git subrepo commit (merge) mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "c7b1dc37"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "a366494c"
git-subrepo: version: "0.4.6"
origin: "???"
commit: "???"
Change-Id: Id574ecd4e02e3c4fbf8a1efd49be11c0b6d19a3f
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile
index e3c6498..bda6e07 100644
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile
@@ -1,5 +1,5 @@
FROM debian:bullseye-slim
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
ARG DEBIAN_FRONTEND=noninteractive
ENV LC_ALL C
@@ -17,10 +17,10 @@
ca-certificates \
curl \
dirmngr \
- dnsutils \
+ dnsutils \
gnupg \
libsasl2-modules \
- mariadb-client \
+ mariadb-client \
perl \
postfix \
postfix-mysql \
@@ -32,7 +32,7 @@
syslog-ng \
syslog-ng-core \
syslog-ng-mod-redis \
- tzdata \
+ tzdata \
&& rm -rf /var/lib/apt/lists/* \
&& touch /etc/default/locale \
&& printf '#!/bin/bash\n/usr/sbin/postconf -c /opt/postfix/conf "$@"' > /usr/local/sbin/postconf \
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
index 78b070e..b3098d3 100755
--- a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
@@ -393,12 +393,101 @@
AND validity >= UNIX_TIMESTAMP()
EOF
-sed -i '/User overrides/q' /opt/postfix/conf/main.cf
-echo >> /opt/postfix/conf/main.cf
-touch /opt/postfix/conf/extra.cf
-sed -i '/myhostname/d' /opt/postfix/conf/extra.cf
-echo -e "myhostname = ${MAILCOW_HOSTNAME}\n$(cat /opt/postfix/conf/extra.cf)" > /opt/postfix/conf/extra.cf
+if [ ! -f /opt/postfix/conf/dns_blocklists.cf ]; then
+ cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
+# This file can be edited.
+# Delete this file and restart postfix container to revert any changes.
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+ hostkarma.junkemailfilter.com=127.0.0.1*-2
+ list.dnswl.org=127.0.[0..255].0*-2
+ list.dnswl.org=127.0.[0..255].1*-4
+ list.dnswl.org=127.0.[0..255].2*-6
+ list.dnswl.org=127.0.[0..255].3*-8
+ ix.dnsbl.manitu.net*2
+ bl.spamcop.net*2
+ bl.suomispam.net*2
+ hostkarma.junkemailfilter.com=127.0.0.2*3
+ hostkarma.junkemailfilter.com=127.0.0.4*2
+ hostkarma.junkemailfilter.com=127.0.1.2*1
+ backscatter.spameatingmonkey.net*2
+ bl.ipv6.spameatingmonkey.net*2
+ bl.spameatingmonkey.net*2
+ b.barracudacentral.org=127.0.0.2*7
+ bl.mailspike.net=127.0.0.2*5
+ bl.mailspike.net=127.0.0.[10;11;12]*4
+ dnsbl.sorbs.net=127.0.0.10*8
+ dnsbl.sorbs.net=127.0.0.5*6
+ dnsbl.sorbs.net=127.0.0.7*3
+ dnsbl.sorbs.net=127.0.0.8*2
+ dnsbl.sorbs.net=127.0.0.6*2
+ dnsbl.sorbs.net=127.0.0.9*2
+EOF
+fi
+DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
+if [ ! -z "$DNSBL_CONFIG" ]; then
+ echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List...\e[0m"
+ if [ -n "$SPAMHAUS_DQS_KEY" ]; then
+ echo -e "\e[32mDetected SPAMHAUS_DQS_KEY variable from mailcow.conf...\e[0m"
+ echo -e "\e[33mUsing DQS Blocklists from Spamhaus!\e[0m"
+ SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF
+ ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6
+ ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[10;11]*8
+ ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.3*4
+ ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.2*3
+postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply.map
+EOF
+
+ cat <<EOF > /opt/postfix/conf/dnsbl_reply.map
+# Autogenerated by mailcow, using Spamhaus DQS reply domains
+${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net sbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.xbl.dq.spamhaus.net xbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.pbl.dq.spamhaus.net pbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net zen.spamhaus.org
+${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net dbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net zrd.spamhaus.org
+EOF
+ )
+ else
+ if [ -f "/opt/postfix/conf/dnsbl_reply.map" ]; then
+ rm /opt/postfix/conf/dnsbl_reply.map
+ fi
+ response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+ if [ "$response" -eq 503 ]; then
+ echo -e "\e[31mThe AS of your IP is listed as a banned AS from Spamhaus!\e[0m"
+ echo -e "\e[33mNo SPAMHAUS_DQS_KEY found... Skipping Spamhaus blocklists entirely!\e[0m"
+ SPAMHAUS_DNSBL_CONFIG=""
+ elif [ "$response" -eq 200 ]; then
+ echo -e "\e[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\e[0m"
+ echo -e "\e[33mUsing the open Spamhaus blocklists.\e[0m"
+ SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF
+ zen.spamhaus.org=127.0.0.[10;11]*8
+ zen.spamhaus.org=127.0.0.[4..7]*6
+ zen.spamhaus.org=127.0.0.3*4
+ zen.spamhaus.org=127.0.0.2*3
+EOF
+ )
+
+ else
+ echo -e "\e[31mWe couldn't determine your AS... (maybe DNS/Network issue?) Response Code: $response\e[0m"
+ echo -e "\e[33mDeactivating Spamhaus DNS Blocklists to be on the safe site!\e[0m"
+ SPAMHAUS_DNSBL_CONFIG=""
+ fi
+ fi
+fi
+
+# Reset main.cf
+sed -i '/Overrides/q' /opt/postfix/conf/main.cf
+echo >> /opt/postfix/conf/main.cf
+# Append postscreen dnsbl sites to main.cf
+if [ ! -z "$DNSBL_CONFIG" ]; then
+ echo -e "${DNSBL_CONFIG}\n${SPAMHAUS_DNSBL_CONFIG}" >> /opt/postfix/conf/main.cf
+fi
+# Append user overrides
+echo -e "\n# User Overrides" >> /opt/postfix/conf/main.cf
+touch /opt/postfix/conf/extra.cf
+sed -i '/\$myhostname/! { /myhostname/d }' /opt/postfix/conf/extra.cf
+echo -e "myhostname = ${MAILCOW_HOSTNAME}\n$(cat /opt/postfix/conf/extra.cf)" > /opt/postfix/conf/extra.cf
cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf
if [ ! -f /opt/postfix/conf/custom_transport.pcre ]; then