Moved whitelist ahead of policyd-spf check

2025-12-17 19:46:19 +00:00 · 2025-03-18 00:16:45 +00:00 · 2025-03-18 00:16:45 +00:00 · d3377b860a
commit d3377b860a
parent 8d70e17909
5 changed files with 22 additions and 60 deletions
--- a/01-setup.sh
+++ b/01-setup.sh
@ -1,14 +1,24 @@
 #!/usr/bin/env bash
-# Fill in the following variables
-appname=            #google
-proxyurl=           #http://webapps.kvm
-proxyport=          #4000
-domain=             #www.google.com
-mailver=            #latest/stable
-
 # Exit on any error
 set -e

+# Fill in the following variables
+appname=${appname}				# google
+proxyurl=${proxyurl}			# http://webapps.kvm
+proxyport=${proxyport}			# 4000
+domain=${domain}				# www.google.com
+mailver=${mailver}				# latest/stable
+
+# Abort if variables are missing
+for var in appname proxyurl proxyport domain
+do
+    if [ -z ${!var} ]
+    then
+        echo "Variable ${var} does not exist, aborting..."
+        exit 1
+    fi
+done
+
 # Check for subdomain
 if [ $(echo ${domain} | awk -F . '{print $3}') ]
 then
@ -19,13 +29,6 @@ else
    exit 1
 fi

-# Variable check
-if [ -z ${appname} ] || [ -z ${proxyurl} ] || [ -z ${proxyport} ] || [ -z ${domain} ]
-then
-    echo "Missing variable, exiting..."
-    exit 1
-fi
-
 # Figure out nginx conf directory
 if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
 then
@ -133,7 +136,7 @@ MYVEMAIL_PORT=${proxyport}

 # Optional
 # Version: latest or stable (defaults to latest)
-MYVEMAIL_VERSION=${mailver}
+MYVEMAIL_VERSION=${mailver:-latest}

 # Additional mail domains separated by commas
 MYVEMAIL_ADDMX=
--- a/build/run/docker-entrypoint/entrypoint.sh
+++ b/build/run/docker-entrypoint/entrypoint.sh
@ -43,4 +43,4 @@ postfix reload &&
 echo -e "\n\e[1;32mMail service is ready\e[0m\n"

 # Monitor log
-tail -f /var/log/mail/maillog.debug{,.0} # /var/log/mail/maillog{,.0}
+tail -F /var/log/mail/maillog.debug{,.0} # /var/log/mail/maillog{,.0}
--- a/build/run/docker-entrypoint/init.d/30-postfix.sh
+++ b/build/run/docker-entrypoint/init.d/30-postfix.sh
@ -46,7 +46,7 @@ then
    addwhitelist_helo=(${MYVEMAIL_WHITELIST_HELO//,/ })
    for whitelist_helo in ${addwhitelist_helo[@]}
    do
-        echo "/${whitelist_helo//./\\.}/			OK Whitelisted SPF" | tee -a /etc/postfix/helo_access >/dev/null
+        echo "/${whitelist_helo//./\\.}/			OK Whitelisted SPF" | tee -a /etc/postfix/{helo_access,whitelisted_domains} >/dev/null
    done
 fi

--- a/build/run/installer.sh
+++ b/build/run/installer.sh
@ -90,7 +90,7 @@ postconf -e "smtp_header_checks = pcre:/etc/postfix/smtp_header_checks"

 # SPF and DKIM checks
 postconf -e "policy_time_limit = 3600"
-postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy, check_client_access pcre:/etc/postfix/whitelisted_domains, check_sender_access lmdb:/etc/postfix/whitelisted_emails, check_client_access pcre:/etc/postfix/blacklisted_domains, check_sender_access lmdb:/etc/postfix/blacklisted_emails"
+postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access pcre:/etc/postfix/whitelisted_domains, check_sender_access lmdb:/etc/postfix/whitelisted_emails, check_client_access pcre:/etc/postfix/blacklisted_domains, check_sender_access lmdb:/etc/postfix/blacklisted_emails, check_policy_service unix:private/policyd-spf"

 # Milter configuration
 postconf -e "milter_default_action = accept"
@ -135,7 +135,7 @@ submission inet n       -       y       -       -       smtpd
  -o smtpd_sasl_path=private/auth

 # SPF Policy
-policy       unix  -       n       n       -       -       spawn
+policyd-spf  unix  -       n       n       -       -       spawn
    user=nobody argv=/usr/bin/perl ${MYVEMAIL_POLICYD}
 master.cf

--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -3,49 +3,8 @@ services:
    image: hub.myvelabs.com/lab/myvemail:${MYVEMAIL_VERSION:-latest}
    container_name: myvemail
    restart: unless-stopped
-
-    # ports:
-    #   - ${MYVEMAIL_PORT:-80}:80/tcp
-    #   - 25:25/tcp
-    #   - 587:587/tcp
-    #   - 143:143/tcp
-    #   - 993:993/tcp
    network_mode: host
-
    env_file: .env
-    environment:
-      # Webmail port
-      MYVEMAIL_PORT: ${MYVEMAIL_PORT}
-
-      # Mail domain details
-      MYVEMAIL_SUBDOMAIN: ${MYVEMAIL_SUBDOMAIN}
-      MYVEMAIL_DOMAIN: ${MYVEMAIL_DOMAIN}
-
-      # Additional mail domains separated by commas
-      MYVEMAIL_ADDMX: ${MYVEMAIL_ADDMX}
-
-      # Backup mail servers separated by commas
-      MYVEMAIL_BACKUPMX: ${MYVEMAIL_BACKUPMX}
-
-      # Roundcube
-      MYVEMAIL_ROUNDCUBE_DBNAME: ${MYVEMAIL_ROUNDCUBE_DBNAME:-roundcube}
-      MYVEMAIL_ROUNDCUBE_DBUSER: ${MYVEMAIL_ROUNDCUBE_DBUSER:-roundcube}
-      MYVEMAIL_ROUNDCUBE_DBPASS: ${MYVEMAIL_ROUNDCUBE_DBPASS:-roundcube}
-
-      # Postfixadmin
-      MYVEMAIL_POSTFIXADMIN_DBNAME: ${MYVEMAIL_POSTFIXADMIN_DBNAME:-postfixadmin}
-      MYVEMAIL_POSTFIXADMIN_DBUSER: ${MYVEMAIL_POSTFIXADMIN_DBUSER:-postfixadmin}
-      MYVEMAIL_POSTFIXADMIN_DBPASS: ${MYVEMAIL_POSTFIXADMIN_DBPASS:-postfixadmin}
-
-      # Whitelist separated by commas
-      MYVEMAIL_WHITELIST_HELO: ${MYVEMAIL_WHITELIST_HELO}
-      MYVEMAIL_WHITELIST_DOMAINS: ${MYVEMAIL_WHITELIST_DOMAINS}
-      MYVEMAIL_WHITELIST_EMAILS: ${MYVEMAIL_WHITELIST_EMAILS}
-
-      # Blacklist separated by commas
-      MYVEMAIL_BLACKLIST_DOMAINS: ${MYVEMAIL_BLACKLIST_DOMAINS}
-      MYVEMAIL_BLACKLIST_EMAILS: ${MYVEMAIL_BLACKLIST_EMAILS}
-
    volumes:
      # Required
      - ${MYVEMAIL_VOLUME_MARIADB:-./data/sql}:/var/lib/mysql:Z