From 68dd84ef7e3759e50567709ae682f750122a6e76 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 18 Feb 2022 15:18:33 +0100 Subject: [PATCH 1/8] use new s6-rc layout [skip ci] --- README.md | 3 --- rootfs/etc/confd/templates/main.cf.tmpl | 1 - rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl | 2 +- rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl | 2 +- .../etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl | 2 +- rootfs/etc/confd/templates/pgsql-virtual-mailbox-maps.cf.tmpl | 2 +- 6 files changed, 4 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 7ae5c91..37a6de2 100644 --- a/README.md +++ b/README.md @@ -17,9 +17,6 @@ create table if not exists virtual_aliases ( destination text not null ); -create table if not exists virtual_senders ( - email text not null references virtual_users(email) -); ``` # Volumes diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index 37aaeb6..c9ac846 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -70,7 +70,6 @@ non_smtpd_milters=$smtpd_milters milter_mail_macros="i {mail_addr} {client_addr} {client_name} {auth_authen}" milter_default_action = accept milter_macro_daemon_name = ORIGINATING -milter_connect_macros = "i j {daemon_name} v {if_name} _" message_size_limit = {{getenv "MESSAGE_SIZELIMIT" "20000000"}} diff --git a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl index 98f90dd..ee0c956 100644 --- a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl +++ b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl @@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }} user = {{ getenv "DB_USER" "email" }} password = {{ getenv "DB_PASSWORD" }} dbname = {{ getenv "DB_NAME" "email" }} -query = SELECT email FROM virtual_users WHERE email='%s' UNION SELECT destination FROM virtual_aliases WHERE email='%s' +query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' diff --git a/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl index 302129d..d7e5ef4 100644 --- a/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl +++ b/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl @@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }} user = {{ getenv "DB_USER" "email" }} password = {{ getenv "DB_PASSWORD" }} dbname = {{ getenv "DB_NAME" "email" }} -query = SELECT destination FROM virtual_aliases WHERE email='%s' +query = SELECT destination FROM virtual_aliases WHERE source='%u' diff --git a/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl b/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl index 6fd5b58..89292e5 100644 --- a/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl +++ b/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl @@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }} user = {{ getenv "DB_USER" "email" }} password = {{ getenv "DB_PASSWORD" }} dbname = {{ getenv "DB_NAME" "email" }} -query = SELECT name FROM virtual_domains WHERE name='%s' +query = SELECT name FROM virtual_domains WHERE name='%u' diff --git a/rootfs/etc/confd/templates/pgsql-virtual-mailbox-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-virtual-mailbox-maps.cf.tmpl index 971fa97..addd0fb 100644 --- a/rootfs/etc/confd/templates/pgsql-virtual-mailbox-maps.cf.tmpl +++ b/rootfs/etc/confd/templates/pgsql-virtual-mailbox-maps.cf.tmpl @@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }} user = {{ getenv "DB_USER" "email" }} password = {{ getenv "DB_PASSWORD" }} dbname = {{ getenv "DB_NAME" "email" }} -query = SELECT email FROM virtual_users WHERE email ='%s' +query = SELECT email FROM virtual_users WHERE email ='%u' From ee2354560b26fa772fa5d5beb7c28a7354596b4e Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 12 Jul 2022 19:46:15 +0200 Subject: [PATCH 2/8] use newer base image --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 093269a..d8f8e55 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM thallian/confd-env:latest +FROM docker.io/thallian/confd-env:3.16 RUN apk add --no-cache \ postfix \ From 438c4e3035d526ce52f5846818a0af6f01691e3e Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Sat, 10 Sep 2022 23:18:00 +0200 Subject: [PATCH 3/8] use default milter macros --- rootfs/etc/confd/templates/main.cf.tmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index c9ac846..8a8173d 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -67,7 +67,6 @@ smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql-login-maps.cf smtpd_milters={{getenv "RSPAMD_ADDRESS" "inet:127.0.0.1:11332"}} non_smtpd_milters=$smtpd_milters -milter_mail_macros="i {mail_addr} {client_addr} {client_name} {auth_authen}" milter_default_action = accept milter_macro_daemon_name = ORIGINATING From 2d91915d18a22f3ad24b98ef21a0a91562a35d29 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Sun, 11 Sep 2022 13:16:25 +0200 Subject: [PATCH 4/8] add wildcard sending --- README.md | 3 ++- rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 37a6de2..bdc8ebc 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,8 @@ create table if not exists virtual_domains ( create table if not exists virtual_users ( email text primary key, - domain_name text not null references virtual_domains(name) + domain_name text not null references virtual_domains(name), + wildcard_sender bool default false ); create table if not exists virtual_aliases ( diff --git a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl index ee0c956..73cfeba 100644 --- a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl +++ b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl @@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }} user = {{ getenv "DB_USER" "email" }} password = {{ getenv "DB_PASSWORD" }} dbname = {{ getenv "DB_NAME" "email" }} -query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' +query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' UNION SELECT email FROM virtual_users WHERE wildcard_sender=true From 4aefd6059bb3b45c0a073b9ee2e500b7788d25ab Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Sat, 1 Oct 2022 08:37:34 +0200 Subject: [PATCH 5/8] don't block all email --- rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl index 73cfeba..4460f1c 100644 --- a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl +++ b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl @@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }} user = {{ getenv "DB_USER" "email" }} password = {{ getenv "DB_PASSWORD" }} dbname = {{ getenv "DB_NAME" "email" }} -query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' UNION SELECT email FROM virtual_users WHERE wildcard_sender=true +query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' From 17449cfdb4add28a21eed1479b969ec81500391f Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 28 Oct 2022 18:02:29 +0200 Subject: [PATCH 6/8] use lego names for certificates --- rootfs/etc/confd/templates/main.cf.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index 8a8173d..2f7fd06 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -22,8 +22,8 @@ virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual-mailbox-domains.cf virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual-alias-maps.cf virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}} -smtpd_tls_key_file=/etc/ssl/mail/tls.key -smtpd_tls_cert_file=/etc/ssl/mail/tls.crt +smtpd_tls_key_file=/etc/ssl/mail/key.pem +smtpd_tls_cert_file=/etc/ssl/mail/cert.pem smtp_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}} smtp_tls_auth_only = yes From fba756d7ac3471f6469959a851a9a79e8f4c3200 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Mon, 31 Oct 2022 13:38:08 +0100 Subject: [PATCH 7/8] readd wildcard sending functionality --- Dockerfile | 3 ++- README.md | 2 +- rootfs/etc/confd/templates/main.cf.tmpl | 13 ++++++------- rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index d8f8e55..a058c3c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,8 @@ RUN apk add --no-cache \ postfix-pgsql \ openssl \ libstdc++ \ - libmilter + libmilter \ + icu-data-full RUN addgroup -g 2222 access RUN addgroup postfix access diff --git a/README.md b/README.md index bdc8ebc..57cc753 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ create table if not exists virtual_domains ( create table if not exists virtual_users ( email text primary key, domain_name text not null references virtual_domains(name), - wildcard_sender bool default false + wildcard_sender bool default false ); create table if not exists virtual_aliases ( diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index 2f7fd06..deb7b03 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -1,15 +1,11 @@ -compatibility_level = 2 +compatibility_level = 3.7 mail_owner = postfix myhostname = {{getenv "MYHOSTNAME"}} mydomain = {{getenv "MYDOMAIN"}} myorigin = $mydomain -mydestination = $myhostname, localhost - -proxy_interfaces = {{getenv "EXTERNAL_IP"}} unknown_local_recipient_reject_code = 550 -mynetworks_style = host relay_domains = $mydestination recipient_delimiter = + @@ -59,8 +55,11 @@ smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = yes smtpd_sasl_tls_security_options = noanonymous -smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient +smtpd_relay_restrictions = + permit_mynetworks + permit_sasl_authenticated + defer_unauth_destination + reject_sender_login_mismatch smtpd_sender_restrictions = reject_sender_login_mismatch smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql-login-maps.cf diff --git a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl index 4460f1c..29ce91c 100644 --- a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl +++ b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl @@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }} user = {{ getenv "DB_USER" "email" }} password = {{ getenv "DB_PASSWORD" }} dbname = {{ getenv "DB_NAME" "email" }} -query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' +query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' UNION SELECT email FROM virtual_users WHERE wildcard_sender = true AND domain_name = '%d' From 77dedb09acc54bf5089e542b990f5fe4d5fd660e Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Sun, 13 Nov 2022 10:22:18 +0100 Subject: [PATCH 8/8] listen on all interfaces --- rootfs/etc/confd/templates/main.cf.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index deb7b03..85e9ff5 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -1,5 +1,7 @@ compatibility_level = 3.7 +inet_protocols = all + mail_owner = postfix myhostname = {{getenv "MYHOSTNAME"}} mydomain = {{getenv "MYDOMAIN"}}