#!/bin/bash function disable_systemd_unit() { d_systemd_unit=$1 if deb-systemd-helper --quiet was-enabled "${d_systemd_unit}"; then systemctl stop "${d_systemd_unit}" >/dev/null 2>&1 || true fi deb-systemd-helper disable "${d_systemd_unit}" >/dev/null || true deb-systemd-helper mask "${d_systemd_unit}" >/dev/null || true } INITSYS=`readlink -f /proc/1/exe` if [ "$INITSYS" != "/lib/systemd/systemd" -a "$INITSYS" != "/usr/lib/systemd/systemd" ]; then echo "ERROR: This chr package supports only systemd." exit 0 fi # create postfix user getent group postfix >/dev/null 2>&1 || addgroup --system postfix getent group postdrop >/dev/null 2>&1 || addgroup --system postdrop getent passwd postfix >/dev/null 2>&1 || adduser --system --home /var/spool/postfix --no-create-home --disabled-password --shell /bin/false --ingroup postfix postfix # create dovecot user getent group dovecot >/dev/null 2>&1 || addgroup --system dovecot getent passwd dovecot >/dev/null 2>&1 || adduser --system --home /usr/lib/dovecot --no-create-home --disabled-password --shell /bin/false --ingroup dovecot dovecot getent passwd dovecot |grep "Dovecot mail server" >/dev/null 2>&1 || chfn -f "Dovecot mail server" dovecot # create dovenull user getent passwd dovenull >/dev/null 2>&1 || adduser --system --home /nonexistent --no-create-home --disabled-password --shell /bin/false --ingroup nogroup dovenull getent passwd dovenull |grep "Dovecot login user" >/dev/null 2>&1 || chfn -f "Dovecot login user" dovenull # create clamav user getent group clamav >/dev/null 2>&1 || addgroup --system clamav getent passwd clamav >/dev/null 2>&1 || adduser --system --home /var/lib/clamav --no-create-home --disabled-password --shell /bin/false --ingroup clamav clamav # create amavis user getent group amavis >/dev/null 2>&1 || addgroup --system amavis getent passwd amavis >/dev/null 2>&1 || adduser --system --home /var/lib/amavis --no-create-home --disabled-password --shell /bin/sh --ingroup amavis amavis getent passwd amavis |grep "AMaViS system user" >/dev/null 2>&1 || chfn -f "AMaViS system user" amavis getent group amavis |grep clamav >/dev/null 2>&1 || usermod -a -G amavis clamav # create debian-spamd user getent group debian-spamd >/dev/null 2>&1 || addgroup --system debian-spamd getent passwd debian-spamd >/dev/null 2>&1 || adduser --system --home /var/lib/spamassassin --no-create-home --disabled-password --shell /bin/sh --ingroup debian-spamd debian-spamd # create opendkim user getent group opendkim >/dev/null 2>&1 || addgroup --system opendkim getent passwd opendkim >/dev/null 2>&1 || adduser --system --home /nonexistent --no-create-home --disabled-password --shell /bin/false --ingroup opendkim opendkim getent group opendkim |grep postfix >/dev/null 2>&1 || usermod -a -G opendkim postfix # create cluebringer user getent group cluebringer >/dev/null 2>&1 || addgroup --system cluebringer getent passwd cluebringer >/dev/null 2>&1 || adduser --system --home /nonexistent --no-create-home --disabled-password --shell /usr/sbin/nologin --ingroup cluebringer cluebringer # create policyd-rate-limit user getent group policyd-rate-limit >/dev/null 2>&1 || addgroup --system policyd-rate-limit getent passwd policyd-rate-limit >/dev/null 2>&1 || adduser --system --home /nonexistent --no-create-home --disabled-password --shell /usr/sbin/nologin --ingroup policyd-rate-limit policyd-rate-limit # create postsrsd user getent group postsrsd >/dev/null 2>&1 || addgroup --system postsrsd getent passwd postsrsd >/dev/null 2>&1 || adduser --system --home /var/lib/postsrsd --no-create-home --disabled-password --shell /usr/sbin/nologin --ingroup postsrsd postsrsd echo "Checking systemd notify,log socket placeholders" /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/run /systemd/notify file /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/run /systemd/journal/dev-log file /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/var/spool/postfix /dev/log file /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/var/spool/postfix-nl /dev/log file # restarting syslog systemctl restart rsyslog # creating link from /dev/log to systemd log socket if ! [ -e /chroot/maild/dev/log ]; then ln -s ../run/systemd/journal/dev-log /chroot/maild/dev/log fi echo "Checking mysql socket dir" /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/run /mysqld dir /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/var/spool/postfix /run/mysqld dir echo "Checking opendkim socket placeholder dirs" test -e /chroot/maild/run/opendkim || install -m 755 -o opendkim -g opendkim -d /chroot/maild/run/opendkim test -e /run/opendkim || install -m 755 -o opendkim -g opendkim -d /run/opendkim /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/var/spool/postfix /run dir test -e /chroot/maild/var/spool/postfix/run/opendkim || install -m 755 -o opendkim -g opendkim -d /chroot/maild/var/spool/postfix/run/opendkim /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/var/spool/postfix-nl /run dir test -e /chroot/maild/var/spool/postfix-nl/run/opendkim || install -m 755 -o opendkim -g opendkim -d /chroot/maild/var/spool/postfix-nl/run/opendkim /usr/lib/3gsystools/chr_placeholder_check /var/spool/postfix /run dir test -e /var/spool/postfix/run/opendkim || install -m 755 -o opendkim -g opendkim -d /var/spool/postfix/run/opendkim #if command -v systemd-tmpfiles >/dev/null 2>&1; then # systemd-tmpfiles --create /usr/lib/tmpfiles.d/chr-maild.conf || true #fi #/usr/lib/3gsystools/chr_placeholder_check /etc/ssl /sys dir #test -e /etc/ssl/sys || install -m 755 -o ssladmin -g ssladmin -d /etc/ssl/sys /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/etc/ssl /sys dir echo "Checking amavis tmp folder" /usr/lib/3gsystools/chr_placeholder_check /chroot/maild/var/lib/amavis /tmp dir echo "Checking mail data folders" #/usr/lib/3gsystools/chr_placeholder_check /srv /mail dir test -e /srv/mail || install -m 755 -o mail -g mail -d /srv/mail #/usr/lib/3gsystools/chr_placeholder_check /srv /mailindex dir test -e /srv/mailindex || install -m 755 -o mail -g mail -d /srv/mailindex #/usr/lib/3gsystools/chr_placeholder_check /chroot/maild/var /mail dir test -e /chroot/maild/var/mail || install -m 755 -o mail -g mail -d /chroot/maild/var/mail #/usr/lib/3gsystools/chr_placeholder_check /chroot/maild/var /mailindex dir test -e /chroot/maild/var/mailindex || install -m 755 -o mail -g mail -d /chroot/maild/var/mailindex echo "Updating fstab" /usr/local/sbin/fstab-chr # delete deprecated units [ -h /etc/systemd/system/multi-user.target.wants/postfix-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/postfix-chroot.service [ -h /etc/systemd/system/multi-user.target.wants/dovecot-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/dovecot-chroot.service [ -h /etc/systemd/system/multi-user.target.wants/amavis-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/amavis-chroot.service [ -h /etc/systemd/system/multi-user.target.wants/clamav-daemon-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/clamav-daemon-chroot.service [ -h /etc/systemd/system/multi-user.target.wants/clamav-freshclam-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/clamav-freshclam-chroot.service [ -h /etc/systemd/system/multi-user.target.wants/opendkim-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/opendkim-chroot.service [ -h /etc/systemd/system/multi-user.target.wants/postfix-cluebringer-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/postfix-cluebringer-chroot.service [ -h /etc/systemd/system/multi-user.target.wants/policyd-rate-limit-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/policyd-rate-limit-chroot.service [ -h /etc/systemd/system/multi-user.target.wants/postsrsd-chroot.service ] && rm /etc/systemd/system/multi-user.target.wants/postsrsd-chroot.service # activating systemd units systemctl daemon-reload ################################ ## Choosing Amavis #AMAVIS="" # ## amavisd-new (OLD - bullseye and down) #if [ -f /chroot/maild/usr/sbin/amavisd-new -a ! -f /chroot/maild/usr/sbin/amavisd ]; then # AMAVIS=amavisd-new-chroot.service # systemctl enable amavisd-new-chroot.service #else # disable_systemd_unit "amavisd-new-chroot.service" #fi # ## amavis (NEW) #if [ -f /chroot/maild/usr/sbin/amavisd ]; then # AMAVIS=amavis-chroot.service # systemctl enable amavis-chroot.service #else # disable_systemd_unit "amavis-chroot.service" #fi # ################################ ## Choosing Policyd #POLICYD="" # ## cluebringer (OLD - wheezy) #if [ -f /chroot/maild/usr/sbin/cbpolicyd -a ! -f /chroot/maild/usr/bin/policyd-rate-limit ]; then # POLICYD=postfix-cluebringer-chroot.service # systemctl enable postfix-cluebringer-chroot.service #else # disable_systemd_unit "postfix-cluebringer-chroot.service" #fi # ## policydrl (NEW) #if [ -f /chroot/maild/usr/bin/policyd-rate-limit ]; then # POLICYD=policyd-rate-limit-chroot.service # systemctl enable policyd-rate-limit-chroot.service #else # disable_systemd_unit "policyd-rate-limit-chroot.service" #fi # Enabling systemd units SYSTEMD_UNITS=" chr-maild.target chroot-maild-run-systemd-notify.mount chroot-maild-tmp.mount chroot-maild-run-systemd-journal-dev\\x2dlog.mount chroot-maild-run-mysqld.mount chroot-maild-run-opendkim.mount chroot-maild-etc-ssl-sys.mount chroot-maild-var-lib-amavis-tmp.mount chroot-maild-var-mailindex.mount chroot-maild-var-mail.mount chroot-maild-var-spool-postfix-run-opendkim.mount var-spool-postfix-run-opendkim.mount postfix-chroot.service dovecot-chroot.service amavisd-new-chroot.service amavis-chroot.service clamav-daemon-chroot.service clamav-freshclam-chroot.service opendkim-chroot.service postfix-cluebringer-chroot.service policyd-rate-limit-chroot.service postsrsd-chroot.service " for systemd_unit in $SYSTEMD_UNITS; do if [ -z "$2" ]; then # First install deb-systemd-helper enable "${systemd_unit}" >/dev/null || true else # Upgrade if deb-systemd-helper --quiet was-enabled "${systemd_unit}"; then deb-systemd-helper enable "${systemd_unit}" >/dev/null || true else deb-systemd-helper update-state "${systemd_unit}" >/dev/null || true fi fi done # Force enabling these systemd units for srv_enable in amavisd-new-chroot.service amavis-chroot.service postfix-cluebringer-chroot.service policyd-rate-limit-chroot.service; do deb-systemd-helper unmask "${srv_enable}" >/dev/null || true deb-systemd-helper enable "${srv_enable}" >/dev/null || true done exit 0