10 files changed, 13 insertions, 8 deletions

diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index a372cf4..a6c68f6 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -38,36 +38,39 @@
         state=directory
         owner=root group=root
         mode=0755
 
 - name: Copy lookup tables
   template: src=etc/postfix/virtual/{{ item }}.j2
             dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
             owner=root group=root
             mode=0644
   with_items:
     - mailbox_domains.cf
     # no need to reload upon change, as cleanup(8) is short-running
     - reserved_alias.pcre
     - alias.cf
     - mailbox.cf
     - list.cf
     - alias_domains.cf
     - catchall.cf
     - transport
 
-- name: Compile the Reserved Transport Maps
+- name: Compile the Postfix transport maps
+  # trivial-rewrite(8) is a long-running process, so it's safer to reload
   postmap: instance={{ postfix_instance[inst].name }}
            src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=cdb
            owner=root group=root
            mode=0644
+  notify:
+    - Reload Postfix
 
 - name: Copy reserved-alias.pl
   copy: src=usr/local/sbin/reserved-alias.pl
         dest=/usr/local/sbin/reserved-alias.pl
         owner=root group=root
         mode=0755
 
 - meta: flush_handlers
 
 - name: Start Postfix
   service: name=postfix state=started
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 8785c5a..b0da1bc 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -37,41 +37,41 @@ local_transport      = error:5.1.1 Mailbox unavailable
 alias_maps           =
 alias_database       =
 local_recipient_maps =
 
 message_size_limit  = 67108864
 recipient_delimiter = +
 
 # Forward everything to our internal outgoing proxy
 {% if 'out' in group_names %}
 relayhost     = [127.0.0.1]:{{ postfix_instance.out.port }}
 {% else %}
 relayhost     = [outgoing.fripost.org]:{{ postfix_instance.out.port }}
 {% endif %}
 relay_domains =
 
 
 # Virtual transport
 # We use a dedicated "virtual" domain to decongestion potential
 # bottlenecks on trivial_rewrite(8) due to slow LDAP lookups in
 # tranport_maps.
-virtual_transport = error:5.1.1 Virtual transport unavailable
+virtual_transport       = error:5.1.1 Virtual transport unavailable
 virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
 virtual_alias_maps      = pcre:$config_directory/virtual/reserved_alias.pcre
                           # first we do the alias resolution...
                           ldap:$config_directory/virtual/alias.cf
                           # ...and unless there is matching mailbox/list...
                           ldap:$config_directory/virtual/mailbox.cf
                           ldap:$config_directory/virtual/list.cf
                           # ...we resolve alias domains and catch alls
                           ldap:$config_directory/virtual/alias_domains.cf
                           ldap:$config_directory/virtual/catchall.cf
 virtual_mailbox_maps    =
 transport_maps          = cdb:$config_directory/virtual/transport
 
 
 # Don't rewrite remote headers
 local_header_rewrite_clients     =
 # Pass the client information along to the content filter
 smtp_send_xforward_command       = yes
 # Avoid splitting the envelope and scanning messages multiple times
 smtp_destination_recipient_limit = 1000
diff --git a/roles/MX/templates/etc/postfix/virtual/alias.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2
index 31a23ce..c0ab405 100644
--- a/roles/MX/templates/etc/postfix/virtual/alias.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/alias.cf.j2
@@ -1,10 +1,10 @@
 server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
 bind             = yes
 bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
 bind_pw          = FIXME
-query_filter     = (&(objectClass=FripostVirtualAlias)(fvl=%u))
+query_filter     = (&(objectClass=FripostVirtualAlias)(fvl=%u)(fripostIsStatusActive=TRUE))
 result_attribute = fripostMaildrop
diff --git a/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2
index b338c8c..7679a9c 100644
--- a/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/alias_domains.cf.j2
@@ -1,11 +1,12 @@
 server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
 bind             = yes
 bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
 bind_pw          = FIXME
+# The domain has already been validated (it's active and not pending)
 query_filter     = (&(objectClass=FripostVirtualAliasDomain)(fvd=%d))
 result_attribute = fripostMaildrop
 result_format    = %U@%s
diff --git a/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2 b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2
index 3d86ecf..818ad02 100644
--- a/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/catchall.cf.j2
@@ -1,10 +1,11 @@
 server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
 bind             = yes
 bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
 bind_pw          = FIXME
+# The domain has already been validated (it's active and not pending)
 query_filter     = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostVirtualAliasDomain))(fvd=%d)(fripostOptionalMaildrop=*))
 result_attribute = fripostOptionalMaildrop
diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2
index a39343b..a2ff325 100644
--- a/roles/MX/templates/etc/postfix/virtual/list.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2
@@ -1,13 +1,13 @@
 server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
 bind             = yes
 bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
 bind_pw          = FIXME
-query_filter     = (&(objectClass=FripostVirtualList)(fvl=%u))
+query_filter     = (&(objectClass=FripostVirtualList)(!(objectClass=FripostPendingEntry))(fvl=%u)(fripostIsStatusActive=TRUE))
 result_attribute = fvl
 # Use a dedicated "virtual" domain to decongestion potential bottlenecks
 # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps.
 result_format    = %D/%U@lists.fripost.org
diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2
index 083b638..9b584c9 100644
--- a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2
@@ -1,13 +1,13 @@
 server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
 bind             = yes
 bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
 bind_pw          = FIXME
-query_filter     = (&(objectClass=FripostVirtualUser)(fvl=%u))
+query_filter     = (&(objectClass=FripostVirtualUser)(fvl=%u)(fripostIsStatusActive=TRUE))
 result_attribute = fvl
 # Use a dedicated "virtual" domain to decongestion potential bottlenecks
 # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps.
 result_format    = %D/%U@mda.fripost.org
diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2
index fde355e..1cb8add 100644
--- a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2
@@ -1,10 +1,10 @@
 server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
 scope            = one
 bind             = yes
 bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
 bind_pw          = FIXME
-query_filter     = (&(objectClass=FripostVirtualDomain)(fvd=%s))
+query_filter     = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(fvd=%s)(fripostIsStatusActive=TRUE))
 result_attribute = fvd
 result_format    = OK
diff --git a/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2 b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2
index 6f62a01..f1c79c7 100644
--- a/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2
+++ b/roles/MX/templates/etc/postfix/virtual/reserved_alias.pcre.j2
@@ -1,5 +1,5 @@
 /^(?:postmaster|abuse)(?:\+.*)?@fripost\.org$/ admin@fripost.org
 # For other domains, RFC 822 section 6.3 and RFC 2142 section 4
 # mandatory aliases are forwarded to OUR admin team and to the domain
 # owner or postmaster, if there are any.
-/^((?:postmaster|abuse)(?:\+.*)?@.*)/   $1@reserved.locahost.localdomain
+/^(postmaster|abuse)(?:\+.*)?@(.*)/   $2/$1@reserved.fripost.org
diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2
index a34dcad..85715a0 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport.j2
+++ b/roles/MX/templates/etc/postfix/virtual/transport.j2
@@ -1,13 +1,13 @@
-reserved.locahost.localdomain   reserved-alias:
+reserved.fripost.org    reserved-alias:
 
 {% if 'LDA' in group_names %}
 mda.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.IMAP.port }}
 {% else %}
 mda.fripost.org smtp:[mda.fripost.org]:{{ postfix_instance.IMAP.port }}
 {% endif %}
 
 {% if 'lists' in group_names %}
 lists.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }}
 {% else %}
 lists.fripost.org smtp:[lists.fripost.org]:{{ postfix_instance.lists.port }}
 {% endif %}