89 lines
2.8 KiB
Bash
89 lines
2.8 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
{{ if eq (getenv "POSTSCREEN_ENABLE") "yes" -}}
|
|
postconf -M smtpd/pass="smtpd pass - - n - - smtpd"
|
|
postconf -F smtpd/pass/private=- \
|
|
smtpd/pass/unprivileged=- \
|
|
smtpd/pass/chroot=n \
|
|
smtpd/pass/wakeup=- \
|
|
smtpd/pass/process_limit=- \
|
|
smtpd/pass/command="smtpd"
|
|
postconf -F smtp/inet/private=n \
|
|
smtp/inet/unprivileged=- \
|
|
smtp/inet/chroot=n \
|
|
smtp/inet/wakeup=- \
|
|
smtp/inet/process_limit=1 \
|
|
smtp/inet/command="postscreen"
|
|
postconf -M tlsproxy/unix="tlsproxy unix - - n - 0 tlsproxy"
|
|
postconf -F tlsproxy/unix/private=- \
|
|
tlsproxy/unix/unprivileged=- \
|
|
tlsproxy/unix/chroot=n \
|
|
tlsproxy/unix/wakeup=- \
|
|
tlsproxy/unix/process_limit=0 \
|
|
tlsproxy/unix/command="tlsproxy"
|
|
postconf -M dnsblog/unix="dnsblog unix - - n - 0 dnsblog"
|
|
postconf -F dnsblog/unix/private=- \
|
|
dnsblog/unix/unprivileged=- \
|
|
dnsblog/unix/chroot=n \
|
|
dnsblog/unix/wakeup=- \
|
|
dnsblog/unix/process_limit=0 \
|
|
dnsblog/unix/command="dnsblog"
|
|
|
|
{{ if eq (getenv "BOGOFILTER_ENABLE") "yes" -}}
|
|
postconf -P smtpd/pass/content_filter=spamfilter
|
|
{{ else -}}
|
|
postconf -X -P smtpd/pass/content_filter
|
|
{{ end -}}
|
|
|
|
# FIXME: template tables instead of creating empty files
|
|
touch /etc/postfix/rules/postscreen_access_list.cidr
|
|
touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre
|
|
|
|
# main.cf options
|
|
{{- if getenv "POSTSCREEN_ACCESS_LIST" }}
|
|
postconf -e postscreen_access_list='{{ getenv "POSTSCREEN_ACCESS_LIST" }}'
|
|
{{- end }}
|
|
{{- if getenv "POSTSCREEN_BLACKLIST_ACTION" }}
|
|
postconf -e postscreen_blacklist_action='{{ getenv "POSTSCREEN_BLACKLIST_ACTION" }}'
|
|
{{- end }}
|
|
{{- if getenv "POSTSCREEN_DNSBL_ACTION" }}
|
|
postconf -e postscreen_dnsbl_action='{{ getenv "POSTSCREEN_DNSBL_ACTION" }}'
|
|
{{- end }}
|
|
{{- if getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}
|
|
postconf -e postscreen_dnsbl_reply_map='{{ getenv "POSTSCREEN_DNSBL_REPLY_MAP" }}'
|
|
{{- end }}
|
|
{{- if getenv "POSTSCREEN_DNSBL_SITES" }}
|
|
postconf -e postscreen_dnsbl_sites='{{ getenv "POSTSCREEN_DNSBL_SITES" }}'
|
|
{{- end }}
|
|
{{- if getenv "POSTSCREEN_DNSBL_THRESHOLD" }}
|
|
postconf -e postscreen_dnsbl_threshold='{{ getenv "POSTSCREEN_DNSBL_THRESHOLD" }}'
|
|
{{- end }}
|
|
{{- if getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}
|
|
postconf -e postscreen_dnsbl_whitelist_threshold='{{ getenv "POSTSCREEN_DNSBL_WHITELIST_THRESHOLD" }}'
|
|
{{- end }}
|
|
{{- if getenv "POSTSCREEN_GREET_ACTION" }}
|
|
postconf -e postscreen_greet_action='{{ getenv "POSTSCREEN_GREET_ACTION" }}'
|
|
{{- end }}
|
|
|
|
{{ else -}}
|
|
|
|
# disable postscreen
|
|
postconf -M# smtpd/pass
|
|
postconf -F smtp/inet/private=n \
|
|
smtp/inet/unprivileged=- \
|
|
smtp/inet/chroot=n \
|
|
smtp/inet/wakeup=- \
|
|
smtp/inet/process_limit=- \
|
|
smtp/inet/command="smtpd"
|
|
|
|
{{ if eq (getenv "BOGOFILTER_ENABLE") "yes" -}}
|
|
postconf -P smtp/inet/content_filter=spamfilter
|
|
{{ else -}}
|
|
postconf -X -P smtp/inet/content_filter
|
|
{{ end -}}
|
|
|
|
postconf -M# dnsblog/unix
|
|
|
|
{{ end -}}
|