summaryrefslogtreecommitdiffstats
path: root/roles/mx/files/usr/local
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-12-01 23:51:28 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:03 +0200
commitd363522c15b1d1ce61b2780a539dd09e2e679d34 (patch)
tree6dcabada360ac52e05ec02eb2ff595626e0dc62f /roles/mx/files/usr/local
parent0c99d9d1600c0fe2c494f9c59ba8ea7966dcd65f (diff)
Configure the MX:es.
Diffstat (limited to 'roles/mx/files/usr/local')
-rwxr-xr-xroles/mx/files/usr/local/sbin/reserved-alias.pl110
1 files changed, 110 insertions, 0 deletions
diff --git a/roles/mx/files/usr/local/sbin/reserved-alias.pl b/roles/mx/files/usr/local/sbin/reserved-alias.pl
new file mode 100755
index 0000000..c122c6d
--- /dev/null
+++ b/roles/mx/files/usr/local/sbin/reserved-alias.pl
@@ -0,0 +1,110 @@
+#!/usr/bin/perl
+
+# Copyright © 2013 Guilhem Moulin <guilhem@fripost.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+use warnings;
+use strict;
+use Net::LDAPI;
+use Net::LDAP::Util qw/escape_filter_value ldap_explode_dn escape_dn_value/;
+use Authen::SASL;
+
+if (!@ARGV or grep { $_ eq '-h' or $_ eq '--help' } @ARGV) {
+ # Help
+ print STDERR "Usage: $0 [original recipient] [additional recipient ...]\n";
+ print STDERR "\n";
+ print STDERR "The message read from the standard input is redirected to 'additional recipient',\n";
+ print STDERR "and also forwarded to the domain owner if any. If the 'additional recipient' begins\n";
+ print STDERR "with '\@', the localpart of 'original recipient' is prepended.\n";
+ print STDERR "\n";
+ print STDERR "This is mostly useful to comply to RFC 822 section 6.3 and RFC 2142 section\n";
+ print STDERR "4 (to forward mails to 'admin\@' and 'postmaster\@' to the site admin in\n";
+ print STDERR "addition to the virtual domain manager).\n";
+ exit;
+}
+
+# The original recipient
+my $orig = shift;
+$orig =~ /^([^@]+)\@(.+)$/
+ or warn "Non fully qualified: $orig";
+my ($local,$domain) = ($1,$2);
+
+# The new recipient (typically, the admin site)
+my @recipients = grep { $_ and $orig ne $_ }
+ # add localparts to domain
+ map { my $x = $_;
+ if ($x =~ /^\@/) {
+ if ($local) {
+ $x = $local.$x;
+ }
+ else {
+ undef $x;
+ }
+ }
+ $x
+ }
+ @ARGV;
+# Die if we can't deliver to site admins
+die "Error: Aborted delivery to '$orig' in attempt to break an alias expansion loop.\n"
+ unless @recipients;
+
+my @sendmail = ('/usr/sbin/sendmail', '-i', '-bm');
+
+if (defined $domain) {
+ # Look for the domain owner/postmaster
+ my $ldap = Net::LDAPI->new();
+ $ldap->bind( sasl => Authen::SASL->new(mechanism => 'EXTERNAL') )
+ or die "Couldn't bind";
+
+ my @attrs = ( 'fripostPostmaster', 'fripostOwner' );
+ my $mesg = $ldap->search( base => 'fvd='.escape_dn_value($domain).','
+ .'ou=virtual,o=mailHosting,dc=fripost,dc=org'
+ , scope => 'base'
+ , deref => 'never'
+ , filter => '(&(objectClass=FripostVirtualDomain)'
+ .'(fvd='.escape_filter_value($domain).')'.
+ ')'
+ , attrs => \@attrs
+ );
+ if ($mesg->code) {
+ warn $mesg->error;
+ }
+ elsif ($mesg->count != 1) {
+ # Note: this may happen for "$mydestination", but these mails
+ # are unlikely. We'll get a harmless warning at worst.
+ warn "Something weird happened when looking up domain '".$domain.
+ "'. Check your ACL.";
+ }
+ else {
+ my $entry = $mesg->pop_entry() // die "Cannot pop entry.";
+ foreach (@attrs) {
+ my $v = $entry->get_value($_, asref => 1) or next;
+ foreach my $dn (@$v) {
+ my $dn2 = ldap_explode_dn($dn, casefold => 'lower');
+ my $l = $dn2->[0]->{fvl};
+ my $d = $dn2->[1]->{fvd};
+ if ($l and $d) {
+ push @recipients, $l.'@'.$d;
+ }
+ else {
+ warn "Invalid DN: $dn"
+ }
+ }
+ }
+ }
+ $ldap->unbind;
+}
+
+exec (@sendmail, @recipients);