docker-image-postfix/confd/templates/setup_postscreen.tmpl
Mauro Torrez a61e429d76
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing
feat: allow disabling bogofilter
2020-10-20 10:15:18 -03:00

118 lines
4.3 KiB
Bash

#!/bin/bash
#postconf -M smtpd/pass
#postconf -Fh smtp/inet/private smtp/inet/unprivileged smtp/inet/chroot smtp/inet/wakeup smtp/inet/process_limit smtp/inet/command
#postconf -M smtp/inet
#postconf -M tlsproxy/unix
#postconf -M dnsblog/unix
#postconf -h postscreen_access_list
#postconf -h postscreen_dnsbl_sites
#postconf -h postscreen_dnsbl_reply_map
#postconf -h postscreen_dnsbl_action
#postconf -h postscreen_blacklist_action
#postconf -h postscreen_dnsbl_whitelist_threshold
#postconf -h postscreen_greet_action
#postconf -h postscreen_greet_wait
# NOT SUPPORTED:
#postconf -h postscreen_bare_newline_enable
#postconf -h postscreen_non_smtp_command_enable
#postconf -h postscreen_pipelining_enable
#postconf -h postscreen_bare_newline_action
#postconf -h postscreen_dnsbl_threshold
#postconf -h postscreen_non_smtp_command_action
#postconf -h postscreen_pipelining_action
{{ if eq (getv "/postscreen/enable") "yes"}}
postconf -M smtpd/pass="smtpd pass - - n - - smtpd"
postconf -F smtpd/pass/private=- \
smtpd/pass/unprivileged=- \
smtpd/pass/chroot=n \
smtpd/pass/wakeup=- \
smtpd/pass/process_limit=- \
smtpd/pass/command="smtpd"
postconf -F smtp/inet/private=n \
smtp/inet/unprivileged=- \
smtp/inet/chroot=n \
smtp/inet/wakeup=- \
smtp/inet/process_limit=1 \
smtp/inet/command="postscreen"
postconf -M tlsproxy/unix="tlsproxy unix - - n - 0 tlsproxy"
postconf -F tlsproxy/unix/private=- \
tlsproxy/unix/unprivileged=- \
tlsproxy/unix/chroot=n \
tlsproxy/unix/wakeup=- \
tlsproxy/unix/process_limit=0 \
tlsproxy/unix/command="tlsproxy"
postconf -M dnsblog/unix="dnsblog unix - - n - 0 dnsblog"
postconf -F dnsblog/unix/private=- \
dnsblog/unix/unprivileged=- \
dnsblog/unix/chroot=n \
dnsblog/unix/wakeup=- \
dnsblog/unix/process_limit=0 \
dnsblog/unix/command="dnsblog"
{{ if eq (getv "/bogofilter/enable") "yes" }}
postconf -P smtpd/pass/content_filter=spamfilter
{{ else }}
postconf -X -P smtpd/pass/content_filter
{{ end }}
# FIXME: template tables instead of creating empty files
touch /etc/postfix/rules/postscreen_access_list.cidr
touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre
# main.cf options
# FIXME: allow un-setting options by blanking variable values
{{ with getv "/postscreen/access/list" }}postconf -e postscreen_access_list='{{.}}'{{ end }}
{{ with getv "/postscreen/blacklist/action" }}postconf -e postscreen_blacklist_action='{{.}}'{{ end }}
{{ with getv "/postscreen/dnsbl/sites" }}postconf -e postscreen_dnsbl_sites='{{.}}'{{ end }}
{{ with getv "/postscreen/dnsbl/reply/map" }}postconf -e postscreen_dnsbl_reply_map='{{.}}'{{ end }}
{{ with getv "/postscreen/dnsbl/action" }}postconf -e postscreen_dnsbl_action='{{.}}'{{ end }}
{{ with getv "/postscreen/dnsbl/threshold" }}postconf -e postscreen_dnsbl_threshold='{{.}}'{{ end }}
{{ with getv "/postscreen/dnsbl/whitelist/threshold" }}postconf -e postscreen_dnsbl_whitelist_threshold='{{.}}'{{ end }}
{{ with getv "/postscreen/greet/action" }}postconf -e postscreen_greet_action='{{.}}'{{ end }}
{{ else }}
# disable postscreen
postconf -M# smtpd/pass
postconf -F smtp/inet/private=n \
smtp/inet/unprivileged=- \
smtp/inet/chroot=n \
smtp/inet/wakeup=- \
smtp/inet/process_limit=- \
smtp/inet/command="smtpd"
{{ if eq (getv "/bogofilter/enable") "yes" }}
postconf -P smtp/inet/content_filter=spamfilter
{{ else }}
postconf -X -P smtp/inet/content_filter
{{ end }}
postconf -M# dnsblog/unix
{{ end }}
# TODO: access list:
# # Ansible-generated postscreen CIDR access table. You can change this
# # file by setting the host variable `postfix_postscreen_access_list`
# {% for entry in postfix_postscreen_access_list -%}
# { { entry.address } } { { entry.action } }
# {% endfor %}
# TODO: reply map:
# # postscreen reply map, matching entries will be replaced
# # with the resulting text when telling the source of DNS
# # blacklisting to the remote client.
# # used to mask passwords contained in dnsbl names
# # edit this file by setting the "mask" option for items
# # in the host variable postfix_postscreen_dnsbl_sites
# {% for entry in postfix_postscreen_dnsbl_sites -%}
# {% if entry is mapping -%}{% if entry.mask is defined -%}
# {% if entry.mask is string and entry.mask != "" -%}
# /^{ { entry.site } }$/ { { entry.mask } }
# {% else %}
# /^{ { entry.site } }$/ dnsbl blacklist
# {% endif %}{% endif %}{% endif %}{% endfor %}