docker-mailserver/target/scripts/startup/setup.d/security/spoofing.sh

29 lines
1.3 KiB
Bash
Raw Normal View History

#!/bin/bash
2023-05-25 23:01:41 +00:00
function _setup_spoof_protection() {
2023-05-24 07:06:59 +00:00
if [[ ${SPOOF_PROTECTION} -eq 1 ]]; then
_log 'trace' 'Enabling and configuring spoof protection'
2023-05-24 07:06:59 +00:00
if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]; then
if [[ -z ${LDAP_QUERY_FILTER_SENDERS} ]]; then
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf'
else
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf'
fi
else
# NOTE: This file is always created at startup, it potentially has content added.
# TODO: From section: "SPOOF_PROTECTION=1 handling for smtpd_sender_login_maps"
# https://github.com/docker-mailserver/docker-mailserver/issues/2819#issue-1402114383
2023-05-24 07:06:59 +00:00
if [[ -f /etc/postfix/regexp ]]; then
postconf 'smtpd_sender_login_maps = unionmap:{ texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre, pcre:/etc/postfix/regexp }'
else
postconf 'smtpd_sender_login_maps = texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre'
fi
fi
else
_log 'debug' 'Spoof protection is disabled'
# shellcheck disable=SC2016
postconf 'mua_sender_restrictions = $dms_smtpd_sender_restrictions'
fi
}