From 7ab13b56c9f598a4f57b1485b49097d534eec09e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 16 Jul 2017 17:16:10 -0400 Subject: [PATCH 1/5] Add postsrsd as dependency --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 256038598..3c74fea76 100644 --- a/debian/control +++ b/debian/control @@ -18,7 +18,7 @@ Depends: ${python:Depends}, ${misc:Depends} , ca-certificates, netcat-openbsd, iproute , mariadb-server, php-mysql | php-mysqlnd , slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd - , postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail, mailutils + , postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail, mailutils, postsrsd , dovecot-ldap, dovecot-lmtpd, dovecot-managesieved , dovecot-antispam, fail2ban , nginx-extras (>=1.6.2), php-fpm, php-ldap, php-intl From 240158ffaf1eab8e298c589e250858e3a4757c25 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 16 Jul 2017 17:16:47 -0400 Subject: [PATCH 2/5] Link postfix to postsrsd for SRS --- data/templates/postfix/main.cf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/data/templates/postfix/main.cf b/data/templates/postfix/main.cf index 2cb1d8d72..c38896a3f 100644 --- a/data/templates/postfix/main.cf +++ b/data/templates/postfix/main.cf @@ -137,8 +137,10 @@ smtpd_recipient_restrictions = permit # SRS -sender_canonical_maps = regexp:/etc/postfix/sender_canonical +sender_canonical_maps = tcp:localhost:10001 sender_canonical_classes = envelope_sender +recipient_canonical_maps = tcp:localhost:10002 +recipient_canonical_classes= envelope_recipient,header_recipient # Ignore some headers smtp_header_checks = regexp:/etc/postfix/header_checks From b1fdb39880dd00afc2b1b38a7d1a6611e67445e2 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 16 Jul 2017 17:17:25 -0400 Subject: [PATCH 3/5] Tweaking postfix regen-conf to handle postsrsd conf --- data/hooks/conf_regen/19-postfix | 12 ++++++++- data/templates/postfix/postsrsd | 43 ++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 data/templates/postfix/postsrsd diff --git a/data/hooks/conf_regen/19-postfix b/data/hooks/conf_regen/19-postfix index 3cb5cdf50..2133c1bd5 100755 --- a/data/hooks/conf_regen/19-postfix +++ b/data/hooks/conf_regen/19-postfix @@ -10,15 +10,25 @@ do_pre_regen() { postfix_dir="${pending_dir}/etc/postfix" mkdir -p "$postfix_dir" + default_dir="${pending_dir}/etc/default/" + mkdir -p "$default_dir" + # install plain conf files cp plain/* "$postfix_dir" # prepare main.cf conf file main_domain=$(cat /etc/yunohost/current_host) + domain_list=$(sudo yunohost domain list --output-as plain --quiet) + cat main.cf \ | sed "s/{{ main_domain }}/${main_domain}/g" \ > "${postfix_dir}/main.cf" + cat postsrsd \ + | sed "s/{{ main_domain }}/${main_domain}/g" \ + | sed "s/{{ domain_list }}/${domain_list}/g" \ + > "${default_dir}/postsrsd" + # adapt it for IPv4-only hosts if [ ! -f /proc/net/if_inet6 ]; then sed -i \ @@ -34,7 +44,7 @@ do_post_regen() { regen_conf_files=$1 [[ -z "$regen_conf_files" ]] \ - || sudo service postfix restart + || { sudo service postfix restart && sudo service postsrsd restart } } FORCE=${2:-0} diff --git a/data/templates/postfix/postsrsd b/data/templates/postfix/postsrsd new file mode 100644 index 000000000..56bfd091e --- /dev/null +++ b/data/templates/postfix/postsrsd @@ -0,0 +1,43 @@ +# Default settings for postsrsd + +# Local domain name. +# Addresses are rewritten to originate from this domain. The default value +# is taken from `postconf -h mydomain` and probably okay. +# +SRS_DOMAIN={{ main_domain }} + +# Exclude additional domains. +# You may list domains which shall not be subjected to address rewriting. +# If a domain name starts with a dot, it matches all subdomains, but not +# the domain itself. Separate multiple domains by space or comma. +# We have to put some "dummy" stuff at start and end... see this comment : +# https://github.com/roehling/postsrsd/issues/64#issuecomment-284003762 +SRS_EXCLUDE_DOMAINS=dummy {{ domain_list }} dummy + +# First separator character after SRS0 or SRS1. +# Can be one of: -+= +SRS_SEPARATOR== + +# Secret key to sign rewritten addresses. +# When postsrsd is installed for the first time, a random secret is generated +# and stored in /etc/postsrsd.secret. For most installations, that's just fine. +# +SRS_SECRET=/etc/postsrsd.secret + +# Local ports for TCP list. +# These ports are used to bind the TCP list for postfix. If you change +# these, you have to modify the postfix settings accordingly. The ports +# are bound to the loopback interface, and should never be exposed on +# the internet. +# +SRS_FORWARD_PORT=10001 +SRS_REVERSE_PORT=10002 + +# Drop root privileges and run as another user after initialization. +# This is highly recommended as postsrsd handles untrusted input. +# +RUN_AS=postsrsd + +# Jail daemon in chroot environment +CHROOT=/var/lib/postsrsd + From 8e49f9db6d5809815612bc15ee744283a67b924a Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 16 Jul 2017 17:35:17 -0400 Subject: [PATCH 4/5] Fix after test --- data/hooks/conf_regen/19-postfix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/hooks/conf_regen/19-postfix b/data/hooks/conf_regen/19-postfix index 2133c1bd5..a3ad70327 100755 --- a/data/hooks/conf_regen/19-postfix +++ b/data/hooks/conf_regen/19-postfix @@ -18,7 +18,7 @@ do_pre_regen() { # prepare main.cf conf file main_domain=$(cat /etc/yunohost/current_host) - domain_list=$(sudo yunohost domain list --output-as plain --quiet) + domain_list=$(sudo yunohost domain list --output-as plain --quiet | tr '\n' ' ') cat main.cf \ | sed "s/{{ main_domain }}/${main_domain}/g" \ @@ -44,7 +44,8 @@ do_post_regen() { regen_conf_files=$1 [[ -z "$regen_conf_files" ]] \ - || { sudo service postfix restart && sudo service postsrsd restart } + || { sudo service postfix restart && sudo service postsrsd restart; } + } FORCE=${2:-0} From 226ee1abcbfeba863b93339882fef821dd87b074 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 16 Jul 2017 18:03:12 -0400 Subject: [PATCH 5/5] Adding/removing a domain now affect postfix/postsrsd conf --- src/yunohost/domain.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py index 913b7868e..52660bc48 100644 --- a/src/yunohost/domain.py +++ b/src/yunohost/domain.py @@ -110,7 +110,7 @@ def domain_add(auth, domain, dyndns=False): # Don't regen these conf if we're still in postinstall if os.path.exists('/etc/yunohost/installed'): - service_regen_conf(names=['nginx', 'metronome', 'dnsmasq']) + service_regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix']) app_ssowatconf(auth) except: @@ -162,7 +162,7 @@ def domain_remove(auth, domain, force=False): else: raise MoulinetteError(errno.EIO, m18n.n('domain_deletion_failed')) - service_regen_conf(names=['nginx', 'metronome', 'dnsmasq']) + service_regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix']) app_ssowatconf(auth) hook_callback('post_domain_remove', args=[domain])