diff --git a/AntiSpam/Configuration/dkim_signing.conf b/AntiSpam/Configuration/dkim_signing.conf deleted file mode 100644 index ef5c051..0000000 --- a/AntiSpam/Configuration/dkim_signing.conf +++ /dev/null @@ -1,3 +0,0 @@ -selector = "mail"; -path = "/var/lib/rspamd/dkim/$selector.key"; -allow_username_mismatch = true; \ No newline at end of file diff --git a/AntiSpam/Configuration/logging.inc b/AntiSpam/Configuration/logging.inc deleted file mode 100644 index 9debb78..0000000 --- a/AntiSpam/Configuration/logging.inc +++ /dev/null @@ -1,20 +0,0 @@ -level = "warning"; -filename = /var/log/rspamd.log; -log_format =<,$if_qid{ qid: <$>,}$if_ip{ ip: $,}$if_user{ user: $,}$if_smtp_from{ from: <$>,} -(default: $is_spam ($action): [$scores] [$symbols_scores_params]), -len: $len, time: $time_real, dns req: $dns_req, -digest: <$digest>$if_smtp_rcpts{, rcpts: <$>}$if_mime_rcpts{, mime_rcpts: <$>}$if_filename{, file: $}$if_forced_action{, forced: $}$if_settings_id{, settings_id: $} -EOD - -# Show statistics for regular expressions -log_re_cache = true; - -# Can be used for console logging -color = false; - -# Log with microseconds resolution -log_usec = false; - -# Enable debug for specific modules (e.g. `debug_modules = ["dkim", "re_cache"];`) -debug_modules = [] diff --git a/AntiSpam/Configuration/milter_headers.conf b/AntiSpam/Configuration/milter_headers.conf deleted file mode 100644 index 8fc724e..0000000 --- a/AntiSpam/Configuration/milter_headers.conf +++ /dev/null @@ -1,4 +0,0 @@ -use = ["x-spamd-bar", "x-spam-level", "authentication-results"]; -extended_spam_headers = true; -skip_local = false; -skip_authenticated = false; \ No newline at end of file diff --git a/AntiSpam/Configuration/proto.classifier-bayes.conf b/AntiSpam/Configuration/proto.classifier-bayes.conf deleted file mode 100644 index 89376e1..0000000 --- a/AntiSpam/Configuration/proto.classifier-bayes.conf +++ /dev/null @@ -1,3 +0,0 @@ -servers = "{{SERVICE.MEMORY_DATABASE.NAME}}"; -backend = "redis"; -autolearn = true; \ No newline at end of file diff --git a/AntiSpam/Configuration/proto.redis.conf b/AntiSpam/Configuration/proto.redis.conf deleted file mode 100644 index 63dd6cb..0000000 --- a/AntiSpam/Configuration/proto.redis.conf +++ /dev/null @@ -1 +0,0 @@ -servers = "{{SERVICE.MEMORY_DATABASE.NAME}}:{{SERVICE.MEMORY_DATABASE.PORTS.PORT}}"; \ No newline at end of file diff --git a/AntiSpam/Configuration/proto.worker-controller.inc b/AntiSpam/Configuration/proto.worker-controller.inc deleted file mode 100644 index bd80352..0000000 --- a/AntiSpam/Configuration/proto.worker-controller.inc +++ /dev/null @@ -1,5 +0,0 @@ -count = 1; -bind_socket = "*:{{SERVICE.ANTI_SPAM.PORTS.WEBUI}}"; -secure_ip = "0.0.0.0"; -secure_ip = "::1"; -static_dir = "${WWWDIR}"; diff --git a/AntiSpam/Configuration/proto.worker-normal.inc b/AntiSpam/Configuration/proto.worker-normal.inc deleted file mode 100644 index fc68a3f..0000000 --- a/AntiSpam/Configuration/proto.worker-normal.inc +++ /dev/null @@ -1 +0,0 @@ -bind_socket = "*:{{SERVICE.ANTI_SPAM.PORTS.WORKER}}"; \ No newline at end of file diff --git a/AntiSpam/Configuration/proto.worker-proxy.inc b/AntiSpam/Configuration/proto.worker-proxy.inc deleted file mode 100644 index d456ba3..0000000 --- a/AntiSpam/Configuration/proto.worker-proxy.inc +++ /dev/null @@ -1,7 +0,0 @@ -bind_socket = "*:{{SERVICE.ANTI_SPAM.PORTS.PROXY}}"; -milter = yes; -timeout = 120s; -upstream "local" { - default = yes; - self_scan = yes; -} \ No newline at end of file diff --git a/AntiSpam/Dockerfile b/AntiSpam/Dockerfile deleted file mode 100644 index 2eec4ee..0000000 --- a/AntiSpam/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -FROM centos:8 - -ARG PROXY_PORT -ARG WORKER_PORT -ARG WEBUI_PORT -ARG WEBUI_PASS -ARG MEM_DB -ARG MEM_DB_PORT - -ENV PROXY_PORT "$PROXY_PORT" -ENV WORKER_PORT "$WORKER_PORT" -ENV WEBUI_PORT "$WEBUI_PORT" -ENV WEBUI_PASS "$WEBUI_PASS" -ENV MEM_DB "$MEM_DB" -ENV MEM_DB_PORT "$MEM_DB_PORT" - -RUN dnf update -y && \ - dnf install -y findutils && \ - dnf clean all && \ - dnf install -y --nogpgcheck https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ - dnf install -y --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-8.noarch.rpm && \ - dnf install -y python3 libpcap && \ - dnf install -y git cmake make gcc-c++ boost ragel libnet curl telnet net-tools iputils wget && \ - dnf groupinstall -y "Development Tools" && \ - cd /opt; git clone http://luajit.org/git/luajit-2.0.git; cd luajit-2.0; make && make install; cd / && \ - rpm -Uvh http://repo.openfusion.net/centos7-x86_64/openfusion-release-0.7-1.of.el7.noarch.rpm && \ - dnf install -y hyperscan hyperscan-devel && \ - curl https://rspamd.com/rpm-stable/centos-8/rspamd.repo > /etc/yum.repos.d/rspamd.repo && \ - rpm --import https://rspamd.com/rpm-stable/gpg.key && \ - dnf install -y rspamd - -ADD Scripts/start.sh /start.sh -ADD Scripts/getip.sh /getip.sh -ADD Scripts/logrotate.sh /logrotate.sh -ADD Configuration/worker-proxy.inc /etc/rspamd/local.d/worker-proxy.inc -ADD Configuration/worker-normal.inc /etc/rspamd/local.d/worker-normal.inc -ADD Configuration/classifier-bayes.conf /etc/rspamd/local.d/classifier-bayes.conf -ADD Configuration/milter_headers.conf /etc/rspamd/local.d/milter_headers.conf -ADD Configuration/worker-controller.inc /etc/rspamd/local.d/worker-controller.inc -ADD Configuration/logging.inc /etc/rspamd/local.d/logging.inc -ADD Configuration/dkim_signing.conf /etc/rspamd/local.d/dkim_signing.conf -ADD Configuration/redis.conf /etc/rspamd/local.d/redis.conf - -RUN cp /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf && \ - mkdir /var/run/rspamd && \ - printf "password = \"$(rspamadm pw --encrypt -p ${WEBUI_PASS})\";\n" >> \ - /etc/rspamd/local.d/worker-controller.inc && \ - printf "enable_password = \"$(rspamadm pw --encrypt -p ${WEBUI_PASS})\";\n" >> \ - /etc/rspamd/local.d/worker-controller.inc && \ - wget -P /var/lib/rspamd https://rspamd.com/rspamd_statistics/bayes.ham.sqlite && \ - wget -P /var/lib/rspamd https://rspamd.com/rspamd_statistics/bayes.spam.sqlite && \ - chown _rspamd._rspamd /var/lib/rspamd/*sqlite && \ - rspamadm statconvert --spam-db /var/lib/rspamd/bayes.spam.sqlite --symbol-spam BAYES_SPAM \ - --ham-db /var/lib/rspamd/bayes.ham.sqlite --symbol-ham BAYES_HAM -h \ - `/getip.sh "${MEM_DB}"`:"${MEM_DB_PORT}" - -EXPOSE $PROXY_PORT -EXPOSE $WORKER_PORT -EXPOSE $WEBUI_PORT - -CMD sh start.sh "${PROXY_PORT}" "${WORKER_PORT}" "${WEBUI_PORT}" "${WEBUI_PASS}" \ No newline at end of file diff --git a/AntiSpam/Scripts/getip.sh b/AntiSpam/Scripts/getip.sh deleted file mode 100755 index 0598a12..0000000 --- a/AntiSpam/Scripts/getip.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -ADDRESS=$1 -if nslookup "${ADDRESS}" | grep "can't find" -then - - echo "Could not obtain ip address for: $ADDRESS" -else - - nslookup "${ADDRESS}" | sed '/^[[:space:]]*$/d' | tail -1 | tr -d "[:blank:]" | sed s/Address:// -fi \ No newline at end of file diff --git a/AntiSpam/Scripts/logrotate.sh b/AntiSpam/Scripts/logrotate.sh deleted file mode 100644 index 3fef75a..0000000 --- a/AntiSpam/Scripts/logrotate.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -logs=/var/log -logFile=rspamd.log -log="$logs/$logFile" - -if test -e ${log} -then - - cp ${log} "${logs}/$(($(date +%s%N)/1000000))_$logFile" - echo "Log initialized: $(date)" > ${log} - find ${logs} -name "*_$logFile" -mtime +120 -exec rm -f {} \; >> ${log} - echo "Beginning of log file:" >> ${log} -else - - echo "Log not yet available for archiving: $(date)" >> ${log} -fi - -sleep 604800; sh /logrotate.sh & \ No newline at end of file diff --git a/AntiSpam/Scripts/start.sh b/AntiSpam/Scripts/start.sh deleted file mode 100644 index ce1ea6f..0000000 --- a/AntiSpam/Scripts/start.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh - -logFile="rspamd.start.log" -echo "Rspamd START: $(date)" >${logFile} -sh /logrotate.sh & - -chown -R _rspamd /var/run/rspamd -chgrp -R _rspamd /var/run/rspamd - -if test -e /var/lib/rspamd/dkim/; then - - echo "$(date) DKIM directory exists" >>${logFile} -else - - echo "$(date) Initializing DKIM directory" >>${logFile} - mkdir -p /var/lib/rspamd/dkim/ -fi - -if test -e /var/lib/rspamd/dkim/mail.key; then - - echo "$(date) DKIM keys are available" >>${logFile} -else - - echo "$(date) Initializing DKIM keys" >>${logFile} - rspamadm dkim_keygen -b 2048 -s mail -k /var/lib/rspamd/dkim/mail.key | tee -a /var/lib/rspamd/dkim/mail.pub -fi - -chown -R _rspamd /var/lib/rspamd -chgrp -R _rspamd /var/lib/rspamd -chmod 440 /var/lib/rspamd/dkim/* - -if rspamd -u _rspamd -g _rspamd; then - - proxyPort=$1 - workerPort=$2 - webUiPort=$3 - webUiPassword=$4 - - export IFS=";" - ports="${proxyPort};${workerPort};${webUiPort}" - for port in $ports; do - - if echo "^C" | telnet 127.0.0.1 "${port}" | grep "Connected"; then - echo "Rspamd is listening on port: $port" >>${logFile} - else - echo "Rspamd is not bound to port: $port" >>${logFile} - exit 1 - fi - done - - rspamc stat -P "${webUiPassword}" >>${logFile} - tail -F ${logFile} -else - - echo "Rspamd not started" >>${logFile} - exit 1 -fi diff --git a/AntiSpam/proto.antispam.service b/AntiSpam/proto.antispam.service deleted file mode 100644 index ca5a58d..0000000 --- a/AntiSpam/proto.antispam.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Rspamd running on Docker -After=docker.service -Requires=docker.service - -[Service] -Restart=always -ExecStart={{DOCKER.DOCKER_HOME}}/Definitions/Rspamd/start.sh - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/AntiSpam/proto.docker-compose.yml b/AntiSpam/proto.docker-compose.yml deleted file mode 100644 index ea701b3..0000000 --- a/AntiSpam/proto.docker-compose.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: "3.7" - -services: - {{SERVICE.ANTI_SPAM.NAME}}: - build: - context: . - args: - - PROXY_PORT={{SERVICE.ANTI_SPAM.PORTS.PROXY}} - - WORKER_PORT={{SERVICE.ANTI_SPAM.PORTS.WORKER}} - - WEBUI_PORT={{SERVICE.ANTI_SPAM.PORTS.WEBUI}} - - WEBUI_PASS={{SERVICE.ANTI_SPAM.WEBUI.PASSWORD}} - - MEM_DB={{SERVICE.MEMORY_DATABASE.NAME}} - - MEM_DP_PORT={{SERVICE.MEMORY_DATABASE.PORTS.PORT}} - container_name: {{SERVICE.ANTI_SPAM.NAME}} - hostname: {{SERVICE.ANTI_SPAM.NAME}}.{{SERVER.DOMAIN}} - restart: always - ports: - - {{SERVICE.ANTI_SPAM.PORTS.WEBUI_EXPOSED}}:{{SERVICE.ANTI_SPAM.PORTS.WEBUI}} - networks: - - {{SERVICE.NETWORK.NAME}} - volumes: - - {{SERVER.SERVER_HOME}}/Server/Rspamd/Log:/var/log - - {{SERVER.SERVER_HOME}}/Server/Rspamd/Lib:/var/lib/rspamd - -networks: - {{SERVICE.NETWORK.NAME}}: - external: true diff --git a/AntiVirus/Configuration/Amavisd/proto.amavisd.conf b/AntiVirus/Configuration/Amavisd/proto.amavisd.conf deleted file mode 100644 index 5c17317..0000000 --- a/AntiVirus/Configuration/Amavisd/proto.amavisd.conf +++ /dev/null @@ -1,808 +0,0 @@ -use strict; - -$max_servers = 5; # num of pre-forked children (2..30 is common), -m -$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u -$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g - -$mydomain = '{{SERVER.DOMAIN}}'; # a convenient default for other settings - -$MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H -$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T -$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. -$QUARANTINEDIR = undef; # -Q -# $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine -# $release_format = 'resend'; # 'attach', 'plain', 'resend' -# $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf' - -# $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R - -$db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D -# $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S -$lock_file = "/run/amavisd/amavisd.lock"; # -L -$pid_file = "/run/amavisd/amavisd.pid"; # -P -#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually - -$log_level = 5; # verbosity 0..5, -d -$log_recip_templ = undef; # disable by-recipient level-0 log entries -$do_syslog = 0; # log via syslogd (preferred) - -$logfile = "/var/log/amavis.log"; -$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], <%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c'; - -$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) -# $enable_zmq = 1; # enable use of ZeroMQ (SNMP and nanny) -$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed -$enable_dkim_verification = 1; # enable DKIM signatures verification -$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key - -@local_domains_maps = ( [".$mydomain"] ); # list of all local domains - -@mynetworks = qw( 0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 {{SERVICE.NETWORK.SUBNET}} ); - -$unix_socketname = "/run/amavisd/amavisd.sock"; # amavisd-release or amavis-milter - # option(s) -p overrides $inet_socket_port and $unix_socketname - -$inet_socket_port = {{SERVICE.ANTI_VIRUS.PORTS.PORT}}; # listen on this local TCP port(s) -# $inet_socket_port = [10024,10026]; # listen on multiple TCP ports -$inet_socket_bind = undef; # bind to all IP interfaces if undef -@inet_acl = qw( 127.0.0.0/8 10.0.0.0/8 {{SERVICE.NETWORK.SUBNET}} ); - -$policy_bank{'MYNETS'} = { # mail originating from @mynetworks - originating => 1, # is true in MYNETS by default, but let's make it explicit - os_fingerprint_method => undef, # don't query p0f for internal clients -}; - -# it is up to MTA to re-route mail from authenticated roaming users or -# from internal hosts to a dedicated TCP port (such as 10026) for filtering -$interface_policy{'10026'} = 'ORIGINATING'; - -$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users - originating => 1, # declare that mail was submitted by our smtp client - allow_disclaimers => 1, # enables disclaimer insertion if available - # notify administrator of locally originating malware - virus_admin_maps => ["virusalert\@$mydomain"], - spam_admin_maps => ["virusalert\@$mydomain"], - warnbadhsender => 1, - # forward to a smtpd service providing DKIM signing service - forward_method => 'smtp:[127.0.0.1]:10027', - # force MTA conversion to 7-bit (e.g. before DKIM signing) - smtpd_discard_ehlo_keywords => ['8BITMIME'], - bypass_banned_checks_maps => [1], # allow sending any file names and types - terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option -}; - -$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname - -# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c -# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): -$policy_bank{'AM.PDP-SOCK'} = { - protocol => 'AM.PDP', - auth_required_release => 0, # do not require secret_id for amavisd-release -}; - -$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level -$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level -$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) -$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is suppressed -$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From -# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off -$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) -$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam -$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces - -$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger -$sa_local_tests_only = 0; # only tests which do not require internet access? - -# @lookup_sql_dsn = -# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], -# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], -# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); -# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database -# @storage_redis_dsn = ( {server=>'127.0.0.1:6379', db_id=>1} ); -# $redis_logging_key = 'amavis-log'; -# $redis_logging_queue_size_limit = 300000; # about 250 MB / 100000 - -# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; -# defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) - -$virus_admin = undef; # notifications recip. - -$mailfrom_notify_admin = undef; # notifications sender -$mailfrom_notify_recip = undef; # notifications sender -$mailfrom_notify_spamadmin = undef; # notifications sender -$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef - -@addr_extension_virus_maps = ('virus'); -@addr_extension_banned_maps = ('banned'); -@addr_extension_spam_maps = ('spam'); -@addr_extension_bad_header_maps = ('badh'); -# $recipient_delimiter = '+'; # undef disables address extensions altogether -# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ - -$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; -# $dspam = 'dspam'; - -$MAXLEVELS = 14; -$MAXFILES = 3000; -$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) -$MAX_EXPANSION_QUOTA = 500*1024*1024; # bytes (default undef, not enforced) - -$sa_spam_subject_tag = '***Spam*** '; -$defang_virus = 1; # MIME-wrap passed infected mail -$defang_banned = 1; # MIME-wrap passed mail containing banned name -# for defanging bad headers only turn on certain minor contents categories: -$defang_by_ccat{CC_BADH.",3"} = 1; # NUL or CR character in header -$defang_by_ccat{CC_BADH.",5"} = 1; # header line longer than 998 characters -$defang_by_ccat{CC_BADH.",6"} = 1; # header field syntax error - - -# OTHER MORE COMMON SETTINGS (defaults may suffice): - -$myhostname = '{{SERVICE.ANTI_VIRUS.NAME}}.{{SERVER.DOMAIN}}'; # must be a fully-qualified domain name! - -$notify_method = 'smtp:[{{SERVICE.MAIL_SEND.NAME}}]:{{SERVICE.MAIL_SEND.PORTS.PORT_ANTI_VIRUS}}'; -$forward_method = 'smtp:[{{SERVICE.MAIL_SEND.NAME}}]:{{SERVICE.MAIL_SEND.PORTS.PORT_ANTI_VIRUS}}'; # set to undef with milter! - -$final_virus_destiny = D_DISCARD; -$final_banned_destiny = D_BOUNCE; -$final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT -$final_bad_header_destiny = D_BOUNCE; -# $bad_header_quarantine_method = undef; - -# $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl - -## hierarchy by which a final setting is chosen: -## policy bank (based on port or IP address) -> *_by_ccat -## *_by_ccat (based on mail contents) -> *_maps -## *_maps (based on recipient address) -> final configuration value - - -# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) - -# $warnbadhsender, -# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps) -# -# @bypass_virus_checks_maps, @bypass_spam_checks_maps, -# @bypass_banned_checks_maps, @bypass_header_checks_maps, -# -# @virus_lovers_maps, @spam_lovers_maps, -# @banned_files_lovers_maps, @bad_header_lovers_maps, -# -# @blacklist_sender_maps, @score_sender_maps, -# -# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to, -# $bad_header_quarantine_to, $spam_quarantine_to, -# -# $defang_bad_header, $defang_undecipherable, $defang_spam - - -# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS - -@keep_decoded_original_maps = (new_RE( - qr'^MAIL$', # let virus scanner see full original message - qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable - qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, -# qr'^Zip archive data', # don't trust Archive::Zip -)); - - -$banned_filename_re = new_RE( - -### BLOCKED ANYWHERE -# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components - qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary -# qr'^\.(exe|lha|cab|dll)$', # banned file(1) types - -### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: -# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 - [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives - - qr'.\.(pif|scr)$'i, # banned extensions - rudimentary -# qr'^\.zip$', # block zip type - -### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: -# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives - - qr'^application/x-msdownload$'i, # block these MIME types - qr'^application/x-msdos-program$'i, - qr'^application/hta$'i, - -# qr'^message/partial$'i, # rfc2046 MIME type -# qr'^message/external-body$'i, # rfc2046 MIME type - -# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type -# qr'^\.wmf$', # Windows Metafile file(1) type - - # block certain double extensions in filenames - qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, - -# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict -# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose - - qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic -# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd -# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| -# inf|ini|ins|isp|js|jse|lib|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi| -# msp|mst|ocx|ops|pcd|pif|prg|reg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd| -# wmf|wsc|wsf|wsh)$'ix, # banned extensions - long -# qr'.\.(asd|asf|asx|url|vcs|wmd|wmz)$'i, # consider also -# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename -# qr'^\.ani$', # banned animated cursor file(1) type -# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. -); -# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 -# and http://www.cknow.com/vtutor/vtextensions.htm - - -# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING - -@score_sender_maps = ({ # a by-recipient hash lookup table, - # results from all matching recipient tables are summed - -# ## per-recipient personal tables (NOTE: positive: black, negative: white) -# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], -# 'user3@example.com' => [{'.ebay.com' => -3.0}], -# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, -# '.cleargreen.com' => -5.0}], - - ## site-wide opinions about senders (the '.' matches any recipient) - '.' => [ # the _first_ matching sender determines the score boost - - new_RE( # regexp-type lookup table, just happens to be all soft-blacklist - [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], - [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], - [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], - [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], - [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], - [qr'^(your_friend|greatoffers)@'i => 5.0], - [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], - ), - -# read_hash("/var/amavis/sender_scores_sitewide"), - - { # a hash-type lookup table (associative array) - 'nobody@cert.org' => -3.0, - 'cert-advisory@us-cert.gov' => -3.0, - 'owner-alert@iss.net' => -3.0, - 'slashdot@slashdot.org' => -3.0, - 'securityfocus.com' => -3.0, - 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, - 'security-alerts@linuxsecurity.com' => -3.0, - 'mailman-announce-admin@python.org' => -3.0, - 'amavis-user-admin@lists.sourceforge.net'=> -3.0, - 'amavis-user-bounces@lists.sourceforge.net' => -3.0, - 'spamassassin.apache.org' => -3.0, - 'notification-return@lists.sophos.com' => -3.0, - 'owner-postfix-users@postfix.org' => -3.0, - 'owner-postfix-announce@postfix.org' => -3.0, - 'owner-sendmail-announce@lists.sendmail.org' => -3.0, - 'sendmail-announce-request@lists.sendmail.org' => -3.0, - 'donotreply@sendmail.org' => -3.0, - 'ca+envelope@sendmail.org' => -3.0, - 'noreply@freshmeat.net' => -3.0, - 'owner-technews@postel.acm.org' => -3.0, - 'ietf-123-owner@loki.ietf.org' => -3.0, - 'cvs-commits-list-admin@gnome.org' => -3.0, - 'rt-users-admin@lists.fsck.com' => -3.0, - 'clp-request@comp.nus.edu.sg' => -3.0, - 'surveys-errors@lists.nua.ie' => -3.0, - 'emailnews@genomeweb.com' => -5.0, - 'yahoo-dev-null@yahoo-inc.com' => -3.0, - 'returns.groups.yahoo.com' => -3.0, - 'clusternews@linuxnetworx.com' => -3.0, - lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, - lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, - - # soft-blacklisting (positive score) - 'sender@example.net' => 3.0, - '.example.net' => 1.0, - - }, - ], # end of site-wide tables -}); - - -@decoders = ( - ['mail', \&do_mime_decode], -# [[qw(asc uue hqx ync)], \&do_ascii], # not safe - ['F', \&do_uncompress, ['unfreeze', 'freeze -d', 'melt', 'fcat'] ], - ['Z', \&do_uncompress, ['uncompress', 'gzip -d', 'zcat'] ], - ['gz', \&do_uncompress, 'gzip -d'], - ['gz', \&do_gunzip], - ['bz2', \&do_uncompress, 'bzip2 -d'], - ['xz', \&do_uncompress, - ['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ], - ['lzma', \&do_uncompress, - ['lzmadec', 'xz -dc --format=lzma', - 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], -# ['lrz', \&do_uncompress, -# ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], - ['lzo', \&do_uncompress, 'lzop -d'], - ['lz4', \&do_uncompress, ['lz4c -d'] ], - ['rpm', \&do_uncompress, ['rpm2cpio.pl', 'rpm2cpio'] ], - [['cpio','tar'], \&do_pax_cpio, ['pax', 'gcpio', 'cpio'] ], - # ['/usr/local/heirloom/usr/5bin/pax', 'pax', 'gcpio', 'cpio'] - ['deb', \&do_ar, 'ar'], -# ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill - ['rar', \&do_unrar, ['unrar', 'rar'] ], - ['arj', \&do_unarj, ['unarj', 'arj'] ], - ['arc', \&do_arc, ['nomarch', 'arc'] ], - ['zoo', \&do_zoo, ['zoo', 'unzoo'] ], -# ['doc', \&do_ole, 'ripole'], # no ripole package so far - ['cab', \&do_cabextract, 'cabextract'], -# ['tnef', \&do_tnef_ext, 'tnef'], # use internal do_tnef() instead - ['tnef', \&do_tnef], -# ['lha', \&do_lha, 'lha'], # not safe, use 7z instead -# ['sit', \&do_unstuff, 'unstuff'], # not safe - [['zip','kmz'], \&do_7zip, ['7za', '7z'] ], - [['zip','kmz'], \&do_unzip], - ['7z', \&do_7zip, ['7zr', '7za', '7z'] ], - [[qw(gz bz2 Z tar)], - \&do_7zip, ['7za', '7z'] ], - [[qw(xz lzma jar cpio arj rar swf lha iso cab deb rpm)], - \&do_7zip, '7z' ], - ['exe', \&do_executable, ['unrar','rar'], 'lha', ['unarj','arj'] ], -); - - -@av_scanners = ( - -# ### http://www.sophos.com/ -# ['Sophos-SSSP', # SAV Dynamic Interface -# \&ask_daemon, ["{}", 'sssp:/var/run/savdi/sssp.sock'], -# # or: ["{}", 'sssp:[127.0.0.1]:4010'], -# qr/^DONE OK\b/m, qr/^VIRUS\b/m, qr/^VIRUS\s*(\S*)/m ], - -# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/) -# ['Sophie', -# \&ask_daemon, ["{}/\n", 'sophie:/var/run/sophie'], -# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, -# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], - -# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ -# ['Sophos SAVI', \&ask_daemon, ['{}','savi-perl:'] ], - -# ['Avira SAVAPI', -# \&ask_daemon, ["*", 'savapi:/var/tmp/.savapi3', 'product-id'], -# qr/^(200|210)/m, qr/^(310|420|319)/m, -# qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m ], -# settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1 - - ### http://www.clamav.net/ - ['ClamAV-clamd', - \&ask_daemon, ["CONTSCAN {}\n", "/run/clamd.amavisd/clamd.sock"], - qr/\bOK$/m, qr/\bFOUND$/m, - qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], - # NOTE: run clamd under the same user as amavisd - or run it under its own - # uid such as clamav, add user clamav to the amavis group, and then add - # AllowSupplementaryGroups to clamd.conf; - # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in - # this entry; when running chrooted one may prefer a socket under $MYHOME. - -# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) -# # note that Mail::ClamAV requires perl to be build with threading! -# ['Mail::ClamAV', \&ask_daemon, ['{}','clamav-perl:'], -# [0], [1], qr/^INFECTED: (.+)/m], - -# ### http://www.openantivirus.org/ -# ['OpenAntiVirus ScannerDaemon (OAV)', -# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], -# qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ], - -# ### http://www.vanja.com/tools/trophie/ -# ['Trophie', -# \&ask_daemon, ["{}/\n", 'trophie:/var/run/trophie'], -# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, -# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], - -# ### http://www.grisoft.com/ -# ['AVG Anti-Virus', -# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], -# qr/^200/m, qr/^403/m, qr/^403[- ].*: ([^\r\n]+)/m ], - -# ### http://www.f-prot.com/ -# ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 -# \&ask_daemon, -# ["SCAN FILE {}/*\n", '127.0.0.1:10200'], -# qr/^(0|8|64) /m, -# qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m, -# qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ], - -# ### http://www.f-prot.com/ -# ['F-Prot f-protd', # old version -# \&ask_daemon, -# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", -# ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', -# '127.0.0.1:10203', '127.0.0.1:10204'] ], -# qr/(?i)]*>clean<\/summary>/m, -# qr/(?i)]*>infected<\/summary>/m, -# qr/(?i)(.+)<\/name>/m ], - -# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ -# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later -# [pack('N',1). # DRWEBD_SCAN_CMD -# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES -# pack('N', # path length -# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). -# '{}/*'. # path -# pack('N',0). # content size -# pack('N',0), -# '/var/drweb/run/drwebd.sock', -# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot -# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default -# # '127.0.0.1:3000', # or over an inet socket -# ], -# qr/\A\x00[\x10\x11][\x00\x10]\x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED -# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF -# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm, -# ], -# # NOTE: If using amavis-milter, change length to: -# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). - - ### http://www.kaspersky.com/ (kav4mailservers) - ['KasperskyLab AVP - aveclient', - ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', - '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], - '-p /var/run/aveserver -s {}/*', - [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, - qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, - ], - # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, - # currupted or protected archives are to be handled - - ### http://www.kaspersky.com/ - ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], - '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? - qr/infected: (.+)/m, - sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, - sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, - ], - - ### The kavdaemon and AVPDaemonClient have been removed from Kasperky - ### products and replaced by aveserver and aveclient - ['KasperskyLab AVPDaemonClient', - [ '/opt/AVP/kavdaemon', 'kavdaemon', - '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', - '/opt/AVP/AvpTeamDream', 'AvpTeamDream', - '/opt/AVP/avpdc', 'avpdc' ], - "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ], - # change the startup-script in /etc/init.d/kavd to: - # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" - # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) - # adjusting /var/amavis above to match your $TEMPBASE. - # The '-f=/var/amavis' is needed if not running it as root, so it - # can find, read, and write its pid file, etc., see 'man kavdaemon'. - # defUnix.prf: there must be an entry "*/var/amavis" (or whatever - # directory $TEMPBASE specifies) in the 'Names=' section. - # cd /opt/AVP/DaemonClients; configure; cd Sample; make - # cp AvpDaemonClient /opt/AVP/ - # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" - - ### http://www.centralcommand.com/ - ['CentralCommand Vexira (new) vascan', - ['vascan','/usr/lib/Vexira/vascan'], - "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". - "--log=/var/log/vascan.log {}", - [0,3], [1,2,5], - qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ], - # Adjust the path of the binary and the virus database as needed. - # 'vascan' does not allow to have the temp directory to be the same as - # the quarantine directory, and the quarantine option can not be disabled. - # If $QUARANTINEDIR is not used, then another directory must be specified - # to appease 'vascan'. Move status 3 to the second list if password - # protected files are to be considered infected. - - ### http://www.avira.com/ - ### old Avira AntiVir 2.x (ex H+BEDV) or old CentralCommand Vexira Antivirus - ['Avira AntiVir', ['antivir','vexira'], - '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m, - qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | - (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ], - # NOTE: if you only have a demo version, remove -z and add 214, as in: - # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, - - ### http://www.avira.com/ - ### Avira for UNIX 3.x - ['Avira AntiVir', ['avscan'], - '-s --batch --alert-action=none {}', [0,4], qr/(?:ALERT|FUND):/m, - qr/(?:ALERT|FUND): (?:.* <<< )?(.+?)(?: ; |$)/m ], - - ### http://www.commandsoftware.com/ - ['Command AntiVirus for Linux', 'csav', - '-all -archive -packed {}', [50], [51,52,53], - qr/Infection: (.+)/m ], - - ### http://www.symantec.com/ - ['Symantec CarrierScan via Symantec CommandLineScanner', - 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', - qr/^Files Infected:\s+0$/m, qr/^Infected\b/m, - qr/^(?:Info|Virus Name):\s+(.+)/m ], - - ### http://www.symantec.com/ - ['Symantec AntiVirus Scan Engine', - 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', - [0], qr/^Infected\b/m, - qr/^(?:Info|Virus Name):\s+(.+)/m ], - # NOTE: check options and patterns to see which entry better applies - -# ### http://www.f-secure.com/products/anti-virus/ version 5.52 -# ['F-Secure Antivirus for Linux servers', -# ['/opt/f-secure/fsav/bin/fsav', 'fsav'], -# '--virus-action1=report --archive=yes --auto=yes '. -# '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], -# qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], -# # NOTE: internal archive handling may be switched off by '--archive=no' -# # to prevent fsav from exiting with status 9 on broken archives - - ### http://www.f-secure.com/ version 9.14 - ['F-Secure Linux Security', - ['/opt/f-secure/fsav/bin/fsav', 'fsav'], - '--virus-action1=report --archive=yes --auto=yes '. - '--list=no --nomimeerr {}', [0], [3,4,6,8], - qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], - # NOTE: internal archive handling may be switched off by '--archive=no' - # to prevent fsav from exiting with status 9 on broken archives - -# ### http://www.avast.com/ -# ['avast! Antivirus daemon', -# \&ask_daemon, # greets with 220, terminate with QUIT -# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], -# qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t[0-9]+\s+([^[ \t\015\012]+)/m ], - -# ### http://www.avast.com/ -# ['avast! Antivirus - Client/Server Version', 'avastlite', -# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], -# qr/\t\[L\]\t([^[ \t\015\012]+)/m ], - - ['CAI InoculateIT', 'inocucmd', # retired product - '-sec -nex {}', [0], [100], - qr/was infected by virus (.+)/m ], - # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html - - ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) - ['CAI eTrust Antivirus', 'etrust-wrapper', - '-arc -nex -spm h {}', [0], [101], - qr/is infected by virus: (.+)/m ], - # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer - # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 - - ### http://mks.com.pl/english.html - ['MkS_Vir for Linux (beta)', ['mks32','mks'], - '-s {}/*', [0], [1,2], - qr/--[ \t]*(.+)/m ], - - ### http://mks.com.pl/english.html - ['MkS_Vir daemon', 'mksscan', - '-s -q {}', [0], [1..7], - qr/^... (\S+)/m ], - -# ### http://www.nod32.com/, version v2.52 (old) -# ['ESET NOD32 for Linux Mail servers', -# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], -# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. -# '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. -# '--action-on-notscanned=accept {}', -# [0,3], [1,2], qr/virus="([^"]+)"/m ], - -# ### http://www.eset.com/, version v2.7 (old) -# ['ESET NOD32 Linux Mail Server - command line interface', -# ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'], -# '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ], - -# ### http://www.eset.com/, version 2.71.12 -# ['ESET Software ESETS Command Line Interface', -# ['/usr/bin/esets_cli', 'esets_cli'], -# '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ], - - ### http://www.eset.com/, version 3.0 - ['ESET Software ESETS Command Line Interface', - ['/usr/bin/esets_cli', 'esets_cli'], - '--subdir {}', [0], [1,2,3], - qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ], - - ## http://www.nod32.com/, NOD32LFS version 2.5 and above - ['ESET NOD32 for Linux File servers', - ['/opt/eset/nod32/sbin/nod32','nod32'], - '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. - '-w -a --action=1 -b {}', - [0], [1,10], qr/^object=.*, virus="(.*?)",/m ], - -# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 -# ['ESET Software NOD32 Client/Server (NOD32SS)', -# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT -# ["SCAN {}/*\r\n", '127.0.0.1:8448' ], -# qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ], - - ### http://www.norman.com/products_nvc.shtml - ['Norman Virus Control v5 / Linux', 'nvcc', - '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], - qr/(?i).* virus in .* -> \'(.+)\'/m ], - - ### http://www.pandasoftware.com/ - ['Panda CommandLineSecure 9 for Linux', - ['/opt/pavcl/usr/bin/pavcl','pavcl'], - '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', - qr/Number of files infected[ .]*: 0+(?!\d)/m, - qr/Number of files infected[ .]*: 0*[1-9]/m, - qr/Found virus :\s*(\S+)/m ], - # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' - # before starting amavisd - the bases are then loaded only once at startup. - # To reload bases in a signature update script: - # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr - # Please review other options of pavcl, for example: - # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies - -# ### http://www.pandasoftware.com/ -# ['Panda Antivirus for Linux', ['pavcl'], -# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', -# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], -# qr/Found virus :\s*(\S+)/m ], - -# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. -# Check your RAV license terms before fiddling with the following two lines! -# ['GeCAD RAV AntiVirus 8', 'ravav', -# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ], -# # NOTE: the command line switches changed with scan engine 8.5 ! -# # (btw, assigning stdin to /dev/null causes RAV to fail) - - ### http://www.nai.com/ - ['NAI McAfee AntiVirus (uvscan)', 'uvscan', - '--secure -rv --mime --summary --noboot - {}', [0], [13], - qr/(?x) Found (?: - \ the\ (.+)\ (?:virus|trojan) | - \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | - :\ (.+)\ NOT\ a\ virus)/m, - # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, - # sub {delete $ENV{LD_PRELOAD}}, - ], - # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before - # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 - # and then clear it when finished to avoid confusing anything else. - # NOTE2: to treat encrypted files as viruses replace the [13] with: - # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ - - ### http://www.virusbuster.hu/en/ - ['VirusBuster', ['vbuster', 'vbengcl'], - "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], - qr/: '(.*)' - Virus/m ], - # VirusBuster Ltd. does not support the daemon version for the workstation - # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of - # binaries, some parameters AND return codes have changed (from 3 to 1). - # See also the new Vexira entry 'vascan' which is possibly related. - -# ### http://www.virusbuster.hu/en/ -# ['VirusBuster (Client + Daemon)', 'vbengd', -# '-f -log scandir {}', [0], [3], -# qr/Virus found = (.*);/m ], -# # HINT: for an infected file it always returns 3, -# # although the man-page tells a different story - - ### http://www.cyber.com/ - ['CyberSoft VFind', 'vfind', - '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m, - # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, - ], - -# ### http://www.avast.com/ (old) -# ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], -# '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], - -# ### http://www.avast.com/ -# ['avast! Antivirus', '/bin/scan', '{}', [0], [1], qr/\t(.+)/m ], - - ### http://www.ikarus-software.com/ - ['Ikarus AntiVirus for Linux', 'ikarus', - '{}', [0], [40], qr/Signature (.+) found/m ], - - ### http://www.bitdefender.com/ - ['BitDefender', 'bdscan', # new version - '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m, - qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m, - qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ], - - ### http://www.bitdefender.com/ - ['BitDefender', 'bdc', # old version - '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m, - qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, - qr/(?:suspected|infected): (.*)(?:\033|$)/m ], - # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may - # not apply to your version of bdc, check documentation and see 'bdc --help' - - ### ArcaVir for Linux and Unix http://www.arcabit.pl/ - ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], - '-v 1 -summary 0 -s {}', [0], [1,2], - qr/(?:VIR|WIR):[ \t]*(.+)/m ], - -# ### a generic SMTP-client interface to a SMTP-based virus scanner -# ['av_smtp', \&ask_av_smtp, -# ['{}', 'smtp:[127.0.0.1]:5525', 'dummy@localhost'], -# qr/^2/, qr/^5/, qr/^\s*(.*?)\s*$/m ], - -# ['File::Scan', sub {Amavis::AV::ask_av(sub{ -# use File::Scan; my($fn)=@_; -# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); -# my($vname) = $f->scan($fn); -# $f->error ? (2,"Error: ".$f->error) -# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, -# ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ], - -# ### fully-fledged checker for JPEG marker segments of invalid length -# ['check-jpeg', -# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) }, -# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], -# # NOTE: place file JpegTester.pm somewhere where Perl can find it, -# # for example in /usr/local/lib/perl5/site_perl - -); - - -@av_scanners_backup = ( - - ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV - ['ClamAV-clamscan', 'clamscan', - "--stdout --no-summary -r --tempdir=$TEMPBASE {}", - [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], - -# ### http://www.clamav.net/ - using remote clamd scanner as a backup -# ['ClamAV-clamdscan', 'clamdscan', -# "--stdout --no-summary --config-file=/etc/clamd-client.conf {}", -# [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], - -# ['ClamAV-clamd-stream', -# \&ask_daemon, ["*", 'clamd:/var/run/clamav/clamd.sock'], -# qr/\bOK$/m, qr/\bFOUND$/m, -# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], - - ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 - ['F-PROT Antivirus for UNIX', ['fpscan'], - '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 - [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], - qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ], - - ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) - ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], - '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8], - qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ], - - ### http://www.trendmicro.com/ - backs up Trophie - ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], - '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ], - - ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD - ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier - ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], - '-path={} -al -go -ot -cn -upn -ok-', - [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ], - - ### http://www.kaspersky.com/ - ['Kaspersky Antivirus v5.5', - ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', - '/opt/kav/5.5/kav4unix/bin/kavscanner', - '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], - '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], - qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m, -# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, -# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, - ], - - ### http://www.sophos.com/ - ['Sophos Anti Virus (savscan)', # formerly known as 'sweep' - ['/opt/sophos-av/bin/savscan', 'savscan'], # 'sweep' - '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. - '--no-reset-atime {}', - [0,2], qr/Virus .*? found/m, - qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m, - ], - # other options to consider: -idedir=/usr/local/sav - # A name 'sweep' clashes with a name of an audio editor (Debian and FreeBSD). - # Make sure the correct 'sweep' is found in the path if using the old name. - -# Always succeeds and considers mail clean. -# Potentially useful when all other scanners fail and it is desirable -# to let mail continue to flow with no virus checking (when uncommented). -# ['always-clean', sub {0}], - -); - - -1; # insure a defined return value diff --git a/AntiVirus/Configuration/Clamd/scan.conf b/AntiVirus/Configuration/Clamd/scan.conf deleted file mode 100644 index b4ee0e8..0000000 --- a/AntiVirus/Configuration/Clamd/scan.conf +++ /dev/null @@ -1,677 +0,0 @@ -LogFile /var/log/clamd.scan -LogRotate yes -LogFileMaxSize 5M -LogTime yes - -ExtendedDetectionInfo yes - -PidFile /run/clamd.scan/clamd.pid - -TemporaryDirectory /var/tmp - -DatabaseDirectory /var/lib/clamav - -# Only load the official signatures published by the ClamAV project. -# Default: no -#OfficialDatabaseOnly no - -LocalSocketGroup amavis -LocalSocket /run/clamd.amavisd/clamd.sock - -# Sets the group ownership on the unix socket. -# Default: disabled (the primary group of the user running clamd) - -# Sets the permissions on the unix socket to the specified mode. -# Default: disabled (socket is world accessible) -#LocalSocketMode 660 - -# TCP port address. -# Default: no -#TCPSocket 3310 - -# TCP address. -# By default we bind to INADDR_ANY, probably not wise. -# Enable the following to provide some degree of protection -# from the outside world. This option can be specified multiple -# times if you want to listen on multiple IPs. IPv6 is now supported. -# Default: no -#TCPAddr 127.0.0.1 - -# Maximum length the queue of pending connections may grow to. -# Default: 200 -#MaxConnectionQueueLength 30 - -# Clamd uses FTP-like protocol to receive data from remote clients. -# If you are using clamav-milter to balance load between remote clamd daemons -# on firewall servers you may need to tune the options below. - -# Close the connection when the data size limit is exceeded. -# The value should match your MTA's limit for a maximum attachment size. -# Default: 25M -#StreamMaxLength 10M - -# Limit port range. -# Default: 1024 -#StreamMinPort 30000 -# Default: 2048 -#StreamMaxPort 32000 - -# Maximum number of threads running at the same time. -# Default: 10 -MaxThreads 20 - -# Waiting for data from a client socket will timeout after this time (seconds). -# Default: 120 -#ReadTimeout 300 - -# This option specifies the time (in seconds) after which clamd should -# timeout if a client doesn't provide any initial command after connecting. -# Default: 30 -#CommandReadTimeout 30 - -# This option specifies how long to wait (in milliseconds) if the send buffer -# is full. -# Keep this value low to prevent clamd hanging. -# -# Default: 500 -#SendBufTimeout 200 - -# Maximum number of queued items (including those being processed by -# MaxThreads threads). -# It is recommended to have this value at least twice MaxThreads if possible. -# WARNING: you shouldn't increase this too much to avoid running out of file -# descriptors, the following condition should hold: -# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual -# max is 1024). -# -# Default: 100 -#MaxQueue 200 - -# Waiting for a new job will timeout after this time (seconds). -# Default: 30 -#IdleTimeout 60 - -# Don't scan files and directories matching regex -# This directive can be used multiple times -# Default: scan all -#ExcludePath ^/proc/ -#ExcludePath ^/sys/ - -# Maximum depth directories are scanned at. -# Default: 15 -MaxDirectoryRecursion 20 - -FollowDirectorySymlinks yes - -FollowFileSymlinks yes - -CrossFilesystems yes - -# Perform a database check. -# Default: 600 (10 min) -SelfCheck 600 - -# Execute a command when virus is found. In the command string %v will -# be replaced with the virus name. -# Default: no -#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" - -# Run as another user (clamd must be started by root for this option to work) -# Default: don't drop privileges -# User clamscan - -# Stop daemon when libclamav reports out of memory condition. -#ExitOnOOM yes - -# Don't fork into background. -# Default: no -#Foreground yes - -# Enable debug messages in libclamav. -# Default: no -#Debug yes - -# Do not remove temporary files (for debug purposes). -# Default: no -#LeaveTemporaryFiles yes - -# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject -# any ALLMATCHSCAN command as invalid. -# Default: yes -#AllowAllMatchScan no - -# Detect Possibly Unwanted Applications. -# Default: no -#DetectPUA yes - -# Exclude a specific PUA category. This directive can be used multiple times. -# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for -# the complete list of PUA categories. -# Default: Load all categories (if DetectPUA is activated) -#ExcludePUA NetTool -#ExcludePUA PWTool - -# Only include a specific PUA category. This directive can be used multiple -# times. -# Default: Load all categories (if DetectPUA is activated) -#IncludePUA Spy -#IncludePUA Scanner -#IncludePUA RAT - -# This option causes memory or nested map scans to dump the content to disk. -# If you turn on this option, more data is written to disk and is available -# when the LeaveTemporaryFiles option is enabled. -#ForceToDisk yes - -# This option allows you to disable the caching feature of the engine. By -# default, the engine will store an MD5 in a cache of any files that are -# not flagged as virus or that hit limits checks. Disabling the cache will -# have a negative performance impact on large scans. -# Default: no -#DisableCache yes - -# In some cases (eg. complex malware, exploits in graphic files, and others), -# ClamAV uses special algorithms to detect abnormal patterns and behaviors that -# may be malicious. This option enables alerting on such heuristically -# detected potential threats. -# Default: yes -#HeuristicAlerts yes - -# Allow heuristic alerts to take precedence. -# When enabled, if a heuristic scan (such as phishingScan) detects -# a possible virus/phish it will stop scan immediately. Recommended, saves CPU -# scan-time. -# When disabled, virus/phish detected by heuristic scans will be reported only -# at the end of a scan. If an archive contains both a heuristically detected -# virus/phish, and a real malware, the real malware will be reported -# -# Keep this disabled if you intend to handle "*.Heuristics.*" viruses -# differently from "real" malware. -# If a non-heuristically-detected virus (signature-based) is found first, -# the scan is interrupted immediately, regardless of this config option. -# -# Default: no -#HeuristicScanPrecedence yes - - -## -## Heuristic Alerts -## - -# With this option clamav will try to detect broken executables (both PE and -# ELF) and alert on them with the Broken.Executable heuristic signature. -# Default: no -#AlertBrokenExecutables yes - -# Alert on encrypted archives _and_ documents with heuristic signature -# (encrypted .zip, .7zip, .rar, .pdf). -# Default: no -#AlertEncrypted yes - -# Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip, -# .rar). -# Default: no -#AlertEncryptedArchive yes - -# Alert on encrypted archives with heuristic signature (encrypted .pdf). -# Default: no -#AlertEncryptedDoc yes - -# With this option enabled OLE2 files containing VBA macros, which were not -# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". -# Default: no -#AlertOLE2Macros yes - -# Alert on SSL mismatches in URLs, even if the URL isn't in the database. -# This can lead to false positives. -# Default: no -#AlertPhishingSSLMismatch yes - -# Alert on cloaked URLs, even if URL isn't in database. -# This can lead to false positives. -# Default: no -#AlertPhishingCloak yes - -# Alert on raw DMG image files containing partition intersections -# Default: no -#AlertPartitionIntersection yes - - -## -## Executable files -## - -# PE stands for Portable Executable - it's an executable file format used -# in all 32 and 64-bit versions of Windows operating systems. This option -# allows ClamAV to perform a deeper analysis of executable files and it's also -# required for decompression of popular executable packers such as UPX, FSG, -# and Petite. If you turn off this option, the original files will still be -# scanned, but without additional processing. -# Default: yes -#ScanPE yes - -# Certain PE files contain an authenticode signature. By default, we check -# the signature chain in the PE file against a database of trusted and -# revoked certificates if the file being scanned is marked as a virus. -# If any certificate in the chain validates against any trusted root, but -# does not match any revoked certificate, the file is marked as whitelisted. -# If the file does match a revoked certificate, the file is marked as virus. -# The following setting completely turns off authenticode verification. -# Default: no -#DisableCertCheck yes - -# Executable and Linking Format is a standard format for UN*X executables. -# This option allows you to control the scanning of ELF files. -# If you turn off this option, the original files will still be scanned, but -# without additional processing. -# Default: yes -#ScanELF yes - - -## -## Documents -## - -# This option enables scanning of OLE2 files, such as Microsoft Office -# documents and .msi files. -# If you turn off this option, the original files will still be scanned, but -# without additional processing. -# Default: yes -#ScanOLE2 yes - -# This option enables scanning within PDF files. -# If you turn off this option, the original files will still be scanned, but -# without decoding and additional processing. -# Default: yes -#ScanPDF yes - -# This option enables scanning within SWF files. -# If you turn off this option, the original files will still be scanned, but -# without decoding and additional processing. -# Default: yes -#ScanSWF yes - -# This option enables scanning xml-based document files supported by libclamav. -# If you turn off this option, the original files will still be scanned, but -# without additional processing. -# Default: yes -#ScanXMLDOCS yes - -# This option enables scanning of HWP3 files. -# If you turn off this option, the original files will still be scanned, but -# without additional processing. -# Default: yes -#ScanHWP3 yes - - -## -## Mail files -## - -# Enable internal e-mail scanner. -# If you turn off this option, the original files will still be scanned, but -# without parsing individual messages/attachments. -# Default: yes -#ScanMail yes - -# Scan RFC1341 messages split over many emails. -# You will need to periodically clean up $TemporaryDirectory/clamav-partial -# directory. -# WARNING: This option may open your system to a DoS attack. -# Never use it on loaded servers. -# Default: no -#ScanPartialMessages yes - -# With this option enabled ClamAV will try to detect phishing attempts by using -# HTML.Phishing and Email.Phishing NDB signatures. -# Default: yes -#PhishingSignatures no - -# With this option enabled ClamAV will try to detect phishing attempts by -# analyzing URLs found in emails using WDB and PDB signature databases. -# Default: yes -#PhishingScanURLs no - - -## -## Data Loss Prevention (DLP) -## - -# Enable the DLP module -# Default: No -#StructuredDataDetection yes - -# This option sets the lowest number of Credit Card numbers found in a file -# to generate a detect. -# Default: 3 -#StructuredMinCreditCardCount 5 - -# This option sets the lowest number of Social Security Numbers found -# in a file to generate a detect. -# Default: 3 -#StructuredMinSSNCount 5 - -# With this option enabled the DLP module will search for valid -# SSNs formatted as xxx-yy-zzzz -# Default: yes -#StructuredSSNFormatNormal yes - -# With this option enabled the DLP module will search for valid -# SSNs formatted as xxxyyzzzz -# Default: no -#StructuredSSNFormatStripped yes - - -## -## HTML -## - -# Perform HTML normalisation and decryption of MS Script Encoder code. -# Default: yes -# If you turn off this option, the original files will still be scanned, but -# without additional processing. -#ScanHTML yes - - -## -## Archives -## - -# ClamAV can scan within archives and compressed files. -# If you turn off this option, the original files will still be scanned, but -# without unpacking and additional processing. -# Default: yes -#ScanArchive yes - - -## -## Limits -## - -# The options below protect your system against Denial of Service attacks -# using archive bombs. - -# This option sets the maximum amount of time to a scan may take. -# In this version, this field only affects the scan time of ZIP archives. -# Value of 0 disables the limit. -# Note: disabling this limit or setting it too high may result allow scanning -# of certain files to lock up the scanning process/threads resulting in a -# Denial of Service. -# Time is in milliseconds. -# Default: 120000 -#MaxScanTime 300000 - -# This option sets the maximum amount of data to be scanned for each input -# file. Archives and other containers are recursively extracted and scanned -# up to this value. -# Value of 0 disables the limit -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 100M -#MaxScanSize 150M - -# Files larger than this limit won't be scanned. Affects the input file itself -# as well as files contained inside it (when the input file is an archive, a -# document or some other kind of container). -# Value of 0 disables the limit. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 25M -#MaxFileSize 30M - -# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR -# file, all files within it will also be scanned. This options specifies how -# deeply the process should be continued. -# Note: setting this limit too high may result in severe damage to the system. -# Default: 16 -#MaxRecursion 10 - -# Number of files to be scanned within an archive, a document, or any other -# container file. -# Value of 0 disables the limit. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 10000 -#MaxFiles 15000 - -# Maximum size of a file to check for embedded PE. Files larger than this value -# will skip the additional analysis step. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 10M -#MaxEmbeddedPE 10M - -# Maximum size of a HTML file to normalize. HTML files larger than this value -# will not be normalized or scanned. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 10M -#MaxHTMLNormalize 10M - -# Maximum size of a normalized HTML file to scan. HTML files larger than this -# value after normalization will not be scanned. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 2M -#MaxHTMLNoTags 2M - -# Maximum size of a script file to normalize. Script content larger than this -# value will not be normalized or scanned. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 5M -#MaxScriptNormalize 5M - -# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger -# than this value will skip the step to potentially reanalyze as PE. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 1M -#MaxZipTypeRcg 1M - -# This option sets the maximum number of partitions of a raw disk image to be -# scanned. -# Raw disk images with more partitions than this value will have up to -# the value number partitions scanned. Negative values are not allowed. -# Note: setting this limit too high may result in severe damage or impact -# performance. -# Default: 50 -#MaxPartitions 128 - -# This option sets the maximum number of icons within a PE to be scanned. -# PE files with more icons than this value will have up to the value number -# icons scanned. -# Negative values are not allowed. -# WARNING: setting this limit too high may result in severe damage or impact -# performance. -# Default: 100 -#MaxIconsPE 200 - -# This option sets the maximum recursive calls for HWP3 parsing during -# scanning. HWP3 files using more than this limit will be terminated and -# alert the user. -# Scans will be unable to scan any HWP3 attachments if the recursive limit -# is reached. -# Negative values are not allowed. -# WARNING: setting this limit too high may result in severe damage or impact -# performance. -# Default: 16 -#MaxRecHWP3 16 - -# This option sets the maximum calls to the PCRE match function during -# an instance of regex matching. -# Instances using more than this limit will be terminated and alert the user -# but the scan will continue. -# For more information on match_limit, see the PCRE documentation. -# Negative values are not allowed. -# WARNING: setting this limit too high may severely impact performance. -# Default: 100000 -#PCREMatchLimit 20000 - -# This option sets the maximum recursive calls to the PCRE match function -# during an instance of regex matching. -# Instances using more than this limit will be terminated and alert the user -# but the scan will continue. -# For more information on match_limit_recursion, see the PCRE documentation. -# Negative values are not allowed and values > PCREMatchLimit are superfluous. -# WARNING: setting this limit too high may severely impact performance. -# Default: 2000 -#PCRERecMatchLimit 10000 - -# This option sets the maximum filesize for which PCRE subsigs will be -# executed. Files exceeding this limit will not have PCRE subsigs executed -# unless a subsig is encompassed to a smaller buffer. -# Negative values are not allowed. -# Setting this value to zero disables the limit. -# WARNING: setting this limit too high or disabling it may severely impact -# performance. -# Default: 25M -#PCREMaxFileSize 100M - -# When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or -# MaxRecursion limit will be flagged with the virus -# "Heuristics.Limits.Exceeded". -# Default: no -#AlertExceedsMax yes - -## -## On-access Scan Settings -## - -# Don't scan files larger than OnAccessMaxFileSize -# Value of 0 disables the limit. -# Default: 5M -#OnAccessMaxFileSize 10M - -# Max number of scanning threads to allocate to the OnAccess thread pool at -# startup. These threads are the ones responsible for creating a connection -# with the daemon and kicking off scanning after an event has been processed. -# To prevent clamonacc from consuming all clamd's resources keep this lower -# than clamd's max threads. -# Default: 5 -#OnAccessMaxThreads 10 - -# Max amount of time (in milliseconds) that the OnAccess client should spend -# for every connect, send, and recieve attempt when communicating with clamd -# via curl. -# Default: 5000 (5 seconds) -# OnAccessCurlTimeout 10000 - -# Toggles dynamic directory determination. Allows for recursively watching -# include paths. -# Default: no -#OnAccessDisableDDD yes - -# Set the include paths (all files inside them will be scanned). You can have -# multiple OnAccessIncludePath directives but each directory must be added -# in a separate line. -# Default: disabled -#OnAccessIncludePath /home -#OnAccessIncludePath /students - -# Set the exclude paths. All subdirectories are also excluded. -# Default: disabled -#OnAccessExcludePath /home/user - -# Modifies fanotify blocking behaviour when handling permission events. -# If off, fanotify will only notify if the file scanned is a virus, -# and not perform any blocking. -# Default: no -#OnAccessPrevention yes - -# When using prevention, if this option is turned on, any errors that occur -# during scanning will result in the event attempt being denied. This could -# potentially lead to unwanted system behaviour with certain configurations, -# so the client defaults this to off and prefers allowing access events in -# case of scan or connection error. -# Default: no -#OnAccessDenyOnError yes - -# Toggles extra scanning and notifications when a file or directory is -# created or moved. -# Requires the DDD system to kick-off extra scans. -# Default: no -#OnAccessExtraScanning yes - -# Set the mount point to be scanned. The mount point specified, or the mount -# point containing the specified directory will be watched. If any directories -# are specified, this option will preempt (disable and ignore all options -# related to) the DDD system. This option will result in verdicts only. -# Note that prevention is explicitly disallowed to prevent common, fatal -# misconfigurations. (e.g. watching "/" with prevention on and no exclusions -# made on vital system directories) -# It can be used multiple times. -# Default: disabled -#OnAccessMountPath / -#OnAccessMountPath /home/user - -# With this option you can whitelist the root UID (0). Processes run under -# root with be able to access all files without triggering scans or -# permission denied events. -# Note that if clamd cannot check the uid of the process that generated an -# on-access scan event (e.g., because OnAccessPrevention was not enabled, and -# the process already exited), clamd will perform a scan. Thus, setting -# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the -# root user from triggering a scan (unless OnAccessPrevention is enabled). -# Default: no -#OnAccessExcludeRootUID no - -# With this option you can whitelist specific UIDs. Processes with these UIDs -# will be able to access all files without triggering scans or permission -# denied events. -# This option can be used multiple times (one per line). -# Using a value of 0 on any line will disable this option entirely. -# To whitelist the root UID (0) please enable the OnAccessExcludeRootUID -# option. -# Also note that if clamd cannot check the uid of the process that generated an -# on-access scan event (e.g., because OnAccessPrevention was not enabled, and -# the process already exited), clamd will perform a scan. Thus, setting -# OnAccessExcludeUID is not *guaranteed* to prevent every access by the -# specified uid from triggering a scan (unless OnAccessPrevention is enabled). -# Default: disabled -#OnAccessExcludeUID -1 - -# This option allows exclusions via user names when using the on-access -# scanning client. It can be used multiple times. -# It has the same potential race condition limitations of the -# OnAccessExcludeUID option. -# Default: disabled -#OnAccessExcludeUname clamav - -# Number of times the OnAccess client will retry a failed scan due to -# connection problems (or other issues). -# Default: 0 -#OnAccessRetryAttempts 3 - -## -## Bytecode -## - -# With this option enabled ClamAV will load bytecode from the database. -# It is highly recommended you keep this option on, otherwise you'll miss -# detections for many new viruses. -# Default: yes -#Bytecode yes - -# Set bytecode security level. -# Possible values: -# None - No security at all, meant for debugging. -# DO NOT USE THIS ON PRODUCTION SYSTEMS. -# This value is only available if clamav was built -# with --enable-debug! -# TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert -# runtime safety checks for bytecode loaded from other sources. -# Paranoid - Don't trust any bytecode, insert runtime checks for all. -# Recommended: TrustSigned, because bytecode in .cvd files already has these -# checks. -# Note that by default only signed bytecode is loaded, currently you can only -# load unsigned bytecode in --enable-debug mode. -# -# Default: TrustSigned -#BytecodeSecurity TrustSigned - -# Set bytecode timeout in milliseconds. -# -# Default: 5000 -# BytecodeTimeout 1000 - diff --git a/AntiVirus/Dockerfile b/AntiVirus/Dockerfile deleted file mode 100644 index f2dd5b5..0000000 --- a/AntiVirus/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -FROM fedora:32 - -RUN dnf update -y && \ - dnf install findutils -y && \ - dnf clean all && \ - dnf install -y https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \ - dnf install -y clamav clamav-update amavis perl-Digest-SHA1 perl-IO-stringy telnet net-tools iputils && \ - rm -f /etc/amavisd/amavisd.conf && \ - mkdir /target - -ADD Configuration/Clamd /etc/clamd.d -ADD Configuration/Amavisd /etc -ADD Scripts/do_clam.sh /do_clam.sh -ADD Scripts/start.sh /start.sh -ADD Scripts/logrotate.sh /logrotate.sh - -ARG MAIN_PORT -ENV MAIN_PORT "$MAIN_PORT" - -EXPOSE $MAINPORT - -CMD sh start.sh "${MAIN_PORT}" \ No newline at end of file diff --git a/AntiVirus/Scripts/do_clam.sh b/AntiVirus/Scripts/do_clam.sh deleted file mode 100644 index 74d1d82..0000000 --- a/AntiVirus/Scripts/do_clam.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -chgrp -R clamupdate /var/lib/clamav -chown -R clamscan /var/lib/clamav -chmod 770 /var/lib/clamav - -clamLog=$1 -freshclam >> ${clamLog} -clamd >> ${clamLog} -clamscan --infected --remove --recursive /target >> ${clamLog} - -sleep 43200; sh /do_clam.sh & \ No newline at end of file diff --git a/AntiVirus/Scripts/logrotate.sh b/AntiVirus/Scripts/logrotate.sh deleted file mode 100644 index 97432d4..0000000 --- a/AntiVirus/Scripts/logrotate.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -logs=/var/log -logFile=amavis.log -amavisLog="${logs}/${logFile}" - -if test -e ${amavisLog} -then - - cp ${amavisLog} "${logs}/$(($(date +%s%N)/1000000))_$logFile" - echo "Log initialized: $(date)" > ${amavisLog} - find ${logs} -name "*_$logFile" -mtime +120 -exec rm -f {} \; >> ${amavisLog} - echo "Beginning of log file:" >> ${amavisLog} -else - - echo "Log not yet available for archiving: $(date)" >> ${amavisLog} -fi - -sleep 604800; sh /logrotate.sh & \ No newline at end of file diff --git a/AntiVirus/Scripts/start.sh b/AntiVirus/Scripts/start.sh deleted file mode 100644 index 26baf82..0000000 --- a/AntiVirus/Scripts/start.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh - -touch /var/log/clamd.scan -chgrp clamscan /var/log/clamd.scan -chown clamscan /var/log/clamd.scan -chmod 600 /var/log/clamd.scan - -chown clamscan /etc/clamd.d/scan.conf -chgrp clamscan /etc/clamd.d/scan.conf -chmod 600 /etc/clamd.d/scan.conf - -antivirusStackLog=/var/log/antivirus.stack.log -echo "Antivirus stack starting: `date`" > ${antivirusStackLog} -chmod 600 ${antivirusStackLog} -sh /do_clam.sh ${antivirusStackLog} & - -amavisLog=/var/log/amavis.log -touch ${amavisLog} -chown amavis ${amavisLog} -chmod 600 ${amavisLog} - -if amavisd >> ${antivirusStackLog} -then - - mainPort=$1 - ports="${mainPort}" - for port in $ports; do - - if echo "^C" | telnet 127.0.0.1 "${port}" | grep "Connected" - then - echo "Amavis is listening on port: $port" >> ${antivirusStackLog} - else - echo "Amavis is not bound to port: $port" >> ${antivirusStackLog} - exit 1 - fi - done - - sh /logrotate.sh & - tail -F ${antivirusStackLog} -else - - echo "Amavis not started" >> ${antivirusStackLog} -fi \ No newline at end of file diff --git a/AntiVirus/proto.antivirus.service b/AntiVirus/proto.antivirus.service deleted file mode 100644 index ac07534..0000000 --- a/AntiVirus/proto.antivirus.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=ClamAV with Amavis stack running on Docker -After=docker.service -Requires=docker.service - -[Service] -Restart=always -ExecStart={{DOCKER.DOCKER_HOME}}/Definitions/ClamAV/start.sh - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/AntiVirus/proto.docker-compose.yml b/AntiVirus/proto.docker-compose.yml deleted file mode 100644 index 17b57c6..0000000 --- a/AntiVirus/proto.docker-compose.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: "3.7" - -services: - {{SERVICE.ANTI_VIRUS.NAME}}: - build: - context: . - args: - - MAINPORT={{SERVICE.ANTI_VIRUS.PORTS.PORT}} - container_name: {{SERVICE.ANTI_VIRUS.NAME}} - hostname: {{SERVICE.ANTI_VIRUS.NAME}}.{{SERVER.DOMAIN}} - restart: always - networks: - - {{SERVICE.NETWORK.NAME}} - volumes: - - {{SERVER.SERVER_HOME}}/Server/ClamAV/Log:/var/log - - {{SERVER.SERVER_HOME}}/Server/Dovecot/VMail:/target/vmail - - {{SERVER.SERVER_HOME}}/Server/Dovecot/Maildir:/target/maildir - - {{SERVER.SERVER_HOME}}/Server/ClamAV/Definitions:/var/lib/clamav - -networks: - {{SERVICE.NETWORK.NAME}}: - external: true diff --git a/Dovecot/Configuration/conf.d/proto.10-auth.conf b/Dovecot/Configuration/conf.d/proto.10-auth.conf deleted file mode 100644 index 1b6b11f..0000000 --- a/Dovecot/Configuration/conf.d/proto.10-auth.conf +++ /dev/null @@ -1,12 +0,0 @@ - -disable_plaintext_auth = yes - -auth_username_format = %Lu - -auth_master_user_separator = * - -auth_mechanisms = plain login - -!include auth-master.conf.ext - -!include auth-sql.conf.ext diff --git a/Dovecot/Configuration/conf.d/proto.10-logging.conf b/Dovecot/Configuration/conf.d/proto.10-logging.conf deleted file mode 100644 index b0bb6c7..0000000 --- a/Dovecot/Configuration/conf.d/proto.10-logging.conf +++ /dev/null @@ -1,34 +0,0 @@ - -log_path = /var/log/dovecot/dovecot.log -info_log_path = /var/log/dovecot/dovecot.info.log -debug_log_path = /var/log/dovecot/dovecot.debug.log - -syslog_facility = mail - -auth_verbose = yes - -# TODO: Make this conditional, set to 'no' if it is production config. -# Even more verbose logging for debugging purposes. Shows for example SQL queries. -auth_debug = yes - -# TODO: Make this conditional, set to 'no' if it is production config. -# In case of password mismatches, log the attempted password. Valid values are -# no, plain and sha1. sha1 can be useful for detecting brute force password -# attempts vs. user simply trying the same password over and over again. -# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6). -auth_verbose_passwords = yes - -auth_verbose_passwords = yes - -mail_debug = yes - -verbose_ssl = yes - -plugin { - # Events to log. Also available: flag_change append - #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename - # Available fields: uid, box, msgid, from, subject, size, vsize, flags - # size and vsize are available only for expunge and copy events. - #mail_log_fields = uid box msgid size -} - diff --git a/Dovecot/Configuration/conf.d/proto.10-mail.conf b/Dovecot/Configuration/conf.d/proto.10-mail.conf deleted file mode 100644 index 8c64f5d..0000000 --- a/Dovecot/Configuration/conf.d/proto.10-mail.conf +++ /dev/null @@ -1,87 +0,0 @@ - -mail_home = /usr/local/vmail/%d/%n -mail_location = maildir:/maildir/%d/%n/Maildir - -namespace inbox { - - type = private - hidden = no - ignore_on_failure = no - inbox = yes - list = yes - location = - prefix = INBOX/ - separator = / - subscriptions = yes - - mailbox Trash { - - auto = subscribe - special_use = \Trash - } - - mailbox Drafts { - - auto = subscribe - special_use = \Drafts - } - - mailbox Sent { - - auto = subscribe - special_use = \Sent - } - - mailbox Spam { - - auto = subscribe - special_use = \Junk - } - - mailbox Misc { - - auto = subscribe - } - - mailbox Archive { - - auto = subscribe - } - - mailbox Unclassified { - - auto = subscribe - } - - mailbox Unscanned { - - auto = subscribe - } - - mailbox Quarantine { - - auto = subscribe - } -} - -mail_uid = 1001 -mail_gid = 1001 - -mail_fsync = optimized - -first_valid_uid = 1000 - -mail_plugins = zlib quota - -mailbox_idle_check_interval = 30 secs - -protocol !indexer-worker { - - # If folder vsize calculation requires opening more than this many mails from - # disk (i.e. mail sizes aren't in cache already), return failure and finish - # the calculation via indexer process. Disabled by default. This setting must - # be 0 for indexer-worker processes. - #mail_vsize_bg_after_count = 0 -} - -mbox_write_locks = fcntl diff --git a/Dovecot/Configuration/conf.d/proto.10-master.conf b/Dovecot/Configuration/conf.d/proto.10-master.conf deleted file mode 100644 index 6760152..0000000 --- a/Dovecot/Configuration/conf.d/proto.10-master.conf +++ /dev/null @@ -1,95 +0,0 @@ -# Can calculate this: number of domains * 30, and then, second param: N * 3 -default_process_limit = 300 -default_client_limit = 2000 - -default_vsz_limit = 256M - -# Login user is internally used by login processes. This is the most untrusted -# user in Dovecot system. It shouldn't have access to anything at all. -#default_login_user = dovenull - -# Internal user is used by unprivileged processes. It should be separate from -# login user, so that login processes can't disturb other processes. -#default_internal_user = dovecot - -service imap-login { - inet_listener imap { - - port = 143 - } - - inet_listener imaps { - - port = 993 - ssl = yes - } - - vsz_limit = $default_vsz_limit -} - -service pop3-login { - inet_listener pop3 { - - port = 110 - } - inet_listener pop3s { - - port = 995 - ssl = yes - } -} - -service lmtp { - - inet_listener lmtp { - - port = 12346 - # We could TLS here too (lmtps) - } -} - -service imap { - - # Most of the memory goes to mmap()ing files. You may need to increase this - # limit if you have huge mailboxes. - vsz_limit = $default_vsz_limit - - # Max. number of IMAP processes (connections) - # Can calculate this: number of domains * 100 (or 50) - process_limit = 1000 - - # Can calculate this number ( __CORES__ ): total_cores_number - 2, min: 1 - process_min_avail = 4 -} - -service pop3 { - - # Max. number of POP3 processes (connections) - # process_limit = 1024 -} - -service auth { - - inet_listener { - port = 12345 - } -} - -service auth-worker { - - # Auth worker process is run as root by default, so that it can access - # /etc/shadow. If this isn't necessary, the user should be changed to - # $default_internal_user. - #user = root -} - -service dict { - - # If dict proxy is used, mail processes should have access to its socket. - # For example: mode=0660, group=vmail and global mail_access_groups=vmail - unix_listener dict { - #mode = 0600 - #user = - #group = - } -} diff --git a/Dovecot/Configuration/conf.d/proto.10-ssl.conf b/Dovecot/Configuration/conf.d/proto.10-ssl.conf deleted file mode 100644 index 0a98cd4..0000000 --- a/Dovecot/Configuration/conf.d/proto.10-ssl.conf +++ /dev/null @@ -1,49 +0,0 @@ -ssl = required -verbose_ssl=yes - -ssl_cert = . %d expands to recipient domain. -#postmaster_address = - -# Hostname to use in various parts of sent mails (e.g. in Message-Id) and -# in LMTP replies. Default is the system's real hostname@domain. -#hostname = - -# If user is over quota, return with temporary failure instead of -# bouncing the mail. -#quota_full_tempfail = no - -# Binary to use for sending mails. -#sendmail_path = /usr/sbin/sendmail - -# If non-empty, send mails via this SMTP host[:port] instead of sendmail. -#submission_host = - -# Subject: header to use for rejection mails. You can use the same variables -# as for rejection_reason below. -#rejection_subject = Rejected: %s - -# Human readable error message for rejection mails. You can use variables: -# %n = CRLF, %r = reason, %s = original subject, %t = recipient -#rejection_reason = Your message to <%t> was automatically rejected:%n%r - -# Delimiter character between local-part and detail in email address. -recipient_delimiter = + - -# Header where the original recipient address (SMTP's RCPT TO: address) is taken -# from if not available elsewhere. With dovecot-lda -a parameter overrides this. -# A commonly used header for this is X-Original-To. -#lda_original_recipient_header = - -# Should saving a mail to a nonexistent mailbox automatically create it? -lda_mailbox_autocreate = yes - -# Should automatically created mailboxes be also automatically subscribed? -lda_mailbox_autosubscribe = yes - -protocol lda { - # Space separated list of plugins to load (default is global mail_plugins). - #mail_plugins = $mail_plugins -} diff --git a/Dovecot/Configuration/conf.d/proto.20-imap.conf b/Dovecot/Configuration/conf.d/proto.20-imap.conf deleted file mode 100644 index a5ab6cc..0000000 --- a/Dovecot/Configuration/conf.d/proto.20-imap.conf +++ /dev/null @@ -1,92 +0,0 @@ -## -## IMAP specific settings -## - -# If nothing happens for this long while client is IDLEing, move the connection -# to imap-hibernate process and close the old imap process. This saves memory, -# because connections use very little memory in imap-hibernate process. The -# downside is that recreating the imap process back uses some resources. -#imap_hibernate_timeout = 0 - -# Maximum IMAP command line length. Some clients generate very long command -# lines with huge mailboxes, so you may need to raise this if you get -# "Too long argument" or "IMAP command line too large" errors often. -#imap_max_line_length = 64k - -# IMAP logout format string: -# %i - total number of bytes read from client -# %o - total number of bytes sent to client -# %{fetch_hdr_count} - Number of mails with mail header data sent to client -# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client -# %{fetch_body_count} - Number of mails with mail body data sent to client -# %{fetch_body_bytes} - Number of bytes with mail body data sent to client -# %{deleted} - Number of mails where client added \Deleted flag -# %{expunged} - Number of mails that client expunged, which does not -# include automatically expunged mails -# %{autoexpunged} - Number of mails that were automatically expunged after -# client disconnected -# %{trashed} - Number of mails that client copied/moved to the -# special_use=\Trash mailbox. -# %{appended} - Number of mails saved during the session -#imap_logout_format = in=%i out=%o - -# Override the IMAP CAPABILITY response. If the value begins with '+', -# add the given capabilities on top of the defaults (e.g. +XFOO XBAR). -#imap_capability = - -# How long to wait between "OK Still here" notifications when client is -# IDLEing. -#imap_idle_notify_interval = 2 mins - -# ID field names and values to send to clients. Using * as the value makes -# Dovecot use the default value. The following fields have default values -# currently: name, version, os, os-version, support-url, support-email. -#imap_id_send = - -# ID fields sent by client to log. * means everything. -#imap_id_log = - -# Workarounds for various client bugs: -# delay-newmail: -# Send EXISTS/RECENT new mail notifications only when replying to NOOP -# and CHECK commands. Some clients ignore them otherwise, for example OSX -# Mail ( - #service_count = 1 - - # Number of processes to always keep waiting for more connections. - # Can calculate this number ( __CORES__ ): total_cores_number - 2, min: 1 - process_min_avail = 4 - - # If you set service_count=0, you probably need to grow this. - #vsz_limit = 64M -} - -service managesieve { - - # Max. number of ManageSieve processes (connections) - process_limit = 1024 -} - -# Service configuration - -protocol sieve { - # Maximum ManageSieve command line length in bytes. ManageSieve usually does - # not involve overly long command lines, so this setting will not normally - # need adjustment - #managesieve_max_line_length = 65536 - - # Maximum number of ManageSieve connections allowed for a user from each IP - # address. - # NOTE: The username is compared case-sensitively. - #mail_max_userip_connections = 10 - - # Space separated list of plugins to load (none known to be useful so far). - # Do NOT try to load IMAP plugins here. - #mail_plugins = - - # MANAGESIEVE logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - # %{put_bytes} - Number of bytes saved using PUTSCRIPT command - # %{put_count} - Number of scripts saved using PUTSCRIPT command - # %{get_bytes} - Number of bytes read using GETCRIPT command - # %{get_count} - Number of scripts read using GETSCRIPT command - # %{get_bytes} - Number of bytes processed using CHECKSCRIPT command - # %{get_count} - Number of scripts checked using CHECKSCRIPT command - # %{deleted_count} - Number of scripts deleted using DELETESCRIPT command - # %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command - #managesieve_logout_format = bytes=%i/%o - - # To fool ManageSieve clients that are focused on CMU's timesieved you can - # specify the IMPLEMENTATION capability that Dovecot reports to clients. - # For example: 'Cyrus timsieved v2.2.13' - #managesieve_implementation_string = Dovecot Pigeonhole - - # Explicitly specify the SIEVE and NOTIFY capability reported by the server - # before login. If left unassigned these will be reported dynamically - # according to what the Sieve interpreter supports by default (after login - # this may differ depending on the user). - #managesieve_sieve_capability = - #managesieve_notify_capability = - - # The maximum number of compile errors that are returned to the client upon - # script upload or script verification. - #managesieve_max_compile_errors = 5 - - # Refer to 90-sieve.conf for script quota configuration and configuration of - # Sieve execution limits. -} diff --git a/Dovecot/Configuration/conf.d/proto.90-plugin.conf b/Dovecot/Configuration/conf.d/proto.90-plugin.conf deleted file mode 100644 index a732105..0000000 --- a/Dovecot/Configuration/conf.d/proto.90-plugin.conf +++ /dev/null @@ -1,21 +0,0 @@ -plugin { - - zlib_save_level = 6 - zlib_save = gz - - sieve_extensions = +spamtest +spamtestplus +virustest - sieve_global_dir = /sieve - sieve_default = file:/etc/dovecot/sieve/.dovecot.sieve - sieve_max_script_size = 1M - - sieve_spamtest_status_type = score - sieve_spamtest_status_header = \ - X-Spam-Score: score=(-?[[:digit:]]+\.[[:digit:]]).* - sieve_spamtest_max_header = \ - X-Spam-Score: score=-?[[:digit:]]+\.[[:digit:]] required=([[:digit:]]+\.[[:digit:]]) - - sieve_virustest_status_type = text - sieve_virustest_status_header = X-Virus-Scan: Found to be (.+)\. - sieve_virustest_text_value1 = clean - sieve_virustest_text_value5 = infected -} diff --git a/Dovecot/Configuration/conf.d/proto.90-quota.conf b/Dovecot/Configuration/conf.d/proto.90-quota.conf deleted file mode 100644 index 1efd9bc..0000000 --- a/Dovecot/Configuration/conf.d/proto.90-quota.conf +++ /dev/null @@ -1,46 +0,0 @@ - -plugin { - - quota_rule = *:storage={{SERVICE.MAIL_RECEIVE.MAILBOXES_CAPACITY}} - quota_rule1 = INBOX/Trash:storage=1G - quota_rule2 = INBOX/Archive:storage=+20%% - quota_rule3 = INBOX/Sent:ignore - quota_rule4 = INBOX:messages=+100K - quota_max_mail_size = 100M - quota_warning = storage=95%% quota-warning 95 %u - quota_warning2 = storage=80%% quota-warning 80 %u - quota_warning3 = storage=50%% quota-warning 50 %u - quota_exceeded_message = Quota exceeded for mailbox is exceeded. -} - -service quota-warning { - - executable = script /usr/local/bin/quota-warning.sh - user = vmail - unix_listener quota-warning { - user = vmail - } -} - -# Multiple backends are supported: -# dirsize: Find and sum all the files found from mail directory. -# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. -# dict: Keep quota stored in dictionary (eg. SQL) -# maildir: Maildir++ quota -# fs: Read-only support for filesystem quota - -plugin { - #quota = dirsize:User quota - #quota = maildir:User quota - #quota = dict:User quota::proxy::quota - #quota = fs:User quota -} - -# Multiple quota roots are also possible, for example this gives each user -# their own 100MB quota and one shared 1GB quota within the domain: -plugin { - #quota = dict:user::proxy::quota - #quota2 = dict:domain:%d:proxy::quota_domain - #quota_rule = *:storage=102400 - #quota2_rule = *:storage=1048576 -} diff --git a/Dovecot/Configuration/conf.d/proto.90-sieve.conf b/Dovecot/Configuration/conf.d/proto.90-sieve.conf deleted file mode 100644 index 9f3c80e..0000000 --- a/Dovecot/Configuration/conf.d/proto.90-sieve.conf +++ /dev/null @@ -1,12 +0,0 @@ -## -## Settings for the Sieve interpreter -## - -plugin { - - sieve = file:~/sieve;active=~/.dovecot.sieve - sieve_plugins = sieve_extprograms sieve_imapsieve - sieve_before = file:/etc/dovecot/sieve/spamglobal.sieve - - recipient_delimiter = + -} diff --git a/Dovecot/Configuration/conf.d/proto.91-quota-status.conf b/Dovecot/Configuration/conf.d/proto.91-quota-status.conf deleted file mode 100644 index c68e44d..0000000 --- a/Dovecot/Configuration/conf.d/proto.91-quota-status.conf +++ /dev/null @@ -1,17 +0,0 @@ - -service quota-status { - - executable = quota-status -p postfix - inet_listener { - - port = 12347 - } - client_limit = 1 -} - -plugin { - - quota_status_success = DUNNO - quota_status_nouser = DUNNO - quota_status_overquota = "552 5.2.2 Mailbox is full" -} \ No newline at end of file diff --git a/Dovecot/Configuration/conf.d/proto.auth-master.conf.ext b/Dovecot/Configuration/conf.d/proto.auth-master.conf.ext deleted file mode 100644 index 6fcfe39..0000000 --- a/Dovecot/Configuration/conf.d/proto.auth-master.conf.ext +++ /dev/null @@ -1,8 +0,0 @@ -# TODO: MSF-111: -# passdb { - - # pass = yes - # master = yes - # driver = passwd-file - # args = /etc/dovecot/masters/master-users -# } diff --git a/Dovecot/Configuration/conf.d/proto.auth-sql.conf.ext b/Dovecot/Configuration/conf.d/proto.auth-sql.conf.ext deleted file mode 100644 index bbce136..0000000 --- a/Dovecot/Configuration/conf.d/proto.auth-sql.conf.ext +++ /dev/null @@ -1,17 +0,0 @@ -passdb { - - driver = sql - args = /etc/dovecot/dovecot-sql.conf.ext -} - -userdb { - driver = static - args = uid=5000 gid=5000 allow_all_users=yes -} - -# TODO: MSF-200 -# userdb { -# -# driver = sql -# args = /etc/dovecot/dovecot-sql.conf.ext -# } diff --git a/Dovecot/Configuration/proto.dovecot-sql.conf.ext b/Dovecot/Configuration/proto.dovecot-sql.conf.ext deleted file mode 100644 index 2fd29bc..0000000 --- a/Dovecot/Configuration/proto.dovecot-sql.conf.ext +++ /dev/null @@ -1,10 +0,0 @@ -driver = pgsql -connect = host={{SERVICE.DATABASE.NAME}} port={{SERVICE.DATABASE.PORTS.PORT}} dbname={{SERVICE.DATABASE.DB_DIRECTORY}} user={{SERVICE.DATABASE.USER}} password={{SERVICE.DATABASE.PASSWORD}} -default_pass_scheme = PLAIN -password_query = SELECT email as user, password FROM {{SERVICE.DATABASE.VIEW_USERS}} WHERE email='%u'; - -# TODO: MSF-200 -# user_query = SELECT home, uid, gid FROM {{SERVICE.DATABASE.VIEW_USERS}} WHERE userid = '%n' AND domain = '%d' - -# TODO: MSF-200 - Re-enable once ticket implemented -# iterate_query = SELECT email AS user FROM {{SERVICE.DATABASE.VIEW_USERS}} \ No newline at end of file diff --git a/Dovecot/Configuration/proto.dovecot.conf b/Dovecot/Configuration/proto.dovecot.conf deleted file mode 100644 index c95a733..0000000 --- a/Dovecot/Configuration/proto.dovecot.conf +++ /dev/null @@ -1,16 +0,0 @@ - -protocols = imap pop3 lmtp sieve - -login_greeting = Dovecot ready - -dict { - # TODO: MSF-164 - # quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext - # expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext -} - -!include conf.d/*.conf - -!include_try local.conf - -verbose_proctitle = yes \ No newline at end of file diff --git a/Dovecot/Dockerfile b/Dovecot/Dockerfile deleted file mode 100644 index fa3a7c7..0000000 --- a/Dovecot/Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -FROM fedora:32 - -ARG DB -ARG DB_PORT -ARG PORT_EXPOSED_IMAPS - -ENV DB "$DB" -ENV DB_PORT "$DB_PORT" -ENV PORT_EXPOSED_IMAPS "$PORT_EXPOSED_IMAPS" - -RUN dnf update -y && \ - dnf install findutils -y && \ - dnf clean all && \ - dnf install -y https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \ - dnf install -y dovecot dovecot-pgsql dovecot-pigeonhole openssl telnet net-tools iputils && \ - mkdir /etc/dovecot/sieve - -ADD Configuration /etc/dovecot -ADD Utils /usr/local/bin -ADD Scripts/start.sh /start.sh -ADD Scripts/logrotate.sh /logrotate.sh -ADD Sieve/.dovecot.sieve /etc/dovecot/sieve/.dovecot.sieve -ADD Sieve/spamglobal.sieve /etc/dovecot/sieve/spamglobal.sieve - -RUN sievec /etc/dovecot/sieve/.dovecot.sieve && \ - sievec /etc/dovecot/sieve/spamglobal.sieve && \ - groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /home/vmail -m && \ - chgrp vmail /etc/dovecot/dovecot.conf && chmod g+r /etc/dovecot/dovecot.conf && \ - chgrp -R vmail /etc/dovecot/sieve && chmod -R 750 /etc/dovecot/sieve - -EXPOSE $PORT_EXPOSED_IMAPS - -CMD sh start.sh "${DB}" "${DB_PORT}" \ No newline at end of file diff --git a/Dovecot/Scripts/logrotate.sh b/Dovecot/Scripts/logrotate.sh deleted file mode 100644 index 04f1a83..0000000 --- a/Dovecot/Scripts/logrotate.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh - -logs=/var/log/dovecot -logFile=dovecot.log -infoLogFile=dovecot.info.log -debugLogFile=dovecot.debug.log - -dovecotLog="$logs/$logFile" -dovecotInfoLog="$logs/$infoLogFile" -dovecotDebugLog="$logs/$debugLogFile" - -if test -e ${dovecotLog} -then - - cp ${dovecotLog} "${logs}/$(($(date +%s%N)/1000000))_$logFile" - echo "Log initialized: $(date)" > ${dovecotLog} - echo "Beginning of log file:" >> ${dovecotLog} -fi - -if test -e ${dovecotInfoLog} -then - - cp ${dovecotInfoLog} "${logs}/$(($(date +%s%N)/1000000))_$infoLogFile" - echo "Log initialized: $(date)" > ${dovecotInfoLog} - echo "Beginning of log file:" >> ${dovecotInfoLog} -fi - -if test -e ${dovecotDebugLog} -then - - cp ${dovecotDebugLog} "${logs}/$(($(date +%s%N)/1000000))_$debugLogFile" - echo "Log initialized: $(date)" > ${dovecotDebugLog} - echo "Beginning of log file:" >> ${dovecotDebugLog} -fi - -find ${logs} -name "*_$logFile" -mtime +120 -exec rm -f {} \; >> ${dovecotLog} -find ${logs} -name "*_$infoLogFile" -mtime +120 -exec rm -f {} \; >> ${dovecotInfoLog} -find ${logs} -name "*_$debugLogFile" -mtime +120 -exec rm -f {} \; >> ${dovecotDebugLog} - -sleep 604800; sh /logrotate.sh & \ No newline at end of file diff --git a/Dovecot/Scripts/start.sh b/Dovecot/Scripts/start.sh deleted file mode 100644 index 0de5c6f..0000000 --- a/Dovecot/Scripts/start.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -db=$1 -dbPort=$2 -dovecotLog=/var/log/dovecot.start.log -echo "Starting Dovecot" > ${dovecotLog} - -echo "Checking database port: $dbPort" >> ${dovecotLog} -if echo "^C" | telnet "${db}" "${dbPort}" | grep "Connected" -then - echo "Database process is bound to port: $dbPort" >> ${dovecotLog} -else - echo "No process bound to port: $dbPort" >> ${dovecotLog} - exit 1 -fi - -chmod -R +r /run/dovecot -chmod -R +w /run/dovecot -chown -R vmail ./maildir -chgrp -R vmail ./maildir -chgrp -R vmail /usr/local/vmail -chown -R vmail /usr/local/vmail -chgrp -R vmail /etc/dovecot/masters -chown -R vmail /etc/dovecot/masters - -if dovecot >> ${dovecotLog} -then - - doveadm log errors >> ${dovecotLog} - dovecot log errors >> ${dovecotLog} - - export IFS=";" - ports="110;143;993;995;12345;12346;12347;4190;2000" - for port in $ports; do - - if echo "^C" | telnet 127.0.0.1 "${port}" | grep "Connected" - then - echo "Dovecot is listening on port: $port" >> ${dovecotLog} - else - echo "Dovecot is not bound to port: $port" >> ${dovecotLog} - exit 1 - fi - done - - sh /logrotate.sh & - tail -F ${dovecotLog} -else - exit 1 -fi \ No newline at end of file diff --git a/Dovecot/Sieve/.dovecot.sieve b/Dovecot/Sieve/.dovecot.sieve deleted file mode 100644 index 87ca2d4..0000000 --- a/Dovecot/Sieve/.dovecot.sieve +++ /dev/null @@ -1,17 +0,0 @@ -require ["fileinto","mailbox"]; - -if header :contains ["X-Virus-Status"] "Infected" { - - fileinto "INBOX/Quarantine"; - stop; -} - -if header :contains ["X-Virus-Scanned"] "amavisd-new" { - - fileinto "INBOX"; - stop; -} else { - - fileinto "INBOX/Unscanned"; - stop; -} \ No newline at end of file diff --git a/Dovecot/Sieve/spamglobal.sieve b/Dovecot/Sieve/spamglobal.sieve deleted file mode 100644 index 48cb759..0000000 --- a/Dovecot/Sieve/spamglobal.sieve +++ /dev/null @@ -1,21 +0,0 @@ -require ["fileinto","mailbox"]; - -if anyof( - header :contains ["X-Spam-Flag"] "YES", - header :contains ["X-Spam"] "Yes", - header :contains ["Subject"] "*** SPAM ***" - ) -{ - - fileinto :create "INBOX/Spam"; - stop; -} - -if header :contains ["X-Spamd-Result"] "False" { - - fileinto "INBOX"; -} else { - - fileinto "INBOX/Unclassified"; - stop; -} \ No newline at end of file diff --git a/Dovecot/Utils/proto.quota-warning.sh b/Dovecot/Utils/proto.quota-warning.sh deleted file mode 100755 index 8ef3ff1..0000000 --- a/Dovecot/Utils/proto.quota-warning.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -PERCENT=$1 -USER=$2 - -echo "From: {{SERVER.POSTMASTER}} -Subject: Quota warning - -Your mailbox is currently $PERCENT% full. -" | /usr/libexec/dovecot/dovecot-lda -d "${USER}" -o plugin/quota=maildir \ No newline at end of file diff --git a/Dovecot/proto.docker-compose.yml b/Dovecot/proto.docker-compose.yml deleted file mode 100644 index c2fe171..0000000 --- a/Dovecot/proto.docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: "3.7" - -services: - {{SERVICE.MAIL_RECEIVE.NAME}}: - build: - context: . - args: - - DB={{SERVICE.DATABASE.NAME}} - - DB_PORT={{SERVICE.DATABASE.PORTS.PORT}} - - PORT_EXPOSED_IMAPS={{SERVICE.MAIL_RECEIVE.PORTS.PORT_EXPOSED_IMAPS}} - container_name: {{SERVICE.MAIL_RECEIVE.NAME}} - hostname: {{SERVICE.MAIL_RECEIVE.NAME}}.{{SERVER.DOMAIN}} - restart: always - ports: - - {{SERVICE.MAIL_RECEIVE.PORTS.PORT_EXPOSED_IMAPS}}:993 - networks: - - {{SERVICE.NETWORK.NAME}} - volumes: - - {{SERVER.CERTIFICATION.CERTIFICATES}}:/certificates - - {{SERVER.SERVER_HOME}}/Server/Dovecot/Maildir:/maildir - - {{SERVER.SERVER_HOME}}/Server/Dovecot/VMail:/usr/local/vmail - - {{SERVER.SERVER_HOME}}/Server/Dovecot/Masters:/etc/dovecot/masters - - {{SERVER.SERVER_HOME}}/Server/Dovecot/Log:/var/log/dovecot - - {{SERVER.SERVER_HOME}}/Server/Dovecot/Sieve:/sieve - -networks: - {{SERVICE.NETWORK.NAME}}: - external: true diff --git a/Dovecot/proto.receivemail.service b/Dovecot/proto.receivemail.service deleted file mode 100644 index b7d54d3..0000000 --- a/Dovecot/proto.receivemail.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Dovecot service running on Docker -After=docker.service -Requires=docker.service - -[Service] -Restart=always -ExecStart={{DOCKER.DOCKER_HOME}}/Definitions/Dovecot/start.sh - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/Postfix/Configuration/proto.email2email.cf b/Postfix/Configuration/proto.email2email.cf deleted file mode 100644 index 6c038ee..0000000 --- a/Postfix/Configuration/proto.email2email.cf +++ /dev/null @@ -1,5 +0,0 @@ -user = {{SERVICE.DATABASE.USER}} -password = {{SERVICE.DATABASE.PASSWORD}} -hosts = {{SERVICE.DATABASE.NAME}} -dbname = {{SERVICE.DATABASE.DB_DIRECTORY}} -query = SELECT email FROM {{SERVICE.DATABASE.VIEW_USERS}} WHERE email='%s' \ No newline at end of file diff --git a/Postfix/Configuration/proto.main.cf b/Postfix/Configuration/proto.main.cf deleted file mode 100644 index 16ac28a..0000000 --- a/Postfix/Configuration/proto.main.cf +++ /dev/null @@ -1,174 +0,0 @@ -compatibility_level = 2 - -maillog_file= /var/log/postfix/postfix.log - -queue_directory = /var/spool/postfix - -command_directory = /usr/sbin - -daemon_directory = /usr/libexec/postfix - -data_directory = /var/lib/postfix - -mail_owner = postfix - -myhostname = {{SERVICE.MAIL_SEND.NAME}}.{{SERVER.DOMAIN}} - -mydomain = {{SERVER.DOMAIN}} - -myorigin = $mydomain - -inet_interfaces = all - -inet_protocols = ipv4 - -virtual_mailbox_domains = pgsql:/etc/postfix/virtual-mailbox-domains.cf - -virtual_alias_maps = pgsql:/etc/postfix/virtual-alias-maps.cf, pgsql:/etc/postfix/email2email.cf - -virtual_mailbox_maps = pgsql:/etc/postfix/virtual-mailbox-maps.cf - -virtual_mailbox_base = /usr/local/vmail - -virtual_uid_maps = static:5000 -virtual_gid_maps = static:5000 - -unknown_local_recipient_reject_code = 550 - -mynetworks_style = host - -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases - -recipient_delimiter = + - -home_mailbox = Maildir/ - -mail_spool_directory = /var/spool/mail/ - -#mailbox_command = /some/where/procmail -#mailbox_command = /some/where/procmail -a "$EXTENSION" - -header_checks = regexp:/etc/postfix/header_checks - -debug_peer_level = 2 - -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -debugger_command = - PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - ddd $daemon_directory/$process_name $process_id & sleep 5 - -sendmail_path = /usr/sbin/sendmail.postfix - -newaliases_path = /usr/bin/newaliases.postfix - -mailq_path = /usr/bin/mailq.postfix - -setgid_group = postdrop - -html_directory = no - -default_database_type = pgsql - -# TODO: MSF-201 -# canonical_maps = pgsql:/path - -# TODO: MSF-202 -# relocated_maps = pgsql:/path - -# Set to 100MB: -message_size_limit = 102400000 - -# Set to 1000MB: -mailbox_size_limit = 1024000000 - -# Set to 1MB: -bounce_size_limit = 1024000 - -bounce_queue_lifetime = 1d -maximal_queue_lifetime = 2d - -append_at_myorigin = no -append_dot_mydomain = no - -# Any address whose fully qualified hostname matches the domain portion is stripped down to just the domain name: -masquerade_domains = {{SERVER.DOMAIN}} - -# TODO: -# body_checks = regexp:/etc/postfix/re_body_checks -# body_checks_size_limit = 51200 - -virtual_transport = lmtp:inet:{{SERVICE.MAIL_RECEIVE.NAME}}:12346 -mailbox_transport = lmtp:inet:{{SERVICE.MAIL_RECEIVE.NAME}}:12346 - -# Anti-spam configuration: -smtpd_recipient_restrictions = - permit_mynetworks - permit_sasl_authenticated - # TODO: MSF-164 - # warn_if_reject - # check_policy_service inet:{{SERVICE.MAIL_RECEIVE.NAME}}:12347 - reject_unverified_recipient - reject_unauth_destination - reject_non_fqdn_recipient - reject_invalid_hostname - reject_unknown_sender_domain - reject_unknown_recipient_domain - -smtpd_helo_restrictions = - reject_invalid_hostname - -smtpd_sender_restrictions = - reject_non_fqdn_sender - reject_unknown_sender_domain - -smtpd_client_restrictions = - permit_sasl_authenticated - reject - -# TODO: -# smtpd_helo_restrictions -# smtpd_sender_restrictions -# smtpd_data_restrictions - -smtpd_helo_required = yes -smtpd_client_message_rate_limit = 5 - -# SASL: -smtpd_sasl_type = dovecot -smtpd_sasl_auth_enable = yes -smtpd_sasl_path = inet:{{SERVICE.MAIL_RECEIVE.NAME}}:12345 -smtpd_sasl_security_options = noanonymous -smtpd_sasl_tls_security_options = $smtpd_sasl_security_options -broken_sasl_auth_clients = yes - -# TLS: -smtp_tls_security_level = may -smtpd_tls_security_level = may -smtp_tls_CApath = /certificates -smtp_tls_CAfile = /certificates/ca-bundle.crt -smtpd_use_tls = yes -smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 -smtpd_tls_cert_file = /certificates/{{SERVER.HOSTNAME}}.crt -smtpd_tls_key_file = /certificates/{{SERVER.HOSTNAME}}.key -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache - -unverified_recipient_reject_code = 577 -address_verify_negative_expire_time = 3d -address_verify_negative_refresh_time = 3h -address_verify_positive_expire_time = 31d -address_verify_positive_refresh_time = 7d -address_verify_map = btree:${data_directory}/verify_cache - -# Content filtering: -content_filter = smtp-amavis:[{{SERVICE.ANTI_VIRUS.NAME}}]:{{SERVICE.ANTI_VIRUS.PORTS.PORT}} - -# Anti-Spam configuration: -milter_protocol = 6 -milter_default_action = accept -milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} -smtpd_milters = inet:{{SERVICE.ANTI_SPAM.NAME}}:{{SERVICE.ANTI_SPAM.PORTS.PROXY}} -non_smtpd_milters = inet:{{SERVICE.ANTI_SPAM.NAME}}:{{SERVICE.ANTI_SPAM.PORTS.PROXY}} diff --git a/Postfix/Configuration/proto.master.cf b/Postfix/Configuration/proto.master.cf deleted file mode 100644 index fb7a892..0000000 --- a/Postfix/Configuration/proto.master.cf +++ /dev/null @@ -1,147 +0,0 @@ -# -# Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master"). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) -# ========================================================================== -postlog unix-dgram n - n - 1 postlogd -smtp inet n - n - - smtpd -# -o syslog_name=postfix/smtp -#smtp inet n - n - 1 postscreen -#smtpd pass - - n - - smtpd -#dnsblog unix - - n - 0 dnsblog -#tlsproxy unix - - n - 0 tlsproxy -submission inet n - n - - smtpd - -o syslog_name=postfix/submission - -o smtpd_sasl_auth_enable=yes -# -o smtpd_tls_security_level=may -# -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -smtps inet n - n - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes -# -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -smtp-amavis unix - - n - 2 smtp - -o smtp_data_done_timeout=1200 - -o smtp_send_xforward_command=yes - -o disable_dns_lookups=yes -0.0.0.0:{{SERVICE.MAIL_SEND.PORTS.PORT_ANTI_VIRUS}} inet n - n - - smtpd - -o content_filter= - -o mynetworks=127.0.0.0/8,{{SERVICE.NETWORK.SUBNET}} - -o local_recipient_maps= - -o relay_recipient_maps= - -o smtpd_restriction_classes= - -o smtpd_client_restrictions= - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o strict_rfc821_envelopes=yes - -o smtpd_error_sleep_time=0 - -o smtpd_soft_error_limit=1001 - -o smtpd_hard_error_limit=1000 -#628 inet n - n - - qmqpd -pickup unix n - n 60 1 pickup -cleanup unix n - n - 0 cleanup -qmgr unix n - n 300 1 qmgr -#qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - n 1000? 1 tlsmgr -rewrite unix - - n - - trivial-rewrite -bounce unix - - n - 0 bounce -defer unix - - n - 0 bounce -trace unix - - n - 0 bounce -verify unix - - n - 1 verify -flush unix n - n 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - n - - smtp -relay unix - - n - - smtp -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - n - - showq -error unix - - n - - error -retry unix - - n - - error -discard unix - - n - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - n - - lmtp -anvil unix - - n - 1 anvil -scache unix - - n - 1 scache -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -#maildrop unix - n n - - pipe -# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# Recent Cyrus versions can use the existing "lmtp" master.cf entry. -# -# Specify in cyrus.conf: -# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 -# -# Specify in main.cf one or more of the following: -# mailbox_transport = lmtp:inet:localhost -# virtual_transport = lmtp:inet:localhost -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# -# Old example of delivery via Cyrus. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -#uucp unix - n n - - pipe -# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# ==================================================================== -# -# Other external delivery methods. -# -#ifmail unix - n n - - pipe -# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -# -#bsmtp unix - n n - - pipe -# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient -# -#scalemail-backend unix - n n - 2 pipe -# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store -# ${nexthop} ${user} ${extension} -# -#mailman unix - n n - - pipe -# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py -# ${nexthop} ${user} diff --git a/Postfix/Configuration/proto.virtual-alias-maps.cf b/Postfix/Configuration/proto.virtual-alias-maps.cf deleted file mode 100644 index 1c299c6..0000000 --- a/Postfix/Configuration/proto.virtual-alias-maps.cf +++ /dev/null @@ -1,5 +0,0 @@ -user = {{SERVICE.DATABASE.USER}} -password = {{SERVICE.DATABASE.PASSWORD}} -hosts = {{SERVICE.DATABASE.NAME}} -dbname = {{SERVICE.DATABASE.DB_DIRECTORY}} -query = SELECT destination FROM {{SERVICE.DATABASE.VIEW_ALIASES}} WHERE email='%s' \ No newline at end of file diff --git a/Postfix/Configuration/proto.virtual-mailbox-domains.cf b/Postfix/Configuration/proto.virtual-mailbox-domains.cf deleted file mode 100644 index e08e6bf..0000000 --- a/Postfix/Configuration/proto.virtual-mailbox-domains.cf +++ /dev/null @@ -1,5 +0,0 @@ -user = {{SERVICE.DATABASE.USER}} -password = {{SERVICE.DATABASE.PASSWORD}} -hosts = {{SERVICE.DATABASE.NAME}} -dbname = {{SERVICE.DATABASE.DB_DIRECTORY}} -query = SELECT 1 FROM {{SERVICE.DATABASE.TABLE_DOMAINS}} WHERE name='%s' \ No newline at end of file diff --git a/Postfix/Configuration/proto.virtual-mailbox-maps.cf b/Postfix/Configuration/proto.virtual-mailbox-maps.cf deleted file mode 100644 index ffcd918..0000000 --- a/Postfix/Configuration/proto.virtual-mailbox-maps.cf +++ /dev/null @@ -1,5 +0,0 @@ -user = {{SERVICE.DATABASE.USER}} -password = {{SERVICE.DATABASE.PASSWORD}} -hosts = {{SERVICE.DATABASE.NAME}} -dbname = {{SERVICE.DATABASE.DB_DIRECTORY}} -query = SELECT 1 FROM {{SERVICE.DATABASE.VIEW_USERS}} WHERE email='%s' \ No newline at end of file diff --git a/Postfix/Database/proto.configuration.json b/Postfix/Database/proto.configuration.json deleted file mode 100644 index a0a0821..0000000 --- a/Postfix/Database/proto.configuration.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "TYPE": "{{SERVICE.DATABASE.TYPE}}", - "HOST": "{{SERVICE.DATABASE.HOST}}", - "PORT": "{{SERVICE.DATABASE.PORTS.PORT_EXPOSED}}", - "USER": "{{SERVICE.DATABASE.USER}}", - "PASSWORD": "{{SERVICE.DATABASE.PASSWORD}}", - "NAME": "{{SERVICE.DATABASE.DB_DIRECTORY}}", - "SQL": [ - "init.sql" - ] -} \ No newline at end of file diff --git a/Postfix/Database/proto.init.sql b/Postfix/Database/proto.init.sql deleted file mode 100644 index 0cf64af..0000000 --- a/Postfix/Database/proto.init.sql +++ /dev/null @@ -1,34 +0,0 @@ -CREATE TABLE IF NOT EXISTS {{SERVICE.DATABASE.TABLE_DOMAINS}} -( - id SERIAL PRIMARY KEY, - name VARCHAR(50) NOT NULL UNIQUE -); - -CREATE TABLE IF NOT EXISTS {{SERVICE.DATABASE.TABLE_USERS}} -( - id SERIAL PRIMARY KEY, - domain_id INT NOT NULL, - account VARCHAR(40) NOT NULL, - password VARCHAR(128) NOT NULL, - CONSTRAINT UNIQUE_EMAIL UNIQUE (domain_id, account), - FOREIGN KEY (domain_id) REFERENCES {{SERVICE.DATABASE.TABLE_DOMAINS}} (id) ON DELETE CASCADE -); - -CREATE TABLE IF NOT EXISTS {{SERVICE.DATABASE.TABLE_ALIASES}} -( - id SERIAL PRIMARY KEY, - domain_id INT NOT NULL, - source VARCHAR(40) NOT NULL, - destination VARCHAR(80) NOT NULL, - FOREIGN KEY (domain_id) REFERENCES {{SERVICE.DATABASE.TABLE_DOMAINS}} (id) ON DELETE CASCADE -); - -CREATE VIEW {{SERVICE.DATABASE.VIEW_USERS}} AS -SELECT CONCAT({{SERVICE.DATABASE.TABLE_USERS}}.account, '@', {{SERVICE.DATABASE.TABLE_DOMAINS}}.name) AS email, {{SERVICE.DATABASE.TABLE_USERS}}.password -FROM {{SERVICE.DATABASE.TABLE_USERS}} - LEFT JOIN {{SERVICE.DATABASE.TABLE_DOMAINS}} ON {{SERVICE.DATABASE.TABLE_USERS}}.domain_id = {{SERVICE.DATABASE.TABLE_DOMAINS}}.id; - -CREATE VIEW {{SERVICE.DATABASE.VIEW_ALIASES}} AS -SELECT CONCAT({{SERVICE.DATABASE.TABLE_ALIASES}}.source, '@', {{SERVICE.DATABASE.TABLE_DOMAINS}}.name) AS email, destination -FROM {{SERVICE.DATABASE.TABLE_ALIASES}} - LEFT JOIN {{SERVICE.DATABASE.TABLE_DOMAINS}} ON {{SERVICE.DATABASE.TABLE_ALIASES}}.domain_id = {{SERVICE.DATABASE.TABLE_DOMAINS}}.id; diff --git a/Postfix/Dockerfile b/Postfix/Dockerfile deleted file mode 100644 index 86d6ae9..0000000 --- a/Postfix/Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -FROM fedora:32 - -ARG DB_NAME -ARG AV_NAME -ARG DB_PORT -ARG AV_PORT -ARG AV_PORT_MAIL_SEND -ARG SERVICE_RECEIVE - -ENV AV_NAME "$AV_NAME" -ENV DB_NAME "$DB_NAME" -ENV DB_PORT "$DB_PORT" -ENV AV_PORT "$AV_PORT" -ENV AV_PORT_MAIL_SEND "$AV_PORT_MAIL_SEND" -ENV SERVICE_RECEIVE "$SERVICE_RECEIVE" - -RUN dnf update -y && \ - dnf install findutils -y && \ - dnf clean all && \ - dnf install -y https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \ - https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \ - dnf install -y postfix postfix-pgsql openssl telnet net-tools iputils && \ - alternatives --set mta /usr/sbin/sendmail.postfix && \ - groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /home/vmail -m - -ADD Configuration/*.* /etc/postfix/ -ADD Scripts/start.sh /start.sh -ADD Scripts/logrotate.sh /logrotate.sh - -EXPOSE 465 - -CMD sh start.sh "${DB_PORT}" "${AV_PORT}" "${DB_NAME}" "${AV_NAME}" "${SERVICE_RECEIVE}" "${AV_PORT_MAIL_SEND}" \ No newline at end of file diff --git a/Postfix/Scripts/logrotate.sh b/Postfix/Scripts/logrotate.sh deleted file mode 100644 index ce0d5f9..0000000 --- a/Postfix/Scripts/logrotate.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -postfix logrotate -find /var/log/postfix -mtime +120 -exec rm -f {} \; - -sleep 604800; sh /logrotate.sh & - diff --git a/Postfix/Scripts/start.sh b/Postfix/Scripts/start.sh deleted file mode 100644 index 11d4f13..0000000 --- a/Postfix/Scripts/start.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh - -dbName=$3 -avName=$4 -dbPort=$1 -avPort=$2 -avPortMailSend=$6 -serviceReceive=$5 -dovecotSaslPort=12345 -dovecotLmtpPort=12346 - -postfixLog=/var/log/postfix.start.log -echo "Starting Postfix" > ${postfixLog} - -echo "Checking database port: $dbPort" >> ${postfixLog} -if echo "^C" | telnet "${dbName}" "${dbPort}" | grep "Connected" -then - echo "Database process is bound to port: $dbPort" >> ${postfixLog} -else - echo "No process bound to port: $dbPort" >> ${postfixLog} - exit 1 -fi - -echo "Checking AntiVirus scanner service port: $avPort" >> ${postfixLog} -if echo "^C" | telnet "${avName}" "${avPort}" | grep "Connected" -then - echo "AntiVirus scanner service is bound to port: $avPort" >> ${postfixLog} -else - echo "No AntiVirus scanner service bound to port: $avPort" >> ${postfixLog} - exit 1 -fi - -echo "Checking Dovecot SASL port: $dovecotSaslPort" >> ${postfixLog} -if echo "^C" | telnet "${serviceReceive}" ${dovecotSaslPort} | grep "Connected" -then - echo "Dovecot process is bound to port: $dovecotSaslPort" >> ${postfixLog} -else - echo "No process bound to port: $dovecotSaslPort" >> ${postfixLog} - exit 1 -fi - -echo "Checking Dovecot LMTP port: $dovecotLmtpPort" >> ${postfixLog} -if echo "^C" | telnet "${serviceReceive}" ${dovecotLmtpPort} | grep "Connected" -then - echo "Dovecot process is bound to port: $dovecotLmtpPort" >> ${postfixLog} -else - echo "No process bound to port: $dovecotLmtpPort" >> ${postfixLog} - exit 1 -fi - -postfix set-permissions >> ${postfixLog} -newaliases -postfix check >> ${postfixLog} -postfix start >> ${postfixLog} -if postfix status >> ${postfixLog} -then - - export IFS=";" - ports="465;587;${avPortMailSend}" - for port in $ports; do - - if echo "^C" | telnet 127.0.0.1 "${port}" | grep "Connected" - then - echo "Postfix is listening on port: $port" >> ${postfixLog} - else - echo "Postfix is not bound to port: $port" >> ${postfixLog} - exit 1 - fi - done - - sh /logrotate.sh & - tail -F ${postfixLog} -else - exit 1 -fi diff --git a/Postfix/proto.docker-compose.yml b/Postfix/proto.docker-compose.yml deleted file mode 100644 index 72efd80..0000000 --- a/Postfix/proto.docker-compose.yml +++ /dev/null @@ -1,31 +0,0 @@ -version: "3.7" - -services: - {{SERVICE.MAIL_SEND.NAME}}: - build: - context: . - args: - - DB_NAME={{SERVICE.DATABASE.NAME}} - - AV_NAME={{SERVICE.ANTI_VIRUS.NAME}} - - DB_PORT={{SERVICE.DATABASE.PORTS.PORT}} - - AV_PORT={{SERVICE.ANTI_VIRUS.PORTS.PORT}} - - AV_PORT_MAIL_SEND={{SERVICE.MAIL_SEND.PORTS.PORT_ANTI_VIRUS}} - - SERVICE_RECEIVE={{SERVICE.MAIL_RECEIVE.NAME}} - container_name: {{SERVICE.MAIL_SEND.NAME}} - hostname: {{SERVICE.MAIL_SEND.NAME}}.{{SERVER.DOMAIN}} - restart: always - ports: - - 465:465 - networks: - - {{SERVICE.NETWORK.NAME}} - volumes: - - {{SERVER.CERTIFICATION.CERTIFICATES}}:/certificates - - {{SERVER.SERVER_HOME}}/Server/Postfix/Data:/var/lib/postfix - - {{SERVER.SERVER_HOME}}/Server/Postfix/Queue:/var/spool/postfix - - {{SERVER.SERVER_HOME}}/Server/Postfix/VMail:/usr/local/vmail - - {{SERVER.SERVER_HOME}}/Server/Postfix/Mail:/var/spool/mail - - {{SERVER.SERVER_HOME}}/Server/Postfix/Log:/var/log/postfix - -networks: - {{SERVICE.NETWORK.NAME}}: - external: true diff --git a/Postfix/proto.sendmail.service b/Postfix/proto.sendmail.service deleted file mode 100644 index 0117e3c..0000000 --- a/Postfix/proto.sendmail.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Postfix service running on Docker -After=docker.service -Requires=docker.service - -[Service] -Restart=always -ExecStart={{DOCKER.DOCKER_HOME}}/Definitions/Postfix/start.sh - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/network/1.0.0/Definition.json b/network/1.0.0/Definition.json new file mode 100644 index 0000000..41626b0 --- /dev/null +++ b/network/1.0.0/Definition.json @@ -0,0 +1,11 @@ +{ + "definition": { + "group": "main", + "type": "docker", + "version": "1.0.0", + "name": "network" + }, + "includes": [ + "Network.json" + ] +} \ No newline at end of file diff --git a/network/1.0.0/Network.json b/network/1.0.0/Network.json new file mode 100644 index 0000000..5937dec --- /dev/null +++ b/network/1.0.0/Network.json @@ -0,0 +1,24 @@ +{ + "software": [ + { + "name": "Mail server stack: Network", + "version": "1.0.0", + "installationSteps": { + "Docker": [ + { + "type": "skipCondition", + "value": "docker network ls | grep \"{{SERVICE.NETWORK.NAME}}\"" + }, + { + "type": "network", + "value": "{{SERVICE.NETWORK.NAME}}:{{SERVICE.NETWORK.SUBNET}}" + }, + { + "type": "command", + "value": "docker network ls | grep \"{{SERVICE.NETWORK.NAME}}\"" + } + ] + } + } + ] +} \ No newline at end of file diff --git a/postgres/1.0.0/Definition.json b/postgres/1.0.0/Definition.json new file mode 100644 index 0000000..67238fc --- /dev/null +++ b/postgres/1.0.0/Definition.json @@ -0,0 +1,11 @@ +{ + "definition": { + "group": "main", + "type": "docker", + "version": "1.0.0", + "name": "postgres" + }, + "includes": [ + "Postgres.json" + ] +} \ No newline at end of file diff --git a/postgres/1.0.0/Postgres.json b/postgres/1.0.0/Postgres.json new file mode 100644 index 0000000..5ef80eb --- /dev/null +++ b/postgres/1.0.0/Postgres.json @@ -0,0 +1,52 @@ +{ + "software": [ + { + "name": "Mail server stack: Relational database", + "version": "1.0.0", + "installationSteps": { + "Docker": [ + { + "type": "conditionCheck", + "value": "{{SERVICE.DATABASE.NAME}}" + }, + { + "type": "portRequired", + "value": "{{SERVICE.DATABASE.PORTS.PORT_EXPOSED}}" + }, + { + "type": "deploy", + "value": "main/docker/postgres:1.0.0@:{{DOCKER.DOCKER_HOME}}/Postgres" + }, + { + "type": "stack", + "value": "{{DOCKER.DOCKER_HOME}}/Postgres" + }, + { + "type": "check", + "value": "{{SERVICE.DATABASE.NAME}}" + }, + { + "type": "command", + "value": "ln {{DOCKER.DOCKER_HOME}}/Postgres/database.postgres.service /etc/systemd/system/database.postgres.service" + }, + { + "type": "command", + "value": "sh {{SERVER.SERVER_HOME}}/Utils/setenforce.sh" + }, + { + "type": "command", + "value": "systemctl enable database.postgres.service" + }, + { + "type": "reboot", + "value": "480" + }, + { + "type": "check", + "value": "{{SERVICE.DATABASE.NAME}}" + } + ] + } + } + ] +} \ No newline at end of file diff --git a/Postgres/proto.database.postgres.service b/postgres/1.0.0/proto.database.postgres.service similarity index 100% rename from Postgres/proto.database.postgres.service rename to postgres/1.0.0/proto.database.postgres.service diff --git a/Postgres/proto.docker-compose.yml b/postgres/1.0.0/proto.docker-compose.yml similarity index 81% rename from Postgres/proto.docker-compose.yml rename to postgres/1.0.0/proto.docker-compose.yml index af025c5..09ed31e 100644 --- a/Postgres/proto.docker-compose.yml +++ b/postgres/1.0.0/proto.docker-compose.yml @@ -2,12 +2,12 @@ version: "3.7" services: {{SERVICE.DATABASE.NAME}}: - image: library/postgres:12 + image: library/postgres:13 container_name: {{SERVICE.DATABASE.NAME}} hostname: database.{{SERVER.DOMAIN}} restart: always ports: - - {{SERVICE.DATABASE.PORTS.PORT_EXPOSED}}:{{SERVICE.DATABASE.PORTS.PORT}} + - 127.0.0.1:{{SERVICE.DATABASE.PORTS.PORT_EXPOSED}}:{{SERVICE.DATABASE.PORTS.PORT}} networks: - {{SERVICE.NETWORK.NAME}} environment: diff --git a/redis/1.0.0/Definition.json b/redis/1.0.0/Definition.json new file mode 100644 index 0000000..f438ae2 --- /dev/null +++ b/redis/1.0.0/Definition.json @@ -0,0 +1,11 @@ +{ + "definition": { + "group": "main", + "type": "docker", + "version": "1.0.0", + "name": "redis" + }, + "includes": [ + "Redis.json" + ] +} \ No newline at end of file diff --git a/redis/1.0.0/Redis.json b/redis/1.0.0/Redis.json new file mode 100644 index 0000000..bcb7b57 --- /dev/null +++ b/redis/1.0.0/Redis.json @@ -0,0 +1,60 @@ +{ + "software": [ + { + "name": "Mail server stack: In memory database", + "version": "1.0.0", + "installationSteps": { + "Docker": [ + { + "type": "conditionCheck", + "value": "{{SERVICE.MEMORY_DATABASE.NAME}}" + }, + { + "type": "portRequired", + "value": "{{SERVICE.MEMORY_DATABASE.PORTS.PORT_EXPOSED}}" + }, + { + "type": "deploy", + "value": "main/docker/redis:1.0.0@:{{DOCKER.DOCKER_HOME}}/Redis" + }, + { + "type": "stack", + "value": "{{DOCKER.DOCKER_HOME}}/Redis" + }, + { + "type": "check", + "value": "{{SERVICE.MEMORY_DATABASE.NAME}}" + }, + { + "type": "command", + "value": "redis-cli -h {{SERVICE.MEMORY_DATABASE.HOST}} -p {{SERVICE.MEMORY_DATABASE.PORTS.PORT_EXPOSED}} ping" + }, + { + "type": "command", + "value": "ln {{DOCKER.DOCKER_HOME}}/Redis/database.redis.service /etc/systemd/system/database.redis.service" + }, + { + "type": "command", + "value": "sh {{SERVER.SERVER_HOME}}/Utils/setenforce.sh" + }, + { + "type": "command", + "value": "systemctl enable database.redis.service" + }, + { + "type": "reboot", + "value": "480" + }, + { + "type": "check", + "value": "{{SERVICE.MEMORY_DATABASE.NAME}}" + }, + { + "type": "command", + "value": "redis-cli -h {{SERVICE.MEMORY_DATABASE.HOST}} -p {{SERVICE.MEMORY_DATABASE.PORTS.PORT_EXPOSED}} ping" + } + ] + } + } + ] +} \ No newline at end of file diff --git a/Redis/proto.database.redis.service b/redis/1.0.0/proto.database.redis.service similarity index 100% rename from Redis/proto.database.redis.service rename to redis/1.0.0/proto.database.redis.service diff --git a/Redis/proto.docker-compose.yml b/redis/1.0.0/proto.docker-compose.yml similarity index 76% rename from Redis/proto.docker-compose.yml rename to redis/1.0.0/proto.docker-compose.yml index 3f5b28c..6695050 100644 --- a/Redis/proto.docker-compose.yml +++ b/redis/1.0.0/proto.docker-compose.yml @@ -7,7 +7,7 @@ services: hostname: memory.database.{{SERVER.DOMAIN}} restart: always ports: - - {{SERVICE.MEMORY_DATABASE.PORTS.PORT_EXPOSED}}:{{SERVICE.MEMORY_DATABASE.PORTS.PORT}} + - 127.0.0.1:{{SERVICE.MEMORY_DATABASE.PORTS.PORT_EXPOSED}}:{{SERVICE.MEMORY_DATABASE.PORTS.PORT}} networks: - {{SERVICE.NETWORK.NAME}}