Posfix: add option to re-enable reject_unknown_client_hostname after #3248 (#3255)

docs/content/config/environment.md

@@ -274,6 +274,13 @@ Customize the update check interval. Number + Suffix. Suffix must be 's' for sec
 
 This option has been added in November 2019. Using other format than Maildir is considered as experimental in docker-mailserver and should only be used for testing purpose. For more details, please refer to [Dovecot Documentation](https://wiki2.dovecot.org/MailboxFormat).
 
+##### POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME
+
+If enabled, employs `reject_unknown_client_hostname` to sender restrictions in Postfix's configuration.
+
+- **0** => Disabled
+- 1 => Enabled
+
 ##### POSTFIX_INET_PROTOCOLS
 
 - **all** => Listen on all interfaces.

mailserver.env

@@ -318,6 +318,13 @@ REPORT_SENDER=
 # Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger).
 LOGROTATE_INTERVAL=weekly
 
+
+# If enabled, employs `reject_unknown_client_hostname` to sender restrictions in Postfix's configuration.
+#
+# - **0** => Disabled
+# - 1 => Enabled
+POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0
+
 # Choose TCP/IP protocols for postfix to use
 # **all** => All possible protocols.
 # ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.

target/scripts/start-mailserver.sh

@@ -75,7 +75,6 @@ function _register_functions
     _register_setup_function '_setup_saslauthd'
   fi
 
-  _register_setup_function '_setup_postfix_inet_protocols'
   _register_setup_function '_setup_dovecot_inet_protocols'
 
   _register_setup_function '_setup_opendkim'
@@ -91,17 +90,11 @@ function _register_functions
   _register_setup_function '_setup_mailname'
   _register_setup_function '_setup_dovecot_hostname'
 
-  _register_setup_function '_setup_postfix_hostname'
-  _register_setup_function '_setup_postfix_smtputf8'
-  _register_setup_function '_setup_postfix_sasl'
-  _register_setup_function '_setup_postfix_aliases'
-  _register_setup_function '_setup_postfix_vhost'
-  _register_setup_function '_setup_postfix_dhparam'
-  _register_setup_function '_setup_postfix_sizelimits'
+  _register_setup_function '_setup_postfix_early'
   _register_setup_function '_setup_fetchmail'
   _register_setup_function '_setup_fetchmail_parallel'
 
-  # needs to come after _setup_postfix_aliases
+  # needs to come after _setup_postfix_early
   _register_setup_function '_setup_spoof_protection'
 
   if [[ ${ENABLE_SRS} -eq 1  ]]
@@ -110,10 +103,7 @@ function _register_functions
     _register_start_daemon '_start_daemon_postsrsd'
   fi
 
-  _register_setup_function '_setup_postfix_access_control'
-  _register_setup_function '_setup_postfix_relay_hosts'
-  _register_setup_function '_setup_postfix_virtual_transport'
-  _register_setup_function '_setup_postfix_override_configuration'
+  _register_setup_function '_setup_postfix_late'
   _register_setup_function '_setup_logrotate'
   _register_setup_function '_setup_mail_summary'
   _register_setup_function '_setup_logwatch'

target/scripts/startup/setup.d/postfix.sh

@@ -1,34 +1,30 @@
 #!/bin/bash
 
-function _setup_postfix_sizelimits
+# Just a helper to prepend the log messages with `(Postfix setup)` so
+# users know exactly where the message originated from.
+#
+# @param ${1} = log level
+# @param ${2} = message
+function __postfix__log { _log "${1:-}" "(Postfix setup) ${2:-}" ; }
+
+function _setup_postfix_early
 {
-  _log 'trace' "Configuring Postfix message size limit to '${POSTFIX_MESSAGE_SIZE_LIMIT}'"
-  postconf "message_size_limit = ${POSTFIX_MESSAGE_SIZE_LIMIT}"
+  _log 'debug' 'Configuring Postfix (early setup)'
 
-  _log 'trace' "Configuring Postfix mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
-  postconf "mailbox_size_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
+  __postfix__log 'trace' 'Applying hostname and domainname'
+  postconf "myhostname = ${HOSTNAME}"
+  postconf "mydomain = ${DOMAINNAME}"
 
-  _log 'trace' "Configuring Postfix virtual mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
-  postconf "virtual_mailbox_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
-}
-
-function _setup_postfix_access_control
-{
-  _log 'trace' 'Configuring user access'
-
-  if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]
+  if [[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]]
   then
-    sed -i 's|smtpd_sender_restrictions =|smtpd_sender_restrictions = check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
+    __postfix__log 'trace' 'Setting up POSTFIX_INET_PROTOCOLS option'
+    postconf "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
   fi
 
-  if [[ -f /tmp/docker-mailserver/postfix-receive-access.cf ]]
-  then
-    sed -i 's|smtpd_recipient_restrictions =|smtpd_recipient_restrictions = check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
-  fi
-}
+  __postfix__log 'trace' "Disabling SMTPUTF8 support"
+  postconf 'smtputf8_enable = no'
 
-function _setup_postfix_sasl
-{
+  __postfix__log 'trace' "Configuring SASLauthd"
   if [[ ${ENABLE_SASLAUTHD} -eq 1 ]] && [[ ! -f /etc/postfix/sasl/smtpd.conf ]]
   then
     cat >/etc/postfix/sasl/smtpd.conf << EOF
@@ -46,40 +42,65 @@ EOF
       's|^  -o smtpd_sasl_auth_enable=.*|  -o smtpd_sasl_auth_enable=no|g' \
       /etc/postfix/master.cf
   fi
-}
 
-function _setup_postfix_aliases
-{
-  _log 'debug' 'Setting up Postfix aliases'
+  __postfix__log 'trace' 'Setting up aliases'
   _create_aliases
-}
 
-function _setup_postfix_vhost
-{
-  _log 'debug' 'Setting up Postfix vhost'
+  __postfix__log 'trace' 'Setting up Postfix vhost'
   _create_postfix_vhost
+
+  __postfix__log 'trace' 'Setting up DH Parameters'
+  _setup_dhparam 'Postfix' '/etc/postfix/dhparams.pem'
+
+  __postfix__log 'trace' "Configuring message size limit to '${POSTFIX_MESSAGE_SIZE_LIMIT}'"
+  postconf "message_size_limit = ${POSTFIX_MESSAGE_SIZE_LIMIT}"
+
+  __postfix__log 'trace' "Configuring mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
+  postconf "mailbox_size_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
+
+  __postfix__log 'trace' "Configuring virtual mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
+  postconf "virtual_mailbox_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
+
+  if [[ ${POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME} -eq 1 ]]
+  then
+    __postfix__log 'trace' 'Enabling reject_unknown_client_hostname to dms_smtpd_sender_restrictions'
+    sedfile -i -E \
+      's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \
+      /etc/postfix/main.cf
+  fi
 }
 
-function _setup_postfix_inet_protocols
+function _setup_postfix_late
 {
-  [[ ${POSTFIX_INET_PROTOCOLS} == 'all' ]] && return 0
+  _log 'debug' 'Configuring Postfix (late setup)'
 
-  _log 'trace' 'Setting up POSTFIX_INET_PROTOCOLS option'
-  postconf "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
+  __postfix__log 'trace' 'Configuring user access'
+  if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]
+  then
+    sed -i 's|(smtpd_sender_restrictions =)|\1 check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
+  fi
+
+  if [[ -f /tmp/docker-mailserver/postfix-receive-access.cf ]]
+  then
+    sed -i -E 's|(smtpd_recipient_restrictions =)|\1 check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
+  fi
+
+  __postfix__log 'trace' 'Configuring relay host'
+  _setup_relayhost
+
+  if [[ -n ${POSTFIX_DAGENT} ]]
+  then
+    __postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
+    # Default value in main.cf should be 'lmtp:unix:/var/run/dovecot/lmtp'
+    postconf "virtual_transport = ${POSTFIX_DAGENT}"
+  fi
+
+  __postfix__setup_override_configuration
 }
 
-function _setup_postfix_virtual_transport
+function __postfix__setup_override_configuration
 {
-  [[ -z ${POSTFIX_DAGENT} ]] && return 0
-
-  _log 'trace' "Changing Postfix virtual transport to '${POSTFIX_DAGENT}'"
-  # Default value in main.cf should be 'lmtp:unix:/var/run/dovecot/lmtp'
-  postconf "virtual_transport = ${POSTFIX_DAGENT}"
-}
-
-function _setup_postfix_override_configuration
-{
-  _log 'debug' 'Overriding / adjusting Postfix configuration with user-supplied values'
+  __postfix__log 'debug' 'Overriding / adjusting configuration with user-supplied values'
 
   if [[ -f /tmp/docker-mailserver/postfix-main.cf ]]
   then
@@ -91,9 +112,9 @@ function _setup_postfix_override_configuration
 
     mv /tmp/postfix-main-new.cf /etc/postfix/main.cf
     _adjust_mtime_for_postfix_maincf
-    _log 'trace' "Adjusted '/etc/postfix/main.cf' according to '/tmp/docker-mailserver/postfix-main.cf'"
+    __postfix__log 'trace' "Adjusted '/etc/postfix/main.cf' according to '/tmp/docker-mailserver/postfix-main.cf'"
   else
-    _log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' was not provided"
+    __postfix__log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' was not provided"
   fi
 
   if [[ -f /tmp/docker-mailserver/postfix-master.cf ]]
@@ -105,35 +126,12 @@ function _setup_postfix_override_configuration
         postconf -P "${LINE}"
       fi
     done < /tmp/docker-mailserver/postfix-master.cf
-    _log 'trace' "Adjusted '/etc/postfix/master.cf' according to '/tmp/docker-mailserver/postfix-master.cf'"
+    __postfix__log 'trace' "Adjusted '/etc/postfix/master.cf' according to '/tmp/docker-mailserver/postfix-master.cf'"
   else
-    _log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' was not provided"
+    __postfix__log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' was not provided"
   fi
 }
 
-function _setup_postfix_relay_hosts
-{
-  _setup_relayhost
-}
-
-function _setup_postfix_dhparam
-{
-  _setup_dhparam 'Postfix' '/etc/postfix/dhparams.pem'
-}
-
-function _setup_dnsbl_disable
-{
-  _log 'debug' 'Disabling postscreen DNS block lists'
-  postconf 'postscreen_dnsbl_action = ignore'
-  postconf 'postscreen_dnsbl_sites = '
-}
-
-function _setup_postfix_smtputf8
-{
-  _log 'trace' "Disabling Postfix's smtputf8 support"
-  postconf 'smtputf8_enable = no'
-}
-
 function _setup_SRS
 {
   _log 'debug' 'Setting up SRS'
@@ -177,10 +175,3 @@ function _setup_SRS
       /etc/default/postsrsd
   fi
 }
-
-function _setup_postfix_hostname
-{
-  _log 'debug' 'Applying hostname and domainname to Postfix'
-  postconf "myhostname = ${HOSTNAME}"
-  postconf "mydomain = ${DOMAINNAME}"
-}

target/scripts/startup/variables-stack.sh

@@ -107,10 +107,11 @@ function __environment_variables_general_setup
   VARS[DOVECOT_MAILBOX_FORMAT]="${DOVECOT_MAILBOX_FORMAT:=maildir}"
   VARS[DOVECOT_TLS]="${DOVECOT_TLS:=no}"
 
+  VARS[POSTFIX_DAGENT]="${POSTFIX_DAGENT:=}"
   VARS[POSTFIX_INET_PROTOCOLS]="${POSTFIX_INET_PROTOCOLS:=all}"
   VARS[POSTFIX_MAILBOX_SIZE_LIMIT]="${POSTFIX_MAILBOX_SIZE_LIMIT:=0}"
   VARS[POSTFIX_MESSAGE_SIZE_LIMIT]="${POSTFIX_MESSAGE_SIZE_LIMIT:=10240000}" # ~10 MB
-  VARS[POSTFIX_DAGENT]="${POSTFIX_DAGENT:=}"
+  VARS[POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME]="${POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME:=0}"
 
   _log 'trace' 'Setting SRS specific environment variables'