From 9a4cacde23962c6c8e5b07da9149f9362a771e29 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob.mottram@codethink.co.uk>
Date: Fri, 18 Mar 2016 09:47:27 +0000
Subject: [PATCH] Ignore tripwire emails if there are no violations
---
locale/de/freedombone-image-customise.json | 4 -
locale/de/freedombone.json | 5 +-
locale/es/freedombone-image-customise.json | 4 -
locale/es/freedombone.json | 5 +-
locale/fr/freedombone-image-customise.json | 4 -
locale/fr/freedombone.json | 5 +-
src/freedombone | 369 +++++++++++----------
7 files changed, 191 insertions(+), 205 deletions(-)
diff --git a/locale/de/freedombone-image-customise.json b/locale/de/freedombone-image-customise.json
index ee898bd6c..ea79f8432 100644
--- a/locale/de/freedombone-image-customise.json
+++ b/locale/de/freedombone-image-customise.json
@@ -6,10 +6,6 @@
"\n .---. . .\n | | |\n |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.\n | | (.-' (.-' ( | ( )| | | | )( )| | (.-'\n ' ' --' --' -' - -' ' ' -' -' -' ' - --'\n\n Initial base install\n\nYour system is not yet installed. To complete the process run the\nfollowing commands, then enter your details.\n\n sudo su\n ${PROJECT_NAME} menuconfig\n\n": "",
"Using ssh public key:": "",
"Install failed. Press x to continue...": "",
- "File not found /usr/local/bin/tox-bootstrapd": "",
- "Account to run Tox's DHT bootstrap daemon": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service": "",
"warning: creating initial user $username with well known password!": "",
"info: killing leftover processes in chroot": ""
}
\ No newline at end of file
diff --git a/locale/de/freedombone.json b/locale/de/freedombone.json
index bd8da2aec..11c42d922 100644
--- a/locale/de/freedombone.json
+++ b/locale/de/freedombone.json
@@ -60,6 +60,7 @@
"Please plug in the OneRNG device": "",
"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE": "",
"Added onion site for ${onion_service_name}": "",
+ "# Tripwire reports which have no violations don't need to be logged": "",
"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE": "",
"Unknown subkey usage: $GPG_KEY_USAGE": "",
"Public key: $MY_GPG_PUBLIC_KEY": "",
@@ -97,10 +98,6 @@
"Note that there's a usability/security trade-off made here.": "",
"In order to allow git clone via http we don't redirect everything": "",
"should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https.": "",
- "File not found /usr/local/bin/tox-bootstrapd": "",
- "Account to run Tox's DHT bootstrap daemon": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service": "",
"Your Tox node public key is": "",
"tox onion domain: ${TOX_ONION_HOSTNAME}": "",
"Your Tox node public key is: $TOX_PUBLIC_KEY": "",
diff --git a/locale/es/freedombone-image-customise.json b/locale/es/freedombone-image-customise.json
index ee898bd6c..ea79f8432 100644
--- a/locale/es/freedombone-image-customise.json
+++ b/locale/es/freedombone-image-customise.json
@@ -6,10 +6,6 @@
"\n .---. . .\n | | |\n |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.\n | | (.-' (.-' ( | ( )| | | | )( )| | (.-'\n ' ' --' --' -' - -' ' ' -' -' -' ' - --'\n\n Initial base install\n\nYour system is not yet installed. To complete the process run the\nfollowing commands, then enter your details.\n\n sudo su\n ${PROJECT_NAME} menuconfig\n\n": "",
"Using ssh public key:": "",
"Install failed. Press x to continue...": "",
- "File not found /usr/local/bin/tox-bootstrapd": "",
- "Account to run Tox's DHT bootstrap daemon": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service": "",
"warning: creating initial user $username with well known password!": "",
"info: killing leftover processes in chroot": ""
}
\ No newline at end of file
diff --git a/locale/es/freedombone.json b/locale/es/freedombone.json
index bd8da2aec..11c42d922 100644
--- a/locale/es/freedombone.json
+++ b/locale/es/freedombone.json
@@ -60,6 +60,7 @@
"Please plug in the OneRNG device": "",
"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE": "",
"Added onion site for ${onion_service_name}": "",
+ "# Tripwire reports which have no violations don't need to be logged": "",
"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE": "",
"Unknown subkey usage: $GPG_KEY_USAGE": "",
"Public key: $MY_GPG_PUBLIC_KEY": "",
@@ -97,10 +98,6 @@
"Note that there's a usability/security trade-off made here.": "",
"In order to allow git clone via http we don't redirect everything": "",
"should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https.": "",
- "File not found /usr/local/bin/tox-bootstrapd": "",
- "Account to run Tox's DHT bootstrap daemon": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service": "",
"Your Tox node public key is": "",
"tox onion domain: ${TOX_ONION_HOSTNAME}": "",
"Your Tox node public key is: $TOX_PUBLIC_KEY": "",
diff --git a/locale/fr/freedombone-image-customise.json b/locale/fr/freedombone-image-customise.json
index ee898bd6c..ea79f8432 100644
--- a/locale/fr/freedombone-image-customise.json
+++ b/locale/fr/freedombone-image-customise.json
@@ -6,10 +6,6 @@
"\n .---. . .\n | | |\n |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.\n | | (.-' (.-' ( | ( )| | | | )( )| | (.-'\n ' ' --' --' -' - -' ' ' -' -' -' ' - --'\n\n Initial base install\n\nYour system is not yet installed. To complete the process run the\nfollowing commands, then enter your details.\n\n sudo su\n ${PROJECT_NAME} menuconfig\n\n": "",
"Using ssh public key:": "",
"Install failed. Press x to continue...": "",
- "File not found /usr/local/bin/tox-bootstrapd": "",
- "Account to run Tox's DHT bootstrap daemon": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service": "",
"warning: creating initial user $username with well known password!": "",
"info: killing leftover processes in chroot": ""
}
\ No newline at end of file
diff --git a/locale/fr/freedombone.json b/locale/fr/freedombone.json
index bd8da2aec..11c42d922 100644
--- a/locale/fr/freedombone.json
+++ b/locale/fr/freedombone.json
@@ -60,6 +60,7 @@
"Please plug in the OneRNG device": "",
"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE": "",
"Added onion site for ${onion_service_name}": "",
+ "# Tripwire reports which have no violations don't need to be logged": "",
"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE": "",
"Unknown subkey usage: $GPG_KEY_USAGE": "",
"Public key: $MY_GPG_PUBLIC_KEY": "",
@@ -97,10 +98,6 @@
"Note that there's a usability/security trade-off made here.": "",
"In order to allow git clone via http we don't redirect everything": "",
"should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https.": "",
- "File not found /usr/local/bin/tox-bootstrapd": "",
- "Account to run Tox's DHT bootstrap daemon": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf": "",
- "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service": "",
"Your Tox node public key is": "",
"tox onion domain: ${TOX_ONION_HOSTNAME}": "",
"Your Tox node public key is: $TOX_PUBLIC_KEY": "",
diff --git a/src/freedombone b/src/freedombone
index 412ddba8f..3050f8ec5 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -4555,6 +4555,13 @@ function create_procmail {
echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc
echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc
echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc
+ echo '' >> /home/$MY_USERNAME/.procmailrc
+ echo $"# Tripwire reports which have no violations don't need to be logged" >> /home/$MY_USERNAME/.procmailrc
+ echo ':0 BD:' >> /home/$MY_USERNAME/.procmailrc
+ TRIPWIRE_VIOLATIONS_STR=$'Total violations found: 0'
+ echo " * .*$TRIPWIRE_VIOLATIONS_STR" >> /home/$MY_USERNAME/.procmailrc
+ echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
+ echo '' >> /home/$MY_USERNAME/.procmailrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
fi
@@ -4606,141 +4613,141 @@ function spam_filtering {
echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- # procmail configuration
- echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
- echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
- echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc
- echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
- echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
- echo ':0' >> /home/$MY_USERNAME/.procmailrc
- echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
- echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
- echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
- echo ':0' >> /home/$MY_USERNAME/.procmailrc
- echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
- echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc
- echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
- echo ':0' >> /home/$MY_USERNAME/.procmailrc
- echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
- echo 'spam/' >> /home/$MY_USERNAME/.procmailrc
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
- echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc
- echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc
- echo ' * < 256000' >> /etc/skel/.procmailrc
- echo '| spamc' >> /etc/skel/.procmailrc
- echo '# strong spam are discarded' >> /etc/skel/.procmailrc
- echo ':0' >> /etc/skel/.procmailrc
- echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc
- echo '/dev/null' >> /etc/skel/.procmailrc
- echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc
- echo ':0' >> /etc/skel/.procmailrc
- echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc
- echo 'maybe-spam/' >> /etc/skel/.procmailrc
- echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc
- echo ':0' >> /etc/skel/.procmailrc
- echo ' * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc
- echo 'spam/' >> /etc/skel/.procmailrc
- # filtering scripts
- echo '#!/bin/bash' > /usr/bin/filterspam
- echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
- echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
- echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" ]]; then' >> /usr/bin/filterspam
- echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
- echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
- echo ' exit' >> /usr/bin/filterspam
- echo ' fi' >> /usr/bin/filterspam
- echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
- echo ' do' >> /usr/bin/filterspam
- echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
- echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
- echo ' done' >> /usr/bin/filterspam
- echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
- echo ' do' >> /usr/bin/filterspam
- echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
- echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
- echo ' done' >> /usr/bin/filterspam
- echo ' fi' >> /usr/bin/filterspam
- echo 'done' >> /usr/bin/filterspam
- echo 'exit 0' >> /usr/bin/filterspam
-
- echo '#!/bin/bash' > /usr/bin/filterham
- echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
- echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
- echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" ]]; then' >> /usr/bin/filterham
- echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
- echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
- echo ' exit' >> /usr/bin/filterham
- echo ' fi' >> /usr/bin/filterham
- echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
- echo ' do' >> /usr/bin/filterham
- echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
- echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
- echo ' done' >> /usr/bin/filterham
- echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
- echo ' do' >> /usr/bin/filterham
- echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
- echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
- echo ' done' >> /usr/bin/filterham
- echo ' fi' >> /usr/bin/filterham
- echo 'done' >> /usr/bin/filterham
- echo 'exit 0' >> /usr/bin/filterham
-
- if ! grep -q "filterspam" /etc/crontab; then
- echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam" >> /etc/crontab
- fi
- if ! grep -q "filterham" /etc/crontab; then
- echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham" >> /etc/crontab
- fi
- chmod 655 /usr/bin/filterspam /usr/bin/filterham
- sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
- sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
-
- # user preferences
- if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then
- mkdir /home/$MY_USERNAME/.spamassassin
- echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- fi
- # this must be accessible by root
- chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin
-
- systemctl restart spamassassin
- systemctl restart exim4
- systemctl restart cron
-
- echo 'spam_filtering' >> $COMPLETION_FILE
+ echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ # procmail configuration
+ echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
+ echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc
+ echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
+ echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0' >> /home/$MY_USERNAME/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
+ echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
+ echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0' >> /home/$MY_USERNAME/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
+ echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc
+ echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0' >> /home/$MY_USERNAME/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
+ echo 'spam/' >> /home/$MY_USERNAME/.procmailrc
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
+ echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc
+ echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc
+ echo ' * < 256000' >> /etc/skel/.procmailrc
+ echo '| spamc' >> /etc/skel/.procmailrc
+ echo '# strong spam are discarded' >> /etc/skel/.procmailrc
+ echo ':0' >> /etc/skel/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc
+ echo '/dev/null' >> /etc/skel/.procmailrc
+ echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc
+ echo ':0' >> /etc/skel/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc
+ echo 'maybe-spam/' >> /etc/skel/.procmailrc
+ echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc
+ echo ':0' >> /etc/skel/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc
+ echo 'spam/' >> /etc/skel/.procmailrc
+ # filtering scripts
+ echo '#!/bin/bash' > /usr/bin/filterspam
+ echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
+ echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
+ echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" ]]; then' >> /usr/bin/filterspam
+ echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
+ echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
+ echo ' exit' >> /usr/bin/filterspam
+ echo ' fi' >> /usr/bin/filterspam
+ echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
+ echo ' do' >> /usr/bin/filterspam
+ echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
+ echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
+ echo ' done' >> /usr/bin/filterspam
+ echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
+ echo ' do' >> /usr/bin/filterspam
+ echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
+ echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
+ echo ' done' >> /usr/bin/filterspam
+ echo ' fi' >> /usr/bin/filterspam
+ echo 'done' >> /usr/bin/filterspam
+ echo 'exit 0' >> /usr/bin/filterspam
+
+ echo '#!/bin/bash' > /usr/bin/filterham
+ echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
+ echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
+ echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" ]]; then' >> /usr/bin/filterham
+ echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
+ echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
+ echo ' exit' >> /usr/bin/filterham
+ echo ' fi' >> /usr/bin/filterham
+ echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
+ echo ' do' >> /usr/bin/filterham
+ echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
+ echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
+ echo ' done' >> /usr/bin/filterham
+ echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
+ echo ' do' >> /usr/bin/filterham
+ echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
+ echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
+ echo ' done' >> /usr/bin/filterham
+ echo ' fi' >> /usr/bin/filterham
+ echo 'done' >> /usr/bin/filterham
+ echo 'exit 0' >> /usr/bin/filterham
+
+ if ! grep -q "filterspam" /etc/crontab; then
+ echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam" >> /etc/crontab
+ fi
+ if ! grep -q "filterham" /etc/crontab; then
+ echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham" >> /etc/crontab
+ fi
+ chmod 655 /usr/bin/filterspam /usr/bin/filterham
+ sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
+ sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
+
+ # user preferences
+ if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then
+ mkdir /home/$MY_USERNAME/.spamassassin
+ echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ fi
+ # this must be accessible by root
+ chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin
+
+ systemctl restart spamassassin
+ systemctl restart exim4
+ systemctl restart cron
+
+ echo 'spam_filtering' >> $COMPLETION_FILE
}
function configure_imap {
@@ -4781,52 +4788,52 @@ function configure_imap {
sed -i 's|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = 2048|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|#ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
- sed -i "s|ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
- echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf
-
- if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-master.conf'
- exit 49259
- fi
- sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
- sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
- sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
-
- if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-logging.conf'
- exit 48936
- fi
- sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
-
- if [ ! -f /etc/dovecot/dovecot.conf ]; then
- echo $'Unable to find /etc/dovecot/dovecot.conf'
- exit 43890
- fi
- sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf
-
- if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-auth.conf'
- exit 843256
- fi
- sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
- sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
-
- if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-mail.conf'
- exit 42036
- fi
- sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
-
- # This long notify interval makes the system more suited for use with
- # battery powered mobile devices
- sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf
-
- if [ -f /var/lib/dovecot/ssl-parameters.dat ]; then
- rm /var/lib/dovecot/ssl-parameters.dat
- fi
-
- systemctl restart dovecot
- echo 'configure_imap' >> $COMPLETION_FILE
+ sed -i "s|ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
+ echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf
+
+ if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-master.conf'
+ exit 49259
+ fi
+ sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
+ sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
+ sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
+
+ if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-logging.conf'
+ exit 48936
+ fi
+ sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
+
+ if [ ! -f /etc/dovecot/dovecot.conf ]; then
+ echo $'Unable to find /etc/dovecot/dovecot.conf'
+ exit 43890
+ fi
+ sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf
+
+ if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-auth.conf'
+ exit 843256
+ fi
+ sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
+ sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
+
+ if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-mail.conf'
+ exit 42036
+ fi
+ sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
+
+ # This long notify interval makes the system more suited for use with
+ # battery powered mobile devices
+ sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf
+
+ if [ -f /var/lib/dovecot/ssl-parameters.dat ]; then
+ rm /var/lib/dovecot/ssl-parameters.dat
+ fi
+
+ systemctl restart dovecot
+ echo 'configure_imap' >> $COMPLETION_FILE
}
function configure_imap_client_certs {
--
GitLab