heartshare/main.cf

## readme.md

      
    Raw
  

              readme.md
            
          
    Automated relay domains Postfix backup MX

When using DirectAdmin and/or Kerio Connect you can automatically update relay domains with a few simple scripts.
Configure Postfix as backup MX host. You're config will look something like this /etc/postfix/main.cf.
Next place these scripts in /usr/local/sbin, replace <...> with the right values and make them executable.

/usr/local/sbin/update_relay_domains
/usr/local/sbin/update_fbmx_diradmin
/usr/local/sbin/update_fbmx_kerio

Finally set a cronjob
@hourly /bin/bash /usr/local/sbin/update_relay_domains >/dev/null 2>&1

You're all set.

  
## main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

#smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_banner = $myhostname ESMTP ready
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = <myhostname>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = <myhostname>, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

#
# Backup MX
#

disable_vrfy_command = yes
strict_rfc821_envelopes = yes

smtpd_delay_reject = yes
smtpd_helo_required = yes

smtpd_helo_restrictions =
 reject_unknown_hostname,
 reject_invalid_hostname,
 reject_non_fqdn_hostname

smtpd_sender_restrictions =
 reject_non_fqdn_sender,
 reject_unknown_sender_domain

smtpd_recipient_restrictions =
 permit_mynetworks,
 reject_unauth_destination,
 reject_unauth_pipelining,
 reject_non_fqdn_recipient

smtpd_data_restrictions =
 reject_unauth_pipelining

smtpd_client_restrictions =
 permit_mynetworks,
 reject_unknown_client,
 reject_rbl_client b.barracudacentral.org,
 reject_rbl_client dsn.rfc-ignorant.org,
 reject_rbl_client dnsbl.sorbs.net,
 reject_rbl_client rhsbl.sorbs.net,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client zen.spamhaus.org,
 reject_rbl_client db.wpbl.info

unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550

maximal_queue_lifetime = 21d

relay_domains = /etc/postfix/relay_domains

## update_fbmx_diradmin.sh
#!/bin/bash

ssh <user@directadmin.host> \
"cat /etc/virtual/domains" \
> /etc/postfix/fbmx_diradmin

if [ $? -ne 0 ]
then
    logger -p err -t update_fbmx_diradmin "Could not fetch domains"
    exit 1
fi

## update_fbmx_kerio.sh
#!/bin/bash

ssh <user@kerio.host> \
"xmlstarlet sel -t -m \"/config/list[@name='Domain']/listitem/variable[@name='Domain']/text()\" -v \".\" -n /opt/kerio/mailserver/mailserver.cfg | grep -v \"^$\"" \
> /etc/postfix/fbmx_kerio

if [ $? -ne 0 ]
then
    logger -p err -t update_fbmx_kerio "Could not fetch domains"
    exit 1
fi

## update_relay_domains.sh
#!/bin/bash

/usr/local/sbin/update_fbmx_kerio
/usr/local/sbin/update_fbmx_diradmin

rm -f /etc/postfix/relay_domains_tmp

FILES=$(ls /etc/postfix/fbmx_*)

for FILE in ${FILES}
do
    RELAY_DOMAINS=$(cat ${FILE})

    for RELAY_DOMAIN in ${RELAY_DOMAINS}; do
        host -W 5 ${RELAY_DOMAIN} | grep -q "not found"

        if [ $? -ne 0 ]
        then
            echo "${RELAY_DOMAIN}" >> /etc/postfix/relay_domains_tmp
        fi
    done;
done;

sort /etc/postfix/relay_domains_tmp | uniq > /etc/postfix/relay_domains
rm -f /etc/postfix/relay_domains_tmp

/etc/init.d/postfix restart

if [ $? -ne 0 ]
then
    logger -p err -t update_relay_domains "Could not restart postfix"
    exit 1
fi
	# See /usr/share/postfix/main.cf.dist for a commented, more complete version


	# Debian specific: Specifying a file name will cause the first
	# line of that file to be used as the name. The Debian default
	# is /etc/mailname.
	#myorigin = /etc/mailname

	#smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
	smtpd_banner = $myhostname ESMTP ready
	biff = no

	# appending .domain is the MUA's job.
	append_dot_mydomain = no

	# Uncomment the next line to generate "delayed mail" warnings
	#delay_warning_time = 4h

	readme_directory = no

	# TLS parameters
	smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
	smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
	smtpd_use_tls=yes
	smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
	smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
	# information on enabling SSL in the smtp client.

	myhostname = <myhostname>
	alias_maps = hash:/etc/aliases
	alias_database = hash:/etc/aliases
	myorigin = /etc/mailname
	mydestination = <myhostname>, localhost
	relayhost =
	mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
	mailbox_size_limit = 0
	recipient_delimiter = +
	inet_interfaces = all
	inet_protocols = ipv4

	#
	# Backup MX
	#

	disable_vrfy_command = yes
	strict_rfc821_envelopes = yes

	smtpd_delay_reject = yes
	smtpd_helo_required = yes

	smtpd_helo_restrictions =
	reject_unknown_hostname,
	reject_invalid_hostname,
	reject_non_fqdn_hostname

	smtpd_sender_restrictions =
	reject_non_fqdn_sender,
	reject_unknown_sender_domain

	smtpd_recipient_restrictions =
	permit_mynetworks,
	reject_unauth_destination,
	reject_unauth_pipelining,
	reject_non_fqdn_recipient

	smtpd_data_restrictions =
	reject_unauth_pipelining

	smtpd_client_restrictions =
	permit_mynetworks,
	reject_unknown_client,
	reject_rbl_client b.barracudacentral.org,
	reject_rbl_client dsn.rfc-ignorant.org,
	reject_rbl_client dnsbl.sorbs.net,
	reject_rbl_client rhsbl.sorbs.net,
	reject_rbl_client bl.spamcop.net,
	reject_rbl_client zen.spamhaus.org,
	reject_rbl_client db.wpbl.info

	unknown_address_reject_code = 550
	unknown_client_reject_code = 550
	unknown_hostname_reject_code = 550
	unknown_local_recipient_reject_code = 550
	unknown_relay_recipient_reject_code = 550
	unknown_virtual_alias_reject_code = 550
	unknown_virtual_mailbox_reject_code = 550
	unverified_recipient_reject_code = 550
	unverified_sender_reject_code = 550

	maximal_queue_lifetime = 21d

	relay_domains = /etc/postfix/relay_domains
	#!/bin/bash

	ssh <user@directadmin.host> \
	"cat /etc/virtual/domains" \
	> /etc/postfix/fbmx_diradmin

	if [ $? -ne 0 ]
	then
	logger -p err -t update_fbmx_diradmin "Could not fetch domains"
	exit 1
	fi
	#!/bin/bash

	ssh <user@kerio.host> \
	"xmlstarlet sel -t -m \"/config/list[@name='Domain']/listitem/variable[@name='Domain']/text()\" -v \".\" -n /opt/kerio/mailserver/mailserver.cfg \| grep -v \"^$\"" \
	> /etc/postfix/fbmx_kerio

	if [ $? -ne 0 ]
	then
	logger -p err -t update_fbmx_kerio "Could not fetch domains"
	exit 1
	fi
	#!/bin/bash

	/usr/local/sbin/update_fbmx_kerio
	/usr/local/sbin/update_fbmx_diradmin

	rm -f /etc/postfix/relay_domains_tmp

	FILES=$(ls /etc/postfix/fbmx_*)

	for FILE in ${FILES}
	do
	RELAY_DOMAINS=$(cat ${FILE})

	for RELAY_DOMAIN in ${RELAY_DOMAINS}; do
	host -W 5 ${RELAY_DOMAIN} \| grep -q "not found"

	if [ $? -ne 0 ]
	then
	echo "${RELAY_DOMAIN}" >> /etc/postfix/relay_domains_tmp
	fi
	done;
	done;

	sort /etc/postfix/relay_domains_tmp \| uniq > /etc/postfix/relay_domains
	rm -f /etc/postfix/relay_domains_tmp

	/etc/init.d/postfix restart

	if [ $? -ne 0 ]
	then
	logger -p err -t update_relay_domains "Could not restart postfix"
	exit 1
	fi