chore: Postfix should integrate Dovecot at runtime (#3681)

* chore: Better establish startup scope

* chore: Configure `main.cf` for Dovecot at runtime
This commit is contained in:
Brennan Kinney 2023-12-05 17:16:39 +13:00 committed by GitHub
parent 1ff8d57ea1
commit c75975d59e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 40 additions and 14 deletions

View file

@ -15,6 +15,8 @@ All notable changes to this project will be documented in this file. The format
- **Documentation:** - **Documentation:**
- Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680)) - Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680))
- **Internal:**
- Postfix configures `virtual_mailbox_maps` and `virtual_transport` during startup instead of using defaults (configured for Dovecot) via our `main.cf` ([#3681](https://github.com/docker-mailserver/docker-mailserver/pull/3681))
### Fixed ### Fixed

View file

@ -88,10 +88,10 @@ smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes broken_sasl_auth_clients = yes
# Mail directory # Postfix lookup tables for verifying valid users and managed mail domains:
virtual_transport = lmtp:unix:/var/run/dovecot/lmtp # Populated during startup in: scripts/helpers/postfix.sh
virtual_mailbox_domains = /etc/postfix/vhost virtual_mailbox_domains = /etc/postfix/vhost
virtual_mailbox_maps = texthash:/etc/postfix/vmailbox # Populated during startup in: scripts/helpers/aliases.sh
virtual_alias_maps = texthash:/etc/postfix/virtual virtual_alias_maps = texthash:/etc/postfix/virtual
# Milters used by DKIM # Milters used by DKIM

View file

@ -23,6 +23,7 @@ function _handle_postfix_virtual_config() {
fi fi
} }
# TODO: Investigate why this file is always created, nothing seems to append only the cp below?
function _handle_postfix_regexp_config() { function _handle_postfix_regexp_config() {
: >/etc/postfix/regexp : >/etc/postfix/regexp

View file

@ -91,20 +91,22 @@ function _register_functions() {
_register_setup_function '_setup_dovecot_hostname' _register_setup_function '_setup_dovecot_hostname'
_register_setup_function '_setup_postfix_early' _register_setup_function '_setup_postfix_early'
_register_setup_function '_setup_fetchmail'
_register_setup_function '_setup_fetchmail_parallel'
# needs to come after _setup_postfix_early # Dependent upon _setup_postfix_early first calling _create_aliases
# Due to conditional check for /etc/postfix/regexp
_register_setup_function '_setup_spoof_protection' _register_setup_function '_setup_spoof_protection'
_register_setup_function '_setup_getmail' _register_setup_function '_setup_postfix_late'
if [[ ${ENABLE_SRS} -eq 1 ]]; then if [[ ${ENABLE_SRS} -eq 1 ]]; then
_register_setup_function '_setup_SRS' _register_setup_function '_setup_SRS'
_register_start_daemon '_start_daemon_postsrsd' _register_start_daemon '_start_daemon_postsrsd'
fi fi
_register_setup_function '_setup_postfix_late' _register_setup_function '_setup_fetchmail'
_register_setup_function '_setup_fetchmail_parallel'
_register_setup_function '_setup_getmail'
_register_setup_function '_setup_logrotate' _register_setup_function '_setup_logrotate'
_register_setup_function '_setup_mail_summary' _register_setup_function '_setup_mail_summary'
_register_setup_function '_setup_logwatch' _register_setup_function '_setup_logwatch'

View file

@ -30,18 +30,25 @@ mech_list: plain login
EOF EOF
fi fi
# User has explicitly requested to disable SASL auth:
# TODO: Additive config by feature would be better. Should only enable SASL auth
# on submission(s) services in master.cf when SASLAuthd or Dovecot is enabled.
if [[ ${ENABLE_SASLAUTHD} -eq 0 ]] && [[ ${SMTP_ONLY} -eq 1 ]]; then if [[ ${ENABLE_SASLAUTHD} -eq 0 ]] && [[ ${SMTP_ONLY} -eq 1 ]]; then
# Default for services (eg: Port 25); NOTE: This has since become the default:
sed -i -E \ sed -i -E \
's|^smtpd_sasl_auth_enable =.*|smtpd_sasl_auth_enable = no|g' \ 's|^smtpd_sasl_auth_enable =.*|smtpd_sasl_auth_enable = no|g' \
/etc/postfix/main.cf /etc/postfix/main.cf
# Submission services that are explicitly enabled by default:
sed -i -E \ sed -i -E \
's|^ -o smtpd_sasl_auth_enable=.*| -o smtpd_sasl_auth_enable=no|g' \ 's|^ -o smtpd_sasl_auth_enable=.*| -o smtpd_sasl_auth_enable=no|g' \
/etc/postfix/master.cf /etc/postfix/master.cf
fi fi
# scripts/helpers/aliases.sh:_create_aliases()
__postfix__log 'trace' 'Setting up aliases' __postfix__log 'trace' 'Setting up aliases'
_create_aliases _create_aliases
# scripts/helpers/postfix.sh:_create_postfix_vhost()
__postfix__log 'trace' 'Setting up Postfix vhost' __postfix__log 'trace' 'Setting up Postfix vhost'
_create_postfix_vhost _create_postfix_vhost
@ -63,6 +70,23 @@ EOF
's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \ 's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \
/etc/postfix/main.cf /etc/postfix/main.cf
fi fi
# Dovecot feature integration
# TODO: Alias SMTP_ONLY=0 to DOVECOT_ENABLED=1?
if [[ ${SMTP_ONLY} -ne 1 ]]; then
__postfix__log 'trace' 'Configuring Postfix with Dovecot integration'
# /etc/postfix/vmailbox is created by: scripts/helpers/accounts.sh:_create_accounts()
# This file config is for Postfix to verify a mail account exists before accepting
# mail arriving and delivering it to Dovecot over LMTP.
postconf 'virtual_mailbox_maps = texthash:/etc/postfix/vmailbox'
postconf 'virtual_transport = lmtp:unix:/var/run/dovecot/lmtp'
fi
if [[ -n ${POSTFIX_DAGENT} ]]; then
__postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
postconf "virtual_transport = ${POSTFIX_DAGENT}"
fi
} }
function _setup_postfix_late() { function _setup_postfix_late() {
@ -80,12 +104,6 @@ function _setup_postfix_late() {
__postfix__log 'trace' 'Configuring relay host' __postfix__log 'trace' 'Configuring relay host'
_setup_relayhost _setup_relayhost
if [[ -n ${POSTFIX_DAGENT} ]]; then
__postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
# Default value in main.cf should be 'lmtp:unix:/var/run/dovecot/lmtp'
postconf "virtual_transport = ${POSTFIX_DAGENT}"
fi
__postfix__setup_override_configuration __postfix__setup_override_configuration
} }

View file

@ -11,6 +11,9 @@ function _setup_spoof_protection() {
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf' postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf'
fi fi
else else
# NOTE: This file is always created at startup, it potentially has content added.
# TODO: From section: "SPOOF_PROTECTION=1 handling for smtpd_sender_login_maps"
# https://github.com/docker-mailserver/docker-mailserver/issues/2819#issue-1402114383
if [[ -f /etc/postfix/regexp ]]; then if [[ -f /etc/postfix/regexp ]]; then
postconf 'smtpd_sender_login_maps = unionmap:{ texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre, pcre:/etc/postfix/regexp }' postconf 'smtpd_sender_login_maps = unionmap:{ texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre, pcre:/etc/postfix/regexp }'
else else