• sqlite database for postfix and dovecot

    init.sql

    CREATE TABLE IF NOT EXISTS `virtual_aliases` (
      `id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE, 
      `domain_id` int(11) NOT NULL,
      `source` varchar(100) NOT NULL,
      `destination` varchar(100) NOT NULL,
      FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
    );
    CREATE TABLE IF NOT EXISTS `virtual_domains` (
      `id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
      `name` varchar(50) NOT NULL
    );
    CREATE TABLE IF NOT EXISTS `virtual_users` (
      `id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE, 
      `domain_id` int(11) NOT NULL,
      `password` varchar(106) NOT NULL,
      `email` varchar(100) NOT NULL,
      FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE,
      UNIQUE (domain_id,email) ON CONFLICT REPLACE
    );

    mailbox.sh

    #!/bin/bash
    regex="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
    sqlitedb="/etc/postfix/mail.db"
    initdb() {
        sqlite3 $sqlitedb < /usr/local/sys/mail/init.sql
    }
    initdb
    mailbox_add() {
    if [ -z "$1" ] ; then
        echo "no mailbox set"
        return
    fi
    if [ -z "$2" ] ; then
        echo "no password set"
        return
    fi
    if ! [[ $1 =~ $regex ]] ; then
        echo "bad email"
        return
    fi
    domain=$(echo $1 | cut -f2 -d@)
    domain_id=$(sqlite3 $sqlitedb "select id from virtual_domains where name=\"$domain\"")
    if  [ "$domain_id" = "" ];then
        sqlite3 $sqlitedb "insert into virtual_domains (name) values (\"$domain\")"
            domain_id=$(sqlite3 $sqlitedb "select id from virtual_domains where name=\"$domain\"")
    fi
    password=`doveadm pw -s SHA512-CRYPT -p $2  | cut -b15-`
    echo  $password
    sqlite3 $sqlitedb "insert into virtual_users(domain_id,email,password) values ($domain_id,\"$1\",\"$password\")"
    }
    mailbox_del() {
    echo $1 
    }
    mailbox_modify() {
    echo $1 
    # not implemented, add delete from
    }
    case "$1" in
      "a")
              mailbox_add $2 $3
      ;;
      "d")
              mailbox_del $2
      ;;
      "m")
              mailbox_modify $2
      ;;
      *)
          echo "param 1 must be one of a(add) d(delete) m (modify)"
          exit 1
      ;;
    esac
    chown vmail:vmail $sqlitedb
  • firewall whitelist

    #!/bin/bash
    # delete rules (if exists)
    for num in `iptables -L INPUT -n -v --line-numbers | grep whitelist | awk '{print $1}' | sort -nr`  ; do iptables  -D INPUT  $num ;  done
    #exit 0
    # delete whitelist list
    ipset -X whitelist
    # create new whitelist
    ipset -N whitelist nethash
    # download network list
    wget -O whitelist http://www.ipdeny.com/ipblocks/data/countries/{ru,ua,kz,by,uz,md,kg,de,am,az,ge,ee,tj,lv}.zone
    echo  'create whitelist ipset'
    list=$(cat /usr/local/sys/whitelist)
    net_count=$(cat /usr/local/sys/whitelist | wc -l)
    i=0
    BAR='####################' 
    #exit 0
    for ipnet in $list
     do
     ipset -A whitelist $ipnet
     i=$(($i+1))
     echo -ne "\r$((100*$i/$net_count))% ${BAR:0:$((20*$i/$net_count))}"
     done
    echo -ne "\ndone create whitelist\n"
    # drop all from non exUSSR countrys
    iptables -I  INPUT 1 -i ens3 -m set ! --match-set whitelist src -p tcp --dport 22 -j DROP
    iptables -I  INPUT 1 -i ens3 -m set ! --match-set whitelist src -p tcp --dport 80   -j DROP