git subrepo commit (merge) mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "02ae5285"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "649a5c01"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: I870ad468fba026cc5abf3c5699ed1e12ff28b32b
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
index 3b18de4..35cd790 100755
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
@@ -10,7 +10,7 @@
sleep 2
done
-until dig +short mailcow.email @unbound > /dev/null; do
+until dig +short mailcow.email > /dev/null; do
echo "Waiting for DNS..."
sleep 1
done
@@ -25,17 +25,21 @@
newaliases;
# create sni configuration
-echo -n "" > /opt/postfix/conf/sni.map;
-for cert_dir in /etc/ssl/mail/*/ ; do
- if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
- continue;
- fi
- IFS=" " read -r -a domains <<< "$(cat "${cert_dir}domains")"
- for domain in "${domains[@]}"; do
- echo -n "${domain} ${cert_dir}key.pem ${cert_dir}cert.pem" >> /opt/postfix/conf/sni.map;
- echo "" >> /opt/postfix/conf/sni.map;
+if [[ "${SKIP_LETS_ENCRYPT}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+ echo -n "" > /opt/postfix/conf/sni.map
+else
+ echo -n "" > /opt/postfix/conf/sni.map;
+ for cert_dir in /etc/ssl/mail/*/ ; do
+ if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
+ continue;
+ fi
+ IFS=" " read -r -a domains <<< "$(cat "${cert_dir}domains")"
+ for domain in "${domains[@]}"; do
+ echo -n "${domain} ${cert_dir}key.pem ${cert_dir}cert.pem" >> /opt/postfix/conf/sni.map;
+ echo "" >> /opt/postfix/conf/sni.map;
+ done
done
-done
+fi
postmap -F hash:/opt/postfix/conf/sni.map;
cat <<EOF > /opt/postfix/conf/sql/mysql_relay_ne.cf
@@ -121,16 +125,31 @@
AND mailbox.active = '1'
), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
UNION ALL
- SELECT hostname AS transport FROM relayhosts
+ SELECT COALESCE(
+ (SELECT hostname FROM relayhosts
+ LEFT OUTER JOIN mailbox ON JSON_UNQUOTE(JSON_VALUE(mailbox.attributes, '$.relayhost')) = relayhosts.id
+ WHERE relayhosts.active = '1'
+ AND (
+ mailbox.username IN (SELECT alias.goto from alias
+ JOIN mailbox ON mailbox.username = alias.goto
+ WHERE alias.active = '1'
+ AND alias.address = '%s'
+ AND alias.address NOT LIKE '@%%'
+ )
+ )
+ ),
+ (SELECT hostname FROM relayhosts
LEFT OUTER JOIN domain ON domain.relayhost = relayhosts.id
WHERE relayhosts.active = '1'
- AND domain = '%d'
- OR domain IN (
- SELECT target_domain FROM alias_domain
- WHERE alias_domain = '%d'
+ AND (domain.domain = '%d'
+ OR domain.domain IN (
+ SELECT target_domain FROM alias_domain
+ WHERE alias_domain = '%d'
+ )
)
- )
- AS transport_view;
+ )
+ )
+ ) AS transport_view;
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_transport_maps.cf
@@ -318,14 +337,17 @@
AND alias_domain.active='1'
EOF
-# Reject sasl usernames with smtp disabled
-cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_access_maps.cf
+# MX based routing
+cat <<EOF > /opt/postfix/conf/sql/mysql_mbr_access_maps.cf
# Autogenerated by mailcow
user = ${DBUSER}
password = ${DBPASS}
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${DBNAME}
-query = SELECT 'REJECT' FROM mailbox WHERE username = '%u' AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.smtp_access')) = '0';
+query = SELECT CONCAT('FILTER smtp_via_transport_maps:', nexthop) as transport FROM transports
+ WHERE '%s' REGEXP destination
+ AND active='1'
+ AND is_mx_based='1';
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf
@@ -354,12 +376,15 @@
if [[ ! -f /opt/postfix/conf/custom_postscreen_whitelist.cidr ]]; then
echo "Creating dummy custom_postscreen_whitelist.cidr"
- echo '# Autogenerated by mailcow' > /opt/postfix/conf/custom_postscreen_whitelist.cidr
+ cat <<EOF > /opt/postfix/conf/custom_postscreen_whitelist.cidr
+# Autogenerated by mailcow
+# Rules are evaluated in the order as specified.
+# Blacklist 192.168.* except 192.168.0.1.
+# 192.168.0.1 permit
+# 192.168.0.0/16 reject
+EOF
fi
-# Fix SMTP last login on slaves
-sed -i "s/__REDIS_SLAVEOF_IP__/${REDIS_SLAVEOF_IP}/g" /usr/local/bin/smtpd_last_login.sh
-
# Fix Postfix permissions
chown -R root:postfix /opt/postfix/conf/sql/ /opt/postfix/conf/custom_transport.pcre
chmod 640 /opt/postfix/conf/sql/*.cf /opt/postfix/conf/custom_transport.pcre