From fca6ae6360eb5fdb2260dfcec88c94f2ba3ccf20 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Thu, 1 Aug 2019 12:04:30 +0000 Subject: [PATCH] Add option to block specific senders --- .gitignore | 2 +- docker-compose.yml.example | 2 +- postfix/Dockerfile | 4 +++- postfix/scripts/entrypoint.sh | 5 +++-- postfix/scripts/map-hotplug.sh | 7 +++++++ postfix/scripts/map-virtual.sh | 7 ------- 6 files changed, 15 insertions(+), 12 deletions(-) create mode 100755 postfix/scripts/map-hotplug.sh delete mode 100755 postfix/scripts/map-virtual.sh diff --git a/.gitignore b/.gitignore index 0000a95..e917e96 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -aliases.d +hotplug.d docker-compose.yml spool vmail diff --git a/docker-compose.yml.example b/docker-compose.yml.example index ca93217..9e8ef92 100644 --- a/docker-compose.yml.example +++ b/docker-compose.yml.example @@ -16,7 +16,7 @@ services: - LDAP_USER=cn=readonly,dc=example,dc=com - LDAP_PASSWORD=v3rys3cur3 volumes: - - ./aliases.d:/etc/postfix/aliases.d + - ./hotplug.d:/etc/postfix/hotplug.d - ../web/certs/mail.example.com/:/tls/:ro - ./spool/postfix:/var/spool/postfix - dhparams:/etc/postfix/dh-params diff --git a/postfix/Dockerfile b/postfix/Dockerfile index 160db38..188fb80 100644 --- a/postfix/Dockerfile +++ b/postfix/Dockerfile @@ -11,6 +11,7 @@ RUN echo '' > /etc/postfix/main.cf \ && postconf -e myorigin='$mydomain' \ && postconf -e mynetworks='127.0.0.0/8 [::1]/128' \ && postconf -e smtpd_recipient_restrictions=' \ + check_sender_access hash:/etc/postfix/access_sender, \ reject_non_fqdn_sender, \ reject_non_fqdn_recipient, \ reject_unknown_sender_domain, \ @@ -51,7 +52,8 @@ RUN echo '' > /etc/postfix/main.cf \ && postconf -e enable_long_queue_ids='yes' \ && postconf -e strict_rfc821_envelopes='yes' \ && postconf -e maillog_file='/dev/stdout' \ - && newaliases + && newaliases \ + && touch /etc/postfix/access_sender RUN cp -r /var/spool/postfix /var/spool/postfix-skel diff --git a/postfix/scripts/entrypoint.sh b/postfix/scripts/entrypoint.sh index 93f1804..18f6a8f 100755 --- a/postfix/scripts/entrypoint.sh +++ b/postfix/scripts/entrypoint.sh @@ -24,7 +24,8 @@ if ! [ -e /var/spool/postfix/.initialized ]; then touch /var/spool/postfix/.initialized fi -map-virtual.sh c /etc/postfix/aliases.d/ virtual +map-hotplug.sh c /etc/postfix/hotplug.d/ virtual +map-hotplug.sh c /etc/postfix/hotplug.d/ access_sender -inotifyd map-virtual.sh /etc/postfix/aliases.d/ & +inotifyd map-hotplug.sh /etc/postfix/hotplug.d/ & /usr/libexec/postfix/master -c /etc/postfix -d diff --git a/postfix/scripts/map-hotplug.sh b/postfix/scripts/map-hotplug.sh new file mode 100755 index 0000000..8fd74a1 --- /dev/null +++ b/postfix/scripts/map-hotplug.sh @@ -0,0 +1,7 @@ +#!/bin/sh +if [ "$1" == "c" ] && [ "$2" == "/etc/postfix/hotplug.d/" ] && ([ "$3" == "virtual" ] || [ "$3" == "access_sender" ]); then + cp "/etc/postfix/hotplug.d/$3" "/etc/postfix/$3" + chown root:root "/etc/postfix/$3" + postmap "/etc/postfix/$3" + echo "$(date +"%b %d %H:%M:%H"): remapped $3" +fi diff --git a/postfix/scripts/map-virtual.sh b/postfix/scripts/map-virtual.sh deleted file mode 100755 index 31601de..0000000 --- a/postfix/scripts/map-virtual.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -if [ "$1" == "c" ] && [ "$2" == "/etc/postfix/aliases.d/" ] && [ "$3" == "virtual" ]; then - cp /etc/postfix/aliases.d/virtual /etc/postfix/virtual - chown root:root /etc/postfix/virtual - postmap /etc/postfix/virtual - echo "$(date +"%b %d %H:%M:%H"): remapped virtual aliases" -fi