Moved whitelist ahead of policyd-spf check

2025-12-17 19:46:19 +00:00 · 2025-03-18 00:16:45 +00:00 · 2025-03-18 00:16:45 +00:00 · d3377b860a
commit d3377b860a
parent 8d70e17909
5 changed files with 22 additions and 60 deletions
--- a/01-setup.sh
+++ b/01-setup.sh
@ -1,14 +1,24 @@
 #!/usr/bin/env bash
 # Fill in the following variables
 appname=            #google
 proxyurl=           #http://webapps.kvm
 proxyport=          #4000
 domain=             #www.google.com
 mailver=            #latest/stable
 # Exit on any error
 set -e
 # Fill in the following variables
 appname=${appname}				# google
 proxyurl=${proxyurl}			# http://webapps.kvm
 proxyport=${proxyport}			# 4000
 domain=${domain}				# www.google.com
 mailver=${mailver}				# latest/stable
 # Abort if variables are missing
 for var in appname proxyurl proxyport domain
 do
    if [ -z ${!var} ]
    then
        echo "Variable ${var} does not exist, aborting..."
        exit 1
    fi
 done
 # Check for subdomain
 if [ $(echo ${domain} | awk -F . '{print $3}') ]
 then
@ -19,13 +29,6 @@ else
    exit 1
 fi
 # Variable check
 if [ -z ${appname} ] || [ -z ${proxyurl} ] || [ -z ${proxyport} ] || [ -z ${domain} ]
 then
    echo "Missing variable, exiting..."
    exit 1
 fi
 # Figure out nginx conf directory
 if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
 then
@ -133,7 +136,7 @@ MYVEMAIL_PORT=${proxyport}
 # Optional
 # Version: latest or stable (defaults to latest)
-MYVEMAIL_VERSION=${mailver}
+MYVEMAIL_VERSION=${mailver:-latest}
 # Additional mail domains separated by commas
 MYVEMAIL_ADDMX=
--- a/build/run/docker-entrypoint/entrypoint.sh
+++ b/build/run/docker-entrypoint/entrypoint.sh
@ -43,4 +43,4 @@ postfix reload &&
 echo -e "\n\e[1;32mMail service is ready\e[0m\n"
 # Monitor log
-tail -f /var/log/mail/maillog.debug{,.0} # /var/log/mail/maillog{,.0}
+tail -F /var/log/mail/maillog.debug{,.0} # /var/log/mail/maillog{,.0}
--- a/build/run/docker-entrypoint/init.d/30-postfix.sh
+++ b/build/run/docker-entrypoint/init.d/30-postfix.sh
@ -46,7 +46,7 @@ then
    addwhitelist_helo=(${MYVEMAIL_WHITELIST_HELO//,/ })
    for whitelist_helo in ${addwhitelist_helo[@]}
    do
-        echo "/${whitelist_helo//./\\.}/			OK Whitelisted SPF" | tee -a /etc/postfix/helo_access >/dev/null
+        echo "/${whitelist_helo//./\\.}/			OK Whitelisted SPF" | tee -a /etc/postfix/{helo_access,whitelisted_domains} >/dev/null
    done
 fi
--- a/build/run/installer.sh
+++ b/build/run/installer.sh
@ -90,7 +90,7 @@ postconf -e "smtp_header_checks = pcre:/etc/postfix/smtp_header_checks"
 # SPF and DKIM checks
 postconf -e "policy_time_limit = 3600"
-postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy, check_client_access pcre:/etc/postfix/whitelisted_domains, check_sender_access lmdb:/etc/postfix/whitelisted_emails, check_client_access pcre:/etc/postfix/blacklisted_domains, check_sender_access lmdb:/etc/postfix/blacklisted_emails"
+postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access pcre:/etc/postfix/whitelisted_domains, check_sender_access lmdb:/etc/postfix/whitelisted_emails, check_client_access pcre:/etc/postfix/blacklisted_domains, check_sender_access lmdb:/etc/postfix/blacklisted_emails, check_policy_service unix:private/policyd-spf"
 # Milter configuration
 postconf -e "milter_default_action = accept"
@ -135,7 +135,7 @@ submission inet n       -       y       -       -       smtpd
  -o smtpd_sasl_path=private/auth
 # SPF Policy
-policy       unix  -       n       n       -       -       spawn
+policyd-spf  unix  -       n       n       -       -       spawn
    user=nobody argv=/usr/bin/perl ${MYVEMAIL_POLICYD}
 master.cf
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -3,49 +3,8 @@ services:
    image: hub.myvelabs.com/lab/myvemail:${MYVEMAIL_VERSION:-latest}
    container_name: myvemail
    restart: unless-stopped
    # ports:
    #   - ${MYVEMAIL_PORT:-80}:80/tcp
    #   - 25:25/tcp
    #   - 587:587/tcp
    #   - 143:143/tcp
    #   - 993:993/tcp
    network_mode: host
    env_file: .env
    environment:
      # Webmail port
      MYVEMAIL_PORT: ${MYVEMAIL_PORT}
      # Mail domain details
      MYVEMAIL_SUBDOMAIN: ${MYVEMAIL_SUBDOMAIN}
      MYVEMAIL_DOMAIN: ${MYVEMAIL_DOMAIN}
      # Additional mail domains separated by commas
      MYVEMAIL_ADDMX: ${MYVEMAIL_ADDMX}
      # Backup mail servers separated by commas
      MYVEMAIL_BACKUPMX: ${MYVEMAIL_BACKUPMX}
      # Roundcube
      MYVEMAIL_ROUNDCUBE_DBNAME: ${MYVEMAIL_ROUNDCUBE_DBNAME:-roundcube}
      MYVEMAIL_ROUNDCUBE_DBUSER: ${MYVEMAIL_ROUNDCUBE_DBUSER:-roundcube}
      MYVEMAIL_ROUNDCUBE_DBPASS: ${MYVEMAIL_ROUNDCUBE_DBPASS:-roundcube}
      # Postfixadmin
      MYVEMAIL_POSTFIXADMIN_DBNAME: ${MYVEMAIL_POSTFIXADMIN_DBNAME:-postfixadmin}
      MYVEMAIL_POSTFIXADMIN_DBUSER: ${MYVEMAIL_POSTFIXADMIN_DBUSER:-postfixadmin}
      MYVEMAIL_POSTFIXADMIN_DBPASS: ${MYVEMAIL_POSTFIXADMIN_DBPASS:-postfixadmin}
      # Whitelist separated by commas
      MYVEMAIL_WHITELIST_HELO: ${MYVEMAIL_WHITELIST_HELO}
      MYVEMAIL_WHITELIST_DOMAINS: ${MYVEMAIL_WHITELIST_DOMAINS}
      MYVEMAIL_WHITELIST_EMAILS: ${MYVEMAIL_WHITELIST_EMAILS}
      # Blacklist separated by commas
      MYVEMAIL_BLACKLIST_DOMAINS: ${MYVEMAIL_BLACKLIST_DOMAINS}
      MYVEMAIL_BLACKLIST_EMAILS: ${MYVEMAIL_BLACKLIST_EMAILS}
    volumes:
      # Required
      - ${MYVEMAIL_VOLUME_MARIADB:-./data/sql}:/var/lib/mysql:Z