diff options
Diffstat (limited to 'roles/MX/templates/etc/postfix')
9 files changed, 9 insertions, 7 deletions
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 8785c5a..b0da1bc 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -37,41 +37,41 @@ local_transport = error:5.1.1 Mailbox unavailable alias_maps = alias_database = local_recipient_maps = message_size_limit = 67108864 recipient_delimiter = + # Forward everything to our internal outgoing proxy {% if 'out' in group_names %} relayhost = [127.0.0.1]:{{ postfix_instance.out.port }} {% else %} relayhost = [outgoing.fripost.org]:{{ postfix_instance.out.port }} {% endif %} relay_domains = # Virtual transport # We use a dedicated "virtual" domain to decongestion potential # bottlenecks on trivial_rewrite(8) due to slow LDAP lookups in # tranport_maps. -virtual_transport = error:5.1.1 Virtual transport unavailable +virtual_transport = error:5.1.1 Virtual transport unavailable virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre # first we do the alias resolution... ldap:$config_directory/virtual/alias.cf # ...and unless there is matching mailbox/list... ldap:$config_directory/virtual/mailbox.cf ldap:$config_directory/virtual/list.cf # ...we resolve alias domains and catch alls ldap:$config_directory/virtual/alias_domains.cf ldap:$config_directory/virtual/catchall.cf virtual_mailbox_maps = transport_maps = cdb:$config_directory/virtual/transport # Don't rewrite remote headers local_header_rewrite_clients = # Pass the client information along to the content filter smtp_send_xforward_command = yes # Avoid splitting the envelope and scanning messages multiple times smtp_destination_recipient_limit = 1000 diff --git a/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 index 31a23ce..c0ab405 100644 --- a/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 @@ -1,10 +1,10 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvd=%d,ou=virtual,dc=fripost,dc=org domain = static:all scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME -query_filter = (&(objectClass=FripostVirtualAlias)(fvl=%u)) +query_filter = (&(objectClass=FripostVirtualAlias)(fvl=%u)(fripostIsStatusActive=TRUE)) result_attribute = fripostMaildrop diff --git a/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 index b338c8c..7679a9c 100644 --- a/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 @@ -1,11 +1,12 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = ou=virtual,dc=fripost,dc=org domain = static:all scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME +# The domain has already been validated (it's active and not pending) query_filter = (&(objectClass=FripostVirtualAliasDomain)(fvd=%d)) result_attribute = fripostMaildrop result_format = %U@%s diff --git a/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 index 3d86ecf..818ad02 100644 --- a/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 @@ -1,10 +1,11 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = ou=virtual,dc=fripost,dc=org domain = static:all scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME +# The domain has already been validated (it's active and not pending) query_filter = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostVirtualAliasDomain))(fvd=%d)(fripostOptionalMaildrop=*)) result_attribute = fripostOptionalMaildrop diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 index a39343b..a2ff325 100644 --- a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 @@ -1,13 +1,13 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvd=%d,ou=virtual,dc=fripost,dc=org domain = static:all scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME -query_filter = (&(objectClass=FripostVirtualList)(fvl=%u)) +query_filter = (&(objectClass=FripostVirtualList)(!(objectClass=FripostPendingEntry))(fvl=%u)(fripostIsStatusActive=TRUE)) result_attribute = fvl # Use a dedicated "virtual" domain to decongestion potential bottlenecks # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps. result_format = %D/%U@lists.fripost.org diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 index 083b638..9b584c9 100644 --- a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 @@ -1,13 +1,13 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvd=%d,ou=virtual,dc=fripost,dc=org domain = static:all scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME -query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u)) +query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u)(fripostIsStatusActive=TRUE)) result_attribute = fvl # Use a dedicated "virtual" domain to decongestion potential bottlenecks # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps. result_format = %D/%U@mda.fripost.org diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 index fde355e..1cb8add 100644 --- a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 @@ -1,10 +1,10 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = ou=virtual,dc=fripost,dc=org scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME -query_filter = (&(objectClass=FripostVirtualDomain)(fvd=%s)) +query_filter = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(fvd=%s)(fripostIsStatusActive=TRUE)) result_attribute = fvd result_format = OK diff --git a/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 index 6f62a01..f1c79c7 100644 --- a/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 +++ b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 @@ -1,5 +1,5 @@ /^(?:postmaster|abuse)(?:\+.*)?@fripost\.org$/ admin@fripost.org # For other domains, RFC 822 section 6.3 and RFC 2142 section 4 # mandatory aliases are forwarded to OUR admin team and to the domain # owner or postmaster, if there are any. -/^((?:postmaster|abuse)(?:\+.*)?@.*)/ $1@reserved.locahost.localdomain +/^(postmaster|abuse)(?:\+.*)?@(.*)/ $2/$1@reserved.fripost.org diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2 index a34dcad..85715a0 100644 --- a/roles/MX/templates/etc/postfix/virtual/transport.j2 +++ b/roles/MX/templates/etc/postfix/virtual/transport.j2 @@ -1,13 +1,13 @@ -reserved.locahost.localdomain reserved-alias: +reserved.fripost.org reserved-alias: {% if 'LDA' in group_names %} mda.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.IMAP.port }} {% else %} mda.fripost.org smtp:[mda.fripost.org]:{{ postfix_instance.IMAP.port }} {% endif %} {% if 'lists' in group_names %} lists.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }} {% else %} lists.fripost.org smtp:[lists.fripost.org]:{{ postfix_instance.lists.port }} {% endif %} |