diff --git a/target/scripts/helpers/index.sh b/target/scripts/helpers/index.sh index 027e0e6a..41d1b098 100644 --- a/target/scripts/helpers/index.sh +++ b/target/scripts/helpers/index.sh @@ -17,7 +17,6 @@ function _import_scripts source "${PATH_TO_SCRIPTS}/network.sh" source "${PATH_TO_SCRIPTS}/postfix.sh" source "${PATH_TO_SCRIPTS}/relay.sh" - source "${PATH_TO_SCRIPTS}/sasl.sh" source "${PATH_TO_SCRIPTS}/ssl.sh" source "${PATH_TO_SCRIPTS}/utils.sh" } diff --git a/target/scripts/helpers/relay.sh b/target/scripts/helpers/relay.sh index d1ae382e..8852bd44 100644 --- a/target/scripts/helpers/relay.sh +++ b/target/scripts/helpers/relay.sh @@ -64,16 +64,36 @@ function _env_relay_host # `/etc/postfix/sasl_passwd` example at end of file. function _relayhost_sasl { - if [[ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] && [[ -z ${RELAY_USER} || -z ${RELAY_PASSWORD} ]] + if [[ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] \ + && [[ -z ${RELAY_USER} || -z ${RELAY_PASSWORD} ]] \ + && [[ -z ${SASL_PASSWD} ]] then - _log 'warn' "No relay auth file found and no default set" + _log 'warn' "Missing relay-host mapped credentials provided via ENV, or from postfix-sasl-password.cf" return 1 fi + _log 'trace' "Adding relay-host credential mappings to Postfix" + + # Start from a new `/etc/postfix/sasl_passwd`: + : >/etc/postfix/sasl_passwd + chown root:root /etc/postfix/sasl_passwd + chmod 0600 /etc/postfix/sasl_passwd + + # SASL_PASSWD is a legacy ENV, not likely in use by any users. + # + # Single ENV for specifying ` :`, + # Where `` must match the equivalent ENV, + # while the other two have no dependency to their equivalent ENV. + # SASL_PASSWD requires `smtp_sasl_password_maps` to be enabled - but that has only + # ever been via this function which relies upon RELAY_HOST. Hence redundant. + # TODO: Deprecate. Remove on next major version? + if [[ -n ${SASL_PASSWD} ]] + then + echo "${SASL_PASSWD}" >> /etc/postfix/sasl_passwd + fi + if [[ -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] then - _log 'trace' "Adding relay authentication from postfix-sasl-password.cf" - # Add domain-specific auth from config file: while read -r LINE do @@ -93,8 +113,6 @@ function _relayhost_sasl echo "$(_env_relay_host) ${RELAY_USER}:${RELAY_PASSWORD}" >> /etc/postfix/sasl_passwd fi - _sasl_set_passwd_permissions - # Technically if only a single relay host is configured, a `static` lookup table could be used instead?: # postconf "smtp_sasl_password_maps = static:${RELAY_USER}:${RELAY_PASSWORD}" postconf 'smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd' @@ -196,7 +214,6 @@ function _setup_relayhost then _log 'trace' "Setting up relay hosts (default: ${RELAY_HOST})" - # Expects `_sasl_passwd_create` was called prior in `setup-stack.sh` _relayhost_sasl _populate_relayhost_map @@ -208,9 +225,6 @@ function _rebuild_relayhost { if [[ -n ${RELAY_HOST} ]] then - # Start from a new `/etc/postfix/sasl_passwd` state: - _sasl_passwd_create - _relayhost_sasl _populate_relayhost_map fi diff --git a/target/scripts/helpers/sasl.sh b/target/scripts/helpers/sasl.sh deleted file mode 100644 index e5fb7a16..00000000 --- a/target/scripts/helpers/sasl.sh +++ /dev/null @@ -1,22 +0,0 @@ -#! /bin/bash - -function _sasl_passwd_create -{ - if [[ -n ${SASL_PASSWD} ]] - then - # create SASL password - echo "${SASL_PASSWD}" > /etc/postfix/sasl_passwd - _sasl_set_passwd_permissions - else - rm -f /etc/postfix/sasl_passwd - fi -} - -function _sasl_set_passwd_permissions -{ - if [[ -f /etc/postfix/sasl_passwd ]] - then - chown root:root /etc/postfix/sasl_passwd - chmod 0600 /etc/postfix/sasl_passwd - fi -} diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh index fc189772..5a46490e 100755 --- a/target/scripts/start-mailserver.sh +++ b/target/scripts/start-mailserver.sh @@ -215,7 +215,6 @@ function _register_functions _register_setup_function '_setup_dovecot_hostname' _register_setup_function '_setup_postfix_smtputf8' _register_setup_function '_setup_postfix_sasl' - _register_setup_function '_setup_postfix_sasl_password' _register_setup_function '_setup_security_stack' _register_setup_function '_setup_postfix_aliases' _register_setup_function '_setup_postfix_vhost' diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh index 0d8293f5..6043509c 100644 --- a/target/scripts/startup/setup-stack.sh +++ b/target/scripts/startup/setup-stack.sh @@ -764,21 +764,6 @@ function _setup_postfix_override_configuration fi } -function _setup_postfix_sasl_password -{ - _log 'debug' 'Setting up Postfix SASL Password' - - # support general SASL password - _sasl_passwd_create - - if [[ -f /etc/postfix/sasl_passwd ]] - then - _log 'trace' 'Loaded SASL_PASSWD' - else - _log 'debug' "SASL_PASSWD was not provided - '/etc/postfix/sasl_passwd' not created" - fi -} - function _setup_postfix_relay_hosts { _setup_relayhost diff --git a/test/mail_privacy.bats b/test/mail_privacy.bats index ba489b04..c83d5087 100644 --- a/test/mail_privacy.bats +++ b/test/mail_privacy.bats @@ -7,7 +7,6 @@ function setup_file() { docker run -d --name mail_privacy \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \ - -e SASL_PASSWD="external-domain.com username:password" \ -e ENABLE_MANAGESIEVE=1 \ --cap-add=SYS_PTRACE \ -e PERMIT_DOCKER=host \ diff --git a/test/mail_with_relays.bats b/test/mail_with_relays.bats index 44279849..ecd2112f 100644 --- a/test/mail_with_relays.bats +++ b/test/mail_with_relays.bats @@ -64,6 +64,11 @@ function teardown_file() { assert_output '' } +@test "checking relay hosts: sasl_passwd exists" { + run docker exec mail_with_relays [ -f /etc/postfix/sasl_passwd ] + assert_success +} + @test "checking relay hosts: auth entry is added" { run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/sasl_passwd | grep -e "^@domaintwo.tld\s\+smtp_user_2:smtp_password_2" | wc -l' assert_success diff --git a/test/tests.bats b/test/tests.bats index 5ace6b09..81743446 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -31,7 +31,6 @@ setup_file() { -e SA_SPAM_SUBJECT="SPAM: " \ -e SA_TAG=-5.0 \ -e SA_TAG2=2.0 \ - -e SASL_PASSWD="external-domain.com username:password" \ -e SPAMASSASSIN_SPAM_TO_INBOX=0 \ -e SPOOF_PROTECTION=1 \ -e SSL_TYPE='snakeoil' \ @@ -175,11 +174,6 @@ teardown_file() { assert_success } -@test "checking sasl: sasl_passwd exists" { - run docker exec mail [ -f /etc/postfix/sasl_passwd ] - assert_success -} - # # logs #