summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf1
-rw-r--r--roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf1
-rw-r--r--roles/IMAP/templates/etc/postfix/main.cf.j22
-rw-r--r--roles/MX/tasks/main.yml17
-rw-r--r--roles/MX/templates/etc/postfix/main.cf.j225
-rw-r--r--roles/MX/templates/etc/postfix/virtual/alias.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/alias_maps.cf.j2)2
-rw-r--r--roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/transport_catchall_maps.cf.j2)7
-rw-r--r--roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/catchall_maps.cf.j2)3
-rw-r--r--roles/MX/templates/etc/postfix/virtual/list.cf.j29
-rw-r--r--roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/transport_mailbox_maps.cf.j2)7
-rw-r--r--roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 (renamed from roles/MX/templates/etc/postfix/virtual/transport_reserved_maps.pcre.j2)5
-rw-r--r--roles/MX/templates/etc/postfix/virtual/reserved_alias_maps.j24
-rw-r--r--roles/MX/templates/etc/postfix/virtual/transport_list.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/transport_lists_maps.cf.j2)3
-rw-r--r--roles/MX/templates/etc/postfix/virtual/transport_reserved_alias.j21
-rw-r--r--roles/common-LDAP/files/etc/ldap/schema/fripost.ldif18
-rw-r--r--roles/common-LDAP/templates/etc/ldap/database.ldif.j28
-rw-r--r--roles/common/files/etc/postfix/master.cf6
-rw-r--r--roles/lists/files/etc/postfix/virtual/transport_lists_maps.cf1
18 files changed, 67 insertions, 53 deletions
diff --git a/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf b/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf
index da1b2cf..009dd98 100644
--- a/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf
+++ b/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf
@@ -1,6 +1,7 @@
server_host = ldapi://%2Fprivate%2Fldapi/
version = 3
search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
scope = base
bind = none
query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u))
diff --git a/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf
index 3a97841..b082f69 100644
--- a/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf
+++ b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf
@@ -1,6 +1,7 @@
server_host = ldapi://%2Fprivate%2Fldapi/
version = 3
search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
scope = base
bind = none
query_filter = (&(objectClass=FripostVirtualUser)(objectClass=AmavisAccount)(fvl=%u))
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index df2e9fb..2da85e9 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -18,7 +18,7 @@ mydomain = {{ ansible_domain }}
append_dot_mydomain = no
# Turn off all TCP/IP listener ports except that necessary for the MDA.
-master_service_disable = !127.0.0.1:2526.inet inet
+master_service_disable = !2526.inet inet
queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }}
data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }}
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index 2ffe08d..e8dadb1 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -47,17 +47,18 @@
mode=0644
with_items:
- mailbox_domains.cf
- - reserved_alias_maps
- - alias_maps.cf
- - catchall_maps.cf
- - transport_reserved_maps.pcre
- - transport_mailbox_maps.cf
- - transport_lists_maps.cf
- - transport_catchall_maps.cf
+ - reserved_alias.pcre
+ - alias.cf
+ - mailbox.cf
+ - list.cf
+ - alias_domains.cf
+ - catchall.cf
+ - transport_reserved_alias
+ - transport_list.cf
- name: Compile the Reserved Transport Maps
postmap: instance={{ postfix_instance[inst].name }}
- src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/reserved_alias_maps db=cdb
+ src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport_reserved_alias db=cdb
owner=root group=root
mode=0644
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 9f88eef..6c2004a 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -19,7 +19,7 @@ append_dot_mydomain = no
# Turn off all TCP/IP listener ports except that necessary for the mail
# exchange.
-master_service_disable = !smtp.inet !127.0.0.1:2599.inet inet
+master_service_disable = !smtp.inet inet
queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }}
data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }}
@@ -56,19 +56,20 @@ virtual_transport = smtpl:[127.0.0.1]:{{ LDA.port }}
{% else %}
virtual_transport = smtps:[{{ LDA.host }}]:{{ LDA.port }}
{% endif %}
-# It's a bit stupid to include part of the virtual_mailbox_maps here,
-# but we need to tell postfix to accept the recipient
-# (virtual_mailbox_maps) *before* sending away to the right machine
-# (transport_maps)
-transport_maps = pcre:$config_directory/virtual/transport_reserved_maps.pcre
- ldap:$config_directory/virtual/transport_mailbox_maps.cf
- ldap:$config_directory/virtual/transport_lists_maps.cf
- ldap:$config_directory/virtual/transport_catchall_maps.cf
virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
-virtual_alias_maps = cdb:$config_directory/virtual/reserved_alias_maps
- ldap:$config_directory/virtual/alias_maps.cf
-virtual_mailbox_maps = $transport_maps
+virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre
+ ldap:$config_directory/virtual/alias.cf
+ # stop the alias resolution (by making finding
+ # an A -> A alias) before searching for
+ # catch-alls and domain aliases
+ $virtual_mailbox_maps
+ ldap:$config_directory/virtual/alias_domains.cf
+ ldap:$config_directory/virtual/catchall.cf
+virtual_mailbox_maps = ldap:$config_directory/virtual/mailbox.cf
+ ldap:$config_directory/virtual/list.cf
+transport_maps = cdb:$config_directory/virtual/transport_reserved_alias
+ ldap:$config_directory/virtual/transport_list.cf
# Don't rewrite remote headers
local_header_rewrite_clients =
diff --git a/roles/MX/templates/etc/postfix/virtual/alias_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2
index 8e3a778..c7d2f0a 100644
--- a/roles/MX/templates/etc/postfix/virtual/alias_maps.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2
@@ -1,6 +1,8 @@
server_host = ldapi://%2Fprivate%2Fldapi/
version = 3
search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
scope = base
+bind = none
query_filter = (&(objectClass=FripostVirtualAlias)(fvl=%u))
result_attribute = fripostMaildrop
diff --git a/roles/MX/templates/etc/postfix/virtual/transport_catchall_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2
index cc189cf..dec8bce 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport_catchall_maps.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2
@@ -1,8 +1,9 @@
server_host = ldapi://%2Fprivate%2Fldapi/
version = 3
search_base = fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
scope = base
bind = none
-query_filter = (&(objectClass=FripostVirtualDomain)(fvd=%d)(fripostOptionalMaildrop=*))
-result_attribute = fvd
-result_format = smtpl:[127.0.0.1]:2599
+query_filter = (&(objectClass=FripostVirtualAliasDomain)(fvd=%d))
+result_attribute = fripostMaildrop
+result_format = %U@%s
diff --git a/roles/MX/templates/etc/postfix/virtual/catchall_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2
index f8324f6..8ac40fd 100644
--- a/roles/MX/templates/etc/postfix/virtual/catchall_maps.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2
@@ -1,7 +1,8 @@
server_host = ldapi://%2Fprivate%2Fldapi/
version = 3
search_base = fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
scope = base
bind = none
-query_filter = (&(objectClass=FripostVirtualDomain)(fvd=%d)(fripostOptionalMaildrop=*))
+query_filter = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostVirtualAliasDomain))(fvd=%d)(fripostOptionalMaildrop=*))
result_attribute = fripostOptionalMaildrop
diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2
new file mode 100644
index 0000000..8bcd5df
--- /dev/null
+++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2
@@ -0,0 +1,9 @@
+server_host = ldapi://%2Fprivate%2Fldapi/
+version = 3
+search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
+scope = base
+bind = none
+query_filter = (&(objectClass=FripostVirtualList)(fvl=%u))
+result_attribute = fvl
+result_format = %S
diff --git a/roles/MX/templates/etc/postfix/virtual/transport_mailbox_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2
index 3e003db..b421e9a 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport_mailbox_maps.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2
@@ -1,12 +1,9 @@
server_host = ldapi://%2Fprivate%2Fldapi/
version = 3
search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
scope = base
bind = none
query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u))
result_attribute = fvl
-{% if 'LDA' in group_names %}
-result_format = smtpl:[127.0.0.1]:{{ LDA.port }}
-{% else %}
-result_format = smtps:[{{ LDA.host }}]:{{ LDA.port }}
-{% endif %}
+result_format = %S
diff --git a/roles/MX/templates/etc/postfix/virtual/transport_reserved_maps.pcre.j2 b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2
index e240e91..6f62a01 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport_reserved_maps.pcre.j2
+++ b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2
@@ -1,6 +1,5 @@
-if !/@fripost\.org$/
+/^(?:postmaster|abuse)(?:\+.*)?@fripost\.org$/ admin@fripost.org
# For other domains, RFC 822 section 6.3 and RFC 2142 section 4
# mandatory aliases are forwarded to OUR admin team and to the domain
# owner or postmaster, if there are any.
-/^(?:postmaster|abuse)(?:\+.*)?@/ reserved-alias:
-endif
+/^((?:postmaster|abuse)(?:\+.*)?@.*)/ $1@reserved.locahost.localdomain
diff --git a/roles/MX/templates/etc/postfix/virtual/reserved_alias_maps.j2 b/roles/MX/templates/etc/postfix/virtual/reserved_alias_maps.j2
deleted file mode 100644
index fe04715..0000000
--- a/roles/MX/templates/etc/postfix/virtual/reserved_alias_maps.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-# RFC 822 section 6.3 and RFC 2142 section 4 mandatory aliases are
-# forwarded to the admin team.
-postmaster@fripost.org admin@fripost.org
-abuse@fripost.org admin@fripost.org
diff --git a/roles/MX/templates/etc/postfix/virtual/transport_lists_maps.cf.j2 b/roles/MX/templates/etc/postfix/virtual/transport_list.cf.j2
index 6a0965f..eb696db 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport_lists_maps.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/transport_list.cf.j2
@@ -1,9 +1,10 @@
server_host = ldapi://%2Fprivate%2Fldapi/
version = 3
search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
scope = base
bind = none
-query_filter = (&(|(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(fvl=%u))
+query_filter = (&(objectClass=FripostVirtualList)(fvl=%u))
result_attribute = fvl
{% if 'lists' in group_names %}
result_format = smtpl:[127.0.0.1]:{{ lists.port }}
diff --git a/roles/MX/templates/etc/postfix/virtual/transport_reserved_alias.j2 b/roles/MX/templates/etc/postfix/virtual/transport_reserved_alias.j2
new file mode 100644
index 0000000..4af5318
--- /dev/null
+++ b/roles/MX/templates/etc/postfix/virtual/transport_reserved_alias.j2
@@ -0,0 +1 @@
+reserved.locahost.localdomain reserved-alias:
diff --git a/roles/common-LDAP/files/etc/ldap/schema/fripost.ldif b/roles/common-LDAP/files/etc/ldap/schema/fripost.ldif
index 72695ab..54f3037 100644
--- a/roles/common-LDAP/files/etc/ldap/schema/fripost.ldif
+++ b/roles/common-LDAP/files/etc/ldap/schema/fripost.ldif
@@ -83,7 +83,7 @@ olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.3 NAME 'fripostMaildrop'
# users, because the presence index should *not* apply to the
# mandatory attribute above.
olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.4 NAME 'fripostOptionalMaildrop'
- DESC 'An optional email address for catch-all aliases on domains and users'
+ DESC 'An optional email address for catch-all or domain aliases'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
@@ -145,26 +145,32 @@ olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.2 NAME 'FripostVirtualDomain'
fripostOwner $ fripostPostmaster $
fripostOptionalMaildrop $ description ) )
#
+# Domain alias (for the domain given by fripostMaildrop). Children are ignored.
+olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.3 NAME 'FripostVirtualAliasDomain'
+ SUP FripostVirtualDomain STRUCTURAL
+ DESC 'Virtual alias domain'
+ MUST ( fripostMaildrop ) )
+#
# | TODO: add limits here
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.3 NAME 'FripostVirtualUser'
+olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.4 NAME 'FripostVirtualUser'
SUP top STRUCTURAL
DESC 'Virtual user'
MUST ( fvl $ userPassword $ fripostIsStatusActive )
- MAY ( fripostUserQuota $ fripostOptionalMaildrop $ description) )
+ MAY ( fripostUserQuota $ description) )
#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.4 NAME 'FripostVirtualAlias'
+olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.5 NAME 'FripostVirtualAlias'
SUP top STRUCTURAL
DESC 'Virtual alias'
MUST ( fvl $ fripostMaildrop $ fripostIsStatusActive )
MAY ( fripostOwner $ description ) )
#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.5 NAME 'FripostVirtualList'
+olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.6 NAME 'FripostVirtualList'
SUP top STRUCTURAL
DESC 'Virtual list'
MUST ( fvl $ fripostListManager $ fripostIsStatusActive )
MAY ( fripostOwner $ description ) )
#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.6 NAME 'FripostPendingEntry'
+olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.7 NAME 'FripostPendingEntry'
SUP top AUXILIARY
DESC 'Virtual pending entry'
MAY ( fripostPendingToken ) )
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index 6e5961b..33ef108 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -289,7 +289,7 @@ olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=org"
#
# We're giving away create/delete access on the children attributes, but we will be carefull
# with the 'entry' permissions.
-olcAccess: to dn.base="ou=virtual,o=mailHosting,dc=fripost,dc=org"
+olcAccess: to dn.exact="ou=virtual,o=mailHosting,dc=fripost,dc=org"
filter=(objectClass=FripostVirtual)
attrs=children
by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" =w
@@ -300,7 +300,7 @@ olcAccess: to dn.one="ou=virtual,o=mailHosting,dc=fripost,dc=org"
by dn.exact="cn=DeletePendingEntries,ou=services,o=mailHosting,dc=fripost,dc=org" =z
by * break
olcAccess: to dn.one="ou=virtual,o=mailHosting,dc=fripost,dc=org"
- filter=(&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry)))
+ filter=(&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(!(objectClass=FripostVirtualAliasDomain)))
attrs=children
by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" =w
#
@@ -534,11 +534,11 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
#
# Users with "canAddDomain" access can see that they have the right
# to create domains.
-olcAccess: to dn.base="ou=virtual,o=mailHosting,dc=fripost,dc=org"
+olcAccess: to dn.exact="ou=virtual,o=mailHosting,dc=fripost,dc=org"
filter=(objectClass=FripostVirtual)
attrs=entry
by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" +rd
-olcAccess: to dn.base="ou=virtual,o=mailHosting,dc=fripost,dc=org"
+olcAccess: to dn.exact="ou=virtual,o=mailHosting,dc=fripost,dc=org"
filter=(objectClass=FripostVirtual)
attrs=fripostCanAddDomain
by set.exact="this/fripostCanAddDomain & (user | user/-1)" =rscd
diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf
index 3833446..4fdbff3 100644
--- a/roles/common/files/etc/postfix/master.cf
+++ b/roles/common/files/etc/postfix/master.cf
@@ -39,14 +39,10 @@ lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
127.0.0.1:16132 inet n - - - - smtpd
-127.0.0.1:2526 inet n - - - - smtpd
+2526 inet n - - - - smtpd
2527 inet n - - - - smtpd
-o mynetworks=0.0.0.0/0
127.0.0.1:2580 inet n - - - - smtpd
-127.0.0.1:2599 inet n - - - - smtpd
- -o cleanup_service_name=cleanup-catchall
-cleanup-catchall unix n - - - 0 cleanup
- -o virtual_alias_maps=cdb:$config_directory/virtual/reserved_alias_maps,ldap:$config_directory/virtual/alias_maps.cf,ldap:/etc/postfix-mx/virtual/catchall_maps.cf
127.0.0.1:smtp inet n - - - - smtpd
-o inet_interfaces=127.0.0.1
reserved-alias unix - n n - - pipe
diff --git a/roles/lists/files/etc/postfix/virtual/transport_lists_maps.cf b/roles/lists/files/etc/postfix/virtual/transport_lists_maps.cf
index 50631e5..f85c4f8 100644
--- a/roles/lists/files/etc/postfix/virtual/transport_lists_maps.cf
+++ b/roles/lists/files/etc/postfix/virtual/transport_lists_maps.cf
@@ -1,6 +1,7 @@
server_host = ldapi://%2Fprivate%2Fldapi/
version = 3
search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+domain = static:all
scope = base
bind = none
query_filter = (&(objectClass=FripostVirtualList)(fvl=%u))