docker/myvemail
1
0
Fork 0
mirror of https://git.myvelabs.com/docker/myvemail.git synced 2025-12-17 21:46:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
myvemail/build/run/docker-entrypoint/init.d/30-postfix.sh
myve 74d85e6b94 Add SPF whitelist
2025-03-17 09:56:15 +00:00

117 lines
3.7 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# Postfix
echo ${MYVEMAIL_DOMAIN} >/etc/mailname
postconf -e "myhostname = ${MYVEMAIL_SUBDOMAIN}.${MYVEMAIL_DOMAIN}"
postconf -e "mydomain = ${MYVEMAIL_DOMAIN}"
# resolv.conf
[ -d /var/spool/postfix/etc/ ] || mkdir /var/spool/postfix/etc/
cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
# Whitelist localhost
tee /etc/postfix/postscreen_access.cidr >/dev/null <<- postscreen_access.cidr
# Permit my own IP addresses
$(wget -q4O- ipv4.icanhazip.com)/32 permit
postscreen_access.cidr
# Configure backup mail servers
if [ ${MYVEMAIL_BACKUPMX} ]
then
backupmx+=(${MYVEMAIL_BACKUPMX//,/ })
postconf -e "$(postconf mynetworks)$(printf ' %s/32' ${backupmx[@]})"
postconf -e "smtp_fallback_relay =$(printf ' [%s]:25' ${backupmx[@]})"
# Whitelist
for domain in ${backupmx[@]}
do
echo "${domain}/32 permit" >>/etc/postfix/postscreen_access.cidr
done
fi
# Whitelist Primary and Backup mail servers
addmx=(${MYVEMAIL_DOMAIN})
addmx+=(${MYVEMAIL_ADDMX//,/ })
echo -n | tee /etc/postfix/{helo_access,{whitelisted,blacklisted}_{domains,emails}} >/dev/null
for domain in ${addmx[@]}
do
echo "/^${domain//./\\.}$/ OK Primary and backup mail servers" | tee -a /etc/postfix/{helo_access,whitelisted_domains} >/dev/null
done
# SPF Whitelist
if [ ${MYVEMAIL_WHITELIST_HELO} ]
then
echo >>/etc/postfix/helo_access
addwhitelist_helo=(${MYVEMAIL_WHITELIST_HELO//,/ })
for whitelist_helo in ${addwhitelist_helo[@]}
do
echo "/${whitelist_helo}/ OK Whitelisted SPF" | tee -a /etc/postfix/helo_access >/dev/null
done
fi
# Whitelist domains or server IP addresses
if [ ${MYVEMAIL_WHITELIST_DOMAINS} ]
then
echo >>/etc/postfix/whitelisted_domains
addwhitelist_domain=(${MYVEMAIL_WHITELIST_DOMAINS//,/ })
for whitelist_domain in ${addwhitelist_domain[@]}
do
echo "/^${whitelist_domain//./\\.}$/ OK Whitelisted domain" | tee -a /etc/postfix/whitelisted_domains >/dev/null
done
fi
# Whitelist emails
if [ ${MYVEMAIL_WHITELIST_EMAILS} ]
then
addwhitelist_email+=(${MYVEMAIL_WHITELIST_EMAILS//,/ })
for whitelist_email in ${addwhitelist_email[@]}
do
echo "${whitelist_email} OK Whitelisted email" | tee -a /etc/postfix/whitelisted_emails >/dev/null
done
else
echo "null@null.void OK Dummy entry" >/etc/postfix/whitelisted_emails
fi
# Blacklist domains or server IP addresses
if [ ${MYVEMAIL_BLACKLIST_DOMAINS} ]
then
addblacklist_domain+=(${MYVEMAIL_BLACKLIST_DOMAINS//,/ })
for blacklist_domain in ${addblacklist_domain[@]}
do
echo "/^${blacklist_domain//./\\.}$/ REJECT Blacklisted domain" | tee -a /etc/postfix/blacklisted_domains >/dev/null
done
else
echo "/^null.void$/ OK Dummy entry" >/etc/postfix/blacklisted_domains
fi
# Blacklist emails
if [ ${MYVEMAIL_BLACKLIST_EMAILS} ]
then
addblacklist_email+=(${MYVEMAIL_BLACKLIST_EMAILS//,/ })
for blacklist_email in ${addblacklist_email[@]}
do
echo "${blacklist_email} REJECT Blacklisted email" | tee -a /etc/postfix/blacklisted_emails >/dev/null
done
else
echo "null@null.void OK Dummy entry" >/etc/postfix/blacklisted_emails
fi
# Virtual mailboxes
sed -e "s/{{MYVEMAIL_POSTFIXADMIN_DBNAME}}/${MYVEMAIL_POSTFIXADMIN_DBNAME}/" \
-e "s/{{MYVEMAIL_POSTFIXADMIN_DBUSER}}/${MYVEMAIL_POSTFIXADMIN_DBUSER}/" \
-e "s/{{MYVEMAIL_POSTFIXADMIN_DBPASS}}/${MYVEMAIL_POSTFIXADMIN_DBPASS}/" \
-i /etc/postfix/sql/*.cf
# Permissions
setfacl -R -m u:postfix:rx /etc/postfix/sql/
# Start postfix
postfix start
# Create postfix db tables
postmap /etc/postfix/helo_access \
/etc/postfix/smtp_header_checks /etc/postfix/header_checks \
/etc/postfix/body_checks \
/etc/postfix/postscreen_access.cidr \
/etc/postfix/{whitelisted,blacklisted}_{domains,emails}
Reference in a new issue View git blame Copy permalink