git subrepo commit (merge) mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "02ae5285"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "649a5c01"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: I870ad468fba026cc5abf3c5699ed1e12ff28b32b
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile
index 8b913af..56b274a 100644
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile
@@ -45,7 +45,6 @@
COPY rspamd-pipe-ham /usr/local/bin/rspamd-pipe-ham
COPY rspamd-pipe-spam /usr/local/bin/rspamd-pipe-spam
COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh
-COPY smtpd_last_login.sh /usr/local/bin/smtpd_last_login.sh
COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
COPY docker-entrypoint.sh /docker-entrypoint.sh
@@ -53,7 +52,6 @@
/usr/local/bin/rspamd-pipe-ham \
/usr/local/bin/rspamd-pipe-spam \
/usr/local/bin/whitelist_forwardinghosts.sh \
- /usr/local/bin/smtpd_last_login.sh \
/usr/local/sbin/stop-supervisor.sh
RUN rm -rf /tmp/* /var/tmp/*
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
index 3b18de4..35cd790 100755
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
@@ -10,7 +10,7 @@
sleep 2
done
-until dig +short mailcow.email @unbound > /dev/null; do
+until dig +short mailcow.email > /dev/null; do
echo "Waiting for DNS..."
sleep 1
done
@@ -25,17 +25,21 @@
newaliases;
# create sni configuration
-echo -n "" > /opt/postfix/conf/sni.map;
-for cert_dir in /etc/ssl/mail/*/ ; do
- if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
- continue;
- fi
- IFS=" " read -r -a domains <<< "$(cat "${cert_dir}domains")"
- for domain in "${domains[@]}"; do
- echo -n "${domain} ${cert_dir}key.pem ${cert_dir}cert.pem" >> /opt/postfix/conf/sni.map;
- echo "" >> /opt/postfix/conf/sni.map;
+if [[ "${SKIP_LETS_ENCRYPT}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+ echo -n "" > /opt/postfix/conf/sni.map
+else
+ echo -n "" > /opt/postfix/conf/sni.map;
+ for cert_dir in /etc/ssl/mail/*/ ; do
+ if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
+ continue;
+ fi
+ IFS=" " read -r -a domains <<< "$(cat "${cert_dir}domains")"
+ for domain in "${domains[@]}"; do
+ echo -n "${domain} ${cert_dir}key.pem ${cert_dir}cert.pem" >> /opt/postfix/conf/sni.map;
+ echo "" >> /opt/postfix/conf/sni.map;
+ done
done
-done
+fi
postmap -F hash:/opt/postfix/conf/sni.map;
cat <<EOF > /opt/postfix/conf/sql/mysql_relay_ne.cf
@@ -121,16 +125,31 @@
AND mailbox.active = '1'
), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
UNION ALL
- SELECT hostname AS transport FROM relayhosts
+ SELECT COALESCE(
+ (SELECT hostname FROM relayhosts
+ LEFT OUTER JOIN mailbox ON JSON_UNQUOTE(JSON_VALUE(mailbox.attributes, '$.relayhost')) = relayhosts.id
+ WHERE relayhosts.active = '1'
+ AND (
+ mailbox.username IN (SELECT alias.goto from alias
+ JOIN mailbox ON mailbox.username = alias.goto
+ WHERE alias.active = '1'
+ AND alias.address = '%s'
+ AND alias.address NOT LIKE '@%%'
+ )
+ )
+ ),
+ (SELECT hostname FROM relayhosts
LEFT OUTER JOIN domain ON domain.relayhost = relayhosts.id
WHERE relayhosts.active = '1'
- AND domain = '%d'
- OR domain IN (
- SELECT target_domain FROM alias_domain
- WHERE alias_domain = '%d'
+ AND (domain.domain = '%d'
+ OR domain.domain IN (
+ SELECT target_domain FROM alias_domain
+ WHERE alias_domain = '%d'
+ )
)
- )
- AS transport_view;
+ )
+ )
+ ) AS transport_view;
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_transport_maps.cf
@@ -318,14 +337,17 @@
AND alias_domain.active='1'
EOF
-# Reject sasl usernames with smtp disabled
-cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_access_maps.cf
+# MX based routing
+cat <<EOF > /opt/postfix/conf/sql/mysql_mbr_access_maps.cf
# Autogenerated by mailcow
user = ${DBUSER}
password = ${DBPASS}
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${DBNAME}
-query = SELECT 'REJECT' FROM mailbox WHERE username = '%u' AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.smtp_access')) = '0';
+query = SELECT CONCAT('FILTER smtp_via_transport_maps:', nexthop) as transport FROM transports
+ WHERE '%s' REGEXP destination
+ AND active='1'
+ AND is_mx_based='1';
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf
@@ -354,12 +376,15 @@
if [[ ! -f /opt/postfix/conf/custom_postscreen_whitelist.cidr ]]; then
echo "Creating dummy custom_postscreen_whitelist.cidr"
- echo '# Autogenerated by mailcow' > /opt/postfix/conf/custom_postscreen_whitelist.cidr
+ cat <<EOF > /opt/postfix/conf/custom_postscreen_whitelist.cidr
+# Autogenerated by mailcow
+# Rules are evaluated in the order as specified.
+# Blacklist 192.168.* except 192.168.0.1.
+# 192.168.0.1 permit
+# 192.168.0.0/16 reject
+EOF
fi
-# Fix SMTP last login on slaves
-sed -i "s/__REDIS_SLAVEOF_IP__/${REDIS_SLAVEOF_IP}/g" /usr/local/bin/smtpd_last_login.sh
-
# Fix Postfix permissions
chown -R root:postfix /opt/postfix/conf/sql/ /opt/postfix/conf/custom_transport.pcre
chmod 640 /opt/postfix/conf/sql/*.cf /opt/postfix/conf/custom_transport.pcre
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/smtpd_last_login.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/smtpd_last_login.sh
deleted file mode 100755
index 9d249af..0000000
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/smtpd_last_login.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-
-REDIS_SLAVEOF_IP=__REDIS_SLAVEOF_IP__
-
-# Do not attempt to write to slave
-if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
- REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
-else
- REDIS_CMDLINE="redis-cli -h redis -p 6379"
-fi
-
-while read QUERY; do
- QUERY=($QUERY)
- # If nothing matched, end here - Postfix last line will be empty
- if [[ -z "$(echo ${QUERY[0]} | tr -d '\040\011\012\015')" ]]; then
- echo -ne "action=dunno\n\n"
- # We found a username, log and return
- elif [[ "${QUERY[0]}" =~ sasl_username ]]; then
- MUSER=$(printf "%q" ${QUERY[0]#sasl_username=})
- ${REDIS_CMDLINE} SET "last-login/smtp/$MUSER" "$(date +%s)"
- echo -ne "action=dunno\n\n"
- fi
-done
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
index 609ee55..40fb1cd 100644
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
@@ -28,7 +28,7 @@
host("`REDIS_SLAVEOF_IP`")
persist-name("redis2")
port(`REDIS_SLAVEOF_PORT`)
- command("PUBLISH" "F2B_CHANNEL" "$MESSAGE")
+ command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
);
};
filter f_mail { facility(mail); };
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng.conf b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng.conf
index 9e14fe1..8fdc104 100644
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng.conf
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng.conf
@@ -28,7 +28,7 @@
host("redis-mailcow")
persist-name("redis2")
port(6379)
- command("PUBLISH" "F2B_CHANNEL" "$MESSAGE")
+ command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
);
};
filter f_mail { facility(mail); };