diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-09 01:23:01 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:49 +0200 |
commit | 55e9b2a0ebc87a353f9c9496a77b313e41e47bd4 (patch) | |
tree | 30b5abd316a31688c494f03ee4cd2ae4fccc38f5 /roles/MX/templates | |
parent | 368540caee8fff8aa90b1542897188e9f98ac585 (diff) |
Perform the alias resolution and address validation solely on the MX:es.
We can therefore spare some lookups on the MDA, and use static:all
instead.
Diffstat (limited to 'roles/MX/templates')
9 files changed, 9 insertions, 7 deletions
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 8785c5a..b0da1bc 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -54,7 +54,7 @@ relay_domains = # We use a dedicated "virtual" domain to decongestion potential # bottlenecks on trivial_rewrite(8) due to slow LDAP lookups in # tranport_maps. -virtual_transport = error:5.1.1 Virtual transport unavailable +virtual_transport = error:5.1.1 Virtual transport unavailable virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre # first we do the alias resolution... diff --git a/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 index 31a23ce..c0ab405 100644 --- a/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 @@ -6,5 +6,5 @@ scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME -query_filter = (&(objectClass=FripostVirtualAlias)(fvl=%u)) +query_filter = (&(objectClass=FripostVirtualAlias)(fvl=%u)(fripostIsStatusActive=TRUE)) result_attribute = fripostMaildrop diff --git a/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 index b338c8c..7679a9c 100644 --- a/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 @@ -6,6 +6,7 @@ scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME +# The domain has already been validated (it's active and not pending) query_filter = (&(objectClass=FripostVirtualAliasDomain)(fvd=%d)) result_attribute = fripostMaildrop result_format = %U@%s diff --git a/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 index 3d86ecf..818ad02 100644 --- a/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 @@ -6,5 +6,6 @@ scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME +# The domain has already been validated (it's active and not pending) query_filter = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostVirtualAliasDomain))(fvd=%d)(fripostOptionalMaildrop=*)) result_attribute = fripostOptionalMaildrop diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 index a39343b..a2ff325 100644 --- a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 @@ -6,7 +6,7 @@ scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME -query_filter = (&(objectClass=FripostVirtualList)(fvl=%u)) +query_filter = (&(objectClass=FripostVirtualList)(!(objectClass=FripostPendingEntry))(fvl=%u)(fripostIsStatusActive=TRUE)) result_attribute = fvl # Use a dedicated "virtual" domain to decongestion potential bottlenecks # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps. diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 index 083b638..9b584c9 100644 --- a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 @@ -6,7 +6,7 @@ scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME -query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u)) +query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u)(fripostIsStatusActive=TRUE)) result_attribute = fvl # Use a dedicated "virtual" domain to decongestion potential bottlenecks # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps. diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 index fde355e..1cb8add 100644 --- a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 @@ -5,6 +5,6 @@ scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME -query_filter = (&(objectClass=FripostVirtualDomain)(fvd=%s)) +query_filter = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(fvd=%s)(fripostIsStatusActive=TRUE)) result_attribute = fvd result_format = OK diff --git a/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 index 6f62a01..f1c79c7 100644 --- a/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 +++ b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 @@ -2,4 +2,4 @@ # For other domains, RFC 822 section 6.3 and RFC 2142 section 4 # mandatory aliases are forwarded to OUR admin team and to the domain # owner or postmaster, if there are any. -/^((?:postmaster|abuse)(?:\+.*)?@.*)/ $1@reserved.locahost.localdomain +/^(postmaster|abuse)(?:\+.*)?@(.*)/ $2/$1@reserved.fripost.org diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2 index a34dcad..85715a0 100644 --- a/roles/MX/templates/etc/postfix/virtual/transport.j2 +++ b/roles/MX/templates/etc/postfix/virtual/transport.j2 @@ -1,4 +1,4 @@ -reserved.locahost.localdomain reserved-alias: +reserved.fripost.org reserved-alias: {% if 'LDA' in group_names %} mda.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.IMAP.port }} |