63 lines
1.5 KiB
Bash
63 lines
1.5 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
source ./lib.sh
|
|
|
|
log "OpenDMARC installieren/konfigurieren …"
|
|
|
|
# Flags laden
|
|
set +u
|
|
[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
|
|
set -u
|
|
OPENDMARC_ENABLE="${OPENDMARC_ENABLE:-1}"
|
|
|
|
# Paket sicherstellen
|
|
if ! dpkg -s opendmarc >/dev/null 2>&1; then
|
|
apt-get update -qq
|
|
apt-get install -y opendmarc
|
|
fi
|
|
|
|
# Config-Verzeichnisse
|
|
install -d -m 0755 /etc/opendmarc
|
|
install -d -m 0755 /run/opendmarc
|
|
|
|
# IgnoreHosts
|
|
cat >/etc/opendmarc/ignore.hosts <<'EOF'
|
|
127.0.0.1
|
|
::1
|
|
localhost
|
|
EOF
|
|
chmod 0644 /etc/opendmarc/ignore.hosts
|
|
|
|
# Hauptkonfiguration
|
|
cat >/etc/opendmarc.conf <<'EOF'
|
|
AuthservID mailwolt
|
|
TrustedAuthservIDs mailwolt
|
|
IgnoreHosts /etc/opendmarc/ignore.hosts
|
|
Syslog true
|
|
SoftwareHeader true
|
|
Socket local:/run/opendmarc/opendmarc.sock
|
|
RejectFailures false
|
|
EOF
|
|
chmod 0644 /etc/opendmarc.conf
|
|
|
|
# systemd Drop-in für RuntimeDirectory (robust nach Reboot)
|
|
install -d -m 0755 /etc/systemd/system/opendmarc.service.d
|
|
cat >/etc/systemd/system/opendmarc.service.d/override.conf <<'EOF'
|
|
[Service]
|
|
RuntimeDirectory=opendmarc
|
|
RuntimeDirectoryMode=0755
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
|
|
# Dienst nach Flag
|
|
if [[ "$OPENDMARC_ENABLE" = "1" ]]; then
|
|
systemctl enable --now opendmarc
|
|
else
|
|
systemctl disable --now opendmarc || true
|
|
fi
|
|
|
|
# Postfix-Milter-Kette konsistent setzen (Rspamd + OpenDKIM + optional OpenDMARC)
|
|
touch /run/mailwolt.need-apply-milters || true
|
|
|
|
log "[✓] OpenDMARC (ENABLE=${OPENDMARC_ENABLE}) bereit." |