-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
postfix.sh
175 lines (141 loc) · 6.52 KB
/
postfix.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
#!/bin/bash
# Just a helper to prepend the log messages with `(Postfix setup)` so
# users know exactly where the message originated from.
#
# @param ${1} = log level
# @param ${2} = message
function __postfix__log { _log "${1:-}" "(Postfix setup) ${2:-}" ; }
function _setup_postfix_early() {
_log 'debug' 'Configuring Postfix (early setup)'
__postfix__log 'trace' 'Applying hostname and domainname'
postconf "myhostname = ${HOSTNAME}"
postconf "mydomain = ${DOMAINNAME}"
if [[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]]; then
__postfix__log 'trace' 'Setting up POSTFIX_INET_PROTOCOLS option'
postconf "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
fi
__postfix__log 'trace' "Configuring SASLauthd"
if [[ ${ENABLE_SASLAUTHD} -eq 1 ]] && [[ ! -f /etc/postfix/sasl/smtpd.conf ]]; then
cat >/etc/postfix/sasl/smtpd.conf << EOF
pwcheck_method: saslauthd
mech_list: plain login
EOF
fi
# User has explicitly requested to disable SASL auth:
# TODO: Additive config by feature would be better. Should only enable SASL auth
# on submission(s) services in master.cf when SASLAuthd or Dovecot is enabled.
if [[ ${ENABLE_SASLAUTHD} -eq 0 ]] && [[ ${SMTP_ONLY} -eq 1 ]]; then
# Default for services (eg: Port 25); NOTE: This has since become the default:
sed -i -E \
's|^smtpd_sasl_auth_enable =.*|smtpd_sasl_auth_enable = no|g' \
/etc/postfix/main.cf
# Submission services that are explicitly enabled by default:
sed -i -E \
's|^ -o smtpd_sasl_auth_enable=.*| -o smtpd_sasl_auth_enable=no|g' \
/etc/postfix/master.cf
fi
# scripts/helpers/aliases.sh:_create_aliases()
__postfix__log 'trace' 'Setting up aliases'
_create_aliases
# scripts/helpers/postfix.sh:_create_postfix_vhost()
__postfix__log 'trace' 'Setting up Postfix vhost'
_create_postfix_vhost
__postfix__log 'trace' 'Setting up DH Parameters'
_setup_dhparam 'Postfix' '/etc/postfix/dhparams.pem'
__postfix__log 'trace' "Configuring message size limit to '${POSTFIX_MESSAGE_SIZE_LIMIT}'"
postconf "message_size_limit = ${POSTFIX_MESSAGE_SIZE_LIMIT}"
__postfix__log 'trace' "Configuring mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
postconf "mailbox_size_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
__postfix__log 'trace' "Configuring virtual mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
postconf "virtual_mailbox_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
if [[ ${POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME} -eq 1 ]]; then
__postfix__log 'trace' 'Enabling reject_unknown_client_hostname to dms_smtpd_sender_restrictions'
sedfile -i -E \
's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \
/etc/postfix/main.cf
fi
# Dovecot feature integration
# TODO: Alias SMTP_ONLY=0 to DOVECOT_ENABLED=1?
if [[ ${SMTP_ONLY} -ne 1 ]]; then
__postfix__log 'trace' 'Configuring Postfix with Dovecot integration'
# /etc/postfix/vmailbox is created by: scripts/helpers/accounts.sh:_create_accounts()
# This file config is for Postfix to verify a mail account exists before accepting
# mail arriving and delivering it to Dovecot over LMTP.
if [[ ${ACCOUNT_PROVISIONER} == 'FILE' ]]; then
postconf 'virtual_mailbox_maps = texthash:/etc/postfix/vmailbox'
fi
postconf 'virtual_transport = lmtp:unix:/var/run/dovecot/lmtp'
fi
if [[ -n ${POSTFIX_DAGENT} ]]; then
__postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
postconf "virtual_transport = ${POSTFIX_DAGENT}"
fi
}
function _setup_postfix_late() {
_log 'debug' 'Configuring Postfix (late setup)'
__postfix__log 'trace' 'Configuring user access'
if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]; then
sed -i -E 's|(smtpd_sender_restrictions =)|\1 check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
fi
if [[ -f /tmp/docker-mailserver/postfix-receive-access.cf ]]; then
sed -i -E 's|(smtpd_recipient_restrictions =)|\1 check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
fi
__postfix__log 'trace' 'Configuring relay host'
_setup_relayhost
__postfix__setup_override_configuration
}
function __postfix__setup_override_configuration() {
__postfix__log 'debug' 'Overriding / adjusting configuration with user-supplied values'
local OVERRIDE_CONFIG_POSTFIX_MAIN='/tmp/docker-mailserver/postfix-main.cf'
if [[ -f ${OVERRIDE_CONFIG_POSTFIX_MAIN} ]]; then
cat "${OVERRIDE_CONFIG_POSTFIX_MAIN}" >>/etc/postfix/main.cf
_adjust_mtime_for_postfix_maincf
# do not directly output to 'main.cf' as this causes a read-write-conflict
postconf -n >/tmp/postfix-main-new.cf 2>/dev/null
mv /tmp/postfix-main-new.cf /etc/postfix/main.cf
_adjust_mtime_for_postfix_maincf
__postfix__log 'trace' "Adjusted '/etc/postfix/main.cf' according to '${OVERRIDE_CONFIG_POSTFIX_MAIN}'"
else
__postfix__log 'trace' "No extra Postfix settings loaded because optional '${OVERRIDE_CONFIG_POSTFIX_MAIN}' was not provided"
fi
local OVERRIDE_CONFIG_POSTFIX_MASTER='/tmp/docker-mailserver/postfix-master.cf'
if [[ -f ${OVERRIDE_CONFIG_POSTFIX_MASTER} ]]; then
while read -r LINE; do
[[ ${LINE} =~ ^[0-9a-z] ]] && postconf -P "${LINE}"
done < <(_get_valid_lines_from_file "${OVERRIDE_CONFIG_POSTFIX_MASTER}")
__postfix__log 'trace' "Adjusted '/etc/postfix/master.cf' according to '${OVERRIDE_CONFIG_POSTFIX_MASTER}'"
else
__postfix__log 'trace' "No extra Postfix settings loaded because optional '${OVERRIDE_CONFIG_POSTFIX_MASTER}' was not provided"
fi
}
function _setup_SRS() {
_log 'debug' 'Setting up SRS'
postconf 'sender_canonical_maps = tcp:localhost:10001'
postconf "sender_canonical_classes = ${SRS_SENDER_CLASSES}"
postconf 'recipient_canonical_maps = tcp:localhost:10002'
postconf 'recipient_canonical_classes = envelope_recipient,header_recipient'
function __generate_secret() {
(
umask 0077
dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64 -w0 >"${1}"
)
}
local POSTSRSD_SECRET_FILE
sed -i "s/localdomain/${SRS_DOMAINNAME}/g" /etc/default/postsrsd
POSTSRSD_SECRET_FILE='/etc/postsrsd.secret'
if [[ -n ${SRS_SECRET} ]]; then
(
umask 0077
echo "${SRS_SECRET}" | tr ',' '\n' >"${POSTSRSD_SECRET_FILE}"
)
else
if [[ ! -f ${POSTSRSD_SECRET_FILE} ]]; then
__generate_secret "${POSTSRSD_SECRET_FILE}"
fi
fi
if [[ -n ${SRS_EXCLUDE_DOMAINS} ]]; then
sedfile -i -E \
"s|^#?(SRS_EXCLUDE_DOMAINS=).*|\1${SRS_EXCLUDE_DOMAINS}|" \
/etc/default/postsrsd
fi
}