Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce ENABLE_DNSBL env #2342

Merged
merged 16 commits into from
Jan 3, 2022
Merged

Conversation

casperklein
Copy link
Member

@casperklein casperklein commented Dec 25, 2021

Description

This PR makes the usage of the postfix/postscreen DNS block lists optional.

Fixes issues like #1927

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Improvement (non-breaking change that does improve existing functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (README.md or the documentation under docs/)
  • If necessary I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@casperklein casperklein added this to the v10.5.0 milestone Dec 25, 2021
@casperklein casperklein self-assigned this Dec 25, 2021
@casperklein casperklein changed the title Introduce ENABLE_DNSBL Introduce ENABLE_DNSBL env Dec 25, 2021
@casperklein casperklein marked this pull request as ready for review December 25, 2021 23:46
@casperklein casperklein requested a review from a team December 25, 2021 23:46
@georglauterbach
Copy link
Member

Not sure whether Postscreen should be affected by this too or not, but you could think about these lines in Postfix's configuration as well:

postscreen_dnsbl_sites = zen.spamhaus.org*3
bl.mailspike.net
b.barracudacentral.org*2
bl.spameatingmonkey.net
dnsbl.sorbs.net
psbl.surriel.com
list.dnswl.org=127.0.[0..255].0*-2
list.dnswl.org=127.0.[0..255].1*-3
list.dnswl.org=127.0.[0..255].[2..3]*-4

@casperklein
Copy link
Member Author

Good catch. I've overlooked that, because in my setup postscreen_dnsbl_sites is empty due a custom postfix-main.cf.

@casperklein casperklein marked this pull request as draft December 26, 2021 11:09
@casperklein casperklein requested a review from a team December 30, 2021 15:24
@casperklein casperklein marked this pull request as ready for review December 30, 2021 15:24
@georglauterbach
Copy link
Member

georglauterbach commented Dec 30, 2021

Just a short question: Why is the variable called ENABLE_DNSBL and the function that is executed disables the variables? Wouldn't it make much more sense to remove the lists from the configuration files and add them if ENABLE_DNSBL=1?

@casperklein
Copy link
Member Author

It did it this way, because currently there is no DISABLE_VAR. This was just done, to align with the existing namings.

@georglauterbach
Copy link
Member

georglauterbach commented Dec 30, 2021

It did it this way, because currently there is no DISABLE_VAR. This was just done, to align with the existing namings.

I'm very much fine with the naming of the variable, just the implementation is logic-wise implemented in exactly the opposite way compared to how I would have done it :) I'd expect the variable to add the lists, not to disable them :D

@casperklein
Copy link
Member Author

casperklein commented Dec 30, 2021

The result is the same. Background: I mainly migrated my personal "remove blocklists" stuff from my user-patches. That's why it's not the other way around.

docs/content/config/environment.md Outdated Show resolved Hide resolved
target/scripts/startup/setup-stack.sh Show resolved Hide resolved
test/mail_dnsbl.bats Show resolved Hide resolved
@casperklein casperklein marked this pull request as draft December 30, 2021 23:51
polarathene
polarathene previously approved these changes Dec 31, 2021
Copy link
Member

@polarathene polarathene left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than concerns raised earlier, LGTM 👍

@polarathene
Copy link
Member

polarathene commented Dec 31, 2021

TLS cipherlist test was failing similar to what @casperklein was experiencing in a separate issue I think, might be an issue with upstream testssl image (still failing).

EDIT: Ran the tests locally and inspected the JSON, noticed that the fs field we would normally check has been changed to serverPreferences instead. Found the relevant PR that introduced that change upstream and opened up a PR to adapt our test to that change. Once that's merged the test will pass again.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 3, 2022

Documentation preview for this PR is ready! 🎉

Built with commit: 54ce77d

@casperklein casperklein merged commit 9d5a9a1 into docker-mailserver:master Jan 3, 2022
@casperklein casperklein deleted the dnsbl branch January 3, 2022 21:03
@polarathene polarathene mentioned this pull request Feb 9, 2023
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants