Posfix: add option to re-enable reject_unknown_client_hostname after #3248 (#3255)

This commit is contained in:
Georg Lauterbach 2023-04-16 14:09:00 +02:00 committed by GitHub
parent 03772f612a
commit c8dfb9ac76
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 89 additions and 93 deletions

View file

@ -274,6 +274,13 @@ Customize the update check interval. Number + Suffix. Suffix must be 's' for sec
This option has been added in November 2019. Using other format than Maildir is considered as experimental in docker-mailserver and should only be used for testing purpose. For more details, please refer to [Dovecot Documentation](https://wiki2.dovecot.org/MailboxFormat).
##### POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME
If enabled, employs `reject_unknown_client_hostname` to sender restrictions in Postfix's configuration.
- **0** => Disabled
- 1 => Enabled
##### POSTFIX_INET_PROTOCOLS
- **all** => Listen on all interfaces.

View file

@ -318,6 +318,13 @@ REPORT_SENDER=
# Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger).
LOGROTATE_INTERVAL=weekly
# If enabled, employs `reject_unknown_client_hostname` to sender restrictions in Postfix's configuration.
#
# - **0** => Disabled
# - 1 => Enabled
POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0
# Choose TCP/IP protocols for postfix to use
# **all** => All possible protocols.
# ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.

View file

@ -75,7 +75,6 @@ function _register_functions
_register_setup_function '_setup_saslauthd'
fi
_register_setup_function '_setup_postfix_inet_protocols'
_register_setup_function '_setup_dovecot_inet_protocols'
_register_setup_function '_setup_opendkim'
@ -91,17 +90,11 @@ function _register_functions
_register_setup_function '_setup_mailname'
_register_setup_function '_setup_dovecot_hostname'
_register_setup_function '_setup_postfix_hostname'
_register_setup_function '_setup_postfix_smtputf8'
_register_setup_function '_setup_postfix_sasl'
_register_setup_function '_setup_postfix_aliases'
_register_setup_function '_setup_postfix_vhost'
_register_setup_function '_setup_postfix_dhparam'
_register_setup_function '_setup_postfix_sizelimits'
_register_setup_function '_setup_postfix_early'
_register_setup_function '_setup_fetchmail'
_register_setup_function '_setup_fetchmail_parallel'
# needs to come after _setup_postfix_aliases
# needs to come after _setup_postfix_early
_register_setup_function '_setup_spoof_protection'
if [[ ${ENABLE_SRS} -eq 1 ]]
@ -110,10 +103,7 @@ function _register_functions
_register_start_daemon '_start_daemon_postsrsd'
fi
_register_setup_function '_setup_postfix_access_control'
_register_setup_function '_setup_postfix_relay_hosts'
_register_setup_function '_setup_postfix_virtual_transport'
_register_setup_function '_setup_postfix_override_configuration'
_register_setup_function '_setup_postfix_late'
_register_setup_function '_setup_logrotate'
_register_setup_function '_setup_mail_summary'
_register_setup_function '_setup_logwatch'

View file

@ -1,34 +1,30 @@
#!/bin/bash
function _setup_postfix_sizelimits
# Just a helper to prepend the log messages with `(Postfix setup)` so
# users know exactly where the message originated from.
#
# @param ${1} = log level
# @param ${2} = message
function __postfix__log { _log "${1:-}" "(Postfix setup) ${2:-}" ; }
function _setup_postfix_early
{
_log 'trace' "Configuring Postfix message size limit to '${POSTFIX_MESSAGE_SIZE_LIMIT}'"
postconf "message_size_limit = ${POSTFIX_MESSAGE_SIZE_LIMIT}"
_log 'debug' 'Configuring Postfix (early setup)'
_log 'trace' "Configuring Postfix mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
postconf "mailbox_size_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
__postfix__log 'trace' 'Applying hostname and domainname'
postconf "myhostname = ${HOSTNAME}"
postconf "mydomain = ${DOMAINNAME}"
_log 'trace' "Configuring Postfix virtual mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
postconf "virtual_mailbox_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
}
function _setup_postfix_access_control
{
_log 'trace' 'Configuring user access'
if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]
if [[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]]
then
sed -i 's|smtpd_sender_restrictions =|smtpd_sender_restrictions = check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
__postfix__log 'trace' 'Setting up POSTFIX_INET_PROTOCOLS option'
postconf "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
fi
if [[ -f /tmp/docker-mailserver/postfix-receive-access.cf ]]
then
sed -i 's|smtpd_recipient_restrictions =|smtpd_recipient_restrictions = check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
fi
}
__postfix__log 'trace' "Disabling SMTPUTF8 support"
postconf 'smtputf8_enable = no'
function _setup_postfix_sasl
{
__postfix__log 'trace' "Configuring SASLauthd"
if [[ ${ENABLE_SASLAUTHD} -eq 1 ]] && [[ ! -f /etc/postfix/sasl/smtpd.conf ]]
then
cat >/etc/postfix/sasl/smtpd.conf << EOF
@ -46,40 +42,65 @@ EOF
's|^ -o smtpd_sasl_auth_enable=.*| -o smtpd_sasl_auth_enable=no|g' \
/etc/postfix/master.cf
fi
}
function _setup_postfix_aliases
{
_log 'debug' 'Setting up Postfix aliases'
__postfix__log 'trace' 'Setting up aliases'
_create_aliases
}
function _setup_postfix_vhost
{
_log 'debug' 'Setting up Postfix vhost'
__postfix__log 'trace' 'Setting up Postfix vhost'
_create_postfix_vhost
__postfix__log 'trace' 'Setting up DH Parameters'
_setup_dhparam 'Postfix' '/etc/postfix/dhparams.pem'
__postfix__log 'trace' "Configuring message size limit to '${POSTFIX_MESSAGE_SIZE_LIMIT}'"
postconf "message_size_limit = ${POSTFIX_MESSAGE_SIZE_LIMIT}"
__postfix__log 'trace' "Configuring mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
postconf "mailbox_size_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
__postfix__log 'trace' "Configuring virtual mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
postconf "virtual_mailbox_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
if [[ ${POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME} -eq 1 ]]
then
__postfix__log 'trace' 'Enabling reject_unknown_client_hostname to dms_smtpd_sender_restrictions'
sedfile -i -E \
's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \
/etc/postfix/main.cf
fi
}
function _setup_postfix_inet_protocols
function _setup_postfix_late
{
[[ ${POSTFIX_INET_PROTOCOLS} == 'all' ]] && return 0
_log 'debug' 'Configuring Postfix (late setup)'
_log 'trace' 'Setting up POSTFIX_INET_PROTOCOLS option'
postconf "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
}
__postfix__log 'trace' 'Configuring user access'
if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]
then
sed -i 's|(smtpd_sender_restrictions =)|\1 check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
fi
function _setup_postfix_virtual_transport
{
[[ -z ${POSTFIX_DAGENT} ]] && return 0
if [[ -f /tmp/docker-mailserver/postfix-receive-access.cf ]]
then
sed -i -E 's|(smtpd_recipient_restrictions =)|\1 check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
fi
_log 'trace' "Changing Postfix virtual transport to '${POSTFIX_DAGENT}'"
__postfix__log 'trace' 'Configuring relay host'
_setup_relayhost
if [[ -n ${POSTFIX_DAGENT} ]]
then
__postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
# Default value in main.cf should be 'lmtp:unix:/var/run/dovecot/lmtp'
postconf "virtual_transport = ${POSTFIX_DAGENT}"
fi
__postfix__setup_override_configuration
}
function _setup_postfix_override_configuration
function __postfix__setup_override_configuration
{
_log 'debug' 'Overriding / adjusting Postfix configuration with user-supplied values'
__postfix__log 'debug' 'Overriding / adjusting configuration with user-supplied values'
if [[ -f /tmp/docker-mailserver/postfix-main.cf ]]
then
@ -91,9 +112,9 @@ function _setup_postfix_override_configuration
mv /tmp/postfix-main-new.cf /etc/postfix/main.cf
_adjust_mtime_for_postfix_maincf
_log 'trace' "Adjusted '/etc/postfix/main.cf' according to '/tmp/docker-mailserver/postfix-main.cf'"
__postfix__log 'trace' "Adjusted '/etc/postfix/main.cf' according to '/tmp/docker-mailserver/postfix-main.cf'"
else
_log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' was not provided"
__postfix__log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' was not provided"
fi
if [[ -f /tmp/docker-mailserver/postfix-master.cf ]]
@ -105,35 +126,12 @@ function _setup_postfix_override_configuration
postconf -P "${LINE}"
fi
done < /tmp/docker-mailserver/postfix-master.cf
_log 'trace' "Adjusted '/etc/postfix/master.cf' according to '/tmp/docker-mailserver/postfix-master.cf'"
__postfix__log 'trace' "Adjusted '/etc/postfix/master.cf' according to '/tmp/docker-mailserver/postfix-master.cf'"
else
_log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' was not provided"
__postfix__log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' was not provided"
fi
}
function _setup_postfix_relay_hosts
{
_setup_relayhost
}
function _setup_postfix_dhparam
{
_setup_dhparam 'Postfix' '/etc/postfix/dhparams.pem'
}
function _setup_dnsbl_disable
{
_log 'debug' 'Disabling postscreen DNS block lists'
postconf 'postscreen_dnsbl_action = ignore'
postconf 'postscreen_dnsbl_sites = '
}
function _setup_postfix_smtputf8
{
_log 'trace' "Disabling Postfix's smtputf8 support"
postconf 'smtputf8_enable = no'
}
function _setup_SRS
{
_log 'debug' 'Setting up SRS'
@ -177,10 +175,3 @@ function _setup_SRS
/etc/default/postsrsd
fi
}
function _setup_postfix_hostname
{
_log 'debug' 'Applying hostname and domainname to Postfix'
postconf "myhostname = ${HOSTNAME}"
postconf "mydomain = ${DOMAINNAME}"
}

View file

@ -107,10 +107,11 @@ function __environment_variables_general_setup
VARS[DOVECOT_MAILBOX_FORMAT]="${DOVECOT_MAILBOX_FORMAT:=maildir}"
VARS[DOVECOT_TLS]="${DOVECOT_TLS:=no}"
VARS[POSTFIX_DAGENT]="${POSTFIX_DAGENT:=}"
VARS[POSTFIX_INET_PROTOCOLS]="${POSTFIX_INET_PROTOCOLS:=all}"
VARS[POSTFIX_MAILBOX_SIZE_LIMIT]="${POSTFIX_MAILBOX_SIZE_LIMIT:=0}"
VARS[POSTFIX_MESSAGE_SIZE_LIMIT]="${POSTFIX_MESSAGE_SIZE_LIMIT:=10240000}" # ~10 MB
VARS[POSTFIX_DAGENT]="${POSTFIX_DAGENT:=}"
VARS[POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME]="${POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME:=0}"
_log 'trace' 'Setting SRS specific environment variables'