#!/bin/bash
set -e

{{ if eq (getenv "POSTSCREEN_ENABLE") "yes" -}}
postconf -M smtpd/pass="smtpd pass - - n - - smtpd"
postconf -F smtpd/pass/private=- \
	 smtpd/pass/unprivileged=- \
	 smtpd/pass/chroot=n \
         smtpd/pass/wakeup=- \
	 smtpd/pass/process_limit=- \
	 smtpd/pass/command="smtpd"
postconf -F smtp/inet/private=n \
	 smtp/inet/unprivileged=- \
	 smtp/inet/chroot=n \
         smtp/inet/wakeup=- \
	 smtp/inet/process_limit=1 \
	 smtp/inet/command="postscreen"
postconf -M tlsproxy/unix="tlsproxy unix - - n - 0 tlsproxy"
postconf -F tlsproxy/unix/private=- \
	 tlsproxy/unix/unprivileged=- \
	 tlsproxy/unix/chroot=n \
         tlsproxy/unix/wakeup=- \
	 tlsproxy/unix/process_limit=0 \
	 tlsproxy/unix/command="tlsproxy"
postconf -M dnsblog/unix="dnsblog unix - - n - 0 dnsblog"
postconf -F dnsblog/unix/private=- \
	 dnsblog/unix/unprivileged=- \
	 dnsblog/unix/chroot=n \
         dnsblog/unix/wakeup=- \
	 dnsblog/unix/process_limit=0 \
	 dnsblog/unix/command="dnsblog"

{{ if eq (getenv "BOGOFILTER_ENABLE") "yes" -}}
postconf -P smtpd/pass/content_filter=spamfilter
{{ else -}}
postconf -X -P smtpd/pass/content_filter
{{ end -}}

# FIXME: template tables instead of creating empty files
touch /etc/postfix/rules/postscreen_access_list.cidr
touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre

# main.cf options
{{- if getenv "POSTSCREEN_ACCESS_LIST" }}
postconf -e postscreen_access_list='{{ getenv "POSTSCREEN_ACCESS_LIST" }}'
{{- end }}
{{- if getenv "POSTSCREEN_BLACKLIST_ACTION" }}
postconf -e postscreen_blacklist_action='{{ getenv "POSTSCREEN_BLACKLIST_ACTION" }}'
{{- end }}
{{- if getenv "POSTSCREEN_DNSBL_ACTION" }}
postconf -e postscreen_dnsbl_action='{{ getenv "POSTSCREEN_DNSBL_ACTION" }}'
{{- end }}
{{- if getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}
postconf -e postscreen_dnsbl_reply_map='{{ getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}'
{{- end }}
{{- if getenv "POSTSCREEN_DNSBL_SITES" }}
postconf -e postscreen_dnsbl_sites='{{ getenv "POSTSCREEN_DNSBL_SITES" }}'
{{- end }}
{{- if getenv "POSTSCREEN_DNSBL_THRESHOLD" }}
postconf -e postscreen_dnsbl_threshold='{{ getenv "POSTSCREEN_DNSBL_THRESHOLD" }}'
{{- end }}
{{- if getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}
postconf -e postscreen_dnsbl_whitelist_threshold='{{ getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}'
{{- end }}
{{- if getenv "POSTSCREEN_GREET_ACTION" }}
postconf -e postscreen_greet_action='{{ getenv "POSTSCREEN_GREET_ACTION" }}'
{{- end }}

{{ else -}}

# disable postscreen
postconf -M# smtpd/pass
postconf -F smtp/inet/private=n \
	 smtp/inet/unprivileged=- \
	 smtp/inet/chroot=n \
         smtp/inet/wakeup=- \
	 smtp/inet/process_limit=- \
	 smtp/inet/command="smtpd"

{{ if eq (getenv "BOGOFILTER_ENABLE") "yes" -}}
postconf -P smtp/inet/content_filter=spamfilter
{{ else -}}
postconf -X -P smtp/inet/content_filter
{{ end -}}

postconf -M# dnsblog/unix

{{ end -}}