diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 05fea6451903d4ad42367e3b8bad293b5176eecc..9ffc7d0ef4fea39a70ff8fde2a893f070c23044a 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -105,6 +105,9 @@ class installer_dist extends installer_base {
//* mysql-virtual_uids.cf
$this->process_postfix_config('mysql-virtual_uids.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-verify_recipients.cf');
+
//* postfix-dkim
$filename='tag_as_originating.re';
$full_file_name=$config_dir.'/'.$filename;
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 574b38100d56dff4507d5583085497042f10c8fc..15ab5b6e91c7dded34c8a5285d5a87424a4b474e 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -102,6 +102,9 @@ class installer_dist extends installer_base {
//* mysql-virtual_uids.cf
$this->process_postfix_config('mysql-virtual_uids.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-verify_recipients.cf');
+
//* postfix-dkim
$filename='tag_as_originating.re';
$full_file_name=$config_dir.'/'.$filename;
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 0476c923306bdb6b3de4fdea29a7d4cc5af3dd3d..c02a33eebb4d0ff54c889387cbb64782e51de781 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1002,6 +1002,9 @@ class installer_base {
//* mysql-virtual_uids.cf
$this->process_postfix_config('mysql-virtual_uids.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-verify_recipients.cf');
+
// test if lmtp if available
$configure_lmtp = $this->get_postfix_service('lmtp','unix');
@@ -1340,6 +1343,8 @@ class installer_base {
}
$config_dir = $conf['postfix']['config_dir'];
+ $postfix_version = `postconf -d mail_version 2>/dev/null`;
+ $postfix_version = preg_replace( '/mail_version\s*=\s*(.*)\s*/', '$1', $postfix_version );
//* Configure master.cf and add a line for deliver
if(!$this->get_postfix_service('dovecot', 'unix')) {
@@ -1351,7 +1356,7 @@ class installer_base {
chmod($config_dir.'/master.cf~2', 0400);
}
//* Configure master.cf and add a line for deliver
- $content = rf($conf["postfix"]["config_dir"].'/master.cf');
+ $content = rf($config_dir.'/master.cf');
$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
af($config_dir.'/master.cf', $deliver_content);
unset($content);
@@ -1368,7 +1373,31 @@ class installer_base {
);
// Make a backup copy of the main.cf file
- copy($conf['postfix']['config_dir'].'/main.cf', $conf['postfix']['config_dir'].'/main.cf~3');
+ copy($config_dir.'/main.cf', $config_dir.'/main.cf~3');
+
+ $options = explode(",", exec("postconf -h smtpd_recipient_restrictions"));
+ $new_options = array();
+ foreach ($options as $value) {
+ if (($value = trim($value)) == '') continue;
+ if (preg_match("|check_recipient_access\s+proxy:mysql:${config_dir}/mysql-verify_recipients.cf|", $value)) {
+ continue;
+ }
+ $new_options[] = $value;
+ }
+ if ($configure_lmtp) {
+ for ($i = 0; isset($new_options[$i]); $i++) {
+ if ($new_options[$i] == 'reject_unlisted_recipient') {
+ array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${config_dir}/mysql-verify_recipients.cf"));
+ break;
+ }
+ }
+ # postfix < 3.3 needs this when using reject_unverified_recipient:
+ if(version_compare($postfix_version, 3.3, '<')) {
+ $postconf_commands[] = "enable_original_recipient = yes";
+ }
+ }
+ #exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
+ $postconf_commands[] = "smtpd_recipient_restrictions = ".implode(", ", $new_options);
// Executing the postconf commands
foreach($postconf_commands as $cmd) {
@@ -1608,12 +1637,15 @@ class installer_base {
exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'");
+
+ $options = explode(",", exec("postconf -h smtpd_recipient_restrictions"));
$new_options = array();
- $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
foreach ($options as $value) {
- if (!preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
- $new_options[] = $value;
+ if (($value = trim($value)) == '') continue;
+ if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
+ continue;
}
+ $new_options[] = $value;
}
exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index c1a5baa71db315e22b9dfa22fe94efb2d7f2b534..d3df3ab5689f9a91db80a00ae9a2e23947b412c8 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -15,7 +15,7 @@ broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
@@ -24,7 +24,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
@@ -44,3 +44,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
index 5b53b9a45f821c4009bdf8be07305d45aa6c3260..e6f43b01e83e6f6e1be32771a03e485b59ad3641 100644
--- a/install/tpl/fedora_postfix.conf.master
+++ b/install/tpl/fedora_postfix.conf.master
@@ -11,7 +11,7 @@ broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
@@ -20,7 +20,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
@@ -40,3 +40,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
index a326051d5e47dae39492159cf98bab32b59a4617..0f6ee7301b50a1aca77ba7afc4e7d42d08afd18d 100644
--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
@@ -10,7 +10,7 @@ broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
@@ -19,7 +19,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
@@ -39,3 +39,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
diff --git a/install/tpl/mysql-verify_recipients.cf.master b/install/tpl/mysql-verify_recipients.cf.master
new file mode 100644
index 0000000000000000000000000000000000000000..2b433491d8e3d9817d20f2d6d9674200410ade96
--- /dev/null
+++ b/install/tpl/mysql-verify_recipients.cf.master
@@ -0,0 +1,5 @@
+user = {mysql_server_ispconfig_user}
+password = {mysql_server_ispconfig_password}
+dbname = {mysql_server_database}
+hosts = {mysql_server_ip}
+query = SELECT 'reject_unverified_recipient' FROM mail_domain WHERE domain = '%s' AND active = 'y' AND server_id = {server_id}
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
index ea4375b6ac3677fe8ba29225d830c22a054a3a45..d29c3d1b05fc7e2b5ef5025ff82ba49400b23a72 100644
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
@@ -13,7 +13,7 @@ broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
@@ -22,7 +22,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
@@ -42,3 +42,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php
index 80db1c102a08a8e3a0b21edb82d4621220336a1d..757ee5e72f47630911d1d846d057526efd841f3e 100644
--- a/server/plugins-available/postfix_server_plugin.inc.php
+++ b/server/plugins-available/postfix_server_plugin.inc.php
@@ -33,9 +33,6 @@ class postfix_server_plugin {
var $plugin_name = 'postfix_server_plugin';
var $class_name = 'postfix_server_plugin';
-
- var $postfix_config_dir = '/etc/postfix';
-
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall() {
@@ -79,8 +76,13 @@ class postfix_server_plugin {
$old_ini_data = $app->ini_parser->parse_ini_string($data['old']['config']);
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
+ // Get postfix version
+ exec('postconf -d mail_version 2>&1', $out);
+ $postfix_version = preg_replace('/.*=\s*/', '', $out[0]);
+ unset($out);
+
copy('/etc/postfix/main.cf', '/etc/postfix/main.cf~');
-
+
if ($mail_config['relayhost'].$mail_config['relayhost_user'].$mail_config['relayhost_password'] != $old_ini_data['mail']['relayhost'].$old_ini_data['mail']['relayhost_user'].$old_ini_data['mail']['relayhost_password']) {
$content = file_exists('/etc/postfix/sasl_passwd') ? file_get_contents('/etc/postfix/sasl_passwd') : '';
$content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost']).'\s+[^\n]*(:?\n|)/m','',$content);
@@ -112,17 +114,18 @@ class postfix_server_plugin {
if($rbl_hosts != ''){
$rbl_hosts = explode(",", $rbl_hosts);
}
- $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
+ $options = explode(",", exec("postconf -h smtpd_recipient_restrictions"));
$new_options = array();
foreach ($options as $key => $value) {
+ if (($value = trim($value)) == '') continue;
if (!preg_match('/reject_rbl_client/', $value)) {
$new_options[] = $value;
} else {
if(is_array($rbl_hosts) && !empty($rbl_hosts) && !$rbl_updated){
$rbl_updated = true;
- foreach ($rbl_hosts as $key => $value) {
- $value = trim($value);
- if($value != '') $new_options[] = "reject_rbl_client ".$value;
+ foreach ($rbl_hosts as $key2 => $value2) {
+ $value2 = trim($value2);
+ if($value2 != '') $new_options[] = "reject_rbl_client ".$value2;
}
}
}
@@ -190,6 +193,30 @@ class postfix_server_plugin {
}
}
+ $postfix_config_dir = $conf['postfix']['config_dir'];
+ $new_options = array();
+ $options = explode(",", exec("postconf -h smtpd_recipient_restrictions"));
+ foreach ($options as $key => $value) {
+ if (($value = trim($value)) == '') continue;
+ if (preg_match("|check_recipient_access\s+proxy:mysql:${postfix_config_dir}/mysql-verify_recipients.cf|", $value)) {
+ continue;
+ }
+ $new_options[] = $value;
+ }
+ if (defined($configure_lmtp) && $configure_lmtp) {
+ for ($i = 0; isset($new_options[$i]); $i++) {
+ if ($new_options[$i] == 'reject_unlisted_recipient') {
+ array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${postfix_config_dir}/mysql-verify_recipients.cf"));
+ break;
+ }
+ }
+ # postfix < 3.3 needs this when using reject_unverified_recipient:
+ if(version_compare($postfix_version, 3.3, '<')) {
+ exec("postconf -e 'enable_original_recipient = yes'");
+ }
+ }
+ exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
+
if($mail_config['content_filter'] != $old_ini_data['mail']['content_filter']) {
if($mail_config['content_filter'] == 'rspamd'){
exec("postconf -X 'receive_override_options'");
@@ -204,11 +231,13 @@ class postfix_server_plugin {
exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'");
$new_options = array();
- $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
+ $options = explode(",", exec("postconf -h smtpd_recipient_restrictions"));
foreach ($options as $key => $value) {
- if (!preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
- $new_options[] = $value;
+ if (($value = trim($value)) == '') continue;
+ if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
+ continue;
}
+ $new_options[] = $value;
}
exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
@@ -235,7 +264,7 @@ class postfix_server_plugin {
exec("postconf -e 'receive_override_options = no_address_mappings'");
exec("postconf -e 'content_filter = " . ($configure_lmtp ? "lmtp" : "amavis" ) . ":[127.0.0.1]:10024'");
- exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re'");
+ exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re'");
}
}