whoami7 - Manager
:
/
proc
/
self
/
root
/
usr
/
share
/
sendmail
/
Upload File:
files >> //proc/self/root/usr/share/sendmail/update_auth
#!/bin/sh -e #----------------------------------------------------------------------------- # # $Sendmail: update_auth,v 8.15.2 2020-03-08 00:39:49 cowboy Exp $ # # Sendmail support for SMTP AUTH (SASL) # # Copyright (c) 2000-2010 Richard Nelson. All Rights Reserved. # # Notes: # #----------------------------------------------------------------------------- set -e; NEW=0; DEFAULT=0; HOSTNAME=`hostname -s`; HOSTFQDN=`hostname -f`; DOMAINNAME=`hostname -d`; SMUID=sendmail; SMAID=sendmail; SMPWD=sendmailpwd; SMRLM="$HOSTNAME.$DOMAINNAME"; SMMCH=''; # Path to other sendmail helpers if [ -x ./update_sendmail ]; then sm_path='.'; elif [ -x $(dirname $0)/update_sendmail ]; then sm_path=$(dirname $0); else sm_path=/usr/share/sendmail; fi; # Bring in sendmail.conf for the network definitions if [ ! -f /etc/mail/sendmail.conf ]; then if [ -x $sm_path/update_conf ]; then $sm_path/update_conf; fi; fi; if [ -f /etc/mail/sendmail.conf ]; then . /etc/mail/sendmail.conf; fi; if [ "$HANDS_OFF" != 'No' ]; then exit 0; fi; # See what sendmail was linked with if [ "yes" != "yes" ]; then echo "SASL support not included in sendmail, skipping..."; exit 0; elif [ 2 -eq 2 ]; then SASLDBLISTUSERS='/usr/sbin/sasldblistusers2'; SASLPASSWD='/usr/sbin/saslpasswd2'; SASLLIB='/usr/lib/sasl2'; SASLSO='2'; SASLDB='/etc/sasldb2'; SASL_BIN='sasl2-bin'; SASL_LIB='libsasl2'; SASL='SASL2'; elif [ 2 -eq 1 ]; then SASLDBLISTUSERS='/usr/sbin/sasldblistusers'; SASLPASSWD='/usr/sbin/saslpasswd'; SASLLIB='/usr/lib/sasl'; SASLSO='1'; SASLDB='/etc/sasldb'; SASL_BIN='sasl-bin'; SASL_LIB='libsasl'; SASL='SASL'; fi; # Check if SASL is installed if [ ! -d ${SASLLIB} ]; then cat <<-EOT ${SASL} not installed, not configuring sendmail support. EOT if [ "${SASLSO}" = '1' ]; then cat <<-EOT To install ${SASL}, get ${SASL_BIN}, ${SASL_LIB}-modules-plain, ${SASL_LIB}-digestmd5-plain or ${SASL_LIB}-digestmd5-des. EOT else cat <<-EOT To install ${SASL}, get ${SASL_BIN} and ${SASL_LIB}-modules. EOT fi; cat <<-EOT To enable sendmail ${SASL} support at a later date, invoke "$0" EOT exit 0; fi; # Check for sasl-bin (wherein resides saslpasswd) if [ ! -x ${SASLPASSWD} ]; then cat <<-EOT ${SASL_BIN} not installed, not configuring sendmail support. To enable sendmail ${SASL} support at a later date, invoke "$0" EOT exit 0; fi; #echo " "; #echo "Creating/Updating ${SASL} information"; touch /etc/mail/tsasl; if chown root:sasl /etc/mail/tsasl 2>/dev/null; then adduser smmta sasl 1>/dev/null 2>&1; adduser smmsp sasl 1>/dev/null 2>&1; fi; rm /etc/mail/tsasl; # See if we need to rename an existing SASL info file if [ -f /etc/mail/auth-info ] \ && [ ! -f /etc/mail/default-auth-info ]; then mv /etc/mail/auth-info \ /etc/mail/default-auth-info; fi; # Use exisisting SASL auth information if [ -f /etc/mail/default-auth-info ]; then SMUID=$(head -n1 /etc/mail/default-auth-info); SMAID=$(head -n2 /etc/mail/default-auth-info | tail -n1 -); SMPWD=$(head -n3 /etc/mail/default-auth-info | tail -n1 -); SMRLM=$(head -n4 /etc/mail/default-auth-info | tail -n1 -); SMMCH=$(head -n5 /etc/mail/default-auth-info | tail -n1 -); fi; # Check for default settings, used in later test if [ "$SMUID" = 'sendmail' ] \ && [ "$SMAID" = 'sendmail' ] \ && [ "$SMPWD" = 'sendmailpwd' ]; then DEFAULT=1; fi; # Create Default SASL auth information if [ ! -f /etc/mail/default-auth-info ]; then cat <<-EOT > /etc/mail/default-auth-info $SMUID $SMAID $SMPWD $SMRLM $SMMCH EOT fi; # Create any missing SASL configuration files if [ -d ${SASLLIB} ]; then # SASL password configuration if [ ! -f ${SASLLIB}/saslpasswd.conf ]; then NEW=1; cp /usr/share/sendmail/examples/sasl/saslpasswd.conf.${SASLSO} \ ${SASLLIB}/saslpasswd.conf; fi; chown root:root ${SASLLIB}/saslpasswd.conf; chmod 0640 ${SASLLIB}/saslpasswd.conf; # Sendmail SASL configuration if [ -L ${SASLLIB}/Sendmail.conf ]; then ln -sf /etc/mail/sasl/Sendmail.conf.${SASLSO} \ ${SASLLIB}/Sendmail.conf; else if [ -f ${SASLLIB}/Sendmail.conf ]; then mv ${SASLLIB}/Sendmail.conf \ /etc/mail/sasl/Sendmail.conf.${SASLSO}; fi; ln -sf /etc/mail/sasl/Sendmail.conf.${SASLSO} \ ${SASLLIB}/Sendmail.conf; fi; # Make sure libraries are properly installed... ( cd ${SASLLIB} && \ if [ -L libanonymous.so.${SASLSO} ] && [ ! -L libanonymous.so ]; then \ ln -s libanonymous.so.${SASLSO} libanonymous.so; \ fi; \ if [ -L libcrammd5.so.${SASLSO} ] && [ ! -L libcrammd5.so ]; then \ ln -s libcrammd5.so.${SASLSO} libcrammd5.so; \ fi; \ if [ -L libdigestmd5.so.${SASLSO} ] && [ ! -L libdigestmd5.so ]; then \ ln -s libdigestmd5.so.${SASLSO} libdigestmd5.so; \ fi; \ if [ -L libdigestmd5.so.0 ] && [ ! -L libdigestmd5.so ]; then \ ln -s libdigestmd5.so.0 libdigestmd5.so; \ fi; \ if [ -L libgssapiv2.so.${SASLSO} ] && [ ! -L libgssapiv2.so ]; then \ ln -s libgssapiv2.so.${SASLSO} libgssapiv2.so; \ fi; \ if [ -L liblogin.so.${SASLSO} ] && [ ! -L liblogin.so ]; then \ ln -s liblogin.so.${SASLSO} liblogin.so; \ fi; \ if [ -L liblogin.so.0 ] && [ ! -L liblogin.so ]; then \ ln -s liblogin.so.0 liblogin.so; \ fi; \ if [ -L libplain.so.${SASLSO} ] && [ ! -L libplain.so ]; then \ ln -s libplain.so.${SASLSO} libplain.so; \ fi; ) fi; # Create/update sendmail SASL files chown smmta:smmsp /etc/mail/sasl; chmod 0755 /etc/mail/sasl; if [ ! -f /etc/mail/sasl/Sendmail.conf.${SASLSO} ] \ && [ -f /etc/mail/sasl/Sendmail.conf ]; then mv /etc/mail/sasl/Sendmail.conf \ /etc/mail/sasl/Sendmail.conf.${SASLSO}; fi; if [ ! -f /etc/mail/sasl/Sendmail.conf.${SASLSO} ]; then NEW=1; cp /usr/share/sendmail/examples/sasl/Sendmail.conf.${SASLSO} \ /etc/mail/sasl/; fi; chown smmta:smmsp /etc/mail/sasl/Sendmail.conf.${SASLSO}; chmod 0640 /etc/mail/sasl/Sendmail.conf.${SASLSO}; #--------------------------------------------------------------------------- # Make sure prototype /etc/mail/sasl/sasl.m4 exists $sm_path/update_authm4 || true; # Recommend PAM for sendmail authorization if [ "${SASLSO}" = "2" ]; then if grep -qEe '^[[:space:]]*auto_transition:[[:space:]]*false' \ /etc/mail/sasl/Sendmail.conf.${SASLSO}; then sed -e \ 's?^[[:space:]]*auto_transition:.*$?auto_transition: true?' \ /etc/mail/sasl/Sendmail.conf.${SASLSO} \ > /etc/mail/sasl/Sendmail.conf.new; fi; if [ -f /etc/mail/sasl/Sendmail.conf.new ]; then chown smmta:smmsp /etc/mail/sasl/Sendmail.conf.new; chmod 0644 /etc/mail/sasl/Sendmail.conf.new; mv /etc/mail/sasl/Sendmail.conf.new \ /etc/mail/sasl/Sendmail.conf.${SASLSO}; fi; cat <<-EOT Ah, you're setup with SASL${SASLSO} ! Unfortunately, there is no automagic way to migrate to ${SASLDB} :( You'll want to make sure /etc/default/saslauthd is setup to start, and has at least MECHANISMS="pam" ! If you find out what more is needed, please let me know! EOT else if ! grep -qEe "^[[:space:]]*pwcheck_method:[[:space:]]*PAM" \ ${SASLLIB}/Sendmail.conf; then cat <<-EOT It is *strongly* recommended that you use PAM as the authentication method for sendmail via ${SASL}. Doing so will allow *all* your shell users (those with an /etc/passwd entry) to automagically authenticate themselves when using a MUA with ${SASL} support turned on. Do you wish to use PAM (Y|n)? EOT read yn; yn=$(echo -n "$yn" | sed -e "s/^\ *//" -e "s/^\t*//"); test -n "$yn" || yn="Y"; case "$yn" in [Yy]*) if grep -qEe '^[[:space:]]*pwcheck_method:' \ /etc/mail/sasl/Sendmail.conf.${SASLSO}; then sed -e \ 's?^[[:space:]]*pwcheck_method:.*$?pwcheck_method: PAM?' \ /etc/mail/sasl/Sendmail.conf.${SASLSO} \ > /etc/mail/sasl/Sendmail.conf.new; else echo 'pwcheck_method: PAM' \ | cat /etc/mail/sasl/Sendmail.conf.${SASLSO} - \ > /etc/mail/sasl/Sendmail.conf.new; fi; if [ -f /etc/mail/sasl/Sendmail.conf.new ]; then chown smmta:smmsp /etc/mail/sasl/Sendmail.conf.new; chmod 0640 /etc/mail/sasl/Sendmail.conf.new; mv /etc/mail/sasl/Sendmail.conf.new \ /etc/mail/sasl/Sendmail.conf.${SASLSO}; fi; ;; esac; fi; fi; # Make sure default-auth-info is secure if [ -f /etc/mail/default-auth-info ]; then chown smmta:smmsp /etc/mail/default-auth-info; chmod 0640 /etc/mail/default-auth-info; fi; # Create skeleton file, the saslpasswd command will get a failure ;-{ if [ ! -f ${SASLDB} ]; then NEW=1; if [ -x ${SASLPASSWD} ]; then ${SASLDBLISTUSERS} 1>/dev/null 2>&1 || true; echo "$SMPWD" | ${SASLPASSWD} -p -c -u $SMRLM $SMAID \ 1>/dev/null 2>&1 || true; chown root:sasl ${SASLDB}; chmod 0660 ${SASLDB}; else echo "*** You do not have the ${SASL_BIN} package installed!"; echo "*** Please install it and rerun $0"; echo "*** Sendmail can't use ${SASL} until this is done..."; fi; fi; # Set SMTP auth password if [ -x ${SASLPASSWD} ]; then if [ $DEFAULT = 0 ]; then echo "$SMPWD" | ${SASLPASSWD} -p -c -u $SMRLM $SMAID || true; else ${SASLPASSWD} -d -u $SMRLM $SMAID 1>/dev/null 2>&1 || true; fi; fi; # For sendmail, /etc/sasldb must be 0600 or (0640/0660 w/dontblamesendmail) if [ -f ${SASLDB} ]; then find ${SASLDB} -gid 0 -print | xargs -r chown root:sasl; find ${SASLDB} -gid 8 -print | xargs -r chown root:sasl; find ${SASLDB} -group smmsp -print | xargs -r chown root:sasl; chmod g-x,o-rwx ${SASLDB}; fi; # Tell them about the new wizbang features... if [ $NEW -eq 1 ]; then cat <<-EOT To enable sendmail to use SASLS, you need to: 1) Add this line to /etc/mail/sendmail.mc and optionally to /etc/mail/submit.mc: include(\`/etc/mail/sasl/sasl.m4')dnl 2) Run sendmailconfig 3) Restart sendmail ${SASL} is now minimally setup, there are a few ways to handle users: *) Allow only shell users (default) You're all set, nothing else to do ! *) Allow users other than shell Add users via ${SASLPASSWD} and make sure that the realm you used matches what your users specify in their netscape/outlook/mutt/etc profiles. If you need to authorize sendmail as a sender, also update /etc/mail/default-auth-info and rerun $0. EOT fi;
Copyright ©2021 || Defacer Indonesia