From dcdb8cd6b1b525fc8eacd509586da3396c068251 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Dec 2018 03:18:56 +0100 Subject: Postfix: replace cdb & btree tables with lmdb ones. Cf. lmdb_table(5). --- lib/modules/postmap | 4 ++-- roles/IMAP/tasks/mda.yml | 2 +- roles/IMAP/templates/etc/postfix/main.cf.j2 | 2 +- roles/MSA/tasks/main.yml | 2 +- roles/MSA/templates/etc/postfix/main.cf.j2 | 2 +- roles/MX/tasks/main.yml | 4 ++-- roles/MX/templates/etc/postfix/main.cf.j2 | 5 +++-- roles/amavis/tasks/main.yml | 2 +- roles/common/files/etc/logcheck/ignore.d.server/postfix-local | 2 +- roles/common/tasks/clamav.yml | 2 +- roles/common/tasks/mail.yml | 6 +++--- roles/common/templates/etc/postfix/main.cf.j2 | 4 ++-- roles/lists/tasks/mail.yml | 2 +- roles/lists/templates/etc/postfix/main.cf.j2 | 2 +- roles/out/templates/etc/postfix/main.cf.j2 | 2 +- 15 files changed, 22 insertions(+), 21 deletions(-) diff --git a/lib/modules/postmap b/lib/modules/postmap index 7080b25..8c9d54c 100644 --- a/lib/modules/postmap +++ b/lib/modules/postmap @@ -42,7 +42,7 @@ def file_suffix(instance, db): null.closed # See postmap(1) and postalias(1) - suffixes = { 'btree': 'db', 'cdb': 'cdb', 'hash': 'db' } + suffixes = { 'btree': 'db', 'cdb': 'cdb', 'hash': 'db', 'lmdb': 'lmdb' } return suffixes[db] @@ -64,7 +64,7 @@ def main(): module = AnsibleModule( argument_spec = dict( src = dict( required=True ), - db = dict( choices=['btree','cdb','hash'] ), + db = dict( choices=['btree','cdb','hash','lmdb'] ), cmd = dict( choices=['postmap','postalias'], default='postmap' ), instance = dict( required=False ) ), diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml index ced15cc..1510103 100644 --- a/roles/IMAP/tasks/mda.yml +++ b/roles/IMAP/tasks/mda.yml @@ -27,7 +27,7 @@ - name: Compile the Postfix transport maps # trivial-rewrite(8) is a long-running process, so it's safer to reload - postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=lmdb owner=root group=root mode=0644 notify: diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 index a879d28..3d548ce 100644 --- a/roles/IMAP/templates/etc/postfix/main.cf.j2 +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -51,7 +51,7 @@ virtual_transport = lmtp:unix:private/dovecot-lmtpd lmtp_bind_address = 127.0.0.1 virtual_mailbox_domains = static:all virtual_mailbox_maps = static:all -#transport_maps = cdb:$config_directory/transport +#transport_maps = lmdb:$config_directory/transport # Restore the original envelope recipient relay_domains = diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml index 00c205d..4f32df3 100644 --- a/roles/MSA/tasks/main.yml +++ b/roles/MSA/tasks/main.yml @@ -52,7 +52,7 @@ - name: Compile the check_sender_access map # no need to reload upon change, as cleanup(8) is short-running - postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=cdb + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=lmdb owner=root group=root mode=0644 notify: diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 79808d5..7d7cb6d 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -103,7 +103,7 @@ smtpd_sender_login_maps = socketmap:unix:private/sender-login:sender_login smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain - check_sender_access cdb:$config_directory/check_sender_access + check_sender_access lmdb:$config_directory/check_sender_access reject_known_sender_login_mismatch smtpd_relay_restrictions = diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml index 78362ca..6092301 100644 --- a/roles/MX/tasks/main.yml +++ b/roles/MX/tasks/main.yml @@ -4,7 +4,7 @@ - postfix - postfix-pcre - postfix-ldap - - postfix-cdb + - postfix-lmdb # The following is for reserved-alias.pl - libnet-ldap-perl - libauthen-sasl-perl @@ -73,7 +73,7 @@ - name: Compile the Postfix transport maps # trivial-rewrite(8) is a long-running process, so it's safer to reload postmap: instance={{ postfix_instance[inst].name }} - src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=cdb + src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=lmdb owner=root group=root mode=0644 notify: diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index e5792c4..8362d57 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -45,7 +45,7 @@ relay_domains = # bottlenecks on trivial_rewrite(8) due to slow LDAP lookups in # tranport_maps. virtual_transport = error:5.1.1 Virtual transport unavailable -virtual_alias_domains = !cdb:$config_directory/virtual/transport +virtual_alias_domains = !lmdb:$config_directory/virtual/transport ldap:$config_directory/virtual/domains.cf virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre # unless there is a matching user/alias/list... @@ -55,7 +55,7 @@ virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre # ...we resolve alias domains and catch alls ldap:$config_directory/virtual/alias_domains.cf ldap:$config_directory/virtual/catchall.cf -transport_maps = cdb:$config_directory/virtual/transport +transport_maps = lmdb:$config_directory/virtual/transport # Don't rewrite remote headers @@ -102,6 +102,7 @@ postscreen_access_list = permit_mynetworks cidr:$config_directory/access-list.cidr postscreen_dnsbl_whitelist_threshold = -1 +postscreen_cache_map = lmdb:$data_directory/postscreen_cache postscreen_blacklist_action = drop postscreen_dnsbl_threshold = 8 diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml index d4298b8..ce43c9c 100644 --- a/roles/amavis/tasks/main.yml +++ b/roles/amavis/tasks/main.yml @@ -36,7 +36,7 @@ line="amavis{{':'}} root" - name: Compile the static local Postfix database - postmap: cmd=postalias src=/etc/aliases db=cdb + postmap: cmd=postalias src=/etc/aliases db=lmdb owner=root group=root mode=0644 diff --git a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local index df5e158..7df68c4 100644 --- a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local +++ b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local @@ -94,7 +94,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: COMMAND (COUNT|TIME) LIMIT from \[[[:xdigit:].:]{3,39}\]:[[:digit:]]+( after [[:upper:]]+)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: cache [a-z]+:\S+ full cleanup: retained=[[:digit:]]+ dropped=[[:digit:]]+ entries$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: warning: getpeername: Transport endpoint is not connected -- dropping this connection$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: warning: psc_cache_update: btree:/var/lib/postfix-mx/postscreen_cache update average delay is [[:digit:]]+ ms$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: warning: psc_cache_update: lmdb:/var/lib/postfix-mx/postscreen_cache update average delay is [[:digit:]]+ ms$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: warning: dnsblog reply timeout [[:digit:]]+s for [._[:alnum:]-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/dnsblog\[[[:digit:]]+\]: addr [[:xdigit:].:]{3,39} listed by domain [._[:alnum:]-]+ as [[:xdigit:].:]{3,39}$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/dnsblog\[[[:digit:]]+\]: warning: dnsblog_query: lookup error for DNS query ([._[:alnum:]-]+): Host or domain name not found. Name service error for name=\1 type=A(AAA)?: Host not found, try again$ diff --git a/roles/common/tasks/clamav.yml b/roles/common/tasks/clamav.yml index 1c68598..28a8460 100644 --- a/roles/common/tasks/clamav.yml +++ b/roles/common/tasks/clamav.yml @@ -26,6 +26,6 @@ line="clamav{{':'}} root" - name: Compile the static local Postfix database - postmap: cmd=postalias src=/etc/aliases db=cdb + postmap: cmd=postalias src=/etc/aliases db=lmdb owner=root group=root mode=0644 diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml index 7692c28..49815f5 100644 --- a/roles/common/tasks/mail.yml +++ b/roles/common/tasks/mail.yml @@ -4,7 +4,7 @@ # That one is nicer than GNU mailutils' mailx(1) - s-nail - postfix - - postfix-cdb + - postfix-lmdb - name: Create Postfix instances postmulti: instance={{ postfix_instance[item].name }} @@ -47,11 +47,11 @@ - { src: root, dst: 'root@fripost.org' } - name: Compile the static local Postfix database - postmap: cmd=postalias src=/etc/aliases db=cdb + postmap: cmd=postalias src=/etc/aliases db=lmdb owner=root group=root mode=0644 -# We're using CDB +# We're using LMDB - name: Delete /etc/aliases.db file: path=/etc/aliases.db state=absent diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2 index 55361ee..92a3340 100644 --- a/roles/common/templates/etc/postfix/main.cf.j2 +++ b/roles/common/templates/etc/postfix/main.cf.j2 @@ -26,8 +26,8 @@ alias_maps = local_recipient_maps = # All aliases are virtual -default_database_type = cdb -virtual_alias_maps = cdb:/etc/aliases +default_database_type = lmdb +virtual_alias_maps = lmdb:/etc/aliases alias_database = $virtual_alias_maps # Forward everything to our internal outgoing proxy diff --git a/roles/lists/tasks/mail.yml b/roles/lists/tasks/mail.yml index 409a74b..8705f91 100644 --- a/roles/lists/tasks/mail.yml +++ b/roles/lists/tasks/mail.yml @@ -24,7 +24,7 @@ - name: Compile the Postfix transport maps # trivial-rewrite(8) is a long-running process, so it's safer to reload - postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=lmdb owner=root group=root mode=0644 notify: diff --git a/roles/lists/templates/etc/postfix/main.cf.j2 b/roles/lists/templates/etc/postfix/main.cf.j2 index 07b27a6..667ceb9 100644 --- a/roles/lists/templates/etc/postfix/main.cf.j2 +++ b/roles/lists/templates/etc/postfix/main.cf.j2 @@ -47,7 +47,7 @@ default_transport = error:5.1.1 Transport unavailable relay_domains = sympa.$mydomain -transport_maps = cdb:$config_directory/transport +transport_maps = lmdb:$config_directory/transport sympa_destination_recipient_limit = 1 # Don't rewrite remote headers diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index 7167b14..fa314cc 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -49,7 +49,7 @@ smtp_tls_security_level = may smtp_tls_ciphers = medium smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_note_starttls_offer = yes -smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache +smtp_tls_session_cache_database = lmdb:$data_directory/smtp_tls_session_cache smtpd_tls_security_level = none -- cgit v1.2.3