diff --git a/templates/start.d/setup_main b/templates/start.d/setup_main index 01fc04a..5979a14 100644 --- a/templates/start.d/setup_main +++ b/templates/start.d/setup_main @@ -1,5 +1,4 @@ #!/bin/bash -set -e # Managing main.cf: # postconf [-dfhHnopvx] [-c config_dir] [-C class,...] [parameter ...] diff --git a/templates/start.d/setup_milter b/templates/start.d/setup_milter index e538c6f..42015d4 100644 --- a/templates/start.d/setup_milter +++ b/templates/start.d/setup_milter @@ -1,15 +1,6 @@ #!/bin/bash -set -e -{{- if getenv "INTERNAL_MAIL_FILTER_CLASSES" }} -postconf internal_mail_filter_classes='{{ getenv "INTERNAL_MAIL_FILTER_CLASSES" }}' -{{- end }} -{{- if getenv "MILTER_DEFAULT_ACTION" }} -postconf milter_default_action='{{ getenv "MILTER_DEFAULT_ACTION" }}' -{{- end }} -{{- if getenv "NON_SMTPD_MILTERS" }} -postconf non_smtpd_milters='{{ getenv "NON_SMTPD_MILTERS" }}' -{{- end }} -{{- if getenv "SMTPD_MILTERS" }} -postconf smtpd_milters='{{ getenv "SMTPD_MILTERS" }}' -{{- end }} +{{ with getenv "INTERNAL_MAIL_FILTER_CLASSES" }}postconf internal_mail_filter_classes='{{.}}'{{ end }} +{{ with getenv "MILTER_DEFAULT_ACTION" }}postconf milter_default_action='{{.}}'{{ end }} +{{ with getenv "NON_SMTPD_MILTERS" }}postconf non_smtpd_milters='{{.}}'{{ end }} +{{ with getenv "SMTPD_MILTERS" }}postconf smtpd_milters='{{.}}'{{ end }} diff --git a/templates/start.d/setup_postscreen b/templates/start.d/setup_postscreen index a0d806b..a788a7d 100644 --- a/templates/start.d/setup_postscreen +++ b/templates/start.d/setup_postscreen @@ -1,5 +1,27 @@ #!/bin/bash -set -e + +#postconf -M smtpd/pass +#postconf -Fh smtp/inet/private smtp/inet/unprivileged smtp/inet/chroot smtp/inet/wakeup smtp/inet/process_limit smtp/inet/command +#postconf -M smtp/inet +#postconf -M tlsproxy/unix +#postconf -M dnsblog/unix +#postconf -h postscreen_access_list +#postconf -h postscreen_dnsbl_sites +#postconf -h postscreen_dnsbl_reply_map +#postconf -h postscreen_dnsbl_action +#postconf -h postscreen_blacklist_action +#postconf -h postscreen_dnsbl_whitelist_threshold +#postconf -h postscreen_greet_action +#postconf -h postscreen_greet_wait + +# NOT SUPPORTED: +#postconf -h postscreen_bare_newline_enable +#postconf -h postscreen_non_smtp_command_enable +#postconf -h postscreen_pipelining_enable +#postconf -h postscreen_bare_newline_action +#postconf -h postscreen_dnsbl_threshold +#postconf -h postscreen_non_smtp_command_action +#postconf -h postscreen_pipelining_action {{ if eq (getenv "POSTSCREEN_ENABLE") "yes" -}} postconf -M smtpd/pass="smtpd pass - - n - - smtpd" @@ -41,30 +63,15 @@ touch /etc/postfix/rules/postscreen_access_list.cidr touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre # main.cf options -{{- if getenv "POSTSCREEN_ACCESS_LIST" }} -postconf -e postscreen_access_list='{{ getenv "POSTSCREEN_ACCESS_LIST" }}' -{{- end }} -{{- if getenv "POSTSCREEN_BLACKLIST_ACTION" }} -postconf -e postscreen_blacklist_action='{{ getenv "POSTSCREEN_BLACKLIST_ACTION" }}' -{{- end }} -{{- if getenv "POSTSCREEN_DNSBL_ACTION" }} -postconf -e postscreen_dnsbl_action='{{ getenv "POSTSCREEN_DNSBL_ACTION" }}' -{{- end }} -{{- if getenv "POSTSCREEN_DNSBL_REPLY_MAP" }} -postconf -e postscreen_dnsbl_reply_map='{{ getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}' -{{- end }} -{{- if getenv "POSTSCREEN_DNSBL_SITES" }} -postconf -e postscreen_dnsbl_sites='{{ getenv "POSTSCREEN_DNSBL_SITES" }}' -{{- end }} -{{- if getenv "POSTSCREEN_DNSBL_THRESHOLD" }} -postconf -e postscreen_dnsbl_threshold='{{ getenv "POSTSCREEN_DNSBL_THRESHOLD" }}' -{{- end }} -{{- if getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }} -postconf -e postscreen_dnsbl_whitelist_threshold='{{ getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}' -{{- end }} -{{- if getenv "POSTSCREEN_GREET_ACTION" }} -postconf -e postscreen_greet_action='{{ getenv "POSTSCREEN_GREET_ACTION" }}' -{{- end }} +# FIXME: allow un-setting options by blanking variable values +{{ with getenv "POSTSCREEN_ACCESS_LIST" }}postconf -e postscreen_access_list='{{.}}'{{ end }} +{{ with getenv "POSTSCREEN_BLACKLIST_ACTION" }}postconf -e postscreen_blacklist_action='{{.}}'{{ end }} +{{ with getenv "POSTSCREEN_DNSBL_ACTION" }}postconf -e postscreen_dnsbl_action='{{.}}'{{ end }} +{{ with getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}postconf -e postscreen_dnsbl_reply_map='{{.}}'{{ end }} +{{ with getenv "POSTSCREEN_DNSBL_SITES" }}postconf -e postscreen_dnsbl_sites='{{.}}'{{ end }} +{{ with getenv "POSTSCREEN_DNSBL_THRESHOLD" }}postconf -e postscreen_dnsbl_threshold='{{.}}'{{ end }} +{{ with getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}postconf -e postscreen_dnsbl_whitelist_threshold='{{.}}'{{ end }} +{{ with getenv "POSTSCREEN_GREET_ACTION" }}postconf -e postscreen_greet_action='{{.}}'{{ end }} {{ else -}} @@ -86,3 +93,25 @@ postconf -X -P smtp/inet/content_filter postconf -M# dnsblog/unix {{ end -}} + +# TODO: access list: +# # Ansible-generated postscreen CIDR access table. You can change this +# # file by setting the host variable `postfix_postscreen_access_list` +# {% for entry in postfix_postscreen_access_list -%} +# { { entry.address } } { { entry.action } } +# {% endfor %} + +# TODO: reply map: +# # postscreen reply map, matching entries will be replaced +# # with the resulting text when telling the source of DNS +# # blacklisting to the remote client. +# # used to mask passwords contained in dnsbl names +# # edit this file by setting the "mask" option for items +# # in the host variable postfix_postscreen_dnsbl_sites +# {% for entry in postfix_postscreen_dnsbl_sites -%} +# {% if entry is mapping -%}{% if entry.mask is defined -%} +# {% if entry.mask is string and entry.mask != "" -%} +# /^{ { entry.site } }$/ { { entry.mask } } +# {% else %} +# /^{ { entry.site } }$/ dnsbl blacklist +# {% endif %}{% endif %}{% endif %}{% endfor %} diff --git a/templates/start.d/setup_relayhost b/templates/start.d/setup_relayhost index 2317a53..d31dbc8 100644 --- a/templates/start.d/setup_relayhost +++ b/templates/start.d/setup_relayhost @@ -1,33 +1,14 @@ #!/bin/bash -set -e -{{- if getenv "RELAYHOST" }} -postconf relayhost='{{ getenv "RELAYHOST" }}' -{{- end }} -{{- if getenv "SMTP_FALLBACK_RELAY" }} -postconf smtp_fallback_relay='{{ getenv "SMTP_FALLBACK_RELAY" }}' -{{- end }} -{{- if getenv "SMTP_SASL_AUTH_ENABLE" }} -postconf smtp_sasl_auth_enable='{{ getenv "SMTP_SASL_AUTH_ENABLE" }}' -{{- end }} -{{- if getenv "SMTP_SASL_PASSWORD_MAPS" }} -postconf smtp_sasl_password_maps='{{ getenv "SMTP_SASL_PASSWORD_MAPS" }}' -{{- end }} -{{- if getenv "SMTP_SASL_SECURITY_OPTIONS" }} -postconf smtp_sasl_security_options='{{ getenv "SMTP_SASL_SECURITY_OPTIONS" }}' -{{- end }} -{{- if getenv "SMTP_TLS_CAFILE" }} -postconf smtp_tls_CAfile='{{ getenv "SMTP_TLS_CAFILE" }}' -{{- end }} -{{- if getenv "SMTP_TLS_MANDATORY_PROTOCOLS" }} -postconf smtp_tls_mandatory_protocols='{{ getenv "SMTP_TLS_MANDATORY_PROTOCOLS" }}' -{{- end }} -{{- if getenv "SMTP_TLS_NOTE_STARTTLS_OFFER" }} -postconf smtp_tls_note_starttls_offer='{{ getenv "SMTP_TLS_NOTE_STARTTLS_OFFER" }}' -{{- end }} -{{- if getenv "SMTP_TLS_SECURITY_LEVEL" }} -postconf smtp_tls_security_level='{{ getenv "SMTP_TLS_SECURITY_LEVEL" }}' -{{- end }} -{{- if getenv "SMTP_TLS_SESSION_CACHE_DATABASE" }} -postconf smtp_tls_session_cache_database='{{ getenv "SMTP_TLS_SESSION_CACHE_DATABASE" }}' -{{- end }} +# These postfix settings allow for sending all mail through a relay host. + +{{ with getenv "RELAYHOST" }}postconf relayhost='{{.}}'{{ end }} +{{ with getenv "SMTP_FALLBACK_RELAY" }}postconf smtp_fallback_relay='{{.}}'{{ end }} +{{ with getenv "SMTP_SASL_AUTH_ENABLE" }}postconf smtp_sasl_auth_enable='{{.}}'{{ end }} +{{ with getenv "SMTP_SASL_PASSWORD_MAPS" }}postconf smtp_sasl_password_maps='{{.}}'{{ end }} +{{ with getenv "SMTP_SASL_SECURITY_OPTIONS" }}postconf smtp_sasl_security_options='{{.}}'{{ end }} +{{ with getenv "SMTP_TLS_CAFILE" }}postconf smtp_tls_CAfile='{{.}}'{{ end }} +{{ with getenv "SMTP_TLS_MANDATORY_PROTOCOLS" }}postconf smtp_tls_mandatory_protocols='{{.}}'{{ end }} +{{ with getenv "SMTP_TLS_NOTE_STARTTLS_OFFER" }}postconf smtp_tls_note_starttls_offer='{{.}}'{{ end }} +{{ with getenv "SMTP_TLS_SECURITY_LEVEL" }}postconf smtp_tls_security_level='{{.}}'{{ end }} +{{ with getenv "SMTP_TLS_SESSION_CACHE_DATABASE" }}postconf smtp_tls_session_cache_database='{{.}}'{{ end }} diff --git a/templates/start.d/setup_submission b/templates/start.d/setup_submission index 6a05121..d0b801e 100644 --- a/templates/start.d/setup_submission +++ b/templates/start.d/setup_submission @@ -1,5 +1,11 @@ #!/bin/bash -set -e + +#postconf -M submission/inet +#postconf -P -h submission/inet/milter_macro_daemon_name +#postconf -P -h submission/inet/smtpd_client_restrictions +#postconf -P -h submission/inet/smtpd_sasl_auth_enable +#postconf -P -h submission/inet/smtpd_tls_security_level +#postconf -P -h submission/inet/syslog_name {{ if eq (getenv "SUBMISSION_ENABLE") "yes" -}} postconf -M submission/inet="submission inet n - n - - smtpd" diff --git a/templates/start.d/spamfilter b/templates/start.d/spamfilter index 899a986..fabf04a 100644 --- a/templates/start.d/spamfilter +++ b/templates/start.d/spamfilter @@ -3,4 +3,4 @@ # pass mail through spam filter Bogofilter # arguments are passed on to sendmail -/usr/bin/bogofilter -d /vmail/bogofilter -p {{ if getenv "BOGOFILTER_HAM_CUTOFF" }}--ham-cutoff '{{ getenv "BOGOFILTER_HAM_CUTOFF" }}'{{ end }} {{ if getenv "BOGOFILTER_SPAM_CUTOFF" }}--spam-cutoff '{{ getenv "BOGOFILTER_SPAM_CUTOFF" }}'{{ end }} | /usr/sbin/sendmail "$@" +/usr/bin/bogofilter -d /vmail/bogofilter -p {{ with getenv "BOGOFILTER_HAM_CUTOFF" }}--ham-cutoff '{{.}}'{{ end }} {{ with getenv "BOGOFILTER_SPAM_CUTOFF" }}--spam-cutoff '{{.}}'{{ end }} | /usr/sbin/sendmail "$@"