From 5a2efbec221607854a487a5f0ccc1d0a840e99ea Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Mon, 23 Aug 2021 15:20:57 +0200
Subject: [PATCH] rip out ldap

---
 Dockerfile                                    |  4 +-
 rootfs/bin/restart-services                   |  4 --
 .../conf.d/ldap-virtual-alias-maps.cf.toml    |  3 --
 .../ldap-virtual-mailbox-domains.cf.toml      |  3 --
 .../conf.d/ldap-virtual-mailbox-maps.cf.toml  |  3 --
 .../conf.d/pgsql-virtual-alias-maps.cf.toml   |  3 ++
 .../pgsql-virtual-mailbox-domains.cf.toml     |  3 ++
 .../templates/ldap-virtual-alias-maps.cf.tmpl |  9 ----
 .../ldap-virtual-mailbox-domains.cf.tmpl      |  9 ----
 .../ldap-virtual-mailbox-maps.cf.tmpl         |  9 ----
 rootfs/etc/confd/templates/main.cf.tmpl       | 19 ++++----
 .../pgsql-virtual-alias-maps.cf.tmpl          |  5 +++
 .../pgsql-virtual-mailbox-domains.cf.tmpl     |  5 +++
 rootfs/etc/services.d/spamass-milter/run      |  2 +-
 rootfs/var/spool/incron/root                  |  1 -
 tags                                          | 43 +++++++++++++++++++
 16 files changed, 71 insertions(+), 54 deletions(-)
 delete mode 100755 rootfs/bin/restart-services
 delete mode 100644 rootfs/etc/confd/conf.d/ldap-virtual-alias-maps.cf.toml
 delete mode 100644 rootfs/etc/confd/conf.d/ldap-virtual-mailbox-domains.cf.toml
 delete mode 100644 rootfs/etc/confd/conf.d/ldap-virtual-mailbox-maps.cf.toml
 create mode 100644 rootfs/etc/confd/conf.d/pgsql-virtual-alias-maps.cf.toml
 create mode 100644 rootfs/etc/confd/conf.d/pgsql-virtual-mailbox-domains.cf.toml
 delete mode 100644 rootfs/etc/confd/templates/ldap-virtual-alias-maps.cf.tmpl
 delete mode 100644 rootfs/etc/confd/templates/ldap-virtual-mailbox-domains.cf.tmpl
 delete mode 100644 rootfs/etc/confd/templates/ldap-virtual-mailbox-maps.cf.tmpl
 create mode 100644 rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl
 create mode 100644 rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl
 delete mode 100644 rootfs/var/spool/incron/root
 create mode 100644 tags

diff --git a/Dockerfile b/Dockerfile
index bff9e7a..f3bd086 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.12 as builder
+FROM alpine:3.14 as builder
 
 RUN apk add --no-cache \
     g++ \
@@ -18,7 +18,7 @@ COPY --from=builder /tmp/spamass-milter/spamass-milter /bin/spamass-milter
 
 RUN apk add --no-cache \
     postfix \
-    postfix-ldap \
+    postfix-pgsql \
     openssl \
     spamassassin-client \
     libstdc++ \
diff --git a/rootfs/bin/restart-services b/rootfs/bin/restart-services
deleted file mode 100755
index 9235c1c..0000000
--- a/rootfs/bin/restart-services
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-s6-svc -t /var/run/s6/services/postfix
-s6-svc -t /var/run/s6/services/spamass-milter
diff --git a/rootfs/etc/confd/conf.d/ldap-virtual-alias-maps.cf.toml b/rootfs/etc/confd/conf.d/ldap-virtual-alias-maps.cf.toml
deleted file mode 100644
index f5c9872..0000000
--- a/rootfs/etc/confd/conf.d/ldap-virtual-alias-maps.cf.toml
+++ /dev/null
@@ -1,3 +0,0 @@
-[template]
-src = "ldap-virtual-alias-maps.cf.tmpl"
-dest = "/etc/postfix/ldap-virtual-alias-maps.cf"
diff --git a/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-domains.cf.toml b/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-domains.cf.toml
deleted file mode 100644
index 8374db6..0000000
--- a/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-domains.cf.toml
+++ /dev/null
@@ -1,3 +0,0 @@
-[template]
-src = "ldap-virtual-mailbox-domains.cf.tmpl"
-dest = "/etc/postfix/ldap-virtual-mailbox-domains.cf"
diff --git a/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-maps.cf.toml b/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-maps.cf.toml
deleted file mode 100644
index f088871..0000000
--- a/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-maps.cf.toml
+++ /dev/null
@@ -1,3 +0,0 @@
-[template]
-src = "ldap-virtual-mailbox-maps.cf.tmpl"
-dest = "/etc/postfix/ldap-virtual-mailbox-maps.cf"
diff --git a/rootfs/etc/confd/conf.d/pgsql-virtual-alias-maps.cf.toml b/rootfs/etc/confd/conf.d/pgsql-virtual-alias-maps.cf.toml
new file mode 100644
index 0000000..4ff8581
--- /dev/null
+++ b/rootfs/etc/confd/conf.d/pgsql-virtual-alias-maps.cf.toml
@@ -0,0 +1,3 @@
+[template]
+src = "pgsql-virtual-alias-maps.cf.tmpl"
+dest = "/etc/postfix/pgsql-virtual-alias-maps.cf"
diff --git a/rootfs/etc/confd/conf.d/pgsql-virtual-mailbox-domains.cf.toml b/rootfs/etc/confd/conf.d/pgsql-virtual-mailbox-domains.cf.toml
new file mode 100644
index 0000000..18e2285
--- /dev/null
+++ b/rootfs/etc/confd/conf.d/pgsql-virtual-mailbox-domains.cf.toml
@@ -0,0 +1,3 @@
+[template]
+src = "pgsql-virtual-mailbox-domains.cf.tmpl"
+dest = "/etc/postfix/pgsql-virtual-mailbox-domains.cf"
diff --git a/rootfs/etc/confd/templates/ldap-virtual-alias-maps.cf.tmpl b/rootfs/etc/confd/templates/ldap-virtual-alias-maps.cf.tmpl
deleted file mode 100644
index bd6e8a0..0000000
--- a/rootfs/etc/confd/templates/ldap-virtual-alias-maps.cf.tmpl
+++ /dev/null
@@ -1,9 +0,0 @@
-server_host = {{getenv "LDAP_URI"}}
-start_tls = {{getenv "LDAP_STARTTLS" "yes"}}
-bind = yes
-bind_dn = {{getenv "LDAP_BIND_DN" }}
-bind_pw = {{getenv "LDAP_BIND_PASSWORD"}}
-search_base = {{getenv "LDAP_MAILBOX_SEARCH_BASE"}}
-version = 3
-query_filter = {{getenv "LDAP_ALIAS_QUERY_FILTER"}}
-result_attribute = {{getenv "LDAP_MAILBOX_RESULT_ATTRIBUTE" "cn"}}
diff --git a/rootfs/etc/confd/templates/ldap-virtual-mailbox-domains.cf.tmpl b/rootfs/etc/confd/templates/ldap-virtual-mailbox-domains.cf.tmpl
deleted file mode 100644
index 53060fe..0000000
--- a/rootfs/etc/confd/templates/ldap-virtual-mailbox-domains.cf.tmpl
+++ /dev/null
@@ -1,9 +0,0 @@
-server_host = {{getenv "LDAP_URI"}}
-start_tls = {{getenv "LDAP_STARTTLS" "yes"}}
-bind = yes
-bind_dn = {{getenv "LDAP_BIND_DN" }}
-bind_pw = {{getenv "LDAP_BIND_PASSWORD"}}
-search_base = {{getenv "LDAP_DOMAIN_SEARCH_BASE"}}
-version = 3
-query_filter = {{getenv "LDAP_DOMAIN_QUERY_FILTER"}}
-result_attribute = {{getenv "LDAP_DOMAIN_RESULT_ATTRIBUTE" "dc"}}
diff --git a/rootfs/etc/confd/templates/ldap-virtual-mailbox-maps.cf.tmpl b/rootfs/etc/confd/templates/ldap-virtual-mailbox-maps.cf.tmpl
deleted file mode 100644
index 6027a0e..0000000
--- a/rootfs/etc/confd/templates/ldap-virtual-mailbox-maps.cf.tmpl
+++ /dev/null
@@ -1,9 +0,0 @@
-server_host = {{getenv "LDAP_URI"}}
-start_tls = {{getenv "LDAP_STARTTLS" "yes"}}
-bind = yes
-bind_dn = {{getenv "LDAP_BIND_DN"}}
-bind_pw = {{getenv "LDAP_BIND_PASSWORD"}}
-search_base = {{getenv "LDAP_MAILBOX_SEARCH_BASE"}}
-version = 3
-query_filter = {{getenv "LDAP_MAILBOX_QUERY_FILTER"}}
-result_attribute = {{getenv "LDAP_MAILBOX_RESULT_ATTRIBUTE" "cn"}}
diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl
index 6c5cfed..109bba6 100644
--- a/rootfs/etc/confd/templates/main.cf.tmpl
+++ b/rootfs/etc/confd/templates/main.cf.tmpl
@@ -15,13 +15,12 @@ mailbox_transport = lmtp:{{getenv "LMTP_HOST"}}
 mailbox_size_limit = {{getenv "MAILBOX_SIZELIMIT" "0"}}
 smtpd_banner = {{getenv "SMTP_BANNER"}} $myhostname ESMTP $mail_name
 
-virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf
-virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf
-virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-virtual-alias-maps.cf
+virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual-mailbox-domains.cf
+virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual-alias-maps.cf
 virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}}
 
-smtpd_tls_key_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.key
-smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.crt
+smtpd_tls_key_file=/etc/ssl/mail/tls.key
+smtpd_tls_cert_file=/etc/ssl/mail/tls.crt
 
 smtp_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}}
 smtp_tls_auth_only = yes
@@ -59,12 +58,12 @@ smtpd_sasl_path = inet:{{getenv "DOVECOT_HOST"}}:{{getenv "DOVECOT_AUTH_PORT"}}
 smtpd_sasl_auth_enable = yes
 
 smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient
 
-smtpd_milters =
-    unix:/var/run/spamass-milter/spamass.sock
-    inet:{{getenv "DKIM_HOST"}}:{{getenv "DKIM_PORT"}}
-non_smtpd_milters = $smtpd_milters
+#smtpd_milters =
+#    unix:/var/run/spamass-milter/spamass.sock
+#    inet:{{getenv "DKIM_HOST"}}:{{getenv "DKIM_PORT"}}
+#non_smtpd_milters = $smtpd_milters
 milter_default_action = accept
 milter_macro_daemon_name = ORIGINATING
 milter_connect_macros = "i j {daemon_name} v {if_name} _"
diff --git a/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl
new file mode 100644
index 0000000..215d8a6
--- /dev/null
+++ b/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl
@@ -0,0 +1,5 @@
+hosts = {{ getenv "DB_HOST" }}
+user = {{ getenv "DB_USER" "email" }}
+password = {{ getenv "DB_PASSWORD" }}
+dbname = {{ getenv "DB_NAME" "email" }}
+query = SELECT destination FROM virtual_aliases WHERE source='%s'
diff --git a/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl b/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl
new file mode 100644
index 0000000..d9481fb
--- /dev/null
+++ b/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl
@@ -0,0 +1,5 @@
+hosts = {{ getenv "DB_HOST" }}
+user = {{ getenv "DB_USER" "email" }}
+password = {{ getenv "DB_PASSWORD" }}
+dbname = {{ getenv "DB_NAME" "email" }}
+query = SELECT 1 FROM virtual_domains WHERE name='%s'
diff --git a/rootfs/etc/services.d/spamass-milter/run b/rootfs/etc/services.d/spamass-milter/run
index 0899fa7..22576b7 100644
--- a/rootfs/etc/services.d/spamass-milter/run
+++ b/rootfs/etc/services.d/spamass-milter/run
@@ -1,3 +1,3 @@
 #!/usr/bin/with-contenv sh
 
-exec s6-setuidgid postfix spamass-milter -u postmaster -p /var/run/spamass-milter/spamass.sock -- -d $SPAMASSASSIN_HOST
+#exec s6-setuidgid postfix spamass-milter -u postmaster -p /var/run/spamass-milter/spamass.sock -- -d $SPAMASSASSIN_HOST
diff --git a/rootfs/var/spool/incron/root b/rootfs/var/spool/incron/root
deleted file mode 100644
index c928fff..0000000
--- a/rootfs/var/spool/incron/root
+++ /dev/null
@@ -1 +0,0 @@
-/etc/ssl/mail IN_ATTRIB /bin/restart-services
diff --git a/tags b/tags
new file mode 100644
index 0000000..a85c107
--- /dev/null
+++ b/tags
@@ -0,0 +1,43 @@
+!_TAG_FILE_FORMAT	2	/extended format; --format=1 will not append ;" to lines/
+!_TAG_FILE_SORTED	1	/0=unsorted, 1=sorted, 2=foldcase/
+!_TAG_OUTPUT_EXCMD	mixed	/number, pattern, mixed, or combineV2/
+!_TAG_OUTPUT_FILESEP	slash	/slash or backslash/
+!_TAG_OUTPUT_MODE	u-ctags	/u-ctags or e-ctags/
+!_TAG_PATTERN_LENGTH_LIMIT	96	/0 for no limit/
+!_TAG_PROC_CWD	/home/shu/documents/workspace/docker/postfix-ldap/	//
+!_TAG_PROGRAM_AUTHOR	Universal Ctags Team	//
+!_TAG_PROGRAM_NAME	Universal Ctags	/Derived from Exuberant Ctags/
+!_TAG_PROGRAM_URL	https://ctags.io/	/official site/
+!_TAG_PROGRAM_VERSION	5.9.0	//
+CERT_DOMAIN	README.md	/^## CERT_DOMAIN$/;"	s	chapter:Environment Variables
+Capabilities	README.md	/^# Capabilities$/;"	c
+DKIM_HOST	README.md	/^## DKIM_HOST$/;"	s	chapter:Environment Variables
+DKIM_PORT	README.md	/^## DKIM_PORT$/;"	s	chapter:Environment Variables
+DOVECOT_AUTH_PORT	README.md	/^## DOVECOT_AUTH_PORT$/;"	s	chapter:Environment Variables
+DOVECOT_HOST	README.md	/^## DOVECOT_HOST$/;"	s	chapter:Environment Variables
+Environment Variables	README.md	/^# Environment Variables$/;"	c
+LDAP_ALIAS_QUERY_FILTER	README.md	/^## LDAP_ALIAS_QUERY_FILTER$/;"	s	chapter:Environment Variables
+LDAP_BIND_DN	README.md	/^## LDAP_BIND_DN$/;"	s	chapter:Environment Variables
+LDAP_BIND_PASSWORD	README.md	/^## LDAP_BIND_PASSWORD$/;"	s	chapter:Environment Variables
+LDAP_DOMAIN_QUERY_FILTER	README.md	/^## LDAP_DOMAIN_QUERY_FILTER$/;"	s	chapter:Environment Variables
+LDAP_DOMAIN_RESULT_ATTRIBUTE	README.md	/^## LDAP_DOMAIN_RESULT_ATTRIBUTE$/;"	s	chapter:Environment Variables
+LDAP_DOMAIN_SEARCH_BASE	README.md	/^## LDAP_DOMAIN_SEARCH_BASE$/;"	s	chapter:Environment Variables
+LDAP_MAILBOX_QUERY_FILTER	README.md	/^## LDAP_MAILBOX_QUERY_FILTER$/;"	s	chapter:Environment Variables
+LDAP_MAILBOX_RESULT_ATTRIBUTE	README.md	/^## LDAP_MAILBOX_RESULT_ATTRIBUTE$/;"	s	chapter:Environment Variables
+LDAP_MAILBOX_SEARCH_BASE	README.md	/^## LDAP_MAILBOX_SEARCH_BASE$/;"	s	chapter:Environment Variables
+LDAP_STARTTLS	README.md	/^## LDAP_STARTTLS$/;"	s	chapter:Environment Variables
+LDAP_URI	README.md	/^## LDAP_URI$/;"	s	chapter:Environment Variables
+LMTP_HOST	README.md	/^## LMTP_HOST$/;"	s	chapter:Environment Variables
+LMTP_PORT	README.md	/^## LMTP_PORT$/;"	s	chapter:Environment Variables
+MAILBOX_SIZELIMIT	README.md	/^## MAILBOX_SIZELIMIT$/;"	s	chapter:Environment Variables
+MESSAGE_SIZELIMIT	README.md	/^## MESSAGE_SIZELIMIT$/;"	s	chapter:Environment Variables
+MYDOMAIN	README.md	/^## MYDOMAIN$/;"	s	chapter:Environment Variables
+MYHOSTNAME	README.md	/^## MYHOSTNAME$/;"	s	chapter:Environment Variables
+Ports	README.md	/^# Ports$/;"	c
+SMTP_BANNER	README.md	/^## SMTP_BANNER$/;"	s	chapter:Environment Variables
+SPAMASSASSIN_HOST	README.md	/^## SPAMASSASSIN_HOST$/;"	s	chapter:Environment Variables
+TLS_CIPHERS	README.md	/^## TLS_CIPHERS$/;"	s	chapter:Environment Variables
+TLS_EXCLUDE_CIPHERS	README.md	/^## TLS_EXCLUDE_CIPHERS$/;"	s	chapter:Environment Variables
+TLS_PROTOCOLS	README.md	/^## TLS_PROTOCOLS$/;"	s	chapter:Environment Variables
+TLS_SECURITY_LEVEL	README.md	/^## TLS_SECURITY_LEVEL$/;"	s	chapter:Environment Variables
+Volumes	README.md	/^# Volumes$/;"	c