From c75975d59e7cb4d8b25b67792c4b74b60b35545d Mon Sep 17 00:00:00 2001 From: Brennan Kinney <5098581+polarathene@users.noreply.github.com> Date: Tue, 5 Dec 2023 17:16:39 +1300 Subject: [PATCH] chore: Postfix should integrate Dovecot at runtime (#3681) * chore: Better establish startup scope * chore: Configure `main.cf` for Dovecot at runtime --- CHANGELOG.md | 2 ++ target/postfix/main.cf | 6 ++-- target/scripts/helpers/aliases.sh | 1 + target/scripts/start-mailserver.sh | 12 ++++---- target/scripts/startup/setup.d/postfix.sh | 30 +++++++++++++++---- .../startup/setup.d/security/spoofing.sh | 3 ++ 6 files changed, 40 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ecfbe55..5d539271 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ All notable changes to this project will be documented in this file. The format - **Documentation:** - Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680)) +- **Internal:** + - Postfix configures `virtual_mailbox_maps` and `virtual_transport` during startup instead of using defaults (configured for Dovecot) via our `main.cf` ([#3681](https://github.com/docker-mailserver/docker-mailserver/pull/3681)) ### Fixed diff --git a/target/postfix/main.cf b/target/postfix/main.cf index 405dc0fb..8c329c94 100644 --- a/target/postfix/main.cf +++ b/target/postfix/main.cf @@ -88,10 +88,10 @@ smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $mydomain broken_sasl_auth_clients = yes -# Mail directory -virtual_transport = lmtp:unix:/var/run/dovecot/lmtp +# Postfix lookup tables for verifying valid users and managed mail domains: +# Populated during startup in: scripts/helpers/postfix.sh virtual_mailbox_domains = /etc/postfix/vhost -virtual_mailbox_maps = texthash:/etc/postfix/vmailbox +# Populated during startup in: scripts/helpers/aliases.sh virtual_alias_maps = texthash:/etc/postfix/virtual # Milters used by DKIM diff --git a/target/scripts/helpers/aliases.sh b/target/scripts/helpers/aliases.sh index 0890d994..04a56da3 100644 --- a/target/scripts/helpers/aliases.sh +++ b/target/scripts/helpers/aliases.sh @@ -23,6 +23,7 @@ function _handle_postfix_virtual_config() { fi } +# TODO: Investigate why this file is always created, nothing seems to append only the cp below? function _handle_postfix_regexp_config() { : >/etc/postfix/regexp diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh index fa8214e1..aadac2b5 100755 --- a/target/scripts/start-mailserver.sh +++ b/target/scripts/start-mailserver.sh @@ -91,20 +91,22 @@ function _register_functions() { _register_setup_function '_setup_dovecot_hostname' _register_setup_function '_setup_postfix_early' - _register_setup_function '_setup_fetchmail' - _register_setup_function '_setup_fetchmail_parallel' - # needs to come after _setup_postfix_early + # Dependent upon _setup_postfix_early first calling _create_aliases + # Due to conditional check for /etc/postfix/regexp _register_setup_function '_setup_spoof_protection' - _register_setup_function '_setup_getmail' + _register_setup_function '_setup_postfix_late' if [[ ${ENABLE_SRS} -eq 1 ]]; then _register_setup_function '_setup_SRS' _register_start_daemon '_start_daemon_postsrsd' fi - _register_setup_function '_setup_postfix_late' + _register_setup_function '_setup_fetchmail' + _register_setup_function '_setup_fetchmail_parallel' + _register_setup_function '_setup_getmail' + _register_setup_function '_setup_logrotate' _register_setup_function '_setup_mail_summary' _register_setup_function '_setup_logwatch' diff --git a/target/scripts/startup/setup.d/postfix.sh b/target/scripts/startup/setup.d/postfix.sh index 0d7cb1ae..126a195c 100644 --- a/target/scripts/startup/setup.d/postfix.sh +++ b/target/scripts/startup/setup.d/postfix.sh @@ -30,18 +30,25 @@ mech_list: plain login EOF fi + # User has explicitly requested to disable SASL auth: + # TODO: Additive config by feature would be better. Should only enable SASL auth + # on submission(s) services in master.cf when SASLAuthd or Dovecot is enabled. if [[ ${ENABLE_SASLAUTHD} -eq 0 ]] && [[ ${SMTP_ONLY} -eq 1 ]]; then + # Default for services (eg: Port 25); NOTE: This has since become the default: sed -i -E \ 's|^smtpd_sasl_auth_enable =.*|smtpd_sasl_auth_enable = no|g' \ /etc/postfix/main.cf + # Submission services that are explicitly enabled by default: sed -i -E \ 's|^ -o smtpd_sasl_auth_enable=.*| -o smtpd_sasl_auth_enable=no|g' \ /etc/postfix/master.cf fi + # scripts/helpers/aliases.sh:_create_aliases() __postfix__log 'trace' 'Setting up aliases' _create_aliases + # scripts/helpers/postfix.sh:_create_postfix_vhost() __postfix__log 'trace' 'Setting up Postfix vhost' _create_postfix_vhost @@ -63,6 +70,23 @@ EOF 's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \ /etc/postfix/main.cf fi + + # Dovecot feature integration + # TODO: Alias SMTP_ONLY=0 to DOVECOT_ENABLED=1? + if [[ ${SMTP_ONLY} -ne 1 ]]; then + __postfix__log 'trace' 'Configuring Postfix with Dovecot integration' + + # /etc/postfix/vmailbox is created by: scripts/helpers/accounts.sh:_create_accounts() + # This file config is for Postfix to verify a mail account exists before accepting + # mail arriving and delivering it to Dovecot over LMTP. + postconf 'virtual_mailbox_maps = texthash:/etc/postfix/vmailbox' + postconf 'virtual_transport = lmtp:unix:/var/run/dovecot/lmtp' + fi + + if [[ -n ${POSTFIX_DAGENT} ]]; then + __postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'" + postconf "virtual_transport = ${POSTFIX_DAGENT}" + fi } function _setup_postfix_late() { @@ -80,12 +104,6 @@ function _setup_postfix_late() { __postfix__log 'trace' 'Configuring relay host' _setup_relayhost - if [[ -n ${POSTFIX_DAGENT} ]]; then - __postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'" - # Default value in main.cf should be 'lmtp:unix:/var/run/dovecot/lmtp' - postconf "virtual_transport = ${POSTFIX_DAGENT}" - fi - __postfix__setup_override_configuration } diff --git a/target/scripts/startup/setup.d/security/spoofing.sh b/target/scripts/startup/setup.d/security/spoofing.sh index 7c38821d..ffefb279 100644 --- a/target/scripts/startup/setup.d/security/spoofing.sh +++ b/target/scripts/startup/setup.d/security/spoofing.sh @@ -11,6 +11,9 @@ function _setup_spoof_protection() { postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf' fi else + # NOTE: This file is always created at startup, it potentially has content added. + # TODO: From section: "SPOOF_PROTECTION=1 handling for smtpd_sender_login_maps" + # https://github.com/docker-mailserver/docker-mailserver/issues/2819#issue-1402114383 if [[ -f /etc/postfix/regexp ]]; then postconf 'smtpd_sender_login_maps = unionmap:{ texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre, pcre:/etc/postfix/regexp }' else