github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-05 20:41:53 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

SRS support for Exim4

Browse source
This commit is contained in:
myvesta 2024-11-08 18:07:38 +01:00 committed by GitHub
parent afc6b62d5c
commit 89fc5a1ebd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 114 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

65
bin/v-add-srs-support-to-exim Normal file
View file

@ -0,0 +1,65 @@
#!/bin/bash
gen_pass() {
MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
if [ -z "$1" ]; then
LENGTH=32
else
LENGTH=$1
fi
while [ ${n:=1} -le $LENGTH ]; do
PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
let n+=1
done
echo "$PASS"
}
echo "=== Addind SRS support to Exim4 ==="
# SRS support is taken from HestiaCP
if [ ! -f "/etc/exim4/srs.conf" ]; then
echo "= Generating SRS KEY"
srs=$(gen_pass 16)
echo $srs > /etc/exim4/srs.conf
chmod 640 /etc/exim4/srs.conf
chown root:Debian-exim /etc/exim4/srs.conf
fi
if [ -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then
echo "= Backing up /etc/exim4/exim4.conf.template"
cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs
fi
if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then
echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf"
v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template'
fi
if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then
echo "= Patching \"dnslookup:\" block"
/usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' ' no_more' 'dnslookup:\n driver = dnslookup\n # if outbound, and forwarding has been done, use an alternate transport\n domains = ! +local_domains\n transport = ${if eq {$local_part@$domain} \\n {$original_local_part@$original_domain} \\n {remote_smtp} {remote_forwarded_smtp}}\n no_more'
fi
if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then
echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks"
v-sed 'aliases:' 'inbound_srs:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which are converted to SRS, and decode them\n condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n data = $srs_recipient\n\ninbound_srs_failure:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which look converted to SRS but are invalid\n condition = ${if inbound_srs {$local_part} {}}\n allow_fail\n data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template'
fi
if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then
echo "= Adding \"remote_forwarded_smtp:\" block"
v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template'
fi
echo "= Restarting exim4 service"
systemctl restart exim4
if [ $? -ne 0 ]; then
systemctl status exim4
cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template
systemctl restart exim4
echo "=== Patching failed, old exim conf returned, exim4 restarted again."
exit 1
fi
echo "=== SRS support was added successfully. ==="
exit 0

40
install/debian/12/exim/exim4.conf.template
View file

@ -13,6 +13,8 @@ add_environment=<; PATH=/bin:/usr/bin
keep_environment= keep_environment=
smtputf8_advertise_hosts = smtputf8_advertise_hosts =
SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}
#local_interfaces = 0.0.0.0 #local_interfaces = 0.0.0.0
#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} #smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}}
#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" #smtp_banner = "$smtp_active_hostname ESMTP $tod_full"
@ -267,8 +269,11 @@ begin routers
dnslookup: dnslookup:
driver = dnslookup driver = dnslookup
domains = !+local_domains # if outbound, and forwarding has been done, use an alternate transport
transport = remote_smtp domains = ! +local_domains
transport = ${if eq {$local_part@$domain} \
{$original_local_part@$original_domain} \
{remote_smtp} {remote_forwarded_smtp}}
no_more no_more
localuser_spam: localuser_spam:
@ -305,6 +310,23 @@ autoreplay:
transport = userautoreply transport = userautoreply
unseen unseen
inbound_srs:
driver = redirect
senders = :
domains = +local_domains
# detect inbound bounces which are converted to SRS, and decode them
condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
data = $srs_recipient
inbound_srs_failure:
driver = redirect
senders = :
domains = +local_domains
# detect inbound bounces which look converted to SRS but are invalid
condition = ${if inbound_srs {$local_part} {}}
allow_fail
data = :fail: Invalid SRS recipient address
aliases: aliases:
driver = redirect driver = redirect
headers_add = X-redirected: yes headers_add = X-redirected: yes
@ -357,6 +379,20 @@ remote_smtp:
hosts_try_chunking = !93.188.3.0/24 hosts_try_chunking = !93.188.3.0/24
message_linelength_limit = 1G message_linelength_limit = 1G
remote_forwarded_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail
dkim_private_key = DKIM_PRIVATE_KEY
dkim_canon = relaxed
dkim_strict = 0
hosts_try_fastopen =
hosts_try_chunking = !93.188.3.0/24
message_linelength_limit = 1G
# modify the envelope from, for mails that we forward
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
procmail: procmail:
driver = pipe driver = pipe
command = "/usr/bin/procmail -d $local_part" command = "/usr/bin/procmail -d $local_part"

12
install/vst-install-debian.sh
View file

@ -131,7 +131,11 @@ help() {
# Defining password-gen function # Defining password-gen function
gen_pass() { gen_pass() {
MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
LENGTH=32 if [ -z "$1" ]; then
LENGTH=32
else
LENGTH=$1
fi
while [ ${n:=1} -le $LENGTH ]; do while [ ${n:=1} -le $LENGTH ]; do
PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
let n+=1 let n+=1
@ -1465,6 +1469,12 @@ if [ "$exim" = 'yes' ]; then
sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
fi fi
# Generating SRS KEY - the code is taken from HestiaCP
srs=$(gen_pass 16)
echo $srs > /etc/exim4/srs.conf
chmod 640 /etc/exim4/srs.conf
chown root:Debian-exim /etc/exim4/srs.conf
chmod 640 /etc/exim4/exim4.conf.template chmod 640 /etc/exim4/exim4.conf.template
rm -rf /etc/exim4/domains rm -rf /etc/exim4/domains
mkdir -p /etc/exim4/domains mkdir -p /etc/exim4/domains