Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Added DQS Values to update.sh/generate + check of variable

DerLinkman 2 years ago
parent
0927c5df57
commit
1de47072f8
2 changed files with 58 additions and 5 deletions
Unified View Show Diff Stats
  1. 26 1
      generate_config.sh
  2. 32 4
      update.sh

+ 26 - 1
generate_config.sh
View File 

@@ -21,7 +21,7 @@ if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep
 
 if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
 
 if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
 
 if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi
 
 if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi
 
 
 
-for bin in openssl curl docker git awk sha1sum; do
 
+for bin in openssl curl docker git awk sha1sum grep cut whois; do
 
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 
 done
 
 done
 
 
 
@@ -58,6 +58,23 @@ else
 
   exit 1
 
   exit 1
 
 fi
 
 fi
 
 
 
+detect_bad_asn() {
 
+  if [[ curl -s http://fuzzy.mailcow.email/asn_list.txt |  grep $(whois -h whois.radb.net $(curl -s http://ipv4.mailcow.email) | grep -i origin | tr -s " " | cut -d " " -f2 | head -1) ]]; then
 
+    if ! $SPAMHAUS_DQS_KEY; then
 
+      echo -e "\e[31mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS blocklists for Postfix."
 
+      echo -e "\e[31mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!"
 
+      echo ""
 
+      echo -e "\e[31mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account"
 
+      echo -e "\e[31mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!"
 
+      sleep 2
 
+
 
+    else
 
+      echo -e "\e[31mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS blocklists for Postfix."
 
+      echo -e "\e[33mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key..."
 
+    fi
 
+  fi
 
+}
 
+
 
 ### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
 
 ### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
 
 if [[ ${1} == "--dev" || ${1} == "-d" ]]; then
 
 if [[ ${1} == "--dev" || ${1} == "-d" ]]; then
 
   SKIP_BRANCH=y
 
   SKIP_BRANCH=y
 
@@ -431,6 +448,12 @@ ACME_CONTACT=
 
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
 
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
 
 WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 
 WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 
 
 
+# Spamhaus Data Query Service Key
 
+# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist. 
+# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.
 
+# Otherwise it will work normally.
 
+SPAMHAUS_DQS_KEY=
 
+
 
 EOF
 
 EOF
 
 
 
 mkdir -p data/assets/ssl
 
 mkdir -p data/assets/ssl
 
@@ -503,3 +526,5 @@ else
 
   echo '?>' >> data/web/inc/app_info.inc.php
 
   echo '?>' >> data/web/inc/app_info.inc.php
 
   echo -e "\e[33mCannot determine current git repository version...\e[0m"
 
   echo -e "\e[33mCannot determine current git repository version...\e[0m"
 
 fi
 
 fi
 
+
 
+detect_bad_asn

+ 32 - 4
update.sh
View File 

@@ -255,6 +255,23 @@ elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
 
 fi
 
 fi
 
 }
 
 }
 
 
 
+detect_bad_asn() {
 
+  if curl -s http://fuzzy.mailcow.email/asn_list.txt | grep $(whois -h whois.radb.net $(curl -s http://ipv4.mailcow.email) | grep -i origin | tr -s " " | cut -d " " -f2 | head -1); then
 
+    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
 
+      echo -e "\e[31mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS blocklists for Postfix."
 
+      echo -e "\e[31mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!"
 
+      echo ""
 
+      echo -e "\e[31mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account"
 
+      echo -e "\e[31mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!"
 
+      sleep 2
 
+
 
+    else
 
+      echo -e "\e[31mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS blocklists for Postfix."
 
+      echo -e "\e[33mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key..."
 
+    fi
 
+  fi
 
+}
 
+
 
 ############## End Function Section ##############
 
 ############## End Function Section ##############
 
 
 
 # Check permissions
 
 # Check permissions
 
@@ -301,7 +318,7 @@ umask 0022
 
 unset COMPOSE_COMMAND
 
 unset COMPOSE_COMMAND
 
 unset DOCKER_COMPOSE_VERSION
 
 unset DOCKER_COMPOSE_VERSION
 
 
 
-for bin in curl docker git awk sha1sum; do
 
+for bin in curl docker git awk sha1sum grep cut whois; do
 
   if [[ -z $(command -v ${bin}) ]]; then 
   if [[ -z $(command -v ${bin}) ]]; then 
   echo "Cannot find ${bin}, exiting..." 
   echo "Cannot find ${bin}, exiting..." 
   exit 1;
 
   exit 1;
 
@@ -442,8 +459,11 @@ CONFIG_ARRAY=(
 
   "ACME_CONTACT"
 
   "ACME_CONTACT"
 
   "WATCHDOG_VERBOSE"
 
   "WATCHDOG_VERBOSE"
 
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
 
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
 
+  "SPAMHAUS_DQS_KEY"
 
 )
 
 )
 
 
 
+detect_bad_asn
 
+
 
 sed -i --follow-symlinks '$a\' mailcow.conf
 
 sed -i --follow-symlinks '$a\' mailcow.conf
 
 for option in ${CONFIG_ARRAY[@]}; do
 
 for option in ${CONFIG_ARRAY[@]}; do
 
   if [[ ${option} == "ADDITIONAL_SAN" ]]; then
 
   if [[ ${option} == "ADDITIONAL_SAN" ]]; then
 
@@ -659,7 +679,7 @@ for option in ${CONFIG_ARRAY[@]}; do
 
       echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
 
       echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
 
       echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
 
       echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
 
       echo 'ACME_CONTACT=' >> mailcow.conf
 
       echo 'ACME_CONTACT=' >> mailcow.conf
 
-  fi
 
+    fi
 
   elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
 
   elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
 
     if ! grep -q ${option} mailcow.conf; then
 
     if ! grep -q ${option} mailcow.conf; then
 
       echo "# WebAuthn device manufacturer verification" >> mailcow.conf
 
       echo "# WebAuthn device manufacturer verification" >> mailcow.conf
 
@@ -667,11 +687,19 @@ for option in ${CONFIG_ARRAY[@]}; do
 
       echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
 
       echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
 
       echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
 
       echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
 
     fi
 
     fi
 
-elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
 
+  elif [[ ${option} == "SPAMHAUS_DQS_KEY" ]]; then
 
+    if ! grep -q ${option} mailcow.conf; then
 
+      echo "# Spamhaus Data Query Service Key" >> mailcow.conf
 
+      echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
 
+      echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
 
+      echo '# Otherwise it will work as usual.' >> mailcow.conf
 
+      echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
 
+    fi
 
+  elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
 
     if ! grep -q ${option} mailcow.conf; then
 
     if ! grep -q ${option} mailcow.conf; then
 
       echo '# Enable watchdog verbose logging' >> mailcow.conf
 
       echo '# Enable watchdog verbose logging' >> mailcow.conf
 
       echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
 
       echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
 
-  fi
 
+    fi
 
   elif ! grep -q ${option} mailcow.conf; then
 
   elif ! grep -q ${option} mailcow.conf; then
 
     echo "Adding new option \"${option}\" to mailcow.conf"
 
     echo "Adding new option \"${option}\" to mailcow.conf"
 
     echo "${option}=n" >> mailcow.conf
 
     echo "${option}=n" >> mailcow.conf