Disable SMTPUTF8 by default

2022-12-16 19:26:42 -03:00 · 2022-12-16 19:26:42 -03:00 · 86ebc1a6a2
commit 86ebc1a6a2
parent de65305e35
7 changed files with 86 additions and 83 deletions
--- a/71
+++ b/71
@ -3,41 +3,27 @@ LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C

-ENV MYDESTINATION="localhost.localdomain, localhost"
-ENV MYHOSTNAME=mail.example.com
-ENV MYDOMAIN=example.com
-ENV MYNETWORKS=""
-ENV MYNETWORKS_STYLE=class
-ENV VIRTUAL_ALIAS_MAPS=
-ENV VIRTUAL_MAILBOX_MAPS=
-ENV VIRTUAL_TRANSPORT=lmtp:dovecot:24
-ENV VIRTUAL_MAILBOX_DOMAINS=example.com
-ENV SMTPD_SASL_PATH=inet:dovecot:12345
-ENV SMTPD_SASL_TYPE=dovecot
-ENV SMTPD_SASL_AUTH_ENABLE=no
-ENV SMTPD_TLS_CERT_FILE=/ssl/cert.pem
-ENV SMTPD_TLS_KEY_FILE=/ssl/key.pem
-ENV SMTP_TLS_SECURITY_LEVEL=may
-ENV SMTPD_TLS_SECURITY_LEVEL=may
-ENV SMTPD_TLS_AUTH_ONLY=no
-ENV SMTPD_TLS_SESSION_CACHE_DATABASE="btree:\${data_directory}/smtpd_scache"
-ENV SMTPD_CLIENT_RESTRICTIONS="check_client_access pcre:/etc/postfix/rules/client_access_list, permit_sasl_authenticated, permit_mynetworks, reject_unknown_client_hostname, reject_unauth_pipelining, permit"
-ENV SMTPD_DATA_RESTRICTIONS="reject_unauth_pipelining, permit"
-ENV SMTPD_HELO_RESTRICTIONS="check_helo_access hash:/etc/postfix/rules/helo_access_list, permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, warn_if_reject, permit"
-ENV SMTPD_RELAY_RESTRICTIONS="permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit"
-ENV SMTPD_RECIPIENT_RESTRICTIONS="check_recipient_access hash:/etc/postfix/rules/recipient_access_list, permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, permit"
-ENV MESSAGE_SIZE_LIMIT=31457280
-ENV SMTPD_HELO_REQUIRED=yes
 ENV BIFF=no
-ENV SUBMISSION_ENABLE=no
-ENV POSTSCREEN_ENABLE=no
+ENV BOGOFILTER_ENABLE="yes"
+ENV BOGOFILTER_HAM_CUTOFF="0.499999"
+ENV BOGOFILTER_SPAM_CUTOFF="0.499999"
+ENV INTERNAL_MAIL_FILTER_CLASSES=bounce
+ENV MESSAGE_SIZE_LIMIT=31457280
+ENV MILTER_DEFAULT_ACTION=accept
+ENV MYDESTINATION="localhost.localdomain, localhost"
+ENV MYDOMAIN=example.com
+ENV MYHOSTNAME=mail.example.com
+ENV MYNETWORKS_STYLE=class
+ENV MYNETWORKS=""
+ENV NON_SMTPD_MILTERS="\$smtpd_milters"
 ENV POSTSCREEN_ACCESS_LIST="cidr:/etc/postfix/rules/postscreen_access_list.cidr, permit_mynetworks"
-ENV POSTSCREEN_DNSBL_SITES="zen.spamhaus.org*3, b.barracudacentral.org*2, bl.spameatingmonkey.net*2, bl.spamcop.net, dnsbl.sorbs.net, psbl.surriel.com, bl.mailspike.net, swl.spamhaus.org*-4"
-ENV POSTSCREEN_DNSBL_REPLY_MAP="pcre:/etc/postfix/rules/postscreen_dnsbl_mask.pcre"
 ENV POSTSCREEN_BLACKLIST_ACTION="drop"
 ENV POSTSCREEN_DNSBL_ACTION="enforce"
+ENV POSTSCREEN_DNSBL_REPLY_MAP="pcre:/etc/postfix/rules/postscreen_dnsbl_mask.pcre"
+ENV POSTSCREEN_DNSBL_SITES="zen.spamhaus.org*3, b.barracudacentral.org*2, bl.spameatingmonkey.net*2, bl.spamcop.net, dnsbl.sorbs.net, psbl.surriel.com, bl.mailspike.net, swl.spamhaus.org*-4"
 ENV POSTSCREEN_DNSBL_THRESHOLD="3"
 ENV POSTSCREEN_DNSBL_WHITELIST_THRESHOLD="-1"
+ENV POSTSCREEN_ENABLE=no
 ENV POSTSCREEN_GREET_ACTION="enforce"
 ENV RELAYHOST=""
 ENV SMTP_FALLBACK_RELAY=""
@ -48,14 +34,29 @@ ENV SMTP_TLS_CAFILE=""
 ENV SMTP_TLS_MANDATORY_PROTOCOLS=""
 ENV SMTP_TLS_NOTE_STARTTLS_OFFER=""
 ENV SMTP_TLS_SECURITY_LEVEL=""
+ENV SMTP_TLS_SECURITY_LEVEL=may
 ENV SMTP_TLS_SESSION_CACHE_DATABASE=""
+ENV SMTPD_CLIENT_RESTRICTIONS="check_client_access pcre:/etc/postfix/rules/client_access_list, permit_sasl_authenticated, permit_mynetworks, reject_unknown_client_hostname, reject_unauth_pipelining, permit"
+ENV SMTPD_DATA_RESTRICTIONS="reject_unauth_pipelining, permit"
+ENV SMTPD_HELO_REQUIRED=yes
+ENV SMTPD_HELO_RESTRICTIONS="check_helo_access hash:/etc/postfix/rules/helo_access_list, permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, warn_if_reject, permit"
 ENV SMTPD_MILTERS=""
-ENV NON_SMTPD_MILTERS="\$smtpd_milters"
-ENV MILTER_DEFAULT_ACTION=accept
-ENV INTERNAL_MAIL_FILTER_CLASSES=bounce
-ENV BOGOFILTER_ENABLE="yes"
-ENV BOGOFILTER_HAM_CUTOFF="0.499999"
-ENV BOGOFILTER_SPAM_CUTOFF="0.499999"
+ENV SMTPD_RECIPIENT_RESTRICTIONS="check_recipient_access hash:/etc/postfix/rules/recipient_access_list, permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, permit"
+ENV SMTPD_RELAY_RESTRICTIONS="permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit"
+ENV SMTPD_SASL_AUTH_ENABLE=no
+ENV SMTPD_SASL_PATH=inet:dovecot:12345
+ENV SMTPD_SASL_TYPE=dovecot
+ENV SMTPD_TLS_AUTH_ONLY=no
+ENV SMTPD_TLS_CERT_FILE=/ssl/cert.pem
+ENV SMTPD_TLS_KEY_FILE=/ssl/key.pem
+ENV SMTPD_TLS_SECURITY_LEVEL=may
+ENV SMTPD_TLS_SESSION_CACHE_DATABASE="btree:\${data_directory}/smtpd_scache"
+ENV SMTPUTF8_ENABLE="no"
+ENV SUBMISSION_ENABLE=no
+ENV VIRTUAL_ALIAS_MAPS=
+ENV VIRTUAL_MAILBOX_DOMAINS=example.com
+ENV VIRTUAL_MAILBOX_MAPS=
+ENV VIRTUAL_TRANSPORT=lmtp:dovecot:24

 # TODO: template access lists

--- a/confd/conf.d/setup_main.toml
+++ b/confd/conf.d/setup_main.toml
@ -3,30 +3,31 @@ src = "setup_main.tmpl"
 dest = "/start.d/setup_main"
 mode = "0755"
 keys = [
+"/biff",
+"/message/size/limit",
 "/mydestination",
-"/myhostname",
 "/mydomain",
+"/myhostname",
 "/mynetworks",
 "/mynetworks/style",
-"/virtual/alias/maps",
-"/virtual/mailbox/maps",
-"/virtual/transport",
-"/virtual/mailbox/domains",
-"/smtpd/sasl/path",
-"/smtpd/sasl/type",
-"/smtpd/sasl/auth/enable",
-"/smtpd/tls/cert/file",
-"/smtpd/tls/key/file",
 "/smtp/tls/security/level",
-"/smtpd/tls/security/level",
-"/smtpd/tls/auth/only",
-"/smtpd/tls/session/cache/database",
 "/smtpd/client/restrictions",
 "/smtpd/data/restrictions",
-"/smtpd/helo/restrictions",
-"/smtpd/relay/restrictions",
-"/smtpd/recipient/restrictions",
-"/message/size/limit",
 "/smtpd/helo/required",
-"/biff",
+"/smtpd/helo/restrictions",
+"/smtpd/recipient/restrictions",
+"/smtpd/relay/restrictions",
+"/smtpd/sasl/auth/enable",
+"/smtpd/sasl/path",
+"/smtpd/sasl/type",
+"/smtpd/tls/auth/only",
+"/smtpd/tls/cert/file",
+"/smtpd/tls/key/file",
+"/smtpd/tls/security/level",
+"/smtpd/tls/session/cache/database",
+"/smtputf8/enable",
+"/virtual/alias/maps",
+"/virtual/mailbox/domains",
+"/virtual/mailbox/maps",
+"/virtual/transport",
 ]
--- a/confd/conf.d/setup_milter.toml
+++ b/confd/conf.d/setup_milter.toml
@ -3,8 +3,8 @@ src = "setup_milter.tmpl"
 dest = "/start.d/setup_milter"
 mode = "0755"
 keys = [
-"/smtpd/milters",
-"/non/smtpd/milters",
-"/milter/default/action",
 "/internal/mail/filter/classes",
+"/milter/default/action",
+"/non/smtpd/milters",
+"/smtpd/milters",
 ]
--- a/confd/conf.d/setup_postscreen.toml
+++ b/confd/conf.d/setup_postscreen.toml
@ -3,14 +3,14 @@ src = "setup_postscreen.tmpl"
 dest = "/start.d/setup_postscreen"
 mode = "0755"
 keys = [
-"/postscreen/enable",
+"/bogofilter/enable",
 "/postscreen/access/list",
 "/postscreen/blacklist/action",
-"/postscreen/dnsbl/sites",
-"/postscreen/dnsbl/reply/map",
 "/postscreen/dnsbl/action",
+"/postscreen/dnsbl/reply/map",
+"/postscreen/dnsbl/sites",
 "/postscreen/dnsbl/threshold",
 "/postscreen/dnsbl/whitelist/threshold",
+"/postscreen/enable",
 "/postscreen/greet/action",
-"/bogofilter/enable",
 ]
--- a/confd/templates/setup_main.tmpl
+++ b/confd/templates/setup_main.tmpl
@ -33,32 +33,33 @@

 postconf maillog_file=/dev/stdout
 postconf alias_maps=hash:/etc/aliases
+{{ with getv "/biff" }}postconf biff='{{.}}'{{ end }}
+{{ with getv "/message/size/limit" }}postconf message_size_limit='{{.}}'{{ end }}
 {{ with getv "/mydestination" }}postconf mydestination='{{.}}'{{ end }}
-{{ with getv "/myhostname" }}postconf myhostname='{{.}}'{{ end }}
 {{ with getv "/mydomain" }}postconf mydomain='{{.}}'{{ end }}
+{{ with getv "/myhostname" }}postconf myhostname='{{.}}'{{ end }}
 {{ with getv "/mynetworks" }}postconf mynetworks='{{.}}'{{ end }}
 {{ with getv "/mynetworks/style" }}postconf mynetworks_style='{{.}}'{{ end }}
-{{ with getv "/virtual/alias/maps" }}postconf virtual_alias_maps='{{.}}'{{ end }}
-{{ with getv "/virtual/mailbox/maps" }}postconf virtual_mailbox_maps='{{.}}'{{ end }}
-{{ with getv "/virtual/transport" }}postconf virtual_transport='{{.}}'{{ end }}
-{{ with getv "/virtual/mailbox/domains" }}postconf virtual_mailbox_domains='{{.}}'{{ end }}
-{{ with getv "/smtpd/sasl/path" }}postconf smtpd_sasl_path='{{.}}'{{ end }}
-{{ with getv "/smtpd/sasl/type" }}postconf smtpd_sasl_type='{{.}}'{{ end }}
-{{ with getv "/smtpd/sasl/auth/enable" }}postconf smtpd_sasl_auth_enable='{{.}}'{{ end }}
-{{ with getv "/smtpd/tls/cert/file" }}postconf smtpd_tls_cert_file='{{.}}'{{ end }}
-{{ with getv "/smtpd/tls/key/file" }}postconf smtpd_tls_key_file='{{.}}'{{ end }}
 {{ with getv "/smtp/tls/security/level" }}postconf smtp_tls_security_level='{{.}}'{{ end }}
-{{ with getv "/smtpd/tls/security/level" }}postconf smtpd_tls_security_level='{{.}}'{{ end }}
-{{ with getv "/smtpd/tls/auth/only" }}postconf smtpd_tls_auth_only='{{.}}'{{ end }}
-{{ with getv "/smtpd/tls/session/cache/database" }}postconf smtpd_tls_session_cache_database='{{.}}'{{ end }}
 {{ with getv "/smtpd/client/restrictions" }}postconf smtpd_client_restrictions='{{.}}'{{ end }}
 {{ with getv "/smtpd/data/restrictions" }}postconf smtpd_data_restrictions='{{.}}'{{ end }}
-{{ with getv "/smtpd/helo/restrictions" }}postconf smtpd_helo_restrictions='{{.}}'{{ end }}
-{{ with getv "/smtpd/relay/restrictions" }}postconf smtpd_relay_restrictions='{{.}}'{{ end }}
-{{ with getv "/smtpd/recipient/restrictions" }}postconf smtpd_recipient_restrictions='{{.}}'{{ end }}
-{{ with getv "/message/size/limit" }}postconf message_size_limit='{{.}}'{{ end }}
 {{ with getv "/smtpd/helo/required" }}postconf smtpd_helo_required='{{.}}'{{ end }}
-{{ with getv "/biff" }}postconf biff='{{.}}'{{ end }}
+{{ with getv "/smtpd/helo/restrictions" }}postconf smtpd_helo_restrictions='{{.}}'{{ end }}
+{{ with getv "/smtpd/recipient/restrictions" }}postconf smtpd_recipient_restrictions='{{.}}'{{ end }}
+{{ with getv "/smtpd/relay/restrictions" }}postconf smtpd_relay_restrictions='{{.}}'{{ end }}
+{{ with getv "/smtpd/sasl/auth/enable" }}postconf smtpd_sasl_auth_enable='{{.}}'{{ end }}
+{{ with getv "/smtpd/sasl/path" }}postconf smtpd_sasl_path='{{.}}'{{ end }}
+{{ with getv "/smtpd/sasl/type" }}postconf smtpd_sasl_type='{{.}}'{{ end }}
+{{ with getv "/smtpd/tls/auth/only" }}postconf smtpd_tls_auth_only='{{.}}'{{ end }}
+{{ with getv "/smtpd/tls/cert/file" }}postconf smtpd_tls_cert_file='{{.}}'{{ end }}
+{{ with getv "/smtpd/tls/key/file" }}postconf smtpd_tls_key_file='{{.}}'{{ end }}
+{{ with getv "/smtpd/tls/security/level" }}postconf smtpd_tls_security_level='{{.}}'{{ end }}
+{{ with getv "/smtpd/tls/session/cache/database" }}postconf smtpd_tls_session_cache_database='{{.}}'{{ end }}
+{{ with getv "/smtputf8/enable" }}postconf smtputf8_enable='{{.}}'{{ end }}
+{{ with getv "/virtual/alias/maps" }}postconf virtual_alias_maps='{{.}}'{{ end }}
+{{ with getv "/virtual/mailbox/domains" }}postconf virtual_mailbox_domains='{{.}}'{{ end }}
+{{ with getv "/virtual/mailbox/maps" }}postconf virtual_mailbox_maps='{{.}}'{{ end }}
+{{ with getv "/virtual/transport" }}postconf virtual_transport='{{.}}'{{ end }}

 postconf -M spamfilter/unix | grep -q spamfilter || {
    postconf -M spamfilter/unix="spamfilter unix - n n - - pipe"
--- a/confd/templates/setup_milter.tmpl
+++ b/confd/templates/setup_milter.tmpl
@ -1,6 +1,6 @@
 #!/bin/bash

-{{ with getv "/smtpd/milters" }}postconf smtpd_milters='{{.}}'{{ end }}
-{{ with getv "/non/smtpd/milters" }}postconf non_smtpd_milters='{{.}}'{{ end }}
-{{ with getv "/milter/default/action" }}postconf milter_default_action='{{.}}'{{ end }}
 {{ with getv "/internal/mail/filter/classes" }}postconf internal_mail_filter_classes='{{.}}'{{ end }}
+{{ with getv "/milter/default/action" }}postconf milter_default_action='{{.}}'{{ end }}
+{{ with getv "/non/smtpd/milters" }}postconf non_smtpd_milters='{{.}}'{{ end }}
+{{ with getv "/smtpd/milters" }}postconf smtpd_milters='{{.}}'{{ end }}
--- a/confd/templates/setup_postscreen.tmpl
+++ b/confd/templates/setup_postscreen.tmpl
@ -66,9 +66,9 @@ touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre
 # FIXME: allow un-setting options by blanking variable values
 {{ with getv "/postscreen/access/list" }}postconf -e postscreen_access_list='{{.}}'{{ end }}
 {{ with getv "/postscreen/blacklist/action" }}postconf -e postscreen_blacklist_action='{{.}}'{{ end }}
-{{ with getv "/postscreen/dnsbl/sites" }}postconf -e postscreen_dnsbl_sites='{{.}}'{{ end }}
-{{ with getv "/postscreen/dnsbl/reply/map" }}postconf -e postscreen_dnsbl_reply_map='{{.}}'{{ end }}
 {{ with getv "/postscreen/dnsbl/action" }}postconf -e postscreen_dnsbl_action='{{.}}'{{ end }}
+{{ with getv "/postscreen/dnsbl/reply/map" }}postconf -e postscreen_dnsbl_reply_map='{{.}}'{{ end }}
+{{ with getv "/postscreen/dnsbl/sites" }}postconf -e postscreen_dnsbl_sites='{{.}}'{{ end }}
 {{ with getv "/postscreen/dnsbl/threshold" }}postconf -e postscreen_dnsbl_threshold='{{.}}'{{ end }}
 {{ with getv "/postscreen/dnsbl/whitelist/threshold" }}postconf -e postscreen_dnsbl_whitelist_threshold='{{.}}'{{ end }}
 {{ with getv "/postscreen/greet/action" }}postconf -e postscreen_greet_action='{{.}}'{{ end }}