From: Ian Kelling Date: Sat, 7 Nov 2020 02:19:20 +0000 (-0500) Subject: add clamav, tests, minor fixes X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=e3ce4a6d0966c5a61cc9dd3df94cbaf664a1d069;p=distro-setup add clamav, tests, minor fixes --- diff --git a/brc b/brc index d450cc6..cb3432b 100644 --- a/brc +++ b/brc @@ -334,7 +334,7 @@ for field in {1..20}; do done # h1 = head -n1 for num in {1..9}; do - eval h$num"() { head -n$num}; }" + eval h$num"() { head -n$num; }" done @@ -1080,6 +1080,11 @@ r() { # exit "$@" 2>/dev/null } +# scp is insecure and deprecated. +scp() { + rsync --inplace "$@" +} + # reapply bashrc reb() { source ~/.bashrc @@ -1766,7 +1771,8 @@ if [[ $- == *i* ]]; then fi if [[ $SSH_CLIENT || $SUDO_USER ]]; then - PS1="\h $PS1" + unset PROMPT_DIRTRIM + PS1="\h:$PS1" fi # emacs terminal has problems if this runs slowly, diff --git a/brc2 b/brc2 index 6f28a8b..e997984 100644 --- a/brc2 +++ b/brc2 @@ -1097,8 +1097,12 @@ r2eadd() { # usage: name url } r2e() { command r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg "$@"; } -rg() { command rg -i -M 200 "$@"; } -complete -r rg +if type -P rg &>/dev/null; then + rg() { command rg -i -M 200 "$@"; } + complete -r rg +else + alias rg=grr +fi rspicy() { # usage: HOST DOMAIN # connect to spice vm remote host. use vspicy for local host @@ -1295,7 +1299,7 @@ mailvpnbash() { m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash } eximbash() { - m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|a1) -n -m sudo -u $USER -i bash + m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash } diff --git a/distro-end b/distro-end index 87e35a9..0053171 100755 --- a/distro-end +++ b/distro-end @@ -522,15 +522,15 @@ EOF sudo dd of=/etc/systemd/system/vpnmail.service <<'EOF' [Unit] Description=Turns on iptables mail nat +BindsTo=openvpn-server@mail.service [Service] Type=oneshot -RemainAfterExit=yes ExecStart=/a/bin/distro-setup/vpn-mail-forward start ExecStop=/a/bin/distro-setup/vpn-mail-forward stop [Install] -WantedBy=openvpn-server@mail.service +RequiredBy=openvpn-server@mail.service EOF ser daemon-reload sgo vpnmail.service diff --git a/mail-setup b/mail-setup index cb9f677..ea9e82d 100755 --- a/mail-setup +++ b/mail-setup @@ -3,6 +3,10 @@ # Copyright (C) 2019 Ian Kelling # SPDX-License-Identifier: AGPL-3.0-or-later +# todo: move mail stuff in distro-end into this file + +# todo: fix ipv6 addr for li + # todo: create a cronjob to update or warn on expiring dnssec keys # todo: turn on dnssec validation for dns resolution. @@ -263,8 +267,11 @@ setini() { } soff () { for service; do - m systemctl stop $service; - m systemctl disable $service + # ignore services that dont exist + if systemctl cat $service &>/dev/null; then + m systemctl stop $service; + m systemctl disable $service + fi done } sre () { @@ -328,7 +335,7 @@ fi # light version of exim does not have sasl auth support. -pi exim4 exim4-daemon-heavy spamassassin spf-tools-perl openvpn p0f postgrey pyzor razor jq moreutils +pi exim4 exim4-daemon-heavy spamassassin spf-tools-perl openvpn p0f postgrey pyzor razor jq moreutils clamav-daemon # note: pyzor debian readme says you need to run some initialization command # but its outdated. @@ -530,6 +537,10 @@ i /etc/spamassassin/mylocal.cf <<'EOF' # entirely of whitespace".) This is a safe, terse alternative: clear_report_template report (_SCORE_ / _REQD_ requ) _TESTSSCORES(,)_ autolearn=_AUTOLEARN +uridnsbl_skip_domain iankelling.org +uridnsbl_skip_domain amnimal.ninja +uridnsbl_skip_domain expertpathologyreview.com +uridnsbl_skip_domain zroe.org EOF @@ -733,6 +744,7 @@ DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/ex # keep your dkim signature intact but add list- headers. DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to +av_scanner = clamd:/var/run/clamav/clamd.ctl hostlist iank_trusted = <; \\ # veth0 @@ -800,6 +812,15 @@ warn add_header = X-Spam_report: $spam_report add_header = X-Spam_action: $spam_action + +deny +# defer_ok = accept messages even if there is a problem with clamav. +# clamav regularly has fails, we havent had a reported problem with mail +# not getting through, but this seems better. + malware = */defer_ok + message = This message was detected as possible malware ($malware_name). + + #accept # spf = pass:fail:softfail:none:neutral:permerror:temperror # dmarc_status = reject:quarantine @@ -2082,7 +2103,11 @@ case $HOSTNAME in ;;& $MAIL_HOST) sstart radicale - ;; + ;;& +esac + +case $HOSTNAME in + $MAIL_HOST|bk|je) : ;; *) soff radicale mailclean.timer dovecot spamassassin mailvpn mailnn ;; @@ -2110,7 +2135,7 @@ EOF /b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/ ;;& $MAIL_HOST) - test_from=ian@iankelling.org + test_froms=(ian@iankelling.org z@zroe.org) test_to="testignore@expertpathologyreview.com, testignore@je.b8.nz" cat >>/etc/cron.d/mailtest </usr/local/bin/send-test-forward </usr/local/bin/send-test-forward + for test_from in ${test_froms[@]}; do + cat >>/usr/local/bin/send-test-forward <