rip out ldap

2021-08-23 15:20:57 +02:00 · 2021-08-23 15:20:57 +02:00 · 5a2efbec22
commit 5a2efbec22
parent bc0b3eaf79
16 changed files with 71 additions and 54 deletions
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-FROM alpine:3.12 as builder
+FROM alpine:3.14 as builder

 RUN apk add --no-cache \
    g++ \
@ -18,7 +18,7 @@ COPY --from=builder /tmp/spamass-milter/spamass-milter /bin/spamass-milter

 RUN apk add --no-cache \
    postfix \
-    postfix-ldap \
+    postfix-pgsql \
    openssl \
    spamassassin-client \
    libstdc++ \
--- a/rootfs/bin/restart-services
+++ b/rootfs/bin/restart-services
@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-s6-svc -t /var/run/s6/services/postfix
-s6-svc -t /var/run/s6/services/spamass-milter
--- a/rootfs/etc/confd/conf.d/ldap-virtual-alias-maps.cf.toml
+++ b/rootfs/etc/confd/conf.d/ldap-virtual-alias-maps.cf.toml
@ -1,3 +0,0 @@
-[template]
-src = "ldap-virtual-alias-maps.cf.tmpl"
-dest = "/etc/postfix/ldap-virtual-alias-maps.cf"
--- a/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-domains.cf.toml
+++ b/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-domains.cf.toml
@ -1,3 +0,0 @@
-[template]
-src = "ldap-virtual-mailbox-domains.cf.tmpl"
-dest = "/etc/postfix/ldap-virtual-mailbox-domains.cf"
--- a/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-maps.cf.toml
+++ b/rootfs/etc/confd/conf.d/ldap-virtual-mailbox-maps.cf.toml
@ -1,3 +0,0 @@
-[template]
-src = "ldap-virtual-mailbox-maps.cf.tmpl"
-dest = "/etc/postfix/ldap-virtual-mailbox-maps.cf"
--- a/rootfs/etc/confd/conf.d/pgsql-virtual-alias-maps.cf.toml
+++ b/rootfs/etc/confd/conf.d/pgsql-virtual-alias-maps.cf.toml
@ -0,0 +1,3 @@
+[template]
+src = "pgsql-virtual-alias-maps.cf.tmpl"
+dest = "/etc/postfix/pgsql-virtual-alias-maps.cf"
--- a/rootfs/etc/confd/conf.d/pgsql-virtual-mailbox-domains.cf.toml
+++ b/rootfs/etc/confd/conf.d/pgsql-virtual-mailbox-domains.cf.toml
@ -0,0 +1,3 @@
+[template]
+src = "pgsql-virtual-mailbox-domains.cf.tmpl"
+dest = "/etc/postfix/pgsql-virtual-mailbox-domains.cf"
--- a/rootfs/etc/confd/templates/ldap-virtual-alias-maps.cf.tmpl
+++ b/rootfs/etc/confd/templates/ldap-virtual-alias-maps.cf.tmpl
@ -1,9 +0,0 @@
-server_host = {{getenv "LDAP_URI"}}
-start_tls = {{getenv "LDAP_STARTTLS" "yes"}}
-bind = yes
-bind_dn = {{getenv "LDAP_BIND_DN" }}
-bind_pw = {{getenv "LDAP_BIND_PASSWORD"}}
-search_base = {{getenv "LDAP_MAILBOX_SEARCH_BASE"}}
-version = 3
-query_filter = {{getenv "LDAP_ALIAS_QUERY_FILTER"}}
-result_attribute = {{getenv "LDAP_MAILBOX_RESULT_ATTRIBUTE" "cn"}}
--- a/rootfs/etc/confd/templates/ldap-virtual-mailbox-domains.cf.tmpl
+++ b/rootfs/etc/confd/templates/ldap-virtual-mailbox-domains.cf.tmpl
@ -1,9 +0,0 @@
-server_host = {{getenv "LDAP_URI"}}
-start_tls = {{getenv "LDAP_STARTTLS" "yes"}}
-bind = yes
-bind_dn = {{getenv "LDAP_BIND_DN" }}
-bind_pw = {{getenv "LDAP_BIND_PASSWORD"}}
-search_base = {{getenv "LDAP_DOMAIN_SEARCH_BASE"}}
-version = 3
-query_filter = {{getenv "LDAP_DOMAIN_QUERY_FILTER"}}
-result_attribute = {{getenv "LDAP_DOMAIN_RESULT_ATTRIBUTE" "dc"}}
--- a/rootfs/etc/confd/templates/ldap-virtual-mailbox-maps.cf.tmpl
+++ b/rootfs/etc/confd/templates/ldap-virtual-mailbox-maps.cf.tmpl
@ -1,9 +0,0 @@
-server_host = {{getenv "LDAP_URI"}}
-start_tls = {{getenv "LDAP_STARTTLS" "yes"}}
-bind = yes
-bind_dn = {{getenv "LDAP_BIND_DN"}}
-bind_pw = {{getenv "LDAP_BIND_PASSWORD"}}
-search_base = {{getenv "LDAP_MAILBOX_SEARCH_BASE"}}
-version = 3
-query_filter = {{getenv "LDAP_MAILBOX_QUERY_FILTER"}}
-result_attribute = {{getenv "LDAP_MAILBOX_RESULT_ATTRIBUTE" "cn"}}
--- a/rootfs/etc/confd/templates/main.cf.tmpl
+++ b/rootfs/etc/confd/templates/main.cf.tmpl
@ -15,13 +15,12 @@ mailbox_transport = lmtp:{{getenv "LMTP_HOST"}}
 mailbox_size_limit = {{getenv "MAILBOX_SIZELIMIT" "0"}}
 smtpd_banner = {{getenv "SMTP_BANNER"}} $myhostname ESMTP $mail_name

-virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf
-virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf
-virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-virtual-alias-maps.cf
+virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual-mailbox-domains.cf
+virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual-alias-maps.cf
 virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}}

-smtpd_tls_key_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.key
-smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.crt
+smtpd_tls_key_file=/etc/ssl/mail/tls.key
+smtpd_tls_cert_file=/etc/ssl/mail/tls.crt

 smtp_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}}
 smtp_tls_auth_only = yes
@ -59,12 +58,12 @@ smtpd_sasl_path = inet:{{getenv "DOVECOT_HOST"}}:{{getenv "DOVECOT_AUTH_PORT"}}
 smtpd_sasl_auth_enable = yes

 smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient

-smtpd_milters =
-    unix:/var/run/spamass-milter/spamass.sock
-    inet:{{getenv "DKIM_HOST"}}:{{getenv "DKIM_PORT"}}
-non_smtpd_milters = $smtpd_milters
+#smtpd_milters =
+#    unix:/var/run/spamass-milter/spamass.sock
+#    inet:{{getenv "DKIM_HOST"}}:{{getenv "DKIM_PORT"}}
+#non_smtpd_milters = $smtpd_milters
 milter_default_action = accept
 milter_macro_daemon_name = ORIGINATING
 milter_connect_macros = "i j {daemon_name} v {if_name} _"
--- a/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl
+++ b/rootfs/etc/confd/templates/pgsql-virtual-alias-maps.cf.tmpl
@ -0,0 +1,5 @@
+hosts = {{ getenv "DB_HOST" }}
+user = {{ getenv "DB_USER" "email" }}
+password = {{ getenv "DB_PASSWORD" }}
+dbname = {{ getenv "DB_NAME" "email" }}
+query = SELECT destination FROM virtual_aliases WHERE source='%s'
--- a/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl
+++ b/rootfs/etc/confd/templates/pgsql-virtual-mailbox-domains.cf.tmpl
@ -0,0 +1,5 @@
+hosts = {{ getenv "DB_HOST" }}
+user = {{ getenv "DB_USER" "email" }}
+password = {{ getenv "DB_PASSWORD" }}
+dbname = {{ getenv "DB_NAME" "email" }}
+query = SELECT 1 FROM virtual_domains WHERE name='%s'
--- a/rootfs/etc/services.d/spamass-milter/run
+++ b/rootfs/etc/services.d/spamass-milter/run
@ -1,3 +1,3 @@
 #!/usr/bin/with-contenv sh

-exec s6-setuidgid postfix spamass-milter -u postmaster -p /var/run/spamass-milter/spamass.sock -- -d $SPAMASSASSIN_HOST
+#exec s6-setuidgid postfix spamass-milter -u postmaster -p /var/run/spamass-milter/spamass.sock -- -d $SPAMASSASSIN_HOST
--- a/rootfs/var/spool/incron/root
+++ b/rootfs/var/spool/incron/root
@ -1 +0,0 @@
-/etc/ssl/mail IN_ATTRIB /bin/restart-services
--- a/43
+++ b/43
@ -0,0 +1,43 @@
+!_TAG_FILE_FORMAT	2	/extended format; --format=1 will not append ;" to lines/
+!_TAG_FILE_SORTED	1	/0=unsorted, 1=sorted, 2=foldcase/
+!_TAG_OUTPUT_EXCMD	mixed	/number, pattern, mixed, or combineV2/
+!_TAG_OUTPUT_FILESEP	slash	/slash or backslash/
+!_TAG_OUTPUT_MODE	u-ctags	/u-ctags or e-ctags/
+!_TAG_PATTERN_LENGTH_LIMIT	96	/0 for no limit/
+!_TAG_PROC_CWD	/home/shu/documents/workspace/docker/postfix-ldap/	//
+!_TAG_PROGRAM_AUTHOR	Universal Ctags Team	//
+!_TAG_PROGRAM_NAME	Universal Ctags	/Derived from Exuberant Ctags/
+!_TAG_PROGRAM_URL	https://ctags.io/	/official site/
+!_TAG_PROGRAM_VERSION	5.9.0	//
+CERT_DOMAIN	README.md	/^## CERT_DOMAIN$/;"	s	chapter:Environment Variables
+Capabilities	README.md	/^# Capabilities$/;"	c
+DKIM_HOST	README.md	/^## DKIM_HOST$/;"	s	chapter:Environment Variables
+DKIM_PORT	README.md	/^## DKIM_PORT$/;"	s	chapter:Environment Variables
+DOVECOT_AUTH_PORT	README.md	/^## DOVECOT_AUTH_PORT$/;"	s	chapter:Environment Variables
+DOVECOT_HOST	README.md	/^## DOVECOT_HOST$/;"	s	chapter:Environment Variables
+Environment Variables	README.md	/^# Environment Variables$/;"	c
+LDAP_ALIAS_QUERY_FILTER	README.md	/^## LDAP_ALIAS_QUERY_FILTER$/;"	s	chapter:Environment Variables
+LDAP_BIND_DN	README.md	/^## LDAP_BIND_DN$/;"	s	chapter:Environment Variables
+LDAP_BIND_PASSWORD	README.md	/^## LDAP_BIND_PASSWORD$/;"	s	chapter:Environment Variables
+LDAP_DOMAIN_QUERY_FILTER	README.md	/^## LDAP_DOMAIN_QUERY_FILTER$/;"	s	chapter:Environment Variables
+LDAP_DOMAIN_RESULT_ATTRIBUTE	README.md	/^## LDAP_DOMAIN_RESULT_ATTRIBUTE$/;"	s	chapter:Environment Variables
+LDAP_DOMAIN_SEARCH_BASE	README.md	/^## LDAP_DOMAIN_SEARCH_BASE$/;"	s	chapter:Environment Variables
+LDAP_MAILBOX_QUERY_FILTER	README.md	/^## LDAP_MAILBOX_QUERY_FILTER$/;"	s	chapter:Environment Variables
+LDAP_MAILBOX_RESULT_ATTRIBUTE	README.md	/^## LDAP_MAILBOX_RESULT_ATTRIBUTE$/;"	s	chapter:Environment Variables
+LDAP_MAILBOX_SEARCH_BASE	README.md	/^## LDAP_MAILBOX_SEARCH_BASE$/;"	s	chapter:Environment Variables
+LDAP_STARTTLS	README.md	/^## LDAP_STARTTLS$/;"	s	chapter:Environment Variables
+LDAP_URI	README.md	/^## LDAP_URI$/;"	s	chapter:Environment Variables
+LMTP_HOST	README.md	/^## LMTP_HOST$/;"	s	chapter:Environment Variables
+LMTP_PORT	README.md	/^## LMTP_PORT$/;"	s	chapter:Environment Variables
+MAILBOX_SIZELIMIT	README.md	/^## MAILBOX_SIZELIMIT$/;"	s	chapter:Environment Variables
+MESSAGE_SIZELIMIT	README.md	/^## MESSAGE_SIZELIMIT$/;"	s	chapter:Environment Variables
+MYDOMAIN	README.md	/^## MYDOMAIN$/;"	s	chapter:Environment Variables
+MYHOSTNAME	README.md	/^## MYHOSTNAME$/;"	s	chapter:Environment Variables
+Ports	README.md	/^# Ports$/;"	c
+SMTP_BANNER	README.md	/^## SMTP_BANNER$/;"	s	chapter:Environment Variables
+SPAMASSASSIN_HOST	README.md	/^## SPAMASSASSIN_HOST$/;"	s	chapter:Environment Variables
+TLS_CIPHERS	README.md	/^## TLS_CIPHERS$/;"	s	chapter:Environment Variables
+TLS_EXCLUDE_CIPHERS	README.md	/^## TLS_EXCLUDE_CIPHERS$/;"	s	chapter:Environment Variables
+TLS_PROTOCOLS	README.md	/^## TLS_PROTOCOLS$/;"	s	chapter:Environment Variables
+TLS_SECURITY_LEVEL	README.md	/^## TLS_SECURITY_LEVEL$/;"	s	chapter:Environment Variables
+Volumes	README.md	/^# Volumes$/;"	c
				`@ -1 +0,0 @@`
				`/etc/ssl/mail IN_ATTRIB /bin/restart-services`