From c79f18ff9a04a7534dba3c288bc9606f17786b16 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 2 Dec 2013 23:46:01 +0100 Subject: Rename the role 'mx' into 'MX'. Other abreviations are upper case. --- .../etc/postfix/virtual/alias_catchall_maps.cf | 7 ++ roles/MX/files/etc/postfix/virtual/alias_maps.cf | 6 ++ roles/MX/files/etc/postfix/virtual/lists_maps.cf | 7 ++ .../files/etc/postfix/virtual/mailbox_domains.cf | 8 ++ roles/MX/files/etc/postfix/virtual/mailbox_maps.cf | 8 ++ .../files/etc/postfix/virtual/reserved_maps.pcre | 5 + .../etc/postfix/virtual/reserved_transport_maps | 2 + .../etc/postfix/virtual/transport_lists_maps.cf | 11 +++ roles/MX/files/usr/local/sbin/reserved-alias.pl | 110 +++++++++++++++++++++ 9 files changed, 164 insertions(+) create mode 100644 roles/MX/files/etc/postfix/virtual/alias_catchall_maps.cf create mode 100644 roles/MX/files/etc/postfix/virtual/alias_maps.cf create mode 100644 roles/MX/files/etc/postfix/virtual/lists_maps.cf create mode 100644 roles/MX/files/etc/postfix/virtual/mailbox_domains.cf create mode 100644 roles/MX/files/etc/postfix/virtual/mailbox_maps.cf create mode 100644 roles/MX/files/etc/postfix/virtual/reserved_maps.pcre create mode 100644 roles/MX/files/etc/postfix/virtual/reserved_transport_maps create mode 100644 roles/MX/files/etc/postfix/virtual/transport_lists_maps.cf create mode 100755 roles/MX/files/usr/local/sbin/reserved-alias.pl (limited to 'roles/MX/files') diff --git a/roles/MX/files/etc/postfix/virtual/alias_catchall_maps.cf b/roles/MX/files/etc/postfix/virtual/alias_catchall_maps.cf new file mode 100644 index 0000000..c405f47 --- /dev/null +++ b/roles/MX/files/etc/postfix/virtual/alias_catchall_maps.cf @@ -0,0 +1,7 @@ +server_host = ldapi://%2Fprivate%2Fldapi/ +version = 3 +search_base = fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +scope = base +bind = none +query_filter = (&(ObjectClass=FripostVirtualDomain)(fvd=%d)(fripostOptionalMaildrop=*)) +result_attribute = fripostOptionalMaildrop diff --git a/roles/MX/files/etc/postfix/virtual/alias_maps.cf b/roles/MX/files/etc/postfix/virtual/alias_maps.cf new file mode 100644 index 0000000..9265d0b --- /dev/null +++ b/roles/MX/files/etc/postfix/virtual/alias_maps.cf @@ -0,0 +1,6 @@ +server_host = ldapi://%2Fprivate%2Fldapi/ +version = 3 +search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +scope = base +query_filter = (&(ObjectClass=FripostVirtualAlias)(fvl=%u)) +result_attribute = fripostMaildrop diff --git a/roles/MX/files/etc/postfix/virtual/lists_maps.cf b/roles/MX/files/etc/postfix/virtual/lists_maps.cf new file mode 100644 index 0000000..b60dcf6 --- /dev/null +++ b/roles/MX/files/etc/postfix/virtual/lists_maps.cf @@ -0,0 +1,7 @@ +server_host = ldapi://%2Fprivate%2Fldapi/ +version = 3 +search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +scope = base +bind = none +query_filter = (&(|(ObjectClass=FripostVirtualList)(ObjectClass=FripostVirtualListCommand))(fvl=%u)(fripostLocalAlias=%u#%d)) +result_attribute = fripostLocalAlias diff --git a/roles/MX/files/etc/postfix/virtual/mailbox_domains.cf b/roles/MX/files/etc/postfix/virtual/mailbox_domains.cf new file mode 100644 index 0000000..22d6be3 --- /dev/null +++ b/roles/MX/files/etc/postfix/virtual/mailbox_domains.cf @@ -0,0 +1,8 @@ +server_host = ldapi://%2Fprivate%2Fldapi/ +version = 3 +search_base = fvd=%s,ou=virtual,o=mailHosting,dc=fripost,dc=org +scope = base +bind = none +query_filter = (&(ObjectClass=FripostVirtualDomain)(fvd=%s)) +result_attribute = fvd +result_format = OK diff --git a/roles/MX/files/etc/postfix/virtual/mailbox_maps.cf b/roles/MX/files/etc/postfix/virtual/mailbox_maps.cf new file mode 100644 index 0000000..dc97177 --- /dev/null +++ b/roles/MX/files/etc/postfix/virtual/mailbox_maps.cf @@ -0,0 +1,8 @@ +server_host = ldapi://%2Fprivate%2Fldapi/ +version = 3 +search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +scope = base +bind = none +query_filter = (&(ObjectClass=FripostVirtualUser)(fvl=%u)) +result_attribute = fvl +result_format = OK diff --git a/roles/MX/files/etc/postfix/virtual/reserved_maps.pcre b/roles/MX/files/etc/postfix/virtual/reserved_maps.pcre new file mode 100644 index 0000000..58572d1 --- /dev/null +++ b/roles/MX/files/etc/postfix/virtual/reserved_maps.pcre @@ -0,0 +1,5 @@ +# These reserved aliases will always be redirected to us and the domain +# owner. +# TODO: check 'postmaster+test@fripost.org' +/^(?:postmaster|abuse)(?:\+.*)?@fripost\.org$/ admin@fripost.org +/^((?:postmaster|abuse)(?:\+.*)?)@/ $1 diff --git a/roles/MX/files/etc/postfix/virtual/reserved_transport_maps b/roles/MX/files/etc/postfix/virtual/reserved_transport_maps new file mode 100644 index 0000000..dce8710 --- /dev/null +++ b/roles/MX/files/etc/postfix/virtual/reserved_transport_maps @@ -0,0 +1,2 @@ +abuse reserved-alias: +postmaster reserved-alias: diff --git a/roles/MX/files/etc/postfix/virtual/transport_lists_maps.cf b/roles/MX/files/etc/postfix/virtual/transport_lists_maps.cf new file mode 100644 index 0000000..9a7bca0 --- /dev/null +++ b/roles/MX/files/etc/postfix/virtual/transport_lists_maps.cf @@ -0,0 +1,11 @@ +# Despite the index on 'fripostLocalAlias' it's a bit more inefficient, +# but more precise, than the alternative of using regexes here, and a +# plain hash on the list managers' side. +server_host = ldapi://%2Fprivate%2Fldapi/ +version = 3 +search_base = ou=virtual,o=mailHosting,dc=fripost,dc=org +scope = sub +bind = none +query_filter = (&(|(ObjectClass=FripostVirtualList)(ObjectClass=FripostVirtualListCommand))(fripostLocalAlias=%s)) +result_attribute = fripostLocalAlias +result_format = smtp:[127.0.0.1]:2345 diff --git a/roles/MX/files/usr/local/sbin/reserved-alias.pl b/roles/MX/files/usr/local/sbin/reserved-alias.pl new file mode 100755 index 0000000..c122c6d --- /dev/null +++ b/roles/MX/files/usr/local/sbin/reserved-alias.pl @@ -0,0 +1,110 @@ +#!/usr/bin/perl + +# Copyright © 2013 Guilhem Moulin +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +use warnings; +use strict; +use Net::LDAPI; +use Net::LDAP::Util qw/escape_filter_value ldap_explode_dn escape_dn_value/; +use Authen::SASL; + +if (!@ARGV or grep { $_ eq '-h' or $_ eq '--help' } @ARGV) { + # Help + print STDERR "Usage: $0 [original recipient] [additional recipient ...]\n"; + print STDERR "\n"; + print STDERR "The message read from the standard input is redirected to 'additional recipient',\n"; + print STDERR "and also forwarded to the domain owner if any. If the 'additional recipient' begins\n"; + print STDERR "with '\@', the localpart of 'original recipient' is prepended.\n"; + print STDERR "\n"; + print STDERR "This is mostly useful to comply to RFC 822 section 6.3 and RFC 2142 section\n"; + print STDERR "4 (to forward mails to 'admin\@' and 'postmaster\@' to the site admin in\n"; + print STDERR "addition to the virtual domain manager).\n"; + exit; +} + +# The original recipient +my $orig = shift; +$orig =~ /^([^@]+)\@(.+)$/ + or warn "Non fully qualified: $orig"; +my ($local,$domain) = ($1,$2); + +# The new recipient (typically, the admin site) +my @recipients = grep { $_ and $orig ne $_ } + # add localparts to domain + map { my $x = $_; + if ($x =~ /^\@/) { + if ($local) { + $x = $local.$x; + } + else { + undef $x; + } + } + $x + } + @ARGV; +# Die if we can't deliver to site admins +die "Error: Aborted delivery to '$orig' in attempt to break an alias expansion loop.\n" + unless @recipients; + +my @sendmail = ('/usr/sbin/sendmail', '-i', '-bm'); + +if (defined $domain) { + # Look for the domain owner/postmaster + my $ldap = Net::LDAPI->new(); + $ldap->bind( sasl => Authen::SASL->new(mechanism => 'EXTERNAL') ) + or die "Couldn't bind"; + + my @attrs = ( 'fripostPostmaster', 'fripostOwner' ); + my $mesg = $ldap->search( base => 'fvd='.escape_dn_value($domain).',' + .'ou=virtual,o=mailHosting,dc=fripost,dc=org' + , scope => 'base' + , deref => 'never' + , filter => '(&(objectClass=FripostVirtualDomain)' + .'(fvd='.escape_filter_value($domain).')'. + ')' + , attrs => \@attrs + ); + if ($mesg->code) { + warn $mesg->error; + } + elsif ($mesg->count != 1) { + # Note: this may happen for "$mydestination", but these mails + # are unlikely. We'll get a harmless warning at worst. + warn "Something weird happened when looking up domain '".$domain. + "'. Check your ACL."; + } + else { + my $entry = $mesg->pop_entry() // die "Cannot pop entry."; + foreach (@attrs) { + my $v = $entry->get_value($_, asref => 1) or next; + foreach my $dn (@$v) { + my $dn2 = ldap_explode_dn($dn, casefold => 'lower'); + my $l = $dn2->[0]->{fvl}; + my $d = $dn2->[1]->{fvd}; + if ($l and $d) { + push @recipients, $l.'@'.$d; + } + else { + warn "Invalid DN: $dn" + } + } + } + } + $ldap->unbind; +} + +exec (@sendmail, @recipients); -- cgit v1.2.3