saving uncommitted changes in /etc prior to apt run

diff --git a/.etckeeper b/.etckeeper
index 1fe22f2beef56c683e63a31621836f7ef3896dde..ada384a854bf8eb3afc6f184202bbf3c2949779f 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -19197,6 +19197,7 @@ maybe chmod 0644 'postfix/main.cf.save'
 maybe chmod 0644 'postfix/master.cf'
 maybe chmod 0644 'postfix/master.cf.proto'
 maybe chmod 0644 'postfix/master.cf.save'
+maybe chmod 0644 'postfix/master.cf_2024-03-15'
 maybe chmod 0755 'postfix/post-install'
 maybe chmod 0644 'postfix/postfix-files'
 maybe chmod 0755 'postfix/postfix-files.d'

diff --git a/amavis/conf.d/15-content_filter_mode b/amavis/conf.d/15-content_filter_mode
index 1d5ffab2e02aabbf0757284d38eb179228e8ce43..7b1a2ac6bcd5d5ec32d294d4585161a975d64e5c 100644 (file)
--- a/amavis/conf.d/15-content_filter_mode
+++ b/amavis/conf.d/15-content_filter_mode
@@ -10,8 +10,8 @@ use strict;
 # If You wish to enable it, please uncomment the following lines:
 
 
-#@bypass_virus_checks_maps = (
-#   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
+@bypass_virus_checks_maps = (
+   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
 
 
 #

diff --git a/amavis/conf.d/21-ubuntu_defaults b/amavis/conf.d/21-ubuntu_defaults
index 01feccc4216403df74a1739a63d9b399724aa9e3..f2a7e7694f0bd554c066b6646944320eca646494 100644 (file)
--- a/amavis/conf.d/21-ubuntu_defaults
+++ b/amavis/conf.d/21-ubuntu_defaults
@@ -7,8 +7,8 @@ use strict;
 $enable_dkim_verification = 1;
 # Don't be verbose about sending mail:
 @whitelist_sender_acl = qw( .$mydomain );
-#$final_virus_destiny      = D_DISCARD; # (defaults to D_BOUNCE)
-$final_virus_destiny      = D_PASS; # (defaults to D_BOUNCE)
+$final_virus_destiny      = D_DISCARD; # (defaults to D_BOUNCE)
+#$final_virus_destiny      = D_PASS; # (defaults to D_BOUNCE)
 $final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)
 #$final_spam_destiny       = D_DISCARD;  # (defaults to D_REJECT)
 $final_spam_destiny       = D_PASS;  # (defaults to D_REJECT)

diff --git a/postfix/master.cf b/postfix/master.cf
index 6a863a5bc9544216f7bf1ab2e0e00e7ce564b1bc..735ea7e825ac18896cb7c948a48855802f2a7223 100644 (file)
--- a/postfix/master.cf
+++ b/postfix/master.cf
@@ -23,8 +23,28 @@ smtp      inet  n       -       n       -       -       smtpd
 ###
 ### SMTP-Daemon hinter Postscreen: Schleift E-Mails zur Filterung durch Amavis
 ###
+# bei smtpd rausgenommen    -o smtpd_sasl_auth_enable=no
 smtpd     pass  -       -       n       -       -       smtpd
-    -o smtpd_sasl_auth_enable=no
+localhost:10025 inet    n       -       -       -       -       smtpd
+        -o content_filter=
+        -o local_recipient_maps=
+        -o relay_recipient_maps=
+        -o smtpd_restriction_classes=
+        -o smtpd_delay_reject=no
+        -o smtpd_client_restrictions=permit_mynetworks,reject
+        -o smtpd_helo_restrictions=
+        -o smtpd_sender_restrictions=
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o smtpd_data_restrictions=reject_unauth_pipelining
+        -o smtpd_end_of_data_restrictions=
+        -o mynetworks=127.0.0.0/8
+        -o smtpd_error_sleep_time=0
+        -o smtpd_soft_error_limit=1001
+        -o smtpd_hard_error_limit=1000
+        -o smtpd_client_connection_count_limit=0
+        -o smtpd_client_connection_rate_limit=0
+        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
+       -o smtpd_tls_security_level=none
 ###
 ### dnsblog führt DNS-Abfragen für Blocklists durch
 ###
@@ -88,23 +108,3 @@ policy-spf unix - n n - - spawn
  user=nobody argv=/usr/bin/policyd-spf
 
 
-127.0.0.1:10025 inet    n       -       -       -       -       smtpd
-        -o content_filter=
-        -o local_recipient_maps=
-        -o relay_recipient_maps=
-        -o smtpd_restriction_classes=
-        -o smtpd_delay_reject=no
-        -o smtpd_client_restrictions=permit_mynetworks,reject
-        -o smtpd_helo_restrictions=
-        -o smtpd_sender_restrictions=
-        -o smtpd_recipient_restrictions=permit_mynetworks,reject
-        -o smtpd_data_restrictions=reject_unauth_pipelining
-        -o smtpd_end_of_data_restrictions=
-        -o mynetworks=127.0.0.0/8
-        -o smtpd_error_sleep_time=0
-        -o smtpd_soft_error_limit=1001
-        -o smtpd_hard_error_limit=1000
-        -o smtpd_client_connection_count_limit=0
-        -o smtpd_client_connection_rate_limit=0
-        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-       -o smtpd_tls_security_level=none

diff --git a/postfix/master.cf_2024-03-15 b/postfix/master.cf_2024-03-15
new file mode 100644 (file)
index 0000000..6a863a5
--- /dev/null
+++ b/postfix/master.cf_2024-03-15
@@ -0,0 +1,110 @@
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+
+###
+### Postscreen-Service: Prüft eingehende SMTP-Verbindungen auf Spam-Server
+###
+smtp      inet  n       -       n       -       1       postscreen
+    -o smtpd_sasl_auth_enable=no
+
+smtp-amavis     unix    -       -       -       -       2       smtp
+        -o smtp_data_done_timeout=1200
+        -o smtp_send_xforward_command=yes
+        -o disable_dns_lookups=yes
+        -o max_use=20
+       -o smtp_tls_security_level=none
+
+smtp      inet  n       -       n       -       -       smtpd
+      -o content_filter=smtp-amavis:127.0.0.1:10024
+#
+#-o smtpd_milters=smtp:[127.0.0.1]:10024
+###
+### SMTP-Daemon hinter Postscreen: Schleift E-Mails zur Filterung durch Amavis
+###
+smtpd     pass  -       -       n       -       -       smtpd
+    -o smtpd_sasl_auth_enable=no
+###
+### dnsblog führt DNS-Abfragen für Blocklists durch
+###
+dnsblog   unix  -       -       n       -       0       dnsblog
+###
+### tlsproxy gibt Postscreen TLS support
+###
+tlsproxy  unix  -       -       n       -       0       tlsproxy
+###
+### Submission-Zugang für Clients: Für Mailclients gelten andere Regeln, als für andere Mailserver (siehe smtpd_ in main.cf)
+###
+submission inet n       -       n       -       -       smtpd
+    -o syslog_name=postfix/submission
+    -o smtpd_tls_security_level=encrypt
+    -o smtpd_sasl_auth_enable=yes
+    -o smtpd_sasl_type=dovecot
+    -o smtpd_sasl_path=private/auth
+    -o smtpd_sasl_security_options=noanonymous
+    -o smtpd_relay_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
+    -o smtpd_sender_login_maps=mysql:/etc/postfix/sql/sender-login-maps.cf
+    -o smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject
+    -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+    -o smtpd_helo_required=no
+    -o smtpd_helo_restrictions=
+    -o milter_macro_daemon_name=ORIGINATING
+    -o cleanup_service_name=submission-header-cleanup
+###
+### Weitere wichtige Dienste für den Serverbetrieb
+###
+pickup    unix  n       -       n       60      1       pickup
+    -o content_filter=
+    -o receive_override_options=no_header_body_checks
+
+#    -o content_filter=smtp-amavis:[127.0.0.1]:10024
+
+cleanup   unix  n       -       n       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+rewrite   unix  -       -       n       -       -       trivial-rewrite
+bounce    unix  -       -       n       -       0       bounce
+defer     unix  -       -       n       -       0       bounce
+trace     unix  -       -       n       -       0       bounce
+verify    unix  -       -       n       -       1       verify
+flush     unix  n       -       n       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       n       -       -       smtp
+relay     unix  -       -       n       -       -       smtp
+showq     unix  n       -       n       -       -       showq
+error     unix  -       -       n       -       -       error
+retry     unix  -       -       n       -       -       error
+discard   unix  -       -       n       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       n       -       -       lmtp
+anvil     unix  -       -       n       -       1       anvil
+scache    unix  -       -       n       -       1       scache
+submission-header-cleanup unix n - n    -       0       cleanup
+    -o header_checks=regexp:/etc/postfix/submission_header_cleanup
+policy-spf unix - n n - - spawn
+ user=nobody argv=/usr/bin/policyd-spf
+
+
+127.0.0.1:10025 inet    n       -       -       -       -       smtpd
+        -o content_filter=
+        -o local_recipient_maps=
+        -o relay_recipient_maps=
+        -o smtpd_restriction_classes=
+        -o smtpd_delay_reject=no
+        -o smtpd_client_restrictions=permit_mynetworks,reject
+        -o smtpd_helo_restrictions=
+        -o smtpd_sender_restrictions=
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o smtpd_data_restrictions=reject_unauth_pipelining
+        -o smtpd_end_of_data_restrictions=
+        -o mynetworks=127.0.0.0/8
+        -o smtpd_error_sleep_time=0
+        -o smtpd_soft_error_limit=1001
+        -o smtpd_hard_error_limit=1000
+        -o smtpd_client_connection_count_limit=0
+        -o smtpd_client_connection_rate_limit=0
+        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
+       -o smtpd_tls_security_level=none