Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
 Posted: Mon Apr 11, 2005 2:44 am Post subject: Cyrus Virtual Domain Hosting with Sendmail and More |
 |
|
Ever feel the need to run the cyrus imap server using the virtualdomains feature? With sendmail, user authentication via a MySQL database (WITHOUT pam), clamav, and spamassassin?
Here is my script to completely automate the process.
NOTE! Do not attempt to cut and paste this and run it - tabs are not preserved by the forum. A copy of the script can be downloaded from here.
| Code: |
#!/bin/sh
###############################################################################
# create_virtmail.sh (gentoo installation script) #
# Copyright (c)2005 Badpenguins.com <mikey at badpenguins dot com> #
# Released under the terms of the GNU General Public License v2 #
# --------------------------------------------------------------------------- #
# This script will install and configure a cyrus imap server using mysql #
# database user authentication (without pam), sendmail, clamav, and #
# spamassassin. All sendmail cf generation is handled by the script, milters #
# configured, startup scripts created, and the various config files in #
# conf.d are configured. Instructions are given to complete the installation #
# after this install script runs. #
# --------------------------------------------------------------------------- #
# Warnings! #
# This installation script has been successfully used on gentoo 2004.3 and #
# 2005.0, up until 2005-04-10. #
# #
# An acceptable installation of MySQL needs to be available, you probably #
# need root database access. #
# #
# Clamav and spamassassin is configured system-wide, not per user. Setting #
# it up for per user usage is beyond the scope of this document. #
# #
# This script will attempt to make the target host pristine by removing the #
# following packages: ssmtp, mailwrapper, cyrus-sasl, cyrus-imapd, #
# cyrus-imap-admin, sendmail, clamav spamassassin spamass-milter. #
# #
# This script does not automate the creation of certificates, instructions #
# are provided. #
# #
# This script will create entries in various /etc/portage/ config files. #
# --------------------------------------------------------------------------- #
# Caveats #
# Have not figured out how to handle virtual domain addresses AND the use of #
# domain-wide dropboxes. For example, if you have user@wherever.com using a #
# dropbox address for unknown users does not work due to alias recursion in #
# sendmail. If someone can figure this out, please drop me an email ;) #
###############################################################################
#
# Configure your settings here. Setting the ADMIN_DOMAIN to the fully
# qualified host/domain name is highly suggested. Refer to the cyrus imap
# documenation for the defaultdomain setting, which is set to this value.
#
ADMIN_DOMAIN="imapserver.domain.com"
#
# Database settings - the database to handle cyrus user authentication will
# be created on this database host with these credentials.
DB_HOST="localhost"
DB_ADMIN_USER="root"
DB_ADMIN_PASS='blahblah'
#
# Name of authentication database - this database will be created and these
# settings will be plugged into imapd.conf.
SASL_DB="sasldb"
SASL_DB_USER="sasl"
SASL_DB_PASS='blahblah'
#
# The name and password of the cyrus admin user. This user should not have
# an actual mailbox.
CYRUS_ADMIN_USER="cyrus"
CYRUS_ADMIN_PASS='blahblah'
#
# End of all config information - no more settings needed. You better
# know what you are doing before dicking with anything below here.
#
################################################################################
# addAdminUser() #
################################################################################
function addAdminUser() {
sql="insert into virtusers
values('$CYRUS_ADMIN_USER','$ADMIN_DOMAIN','$CYRUS_ADMIN_PASS')"
echo "Creating cyrus admin account"
mysql -h $DB_HOST -u $DB_ADMIN_USER --password="$DB_ADMIN_PASS" $SASL_DB -e "$sql"
if [ $? -ne 0 ]; then
echo "
Problem Houston! Could not add the cyrus admin user. This is not an
absolute show stopper, the rest of the configuration can continue. Make sure
and take care of it later, or your install will be useless.
Here is the sql that failed:
$sql
"
echo -n "Press ENTER to continue..."
read junk
fi
}
################################################################################
# confirmConfiguration() #
################################################################################
function confirmConfiguration() {
if [ -z "$ADMIN_DOMAIN" ]; then
echo "Aborting! ADMIN_DOMAIN not set."
exit 1
elif [ -z "$DB_HOST" ]; then
echo "Aborting! DB_HOST not set."
exit 1
elif [ -z "$DB_ADMIN_USER" ]; then
echo "Aborting! DB_ADMIN_USER not set."
exit 1
elif [ -z "$DB_ADMIN_PASS" ]; then
echo "Aborting! DB_ADMIN_PASS not set."
exit 1
elif [ -z "$SASL_DB" ]; then
echo "Aborting! SASL_DB not set."
exit 1
elif [ -z "$SASL_DB_USER" ]; then
echo "Aborting! SASL_DB_USER not set."
exit 1
elif [ -z "$SASL_DB_PASS" ]; then
echo "Aborting! SASL_DB_PASS not set."
exit 1
elif [ -z "$CYRUS_ADMIN_USER" ]; then
echo "Aborting! CYRUS_ADMIN_USER not set."
exit 1
elif [ -z "$CYRUS_ADMIN_PASS" ]; then
echo "Aborting! CYRUS_ADMIN_PASS not set."
exit 1
fi
clear
echo "
-----------------------------------------------------------------------------
-- Badpenguins.com Gentoo Virtual Mail Hosting Automation Script --
-----------------------------------------------------------------------------
If these settings are as expected, type in the word \"YES\" below and press
the enter key to continue the installation.
Default Domain: $ADMIN_DOMAIN
Auth DB Host: $DB_HOST
DB Admin User: $DB_ADMIN_USER
DB Admin Pass: $DB_ADMIN_PASS
Sasl MySql DB: $SASL_DB
Sasl DB User: $SASL_DB_USER
Sasl DB Pass: $SASL_DB_PASS
Mail Admin User: $CYRUS_ADMIN_USER
Mail Admin Pass: $CYRUS_ADMIN_PASS
-----------------------------------------------------------------------------"
getYes
}
################################################################################
# confirmMysql() #
################################################################################
function confirmMysql() {
echo "Confirming mysql settings"
sql="select host from db"
mysql -h $DB_HOST -u $DB_ADMIN_USER --password="$DB_ADMIN_PASS" \
mysql -e "$sql" >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "
Aborting, cannot connect to mysql server. You must have mysql installed
and configured correctly before running this script.
Verify the setttings for DB_HOST, DB_ADMIN_USER, and DB_ADMIN_PASS.
"
exit 1
fi
}
################################################################################
# confirmOperation() #
################################################################################
function confirmOperation() {
clear
echo '
-----------------------------------------------------------------------------
-- Badpenguins.com Gentoo Virtual Mail Hosting Automation Script --
-----------------------------------------------------------------------------
This script will install the cyrus imap server in a virtual hosting
configuration, using mysql as the sasl database, sendmail as the mta, and
will install clamav for virus protection along with spamassassin for spam
detection. This script will uninstall any existing packages, it is meant to
be run on a pristine box!
IT WILL WIPE ANY PRE-EXISTING PACKAGES, CONFIG FILES, AND EMAIL!
If you do not want to potentially destroy existing package, HIT ENTER NOW
to abort, or enter YES below to continue.
-----------------------------------------------------------------------------'
getYes
}
################################################################################
# createAuthDatabase() #
################################################################################
function createAuthDatabase() {
sql="drop database if exists $SASL_DB;
create database $SASL_DB;
use $SASL_DB;
create table virtusers (
user varchar(100) NOT NULL default '',
realm varchar(100) NOT NULL default '',
pass varchar(100) NOT NULL default '',
PRIMARY KEY (user,realm)
) TYPE=MyISAM;
grant select on $SASL_DB.virtusers to $SASL_DB_USER@$DB_HOST identified by \"$SASL_DB_PASS\";
flush privileges;"
echo "Creating sasl mysql database"
mysql -h $DB_HOST -u $DB_ADMIN_USER --password="$DB_ADMIN_PASS" -e "$sql"
if [ $? -ne 0 ]; then
echo "
Problem Houston! Could not create the sasl authentication database.
This is not an absolute show stopper, the rest of the configuration can
continue. Make sure and take care of it later, or your install will be
useless. If for some bizarre reason you have the grant tables disabled,
this error is expected.
Here is the sql that failed:
$sql
"
echo -n "Press ENTER to continue..."
read junk
fi
}
################################################################################
# createImapdConf() #
################################################################################
function createImapdConf() {
echo "Creating: /etc/imapd.conf Backup: /etc/imapd.conf.dist"
cp /etc/imapd.conf /etc/imapd.conf.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/imapd.conf"
fi
echo "
#
# /etc/imapd.conf generated by create_virtmail.sh on `date`
# Original is at /etc/imapd.conf.dist
#
servername: $ADMIN_DOMAIN
configdirectory: /var/imap
partition-default: /var/spool/imap
sievedir: /var/imap/sieve
tls_ca_path: /etc/ssl/certs
tls_cert_file: /etc/ssl/cyrus/server.crt
tls_key_file: /etc/ssl/cyrus/server.key
admins: $CYRUS_ADMIN_USER
hashimapspool: yes
allowanonymouslogin: no
allowplaintext: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_sql_engine: mysql
sasl_mech_list: PLAIN
sasl_sql_user: $SASL_DB_USER
sasl_sql_passwd: $SASL_DB_PASS
sasl_sql_database: $SASL_DB
sasl_sql_hostnames: $DB_HOST
sasl_sql_select: SELECT pass FROM virtusers WHERE user = '%u' and realm='%r' limit 1
virtdomains: userid
defaultdomain: $ADMIN_DOMAIN
postuser: bb
#unixhierarchysep: yes
altnamespace: yes
sharedprefix: public
userprefix: users" >/etc/imapd.conf
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/imapd.conf. This is a show stopper.
Figure out what happenend and try again.
"
exit 1
fi
}
################################################################################
# createSendmailCf() #
################################################################################
function createSendmailCf() {
echo "Creating: /usr/share/sendmail-cf/mailer/cyrusv2.m4"
echo "PUSHDIVERT(-1)
dnl
dnl Updates: http://anfi.webhop.org/sendmail/cyrusv2.html
dnl
dnl By using this file, you agree to the terms and conditions set
dnl forth in the LICENSE file which can be found at the top level of
dnl the sendmail distribution (sendmail-8.12).
dnl
dnl Original version contributed by Kenneth Murchison.
dnl Version with cyrusv2d mailer added contributed by Andrzej Filip
dnl
dnl \$Log: cyrusv2.m4,v \$
dnl Revision 8.3 2004/03/18 21:38:27 anfi
dnl Changed comments prefixes to dnl to avoid m4 expansions
dnl
dnl Revision 8.2 2004/03/15 09:14:28 anfi
dnl Added \"Updates:\" web link.
dnl
_DEFIFNOT(\`CYRUS_LMTP_SOCKET',\`/var/imap/socket/lmtp')
_DEFIFNOT(\`_DEF_CYRUSV2_MAILER_FLAGS', \`lsDFMnqXz1')
_DEFIFNOT(\`_DEF_CYRUSV2D_MAILER_FLAGS', _DEF_CYRUSV2_MAILER_FLAGS)
_DEFIFNOT(\`CYRUSV2_MAILER_FLAGS', \`mA@/:|')
_DEFIFNOT(\`CYRUSV2D_MAILER_FLAGS', \`m')
dnl
ifdef(\`CYRUSV2_MAILER_ARGS',, \`define(\`CYRUSV2_MAILER_ARGS', \`FILE 'CYRUS_LMTP_SOCKET)')
ifdef(\`CYRUSV2D_MAILER_ARGS',, \`define(\`CYRUSV2D_MAILER_ARGS', _CYRUS_V2_MAILER_ARGS)')
define(\`_CYRUSV2_QGRP', \`ifelse(defn(\`CYRUSV2_MAILER_QGRP'),\`',\`', \` Q=CYRUSV2_MAILER_QGRP,')')dnl
POPDIVERT
#########################################
### Cyrus V2 Mailer specification ###
#########################################
VERSIONID(\`\$Id: cyrusv2.m4,v 8.3 2004/03/18 21:38:27 anfi Exp \$')
Mcyrusv2, P=[IPC], F=_MODMF_(CONCAT(_DEF_CYRUSV2_MAILER_FLAGS, CYRUSV2_MAILER_FLAGS), \`CYRUSV2'),
S=EnvFromSMTP/HdrFromL, R=EnvToL/HdrToL, E=\r\n,
_OPTINS(\`CYRUSV2_MAILER_MAXMSGS', \`m=', \`, ')_OPTINS(\`CYRUSV2_MAILER_MAXRCPTS', \`r=', \`, ')_OPTINS(\`CYRUSV2_MAILER_CHARSET', \`C=', \`, ')T=DNS/RFC822/SMTP,_CYRUSV2_QGRP
A=CYRUSV2_MAILER_ARGS
Mcyrusv2d, P=[IPC], F=_MODMF_(CONCAT(_DEF_CYRUSV2D_MAILER_FLAGS, CYRUSV2D_MAILER_FLAGS), \`CYRUSV2D'),
S=EnvFromSMTP/HdrFromL, R=ifdef(\`_ALL_MASQUERADE_', \`EnvToSMTP/HdrFromSMTP', \`EnvToSMTP'), E=\r\n,
_OPTINS(\`CYRUSV2_MAILER_MAXMSGS', \`m=', \`, ')_OPTINS(\`CYRUSV2_MAILER_MAXRCPTS', \`r=', \`, ')_OPTINS(\`CYRUSV2_MAILER_CHARSET', \`C=', \`, ')T=DNS/RFC822/SMTP,_CYRUSV2_QGRP
A=CYRUSV2_MAILER_ARGS" > /usr/share/sendmail-cf/mailer/cyrusv2.m4
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /usr/share/sendmail-cf/mail/cyrusv2.m4
This is a show stopper since sendmail.cf is generated from it. Figure out what
happenend and try again.
"
exit 1
fi
echo "Creating: /usr/share/sendmail-cf/cf/cv2-virt-sa-clamav.mc"
echo "
# divert(-1)
# /usr/share/sendmail-cf/cf/cv2-virt-sa-clamav.mc: Autogenerated by
# create_virtmail.sh on `date`.
# This is a macro config file used to generate the
# /etc/mail/sendmail.cf file for a server running the cyrus imap server
# with virtdomains enabled, spamassassin, and clamav. If any changes are
# made regenerate sendmail.cf by running this macro config through the m4
# processor:
#
# m4 cv2-virt-sa-clamav.mc > /etc/mail/sendmail.cf
#
#
divert(0)dnl
include(\`../m4/cf.m4')
VERSIONID(\`cyrusv2/virtdomains/clamav/spamassassin config')
OSTYPE(linux)
undefine(\`UUCP_RELAY')dnl
undefine(\`BITNET_RELAY')dnl
define(\`confDONT_PROBE_INTERFACES',true)dnl
define(\`ALIAS_FILE',\`/etc/mail/aliases')dnl
define(\`confBIND_OPTS',\`-DNSRCH -DEFNAMES')
define(\`confTO_IDENT',\`0')
define(\`confTRUSTED_USER', \`cyrus')
define(\`confMILTER_LOG_LEVEL', 7)
define(\`confCACERT_PATH', \`/etc/ssl/certs')dnl
define(\`confCACERT', \`/etc/ssl/certs/ca-cert.pem')dnl
define(\`confSERVER_CERT', \`/etc/ssl/cyrus/server.pem')dnl
define(\`confSERVER_KEY', \`/etc/ssl/cyrus/server.key')dnl
define(\`confCLIENT_CERT', \`/etc/ssl/private/client.pem')dnl
define(\`confCLIENT_KEY', \`/etc/ssl/private/client.key')dnl
VIRTUSER_DOMAIN_FILE(\`/etc/mail/virtuser-domains')
FEATURE(\`smrsh',\`/usr/sbin/smrsh')dnl
FEATURE(\`preserve_local_plus_detail')dnl
FEATURE(\`mailertable', \`hash /etc/mail/mailertable')dnl
FEATURE(\`virtusertable', \`hash /etc/mail/virtusertable')dnl
FEATURE(\`genericstable', \`hash /etc/mail/genericstable')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(\`access_db', \`hash -T<TMPF> /etc/mail/access')dnl
FEATURE(\`domaintable', \`hash /etc/mail/domaintable')dnl
FEATURE(\`nocanonify')
FEATURE(\`always_add_domain')
INPUT_MAIL_FILTER(\`clmilter',\`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
define(\`confINPUT_MAIL_FILTERS', \`clmilter')dnl
INPUT_MAIL_FILTER(\`spamassassin', \`S=local:/var/run/spamd/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(\`confMILTER_MACROS_CONNECT',\`b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
MAILER(\`cyrusv2')
MAILER(\`local')
MAILER(\`smtp')
LOCAL_RULE_0
Rbb + \$+ < @ \$=w . > \$#cyrusv2d \$: + \$1" >/usr/share/sendmail-cf/cf/cv2-virt-sa-clamav.mc
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /usr/share/sendmail-cf/cf/cv2-virt-sa-clamav.mc.
This is a show stopper since sendmail.cf is generated from it. Figure out what
happenend and try again.
"
exit 1
fi
echo "Creating: /etc/mail/sendmail.cf Backup: /etc/mail/sendmail.cf.dist"
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/mail/sendmail.cf"
fi
cd /usr/share/sendmail-cf/cf
m4 ./cv2-virt-sa-clamav.mc > /etc/mail/sendmail.cf
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not generate /etc/mail/sendmail.cf from
/usr/share/sendmail-cf/cf/cv2-virt-sa-clamav.mc. This is a show stopper since
sendmail won't run without it! Try to figure out what happend and try again!
"
exit 1
fi
}
################################################################################
# createClamdConf() #
################################################################################
function createClamdConf() {
echo "Creating: /etc/clamd.conf Backup: /etc/clamd.conf.dist"
cp /etc/clamd.conf /etc/clamd.conf.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/clamd.conf"
fi
echo "
#
# /etc/clamd.conf: Autogenerated by create_virtmail.sh on `date`.
# Refer to /etc/clamd.conf.dist for additional settings.
#
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 16M
LogTime
LogSyslog
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.sock
MaxConnectionQueueLength 30
FixStaleSocket
#StreamSaveToDisk
StreamMaxLength 20M
MaxThreads 20
FollowDirectorySymlinks
FollowFileSymlinks
User clamav
MaxDirectoryRecursion 20
ScanMail
ScanArchive
ArchiveMaxFileSize 15M
ArchiveMaxRecursion 10
ArchiveMaxFiles 2000
ArchiveMaxCompressionRatio 300
ArchiveLimitMemoryUsage
#ArchiveBlockMax
#ArchiveBlockEncrypted
#MailFollowURLS
ScanOLE2
ScanPE
ScanHTML
DetectBrokenExecutables" >/etc/clamd.conf
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/clamd.conf. ClamAV won't run
properly without it. Try to figure out what happened and try again.
"
exit 1
fi
}
################################################################################
# createClamdConfD() #
################################################################################
function createClamdConfD() {
echo "Creating: /etc/conf.d/clamd Backup: /etc/conf.d/clamd.dist"
cp /etc/conf.d/clamd /etc/conf.d/clamd.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/conf.d/clamd"
fi
echo "
#
# /etc/conf.d/clamd: Autogenerated by create_virtmail.sh on `date`.
# Refer to /etc/conf.d/clamd.dist for original settings.
#
CLAMD_LOG_DIR=\"/var/log/clamav\"
CLAMD_RUN_DIR=\"/var/run/clamav\"
START_CLAMD=yes
# these need to match what is in /etc/clamd.conf
CLAMD_LOG=\"clamd.log\"
CLAMD_PID=\"clamd.pid\"
CLAMD_SOCKET=\"clamd.sock\"
START_FRESHCLAM=yes
FRESHCLAM_LOG=\"freshclam.log\"
FRESHCLAM_PID=\"freshclam.pid\"
FRESHCLAM_OPTS=\"-d --quiet\"
START_CLMILTER=yes
# comment out to disable quarantine
CLMILTER_QUARANTINE_DIR=\"/var/tmp/quarantine\"
CLMILTER_SOCKET=\"clmilter.sock\"
CLMILTER_PID=\"clmilter.pid\"
CLMILTER_OPTS=\"-CNoP\"" > /etc/conf.d/clamd
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/conf.d/clamd. ClamAV won't run
properly without it. Try to figure out what happened and try again.
"
exit 1
fi
}
################################################################################
# createClamdInit() #
################################################################################
function createClamdInit() {
echo "Creating: /etc/init.d/clamd Backup: /tmp/clamd.dist"
cp /etc/init.d/clamd /tmp/clamd.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/init.d/clamd"
fi
echo '#!/sbin/runscript
# /etc/init.d/clamd
# Copyright 2004 Badpenguins.com
# Autogenerated by create_virtmail.sh on `date`.
# Distributed under the terms of the GNU General Public License v2
# Config is in /etc/conf.d/clamd
depend() {
need net
use logger
before mta
}
checkconfig() {
if [ -z "${CLAMD_LOG_DIR}" -o -z "${CLAMD_RUN_DIR}" ]; then
eerror "CLAMD_LOG_DIR or CLAMD_RUN_DIR not defined (/etc/conf.d/clamd)"
return 1
fi
if [ ! -d "${CLAMD_LOG_DIR}" ]; then
mkdir -p "${CLAMD_LOG_DIR}"
fi
chown -R clamav:clamav "${CLAMD_LOG_DIR}"
chmod 700 "${CLAMD_LOG_DIR}"
if [ ! -d "${CLAMD_RUN_DIR}" ]; then
mkdir -p "${CLAMD_RUN_DIR}"
fi
chown -R clamav:clamav "${CLAMD_RUN_DIR}"
chmod 700 "${CLAMD_RUN_DIR}"
if [ "${START_CLAMD}" = "yes" ]; then
if [ ! -f /etc/clamd.conf ]; then
eerror "/etc/clamd.conf missing"
return 1
fi
if [ -z "${CLAMD_LOG}" -o -z "${CLAMD_PID}" -o -z "${CLAMD_SOCKET}" ]; then
eerror "CLAMD_LOG, CLAMD_PID, or CLAMD_SOCKET not set (/etc/conf.d/clamd)"
return 1
fi
if [ ! -f "${CLAMD_LOG_DIR}/${CLAMD_LOG}" ]; then
touch "${CLAMD_LOG_DIR}/${CLAMD_LOG}"
fi
chown clamav:clamav "${CLAMD_LOG_DIR}/${CLAMD_LOG}"
chmod 600 "${CLAMD_LOG_DIR}/${CLAMD_LOG}"
fi
if [ "${START_FRESHCLAM}" = "yes" ]; then
if [ ! -f /etc/freshclam.conf ]; then
eerror "/etc/freshclam.conf missing"
return 1
fi
if [ -z "${FRESHCLAM_LOG}" -o -z "${FRESHCLAM_PID}" ]; then
eerror "FRESHCLAM_LOG or FRESHCLAM_PID not set (/etc/conf.d/clamd)"
return 1
fi
if [ ! -f "${CLAMD_LOG_DIR}/${FRESHCLAM_LOG}" ]; then
touch "${CLAMD_LOG_DIR}/${FRESHCLAM_LOG}"
fi
chown clamav:clamav "${CLAMD_LOG_DIR}/${FRESHCLAM_LOG}"
chmod 600 "${CLAMD_LOG_DIR}/${FRESHCLAM_LOG}"
fi
if [ "${START_CLMILTER}" = "yes" ]; then
if [ -z "${CLMILTER_PID}" -o -z "${CLMILTER_SOCKET}" ]; then
eerror "CLMILTER_PID or CLMILTER_SOCKET not set (/etc/conf.d/clamd)"
return 1
fi
if [ -n "${CLMILTER_QUARANTINE_DIR}" ]; then
if [ ! -d "${CLMILTER_QUARANTINE_DIR}" ]; then
mkdir -p "${CLMILTER_QUARANTINE_DIR}"
fi
fi
chown -R clamav:clamav "${CLMILTER_QUARANTINE_DIR}"
chmod -R 600 "${CLMILTER_QUARANTINE_DIR}"
chmod 700 "${CLMILTER_QUARANTINE_DIR}"
fi
}
start() {
checkconfig || return 1
if [ "${START_CLAMD}" = "yes" ]; then
if [ -S "${CLAMD_RUN_DIR}/${CLAMD_SOCKET}" ]; then
rm -f "${CLAMD_RUN_DIR}/${CLAMD_SOCKET}"
fi
ebegin "Starting clamd"
start-stop-daemon --start --quiet \
--exec /usr/sbin/clamd
eend $? "Failed to start clamd"
fi
if [ "${START_FRESHCLAM}" = "yes" ]; then
ebegin "Starting freshclam"
start-stop-daemon --start --quiet \
--exec /usr/bin/freshclam -- ${FRESHCLAM_OPTS}
eend $? "Failed to start freshclam"
fi
if [ "${START_CLMILTER}" = "yes" ]; then
if [ -S "${CLAMD_RUN_DIR}/${CLMILTER_SOCKET}" ]; then
rm -f "${CLAMD_RUN_DIR}/${CLMILTER_SOCKET}"
fi
ebegin "Starting clamav-milter"
if [ -n "${CLMILTER_QUARANTINE_DIR}" ]; then
CLAMD_MILTER_OPTS="${CLAMD_MILTER_OPTS} -U ${CLMILTER_QUARANTINE_DIR}"
fi
CLMILTER_OPTS="${CLMILTER_OPTS} --pidfile=${CLAMD_RUN_DIR}/${CLMILTER_PID}"
CLMILTER_OPTS=" ${CLMILTER_OPTS} ${CLAMD_RUN_DIR}/${CLMILTER_SOCKET}"
start-stop-daemon --start --quiet \
--exec /usr/sbin/clamav-milter -- ${CLMILTER_OPTS}
eend $? "Failed to start clamav-milter"
fi
}
stop() {
if [ "${START_CLAMD}" = "yes" ]; then
ebegin "Stopping clamd"
start-stop-daemon --stop --quiet --pidfile "${CLAMD_RUN_DIR}/${CLAMD_PID}"
eend $? "Failed to stop clamd"
fi
if [ "${START_FRESHCLAM}" = "yes" ]; then
ebegin "Stopping freshclam"
start-stop-daemon --stop --quiet --pidfile "${CLAMD_RUN_DIR}/${FRESHCLAM_PID}"
eend $? "Failed to stop freshclam"
fi
if [ "${START_CLMILTER}" = "yes" ]; then
ebegin "Stopping clamav-milter"
start-stop-daemon --stop --quiet --pidfile "${CLAMD_RUN_DIR}/${CLMILTER_PID}"
eend $? "Failed to stop freshclam"
fi
}' > /etc/init.d/clamd
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/init.d/clamd. ClamAV won't run
properly without it. Try to figure out what happened and try again.
"
exit 1
fi
}
################################################################################
# createFreshclamConf() #
################################################################################
function createFreshclamConf() {
echo "Creating: /etc/freshclam.conf Backup: /etc/freshclam.conf.dist"
cp /etc/freshclam.conf /etc/freshclaim.conf.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/freshclam.conf"
fi
echo "
#
# /etc/freshclam.conf: Autogenerated by create_virtmail.sh on `date`.
# Refer to /etc/freshclam.conf.dist for original settings.
#
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner clamav
DNSDatabaseInfo current.cvd.clamav.net
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# Default: There is no default, which results in an error when running freshclam
DatabaseMirror db.us.clamav.net
DatabaseMirror database.clamav.net
# Number of database checks per day.
# Default: 12 (every two hours)
Checks 24" > /etc/freshclam.conf
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/freshclam.conf. ClamAV won't run
properly without it. Try to figure out what happened and try again.
"
exit 1
fi
}
################################################################################
# createMailertable #
################################################################################
function createMailertable() {
echo "Creating: /etc/mail/mailertable"
echo "$ADMIN_DOMAIN cyrusv2d:/var/imap/socket/lmtp" > /etc/mail/mailertable
if [ $? -ne 0 ]; then
echo "
PROBLEM! Could not create /etc/mail/mailertable.
Not a showstopper, but this host might not accept email destined for
$ADMIN_DOMAIN without it.
"
echo -n "Press ENTER to continue: "
read junk
fi
}
################################################################################
# createSendmailInit() #
################################################################################
function createSendmailInit() {
echo "Creating: /etc/init.d/sendmail Backup: /tmp/sendmail.dist"
cp /etc/init.d/sendmail /tmp/sendmail.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/init.d/sendmail"
fi
echo '#!/sbin/runscript
# /etc/init.d/spamd
# Copyright 2004 Badpenguins.com
# Autogenerated by create_virtmail.sh on `date`.
# Distributed under the terms of the GNU General Public License v2
#
depend() {
need net
use logger
provide mta
}
checkmaps() {
for i in aliases virtusertable access domaintable mailertable genericstable
do
if [ ! -f /etc/mail/$i ]; then
touch /etc/mail/$i
fi
makemap hash /etc/mail/$i < /etc/mail/$i
done
}
start() {
checkmaps || return 1
ebegin "Starting sendmail"
/usr/bin/newaliases >/dev/null 2>&1
(cd /var/spool/mqueue; rm -f xf*)
/usr/sbin/sendmail ${SENDMAIL_OPTS} > /dev/null 2>&1
/usr/sbin/sendmail ${CLIENTMQUEUE_OPTS} > /dev/null 2>&1
eend $?
}
stop() {
ebegin "Stopping sendmail"
killall ${KILL_OPTS} sendmail
eend $?
}' > /etc/init.d/sendmail
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/init.d/sendmail. Mail won't run
properly without it. Try to figure out what happened and try again.
"
exit 1
fi
}
################################################################################
# createSmilterConfD #
################################################################################
function createSmilterConfD() {
echo "Creating: /etc/conf.d/spamass-milter Backup: /etc/conf.d/spamass-milter.dist"
cp /etc/conf.d/spamass-milter /etc/conf.d/spamass-milter.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/conf.d/spamass-milter"
fi
echo '
#
# /etc/conf.d/spamass-milter: Autogenerated by create_virtmail.sh on `date`.
# Refer to /etc/conf.d/spamass-milter.dist for original settings.
#
MILTER_RUN_DIR=/var/run/spamd
MILTER_PID="spamass-milter.pid"
MILTER_SOCKET="spamass-milter.sock"
' > /etc/conf.d/spamass-milter
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/conf.d/spamass-milter.
Spamassassin won't run properly without it. Try to figure out what
happened and try again.
"
exit 1
fi
}
################################################################################
# createSmilterInit() #
################################################################################
function createSmilterInit() {
echo "Creating: /etc/init.d/spamass-milter Backup: /tmp/spamass-milter.dist"
cp /etc/init.d/spamass-milter /tmp/spamass-milter.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/init.d/spamass-milter"
fi
echo '#!/sbin/runscript
# /etc/init.d/spamass-milter
# Copyright 2004 Badpenguins.com
# Autogenerated by create_virtmail.sh on `date`.
# Distributed under the terms of the GNU General Public License v2
# Config is in /etc/conf.d/spamass-milter
#
depend() {
need net spamd
use logger
before sendmail
}
checkconfig() {
if [ -z "${MILTER_RUN_DIR}" ]; then
eerror "MILTER_RUN_DIR not defined (/etc/conf.d/spamass-milter)"
return 1
fi
if [ ! -d "${MILTER_RUN_DIR}" ]; then
mkdir -p "${MILTER_RUN_DIR}"
fi
chown -R daemon:daemon "${MILTER_RUN_DIR}"
chmod 700 "${MILTER_RUN_DIR}"
}
start() {
checkconfig || return 1
ebegin "Starting spamass-milter"
if [ -S "${MILTER_RUN_DIR}/${MILTER_SOCKET}" ]; then
rm -f "${MILTER_RUN_DIR}/${MILTER_SOCKET}"
fi
start-stop-daemon --start --quiet \
--exec /usr/sbin/spamass-milter -- -p ${MILTER_RUN_DIR}/${MILTER_SOCKET} -f \
-- -U /var/run/spamd/spamd.sock
eend $? "Failed to start spamass-milter"
}
stop() {
ebegin "Stopping spamass-milter"
start-stop-daemon --stop --quiet --name spamass-milter
eend $? "Failed to stop spamass-milter"
}' > /etc/init.d/spamass-milter
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/init.d/spamass-milter. Spamassassin
won't run properly without it. Try to figure out what happened and try
again.
"
exit 1
fi
}
################################################################################
# createSpamdConfD #
################################################################################
function createSpamdConfD() {
echo "Creating: /etc/conf.d/spamd Backup: /etc/conf.d/spamd.dist"
cp /etc/conf.d/spamd /etc/conf.d/spamd.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/conf.d/spamd"
fi
echo "
#
# /etc/conf.d/spamd: Autogenerated by create_virtmail.sh on `date`.
# Refer to /etc/conf.d/spamd.dist for original settings.
#
# -x disable per-user config files (use global)
# -u run as user
# Don't change -x -u unless you really know what you are doing!
#
SPAMD_RUN_DIR=/var/run/spamd
SPAMD_HOME_DIR=/var/tmp/spamd
SPAMD_PID=\"spamd.pid\"
SPAMD_SOCKET=\"spamd.sock\"
SPAMD_OPTS=\"-x -u daemon\"" > /etc/conf.d/spamd
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/conf.d/spamd. Spamassassin won't run
properly without it. Try to figure out what happened and try again.
"
exit 1
fi
}
################################################################################
# createSpamdInit() #
################################################################################
function createSpamdInit() {
echo "Creating: /etc/init.d/spamd Backup: /tmp/spamd.dist"
cp /etc/init.d/spamd /tmp/spamd.dist
if [ $? -ne 0 ]; then
echo "Warning: could not create backup copy of /etc/init.d/spamd"
fi
echo '#!/sbin/runscript
# /etc/init.d/spamd
# Copyright 2004 Badpenguins.com
# Autogenerated by create_virtmail.sh on `date`.
# Distributed under the terms of the GNU General Public License v2
# Config is in /etc/conf.d/spamd
depend() {
need net
before mta
}
exefile=/usr/sbin/spamd
checkconfig() {
if [ -z "${SPAMD_RUN_DIR}" -o -z "${SPAMD_HOME_DIR}" ]; then
eerror "SPAMD_RUN_DIR or SPAMD_HOME_DIR not defined (/etc/conf.d/spamd)"
return 1
fi
if [ ! -d "${SPAMD_RUN_DIR}" ]; then
mkdir -p "${SPAMD_RUN_DIR}"
fi
chown -R daemon:daemon "${SPAMD_RUN_DIR}"
chmod 700 "${SPAMD_RUN_DIR}"
if [ ! -d "${SPAMD_HOME_DIR}" ]; then
mkdir -p "${SPAMD_HOME_DIR}"
fi
chown -R daemon:daemon "${SPAMD_HOME_DIR}"
chmod 700 "${SPAMD_HOME_DIR}"
if [ ! -d /var/lib/spam/bayes ]; then
mkdir -p /var/lib/spam/bayes
fi
chown -R daemon:daemon /var/lib/spam/bayes
}
start() {
checkconfig || return 1
if [ -S "${SPAMD_RUN_DIR}/${SPAMD_SOCKET}" ]; then
rm -f "${SPAMD_RUN_DIR}/${SPAMD_SOCKET}"
fi
ebegin "Starting spamd"
SPAMD_OPTS="${SPAMD_OPTS} -r ${SPAMD_RUN_DIR}/${SPAMD_PID} -H ${SPAMD_HOME_DIR} \
--socketpath ${SPAMD_RUN_DIR}/${SPAMD_SOCKET} --socketowner daemon --socketgroup daemon \
--socketmode 700"
start-stop-daemon --start --quiet \
--exec ${exefile} -- -d ${SPAMD_OPTS}
eend $? "Failed to start spamd"
}
stop() {
ebegin "Stopping spamd"
start-stop-daemon --stop --quiet --pidfile ${SPAMD_RUN_DIR}/${SPAMD_PID}
eend $? "Failed to stop spamd"
}' > /etc/init.d/spamd
if [ $? -ne 0 ]; then
echo "
MAJOR PROBLEM! Could not create /etc/init.d/spamd. Spamassassin won't run
properly without it. Try to figure out what happened and try again.
"
exit 1
fi
}
################################################################################
# createSpamdLocalConf #
################################################################################
function createSpamdLocalConf() {
echo "Creating: /etc/mail/spamassassin/20_local_bayes.cf"
echo "bayes_path /var/lib/spam/bayes/bayes" > /etc/mail/spamassassin/20_local_bayes.cf
if [ $? -ne 0 ]; then
echo "
PROBLEM! Could not create /etc/mail/spamassassin/20_local_bayes.cf.
Not a showstopper, but bayes checks won't work properly for spamassassin.
"
echo -n "Press ENTER to continue: "
read junk
fi
}
################################################################################
# dotSleep() #
################################################################################
function dotSleep() {
if [ $# -lt 1 ]; then
max=2
else
max=$1
fi
ctr=0
while [ $ctr -lt $max ]
do
ctr=$((ctr+1))
echo -n .
sleep 1s
done
}
################################################################################
# #
################################################################################
function emergePackages() {
package_list="cyrus-sasl sendmail clamav spamassassin spamass-milter \
cyrus-imapd cyrus-imap-admin"
for pkg in $package_list
do
echo "emerge: $pkg"
emerge $pkg
if [ $? -ne 0 ]; then
echo "
Uh Oh! Could not emerge $pkg, Aborting. Fix this problem and try again.
"
exit 1
fi
done
}
################################################################################
# #
################################################################################
function getYes() {
echo -n ' Type in the word "YES" and press ENTER to continue: '
read junk
if [ ! "$junk" == "YES" ]; then
echo
echo "Aborting!"
exit
fi
}
################################################################################
# setPortageFlags #
################################################################################
function setPortageFlags() {
mkdir -p /etc/portage >/dev/null 2>&1
echo "
Setting USE flags in /etc/portage/package.use
You may want to edit out duplication later...
"
echo "
#### FLAGS BELOW SET BY create_virtmail.sh ####
" >>/etc/portage/package.use
flags="-authdaemond -berkdb -debug -gdbm -java -kerberos -ldap mysql -pam \
-postgres ssl -static"
echo "dev-libs/cyrus-sasl: $flags"
echo "dev-libs/cyrus-sasl $flags" >>/etc/portage/package.use
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flags="-ldap -mailwrapper -mbox milter sasl ssl"
echo "mail-mta/sendmail: $flags"
echo "mail-mta/sendmail $flags" >>/etc/portage/package.use
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flags="milter"
echo "app-antivirus/clamav: $flags"
echo "app-antivirus/clamav $flags" >>/etc/portage/package.use
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flags="-afs -drac -idled -kerberos -pam -snmp ssl"
echo "net-mail/cyrus-imapd: $flags"
echo "net-mail/cyrus-imapd $flags" >>/etc/portage/package.use
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flags="-kerberos ssl"
echo "net-mail/cyrus-imap-admin: $flags"
echo "net-mail/cyrus-imap-admin $flags" >>/etc/portage/package.use
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
echo "
#### FLAGS ABOVE SET BY create_virtmail.sh ####
" >>/etc/portage/package.use
echo "
Setting mask flags in /etc/portage/package.mask
You may want to edit out duplication later...
"
echo "
#### FLAGS BELOW SET BY create_virtmail.sh ####
" >>/etc/portage/package.mask
flag="<dev-libs/cyrus-sasl-2.1.19"
echo $flag
echo "$flag" >>/etc/portage/package.mask
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flag="<mail-mta/sendmail-8.12.11-r2"
echo $flag
echo "$flag" >>/etc/portage/package.mask
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flag="<app-antivirus/clamav-0.79"
echo $flag
echo "$flag" >>/etc/portage/package.mask
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flag="<mail-filter/spamassassin-3.0.1"
echo $flag
echo "$flag" >>/etc/portage/package.mask
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flag="<mail-filter/spamass-milter-0.1.9"
echo $flag
echo "$flag" >>/etc/portage/package.mask
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flag="<net-mail/cyrus-imapd-2.2.9"
echo $flag
echo "$flag" >>/etc/portage/package.mask
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
flag="<net-mail/cyrus-imap-admin-2.2.9"
echo $flag
echo "$flag" >>/etc/portage/package.mask
if [ $? -ne 0 ]; then
echo "Failed! Aborting."
exit 1
fi
echo "
#### FLAGS ABOVE SET BY create_virtmail.sh ####
" >>/etc/portage/package.mask
}
################################################################################
# Remove remnants #
################################################################################
function stopServices() {
service_list="sendmail cyrus clamd spamd smapd spamass-milter"
echo "
You may see errors as attempts are made to stop non-existent services.
These errors can be safely ignored.
"
for service in $service_list
do
if [ ! -f /etc/init.d/$service ]; then
continue
fi
echo "Stopping service: $service"
/etc/init.d/$service stop
done
}
################################################################################
# Unmerge and clean out old configs #
################################################################################
function makePristine() {
pkglist="ssmtp mailwrapper cyrus-sasl cyrus-imapd cyrus-imap-admin \
sendmail clamav spamassassin spamass-milter"
echo "
You may see errors as attempts are made to remove non-existent packages.
These errors can be safely ignored.
"
for pkg in $pkglist
do
echo "Removing package: $pkg"
emerge -C $pkg
done
rmlist="/etc/mail /etc/sasl2 /etc/ssl/cyrus /var/spool/imap /var/imap \
/var/spool/mqueue /etc/init.d/{sendmail,clamd,spamd,cyrus,saslauthd,pwcheck} \
/etc/{freshclam.conf,clamd.conf,imapd.conf,cyrus.conf} \
/etc/conf.d/{clamd,saslauthd} /etc/pamd.d/{saslauthd,imap}"
echo "
You may see errors as attempts are made to remove non-existent config
files or directories. These errors can be safely ignored.
"
for file in $rmlist
do
echo "removing: $file"
rm -rf $file
done
}
################################################################################
# showCongrats() #
################################################################################
function showCongrats() {
echo "
C O N G R A T U L A T I O N S ! !
You are now ready to add mailboxes and start getting email!
1) Set the required services to start on boot:
# rc-update add clamd default
# rc-update add spamass-milter default
# rc-update add sendmail default
# rc-update add cyrus default
2) To start playing now:
# /etc/init.d/cyrus start
# /etc/init.d/spamass-milter start
# /etc/init.d/clamd start
# /etc/init.d/sendmail start
3) Add a mailbox:
# cyradm --user $CYRUS_ADMIN_USER@$ADMIN_DOMAIN localhost
IMAP Password: $CYRUS_ADMIN_PASS
localhost> cm user.me@$ADMIN_DOMAIN
localhost> quit
4) Add a mailbox in a different domain:
# cyradm --user $CYRUS_ADMIN_USER@$ADMIN_DOMAIN localhost
IMAP Password: $CYRUS_ADMIN_PASS
localhost> cm user.whoever@otherdomain.com
localhost> quit
# echo 'otherdomain.com cyrusv2d:/var/imap/socket/lmtp' >>/etc/mail/mailertable
# /etc/init.d/sendmail restart
Add the user account to mysql:
# mysql -h $DB_HOST -u $DB_ADMIN_USER --password='$DB_ADMIN_PASS' \
$SASL_DB -e \"insert into virtusers values('whoever','otherdomain.com','password')\"
5) Set up a maildrop for spam that will get scanned and added to the
bayesian database. In order for aliasing to work, the domain must
be added to /etc/mail/virtuser-domains also.
# cyradm --user $CYRUS_ADMIN_USER@$ADMIN_DOMAIN localhost
IMAP Password: $CYRUS_ADMIN_PASS
localhost> cm spamdrop@otherdomain.com
localhost> cm spamdrop.spam@otherdomain.com
localhost> cm spamdrop.notspam@otherdomain.com
localhost> sam spamdrop.spam@otherdomain.com anyone lrp
localhost> sam spamdrop.notspam@otherdomain.com anyone lrp
localhost> quit
# echo 'spam@otherdomain.com: bb+spamdrop.spam@otherdomain.com' >>/etc/mail/virtusertable
# echo 'notspam@otherdomain.com: bb+spamdrop.notspam@otherdomain.com' >>/etc/mail/virtusertable
# echo 'otherdomain.com' >>/etc/mail/virtuser-domains
# /etc/init.d/sendmail restart
Now people can email spam to spam@otherdomain.com, they can
email known good email to notspam@otherdomain.com, or they can manually
copy email from their own folders to the spamdrop.spam or spamdrop.notspam
folders.
Then have sa-learn scan the mailbox. Create a command, for example
/usr/local/bin/learnspam, with the following command:
/usr/bin/sa-learn --spam /var/spool/imap/domain/o/otherdomain.com/s/spamdrop/spam
Create a companion command to scan known good email so that it won't
be marked as spam, for example /usr/local/bin/learnnotspam:
/usr/bin/sa-learn --ham /var/spool/imap/domain/o/otherdomain.com/n/spamdrop/notspam
These commands can then be added to cron for automated bayesian learning.
"
}
################################################################################
# Main flow starts here #
################################################################################
confirmOperation
confirmConfiguration
confirmMysql
stopServices
makePristine
setPortageFlags
emergePackages
createAuthDatabase
addAdminUser
createImapdConf
createSendmailCf
createClamdConf
createClamdConfD
createFreshclamConf
createClamdInit
createSpamdConfD
createSpamdInit
createSpamdLocalConf
createSmilterConfD
createSmilterInit
createSendmailInit
createMailertable
showCongrats
|
Installation of the certs is not covered by the script. Here are my notes.
| Code: |
Create your own CA (from http://www.sendmail.org/~ca/email/other/cagreg.html):
mkdir /wherever/CA
cd /wherever/CA
mkdir certs crl newcerts private
echo "01" >serial
cp /dev/null index.txt
cp /etc/ssl/openssl.cnf .
vi openssl.conf (set values - set dir to ./)
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 1825 -config \
./openssl.cnf
Make a new certificate:
cd /wherever/CA
openssl req -nodes -new -x509 -keyout newreq.pem -out \
newreq.pem -days 1825 -config ./openssl.cnf
(certificate and private key in file newreq.pem)
Sign new cert with certificate authority:
cd /wherever/CA
openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
openssl ca -config ./openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem
rm tmp.pem
newcert.pem contains signed cert, newreq.pem contains unsigned cert and private key.
Copy to proper locations:
Copy to sendmail locations:
cp cacert.pem /etc/mail/certs
cp newcert.pem /etc/mail/certs/mycert.pem
cp newreq.pem /etc/mail/certs/mykey.pem
chmod 600 /etc/mail/certs/*.pem
Edit /etc/mail/sendmail.cf to match, as well as /etc/cyrus.conf
|
|
|
Unsupported Software
