#!/usr/bin/env bash # Postfix echo ${MYVEMAIL_DOMAIN} >/etc/mailname postconf -e "myhostname = ${MYVEMAIL_SUBDOMAIN}.${MYVEMAIL_DOMAIN}" postconf -e "mydomain = ${MYVEMAIL_DOMAIN}" # resolv.conf [ -d /var/spool/postfix/etc/ ] || mkdir /var/spool/postfix/etc/ cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf # Whitelist localhost tee /etc/postfix/postscreen_access.cidr >/dev/null <<- postscreen_access.cidr # Permit my own IP addresses $(wget -q4O- ipv4.icanhazip.com)/32 permit postscreen_access.cidr # Configure backup mail servers if [ ${MYVEMAIL_BACKUPMX} ] then backupmx+=(${MYVEMAIL_BACKUPMX//,/ }) postconf -e "$(postconf mynetworks)$(printf ' %s/32' ${backupmx[@]})" postconf -e "smtp_fallback_relay =$(printf ' [%s]:25' ${backupmx[@]})" # Whitelist for domain in ${backupmx[@]} do echo "${domain}/32 permit" >>/etc/postfix/postscreen_access.cidr done fi # Whitelist Primary and Backup mail servers addmx=(${MYVEMAIL_DOMAIN}) addmx+=(${MYVEMAIL_ADDMX//,/ }) echo -n | tee /etc/postfix/{helo_access,{whitelisted,blacklisted}_{domains,emails}} >/dev/null for domain in ${addmx[@]} do echo "/^${domain//./\\.}$/ OK Primary and backup mail servers" | tee -a /etc/postfix/{helo_access,whitelisted_domains} >/dev/null done # SPF Whitelist if [ ${MYVEMAIL_WHITELIST_HELO} ] then echo >>/etc/postfix/helo_access addwhitelist_helo=(${MYVEMAIL_WHITELIST_HELO//,/ }) for whitelist_helo in ${addwhitelist_helo[@]} do echo "/${whitelist_helo//./\\.}/ OK Whitelisted SPF" | tee -a /etc/postfix/{helo_access,whitelisted_domains} >/dev/null done fi # Whitelist domains or server IP addresses if [ ${MYVEMAIL_WHITELIST_DOMAINS} ] then echo >>/etc/postfix/whitelisted_domains addwhitelist_domain=(${MYVEMAIL_WHITELIST_DOMAINS//,/ }) for whitelist_domain in ${addwhitelist_domain[@]} do echo "/^${whitelist_domain//./\\.}$/ OK Whitelisted domain" | tee -a /etc/postfix/whitelisted_domains >/dev/null done fi # Whitelist emails if [ ${MYVEMAIL_WHITELIST_EMAILS} ] then addwhitelist_email+=(${MYVEMAIL_WHITELIST_EMAILS//,/ }) for whitelist_email in ${addwhitelist_email[@]} do echo "${whitelist_email} OK Whitelisted email" | tee -a /etc/postfix/whitelisted_emails >/dev/null done else echo "null@null.void OK Dummy entry" >/etc/postfix/whitelisted_emails fi # Blacklist domains or server IP addresses if [ ${MYVEMAIL_BLACKLIST_DOMAINS} ] then addblacklist_domain+=(${MYVEMAIL_BLACKLIST_DOMAINS//,/ }) for blacklist_domain in ${addblacklist_domain[@]} do echo "/^${blacklist_domain//./\\.}$/ REJECT Blacklisted domain" | tee -a /etc/postfix/blacklisted_domains >/dev/null done else echo "/^null.void$/ OK Dummy entry" >/etc/postfix/blacklisted_domains fi # Blacklist emails if [ ${MYVEMAIL_BLACKLIST_EMAILS} ] then addblacklist_email+=(${MYVEMAIL_BLACKLIST_EMAILS//,/ }) for blacklist_email in ${addblacklist_email[@]} do echo "${blacklist_email} REJECT Blacklisted email" | tee -a /etc/postfix/blacklisted_emails >/dev/null done else echo "null@null.void OK Dummy entry" >/etc/postfix/blacklisted_emails fi # Virtual mailboxes sed -e "s/{{MYVEMAIL_POSTFIXADMIN_DBNAME}}/${MYVEMAIL_POSTFIXADMIN_DBNAME}/" \ -e "s/{{MYVEMAIL_POSTFIXADMIN_DBUSER}}/${MYVEMAIL_POSTFIXADMIN_DBUSER}/" \ -e "s/{{MYVEMAIL_POSTFIXADMIN_DBPASS}}/${MYVEMAIL_POSTFIXADMIN_DBPASS}/" \ -i /etc/postfix/sql/*.cf # Permissions setfacl -R -m u:postfix:rx /etc/postfix/sql/ # Start postfix postfix start # Create postfix db tables postmap /etc/postfix/helo_access \ /etc/postfix/smtp_header_checks /etc/postfix/header_checks \ /etc/postfix/body_checks \ /etc/postfix/postscreen_access.cidr \ /etc/postfix/{whitelisted,blacklisted}_{domains,emails}