-
sqlite database for postfix and dovecot
init.sql
CREATE TABLE IF NOT EXISTS `virtual_aliases` ( `id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE, `domain_id` int(11) NOT NULL, `source` varchar(100) NOT NULL, `destination` varchar(100) NOT NULL, FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE ); CREATE TABLE IF NOT EXISTS `virtual_domains` ( `id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE, `name` varchar(50) NOT NULL ); CREATE TABLE IF NOT EXISTS `virtual_users` ( `id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE, `domain_id` int(11) NOT NULL, `password` varchar(106) NOT NULL, `email` varchar(100) NOT NULL, FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE, UNIQUE (domain_id,email) ON CONFLICT REPLACE );mailbox.sh
#!/bin/bash regex="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$" sqlitedb="/etc/postfix/mail.db" initdb() { sqlite3 $sqlitedb < /usr/local/sys/mail/init.sql } initdb mailbox_add() { if [ -z "$1" ] ; then echo "no mailbox set" return fi if [ -z "$2" ] ; then echo "no password set" return fi if ! [[ $1 =~ $regex ]] ; then echo "bad email" return fi domain=$(echo $1 | cut -f2 -d@) domain_id=$(sqlite3 $sqlitedb "select id from virtual_domains where name=\"$domain\"") if [ "$domain_id" = "" ];then sqlite3 $sqlitedb "insert into virtual_domains (name) values (\"$domain\")" domain_id=$(sqlite3 $sqlitedb "select id from virtual_domains where name=\"$domain\"") fi password=`doveadm pw -s SHA512-CRYPT -p $2 | cut -b15-` echo $password sqlite3 $sqlitedb "insert into virtual_users(domain_id,email,password) values ($domain_id,\"$1\",\"$password\")" } mailbox_del() { echo $1 } mailbox_modify() { echo $1 # not implemented, add delete from } case "$1" in "a") mailbox_add $2 $3 ;; "d") mailbox_del $2 ;; "m") mailbox_modify $2 ;; *) echo "param 1 must be one of a(add) d(delete) m (modify)" exit 1 ;; esac chown vmail:vmail $sqlitedb -
firewall whitelist
#!/bin/bash # delete rules (if exists) for num in `iptables -L INPUT -n -v --line-numbers | grep whitelist | awk '{print $1}' | sort -nr` ; do iptables -D INPUT $num ; done #exit 0 # delete whitelist list ipset -X whitelist # create new whitelist ipset -N whitelist nethash # download network list wget -O whitelist http://www.ipdeny.com/ipblocks/data/countries/{ru,ua,kz,by,uz,md,kg,de,am,az,ge,ee,tj,lv}.zone echo 'create whitelist ipset' list=$(cat /usr/local/sys/whitelist) net_count=$(cat /usr/local/sys/whitelist | wc -l) i=0 BAR='####################' #exit 0 for ipnet in $list do ipset -A whitelist $ipnet i=$(($i+1)) echo -ne "\r$((100*$i/$net_count))% ${BAR:0:$((20*$i/$net_count))}" done echo -ne "\ndone create whitelist\n" # drop all from non exUSSR countrys iptables -I INPUT 1 -i ens3 -m set ! --match-set whitelist src -p tcp --dport 22 -j DROP iptables -I INPUT 1 -i ens3 -m set ! --match-set whitelist src -p tcp --dport 80 -j DROP