def install_mail_server(args):
app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
version_obj = version.Version("Install-mail-relay-server", SCRIPT_VERSION)
version_obj.check_executed()
general.shell_exec("yum -y install sendmail")
# Tell iptables that this server is configured as a mail-relay server.
general.shell_exec("touch /etc/mail/syco_mail_relay_server")
iptables.add_mail_relay_chain()
iptables.save()
hardening.network.configure_resolv_conf()
hardening.network.configure_localhost()
hardening.network.restart_network()
app.print_verbose("Configure /etc/mail/*")
# Allow all servers on localdomain to relay through this server.
set_config_property2("/etc/mail/access",
"Connect:10.100 RELAY")
x("/usr/sbin/makemap hash access < access")
# Remove the loopback address restriction to accept email from the internet or intranet.
set_config_property(
"/etc/mail/sendmail.mc",
r".*DAEMON_OPTIONS\(\`Port\=smtp\,Addr\=127\.0\.0\.1\, Name\=MTA\'\)dnl",
r"dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl")
_rebuild_sendmail_config()
_test_mail()
version_obj.mark_executed()
def install_mail_client(args):
"""
Installs a local postfix MTA which accepts email on localhost forwards
relays everything to mailrelay-server. Also installs mailx.
See line comments in install_mail_server
"""
if config.host(net.get_hostname()).has_command_re("install-postfix-server"):
app.print_verbose("This server will later install the postfix server, abort client installation.")
return
version_obj = version.Version("Install-postfix-client", SCRIPT_VERSION)
version_obj.check_executed()
# Install required packages
install.package("postfix")
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
postfix_main_cf.replace(
"#myhostname = host.domain.tld",
"myhostname = {0}.{1}".format(get_hostname(), config.general.get_resolv_domain()),
) # monitor.syco.com
postfix_main_cf.replace(
"#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())
) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Listen only on localhost
postfix_main_cf.replace("inet_interfaces = localhost", "inet_interfaces = localhost")
postfix_main_cf.replace("#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = 127.0.0.1")
postfix_main_cf.replace(
"mydestination = $myhostname, localhost.$mydomain, localhost", "mydestination = $myhostname, localhost"
)
# Relay everything not for local machine to mailrelay.
postfix_main_cf.replace(
"#relay_domains = $mydestination", "relay_domains = {0}".format(config.general.get_resolv_domain())
)
postfix_main_cf.replace(
"#relayhost = $mydomain", "relayhost = [{0}]".format(config.general.get_mail_relay_domain_name())
)
postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/")
postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
# Restart postfix
x("service postfix restart")
# Send test mail to the syco admin
send_test_mail((None, config.general.get_admin_email()))
def install_mail_server(args):
app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
version_obj = version.Version("Install-mail-relay-server", SCRIPT_VERSION)
version_obj.check_executed()
general.shell_exec("yum -y install sendmail")
# Tell iptables that this server is configured as a mail-relay server.
general.shell_exec("touch /etc/mail/syco_mail_relay_server")
iptables.add_mail_relay_chain()
iptables.save()
hardening.network.configure_resolv_conf()
hardening.network.configure_localhost()
hardening.network.restart_network()
app.print_verbose("Configure /etc/mail/*")
# Allow all servers on localdomain to relay through this server.
set_config_property2("/etc/mail/access", "Connect:10.100 RELAY")
x("/usr/sbin/makemap hash access < access")
# Remove the loopback address restriction to accept email from the internet or intranet.
set_config_property(
"/etc/mail/sendmail.mc",
r".*DAEMON_OPTIONS\(\`Port\=smtp\,Addr\=127\.0\.0\.1\, Name\=MTA\'\)dnl",
r"dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl")
_rebuild_sendmail_config()
_test_mail()
version_obj.mark_executed()
def install_mail_server(args):
"""
Installs a postfix-based mail relay MTA that listens on the DMZ, and relays
towards the internet. Also possible to send from localhost. Also installs mailx.
"""
version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose("Installing postfix-server version: {0}".format(SCRIPT_VERSION))
init_properties = PostFixProperties()
# Install required packages
install.package("postfix")
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
# Hostname is full canonical name of machine.
postfix_main_cf.replace(
"#myhostname = host.domain.tld", "myhostname = {0}".format(config.general.get_mail_relay_domain_name())
) # mailrelay.syco.com
postfix_main_cf.replace(
"#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())
) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Accept email from frontnet and backnet
postfix_main_cf.replace(
"inet_interfaces = localhost",
"inet_interfaces = 127.0.0.1,{0},{1}".format(init_properties.server_front_ip, init_properties.server_back_ip),
)
postfix_main_cf.replace(
"#mynetworks = 168.100.189.0/28, 127.0.0.0/8",
"mynetworks = {0}, {1}, 127.0.0.0/8".format(
init_properties.server_network_front, init_properties.server_network_back
),
)
# Do not relay anywhere special, i.e straight to internet.
postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains =")
postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/")
# Stop warning about IPv6.
postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
x("service postfix restart")
# Send test mail to the syco admin
send_test_mail((None, config.general.get_admin_email()))
def install_mail_server(args):
'''
Installs a postfix-based mail relay MTA that listens on the DMZ, and relays
towards the internet. Also possible to send from localhost. Also installs mailx.
'''
version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose(
"Installing postfix-server version: {0}".format(SCRIPT_VERSION))
# Install required packages
install.package("postfix")
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
# Hostname is full canonical name of machine.
postfix_main_cf.replace(
"#myhostname = host.domain.tld", "myhostname = {0}".format(
config.general.get_mail_relay_domain_name())) # mailrelay.syco.com
postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(
config.general.get_resolv_domain())) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Accept email from frontnet and backnet
postfix_main_cf.replace(
"inet_interfaces = localhost",
"inet_interfaces = 127.0.0.1,{0},{1}".format(server_front_ip,
server_back_ip))
postfix_main_cf.replace(
"#mynetworks = 168.100.189.0/28, 127.0.0.0/8",
"mynetworks = {0}, {1}, 127.0.0.0/8".format(server_front_network,
server_back_network))
# Do not relay anywhere special, i.e straight to internet.
postfix_main_cf.replace("#relay_domains = $mydestination",
"relay_domains =")
postfix_main_cf.replace("#home_mailbox = Maildir/",
"home_mailbox = Maildir/")
# Stop warning about IPv6.
postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
x("service postfix restart")
# Send test mail to the syco admin
send_test_mail((None, config.general.get_admin_email()))
def install_mail_client(args):
"""
Installs a local postfix MTA which accepts email on localhost forwards
relays everything to mailrelay-server. Also installs mailx.
See line comments in install_mail_server
"""
if config.host(net.get_hostname()).has_command_re("install-postfix-server"):
app.print_verbose(
"This server will later install the postfix server, abort client installation."
)
return
version_obj = version.Version("Install-postfix-client", SCRIPT_VERSION)
version_obj.check_executed()
# Install required packages
install.package("postfix")
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
postfix_main_cf.replace("#myhostname = host.domain.tld", "myhostname = {0}.{1}".format(get_hostname(), config.general.get_resolv_domain())) # monitor.syco.com
postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Listen only on localhost
postfix_main_cf.replace("inet_interfaces = localhost", "inet_interfaces = localhost")
postfix_main_cf.replace("#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = 127.0.0.1")
postfix_main_cf.replace("mydestination = $myhostname, localhost.$mydomain, localhost", "mydestination = $myhostname, localhost")
# Relay everything not for local machine to mailrelay.
postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains = {0}".format(config.general.get_resolv_domain()))
postfix_main_cf.replace("#relayhost = $mydomain","relayhost = [{0}]".format(config.general.get_mail_relay_domain_name()))
postfix_main_cf.replace("#home_mailbox = Maildir/","home_mailbox = Maildir/")
postfix_main_cf.replace("inet_protocols = all","inet_protocols = ipv4")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
# Restart postfix
x("service postfix restart")
# Send test mail to the syco admin
send_test_mail((None, config.general.get_admin_email()))
def install_mail_server(args):
"""
Installs a postfix-based mail relay MTA that listens on the DMZ, and relays
towards the internet. Also possible to send from localhost. Also installs mailx.
"""
version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose("Installing postfix-server version: {0}".format(SCRIPT_VERSION))
init_properties = PostFixProperties()
# Install required packages
x("yum install -y postfix augeas")
#Initialize augeas
augeas = Augeas(x)
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
# Hostname is full canonical name of machine.
postfix_main_cf.replace("#myhostname = host.domain.tld", "myhostname = {0}".format(config.general.get_mail_relay_domain_name())) # mailrelay.syco.com
postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Accept email from all IP addresses for this server
augeas.set_enhanced("/files/etc/postfix/main.cf/inet_interfaces", ",".join(init_properties.server_ips))
#Allow networks
augeas.set_enhanced("/files/etc/postfix/main.cf/mynetworks", ",".join(init_properties.server_networks))
# Do not relay anywhere special, i.e straight to internet.
postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains =")
postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/")
# Stop warning about IPv6.
postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4")
#Set virtual_alias_maps and virtual_alias_domains in main.cf
augeas.set("/files/etc/postfix/main.cf/virtual_alias_maps", "hash:/etc/postfix/virtual")
if init_properties.virtual_alias_domains:
augeas.set("/files/etc/postfix/main.cf/virtual_alias_domains", init_properties.virtual_alias_domains)
#Add virtual aliases if they do not already exist
for virt_alias_from, virt_alias_to in init_properties.virtual_aliases.iteritems():
existing = augeas.find_entries("/files/etc/postfix/virtual/pattern[. = '%s']" % virt_alias_from)
if len(existing) == 0:
x("echo \"%s %s\" >> /etc/postfix/virtual" % (virt_alias_from, virt_alias_to))
else:
augeas.set_enhanced("/files/etc/postfix/virtual/pattern[. = '%s']/destination" % virt_alias_from,
virt_alias_to)
if len(init_properties.virtual_aliases) > 0:
x("postmap /etc/postfix/virtual")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
x("service postfix restart")
# Send test mail to the syco admin
# and to any virtual alias emails
send_test_mail((None, config.general.get_admin_email()),
init_properties.virtual_aliases.keys())