#!bin/bash echo "Installation solution mail, antispam, antivirus, utilisateurs virtuels, Horde à partir de la documentation de Starbridge Corp http://www.starbridge.org Sous Licence Creative Commons http://creativecommons.org/licenses/by-sa/3.0/deed.fr Vous êtes libres : * de reproduire, distribuer et communiquer cette création au public * de modifier cette création Selon les conditions suivantes : Paternité — Vous devez citer le nom de l'auteur original de la manière indiquée par l'auteur de l'oeuvre ou le titulaire des droits qui vous confère cette autorisation (mais pas d'une manière qui suggérerait qu'ils vous soutiennent ou approuvent votre utilisation de l'oeuvre). Partage des Conditions Initiales à l'Identique — Si vous transformez ou modifiez cette oeuvre pour en créér une nouvelle, vous devez la distribuer selon les termes du même contrat ou avec une licence similaire ou compatible." # Fonction confirmation des paramètres entrés par l'utilisateur confirmer() { echo -e "\033[1;31m Voulez-vous continuer avec cette valeur : "$1" (o/N) \033[0;39m" read confirmation } # Fonction permettant de demander confirmation pour continuer à faire_une_pause() { echo -n "Continuer [O/n] ? " read lettre case $lettre in "n" | "N") exit 1;; *);; esac } ############################## Variables ##################### faire_une_pause confirmation="n" while [ "$confirmation" != "o" ] do echo "Entrez le nom du domaine (sous la forme domaine.fr) :" read DOMAIN confirmer $DOMAIN done confirmation="n" while [ "$confirmation" != "o" ] do echo "Entrez le nom de la machine (sans le nom de domaine) :" read HOST confirmer $HOST done confirmation="n" while [ "$confirmation" != "o" ] do echo "Entrez le mot de passe Root de MysQl (si mysql n'est pas installé, mettez le même lorsqu'il vous le demandera:" read rootmysql confirmer $rootmysql done confirmation="n" while [ "$confirmation" != "o" ] do echo "Entrez le mot de passe MySql de postfix :" read Postfixpwd confirmer $Postfixpwd done confirmation="n" while [ "$confirmation" != "o" ] do echo "Entrez le mot de passe MySql de \"spam\" :" read spampwd confirmer $spampwd done confirmation="n" while [ "$confirmation" != "o" ] do echo "Entrez le mot de passe MySql de \"dspam\" :" read dspampwd confirmer $dspampwd done confirmation="n" while [ "$confirmation" != "o" ] do echo "Entrez le mot de passe mysql qui sera tilisé par l'utilisateur horde :" read HORDEPWD confirmer $HORDEPWD done #Hostname echo Les fichiers /etc/hostname et /etc/hosts seront modifiés faire_une_pause cp /etc/hostname /etc/hostname.old echo "$HOST.$DOMAIN" > /etc/hostname cp /etc/hosts /etc/hosts.old echo "127.0.0.1 $HOST.$DOMAIN localhost.localdomain localhost $HOST" > /etc/hosts cp /etc/apt/sources.list /etc/apt/sources.list.old 2>/dev/null echo " #Les depots 'classiques': deb http://ftp.fr.debian.org/debian/ lenny main deb-src http://ftp.fr.debian.org/debian/ lenny main deb http://security.debian.org/ lenny/updates main deb-src http://security.debian.org/ lenny/updates main deb http://volatile.debian.org/debian-volatile lenny/volatile main deb-src http://volatile.debian.org/debian-volatile lenny/volatile main #debian non-free deb http://ftp.fr.debian.org/debian/ lenny main contrib non-free deb-src http://ftp.fr.debian.org/debian/ lenny main contrib non-free " > /etc/apt/sources.list apt-get update aptitude update #Paquets nécessaires echo Installations des paquets nécessaires. echo LORS DE L INSTALLATION DE MYSQL RETENEZ LE MOT DE PASSE faire_une_pause apt-get install bind9 bzip2 gcc libpcre3-dev libpcre++-dev courier-authlib-dev g++ libtool libmysqlclient15-dev make libssl-dev automake autoconf postfix postfix-mysql mysql-client-5.0 mysql-server-5.0 courier-authdaemon courier-authlib-mysql libsasl2-2 libsasl2-modules sasl2-bin libpam-mysql openssl ntp tmpreaper apache2 libapache2-mod-php5 php5-mysql maildrop courier-imap courier-imap-ssl fam subversion libdb4.6-dev file libcompress-bzip2-perl nomarch arc p7zip-full arj zoo lzop tnef pax cabextract libarchive-tar-perl libarchive-zip-perl libberkeleydb-perl libcompress-zlib-perl libconvert-tnef-perl libconvert-uulib-perl libdigest-md5-perl libio-stringy-perl libmailtools-perl libmime-base64-perl libmime-perl libnet-perl perl-modules libnet-server-perl libtime-hires-perl libunix-syslog-perl libmail-dkim-perl liblog-log4perl-perl liblog-dispatch-perl libgetopt-argvfile-perl libconvert-binhex-perl libhtml-parser-perl libnet-dns-resolver-programmable-perl liberror-perl libmail-spf-perl libmail-sendmail-perl libnetaddr-ip-perl libdbi-perl libdbd-mysql-perl liblocale-subcountry-perl libwww-perl libimage-base-bundle-perl libimage-base-perl libimage-info-perl libnet-cidr-lite-perl libmime-encwords-perl libemail-valid-perl zlib1g zlib1g-dev libgmpxx4ldbl libgmp3-dev curl rsync re2c php5-imap php5-mcrypt php5-gd php-pear php5-dev libmagic-dev memcached php5-memcache unrtf libwpd-tools xlhtml source-highlight ppthtml rpm wv enscript pure-ftpd-mysql #on Modifie le resolv.conf pour le faire pointer en local cp /etc/resolv.conf /etc/resolv.conf.old echo " nameserver 127.0.0.1 search $DOMAIN " > /etc/resolv.conf #MySql Postfix user echo Configuration de postfix faire_une_pause cd /tmp wget http://blog-du-grouik.tinad.fr/public/MailCompletHorde/postfix/MysqlPostfix.sql sed -i 's/domaine.fr/'$DOMAIN'/g' MysqlPostfix.sql sed -i 's/PostfixMysQlMotDePasse/'$Postfixpwd'/g' MysqlPostfix.sql mysql -u root -p$rootmysql < MysqlPostfix.sql mv /etc/postfix/*.cf /etc/postfix/*.cf.old wget http://blog-du-grouik.tinad.fr/public/MailCompletHorde/postfix/main.cf sed -i 's/domaine.fr/'$DOMAIN'/g' main.cf sed -i 's/machine/'$HOST'/g' main.cf cp main.cf /etc/postfix/main.cf #cp /etc/postfix/master.cf /etc/postfix/master.cf.old wget http://blog-du-grouik.tinad.fr/public/MailCompletHorde/postfix/master.cf cp master.cf /etc/postfix/master.cf #On crée le groupe et le user vmail avec l’uid et gid 20001, ainsi que le répertoire des mails : groupadd -g 20001 vmail useradd -g vmail -u 20001 vmail -d /home/virtual -m chown -R vmail: /home/virtual chmod 770 /home/virtual #On crée les fichiers d’appel des tables par Postfix : cd /etc/postfix wget http://www.starbridge.org/spip/doc/Procmail/postfix/mysql_virtual_alias_maps.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/mysql_virtual_domains_maps.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/mysql_virtual_mailbox_maps.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/mysql_relay_domains_maps.cf sed -i 's/\*\*\*\*/'$Postfixpwd'/g' mysql_virtual_alias_maps.cf mysql_virtual_domains_maps.cf mysql_virtual_mailbox_maps.cf mysql_relay_domains_maps.cf echo Configuration de maildrop faire_une_pause #maildrop chown vmail: /usr/bin/maildrop chown vmail:daemon /var/run/courier/authdaemon/ chmod 750 /var/run/courier/authdaemon/ cd /etc/courier mv authdaemonrc authdaemonrc-orig wget http://www.starbridge.org/spip/doc/Procmail/courier/authdaemonrc chown daemon: authdaemonrc chmod 660 authdaemonrc cd /etc/courier mv authmysqlrc authmysqlrc-orig wget http://www.starbridge.org/spip/doc/Procmail/courier/authmysqlrc chown daemon: authmysqlrc chmod 640 authmysqlrc sed -i 's/\*\*\*\*\*/'$Postfixpwd'/g' authmysqlrc rm /home/virtual/.mailfilter cd /tmp wget http://blog-du-grouik.tinad.fr/public/MailCompletHorde/postfix/mailfilter mv /tmp/mailfilter /home/virtual/.mailfilter chown vmail: /home/virtual/.mailfilter chmod 600 /home/virtual/.mailfilter /etc/init.d/courier-authdaemon restart /etc/init.d/postfix restart /etc/init.d/courier-authdaemon restart /etc/init.d/courier-imap restart cd /etc/pam.d wget http://www.starbridge.org/spip/doc/Procmail/pam.d/smtp sed -i 's/\*\*\*\*\*/'$Postfixpwd'/g' smtp chmod 640 /etc/pam.d/smtp #Authentification SASL cd /etc/postfix/sasl/ wget http://www.starbridge.org/spip/doc/Procmail/postfix/sasl/smtpd.conf cd /etc/default mv saslauthd saslauthd-orig wget http://www.starbridge.org/spip/doc/Procmail/init.d/saslauthd mkdir /var/spool/postfix/var/ mkdir /var/spool/postfix/var/run/ mkdir /var/spool/postfix/var/run/saslauthd chown -R root:sasl /var/spool/postfix/var/ chmod 710 /var/spool/postfix/var/run/saslauthd adduser postfix sasl ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd cd /etc/init.d/ sed -i 's/nss_mdns.config/nss_mdns.config etc\/postfix\/sasl\/smtpd.conf/' postfix /etc/init.d/postfix restart /etc/init.d/saslauthd restart #Activation du TLS #On crée le Certificat Racine : echo Création du certificat racine Challenge password doit rester vide!!! cd ~ /usr/lib/ssl/misc/CA.pl -newca echo On crée maintenant une clé privée pour le serveur ainsi qu’un certificat public non signé. mkdir ~/CERT cd ~/CERT openssl req -new -nodes -keyout tinad-key.pem -out tinad-req.pem -days 3650 echo On signe maintenant ce certificat public avec le certificat racine : cd ~ openssl ca -out CERT/tinad-cert.pem -infiles CERT/tinad-req.pem #On copie maintenant le certificat et la clé dans postfix : mkdir /etc/postfix/tls cp demoCA/cacert.pem CERT/tinad-key.pem CERT/tinad-cert.pem /etc/postfix/tls/ chmod 644 /etc/postfix/tls/tinad-cert.pem /etc/postfix/tls/tinad.pem chmod 400 /etc/postfix/tls/tinad-key.pem chmod 400 ~/CERT/* /etc/init.d/postfix restart #Maintenant que l’on a un certificat signé on va remplacer le certificat par défaut de courier-imap-ssl par le notre : cd ~/CERT cat tinad-key.pem tinad-cert.pem >certkey.pem cp certkey.pem tinad-certkey.pem openssl gendh >> tinad-certkey.pem chmod 400 ~/CERT/* cp tinad-certkey.pem /etc/courier/ chmod 600 /etc/courier/tinad-certkey.pem chown daemon /etc/courier/tinad-certkey.pem cd /etc/courier sed -i 's/imapd.pem/tinad-certkey.pem/g' imapd-ssl /etc/init.d/courier-imap-ssl stop /etc/init.d/courier-imap-ssl start #SASL cd /etc/pam.d/ wget http://www.starbridge.org/spip/doc/Procmail/pam.d/smtp sed -i 's/\*\*\*\*\*/'$Postfixpwd'/g' smtp chmod 640 /etc/pam.d/smtp cd /etc/postfix/sasl/ wget http://www.starbridge.org/spip/doc/Procmail/postfix/sasl/smtpd.conf cd /etc/default mv saslauthd saslauthd-orig wget http://www.starbridge.org/spip/doc/Procmail/init.d/saslauthd mkdir /var/spool/postfix/var/ mkdir /var/spool/postfix/var/run/ mkdir /var/spool/postfix/var/run/saslauthd chown -R root:sasl /var/spool/postfix/var/ chmod 710 /var/spool/postfix/var/run/saslauthd adduser postfix sasl ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd cd /etc/init.d/ sed -i 's/nss_mdns.config/nss_mdns.config etc\/postfix\/sasl\/smtpd.conf/' postfix /etc/init.d/postfix restart /etc/init.d/saslauthd restart #PostfixAdmin! #le virtual host a2enmod ssl echo " NameVirtualHost *:443 ServerAdmin webmaster@starbridge.org ServerName spike.starbridge.org DocumentRoot /var/www/ Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place # Commented out for Ubuntu #RedirectMatch ^/$ /apache2-default/ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride AuthConfig Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On SSLEngine On SSLCertificateFile /etc/apache2/ssl/tinad-certkey-www.pem SetEnvIf User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown " >/etc/apache2/sites-available/ssl sed -i 's/starbridge.org/'$DOMAIN'/g' /etc/apache2/sites-available/ssl sed -i 's/spike/'$HOST'/g' /etc/apache2/sites-available/ssl #echo "listen 443">> /etc/apache2/ports.conf #Pas la peine avec une lenny a2ensite ssl cd ~/CERT openssl req -new -nodes -keyout tinad-key-www.pem -out tinad-req-www.pem -days 3650 cd ~ openssl ca -out CERT/tinad-cert-www.pem -infiles CERT/tinad-req-www.pem chmod 400 ~/CERT/* cd CERT/ cat tinad-key-www.pem tinad-cert-www.pem >tinad-certkey-www.pem mkdir /etc/apache2/ssl #cp tinad-req-www.pem /etc/apache2/ssl/ #cp tinad-cert-www.pem /etc/apache2/ssl/ cp tinad-certkey-www.pem /etc/apache2/ssl/ chmod 600 /etc/apache2/ssl/tinad-certkey-www.pem chmod 400 ~/CERT/* /etc/init.d/apache2 restart # cd /var/www svn -r 629 co https://postfixadmin.svn.sourceforge.net/svnroot/postfixadmin/trunk postfixadmin chown -R www-data: /var/www/postfixadmin cd postfixadmin chmod 640 *.php cd /var/www/postfixadmin/admin/ chmod 640 *.php cd /var/www/postfixadmin/images/ chmod 640 *.png cd /var/www/postfixadmin/languages/ chmod 640 *.lang cd /var/www/postfixadmin/templates/ chmod 640 *.php cd /var/www/postfixadmin/users/ chmod 640 *.php cd /var/www/postfixadmin/ mv config.inc.php config.inc.php-orig wget --output-document=config.inc.txt http://www.starbridge.org/spip/doc/Procmail/config.inc.txt mv config.inc.txt config.inc.php sed -i "s/password'] = '\*\*\*\*\*'/password'] = '$Postfixpwd'/" config.inc.php sed -i 's/www.starbridge.org/'$HOST.$DOMAIN'/g' config.inc.php sed -i 's/starbridge.org/'$DOMAIN'/g' config.inc.php chown www-data: /var/www/postfixadmin/config.inc.php chmod 640 config.inc.php rm /var/www/postfixadmin/setup.php cd /etc/ wget --output-document=quotawarnmsg http://www.starbridge.org/spip/doc/Procmail/usr/local/courier/etc/quotawarnmsg chown -R vmail: /etc/quotawarnmsg chmod 644 /etc/quotawarnmsg cd /etc/postfix/ wget --output-document=internal_networks http://www.starbridge.org/spip/doc/Procmail/postfix/internal_networks cd /etc/postfix/ wget http://www.starbridge.org/spip/doc/Procmail/postfix/mysql-hello.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/mysql-sender.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/mysql-client.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/mysql-sasl-sender-check.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/our_domain_as_sender wget http://www.starbridge.org/spip/doc/Procmail/postfix/not_our_domain_as_sender sed -i 's/starbridge.org/'$DOMAIN'/g' /etc/postfix/our_domain_as_sender /etc/postfix/not_our_domain_as_sender postmap /etc/postfix/internal_networks postmap /etc/postfix/our_domain_as_sender postmap /etc/postfix/not_our_domain_as_sender sed -i 's/\*\*\*\*/'$Postfixpwd'/g' mysql-* chown -R root:postfix /etc/postfix/mysql-* chmod 640 /etc/postfix/mysql-* cd ~ wget http://www.starbridge.org/spip/doc/Procmail/postfix/postfix_access.sql sed -i 's/starbridge.org/'$DOMAIN'/g' postfix_access.sql mysql -u root -p$rootmysql < postfix_access.sql postfix reload cd /etc/postfix/ wget http://www.starbridge.org/spip/doc/Procmail/postfix/body_checks.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/header_checks.cf wget http://www.starbridge.org/spip/doc/Procmail/postfix/mime_headers_checks.cf # Amavisd et SA #Installation Spamassassin #On installe SA depuis les sources : cd ~ wget http://apache.cict.fr/spamassassin/source/Mail-SpamAssassin-3.2.5.tar.gz tar xvzf Mail-SpamAssassin-3.2.5.tar.gz cd Mail-SpamAssassin-3.2.5 perl Makefile.PL PREFIX=/usr make make install #Installation Amavisd cd ~ wget http://www.ijs.si/software/amavisd/amavisd-new-2.6.3.tar.gz tar xvzf amavisd-new-2.6.3.tar.gz cd amavisd-new-2.6.3 groupadd -g 1002 amavis useradd -g amavis -u 1002 amavis -d /var/amavis -m mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home chown -R amavis: /var/amavis echo " tmpfs /var/amavis/db tmpfs rw,size=10m,mode=700,uid=amavis,gid=amavis 0 0 tmpfs /var/amavis/tmp tmpfs rw,size=150m,mode=700,uid=amavis,gid=amavis 0 0 ">>/etc/fstab mount /var/amavis/tmp mount /var/amavis/db #Copier les exécutables : cp amavisd-nanny /usr/sbin/ cd /usr/sbin/ wget http://www.starbridge.org/spip/doc/Procmail/amavisd/amavisd chown root /usr/sbin/amavisd* chmod 755 /usr/sbin/amavisd* #Copier les fichiers de conf : cd /etc/ wget http://www.starbridge.org/spip/doc/Procmail/amavisd/amavisd.conf chown root:amavis /etc/amavisd.conf chmod 640 /etc/amavisd.conf sed -i 's/starbridge.org/'$DOMAIN'/g' amavisd.conf sed -i 's/spike/'$HOST'/g' amavisd.conf mkdir /etc/amavisd cd /etc/amavisd wget http://www.starbridge.org/spip/doc/Procmail/amavisd/amavisd.domains sed -i 's/starbridge.org/'$DOMAIN'/g' amavisd.domains wget http://www.starbridge.org/spip/doc/Procmail/amavisd/sender_scores_sitewide #Créer la quarantaine : mkdir /var/virusmails chown amavis:amavis /var/virusmails chmod 750 /var/virusmails postfix reload #Installation Clamav #On compile depuis les sources : cd ~ wget http://mesh.dl.sourceforge.net/sourceforge/clamav/clamav-0.95.1.tar.gz tar xvzf clamav-0.95.1.tar.gz cd clamav-0.95.1 ./configure --prefix=/usr --sysconfdir=/etc --with-user=amavis --with-group=amavis --with-dbdir=/var/lib/clamav make make install ldconfig mkdir /var/run/clamav chown -R amavis: /var/run/clamav chmod -R 750 /var/run/clamav mkdir /var/lib/clamav chown -R amavis: /var/lib/clamav chmod -R 770 /var/lib/clamav #On met a jour les fichiers de configuration : cd /etc mv clamd.conf clamd.conf.orig mv freshclam.conf freshclam.conf.orig wget http://www.starbridge.org/spip/doc/Procmail/clamd.conf wget http://www.starbridge.org/spip/doc/Procmail/freshclam.conf echo " remember il manque ça dans ce script crontab -e -u amavis 0 0,6,12,18 * * * /usr/bin/freshclam 5 */4 * * * /usr/sbin/clamav-unofficial-sigs.sh 16 3 * * * /usr/bin/sa-learn --sync --force-expire 25 4 * * * /usr/bin/mysql -u spam -p'$Postfixpwd' spam < /etc/SA-awl-purgesql 5 */4 * * * /usr/sbin/clamav-unofficial-sigs.sh 14 2 * * * /usr/bin/mysql -u dspam -p'$dspampwd' dspam < /etc/dspam-purge-4.1.sql 3 3 1 * * /usr/bin/dspam_logrotate -a 30 -v -d /var/amavis/dspam 25 4 * * * /usr/bin/mysql -u spam -p'$spampwd' spam < /etc/SA-awl-purgesql 16 3 * * * /usr/bin/sa-learn --sync --force-expire" faire_une_pause crontab -e -u amavis echo" crontab -e */5 * * * * /usr/sbin/clamdmon.sh 15 2 * * * /etc/sa-update.sh 30 3,10,15,22 * * * /etc/sa-learn */5 * * * * /usr/sbin/clamdmon.sh 15 2 * * * /etc/sa-update.sh 30 3,10,15,22 * * * /etc/sa-learn " faire_une_pause crontab -e mkdir /var/log/clamav chown -R amavis:amavis /var/log/clamav #Créer un fichier /etc/init.d/clamd cd /etc/init.d/ wget http://www.starbridge.org/spip/doc/Procmail/clamd chmod 755 /etc/init.d/clamd update-rc.d clamd defaults freshclam /etc/init.d/clamd start cd /root/clamav-0.95.1/test/ clamdscan -l scan.txt clam-x.yz #Installation des signatures additionnelles pour Clam (détection du spam, phising...) cd /usr/sbin wget http://www.starbridge.org/spip/doc/Procmail/usr/sbin/clamav-unofficial-sigs.sh chmod 755 clamav-unofficial-sigs.sh cd /etc/ wget http://www.starbridge.org/spip/doc/Procmail/clamav-unofficial-sigs.conf mkdir /var/lib/unofficial-clamav-sigs chown -R amavis: /var/lib/unofficial-clamav-sigs su -c '/usr/sbin/clamav-unofficial-sigs.sh' amavis cd ~ wget http://www.starbridge.org/spip/doc/Procmail/clamdmon-1.0.tar.gz tar xvzf clamdmon-1.0.tar.gz cd clamdmon-1.0 make make install #Paramétrage Spamassassin# #On remplace le /etc/mail/spamassassin/local.cf par celui ci et on ajoute un fichier supplémentaire : cd /etc/mail/spamassassin/ mv local.cf local.cf-orig wget http://www.starbridge.org/spip/doc/Procmail/spamassassin/local.cf wget http://www.starbridge.org/spip/doc/Procmail/spamassassin/amavis-sanesecurity.cf #On sécurise : chown amavis: /etc/mail/spamassassin/local.cf chmod 640 /etc/mail/spamassassin/local.cf #On crée la base : echo " create database spam; GRANT SELECT, INSERT, UPDATE, DELETE ON spam.* TO 'spam'@'localhost' IDENTIFIED BY '$spampwd'; FLUSH PRIVILEGES; " > /tmp/Createbasespam.sql mysql -u root -p$rootmysql < /tmp/Createbasespam.sql sed -i 's/\*\*\*\*\*\*/'$spampwd'/g' /etc/mail/spamassassin/local.cf #on importe la base sql : wget http://www.starbridge.org/spip/doc/Procmail/spamassassin/bayes_awl.sql wget http://spamassassin.apache.org/gtube/gtube.txt mysql -u root -p\'$rootmysql\' spam < bayes_awl.sql #On initialise la base : su amavis -c 'sa-learn -D --spam gtube.txt' #script qui nettoira les tables régulierement : cd /etc/ wget http://www.starbridge.org/spip/doc/Procmail/spamassassin/SA-awl-purgesql #Mise à jour des Rules de SA et ajout des Rules SARE : sa-update -D #On prépare l’installation des rules SARE : cd /etc/mail/spamassassin/ wget http://daryl.dostech.ca/sa-update/sare/GPG.KEY sa-update --import GPG.KEY on installe le fichier contenant la liste des Rules : wget http://www.starbridge.org/spip/doc/Procmail/spamassassin/sare-sa-update-channels.txt #On pourra modifier ce fichier pour ne sélectionner que les RULES que l’on désire. #On met à jour : sa-update -D --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A su -c "spamassassin -D --lint" amavis #Pour une mise à jour régulière (1 fois par jour maximum) on pourra créer une tache cron en n’oubliant pas de relancer amavisd à la fin du script. #Pour cela, on crée un fichier sa-update.sh : cd /etc/ wget http://www.starbridge.org/spip/doc/Procmail/spamassassin/sa-update.sh chmod 755 /etc/sa-update.sh #Compilation des Rulesets sa-compile -D echo " loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody " >> /etc/mail/spamassassin/v320.pre #Il faut maintenant planifier une compilation hebdomadaire des règles. #On crée un fichier /etc/cron.weekly/sa-compile cd /etc/cron.weekly/ wget http://www.starbridge.org/spip/doc/Procmail/spamassassin/sa-compile chmod 755 /etc/cron.weekly/sa-compile #Activation du plugin DKIM echo " loadplugin Mail::SpamAssassin::Plugin::DKIM ">>/etc/mail/spamassassin/v312.pre #On crée un fichier /etc/init.d/amavis : cd /etc/init.d/ wget http://www.starbridge.org/spip/doc/Procmail/init.d/amavis chmod 755 /etc/init.d/amavis update-rc.d amavis defaults /etc/init.d/amavis start mkdir /home/spamtrap chown amavis: /home/spamtrap chmod 777 /home/spamtrap mkdir /home/hamtrap chown amavis: /home/hamtrap chmod 777 /home/hamtrap #on crée un fichier /etc/sa-learn : cd /etc/ wget http://www.starbridge.org/spip/doc/Procmail/spamassassin/sa-learn chmod 755 /etc/sa-learn #Activation de Clam dans Amavisd sed -i 's/@bypass_virus_checks_maps/#@bypass_virus_checks_maps/g' /etc/amavisd.conf /etc/init.d/amavis stop && /etc/init.d/amavis start #Dspam cd ~ wget http://www.starbridge.org/spip/doc/Procmail/dspam-community-3.9.0.tar.gz tar xvzf dspam-community-3.9.0.tar.gz cd dspam ./autogen.sh ./configure --prefix=/usr --sysconfdir=/etc --with-dspam-home=/var/amavis/dspam --enable-signature-headers --without-delivery-agent --without-quarantine-agent --with-storage-driver=mysql_drv --with-mysql-includes=/usr/include/mysql make make install #Créer la base sql : echo " create database dspam; GRANT SELECT, INSERT, UPDATE, DELETE ON dspam.* TO 'dspam'@'localhost' IDENTIFIED BY '$dspampwd'; FLUSH PRIVILEGES; ">> /tmp/createbasedspam.sql mysql - u root -p$rootmysql < /tmp/createbasedspam.sql