mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
postscreen implementation altered (#846)
* new setup.sh function, new tests, new script and some minor updates to main.cf * fix for missing files * removed obsolete test-files * restart postfix if neccessary. * see pr #845 * fixed typo * fixed branchmixup * changed postfix reload command & changed to operate on container instead of image * reload postfix only on adding new restriction * main.cf is only changed when user is added. - Postfix reload changed - working on container instead of image now in setup.sh - added cleanup after tests * moved cleanup to makefile
This commit is contained in:
parent
803dab12c6
commit
5e09074d58
4
Makefile
4
Makefile
|
@ -258,4 +258,6 @@ clean:
|
||||||
test/config/without-accounts \
|
test/config/without-accounts \
|
||||||
test/config/without-virtual \
|
test/config/without-virtual \
|
||||||
test/config/with-domain \
|
test/config/with-domain \
|
||||||
test/config/dovecot-lmtp/userdb
|
test/config/dovecot-lmtp/userdb \
|
||||||
|
test/config/postfix-*-access.cf*
|
||||||
|
|
||||||
|
|
2
setup.sh
2
setup.sh
|
@ -150,7 +150,7 @@ case $1 in
|
||||||
;;
|
;;
|
||||||
restrict)
|
restrict)
|
||||||
shift
|
shift
|
||||||
_docker_image restrict-access $@
|
_docker_container restrict-access $@
|
||||||
;;
|
;;
|
||||||
list)
|
list)
|
||||||
_docker_image listmailuser
|
_docker_image listmailuser
|
||||||
|
|
|
@ -36,10 +36,17 @@ if [ -z "$USER" ] && [ "$MODE" != list ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
case $MODE in
|
case $MODE in
|
||||||
add)
|
add)
|
||||||
grep -qi "^$(escape "$USER")" $DATABASE 2>/dev/null &&
|
grep -qi "^$(escape "$USER")" $DATABASE 2>/dev/null &&
|
||||||
raise "User \"$USER\" already denied to $2 mails"
|
raise "User \"$USER\" already denied to $2 mails"
|
||||||
|
if [ ! -f $DATABASE ]; then
|
||||||
|
[[ $DATABASE = *"send"* ]] && \
|
||||||
|
sed -i 's|smtpd_sender_restrictions =|smtpd_sender_restrictions = check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf \
|
||||||
|
|| sed -i 's|smtpd_recipient_restrictions =|smtpd_recipient_restrictions = check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
|
||||||
|
service postfix reload > /dev/null
|
||||||
|
fi
|
||||||
echo -e "$USER \t\t REJECT" >>$DATABASE
|
echo -e "$USER \t\t REJECT" >>$DATABASE
|
||||||
;;
|
;;
|
||||||
del)
|
del)
|
||||||
|
@ -54,3 +61,4 @@ case $MODE in
|
||||||
usage; raise "missing mode. Specify \"add\", \"del\" or \"list\"";
|
usage; raise "missing mode. Specify \"add\", \"del\" or \"list\"";
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
|
@ -44,9 +44,9 @@ smtpd_helo_required = yes
|
||||||
smtpd_delay_reject = yes
|
smtpd_delay_reject = yes
|
||||||
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
|
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
|
||||||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
||||||
smtpd_recipient_restrictions = check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
|
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
|
||||||
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
|
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
|
||||||
smtpd_sender_restrictions = check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf, permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
|
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
|
||||||
disable_vrfy_command = yes
|
disable_vrfy_command = yes
|
||||||
|
|
||||||
# Postscreen settings to drop zombies/open relays/spam early
|
# Postscreen settings to drop zombies/open relays/spam early
|
||||||
|
|
|
@ -116,6 +116,7 @@ function register_functions() {
|
||||||
_register_setup_function "_setup_postfix_vhost"
|
_register_setup_function "_setup_postfix_vhost"
|
||||||
_register_setup_function "_setup_postfix_dhparam"
|
_register_setup_function "_setup_postfix_dhparam"
|
||||||
_register_setup_function "_setup_postfix_postscreen"
|
_register_setup_function "_setup_postfix_postscreen"
|
||||||
|
_register_setup_function "_setup_postfix_access_control"
|
||||||
|
|
||||||
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
|
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
|
||||||
_register_setup_function "_setup_postfix_relay_amazon_ses"
|
_register_setup_function "_setup_postfix_relay_amazon_ses"
|
||||||
|
@ -611,6 +612,12 @@ function _setup_postfix_postscreen() {
|
||||||
-e "s/postscreen_bare_newline_action = enforce/postscreen_bare_newline_action = $POSTSCREEN_ACTION/" /etc/postfix/main.cf
|
-e "s/postscreen_bare_newline_action = enforce/postscreen_bare_newline_action = $POSTSCREEN_ACTION/" /etc/postfix/main.cf
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _setup_postfix_access_control() {
|
||||||
|
notify 'inf' "Configuring user access"
|
||||||
|
[ -f /tmp/docker-mailserver/postfix-send-access.cf ] && sed -i 's|smtpd_sender_restrictions =|smtpd_sender_restrictions = check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
|
||||||
|
[ -f /tmp/docker-mailserver/postfix-receive-access.cf ] && sed -i 's|smtpd_recipient_restrictions =|smtpd_recipient_restrictions = check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
|
||||||
|
}
|
||||||
|
|
||||||
function _setup_postfix_sasl() {
|
function _setup_postfix_sasl() {
|
||||||
if [[ ${ENABLE_SASLAUTHD} == 1 ]];then
|
if [[ ${ENABLE_SASLAUTHD} == 1 ]];then
|
||||||
[ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF
|
[ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
|
|
Loading…
Reference in a new issue