From 91387b155905fd6c3cfcd3fa4cbc0a2b7b1892d6 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Thu, 1 Aug 2019 12:04:30 +0000
Subject: [PATCH] Add option to block specific senders

---
 .gitignore                     | 2 +-
 postfix/Dockerfile             | 4 +++-
 postfix/scripts/entrypoint.sh  | 5 +++--
 postfix/scripts/map-hotplug.sh | 7 +++++++
 postfix/scripts/map-virtual.sh | 7 -------
 5 files changed, 14 insertions(+), 11 deletions(-)
 create mode 100755 postfix/scripts/map-hotplug.sh
 delete mode 100755 postfix/scripts/map-virtual.sh

diff --git a/.gitignore b/.gitignore
index 0000a95..e917e96 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-aliases.d
+hotplug.d
 docker-compose.yml
 spool
 vmail
diff --git a/postfix/Dockerfile b/postfix/Dockerfile
index 160db38..188fb80 100644
--- a/postfix/Dockerfile
+++ b/postfix/Dockerfile
@@ -11,6 +11,7 @@ RUN echo '' > /etc/postfix/main.cf \
     && postconf -e myorigin='$mydomain' \
     && postconf -e mynetworks='127.0.0.0/8 [::1]/128' \
     && postconf -e smtpd_recipient_restrictions=' \
+        check_sender_access hash:/etc/postfix/access_sender, \
         reject_non_fqdn_sender, \
         reject_non_fqdn_recipient, \
         reject_unknown_sender_domain, \
@@ -51,7 +52,8 @@ RUN echo '' > /etc/postfix/main.cf \
     && postconf -e enable_long_queue_ids='yes' \
     && postconf -e strict_rfc821_envelopes='yes' \
     && postconf -e maillog_file='/dev/stdout' \
-    && newaliases
+    && newaliases \
+    && touch /etc/postfix/access_sender
 
 RUN cp -r /var/spool/postfix /var/spool/postfix-skel
 
diff --git a/postfix/scripts/entrypoint.sh b/postfix/scripts/entrypoint.sh
index 93f1804..18f6a8f 100755
--- a/postfix/scripts/entrypoint.sh
+++ b/postfix/scripts/entrypoint.sh
@@ -24,7 +24,8 @@ if ! [ -e /var/spool/postfix/.initialized ]; then
     touch /var/spool/postfix/.initialized
 fi
 
-map-virtual.sh c /etc/postfix/aliases.d/ virtual
+map-hotplug.sh c /etc/postfix/hotplug.d/ virtual
+map-hotplug.sh c /etc/postfix/hotplug.d/ access_sender
 
-inotifyd map-virtual.sh /etc/postfix/aliases.d/ &
+inotifyd map-hotplug.sh /etc/postfix/hotplug.d/ &
 /usr/libexec/postfix/master -c /etc/postfix -d
diff --git a/postfix/scripts/map-hotplug.sh b/postfix/scripts/map-hotplug.sh
new file mode 100755
index 0000000..8fd74a1
--- /dev/null
+++ b/postfix/scripts/map-hotplug.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+if [ "$1" == "c" ] && [ "$2" == "/etc/postfix/hotplug.d/" ] && ([ "$3" == "virtual" ] || [ "$3" == "access_sender" ]); then
+    cp "/etc/postfix/hotplug.d/$3" "/etc/postfix/$3"
+    chown root:root "/etc/postfix/$3"
+    postmap "/etc/postfix/$3"
+    echo "$(date +"%b %d %H:%M:%H"): remapped $3"
+fi
diff --git a/postfix/scripts/map-virtual.sh b/postfix/scripts/map-virtual.sh
deleted file mode 100755
index 31601de..0000000
--- a/postfix/scripts/map-virtual.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-if [ "$1" == "c" ] && [ "$2" == "/etc/postfix/aliases.d/" ] && [ "$3" == "virtual" ]; then
-    cp /etc/postfix/aliases.d/virtual /etc/postfix/virtual
-    chown root:root /etc/postfix/virtual
-    postmap /etc/postfix/virtual
-    echo "$(date +"%b %d %H:%M:%H"): remapped virtual aliases"
-fi