mailgw: Updates

This commit is contained in:
Jörg Deckert 2020-06-28 10:47:29 +02:00
parent d51087fb5a
commit ea9a44228e
9 changed files with 420 additions and 177 deletions

1
IDs.md
View File

@ -9,6 +9,7 @@
606 jitsi 606 jitsi
607 jicofo 607 jicofo
608 jvb 608 jvb
608 razorfy
611 unifi 611 unifi
2000 admin 2000 admin

View File

@ -3,16 +3,21 @@ OT_SUBVER ?=
OT_TARBALL = oletools-$(OT_VER).tar.gz OT_TARBALL = oletools-$(OT_VER).tar.gz
OT_URL = https://github.com/decalage2/oletools/releases/download/v$(OT_VER)$(OT_SUBVER)/$(OT_TARBALL) OT_URL = https://github.com/decalage2/oletools/releases/download/v$(OT_VER)$(OT_SUBVER)/$(OT_TARBALL)
OF_COMMIT ?= d66e8aeda9b906e0af946218c7460161aa094f61 OF_COMMIT ?= 738079cbc1fda7db85917ee3764222d55f5b1b3c
OF_TARBALL = $(OF_COMMIT).tar.gz OF_TARBALL = $(OF_COMMIT).tar.gz
OF_URL = https://github.com/HeinleinSupport/olefy/archive/$(OF_TARBALL) OF_URL = https://github.com/HeinleinSupport/olefy/archive/$(OF_TARBALL)
RF_COMMIT ?= 93f31400f1a6a02d69d9ddcf16a589ac54cad58e
RF_TARBALL = $(RF_COMMIT).tar.gz
RF_URL = https://github.com/HeinleinSupport/razorfy/archive/$(RF_TARBALL)
preinstall: preinstall:
# hardcoded users and groups # hardcoded users and groups
$(inroot) useradd --system --comment="created from appliance building - zabbix user" --home-dir="/var/lib/zabbix/home" --shell="/sbin/nologin" --no-create-home --uid 600 --user-group zabbix $(inroot) useradd --system --comment="created from appliance building - zabbix user" --home-dir="/var/lib/zabbix/home" --shell="/sbin/nologin" --no-create-home --uid 600 --user-group zabbix
$(inroot) useradd --system --comment="created from appliance building - clamav user" --home-dir="/dev/null" --shell="/sbin/nologin" --no-create-home --uid 601 --user-group clamav $(inroot) useradd --system --comment="created from appliance building - clamav user" --home-dir="/dev/null" --shell="/sbin/nologin" --no-create-home --uid 601 --user-group clamav
$(inroot) useradd --system --comment="created from appliance building - rspamd user" --home-dir="/var/lib/rspamd" --shell="/sbin/nologin" --no-create-home --uid 602 --user-group rspamd $(inroot) useradd --system --comment="created from appliance building - rspamd user" --home-dir="/var/lib/rspamd" --shell="/sbin/nologin" --no-create-home --uid 602 --user-group rspamd
$(inroot) useradd --system --comment="created from appliance building - olefy user" --home-dir="/dev/null" --shell="/sbin/nologin" --no-create-home --uid 603 --user-group olefy $(inroot) useradd --system --comment="created from appliance building - olefy user" --home-dir="/dev/null" --shell="/sbin/nologin" --no-create-home --uid 603 --user-group olefy
$(inroot) useradd --system --comment="created from appliance building - razorfy user" --home-dir="/dev/null" --shell="/sbin/nologin" --no-create-home --uid 608 --user-group razorfy
# switch to hardened, build hardened toolchain, rebuild everything # switch to hardened, build hardened toolchain, rebuild everything
mkdir -p $(CHROOT)/etc/portage/profile mkdir -p $(CHROOT)/etc/portage/profile
echo "-hardened" >> $(CHROOT)/etc/portage/profile/use.mask echo "-hardened" >> $(CHROOT)/etc/portage/profile/use.mask
@ -35,6 +40,12 @@ install_olefy:
sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/olefy.conf sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/olefy.conf
sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/systemd/system/olefy.service sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/systemd/system/olefy.service
install_razorfy:
$(inroot) test -f /usr/portage/distfiles/$(RF_TARBALL) || \
$(inroot) wget -P /usr/portage/distfiles $(RF_URL)
$(inroot) sh -c 'tar xf /usr/portage/distfiles/$(RF_TARBALL) -C /tmp && cd /tmp/razorfy-$(RF_COMMIT) && cp razorfy.pl /usr/bin && cp razorfy.conf /etc && cp razorfy.service /etc/systemd/system'
sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/systemd/system/razorfy.service
postinstall: base/timesyncd.conf base/firstboot.start postinstall: base/timesyncd.conf base/firstboot.start
# Konfigurationen anpassen # Konfigurationen anpassen
cp base/timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf cp base/timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
@ -68,10 +79,17 @@ postinstall: base/timesyncd.conf base/firstboot.start
rm -rf $(CHROOT)/var/lib/mysql/* rm -rf $(CHROOT)/var/lib/mysql/*
$(inroot) bash -c 'yes gentoo | emerge --config dev-db/mariadb' $(inroot) bash -c 'yes gentoo | emerge --config dev-db/mariadb'
# Wegen razorfy muß Perl mit USE=ithreads gebaut werden.
# Deswegen müssen auch alle Module neu erstellt werden.
$(inroot)perl-cleaner --reallyall
# oletools zur Office-Macro-Erkennung in rspamd # oletools zur Office-Macro-Erkennung in rspamd
$(MAKE) install_oletools $(MAKE) install_oletools
$(MAKE) install_olefy $(MAKE) install_olefy
# razorfy zur Razor-Einbindung in rspamd
$(MAKE) install_razorfy
# Anpassungen # Anpassungen
$(inroot) usermod -a -G clamav rspamd $(inroot) usermod -a -G clamav rspamd
clean: clean:

File diff suppressed because it is too large Load Diff

View File

@ -16,5 +16,6 @@ KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
ENABLE_SSHD = YES ENABLE_SSHD = YES
TIMEZONE=Europe/Berlin TIMEZONE=Europe/Berlin
LOCALE=de_DE.utf8 LOCALE=de_DE.utf8
REPO_NAMES = unitas REPO_NAMES = unitas-misc unitas-mail
REPO_URI_unitas = https://dev.unitas-network.de/r/Gentoo/Unitas.git REPO_URI_unitas-misc = https://dev.unitas-network.de/r/Gentoo/unitas-misc.git
REPO_URI_unitas-mail = https://dev.unitas-network.de/r/Gentoo/unitas-mail.git

View File

@ -3,6 +3,6 @@ CXXFLAGS="-O2 -pipe"
USE="hardened justify pie ssp urandom xattr -fortran -pch -pic -prelink -profile -tcc" USE="hardened justify pie ssp urandom xattr -fortran -pch -pic -prelink -profile -tcc"
MAKEOPTS="-j5" MAKEOPTS="-j5"
ACCEPT_LICENSE="*" ACCEPT_LICENSE="*"
PYTHON_TARGETS="python3_6" PYTHON_TARGETS="python3_7"
PYTHON_SINGLE_TARGET="python3_6" PYTHON_SINGLE_TARGET="python3_7"
VIDEO_CARDS="vmware" VIDEO_CARDS="vmware"

View File

@ -1,8 +1,9 @@
# Grundsystem # Grundsystem
app-emulation/open-vm-tools ~amd64 ~x86 app-emulation/open-vm-tools
sys-auth/pam_ssh_agent_auth ~amd64 ~x86 sys-auth/pam_ssh_agent_auth
# rspamd # rspamd
mail-filter/pyzor
mail-filter/rspamd mail-filter/rspamd
# ClamAV Zusatz-Signaturen # ClamAV Zusatz-Signaturen
@ -12,12 +13,3 @@ app-antivirus/clamav-unofficial-sigs
gnustep-base/gnustep-make gnustep-base/gnustep-make
gnustep-libs/sope gnustep-libs/sope
gnustep-apps/sogo gnustep-apps/sogo
### LetsEncrypt
##app-crypt/acme
##app-crypt/certbot
##app-crypt/certbot-apache
##dev-python/zope-component
##dev-python/parsedatetime
##dev-python/pyrfc3339
##dev-python/python-augeas

1
mailgw/package.unmask Normal file
View File

@ -0,0 +1 @@
mail-filter/pyzor

View File

@ -22,6 +22,9 @@ net-analyzer/zabbix agent
# rspamd # rspamd
dev-db/redis jemalloc dev-db/redis jemalloc
dev-lang/perl ithreads
dev-lua/lpeg luajit
mail-filter/pyzor pyzord redis
mail-filter/rspamd gd jemalloc pcre2 mail-filter/rspamd gd jemalloc pcre2
media-libs/gd jpeg media-libs/gd jpeg

View File

@ -13,9 +13,9 @@ app-antivirus/clamav-unofficial-sigs
app-crypt/certbot-apache app-crypt/certbot-apache
dev-db/mariadb dev-db/mariadb
dev-db/redis dev-db/redis
dev-python/pyzor
gnustep-apps/sogo gnustep-apps/sogo
mail-filter/dcc mail-filter/dcc
mail-filter/pyzor
mail-filter/razor mail-filter/razor
mail-filter/rspamd mail-filter/rspamd
mail-mta/postfix mail-mta/postfix