New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: relay.sh
#3845
refactor: relay.sh
#3845
Conversation
The functionality is effectively the same for the two configs for the most part when it comes to parsing out a domain from the target value. Virtual aliases is more flexible in value, which may not have a domain-part present (manual user edit).
012815c
to
366da36
Compare
- Moves the "handle changes" logic into it's own scoped function, out of the main change detection loop logic. - This will be benefit a future commit change that will rely on `VHOST_UPDATED=1`.
- Better phrasing of the current logic comments. - Regex patterns assigned to variables (easier to grok intention) - Bulk of the logic for generating `/etc/postfix/relayhost_map` wrapped into a separate function with Postfix config setting handled separately.
- Split the two distinct features that configure `/etc/postfix/relayhost_map` into separate functions (_`MATCH_VALID` var no longer needed for legacy support_). - Instead of extracting domains from `postfix-accounts.cf` + `postfix-virtual.cf`, this has already been handled at `/etc/postfix/vhost`, sourcing from there is far less complicated. - Rename loop var `DOMAIN_PART`to `SENDER_DOMAIN` for better context of what it represents when appended to the config file. - Revised maintenance notes + guidance towards a future refactor of this relayhost feature support.
- Remove comment regarding `smtp_sasl_password_maps = static:${RELAY_USER}:${RELAY_PASSWORD}`, it could be used but `main.cf` presently has `644` permissions vs the `sasl_passwd` file permissions of `600`, less secure at preventing leaking of secrets (ignoring the ENV exposure itself). - Move the `main.cf` settings specific to relayhost credentials support / security into to the relevant function scope instead. This also allows for the configuration to be applied by a change detection event without container restart requirement. - Outer functions for setup and change detection to call have a clearer config dependency guard, as does the `_legacy_support()`. - These changes now support `DEFAULT_RELAY_HOST` to leverage the relay credentials ENV as well. - `DATABASE_RELAYHOSTS` is available in scope to the functions called here that reference it.
366da36
to
02ec9d7
Compare
Tests are a bit lacking for this feature presently, although I'm fairly confident the PR isn't doing anything not covered in the changelog. |
Better quality guidance on configuring relay hosts.
44c5da0
to
a5feec5
Compare
I will review in an hour or so ๐ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall LGTM ๐๐ผ Much cleaner to read now! I have some nitpicks in the scripts for you to address still :)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
Documentation preview for this PR is ready! ๐ Built with commit: 59f5638 |
Description
While revising the docs on this feature, I was reminded how frustratingly awkward the current implementation is ๐ฎโ๐จ
So I've detoured to make some changes there:
relay.sh
: Much better maintainer comments + simplified logic + fixes.check-for-changes.sh
+postfix.sh
, primarilyVHOST_UPDATED
addition + comment revisions.DEFAULT_RELAY_HOST
to support credentials without redundantly needingRELAY_HOST
, which should better help cater to this recent use-case bug report (the opposite,RELAY_HOST
when set enforced credentials).Changes have been staged out into scoped commits with individual commit messages for added context. If you want an easier set of diffs to review through, that'd be a nicer experience to work through ๐
Two other docs pages for the relay host feature will be revised as a separate follow-up PR.
Context
RELAY_PASSWORD
ENV for credentials and just handling that directly in the user configuration file instead.relay.sh
implementation prior to this PR.relay.sh
comments) and this follow-up commentcompose.yaml
local test environment with several DMS instances configured for relaying is available:compose.yaml
file: SettingRELAY_HOST
forces expectation to provide relay credentialsย #3842 (comment)compose.yaml
+ multiple files for CoreDNS config: relaying: mails are not relayed with implicit tls (465) / improve scripts & configurationย #2601 (comment)Type of change
Checklist:
docs/
)CHANGELOG.md