-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy path_Acertos_Zimbra
595 lines (539 loc) · 26.2 KB
/
_Acertos_Zimbra
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
#!/bin/bash
sudo timedatectl set-timezone America/Sao_Paulo
#+----------------GERANDO LOG-----------------------+OK"
SCRIPT=`basename $0`
LOG=`echo /opt/zimbra/$SCRIPT.log | sed s/'.sh'/'.log'/g`
exec &> >(tee -a "$LOG")
echo "[`date`] ==== Inicio de rotina..."
#+----------------GERANDO LOG-----------------------+OK"
clear
#Checa se o usuario é root
LOCAL_USER=`id -u -n`
if [ $LOCAL_USER != "root" ] ; then
echo " Rodar como usuario root"
echo " saindo..."
echo ""
exit
fi
dir="Diretorio Atual : `pwd`"
hostname="Hostname : `hostname --fqdn`"
ip="IP : `wget -qO - icanhazip.com`"
#ip="IP : `ifconfig | awk 'NR>=2 && NR<=2' | awk '{print $3}'`"
versaoso="Versao S.O. : `lsb_release -d | cut -d : -f 2- | sed 's/^[ \t]*//;s/[ \t]*$//'`"
release="Release : `lsb_release -r | cut -d : -f 2- | sed 's/^[ \t]*//;s/[ \t]*$//'`"
codename="Codename : `lsb_release -c | cut -d : -f 2- | sed 's/^[ \t]*//;s/[ \t]*$//'`"
kernel="Kernel : `uname -r`"
arquitetura="Arquitetura : `uname -m`"
versaozimbra="Versao Zimbra : `su - zimbra -c 'zmcontrol -v'`"
echo "+-------------------------------------------------+"
echo "| Utilitario para Zimbra v1.35 |"
echo "+-------------------------------------------------+"
echo "+-------------------------------------------------+"
echo "| Escrito por: |"
echo "| Thiago Castro - www.hostlp.cloud |"
echo "+-------------------------------------------------+"
echo
echo $dir
echo "+-------------------------------------------------+"
echo $hostname
echo "+-------------------------------------------------+"
echo $ip
echo "+-------------------------------------------------+"
echo $versaoso
echo "+-------------------------------------------------+"
echo $release
echo "+-------------------------------------------------+"
echo $codename
echo "+-------------------------------------------------+"
echo $kernel
echo "+-------------------------------------------------+"
echo $arquitetura
echo "+-------------------------------------------------+"
echo $versaozimbra
echo "+-------------------------------------------------+"
echo
echo "Aperte <ENTER> para continuar e começar..."
read
sleep 5
echo
echo "==================EXECUTANDO======================="
echo
#Variavel
UsrZ="su - zimbra -c"
#Pega Informações do Servidor
#echo "Pegando Informações do Servidor"
#$UsrZ 'zmprov gs `zmhostname` | grep -i port'
#$UsrZ 'zmprov gs `zmhostname` | grep MailMode'
#$UsrZ 'zmprov gs `zmhostname` | grep -i installed'
#$UsrZ 'zmprov gacf | grep zimbraMailPurgeSleepInterval'
# echo "+-------------------------------------------------+OK"
#Define portas de Proxy para 0
echo "Definindo portas de Proxy para 0"
$UsrZ 'zmproxyctl stop' 1&> /dev/null
$UsrZ 'zmprov ms `zmhostname` zimbraImapProxyBindPort 0'
$UsrZ 'zmprov ms `zmhostname` zimbraImapSSLProxyBindPort 0'
$UsrZ 'zmprov ms `zmhostname` zimbraPop3ProxyBindPort 0'
$UsrZ 'zmprov ms `zmhostname` zimbraPop3SSLProxyBindPort 0'
$UsrZ 'zmprov ms `zmhostname` zimbraMailProxyPort 0'
$UsrZ 'zmprov ms `zmhostname` zimbraMailSSLProxyPort 0'
$UsrZ 'zmprov ms `zmhostname` zimbraAdminProxyPort 0'
$UsrZ 'zmprov mcf zimbraImapProxyBindPort 0'
$UsrZ 'zmprov mcf zimbraImapSSLProxyBindPort 0'
$UsrZ 'zmprov mcf zimbraPop3ProxyBindPort 0'
$UsrZ 'zmprov mcf zimbraPop3SSLProxyBindPort 0'
$UsrZ 'zmprov mcf zimbraMailProxyPort 0'
$UsrZ 'zmprov mcf zimbraMailSSLProxyPort 0'
$UsrZ 'zmprov mcf zimbraAdminProxyPort 0'
echo "+-------------------------------------------------+OK"
#Define as portas nao "Proxy" para as portas padrão desejada
echo "Definindo portas não Proxy para o padrão"
$UsrZ 'zmprov ms `zmhostname` zimbraImapBindPort 143'
$UsrZ 'zmprov ms `zmhostname` zimbraImapSSLBindPort 993'
$UsrZ 'zmprov ms `zmhostname` zimbraPop3BindPort 110'
$UsrZ 'zmprov ms `zmhostname` zimbraPop3SSLBindPort 995'
$UsrZ 'zmprov ms `zmhostname` zimbraMailPort 80'
$UsrZ 'zmprov ms `zmhostname` zimbraMailSSLPort 443'
$UsrZ 'zmprov ms `zmhostname` zimbraAdminPort 7071'
$UsrZ 'zmprov ms `zmhostname` zimbraMailMode redirect'
$UsrZ 'zmprov ms `zmhostname` zimbraReverseProxyMailMode both'
$UsrZ 'zmprov mcf zimbraImapBindPort 143'
$UsrZ 'zmprov mcf zimbraImapSSLBindPort 993'
$UsrZ 'zmprov mcf zimbraPop3BindPort 110'
$UsrZ 'zmprov mcf zimbraPop3SSLBindPort 995'
$UsrZ 'zmprov mcf zimbraMailPort 80'
$UsrZ 'zmprov mcf zimbraMailSSLPort 443'
$UsrZ 'zmprov mcf zimbraAdminPort 7071'
$UsrZ 'zmprov mcf zimbraMailMode redirect'
$UsrZ 'zmprov mcf zimbraReverseProxyMailMode both'
echo "+-------------------------------------------------+OK"
#Mudar porta de HTTP para HTTPS
echo "Definindo redirecionamento HTTP para HTTPS"
$UsrZ 'zmtlsctl redirect' 1&> /dev/null
echo "+-------------------------------------------------+OK"
#Acertando SSH port e SSL
echo "Acertando SSH port e chaves SSL"
SSHP1="`cat /etc/ssh/sshd_config |grep Port | cut -d' ' -f2`"
echo "Porta SSH Atual -> $SSHP1"
echo -n "Porta SSH Atual: "
read SSHP2
echo "+-------------------------------------------------+OK"
$UsrZ 'zmprov ms `zmhostname` zimbraRemoteManagementPort '$SSHP2''
$UsrZ 'zmprov mcf zimbraRemoteManagementPort '$SSHP2''
$UsrZ 'cd /opt/zimbra/bin/'
$UsrZ '/opt/zimbra/bin/zmsshkeygen'
$UsrZ '/opt/zimbra/bin/zmupdateauthkeys'
echo "+-------------------------------------------------+OK"
#https://wiki.zimbra.com/index.php?title=Mail_Queue_Monitoring
#Acertando o LMTA
echo "Acertando o LMTA"
$UsrZ 'zmprov ms `zmhostname` zimbraMtaLmtpHostLookup native'
$UsrZ 'zmprov mcf zimbraMtaLmtpHostLookup native'
echo "+-------------------------------------------------+OK"
#Configurando resposta rapida quando der Over Quota
echo "Configurando resposta rapida quando der Over Quota"
$UsrZ 'zmprov mcf zimbraLmtpPermanentFailureWhenOverQuota TRUE'
echo "+-------------------------------------------------+OK"
#Configurando tempo de vida em fila
echo "Configurando tempo de vida em fila"
$UsrZ 'zmprov mcf zimbraMtaBounceQueueLifetime 1d'
$UsrZ 'zmprov mcf zimbraMtaMaximalQueueLifetime 1d'
$UsrZ 'zmprov mcf zimbraMtaSmtpdSaslAuthenticatedHeader yes'
$UsrZ 'zmprov mcf zimbraMtaQueueRunDelay 300s'
$UsrZ 'zmprov mcf zimbraMtaMaximalBackoffTime 4000s'
$UsrZ 'zmprov mcf zimbraMtaMinimalBackoffTime 300s'
echo "+-------------------------------------------------+OK"
#http://www.bachus.us/blog/2014/07/02/securing-zimbra-smtp/
#Acertando os Atalhos
echo "Acertando os Atalhos"
rm -rf /sbin/postsuper /sbin/mailq /sbin/postqueue
ln -s /opt/zimbra/common/sbin/postsuper /sbin/postsuper
ln -s /opt/zimbra/common/sbin/mailq /sbin/mailq
ln -s /opt/zimbra/common/sbin/postqueue /sbin/postqueue
echo postsuper -d ALL > /sbin/del-mail ; chmod +x /sbin/del-mail
echo tail -f /var/log/mail.log > /sbin/maillog ; chmod +x /sbin/maillog
echo "+-------------------------------------------------+OK"
#Aumentando o limite do tamanho de anexos
echo "Aumentando o limite do tamanho de anexos -> 10mb = 10485760 / 20mb = 20971520 / 30mb = 31457280 / 40mb = 41943040 / 50mb = 52428800"
echo -n "Limitar anexos em...: "
read LANX
$UsrZ 'zmprov mcf zimbraMailContentMaxSize '$LANX''
$UsrZ 'zmprov mcf zimbraImapMaxRequestSize '$LANX''
$UsrZ 'zmprov mcf zimbraMtaMaxMessageSize '$LANX''
$UsrZ 'zmprov mcf zimbraFileUploadMaxSize '$LANX''
$UsrZ 'zmprov mcf zimbraFileUploadMaxSizePerFile '$LANX''
echo "+-------------------------------------------------+OK"
#Acertando os banners
echo "Acertando os banners"
$UsrZ 'zmlocalconfig -e postfix_smtpd_banner="`hostname --fqdn`"'
$UsrZ 'zmprov mcf zimbraMtaMyHostname `hostname --fqdn`'
echo "+-------------------------------------------------+OK"
#Alterando logos de todos os dominios
echo "Alterando logos de todos os dominios"
$UsrZ 'for dominios in $(zmprov gad); do zmprov md $dominios zimbraSkinLogoURL https://site.hostlp.com.br; done'
$UsrZ 'for dominios in $(zmprov gad); do zmprov md $dominios zimbraSkinLogoLoginBanner https://site.hostlp.com.br/imagens/zimbra/Logotipo_Novo_130x58.png; done'
$UsrZ 'for dominios in $(zmprov gad); do zmprov md $dominios zimbraSkinLogoAppBanner https://site.hostlp.com.br/imagens/zimbra/Logotipo_Novo_80x36.png; done'
echo "+-------------------------------------------------+OK"
#Ativando Memcached
echo "Ativando Memcached - Sim/Nao"
read CONFIRMA
case $CONFIRMA in
s|S|Sim|sim)
$UsrZ 'zmprov ms `zmhostname` +zimbraServiceEnabled memcached'
;;
n|N|Nao|nao)
$UsrZ 'zmprov ms `zmhostname` -zimbraServiceEnabled memcached'
;;
*) echo "Opcao Invalida" ;; esac
echo "+-------------------------------------------------+OK"
#Ativando Imapproxy e Proxy
echo "Ativando Imapproxy e Proxy - Sim/Nao"
read CONFIRMA
case $CONFIRMA in
s|S|Sim|sim)
$UsrZ 'zmprov ms `zmhostname` +zimbraServiceEnabled imapproxy'
$UsrZ 'zmprov ms `zmhostname` +zimbraServiceEnabled proxy'
$UsrZ 'zmprov mcf zimbraReverseProxyMailEnabled TRUE'
$UsrZ 'zmprov mcf zimbraReverseProxyHttpEnabled TRUE'
;;
n|N|Nao|nao)
$UsrZ 'zmprov ms `zmhostname` -zimbraServiceEnabled imapproxy'
$UsrZ 'zmprov ms `zmhostname` -zimbraServiceEnabled proxy'
$UsrZ 'zmprov mcf zimbraReverseProxyMailEnabled FALSE'
$UsrZ 'zmprov mcf zimbraReverseProxyHttpEnabled FALSE'
;;
*) echo "Opcao Invalida" ;; esac
echo "+-------------------------------------------------+OK"
#Bloqueando Memcached Exploit
echo "Bloqueando Memcached Exploit"
$UsrZ 'zmprov ms `zmhostname` zimbraMemcachedBindAddress 127.0.0.1 '
$UsrZ 'zmprov ms `zmhostname` zimbraMemcachedClientServerList 127.0.0.1'
echo "+-------------------------------------------------+OK"
#Alterando Cache de mensagens
echo "Alterando Cache de mensagens"
$UsrZ 'zmprov ms `zmhostname` zimbraMessageCacheSize 10000'
echo "+-------------------------------------------------+OK"
#Ativando AntiSpam
echo "Ativando AntiSpam - Sim/Nao"
read CONFIRMA
case $CONFIRMA in
s|S|Sim|sim)
$UsrZ 'zmprov ms `zmhostname` +zimbraServiceEnabled antispam'
$UsrZ '/opt/zimbra/libexec/zmspamextract -s -d -o /tmp/spam/'
$UsrZ '/opt/zimbra/libexec/zmspamextract -n -d -o /tmp/notspam/'
;;
n|N|Nao|nao)
$UsrZ 'zmprov ms `zmhostname` -zimbraServiceEnabled antispam'
;;
*) echo "Opcao Invalida" ;; esac
$UsrZ 'zmlocalconfig -e amavis_originating_bypass_sa=true'
$UsrZ 'zmlocalconfig -e antispam_enable_rule_updates=true'
$UsrZ 'zmlocalconfig -e antispam_enable_restarts=true'
$UsrZ 'zmlocalconfig -e antispam_enable_rule_compilation=true'
$UsrZ 'zmprov mcf zimbraAmavisOriginatingBypassSA TRUE'
$UsrZ 'zmprov mcf zimbraSpamKillPercent 90'
$UsrZ 'zmprov mcf zimbraSpamTagPercent 90'
$UsrZ 'zmprov mcf zimbraSpamSubjectTag "[*]"'
$UsrZ 'echo score DOS_OUTLOOK_TO_MX 0 > ~/data/spamassassin/localrules/sauser.cf'
$UsrZ 'echo score TO_EQ_FM_DIRECT_MX 0 >> ~/data/spamassassin/localrules/sauser.cf'
$UsrZ 'echo score RCVD_IN_PBL 0.1 >> ~/data/spamassassin/localrules/sauser.cf'
$UsrZ 'echo score RDNS_NONE 0.1 >> ~/data/spamassassin/localrules/sauser.cf'
$UsrZ 'echo score FREEMAIL_FORGED_REPLYTO 4.0 >> ~/data/spamassassin/localrules/sauser.cf'
$UsrZ 'echo use_bayes 0 >> ~/data/spamassassin/localrules/sauser.cf'
echo "Adicionar IP Publico do servidor a lista internal_networks do AntiSpam ex: `wget -qO - icanhazip.com`/32"
echo -n "IP Publico do Servidor: "
read IP
$UsrZ 'echo internal_networks '$IP' >> ~/data/spamassassin/localrules/sauser.cf'
cd /opt/zimbra/data/spamassassin/localrules
wget -N https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf -O sakam.cf
echo "00 00 * * *" zimbra wget -N https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf -O /opt/zimbra/data/spamassassin/localrules/sakam.cf > /etc/cron.d/sakam
echo "+-------------------------------------------------+OK"
#https://wiki.zimbra.com/wiki/Anti-spam_Strategies
#Adicionar IPs a Whitelist
echo "Adicionar IPs a Whitelist"
touch /opt/zimbra/conf/postfix_rbl_override
echo '144.217.117.123 OK
66.70.156.66 OK' > /opt/zimbra/conf/postfix_rbl_override
$UsrZ 'postmap /opt/zimbra/conf/postfix_rbl_override'
$UsrZ 'zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override''
echo "+-------------------------------------------------+OK"
#Adicionar IPs a Blacklist
#echo "Adicionar IPs a Blacklist"
#touch /opt/zimbra/conf/postfix_blacklist
#echo '144.217.117.123 OK
#66.70.156.66 OK' > /opt/zimbra/conf/postfix_rbl_override
#$UsrZ 'postmap /opt/zimbra/conf/postfix_blacklist'
#$UsrZ 'zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist''
# echo "+-------------------------------------------------+OK"
#https://wiki.zimbra.com/wiki/Specific_Whitelist/Blacklist_per_IP
#Adicionar IPs a Whitelist
echo "Configurando DNS Sec"
$UsrZ 'zmprov ms `zmhostname` zimbraMtaSmtpDnsSupportLevel "dnssec"'
$UsrZ 'zmprov ms `zmhostname` zimbraMtaSmtpTlsSecurityLevel "dane"'
$UsrZ 'zmprov mcf zimbraMtaSmtpDnsSupportLevel "dnssec"'
$UsrZ 'zmprov mcf zimbraMtaSmtpTlsSecurityLevel "dane"'
#Criando regras de proteção RBL
echo "Ativa RBL? - Sim/Nao"
read CONFIRMA
case $CONFIRMA in
s|S|Sim|sim)
echo "Criando regras de proteção RBL"
$UsrZ 'zmprov mcf +zimbraMtaRestriction reject_unknown_sender_domain'
$UsrZ 'zmprov mcf +zimbraMtaRestriction "reject_rbl_client dnsbl.spfbl.net"'
$UsrZ 'zmprov mcf +zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net"'
$UsrZ 'zmprov mcf +zimbraMtaRestriction "reject_rbl_client b.barracudacentral.org"'
$UsrZ 'zmprov mcf +zimbraMtaRestriction "reject_rbl_client psbl.surriel.com"'
$UsrZ 'zmprov mcf +zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org"'
$UsrZ 'zmprov mcf +zimbraMtaRestriction "reject_rbl_client dnsbl.spfbl.net"'
$UsrZ 'zmprov mcf zimbraMtaPostscreenDnsblSites 'b.barracudacentral.org=127.0.0.2*7' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.10*8' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.5*6' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.7*3' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.8*2' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.6*2' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.9*2''
$UsrZ 'zmprov mcf zimbraMtaPostscreenDnsblAction enforce'
$UsrZ 'zmprov mcf zimbraMtaPostscreenGreetAction enforce'
$UsrZ 'zmprov mcf zimbraMtaPostscreenNonSmtpCommandAction drop'
$UsrZ 'zmprov mcf zimbraMtaPostscreenPipeliningAction enforce'
echo "+-------------------------------------------------+OK"
;;
n|N|Nao|nao)
;;
*) echo "Opcao Invalida" ;; esac
#https://www.missioncriticalemail.com/2019/03/21/zimbra-anti-spam-best-practices-2019/
#Desativa MTA Restriction
echo "Desativa MTA Restriction"
$UsrZ 'zmprov mcf -zimbraMtaRestriction "reject_invalid_helo_hostname"'
$UsrZ 'zmprov mcf -zimbraMtaRestriction "reject_non_fqdn_sender"'
echo "+-------------------------------------------------+OK"
#Ativando AntiVirus
echo "Ativando AntiVirus - Sim/Nao"
read CONFIRMA
case $CONFIRMA in
s|S|Sim|sim)
$UsrZ 'zmprov ms `zmhostname` +zimbraServiceEnabled amavis'
$UsrZ 'zmprov ms `zmhostname` +zimbraServiceEnabled antivirus'
$UsrZ 'zmprov mcf zimbraVirusBlockEncryptedArchive FALSE'
$UsrZ 'zmprov mcf zimbraVirusDefinitionsUpdateFrequency 2h'
$UsrZ 'zmprov mcf zimbraAmavisLogLevel 2'
$UsrZ 'for dominios in $(zmprov gad); do zmprov md $dominios amaviswhitelistsender ""; done'
$UsrZ 'for dominios in $(zmprov gad); do zmprov md $dominios +amaviswhitelistsender $dominios; done'
$UsrZ 'for dominios in $(zmprov gad); do zmprov md $dominios +amaviswhitelistsender hostlp.com.br; done'
$UsrZ 'for dominios in $(zmprov gad); do zmprov md $dominios +amaviswhitelistsender hostlp.net; done'
$UsrZ 'for dominios in $(zmprov gad); do zmprov md $dominios +amaviswhitelistsender hostlp.cloud; done'
echo "+-------------------------------------------------+OK"
;;
n|N|Nao|nao)
$UsrZ 'zmprov ms `zmhostname` -zimbraServiceEnabled amavis'
$UsrZ 'zmprov ms `zmhostname` -zimbraServiceEnabled antivirus'
$UsrZ 'zmprov mcf zimbraVirusBlockEncryptedArchive FALSE'
echo "+-------------------------------------------------+OK"
;;
*) echo "Opcao Invalida" ;; esac
#https://www.missioncriticalemail.com/2019/03/21/zimbra-anti-spam-best-practices-2019/
#Adicionar IP Publibco do servidor a lista HttpThrottleSafeIPs
echo "Adicionar IP Publico do servidor a lista HttpThrottleSafeIPs ex: `wget -qO - icanhazip.com`/32"
echo -n "IP Publico do Servidor: "
read IP
$UsrZ 'zmprov mcf zimbraHttpThrottleSafeIPs 127.0.0.1/32 zimbraHttpThrottleSafeIPs '$IP''
$UsrZ 'zmprov ms `zmhostname` zimbraHttpThrottleSafeIPs 127.0.0.1/32 zimbraHttpThrottleSafeIPs '$IP''
$UsrZ 'zmprov mcf zimbraMailTrustedIP 127.0.0.1/32 zimbraMailTrustedIP '$IP''
$UsrZ 'zmprov ms `zmhostname` zimbraMailTrustedIP 127.0.0.1/32 zimbraMailTrustedIP '$IP''
echo "+-------------------------------------------------+OK"
#Desativando alguns ZimLets
echo "Desativando alguns ZimLets"
$UsrZ 'zmzimletctl disable com_zextras_mailarchive' 1&> /dev/null
$UsrZ 'zmzimletctl disable com_zextras_webex' 1&> /dev/null
$UsrZ 'zmzimletctl disable com_zextras_ymemoticons' 1&> /dev/null
echo "Desativa Zimbra-Drive - Sim/Nao"
read CONFIRMA
case $CONFIRMA in
s|S|Sim|sim)
apt-get remove zimbra-drive --purge -y 1&> /dev/null
$UsrZ 'zmzimletctl disable com_zextras_drive_open' 1&> /dev/null
$UsrZ 'for cos in $(zmprov gac); do zmprov mc $cos zimbraZimletAvailableZimlets -com_zextras_drive_open; done'
echo "+-------------------------------------------------+OK"
;;
n|N|Nao|nao)
apt-get install zimbra-drive -y 1&> /dev/null
$UsrZ 'zmzimletctl enable com_zextras_drive_open' 1&> /dev/null
$UsrZ 'for cos in $(zmprov gac); do zmprov mc $cos zimbraZimletAvailableZimlets +com_zextras_drive_open; done'
echo "+-------------------------------------------------+OK"
;;
*) echo "Opcao Invalida" ;; esac
echo "Desativa Zimbra-Chat - Sim/Nao"
read CONFIRMA
case $CONFIRMA in
s|S|Sim|sim)
apt-get remove zimbra-chat --purge -y 1&> /dev/null
$UsrZ 'zmzimletctl disable com_zextras_chat_open' 1&> /dev/null
$UsrZ 'for cos in $(zmprov gac); do zmprov mc $cos zimbraZimletAvailableZimlets -com_zextras_chat_open; done'
echo "+-------------------------------------------------+OK"
;;
n|N|Nao|nao)
apt-get install zimbra-chat -y 1&> /dev/null
$UsrZ 'zmzimletctl enable com_zextras_chat_open' 1&> /dev/null
$UsrZ 'for cos in $(zmprov gac); do zmprov mc $cos zimbraZimletAvailableZimlets +com_zextras_chat_open; done'
echo "+-------------------------------------------------+OK"
;;
*) echo "Opcao Invalida" ;; esac
#Desativando Texto não Criptografado
echo "Desativando Texto não Criptografado"
$UsrZ 'zmprov ms `zmhostname` zimbraMailClearTextPasswordEnabled TRUE'
$UsrZ 'zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled TRUE'
$UsrZ 'zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled TRUE'
$UsrZ 'zmprov ms `zmhostname` zimbraMtaTlsAuthOnly TRUE'
$UsrZ 'zmprov ms `zmhostname` zimbraMtaTlsSecurityLevel may'
$UsrZ 'zmprov mcf zimbraMailClearTextPasswordEnabled FALSE'
$UsrZ 'zmprov mcf zimbraImapCleartextLoginEnabled FALSE'
$UsrZ 'zmprov mcf zimbraImapCleartextLoginEnabled FALSE'
$UsrZ 'zmprov mcf zimbraPop3CleartextLoginEnabled FALSE'
$UsrZ 'zmprov mcf zimbraMtaTlsAuthOnly TRUE'
$UsrZ 'zmprov mcf zimbraMtaTlsSecurityLevel may'
$UsrZ 'zmlocalconfig -e postfix_smtp_tls_security_level=may'
echo "+-------------------------------------------------+OK"
#https://wiki.zimbra.com/wiki/SecureConfiguration
#Acertando problema no webmail com anexos
#echo "Acertando problema no webmail com anexos"
#$UsrZ 'zmlocalconfig -e zimbra_use_owasp_html_sanitizer=FALSE'
# echo "+-------------------------------------------------+OK"
#Aplicando regra de falso mail from
echo "Aplicando regra de falso Mail From"
$UsrZ 'zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes'
$UsrZ 'zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes'
echo "+-------------------------------------------------+OK"
#https://wiki.zimbra.com/wiki/Rejecting_false_%22mail_from%22_addresses
#Aplicando regra usuario verdadeiro de FROM e SASL
echo "Aplicando regra usuario verdadeiro de FROM e SASL"
$UsrZ 'zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch'
sed -i 's/^permit_mynetworks/permit_mynetworks, reject_sender_login_mismatch/g' /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
echo "+-------------------------------------------------+OK"
#https://wiki.zimbra.com/wiki/Enforcing_a_match_between_FROM_address_and_sasl_username_8.5
#Adicionando MyNetworks
echo "Adicionando MyNetworks"
$UsrZ 'zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 [::1]/128''
$UsrZ 'zmprov mcf zimbraMtaMyNetworks '127.0.0.0/8 [::1]/128''
echo "+-------------------------------------------------+OK"
#Adicionar nome do Compartilhamento do Porta Arquivos
echo "Adicionar nome do Compartilhamento do Porta Arquivos"
echo -n "Digite o nome do Compartilhamento do Porta Arquivos: "
read PORTAARQ
$UsrZ 'zmprov mcf zimbraBasicAuthRealm "'PORTAARQ'"'
$UsrZ 'zmprov ms `zmhostname` description "MailServer "'PORTAARQ'""'
echo "+-------------------------------------------------+OK"
#Alterando CharSet de todos COS
echo "Alterando CharSet de todos COS"
$UsrZ 'for cos in `zmprov gac`; do zmprov mc $cos zimbraPrefMailDefaultCharset UTF-8; done'
echo "+-------------------------------------------------+OK"
#Habilita segurança de senha
echo "Habilita segurança de senha"
$UsrZ 'zmprov mc default zimbraPasswordMinUpperCaseChars 1'
$UsrZ 'zmprov mc default zimbraPasswordMinLowerCaseChars 1'
$UsrZ 'zmprov mc default zimbraPasswordMinPunctuationChars 1'
$UsrZ 'zmprov mc default zimbraPasswordMinNumericChars 1'
echo "+-------------------------------------------------+OK"
#Aplicando politica de DOSFilter
echo "Aplicando politica de DOSFilter"
$UsrZ 'zmprov mcf zimbraHttpDosFilterDelayMillis 20'
$UsrZ 'zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 200'
$UsrZ 'zmprov mcf zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating 10'
$UsrZ 'zmprov mcf zimbraInvalidLoginFilterMaxFailedLogin 30'
$UsrZ 'zmprov mcf zimbraInvalidLoginFilterReinstateIpTaskIntervalInMin 5'
echo "+-------------------------------------------------+OK"
#https://wiki.zimbra.com/wiki/DoSFilter
#Aplicando Tunning de Conexões
echo "Aplicando Tunning de Conexões"
$UsrZ 'zmprov ms `zmhostname` zimbraHttpSSLNumThreads 100'
$UsrZ 'zmprov ms `zmhostname` zimbraHttpNumThreads 500'
$UsrZ 'zmprov ms `zmhostname` zimbraPop3NumThreads 200'
$UsrZ 'zmprov ms `zmhostname` zimbraPop3MaxConnections 400'
$UsrZ 'zmprov ms `zmhostname` zimbraImapNumThreads 2000'
$UsrZ 'zmprov ms `zmhostname` zimbraImapMaxConnections 2000'
$UsrZ 'zmprov mcf zimbraHttpSSLNumThreads 100'
$UsrZ 'zmprov mcf zimbraHttpNumThreads 500'
$UsrZ 'zmprov mcf zimbraPop3NumThreads 200'
$UsrZ 'zmprov mcf zimbraPop3MaxConnections 400'
$UsrZ 'zmprov mcf zimbraImapNumThreads 2000'
$UsrZ 'zmprov mcf zimbraImapMaxConnections 2000'
$UsrZ 'zmlocalconfig -e imap_throttle_command_limit=500'
$UsrZ 'zmlocalconfig -e zimbra_session_limit_imap=50'
echo "+-------------------------------------------------+OK"
#Aplicando Tunning do Java servidor com 16GB Ram
echo "Aplicando Tunning do Java servidor com 16GB Ram"
$UsrZ 'zmlocalconfig -e mailboxd_java_heap_size=4096'
$UsrZ 'zmlocalconfig -e mailboxd_java_heap_memory_percent=25'
$UsrZ 'zmlocalconfig -e mailboxd_java_heap_new_size_percent=25'
$UsrZ 'zmlocalconfig -e zimbra_require_interprocess_security=0'
echo "+-------------------------------------------------+OK"
#Aplicar Tunning no MySQL
echo "Aplicar Tunning no MySQL..."
echo "Não esqueça de alterar o arquivo /opt/zimbra/conf/my.cnf no parametro innodb_buffer_pool_size conforme RAM disponivel"
echo "32GB - 13743895360 / 16GB - 6871947680 / 8GB - 3435973840"
echo "Aperte <ENTER> para continuar e começar..."
read
echo "+-------------------------------------------------+OK"
#Aplicando Tunning de LMTP
echo "Aplicando Tunning de LMTP"
$UsrZ 'zmprov ms `zmhostname` zimbraLmtpNumThreads 40'
$UsrZ 'zmprov mcf zimbraLmtpNumThreads 40'
$UsrZ 'zmlocalconfig -e postfix_lmtp_destination_concurrency_limit=20'
echo "+-------------------------------------------------+OK"
#https://wiki.zimbra.com/wiki/Performance_Tuning_Guidelines_for_Large_Deployments
#Aplicando Tunning Outlook
echo "Aplicando Tunning Outlook"
$UsrZ 'zmlocalconfig -e zimbra_imap_folder_pagination_enabled=true'
echo "+-------------------------------------------------+OK"
#Aplicando Spell em pt_BR
echo "Aplicando Spell em pt_BR"
$UsrZ 'zmprov ms `zmhostname` zimbraSpellAvailableDictionary pt_BR'
echo "+-------------------------------------------------+OK"
#Aplicando 30 dias de visibilidade de reuperação da lixeira
echo "Aplicando 30 dias de visibilidade de reuperação da lixeira"
$UsrZ 'zmprov mc default zimbraDumpsterUserVisibleAge 30d'
echo "+-------------------------------------------------+OK"
#Aplicando quanto tempo em dias armazenar os e-mails mais antigos
echo "Aplicando quanto tempo em dias armazenar os e-mails mais antigos (0 = ILIMITADO )"
echo -n "Digite em dias o tempo de vida dos e-mails do Dominio: "
read LIFETIME
$UsrZ 'zmprov mc default zimbraMailMessageLifetime "'$LIFETIME'"'
$UsrZ 'zmprov ms `zmhostname` zimbraMailPurgeSleepInterval 1h'
$UsrZ 'zmprov mcf zimbraMailPurgeSleepInterval 1h'
#https://wiki.zimbra.com/wiki/Mailbox_Purge
echo "+-------------------------------------------------+OK"
#Reescreve alterações
echo "Reescrevendo alterações"
$UsrZ 'zmmtactl restart'
$UsrZ 'zmconfigdctl restart'
echo "+-------------------------------------------------+OK"
#Configurando Conexao TCP IPv4
#echo "Configurando Conexao TCP IPv4"
#echo '##CONEXAO
#net.ipv4.tcp_fin_timeout = 15
#net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
#sysctl -p 1&> /dev/null
#Altorizar Porta Arquivos ao Publico
#echo "Autorizar Porta Arquivos ao Publico"
#$UsrZ 'for MAIL in $(zmprov -l gaa | sort); do zmmailbox -z -m $MAIL mfg / public r; done'
# echo "+-------------------------------------------------+OK"
#Arrumar permissões de pastas
echo "Arrumar permissões de pastas - Sim/Nao"
read CONFIRMA
case $CONFIRMA in
s|S|Sim|sim)
/opt/zimbra/libexec/zmfixperms -extended
;;
n|N|Nao|nao)
;;
*) echo "Opcao Invalida" ;; esac
echo "+-------------------------------------------------+OK"
#Reinicia Zimbra
echo
echo
echo "Aperte <ENTER> para reiniciar o Zimbra..."
read
sleep 5
echo
echo "===================PARANDO========================"
echo
echo "Parando o Zimbra"
$UsrZ 'zmcontrol restart'
echo "+-------------------------------------------------+OK"
echo
echo "Status do Zimbra"
$UsrZ 'zmcontrol status'
echo "+-------------------------------------------------+OK"
echo "[`date`] ==== Fim de rotina..."