From c71f1cf51e7f6e8f43b5f7afb1d8a2012fd83259 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Jul 2014 23:28:21 +0200
Subject: Use $virtual_alias_domains not $virtual_mailbox_domains.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Quoting postconf(5):

    smtpd_reject_unlisted_recipient (default: yes)
        Request that the Postfix SMTP server rejects mail for unknown recipient
        addresses, even when no explicit reject_unlisted_recipient access
        restriction is specified. This prevents the Postfix queue from filling
        up with undeliverable MAILER-DAEMON messages.

        An address is always considered "known" when it matches a virtual(5)
        alias or a canonical(5) mapping.
        […]
        * The recipient domain matches $virtual_alias_domains but the recipient
          is not listed in $virtual_alias_maps.
        * The recipient domain matches $virtual_mailbox_domains but the
          recipient is not listed in $virtual_mailbox_maps, and
          $virtual_mailbox_maps is not null.

Since we alias everything under special, "invalid", domains (mda.f.o and
mailman.f.o), our $virtual_mailbox_maps was null, which led to
reject_unlisted_recipient not being triggered for say, "noone@fripost.org".
However, replacing $virtual_mailbox_domains with $virtual_alias_domains fits
into the second point above.
---
 roles/MX/tasks/main.yml                            |  2 +-
 roles/MX/templates/etc/postfix/main.cf.j2          | 25 +++++++++++-----------
 .../MX/templates/etc/postfix/virtual/domains.cf.j2 | 10 +++++++++
 roles/MX/templates/etc/postfix/virtual/list.cf.j2  |  2 +-
 .../etc/postfix/virtual/mailbox_domains.cf.j2      | 10 ---------
 .../MX/templates/etc/postfix/virtual/transport.j2  |  4 ++--
 6 files changed, 26 insertions(+), 27 deletions(-)
 create mode 100644 roles/MX/templates/etc/postfix/virtual/domains.cf.j2
 delete mode 100644 roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2

(limited to 'roles/MX')

diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index a6c68f6..db4bb58 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -45,7 +45,7 @@
             owner=root group=root
             mode=0644
   with_items:
-    - mailbox_domains.cf
+    - domains.cf
     # no need to reload upon change, as cleanup(8) is short-running
     - reserved_alias.pcre
     - alias.cf
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index b0da1bc..e3b8ce0 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -54,19 +54,18 @@ relay_domains =
 # We use a dedicated "virtual" domain to decongestion potential
 # bottlenecks on trivial_rewrite(8) due to slow LDAP lookups in
 # tranport_maps.
-virtual_transport       = error:5.1.1 Virtual transport unavailable
-virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
-virtual_alias_maps      = pcre:$config_directory/virtual/reserved_alias.pcre
-                          # first we do the alias resolution...
-                          ldap:$config_directory/virtual/alias.cf
-                          # ...and unless there is matching mailbox/list...
-                          ldap:$config_directory/virtual/mailbox.cf
-                          ldap:$config_directory/virtual/list.cf
-                          # ...we resolve alias domains and catch alls
-                          ldap:$config_directory/virtual/alias_domains.cf
-                          ldap:$config_directory/virtual/catchall.cf
-virtual_mailbox_maps    =
-transport_maps          = cdb:$config_directory/virtual/transport
+virtual_transport     = error:5.1.1 Virtual transport unavailable
+virtual_alias_domains = ldap:$config_directory/virtual/domains.cf
+virtual_alias_maps    = pcre:$config_directory/virtual/reserved_alias.pcre
+                        # first we do the alias resolution...
+                        ldap:$config_directory/virtual/alias.cf
+                        # ...and unless there is matching mailbox/list...
+                        ldap:$config_directory/virtual/mailbox.cf
+                        ldap:$config_directory/virtual/list.cf
+                        # ...we resolve alias domains and catch alls
+                        ldap:$config_directory/virtual/alias_domains.cf
+                        ldap:$config_directory/virtual/catchall.cf
+transport_maps        = cdb:$config_directory/virtual/transport
 
 
 # Don't rewrite remote headers
diff --git a/roles/MX/templates/etc/postfix/virtual/domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/domains.cf.j2
new file mode 100644
index 0000000..1cb8add
--- /dev/null
+++ b/roles/MX/templates/etc/postfix/virtual/domains.cf.j2
@@ -0,0 +1,10 @@
+server_host      = ldapi://%2Fprivate%2Fldapi/
+version          = 3
+search_base      = ou=virtual,dc=fripost,dc=org
+scope            = one
+bind             = yes
+bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
+bind_pw          = FIXME
+query_filter     = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(fvd=%s)(fripostIsStatusActive=TRUE))
+result_attribute = fvd
+result_format    = OK
diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2
index a2ff325..5de79d9 100644
--- a/roles/MX/templates/etc/postfix/virtual/list.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2
@@ -10,4 +10,4 @@ query_filter     = (&(objectClass=FripostVirtualList)(!(objectClass=FripostPendi
 result_attribute = fvl
 # Use a dedicated "virtual" domain to decongestion potential bottlenecks
 # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps.
-result_format    = %D/%U@lists.fripost.org
+result_format    = %D/%U@mailman.fripost.org
diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2
deleted file mode 100644
index 1cb8add..0000000
--- a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-server_host      = ldapi://%2Fprivate%2Fldapi/
-version          = 3
-search_base      = ou=virtual,dc=fripost,dc=org
-scope            = one
-bind             = yes
-bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
-bind_pw          = FIXME
-query_filter     = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(fvd=%s)(fripostIsStatusActive=TRUE))
-result_attribute = fvd
-result_format    = OK
diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2
index 85715a0..9eac2be 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport.j2
+++ b/roles/MX/templates/etc/postfix/virtual/transport.j2
@@ -7,7 +7,7 @@ mda.fripost.org smtp:[mda.fripost.org]:{{ postfix_instance.IMAP.port }}
 {% endif %}
 
 {% if 'lists' in group_names %}
-lists.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }}
+mailman.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }}
 {% else %}
-lists.fripost.org smtp:[lists.fripost.org]:{{ postfix_instance.lists.port }}
+mailman.fripost.org smtp:[lists.fripost.org]:{{ postfix_instance.lists.port }}
 {% endif %}
-- 
cgit v1.2.3