mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
* addnl postgrey whitelist support. closes #998, closes #999. modified: Dockerfile modified: Makefile modified: README.md modified: docker-compose.elk.yml.dist modified: docker-compose.yml.dist modified: target/start-mailserver.sh modified: target/supervisor/conf.d/supervisor-app.conf new file: test/config/whitelist_recipients new file: test/nc_templates/postgrey_whitelist_local.txt new file: test/nc_templates/postgrey_whitelist_recipients.txt modified: test/tests.bats * match existing indent convention modified: target/start-mailserver.sh * ISSUE-999: add support for header_checks modified: Dockerfile modified: target/postfix/main.cf * ISSUE-999: add empty header_check file new file: target/postfix/header_checks.pcre
This commit is contained in:
parent
8c8426ef4a
commit
53a344a056
|
@ -8,6 +8,7 @@ ENV ENABLE_POSTGREY=0
|
||||||
ENV FETCHMAIL_POLL=300
|
ENV FETCHMAIL_POLL=300
|
||||||
ENV POSTGREY_DELAY=300
|
ENV POSTGREY_DELAY=300
|
||||||
ENV POSTGREY_MAX_AGE=35
|
ENV POSTGREY_MAX_AGE=35
|
||||||
|
ENV POSTGREY_AUTO_WHITELIST_CLIENTS=5
|
||||||
ENV POSTGREY_TEXT="Delayed by postgrey"
|
ENV POSTGREY_TEXT="Delayed by postgrey"
|
||||||
|
|
||||||
ENV SASLAUTHD_MECHANISMS=pam
|
ENV SASLAUTHD_MECHANISMS=pam
|
||||||
|
@ -176,7 +177,7 @@ RUN mkdir /var/run/fetchmail && chown fetchmail /var/run/fetchmail
|
||||||
|
|
||||||
# Configures Postfix
|
# Configures Postfix
|
||||||
COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
|
COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
|
||||||
COPY target/postfix/sender_header_filter.pcre target/postfix/sender_login_maps.pcre /etc/postfix/maps/
|
COPY target/postfix/header_checks.pcre target/postfix/sender_header_filter.pcre target/postfix/sender_login_maps.pcre /etc/postfix/maps/
|
||||||
RUN echo "" > /etc/aliases && \
|
RUN echo "" > /etc/aliases && \
|
||||||
openssl dhparam -out /etc/postfix/dhparams.pem 2048 && \
|
openssl dhparam -out /etc/postfix/dhparams.pem 2048 && \
|
||||||
echo "@weekly FILE=`mktemp` ; openssl dhparam -out $FILE 2048 > /dev/null 2>&1 && mv -f $FILE /etc/postfix/dhparams.pem" > /etc/cron.d/dh2048
|
echo "@weekly FILE=`mktemp` ; openssl dhparam -out $FILE 2048 > /dev/null 2>&1 && mv -f $FILE /etc/postfix/dhparams.pem" > /etc/cron.d/dh2048
|
||||||
|
|
1
Makefile
1
Makefile
|
@ -220,6 +220,7 @@ run:
|
||||||
-e ENABLE_POSTGREY=1 \
|
-e ENABLE_POSTGREY=1 \
|
||||||
-e POSTGREY_DELAY=15 \
|
-e POSTGREY_DELAY=15 \
|
||||||
-e POSTGREY_MAX_AGE=35 \
|
-e POSTGREY_MAX_AGE=35 \
|
||||||
|
-e POSTGREY_AUTO_WHITELIST_CLIENTS=5 \
|
||||||
-e POSTGREY_TEXT="Delayed by postgrey" \
|
-e POSTGREY_TEXT="Delayed by postgrey" \
|
||||||
-e DMS_DEBUG=0 \
|
-e DMS_DEBUG=0 \
|
||||||
-h mail.my-domain.com -t $(NAME)
|
-h mail.my-domain.com -t $(NAME)
|
||||||
|
|
|
@ -487,6 +487,12 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
|
||||||
|
|
||||||
Note: This postgrey setting needs `ENABLE_POSTGREY=1`
|
Note: This postgrey setting needs `ENABLE_POSTGREY=1`
|
||||||
|
|
||||||
|
##### POSTGREY_AUTO_WHITELIST_CLIENTS
|
||||||
|
|
||||||
|
- **5** => whitelist host after N successful deliveries (N=0 to disable whitelisting)
|
||||||
|
|
||||||
|
Note: This postgrey setting needs `ENABLE_POSTGREY=1`
|
||||||
|
|
||||||
##### POSTGREY_TEXT
|
##### POSTGREY_TEXT
|
||||||
|
|
||||||
- **Delayed by postgrey** => response when a mail is greylisted
|
- **Delayed by postgrey** => response when a mail is greylisted
|
||||||
|
|
|
@ -58,6 +58,7 @@ services:
|
||||||
- ENABLE_POSTGREY=${ENABLE_POSTGREY}
|
- ENABLE_POSTGREY=${ENABLE_POSTGREY}
|
||||||
- POSTGREY_DELAY=${POSTGREY_DELAY}
|
- POSTGREY_DELAY=${POSTGREY_DELAY}
|
||||||
- POSTGREY_MAX_AGE=${POSTGREY_MAX_AGE}
|
- POSTGREY_MAX_AGE=${POSTGREY_MAX_AGE}
|
||||||
|
- POSTGREY_AUTO_WHITELIST_CLIENTS=${POSTGREY_AUTO_WHITELIST_CLIENTS}
|
||||||
- POSTGREY_TEXT=${POSTGREY_TEXT}
|
- POSTGREY_TEXT=${POSTGREY_TEXT}
|
||||||
- ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD}
|
- ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD}
|
||||||
- SASLAUTHD_MECHANISMS=${SASLAUTHD_MECHANISMS}
|
- SASLAUTHD_MECHANISMS=${SASLAUTHD_MECHANISMS}
|
||||||
|
|
|
@ -60,6 +60,7 @@ services:
|
||||||
- ENABLE_POSTGREY=${ENABLE_POSTGREY}
|
- ENABLE_POSTGREY=${ENABLE_POSTGREY}
|
||||||
- POSTGREY_DELAY=${POSTGREY_DELAY}
|
- POSTGREY_DELAY=${POSTGREY_DELAY}
|
||||||
- POSTGREY_MAX_AGE=${POSTGREY_MAX_AGE}
|
- POSTGREY_MAX_AGE=${POSTGREY_MAX_AGE}
|
||||||
|
- POSTGREY_AUTO_WHITELIST_CLIENTS=${POSTGREY_AUTO_WHITELIST_CLIENTS}
|
||||||
- POSTGREY_TEXT=${POSTGREY_TEXT}
|
- POSTGREY_TEXT=${POSTGREY_TEXT}
|
||||||
- ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD}
|
- ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD}
|
||||||
- SASLAUTHD_MECHANISMS=${SASLAUTHD_MECHANISMS}
|
- SASLAUTHD_MECHANISMS=${SASLAUTHD_MECHANISMS}
|
||||||
|
|
0
target/postfix/header_checks.pcre
Normal file
0
target/postfix/header_checks.pcre
Normal file
|
@ -95,5 +95,8 @@ non_smtpd_milters = $dkim_milter
|
||||||
# SPF policy settings
|
# SPF policy settings
|
||||||
policyd-spf_time_limit = 3600
|
policyd-spf_time_limit = 3600
|
||||||
|
|
||||||
|
# Header checks for content inspection on receiving
|
||||||
|
header_checks = pcre:/etc/postfix/maps/header_checks.pcre
|
||||||
|
|
||||||
# Remove unwanted headers that reveail our privacy
|
# Remove unwanted headers that reveail our privacy
|
||||||
smtp_header_checks = pcre:/etc/postfix/maps/sender_header_filter.pcre
|
smtp_header_checks = pcre:/etc/postfix/maps/sender_header_filter.pcre
|
||||||
|
|
|
@ -18,6 +18,7 @@ DEFAULT_VARS["ENABLE_LDAP"]="${ENABLE_LDAP:="0"}"
|
||||||
DEFAULT_VARS["ENABLE_POSTGREY"]="${ENABLE_POSTGREY:="0"}"
|
DEFAULT_VARS["ENABLE_POSTGREY"]="${ENABLE_POSTGREY:="0"}"
|
||||||
DEFAULT_VARS["POSTGREY_DELAY"]="${POSTGREY_DELAY:="300"}"
|
DEFAULT_VARS["POSTGREY_DELAY"]="${POSTGREY_DELAY:="300"}"
|
||||||
DEFAULT_VARS["POSTGREY_MAX_AGE"]="${POSTGREY_MAX_AGE:="35"}"
|
DEFAULT_VARS["POSTGREY_MAX_AGE"]="${POSTGREY_MAX_AGE:="35"}"
|
||||||
|
DEFAULT_VARS["POSTGREY_AUTO_WHITELIST_CLIENTS"]="${POSTGREY_AUTO_WHITELIST_CLIENTS:="5"}"
|
||||||
DEFAULT_VARS["POSTGREY_TEXT"]="${POSTGREY_TEXT:="Delayed by postgrey"}"
|
DEFAULT_VARS["POSTGREY_TEXT"]="${POSTGREY_TEXT:="Delayed by postgrey"}"
|
||||||
DEFAULT_VARS["POSTFIX_MESSAGE_SIZE_LIMIT"]="${POSTFIX_MESSAGE_SIZE_LIMIT:="10240000"}" # ~10 MB by default
|
DEFAULT_VARS["POSTFIX_MESSAGE_SIZE_LIMIT"]="${POSTFIX_MESSAGE_SIZE_LIMIT:="10240000"}" # ~10 MB by default
|
||||||
DEFAULT_VARS["POSTFIX_MAILBOX_SIZE_LIMIT"]="${POSTFIX_MAILBOX_SIZE_LIMIT:="0"}" # no limit by default
|
DEFAULT_VARS["POSTFIX_MAILBOX_SIZE_LIMIT"]="${POSTFIX_MAILBOX_SIZE_LIMIT:="0"}" # no limit by default
|
||||||
|
@ -638,7 +639,7 @@ function _setup_ldap() {
|
||||||
function _setup_postgrey() {
|
function _setup_postgrey() {
|
||||||
notify 'inf' "Configuring postgrey"
|
notify 'inf' "Configuring postgrey"
|
||||||
sed -i -e 's/, reject_rbl_client bl.spamcop.net$/, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10023/' /etc/postfix/main.cf
|
sed -i -e 's/, reject_rbl_client bl.spamcop.net$/, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10023/' /etc/postfix/main.cf
|
||||||
sed -i -e "s/\"--inet=127.0.0.1:10023\"/\"--inet=127.0.0.1:10023 --delay=$POSTGREY_DELAY --max-age=$POSTGREY_MAX_AGE\"/" /etc/default/postgrey
|
sed -i -e "s/\"--inet=127.0.0.1:10023\"/\"--inet=127.0.0.1:10023 --delay=$POSTGREY_DELAY --max-age=$POSTGREY_MAX_AGE --auto-whitelist-clients=$POSTGREY_AUTO_WHITELIST_CLIENTS\"/" /etc/default/postgrey
|
||||||
TEXT_FOUND=`grep -i "POSTGREY_TEXT" /etc/default/postgrey | wc -l`
|
TEXT_FOUND=`grep -i "POSTGREY_TEXT" /etc/default/postgrey | wc -l`
|
||||||
|
|
||||||
if [ $TEXT_FOUND -eq 0 ]; then
|
if [ $TEXT_FOUND -eq 0 ]; then
|
||||||
|
@ -647,6 +648,9 @@ function _setup_postgrey() {
|
||||||
if [ -f /tmp/docker-mailserver/whitelist_clients.local ]; then
|
if [ -f /tmp/docker-mailserver/whitelist_clients.local ]; then
|
||||||
cp -f /tmp/docker-mailserver/whitelist_clients.local /etc/postgrey/whitelist_clients.local
|
cp -f /tmp/docker-mailserver/whitelist_clients.local /etc/postgrey/whitelist_clients.local
|
||||||
fi
|
fi
|
||||||
|
if [ -f /tmp/docker-mailserver/whitelist_recipients ]; then
|
||||||
|
cp -f /tmp/docker-mailserver/whitelist_recipients /etc/postgrey/whitelist_recipients
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_postfix_postscreen() {
|
function _setup_postfix_postscreen() {
|
||||||
|
|
|
@ -87,7 +87,7 @@ autostart=false
|
||||||
autorestart=true
|
autorestart=true
|
||||||
stdout_logfile=/var/log/mail/mail.log
|
stdout_logfile=/var/log/mail/mail.log
|
||||||
stderr_logfile=/var/log/mail/mail.log
|
stderr_logfile=/var/log/mail/mail.log
|
||||||
command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=%(ENV_POSTGREY_DELAY)s --max-age=%(ENV_POSTGREY_MAX_AGE)s --greylist-text="%(ENV_POSTGREY_TEXT)s"
|
command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=%(ENV_POSTGREY_DELAY)s --max-age=%(ENV_POSTGREY_MAX_AGE)s --auto-whitelist-clients=%(ENV_POSTGREY_AUTO_WHITELIST_CLIENTS)s --greylist-text="%(ENV_POSTGREY_TEXT)s"
|
||||||
|
|
||||||
[program:amavis]
|
[program:amavis]
|
||||||
startsecs=0
|
startsecs=0
|
||||||
|
|
1
test/config/whitelist_recipients
Normal file
1
test/config/whitelist_recipients
Normal file
|
@ -0,0 +1 @@
|
||||||
|
user2@otherdomain.tld
|
9
test/nc_templates/postgrey_whitelist_local.txt
Normal file
9
test/nc_templates/postgrey_whitelist_local.txt
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
request=smtpd_access_policy
|
||||||
|
protocol_state=RCPT
|
||||||
|
protocol_name=ESMTP
|
||||||
|
client_address=127.0.0.1
|
||||||
|
client_name=whitelistlocal.tld
|
||||||
|
helo_name=whitelistlocal.tld
|
||||||
|
sender=test@whitelistlocal.tld
|
||||||
|
recipient=user1@localhost.localdomain
|
||||||
|
|
9
test/nc_templates/postgrey_whitelist_recipients.txt
Normal file
9
test/nc_templates/postgrey_whitelist_recipients.txt
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
request=smtpd_access_policy
|
||||||
|
protocol_state=RCPT
|
||||||
|
protocol_name=ESMTP
|
||||||
|
client_address=127.0.0.1
|
||||||
|
client_name=nonwhitelist.tld
|
||||||
|
helo_name=nonwhitelist.tld
|
||||||
|
sender=test@nonwhitelist.tld
|
||||||
|
recipient=user2@otherdomain.tld
|
||||||
|
|
|
@ -128,7 +128,7 @@ load 'test_helper/bats-assert/load'
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "checking postgrey: /etc/default/postgrey correctly edited and has the default values" {
|
@test "checking postgrey: /etc/default/postgrey correctly edited and has the default values" {
|
||||||
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35\"$' /etc/default/postgrey | wc -l"
|
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35 --auto-whitelist-clients=5\"$' /etc/default/postgrey | wc -l"
|
||||||
assert_success
|
assert_success
|
||||||
assert_output 1
|
assert_output 1
|
||||||
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_TEXT=\"Delayed by postgrey\"$' /etc/default/postgrey | wc -l"
|
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_TEXT=\"Delayed by postgrey\"$' /etc/default/postgrey | wc -l"
|
||||||
|
@ -142,7 +142,7 @@ load 'test_helper/bats-assert/load'
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "checking postgrey: there should be a log entry about a new greylisted e-mail user@external.tld in /var/log/mail/mail.log" {
|
@test "checking postgrey: there should be a log entry about a new greylisted e-mail user@external.tld in /var/log/mail/mail.log" {
|
||||||
#editing the postfix config in order to ensure that postgrey handles the test e-mail. The other spam checks at smtpd_recipient_restrictionswould interfere with it.
|
#editing the postfix config in order to ensure that postgrey handles the test e-mail. The other spam checks at smtpd_recipient_restrictions would interfere with it.
|
||||||
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
|
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
|
||||||
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
|
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
|
||||||
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
|
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
|
||||||
|
@ -172,6 +172,21 @@ load 'test_helper/bats-assert/load'
|
||||||
assert_output 1
|
assert_output 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "checking postgrey: there should be a log entry about the whitelisted local and passed e-mail user@whitelistlocal.tld in /var/log/mail/mail.log" {
|
||||||
|
run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_local.txt"
|
||||||
|
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
|
||||||
|
assert_success
|
||||||
|
assert_output 1
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "checking postgrey: there should be a log entry about the whitelisted recipient user2@otherdomain.tld in /var/log/mail/mail.log" {
|
||||||
|
run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_recipients.txt"
|
||||||
|
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=recipient whitelist' /var/log/mail/mail.log | wc -l"
|
||||||
|
assert_success
|
||||||
|
assert_output 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# imap
|
# imap
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in a new issue