commit 7b2a3a1c374b0a853b379f41561dcf2796c55986
author Matthias Andreas Benkard <code@mail.matthias.benkard.de> Mon Aug 16 10:57:25 2021 +0200
committer Matthias Andreas Benkard <code@mail.matthias.benkard.de> Mon Aug 16 10:57:25 2021 +0200
tree 28fe5b17bb86fa7f276e64c6981ab05401a84038
parent 8bb60d08ffa0baf1a0e81e705342d6f25dd8511c

git subrepo commit (merge) mailcow/src/mailcow-dockerized

subrepo: subdir:   "mailcow/src/mailcow-dockerized"
  merged:   "02ae5285"
upstream: origin:   "https://github.com/mailcow/mailcow-dockerized.git"
  branch:   "master"
  commit:   "649a5c01"
git-subrepo: version:  "0.4.3"
  origin:   "???"
  commit:   "???"
Change-Id: I870ad468fba026cc5abf3c5699ed1e12ff28b32b

mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh

diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
index 3b18de4..35cd790 100755
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
@@ -10,7 +10,7 @@
   sleep 2
 done
 
-until dig +short mailcow.email @unbound > /dev/null; do
+until dig +short mailcow.email > /dev/null; do
   echo "Waiting for DNS..."
   sleep 1
 done
@@ -25,17 +25,21 @@
 newaliases;
 
 # create sni configuration
-echo -n "" > /opt/postfix/conf/sni.map;
-for cert_dir in /etc/ssl/mail/*/ ; do
-  if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
-    continue;
-  fi
-  IFS=" " read -r -a domains <<< "$(cat "${cert_dir}domains")"
-  for domain in "${domains[@]}"; do
-    echo -n "${domain} ${cert_dir}key.pem ${cert_dir}cert.pem" >> /opt/postfix/conf/sni.map;
-    echo "" >> /opt/postfix/conf/sni.map;
+if [[ "${SKIP_LETS_ENCRYPT}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+  echo -n "" > /opt/postfix/conf/sni.map
+else
+  echo -n "" > /opt/postfix/conf/sni.map;
+  for cert_dir in /etc/ssl/mail/*/ ; do
+    if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
+      continue;
+    fi
+    IFS=" " read -r -a domains <<< "$(cat "${cert_dir}domains")"
+    for domain in "${domains[@]}"; do
+      echo -n "${domain} ${cert_dir}key.pem ${cert_dir}cert.pem" >> /opt/postfix/conf/sni.map;
+      echo "" >> /opt/postfix/conf/sni.map;
+    done
   done
-done
+fi
 postmap -F hash:/opt/postfix/conf/sni.map;
 
 cat <<EOF > /opt/postfix/conf/sql/mysql_relay_ne.cf
@@ -121,16 +125,31 @@
         AND mailbox.active = '1'
     ), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
     UNION ALL
-    SELECT hostname AS transport FROM relayhosts
+    SELECT COALESCE(
+      (SELECT hostname FROM relayhosts
+      LEFT OUTER JOIN mailbox ON JSON_UNQUOTE(JSON_VALUE(mailbox.attributes, '$.relayhost')) = relayhosts.id
+        WHERE relayhosts.active = '1'
+          AND (
+            mailbox.username IN (SELECT alias.goto from alias
+              JOIN mailbox ON mailbox.username = alias.goto
+                WHERE alias.active = '1'
+                  AND alias.address = '%s'
+                  AND alias.address NOT LIKE '@%%'
+            )
+          )
+      ),
+      (SELECT hostname FROM relayhosts
       LEFT OUTER JOIN domain ON domain.relayhost = relayhosts.id
         WHERE relayhosts.active = '1'
-          AND domain = '%d'
-          OR domain IN (
-            SELECT target_domain FROM alias_domain
-              WHERE alias_domain = '%d'
+          AND (domain.domain = '%d'
+            OR domain.domain IN (
+              SELECT target_domain FROM alias_domain
+                WHERE alias_domain = '%d'
+            )
           )
-  )
-  AS transport_view;
+      )
+    )
+  ) AS transport_view;
 EOF
 
 cat <<EOF > /opt/postfix/conf/sql/mysql_transport_maps.cf
@@ -318,14 +337,17 @@
       AND alias_domain.active='1'
 EOF
 
-# Reject sasl usernames with smtp disabled
-cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_access_maps.cf
+# MX based routing
+cat <<EOF > /opt/postfix/conf/sql/mysql_mbr_access_maps.cf
 # Autogenerated by mailcow
 user = ${DBUSER}
 password = ${DBPASS}
 hosts = unix:/var/run/mysqld/mysqld.sock
 dbname = ${DBNAME}
-query = SELECT 'REJECT' FROM mailbox WHERE username = '%u' AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.smtp_access')) = '0';
+query = SELECT CONCAT('FILTER smtp_via_transport_maps:', nexthop) as transport FROM transports
+  WHERE '%s' REGEXP destination
+    AND active='1'
+    AND is_mx_based='1';
 EOF
 
 cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf
@@ -354,12 +376,15 @@
 
 if [[ ! -f /opt/postfix/conf/custom_postscreen_whitelist.cidr ]]; then
   echo "Creating dummy custom_postscreen_whitelist.cidr"
-  echo '# Autogenerated by mailcow' > /opt/postfix/conf/custom_postscreen_whitelist.cidr
+  cat <<EOF > /opt/postfix/conf/custom_postscreen_whitelist.cidr
+# Autogenerated by mailcow
+# Rules are evaluated in the order as specified.
+# Blacklist 192.168.* except 192.168.0.1.
+# 192.168.0.1          permit
+# 192.168.0.0/16       reject
+EOF
 fi
 
-# Fix SMTP last login on slaves
-sed -i "s/__REDIS_SLAVEOF_IP__/${REDIS_SLAVEOF_IP}/g" /usr/local/bin/smtpd_last_login.sh
-
 # Fix Postfix permissions
 chown -R root:postfix /opt/postfix/conf/sql/ /opt/postfix/conf/custom_transport.pcre
 chmod 640 /opt/postfix/conf/sql/*.cf /opt/postfix/conf/custom_transport.pcre