Remove the 'fripostLocalAlias' attribute.

Instead, we pretend that lists are valid users (via a match in the mailbox_transport_maps) but choose a different transport (with the same request in transport_maps). The advantage is that we get rid of the ugly hack for list transport… A minor drawback is that we now have two LDAP lookups instead of one for non local addresses (ie, everything but reserved addresses). Hopefully the requests are cached; but even if they aren't, querying a local LDAP server is supposed to be cheap.
author: Guilhem Moulin <guilhem@fripost.org> 2013-12-18 14:34:10 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:51:31 +0200
commit: e98d17cca0011ead0bb89c7674a2209760dce59f (patch)
tree: 77be1b1e3ab980906e2d29ad0b665488edfea49c /roles/MX
parent: b51df24e3b1b64c17a3aac652b142e2082c77a26 (diff)
4 files changed, 15 insertions, 18 deletions
diff --git a/roles/MX/files/etc/postfix/virtual/lists_maps.cf b/roles/MX/files/etc/postfix/virtual/lists_maps.cf
deleted file mode 100644
index da0e4a9..0000000
--- a/roles/MX/files/etc/postfix/virtual/lists_maps.cf
+++ /dev/null
@@ -1,7 +0,0 @@
-server_host      = ldapi://%2Fprivate%2Fldapi/
-version          = 3
-search_base      = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
-scope            = base
-bind             = none
-query_filter     = (&(|(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(fvl=%u)(fripostLocalAlias=%u#%d))
-result_attribute = fripostLocalAlias
diff --git a/roles/MX/files/etc/postfix/virtual/transport_lists_maps.cf b/roles/MX/files/etc/postfix/virtual/transport_lists_maps.cf
index 860c4e6..27c93d1 100644
--- a/roles/MX/files/etc/postfix/virtual/transport_lists_maps.cf
+++ b/roles/MX/files/etc/postfix/virtual/transport_lists_maps.cf
@@ -1,11 +1,11 @@
-# Despite the index on 'fripostLocalAlias' it's a bit more inefficient,
-# but more precise, than the alternative of using regexes here, and a
-# plain hash on the list managers' side.
 server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
-search_base      = ou=virtual,o=mailHosting,dc=fripost,dc=org
-scope            = sub
+search_base      = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+scope            = base
 bind             = none
-query_filter     = (&(|(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(fripostLocalAlias=%s))
-result_attribute = fripostLocalAlias
+query_filter     = (&(|(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(fvl=%u))
+result_attribute = fvl
+# We use these maps for both virtual mailboxes and transport (in the
+# former case the result is ignored, only the existence of a match
+# matters.)
 result_format    = smtp:[127.0.0.1]:2345
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index 1f5136a..de6924b 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -32,43 +32,42 @@
             mode=0644
   register: r
   notify:
     - Restart Postfix
 
 - name: Create directory /etc/postfix-.../virtual
   file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
         state=directory
         owner=root group=root
         mode=0755
 
 - name: Copy lookups tables
   copy: src=etc/postfix/virtual/{{ item }}
         dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
         owner=root group=root
         mode=0644
   with_items:
     - mailbox_domains.cf
     - reserved_maps.pcre
     - alias_maps.cf
-    - lists_maps.cf
     - alias_catchall_maps.cf
     - mailbox_maps.cf
-    - reserved_transport_maps
     - transport_lists_maps.cf
+    - reserved_transport_maps
 
 - name: Compile the Reserved Transport Maps
   postmap: cmd=postalias instance={{ postfix_instance[inst].name }}
            src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/reserved_transport_maps db=cdb
            owner=root group=root
            mode=0644
 
 - name: Copy reserved-alias.pl
   copy: src=usr/local/sbin/reserved-alias.pl
         dest=/usr/local/sbin/reserved-alias.pl
         owner=root group=root
         mode=0755
 
 - name: Start Postfix
   service: name=postfix state=started
   when: not r.changed
 
 - meta: flush_handlers
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 6b32634..d301aaf 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -39,49 +39,54 @@ alias_maps           =
 alias_database       =
 local_recipient_maps =
 
 message_size_limit  = 67108864
 recipient_delimiter = +
 
 # Forward everything to our internal mailhub
 {% if 'MTA-out' in group_names %}
 relayhost     = [127.0.0.1]:{{ MTA_out.port }}
 {% else %}
 relayhost     = [{{ MTA_out.IPv4 }}]:{{ MTA_out.port }}
 {% endif %}
 relay_domains =
 
 # Virtual transport
 {% if 'LDA' in group_names %}
 virtual_transport = smtp:[127.0.0.1]:{{ LDA.port }}
 {% else %}
 virtual_transport = smtp:[{{ LDA.IPv4 }}]:{{ LDA.port }}
 {% endif %}
+transport_maps = ldap:$config_directory/virtual/transport_lists_maps.cf
 
 virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
 virtual_alias_maps      = pcre:$config_directory/virtual/reserved_maps.pcre
                           ldap:$config_directory/virtual/alias_maps.cf
-                          ldap:$config_directory/virtual/lists_maps.cf
                           ldap:$config_directory/virtual/alias_catchall_maps.cf
 virtual_mailbox_maps    = ldap:$config_directory/virtual/mailbox_maps.cf
-mailbox_transport_maps  = cdb:$config_directory/virtual/reserved_transport_maps
+                          # it's a bit stupid to lookup for lists here
+                          # and in transport, but we need to tell
+                          # postfix to accept the recipient
+                          # (virtual_mailbox_maps) *before* sending away
+                          # to the list server (transport_maps)
                           ldap:$config_directory/virtual/transport_lists_maps.cf
+mailbox_transport_maps  = cdb:$config_directory/virtual/reserved_transport_maps
 
 # Don't rewrite remote headers
 local_header_rewrite_clients     =
 # Pass the client information along to the content filter
 smtp_send_xforward_command       = yes
 # Avoid splitting the envelope and scanning messages multiple times
 smtp_destination_recipient_limit = 1000
 # Tolerate occasional high latency
 smtp_data_done_timeout           = 1200s
 
 # Tunnel everything through IPSec
 smtp_tls_security_level = none
 smtp_bind_address       = 172.16.0.1
 
 # TLS
 smtpd_tls_security_level        = may
 smtpd_tls_cert_file             = /etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file              = /etc/ssl/private/ssl-cert-snakeoil.key
 smtpd_tls_CApath                = /etc/ssl/certs/
 smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
author	Guilhem Moulin <guilhem@fripost.org>	2013-12-18 14:34:10 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:51:31 +0200
commit	e98d17cca0011ead0bb89c7674a2209760dce59f (patch)
tree	77be1b1e3ab980906e2d29ad0b665488edfea49c /roles/MX
parent	b51df24e3b1b64c17a3aac652b142e2082c77a26 (diff)