
||||
|
||||
# 100.64.48.0/30 100.64.65.0/26
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.48.0/30
|
||||
leaf:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.65.0/29
|
||||
internal: true
|
||||
hub:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.65.12/29
|
||||
internal: true
|
||||
|
||||
services:
|
||||
tor:
|
||||
restart: unless-stopped
|
||||
hostname: t0r.n3tw3rk.1ns3cur1ty.c0rp
|
||||
build:
|
||||
context: ../tor
|
||||
dockerfile: Dockerfile
|
||||
image: tor:latest
|
||||
command: "tor -f /tor/configs/torrc"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 100.64.48.2
|
||||
leaf:
|
||||
ipv4_address: 100.64.65.2
|
||||
hub:
|
||||
ipv4_address: 100.64.65.14
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
volumes:
|
||||
- type: volume
|
||||
source: ephemeral
|
||||
target: /var/lib/tor
|
||||
volume:
|
||||
nocopy: false
|
||||
- ../config/tor/torrc:/tor/configs/torrc:ro
|
||||
|
||||
volumes:
|
||||
ephemeral:
|
|
@ -0,0 +1,60 @@
|
|||
# https://docs.docker.com/compose/compose-file/
|
||||
|
||||
# 100.64.0.12/30 100.64.65.128/27
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.0.14
|
||||
console:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.65.128/29
|
||||
hub:
|
||||
external:
|
||||
name: hb_hub_tor_leaf
|
||||
tor:
|
||||
external:
|
||||
name: hb_tor_tor_leaf
|
||||
|
||||
services:
|
||||
tor_dmz:
|
||||
restart: unless-stopped
|
||||
hostname: tor-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
build:
|
||||
context: ../hybrid
|
||||
dockerfile: Dockerfile
|
||||
image: hybrid:latest
|
||||
command: "/usr/local/ircd/bin/ircd -foreground -pidfile /dev/shm/ircd.pid -configfile /usr/local/ircd/etc/hb_conf/tor-dmz.conf -logfile /dev/stdout"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 100.64.0.16
|
||||
console:
|
||||
ipv4_address: 100.64.65.130
|
||||
hub:
|
||||
ipv4_address: 100.64.64.11
|
||||
tor:
|
||||
ipv4_address: 100.64.65.3
|
||||
volumes:
|
||||
- type: volume
|
||||
source: ephemeral
|
||||
target: /usr/local/ircd/var
|
||||
volume:
|
||||
nocopy: false
|
||||
- ../config/hybrid:/usr/local/ircd/etc/hb_conf:ro
|
||||
|
||||
volumes:
|
||||
ephemeral:
|
|
@ -0,0 +1,91 @@
|
|||
.include <admin.conf>
|
||||
.include <modules.all.conf>
|
||||
.include <general.tor.dmz.conf>
|
||||
.include <classes.conf>
|
||||
.include <server.classes.conf>
|
||||
.include <channel.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "tor-dmz.netwerk.insecurity.corp";
|
||||
sid = "13X";
|
||||
description = "Tor hidden service access link";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_desc = "General-purpose internet relay chat network";
|
||||
hub = no;
|
||||
default_max_clients = 102400;
|
||||
bandb = "ephemeral/db/tor.ban.db";
|
||||
};
|
||||
|
||||
serverhide {
|
||||
flatten_links = no;
|
||||
links_delay = 16 seconds;
|
||||
hidden = no;
|
||||
disable_hidden = no;
|
||||
};
|
||||
|
||||
cluster {
|
||||
name = "*";
|
||||
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
|
||||
};
|
||||
|
||||
shared {
|
||||
oper = "*@*", "*";
|
||||
flags = all;
|
||||
};
|
||||
|
||||
service {
|
||||
name = "n3tw3rk.services";
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "console.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.59";
|
||||
class = "admins";
|
||||
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
|
||||
gline_exempt, kline_exempt, exceed_limit;
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "dmz.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.82";
|
||||
class = "tor_dmz_users";
|
||||
flags = spambot_exempt, no_tilde, gline_exempt, kline_exempt;
|
||||
};
|
||||
|
||||
operator "tor_dmz_admin" {
|
||||
user = "*@198.18.70.59";
|
||||
password = "password";
|
||||
|
||||
umodes = cconn, cconnext, debug, full, skill, nchange,
|
||||
rej, external, operwall, locops, unauth;
|
||||
|
||||
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
|
||||
rehash, admin, xline, resv, operwall;
|
||||
};
|
||||
|
||||
connect "hub.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.11";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
||||
port = 7001;
|
||||
aftype = ipv4;
|
||||
class = "hub_server";
|
||||
hub_mask = "*";
|
||||
flags = autoconn, topicburst;
|
||||
};
|
||||
|
||||
listen {
|
||||
host = "198.18.70.83";
|
||||
port = 6667;
|
||||
host = "198.18.70.58";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.12";
|
||||
port = 7001;
|
||||
sslport = 7101;
|
||||
};
|
||||
|
||||
exempt {
|
||||
ip = "198.18.70.0/25";
|
||||
ip = "127.0.0.0/8";
|
||||
};
|
|
@ -0,0 +1,4 @@
|
|||
FROM debian:latest
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
RUN apt-get update && apt-get -y install postfix supervisor rsyslog
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
FROM debian:latest
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
RUN apt-get update && apt-get -y install tor iputils-ping net-tools iproute2 iftop tcpdump mtr
|
||||
|
Loading…
Reference in New Issue