From bb73933e1e7ed99970dfafb80d9d0721a04e67ea Mon Sep 17 00:00:00 2001 From: Pierre Jaury Date: Thu, 26 Jul 2018 21:57:21 +0200 Subject: [PATCH] Switch postfix to Podop --- core/postfix/Dockerfile | 4 +++- core/postfix/conf/main.cf | 16 ++++++++-------- core/postfix/start.py | 21 ++++++++++++++++++--- 3 files changed, 29 insertions(+), 12 deletions(-) diff --git a/core/postfix/Dockerfile b/core/postfix/Dockerfile index bb5831a2..81ffc95b 100644 --- a/core/postfix/Dockerfile +++ b/core/postfix/Dockerfile @@ -1,6 +1,8 @@ FROM alpine -RUN apk add --no-cache postfix postfix-sqlite postfix-pcre rsyslog python py-jinja2 +RUN apk add --no-cache postfix postfix-pcre rsyslog \ + python3 py3-pip \ + && pip3 install jinja2 podop COPY conf /conf COPY start.py /start.py diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf index 2f2c6990..19c2d0c2 100644 --- a/core/postfix/conf/main.cf +++ b/core/postfix/conf/main.cf @@ -19,8 +19,8 @@ mynetworks = 127.0.0.1/32 [::1]/128 {{ RELAYNETS }} # Empty alias list to override the configuration variable and disable NIS alias_maps = -# SQLite configuration -sql = sqlite:${config_directory}/ +# Podop configuration +podop = socketmap:unix:/tmp/podop.socket: # Only accept virtual emails mydestination = @@ -56,13 +56,13 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # The alias map actually returns both aliases and local mailboxes, which is # required for reject_unlisted_sender to work properly -virtual_alias_maps = ${sql}sqlite-virtual_alias_maps.cf -virtual_mailbox_domains = ${sql}sqlite-virtual_mailbox_domains.cf -virtual_mailbox_maps = $virtual_alias_maps +virtual_alias_maps = ${podop}alias +virtual_mailbox_domains = ${podop}domains +virtual_mailbox_maps = ${podop}mailbox # Mails are transported if required, then forwarded to Dovecot for delivery -relay_domains = ${sql}sqlite-transport.cf -transport_maps = ${sql}sqlite-transport.cf +relay_domains = ${podop}transport +transport_maps = ${podop}transport virtual_transport = lmtp:inet:{{ HOST_LMTP }} # In order to prevent Postfix from running DNS query, enforce the use of the @@ -84,7 +84,7 @@ smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, - check_sender_access ${sql}sqlite-reject-spoofed.cf, + check_sender_access ${podop}spoofed reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, diff --git a/core/postfix/start.py b/core/postfix/start.py index 4dbf2206..38905224 100755 --- a/core/postfix/start.py +++ b/core/postfix/start.py @@ -1,11 +1,25 @@ -#!/usr/bin/python +#!/usr/bin/python3 import jinja2 import os import socket import glob import shutil - +import multiprocessing + +from podop import run_server + + +def start_podop(): + os.setuid(100) + run_server(40, "postfix", "/tmp/podop.socket", [ + ("transport", "url", "http://admin/internal/postfix/transport/§"), + ("alias", "url", "http://admin/internal/postfix/alias/§"), + ("domains", "url", "http://admin/internal/postfix/domains/§"), + ("mailbox", "url", "http://admin/internal/postfix/mailbox/§"), + ("spoofed", "url", "http://admin/internal/postfix/spoofed/§"), + ]) + convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ)) # Actual startup script @@ -32,7 +46,8 @@ for map_file in glob.glob("/overrides/*.map"): convert("/conf/rsyslog.conf", "/etc/rsyslog.conf") -# Run postfix +# Run Podop and Postfix +multiprocessing.Process(target=start_podop).start() if os.path.exists("/var/run/rsyslogd.pid"): os.remove("/var/run/rsyslogd.pid") os.system("/usr/lib/postfix/post-install meta_directory=/etc/postfix create-missing")