From dcdb8cd6b1b525fc8eacd509586da3396c068251 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Dec 2018 03:18:56 +0100
Subject: Postfix: replace cdb & btree tables with lmdb ones.
Cf. lmdb_table(5).
---
lib/modules/postmap | 4 ++--
roles/IMAP/tasks/mda.yml | 2 +-
roles/IMAP/templates/etc/postfix/main.cf.j2 | 2 +-
roles/MSA/tasks/main.yml | 2 +-
roles/MSA/templates/etc/postfix/main.cf.j2 | 2 +-
roles/MX/tasks/main.yml | 4 ++--
roles/MX/templates/etc/postfix/main.cf.j2 | 5 +++--
roles/amavis/tasks/main.yml | 2 +-
roles/common/files/etc/logcheck/ignore.d.server/postfix-local | 2 +-
roles/common/tasks/clamav.yml | 2 +-
roles/common/tasks/mail.yml | 6 +++---
roles/common/templates/etc/postfix/main.cf.j2 | 4 ++--
roles/lists/tasks/mail.yml | 2 +-
roles/lists/templates/etc/postfix/main.cf.j2 | 2 +-
roles/out/templates/etc/postfix/main.cf.j2 | 2 +-
15 files changed, 22 insertions(+), 21 deletions(-)
diff --git a/lib/modules/postmap b/lib/modules/postmap
index 7080b25..8c9d54c 100644
--- a/lib/modules/postmap
+++ b/lib/modules/postmap
@@ -42,7 +42,7 @@ def file_suffix(instance, db):
null.closed
# See postmap(1) and postalias(1)
- suffixes = { 'btree': 'db', 'cdb': 'cdb', 'hash': 'db' }
+ suffixes = { 'btree': 'db', 'cdb': 'cdb', 'hash': 'db', 'lmdb': 'lmdb' }
return suffixes[db]
@@ -64,7 +64,7 @@ def main():
module = AnsibleModule(
argument_spec = dict(
src = dict( required=True ),
- db = dict( choices=['btree','cdb','hash'] ),
+ db = dict( choices=['btree','cdb','hash','lmdb'] ),
cmd = dict( choices=['postmap','postalias'], default='postmap' ),
instance = dict( required=False )
),
diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml
index ced15cc..1510103 100644
--- a/roles/IMAP/tasks/mda.yml
+++ b/roles/IMAP/tasks/mda.yml
@@ -27,7 +27,7 @@
- name: Compile the Postfix transport maps
# trivial-rewrite(8) is a long-running process, so it's safer to reload
- postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb
+ postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=lmdb
owner=root group=root
mode=0644
notify:
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index a879d28..3d548ce 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -51,7 +51,7 @@ virtual_transport = lmtp:unix:private/dovecot-lmtpd
lmtp_bind_address = 127.0.0.1
virtual_mailbox_domains = static:all
virtual_mailbox_maps = static:all
-#transport_maps = cdb:$config_directory/transport
+#transport_maps = lmdb:$config_directory/transport
# Restore the original envelope recipient
relay_domains =
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index 00c205d..4f32df3 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -52,7 +52,7 @@
- name: Compile the check_sender_access map
# no need to reload upon change, as cleanup(8) is short-running
- postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=cdb
+ postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=lmdb
owner=root group=root
mode=0644
notify:
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index 79808d5..7d7cb6d 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -103,7 +103,7 @@ smtpd_sender_login_maps = socketmap:unix:private/sender-login:sender_login
smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
- check_sender_access cdb:$config_directory/check_sender_access
+ check_sender_access lmdb:$config_directory/check_sender_access
reject_known_sender_login_mismatch
smtpd_relay_restrictions =
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index 78362ca..6092301 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -4,7 +4,7 @@
- postfix
- postfix-pcre
- postfix-ldap
- - postfix-cdb
+ - postfix-lmdb
# The following is for reserved-alias.pl
- libnet-ldap-perl
- libauthen-sasl-perl
@@ -73,7 +73,7 @@
- name: Compile the Postfix transport maps
# trivial-rewrite(8) is a long-running process, so it's safer to reload
postmap: instance={{ postfix_instance[inst].name }}
- src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=cdb
+ src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=lmdb
owner=root group=root
mode=0644
notify:
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index e5792c4..8362d57 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -45,7 +45,7 @@ relay_domains =
# bottlenecks on trivial_rewrite(8) due to slow LDAP lookups in
# tranport_maps.
virtual_transport = error:5.1.1 Virtual transport unavailable
-virtual_alias_domains = !cdb:$config_directory/virtual/transport
+virtual_alias_domains = !lmdb:$config_directory/virtual/transport
ldap:$config_directory/virtual/domains.cf
virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre
# unless there is a matching user/alias/list...
@@ -55,7 +55,7 @@ virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre
# ...we resolve alias domains and catch alls
ldap:$config_directory/virtual/alias_domains.cf
ldap:$config_directory/virtual/catchall.cf
-transport_maps = cdb:$config_directory/virtual/transport
+transport_maps = lmdb:$config_directory/virtual/transport
# Don't rewrite remote headers
@@ -102,6 +102,7 @@ postscreen_access_list =
permit_mynetworks
cidr:$config_directory/access-list.cidr
postscreen_dnsbl_whitelist_threshold = -1
+postscreen_cache_map = lmdb:$data_directory/postscreen_cache
postscreen_blacklist_action = drop
postscreen_dnsbl_threshold = 8
diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml
index d4298b8..ce43c9c 100644
--- a/roles/amavis/tasks/main.yml
+++ b/roles/amavis/tasks/main.yml
@@ -36,7 +36,7 @@
line="amavis{{':'}} root"
- name: Compile the static local Postfix database
- postmap: cmd=postalias src=/etc/aliases db=cdb
+ postmap: cmd=postalias src=/etc/aliases db=lmdb
owner=root group=root
mode=0644
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
index df5e158..7df68c4 100644
--- a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
+++ b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
@@ -94,7 +94,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: COMMAND (COUNT|TIME) LIMIT from \[[[:xdigit:].:]{3,39}\]:[[:digit:]]+( after [[:upper:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: cache [a-z]+:\S+ full cleanup: retained=[[:digit:]]+ dropped=[[:digit:]]+ entries$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: warning: getpeername: Transport endpoint is not connected -- dropping this connection$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: warning: psc_cache_update: btree:/var/lib/postfix-mx/postscreen_cache update average delay is [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: warning: psc_cache_update: lmdb:/var/lib/postfix-mx/postscreen_cache update average delay is [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/postscreen\[[[:digit:]]+\]: warning: dnsblog reply timeout [[:digit:]]+s for [._[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/dnsblog\[[[:digit:]]+\]: addr [[:xdigit:].:]{3,39} listed by domain [._[:alnum:]-]+ as [[:xdigit:].:]{3,39}$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/dnsblog\[[[:digit:]]+\]: warning: dnsblog_query: lookup error for DNS query ([._[:alnum:]-]+): Host or domain name not found. Name service error for name=\1 type=A(AAA)?: Host not found, try again$
diff --git a/roles/common/tasks/clamav.yml b/roles/common/tasks/clamav.yml
index 1c68598..28a8460 100644
--- a/roles/common/tasks/clamav.yml
+++ b/roles/common/tasks/clamav.yml
@@ -26,6 +26,6 @@
line="clamav{{':'}} root"
- name: Compile the static local Postfix database
- postmap: cmd=postalias src=/etc/aliases db=cdb
+ postmap: cmd=postalias src=/etc/aliases db=lmdb
owner=root group=root
mode=0644
diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml
index 7692c28..49815f5 100644
--- a/roles/common/tasks/mail.yml
+++ b/roles/common/tasks/mail.yml
@@ -4,7 +4,7 @@
# That one is nicer than GNU mailutils' mailx(1)
- s-nail
- postfix
- - postfix-cdb
+ - postfix-lmdb
- name: Create Postfix instances
postmulti: instance={{ postfix_instance[item].name }}
@@ -47,11 +47,11 @@
- { src: root, dst: 'root@fripost.org' }
- name: Compile the static local Postfix database
- postmap: cmd=postalias src=/etc/aliases db=cdb
+ postmap: cmd=postalias src=/etc/aliases db=lmdb
owner=root group=root
mode=0644
-# We're using CDB
+# We're using LMDB
- name: Delete /etc/aliases.db
file: path=/etc/aliases.db state=absent
diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
index 55361ee..92a3340 100644
--- a/roles/common/templates/etc/postfix/main.cf.j2
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -26,8 +26,8 @@ alias_maps =
local_recipient_maps =
# All aliases are virtual
-default_database_type = cdb
-virtual_alias_maps = cdb:/etc/aliases
+default_database_type = lmdb
+virtual_alias_maps = lmdb:/etc/aliases
alias_database = $virtual_alias_maps
# Forward everything to our internal outgoing proxy
diff --git a/roles/lists/tasks/mail.yml b/roles/lists/tasks/mail.yml
index 409a74b..8705f91 100644
--- a/roles/lists/tasks/mail.yml
+++ b/roles/lists/tasks/mail.yml
@@ -24,7 +24,7 @@
- name: Compile the Postfix transport maps
# trivial-rewrite(8) is a long-running process, so it's safer to reload
- postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb
+ postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=lmdb
owner=root group=root
mode=0644
notify:
diff --git a/roles/lists/templates/etc/postfix/main.cf.j2 b/roles/lists/templates/etc/postfix/main.cf.j2
index 07b27a6..667ceb9 100644
--- a/roles/lists/templates/etc/postfix/main.cf.j2
+++ b/roles/lists/templates/etc/postfix/main.cf.j2
@@ -47,7 +47,7 @@ default_transport = error:5.1.1 Transport unavailable
relay_domains = sympa.$mydomain
-transport_maps = cdb:$config_directory/transport
+transport_maps = lmdb:$config_directory/transport
sympa_destination_recipient_limit = 1
# Don't rewrite remote headers
diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2
index 7167b14..fa314cc 100644
--- a/roles/out/templates/etc/postfix/main.cf.j2
+++ b/roles/out/templates/etc/postfix/main.cf.j2
@@ -49,7 +49,7 @@ smtp_tls_security_level = may
smtp_tls_ciphers = medium
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
-smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
+smtp_tls_session_cache_database = lmdb:$data_directory/smtp_tls_session_cache
smtpd_tls_security_level = none
--
cgit v1.2.3