Refactor: gomplate + debian 13 (#1)
All checks were successful
Build Docker images / docker (eumau/postfix, 6) (push) Successful in 13m5s
All checks were successful
Build Docker images / docker (eumau/postfix, 6) (push) Successful in 13m5s
Co-authored-by: Mauro Torrez <mauro@layer7.mx> Reviewed-on: #1
This commit was merged in pull request #1.
This commit is contained in:
77
templates/start.d/setup_main
Executable file
77
templates/start.d/setup_main
Executable file
@@ -0,0 +1,77 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Managing main.cf:
|
||||
# postconf [-dfhHnopvx] [-c config_dir] [-C class,...] [parameter ...]
|
||||
# postconf [-epv] [-c config_dir] parameter=value ...
|
||||
# postconf -# [-pv] [-c config_dir] parameter ...
|
||||
# postconf -X [-pv] [-c config_dir] parameter ...
|
||||
|
||||
# Managing master.cf service entries:
|
||||
# postconf -M [-fovx] [-c config_dir] [service[/type] ...]
|
||||
# postconf -M [-ev] [-c config_dir] service/type=value ...
|
||||
# postconf -M# [-v] [-c config_dir] service/type ...
|
||||
# postconf -MX [-v] [-c config_dir] service/type ...
|
||||
|
||||
# Managing master.cf service fields:
|
||||
# postconf -F [-fhHovx] [-c config_dir] [service[/type[/field]] ...]
|
||||
# postconf -F [-ev] [-c config_dir] service/type/field=value ...
|
||||
|
||||
# Managing master.cf service parameters:
|
||||
# postconf -P [-fhHovx] [-c config_dir] [service[/type[/parameter]] ...]
|
||||
# postconf -P [-ev] [-c config_dir] service/type/parameter=value ...
|
||||
# postconf -PX [-v] [-c config_dir] service/type/parameter ...
|
||||
|
||||
# Managing bounce message templates:
|
||||
# postconf -b [-v] [-c config_dir] [template_file]
|
||||
# postconf -t [-v] [-c config_dir] [template_file]
|
||||
|
||||
# Managing TLS features:
|
||||
# postconf -T mode [-v] [-c config_dir]
|
||||
|
||||
# Managing other configuration:
|
||||
# postconf -a|-A|-l|-m [-v] [-c config_dir]
|
||||
|
||||
postconf maillog_file=/dev/stdout
|
||||
postconf alias_maps=hash:/etc/aliases
|
||||
{{ with getenv "BIFF" }}postconf biff='{{.}}'{{ end }}
|
||||
{{ with getenv "MESSAGE_SIZE_LIMIT" }}postconf message_size_limit='{{.}}'{{ end }}
|
||||
{{ with getenv "MYDESTINATION" }}postconf mydestination='{{.}}'{{ end }}
|
||||
{{ with getenv "MYDOMAIN" }}postconf mydomain='{{.}}'{{ end }}
|
||||
{{ with getenv "MYHOSTNAME" }}postconf myhostname='{{.}}'{{ end }}
|
||||
{{ with getenv "MYNETWORKS" }}postconf mynetworks='{{.}}'{{ end }}
|
||||
{{ with getenv "MYNETWORKS_STYLE" }}postconf mynetworks_style='{{.}}'{{ end }}
|
||||
{{ with getenv "PROPAGATE_UNMATCHED_EXTENSIONS" }}postconf propagate_unmatched_extensions='{{.}}'{{ end }}
|
||||
{{ with getenv "RECIPIENT_DELIMITER" }}postconf recipient_delimiter='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_TLS_SECURITY_LEVEL" }}postconf smtp_tls_security_level='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_CLIENT_RESTRICTIONS" }}postconf smtpd_client_restrictions='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_DATA_RESTRICTIONS" }}postconf smtpd_data_restrictions='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_HELO_REQUIRED" }}postconf smtpd_helo_required='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_HELO_RESTRICTIONS" }}postconf smtpd_helo_restrictions='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_RECIPIENT_RESTRICTIONS" }}postconf smtpd_recipient_restrictions='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_RELAY_RESTRICTIONS" }}postconf smtpd_relay_restrictions='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_SASL_AUTH_ENABLE" }}postconf smtpd_sasl_auth_enable='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_SASL_PATH" }}postconf smtpd_sasl_path='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_SASL_TYPE" }}postconf smtpd_sasl_type='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_TLS_AUTH_ONLY" }}postconf smtpd_tls_auth_only='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_TLS_CERT_FILE" }}postconf smtpd_tls_cert_file='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_TLS_KEY_FILE" }}postconf smtpd_tls_key_file='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_TLS_SECURITY_LEVEL" }}postconf smtpd_tls_security_level='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_TLS_SESSION_CACHE_DATABASE" }}postconf smtpd_tls_session_cache_database='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPUTF8_ENABLE" }}postconf smtputf8_enable='{{.}}'{{ end }}
|
||||
{{ with getenv "VIRTUAL_ALIAS_MAPS" }}postconf virtual_alias_maps='{{.}}'{{ end }}
|
||||
{{ with getenv "VIRTUAL_MAILBOX_DOMAINS" }}postconf virtual_mailbox_domains='{{.}}'{{ end }}
|
||||
{{ with getenv "VIRTUAL_MAILBOX_MAPS" }}postconf virtual_mailbox_maps='{{.}}'{{ end }}
|
||||
{{ with getenv "VIRTUAL_TRANSPORT" }}postconf virtual_transport='{{.}}'{{ end }}
|
||||
|
||||
postconf -M spamfilter/unix | grep -q spamfilter || {
|
||||
postconf -M spamfilter/unix="spamfilter unix - n n - - pipe"
|
||||
}
|
||||
postconf -F spamfilter/unix/private=- \
|
||||
spamfilter/unix/unprivileged=n \
|
||||
spamfilter/unix/chroot=n \
|
||||
spamfilter/unix/wakeup=- \
|
||||
spamfilter/unix/process_limit=- \
|
||||
spamfilter/unix/command='pipe flags=Rq user=vmail argv=/usr/local/bin/spamfilter -oi -f ${sender} ${recipient}'
|
||||
|
||||
# run postmap for all lookup tables
|
||||
postmap_all
|
||||
6
templates/start.d/setup_milter
Executable file
6
templates/start.d/setup_milter
Executable file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{ with getenv "INTERNAL_MAIL_FILTER_CLASSES" }}postconf internal_mail_filter_classes='{{.}}'{{ end }}
|
||||
{{ with getenv "MILTER_DEFAULT_ACTION" }}postconf milter_default_action='{{.}}'{{ end }}
|
||||
{{ with getenv "NON_SMTPD_MILTERS" }}postconf non_smtpd_milters='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTPD_MILTERS" }}postconf smtpd_milters='{{.}}'{{ end }}
|
||||
117
templates/start.d/setup_postscreen
Executable file
117
templates/start.d/setup_postscreen
Executable file
@@ -0,0 +1,117 @@
|
||||
#!/bin/bash
|
||||
|
||||
#postconf -M smtpd/pass
|
||||
#postconf -Fh smtp/inet/private smtp/inet/unprivileged smtp/inet/chroot smtp/inet/wakeup smtp/inet/process_limit smtp/inet/command
|
||||
#postconf -M smtp/inet
|
||||
#postconf -M tlsproxy/unix
|
||||
#postconf -M dnsblog/unix
|
||||
#postconf -h postscreen_access_list
|
||||
#postconf -h postscreen_dnsbl_sites
|
||||
#postconf -h postscreen_dnsbl_reply_map
|
||||
#postconf -h postscreen_dnsbl_action
|
||||
#postconf -h postscreen_blacklist_action
|
||||
#postconf -h postscreen_dnsbl_whitelist_threshold
|
||||
#postconf -h postscreen_greet_action
|
||||
#postconf -h postscreen_greet_wait
|
||||
|
||||
# NOT SUPPORTED:
|
||||
#postconf -h postscreen_bare_newline_enable
|
||||
#postconf -h postscreen_non_smtp_command_enable
|
||||
#postconf -h postscreen_pipelining_enable
|
||||
#postconf -h postscreen_bare_newline_action
|
||||
#postconf -h postscreen_dnsbl_threshold
|
||||
#postconf -h postscreen_non_smtp_command_action
|
||||
#postconf -h postscreen_pipelining_action
|
||||
|
||||
{{ if eq (getenv "POSTSCREEN_ENABLE") "yes" -}}
|
||||
postconf -M smtpd/pass="smtpd pass - - n - - smtpd"
|
||||
postconf -F smtpd/pass/private=- \
|
||||
smtpd/pass/unprivileged=- \
|
||||
smtpd/pass/chroot=n \
|
||||
smtpd/pass/wakeup=- \
|
||||
smtpd/pass/process_limit=- \
|
||||
smtpd/pass/command="smtpd"
|
||||
postconf -F smtp/inet/private=n \
|
||||
smtp/inet/unprivileged=- \
|
||||
smtp/inet/chroot=n \
|
||||
smtp/inet/wakeup=- \
|
||||
smtp/inet/process_limit=1 \
|
||||
smtp/inet/command="postscreen"
|
||||
postconf -M tlsproxy/unix="tlsproxy unix - - n - 0 tlsproxy"
|
||||
postconf -F tlsproxy/unix/private=- \
|
||||
tlsproxy/unix/unprivileged=- \
|
||||
tlsproxy/unix/chroot=n \
|
||||
tlsproxy/unix/wakeup=- \
|
||||
tlsproxy/unix/process_limit=0 \
|
||||
tlsproxy/unix/command="tlsproxy"
|
||||
postconf -M dnsblog/unix="dnsblog unix - - n - 0 dnsblog"
|
||||
postconf -F dnsblog/unix/private=- \
|
||||
dnsblog/unix/unprivileged=- \
|
||||
dnsblog/unix/chroot=n \
|
||||
dnsblog/unix/wakeup=- \
|
||||
dnsblog/unix/process_limit=0 \
|
||||
dnsblog/unix/command="dnsblog"
|
||||
|
||||
{{ if eq (getenv "BOGOFILTER_ENABLE") "yes" -}}
|
||||
postconf -P smtpd/pass/content_filter=spamfilter
|
||||
{{ else -}}
|
||||
postconf -X -P smtpd/pass/content_filter
|
||||
{{ end -}}
|
||||
|
||||
# FIXME: template tables instead of creating empty files
|
||||
touch /etc/postfix/rules/postscreen_access_list.cidr
|
||||
touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre
|
||||
|
||||
# main.cf options
|
||||
# FIXME: allow un-setting options by blanking variable values
|
||||
{{ with getenv "POSTSCREEN_ACCESS_LIST" }}postconf -e postscreen_access_list='{{.}}'{{ end }}
|
||||
{{ with getenv "POSTSCREEN_BLACKLIST_ACTION" }}postconf -e postscreen_blacklist_action='{{.}}'{{ end }}
|
||||
{{ with getenv "POSTSCREEN_DNSBL_ACTION" }}postconf -e postscreen_dnsbl_action='{{.}}'{{ end }}
|
||||
{{ with getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}postconf -e postscreen_dnsbl_reply_map='{{.}}'{{ end }}
|
||||
{{ with getenv "POSTSCREEN_DNSBL_SITES" }}postconf -e postscreen_dnsbl_sites='{{.}}'{{ end }}
|
||||
{{ with getenv "POSTSCREEN_DNSBL_THRESHOLD" }}postconf -e postscreen_dnsbl_threshold='{{.}}'{{ end }}
|
||||
{{ with getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}postconf -e postscreen_dnsbl_whitelist_threshold='{{.}}'{{ end }}
|
||||
{{ with getenv "POSTSCREEN_GREET_ACTION" }}postconf -e postscreen_greet_action='{{.}}'{{ end }}
|
||||
|
||||
{{ else -}}
|
||||
|
||||
# disable postscreen
|
||||
postconf -M# smtpd/pass
|
||||
postconf -F smtp/inet/private=n \
|
||||
smtp/inet/unprivileged=- \
|
||||
smtp/inet/chroot=n \
|
||||
smtp/inet/wakeup=- \
|
||||
smtp/inet/process_limit=- \
|
||||
smtp/inet/command="smtpd"
|
||||
|
||||
{{ if eq (getenv "BOGOFILTER_ENABLE") "yes" -}}
|
||||
postconf -P smtp/inet/content_filter=spamfilter
|
||||
{{ else -}}
|
||||
postconf -X -P smtp/inet/content_filter
|
||||
{{ end -}}
|
||||
|
||||
postconf -M# dnsblog/unix
|
||||
|
||||
{{ end -}}
|
||||
|
||||
# TODO: access list:
|
||||
# # Ansible-generated postscreen CIDR access table. You can change this
|
||||
# # file by setting the host variable `postfix_postscreen_access_list`
|
||||
# {% for entry in postfix_postscreen_access_list -%}
|
||||
# { { entry.address } } { { entry.action } }
|
||||
# {% endfor %}
|
||||
|
||||
# TODO: reply map:
|
||||
# # postscreen reply map, matching entries will be replaced
|
||||
# # with the resulting text when telling the source of DNS
|
||||
# # blacklisting to the remote client.
|
||||
# # used to mask passwords contained in dnsbl names
|
||||
# # edit this file by setting the "mask" option for items
|
||||
# # in the host variable postfix_postscreen_dnsbl_sites
|
||||
# {% for entry in postfix_postscreen_dnsbl_sites -%}
|
||||
# {% if entry is mapping -%}{% if entry.mask is defined -%}
|
||||
# {% if entry.mask is string and entry.mask != "" -%}
|
||||
# /^{ { entry.site } }$/ { { entry.mask } }
|
||||
# {% else %}
|
||||
# /^{ { entry.site } }$/ dnsbl blacklist
|
||||
# {% endif %}{% endif %}{% endif %}{% endfor %}
|
||||
14
templates/start.d/setup_relayhost
Executable file
14
templates/start.d/setup_relayhost
Executable file
@@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
# These postfix settings allow for sending all mail through a relay host.
|
||||
|
||||
{{ with getenv "RELAYHOST" }}postconf relayhost='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_FALLBACK_RELAY" }}postconf smtp_fallback_relay='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_SASL_AUTH_ENABLE" }}postconf smtp_sasl_auth_enable='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_SASL_PASSWORD_MAPS" }}postconf smtp_sasl_password_maps='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_SASL_SECURITY_OPTIONS" }}postconf smtp_sasl_security_options='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_TLS_CAFILE" }}postconf smtp_tls_CAfile='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_TLS_MANDATORY_PROTOCOLS" }}postconf smtp_tls_mandatory_protocols='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_TLS_NOTE_STARTTLS_OFFER" }}postconf smtp_tls_note_starttls_offer='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_TLS_SECURITY_LEVEL" }}postconf smtp_tls_security_level='{{.}}'{{ end }}
|
||||
{{ with getenv "SMTP_TLS_SESSION_CACHE_DATABASE" }}postconf smtp_tls_session_cache_database='{{.}}'{{ end }}
|
||||
25
templates/start.d/setup_submission
Executable file
25
templates/start.d/setup_submission
Executable file
@@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
#postconf -M submission/inet
|
||||
#postconf -P -h submission/inet/milter_macro_daemon_name
|
||||
#postconf -P -h submission/inet/smtpd_client_restrictions
|
||||
#postconf -P -h submission/inet/smtpd_sasl_auth_enable
|
||||
#postconf -P -h submission/inet/smtpd_tls_security_level
|
||||
#postconf -P -h submission/inet/syslog_name
|
||||
|
||||
{{ if eq (getenv "SUBMISSION_ENABLE") "yes" -}}
|
||||
postconf -M submission/inet="submission inet n - n - - smtpd"
|
||||
postconf -F submission/inet/private=n \
|
||||
submission/inet/unprivileged=- \
|
||||
submission/inet/chroot=n submission/inet/wakeup=- \
|
||||
submission/inet/process_limit=- \
|
||||
submission/inet/command="smtpd"
|
||||
postconf -P -e submission/inet/milter_macro_daemon_name="ORIGINATING"
|
||||
postconf -P -e submission/inet/smtpd_client_restrictions="permit_sasl_authenticated,reject"
|
||||
postconf -P -e submission/inet/smtpd_helo_restrictions="permit"
|
||||
postconf -P -e submission/inet/smtpd_sasl_auth_enable="yes"
|
||||
postconf -P -e submission/inet/smtpd_tls_security_level="encrypt"
|
||||
postconf -P -e submission/inet/syslog_name="postfix/submission"
|
||||
{{ else -}}
|
||||
postconf -M# submission/inet
|
||||
{{ end -}}
|
||||
6
templates/start.d/spamfilter
Executable file
6
templates/start.d/spamfilter
Executable file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# pass mail through spam filter Bogofilter
|
||||
# arguments are passed on to sendmail
|
||||
|
||||
/usr/bin/bogofilter -d /vmail/bogofilter -p {{ with getenv "BOGOFILTER_HAM_CUTOFF" }}--ham-cutoff '{{.}}'{{ end }} {{ with getenv "BOGOFILTER_SPAM_CUTOFF" }}--spam-cutoff '{{.}}'{{ end }} | /usr/sbin/sendmail "$@"
|
||||
Reference in New Issue
Block a user