add sender restrictions

This commit is contained in:
Sebastian Hugentobler 2022-01-22 19:58:58 +01:00
parent e0f4f0c4c6
commit a3d89f07fa
Signed by: shu
GPG Key ID: BB32CF3CA052C2F0
6 changed files with 31 additions and 2 deletions

View File

@ -1,5 +1,23 @@
[Postfix](http://www.postfix.org/) with dovecot authentication and [rspamd](https://rspamd.com/) using postgres. [Postfix](http://www.postfix.org/) with dovecot authentication and [rspamd](https://rspamd.com/) using postgres.
# Database
```
create table if not exists virtual_domains (
name text primary key
);
create table if not exists virtual_users (
email text primary key,
domain_name text not null references virtual_domains(name)
);
create table if not exists virtual_aliases (
domain_name text not null references virtual_domains(name),
source text not null,
destination text not null
);
```
# Volumes # Volumes
- `/etc/ssl/mail:ro`: certificates have to be here. - `/etc/ssl/mail:ro`: certificates have to be here.

View File

@ -0,0 +1,3 @@
[template]
src = "pgsql-login-maps.cf.tmpl"
dest = "/etc/postfix/pgsql-login-maps.cf"

View File

@ -62,6 +62,9 @@ smtpd_sasl_tls_security_options = noanonymous
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient
smtpd_sender_restrictions = reject_sender_login_mismatch
smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql-login-maps.cf
smtpd_milters={{getenv "RSPAMD_ADDRESS" "inet:127.0.0.1:11332"}} smtpd_milters={{getenv "RSPAMD_ADDRESS" "inet:127.0.0.1:11332"}}
non_smtpd_milters=$smtpd_milters non_smtpd_milters=$smtpd_milters
milter_mail_macros="i {mail_addr} {client_addr} {client_name} {auth_authen}" milter_mail_macros="i {mail_addr} {client_addr} {client_name} {auth_authen}"

View File

@ -0,0 +1,5 @@
hosts = {{ getenv "DB_HOST" }}
user = {{ getenv "DB_USER" "email" }}
password = {{ getenv "DB_PASSWORD" }}
dbname = {{ getenv "DB_NAME" "email" }}
query = SELECT source FROM virtual_aliases WHERE destination='%s'

View File

@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }}
user = {{ getenv "DB_USER" "email" }} user = {{ getenv "DB_USER" "email" }}
password = {{ getenv "DB_PASSWORD" }} password = {{ getenv "DB_PASSWORD" }}
dbname = {{ getenv "DB_NAME" "email" }} dbname = {{ getenv "DB_NAME" "email" }}
query = SELECT 1 FROM virtual_domains WHERE name='%s' query = SELECT name FROM virtual_domains WHERE name='%s'

View File

@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }}
user = {{ getenv "DB_USER" "email" }} user = {{ getenv "DB_USER" "email" }}
password = {{ getenv "DB_PASSWORD" }} password = {{ getenv "DB_PASSWORD" }}
dbname = {{ getenv "DB_NAME" "email" }} dbname = {{ getenv "DB_NAME" "email" }}
query = SELECT 1 FROM virtual_users WHERE email ='%s' query = SELECT email FROM virtual_users WHERE email ='%s'