From d3377b860a57ae6b41cae81359503f7f05575265 Mon Sep 17 00:00:00 2001 From: myve Date: Tue, 18 Mar 2025 00:16:45 +0000 Subject: [PATCH] Moved whitelist ahead of policyd-spf check --- 01-setup.sh | 33 ++++++++------- build/run/docker-entrypoint/entrypoint.sh | 2 +- .../docker-entrypoint/init.d/30-postfix.sh | 2 +- build/run/installer.sh | 4 +- docker-compose.yaml | 41 ------------------- 5 files changed, 22 insertions(+), 60 deletions(-) diff --git a/01-setup.sh b/01-setup.sh index e91f6ff..5e4c678 100755 --- a/01-setup.sh +++ b/01-setup.sh @@ -1,14 +1,24 @@ #!/usr/bin/env bash -# Fill in the following variables -appname= #google -proxyurl= #http://webapps.kvm -proxyport= #4000 -domain= #www.google.com -mailver= #latest/stable - # Exit on any error set -e +# Fill in the following variables +appname=${appname} # google +proxyurl=${proxyurl} # http://webapps.kvm +proxyport=${proxyport} # 4000 +domain=${domain} # www.google.com +mailver=${mailver} # latest/stable + +# Abort if variables are missing +for var in appname proxyurl proxyport domain +do + if [ -z ${!var} ] + then + echo "Variable ${var} does not exist, aborting..." + exit 1 + fi +done + # Check for subdomain if [ $(echo ${domain} | awk -F . '{print $3}') ] then @@ -19,13 +29,6 @@ else exit 1 fi -# Variable check -if [ -z ${appname} ] || [ -z ${proxyurl} ] || [ -z ${proxyport} ] || [ -z ${domain} ] -then - echo "Missing variable, exiting..." - exit 1 -fi - # Figure out nginx conf directory if grep -q 'include.*conf.d' /etc/nginx/nginx.conf then @@ -133,7 +136,7 @@ MYVEMAIL_PORT=${proxyport} # Optional # Version: latest or stable (defaults to latest) -MYVEMAIL_VERSION=${mailver} +MYVEMAIL_VERSION=${mailver:-latest} # Additional mail domains separated by commas MYVEMAIL_ADDMX= diff --git a/build/run/docker-entrypoint/entrypoint.sh b/build/run/docker-entrypoint/entrypoint.sh index 34ffdf8..008647a 100755 --- a/build/run/docker-entrypoint/entrypoint.sh +++ b/build/run/docker-entrypoint/entrypoint.sh @@ -43,4 +43,4 @@ postfix reload && echo -e "\n\e[1;32mMail service is ready\e[0m\n" # Monitor log -tail -f /var/log/mail/maillog.debug{,.0} # /var/log/mail/maillog{,.0} +tail -F /var/log/mail/maillog.debug{,.0} # /var/log/mail/maillog{,.0} diff --git a/build/run/docker-entrypoint/init.d/30-postfix.sh b/build/run/docker-entrypoint/init.d/30-postfix.sh index 7b04bdf..2c6486b 100755 --- a/build/run/docker-entrypoint/init.d/30-postfix.sh +++ b/build/run/docker-entrypoint/init.d/30-postfix.sh @@ -46,7 +46,7 @@ then addwhitelist_helo=(${MYVEMAIL_WHITELIST_HELO//,/ }) for whitelist_helo in ${addwhitelist_helo[@]} do - echo "/${whitelist_helo//./\\.}/ OK Whitelisted SPF" | tee -a /etc/postfix/helo_access >/dev/null + echo "/${whitelist_helo//./\\.}/ OK Whitelisted SPF" | tee -a /etc/postfix/{helo_access,whitelisted_domains} >/dev/null done fi diff --git a/build/run/installer.sh b/build/run/installer.sh index 075ccef..983a022 100755 --- a/build/run/installer.sh +++ b/build/run/installer.sh @@ -90,7 +90,7 @@ postconf -e "smtp_header_checks = pcre:/etc/postfix/smtp_header_checks" # SPF and DKIM checks postconf -e "policy_time_limit = 3600" -postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy, check_client_access pcre:/etc/postfix/whitelisted_domains, check_sender_access lmdb:/etc/postfix/whitelisted_emails, check_client_access pcre:/etc/postfix/blacklisted_domains, check_sender_access lmdb:/etc/postfix/blacklisted_emails" +postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access pcre:/etc/postfix/whitelisted_domains, check_sender_access lmdb:/etc/postfix/whitelisted_emails, check_client_access pcre:/etc/postfix/blacklisted_domains, check_sender_access lmdb:/etc/postfix/blacklisted_emails, check_policy_service unix:private/policyd-spf" # Milter configuration postconf -e "milter_default_action = accept" @@ -135,7 +135,7 @@ submission inet n - y - - smtpd -o smtpd_sasl_path=private/auth # SPF Policy -policy unix - n n - - spawn +policyd-spf unix - n n - - spawn user=nobody argv=/usr/bin/perl ${MYVEMAIL_POLICYD} master.cf diff --git a/docker-compose.yaml b/docker-compose.yaml index f657916..b88733f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -3,49 +3,8 @@ services: image: hub.myvelabs.com/lab/myvemail:${MYVEMAIL_VERSION:-latest} container_name: myvemail restart: unless-stopped - - # ports: - # - ${MYVEMAIL_PORT:-80}:80/tcp - # - 25:25/tcp - # - 587:587/tcp - # - 143:143/tcp - # - 993:993/tcp network_mode: host - env_file: .env - environment: - # Webmail port - MYVEMAIL_PORT: ${MYVEMAIL_PORT} - - # Mail domain details - MYVEMAIL_SUBDOMAIN: ${MYVEMAIL_SUBDOMAIN} - MYVEMAIL_DOMAIN: ${MYVEMAIL_DOMAIN} - - # Additional mail domains separated by commas - MYVEMAIL_ADDMX: ${MYVEMAIL_ADDMX} - - # Backup mail servers separated by commas - MYVEMAIL_BACKUPMX: ${MYVEMAIL_BACKUPMX} - - # Roundcube - MYVEMAIL_ROUNDCUBE_DBNAME: ${MYVEMAIL_ROUNDCUBE_DBNAME:-roundcube} - MYVEMAIL_ROUNDCUBE_DBUSER: ${MYVEMAIL_ROUNDCUBE_DBUSER:-roundcube} - MYVEMAIL_ROUNDCUBE_DBPASS: ${MYVEMAIL_ROUNDCUBE_DBPASS:-roundcube} - - # Postfixadmin - MYVEMAIL_POSTFIXADMIN_DBNAME: ${MYVEMAIL_POSTFIXADMIN_DBNAME:-postfixadmin} - MYVEMAIL_POSTFIXADMIN_DBUSER: ${MYVEMAIL_POSTFIXADMIN_DBUSER:-postfixadmin} - MYVEMAIL_POSTFIXADMIN_DBPASS: ${MYVEMAIL_POSTFIXADMIN_DBPASS:-postfixadmin} - - # Whitelist separated by commas - MYVEMAIL_WHITELIST_HELO: ${MYVEMAIL_WHITELIST_HELO} - MYVEMAIL_WHITELIST_DOMAINS: ${MYVEMAIL_WHITELIST_DOMAINS} - MYVEMAIL_WHITELIST_EMAILS: ${MYVEMAIL_WHITELIST_EMAILS} - - # Blacklist separated by commas - MYVEMAIL_BLACKLIST_DOMAINS: ${MYVEMAIL_BLACKLIST_DOMAINS} - MYVEMAIL_BLACKLIST_EMAILS: ${MYVEMAIL_BLACKLIST_EMAILS} - volumes: # Required - ${MYVEMAIL_VOLUME_MARIADB:-./data/sql}:/var/lib/mysql:Z