Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
executable file 120 lines (104 sloc) 4.34 KB
#!/bin/bash
##
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
##
##
# written by Tim 'bastelfreak' Meusel (http://bastelfreak.de)
# installs zeyple (https://github.com/infertux/zeyple)
# encrypts outgoing mails to $EXT_ADDRESS from $INT_ADDRESS with a public GPG Key.
# Usefull for sending e.g. cron mail
# some more infos aren't available at my blog http://blog.bastelfreak.de
# $INT_ADDRESS is currently root
##
INT_ADDRESS="root@$(hostname -f)"
# zeyple looks for emails from INT_ADDRESS to EXT_ADRESS and crypts them with the public from from EXT_ADDRESS
# the key for EXT_ADDRESS has to be on KEY_SERVER_ADDRESS
EXT_ADDRESS=monitoring@bastelfreak.org
# URL to the public keyserver
KEYSERVER_ADDRESS=pool.sks-keyservers.net
# installing dependencies
aptitude update 1>/dev/null && aptitude install -y sudo gpg python-gpgme 1>/dev/null
echo "sudo, gpg and python-gpgme were already installed or got installed"
# adding user for zeyple
adduser --system --no-create-home --disabled-login zeyple >/dev/null
echo "added uer zeyple"
# create the configuration directory and set corret permissions
mkdir -p /etc/zeyple/keys
chmod 700 /etc/zeyple/keys
chown zeyple: /etc/zeyple/keys
echo "directories got created"
# Now we download zeyple itself and the config file and overwrite older local versions
#if [ ! -e /usr/local/bin/zeyple.py ]; then
wget --quiet --output-document=/usr/local/bin/zeyple.py https://raw.github.com/infertux/zeyple/master/zeyple/zeyple.py
chmod 744 /usr/local/bin/zeyple.py && chown zeyple: /usr/local/bin/zeyple.py
#fi
if [ ! -e /etc/zeyple/zeyple.conf ]; then
wget --quiet --output-document=/etc/zeyple/zeyple.conf https://raw.github.com/infertux/zeyple/master/zeyple/zeyple.conf.example;
fi
echo "downloaded zeyple binary"
# getting the public key that we need for crypting
sudo -u zeyple gpg --homedir /etc/zeyple/keys --keyserver $KEYSERVER_ADDRESS --search $EXT_ADDRESS
# creating logfile and logrotate config
if [ ! -e /var/log/zeyple.log ]; then
touch /var/log/zeyple.log && chown zeyple: /var/log/zeyple.log
fi
if [ ! -e /etc/logrotate.d/zeyple ]; then
cat >> /etc/logrotate.d/zeyple <<END
/var/log/zeyple.log
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
}
END
fi
# Postfix fuer zeyple vorbereiten: master.cf und main.cf um die Filtereintraege rweitern
if ! grep --quiet "^zeyple" /etc/postfix/master.cf; then
cat >> /etc/postfix/master.cf <<END
zeyple unix - n n - - pipe
user=zeyple argv=/usr/local/bin/zeyple.py \${recipient}
localhost:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
END
echo "modified /etc/postfix/master.cf"
fi
# map the INT_ADDRESS to the EXT_ADDRESS
if ! grep --quiet "^$INT_ADDRESS\ $EXT_ADDRESS" /etc/postfix/recipient_canonical; then
echo "$INT_ADDRESS $EXT_ADDRESS" >> /etc/postfix/recipient_canonical
postmap /etc/postfix/recipient_canonical
fi
# tell postfix to use our mapping and zeyple
if ! grep --quiet zeyple /etc/postfix/main.cf; then
echo "recipient_canonical_maps = hash:/etc/postfix/recipient_canonical" >> /etc/postfix/main.cf
echo "content_filter = zeyple" >> /etc/postfix/main.cf
echo "modifed /etc/postfix/main.cf"
fi
/etc/init.d/postfix reload 1>/dev/null
echo "postfix wurde reloaded"
if [ $(pgrep -f /usr/lib/postfix/master) ]; then
echo "we are done and postfix is running"
else
echo "postfix failed after the reload, please view mail.log:"
tail /var/log/mail.log
fi