github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Restrict access (Closes #452, #816)

Browse source 
new setup.sh function, new tests, new script
This commit is contained in:
17Halbe 2018-02-07 21:33:07 +01:00 committed by Johan Smits
parent 115ad555be
commit 5394a505b9
6 changed files with 90 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
setup.sh
View file

@ -42,9 +42,10 @@ SUBCOMMANDS:
email: email:
$0 email add <email> <password> $0 email add <email> [<password>]
$0 email update <email> <password> $0 email update <email> [<password>]
$0 email del <email> $0 email del <email>
$0 email restrict <add|del|list> <send|receive> [<email>]
$0 email list $0 email list
alias: alias:
@ -60,7 +61,7 @@ SUBCOMMANDS:
debug: debug:
$0 debug fetchmail $0 debug fetchmail
$0 debug fail2ban <unban> <ip-address> $0 debug fail2ban [<unban> <ip-address>]
$0 debug show-mail-logs $0 debug show-mail-logs
$0 debug inspect $0 debug inspect
$0 debug login <commands> $0 debug login <commands>
@ -117,7 +118,6 @@ case $1 in
email) email)
shift shift
case $1 in case $1 in
add) add)
shift shift
_docker_image addmailuser $@ _docker_image addmailuser $@
@ -130,6 +130,10 @@ case $1 in
shift shift
_docker_image delmailuser $@ _docker_image delmailuser $@
;; ;;
restrict)
shift
_docker_image restrict-access $@
;;
list) list)
_docker_image listmailuser _docker_image listmailuser
;; ;;

56
target/bin/restrict-access Executable file
View file

@ -0,0 +1,56 @@
#! /bin/bash
MODE="$1"
USER="$3"
usage() {
echo "Usage: $0 <add|del|list> <send|receive> [<email@domain.com>]"
}
raise() {
echo "$@" 1>&2
exit 1
}
escape() {
echo "${1//./\\.}"
}
[ -z "$MODE" ] && raise "missing parameters: <add|del|list> <send|receive> [<email@domain.com>]"
case $2 in
send)
DATABASE="/tmp/docker-mailserver/postfix-send-access.cf"
;;
receive)
DATABASE="/tmp/docker-mailserver/postfix-receive-access.cf"
;;
*)
usage; raise "missing parameters. Specify \"send\" or \"receive\"";
;;
esac
if [ -z "$USER" ] && [ "$MODE" != list ]; then
read -p "User(user@domain.com): " USER
echo
[ -z "$USER" ] && raise "User must not be empty"
fi
case $MODE in
add)
grep -qi "^$(escape "$USER")" $DATABASE 2>/dev/null &&
raise "User \"$USER\" already denied to $2 mails"
echo -e "$USER \t\t REJECT" >>$DATABASE
;;
del)
sed -ie "/^$(escape "$USER")/d" $DATABASE 2>/dev/null ||
raise "User \"$USER\" not found."
;;
list)
grep "REJECT" $DATABASE 2>/dev/null ||
echo "Everyone is allowed to $2 mails."
;;
*)
usage; raise "missing mode. Specify \"add\", \"del\" or \"list\"";
;;
esac

5
target/postfix/main.cf
View file

@ -44,10 +44,9 @@ smtpd_helo_required = yes
smtpd_delay_reject = yes smtpd_delay_reject = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, smtpd_recipient_restrictions = check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch smtpd_sender_restrictions = check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf, permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
disable_vrfy_command = yes disable_vrfy_command = yes
# Postscreen settings to drop zombies/open relays/spam early # Postscreen settings to drop zombies/open relays/spam early

1
test/config/postfix-receive-access.cf Normal file
View file

@ -0,0 +1 @@

1
test/config/postfix-send-access.cf Normal file
View file

@ -0,0 +1 @@

23
test/tests.bats
View file

@ -146,7 +146,7 @@ load 'test_helper/bats-assert/load'
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf" run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf" run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf" run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/smtpd_recipient_restrictions = /smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023/g' /etc/postfix/main.cf" run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/smtpd_recipient_restrictions =/smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023/g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "/etc/init.d/postfix reload" run docker exec mail_with_postgrey /bin/sh -c "/etc/init.d/postfix reload"
run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt" run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
@ -1122,6 +1122,27 @@ load 'test_helper/bats-assert/load'
[ -z "$value" ] [ -z "$value" ]
} }
@test "checking setup.sh: setup.sh email restrict" {
run ./setup.sh -c mail email restrict
assert_failure
run ./setup.sh -c mail email restrict add
assert_failure
./setup.sh -c mail email restrict add send lorem@impsum.org
run ./setup.sh -c mail email restrict list send
assert_output --regexp "^lorem@impsum.org.*REJECT"
run ./setup.sh -c mail email restrict del send lorem@impsum.org
assert_success
run ./setup.sh -c mail email restrict list send
assert_output --partial "Everyone is allowed"
./setup.sh -c mail email restrict add receive rec_lorem@impsum.org
run ./setup.sh -c mail email restrict list receive
assert_output --regexp "^rec_lorem@impsum.org.*REJECT"
run ./setup.sh -c mail email restrict del receive rec_lorem@impsum.org
assert_success
}
# alias # alias
@test "checking setup.sh: setup.sh alias list" { @test "checking setup.sh: setup.sh alias list" {
echo "test@example.org test@forward.com" > ./config/postfix-virtual.cf echo "test@example.org test@forward.com" > ./config/postfix-virtual.cf