mauro/docker-image-postfix
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Refactor: gomplate + debian 13 #1

Merged
mauro merged 5 commits from feature/debian-13-gomplate-refactor into main 2026-01-18 03:51:53 +00:00
Conversation 0 Commits 5 Files Changed 22 +78 -72
6 changed files with 78 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 6d922d3abe - Show all commits

1
templates/start.d/setup_main
View File

@@ -1,5 +1,4 @@
#!/bin/bash #!/bin/bash
set -e
# Managing main.cf: # Managing main.cf:
# postconf [-dfhHnopvx] [-c config_dir] [-C class,...] [parameter ...] # postconf [-dfhHnopvx] [-c config_dir] [-C class,...] [parameter ...]

17
templates/start.d/setup_milter
View File

@@ -1,15 +1,6 @@
#!/bin/bash #!/bin/bash
set -e
{{- if getenv "INTERNAL_MAIL_FILTER_CLASSES" }} {{ with getenv "INTERNAL_MAIL_FILTER_CLASSES" }}postconf internal_mail_filter_classes='{{.}}'{{ end }}
postconf internal_mail_filter_classes='{{ getenv "INTERNAL_MAIL_FILTER_CLASSES" }}' {{ with getenv "MILTER_DEFAULT_ACTION" }}postconf milter_default_action='{{.}}'{{ end }}
{{- end }} {{ with getenv "NON_SMTPD_MILTERS" }}postconf non_smtpd_milters='{{.}}'{{ end }}
{{- if getenv "MILTER_DEFAULT_ACTION" }} {{ with getenv "SMTPD_MILTERS" }}postconf smtpd_milters='{{.}}'{{ end }}
postconf milter_default_action='{{ getenv "MILTER_DEFAULT_ACTION" }}'
{{- end }}
{{- if getenv "NON_SMTPD_MILTERS" }}
postconf non_smtpd_milters='{{ getenv "NON_SMTPD_MILTERS" }}'
{{- end }}
{{- if getenv "SMTPD_MILTERS" }}
postconf smtpd_milters='{{ getenv "SMTPD_MILTERS" }}'
{{- end }}

79
templates/start.d/setup_postscreen
View File

@@ -1,5 +1,27 @@
#!/bin/bash #!/bin/bash
set -e
#postconf -M smtpd/pass
#postconf -Fh smtp/inet/private smtp/inet/unprivileged smtp/inet/chroot smtp/inet/wakeup smtp/inet/process_limit smtp/inet/command
#postconf -M smtp/inet
#postconf -M tlsproxy/unix
#postconf -M dnsblog/unix
#postconf -h postscreen_access_list
#postconf -h postscreen_dnsbl_sites
#postconf -h postscreen_dnsbl_reply_map
#postconf -h postscreen_dnsbl_action
#postconf -h postscreen_blacklist_action
#postconf -h postscreen_dnsbl_whitelist_threshold
#postconf -h postscreen_greet_action
#postconf -h postscreen_greet_wait
# NOT SUPPORTED:
#postconf -h postscreen_bare_newline_enable
#postconf -h postscreen_non_smtp_command_enable
#postconf -h postscreen_pipelining_enable
#postconf -h postscreen_bare_newline_action
#postconf -h postscreen_dnsbl_threshold
#postconf -h postscreen_non_smtp_command_action
#postconf -h postscreen_pipelining_action
{{ if eq (getenv "POSTSCREEN_ENABLE") "yes" -}} {{ if eq (getenv "POSTSCREEN_ENABLE") "yes" -}}
postconf -M smtpd/pass="smtpd pass - - n - - smtpd" postconf -M smtpd/pass="smtpd pass - - n - - smtpd"
@@ -41,30 +63,15 @@ touch /etc/postfix/rules/postscreen_access_list.cidr
touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre
# main.cf options # main.cf options
{{- if getenv "POSTSCREEN_ACCESS_LIST" }} # FIXME: allow un-setting options by blanking variable values
postconf -e postscreen_access_list='{{ getenv "POSTSCREEN_ACCESS_LIST" }}' {{ with getenv "POSTSCREEN_ACCESS_LIST" }}postconf -e postscreen_access_list='{{.}}'{{ end }}
{{- end }} {{ with getenv "POSTSCREEN_BLACKLIST_ACTION" }}postconf -e postscreen_blacklist_action='{{.}}'{{ end }}
{{- if getenv "POSTSCREEN_BLACKLIST_ACTION" }} {{ with getenv "POSTSCREEN_DNSBL_ACTION" }}postconf -e postscreen_dnsbl_action='{{.}}'{{ end }}
postconf -e postscreen_blacklist_action='{{ getenv "POSTSCREEN_BLACKLIST_ACTION" }}' {{ with getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}postconf -e postscreen_dnsbl_reply_map='{{.}}'{{ end }}
{{- end }} {{ with getenv "POSTSCREEN_DNSBL_SITES" }}postconf -e postscreen_dnsbl_sites='{{.}}'{{ end }}
{{- if getenv "POSTSCREEN_DNSBL_ACTION" }} {{ with getenv "POSTSCREEN_DNSBL_THRESHOLD" }}postconf -e postscreen_dnsbl_threshold='{{.}}'{{ end }}
postconf -e postscreen_dnsbl_action='{{ getenv "POSTSCREEN_DNSBL_ACTION" }}' {{ with getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}postconf -e postscreen_dnsbl_whitelist_threshold='{{.}}'{{ end }}
{{- end }} {{ with getenv "POSTSCREEN_GREET_ACTION" }}postconf -e postscreen_greet_action='{{.}}'{{ end }}
{{- if getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}
postconf -e postscreen_dnsbl_reply_map='{{ getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}'
{{- end }}
{{- if getenv "POSTSCREEN_DNSBL_SITES" }}
postconf -e postscreen_dnsbl_sites='{{ getenv "POSTSCREEN_DNSBL_SITES" }}'
{{- end }}
{{- if getenv "POSTSCREEN_DNSBL_THRESHOLD" }}
postconf -e postscreen_dnsbl_threshold='{{ getenv "POSTSCREEN_DNSBL_THRESHOLD" }}'
{{- end }}
{{- if getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}
postconf -e postscreen_dnsbl_whitelist_threshold='{{ getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}'
{{- end }}
{{- if getenv "POSTSCREEN_GREET_ACTION" }}
postconf -e postscreen_greet_action='{{ getenv "POSTSCREEN_GREET_ACTION" }}'
{{- end }}
{{ else -}} {{ else -}}
@@ -86,3 +93,25 @@ postconf -X -P smtp/inet/content_filter
postconf -M# dnsblog/unix postconf -M# dnsblog/unix
{{ end -}} {{ end -}}
# TODO: access list:
# # Ansible-generated postscreen CIDR access table. You can change this
# # file by setting the host variable `postfix_postscreen_access_list`
# {% for entry in postfix_postscreen_access_list -%}
# { { entry.address } } { { entry.action } }
# {% endfor %}
# TODO: reply map:
# # postscreen reply map, matching entries will be replaced
# # with the resulting text when telling the source of DNS
# # blacklisting to the remote client.
# # used to mask passwords contained in dnsbl names
# # edit this file by setting the "mask" option for items
# # in the host variable postfix_postscreen_dnsbl_sites
# {% for entry in postfix_postscreen_dnsbl_sites -%}
# {% if entry is mapping -%}{% if entry.mask is defined -%}
# {% if entry.mask is string and entry.mask != "" -%}
# /^{ { entry.site } }$/ { { entry.mask } }
# {% else %}
# /^{ { entry.site } }$/ dnsbl blacklist
# {% endif %}{% endif %}{% endif %}{% endfor %}

43
templates/start.d/setup_relayhost
View File

@@ -1,33 +1,14 @@
#!/bin/bash #!/bin/bash
set -e
{{- if getenv "RELAYHOST" }} # These postfix settings allow for sending all mail through a relay host.
postconf relayhost='{{ getenv "RELAYHOST" }}'
{{- end }} {{ with getenv "RELAYHOST" }}postconf relayhost='{{.}}'{{ end }}
{{- if getenv "SMTP_FALLBACK_RELAY" }} {{ with getenv "SMTP_FALLBACK_RELAY" }}postconf smtp_fallback_relay='{{.}}'{{ end }}
postconf smtp_fallback_relay='{{ getenv "SMTP_FALLBACK_RELAY" }}' {{ with getenv "SMTP_SASL_AUTH_ENABLE" }}postconf smtp_sasl_auth_enable='{{.}}'{{ end }}
{{- end }} {{ with getenv "SMTP_SASL_PASSWORD_MAPS" }}postconf smtp_sasl_password_maps='{{.}}'{{ end }}
{{- if getenv "SMTP_SASL_AUTH_ENABLE" }} {{ with getenv "SMTP_SASL_SECURITY_OPTIONS" }}postconf smtp_sasl_security_options='{{.}}'{{ end }}
postconf smtp_sasl_auth_enable='{{ getenv "SMTP_SASL_AUTH_ENABLE" }}' {{ with getenv "SMTP_TLS_CAFILE" }}postconf smtp_tls_CAfile='{{.}}'{{ end }}
{{- end }} {{ with getenv "SMTP_TLS_MANDATORY_PROTOCOLS" }}postconf smtp_tls_mandatory_protocols='{{.}}'{{ end }}
{{- if getenv "SMTP_SASL_PASSWORD_MAPS" }} {{ with getenv "SMTP_TLS_NOTE_STARTTLS_OFFER" }}postconf smtp_tls_note_starttls_offer='{{.}}'{{ end }}
postconf smtp_sasl_password_maps='{{ getenv "SMTP_SASL_PASSWORD_MAPS" }}' {{ with getenv "SMTP_TLS_SECURITY_LEVEL" }}postconf smtp_tls_security_level='{{.}}'{{ end }}
{{- end }} {{ with getenv "SMTP_TLS_SESSION_CACHE_DATABASE" }}postconf smtp_tls_session_cache_database='{{.}}'{{ end }}
{{- if getenv "SMTP_SASL_SECURITY_OPTIONS" }}
postconf smtp_sasl_security_options='{{ getenv "SMTP_SASL_SECURITY_OPTIONS" }}'
{{- end }}
{{- if getenv "SMTP_TLS_CAFILE" }}
postconf smtp_tls_CAfile='{{ getenv "SMTP_TLS_CAFILE" }}'
{{- end }}
{{- if getenv "SMTP_TLS_MANDATORY_PROTOCOLS" }}
postconf smtp_tls_mandatory_protocols='{{ getenv "SMTP_TLS_MANDATORY_PROTOCOLS" }}'
{{- end }}
{{- if getenv "SMTP_TLS_NOTE_STARTTLS_OFFER" }}
postconf smtp_tls_note_starttls_offer='{{ getenv "SMTP_TLS_NOTE_STARTTLS_OFFER" }}'
{{- end }}
{{- if getenv "SMTP_TLS_SECURITY_LEVEL" }}
postconf smtp_tls_security_level='{{ getenv "SMTP_TLS_SECURITY_LEVEL" }}'
{{- end }}
{{- if getenv "SMTP_TLS_SESSION_CACHE_DATABASE" }}
postconf smtp_tls_session_cache_database='{{ getenv "SMTP_TLS_SESSION_CACHE_DATABASE" }}'
{{- end }}

8
templates/start.d/setup_submission
View File

@@ -1,5 +1,11 @@
#!/bin/bash #!/bin/bash
set -e
#postconf -M submission/inet
#postconf -P -h submission/inet/milter_macro_daemon_name
#postconf -P -h submission/inet/smtpd_client_restrictions
#postconf -P -h submission/inet/smtpd_sasl_auth_enable
#postconf -P -h submission/inet/smtpd_tls_security_level
#postconf -P -h submission/inet/syslog_name
{{ if eq (getenv "SUBMISSION_ENABLE") "yes" -}} {{ if eq (getenv "SUBMISSION_ENABLE") "yes" -}}
postconf -M submission/inet="submission inet n - n - - smtpd" postconf -M submission/inet="submission inet n - n - - smtpd"

2
templates/start.d/spamfilter
View File

@@ -3,4 +3,4 @@
# pass mail through spam filter Bogofilter # pass mail through spam filter Bogofilter
# arguments are passed on to sendmail # arguments are passed on to sendmail
/usr/bin/bogofilter -d /vmail/bogofilter -p {{ if getenv "BOGOFILTER_HAM_CUTOFF" }}--ham-cutoff '{{ getenv "BOGOFILTER_HAM_CUTOFF" }}'{{ end }} {{ if getenv "BOGOFILTER_SPAM_CUTOFF" }}--spam-cutoff '{{ getenv "BOGOFILTER_SPAM_CUTOFF" }}'{{ end }} | /usr/sbin/sendmail "$@" /usr/bin/bogofilter -d /vmail/bogofilter -p {{ with getenv "BOGOFILTER_HAM_CUTOFF" }}--ham-cutoff '{{.}}'{{ end }} {{ with getenv "BOGOFILTER_SPAM_CUTOFF" }}--spam-cutoff '{{.}}'{{ end }} | /usr/sbin/sendmail "$@"