YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #331 from YunoHost/fix-srs

Browse source 
[fix] Attempt to fix Sender Rewriting Scheme with postsrsd
This commit is contained in:
Alexandre Aubin 2018-08-23 21:22:22 +02:00 committed by GitHub
commit 4ffbf6bfff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 61 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
data/hooks/conf_regen/19-postfix
View file

@ -10,15 +10,25 @@ do_pre_regen() {
postfix_dir="${pending_dir}/etc/postfix" postfix_dir="${pending_dir}/etc/postfix"
mkdir -p "$postfix_dir" mkdir -p "$postfix_dir"
default_dir="${pending_dir}/etc/default/"
mkdir -p "$default_dir"
# install plain conf files # install plain conf files
cp plain/* "$postfix_dir" cp plain/* "$postfix_dir"
# prepare main.cf conf file # prepare main.cf conf file
main_domain=$(cat /etc/yunohost/current_host) main_domain=$(cat /etc/yunohost/current_host)
domain_list=$(sudo yunohost domain list --output-as plain --quiet | tr '\n' ' ')
cat main.cf \ cat main.cf \
| sed "s/{{ main_domain }}/${main_domain}/g" \ | sed "s/{{ main_domain }}/${main_domain}/g" \
> "${postfix_dir}/main.cf" > "${postfix_dir}/main.cf"
cat postsrsd \
| sed "s/{{ main_domain }}/${main_domain}/g" \
| sed "s/{{ domain_list }}/${domain_list}/g" \
> "${default_dir}/postsrsd"
# adapt it for IPv4-only hosts # adapt it for IPv4-only hosts
if [ ! -f /proc/net/if_inet6 ]; then if [ ! -f /proc/net/if_inet6 ]; then
sed -i \ sed -i \
@ -34,7 +44,8 @@ do_post_regen() {
regen_conf_files=$1 regen_conf_files=$1
[[ -z "$regen_conf_files" ]] \ [[ -z "$regen_conf_files" ]] \
|| sudo service postfix restart || { sudo service postfix restart && sudo service postsrsd restart; }
} }
FORCE=${2:-0} FORCE=${2:-0}

4
data/templates/postfix/main.cf
View file

@ -137,8 +137,10 @@ smtpd_recipient_restrictions =
permit permit
# SRS # SRS
sender_canonical_maps = regexp:/etc/postfix/sender_canonical sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:localhost:10002
recipient_canonical_classes= envelope_recipient,header_recipient
# Ignore some headers # Ignore some headers
smtp_header_checks = regexp:/etc/postfix/header_checks smtp_header_checks = regexp:/etc/postfix/header_checks

43
data/templates/postfix/postsrsd Normal file
View file

@ -0,0 +1,43 @@
# Default settings for postsrsd
# Local domain name.
# Addresses are rewritten to originate from this domain. The default value
# is taken from `postconf -h mydomain` and probably okay.
#
SRS_DOMAIN={{ main_domain }}
# Exclude additional domains.
# You may list domains which shall not be subjected to address rewriting.
# If a domain name starts with a dot, it matches all subdomains, but not
# the domain itself. Separate multiple domains by space or comma.
# We have to put some "dummy" stuff at start and end... see this comment :
# https://github.com/roehling/postsrsd/issues/64#issuecomment-284003762
SRS_EXCLUDE_DOMAINS=dummy {{ domain_list }} dummy
# First separator character after SRS0 or SRS1.
# Can be one of: -+=
SRS_SEPARATOR==
# Secret key to sign rewritten addresses.
# When postsrsd is installed for the first time, a random secret is generated
# and stored in /etc/postsrsd.secret. For most installations, that's just fine.
#
SRS_SECRET=/etc/postsrsd.secret
# Local ports for TCP list.
# These ports are used to bind the TCP list for postfix. If you change
# these, you have to modify the postfix settings accordingly. The ports
# are bound to the loopback interface, and should never be exposed on
# the internet.
#
SRS_FORWARD_PORT=10001
SRS_REVERSE_PORT=10002
# Drop root privileges and run as another user after initialization.
# This is highly recommended as postsrsd handles untrusted input.
#
RUN_AS=postsrsd
# Jail daemon in chroot environment
CHROOT=/var/lib/postsrsd

2
debian/control vendored
View file

@ -18,7 +18,7 @@ Depends: ${python:Depends}, ${misc:Depends}
, ca-certificates, netcat-openbsd, iproute , ca-certificates, netcat-openbsd, iproute
, mariadb-server, php-mysql | php-mysqlnd , mariadb-server, php-mysql | php-mysqlnd
, slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd , slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd
, postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail, mailutils , postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail, mailutils, postsrsd
, dovecot-ldap, dovecot-lmtpd, dovecot-managesieved , dovecot-ldap, dovecot-lmtpd, dovecot-managesieved
, dovecot-antispam, fail2ban , dovecot-antispam, fail2ban
, nginx-extras (>=1.6.2), php-fpm, php-ldap, php-intl , nginx-extras (>=1.6.2), php-fpm, php-ldap, php-intl

4
src/yunohost/domain.py
View file

@ -114,7 +114,7 @@ def domain_add(operation_logger, auth, domain, dyndns=False):
# Don't regen these conf if we're still in postinstall # Don't regen these conf if we're still in postinstall
if os.path.exists('/etc/yunohost/installed'): if os.path.exists('/etc/yunohost/installed'):
service_regen_conf(names=['nginx', 'metronome', 'dnsmasq']) service_regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix'])
app_ssowatconf(auth) app_ssowatconf(auth)
except Exception, e: except Exception, e:
@ -171,7 +171,7 @@ def domain_remove(operation_logger, auth, domain, force=False):
else: else:
raise MoulinetteError(errno.EIO, m18n.n('domain_deletion_failed')) raise MoulinetteError(errno.EIO, m18n.n('domain_deletion_failed'))
service_regen_conf(names=['nginx', 'metronome', 'dnsmasq']) service_regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix'])
app_ssowatconf(auth) app_ssowatconf(auth)
hook_callback('post_domain_remove', args=[domain]) hook_callback('post_domain_remove', args=[domain])