crypt

inventory.yaml

@@ -1,26 +0,0 @@
-mkt:
-  hosts:
-    rechner02.maketank.net:
-    mx03.maketank.net:
-    uncle02.maketank.net:
-    mon01.maketank.net:
-
-wks:
-  hosts:
-    adm01.wks:
-    drucki.wks:
-    ebin01.wks:
-    ebin02.wks:
-    #pine01.wks:
-    #pine02.wks:
-    pine03.wks:
-    #pine04.wks:
-    pine05.wks:
-
-ring86:
-  hosts:
-    auto01.chaos:
-    truhe.chaos:
-    wohnz.chaos:
-    #yori.chaos:
-    #lenny.chaos:

inventory/01-maketank.yaml

@@ -0,0 +1,6 @@
+mkt:
+  hosts:
+    rechner02.maketank.net:
+    mx03.maketank.net:
+    uncle02.maketank.net:
+    mon01.maketank.net:

roles/mkt-mx/tasks/main.yaml

@@ -0,0 +1,35 @@
+- name: mkt-scripts
+  include_role:
+    name: mkt-scripts
+    
+- name: postfix maps
+  cron:
+    name: postfix maps
+    minute: "*/5"
+    job: /etc/maketank/postfix/generate_maps.sh
+       
+- name: cronjob postgrey
+  cron:
+    name: postgrey whitelist
+    minute: "*/15"
+    job: /etc/maketank/postgrey/generate_whitelist.sh
+    
+- name: amavis dkim
+  cron:
+    name: amavis dkim conf
+    minute: "*/15"
+    job: /etc/maketank/amavis/generate-dkim-conf.sh
+    
+- name: amavis sa-learn
+  cron:
+    name: amavis sa-learn
+    user: amavis
+    minute: "*/42"
+    job: /etc/maketank/amavis/sa-learn.sh
+    
+- name: dovecot passdb
+  cron:
+    name: dovecot generate passdb
+    user: dovecot
+    minute: "*/5"
+    job: /etc/maketank/dovecot/generate-passdb.rb

roles/mkt-scripts/files/README.md

@@ -0,0 +1 @@
+Well, this is just a dummy file.

roles/mkt-scripts/files/amavis/generate-dkim-conf.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+CDIR="/var/cache/amavis-dkim"
+CONFDIR="/etc/amavis/conf.d"
+LUPDATED=$(stat -c %Y ${CONFDIR})
+
+[[ -d ${CDIR} ]] || mkdir -p ${CDIR}
+
+nmap -p 3306 10.201.0.4 |grep -q '3306/tcp.*open.*mysql'
+
+if [[ $? == 1 ]]; then
+ exit 1
+fi
+
+MYSQL="mysql --skip-ssl -h 10.201.0.4 -u maketank -pknatekam2007 -B --database=maketank_froxlor"
+
+#compare files
+OLD=${CDIR}/dkim-domains.prev
+[[ -e ${OLD} ]] || touch $OLD
+NEW=${CDIR}/dkim-domains.new
+${MYSQL} -e 'SELECT domain from panel_domains pd where pd.isemaildomain = "1" order by domain ASC;' |sed '1d' >$NEW
+
+# Add new DKIM entries
+diff $OLD $NEW |awk -F '> ' '{print $2}' |awk NF | while read line; do
+  line_n=$(echo ${line} |tr '.' '_')
+  if [[ ! -e ${CONFDIR}/999-${line_n} ]]; then
+    cat <<EOT >${CONFDIR}/999-${line_n}
+# Automatically generated, do not edit   
+dkim_key(
+    '${line}',
+    'mx',
+    '/etc/amavis/dkim/maketank.net.private.key'
+);
+1;
+EOT
+  fi
+done
+
+# Remove old DKIM entries
+diff $OLD $NEW |awk -F '< ' '{print $2}' |awk NF | while read line; do
+  line_n=$(echo ${line} |tr '.' '_')
+  rm -fv ${CONFDIR}/999-${line_n}
+done
+
+
+UPDATED=$(stat -c %Y ${CONFDIR})
+
+if [[ ${LUPDATED} -lt ${UPDATED} ]]; then
+ systemctl reload amavis.service
+ cp $NEW $OLD
+fi

roles/mkt-scripts/files/amavis/sa-learn.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+BDIR="/var/spool/vmail_imapsieve_copy"
+SALEARN=$(which sa-learn)
+
+[[ -x ${SALEARN} ]] || exit 1
+
+remove_files () {
+    WHAT=$1
+    #echo "WHAT=${WHAT} EXIT=${2}"
+    if [[ $2 -eq 0 ]]; then
+        for file in $(ls ${BDIR}/${WHAT}/*.eml 2>/dev/null); do
+            F=$(basename ${file})
+            rm ${BDIR}/${WHAT}/${F}
+        done
+    fi
+}
+
+
+learn () {
+	WHAT=$1
+	ls ${WHAT}/*.eml 1>/dev/null 2>&1
+	if [[ $? -eq 0 ]]; then
+		${SALEARN} --${WHAT} $BDIR/${WHAT}/*.eml
+		remove_files ${WHAT} $?
+	fi
+}
+
+#We have stuff to download, put it in spool
+cd ${BDIR}
+
+learn spam
+learn ham

roles/mkt-scripts/files/dovecot/generate-passdb.rb

@@ -0,0 +1,16 @@
+#!/usr/bin/ruby
+
+require 'csv'
+
+csv = %x{echo "SELECT CONCAT_WS(':',mail_users.email,password_enc,uid, gid,homedir,maildir, (quota)) FROM mail_users JOIN panel_customers ON mail_users.customerid=panel_customers.customerid  WHERE panel_customers.deactivated = 0" |mysql --skip-ssl -N -umaketank -pknatekam2007 -h 10.201.0.4 maketank_froxlor}.chomp
+if $?.exitstatus == 0 
+    users = File.open('/etc/dovecot/users','w')
+    CSV.parse (csv) { |row|
+	ra = row[0].split(':')
+	mdir = ra[5].split('/')
+	hdir = ra[4]+mdir[0]
+	users.write( ra[0]+":"+ra[1]+":"+ra[2]+":"+ra[3]+"::"+ra[4]+"::userdb_mail_driver=mdbox userdb_mail_path="+ra[4]+ra[5]+" userdb_quota_storage_size="+ra[6]+"M\n")
+    }
+    users.close unless users.nil?
+end
+

roles/mkt-scripts/files/dovecot/healthcheck.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+

roles/mkt-scripts/files/dovecot/quota-warning.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+PERCENT=$1
+FROM="postmaster@maketank.net"
+
+msg="From: $FROM
+To: $USER
+To: postmaster@maketank.net
+Subject: Your email quota is $PERCENT% full
+Content-Type: text/plain; charset=UTF-8
+
+Your mailbox is now $PERCENT% full.
+Please free up some space, or increase the quota settings for this account.
+
+Regards,
+your IMAP-Mailbox.
+"
+
+echo "$msg" | /usr/sbin/sendmail -f $FROM "$USER"
+
+exit 0

roles/mkt-scripts/files/dovecot/upload_spam_ham.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+SWIFT="swift -A http://kvm01.int.lan:7480/auth/v2.0 -U mx:spam -K o99CuKcfmj31i2UumqB3h8Fh1K0T2bFBO2snbYpk"
+
+BDIR="/var/spool/vmail_imapsieve_copy"
+
+#run only if there is stuff in the dir
+
+SIZE=$(du -sb ${BDIR} |cut -f1)
+[[ ${SIZE} -lt 12289 ]] && exit 0
+
+cd $BDIR
+
+remove_files () {
+	if [[ $2 -eq 0 ]]; then
+		rm -f $1/*
+	fi 
+}
+
+#we have data, upload
+ls ham/*.eml 1>/dev/null 2>&1
+if [[ $? -eq 0 ]]; then
+	${SWIFT} upload mailing ham
+	remove_files ham $?
+fi 
+ls spam/*.eml 1>/dev/null 2>&1
+if [[ $? -eq 0 ]]; then
+	${SWIFT} upload mailing spam
+	remove_files spam $?
+fi 
+
+

roles/mkt-scripts/files/ldap/backup.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+DATE=$(date '+%Y-%m-%d_%H')
+
+BDIR="/var/backups"
+BFILE="${BDIR}/${DATE}"
+
+slapcat -b dc=maketank,dc=net > "${BFILE}_LDAP_dc_maketank_dc_net.ldif"
+slapcat -b cn=config > "${BFILE}_LDAP_cn_config.ldif"

roles/mkt-scripts/files/postfix/generate_maps.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+cd /etc/postfix
+
+nmap -p 3306 10.201.0.4 |grep -q '3306/tcp.*open.*mysql'
+
+if [[ $? == 1 ]]; then
+ exit 1
+fi
+
+MYSQL="mysql --skip-ssl -h 10.201.0.4 -u maketank -pknatekam2007 -B --database=maketank_froxlor"
+
+#virtual_alias_maps
+OLD=/etc/postfix/virtual_alias_maps
+NEW=/etc/postfix/virtual_alias_maps.new
+${MYSQL} -e 'select email,destination from mail_virtual where destination <> "" and destination <> " " order by email ASC'|sed -e 's@ @, @g' |sed '1d' >$NEW
+
+if [[ $(md5sum $NEW|cut -f 1 -d ' ') != $(md5sum $OLD|cut -f 1 -d ' ') ]]; then 
+	cp $NEW $OLD
+	/usr/sbin/postmap hash:$OLD
+fi
+
+#Virtual domains
+NEW=/etc/postfix/virtual_mailbox_domains
+${MYSQL} -e 'select domain from panel_domains where isemaildomain = "1" order by domain ASC' |tr '\n' ','|sed s/,$//|sed s/^domain,// >$NEW

roles/mkt-scripts/files/postfix/pflogsum-ganglia.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+
+out = %x{/usr/sbin/logtail2 /var/log/mail.info |/usr/sbin/pflogsumm |/bin/grep -v "Grand Totals"|/usr/bin/head -22 |/usr/bin/awk '/\d+/ {print}'}.chomp
+
+out.each_line { |line|
+ line.delete!('"')
+ line.strip!
+ line.chomp!
+ str = line.split(' ')
+ met = str[1]
+ val = str[0].delete('^0-9')
+ cmd = "/usr/bin/gmetric -x 300 -d 30000 -g mail -t uint16 -D \"Postfix #{met}\" -n postfix_#{met} -v #{val}"
+ puts cmd
+ %x{#{cmd}}
+}

roles/mkt-scripts/files/postgrey/generate_whitelist.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+mariadb --skip-ssl -h 10.201.0.4 -u maketank -pknatekam2007 \
+        -B --database=maketank_froxlor \
+        -e 'select email_full from mail_virtual where disablegreylist = 1' \
+        |grep -v email_full >/etc/postgrey/whitelist_recipients.local

roles/mkt-scripts/tasks/main.yaml

@@ -0,0 +1,4 @@
+- name: "mkt-scripts: copy-files"
+  synchronize:
+    src: files/
+    dest: /etc/maketank

roles/modules/tasks/main.yaml

@@ -1,5 +1,7 @@
-- name: Kernel module nf_conntrack
+- name: Kernel module [nf|xt]_conntrack
   community.general.modprobe:
-    name: nf_conntrack
+    name: 
+    - nf_conntrack
+    - xt_conntrack
     state: present
     persistent: present

site.yaml

@@ -4,4 +4,10 @@
   roles:
   - role: common
     tags: common
+  - role: mkt-scripts
+    tags: mkt
 
+- hosts: ~mx.*
+  roles:
+  - role: mkt-mx
+    tags: mkt