diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2014-01-15 07:32:20 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:38 +0200 |
commit | 9304813d505baaa50294ed0d37a11d9e3f0f6c79 (patch) | |
tree | 450f263fb6e9d7cfa67cf2e1235c2c593bad14ab /roles/MX | |
parent | ab83789bd70d294623e62e0b366b6b649cb5b0af (diff) |
Fix the catch-all resolution again.
We introduce a limitation on the domain-aliases: they can't have
children (e.g., lists or users) any longer.
The whole alias resolution, including catch-alls and domain aliases, is
now done in 'virtual_alias_maps'. We stop the resolution by returning a
dummy alias A -> A for mailboxes, before trying the catch-all maps.
We're still using transport_maps for lists. If it turns out to be a
bottleneck due to the high-latency coming from LDAP maps, (and the fact
that there is a single qmgr(8) daemon), we could rewrite lists to a
dummy subdomain and use a static transport_maps instead:
virtual_alias_maps:
mylist@example.org -> mylist#example.org@mlmmj.localhost.localdomain
transport_maps:
mlmmj.localhost.localdomain mlmmj:
Diffstat (limited to 'roles/MX')
-rw-r--r-- | roles/MX/tasks/main.yml | 17 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/main.cf.j2 | 25 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/alias.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/alias_maps.cf.j2) | 2 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/transport_catchall_maps.cf.j2) | 7 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/catchall_maps.cf.j2) | 3 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/list.cf.j2 | 9 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/transport_mailbox_maps.cf.j2) | 7 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 (renamed from roles/MX/templates/etc/postfix/virtual/transport_reserved_maps.pcre.j2) | 5 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/reserved_alias_maps.j2 | 4 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/transport_list.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/transport_lists_maps.cf.j2) | 3 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/virtual/transport_reserved_alias.j2 | 1 |
11 files changed, 46 insertions, 37 deletions
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml index 2ffe08d..e8dadb1 100644 --- a/roles/MX/tasks/main.yml +++ b/roles/MX/tasks/main.yml @@ -47,17 +47,18 @@ mode=0644 with_items: - mailbox_domains.cf - - reserved_alias_maps - - alias_maps.cf - - catchall_maps.cf - - transport_reserved_maps.pcre - - transport_mailbox_maps.cf - - transport_lists_maps.cf - - transport_catchall_maps.cf + - reserved_alias.pcre + - alias.cf + - mailbox.cf + - list.cf + - alias_domains.cf + - catchall.cf + - transport_reserved_alias + - transport_list.cf - name: Compile the Reserved Transport Maps postmap: instance={{ postfix_instance[inst].name }} - src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/reserved_alias_maps db=cdb + src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport_reserved_alias db=cdb owner=root group=root mode=0644 diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 9f88eef..6c2004a 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -19,7 +19,7 @@ append_dot_mydomain = no # Turn off all TCP/IP listener ports except that necessary for the mail # exchange. -master_service_disable = !smtp.inet !127.0.0.1:2599.inet inet +master_service_disable = !smtp.inet inet queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }} data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }} @@ -56,19 +56,20 @@ virtual_transport = smtpl:[127.0.0.1]:{{ LDA.port }} {% else %} virtual_transport = smtps:[{{ LDA.host }}]:{{ LDA.port }} {% endif %} -# It's a bit stupid to include part of the virtual_mailbox_maps here, -# but we need to tell postfix to accept the recipient -# (virtual_mailbox_maps) *before* sending away to the right machine -# (transport_maps) -transport_maps = pcre:$config_directory/virtual/transport_reserved_maps.pcre - ldap:$config_directory/virtual/transport_mailbox_maps.cf - ldap:$config_directory/virtual/transport_lists_maps.cf - ldap:$config_directory/virtual/transport_catchall_maps.cf virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf -virtual_alias_maps = cdb:$config_directory/virtual/reserved_alias_maps - ldap:$config_directory/virtual/alias_maps.cf -virtual_mailbox_maps = $transport_maps +virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre + ldap:$config_directory/virtual/alias.cf + # stop the alias resolution (by making finding + # an A -> A alias) before searching for + # catch-alls and domain aliases + $virtual_mailbox_maps + ldap:$config_directory/virtual/alias_domains.cf + ldap:$config_directory/virtual/catchall.cf +virtual_mailbox_maps = ldap:$config_directory/virtual/mailbox.cf + ldap:$config_directory/virtual/list.cf +transport_maps = cdb:$config_directory/virtual/transport_reserved_alias + ldap:$config_directory/virtual/transport_list.cf # Don't rewrite remote headers local_header_rewrite_clients = diff --git a/roles/MX/templates/etc/postfix/virtual/alias_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 index 8e3a778..c7d2f0a 100644 --- a/roles/MX/templates/etc/postfix/virtual/alias_maps.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 @@ -1,6 +1,8 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +domain = static:all scope = base +bind = none query_filter = (&(objectClass=FripostVirtualAlias)(fvl=%u)) result_attribute = fripostMaildrop diff --git a/roles/MX/templates/etc/postfix/virtual/transport_catchall_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 index cc189cf..dec8bce 100644 --- a/roles/MX/templates/etc/postfix/virtual/transport_catchall_maps.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 @@ -1,8 +1,9 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +domain = static:all scope = base bind = none -query_filter = (&(objectClass=FripostVirtualDomain)(fvd=%d)(fripostOptionalMaildrop=*)) -result_attribute = fvd -result_format = smtpl:[127.0.0.1]:2599 +query_filter = (&(objectClass=FripostVirtualAliasDomain)(fvd=%d)) +result_attribute = fripostMaildrop +result_format = %U@%s diff --git a/roles/MX/templates/etc/postfix/virtual/catchall_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 index f8324f6..8ac40fd 100644 --- a/roles/MX/templates/etc/postfix/virtual/catchall_maps.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 @@ -1,7 +1,8 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +domain = static:all scope = base bind = none -query_filter = (&(objectClass=FripostVirtualDomain)(fvd=%d)(fripostOptionalMaildrop=*)) +query_filter = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostVirtualAliasDomain))(fvd=%d)(fripostOptionalMaildrop=*)) result_attribute = fripostOptionalMaildrop diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 new file mode 100644 index 0000000..8bcd5df --- /dev/null +++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 @@ -0,0 +1,9 @@ +server_host = ldapi://%2Fprivate%2Fldapi/ +version = 3 +search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +domain = static:all +scope = base +bind = none +query_filter = (&(objectClass=FripostVirtualList)(fvl=%u)) +result_attribute = fvl +result_format = %S diff --git a/roles/MX/templates/etc/postfix/virtual/transport_mailbox_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 index 3e003db..b421e9a 100644 --- a/roles/MX/templates/etc/postfix/virtual/transport_mailbox_maps.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 @@ -1,12 +1,9 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +domain = static:all scope = base bind = none query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u)) result_attribute = fvl -{% if 'LDA' in group_names %} -result_format = smtpl:[127.0.0.1]:{{ LDA.port }} -{% else %} -result_format = smtps:[{{ LDA.host }}]:{{ LDA.port }} -{% endif %} +result_format = %S diff --git a/roles/MX/templates/etc/postfix/virtual/transport_reserved_maps.pcre.j2 b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 index e240e91..6f62a01 100644 --- a/roles/MX/templates/etc/postfix/virtual/transport_reserved_maps.pcre.j2 +++ b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 @@ -1,6 +1,5 @@ -if !/@fripost\.org$/ +/^(?:postmaster|abuse)(?:\+.*)?@fripost\.org$/ admin@fripost.org # For other domains, RFC 822 section 6.3 and RFC 2142 section 4 # mandatory aliases are forwarded to OUR admin team and to the domain # owner or postmaster, if there are any. -/^(?:postmaster|abuse)(?:\+.*)?@/ reserved-alias: -endif +/^((?:postmaster|abuse)(?:\+.*)?@.*)/ $1@reserved.locahost.localdomain diff --git a/roles/MX/templates/etc/postfix/virtual/reserved_alias_maps.j2 b/roles/MX/templates/etc/postfix/virtual/reserved_alias_maps.j2 deleted file mode 100644 index fe04715..0000000 --- a/roles/MX/templates/etc/postfix/virtual/reserved_alias_maps.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# RFC 822 section 6.3 and RFC 2142 section 4 mandatory aliases are -# forwarded to the admin team. -postmaster@fripost.org admin@fripost.org -abuse@fripost.org admin@fripost.org diff --git a/roles/MX/templates/etc/postfix/virtual/transport_lists_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/transport_list.cf.j2 index 6a0965f..eb696db 100644 --- a/roles/MX/templates/etc/postfix/virtual/transport_lists_maps.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/transport_list.cf.j2 @@ -1,9 +1,10 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +domain = static:all scope = base bind = none -query_filter = (&(|(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(fvl=%u)) +query_filter = (&(objectClass=FripostVirtualList)(fvl=%u)) result_attribute = fvl {% if 'lists' in group_names %} result_format = smtpl:[127.0.0.1]:{{ lists.port }} diff --git a/roles/MX/templates/etc/postfix/virtual/transport_reserved_alias.j2 b/roles/MX/templates/etc/postfix/virtual/transport_reserved_alias.j2 new file mode 100644 index 0000000..4af5318 --- /dev/null +++ b/roles/MX/templates/etc/postfix/virtual/transport_reserved_alias.j2 @@ -0,0 +1 @@ +reserved.locahost.localdomain reserved-alias: |