Support for additional postgrey options (Close: #998, #999, #1046)

* addnl postgrey whitelist support. closes #998, closes #999.

	modified:   Dockerfile
	modified:   Makefile
	modified:   README.md
	modified:   docker-compose.elk.yml.dist
	modified:   docker-compose.yml.dist
	modified:   target/start-mailserver.sh
	modified:   target/supervisor/conf.d/supervisor-app.conf
	new file:   test/config/whitelist_recipients
	new file:   test/nc_templates/postgrey_whitelist_local.txt
	new file:   test/nc_templates/postgrey_whitelist_recipients.txt
	modified:   test/tests.bats

* match existing indent convention

	modified:   target/start-mailserver.sh

* ISSUE-999: add support for header_checks

	modified:   Dockerfile
	modified:   target/postfix/main.cf

* ISSUE-999: add empty header_check file

	new file:   target/postfix/header_checks.pcre

Dockerfile

@@ -8,6 +8,7 @@ ENV ENABLE_POSTGREY=0
 ENV FETCHMAIL_POLL=300
 ENV POSTGREY_DELAY=300
 ENV POSTGREY_MAX_AGE=35
+ENV POSTGREY_AUTO_WHITELIST_CLIENTS=5
 ENV POSTGREY_TEXT="Delayed by postgrey"
 
 ENV SASLAUTHD_MECHANISMS=pam
@@ -176,7 +177,7 @@ RUN mkdir /var/run/fetchmail && chown fetchmail /var/run/fetchmail
 
 # Configures Postfix
 COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
-COPY target/postfix/sender_header_filter.pcre target/postfix/sender_login_maps.pcre /etc/postfix/maps/
+COPY target/postfix/header_checks.pcre target/postfix/sender_header_filter.pcre target/postfix/sender_login_maps.pcre /etc/postfix/maps/
 RUN echo "" > /etc/aliases && \
   openssl dhparam -out /etc/postfix/dhparams.pem 2048 && \
   echo "@weekly FILE=`mktemp` ; openssl dhparam -out $FILE 2048 > /dev/null 2>&1 && mv -f $FILE /etc/postfix/dhparams.pem" > /etc/cron.d/dh2048

Makefile

@@ -220,6 +220,7 @@ run:
 		-e ENABLE_POSTGREY=1 \
 		-e POSTGREY_DELAY=15 \
 		-e POSTGREY_MAX_AGE=35 \
+		-e POSTGREY_AUTO_WHITELIST_CLIENTS=5 \
 		-e POSTGREY_TEXT="Delayed by postgrey" \
 		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)

README.md

@@ -487,6 +487,12 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
 
 Note: This postgrey setting needs `ENABLE_POSTGREY=1`
 
+##### POSTGREY_AUTO_WHITELIST_CLIENTS
+
+  - **5** => whitelist host after N successful deliveries (N=0 to disable whitelisting)
+
+Note: This postgrey setting needs `ENABLE_POSTGREY=1`
+
 ##### POSTGREY_TEXT
 
   - **Delayed by postgrey** => response when a mail is greylisted

docker-compose.elk.yml.dist

@@ -58,6 +58,7 @@ services:
     - ENABLE_POSTGREY=${ENABLE_POSTGREY}
     - POSTGREY_DELAY=${POSTGREY_DELAY}
     - POSTGREY_MAX_AGE=${POSTGREY_MAX_AGE}
+    - POSTGREY_AUTO_WHITELIST_CLIENTS=${POSTGREY_AUTO_WHITELIST_CLIENTS}
     - POSTGREY_TEXT=${POSTGREY_TEXT}
     - ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD}
     - SASLAUTHD_MECHANISMS=${SASLAUTHD_MECHANISMS}

docker-compose.yml.dist

@@ -60,6 +60,7 @@ services:
     - ENABLE_POSTGREY=${ENABLE_POSTGREY}
     - POSTGREY_DELAY=${POSTGREY_DELAY}
     - POSTGREY_MAX_AGE=${POSTGREY_MAX_AGE}
+    - POSTGREY_AUTO_WHITELIST_CLIENTS=${POSTGREY_AUTO_WHITELIST_CLIENTS}
     - POSTGREY_TEXT=${POSTGREY_TEXT}
     - ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD}
     - SASLAUTHD_MECHANISMS=${SASLAUTHD_MECHANISMS}

target/postfix/main.cf

@@ -95,5 +95,8 @@ non_smtpd_milters = $dkim_milter
 # SPF policy settings
 policyd-spf_time_limit = 3600
 
+# Header checks for content inspection on receiving
+header_checks = pcre:/etc/postfix/maps/header_checks.pcre
+
 # Remove unwanted headers that reveail our privacy
 smtp_header_checks = pcre:/etc/postfix/maps/sender_header_filter.pcre

target/start-mailserver.sh

@@ -18,6 +18,7 @@ DEFAULT_VARS["ENABLE_LDAP"]="${ENABLE_LDAP:="0"}"
 DEFAULT_VARS["ENABLE_POSTGREY"]="${ENABLE_POSTGREY:="0"}"
 DEFAULT_VARS["POSTGREY_DELAY"]="${POSTGREY_DELAY:="300"}"
 DEFAULT_VARS["POSTGREY_MAX_AGE"]="${POSTGREY_MAX_AGE:="35"}"
+DEFAULT_VARS["POSTGREY_AUTO_WHITELIST_CLIENTS"]="${POSTGREY_AUTO_WHITELIST_CLIENTS:="5"}"
 DEFAULT_VARS["POSTGREY_TEXT"]="${POSTGREY_TEXT:="Delayed by postgrey"}"
 DEFAULT_VARS["POSTFIX_MESSAGE_SIZE_LIMIT"]="${POSTFIX_MESSAGE_SIZE_LIMIT:="10240000"}"  # ~10 MB by default
 DEFAULT_VARS["POSTFIX_MAILBOX_SIZE_LIMIT"]="${POSTFIX_MAILBOX_SIZE_LIMIT:="0"}"        # no limit by default
@@ -638,7 +639,7 @@ function _setup_ldap() {
 function _setup_postgrey() {
 	notify 'inf' "Configuring postgrey"
 	sed -i -e 's/, reject_rbl_client bl.spamcop.net$/, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10023/' /etc/postfix/main.cf
-	sed -i -e "s/\"--inet=127.0.0.1:10023\"/\"--inet=127.0.0.1:10023 --delay=$POSTGREY_DELAY --max-age=$POSTGREY_MAX_AGE\"/" /etc/default/postgrey
+	sed -i -e "s/\"--inet=127.0.0.1:10023\"/\"--inet=127.0.0.1:10023 --delay=$POSTGREY_DELAY --max-age=$POSTGREY_MAX_AGE --auto-whitelist-clients=$POSTGREY_AUTO_WHITELIST_CLIENTS\"/" /etc/default/postgrey
 	TEXT_FOUND=`grep -i "POSTGREY_TEXT" /etc/default/postgrey | wc -l`
 
 	if [ $TEXT_FOUND -eq 0 ]; then
@@ -647,6 +648,9 @@ function _setup_postgrey() {
 	if [ -f /tmp/docker-mailserver/whitelist_clients.local ]; then
 		cp -f /tmp/docker-mailserver/whitelist_clients.local /etc/postgrey/whitelist_clients.local
 	fi
+	if [ -f /tmp/docker-mailserver/whitelist_recipients ]; then
+		cp -f /tmp/docker-mailserver/whitelist_recipients /etc/postgrey/whitelist_recipients
+	fi
 }
 
 function _setup_postfix_postscreen() {

target/supervisor/conf.d/supervisor-app.conf

@@ -87,7 +87,7 @@ autostart=false
 autorestart=true
 stdout_logfile=/var/log/mail/mail.log
 stderr_logfile=/var/log/mail/mail.log
-command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=%(ENV_POSTGREY_DELAY)s --max-age=%(ENV_POSTGREY_MAX_AGE)s --greylist-text="%(ENV_POSTGREY_TEXT)s"
+command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=%(ENV_POSTGREY_DELAY)s --max-age=%(ENV_POSTGREY_MAX_AGE)s --auto-whitelist-clients=%(ENV_POSTGREY_AUTO_WHITELIST_CLIENTS)s --greylist-text="%(ENV_POSTGREY_TEXT)s"
 
 [program:amavis]
 startsecs=0

test/config/whitelist_recipients

@@ -0,0 +1 @@
+user2@otherdomain.tld

test/nc_templates/postgrey_whitelist_local.txt

@@ -0,0 +1,9 @@
+request=smtpd_access_policy
+protocol_state=RCPT
+protocol_name=ESMTP
+client_address=127.0.0.1
+client_name=whitelistlocal.tld
+helo_name=whitelistlocal.tld
+sender=test@whitelistlocal.tld
+recipient=user1@localhost.localdomain
+

test/nc_templates/postgrey_whitelist_recipients.txt

@@ -0,0 +1,9 @@
+request=smtpd_access_policy
+protocol_state=RCPT
+protocol_name=ESMTP
+client_address=127.0.0.1
+client_name=nonwhitelist.tld
+helo_name=nonwhitelist.tld
+sender=test@nonwhitelist.tld
+recipient=user2@otherdomain.tld
+

test/tests.bats

@@ -128,7 +128,7 @@ load 'test_helper/bats-assert/load'
 }
 
 @test "checking postgrey: /etc/default/postgrey correctly edited and has the default values" {
-  run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35\"$' /etc/default/postgrey | wc -l"
+  run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35 --auto-whitelist-clients=5\"$' /etc/default/postgrey | wc -l"
   assert_success
   assert_output 1
   run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_TEXT=\"Delayed by postgrey\"$' /etc/default/postgrey | wc -l"
@@ -142,7 +142,7 @@ load 'test_helper/bats-assert/load'
 }
 
 @test "checking postgrey: there should be a log entry about a new greylisted e-mail user@external.tld in /var/log/mail/mail.log" {
-  #editing the postfix config in order to ensure that postgrey handles the test e-mail. The other spam checks at smtpd_recipient_restrictionswould interfere with it.
+  #editing the postfix config in order to ensure that postgrey handles the test e-mail. The other spam checks at smtpd_recipient_restrictions would interfere with it.
   run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
   run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
   run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
@@ -172,6 +172,21 @@ load 'test_helper/bats-assert/load'
   assert_output 1
 }
 
+@test "checking postgrey: there should be a log entry about the whitelisted local and passed e-mail user@whitelistlocal.tld in /var/log/mail/mail.log" {
+  run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_local.txt"
+  run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
+  assert_success
+  assert_output 1
+}
+
+@test "checking postgrey: there should be a log entry about the whitelisted recipient user2@otherdomain.tld in /var/log/mail/mail.log" {
+  run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_recipients.txt"
+  run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=recipient whitelist' /var/log/mail/mail.log | wc -l"
+  assert_success
+  assert_output 1
+}
+
+
 #
 # imap
 #